[ { "path": ".gitattributes", "content": "*.sg linguist-language=js\n" }, { "path": ".github/FUNDING.yml", "content": "# These are supported funding model platforms\n\ngithub: horsicq\n" }, { "path": ".github/workflows/create_beta.yml", "content": "name: Build Beta\n\non:\n # Triggers the workflow on push or pull request events but only for the \"main\" branch\n push:\n branches: [ \"master\" ]\n\n # Allows you to run this workflow manually from the Actions tab\n workflow_dispatch:\n\n# the jobs are based on these notes:\n# https://github.com/horsicq/Detect-It-Easy/blob/master/docs/BUILD.md\njobs:\n build-ubuntu-24:\n runs-on: ubuntu-24.04\n steps:\n - uses: actions/checkout@v4\n \n # Clone Detect-It-Easy repository\n - name: Clone Detect-It-Easy\n run: |\n git clone --recursive https://github.com/horsicq/DIE-engine die_source\n\n - name: Install dependencies\n run: |\n sudo apt-get update\n sudo apt-get install qtbase5-dev qtscript5-dev qttools5-dev-tools libqt5svg5-dev qtchooser qt5-qmake build-essential -y\n - name: Build\n run: |\n cd die_source\n bash -x build_dpkg.sh\n - name: Upload Release as Download\n uses: softprops/action-gh-release@v2\n env:\n GITHUB_TOKEN: ${{ secrets.RELEASE_TOKEN }}\n with:\n tag_name: Beta\n release_name: Beta\n draft: false\n prerelease: true\n files: |\n ${{ github.workspace }}/die_source/release/*.deb\n \n" }, { "path": ".github/workflows/format-js.yml", "content": "name: Format JavaScript Files\n\non:\n push:\n paths:\n - 'db/**'\n - 'db_custom/**'\n - 'db_extra/**'\n branches: \n - master\n \n # Allows you to run this workflow manually from the Actions tab\n workflow_dispatch:\n\njobs:\n format:\n runs-on: ubuntu-latest\n \n permissions:\n contents: write\n \n steps: \n - name: Checkout repository\n uses: actions/checkout@v4\n with: \n token: ${{ secrets. RELEASE_TOKEN }}\n \n - name: Configure git to preserve line endings\n run: |\n git config --local core.autocrlf false\n git config --local core.eol lf\n \n - name: Format JavaScript files in db directories\n run: |\n find db db_custom db_extra -type f \\\n ! -path '*/.vscode/*' \\\n ! -path '*/_icons/*' \\\n ! -name '*.txt' \\\n ! -name '*.md' \\\n ! -name '*.png' \\\n ! -name '*.ico' \\\n ! -name '*.svg' \\\n -print0 2>/dev/null | while IFS= read -r -d '' file; do\n # Skip files with beautify ignore comment (with or without spaces)\n if grep -qE 'beautify ignore:\\s*start' \"$file\" 2>/dev/null; then\n echo \"Skipping (beautify ignore): $file\"\n continue\n fi\n \n # Check if file contains JavaScript-like syntax\n if head -c 1000 \"$file\" 2>/dev/null | grep -qE '(function|var |if\\s*\\(|for\\s*\\(|return |includeScript)'; then\n echo \"Formatting: $file\"\n \n # Save original file for comparison\n cp \"$file\" \"$file.orig\"\n \n # Remove trailing whitespace only (preserve everything else)\n perl -pi -e 's/[ \\t]+$//' \"$file\"\n \n # Convert tabs to 4 spaces\n perl -pi -e 's/\\t/ /g' \"$file\"\n \n # If file is unchanged, restore original to avoid any byte differences\n if cmp -s \"$file\" \"$file.orig\"; then\n mv \"$file.orig\" \"$file\"\n else\n rm \"$file.orig\"\n fi\n fi\n done\n \n - name: Check for changes\n id: check_changes\n run: |\n if git diff --quiet; then\n echo \"has_changes=false\" >> $GITHUB_OUTPUT\n else\n echo \"has_changes=true\" >> $GITHUB_OUTPUT\n fi\n \n - name: Commit and push changes\n if: steps.check_changes.outputs.has_changes == 'true'\n run: |\n git config --local user.email \"github-actions[bot]@users.noreply.github.com\"\n git config --local user.name \"github-actions[bot]\"\n git add -A\n git commit -m \"style: auto-format JavaScript files in db directories\"\n git push\n" }, { "path": ".github/workflows/update_db.yml", "content": "# This is a basic workflow to help you get started with Actions\r\n\r\nname: CI\r\n\r\n# Controls when the workflow will run\r\non:\r\n # Triggers the workflow on push or pull request events but only for the \"main\" branch\r\n push:\r\n branches: [\"master\"]\r\n\r\n # Allows you to run this workflow manually from the Actions tab\r\n workflow_dispatch:\r\n\r\n# A workflow run is made up of one or more jobs that can run sequentially or in parallel\r\njobs:\r\n # This workflow contains a single job called \"build\"\r\n build:\r\n # The type of runner that the job will run on\r\n runs-on: ubuntu-latest\r\n\r\n # Steps represent a sequence of tasks that will be executed as part of the job\r\n steps:\r\n - name: Set up Python\r\n uses: actions/setup-python@v4\r\n with:\r\n python-version: \"3.13\"\r\n # Set git to use CRLF line endings\r\n - name: Configure git CRLF\r\n run: |\r\n git config --global core.autocrlf true\r\n\r\n # Clone Detect-It-Easy repository\r\n - name: Clone Detect-It-Easy\r\n run: |\r\n git clone https://github.com/horsicq/Detect-It-Easy DIE\r\n\r\n # Create zip archives\r\n - name: Create zip archives\r\n run: |\r\n cd DIE\r\n zip -r ../db.zip db\r\n zip -r ../db_extra.zip db_extra\r\n cd ..\r\n ls -la *.zip # Verify the zip files were created\r\n # Calculate MD5 checksums\r\n - name: Calculate MD5 checksums\r\n id: md5\r\n run: |\r\n DB_MD5=$(md5sum db.zip | awk '{print $1}')\r\n DB_EXTRA_MD5=$(md5sum db_extra.zip | awk '{print $1}')\r\n echo \"DB_MD5=$DB_MD5\" >> $GITHUB_OUTPUT\r\n echo \"DB_EXTRA_MD5=$DB_EXTRA_MD5\" >> $GITHUB_OUTPUT\r\n echo \"$DB_MD5\" >> db.zip.md5\r\n echo \"$DB_EXTRA_MD5\" >> db_extra.zip.md5\r\n\r\n - name: Generate DB Stats\r\n run: |\r\n cd DIE\r\n cd autotools/dbupdater\r\n python --version\r\n python task.py '../../db' > '../../../db_stat.txt'\r\n python task.py '../../db_extra' > '../../../db_extra_stat.txt'\r\n\r\n # Get the current date for the update message\r\n - name: Get current date\r\n id: date\r\n run: echo \"DATE=$(date +'%Y-%m-%d')\" >> $GITHUB_OUTPUT\r\n\r\n # Read database stats\r\n - name: Read database stats\r\n id: dbstats\r\n run: |\r\n DB_STATS=$(cat db_stat.txt)\r\n DB_EXTRA_STATS=$(cat db_extra_stat.txt)\r\n echo \"DB_STATS<> $GITHUB_OUTPUT\r\n echo \"$DB_STATS\" >> $GITHUB_OUTPUT\r\n echo \"EOF\" >> $GITHUB_OUTPUT\r\n echo \"DB_EXTRA_STATS<> $GITHUB_OUTPUT\r\n echo \"$DB_EXTRA_STATS\" >> $GITHUB_OUTPUT\r\n echo \"EOF\" >> $GITHUB_OUTPUT\r\n\r\n # Update the \"Current database\" pre-release\r\n - name: Update Database Release\r\n uses: softprops/action-gh-release@v1\r\n with:\r\n files: |\r\n db.zip\r\n db.zip.md5\r\n db_extra.zip\r\n db_extra.zip.md5\r\n name: \"Current database\"\r\n tag_name: current-database\r\n body: |\r\n - db.zip: `${{ steps.md5.outputs.DB_MD5 }}`\r\n - db_extra.zip: `${{ steps.md5.outputs.DB_EXTRA_MD5 }}`\r\n\r\n Last updated: ${{ steps.date.outputs.DATE }}\r\n\r\n This pre-release contains the latest database files from Detect-It-Easy:\r\n - db.zip: Contains main database files\r\n\r\n ${{ steps.dbstats.outputs.DB_STATS }}\r\n\r\n - db_extra.zip: Contains extra database files\r\n\r\n ${{ steps.dbstats.outputs.DB_EXTRA_STATS }}\r\n draft: false\r\n prerelease: true\r\n env:\r\n GITHUB_TOKEN: ${{ secrets.RELEASE_TOKEN }}\r\n" }, { "path": ".gitignore", "content": "DIE-engine\n.idea\n.compiler_cache" }, { "path": ".prettierrc", "content": "{\n \"tabWidth\": 4,\n \"useTabs\": false,\n \"semi\": true,\n \"singleQuote\": false,\n \"printWidth\": 80,\n \"trailingComma\": \"es5\",\n \"bracketSpacing\": true,\n \"arrowParens\": \"always\",\n \"endOfLine\": \"auto\"\n}\n" }, { "path": "CONTRIBUTING.md", "content": "# Contributing to Detect-It-Easy\n\nWelcome in contributing to Detect-It-Easy!\n\n## Ask Questions\n\nCuriosity is key to driving the project forward. If you have questions or ideas for improvement, don't hesitate to reach out. You can start a discussion by [opening a new issue](https://github.com/horsicq/Detect-It-Easy/issues/new).\n\n## How to Report Issues\n\nTo report bugs and errors, please [open a new issue](https://github.com/horsicq/Detect-It-Easy/issues/new) on GitHub. Include detailed steps to reproduce the bug, along with any relevant stack traces, error messages, or affected files.\n\n## Feature Requests\n\nIf you have ideas for new features or enhancements, feel free to [open a new issue](https://github.com/horsicq/Detect-It-Easy/issues/new) to discuss them. Your input is valuable in shaping the future of the project.\n\n## Coding Standards and Formatting Rules\n\nTo maintain code quality and consistency across the project, please adhere to the following guidelines when contributing code:\n\n- **Language and Style**: The project primarily uses DiE-JS. Follow the existing code style.\n- **Formatting**: Use consistent indentation (4 spaces, no tabs).\n- **Commits**: Write descriptive commit messages. Use the imperative mood (e.g., \"Fix bug in file parser\" instead of \"Fixed bug\").\n- **Testing**: Include unit tests for new features or bug fixes where applicable. Ensure they are compilable!\n\n## Guidelines for Translations or Code Contributions\n\nWe welcome contributions to translations and code to make Detect-It-Easy accessible to a global audience:\n\n- **Translations**: If you'd like to add or update translations, fork the XTranslation repository and work on the relevant language files (typically in the `dicts/` directory). Ensure translations are accurate and culturally appropriate. Test them in the application to verify context. Use poedit for translating languages!\n- **Process**: Submit changes via a pull request (see below).\n- **Quality**: Proofread your contributions for grammar and clarity. Maintain consistency with the existing tone and style.\n\n## How to Submit Pull Requests\n\n1. Fork the repository on GitHub.\n2. Create a new branch for your changes (e.g., `feature/new-detection-rule` or `fix/bug-123`).\n3. Make your changes, ensuring they follow the coding standards and guidelines above.\n4. Test your changes thoroughly.\n5. Commit your changes with a clear, descriptive message.\n6. Push your branch to your fork and [open a pull request](https://github.com/horsicq/Detect-It-Easy/compare) against the main branch.\n7. In the pull request description, explain what changes you made and why. Reference any related issues.\n8. Be responsive to feedback from maintainers and make requested revisions.\n\nPull requests will be reviewed, and once approved, merged into the project. Thank you for helping improve Detect-It-Easy!" }, { "path": "Dockerfile", "content": "FROM ubuntu:24.04\n\n# Newest version of DIE, check https://github.com/horsicq/DIE-engine/releases .\nARG DIE_VERSION=3.20\nRUN apt update -qq && apt upgrade -y && apt install -y wget && \\\n wget https://github.com/horsicq/DIE-engine/releases/download/Beta/die_${DIE_VERSION}_Ubuntu_24.04_amd64.deb && \\\n apt install -y ./die_${DIE_VERSION}_Ubuntu_24.04_amd64.deb && \\\n rm die_${DIE_VERSION}_Ubuntu_24.04_amd64.deb && rm -rf /usr/lib/die/db\n\n# db update\nCOPY ./db /usr/lib/die/db\n\nENTRYPOINT [\"/usr/bin/diec\"]\n" }, { "path": "LICENSE", "content": "MIT License\n\nCopyright (c) 2012-2026 hors\n\nPermission is hereby granted, free of charge, to any person obtaining a copy\nof this software and associated documentation files (the \"Software\"), to deal\nin the Software without restriction, including without limitation the rights\nto use, copy, modify, merge, publish, distribute, sublicense, and/or sell\ncopies of the Software, and to permit persons to whom the Software is\nfurnished to do so, subject to the following conditions:\n\nThe above copyright notice and this permission notice shall be included in all\ncopies or substantial portions of the Software.\n\nTHE SOFTWARE IS PROVIDED \"AS IS\", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR\nIMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,\nFITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE\nAUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER\nLIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,\nOUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE\nSOFTWARE.\n" }, { "path": "README.md", "content": "![](docs/logo_text.png)\n\n[![Donate](https://img.shields.io/badge/Donate-PayPal-green.svg)](https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=NF3FBD3KHMXDN)\n[![GitHub tag (latest SemVer)](https://img.shields.io/github/tag/horsicq/DIE-engine.svg)](http://ntinfo.biz)\n[![GitHub All Releases](https://img.shields.io/github/downloads/horsicq/DIE-engine/total.svg)](http://ntinfo.biz)\n[![gitlocalized](https://gitlocalize.com/repo/4736/whole_project/badge.svg)](https://github.com/horsicq/XTranslation)\n\n**Detect It Easy (DiE)** is a powerful tool for file type identification, popular among **malware analysts**, **cybersecurity experts**, and **reverse engineers** worldwide. Supporting both **signature-based** and **heuristic analysis**, DiE enables efficient file inspections across a broad range of platforms, including **Windows, Linux, and MacOS**. Its adaptable, script-driven detection architecture makes it one of the most versatile tools in the field, with a comprehensive list of supported OS images.\n\n## 🚀 Getting Started\n\n- **[💎 Download release/beta](https://github.com/horsicq/DIE-engine/releases)**\n\n- **[🚀 DIE API Library (for Developers)](https://github.com/horsicq/die_library)**\n- [📋 Changelog](https://github.com/horsicq/Detect-It-Easy/blob/master/changelog.txt)\n- [💬 Contribute to Translations](https://github.com/horsicq/XTranslation)\n\n![Screenshot](docs/1.png)\n\n## 💡 Why Use Detect It Easy?\n\nDetect It Easy’s **flexible signature system** and **scripting capabilities** make it an essential tool for **malware analysis** and **digital forensics**. With traditional static analyzers often limited in scope and prone to false positives, DiE’s customizable design enables precise integration of new detection logic, ensuring reliable results across diverse file types.\n\n![Screenshot](docs/2.png)\n\n### Key Advantages:\n\n- **Flexible Signature Management**: Easily create, modify, and optimize signatures.\n- **Cross-Platform Support**: Runs on Windows, Linux, and MacOS.\n- **Minimal False Positives**: Combined signature and heuristic analysis ensures high detection accuracy.\n\n## 📄 Supported File Types\n\nDetect It Easy supports a wide range of executable and archive types, including:\n\n- **PE** (Portable Executable format for Windows)\n- **ELF** (Executable and Linkable Format for Linux)\n- **APK** (Android Application Package)\n- **IPA** (iOS Application Package)\n- **JAR** (Java Archive)\n- **ZIP** (Compressed archives)\n- **ISO9660** (Optical media format)\n- **DEX** (Dalvik Executable for Android)\n- **MS-DOS** (MS-DOS executable files)\n- **COM** (Simple executable format for DOS)\n- **LE/LX** (Linear Executable for OS/2)\n- **MACH** (Mach-O files for MacOS)\n- **NPM** (JavaScript packages)\n- **Amiga** (Executable format for Amiga computers)\n- **Binary** (Other unclassified files)\n\nAnd that's not all... The list is expanding as the tool is updated\n\nUnknown formats undergo heuristic analysis, providing identification for both known and unrecognized files.\n\n## 🔑 Key Features\n\n- **Flexible Signature Management**: Define or modify detection signatures.\n- **Scripted Detection**: Use a JavaScript-like scripting language (DiE-JS runtime) for custom detection algorithms.\n- **Cross-Platform Compatibility**: Available for Windows, Linux, and MacOS.\n- **Reduced False Positives**: Combines signature and heuristic scanning for accuracy.\n\n## 📥 Installation\n\n### 📦 Install via Package Managers\n\n- **Windows**:\n\n - [Chocolatey](https://community.chocolatey.org/packages/die)\n - [Microsoft Store](https://apps.microsoft.com/detail/9nq58d7ghb2x)\n\n- **Linux**:\n\n - **Parrot OS**: Package name `detect-it-easy`\n - **Arch Linux**: AUR package [detect-it-easy-git](https://aur.archlinux.org/packages/detect-it-easy-git/)\n - **openSUSE**: [OBS](https://build.opensuse.org/package/show/home:mnhauke/detect-it-easy)\n - **REMnux**: Malware analysis distribution\n\n [![Packaging status](https://repology.org/badge/vertical-allrepos/detect-it-easy.svg)](https://repology.org/project/detect-it-easy/versions)\n\n> [!NOTE]\n> Use **Detect It Easy** bot via **Telegram** to quickly check files: [**@detectiteasy_bot**](https://t.me/detectiteasy_bot)\n\n### ⚙️ Build from Source\n\nSee the [BUILD.md](docs/BUILD.md) for detailed instructions.\n\n### 🐳 Docker Installation\n\nRun DiE in a Docker container:\n\n```bash\ngit clone --recursive https://github.com/horsicq/Detect-It-Easy\ncd Detect-It-Easy/\ndocker build . -t horsicq:diec\n```\n\n## 🖥️ Usage\n\nDetect It Easy offers three versions:\n\n- **die** - Graphical interface.\n- **diec** - Command-line version for batch processing.\n- **diel** - Lightweight GUI version. (scanner only)\n\nFor detailed usage, refer to the [RUN.md](docs/RUN.md).\n\n### 🔎 Example Use Cases\n\n- 🦠 **Malware Analysis**: Identify file types, packers, or protections.\n- 🛡 **Security Audits**: Determine executable file types and potential security risks.\n- 🔎 **Software Forensics**: Inspect software components and validate compliance.\n\n## 💬 Community\n\n👋 **Hello! / Привет!** Welcome to the Detect It Easy community!\n\nHave questions, ideas, or just want to chat? Here's where to find us:\n\n- **Telegram Bot**: Send a file or just say hello to [**@detectiteasy_bot**](https://t.me/detectiteasy_bot)\n- **GitHub Discussions**: Start a conversation in [Discussions](https://github.com/horsicq/Detect-It-Easy/discussions)\n- **GitHub Issues**: Report bugs or request features via [Issues](https://github.com/horsicq/Detect-It-Easy/issues)\n\n## 🏆 Special thanks\n\n- ⭐️ **Thanks to [DosX](https://github.com/DosX-dev)**\n\n- ⭐️ Thanks to [PELock](https://www.pelock.com)\n\n## 🤝 Thanks to all contributors\n\n\n\n\n\n---\n\n![Mascot](docs/logo2.png)\n\n\n\n" }, { "path": "autotools/dbcompiler/package.json", "content": "{\n \"name\": \"dbcompiler\",\n \"version\": \"1.0.0\",\n \"main\": \"task.js\",\n \"author\": \"DosX\",\n \"dependencies\": {\n \"uglify-js\": \"^3.19.3\"\n }\n}\n" }, { "path": "autotools/dbcompiler/task.js", "content": "const fs = require(\"fs\");\nconst path = require(\"path\");\nconst { Worker } = require(\"worker_threads\");\nconst zlib = require('zlib');\n\nconst inputDirs = [\"db\", \"db_custom\", \"db_extra\"];\nconst outputDir = \"dbs_min\";\nconst CACHE_FILE = path.join(outputDir, '.compiler_cache');\nconst MAX_PARALLEL = 16;\n\nconst stats = {\n total: 0,\n minified: 0,\n copied: 0,\n failed: 0,\n skipped: 0,\n deleted: 0,\n};\n\nconst failedFiles = [];\nconst copiedFiles = [];\n\n// --- Cache helpers (ADLER32 + CRC32 key)\nfunction adler32(str) {\n let a = 1, b = 0;\n for (let i = 0; i < str.length; i++) {\n a = (a + str.charCodeAt(i)) % 65521;\n b = (b + a) % 65521;\n }\n return (b << 16) | a;\n}\n\nfunction makeCrc32Table() {\n const table = new Uint32Array(256);\n for (let i = 0; i < 256; i++) {\n let c = i;\n for (let k = 0; k < 8; k++) {\n c = (c & 1) ? (0xEDB88320 ^ (c >>> 1)) : (c >>> 1);\n }\n table[i] = c >>> 0;\n }\n return table;\n}\n\nconst CRC32_TABLE = makeCrc32Table();\nfunction crc32(str) {\n let crc = 0xFFFFFFFF;\n for (let i = 0; i < str.length; i++) {\n const code = str.charCodeAt(i);\n crc = (crc >>> 8) ^ CRC32_TABLE[(crc ^ code) & 0xFF];\n }\n return (crc ^ 0xFFFFFFFF) >>> 0;\n}\n\nfunction computeKeyForPath(p) {\n // Use normalized relative path to project root\n const rel = path.normalize(path.relative(process.cwd(), p)).replace(/\\\\/g, '/');\n // Combine into 64-bit-like hex\n const big = (BigInt(adler32(rel) >>> 0) << 32n) | BigInt(crc32(rel) >>> 0);\n return big.toString(16);\n}\n\nfunction loadCache() {\n const map = new Map();\n try {\n if (!fs.existsSync(CACHE_FILE)) return map;\n // Read as buffer and try to decompress (Brotli). Fallback to plain text.\n let txt = null;\n try {\n const buf = fs.readFileSync(CACHE_FILE);\n const decompressed = zlib.brotliDecompressSync(buf);\n txt = decompressed.toString('utf8');\n } catch (e) {\n // fallback: try read as utf8 plain text\n try { txt = fs.readFileSync(CACHE_FILE, 'utf8'); } catch (e2) { txt = null; }\n }\n if (!txt) return map;\n const parts = txt.split(';');\n for (const p of parts) {\n if (!p) continue;\n const kv = p.split('=');\n if (kv.length !== 2) continue;\n // Decode hex to number\n try {\n const val = parseInt(kv[1], 16);\n if (!isNaN(val)) {\n map.set(kv[0], val);\n }\n } catch (e) {\n // skip invalid entry\n }\n }\n } catch (e) {\n // ignore parsing errors\n }\n return map;\n}\n\nfunction saveCache(map) {\n try {\n fs.mkdirSync(outputDir, { recursive: true });\n\n // Sort keys for better compression\n const sorted = Array.from(map.entries()).sort((a, b) => a[0].localeCompare(b[0]));\n\n const parts = [];\n for (const [k, v] of sorted) {\n parts.push(`${k}=${v.toString(16)}`);\n }\n const txt = parts.join(';');\n\n // Brotli with maximum compression quality\n const buf = zlib.brotliCompressSync(Buffer.from(txt, 'utf8'), {\n params: {\n [zlib.constants.BROTLI_PARAM_QUALITY]: zlib.constants.BROTLI_MAX_QUALITY,\n [zlib.constants.BROTLI_PARAM_MODE]: zlib.constants.BROTLI_MODE_TEXT\n }\n });\n fs.writeFileSync(CACHE_FILE, buf);\n } catch (e) {\n console.warn('[CACHE WRITE FAILED] ' + e.message);\n }\n}\n\nfunction processFile(srcFile, dstFile) {\n return new Promise((resolve) => {\n const worker = new Worker(path.join(__dirname, 'worker.js'), {\n workerData: { srcFile, dstFile },\n resourceLimits: {\n maxOldGenerationSizeMb: 2048,\n maxYoungGenerationSizeMb: 512\n }\n });\n\n worker.on('message', (result) => {\n stats.total++;\n\n if (result.type === 'minified') {\n stats.minified++;\n console.log(\"[MINIFIED] \" + result.srcFile);\n } else if (result.type === 'skipped') {\n stats.minified++;\n stats.skipped++;\n console.log(\"[SKIP] \" + result.srcFile);\n } else if (result.type === 'copied') {\n stats.copied++;\n copiedFiles.push(result.srcFile);\n console.log(\"[COPIED] \" + result.srcFile);\n } else if (result.type === 'copied-skip') {\n stats.copied++;\n stats.skipped++;\n console.log(\"[SKIP] \" + result.srcFile);\n } else if (result.type === 'failed') {\n stats.failed++;\n failedFiles.push({ file: result.srcFile, reason: result.error });\n console.warn(\"[FAILED] \" + result.srcFile + \" — \" + result.error);\n } else if (result.type === 'failed-skip') {\n stats.failed++;\n stats.skipped++;\n console.log(\"[SKIP/FAIL] \" + result.srcFile);\n } else {\n stats.failed++;\n failedFiles.push({ file: result.srcFile, reason: \"Read error: \" + result.error });\n console.warn(\"[ERROR/READ] \" + result.srcFile + \" — \" + result.error);\n }\n\n resolve();\n });\n\n worker.on('error', (err) => {\n stats.failed++;\n failedFiles.push({ file: srcFile, reason: err.message });\n console.warn(\"[ERROR] \" + srcFile + \" — \" + err.message);\n resolve();\n });\n\n worker.on('exit', (code) => {\n if (code !== 0) {\n stats.failed++;\n failedFiles.push({ file: srcFile, reason: `Worker stopped with exit code ${code}` });\n console.warn(\"[ERROR] \" + srcFile + \" — Worker stopped with exit code \" + code);\n resolve();\n }\n });\n });\n}\n\n// Process files in parallel with concurrency limit\nasync function processFilesInParallel(files) {\n let currentIndex = 0;\n const workers = [];\n\n for (let i = 0; i < MAX_PARALLEL; i++) {\n workers.push(\n (async () => {\n while (currentIndex < files.length) {\n const index = currentIndex++;\n if (index < files.length) {\n const fileTask = files[index];\n await processFile(fileTask.src, fileTask.dst);\n }\n }\n })()\n );\n }\n\n await Promise.all(workers);\n}\n\nfunction collectFiles(srcDir, relBase, dstBase, fileList = []) {\n const items = fs.readdirSync(srcDir);\n for (const item of items) {\n const\n srcPath = path.join(srcDir, item),\n stat = fs.statSync(srcPath);\n\n if (stat.isDirectory()) {\n collectFiles(srcPath, relBase, dstBase, fileList);\n } else {\n fileList.push({\n src: srcPath,\n dst: path.join(dstBase, path.relative(relBase, srcPath))\n });\n }\n }\n return fileList;\n}\n\nfunction getAllFilesInDir(dir, fileList = []) {\n if (!fs.existsSync(dir)) return fileList;\n\n const items = fs.readdirSync(dir);\n for (const item of items) {\n const\n fullPath = path.join(dir, item),\n stat = fs.statSync(fullPath);\n\n if (stat.isDirectory()) {\n getAllFilesInDir(fullPath, fileList);\n } else {\n fileList.push(fullPath);\n }\n }\n return fileList;\n}\n\nfunction syncDeleteOldFiles(expectedFiles) {\n const\n expectedSet = new Set(expectedFiles.map(f => path.normalize(f.dst))),\n existingFiles = getAllFilesInDir(outputDir);\n\n let deletedCount = 0;\n for (const existingFile of existingFiles) {\n const normalized = path.normalize(existingFile);\n\n // Skip cache file itself\n if (normalized === path.normalize(CACHE_FILE)) {\n continue;\n }\n\n if (!expectedSet.has(normalized)) {\n try {\n fs.unlinkSync(existingFile);\n console.log(\"[DELETED] \" + path.relative(process.cwd(), existingFile));\n deletedCount++;\n } catch (e) {\n console.warn(\"[DELETE FAILED] \" + existingFile + \" — \" + e.message);\n }\n }\n }\n\n deleteEmptyDirs(outputDir);\n\n return deletedCount;\n}\n\n\nfunction deleteEmptyDirs(dir) {\n if (!fs.existsSync(dir)) return;\n\n const items = fs.readdirSync(dir);\n for (const item of items) {\n const fullPath = path.join(dir, item);\n if (fs.statSync(fullPath).isDirectory()) {\n deleteEmptyDirs(fullPath);\n }\n }\n\n if (fs.readdirSync(dir).length === 0 && dir !== outputDir) {\n fs.rmdirSync(dir);\n }\n}\n\n(async () => {\n console.log(`[i] Processing with ${MAX_PARALLEL} parallel workers...\\n`);\n\n const allFiles = [];\n\n for (const dir of inputDirs) {\n if (fs.existsSync(dir)) {\n const dstSubdir = path.join(outputDir, path.basename(dir));\n collectFiles(dir, dir, dstSubdir, allFiles);\n } else {\n console.warn(\"[SKIP] Dir not found: \" + dir);\n }\n }\n\n console.log(`[i] Found ${allFiles.length} files to process\\n`);\n\n // Delete obsolete files FIRST (before any other output)\n stats.deleted = syncDeleteOldFiles(allFiles);\n if (stats.deleted > 0) {\n console.log(`[i] Deleted ${stats.deleted} obsolete files\\n`);\n }\n\n // Load cache and filter files unchanged by mtime\n const\n cache = loadCache(),\n newCache = new Map(),\n toProcess = [];\n\n for (const f of allFiles) {\n try {\n const st = fs.statSync(f.src);\n const mtime = Math.floor(st.mtimeMs);\n const key = computeKeyForPath(f.src);\n\n // Always update cache with current mtime\n newCache.set(key, mtime);\n\n // Check if file unchanged\n if (cache.has(key) && cache.get(key) === mtime) {\n stats.skipped++;\n console.log(\"[SKIP] \" + f.src);\n continue;\n }\n } catch (e) {\n // couldn't stat - process to be safe\n }\n toProcess.push(f);\n }\n\n if (stats.skipped > 0) {\n console.log(`\\n[i] Skipped ${stats.skipped} unchanged files (cache)`);\n }\n\n await processFilesInParallel(toProcess);\n\n // Update cache with current mtime values\n saveCache(newCache);\n\n let report = \"\\n[V] Done!\\n\" +\n `— Total: ${stats.total}\\n` +\n `— Minified: ${stats.minified}\\n` +\n `— Copied: ${stats.copied}\\n` +\n `— Failed: ${stats.failed}\\n` +\n `— Skipped: ${stats.skipped}\\n` +\n `— Deleted: ${stats.deleted}\\n`;\n\n if (copiedFiles.length > 0) {\n report += \"\\n[I] Copied (unsupported extension):\\n\" + copiedFiles.map((f) => \" • \" + f).join(\"\\n\") + \"\\n\";\n }\n\n if (failedFiles.length > 0) {\n report += \"\\n[X] Failed to minify:\\n\" + failedFiles.map((f) => ` • ${f.file} — ${f.reason}`).join(\"\\n\") + \"\\n\";\n }\n\n console.log(report);\n})();\n" }, { "path": "autotools/dbcompiler/worker.js", "content": "const { parentPort, workerData } = require(\"worker_threads\");\nconst fs = require(\"fs\");\nconst path = require(\"path\");\nconst UglifyJS = require(\"uglify-js\");\n\nfunction writeIfChanged(filePath, newContent) {\n if (fs.existsSync(filePath)) {\n try {\n const existingContent = fs.readFileSync(filePath, \"utf8\");\n if (existingContent === newContent) {\n return false;\n }\n } catch (e) { }\n }\n fs.writeFileSync(filePath, newContent, \"utf8\");\n return true;\n}\n\nfunction shouldMinify(filePath) {\n const ext = path.extname(filePath).toLowerCase();\n return ext === \".sg\" || ext === \"\";\n}\n\n/**\n * Universal safe JavaScript parser\n * Skips strings, regular expressions and comments\n * @param {string} text - input JS code\n * @param {function} replacer - Callback: (codeFragment, position, fullText) => {replacement, offset} | null\n * @returns {string} - processed code\n */\nfunction parseJSCodeSafe(text, replacer) {\n let result = '';\n let i = 0;\n\n while (i < text.length) {\n const char = text[i];\n\n // Comments\n if (char === '/') {\n // Single-line comment: //\n if (i + 1 < text.length && text[i + 1] === '/') {\n result += '//';\n i += 2;\n while (i < text.length && text[i] !== '\\n' && text[i] !== '\\r') {\n result += text[i++];\n }\n // Include newline characters\n while (i < text.length && (text[i] === '\\r' || text[i] === '\\n')) {\n result += text[i++];\n }\n continue;\n }\n\n // Multi-line comment: /* */\n if (i + 1 < text.length && text[i + 1] === '*') {\n result += '/*';\n i += 2;\n while (i < text.length) {\n if (text[i] === '*' && i + 1 < text.length && text[i + 1] === '/') {\n result += '*/';\n i += 2;\n break;\n }\n result += text[i++];\n }\n continue;\n }\n }\n\n // Strings\n if (char === '\"' || char === \"'\" || char === '`') {\n const quote = char;\n result += char;\n i++;\n\n while (i < text.length) {\n const c = text[i];\n result += c;\n i++;\n\n if (c === '\\\\' && i < text.length) {\n // Escaped character\n result += text[i++];\n } else if (c === quote) {\n // Closing quote\n break;\n }\n }\n continue;\n }\n\n // Regular expressions\n if (char === '/') {\n // Heuristic: check context before '/'\n const before = text.substring(Math.max(0, i - 30), i).trim();\n const isLikelyRegex = /[\\(=,;:!&|?{}\\[\\]]\\s*$/.test(before) ||\n /^(return|throw|=>)\\s*$/.test(before) ||\n before === '';\n\n if (isLikelyRegex) {\n result += char;\n i++;\n\n while (i < text.length) {\n const c = text[i];\n result += c;\n i++;\n\n if (c === '\\\\' && i < text.length) {\n // Escaped character in regex\n result += text[i++];\n } else if (c === '/') {\n // Closing '/', read flags\n while (i < text.length && /[gimsuvy]/.test(text[i])) {\n result += text[i++];\n }\n break;\n }\n }\n continue;\n }\n }\n\n // Regular code\n const remaining = text.substring(i);\n const replaceResult = replacer(remaining, i, text);\n\n if (replaceResult && replaceResult.replacement !== null && replaceResult.offset > 0) {\n result += replaceResult.replacement;\n i += replaceResult.offset;\n } else {\n result += char;\n i++;\n }\n }\n\n return result;\n}\n\n/**\n * Replace `let` with `var`\n */\nfunction replaceLetWithVarSafe(text) {\n return parseJSCodeSafe(text, (fragment) => {\n // Check if fragment starts with a valid identifier character\n if (!/^[a-zA-Z_$]/.test(fragment)) {\n return null;\n }\n\n // Read complete identifier\n let word = '';\n let offset = 0;\n while (offset < fragment.length && /[a-zA-Z0-9_$]/.test(fragment[offset])) {\n word += fragment[offset++];\n }\n // Replace only 'let'; return other identifiers unchanged\n if (word === 'let') {\n return { replacement: 'var', offset };\n } else {\n return { replacement: word, offset };\n }\n });\n}\n\n/**\n * Replace arrow functions with traditional functions\n * Direct regex replacement after minification\n */\nfunction replaceArrowFunctions(text) {\n // Simple direct replacement without complex parsing\n // UglifyJS output doesn't have regex/string issues with arrow functions\n\n // 1. ()=>{...} -> function(){...}\n text = text.replace(/\\(\\)\\s*=>\\s*\\{/g, 'function(){');\n\n // 2. (args)=>{...} -> function(args){...}\n // Match balanced parentheses\n text = text.replace(/\\(([^()]*)\\)\\s*=>\\s*\\{/g, 'function($1){');\n\n // 3. Single arg with block: arg=>{...} -> function(arg){...}\n text = text.replace(/\\b([a-zA-Z_$][\\w$]*)\\s*=>\\s*\\{/g, 'function($1){');\n\n // 4. Concise forms (no braces) - need to find expression end\n // ()=>expr -> function(){return expr}\n // This is complex, skip for now as UglifyJS typically uses braces\n\n return text;\n}\n\nfunction fixDeleteStatements(text) {\n return parseJSCodeSafe(text, (fragment) => {\n const match = fragment.match(/^delete\\s+([a-zA-Z_$][\\w$]*)(\\s*;?)/);\n\n if (!match) {\n return null;\n }\n\n const varName = match[1];\n const trailing = match[2];\n\n // Check that this is not delete obj.prop or delete arr[0]\n const afterMatch = fragment.substring(match[0].length);\n if (afterMatch.length > 0 && /^[.\\[]/.test(afterMatch)) {\n // This is a property delete, leave unchanged\n return {\n replacement: match[0],\n offset: match[0].length\n };\n }\n\n // Replace delete varName with varName=undefined\n return {\n replacement: varName + '=undefined' + trailing,\n offset: match[0].length\n };\n });\n}\n\n/**\n * Safely replaces the value of bDetected variable by toggling its boolean state.\n * \n * @param {string} text - The JavaScript code text to parse and process\n * @returns {string} The text with bDetected values toggled (0 becomes 1, 1 becomes 0)\n * \n * @description\n * Parses the provided text using parseJSCodeSafe and searches for patterns matching\n * \"bDetected = !0\" or \"bDetected = !1\". When found, toggles the numeric value and\n * returns the modified text with the replacement applied.\n * \n * @example\n * replaceBDetectedSafe('bDetected = !0'); // Returns: 'bDetected=1'\n * replaceBDetectedSafe('bDetected = !1'); // Returns: 'bDetected=0'\n */\nfunction replaceBDetectedSafe(text) {\n return parseJSCodeSafe(text, (fragment) => {\n const match = fragment.match(/^bDetected\\s*=\\s*!\\s*([01])/);\n\n if (match) {\n const newValue = match[1] === '0' ? '1' : '0';\n return {\n replacement: 'bDetected=' + newValue,\n offset: match[0].length\n };\n }\n\n return null;\n });\n}\n\n/**\n * Replaces common constructor calls with their simplified equivalents in JavaScript code.\n * \n * Safely transforms:\n * - `String()` → `\"\"`\n * - `Boolean()` → `!1`\n * - `Number()` → `0`\n * \n * Only replaces constructors that are not preceded by a dot (.) or identifier character,\n * ensuring that property accesses and method calls are not affected.\n * \n * @param {string} text - The JavaScript code text to process\n * @returns {string} The text with constructor calls replaced by their simplified forms\n */\nfunction replaceConstructorsSafe(text) {\n return parseJSCodeSafe(text, (fragment, index, fullText) => {\n // Check context: there should be no dot or identifier character before\n const charBefore = index > 0 ? fullText[index - 1] : '';\n if (charBefore === '.' || /[a-zA-Z0-9_$]/.test(charBefore)) {\n return null;\n }\n\n let match;\n\n // String() -> \"\"\n match = fragment.match(/^String\\s*\\(\\s*\\)/);\n if (match) {\n return {\n replacement: '\"\"',\n offset: match[0].length\n };\n }\n\n // Boolean() -> !1\n match = fragment.match(/^Boolean\\s*\\(\\s*\\)/);\n if (match) {\n return {\n replacement: '!1',\n offset: match[0].length\n };\n }\n\n // Number() -> 0\n match = fragment.match(/^Number\\s*\\(\\s*\\)/);\n if (match) {\n return {\n replacement: '0',\n offset: match[0].length\n };\n }\n\n return null;\n });\n}\n\n// Main\nconst { srcFile, dstFile } = workerData;\n\nlet result = {\n success: false,\n srcFile: srcFile,\n type: 'unknown',\n error: null\n};\n\ntry {\n const text = fs.readFileSync(srcFile, \"utf8\");\n\n if (shouldMinify(srcFile)) {\n try {\n // Step 1: fix delete statements BEFORE minification\n const fixedText = fixDeleteStatements(text);\n\n // Step 2: Minification\n const uglifyResult = UglifyJS.minify(fixedText, {\n compress: true,\n mangle: true,\n parse: {\n bare_returns: true,\n },\n output: {\n beautify: false,\n comments: false,\n semicolons: false,\n },\n });\n\n if (uglifyResult.error) throw uglifyResult.error;\n\n // Step 3: Post-processing for legacy compatibility\n const legacyCompatibleCode = replaceConstructorsSafe(\n replaceBDetectedSafe(\n replaceArrowFunctions(\n replaceLetWithVarSafe(uglifyResult.code.trim())\n )\n )\n );\n\n fs.mkdirSync(path.dirname(dstFile), { recursive: true });\n const wasWritten = writeIfChanged(dstFile, legacyCompatibleCode);\n\n result.success = true;\n result.type = wasWritten ? 'minified' : 'skipped';\n } catch (e) {\n fs.mkdirSync(path.dirname(dstFile), { recursive: true });\n const wasWritten = writeIfChanged(dstFile, text);\n\n result.success = false;\n result.type = wasWritten ? 'failed' : 'failed-skip';\n result.error = e.message;\n }\n } else {\n fs.mkdirSync(path.dirname(dstFile), { recursive: true });\n const wasWritten = writeIfChanged(dstFile, text);\n\n result.success = true;\n result.type = wasWritten ? 'copied' : 'copied-skip';\n }\n} catch (e) {\n result.success = false;\n result.type = 'error';\n result.error = e.message;\n}\n\nparentPort.postMessage(result);\n" }, { "path": "autotools/dbupdater/task.py", "content": "import os\nimport sys\n\ndef count_signatures(base_path='../db'):\n # Verify base path exists\n if not os.path.exists(base_path):\n print(f\"Error: Base path '{base_path}' does not exist.\")\n return\n \n # Dictionary to hold subfolder and signature count\n signature_count = {}\n \n # Walk through each directory and count .sg files\n for root, dirs, files in os.walk(base_path):\n # Get relative subfolder path\n relative_path = os.path.relpath(root, base_path)\n \n # Skip the root path itself\n if relative_path == \".\" or \".vscode\" in relative_path:\n continue\n \n # Count .sg files in the current directory\n count = sum(1 for file in files if file.endswith('.sg'))\n signature_count[relative_path] = count\n \n # Generate Markdown table\n for subfolder, count in signature_count.items():\n print(f\"{subfolder} : {count}\")\n\nif __name__ == \"__main__\":\n # Get base path from command-line argument or use default\n base_path = sys.argv[1] if len(sys.argv) > 1 else '../db'\n count_signatures(base_path)\n" }, { "path": "autotools/partner/CONFIG", "content": "COMPILED_MAIN=/dbs_min/db\nCOMPILED_EXTRA=/dbs_min/db_extra" }, { "path": "changelog.txt", "content": "3.11\n-----------------------------------------------------------------------\n[+] Build instructions for openSuse, Fedora, Arch Linux, WSL\n[+] Microsoft Store port\n[+] Downloads/tray monitoring, system env. variable\n[+] Configurable BufferSize\n[+] Improved Heuristic module for PE by DosX_dev\n[+] New detects and optimization of all scripts (thanks to DosX_dev, hypn0, Kae, BJNFNE and all contributors)\n[+] New scanning method: PEiD\n[+] Some GUI changes\n[+] Many bugs have been fixed\n#######################################################################\n\n3.10\n-----------------------------------------------------------------------\n[+] Bundle for Ubuntu 24.04 and 24.10\n[+] APK/DEX/NPM/Amiga support\n[+] Improved \"Visualization\" widget\n[+] Improved Heuristic module for PE (thanks to DosX_dev)\n[+] New \"extra\" database for not basic detections\n[+] New detects and optimization of all scripts (thanks to DosX_dev, hypn0, Kae and all contributors)\n[+] Some GUI changes\n[+] Many bugs have been fixed\n#######################################################################\n\n3.09\n-----------------------------------------------------------------------\n[+] Bundle for Ubuntu 23.10\n[+] Bundle for Kali Linux \n[+] Bundle for Parrot Linux\n[+] Yara widget\n[+] New Heuristic module (thanks DosX_dev)\n[+] New detects\n[+] New translations\n[+] Many bugs have been fixed\n#######################################################################\n\n3.08\n-----------------------------------------------------------------------\n[+] Bundle for Ubuntu 23.04\n[+] Visualization\n[+] New widgets\n[+] New detects\n[+] New translations\n[+] Many bugs have been fixed\n#######################################################################\n\n3.07\n-----------------------------------------------------------------------\n[+] Bundle for Ubuntu 22.10\n[+] New style\n[+] New widgets\n[+] New detects\n[+] New translations\n[+] Many bugs have been fixed\n#######################################################################\n\n3.06\n-----------------------------------------------------------------------\n[+] Bundle for Arch Linux\n[+] VirusTotal analysis\n[+] New widgets\n[+] New detects\n[+] New translations\n[+] Many bugs have been fixed\n#######################################################################\n\n3.05\n-----------------------------------------------------------------------\n[+] Bundle for Ubuntu 22.04\n[+] Bundle for Apple M1 processor\n[+] MACHOFAT support\n[+] Colored output for console\n[+] New detects\n[+] New translations\n[+] Many bugs have been fixed\n#######################################################################\n\n3.04\n-----------------------------------------------------------------------\n[+] Source code Qt6 compatibility\n[+] Signed zip bundle for macOS\n[+] Signed pkg installer for macOS\n[+] New file info module\n[+] New console features\n[+] New detects\n[+] New \"All types\" mode\n[+] Recursive scan\n[+] Tree view for DiE engine\n[+] Qwt 6.2.0\n[+] New translations\n[+] Many bugs have been fixed\n#######################################################################\n\n3.03\n-----------------------------------------------------------------------\n[+] New detects\n[+] Lite version\n[+] Folders scan\n[+] Console version can export CSV and TSV\n[+] CMAKE build system\n[+] New translations\n[+] Many bugs have been fixed\n#######################################################################\n\n3.02\n-----------------------------------------------------------------------\n[+] Crypto signatures\n[+] New MachO widget\n[+] Qwt 6.1.6\n[+] Linux AppImage\n[+] Autotools build system\n[+] Many bugs have been fixed\n#######################################################################\n\n3.01\n-----------------------------------------------------------------------\n[+] Qt 5.15.2\n[+] x64 version for Windows\n[+] New HEX editor\n[+] New Disassembler(x86,ARM,MIPS,PPC,M68K)\n[+] MIME detection\n[+] APK/DEX detection\n[+] New translations (Italian, Turkish, Korean, Spanish, French, Portuguese)\n[+] Many bugs have been fixed\n#######################################################################\n\n3.00\n-----------------------------------------------------------------------\n[+] Qt 5.12.8\n[+] New HEX editor\n[+] New Disassembler\n[+] New scan engine\n#######################################################################\n\n2.06\n-----------------------------------------------------------------------\n[+] Qt 5.12.4\n[+] Many bugs have been fixed.\n#######################################################################\n\n2.05\n-----------------------------------------------------------------------\n[+] Many bugs have been fixed.\n[+] JSON output in console version\n[+] No UPX build for Windows version\n (DiE packed with UPX has AntiVirus alerts)\n#######################################################################\n\n2.04\n-----------------------------------------------------------------------\n[+] Many bugs have been fixed\n#######################################################################\n\n2.03\n-----------------------------------------------------------------------\n[+] Windows XP support for YARA\n[+] New detects\n[+] Many bugs have been fixed\n#######################################################################\n\n2.02\n-----------------------------------------------------------------------\n[+] Qt 5.6.3\n[+] Qwt 6.1.4\n[+] New scanning method: YARA\n[+] New detects\n[+] Many bugs have been fixed\n#######################################################################\n\n2.01\n-----------------------------------------------------------------------\n[+] New icons and images(Thanks Metabolic)\n[+] New scan options \"Set column size to contents\"\n[+] New signatures\n[+] New script's functions:\n - bool isExportPresent()\n - bool isTLSPresent()\n - bool isImportPresent()\n - bool isResourcePresent()\n - bool isExportFunctionPresent(QString sFunctionName)\n - bool isExportFunctionPresentExp(QString sFunctionName)\n[+] Donate page in About dialog\n[+] Many bugs have been fixed\n#######################################################################\n\n2.00\n-----------------------------------------------------------------------\n[+] More than 500 new detects (thanks hypn0 and other contributors)\n[+] New experimental scanning method\n[+] Many bugs have been fixed\n#######################################################################\n" }, { "path": "db/.vscode/about.txt", "content": "This directory is responsible for correct recognition of *.sg files by Visual Studio Code. You can delete it if you don't need it." }, { "path": "db/.vscode/settings.json", "content": "{\n \"files.associations\": {\n \"*.sg\": \"javascript\"\n }\n}" }, { "path": "db/ACE", "content": "// Detect It Easy: DiE-JS framework file\r\n// Don't change anything unless you're sure about what you're doing\r\n\r\n// Detect an ACE archive.\r\n// Author: Jason Hood \r\n/*\r\n Only tested with 2.04.\r\n*/\r\n\r\nincludeScript(\"archive-file\");\r\nsName = \"ACE\";\r\n\r\nfunction detect_ACE(bFile) {\r\n var nOffset, nSize;\r\n\r\n if (bFile) {\r\n nOffset = 0;\r\n nSize = File.getSize();\r\n } else {\r\n nOffset = File.getOverlayOffset();\r\n nSize = File.getOverlaySize();\r\n }\r\n\r\n if (nSize > 48) {\r\n if (File.compare(\"'**ACE**'\", nOffset + 7)) {\r\n bDetected = true;\r\n sVersion = \"2\";\r\n\r\n if (File.readByte(nOffset + 6) & 0x80) {\r\n sOptions = \"solid\";\r\n }\r\n\r\n if (File.compare(\"'UNREGISTERED'\", nOffset + 32)) {\r\n sOptions = sOptions.append(\"unregistered\");\r\n }\r\n\r\n // Not sure about this...\r\n var nOffset = File.findSignature(nOffset + 0x20, 128, \"000101\");\r\n if (nOffset != -1) {\r\n nOffset -= 3;\r\n while (nOffset < File.getSize()) {\r\n var nPacked = File.readDword(nOffset + 7);\r\n Archive.add(File.readDword(nOffset + 11), nPacked,\r\n File.readByte(nOffset + 19) & 16);\r\n nOffset += 0x23 + File.readWord(nOffset + 0x21) + nPacked;\r\n }\r\n sOptions = sOptions.append(Archive.contents());\r\n }\r\n }\r\n }\r\n}" }, { "path": "db/APK/_APK.0.sg", "content": "// Detect It Easy: detection rule file\r\n// Author: horsicq \r\n\r\nmeta(\"operation system\", \"Android\");\r\n\r\nfunction detect() {\r\n if (APK.isVerbose()) {\r\n sName = APK.getOperationSystemName();\r\n sVersion = APK.getOperationSystemVersion();\r\n sOptions = APK.getOperationSystemOptions();\r\n\r\n bDetected = true;\r\n }\r\n\r\n return result();\r\n}\r\n" }, { "path": "db/APK/_init", "content": "// Detect It Easy: DiE-JS framework file\r\n// Don't change anything unless you're sure about what you're doing\r\n\r\nvar File = APK;\r\nvar X = APK;" }, { "path": "db/APK/library_IL2CPP.4.sg", "content": "// Detect It Easy: detection rule file\n\n// Author: DosX\n// E-Mail: collab@kay-software.ru\n// GitHub: https://github.com/DosX-dev\n// Telegram: @DosX_dev\n\nmeta(\"library\", \"IL2CPP\");\n\nfunction detect() {\n bDetected = APK.isArchiveRecordPresent(\"lib/armeabi-v7a/libil2cpp.so\");\n\n sLang = \"C#\";\n\n return result();\n}" }, { "path": "db/APK/library_SandHook.4.sg", "content": "// Detect It Easy: detection rule file\n\n// Author: DosX\n// E-Mail: collab@kay-software.ru\n// GitHub: https://github.com/DosX-dev\n// Telegram: @DosX_dev\n\nmeta(\"library\", \"SandHook\");\n\nfunction detect() {\n bDetected =\n APK.isArchiveRecordPresent(\"lib/arm64-v8a/libsandhook-native.so\") ||\n APK.isArchiveRecordPresent(\"lib/arm64-v8a/libsandhook.so\") ||\n APK.isArchiveRecordPresent(\"lib/armeabi-v7a/libsandhook-native.so\") ||\n APK.isArchiveRecordPresent(\"lib/armeabi-v7a/libsandhook.so\");\n\n return result();\n}" }, { "path": "db/APK/library_UnicomSDK.4.sg", "content": "// Detect It Easy: detection rule file\n\n// Author: DosX\n// E-Mail: collab@kay-software.ru\n// GitHub: https://github.com/DosX-dev\n// Telegram: @DosX_dev\n\nmeta(\"library\", \"UnicomSDK\");\n\nfunction detect() {\n bDetected =\n APK.isArchiveRecordPresent(\"assets/arm64-v8a/libunicomSimplesdk.dat\") ||\n APK.isArchiveRecordPresent(\"assets/arm64-v8a/libunicomsdk.jar\") ||\n APK.isArchiveRecordPresent(\"assets/armeabi-v7a/libdecrypt.jar\") ||\n APK.isArchiveRecordPresent(\"assets/x86/libunicomSimplesdk.dat\") ||\n APK.isArchiveRecordPresent(\"assets/arm64-v8a/libdecrypt.jar\") ||\n APK.isArchiveRecordPresent(\"assets/x86/libunicomsdk.jar\") ||\n APK.isArchiveRecordPresent(\"assets/unicom_resource.dat\") ||\n APK.isArchiveRecordPresent(\"assets/x86/libdecrypt.jar\") ||\n APK.isArchiveRecordPresent(\"assets/classes.jar\");\n\n return result();\n}" }, { "path": "db/APK/library_Unity.4.sg", "content": "// Detect It Easy: detection rule file\n\n// Author: DosX\n// E-Mail: collab@kay-software.ru\n// GitHub: https://github.com/DosX-dev\n// Telegram: @DosX_dev\n\nmeta(\"library\", \"Unity\");\n\nfunction detect() {\n bDetected = APK.isArchiveRecordPresent(\"lib/armeabi-v7a/libunity.so\");\n\n return result();\n}" }, { "path": "db/APK/package_PackageName.1.sg", "content": "// Detect It Easy: detection rule file\r\n// Author: horsicq \r\n\r\nmeta(\"package\", \"\");\r\n\r\nfunction detect() {\r\n var _sName = APK.getAndroidManifestRecord(\"package\");\r\n\r\n if (_sName) {\r\n sName = _sName;\r\n sVersion = APK.getAndroidManifestRecord(\"android:versionName\");\r\n bDetected = true;\r\n }\r\n\r\n return result();\r\n}\r\n" }, { "path": "db/APK/packer_Kony.2.sg", "content": "// Detect It Easy: detection rule file\n\n// Author: DosX\n// E-Mail: collab@kay-software.ru\n// GitHub: https://github.com/DosX-dev\n// Telegram: @DosX_dev\n\nmeta(\"packer\", \"Kony\");\n\nfunction detect() {\n bDetected = APK.isArchiveRecordPresent(\"libkonyjsvm.so\");\n\n return result();\n}" }, { "path": "db/APK/protector_APKProtect.2.sg", "content": "// Detect It Easy: detection rule file\n\n// Author: DosX\n// E-Mail: collab@kay-software.ru\n// GitHub: https://github.com/DosX-dev\n// Telegram: @DosX_dev\n\nmeta(\"protector\", \"APKProtect\");\n\nfunction detect() {\n bDetected =\n APK.isArchiveRecordPresent(\"apkprotect.com/key.dat\") ||\n APK.isArchiveRecordPresent(\"lib/armeabi-v7a/libAPKProtect.so\") ||\n APK.isArchiveRecordPresent(\"lib/armeabi/libAPKProtect.so\");\n\n return result();\n}" }, { "path": "db/APK/protector_APKProtector.2.sg", "content": "// Detect It Easy: detection rule file\n\n// Author: DosX\n// E-Mail: collab@kay-software.ru\n// GitHub: https://github.com/DosX-dev\n// Telegram: @DosX_dev\n\nmeta(\"protector\", \"APKProtector\");\n\nfunction detect() {\n bDetected =\n APK.isArchiveRecordPresent(\"assets/ap.others/apkprotect.bin\") ||\n APK.isArchiveRecordPresent(\"assets/ap.src/apkprotect-v1.bin\") ||\n APK.isArchiveRecordPresent(\"assets/ap.src/apkprotect-v2.bin\") ||\n APK.isArchiveRecordPresent(\"assets/ap.src/apkprotect-v3.bin\") ||\n APK.isArchiveRecordPresent(\"lib/arm64-v8a/libapkprotect.so\") ||\n APK.isArchiveRecordPresent(\"lib/armeabi-v7a/libapkprotect.so\") ||\n APK.isArchiveRecordPresent(\"lib/x86/libapkprotect.so\") ||\n APK.isArchiveRecordPresent(\"lib/x86_64/libapkprotect.so\");\n\n return result();\n}" }, { "path": "db/APK/protector_AlibabaProtection.2.sg", "content": "// Detect It Easy: detection rule file\n\n// Author: DosX\n// E-Mail: collab@kay-software.ru\n// GitHub: https://github.com/DosX-dev\n// Telegram: @DosX_dev\n\nmeta(\"protector\", \"AlibabaProtection\");\n\nfunction detect() {\n bDetected =\n APK.isArchiveRecordPresent(\"lib/armeabi-v7a/libmobisec.so\") ||\n APK.isArchiveRecordPresent(\"lib/armeabi/libmobisec.so\") ||\n APK.isArchiveRecordPresent(\"lib/x86/libmobisec.so\");\n\n return result();\n}" }, { "path": "db/APK/protector_AndroidRepublic.2.sg", "content": "// Detect It Easy: detection rule file\n\n// Author: DosX\n// E-Mail: collab@kay-software.ru\n// GitHub: https://github.com/DosX-dev\n// Telegram: @DosX_dev\n\nmeta(\"protector\", \"AndroidRepublic\");\n\nfunction detect() {\n if (APK.isArchiveRecordPresentExp(APK.isArchiveRecordPresent(/assets\\/androidrepublic\\.org\\/(.*)\\.png/))) {\n sVersion = \"VIP\";\n bDetected = true;\n } else if (APK.isArchiveRecordPresentExp(\"assets/emt.androidrepublic/config.png\")) {\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/APK/protector_AppGuard.2.sg", "content": "// Detect It Easy: detection rule file\n\n// Author: DosX\n// E-Mail: collab@kay-software.ru\n// GitHub: https://github.com/DosX-dev\n// Telegram: @DosX_dev\n\nmeta(\"protector\", \"AppGuard\");\n\nfunction detect() {\n bDetected =\n APK.isArchiveRecordPresent(\"assets/AppGuard.dgc\") ||\n APK.isArchiveRecordPresent(\"assets/AppGuard0.jar\") ||\n APK.isArchiveRecordPresent(\"lib/armeabi-v7a/libAppGuard.so\") ||\n APK.isArchiveRecordPresent(\"lib/armeabi/libAppGuard-x86.so\") ||\n APK.isArchiveRecordPresent(\"lib/armeabi/libAppGuard.so\");\n\n return result();\n}" }, { "path": "db/APK/protector_AppSolid.2.sg", "content": "// Detect It Easy: detection rule file\n\n// Author: DosX\n// E-Mail: collab@kay-software.ru\n// GitHub: https://github.com/DosX-dev\n// Telegram: @DosX_dev\n\nmeta(\"protector\", \"AppSolid\");\n\nfunction detect() {\n bDetected = APK.isArchiveRecordPresent(\"assets/high_resolution.png\");\n\n return result();\n}" }, { "path": "db/APK/protector_BaiduProtection.2.sg", "content": "// Detect It Easy: detection rule file\n\n// Author: DosX\n// E-Mail: collab@kay-software.ru\n// GitHub: https://github.com/DosX-dev\n// Telegram: @DosX_dev\n\nmeta(\"protector\", \"BaiduProtection\");\n\nfunction detect() {\n bDetected =\n APK.isArchiveRecordPresent(\"assets/baiduprotect.jar\") ||\n APK.isArchiveRecordPresent(\"assets/libbaiduprotect_x86.so\") ||\n APK.isArchiveRecordPresent(\"lib/armeabi-v7a/libbaiduprotect.so\") ||\n APK.isArchiveRecordPresent(\"lib/armeabi/libbaiduprotect.so\") ||\n APK.isArchiveRecordPresent(\"lib/mips/libbaiduprotect.so\") ||\n APK.isArchiveRecordPresent(\"lib/x86/libbaiduprotect.so\");\n\n return result();\n}" }, { "path": "db/APK/protector_BangBangReinforcement.2.sg", "content": "// Detect It Easy: detection rule file\n\n// Author: DosX\n// E-Mail: collab@kay-software.ru\n// GitHub: https://github.com/DosX-dev\n// Telegram: @DosX_dev\n\nmeta(\"protector\", \"BangBang Reinforcement\");\n\nfunction detect() {\n bDetected =\n APK.isArchiveRecordPresent(\"assets/autostreets.com_cert_chain.cer\") ||\n APK.isArchiveRecordPresent(\"assets/da.js\") ||\n APK.isArchiveRecordPresent(\"assets/img.autostreetscdn.com_cert.cer\") ||\n APK.isArchiveRecordPresent(\"assets/QMUIWebviewBridge.js\") ||\n APK.isArchiveRecordPresent(\"assets/info.y\") ||\n APK.isArchiveRecordPresent(\"assets/main.js\") ||\n APK.isArchiveRecordPresent(\"assets/weex-main-jsfm.js\") ||\n APK.isArchiveRecordPresent(\"assets/weex-rax-api.js\") ||\n APK.isArchiveRecordPresent(\"assets/weex-rax-extra-api.js\") ||\n APK.isArchiveRecordPresent(\"lib/arm/libDexHelper.so\") ||\n APK.isArchiveRecordPresent(\"lib/arm/libdexjni.so\") ||\n APK.isArchiveRecordPresent(\"lib/arm/libDexHelper-x86.so\") ||\n APK.isArchiveRecordPresent(\"com/secneo/apkwrapper\");\n\n if (bDetected) sVersion = \"Enterprise\";\n\n return result();\n}" }, { "path": "db/APK/protector_BangcleProtection.2.sg", "content": "// Detect It Easy: detection rule file\n\n// Author: DosX\n// E-Mail: collab@kay-software.ru\n// GitHub: https://github.com/DosX-dev\n// Telegram: @DosX_dev\n\nmeta(\"protector\", \"BangcleProtection\");\n\nfunction detect() {\n bDetected =\n APK.isArchiveRecordPresent(\"lib/armeabi/libsecexe.so\") ||\n APK.isArchiveRecordPresent(\"lib/x86/libsecexe.so\");\n\n return result();\n}" }, { "path": "db/APK/protector_DXShield.2.sg", "content": "// Detect It Easy: detection rule file\n\n// Author: DosX\n// E-Mail: collab@kay-software.ru\n// GitHub: https://github.com/DosX-dev\n// Telegram: @DosX_dev\n\nmeta(\"protector\", \"DXShield\");\n\nfunction detect() {\n bDetected = APK.isArchiveRecordPresent(\"lib/armeabi/libdxbase.so\");\n\n return result();\n}" }, { "path": "db/APK/protector_DexProtector.2.sg", "content": "// Detect It Easy: detection rule file\n\n// Author: DosX\n// E-Mail: collab@kay-software.ru\n// GitHub: https://github.com/DosX-dev\n// Telegram: @DosX_dev\n\nmeta(\"protector\", \"DexProtector\");\n\nfunction detect() {\n bDetected =\n APK.isArchiveRecordPresent(\"assets/classes.dex.dat\") ||\n APK.isArchiveRecordPresent(\"assets/dp.arm-v7.so.dat\") ||\n APK.isArchiveRecordPresent(\"assets/dp.arm-v8.so.dat\") ||\n APK.isArchiveRecordPresent(\"assets/dp.arm.so.dat\") ||\n APK.isArchiveRecordPresent(\"assets/dp.mp3\") ||\n APK.isArchiveRecordPresent(\"assets/dp.x86.so.dat\") ||\n APK.isArchiveRecordPresent(\"assets/dp.x86_64.so.dat\") ||\n APK.isArchiveRecordPresent(\"lib/armeabi-v7a/libdexprotector.so\") ||\n APK.isArchiveRecordPresent(\"lib/armeabi/libdexprotector.so\") ||\n APK.isArchiveRecordPresent(\"assets/dp-lib/dp.kotlin-v1.lua.mph\") ||\n APK.isArchiveRecordPresent(\"assets/dexprotect/classes.dex.dat\");\n\n return result();\n}" }, { "path": "db/APK/protector_DingXiangReinforcement.2.sg", "content": "// Detect It Easy: detection rule file\n\n// Author: DosX\n// E-Mail: collab@kay-software.ru\n// GitHub: https://github.com/DosX-dev\n// Telegram: @DosX_dev\n\nmeta(\"protector\", \"DingXiang Reinforcement\");\n\nfunction detect() {\n bDetected =\n APK.isArchiveRecordPresent(\"com/security/shell/AppStub1\") ||\n APK.isArchiveRecordPresent(\"com/security/inner/stub000\");\n\n return result();\n}" }, { "path": "db/APK/protector_EasyShield.2.sg", "content": "// Detect It Easy: detection rule file\n\n// Author: DosX\n// E-Mail: collab@kay-software.ru\n// GitHub: https://github.com/DosX-dev\n// Telegram: @DosX_dev\n\nmeta(\"protector\", \"NetEase EasyShield\");\n\nfunction detect() {\n bDetected =\n APK.isArchiveRecordPresent(\"assets/nedata.db\") ||\n APK.isArchiveRecordPresent(\"assets/nedig.properties\") ||\n APK.isArchiveRecordPresent(\"lib/arm/libnesec.so\") ||\n APK.isArchiveRecordPresent(\"lib/arm/libnesec-x86.so\") ||\n APK.isArchiveRecordPresent(\"lib/arm/libnshelper.so\") ||\n APK.isArchiveRecordPresent(\"com/netease/nis/wrapper\") ||\n APK.isArchiveRecordPresent(\"com/netease/nis/wrapper/MyApplication\");\n\n return result();\n}" }, { "path": "db/APK/protector_ExTrus_AppDefence.2.sg", "content": "// Detect It Easy: detection rule file\n\n// Author: DosX\n// E-Mail: collab@kay-software.ru\n// GitHub: https://github.com/DosX-dev\n// Telegram: @DosX_dev\n\n// https://www.extrus.co.kr/en/products/appdefence\nmeta(\"protector\", \"ExTrus AppDefence\");\n\nfunction detect() {\n bDetected = APK.isArchiveRecordPresent(\"assets/appdefence_xml\");\n\n return result();\n}" }, { "path": "db/APK/protector_Gemalto.2.sg", "content": "// Detect It Easy: detection rule file\n\n// Author: DosX\n// E-Mail: collab@kay-software.ru\n// GitHub: https://github.com/DosX-dev\n// Telegram: @DosX_dev\n\nmeta(\"protector\", \"Gemalto\");\n\nfunction detect() {\n bDetected =\n APK.isArchiveRecordPresent(\"lib/arm64-v8a/libmedl.so\") ||\n APK.isArchiveRecordPresent(\"lib/armeabi-v7a/libmedl.so\") ||\n APK.isArchiveRecordPresent(\"lib/armeabi/libmedl.so\") ||\n APK.isArchiveRecordPresent(\"lib/mips/libmedl.so\") ||\n APK.isArchiveRecordPresent(\"lib/mips64/libmedl.so\") ||\n APK.isArchiveRecordPresent(\"lib/x86/libmedl.so\") ||\n APK.isArchiveRecordPresent(\"lib/x86_64/libmedl.so\");\n\n return result();\n}" }, { "path": "db/APK/protector_Hdus-Wjus.2.sg", "content": "// Detect It Easy: detection rule file\n\n// Author: DosX\n// E-Mail: collab@kay-software.ru\n// GitHub: https://github.com/DosX-dev\n// Telegram: @DosX_dev\n\nmeta(\"protector\", \"Hdus-Wjus\");\n\nfunction detect() {\n bDetected =\n APK.isArchiveRecordPresent(\"lib/armeabi/libhdus.so\") ||\n APK.isArchiveRecordPresent(\"lib/armeabi/libwjus.so\");\n\n return result();\n}" }, { "path": "db/APK/protector_Ijiami.2.sg", "content": "// Detect It Easy: detection rule file\n\n// Author: DosX\n// E-Mail: collab@kay-software.ru\n// GitHub: https://github.com/DosX-dev\n// Telegram: @DosX_dev\n\nmeta(\"protector\", \"Ijiami\");\n\nfunction detect() {\n bDetected =\n APK.isArchiveRecordPresent(\"assets/ijiami.ajm\") ||\n APK.isArchiveRecordPresent(\"assets/ijm_lib/armeabi/libexec.so\") ||\n APK.isArchiveRecordPresent(\"assets/ijm_lib/armeabi/libexecmain.so\") ||\n APK.isArchiveRecordPresent(\"assets/ijm_lib/x86/libexec.so\") ||\n APK.isArchiveRecordPresent(\"assets/ijm_lib/x86/libexecmain.so\") ||\n APK.isArchiveRecordPresent(\"assets/ijiami.dat\") ||\n APK.isArchiveRecordPresent(\"lib/armeabi-v7a/libexec.so\") ||\n APK.isArchiveRecordPresent(\"lib/armeabi-v7a/libexecmain.so\") ||\n APK.isArchiveRecordPresent(\"lib/armeabi/libexec.so\") ||\n APK.isArchiveRecordPresent(\"lib/armeabi/libexecmain.so\") ||\n APK.isArchiveRecordPresent(\"lib/x86/libexec.so\") ||\n APK.isArchiveRecordPresent(\"lib/x86/libexecmain.so\");\n\n return result();\n}" }, { "path": "db/APK/protector_Jiagu.2.sg", "content": "// Detect It Easy: detection rule file\n\n// Author: DosX\n// E-Mail: collab@kay-software.ru\n// GitHub: https://github.com/DosX-dev\n// Telegram: @DosX_dev\n\nmeta(\"protector\", \"Jiagu\");\n\nfunction detect() {\n bDetected =\n APK.isArchiveRecordPresent(\"assets/libjiagu.so\") ||\n APK.isArchiveRecordPresent(\"assets/libjiagu_a64.so\") ||\n APK.isArchiveRecordPresent(\"assets/libjiagu_ls.so\") ||\n APK.isArchiveRecordPresent(\"assets/libjiagu_x64.so\") ||\n APK.isArchiveRecordPresent(\"assets/libjiagu_x86.so\");\n\n return result();\n}" }, { "path": "db/APK/protector_Kiro.2.sg", "content": "// Detect It Easy: detection rule file\n\n// Author: DosX\n// E-Mail: collab@kay-software.ru\n// GitHub: https://github.com/DosX-dev\n// Telegram: @DosX_dev\n\nmeta(\"protector\", \"Kiro\");\n\nfunction detect() {\n bDetected = APK.isArchiveRecordPresent(\"lib/armeabi/libkiroro.so\");\n\n return result();\n}" }, { "path": "db/APK/protector_Kiwi.2.sg", "content": "// Detect It Easy: detection rule file\n\n// Author: DosX\n// E-Mail: collab@kay-software.ru\n// GitHub: https://github.com/DosX-dev\n// Telegram: @DosX_dev\n\nmeta(\"protector\", \"KiwiSecurity\");\n\nfunction detect() {\n bDetected =\n APK.isArchiveRecordPresent(\"assets/crash\") ||\n APK.isArchiveRecordPresent(\"assets/ec_dt.lic\") ||\n APK.isArchiveRecordPresent(\"assets/kwpt.lincense\") ||\n APK.isArchiveRecordPresent(\"lib/arm/libkiwi_dumper.so\") ||\n APK.isArchiveRecordPresent(\"lib/arm/libkiwicrash.so\") ||\n APK.isArchiveRecordPresent(\"lib/arm/libKwProtectSDK.so\") ||\n APK.isArchiveRecordPresent(\"lib/arm/libkwsdataenc.so\") ||\n APK.isArchiveRecordPresent(\"lib/arm/libkadp.so\") ||\n APK.isArchiveRecordPresent(\"com/kiwisec/crash\") ||\n APK.isArchiveRecordPresent(\"com/kiwivm/security\") ||\n APK.isArchiveRecordPresent(\"com/kiwivm/security/StubApplication\");\n\n return result();\n}" }, { "path": "db/APK/protector_LIAPP.2.sg", "content": "// Detect It Easy: detection rule file\n\n// Author: DosX\n// E-Mail: collab@kay-software.ru\n// GitHub: https://github.com/DosX-dev\n// Telegram: @DosX_dev\n\nmeta(\"protector\", \"LIAPP\");\n\nfunction detect() {\n bDetected =\n APK.isArchiveRecordPresent(\"assets/LIAPPClient.sc\") ||\n APK.isArchiveRecordPresent(\"assets/LIAPPClient_x86.sc\") ||\n APK.isArchiveRecordPresent(\"assets/LIAPPEgg.sc\") ||\n APK.isArchiveRecordPresent(\"assets/LIAPPEgg_x86.sc\");\n\n return result();\n}" }, { "path": "db/APK/protector_MedusaH.2.sg", "content": "// Detect It Easy: detection rule file\n\n// Author: DosX\n// E-Mail: collab@kay-software.ru\n// GitHub: https://github.com/DosX-dev\n// Telegram: @DosX_dev\n\nmeta(\"protector\", \"MedusaH\");\n\nfunction detect() {\n bDetected = APK.isArchiveRecordPresent(\"lib/armeabi-v7a/libmd.so\");\n\n return result();\n}" }, { "path": "db/APK/protector_MobileTencentProtect.2.sg", "content": "// Detect It Easy: detection rule file\n\n// Author: DosX\n// E-Mail: collab@kay-software.ru\n// GitHub: https://github.com/DosX-dev\n// Telegram: @DosX_dev\n\nmeta(\"protector\", \"MobileTencentProtect\");\n\nfunction detect() {\n bDetected =\n APK.isArchiveRecordPresent(\"lib/armeabi-v7a/mix.dex\") ||\n APK.isArchiveRecordPresent(\"lib/armeabi/mix.dex\");\n\n return result();\n}" }, { "path": "db/APK/protector_NQShield.2.sg", "content": "// Detect It Easy: detection rule file\n\n// Author: DosX\n// E-Mail: collab@kay-software.ru\n// GitHub: https://github.com/DosX-dev\n// Telegram: @DosX_dev\n\nmeta(\"protector\", \"NQShield\");\n\nfunction detect() {\n bDetected =\n APK.isArchiveRecordPresent(\"assets/libnqshieldx86.so\") ||\n APK.isArchiveRecordPresent(\"assets/nqdata\") ||\n APK.isArchiveRecordPresent(\"lib/armeabi/libnqshield.so\");\n\n return result();\n}" }, { "path": "db/APK/protector_NagaPTProtection.2.sg", "content": "// Detect It Easy: detection rule file\n\n// Author: DosX\n// E-Mail: collab@kay-software.ru\n// GitHub: https://github.com/DosX-dev\n// Telegram: @DosX_dev\n\nmeta(\"protector\", \"NagaPTProtection\");\n\nfunction detect() {\n bDetected =\n APK.isArchiveRecordPresent(\"lib/armeabi/libddog.so\") ||\n APK.isArchiveRecordPresent(\"lib/armeabi/libfdog.so\");\n\n return result();\n}" }, { "path": "db/APK/protector_OLLVM-TTL.2.sg", "content": "// Detect It Easy: detection rule file\n\n// Author: DosX\n// E-Mail: collab@kay-software.ru\n// GitHub: https://github.com/DosX-dev\n// Telegram: @DosX_dev\n\nmeta(\"protector\", \"OLLVM-TLL\");\n\nfunction detect() {\n bDetected =\n APK.isArchiveRecordPresent(\"lib/armeabi-v7a/libmtprotect.so\") ||\n APK.isArchiveRecordPresent(\"lib/x86/libmtprotect.so\");\n\n return result();\n}" }, { "path": "db/APK/protector_Obfuscapk.2.sg", "content": "// Detect It Easy: detection rule file\n\n// Author: DosX\n// E-Mail: collab@kay-software.ru\n// GitHub: https://github.com/DosX-dev\n// Telegram: @DosX_dev\n\nmeta(\"protector\", \"Obfuscapk\");\n\nfunction detect() {\n bDetected =\n APK.isArchiveRecordPresentExp(/assets\\/lib\\.arm(eabi|64)-v[0-9a-zA-Z]{2}\\.[!-~]+\\.so/) ||\n APK.isArchiveRecordPresentExp(/assets\\/lib\\.x86(_64)?\\.[!-~]+\\.so/);\n\n return result();\n}" }, { "path": "db/APK/protector_PangXie.2.sg", "content": "// Detect It Easy: detection rule file\n\n// Author: DosX\n// E-Mail: collab@kay-software.ru\n// GitHub: https://github.com/DosX-dev\n// Telegram: @DosX_dev\n\nmeta(\"protector\", \"PangXie\");\n\nfunction detect() {\n bDetected =\n APK.isArchiveRecordPresent(\"lib/armeabi-v7a/libnsecure.so\") ||\n APK.isArchiveRecordPresent(\"lib/armeabi/libnsecure.so\");\n\n return result();\n}" }, { "path": "db/APK/protector_ProGuard.2.sg", "content": "// Detect It Easy: detection rule file\n\n// Author: DosX\n// E-Mail: collab@kay-software.ru\n// GitHub: https://github.com/DosX-dev\n// Telegram: @DosX_dev\n\nmeta(\"protector\", \"ProGuard\");\n\nfunction detect() {\n bDetected = APK.isArchiveRecordPresent(\"META-INF/proguard/androidx-annotations.pro\");\n\n return result();\n}" }, { "path": "db/APK/protector_QDBH.2.sg", "content": "// Detect It Easy: detection rule file\n\n// Author: DosX\n// E-Mail: collab@kay-software.ru\n// GitHub: https://github.com/DosX-dev\n// Telegram: @DosX_dev\n\nmeta(\"protector\", \"QDBH\");\n\nfunction detect() {\n bDetected = APK.isArchiveRecordPresent(\"assets/qdbh\");\n\n return result();\n}" }, { "path": "db/APK/protector_Qihoo360Protection.2.sg", "content": "// Detect It Easy: detection rule file\n\n// Author: DosX\n// E-Mail: collab@kay-software.ru\n// GitHub: https://github.com/DosX-dev\n// Telegram: @DosX_dev\n\nmeta(\"protector\", \"Qihoo360Protection\");\n\nfunction detect() {\n bDetected =\n APK.isArchiveRecordPresent(\"lib/armeabi-v7a/libprotectClass.so\") ||\n APK.isArchiveRecordPresent(\"lib/armeabi/libprotectClass.so\") ||\n APK.isArchiveRecordPresent(\"lib/x86/libprotectClass.so\");\n\n return result();\n}" }, { "path": "db/APK/protector_SecNeo.2.sg", "content": "// Detect It Easy: detection rule file\n\n// Author: DosX\n// E-Mail: collab@kay-software.ru\n// GitHub: https://github.com/DosX-dev\n// Telegram: @DosX_dev\n\nmeta(\"protector\", \"SecNeo\");\n\nfunction detect() {\n bDetected =\n APK.isArchiveRecordPresent(\"lib/arm64-v8a/libDexHelper-x86_64.so\") ||\n APK.isArchiveRecordPresent(\"lib/arm64-v8a/libDexHelper.so\") ||\n APK.isArchiveRecordPresent(\"lib/armeabi-v7a/libDexHelper-x86.so\") ||\n APK.isArchiveRecordPresent(\"lib/armeabi-v7a/libDexHelper.so\") ||\n APK.isArchiveRecordPresent(\"lib/armeabi/libDexHelper-x86.so\") ||\n APK.isArchiveRecordPresent(\"lib/armeabi/libDexHelper.so\") ||\n APK.isArchiveRecordPresent(\"lib/x86/libDexHelper.so\");\n\n return result();\n}" }, { "path": "db/APK/protector_SecShell.2.sg", "content": "// Detect It Easy: detection rule file\n\n// Author: DosX\n// E-Mail: collab@kay-software.ru\n// GitHub: https://github.com/DosX-dev\n// Telegram: @DosX_dev\n\nmeta(\"protector\", \"SecShell\");\n\nfunction detect() {\n bDetected =\n APK.isArchiveRecordPresent(\"assets/secData0.jar\") ||\n APK.isArchiveRecordPresent(\"lib/armeabi/libSecShell-x86.so\") ||\n APK.isArchiveRecordPresent(\"lib/armeabi/libSecShell.so\");\n\n return result();\n}" }, { "path": "db/APK/protector_TencentLegu.2.sg", "content": "// Detect It Easy: detection rule file\n\n// Author: DosX\n// E-Mail: collab@kay-software.ru\n// GitHub: https://github.com/DosX-dev\n// Telegram: @DosX_dev\n\nmeta(\"protector\", \"TencentLegu\");\n\nfunction detect() {\n bDetected =\n APK.isArchiveRecordPresent(\"assets/0OO00l111l1l\") ||\n APK.isArchiveRecordPresent(\"assets/0OO00oo01l1l\") ||\n APK.isArchiveRecordPresent(\"assets/libshellx-super.2019.so\") ||\n APK.isArchiveRecordPresent(\"assets/o0oooOO0ooOo.dat\") ||\n APK.isArchiveRecordPresent(\"lib/arm64-v8a/libshell-super.2019.so\") ||\n APK.isArchiveRecordPresent(\"lib/armeabi/libshell-super.2019.so\");\n\n return result();\n}" }, { "path": "db/APK/protector_TencentProtection.2.sg", "content": "// Detect It Easy: detection rule file\n\n// Author: DosX\n// E-Mail: collab@kay-software.ru\n// GitHub: https://github.com/DosX-dev\n// Telegram: @DosX_dev\n\nmeta(\"protector\", \"TencentProtection\");\n\nfunction detect() {\n bDetected =\n APK.isArchiveRecordPresent(\"assets/tosversion\") ||\n APK.isArchiveRecordPresent(\"tencent_stub\");\n\n return result();\n}" }, { "path": "db/APK/protector_TencentSecurity.2.sg", "content": "// Detect It Easy: detection rule file\n\n// Author: DosX\n// E-Mail: collab@kay-software.ru\n// GitHub: https://github.com/DosX-dev\n// Telegram: @DosX_dev\n\nmeta(\"protector\", \"Tencent Security\");\n\nfunction detect() {\n bDetected =\n APK.isArchiveRecordPresent(\"assets/dexMethod_00oo1l1l.dat\") ||\n APK.isArchiveRecordPresent(\"lib/arm/libshell-supervbasic.2019.so\") ||\n APK.isArchiveRecordPresent(\"lib/arm/libshell-superv.2019.so\");\n\n if (bDetected) sVersion = \"Enterprise\";\n\n return result();\n}" }, { "path": "db/APK/protector_TongfuShield.2.sg", "content": "// Detect It Easy: detection rule file\n\n// Author: DosX\n// E-Mail: collab@kay-software.ru\n// GitHub: https://github.com/DosX-dev\n// Telegram: @DosX_dev\n\nmeta(\"protector\", \"Tongfu Shield\");\n\nfunction detect() {\n bDetected =\n APK.isArchiveRecordPresent(\"assets/mode\") ||\n APK.isArchiveRecordPresent(\"assets/PK\") ||\n APK.isArchiveRecordPresent(\"assets/virtual\") ||\n APK.isArchiveRecordPresent(\"assets/libegis.a\") ||\n APK.isArchiveRecordPresent(\"lib/arm/libegis.so\") ||\n APK.isArchiveRecordPresent(\"com/payegis/FirstApplication\") ||\n APK.isArchiveRecordPresent(\"com.payegis.entry\") ||\n APK.isArchiveRecordPresent(\"egis\") ||\n APK.isArchiveRecordPresent(\"egis-x86\");\n\n return result();\n}" }, { "path": "db/APK/protector_VDog.2.sg", "content": "// Detect It Easy: detection rule file\n\n// Author: DosX\n// E-Mail: collab@kay-software.ru\n// GitHub: https://github.com/DosX-dev\n// Telegram: @DosX_dev\n\nmeta(\"protector\", \"VDog\");\n\nfunction detect() {\n bDetected =\n APK.isArchiveRecordPresent(\"assets/main000/libhdog-x86.so\") ||\n APK.isArchiveRecordPresent(\"assets/main000/libhdog.so\") ||\n APK.isArchiveRecordPresent(\"assets/main000/libvdog-x86.so\") ||\n APK.isArchiveRecordPresent(\"assets/main000/libvdog.so\");\n\n return result();\n}" }, { "path": "db/APK/protector_Virbox.2.sg", "content": "// Detect It Easy: detection rule file\n\n// Author: DosX\n// E-Mail: collab@kay-software.ru\n// GitHub: https://github.com/DosX-dev\n// Telegram: @DosX_dev\n\n// https://appsec.virbox.com/\nmeta(\"protector\", \"Virbox\");\n\nfunction detect() {\n bDetected =\n (\n APK.isArchiveRecordPresent(\"libsandhook.so\") ||\n APK.isArchiveRecordPresent(\"libsandhook-native.so\")\n ) && (\n APK.isArchiveRecordPresent(\"libv++_64.so\") ||\n APK.isArchiveRecordPresent(\"libv++.so\")\n );\n\n return result();\n}" }, { "path": "db/APK/protector_Yidun.2.sg", "content": "// Detect It Easy: detection rule file\n\n// Author: DosX\n// E-Mail: collab@kay-software.ru\n// GitHub: https://github.com/DosX-dev\n// Telegram: @DosX_dev\n\nmeta(\"protector\", \"Yidun\");\n\nfunction detect() {\n bDetected =\n APK.isArchiveRecordPresent(\"lib/arm64-v8a/libnesec.so\") ||\n APK.isArchiveRecordPresent(\"lib/armeabi-v7a/libnesec.so\") ||\n APK.isArchiveRecordPresent(\"lib/armeabi/libnesec.so\") ||\n APK.isArchiveRecordPresent(\"lib/x86/libnesec.so\");\n\n return result();\n}" }, { "path": "db/APK/protector_build38.2.sg", "content": "// Detect It Easy: detection rule file\n\n// Author: DosX\n// E-Mail: collab@kay-software.ru\n// GitHub: https://github.com/DosX-dev\n// Telegram: @DosX_dev\n\n// https://build38.com\nmeta(\"protector\", \"build38\");\n\nfunction detect() {\n bDetected = APK.isArchiveRecordPresent(\"__license.tak\") || APK.isArchiveRecordPresent(\"license.tak\");\n\n return result();\n}" }, { "path": "db/APK/protector_iCrypt.2.sg", "content": "// Detect It Easy: detection rule file\n\n// Author: DosX\n// E-Mail: collab@kay-software.ru\n// GitHub: https://github.com/DosX-dev\n// Telegram: @DosX_dev\n\nmeta(\"protector\", \"iCrypt\");\n\nfunction detect() {\n bDetected =\n APK.isArchiveRecordPresent(\"assets/af.bin\") ||\n APK.isArchiveRecordPresent(\"assets/ijiami.ajm\") ||\n APK.isArchiveRecordPresent(\"assets/ijiami.dat\") ||\n APK.isArchiveRecordPresent(\"assets/IJMDal.Data\") ||\n APK.isArchiveRecordPresent(\"assets/signed.bin\") ||\n APK.isArchiveRecordPresent(\"assets/InteGration_4.5.1.ttf\") ||\n APK.isArchiveRecordPresent(\"assets/libijmDataEncryption.so\") ||\n APK.isArchiveRecordPresent(\"assets/libijmDataEncryption_arm64.so\") ||\n APK.isArchiveRecordPresent(\"assets/libijmDataEncryption_x86.so\") ||\n APK.isArchiveRecordPresent(\"lib/arm/libijm-emulator.so\");\n\n if (bDetected) sVersion = \"Enterprise\";\n\n return result();\n}" }, { "path": "db/APK/tool_ApktoolPlus.6.sg", "content": "// Detect It Easy: detection rule file\n\n// Author: DosX\n// E-Mail: collab@kay-software.ru\n// GitHub: https://github.com/DosX-dev\n// Telegram: @DosX_dev\n\nmeta(\"tool\", \"ApktoolPlus\");\n\nfunction detect() {\n bDetected = APK.isArchiveRecordPresent(\"lib/armeabi-v7a/libapktoolplus_jiagu.so\");\n\n return result();\n}" }, { "path": "db/APK/tool_SingleJar.3.sg", "content": "// Detect It Easy: detection rule file\r\n// Author: horsicq \r\n\r\nmeta(\"tool\", \"SingleJar\");\r\n\r\nfunction detect() {\r\n\r\n bDetected = APK.getManifestRecord(\"Created-By\") == \"singlejar\";\r\n\r\n return result();\r\n}\r\n" }, { "path": "db/Amiga/AMOS_Basic.4.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\n// https://en.wikipedia.org/wiki/AMOS_(programming_language)\nmeta(\"compiler\", \"AMOS Basic\");\n\nfunction detect() {\n if (Amiga.compareEP(\"60$$49fa....397a........b07c....65..303c....3940....43ec....53..6b\")) {\n sVersion = \"1.0\";\n bDetected = true;\n } else if (Amiga.compareEP(\"243c........263c........49fa....294c....294f....48e7808078..7a..7c..2c78....0802\")) {\n bDetected = true;\n }\n\n sLang = \"BASIC\";\n\n return result();\n}" }, { "path": "db/Amiga/AMOS_Compiler_Cruncher.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"cruncher\", \"AMOS Compiler Cruncher\");\n\nfunction detect() {\n if (Amiga.compareEP(\"60$$49fa....294c....2c78....294f....48e7808070..103a....b03c....64\")) {\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/Amiga/Absoft_AC_Basic.4.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"compiler\", \"Absoft AC/BASIC\");\n\nfunction detect() {\n if (Amiga.compareEP(\"6000$$$$48e780802c78....78..43fa....61..6700....2f002a0043fa\")) {\n bDetected = true;\n }\n\n sLang = \"BASIC\";\n\n return result();\n}" }, { "path": "db/Amiga/Absoft_Fortran.4.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"compiler\", \"Absoft Fortran\");\n\nfunction detect() {\n if (Amiga.compareEP(\"43fa....2449d3fc........d5fc........223c........243c........2f0226482a002449203c\")) {\n sVersion = \"2.3\";\n bDetected = true;\n }\n\n sLang = \"FORTRAN\";\n\n return result();\n}" }, { "path": "db/Amiga/Amiga_E.4.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"compiler\", \"Amiga E\");\n\nfunction detect() {\n if (Amiga.compareEP(\"23cf........6100$$$$23c0........23c8........2c78....43fa....70..4eae....23c0\")) {\n sOptions = \"type 1\";\n bDetected = true;\n } else if (Amiga.compareEP(\"23cf........6100$$$$33fc............23c0........23c8........2c78....33ee............43f9\")) {\n sOptions = \"type 2\";\n bDetected = true;\n } else if (Amiga.compareEP(\"2c78....2a482e00203c........223c........24004eae....4a8066\")) {\n sOptions = \"type 3\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/Amiga/Amiga_font.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"font\", \"Amiga font\");\n\nfunction detect() {\n if (Amiga.compareEP(\"70..4e75............................0f80\")) {\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/Amiga/Aztec_C.4.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"compiler\", \"Aztec C\");\n\nfunction detect() {\n if (Amiga.compareEP(\"4ef9########2a4f61..43ec....45ec....b5c966..323c....6b..74..22c251c9\")) {\n sVersion = \"5.0a\";\n sOptions = \"type 1\";\n bDetected = true;\n } else if (Amiga.compareEP(\"4ef9########61..43ec....45ec....b5c966..323c....6b..74..22c251c9\")) {\n sVersion = \"5.0d-5.2a\";\n sOptions = \"type 1\";\n bDetected = true;\n } else if (Amiga.compareEP(\"4efa$$$$61..43ec....45ec....b5c966..323c....6b..74..22c251c9\")) {\n sVersion = \"5.0d-5.2a\";\n sOptions = \"type 2\";\n bDetected = true;\n } else if (Amiga.compareEP(\"4efa$$$$2a4f61..43ec....45ec....b5c966..323c....6b..74..22c251c9\")) {\n sVersion = \"5.0a\";\n sOptions = \"type 2\";\n bDetected = true;\n } else if (Amiga.compareEP(\"4efa$$$$43f9........2851d9ccd9ccd9fc........43ec....45ec....b5c966..323c....6b\")) {\n sOptions = \"type 1\";\n bDetected = true;\n } else if (Amiga.compareEP(\"4efa$$$$61..43f9........45f9........b5c966..323c....6b..74..22c251c9\")) {\n sOptions = \"type 2\";\n bDetected = true;\n } else if (Amiga.compareEP(\"4efa$$$$2a4f61..43f9........45f9........b5c966..323c....6b..74..22c251c9\")) {\n sOptions = \"type 3\";\n bDetected = true;\n }\n\n sLang = \"C\";\n\n return result();\n}\n" }, { "path": "db/Amiga/BHC3_Relocatable.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"cruncher\", \"BHC3 Relocatable\");\n\nfunction detect() {\n if (Amiga.compareEP(\"41fa....2028....0680........223c........2c78....4eae....2240\")) {\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/Amiga/BPack_SFX.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"sfx\", \"BPack SFX\");\n\nfunction detect() {\n if (Amiga.compareEP(\"6000$$$$3a002a486100....6100....6100....6100....41fa....217c\")) {\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/Amiga/Blitz_BASIC.4.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"compiler\", \"Blitz BASIC\");\n\nfunction detect() {\n if (Amiga.compareEP(\"4eb9........60$$207c........227c........4eb9........2c7c........23ce\")) {\n bDetected = true;\n }\n\n sLang = \"BASIC\";\n\n return result();\n}" }, { "path": "db/Amiga/ByteKiller_Clone.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"cruncher\", \"ByteKiller Clone\");\n\nfunction detect() {\n if (Amiga.compareEP(\"61$$41f9........43f9........24609bcdd5c920204bed....72..61\")) {\n sName += \" 8\";\n bDetected = true;\n } else if (Amiga.compareEP(\"6100................41f9........43f9........2460d5c9202072..61\")) {\n sName += \" 9\";\n bDetected = true;\n } else if (Amiga.compareEP(\"61$$41f9........43f9........2460d5c9202072..61..4a0267..0c42\")) {\n sName += \" A\";\n bDetected = true;\n } else if (Amiga.compareEP(\"41fa....d1fa....227c........2460d5c94aa0202013f9................72\")) {\n sName += \" FLT\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/Amiga/Chryseis_Cruncher.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"cruncher\", \"Chryseis Cruncher\");\n\nfunction detect() {\n if (Amiga.compareEP(\"6000$$$$2f0841fa....208f205f4eba....2e7a....58..4e75\")) {\n sVersion = \"0.9\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/Amiga/Crunch_Master.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"cruncher\", \"Crunch Master\");\n\nfunction detect() {\n if (Amiga.compareEP(\"428445fa....41fa....49fa....d1d291fc........43f9........0484\")) {\n sVersion = \"1.0\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/Amiga/DICE_C.4.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\n// https://aminet.net/package/dev/c/dice-3.16\nmeta(\"compiler\", \"DICE C\");\n\nfunction detect() {\n if (Amiga.compareEP(\"48e73f3e2c79........244f2f082f00303c\")) {\n bDetected = true;\n }\n\n sLang = \"C\";\n\n return result();\n}" }, { "path": "db/Amiga/DMS_FMS-Masher.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"sfx\", \"DMS/FMS-Masher by ParCon Software\");\n\nfunction detect() {\n if (Amiga.compareEP(\"6000$$$$48e77efe2448240049fa....47fa....303c....421b51c8....47f9\")) {\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/Amiga/Deluxe_Cruncher.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"cruncher\", \"Deluxe Cruncher\");\n\nfunction detect() {\n if (Amiga.compareEP(\"47fa....41fa....247c........227c........0c10....6700\")) {\n sVersion = \"1.0-2.0\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/Amiga/Free_Pascal.4.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"compiler\", \"Free Pascal\");\n\nfunction detect() {\n if (Amiga.compareEP(\"23cf........23c8........6700$$$$4eb9........2e79........4e75\")) {\n sVersion = \"0.99\";\n bDetected = true;\n } else if (Amiga.compareEP(\"4e55....48ed........23f8............95ca2c79........93c94eae....2040\")) {\n sVersion = \"1.0.12\";\n bDetected = true;\n }\n\n sLang = \"Pascal\";\n\n return result();\n}" }, { "path": "db/Amiga/GNU_C.4.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"compiler\", \"GNU C\");\n\nfunction detect() {\n if (Amiga.compareEP(\"6000$$$$48e73c2228082600428249f9........240c2c78....43fa....70..4eae....2c40\")) {\n sVersion = \"3.3.3-3.4.0\";\n sOptions = \"type 1\";\n bDetected = true;\n } else if (Amiga.compareEP(\"6000$$$$48e72022244824002c78....43f9........70..4eae....4a8067..23c0........23c0\")) {\n sVersion = \"3.3.3-3.4.0\";\n sOptions = \"type 2\";\n bDetected = true;\n } else if (Amiga.compareEP(\"6000$$$$48e7382228082600428249f9........240c2c78....43fa....70..4eae....2c40\")) {\n sVersion = \"2.95.3\";\n bDetected = true;\n } else if (Amiga.compareEP(\"6000$$$$48e72022240824402c78....43f9........70..4eae....4a8067..23c0........2f39\")) {\n sVersion = \"2.95.2\";\n bDetected = true;\n } else if (Amiga.compareEP(\"6000$$$$4e55fffc48e73c3a28082a000c85........57c04880340048c2448295ca\")) {\n sVersion = \"2.90.xx\";\n bDetected = true;\n } else if (Amiga.compareEP(\"6000$$$$4e55fffc48e73c3a24482a000c85........57c04880340048c24482\")) {\n sVersion = \"2.7.2.1\";\n sOptions = \"type 1\";\n bDetected = true;\n } else if (Amiga.compareEP(\"23c8........23c0........23cf........2c78....23ce........93c94eae....26404aab....6600\")) {\n sVersion = \"2.7.2.1\";\n sOptions = \"type 2\";\n bDetected = true;\n } else if (Amiga.compareEP(\"6000$$$$48e730222408244023cf........2c78....43f9........70..4eae....204023c8\")) {\n sVersion = \"2.7.0\";\n bDetected = true;\n } else if (Amiga.compareEP(\"6000$$$$4e55....48e73f322c082b40....0c80........57c01400\")) {\n sOptions = \"type 1\";\n bDetected = true;\n } else if (Amiga.compareEP(\"6000$$$$4e55....48e73f322c082e000c87........57c01400\")) {\n sOptions = \"type 2\";\n bDetected = true;\n }\n\n sLang = \"C\";\n\n return result();\n}" }, { "path": "db/Amiga/HQC_Cruncher.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"cruncher\", \"HQC Cruncher\");\n\nfunction detect() {\n if (Amiga.compareEP(\"2c79........4eae....43fa....4eae....4a806700\")) {\n sOptions = \"by High Quality Crackings\";\n sVersion = \"2.0\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/Amiga/HiSoft_Basic.4.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\n// https://en.wikipedia.org/wiki/HiSoft_Systems\nmeta(\"compiler\", \"HiSoft BASIC\");\n\nfunction detect() {\n if (Amiga.compareEP(\"267c........6000$$$$7a..383c....263c........3e3c....243c\")) {\n sOptions = \"1988-94\";\n bDetected = true;\n } else if (Amiga.compareEP(\"267c........6000$$$$7a..383c....363c....3e3c....343c\")) {\n bDetected = true;\n sOptions = \"1988\";\n }\n\n sLang = \"BASIC\";\n\n return result();\n}" }, { "path": "db/Amiga/High_Pressure_Cruncher.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"cruncher\", \"High Pressure Cruncher\");\n\nfunction detect() {\n if (Amiga.compareEP(\"6100$$$$41fa....d1fc........227c........2460d5c92a202020b185\")) {\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/Amiga/Jan_Heweliusz_Cruncher.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"cruncher\", \"Jan Heweliusz Cruncher\");\n\nfunction detect() {\n if (Amiga.compareEP(\"6000$$$$48e7fff643fa....70..2c79........4eae....2a406700\")) {\n sVersion = \"1.1\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/Amiga/Lattice_C.4.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\n// https://en.wikipedia.org/wiki/Lattice_C\nmeta(\"compiler\", \"Lattice C (SAS C)\");\n\nfunction detect() {\n if (Amiga.compareEP(\"48e77efe2448240049f9........2c78....2f0248e7....266e....222b....67\")) {\n sVersion = \"5.10\";\n bDetected = true;\n } else if (Amiga.compareEP(\"48e77efe2448240049f9........2c78....47f9........72..203c\")) {\n sVersion = \"5.04\";\n bDetected = true;\n } else if (Amiga.compareEP(\"2448240049f9........47f9........72..203c........60..26c151c8....2c78\")) {\n sVersion = \"5.02\";\n bDetected = true;\n } else if (Amiga.compareEP(\"48e77efe4bef....2448240049f9........2c78....294e....294f....42ac\")) {\n sVersion = \"4.0\";\n bDetected = true;\n } else if (Amiga.compareEP(\"48e77efe4bef....2448240049f9........47f9........72..203c\")) {\n sVersion = \"1.0\";\n bDetected = true;\n }\n\n sLang = \"C\";\n\n return result();\n}" }, { "path": "db/Amiga/LhPak_SFX.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"sfx\", \"LhPak SFX\");\n\nfunction detect() {\n if (Amiga.compareEP(\"60$$2c79........246e....4aaa....6600....41ea....4eae....41ea....4eae\")) {\n sVersion = \"1.3\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/Amiga/Master_Cruncher.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"cruncher\", \"Master Cruncher\");\n\nfunction detect() {\n if (Amiga.compareEP(\"48e7fffe4bfa....41fa....2250d3c9d3c9245158..2b49....d5cad5ca58\")) {\n sVersion = \"3.0-3.1\";\n bDetected = true;\n } else if (Amiga.compareEP(\"........4bfa....41fa....2250d3c9d3c958..2b49....2b7c\")) {\n sVersion = \"3.0-3.1\";\n sOptions = \"Address\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/Amiga/Maxon_C++.4.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"compiler\", \"Maxon C++\");\n\nfunction detect() {\n if (Amiga.compareEP(\"48e780804eb9........4eb9........70..4eb9\")) {\n bDetected = true;\n }\n\n sLang = \"C++\";\n\n return result();\n}" }, { "path": "db/Amiga/RexxMasher_(jrms).1.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"cruncher\", \"RexxMasher (jrms) by Joerg Riemer\");\n\nfunction detect() {\n if (Amiga.compareEP(\"48e7fffe60$$4230....284870..43fa....2c78\")) {\n bDetected = true;\n } else if (Amiga.compareEP(\"6000$$$$4a80....53..67..11bc........43fa....228893c9\")) {\n sVersion = \"1.5-1.6\";\n bDetected = true;\n } else if (Amiga.compareEP(\"6000$$$$48e7808043fa....d3fc........228f4bfa....dbfc\")) {\n sVersion = \"1.3\";\n bDetected = true;\n } else if (Amiga.compareEP(\"6100$$$$48e7808033fc............41fa....6100....203a\")) {\n sVersion = \"1.0\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/Amiga/Sound-Tracker_Cruncher.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"cruncher\", \"Sound-Tracker Cruncher\");\n\nfunction detect() {\n if (Amiga.compareEP(\"61$$4bfa....2c78....203a....90ba....0680........2b40....43fa....d3e9\")) {\n sVersion = \"1.0\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/Amiga/Storm_C.4.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\n// https://www.alinea-computer.de/produkte_details_en.php?product=stormc\nmeta(\"compiler\", \"Storm C\");\n\nfunction detect() {\n if (Amiga.compareEP(\"2c78....23ce........23cf........226e....4aa9....6600....41e9....2f084eae\")) {\n sVersion = \"3.0\";\n bDetected = true;\n }\n\n sLang = \"C\";\n\n return result();\n}" }, { "path": "db/Amiga/TNM_Cruncher.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"cruncher\", \"TNM Cruncher\");\n\nfunction detect() {\n if (Amiga.compareEP(\"61$$48e7fffe2c78....4bfa....41fa....2050d1c8d1c82250\")) {\n sVersion = \"1.1\";\n sOptions = \"type 1\";\n bDetected = true;\n } else if (Amiga.compareEP(\"2c78....61$$48e7fffe4bfa....41fa....2050d1c8d1c82250\")) {\n sVersion = \"1.1\";\n sOptions = \"type 2\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/Amiga/TSK_Cruncher.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"cruncher\", \"TSK Cruncher\");\n\nfunction detect() {\n if (Amiga.compareEP(\"48e7fffe4bf9........204d23ed............d1ed....52..225552..dbfc\")) {\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/Amiga/Time_Cruncher.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"cruncher\", \"Time Cruncher\");\n\nfunction detect() {\n if (Amiga.compareEP(\"41fa....d1fc........43f9........2460d5c9202072..6100\")) {\n sVersion = \"1.7-2.2\";\n bDetected = true;\n } else if (Amiga.compareEP(\"48e7fffe2c79........43fa....4eae....2c404eae....2200243c\")) {\n sVersion = \"4.2\";\n sOptions = \"by RAZOR and NETWORK's\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/Amiga/Titanics_Cruncher.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"cruncher\", \"Titanics Cruncher\");\n\nfunction detect() {\n if (Amiga.compareEP(\"6000$$$$48e7fff643fa....70..2c78....4e\")) {\n sVersion = \"1.1\";\n bDetected = true;\n } else if (Amiga.compareEP(\"6000$$$$48e7fff693c92c78....4eae....28404aac....66..41ec....43fa....2288\")) {\n sVersion = \"1.2\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/Amiga/Turtle_Smasher.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"cruncher\", \"Turtle Smasher\");\n\nfunction detect() {\n if (Amiga.compareEP(\"41fa....225845fa....24982449d5d8d1d041e8....201072..6100\")) {\n sVersion = \"1.3-1.41\";\n bDetected = true;\n } else if (Amiga.compareEP(\"43fa....2459204a323c....429851c9....204a45ea....214a....217c\")) {\n sVersion = \"2.00\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/Amiga/Ultimate_Packer.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"cruncher\", \"Ultimate Packer\");\n\nfunction detect() {\n if (Amiga.compareEP(\"6000$$$$598f48e7fffe41fa....20af....41fa....2f48....2c78....203c\")) {\n sVersion = \"1.1\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/Amiga/_Amiga.0.sg", "content": "// Detect It Easy: detection rule file\r\n// Author: horsicq \r\n\r\nmeta(\"operation system\", \"AmigaOS\");\r\n\r\nfunction detect() {\r\n if (Amiga.isVerbose()) {\r\n sName = Amiga.getOperationSystemName();\r\n sVersion = Amiga.getOperationSystemVersion();\r\n sOptions = Amiga.getOperationSystemOptions();\r\n\r\n bDetected = true;\r\n }\r\n\r\n return result();\r\n}\r\n" }, { "path": "db/Amiga/_init", "content": "// Detect It Easy: DiE-JS framework file\r\n// Don't change anything unless you're sure about what you're doing\r\n\r\nvar File = Amiga;\r\nvar X = Amiga;" }, { "path": "db/Amiga/compiler_ABasic.4.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"compiler\", \"ABasiC by MetaComCo\");\n\nfunction detect() {\n if (Amiga.compareEP(\"23cf........23c0........23c8........42b9........2c79........23ce........93c94eae....28404aac\")) {\n sOptions = \"1985 type 1\";\n bDetected = true;\n } else if (Amiga.compareEP(\"23cf........23c0........23c8........42b9........42b9........2c79........23ce........93c94eae....28404aac\")) {\n sOptions = \"1985 type 2\";\n bDetected = true;\n } else if (Amiga.compareEP(\"48e77ffe43fa....22b9........43fa....228843fa....22802c7a....93c9\")) {\n bDetected = true;\n }\n\n sLang = \"BASIC\";\n\n return result();\n}" }, { "path": "db/Amiga/compiler_AmigaBasic.4.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"compiler\", \"AmigaBasic\");\n\nfunction detect() {\n if (Amiga.compareEP(\"23c0........23c8........200f48e77efe2a402c79........23ce........23cf\")) {\n bDetected = true;\n }\n\n sLang = \"BASIC\";\n\n return result();\n}" }, { "path": "db/Amiga/compiler_GFA-Basic.4.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"compiler\", \"GFA-Basic\");\n\n//temp. detects\nfunction detect() {\n if (Amiga.compareEP(\"4eb9........203c........4eac....45f9........4eac....4eb9........6100....4eb9\")) {\n sOptions = \"type 1\";\n bDetected = true;\n } else if (Amiga.compareEP(\"4eb9........7a..383c....363c....70..74..72..7c..6100....383c....363c....70\")) {\n sOptions = \"type 2\";\n bDetected = true;\n } else if (Amiga.compareEP(\"4eb9........203c........6100....4eb9........4e966100....4e964eb9........4e96203c\")) {\n sOptions = \"type 3\";\n bDetected = true;\n } else if (Amiga.compareEP(\"4eb9........4eac....4eb9........4e9651ed....4e9645f9........6100....4e96426d\")) {\n sOptions = \"type 4\";\n bDetected = true;\n } else if (Amiga.compareEP(\"4eb9........203c........4eac....45f9........70..41ed....6100....70..2b40....4eb9\")) {\n sOptions = \"type 5\";\n bDetected = true;\n } else if (Amiga.compareEP(\"4eb9........4eb9........0cad............6f..45f9........70..4eac....4eac....67\")) {\n sOptions = \"type 6\";\n bDetected = true;\n } else if (Amiga.compareEP(\"4eb9........50ed....70..4a2d....67..70..52..6600....70..4eac....2b40....202d\")) {\n sOptions = \"type 7\";\n bDetected = true;\n } else if (Amiga.compareEP(\"4eb9........2a3c........283c........263c........203c........74..72..7c..4eac\")) {\n sOptions = \"type 8\";\n bDetected = true;\n } else if (Amiga.compareEP(\"4eb9........41ed....4eac....41ed....20104eac....2b40....226d....70..4eac\")) {\n sOptions = \"type 9\";\n bDetected = true;\n } else if (Amiga.compareEP(\"4eb9........203c........6100....70..223c........6100....2b40....202d....66\")) {\n sOptions = \"type 10\";\n bDetected = true;\n } else if (Amiga.compareEP(\"4eb9........45f9........200a2b40....4eac....3f0041ed....2f08206d....4e90\")) {\n sOptions = \"type 11\";\n bDetected = true;\n } else if (Amiga.compareEP(\"4eb9........4eb9........4eb9........4eac....426d....203c........72..343c\")) {\n sOptions = \"type 12\";\n bDetected = true;\n }\n\n sLang = \"BASIC\";\n\n return result();\n}" }, { "path": "db/Amiga/compiler_JForth.4.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\n// http://www.jforth.org\nmeta(\"compiler\", \"JForth\");\n\nfunction detect() {\n if (Amiga.compareEP(\"2238....43fa....228143fa....228143fa....228f283a....2f082f0041fa\")) {\n sVersion = \"3.1\";\n bDetected = true;\n } else if (Amiga.compareEP(\"49fa....264cd7fc........2c4f9dfc........91cc2d082e006100....2d07\")) {\n sVersion = \"3.0\";\n bDetected = true;\n } else if (Amiga.compareEP(\"49fa....264cd7fc........2c4f9dfc........91cc2d082e004eac....2d07\")) {\n sVersion = \"2.0\";\n bDetected = true;\n } else if (Amiga.compareEP(\"49fa....264cd7fc........2c4f9dfc........91cc2d082e006100\")) {\n sVersion = \"2.x-3.x\";\n bDetected = true;\n } else if (Amiga.compareEP(\"2238....43fa....228143fa....228143fa....228f283a....d8ba....2f082f00\")) {\n sVersion = \"1.2\";\n bDetected = true;\n }\n\n sLang = \"Forth\";\n\n return result();\n}" }, { "path": "db/Amiga/compiler_Multi-Forth.4.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"compiler\", \"Multi-Forth\");\n\nfunction detect() {\n if (Amiga.compareEP(\"6000$$$$43fa....22b9........49fa....294c....294c....294f....42672948....2940....41fa\")) {\n sOptions = \"type 1\";\n bDetected = true;\n } else if (Amiga.compareEP(\"6000$$$$43fa....22b9........49fa....294f....42672948....2940....41fa....2948\")) {\n sOptions = \"type 2\";\n bDetected = true;\n }\n\n sLang = \"Forth\";\n\n return result();\n}" }, { "path": "db/Amiga/compiler_Oberon-A.4.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"compiler\", \"Oberon-A\");\n\nfunction detect() {\n if (Amiga.compareEP(\"2c4f4eb9........6100....42b9........4ef9........70..4eb9........70..6000\")) {\n sOptions = \"type 1\";\n bDetected = true;\n } else if (Amiga.compareEP(\"48e7f0c0203c........52..e5..260072..48412c78....4eae\")) {\n sOptions = \"type 2\";\n bDetected = true;\n } else if (Amiga.compareEP(\"49f9........487a....72..6100$$$$4a2c....6600....50ec\")) {\n sOptions = \"type 3\";\n bDetected = true;\n } else if (Amiga.compareEP(\"487a....72..4eb9........4a0166..6100....70..91\")) {\n sOptions = \"type 4\";\n bDetected = true;\n }\n\n sLang = \"Oberon\";\n\n return result();\n}" }, { "path": "db/Amiga/compiler_PureBasic.4.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"compiler\", \"PureBasic\");\n\nfunction detect() {\n if (Amiga.compareEP(\"48e7fffe203c........6100....2840294e....43fa....70..4eae\")) {\n sOptions = \"type 1\";\n bDetected = true;\n } else if (Amiga.compareEP(\"48e7fffe70..6100$$$$223c........2c78....4eee....2c78....4eee\")) {\n sOptions = \"type 2\";\n bDetected = true;\n }\n\n sLang = \"BASIC\";\n\n return result();\n}" }, { "path": "db/Amiga/compiler_VBCC.4.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\n// https://en.wikipedia.org/wiki/Vbcc\nmeta(\"compiler\", \"VBCC\");\n\nfunction detect() {\n if (Amiga.compareEP(\"60..'VBCC '\") && Amiga.compareEP(\"60$$2400244849f90000....294f....2c78....294e\")) {\n sVersion = Amiga.getString(Amiga.getEntryPointOffset() + 7, 3);\n bDetected = true;\n }\n\n sLang = \"C\";\n\n return result();\n}" }, { "path": "db/Amiga/cruncher_AddressHead.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"cruncher\", \"AddressHead\");\n\nfunction detect() {\n if (Amiga.compareEP(\"41fa....20080680........43fa....2340....43f9........203c\")) {\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/Amiga/cruncher_ByteKiller.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\n// http://janeway.exotica.org.uk/release.php?id=66243\nmeta(\"cruncher\", \"ByteKiller\");\n\nfunction detect() {\n if (Amiga.compareEP(\"41fa....43f9........201822182a182449d1c0d5c12020b185\")) {\n sVersion = \"1.2-1.3\";\n bDetected = true;\n } else if (Amiga.compareEP(\"48e7fffe............41fa....43f9........201822182a182449d1c0d5c12020b185\")) {\n sVersion = \"2.0\";\n bDetected = true;\n } else if (Amiga.compareEP(\"48e7fffe41fa....43f9........4df9........20182218d1c020102449d5c17a\")) {\n sVersion = \"3.0\";\n sOptions = \"type 1\"\n bDetected = true;\n } else if (Amiga.compareEP(\"48e7fffe41fa....d1fc........4ed0\")) {\n sVersion = \"3.0\";\n sOptions = \"type 2\"\n bDetected = true;\n } else if (Amiga.compareEP(\"48e7fffe1c3c....4bf9........41fa....2c78\")) {\n sName += \" Pro\";\n sVersion = \"1.0\";\n bDetected = true;\n } else if (Amiga.compareEP(\"48e7fffe1c3c....4bf9........13fc............4e714e7150f9........303c\")) {\n sName += \" Pro\";\n sVersion = \"1.0\";\n sOptions = \"Killer\"\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/Amiga/cruncher_CopyCat.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"cruncher\", \"CopyCat\");\n\nfunction detect() {\n if (Amiga.compareEP(\"487a....48e7fffe61$$2c78....43fa....70..4eae....41fa....43fa....2280\")) {\n sVersion = \"1.01\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/Amiga/cruncher_Cranker.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"cruncher\", \"Cranker\");\n\nfunction detect() {\n if (Amiga.compareEP(\"6000$$$$48e780929efc....303c....426751c8....2a4f2c78....227a\")) {\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/Amiga/cruncher_Crunch-Mania.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"cruncher\", \"Crunch-Mania by Thomas Schwarz\");\n\nfunction detect() {\n if (Amiga.compareEP(\"48e7ffff43fa....2c78....4eae....2c40\")) {\n sVersion = \"1.8t-1.91\";\n sOptions = \"Library/Huffman\";\n bDetected = true;\n } else if (Amiga.compareEP(\"48e7ff..3c3c....49fa....4e..4e..4e\")) {\n sVersion = \"1.8t-1.91\";\n sOptions = \"Huffman (type 1)\";\n bDetected = true;\n } else if (Amiga.compareEP(\"49fa....7c..4e944e914e942449\")) {\n sVersion = \"1.8t-1.91\";\n sOptions = \"Huffman (type 2)\";\n bDetected = true;\n } else if (Amiga.compareEP(\"48e7ffff7c..49fa....4e94....4e\")) {\n sVersion = \"1.8t-1.91\";\n sOptions = \"Huffman (type 3)\";\n bDetected = true;\n } else if (Amiga.compareEP(\"7c..49fa....4e944e914e942449\")) {\n sVersion = \"1.8t-1.91\";\n sOptions = \"Huffman (type 4)\";\n bDetected = true;\n } else if (Amiga.compareEP(\"4e7148e7ffff3c3c....49fa....4e944e914e942449\")) {\n sVersion = \"1.8t-1.91\";\n sOptions = \"Huffman (type 5)\";\n bDetected = true;\n } else if (Amiga.compareEP(\"48e7fffe45fa....43f9........221a241a47ea\")) {\n sVersion = \"1.9t-1.91\";\n sOptions = \"Address/Huffman\";\n bDetected = true;\n } else if (Amiga.compareEP(\"48e77fff33fc............33fc............33fc............33fc............45fa....49f9........204c\")) {\n sVersion = \"1.9t-1.91\";\n sOptions = \"Address/Pro\";\n bDetected = true;\n } else if (Amiga.compareEP(\"4ff9........48e7fffe4bf9........1abc....1abc....1abc\")) {\n sVersion = \"1.9t\";\n sOptions = \"Address/Pro/Huffman\";\n bDetected = true;\n } else if (Amiga.compareEP(\"48e77fff45fa....43f9........221a241a47ea....b7c96f\")) {\n sVersion = \"1.4-1.91\";\n sOptions = \"Address\";\n bDetected = true;\n } else if (Amiga.compareEP(\"48e7ffff45fa....221a241a224a287a....d9ccd9cc\")) {\n sVersion = \"1.4-1.91\";\n sOptions = \"Simple\";\n bDetected = true;\n } else if (Amiga.compareEP(\"........3c3c....49fa....4e944e914e94244952\")) {\n sVersion = \"1.4-1.91\";\n sOptions = \"type 1\";\n bDetected = true;\n } else if (Amiga.compareEP(\"48e7fffe41fa....d1fc........4ed04e94244952\")) {\n sVersion = \"1.4-1.91\";\n sOptions = \"type 2\";\n bDetected = true;\n } else if (Amiga.compareEP(\"48e7ffff7c..4e7149fa....4e944e914e94244952\")) {\n sVersion = \"1.4-1.91\";\n sOptions = \"type 3\";\n bDetected = true;\n } else if (Amiga.compareEP(\"4ff9........48e77fff45fa....49f9........204c47fa....7e..28db\")) {\n sVersion = \"1.4-1.8t\";\n sOptions = \"Address/Pro\";\n bDetected = true;\n } else if (Amiga.compareEP(\"48e7ffff43fa....2c78....4eba....2c40200e67..4eae\")) {\n sOptions = \"type 1\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/Amiga/cruncher_Crunch-O-Matic.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"cruncher\", \"Crunch-O-Matic\");\n\nfunction detect() {\n if (Amiga.compareEP(\"48e7fffe267a....d7cbd7cb588b2c78....224b\")) {\n sVersion = \"1.0\";\n sOptions = \"Execute\";\n bDetected = true;\n } else if (Amiga.compareEP(\"287a....d9ccd9cc5c..20140680........41fa....2080\")) {\n sVersion = \"1.0\";\n sOptions = \"Picture\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/Amiga/cruncher_Crunch.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"cruncher\", \"Crunch\");\n\nfunction detect() {\n if (Amiga.compareEP(\"48e7ffff4bfa....4dfa....70..4e962f4c\")) {\n sVersion = \"1.3-1.4b\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/Amiga/cruncher_CrunchyDat.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"cruncher\", \"CrunchyDat\");\n\nfunction detect() {\n if (Amiga.compareEP(\"60$$487a....48e7fffe487a....203c........72\")) {\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/Amiga/cruncher_Defjam.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"cruncher\", \"Defjam\");\n\nfunction detect() {\n if (Amiga.compareEP(\"..f9........7e..303c....3d40....3d40\")) {\n sVersion = \"3.2-3.6 Pro\";\n sOptions = \"type 1\";\n bDetected = true;\n } else if (Amiga.compareEP(\"..f9........7e..303c....4e714e713d40....4e714e71\")) {\n sVersion = \"3.2-3.6 Pro\";\n sOptions = \"type 2\";\n bDetected = true;\n } else if (Amiga.compareEP(\"48e7fffe41fa....d1fc........4ed03d40....3d40....3d40\")) {\n sVersion = \"3.2-3.6 Pro\";\n sOptions = \"type 3\";\n bDetected = true;\n } else if (Amiga.compareEP(\"....43fa....4bf9........287a....204c\")) {\n sVersion = \"3.6\";\n sOptions = \"type 1\";\n bDetected = true;\n } else if (Amiga.compareEP(\"....3e3c....43fa....4bf9........287a....204c\")) {\n sVersion = \"3.6\";\n sOptions = \"type 2\";\n bDetected = true;\n } else if (Amiga.compareEP(\"............43fa....4bf9........287a....204c\")) {\n sVersion = \"3.6\";\n sOptions = \"type 3\";\n bDetected = true;\n } else if (Amiga.compareEP(\"21fc............4df9........7e..303c....3d40....3d40....3d40\")) {\n sOptions = \"type 1\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/Amiga/cruncher_DoubleAction.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"cruncher\", \"DoubleAction\");\n\nfunction detect() {\n if (Amiga.compareEP(\"47f9........4e714e714e714e714e714e7143f9........4e714e714e714e714e714e71\")) {\n sVersion = \"1.0\";\n sOptions = \"type 1\";\n bDetected = true;\n } else if (Amiga.compareEP(\"47f9........377c........377c........43f9........12bc....12bc....12bc\")) {\n sVersion = \"1.0\";\n sOptions = \"type 2\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/Amiga/cruncher_DragPack.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"cruncher\", \"DragPack\");\n\nfunction detect() {\n if (Amiga.compareEP(\"48e7fffe41f9........43f9........20182218\")) {\n sVersion = \"1.0\";\n bDetected = true;\n } else if (Amiga.compareEP(\"487a....48e7fffe49fa....28fc........41fa....24482248\")) {\n sVersion = \"2.52\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/Amiga/cruncher_FileShield.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"cruncher\", \"FileShield\");\n\nfunction detect() {\n if (Amiga.compareEP(\"4879000000004e754e7500000000\")) {\n sVersion = \"1.x\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/Amiga/cruncher_FlashSpeed.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"cruncher\", \"FlashSpeed\");\n\nfunction detect() {\n if (Amiga.compareEP(\"48e7c0e041fa....43f9........264970..72..12d00c18....66\")) {\n sVersion = \"1.0\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/Amiga/cruncher_GnuPacker.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"cruncher\", \"GnuPacker\");\n\nfunction detect() {\n if (Amiga.compareEP(\"48e7fffe4bfa....4dfa....206d....2248d3ed....30deb1c9\")) {\n sVersion = \"1.1-1.2\";\n sOptions = \"One Segment\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/Amiga/cruncher_House.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"cruncher\", \"House (RSI Packer)\");\n\nfunction detect() {\n if (Amiga.compareEP(\"................................13fc............41fa....43f9........47fa....49f9\")) {\n sVersion = \"1.4\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/Amiga/cruncher_ISC.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"cruncher\", \"ISC\");\n\nfunction detect() {\n if (Amiga.compareEP(\"47fa....d7d3247c........60$$33fc............33fc............41f9\")) {\n sVersion = \"1.5\";\n sOptions = \"Pass 3. Bitstream Pass (Huffman-Algorythm) (type 1)\";\n bDetected = true;\n } else if (Amiga.compareEP(\"47fa....d7d3247c........4cdf000e200f4ff9........48e7\")) {\n sVersion = \"1.5\";\n sOptions = \"Pass 3. Bitstream Pass (Huffman-Algorythm) (type 2)\";\n bDetected = true;\n } else if (Amiga.compareEP(\"247c........4cdf000e200f4ff9........48e7f0004879\")) {\n sVersion = \"1.5\";\n sOptions = \"Pass 1. Normal Compressor type 1\";\n bDetected = true;\n } else if (Amiga.compareEP(\"247c........60$$41fa....227c........287c........47fa\")) {\n sVersion = \"1.5\";\n sOptions = \"Pass 1. Normal Compressor type 2\";\n bDetected = true;\n } else if (Amiga.compareEP(\"247c........60$$41fa....287c........47fa....323c....28db\")) {\n sVersion = \"1.5\";\n sOptions = \"Pass 2. Comparing Compressor\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/Amiga/cruncher_Imploder.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"cruncher\", \"Imploder\");\n\nfunction detect() {\n if (Amiga.compareEP(\"48e7ffff49fa....3c3c....4e944e913c3c\")) {\n sVersion = \"1.0\";\n sOptions = \"Protected\";\n bDetected = true;\n } else if (Amiga.compareEP(\"48e7ffff49fa....3c3c....61..4e913c3c\")) {\n sVersion = \"1.0-3.1\";\n bDetected = true;\n } else if (Amiga.compareEP(\"6000$$$$48e7fff693c92c78....4eae....28404aac....66..41ec....2c78....4eae....4eae....43fa\")) {\n sVersion = \"1.0-3.1\";\n sOptions = \"Overlayed Protected type 1\";\n bDetected = true;\n } else if (Amiga.compareEP(\"6000$$$$48e7ffff49fa....3c3c....4e944e913c3c....61..51..20112c78....4eae....53\")) {\n sVersion = \"1.0-3.1\";\n sOptions = \"Overlayed Protected type 2\";\n bDetected = true;\n } else if (Amiga.compareEP(\"48e7ffff70..43fa....2c78....4eae....4a8067..2c40\")) {\n sVersion = \"1.0-3.1\";\n sOptions = \"Library\";\n bDetected = true;\n } else if (Amiga.compareEP(\"48e7ffff49fa....3c3c....61..4e917c..61..2f49\")) {\n sVersion = \"4.0\";\n bDetected = true;\n } else if (Amiga.compareEP(\"48e7ffff70..60..70..43fa....4eae....4a8067\")) {\n sVersion = \"4.0\";\n sOptions = \"Library\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/Amiga/cruncher_MOPacker.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"cruncher\", \"MOPacker\");\n\nfunction detect() {\n if (Amiga.compareEP(\"48e7fffe4eb9........4cdf7fff4ef9........000003ec\")) {\n sOptions = \"temp detect\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/Amiga/cruncher_MaxPacker.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"cruncher\", \"MaxPacker\");\n\nfunction detect() {\n if (Amiga.compareEP(\"283c........267a....41fa....d1fa....d7fa....49fa....341c121c101c\")) {\n sVersion = \"1.2\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/Amiga/cruncher_MegaCruncher.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"cruncher\", \"MegaCruncher\");\n\nfunction detect() {\n if (Amiga.compareEP(\"47fa....200b222b....41fa....d1c1226b\")) {\n sVersion = \"1.0-1.2\";\n sOptions = \"Address\";\n bDetected = true;\n } else if (Amiga.compareEP(\"48e7fffe2c78....4bfa....4cdd00034eae....4a8067\")) {\n sVersion = \"1.2\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/Amiga/cruncher_PackIt.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"cruncher\", \"PackIt\");\n\nfunction detect() {\n if (Amiga.compareEP(\"48e7....2c78....2e0e286e....4bfa....42954aac....66..41ec\")) {\n sVersion = \"1.0\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/Amiga/cruncher_Pak.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"cruncher\", \"Pak\");\n\nfunction detect() {\n if (Amiga.compareEP(\"60$$48e77ffe43fa....2c78....4eae....2c4045fa....202a\")) {\n sVersion = \"1.0\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/Amiga/cruncher_PowerPacker.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"cruncher\", \"PowerPacker\");\n\nfunction detect() {\n if (Amiga.compareEP(\"487a....48e7fffe49fa....2054d1c8d1c8\")) {\n sVersion = \"3.0\";\n sOptions = \"type 1\";\n bDetected = true;\n } else if (Amiga.compareEP(\"48e7fffe41fa....2050d1c8d1c84a982248\")) {\n sVersion = \"2.1-3\";\n bDetected = true;\n } else if (Amiga.compareEP(\"6000$$$$2f0e4dfa....48d6ffff4dee....2d5f\")) {\n sVersion = \"3.0\";\n sOptions = \"type 2\";\n bDetected = true;\n } else if (Amiga.compareEP(\"4e714e71487a....48e7fffe49fa....2054d1c8d1c858\")) {\n sVersion = \"3.0\";\n sOptions = \"type 3\";\n bDetected = true;\n } else if (Amiga.compareEP(\"487a....48e7fffe2c78....43fa....45fa....2489\")) {\n sVersion = \"4.0\";\n sOptions = \"Encrypted (type 1)\";\n bDetected = true;\n } else if (Amiga.compareEP(\"487a....48e7fffe2c78....203c........4eae....6000\")) {\n sVersion = \"4.0\";\n sOptions = \"Encrypted (type 2)\";\n bDetected = true;\n } else if (Amiga.compareEP(\"487a....48e7fffe2c78....60$$4e714e71283c........4844\")) {\n sVersion = \"4.0\";\n sOptions = \"Encrypted (type 3)\";\n bDetected = true;\n } else if (Amiga.compareEP(\"487a....48e7fffe70..43fa....2c78....4e......4a80\")) {\n sVersion = \"4.0\";\n sOptions = \"Library\";\n bDetected = true;\n } else if (Amiga.compareEP(\"487a....48e7fffe2c78....283c........4e714e71\")) {\n sVersion = \"3.0\";\n sOptions = \"Encrypted\";\n bDetected = true;\n } else if (Amiga.compareEP(\"48e7fffe41fa....d1fc........4ed0d1c858\")) {\n sVersion = \"4.0\";\n sOptions = \"type 1\";\n bDetected = true;\n } else if (Amiga.compareEP(\"6100$$$$2a572b7a........59..2c78....4eae....2f17487a....2f57\")) {\n sVersion = \"4.0\";\n sOptions = \"type 2\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/Amiga/cruncher_ProPack.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"cruncher\", \"ProPack (RNC)\");\n\nfunction detect() {\n if (Amiga.compareEP(\"487a....48e7fffe487a....203c........72..2c78....4eae\")) {\n sOptions = \"Mode 1\";\n bDetected = true;\n } else if (Amiga.compareEP(\"487a....48e7fffe487a....2a574a956700....2a55dbcddbcd\")) {\n sOptions = \"Key Mode 2\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/Amiga/cruncher_ReXXMaSHeR.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"cruncher\", \"ReXXMaSHeR\");\n\nfunction detect() {\n if (Amiga.compareEP(\"6100$$$$48e7808041fa....6100....203a....41f9\")) {\n sOptions = \"by DCS\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/Amiga/cruncher_Relokit.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"cruncher\", \"Relokit\");\n\nfunction detect() {\n if (Amiga.compareEP(\"48e7fffe41fa....70..3028....23c0........23e8............2028\")) {\n sVersion = \"1.0\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/Amiga/cruncher_S-Exec.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"cruncher\", \"S-Exec\");\n\nfunction detect() {\n if (Amiga.compareEP(\"48e7fffe207a....d1c8d1c858..2f0854..4e55....20080680\")) {\n sVersion = \"1.1\";\n sOptions = \"by Chas Wyndham\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/Amiga/cruncher_Shrinkler.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"cruncher\", \"Shrinkler\");\n\nfunction detect() {\n if (Amiga.compareEP(\"284b241c48e78088e58a2a4c2842241c66\")) {\n sOptions = \"type 1\";\n bDetected = true;\n } else if (Amiga.compareEP(\"49fafffe2f0c2424264c263c........e58a\")) {\n sOptions = \"type 2\";\n bDetected = true;\n } else if (Amiga.compareEP(\"49fa....2f0c2424264ce58a2a4c28422414\")) {\n sOptions = \"type 3\";\n bDetected = true;\n } else if (Amiga.compareEP(\"2413e5..26422c78....48e7....263c........43fa....4eae\")) {\n sOptions = \"type 4\";\n bDetected = true;\n } else if (Amiga.compareEP(\"243a....e5..26422c78....48e7....43fa....4eae\")) {\n sOptions = \"type 5\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/Amiga/cruncher_Spike.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"cruncher\", \"Spike\");\n\nfunction detect() {\n if (Amiga.compareEP(\"60$$48e7fffe267a....d7cbd7cb588b2c78\")) {\n sVersion = \"1.1-1.6\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/Amiga/cruncher_StoneCracker.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"cruncher\", \"StoneCracker\");\n\nfunction detect() {\n if (Amiga.compareEP(\"4df9........47f9........41fa....3d58....3d58\")) {\n sVersion = \"3.10-11b\";\n bDetected = true;\n } else if (Amiga.compareEP(\"41f9........30bc....59..30bc....41f9........47f9\")) {\n sVersion = \"4.01\";\n sOptions = \"type 1\";\n bDetected = true;\n } else if (Amiga.compareEP(\"48e7ffff4bfa....49fa....70..4e944e91\")) {\n sVersion = \"4.01\";\n sOptions = \"type 2\";\n bDetected = true;\n } else if (Amiga.compareEP(\"487a....48e7fffe49fa....2254d3c9d3c9\")) {\n sVersion = \"4.02a\";\n bDetected = true;\n } else if (Amiga.compareEP(\"45f9........43fa....280ad5d9d3d93c113e217a\")) {\n sVersion = \"4.02a\";\n sOptions = \"Address\";\n bDetected = true;\n } else if (Amiga.compareEP(\"4e7145f9........43fa....2a4ad5d9d3d1\")) {\n sVersion = \"4.10.2-3\";\n sOptions = \"Address\";\n bDetected = true;\n } else if (Amiga.compareEP(\"2c78....4bfa....4eee....33fc............33fc\")) {\n sVersion = \"4.10.2-3\";\n sOptions = \"Address/Pro\";\n bDetected = true;\n } else if (Amiga.compareEP(\"487a....48e7fffe49fa....2654d7cbd7cb\")) {\n sVersion = \"4.10.2-3\";\n sOptions = \"type 1\";\n bDetected = true;\n } else if (Amiga.compareEP(\"4e714e71487a....48e7fffe49fa....2654d7cbd7cb\")) {\n sVersion = \"4.10.2-3\";\n sOptions = \"type 2\";\n bDetected = true;\n } else if (Amiga.compareEP(\"48e7fffe4df9........7e..7c..7a..1e3a....1a3a....1c3a....41fa\")) {\n sVersion = \"2.70-2.71\";\n bDetected = true;\n } else if (Amiga.compareEP(\"4df9........303c....3d40....3d40....3d40....3d40....4bf9\")) {\n sVersion = \"2.70-2.71\";\n sOptions = \"Kill\";\n bDetected = true;\n } else if (Amiga.compareEP(\"4df9........4bfa....49f9........47fa....3d5b....18bc\")) {\n sVersion = \"2.92\";\n bDetected = true;\n } else if (Amiga.compareEP(\"............4bfa....49f9........45fa....3d5a....18bc....3d5a\")) {\n sVersion = \"2.99c-d\";\n bDetected = true;\n } else if (Amiga.compareEP(\"4df9........4bfa....49f9........45fa....3d5a....18bc....3c9a18bc\")) {\n sVersion = \"3.00\";\n bDetected = true;\n } else if (Amiga.compareEP(\"48e7fffe41fa....d1fc........4ed03d58....3d58....16bc....45fa\")) {\n sVersion = \"3.10\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/Amiga/cruncher_Super-Cruncher.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"cruncher\", \"Super-Cruncher\");\n\nfunction detect() {\n if (Amiga.compareEP(\"48e7fffe2c79........4eae....41fa....2268....42a8....d3c9d3c959\")) {\n sVersion = \"2.7\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/Amiga/cruncher_SyncroPacker.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"cruncher\", \"SyncroPacker\");\n\nfunction detect() {\n if (Amiga.compareEP(\"41fa....225820182648d1c01e201c2045fa....14a0\")) {\n sVersion = \"4.6\";\n bDetected = true;\n } else if (Amiga.compareEP(\"4df9........3cbc....3d7c........13fc............41fa....21c8....46fc\")) {\n sVersion = \"4.6 Pro\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/Amiga/cruncher_TUC.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"cruncher\", \"TUC (The Ultimate Cruncher)\");\n\nfunction detect() {\n if (Amiga.compareEP(\"48e7fff62a7c........7e..1e1d48471e1d\")) {\n sVersion = \"1.16d\";\n sOptions = \"type 1\";\n bDetected = true;\n } else if (Amiga.compareEP(\"60......2a7c........7e..1e1d48471e1d263c\")) {\n sVersion = \"1.16d\";\n sOptions = \"type 2\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/Amiga/cruncher_TetraCrunch.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"cruncher\", \"TetraCrunch\");\n\nfunction detect() {\n if (Amiga.compareEP(\"41fa....d1fc........227c........2460d5c92020e2..66..61..65..72..76..e2\")) {\n sVersion = \"1.02\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/Amiga/cruncher_TetraPack.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"cruncher\", \"TetraPack\");\n\nfunction detect() {\n if (Amiga.compareEP(\"7e..41fa................d1fc....................2460d5c92020e2..66\")) {\n sVersion = \"2.1\";\n bDetected = true;\n } else if (Amiga.compareEP(\"4df9........7e..6000....3d40....3d40....3d40....13fc............41fa\")) {\n sVersion = \"2.1\";\n sOptions = \"Pro\";\n bDetected = true;\n } else if (Amiga.compareEP(\"................................204cd1fc........b3cc6e..2049d1fa\")) {\n sVersion = \"2.2\";\n bDetected = true;\n } else if (Amiga.compareEP(\"4df9........7e..303c....4e714e713d40....3d40....13fc............41fa\")) {\n sVersion = \"2.2\";\n sOptions = \"Pro\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/Amiga/cruncher_TryIt.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"cruncher\", \"TryIt\");\n\nfunction detect() {\n if (Amiga.compareEP(\"43fa....4e714e714e714e71264a4e714e714e714e714e714e714e714e714e714bfa\")) {\n sVersion = \"1.01\";\n sOptions = \"type 1\";\n bDetected = true;\n } else if (Amiga.compareEP(\"43fa....2e29....45fa....47f9........284b303c....16da51c8\")) {\n sVersion = \"1.01\";\n sOptions = \"type 2\";\n bDetected = true;\n } else if (Amiga.compareEP(\"43fa....2e29....45fa....264a4e714e71284b\")) {\n sVersion = \"1.01\";\n sOptions = \"type 3\";\n bDetected = true;\n } else if (Amiga.compareEP(\"43fa....4e714e714e714e714e710005....4e714e714e714e714e714e714e714bfa\")) {\n sVersion = \"1.01\";\n sOptions = \"type 4\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/Amiga/cruncher_TurboSqueezer.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"cruncher\", \"TurboSqueezer\");\n\nfunction detect() {\n if (Amiga.compareEP(\"48e7fffe2c79........207a....d1c8d1c822582848d3c9d3c958\")) {\n sVersion = \"6.0-8.0\";\n bDetected = true;\n } else if (Amiga.compareEP(\"6000$$$$48e7fffe2c79........207a....d1c8d1c822582848d3c9d3c958\")) {\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/Amiga/cruncher_xpkmaster.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"cruncher\", \"xpkmaster\");\n\nfunction detect() {\n if (Amiga.compareEP(\"6000$$$$2c78....43fa....4eae....2c4041fa....4eae....2c78\")) {\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/Amiga/joiner_ETA.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"joiner\", \"ETA Text Linker\");\n\nfunction detect() {\n if (Amiga.compareEP(\"48e7fffe41fa....59..2010e5..58..43fa....2340....2c78....43fa\")) {\n sVersion = \"0.91-0.99\";\n bDetected = true;\n } else if (Amiga.compareEP(\"48e7fffe41fa....59..2010e5..58..43fa....2340....203a....53..43fa\")) {\n sVersion = \"1.00\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/Amiga/joiner_EXP.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"joiner\", \"EXP ASCII Linker\");\n\nfunction detect() {\n if (Amiga.compareEP(\"48e7fffe4e7143fa....2c78....4eae....2c404eae....220067..41fa\")) {\n sVersion = \"1.1\";\n sOptions = \"1992 by Dr. Gassu //Elysion\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/Amiga/joiner_Glue.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"joiner\", \"Glue (ANSI Linker)\");\n\nfunction detect() {\n if (Amiga.compareEP(\"48e7fffc2c78....93c94eae....2a407a..4aad....66..41ed\")) {\n sVersion = \"2.3\";\n sOptions = \"1994 by Bigmama Of Focus Design\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/Amiga/library_library.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"library\", \"library\");\n\nfunction detect() {\n if (Amiga.compareEP(\"70..4e754afc\")) {\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/Amiga/module_DeliTracker.1.sg", "content": "// Detect It Easy: detection rule file\r\n// Author: horsicq \r\n\r\nmeta(\"module\", \"DeliTracker player\");\r\n\r\nfunction detect() {\r\n if (Amiga.compareEP(\"70FF4E75'DELIRIUM'\")) {\r\n bDetected = true;\r\n } else if (Amiga.compareEP(\"........'DELIRIUM'\")) {\r\n bDetected = true;\r\n sOptions = \"Startup code\";\r\n }\r\n\r\n return result();\r\n}\r\n" }, { "path": "db/Amiga/other_other.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"other\", \"other\");\n\nfunction detect() {\n if (Amiga.compareEP(\"70..4e75'WHDLOADS'\")) {\n sName = \"WHDLOAD object\";\n bDetected = true;\n } else if (Amiga.compareEP(\"70..4e75'AUTOSCPP'\")) {\n sName = \"SCPP object\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/Amiga/self-displayer_DPS.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"self-displayer\", \"DPS (IFF images self-displayer)\");\n\nfunction detect() {\n if (Amiga.compareEP(\"43fa....70..2c78....4eae....26406700....43fa....70\")) {\n sVersion = \"1.0\";\n sOptions = \"by Foster Hall\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/Amiga/self-displayer_Iff2ex.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"self-displayer\", \"Iff2ex\");\n\nfunction detect() {\n if (Amiga.compareEP(\"43f9........203c........2c79........4eae....4a806700....23c0........43f9........203c\")) {\n sVersion = \"1.0\";\n sOptions = \"by Pieter van Leuven\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/Amiga/self-displayer_S-Anim.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"self-displayer\", \"S-Anim\");\n\nfunction detect() {\n if (Amiga.compareEP(\"4e55....48e7808042ad....93c92c78....4eae....28404aac\")) {\n sVersion = \"1.1-1.3\";\n sOptions = \"by Chas Wyndham\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/Amiga/self-displayer_S-Pic.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"self-displayer\", \"S-Pic\");\n\nfunction detect() {\n if (Amiga.compareEP(\"4e55....48e7808042ad....93c92c79........4eae....28404aac\")) {\n sVersion = \"1.2\";\n sOptions = \"by Chas Wyndham\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/Amiga/sfx_DIMP.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"sfx\", \"DIMP\");\n\nfunction detect() {\n if (Amiga.compareEP(\"6000$$$$327c....48e780c02c78....42a7203c........72..48414eae\")) {\n sOptions = \"DMS disks packer\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/Amiga/sfx_DMSSFX.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"sfx\", \"DMS-SFX by SDS Software\");\n\nfunction detect() {\n if (Amiga.compareEP(\"49f9........2c78....43f9........70..4eae....23c0........2c404eae\")) {\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/Amiga/sfx_LHASFX.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"sfx\", \"LHASFX\");\n\nfunction detect() {\n if (Amiga.compareEP(\"6000$$$$2a484230....49fa....2854d9ccd9cc294f....2c78....43fa\")) {\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/Amiga/sfx_LHSFX.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"sfx\", \"LHSFX by Mike Kennedy\");\n\nfunction detect() {\n if (Amiga.compareEP(\"43f9........23c9........43f9........2c79........4eae....23c0........6700....2c404eae\")) {\n sOptions = \"1991\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/Amiga/tool_EFFECT-loader.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"tool\", \"EFFECT-loader\");\n\nfunction detect() {\n if (Amiga.compareEP(\"60$$487a....4879........48e7fffe48e780804bfa....43fa....2c78....4eae\")) {\n sVersion = \"1.5-1.6\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/Amiga/tool_VideoTracker.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\n// https://home.deds.nl/~pvc70/vtindex.htm\nmeta(\"tool\", \"VideoTracker\");\n\nfunction detect() {\n if (Amiga.compareEP(\"6000$$$$93c92c78....4eae....284070..4aac....66..41ec....2c78\")) {\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/Archive/_Archive.0.sg", "content": "// Detect It Easy: detection rule file\r\n// Author: horsicq \r\n\r\nmeta(\"format\", \"Archive\");\r\n\r\nfunction detect() {\r\n if (Archive.isVerbose()) {\r\n sName = Archive.getFileFormatName();\r\n sVersion = Archive.getFileFormatVersion();\r\n sOptions = Archive.getFileFormatOptions();\r\n \r\n if (sName) {\r\n bDetected = true;\r\n }\r\n }\r\n\r\n return result();\r\n}\r\n" }, { "path": "db/Archive/_init", "content": "// Detect It Easy: DiE-JS framework file\r\n// Don't change anything unless you're sure about what you're doing\r\n\r\nvar File = Archive;\r\nvar X = Archive;" }, { "path": "db/AtariST/_AtariST.0.sg", "content": "// Detect It Easy: detection rule file\r\n// Author: horsicq \r\n\r\nmeta(\"operation system\", \"Atari ST\");\r\n\r\nfunction detect() {\r\n if (AtariST.isVerbose()) {\r\n sName = AtariST.getOperationSystemName();\r\n sVersion = AtariST.getOperationSystemVersion();\r\n sOptions = AtariST.getOperationSystemOptions();\r\n\r\n bDetected = true;\r\n }\r\n\r\n return result();\r\n}\r\n" }, { "path": "db/AtariST/_init", "content": "// Detect It Easy: DiE-JS framework file\r\n// Don't change anything unless you're sure about what you're doing\r\n\r\nvar File = AtariST;\r\nvar X = AtariST;" }, { "path": "db/Binary/Amiga_loadable.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: Kaens (TG @kaens)\n\nmeta(\"format\", \"\");\n\nfunction detect() {\n if (Binary.compare(\"000003F300\")) {\n bDetected = true;\n sName = \"Amiga loadable file\";\n // sOption(outSz(calcAmigaFileSize()), 'sz:');\n } else if (Binary.compare(\"000003E700\")) {\n bDetected = true;\n sName = \"Amiga object/library file\";\n }\n\n return result();\n}" }, { "path": "db/Binary/Certificate_cert.WinAuth.1.sg", "content": "// Detect It Easy: detection rule file\r\n// Author: horsicq \r\n\r\nmeta(\"Certificate\", \"WinAuth\");\r\n\r\nfunction detect() {\r\n if (Binary.compare(\"........00020200\")) {\r\n sVersion = \"2.0\";\r\n sOptions = \"PKCS #7\";\r\n bDetected = true;\r\n }\r\n\r\n return result();\r\n}\r\n" }, { "path": "db/Binary/RIFF.1.sg", "content": "// Detect It Easy: detection rule file\r\n// Author: hypn0 \r\n\r\nmeta(\"format\");\r\n\r\nfunction detect() {\r\n if (Binary.compare(\"'RIFF'........'CDR'\")) {\r\n sName = \"CorelDraw graphics (.CDR)\";\r\n bDetected = true;\r\n } else if (Binary.compare(\"'RIFF'........'AVI '\")) {\r\n sName = \"AVI\";\r\n bDetected = true;\r\n } else if (Binary.compare(\"'RIFF'........'WEBPVP8'\")) {\r\n sName = \"WebP\";\r\n bDetected = true;\r\n }\r\n\r\n return result();\r\n}" }, { "path": "db/Binary/ROM_1.sg", "content": "// Detect It Easy: detection rule file\r\n// Author: horsicq \r\n// Covers cartridge, tape, or CD-delivered software, such as ROM images for various\r\n//videogame systems, and/or for their emulators.\r\n//Also includes snapshots like VSF or SNA, and resource packs like WAD.\r\n// Authors:\r\n// Kaens TG@kaens\r\n// (...yes I'm looking at you, you obviously want to add something so go ahead)\r\n\r\nmeta(\"ROM\", \"\");\r\n\r\n/* beautify ignore:start */\r\nfunction detect() {\r\n\r\n // this C-like pre-declaration is here because lol Qt6\r\n var p = 0, i = 0, j = 0, k = 0, l = 0, r = 0, t = 0, x = 0, n = 0, trk = 0, files = 0, sz = -1, fl = -1, sides = -1, ro = -1,\r\n title = '', tl = '', a = '', c = '', msg = '', artist = '', hw = '', soption = '', bad = '',\r\n fnames = [];\r\n\r\n if ((X.c(\"'A2R1'FF0A0D0A ................'DATA'\")) || X.c(\"'A2R'..FF0A0D0A 'INFO'\") && isWithin(X.U8(3), 0x32, 0x33)) {\r\n //ref https://applesaucefdc.com/a2r/ & https://applesaucefdc.com/a2r2-reference/\r\n sName = \"Apple II Applesauce disk archival image (.A2R)\"; sVersion = 'v' + X.SA(3, 1);\r\n if (v1 = X.c(\"'1'\", 3)) { bDetected = true; p = 0x10 } else p = 8;\r\n meta = bad = '';\r\n while (p < X.Sz()) {\r\n var hkhd = X.SA(p, 4), hksz = X.U32(p + 4, v1 ? _BE : _LE); p += 8;\r\n switch (hkhd) {\r\n case 'INFO':\r\n if (v1) meta = X.SC(p, hksz, 'UTF8').replace(/\\x0A/g, \",\").replace(/\\x09/g, \":\"); else {\r\n iV = X.U8(p); bDetected = true;\r\n switch (X.U8(p + 33)) {\r\n case 1: dim = '5¼\" SS 40trk 0.25 step'; break;\r\n case 2: dim = '3½\" DS 80trk Apple CLV'; break;\r\n case 3: dim = '5¼\" DS 40trk'; break;\r\n case 4: dim = '5¼\" DS 80trk'; break;\r\n case 5: dim = '3½\" DS 80trk'; break;\r\n case 6: dim = '8\" DS'; break;\r\n case 7: dim = '3\" DS 80trk'; break;\r\n case 8: dim = '3\" DS 40trk'; break;\r\n default: dim = '?'\r\n }\r\n sOption('disk:' + dim);\r\n if (X.U8(p + 34) == 1) sOption('write-protected');\r\n if (iV >= 2) {\r\n if (t = X.U8(p + 42)) sOption(t, 'min.RAM:', 'k');\r\n t = ''; fl = X.U16(p + 40); if (!fl) t = '?'; if (fl & (1 << 0)) t = t.append('][');\r\n if (fl & (1 << 1)) t = t.append('][ Plus'); if (fl & (1 << 2)) t = t.append('//e');\r\n if (fl & (1 << 3)) t = t.append('//c'); if (fl & (1 << 4)) t = t.append('//e Enhanced');\r\n if (fl & (1 << 5)) t = t.append('IIgs'); if (fl & (1 << 6)) t = t.append('//c Plus');\r\n if (fl & (1 << 7)) t = t.append('///'); if (fl & (1 << 8)) t = t.append('/// Plus');\r\n sOption(t, 'for Apple ');\r\n }\r\n }\r\n break;\r\n case 'DATA': case 'STRM': case 'RWCP': case 'SLVD': break;\r\n case 'META': meta = X.SC(p, hksz, 'UTF8').replace(/\\x0A/g, \",\").replace(/\\x09/g, \":\"); break\r\n }\r\n p += hksz;\r\n }\r\n if (p > X.Sz()) bad = bad.addIfNone('!short');\r\n //if(X.isDeepScan() && X.calculateCRC32(12,sz-12) != X.U32(8)) bad = bad.addIfNone('!badcrc');\r\n if (bad != '') sVersion = sVersion.appendS('/malformed' + bad, '/')\r\n if (X.isVerbose()) {\r\n sOptionT(addEllipsis(meta), 'info:\"', '\"');\r\n sOption(outSz(p), 'sz:');\r\n }\r\n }\r\n\r\n else if (X.c(\"'AT8X'\") && isWithin(t0p = X.U32(0x1C), 0x24, 0x40) && X.c(\"0000\", t0p + 4)\r\n && isWithin(t0sz = X.U32(t0p), (t0hdsz = X.U32(t0p + 0x14)) + X.U32(t0p + t0hdsz), 0x1000)\r\n && isWithin(t0sec = X.U16(t0p + 0xA), 1, 40) && X.U32(t0p + t0hdsz) == 8 + 8 * t0sec) {\r\n //ref http://www.whizzosoftware.com/sio2arduino/vapi.html\r\n sName = \"Atari VAPI/ATX disk image (.ATX)\"; sVersion = 'v' + X.U16(4); bDetected = true;\r\n if (X.isVerbose()) {\r\n for (trk = 0, p = t0p, sec = 0; trk < 40 && p < X.Sz(); trk++, p += X.U32(p))\r\n sec += X.U16(p + 0xA);\r\n sOption('trk:' + trk + ' sec.total:' + sec + ' sz:' + outSz(p))\r\n }\r\n }\r\n\r\n else if (X.c(\"''\") && X.c(\"''\", (sz = X.U16(0x11, _LE)) - 8)) {\r\n sName = \"Bally Arcade/Astrocade BASIC tape (.BIN)\"; bDetected = true; if (X.isVerbose()) sOption(outSz(sz), 'sz:')\r\n }\r\n\r\n else if (X.c(\"0E0000800E..FFFE........FFFFFFFF020000000200..FFFFFFFFFE\")\r\n && [0x1F, 0x2F].indexOf(X.U8(5)) >= 0 && [0x1F, 0x7F].indexOf(X.U8(0x161)) >= 0) {\r\n sName = \"Casio Loopy (big-endian) cartridge (.BIN)\"; bDetected = true\r\n }\r\n\r\n else if (X.c(\"4C....4C....01'CBM::::::::'\") && X.c(\"FF\", 0x333E) && X.c(\"FF\", 0x3980)) {\r\n sName = \"Commodore Plus/4 cartridge (.BIN)\"; bDetected = true\r\n }\r\n\r\n else if (X.c(\"000003\", 0x08) && X.c(\"'DMC '\", 0x100) && X.c(\"' GM 00000000-00'\", 0x160)) {\r\n sName = \"AtGames/中娛/愛勝 Firecore digital media cartridge (.BIN)\"; bDetected = true\r\n }\r\n\r\n // else if([0x1F,0x20].indexOf(X.U8(0) >= 0) &&\r\n // (X.fSig(1,0x200,\"929376..7702\") > 0) || X.fSig(1,0x200,\"9276..937702\") > 0) { // quite a few ROMs mismatch it\r\n // \t// 2560 is a pretty unique CPU, may be possible to statistically analyse the instructions and go from there\r\n // \tsName = \"Emerson Arcadia 2001 cartridge (.BIN)\"; bDetected = true\r\n // }\r\n\r\n else if (X.c(\"F50400\") && X.c(\"04\", 0x800) && X.c(\"8383\", 0x808) && F.Sz() == 0x1000) {\r\n sName = \"Entex Adventure Vision cartridge (.BIN)\"; bDetected = true\r\n }\r\n\r\n else if ((X.c(\"55..40..40....00\") || X.c(\"5512521252B0\")) && X.U8(1) == X.U8(3)\r\n && (X.Sz() == 0x2000 || X.Sz() == 0x4000)) {\r\n sName = \"Epoch ゲームポケコン/Game Pocket Computer cartridge (.BIN)\"; bDetected = true\r\n }\r\n\r\n else if (X.c(\"BBA56EB3E9C5A7A4CCB3D7B2CFA8CEA5CCAAA3A46FB1EFB9BBA56EB3E9C569B6E6A6F4A5F3A6CFA456A675A47BB5'r(vereese gnniee)rB'A1CFA4D5B2B6C442A1CFA473BDB6C4CEA9F3A7EFA7BBA56EB3E9C5ECAD6CA97BB5A1A65DB370AD57A4EFB96EB3E9C5BAAAEAC277A950BBD1B8A3B0EAC277A9'rTdamera kybU inet diMrceoeltcorinscC ro.pa dnF nuethcE tnreatniemtnC ro.pA llr gith seresvrde .iLecsn esip reimttde'002E\", 0x2000)\r\n || X.c(\"1E00E32AE401E501 E601E7011B48E801 E901EAC401300EEB 01B426ECEED26401 EF26F00108604E30 F201F301F4010128\")) {\r\n sName = \"Funtech Super Acan cartridge (.BIN)\"; bDetected = true\r\n }\r\n\r\n else if ((X.c(\"AA04FFFF68FF\") || X.c(\"AA4E840D196900\") || X.c(\"AA544E85706A90\")\r\n || X.c(\"AA54E9A7640202\") || X.c(\"AAC0BA69004DCC\") || X.c(\"AA694169146914\"))\r\n && isWithin(X.Sz(), 0x2000, 0x8000) && !(X.Sz() & 0xFFF)) {\r\n sName = \"Hartung Game Master cartridge (.BIN)\"; bDetected = true\r\n }\r\n\r\n else if (X.c(\"'ZPJ'\") && X.c(\"0003....0003\", 0x18) && charStat(X.SA(3, 3)) == 'allnum'\r\n && charStat(X.SA(6, 13), true).indexOf('allasc' >= 0)) {\r\n // name db: https://github.com/libretro/libretro-database/blob/master/metadat/no-intro/Konami%20-%20Picno.dat\r\n sName = \"Konami Picno image (.BIN)\"; bDetected = true;\r\n sOption(charStat(X.SA(3, 3)))\r\n if (X.isVerbose()) {\r\n var t = X.SA(3, 13); while (t.length && t[t.length - 1] == '+') t = t.slice(0, t.length - 1)\r\n sOption(t)\r\n }\r\n }\r\n\r\n else if (X.c(\"'Copyright LeapFrog '00..01010000000080\", 0x100)) {\r\n sName = \"Leapfrog Leapster Learning Game System image (.BIN)\"; bDetected = true;\r\n if (X.fSig(1, 0x1000, \"'Lil ducked. The jet zipped past her head. Dust flew, Lil sneezed, and Leap turned red. Then Lil got up, about to yell. Leap gasped, \\\"Look, Lil! Your tooth! It fell!\\\"'\"))\r\n sVersion = 'Approved Content'; else sVersion = 'unapproved content' //what a way to show something so useless\r\n }\r\n\r\n else if (!(X.Sz() & 7) && (t = X.fSig(0, 0x1000, \"1FA6DEBACC137D74\")) >= 0 && !(t & 7)) {\r\n sName = \"Microsoft MSX tape image (.CAS)\"; bDetected = true\r\n }\r\n\r\n else if (X.c(\"00000000'Root-CPCA00000108-CP00000110'00000000000000000000000000000000000000000000000000000000000000000000000000\", 0x2854)) {\r\n sName = \"iQue (N64 for China) CMD (.CMD)\"; bDetected = true\r\n }\r\n else if (X.c(\"803712400000000F80....00000014\") && X.c(\"AD0000\", 0x1010) && X.c(\"FF\", 0x101E)) {\r\n sName = \"iQue (N64 for China) Z64 image (.Z64)\"; bDetected = true\r\n }\r\n\r\n else if (X.c(\"'C64 CARTRIDGE '\") && (p = X.U32(0x10, _BE)) >= 0x40 && X.c(\"'CHIP'\", p)) {\r\n //ref 64copy / formats.zip/CRT.TXT\r\n bDetected = true; sName = \"Commodore 64 cartridge (.CRT)\";\r\n sVersion = \"v\" + X.U8(0x14) + \".\" + X.U8(0x15).padStart(2, '0'); bad = '';\r\n while (p < X.Sz()) {\r\n if (!X.c(\"'CHIP'\", p)) break;\r\n var hksz = X.U32(p + 4, _BE), romsz = X.U16(0x0E, _BE);\r\n if (romsz > hksz - 0x10) bad = bad.addIfNone('!badchipsz');\r\n if (p + hksz > X.Sz())\r\n if (p + 0x10 + romsz <= X.Sz()) { //ignore the weird chunk length, use the ROM length\r\n p += romsz + 0x10; bad = bad.addIfNone('!badchunk'); continue\r\n }\r\n else if (!X.isVerbose() && p + hksz > X.Sz()) { bad = bad.addIfNone('!short') }\r\n p += hksz\r\n }\r\n if (bad != '') sVersion = sVersion.appendS('malformed' + bad, '/');\r\n if (X.isVerbose()) {\r\n sOption(X.SC(0x20, 0x20, \"Shift_JIS\"));\r\n switch (X.U16(0x16, _BE)) {\r\n case 0: hw = \"normal cartridge\"; break;\r\n case 1: hw = \"Action Replay\"; break;\r\n case 2: hw = \"KCS Power Cartridge\"; break;\r\n case 3: hw = \"Final Cartridge III\"; break;\r\n case 4: hw = \"Simons Basic\"; break;\r\n case 5: hw = \"Ocean type 1\"; break;\r\n case 6: hw = \"Expert Cartridge\"; break;\r\n case 7: hw = \"Fun Play, Power Play\"; break;\r\n case 8: hw = \"Super Games\"; break;\r\n case 9: hw = \"Atomic Power\"; break;\r\n case 10: hw = \"Epyx Fastload\"; break;\r\n case 11: hw = \"Westermann Learning\"; break;\r\n case 12: hw = \"Rex Utility\"; break;\r\n case 13: hw = \"Final Cartridge I\"; break;\r\n case 14: hw = \"Magic Formel\"; break;\r\n case 15: hw = \"C64 Game System/System 3\"; break;\r\n case 16: hw = \"WarpSpeed\"; break;\r\n case 17: hw = \"Dinamic\"; break;\r\n case 18: hw = \"Zaxxon, Super Zaxxon (SEGA)\"; break;\r\n case 19: hw = \"Magic Desk/Domark/HES Australia\"; break;\r\n case 20: hw = \"Super Snapshot 5\"; break;\r\n case 21: hw = \"Comal-80\"; break;\r\n case 22: hw = \"Structured Basic\"; break;\r\n case 23: hw = \"Ross\"; break;\r\n case 24: hw = \"Dela EP64\"; break;\r\n case 25: hw = \"Dela EP7x8\"; break;\r\n case 26: hw = \"Dela EP256\"; break;\r\n case 27: hw = \"Rex EP256\"; break;\r\n case 28: hw = \"Mikro Assembler\"; break;\r\n case 29: hw = \"reserved\"; break;\r\n case 30: hw = \"Action Replay 4\"; break;\r\n case 31: hw = \"StarDOS\"; break;\r\n case 32: hw = \"EasyFlash\"; break;\r\n default: hw = \"?\";\r\n }\r\n sOption('hw.type: ' + hw + ' /EXROM:' + (X.U8(0x18) ? 'inactive' : 'active')\r\n + ' /GAME:' + (X.U8(0x19) ? 'inactive' : 'active') + ' sz:' + outSz(p));\r\n }\r\n }\r\n\r\n function isDC42() {\r\n //ref https://www.discferret.com/wiki/Apple_DiskCopy_4.2\r\n if (X.Sz() < 0x32000 || !X.c(\"0100\", 0x52) || !isWithin(tl = X.U8(0), 1, 0x3F)) return false;\r\n title = X.SC(1, tl, 'CP1252'); var tcs = charStat(title, true); if (tcs.indexOf('allxsc') < 0) return false;\r\n if (tl != X.U8(0x478) || title != X.SC(0x479, X.U8(0x478), 'CP1252')) return false; //the volume label, I presume\r\n var discsz = X.U32(0x40, _BE), tagsz = X.U32(0x44, _BE);\r\n if (!isWithin(discsz, 0x32000, 0x200000) || (tagsz && discsz * 12 / 512 != tagsz)) return false;\r\n if (!tagsz && X.U32(0x4C, _BE)) return false;\r\n sz = 0x54 + discsz + X.U32(0x44, _BE); discszt = Util.divu64(discsz, 1024) + 'k';\r\n switch (X.U8(0x50)) {\r\n case 0: discszt += ' GCR CLV ssdd'; break; case 1: discszt += ' GCR CLV dsdd'; break;\r\n case 2: discszt += ' MFM CAV dsdd'; break; case 3: discszt += ' MFM CAV dshd'; break;\r\n default: discszt += ' unk.type'\r\n }\r\n return true\r\n }\r\n if (!bDetected && isDC42()) {\r\n sName = \"Apple DiskCopy 4.2 disk image (.DC42)\"; sVersion = discszt; bDetected = true;\r\n if (X.isVerbose()) {\r\n sOption(title); sOption(outSz(sz), 'sz:')\r\n }\r\n }\r\n\r\n if (!bDetected) if (X.c(\"'ACT Apricot disk image'1A04\") && isAllZeroes(0x18, 0x58)) {\r\n //ref https://github.com/latchdevel/HxCFloppyImageConverter/blob/master/libhxcfe/trunk/sources/loaders/apridisk_loader/apridisk_format.h\r\n sName = \"Jonathan Marsters's ACT/Apricot PC ApriDisk image (.DSK)\"; bDetected = true;\r\n var cyl = sec = 0, interrupt = false, cmt = by = '';\r\n for (p = 0x80; p < X.Sz();) {\r\n var hkhd = X.U32(p), hdsz = X.U16(p + 6), hksz = X.U32(p + 8);\r\n switch (hkhd) {\r\n case 0xE31D0000: break; //del\r\n case 0xE31D0001: //sec\r\n if ((t = X.U8(p + 13)) > sec) sec = t; if ((t = X.U16(p + 14) + 1) > cyl) cyl = t;\r\n break;\r\n case 0xE31D0002: cmt = X.SA(p + hdsz, hksz); break;\r\n case 0xE31D0003: by = X.SA(p + hdsz, hksz); break;\r\n default: interrupt = true\r\n }\r\n if (interrupt) break;\r\n p += hdsz + hksz;\r\n if (hkhd == 0xE31D0002) break\r\n }\r\n if (X.isVerbose()) {\r\n sOption(cmt); sOption(by, 'by: '); sOption('cyl:' + cyl + ' sec:' + sec + ' sz:' + outSz(p))\r\n } else if (p > X.Sz()) sVersion = 'malformed!short'\r\n }\r\n\r\n else if ((X.c(\"'EXTENDED CPC DSK File'0D0A'Disk-Info'0D0A\") || X.c(\"'MV - CPCEMU Disk-File'0D0A'Disk-Info'0D0A\")\r\n || X.c(\"'MV - CPC'\")) && isWithin(trk = X.U8(0x30), 20, 84) && isWithin(sd = X.U8(0x31), 1, 2)\r\n && X.c(\"'Track-Info'0D0A000000\", 0x100)) {\r\n //ref https://github.com/latchdevel/HxCFloppyImageConverter/blob/master/libhxcfe/trunk/sources/loaders/cpcdsk_loader/*\r\n sName = \"Amstrad CPC disk image (.DSK)\"; bDetected = true;\r\n if (X.c(\"'E'\")) { trksz = 0; sVersion = 'extended' } else trksz = X.U16(0x32) + 1;\r\n if (X.isVerbose()) {\r\n sOption(X.SA(0x22, 0xE)); sOption('trk:' + trk + (trksz ? ' trksz:' + trksz : '') + ' sides:' + sd)\r\n }\r\n }\r\n\r\n function isEALIB() {\r\n //from https://aluigi.altervista.org/bms/ealib.bms\r\n if (!X.c(\"'EALIB'\")) return false;\r\n n = X.U16(5); var oldp = p = 7;\r\n for (var i = 0; i < n && p < X.Sz(); i++) {\r\n p += 0xD; var z = X.U8(p++), ofs = X.U32(p); p += 4;\r\n if (z > 4 || !isWithin(ofs, p, X.Sz())) return false;\r\n }\r\n return true\r\n }\r\n if (!bDetected && isEALIB()) {\r\n sName = \"Electronic Arts Library resource pack\"; bDetected = true;\r\n if (X.isVerbose()) sOption(n, 'files:')\r\n }\r\n\r\n if (!bDetected)\r\n if (X.c(\"'FCSX'\") && X.U32(4) > X.U32(8) && X.U32(8) <= X.Sz()) { //found this one in a collection of NES ROMs\r\n sName = \"FCSX zlib format (.FCS)\"; bDetected = true;\r\n if (X.isVerbose()) sOptions = 'Zlib @10h, unp.sz:' + X.U32(4) + ' sz:' + outSz(X.U32(8))\r\n }\r\n\r\n function isPC98FDI() {\r\n if (!X.c(\"00000000\")) return false;\r\n var id = X.U32(4), hdrsz = X.U32(8), datasz = X.U32(0xC), bpsec = X.U32(0x10),\r\n sec = X.U32(0x14), heads = X.U32(0x18), cyl = X.U32(0x1C);\r\n if ([0x10, 0x30, 0x90].indexOf(id) < 0 || bpsec * sec * heads * cyl != datasz\r\n || (sz = hdrsz + datasz) > X.Sz() || hdrsz < 0x20) return false;\r\n if (id == 0x10 && !isWithin(datasz, 0x80000, 0xB6000) //let's allow some space for stupid formatting\r\n || id == 0x30 && !isWithin(datasz, 0x160000, 0x300000)\r\n || id == 0x90 && !isWithin(datasz, 0x120000, 0x140000)) return false;\r\n info = 'disc:' + (id == 0x10 ? \"640/720k\" : id == 0x30 ? \"1.44M\" : id == 0x90 ? \"1.2M\" : '?')\r\n + ' (' + (datasz / 0x400).toFixed(1) + 'k)';\r\n info = info.append('hd:' + heads + ' cyl:' + cyl + ' sec:' + sec + ' sz:' + outSz(sz))\r\n return true\r\n }\r\n if (isPC98FDI()) {\r\n sName = \"EPSON's PC-98 disk image (.FDI)\"; bDetected = true;\r\n if (X.isVerbose()) sOption(info)\r\n }\r\n\r\n //.GG has no clear header...\r\n\r\n if (!bDetected) if (X.c(\"EB0A9090'IPL1'0000001EA08405B48ECD1BA8\", 0x1000) && //empirical and may be incorrect!\r\n X.c(\"E9D102' NEC 'CADFB0BFC5D9BADDCBDFADB0C08CC592E8836683428358834E8B4E93AE8381836A8385815B8376838D834F8389838020CADEB0BCDEAEDD' 2.'....' Copyright (C) NEC Corporation 1985,'\", 0x1400)) {\r\n sName = \"NEC PS-98 hard disk image (.HDI)\"; bDetected = true\r\n }\r\n\r\n else if ((X.c(\"EB1C904E\") || X.c(\"EB2790B1\") || X.c(\"EB279028\") || X.c(\"EB3C9027\") || X.c(\"EB3C904E\"))\r\n && X.c(\"000401010002C000D004FE0200080002000000\", 0xB)\r\n || (X.c(\"EB..90\") && X.Sz() == 0x134000)) { // and no real way to detect user disks\r\n sName = \"NEC PC-98 disk image (.HDM)\"; bDetected = true\r\n }\r\n\r\n function isHOBETA() {\r\n if(X.Sz() < 0x111) return;\r\n var chk = 0; for (var i=0; i < 0xF; ++i) { if(i < 9 && X.U8(i) < 0x20) return; chk += X.U8(i) }\r\n chk = (105+0x101*chk) & 0xFFFF; if(chk != X.U16(0xF)) return;\r\n sz = X.U16(0xB); addr = X.U16(9); alsz = X.U16(0xD);\r\n if(!isWithin(alsz, 0x100,0xFF00) || !isWithin(sz, 0x100,0xFF00)\r\n || addr < 0x4000 /*ROM*/ || addr+sz > 0x10000) return;\r\n if(sz+(sz%0x100? (0x100-sz%0x100): 0) != alsz) return;\r\n var tp = X.U8(8);\r\n return true;\r\n }\r\n if(isHOBETA()) {\r\n sName = 'ZX Spectrum HOBETA wrapper (.HOB)'; bDetected = true;\r\n sOptions = decAnsi(0, 8, CPSpeccy).trim()+'.'+X.SA(8,1);\r\n if(X.isVerbose()) sOption('data @11h['+Hex(sz)+'] RAM$'+addr.toString(16)+' sz:'+outSz(0x11+alsz));\r\n else if(0x11+alsz > X.Sz()) sVersion = 'malformed!short';\r\n }\r\n\r\n if(!bDetected) if (X.c(\"'HXCPICFE'\") && isWithin(sides = X.U8(0xA), 1, 2)\r\n && isWithin(baud = X.U16(0xC) * 1000, 150000, 3000000) && (ro = X.U8(0x11)) <= 1) {\r\n //ref https://github.com/latchdevel/HxCFloppyImageConverter/blob/master/libhxcfe/trunk/sources/loaders/hfe_loader/hfe_format.h\r\n // & hfe_writer.c & hfe_loader.c\r\n sName = \"HxC PIC/HFE disk image (.HFE)\"; sVersion = 'rev.' + X.U8(8); bDetected = true;\r\n if (X.isVerbose()) {\r\n const trkencs = [\"ISO IBM MFM\", \"Amiga MFM\", \"ISO IBM FM\", \"emulated FM\", \"unk.\"],\r\n ifmodes = [\"IBM PC DD\", \"IBM PC HD\", \"Atari ST DD\", \"Atari ST HD\", \"Amiga DD\", \"Amiga HD\",\r\n \"Amstrad CPC DD\", \"generic Shugart DD\", \"IBM PC ED\", \"MSX2 DD\", \"Commodore 64 DD\",\r\n \"emulated Shugart\"];\r\n var trk = X.U8(9), ifmode = X.U8(0x10), tofs = [], t = X.U8(0xB), sz = 0x200, datasz = 0;\r\n p = 0x200; trkenc = t > 3 ? trkencs[4] : trkencs[t] & 3; ifmode = ifmode <= 0xB ? ifmodes[ifmode] : 'unk.';\r\n for (i = 0; i < trk && p < X.Sz(); i++, p += 4) {\r\n datasz += t = X.U16(p + 2)\r\n }\r\n t = t & 0x1FF ? 0x200 + (t & 0xFFFFFE00) : t; sz = X.U16(p - 4) * 0x200 + t;\r\n sOption('trk:' + trk + (sides == 2 ? ' DS' : ' SS'));\r\n sOption(trkenc, 'trkenc:'); sOption(ifmode, 'floppy mode:'); sOption(ro ? 'write-protected' : '');\r\n sOption(baud + ' baud = ' + (baud / 8192).toFixed(1) + 'k/s');\r\n sOption('datasz:' + datasz + ' sz:' + outSz(sz))\r\n }\r\n }\r\n\r\n else if (X.c(\"'CHKH'........00000000\") && X.c(\"'CHKH'........01000000\", X.U32(4)) && X.Sz() > 12) {\r\n //ref https://github.com/latchdevel/HxCFloppyImageConverter/blob/11ee45a77f237846eebdf1c6f1c732e5c0505be5/libhxcfe/trunk/sources/loaders/hxcstream_loader/hxcstream.c#L143\r\n sName = \"HxC Stream Loader disk track (.hxcstream)\"; bDetected = true;\r\n }\r\n\r\n else if (X.c(\"'CAPS'0000000C1CD573BA'INFO'00000060\") && X.c(\"'IMGE'\", 0x6C)) {\r\n //ref http://info-coach.fr/atari/documents/_mydoc/IPF-Documentation.pdf\r\n sName = \"SPS's KryoFlux Interchangeable Preservation Format disk image (.IPF)\"; bDetected = true;\r\n switch (X.U32(0x048, _BE)) {\r\n case 0: sVersion = 'no-platform'; break; case 1: sVersion = 'Amiga'; break;\r\n case 2: sVersion = 'Atari ST'; break; case 3: sVersion = 'PC'; break; case 4: sVersion = 'Amstrad CPC'; break;\r\n case 5: sVersion = 'ZX Spectrum'; break; case 6: sVersion = 'SAM Coupe'; break;\r\n case 7: sVersion = 'Acorn Archimedes'; break; case 8: sVersion = 'C64'; break;\r\n case 9: sVersion = 'Atari 8-bit'; break; default: sVersion = 'unk.'\r\n }\r\n sVersion += X.U32(0x18, _BE) == 1 ? ' floppy' : ' unk.media';\r\n if (X.isVerbose()) {\r\n for (p = 0x6C, density = '', densities = []; p < X.Sz();) {\r\n hkhd = X.SA(p, 4); if (!/[A-Z]{4}/.test(hkhd) || !X.c(\"0000\", p + 4)/*a floppy block can't be this long*/) break;\r\n hksz = X.U32(p + 4, _BE);\r\n if (hkhd === 'IMGE') {\r\n switch (X.U32(p + 20)) {\r\n case 3: density = 'Copylock Amiga'; break; case 4: density = 'Copylock Amiga new'; break;\r\n case 5: density = 'Copylock ST'; break; case 6: density = 'Speedlock Amiga'; break;\r\n case 7: density = 'Speedlock Amiga old'; break; case 8: density = 'Adam Brierley Amiga'; break;\r\n case 9: density = 'Adam Brierley & density key Amiga'; break;\r\n }\r\n if (densities.indexOf(density) < 0) densities.push(density);\r\n }\r\n else if (hkhd === 'DATA') p += X.U32(p + 12, _BE);\r\n p += hksz\r\n }\r\n sOption(X.U32(0x28, _BE), 'rev.');\r\n sOption('tracks:' + X.U32(0x30, _BE) + '-' + X.U32(0x34, _BE) + ' sides:' + (1 + X.U32(0x3C, _BE)));\r\n sOption(X.U32(0x1C, _BE) == 1 ? 'CAPS' : X.U32(0x1C, _BE) == 2 ? 'SPS' : 'unk.', 'encoder:', ' rev.' + X.U32(0x20, _BE));\r\n sOption(Hex(X.U32(0x24, _BE), 8), 'cat.ID:'); sOption(densities.join(' + '), 'copy protection:'); sOption('sz:' + outSz(p))\r\n }\r\n }\r\n\r\n else if (X.c(\"'JFDI'\") && isWithin(tt = X.U32(0x18), 0x130, X.Sz()) && isWithin(st = X.U32(0x1C), tt, X.Sz())\r\n && isWithin(dt = X.U32(0x20), st, X.Sz()) && X.c(\"FFFFFFFF\", st - 4) && X.c(\"FFFFFFFF\", dt - 8)\r\n && (!(dtt = X.U32(0x24)) || isWithin(dtt, dt, X.Sz())) && (!(dst = X.U32(0x28)) || isWithin(dst, dt, X.Sz()))\r\n && (!(ddt = X.U32(0x2C)) || isWithin(ddt, dt, X.Sz()))) {\r\n //ref https://gist.github.com/Kaens/a139d96dc429b49788e47ea57e55017d\r\n sName = \"Acorn Archimedes ADFFS JFD disk image (.JFD)\"; bDetected = true;\r\n nV = Util.divu64(nv = X.U32(4, _LE), 100); nv %= 100; sVersion = 'v' + nV + '.' + nv;\r\n +'+/img v' + ((iv = X.U8(0x14)) >> 5) + '.' + (iv & 0x1F);\r\n if (X.isVerbose()) {\r\n sOption('tt:' + Hex(tt) + ' st:' + Hex(st) + ' dt:' + Hex(dt))\r\n sOption(addEllipsis(decAnsi(0x30, 0x100, CPRISCOS).trim(), 0xC0, 0xA0));\r\n if ((ds = X.U16(0xE)) > 1) sOptions += ' (' + X.U16(0xC) + '/' + ds + ')';\r\n sOption('trk:' + Util.divu64(st - tt, 4) + ' sec:' + (Util.divu64(dt - st - tt * 4, 8)));\r\n if (X.U32(4) >= 204) {\r\n fl = X.U32(0x130);\r\n if (fl & (1 << 0)) sOption('write-protected'); if (fl & (1 << 2)) sOption('Protect CMOS req.');\r\n if (fl & (1 << 3)) sOption('Protect Modules req.'); if (fl & (1 << 5)) sOption('Shift+Break to load');\r\n sOption('for:');\r\n if (fl & (1 << 8)) sOption('ARM3'); if (fl & (1 << 9)) sOption('ARM250');\r\n if (fl & (1 << 10)) sOption('ARM610/710'); if (fl & (1 << 11)) sOption('ARM7500');\r\n if (fl & (1 << 12)) sOption('StrongArm'); if (fl & (1 << 13)) sOption('ARMv5/v6/v7');\r\n if (fl & (1 << 16)) sOption('RiscOS 2'); if (fl & (1 << 17)) sOption('RiscOS 3.1');\r\n if (fl & (1 << 18)) sOption('RiscOS 3.5'); if (fl & (1 << 19)) sOption('RiscOS 3.7');\r\n if (fl & (1 << 20)) sOption('RiscOS 3.8/4.x'); if (fl & (1 << 21)) sOption('RiscOS 5.x');\r\n if (fl & (1 << 22)) sOption('RiscOS 6.x');\r\n if (X.U8(0x134)) sOption('fps:' + (X.U8(0x134) / 2)); if (X.U32(0x138)) sOption('Obey file sz:' + X.U32(0x138));\r\n sOption('datasz:' + X.U32(8)); if (ddt) sOption('delta data')\r\n }\r\n }\r\n }\r\n\r\n\r\n function isSega100h() {\r\n if (X.Sz() < 0x1000 || !X.c(\"'SEGA '\",0x100)) return [false];\r\n sus = 0; if(![' ','RA'].includes(X.SA(0x1B0,2))) sus++;\r\n sn = X.SA(0x180, 14); if(sn[11] != '-' ) sus++; if(!['GM ', 'AI ', 'OS ', 'BR '].includes(sn.slice(0, 3))) sus++;\r\n ar = [[X.U32(0x1A0,_BE),X.U32(0x1A4,_BE)+1], [X.U32(0x1A8,_BE),X.U32(0x1AC,_BE)+1]]; //ROM & RAM address ranges\r\n if (ar[0][1] & 0xFF != 0xFF) sus++; if (ar[1][1] & 0xFF != 0xFF) sus++;\r\n if (!isWithin(ar[0][1], 0x1000, 0x7FFFFFFF)) sus++; if (!isWithin(ar[1][0], 0xFF0000, 0x7FFFFFFF)) sus++;\r\n if (sus > 3) return [false];\r\n if (X.c(\"'MEGA DRIVE'\", 0x100) || X.c(\"'GENESIS'\", 0x100)) return [true, \"Sega Mega Drive/Genesis (.MD)\"]\r\n else if (X.c(\"'32X '\", 0x105)) return [true, \"Sega Mega Drive + 32X (.32X)\"]\r\n else if (X.c(\"'EVERDRIVE '\", 0x105)) return [true, \"Sega Mega Drive (Everdrive ext.)\"]\r\n else if (X.c(\"'SSF '\", 0x105)) return [true, \"Sega Mega Drive (Mega Everdrive ext.)\"]\r\n else if (X.c(\"'MEGAWIFI'\", 0x105)) return [true, \"Sega Mega Drive (Mega Wifi ext.)\"]\r\n else if (X.c(\"'PICO '\", 0x105)) return [true, \"Sega PICO\"]\r\n else if (X.c(\"'TERA68k\", 0x105) || X.c(\"'TERA286'\", 0x105)) return [true, \"Sega Tera Drive (.TD)\"];\r\n return [false];\r\n }\r\n if ((t=isSega100h())[0]) {\r\n //ref https://plutiedev.com/rom-header\r\n sName = t[1]; bDetected = true;\r\n if((t=sn.slice(12,14)) == [0] || t == '00') sVersion = 'initial'; else sVersion = 'v'+t[0]+'.'+t[1];\r\n switch (sn.slice(0,2)) {\r\n case 'GM': sVersion += '/Game'; break;\r\n case 'AI': sVersion += '/Aid'; break;\r\n case 'OS': sVersion += '/Boot ROM (TMSS)'; break;\r\n case 'BR': sVersion += '/Boot ROM (Sega CD)'\r\n }\r\n if(X.isVerbose()) {\r\n title = X.SC(0x120, 0x30, \"SJIS\").trim(); t = X.SC(0x120, 0x30, \"SJIS\").trim();\r\n if(title != t) sOption(title+' / '+t); else sOption(title);\r\n sOption('ROM@'+Hex(ar[0][0])); if(X.SA(0x1B0,2) === 'RA') sOption('extra RAM');\r\n ft = '';\r\n for(i=0x190; i < 0x1A0;) {\r\n c = X.SA(i++,1); if(c == ' ') break;\r\n if (c === 'J') { if(X.SA(i++,1) == '6') ft += '#6-button pad'; else ft += '#3-button pad' }\r\n else if (c === '0') ft += '#Master System pad';\r\n else if (c === 'A') ft += '#Analog stick';\r\n else if (c === '4') ft += '#Multitap';\r\n else if (c === 'A') ft += '#Lightgun';\r\n else if (c === 'A') ft += '#Activator';\r\n else if (c === 'A') ft += '#Mouse';\r\n else if (c === 'A') ft += '#Trackball';\r\n else if (c === 'A') ft += '#Tablet';\r\n else if (c === 'A') ft += '#Paddle';\r\n else if (c === 'A') ft += '#Keyboard/keypad';\r\n else if (c === 'A') ft += '#RS-232';\r\n else if (c === 'A') ft += '#Printer';\r\n else if (c === 'A') ft += '#Sega CD';\r\n else if (c === 'A') ft += '#Floppy';\r\n else if (c === 'A') ft += '#Download(?)';\r\n }\r\n sOptionT('devices:'+ft);\r\n sOption('sz:'+outSz(ar[0][1]))\r\n }\r\n }\r\n\r\n\r\n function isMDR() {\r\n //ref https://github.com/TomDDG/Z80onMDR_lite/blob/main/Z80onMDR_Lite.c\r\n if(!X.c(\"01 ?? 00 00\")) return;\r\n const mdrhdsz = 0xF, mdrdtsz = 0x200, mdrblksz = 0x21F, mdrmaxblk = 0xFE, mdrcartsz = mdrmaxblk*mdrblksz;\r\n blk = 0;\r\n var p;\r\n function chkblk(blkn) {\r\n var i, crc; p = blkn*mdrblksz;\r\n if((X.U8(p+15) & 2) && !X.U16(p+17)) return;\r\n for(crc=i=0; i < mdrhdsz-1; i++) crc = (crc+X.U8(p++)) % 0xFF; if(crc != X.U8(p++)) return;\r\n for(crc=i=0; i < mdrhdsz-1; i++) crc = (crc+X.U8(p++)) % 0xFF; if(crc != X.U8(p++)) return;\r\n if(!X.U16(p-13)) { p += mdrdtsz+2; return true } //deleted block, skip\r\n for(crc=i=0; i < mdrdtsz; i++) crc = (crc+X.U8(p++)) % 0xFF; if(crc != X.U8(p)) return;\r\n blk++;\r\n return true\r\n }\r\n var sec = m = X.U8(1); if(!sec) return; if(!X.isDeepScan()) m = Math.min(sec,5);\r\n for(var i=0; i < m && i*mdrblksz < X.Sz(); i++) if(!chkblk(i)) return;\r\n if(blk < 2) return;\r\n name = decAnsi(4,10,CPSpeccy); if(X.isDeepScan()) sz = p; else sz = sec*mdrblksz;\r\n return true\r\n }\r\n if(!bDetected && isMDR()) {\r\n sName = \"ZX Microdrive cartridge image (.MDR)\"; bDetected = true;\r\n if(X.isVerbose()) {\r\n sOption(name);\r\n sOption((X.isDeepScan()?'blks:'+blk+' ':'')+'sz:'+outSz(sz));\r\n }\r\n }\r\n\r\n function isMGT() {\r\n //ref https://sinclair.wiki.zxnet.co.uk/wiki/MGT_filesystem\r\n //TODO test on SAM with subdirs, +D, HDD...\r\n if ([0x32000, 0x64000, 0xC8000].indexOf(X.Sz()) < 0) return false; // single-sided 40-cylinder, ds40/ss80, ds80\r\n subdir = 0; erased = 0; files = 0;\r\n var p = 0, ds = X.Sz() > 0x64000, msz = Math.min(X.Sz(), 0xC8000);\r\n var xroot = X.U8(0xFF); if (xroot > 35) return false; //betaDOS/MasterDOS extra tracks for root\r\n var zx = [0, 'ZX Spectrum'], sam = [0, 'SAM Coupé'], dd = [0, 'DISCiPLE/+D'], hd = [0, 'HDD'];\r\n var samboot = X.c(\"'BOOT'\", 0x100); if (samboot) sam[0] += 20;\r\n var allocmap = []; for (i = 0; i < 195; i++) allocmap.push(0);\r\n soption = ''; fnames = []; label = ''; sus = 0;\r\n if (!extIs('mgt')) sus++; //could be gzipped which removes the extension as far as DiE is concerned\r\n if (X.Sz() != 0xC8000) sus++; //in practice, only ds 80-cyl is seen around\r\n const fts = [/*0*/'erased', 'ZXBASIC', 'ZXnum.array', 'ZXstr.array', 'ZXcode', 'ZX48ksnap', 'ZXMD', 'ZXscr', 'special',\r\n\t\t/*9*/'ZX128ksnap', 'Opentype', 'ZXexec', 'UNI-DOSdir', 'UNI-DOScreate', '14?', '15?', 'SAMBASIC', 'SAMnum.array',\r\n\t\t/*18*/'SAMstr.array', 'SAMcode', 'SAMscr', 'MasterDOSdir', 'SAMDriverapp', 'SAMDriverbootstrap', 'EDOSNOMEN',\r\n 'EDOSsys', 'EDOSovl', '27?', 'HDOSHdos', 'HDOSHdir', 'HDOSHdisk', 'HDOSHfree/Htmp'];\r\n if ((X.U8(0) & 0x3F) != 19 && charStat(X.readBytes(0xD2, 10), 1).indexOf('allasc') >= 0) {\r\n sam[0] += 10; label = X.SA(0xD2, 10).trim()\r\n }\r\n //if(xroot) _l2r('mgt',0xFF,xroot+' xroot found!'); if(samboot) _l2r('mgt',0x100,'SAM BOOT found!')\r\n for (p = _sec = _side = _trk = 0, end = false; _trk < 4 + xroot && p < X.Sz();) {\r\n for (s = 0; s < 2; s++) { //go through the 2 records per sector\r\n if (samboot && files == 1) { files++; continue }\r\n //_l2r('mgt',p,'looking at rec #'+files+'\"'+X.SA(p+1,10)+'\": T'+_trk+'S'+_side+'s'+_sec+' type '+X.U8(p))\r\n if (!X.U8(p + 1)) { end = true; continue }\r\n if (end) sus++; files++;\r\n var fname1 = X.readBytes(p + 2, 9); if (charStat(fname1, 1).indexOf('allasc') < 0) return false; //space-padded\r\n var ft = (X.U8(p) & 0x3F); if (ft > 0x1F) return false; //file type\r\n if (!ft) erased++; else if (isWithin(ft, 1, 11)) zx[0]++; else if (isWithin(ft, 12, 13)) dd[0]++;\r\n else if (isWithin(ft, 16, 23)) sam[0]++; else hd[0]++;\r\n var fsecsz = X.U16(p + 0xB, _BE); if (!fsecsz) return false; //sectors used by the file\r\n var ftrk0 = X.U8(p + 0xD), fside0 = ftrk0 >> 7; ftrk0 &= 0x7F; if (!isWithin(ftrk0, 0, 79)) return false;\r\n var fsec0 = X.U8(p + 0xE); if (!isWithin(fsec0, 1, 10)) return false;\r\n if (!ds) ds = fside0; //double-sided disc. there must be a better way to tell...\r\n if (!files) { if (ft == 0) sus++; if (X.U8(p) & 0x80) sus++ } //super unlikely the first file's erased or hidden\r\n for (i = 0; i < 195; i++) { t = X.U8(p + 0xF + i); if (allocmap[i] & t) return false; allocmap[i] |= t }\r\n if (firstNotOf(p + 0xDC, 11, [0x20, 0xFF]) < 0) sam[0] += 10;\r\n if (firstNotOf(p + 0xE8, 4, [0xFF]) < 0) sam[0] += 4;\r\n if (X.U8(p + 0xFA) == 0xFF) sam[0]++; if (X.U8(p + 0xFB) == 0xFF) sam[0]++;\r\n fnames.push(X.SA(p + 1, 10).trim()\r\n + ':' + fts[ft] //file type briefly explained\r\n //+'@'+Hex((fsec0+(fside0+ftrk0*2)*10)*0x200) //just the 1st sector address won't be too useful\r\n );\r\n if (ft == 21) { subdir++; t = ((fsec0 + (fside0 + ftrk0 * 2) * 10) * 0x200) + 1; if (X.U8(t)) fnames.push('/' + X.SA(t, 10) + '...') }\r\n if (!s) p += 0x100\r\n }\r\n _sec++; if (_sec > 9) { _sec = 0; _side++; if (_side == 1) { _side = 0; _trk++ } }\r\n p = (_sec + (_side + _trk * 2) * 10) * 0x200;\r\n }\r\n if (sus > 5 || !files) return false;\r\n function am0max() {\r\n if (!arguments.length) return '';\r\n var i, r = arguments[0]; for (i = 1; i < arguments.length; i++) if (arguments[i][0] > r[0]) r = arguments[i];\r\n return r\r\n }\r\n sv = am0max(zx, sam, dd, hd)[1] + '/' + (ds ? 'DS' : 'SS');\r\n return true\r\n }\r\n if (!bDetected && isMGT()) {\r\n sName = \"Miles Gordon Technology floppy image (.MGT,.SAD)\";\r\n sVersion = sv; bDetected = 1;\r\n if (X.isVerbose()) {\r\n sOption((subdir ? '≈' : '') + (files - erased - subdir) + (erased ? '+' + erased + ' erased' : '') + (subdir ? '+' + subdir + 'subdirs' : ''), 'files:');\r\n if (files) sOption('(' + addEllipsis(fnames.join('; ')) + ')');\r\n if (sus) sOption('possibly malformed (level ' + sus + ')');\r\n }\r\n }\r\n\r\n\r\n if (!bDetected) if (X.c(\"'NES'1A\") && (X.Sz() > 15)) {\r\n //ref https://www.nesdev.org/wiki/INES & https://www.nesdev.org/wiki/NES_2.0\r\n sName = \"NES ROM image (.nes)\"; bDetected = true; malformed = false;\r\n szprg = X.U8(4) * 16384; szchr = X.U8(5) * 8192;\r\n flg9 = X.U8(9); //v1.0: ROMs don't use it; v2.0: sz*msb\r\n flg6 = X.U8(6);\r\n //fmirroring = (flg6&1)>0; //0 for hrz 1 for vrt, tons of fallout though so better to ignore this\r\n fstorage = (flg6 & 2) > 0; trainer = (flg6 & 4) * 0x80; f4scrvram = (flg6 & 8) > 0; flg7 = X.U8(7);\r\n mapper = ((flg6 & 0xF0) >> 4) + (flg7 & 0xF0); fvsunisystem = (flg7 & 1) > 0; fplaychoice10 = (flg7 & 2) > 0;\r\n fv20_ = ((flg7 & 0x0C) == 8); fv20 = false; szprgmsb = ((flg9 & 0x0F) << 8) * 16384;\r\n szchrmsb = ((flg9 & 0xF0) << 4) * 8192; ex = region = tv = \"\";\r\n sz = 16 + trainer + szprg + szprgmsb + szchr + szchrmsb;\r\n if (fv20_) fv20 = sz < X.Sz();\r\n if (fv20) {\r\n szprg += szprgmsb; szchr += szchrmsb; flg8 = X.U8(8); flg11 = X.U8(11); flg12 = X.U8(12);\r\n flg13 = X.U8(13); flg14 = X.U8(14); flg15 = X.U8(15); sVersion = \"NES v2.0\";\r\n mapper += (flg8 & 0x0F) << 8; submapper = (flg8 & 0xF0) >> 4;\r\n switch (flg7 & 2) {\r\n case 0: sVersion += \" #NES/Famicom/Dendy\"; break;\r\n case 1:\r\n sVersion += \" #Nintendo Vs. System (\";\r\n switch (flg13 & 0x0F) {\r\n case 0: sVersion += \"RP2C03B)\"; break; case 1: sVersion += \"RP2C03G)\"; break;\r\n case 2: sVersion += \"RP2C04-0001)\"; break; case 3: sVersion += \"RP2C04-0002)\"; break;\r\n case 4: sVersion += \"RP2C04-0003)\"; break; case 5: sVersion += \"RP2C04-0004)\"; break;\r\n case 6: sVersion += \"RC2C03B)\"; break; case 7: sVersion += \"RC2C03C)\"; break;\r\n case 8: sVersion += \"RC2C05-01)\"; break; case 9: sVersion += \"RC2C05-02)\"; break;\r\n case 0x0A: sVersion += \"RC2C05-03)\"; break; case 0x0B: sVersion += \"RC2C05-04)\"; break;\r\n case 0x0C: sVersion += \"RC2C05-05)\"; break; default: sVersion += \"unk.PPU)\"\r\n }\r\n break;\r\n case 2: sVersion += \" #Nintendo Playchoice 10\"; break;\r\n default:\r\n switch (flg13 & 0x0F) {\r\n case 0: sVersion += \" #NES/Famicom/Dendy\"; break;\r\n case 1: sVersion += \" #Nintendo Vs. System\"; break;\r\n case 2: sVersion += \" #Nintendo Playchoice 10\"; break;\r\n case 3: sVersion += \" #Famiclone+DecimalMode\"; break;\r\n case 4: sVersion += \" #NES/Famicom+EPSM/plug-through\"; break;\r\n case 5: sVersion += \" #V.R. VT01 red/cyan\"; break;\r\n case 6: sVersion += \" #V.R. Technology VT02\"; break;\r\n case 7: sVersion += \" #V.R. Technology VT03\"; break;\r\n case 8: sVersion += \" #V.R. Technology VT09\"; break;\r\n case 9: sVersion += \" #V.R. Technology VT32\"; break;\r\n case 0x0A: sVersion += \" #V.R. Technology VT369\"; break;\r\n case 0x0B: sVersion += \" #UMC UM6578\"; break;\r\n case 0x0C: sVersion += \" #Famicom Network System\"; break;\r\n default: sVersion += \" #(reserved)\"\r\n }\r\n }\r\n switch (flg12 & 3) {\r\n case 0: region = \"NA/JP/SK/TW: NTSC NES\"; break; case 1: region = \"WE/AU: Licenced PAL NES\"; break;\r\n case 2: region = \"Multiple\"; break; default: region = \"EU/RU/ZH/IN/AF: Dendy\"\r\n }\r\n switch (flg15 & 0x3F) {\r\n case 0x00: break;\r\n case 0x01: ex = \"Std. Sontrollers\"; break;\r\n case 0x02: ex = \"NES Four Score/Satellite + 2 Std. Controllers\"; break;\r\n case 0x03: ex = \"Famicom 4P Adapter\"; break;\r\n case 0x04: ex = \"Vs. System (1P via $4016)\"; break;\r\n case 0x05: ex = \"Vs. System (1P via $4017)\"; break;\r\n case 0x06: ex = \"(obsolete MAME behaviour)\"; break;\r\n case 0x07: ex = \"Vs. Zapper\"; break;\r\n case 0x08: ex = \"Zapper ($4017)\"; break;\r\n case 0x09: ex = \"2 Zappers\"; break;\r\n case 0x0A: ex = \"Bandai Hyper Shot Lightgun\"; break;\r\n case 0x0B: ex = \"Power Pad Side A\"; break;\r\n case 0x0C: ex = \"Power Pad Side B\"; break;\r\n case 0x0D: ex = \"Family Trainer Side A\"; break;\r\n case 0x0E: ex = \"Family Trainer Side B\"; break;\r\n case 0x0F: ex = \"Arkanoid Vaus Controller (NES)\"; break;\r\n case 0x10: ex = \"Arkanoid Vaus Controller (Famicom)\"; break;\r\n case 0x11: ex = \"2 Vaus Controllers + Famicom Data Recorder\"; break;\r\n case 0x12: ex = \"Konami Hyper Shot Controller\"; break;\r\n case 0x13: ex = \"Coconuts Pachinko Controller\"; break;\r\n case 0x14: ex = \"Exciting Boxing Punching Bag (Blowup Doll)\"; break;\r\n case 0x15: ex = \"Jissen Mahjong Controller\"; break;\r\n case 0x16: ex = \"Party Tap\"; break;\r\n case 0x17: ex = \"Oeka Kids Tablet\"; break;\r\n case 0x18: ex = \"Sunsoft Barcode Battler\"; break;\r\n case 0x19: ex = \"Miracle Piano Keyboard\"; break;\r\n case 0x1A: ex = \"Pokkun Moguraa (Whack-a-Mole Mat & Mallet)\"; break;\r\n case 0x1B: ex = \"Top Rider (Inflatable Bicycle)\"; break;\r\n case 0x1C: ex = \"Double-Fisted\"; break;\r\n case 0x1D: ex = \"Famicom 3D System\"; break;\r\n case 0x1E: ex = \"Doremikko Keyboard\"; break;\r\n case 0x1F: ex = \"R.O.B. Gyro Set\"; break;\r\n case 0x20: ex = 'Famicom Data Recorder (\"silent\" keyboard)'; break;\r\n case 0x21: ex = \"ASCII Turbo File\"; break;\r\n case 0x22: ex = \"IGS Storage Battle Box\"; break;\r\n case 0x23: ex = \"Family BASIC Keyboard + Famicom Data Recorder\"; break;\r\n case 0x24: ex = \"Dongda PEC-586 Keyboard\"; break;\r\n case 0x25: ex = \"Bit Corp. Bit-79 Keyboard\"; break;\r\n case 0x26: ex = \"Subor Keyboard\"; break;\r\n case 0x27: ex = \"Subor Keyboard + Mouse (3x8-bit)\"; break;\r\n case 0x28: ex = \"Subor Keyboard + Mouse (24-bit)\"; break;\r\n case 0x29: ex = \"SNES Mouse ($4017.d0)\"; break;\r\n case 0x2A: ex = \"Multicart\"; break;\r\n case 0x2B: ex = \"2 SNES Controllers\"; break;\r\n case 0x2C: ex = \"RacerMate Bicycle\"; break;\r\n case 0x2D: ex = \"U-Force\"; break;\r\n case 0x2E: ex = \"R.O.B. Stack-Up\"; break;\r\n case 0x2F: ex = \"City Patrolman Lightgun\"; break;\r\n case 0x30: ex = \"Sharp C1 Cassette Interface\"; break;\r\n case 0x31: ex = \"Std. Controller w/swapped ←→/↑↓/BA\"; break;\r\n case 0x32: ex = \"Excalibor Sudoku Pad\"; break;\r\n case 0x33: ex = \"ABL Pinball\"; break;\r\n case 0x34: ex = \"Golden Nugget Casino extra buttons\"; break;\r\n default: ex = \"(unknown)\"\r\n }\r\n sz = 16 + trainer + szprg + szprgmsb + szchr + szchrmsb\r\n }\r\n else {\r\n if (!(flg7 & 0x0C) && X.c(\"0000 0000\", 12)) sVersion = \"iNES\";\r\n else if ((flg7 & 0x0C) == 4) sVersion = \"archaic iNES\";\r\n else sVersion = \"iNES v0.7 or archaic\";\r\n\r\n szprgram = X.U8(8) * 8192; if (!szprgram) szprgram = 8192; //PRG RAM size\r\n flg10 = X.U8(10);\r\n switch (flg10 & 3) {\r\n case 0: tv = \"NTSC\"; break;\r\n case 2: tv = \"PAL\"; break;\r\n default: tv = \"NTSC/PAL\"\r\n }\r\n if (X.c(\"0000 0000\", X.Sz() - 4)) { fprgram = (flg10 & 0x10) > 0; fbusconflicts = (flg10 & 0x20) > 0 }\r\n else { fprgram = false; fbusconflicts = false; }\r\n region = \"n/a\";\r\n }\r\n if (X.isVerbose()) {\r\n sOption(tv, \"tv: \"); sOption(region, \"region: \"); sOption(mapper, \"mapper: \"); sOption(ex, \"expansion: \");\r\n if (fplaychoice10) sOption(\"PlayChoice-10\"); if (trainer) sOption(\"trainer\");\r\n if (fstorage) sOption(\"battery-backed RAM\"); sOption(outSz(sz), 'sz:')\r\n }\r\n }\r\n\r\n else if (X.c(\"'MNIB-1541-RAW'..000002..04..06..08..0A\")) {\r\n bDetected = true; sVersion = 'v' + X.U8(0xD);\r\n sName = \"Markus Brenner's MNIB/Peter Rittwage's C64PP NIBTools disk image (.NIB)\"\r\n }\r\n\r\n else if (X.c(\"01'CD001'01''\", 0x53000)) {\r\n n = X.c(\"'NERO'\", X.Sz() - 8) ? 1 : X.c(\"'NER5'\", X.Sz() - 12) ? 2 : 0;\r\n sName = (n ? \"Nero AG's \" : '') + \"optical disc image (.NRG)\"; if (n) sVersion = \"Nero AG/v\" + n;\r\n if (X.isVerbose()) sOptions = X.SA(0x53028, 0x20).trim(); bDetected = true;\r\n }\r\n\r\n else if (X.c(\"0D04..00'host_date='\") && X.fSig(0, 0x80, \"'KryoFlux DiskSystem'\")) {\r\n sName = \"SPS's KryoFlux DiskSystem disk sector (.RAW)\"; bDetected = true\r\n }\r\n\r\n else if (X.c(\"'CAPS'0000000C1CD573BA'DATA'\") && X.c(\"'PACK'\", X.U32(0x10, _BE) + 0x14)) {\r\n //ref https://www.kryoflux.com/download/spsdeclib_5.1_source.zip / Codec/CapsDefinitions.h\r\n sName = \"SPS's KryoFlux CT Raw disk image (.RAW)\"; bDetected = true;\r\n if (X.isVerbose()) {\r\n for (p = 0xC, trk = unpsz = 0; p < X.Sz();) {\r\n hkhd = X.SA(p, 4); if (!/[A-Z]{4}/.test(hkhd) || !X.c(\"0000\", p + 4)/*a floppy block can't be this long*/) break;\r\n hksz = X.U32(p + 4, _BE);\r\n switch (hkhd) {\r\n case 'DATA': hksz += X.U32(p + 12, _BE); break;\r\n case 'PACK': unpsz += hksz; hksz = X.U32(p + 12, _BE) + 0x18; break;\r\n case 'TRCK': trk++; break\r\n }\r\n p += hksz\r\n }\r\n sOption('trk:' + trk + ' sz:' + outSz(p))\r\n }\r\n }\r\n\r\n function isSCL() {\r\n if (!X.c(\"'SINCLAIR'\") || !isWithin(n = X.U8(8), 1, 128) || X.Sz() < 9 + 14 * n) return false;\r\n fnames = [], p = 9, i = c = 0; sz = 9 + 14 * n;\r\n sec = 0; bad = '';\r\n for (; i < n && sz < X.Sz(); i++, p += 14) {\r\n var fn = decAnsi(p, 8, CPSpeccy); if (fn.length < 8) return false; fn = fn.trim();\r\n if (fn[0] === '\\x01') fn[0] = '*'; //deleted file\r\n var ext = decAnsi(p + 8, 1, CPSpeccy); if (!ext.length) return false;\r\n //I'd test the filenames for sanity but some copyprots are quite insane...\r\n fnames.push(fn + '.$' + ext); t = X.U8(p + 0xD); sec += t; sz += t << 8;\r\n }\r\n if (sz > X.Sz() || sz > 655364) return false; //max available size is 835600-ish so not much of a constraint\r\n if (X.Sz() >= sz + 4) { // despite the barebones specs there seems to be a CRC at the very end\r\n for (i = 0; i < sz; c += X.U8(i++)) { } sz += 4;\r\n if (c != X.U32(i)) bad = '!badcrc' //not returning false; it's not guaranteed that all SCL will have this\r\n } else bad = '!nocrc'; //...but it is common enough to mark it as malformed if it's absent\r\n fnames = fnames.join(';'); return true\r\n }\r\n if (!bDetected && isSCL()) {\r\n sName = 'ZX Spectrum floppy disk image (.SCL)'; bDetected = true;\r\n if (bad.length) sVersion = 'malformed' + bad;\r\n if (X.isVerbose()) {\r\n sOption(addEllipsis(fnames, 0xA0)); sOption('sec:' + sec + ' sz:' + outSz(sz))\r\n }\r\n }\r\n\r\n\r\n function isSCP() {\r\n if (!X.c(\"'SCP'\") || X.U8(6) > 165 || X.U8(7) > 165 || X.U8(0xA) > 2) return false;\r\n var p, mtdp = mtdsz = 0, r = X.U8(5), bitw = X.U8(9);\r\n sz = 0x2B0; if (!bitw) bitw = 2; else bitw >>= 3;\r\n for (p = 0x10; p < 0x2B0; p += 4) {\r\n var tdhp = X.U32(p); if (!tdhp) continue; if (!X.c(\"'TRK'\", tdhp)) return false;\r\n var i = 0; for (q = tdhp + 4; i < r; i++) {\r\n var tdsz = X.U32(q + 4) * bitw, tdp = X.U32(q + 8) + tdhp;\r\n if (tdp > mtdp) { mtdp = tdp; mtdsz = tdsz }\r\n q += 12\r\n }\r\n }\r\n if (mtdp) if (mtdp > X.Sz()) return false; else sz = mtdp + mtdsz;\r\n return true\r\n }\r\n if (!bDetected && isSCP()) {\r\n sName = \"SuperCard Pro disk image (.SCP)\"; bDetected = true;\r\n var v = X.U8(3); if (v) v = 'v' + (v >> 4) + ' rev.' + (v & 0xF); else v = 'v.?';\r\n var tp = X.U8(4), revolutions = X.U8(5), sttrk = X.U8(6), edtrk = X.U8(7), fl = X.U8(8),\r\n tpi5in = fl & 2 ? '96' : '48', rpm = fl & 1 ? (fl & 4 ? '360' : '300') : '300/360',\r\n quality = fl & 8 ? 'normalised' : 'preservation', ro = fl & 0x10 ? 'read/write' : 'read-only', ext = fl & 0x20,\r\n side = !X.U8(0xA) ? 'double' : (X.U8(0xA) == 1 ? 'bottom' : 'top'), made, dtp;\r\n if (ext) {\r\n v = 'app v' + (X.U8(sz + 0x28) >> 4) + '.' + (X.U8(sz + 0x28) & 0xF) +\r\n 'h/w v' + (X.U8(sz + 0x29) >> 4) + '.' + (X.U8(sz + 0x29) & 0xF);\r\n if (!X.c(\"'FPCS'\", sz + 0x2C)) v += '/malformed!noendtag'; sz += 0x30\r\n }\r\n sVersion = v;\r\n if (X.isVerbose()) {\r\n switch (tp & 0xF) {\r\n case 0: dtp = 'CBM'; break; case 1: dtp = 'Amiga'; break; case 2: dtp = 'Apple ]['; break;\r\n case 3: dtp = 'Atari ST'; break; case 4: dtp = 'Atari 800'; break; case 5: dtp = 'Mac 800'; break;\r\n case 6: dtp = '360k/720k'; break; case 7: dtp = '1.44M'; break; default: dtp = 'unk.'\r\n }\r\n switch (tp >> 4) {\r\n case 0: made = 'Commodore'; break; case 1: made = 'Atari'; break; case 2: made = 'Apple'; break;\r\n case 3: made = 'PC'; break; case 4: made = 'Tandy'; break; case 5: made = 'Texas Inst.'; break;\r\n case 6: made = 'Roland'; break; case 8: made = '(other)'; break; default: made = 'unk.'\r\n }\r\n sOption('type ' + dtp + ' by ' + made); sOption('trk:' + sttrk + '-' + edtrk + ' side:' + side);\r\n sOption(ro); sOption(quality, 'quality:'); sOption(rpm, '', ' rpm');\r\n sOption(outSz(sz), 'sz:');\r\n }\r\n }\r\n\r\n if (!bDetected) if (X.c(\"EC..A50000\") && X.c(\"EC00\", 0x100) && X.c(\"55AA55AA55AA55AAFFFFFFFFFFFFFFFF0000\", 0x110)\r\n && X.c(\"FFFFFFFFFFFFFFFF FFFFFFFFFFFFFFFF\", 0x400)\r\n && X.c(\"4199015564F0FFFF 201B0C824118EA61 F00107F60301EE1B 0C834118EA617001 07760301EE15140500\", 0X4630)) {\r\n sName = \"GamePark GP32 SmartMedia card (.SMC)\"; bDetected = true //may not catch all options, but the official games are there\r\n }\r\n\r\n else if (X.c(\"'RSY'000300\")) {\r\n //ref http://info-coach.fr/atari/documents/_mydoc/Pasti-documentation.pdf\r\n sName = \"Jorge 'Ijor' Cwik's Pasti disk image (.STX)\"; bDetected = true;\r\n sVersion = 'v3' + (X.U8(11) == 2 ? ' new' : X.U8(11) == 0 ? ' old' : '');\r\n if (X.isVerbose()) {\r\n sOption(X.U8(10), 'trk.total:');\r\n for (i = 0, p = 0x10; i < X.U8(10) && p < X.Sz(); i++, p += X.U32(p)) { }\r\n sOption(outSz(p), 'sz:')\r\n }\r\n }\r\n\r\n else if (X.c(\"'ZXST'\") && charStat(X.readBytes(0x10 + X.U32(0xC), 4), 1).indexOf('allxsc') >= 0\r\n && X.fSig(8, 0x200, \"'Z80R'\") > 0 && X.fSig(0x20, 0x200, \"'SPCR'\") > 0\r\n && isWithin(V = X.U8(4), 1, 1) && (v = X.U8(5)) <= 5 && (hw = X.U8(6)) <= 16 && (fl = X.U8(7)) <= 1) {\r\n //ref https://sinclair.wiki.zxnet.co.uk/wiki/ZX-State_format\r\n sName = 'Spectaculator zx-state file (.SZX)'; sVersion = 'v' + V + '.' + v; bDetected = true;\r\n switch (hw) {\r\n case 0: hw = 'ZX Spectrum 16k'; break; case 1: hw = 'ZX Spectrum 48k/+'; break;\r\n case 2: hw = 'ZX Spectrum 128k'; break; case 3: hw = 'ZX Spectrum +2'; break;\r\n case 4: hw = 'ZX Spectrum +2A/B'; break; case 5: hw = 'ZX Spectrum +3'; break;\r\n case 6: hw = 'ZX Spectrum +3e'; break; case 7: hw = 'Pentagon 128'; break;\r\n case 8: hw = 'Timex Sinclair TC-2048'; break; case 9: hw = 'Timex Sinclair TC-2068'; break;\r\n case 0xA: hw = 'Scorpion ZS-256'; break; case 0xB: hw = 'ZX Spectrum SE'; break;\r\n case 0xC: hw = 'Timex Sinclair TS-2068'; break; case 0xD: hw = 'Pentagon 512'; break;\r\n case 0xE: hw = 'Pentagon 1024'; break; case 0xF: hw = 'ZX Spectrum 48k (NTSC)'; break;\r\n case 0x10: hw = 'ZX Spectrum 128Ke'; break;\r\n default: hw = '(unk.)'\r\n }\r\n sOption(hw, 'h/w:');\r\n if (X.isVerbose()) {\r\n var p = 8;\r\n while (p < X.Sz()) {\r\n var hkhd = X.SA(p, 4), hksz = X.U32(p + 4);\r\n if (!hksz || hksz + p > X.Sz() || charStat(X.readBytes(p, 4), 1).indexOf('allxsc') < 0\r\n || hkhd.length < 2 || hkhd.toUpperCase() != hkhd) break;\r\n p += 8;\r\n switch (hkhd) {\r\n case 'CRTR': sOption(X.SA(p, 0x20), 'in:'); break;\r\n }\r\n p += hksz\r\n }\r\n sz = p; sOption(outSz(sz), 'sz:')\r\n }\r\n }\r\n\r\n else if (/^C64S?\\s*tape.*file/.test(X.SA(0, 0x20))) {\r\n sName = \"C64 cassette tape (.T64)\"; bDetected = true;\r\n sVersion = 'v' + X.U8(0x20) + \".\" + X.U8(0x21).padStart(2, '0');\r\n if (X.isVerbose()) {\r\n var files = [], totalent = X.U16(0x22, _LE), usedent = X.U16(0x24, _LE);\r\n for (i = 0; i < totalent; i++)\r\n if (i < usedent) files[i] = X.SA(0x50 + i * 0x20, 0x20).trim();\r\n sOption(usedent, \" entries:\");\r\n for (i = 0; i < files.length; i++) sOptions = sOptions.appendS(files[i], \" \");\r\n }\r\n }\r\n\r\n else if (X.c(\"'XM7 TAPE IMAGE 0'\")) {\r\n //ref https://github.com/yas-sim/xm7-related-tools/blob/main/t77dec/t77dec.cpp\r\n //& https://web.archive.org/web/20191207131958/http://xm7.la.coocan.jp:80/xm7/xm7.html\r\n sName = \"Fujitsu FM-7 emulator XM7 tape (.T77)\"; bDetected = true\r\n }\r\n\r\n else if (X.c(\"'C64-TAPE-RAW'\") && X.U8(0xC) < 2) {\r\n bDetected = true;\r\n sName = \"C64 cassette tape (.TAP)\"; sVersion = \"v\" + X.U8(0xC);\r\n var sz = X.U32(0x10) + 0x14; if (!X.isVerbose()) { if (sz > X.Sz()) sVersion += '/malformed!short' }\r\n else sOptions = \"sz:\" + outSz(sz)\r\n }\r\n\r\n else if (X.c(\"'ZXTape!'1A\")) { // a bit large\r\n // from https://www.alessandrogrussu.it/tapir/tzxform120.html\r\n // & https://www.msx.org/wiki/Emulation_related_file_formats#.TSX\r\n sVersion = 'v' + X.U8(8) + '.' + X.U8(9).padStart(2, '0'); bDetected = true;\r\n var ismsx = end = false, x = 0;\r\n var bad = '', title = '', publisher = '', auth = '', year = '', lang = '', apptype = '', price = '',\r\n protload = '', org = '', cmt = '', hw = '', sel = '', fnames = [];\r\n const types = ['B', 'N', 'S', 'C']\r\n p = 10; while (!end && p < X.Sz()) {\r\n switch (X.U8(p++)) {\r\n case 0x10:\r\n if (!X.U8(p + 4)) { //loading flag(?)\r\n if (charStat(t = X.readBytes(p + 6, 10), 1).indexOf('allasc') < 0) bad = bad.addIfNone('!nonASCIIfn');\r\n t = decEncoding(t, CPSpeccy).trim(); tp = X.U8(p + 5);\r\n if (!t && tp < 3) bad = bad.addIfNone('!emptyfn');\r\n fnames.push(t + '.' + types[tp])\r\n }\r\n p += 4 + X.U16(p + 2); break;\r\n case 0x11: p += 0x12 + X.U24(p + 0xF); break;\r\n case 0x12: p += 4; break;\r\n case 0x13: p += 1 + 2 * X.U8(p); break;\r\n case 0x14:\r\n if (!X.U8(p + 4) > 8) { end = true; bad = bad.addIfNone('!badnbitsin14') }\r\n else p += 0xA + X.U24(p + 7); break;\r\n case 0x15:\r\n if (!isWithin(X.U8(p + 4), 1, 8)) { end = true; bad = bad.addIfNone('!badnbitsin15') }\r\n else p += 8 + X.U24(p + 5); break;\r\n case 0x18: if (!isWithin(X.U8(p + 9), 1, 2)) { end = true; bad = bad.addIfNone('!badcomptypein18') }\r\n else p += 4 + X.U32(p); break;\r\n case 0x19: case 0x2A: p += 4 + X.U32(p); break;\r\n case 0x20: case 0x23: case 0x24: p += 2; break;\r\n case 0x21: p += 1 + X.U8(p); break;\r\n case 0x22: case 0x25: case 0x27: break;\r\n case 0x26: p += 2 + 2 * X.U16(p); break;\r\n case 0x28:\r\n var p1 = p + 2 + X.U16(p), n = X.U8(p + 2); p += 3;\r\n for (i = 0; i < n; i++) {\r\n var tl = X.U8(p + 2); p += 3;\r\n sel = sel.appendS(decAnsi(p, tl, CPSpeccy, 1, Chars0to1FSpeccy), '/'); p += tl\r\n }\r\n p = p1; break;\r\n case 0x2B: if (X.U8(p + 4) > 1) { end = true; bad = bad.addIfNone('!badsignalin2B'); }\r\n else p += 4 + X.U32(p); break;\r\n case 0x30: cmt = cmt.append('-' + decAnsi(p + 1, X.U8(p), CPSpeccy, 1, Chars0to1FSpeccy).trim() + '-');\r\n p += 1 + X.U8(p); break;\r\n case 0x31: p += 2 + X.U8(p + 1); break;\r\n case 0x32:\r\n var p1 = p + 2 + X.U16(p), n = X.U8(p + 2); p += 3;\r\n for (i = 0; i < n; i++) {\r\n var tp = X.U8(p++); t = X.SC(p + 1, Math.min(X.U8(p), p1 - p), 'CP1252').trim();\r\n switch (tp) {\r\n case 0: title = title.append(t); break; case 1: publisher = publisher.append(t); break;\r\n case 2: auth = auth.append(t); break; case 3: year = year.append(t); break;\r\n case 4: lang = lang.append(t); break; case 5: apptype = apptype.append(t); break;\r\n case 6: price = price.append(t); break; case 7: protload = protload.append(t); break;\r\n case 8: org = org.append(t); break; case 0xFF: cmt = cmt.appendS(t, ' / '); break;\r\n default: cmt = cmt.append(t, '\\ninfo#' + tp.toString(16) + ':')\r\n }\r\n p += 1 + X.U8(p);\r\n }\r\n p = p1; break;\r\n case 0x33:\r\n var hwin = X.U8(p++);\r\n for (i = 0; i < hwin; i++) {\r\n var hwtp = X.U8(p++), hwid = X.U8(p++);\r\n switch (hwtp) {\r\n case 0: hwtp = '[PC]';\r\n switch (hwid) {\r\n case 0: hwid = 'ZX Spectrum 16k'; break; case 1: hwid = 'ZX Spectrum 48k/+'; break;\r\n case 2: hwid = 'ZX Spectrum 48k ISSUE 1'; break; case 3: hwid = 'ZX Spectrum 128k +(Sinclair)'; break;\r\n case 4: hwid = 'ZX Spectrum 128k +2 (grey case)'; break; case 5: hwid = 'ZX Spectrum 128k +2A/+3'; break;\r\n case 6: hwid = 'Timex Sinclair TC-2048'; break; case 7: hwid = 'Timex Sinclair TS-2068'; break;\r\n case 8: hwid = 'Pentagon 128'; break; case 9: hwid = 'SAM Coupe'; break;\r\n case 0xA: hwid = 'Didaktik M'; break; case 0xB: hwid = 'Didaktik Gama'; break;\r\n case 0xC: hwid = 'ZX-80'; break; case 0xD: hwid = 'ZX-81'; break;\r\n case 0xE: hwid = 'ZX Spectrum 128k Spanish version'; break;\r\n case 0xF: hwid = 'ZX Spectrum Arabic version'; break;\r\n case 0x10: hwid = 'Microdigital TK 90-X'; break; case 0x11: hwid = 'MicrodigitalTK 95'; break;\r\n case 0x12: hwid = 'Byte'; break; case 0x13: hwid = 'Elwro 800-3'; break;\r\n case 0x14: hwid = 'ZS Scorpion 256'; break; case 0x15: hwid = 'Amstrad CPC 464'; break;\r\n case 0x16: hwid = 'Amstrad CPC 664'; break; case 0x17: hwid = 'Amstrad CPC 6128'; break;\r\n case 0x18: hwid = 'Amstrad CPC 464+'; break; case 0x19: hwid = 'Amstrad CPC 6128+'; break;\r\n case 0x1A: hwid = 'Jupiter ACE'; break; case 0x1B: hwid = 'Enterprise'; break;\r\n case 0x1E: hwid = 'Inves Spectrum+'; break; case 0x1F: hwid = 'Profi'; break;\r\n case 0x20: hwid = 'GrandRomMax'; break; case 0x21: hwid = 'Kay 1024'; break;\r\n case 0x22: hwid = 'Ice Felix HC 91'; break; case 0x23: hwid = 'Ice Felix HC 2000'; break;\r\n case 0x24: hwid = 'Amaterske RADIO Mistrum'; break; case 0x25: hwid = 'Quorum 128'; break;\r\n case 0x26: hwid = 'MicroART ATM'; break; case 0x27: hwid = 'MicroART ATM Turbo 2'; break;\r\n case 0x28: hwid = 'Chrome'; break; case 0x29: hwid = 'ZX Badaloc'; break;\r\n case 0x2A: hwid = 'TS-1500'; break; case 0x2B: hwid = 'Lambda'; break;\r\n case 0x2C: hwid = 'TK-65'; break; case 0x2D: hwid = 'ZX-97'; break;\r\n default: hwid = '(unk.)'\r\n } break;\r\n case 1: hwtp = '[ext.storage]';\r\n switch (hwid) {\r\n case 0: hwid = 'ZX Microdrive'; break; case 1: hwid = 'Opus Discovery'; break;\r\n case 2: hwid = 'MGT DISCiPLE'; break; case 3: hwid = 'MGT +D'; break;\r\n case 4: hwid = 'Rotronics Wafadrive'; break; case 5: hwid = 'TR-DOS (BetaDisk)'; break;\r\n case 6: hwid = 'Byte Drive'; break; case 7: hwid = 'Watsford'; break;\r\n case 8: hwid = 'FIZ'; break; case 9: hwid = 'Radofin'; break;\r\n case 0xA: hwid = 'Didaktik disk drives'; break; case 0xB: hwid = 'BS-DOS (MB-02)'; break;\r\n case 0xC: hwid = 'ZX Spectrum +3 disk drive'; break;\r\n case 0xD: hwid = 'JLO (Oliger) disk interface'; break;\r\n case 0xE: hwid = 'Timex FDD3000'; break; case 0xF: hwid = 'Zebra disk drive'; break;\r\n case 0x10: hwid = 'Ramex Millenia'; break; case 0x11: hwid = 'Larken'; break;\r\n case 0x12: hwid = 'Kempston disk interface'; break; case 0x13: hwid = 'Sandy'; break;\r\n case 0x14: hwid = 'ZX Spectrum +3e hard disk'; break; case 0x15: hwid = 'ZXATASP'; break;\r\n case 0x16: hwid = 'DivIDE'; break; case 0x17: hwid = 'ZXCF'; break;\r\n default: hwid = '(unk.)'\r\n } break;\r\n case 2: hwtp = '[memory addon]';\r\n switch (hwid) {\r\n case 0: hwid = 'Sam Ram'; break; case 1: hwid = 'Multiface ONE'; break;\r\n case 2: hwid = 'Multiface 128k'; break; case 3: hwid = 'Multiface +3'; break;\r\n case 4: hwid = 'MultiPrint'; break; case 5: hwid = 'MB-02 ROM/RAM exp.'; break;\r\n case 6: hwid = 'SoftROM'; break; case 7: hwid = '1k'; break; case 8: hwid = '16k'; break;\r\n case 9: hwid = '48k'; break; case 10: hwid = 'memory in 8-16k used'; break;\r\n default: hwid = '(unk.)'\r\n } break;\r\n case 3: hwtp = '[sound device]';\r\n switch (hwid) {\r\n case 0: hwid = 'classic 128k ZX-compatible AY hw'; break;\r\n case 1: hwid = 'Fuller Box AY hw'; break; case 2: hwid = 'Currah microSpeech'; break;\r\n case 3: hwid = 'SpecDrum'; break; case 4: hwid = 'AY ACB (L:A+C R:B+C) stereo/Melodik'; break;\r\n case 5: hwid = 'AY ABC (L:A+B R:B+C) stereo/Melodik'; break;\r\n case 6: hwid = 'RAM Music Machine'; break; case 7: hwid = 'Covox'; break;\r\n case 8: hwid = 'General Sound'; break; case 9: hwid = 'Intec Electronic Digital Interface B8001'; break;\r\n case 0xA: hwid = 'Zon-X AY'; break; case 0xB: hwid = 'QuickSilva AY'; break;\r\n case 0xC: hwid = 'Jupiter ACE'; break; default: hwid = '(unk.)'\r\n } break;\r\n case 4: hwtp = '[joystick]';\r\n switch (hwid) {\r\n case 0: hwid = 'Kempston'; break; case 1: hwid = 'Cursor/Protek/AGF'; break;\r\n case 2: hwid = 'Sinclair 2 Left (12345)'; break; case 3: hwid = 'Sinclair 1 Right (67890)'; break;\r\n case 4: hwid = 'Fuller'; break; default: hwid = '(unk.)'\r\n } break;\r\n case 5: hwtp = '[mouse]';\r\n switch (hwid) {\r\n case 0: hwid = 'AMX mouse'; break; case 1: hwid = 'Kempston mouse'; break;\r\n default: hwid = '(unk.)'\r\n } break;\r\n case 6: hwtp = '[controller]';\r\n switch (hwid) {\r\n case 0: hwid = 'Trickstick'; break; case 1: hwid = 'ZX Light Gun'; break;\r\n case 2: hwid = 'Zebra Graphics Tablet'; break; case 3: hwid = 'Defender Light Gun'; break;\r\n default: hwid = '(unk.)'\r\n } break;\r\n case 7: hwtp = '[serial port]';\r\n switch (hwid) {\r\n case 0: hwid = 'ZX Interface I'; break; case 1: hwid = 'ZX Spectrum 128k'; break;\r\n default: hwid = '(unk.)'\r\n } break;\r\n case 8: hwtp = '[parallel port]';\r\n switch (hwid) {\r\n case 0: hwid = 'Kempston S'; break; case 1: hwid = 'Kempston E'; break;\r\n case 2: hwid = 'ZX Spectrum +3'; break; case 3: hwid = 'Tasman'; break;\r\n case 4: hwid = \"DK'Tronics\"; break; case 5: hwid = 'Hilderbay'; break;\r\n case 6: hwid = 'INES Printerface'; break; case 7: hwid = 'Z LPrint Interface 3'; break;\r\n case 8: hwid = 'MultiPrint'; break; case 9: hwid = 'Opus Discovery'; break;\r\n case 10: hwid = 'Standard 8255 chip with ports 31+63+95'; break;\r\n default: hwid = '(unk.)'\r\n } break;\r\n case 9: hwtp = '[printer]';\r\n switch (hwid) {\r\n case 0: hwid = 'ZX Printer/Alphacom 32 & compat.'; break;\r\n case 1: hwid = 'Generic printer'; break; case 2: hwid = 'EPSON compat.'; break;\r\n default: hwid = '(unk.)'\r\n } break;\r\n case 0xA: hwtp = '[modem]';\r\n switch (hwid) {\r\n case 0: hwid = 'Prism VTX 5000'; break; case 1: hwid = 'T/S 2050/Westridge 2050'; break;\r\n default: hwid = '(unk.)'\r\n } break;\r\n case 0xB: hwtp = '[digitizer]';\r\n switch (hwid) {\r\n case 0: hwid = 'RD Digital Tracer'; break; case 1: hwid = \"DK'Tronics Light Pen\"; break;\r\n case 2: hwid = 'British MicroGraph Pad'; break; case 3: hwid = 'Romantic Robot Videoface'; break;\r\n default: hwid = '(unk.)'\r\n } break;\r\n case 0xC: hwtp = '[network adapter]';\r\n if (hwid == 0) hwid = 'ZX Interface I'; else hwid = '(unk.)'; break;\r\n case 0xD: hwtp = '[keyboard]';\r\n if (hwid == 0) hwid = 'Keypad for ZX Spectrum 128k'; else hwid = '(unk.)'; break;\r\n case 0xE: hwtp = '[AD/DA converter]';\r\n switch (hwid) {\r\n case 0: hwid = 'Harley Systems ADC 8.2'; break;\r\n case 1: hwid = 'Blackboard Electronics'; break;\r\n default: hwid = '(unk.)'\r\n } break;\r\n case 0xF: hwtp = '[EEPROM programmer]';\r\n switch (hwid) {\r\n case 0: hwid = 'Orme Electronics'; break; case 1: hwid = 'Blackboard Electronics'; break;\r\n default: hwid = '(unk.)'\r\n } break;\r\n case 0x10: hwtp = '[GPU]';\r\n switch (hwid) {\r\n case 0: hwid = 'WRX Hi-Res'; break; case 1: hwid = 'G007'; break; case 2: hwid = 'Memotech'; break;\r\n case 3: hwid = 'Lambda Colour'; break; default: hwid = '(unk.)'\r\n } break;\r\n }\r\n switch (X.U8(p++)) {\r\n case 0: hw = hw.append('runs on ' + hwtp + ' ' + hwid); break;\r\n case 1: hw = hw.append('uses ' + hwtp + ' ' + hwid); break;\r\n case 2: hw = hw.append('runs w/o specifics of ' + hwtp + ' ' + hwid); break;\r\n case 3: hw = hw.append(\"won't run on \" + hwtp + ' ' + hwid); break; default: break\r\n }\r\n } break;\r\n case 0x35: p += 0x14 + X.U32(p + 0x10); break;\r\n case 0x5A: if (!X.c(\"'XTape!'1A\", p)) { end = true; p-- } else { x++; p += 9 } break;\r\n case 0x16: case 0x17: p += X.U32(p); break;\r\n case 0x34: p += 8; break;\r\n case 0x40: sOption('snapshot'); p += 4 + X.U24(p + 1); break;\r\n case 0x4B: ismsx = true; p += 4 + X.U32(p); break; //Kansas City Standard\r\n default: end = true; p--;// ripper-ready! // bad = bad.addIfNone('!unkID')\r\n }\r\n }\r\n if (ismsx) sName = \"ZX Spectrum/MSX tape (.TSX)\"; else sName = \"ZX Spectrum tape (.TZX)\";\r\n if (bad.length) sVersion = sVersion.appendS('malformed' + bad, '/');\r\n if (X.isVerbose()) {\r\n sOptionT(title); if (x > 1) sOption(x, 'x'); sOptionT(auth, 'by:'); sOptionT(year, \"'\"); sOptionT(publisher, '(c) ');\r\n sOptionT(lang, 'in:'); sOptionT(apptype, 'apptype:'); sOptionT(price, 'price:');\r\n sOptionT(org, 'origin:'); sOptionT(protload, 'prot/ldr:'); sOption(hw);\r\n sOptionT(addEllipsis(cmt, 0xA0)); sOptionT(addEllipsis(fnames.join(','), 0xA0), 'files:');\r\n sOptionT(sel, 'choices:'); sOption(outSz(p), 'sz:')\r\n }\r\n }\r\n\r\n else if (X.c(\"'UEF File!'00\") && X.U8(0xB) <= 2) {\r\n //ref http://electrem.emuunlim.com/UEFSpecs.html\r\n sName = \"Acorn PC Unified Emulator Format data (.UEF)\"; bDetected = true;\r\n sVersion = 'v' + X.U8(0xB) + '.' + X.U8(0xA);\r\n var title = info = man = gear = kb = tp = '', interrupt = false;\r\n for (p = 0xC; p < X.Sz();) {\r\n var hkhd = X.U16(p), hksz = X.U32(p + 2);\r\n if ([0, 1, 2, 3, 4, 0xFF].indexOf(hkhd >> 8) < 0) break; //unrelated info follows?\r\n p += 6; switch (hkhd) {\r\n case 0x0000: info = info.appendS(X.SA(p, hksz), '/'); break;\r\n case 0x0001: man = man.appendS(X.SA(p, hksz), ' '); break;\r\n case 0x0005: gear = 'Acorn ';\r\n switch (X.U8(p) >> 4) {\r\n case 0: gear += 'BBC Model A'; break; case 1: gear += 'Electron'; break;\r\n case 2: gear += 'BBC Model B'; break; case 3: gear += 'BBC Master'; break;\r\n case 4: gear += 'Atom'; break\r\n }\r\n switch (X.U8(p) & 0xF) {\r\n case 0: kb = 'any'; break; case 1: kb = 'target PC'; break; case 2: kb = 'host PC'; break\r\n }\r\n break;\r\n case 0x0009: title = X.SA(p, hksz); break;\r\n case 0x0101: case 0x0102: case 0x0103: case 0x0104:\r\n case 0x0110: case 0x0111: case 0x0112: case 0x0113: case 0x0114: case 0x0115:\r\n case 0x0116: case 0x0117: case 0x0120: case 0x0131:\r\n tp = tp.addIfNone('#tape'); break;\r\n case 0x0130:\r\n switch (X.U8(p)) {\r\n case 0: t = 'unit'; break; case 1: t = 'tape'; break; case 2: t = 'disc'; break;\r\n case 3: t = 'vtape'; break; case 4: t = 'cartridge'; break; default: 'unk.media'\r\n }\r\n if (X.U8(p + 1) > 1) t += ' ×' + X.U8(p + 1);\r\n if (X.U8(p + 2) > 1) t += (X.U8(p) == 1 || X.U8(p) == 3) ? ' ch:' : X.U8(p) == 2 ? ' ' + X.U8(p + 2) + ' audiotracks' : '..?';\r\n info += ' #' + t; break;\r\n case 0x0200: case 0x0201: case 0x0202: tp = tp.addIfNone('#disc'); break;\r\n case 0x0300: tp = tp.addIfNone('#ROM');\r\n t = 'content:';\r\n switch (X.U8(p)) {\r\n case 0: t += 'generic'; break; case 1: t += 'OS'; break; case 2: t += 'BASIC'; break;\r\n case 3: t += 'language'; break; case 4: t += 'utility'; break; case 5: t += 'filing system'; break;\r\n case 6: t += 'h/w driver'; break; case 7: t += 'game'; break; default: t += 'unk'\r\n } info += ' #' + t; break;\r\n case 0x0301: tp = tp.addIfNone('#ROM'); break;\r\n case 0x0400: case 0x0401: case 0x0402: case 0x0403:\r\n case 0x0410: case 0x0411: case 0x0412: case 0x0420:\r\n tp = tp.addIfNone('#snapshot'); break;\r\n case 0xFF00: info += '#emu:' + X.SA(p, hksz); break;\r\n case 0x0100: break; //the \"implicit data chunk\"! eh?\r\n default:\r\n if (hkhd > 0xFF00) tp = tp.addIfNone('#customdata');\r\n else interrupt = true // unknown chunk = unrelated tailing data?\r\n }\r\n if (interrupt) { p -= 6; break }\r\n //_log(Hex(p-6)+' > '+Hex(hkhd));\r\n p += hksz\r\n }\r\n sVersion += tp;\r\n if (X.isVerbose()) {\r\n sOption(title); sOptionT(info, 'info:'); sOptionT(man, 'manual:');\r\n sOptionT(gear, 'gear:'); sOptionT(kb, 'layout:');\r\n sOption(outSz(p), 'sz:')\r\n }\r\n }\r\n\r\n else if (X.c(\"'UNIF'???????? 0000 0000 0000 0000 0000 0000 0000\") && (X.Sz() > 32)) {\r\n sName = \"UNIF NES cartridge (.UNF)\"; sVersion = \"v\" + X.U32(4, _LE); bDetected = true;\r\n if (X.isVerbose()) {\r\n p = 8;\r\n t = ''; mapr = ''; tv = ''; ex = ''; fstorage = lastchunk = false;\r\n while (p < X.Sz() && !lastchunk) {\r\n var hkhd = X.SA(p, 4), hksz = X.U32(p + 4); p += 0x08;\r\n switch (hkhd) {\r\n case \"MAPR\": mapr = X.SA(p, hksz); break;\r\n case \"NAME\": t = X.SA(p, hksz); break;\r\n case \"TCVI\": switch (X.U8(p)) {\r\n case 0: tv = \"NTSC\"; break;\r\n case 1: tv = \"PAL\"; break;\r\n case 2: tv = \"NTSC/PAL\"\r\n }\r\n break;\r\n case \"CTRL\":\r\n var exa = [], bm = X.U8(p);\r\n if (bm & 1) exa.push(\"Std. Controller\");\r\n if (bm & 2) exa.push(\"Zapper\");\r\n if (bm & 4) exa.push(\"R.O.B.\");\r\n if (bm & 8) exa.push(\"Arkanoid Controller\");\r\n if (bm & 0x10) exa.push(\"Power Pad\");\r\n if (bm & 0x20) exa.push(\"Four Score\");\r\n if (bm) ex = \"#\" + exa.join(\"+\");\r\n break;\r\n case \"BATR\": fstorage = true; break;\r\n case \"MIRR\": lastchunk = true; break\r\n }\r\n p += hksz;\r\n }\r\n sOptionT(t);\r\n sOption(tv);\r\n sOption(ex, 'expansion: ');\r\n if (fstorage) sOption('battery-backed RAM');\r\n if (lastchunk) sOption(outSz(p), 'sz:'); else sVersion += '/malformed!short'\r\n }\r\n }\r\n\r\n else if (X.c(\"'g GCE 198'..80\")) {\r\n sName = \"GCE Vectrex cartridge (.VEC)\"; bDetected = true;\r\n if (X.isVerbose()) {\r\n p = X.fSig(0x11, 0x20, \"80\"); if (p > 0) sOption(X.SA(0x11, p - 0x11))\r\n }\r\n }\r\n\r\n else if (X.c(\"'VICE Snapshot File'1A\")) {\r\n sName = \"C64 VICE emulator snapshot (.VSF)\"; bDetected = 1;\r\n sVersion = 'v' + X.U8(0x13) + '.' + X.U8(0x14).padStart(2, '0');\r\n p = 0x25; bad = ''\r\n while (p < X.Sz()) {\r\n var hkhd = X.SA(p, 0x10), hksz = X.U32(p + 0x12, _BE);\r\n if (!/([A-Z0-9-]{3,}|Acia1)/.test(hkhd) || !isAllZeroes(p + hkhd.length, 0x10 - hkhd.length)) {\r\n bad = bad.addIfNone('badchunk'); break\r\n } else p += hksz;\r\n }\r\n if (X.isVerbose()) sOptions = X.SA(0x15, 0xF) + ' sz:' + outSz(sz);\r\n else if (p > X.Sz()) bad = bad.addIfNone('!short');\r\n if (bad != '') sVersion = sVersion.appendS('/malformed' + bad, '/')\r\n }\r\n\r\n function isWAD() {\r\n //ref https://doomwiki.org/wiki/WAD\r\n if (!X.c(\"'IWAD'\") && !X.c(\"'PWAD'\")) return false;\r\n var susBE = 0, en = _LE; // Atari Jaguar port has special stuff: big-endian, the final lump tag\r\n lumpn = X.I32(4, en); if (lumpn < 0 || lumpn > X.I32(4, _BE)) {\r\n lumpn = X.I32(4, _BE); if (lumpn > 0) { susBE++; en = _BE } else return false;\r\n }\r\n var i = 0, msz = 0, dirp = X.I32(8, en), p = dirp; if (!isWithin(dirp, 12, X.Sz())) return false; else susBE++;\r\n var lumps = [], maxlump = Math.min(lumpn, 0x40); //a bit too many lumps in a doom2.wad file, too slow\r\n for (; i < maxlump; i++, p += 0x10) {\r\n if (p + 0x10 > X.Sz()) return false;\r\n var ofs = X.I32(p, en), sz = X.I32(p + 4, en); if (ofs < 0 || sz < 0 || !isWithin(ofs, 12, X.Sz())) return false;\r\n if (X.c(\"'ENDOFWAD'\", p + 8)) susBE++; lumps.push([ofs, sz, X.readBytes(p + 8, 8)]);\r\n }\r\n lumps = lumps.sort(function (a, b) { return a[0] - b[0] });\r\n for (i = 0; i < maxlump; i++) {\r\n var co = (lumps[i][2][0] & 0x80) > 0; lumps[i][2][0] = lumps[i][2][0] & 0x7F;\r\n if (charStat(lumps[i][2], true).indexOf('allxsc') < 0) return false;\r\n if (!co && i < maxlump - 2 && lumps[i][0] + lumps[i][1] > lumps[i + 1][0]) return false\r\n }\r\n v = susBE >= 2 ? 'Atari Jaguar' : 'PC';\r\n return true\r\n }\r\n if (!bDetected && isWAD()) {\r\n sName = \"iD Software's Where's All the Data resource pack (.WAD)\"; bDetected = true;\r\n sVersion = X.c(\"'I'\") ? 'initial' : 'patch'; sVersion += '#' + v;\r\n }\r\n\r\n if (!bDetected) if (X.c(\"'WOZ'..FF0A0D0A ........ 'INFO'\") && isWithin(X.U8(3), 0x31, 0x32)) {\r\n //ref https://applesaucefdc.com/woz/reference2/\r\n sName = \"Apple II Applesauce disk image (.WOZ)\"; sVersion = 'v' + X.SA(3, 1);\r\n p = 0xC; meta = bad = '';\r\n while (p < X.Sz()) {\r\n var hkhd = X.SA(p, 4), hksz = X.U32(p + 4); p += 8;\r\n switch (hkhd) {\r\n case 'INFO':\r\n iV = X.U8(p); bDetected = true;\r\n dim = X.U8(p + 1) == 1 ? '5¼\"' : X.U8(p + 1) == 2 ? '3½\"' : '?';\r\n if (iV >= 2) ds = X.U8(p + 37) == 1 ? ' SS' : X.U8(p + 37) == 2 ? ' DS' : ' ?'; else ds = '';\r\n sOption('disk:' + dim + ds);\r\n if (X.U8(p + 2) == 1) sOption('write-protected');\r\n if (iV >= 2) {\r\n if (t = X.U8(p + 42)) sOption(t, 'min.RAM:', 'k');\r\n t = ''; fl = X.U16(p + 40); if (!fl) t = '?'; if (fl & (1 << 0)) t = t.append('][');\r\n if (fl & (1 << 1)) t = t.append('][ Plus'); if (fl & (1 << 2)) t = t.append('//e');\r\n if (fl & (1 << 3)) t = t.append('//c'); if (fl & (1 << 4)) t = t.append('//e Enhanced');\r\n if (fl & (1 << 5)) t = t.append('IIgs'); if (fl & (1 << 6)) t = t.append('//c Plus');\r\n if (fl & (1 << 7)) t = t.append('///'); if (fl & (1 << 8)) t = t.append('/// Plus');\r\n sOption(t, 'for Apple ');\r\n }\r\n break;\r\n case 'TMAP': case 'TRKS': case 'FLUX': case 'WRIT': break;\r\n case 'META': meta = X.SC(p, hksz, 'UTF8').replace(/\\x0A/g, \",\").replace(/\\x09/g, \":\"); break\r\n }\r\n p += hksz;\r\n }\r\n if (p > X.Sz()) bad = bad.addIfNone('!short');\r\n //if(X.isDeepScan() && X.calculateCRC32(12,sz-12) != X.U32(8)) bad = bad.addIfNone('!badcrc');\r\n if (bad != '') sVersion = sVersion.appendS('/malformed' + bad, '/')\r\n if (X.isVerbose()) {\r\n sOptionT(addEllipsis(meta), 'info:\"', '\"');\r\n sOption(outSz(p), 'sz:');\r\n }\r\n }\r\n\r\n\r\n function isZ80() {\r\n //from https://github.com/FuseEmulator/fuse-emulator-svn/blob/master/libspectrum/z80.c\r\n // & https://worldofspectrum.org/faq/reference/z80format.htm\r\n // basic header len = 30, v2ext = 23, v3ext = 54, xzxext = 55\r\n if (!extIs('z80') && !extIs('slt')) return false; if (X.Sz() < 1380) return false;\r\n nv = 0; co = true; joystick = hw = ''; const xhdr = 32, b12 = X.U8(12); if (b12 == 0xFF) b12 = 1;\r\n var pc = X.U16(6), srx = X.U8(37) & 0x80, hdrsz = 0x1E;\r\n if (!pc) { //PC register 0 means v2+\r\n switch (xblk = X.U16(30)) { case 23: nv = 2; break; case 54: case 55: nv = 3; break; default: return false }\r\n hdrsz += xblk + 2;\r\n switch (nv) {\r\n case 2:\r\n switch ((X.U8(29) >> 6) && 3) {\r\n case 0: joystick = 'cursor'; break; case 1: joystick = 'Kempston'; break;\r\n case 2: joystick = 'SinclairI2-L'; break; case 3: joystick = 'SinclairI2-R'\r\n } break;\r\n case 3:\r\n switch ((X.U8(29) >> 6) && 3) {\r\n case 0: joystick = 'cursor'; break; case 1: joystick = 'Kempston'; break; case 3: joystick = 'SinclairI2-R'; break;\r\n case 2: if (X.c(\"030F0308 03040302 0301\", xhdr + 32)) joystick = 'Sinclair2-L'; else joystick = 'custom';\r\n } break;\r\n default: return false\r\n }\r\n var tp = X.U8(xhdr + 2), mgttp = X.U8(xhdr + 51);\r\n if (tp < 7) {\r\n switch (nv) {\r\n case 2:\r\n switch (tp) {\r\n case 0: hw = 'ZX Spectrum ' + (srx ? '16k' : '48k'); break;\r\n case 1: hw = 'ZX Spectrum ' + (srx ? '16' : '48') + 'k & Interface1'; break;\r\n case 2: hw = 'ZX Spectrum ' + (srx ? '16' : '48') + 'k & SamRam'; break;\r\n case 3: hw = 'ZX Spectrum ' + (srx ? '+2' : '128k'); break;\r\n case 4: hw = 'ZX Spectrum ' + (srx ? '+2' : '128k') + ' & Interface1'; break;\r\n default: return false\r\n }\r\n break;\r\n case 3:\r\n const mgttps = ['MGT EPSON DISCiPLE', 'MGT HP DISCiPLE', 'MGT +D'];\r\n mgttp = [0, 1, 16].indexOf(mgttp);\r\n switch (tp) {\r\n case 0: hw = 'ZX Spectrum ' + (srx ? '16k' : '48k'); break;\r\n case 1: hw = 'ZX Spectrum ' + (srx ? '16' : '48') + 'k & Interface1'; break;\r\n case 2: hw = 'ZX Spectrum ' + (srx ? '16' : '48') + 'k & SamRam'; break;\r\n case 3: if (mgttp < 0) return false;\r\n hw = 'ZX Spectrum ' + (srx ? '16' : '48') + 'k & ' + mgttps[mgttp] + ' MGT'; break;\r\n case 4: hw = 'ZX Spectrum ' + (srx ? '+2' : '128k'); break;\r\n case 5: hw = 'ZX Spectrum ' + (srx ? '+2' : '128k') + ' & Interface1'; break;\r\n case 6: if (mgttp < 0) return false;\r\n hw = 'ZX Spectrum ' + (srx ? '+2' : '128k') + ' & ' + mgttps[mgttp] + ' MGT'; break;\r\n default: return false //won't happen\r\n }\r\n break;\r\n default: return false //won't happen\r\n }\r\n } else {\r\n switch (tp) {\r\n case 7: case 8: hw = 'ZX Spectrum ' + (srx ? '+2A' : '+3'); break; case 9: hw = 'Pentagon 128+'; break;\r\n case 10: hw = 'Scorpion ZS-256'; break; case 11: hw = 'Didaktik-Kompakt'; break;\r\n case 12: hw = 'ZX Spectrum +2'; break; case 13: hw = 'ZX Spectrum +2A'; break;\r\n case 14: hw = 'Timex Sinclair TC-2048'; break; case 15: hw = 'Timex Sinclair TC-2068';\r\n case 128: hw = 'Timex Sinclair TS-2068'; break;\r\n default: return false\r\n }\r\n }\r\n if (X.U8(37) & 0x44) hw += ' + Fuller Box'; else if (X.U8(37) & 4) hw += ' + Melodik';\r\n } else {\r\n nv = 1; hw = 'ZX Spectrum 48k';\r\n co = (b12 & 0x20) > 0;\r\n switch ((X.U8(29) >> 6) && 3) {\r\n case 0: joystick = 'cursor'; break; case 1: joystick = 'Kempston'; break;\r\n case 2: joystick = 'SinclairI2-L'; break; case 3: joystick = 'SinclairI2-R'\r\n }\r\n }\r\n pgs = [];\r\n if (!co) sz = p = hdrsz + 0xC000; else {\r\n const maxbsz = nv == 1 ? 0xC000 : 0x4000;\r\n for (p = hdrsz, i = unpsz = 0; p < X.Sz() && i < 0x40; i++) { //reading blocks, i = blocks count in case of a FP loop\r\n if (X.c(\"000000'SLT'\", p)) break;\r\n var hksz = nv == 1 ? 0x10000 : X.U16(p), //compressed chunk size; moot if v.1\r\n pg = nv == 1 ? 3 : X.U8(p + 2); // ROM/RAM 'page' number; page 3 is the normal start of a 48k snapshot\r\n if (pgs.indexOf(pg) >= 0)\r\n if (i < 3) return false; else break\r\n else pgs.push(pg);\r\n if (nv > 1) p += 3;\r\n //_l2r('z80',p,'blk '+i+' p.'+pg+' sz '+Hex(hksz))\r\n if (i > 0) q = p + hksz;\r\n else for (bsz = b = c = 0, q = p; q < p + hksz && bsz < maxbsz && q < X.Sz();) { //parse a block — a couple times; can be slow\r\n if (X.c(\"EDED\", q)) {\r\n q += 2; c = X.U8(q++); b = X.U8(q++);\r\n if (c < 5 && b != 0xED) return false;\r\n bsz += c;\r\n } else { q++; bsz++ }\r\n if (nv == 1 && X.c(\"00EDED00\", q)) { q += 4; break } // block-end marker\r\n } //for: parse a block\r\n if (bsz != maxbsz || (n > 1 && q != p + hksz)) return false;\r\n p = q; unpsz += bsz;\r\n if (nv == 1 || pg > 10 || pgs.length > 10) break;\r\n } //for: reading blocks\r\n //_l2r('z80',p,'blks:'+i+' pages:'+pgs.join('+')+' unpsz '+Hex(unpsz))\r\n if (p > X.Sz() || (nv > 1 && !i)) return false;\r\n sz = p\r\n }\r\n if (slt = X.c(\"000000'SLT'\", p)) sltcycle: for (sltsz = 0, sltlv = [], p += 6; p < X.Sz(); p += 8)\r\n switch (X.U16(p)) {\r\n case 0: sz += 14 + sltsz; sltinfo = 'SLT levels:' + sltlv.join(','); break sltcycle;\r\n case 1: sltlv.push(X.U16(p + 2)); sltsz += 8 + X.U32(p + 4); break;\r\n default: sltsz += 8 + X.U32(p + 4); _l2r('z80', p, 'Unknown block! Please send this file to the author of rom.1.sg'); break //unknown block!\r\n } else sltinfo = '';\r\n return true\r\n }\r\n if (!bDetected && isZ80()) {\r\n sName = slt ? 'ZX Spectrum state snapshot + levels (.SLT)' : 'ZX Spectrum state snapshot (.Z80)'; bDetected = true;\r\n sVersion = 'v' + nv; if (nv == 3 && X.U16(30) == 55) sVersion += 'x'; if (co) sVersion += '/compressed';\r\n if (X.isVerbose()) {\r\n sOption(hw, 'on:'); sOption(joystick, 'joystick:');\r\n if (co) sOption('pages:' + pgs.join('+') + ' unp.sz:' + Util.divu64(unpsz, 1024) + 'k'); if (slt) sOption(sltinfo); sOption(outSz(sz), 'sz:')\r\n }\r\n }\r\n\r\n\r\n // shaky heuristics follow\r\n if (!bDetected && X.isHeuristicScan()) {\r\n\r\n function isTAP() {\r\n //from https://github.com/0sAND1s/HCDisk/blob/master/Tape/tap.cpp\r\n if (X.Sz() < 17 || X.Sz() < X.U16(0) + 2) return false;\r\n p = blk = sus = 0; fnames = bad = ''; const types = ['B', 'N', 'S', 'C'];\r\n while (p < X.Sz()) { //parse the blocks\r\n hksz = X.U16(p); if (!hksz) return false; p += 2; if (X.Sz() < p + hksz) break;\r\n var c = 0, tp = X.U8(p); if ([0, 0xFF].indexOf(tp) < 0) break;\r\n if (p < 0xC000 && blk < 5) { /*CRC test. No need to test the WHOLE file*/\r\n for (i = p; i < p + hksz - 1; i++) c ^= X.U8(i); if (c != X.U8(i)) return false;\r\n }\r\n if (tp == 0) {\r\n //_l2r('tap',p+2,X.readBytes(p+2,10)+':'\r\n //\t+outArray(X.readBytes(p+2,10),16)\r\n //\t+' -> '+decEncoding(X.readBytes(p+2,10),CPSpeccy))\r\n if (charStat(t = X.readBytes(p + 2, 10), 1).indexOf('allasc') < 0) { sus++; bad = bad.addIfNone('!nonASCII:' + decEncoding(t, CPSpeccy)) }\r\n t = decEncoding(t, CPSpeccy).trim();\r\n if (!t) if (X.U8(p + 1) < 3) return false; else { sus++; bad = bad.addIfNone('!emptyname') }\r\n fnames = fnames.appendS(t + '.' + types[X.U8(p + 1)], ',')\r\n }\r\n else fnames = fnames.appendS((hksz - 3), ':');\r\n if (sus > 2) return false; blk++; p += hksz\r\n }\r\n if (!fnames.length && blk) { sus++; bad = bad.addIfNone('!nonameblk0') }\r\n if (blk < 2 && bad.indexOf('!nonASCII')) sus++;\r\n //if(X.Sz() != p) sus++;\r\n if (sus > 2 || !blk || !fnames.length || p < 17) { delete bad; return false }\r\n return true\r\n }\r\n if (isTAP()) {\r\n sName = 'ZX Spectrum tape (.TAP)'; bDetected = true;\r\n if (bad.length) sVersion = 'malformed#' + sus + bad;\r\n if (X.isVerbose()) {\r\n sOptionT(addEllipsis(fnames, 0xA0), 'blocks:' + blk + ' (', ')');\r\n sOption(outSz(p), 'sz:')\r\n }\r\n }\r\n\r\n // if(extIs('bin'))\r\n // \tif(X.c(\"FA33C08E\") || X.c(\"FA33C08E\",0x455E0)) { //doens't catch all\r\n // \t\t_setResult(\"ROM\",\"Palm OS disk image (.BIN)\",'','')\r\n // \t}\r\n\r\n if (extIs('rom'))\r\n if ((X.c(\"4142\") || X.c(\"4142\", 0x4000) || X.c(\"41421040\", 0x3C000)\r\n || X.c(\"0002204810A8D08055E0A8B088800280\", 0x7FF0)) // the weirdly specific one for Eagle Fighter (JP).rom\r\n && [0x2000, 0x4000, 0x8000, 0xC000, 0x10000,\r\n 0x20000, 0x40000, 0x60000, 0x80000, 0x100000].indexOf(X.Sz()) >= 0) {\r\n _setResult(\"ROM\", \"Microsoft MSX/MSX 2 cartridge (.ROM)\", '', '')\r\n }\r\n\r\n if (extIs('sna') && X.Sz() == 49179)\r\n _setResult(\"ROM\", \"ZX Spectrum 48k state snapshot file (.SNA)\", '', '')\r\n }\r\n\r\n return result()\r\n}\r\n/* beautify ignore:end */\r\n" }, { "path": "db/Binary/U-Boot.1.sg", "content": "// Detect It Easy: detection rule file\r\n// Author: LinXP\r\n// doc-ref: https://source.denx.de/u-boot/u-boot/-/raw/e4dba4b/include/image.h\r\n\r\nmeta(\"format\");\r\n\r\nfunction detect() {\r\n if (Binary.getSize() >= 0x40) {\r\n if (Binary.compare(\"27051956\")) { // Image Header Magic Number\r\n bDetected = true;\r\n\r\n sName = \"U-Boot \";\r\n switch (Binary.readByte(0x1E)) { // Image Type\r\n case 0: sName += \"Invalid Image\"; break;\r\n case 1: sName += \"Standalone Program\"; break;\r\n case 2: sName += \"OS Kernel Image\"; break;\r\n case 3: sName += \"RAMDisk Image\"; break;\r\n case 4: sName += \"Multi-File Image\"; break;\r\n case 5: sName += \"Firmware Image\"; break;\r\n case 6: sName += \"Script file\"; break;\r\n case 7: sName += \"Filesystem Image\"; break;\r\n case 8: sName += \"Binary Flat Device Tree Blob\"; break;\r\n case 9: sName += \"Kirkwood Boot Image\"; break;\r\n case 10: sName += \"Freescale IMXBoot Image\"; break;\r\n case 11: sName += \"Davinci UBL Image\"; break;\r\n case 12: sName += \"TI OMAP Config Header Image\"; break;\r\n case 22: sName += \"A list of typeless images\"; break;\r\n case 23: sName += \"Rockchip Boot Image\"; break;\r\n case 24: sName += \"Rockchip SD card\"; break;\r\n case 25: sName += \"Rockchip SPI image\"; break;\r\n case 26: sName += \"Xilinx Zynq Boot Image\"; break;\r\n case 27: sName += \"Xilinx ZynqMP Boot Image\"; break;\r\n case 28: sName += \"FPGA Image\"; break;\r\n case 29: sName += \"VYBRID .vyb Image\"; break;\r\n case 30: sName += \"Trusted Execution Environment OS Image\"; break;\r\n case 31: sName += \"Firmware Image with HABv4 IVT\"; break;\r\n default: return;\r\n }\r\n }\r\n\r\n if (bDetected) {\r\n sVersion = \"\\\"\" + Binary.getString(0x20, 0x20) + \"\\\"\"; // Image Name\r\n\r\n switch (Binary.readByte(0x1C)) { // Operating System\r\n case 0: sOptions = \"Invalid OS\"; break;\r\n case 1: sOptions = \"OpenBSD\"; break;\r\n case 2: sOptions = \"NetBSD\"; break;\r\n case 3: sOptions = \"FreeBSD\"; break;\r\n case 4: sOptions = \"4.4BSD\"; break;\r\n case 5: sOptions = \"Linux\"; break;\r\n case 6: sOptions = \"SVR4\"; break;\r\n case 7: sOptions = \"Esix\"; break;\r\n case 8: sOptions = \"Solaris\"; break;\r\n case 9: sOptions = \"Irix\"; break;\r\n case 10: sOptions = \"SCO\"; break;\r\n case 11: sOptions = \"Dell\"; break;\r\n case 12: sOptions = \"NCR\"; break;\r\n case 13: sOptions = \"LynxOS\"; break;\r\n case 14: sOptions = \"VxWorks\"; break;\r\n case 15: sOptions = \"pSOS\"; break;\r\n case 16: sOptions = \"QNX\"; break;\r\n case 17: sOptions = \"Firmware\"; break;\r\n case 18: sOptions = \"RTEMS\"; break;\r\n case 19: sOptions = \"ARTOS\"; break;\r\n case 20: sOptions = \"Unity OS\"; break;\r\n case 21: sOptions = \"INTEGRITY\"; break;\r\n case 22: sOptions = \"OSE\"; break;\r\n case 23: sOptions = \"Plan 9\"; break;\r\n case 24: sOptions = \"OpenRTOS\"; break;\r\n case 25: sOptions = \"ARM Trusted Firmware\"; break;\r\n case 26: sOptions = \"Trusted Execution Environment\"; break;\r\n case 27: sOptions = \"RISC-V OpenSBI\"; break;\r\n case 28: sOptions = \"EFI Firmware\"; break;\r\n }\r\n\r\n switch (Binary.readByte(0x1D)) { // CPU architecture\r\n case 0: sOptions = sOptions.append(\"Invalid CPU\"); break;\r\n case 1: sOptions = sOptions.append(\"Alpha\"); break;\r\n case 2: sOptions = sOptions.append(\"ARM\"); break;\r\n case 3: sOptions = sOptions.append(\"Intel x86\"); break;\r\n case 4: sOptions = sOptions.append(\"IA64\"); break;\r\n case 5: sOptions = sOptions.append(\"MIPS\"); break;\r\n case 6: sOptions = sOptions.append(\"MIPS64\"); break;\r\n case 7: sOptions = sOptions.append(\"PowerPC\"); break;\r\n case 8: sOptions = sOptions.append(\"IBM S390\"); break;\r\n case 9: sOptions = sOptions.append(\"SuperH\"); break;\r\n case 10: sOptions = sOptions.append(\"Sparc\"); break;\r\n case 11: sOptions = sOptions.append(\"Sparc64\"); break;\r\n case 12: sOptions = sOptions.append(\"M68K\"); break;\r\n case 13: sOptions = sOptions.append(\"Nios-32\"); break;\r\n case 14: sOptions = sOptions.append(\"MicroBlaze\"); break;\r\n case 15: sOptions = sOptions.append(\"Nios-II\"); break;\r\n case 16: sOptions = sOptions.append(\"Blackfin\"); break;\r\n case 17: sOptions = sOptions.append(\"AVR32\"); break;\r\n case 18: sOptions = sOptions.append(\"STM ST200\"); break;\r\n case 19: sOptions = sOptions.append(\"Sandbox\"); break;\r\n case 20: sOptions = sOptions.append(\"NDS32\"); break;\r\n case 21: sOptions = sOptions.append(\"OpenRISC\"); break;\r\n case 22: sOptions = sOptions.append(\"ARM64\"); break;\r\n case 23: sOptions = sOptions.append(\"ARC\"); break;\r\n case 24: sOptions = sOptions.append(\"AMD x86_64\"); break;\r\n case 25: sOptions = sOptions.append(\"Xtensa\"); break;\r\n case 26: sOptions = sOptions.append(\"RISC-V\"); break;\r\n }\r\n\r\n switch (Binary.readByte(0x1F)) { // Compression Type\r\n case 0: sOptions = sOptions.append(\"no compression\"); break;\r\n case 1: sOptions = sOptions.append(\"gzip\"); break;\r\n case 2: sOptions = sOptions.append(\"bzip2\"); break;\r\n case 3: sOptions = sOptions.append(\"lzma\"); break;\r\n case 4: sOptions = sOptions.append(\"lzo\"); break;\r\n case 5: sOptions = sOptions.append(\"lz4\"); break;\r\n case 6: sOptions = sOptions.append(\"zstd\"); break;\r\n }\r\n }\r\n }\r\n\r\n return result();\r\n}" }, { "path": "db/Binary/__MiniExtensionsHeuristic_By_DosX.7.sg", "content": "// Detect It Easy: detection rule file\n\n// Author: DosX\n// E-Mail: collab@kay-software.ru\n// GitHub: https://github.com/DosX-dev\n// Telegram: @DosX_dev\n// Updated by BJNFNE\n\nconst detect = main;\n\nfunction main() {\n if (Binary.isHeuristicScan()) {\n\n const\n currentFileExtension = Binary.getFileSuffix().toLowerCase(),\n isBinaryFile = !Binary.isPlainText(),\n extensionsDb = [\n { ext: [\"cmd\", \"bat\"], type: \"language\", name: \"Batch\", bin: false },\n { ext: [\"html\", \"htm\"], type: \"language\", name: \"HTM\", bin: false },\n { ext: [\"css\"], type: \"language\", name: \"Cascading Style Sheets\", bin: false },\n { ext: [\"c\", \"h\"], type: \"language\", name: \"C\", bin: false },\n { ext: [\"cpp\", \"hpp\"], type: \"language\", name: \"C++\", bin: false },\n { ext: [\"cs\"], type: \"language\", name: \"C#\", bin: false },\n { ext: [\"java\"], type: \"language\", name: \"Java\", bin: false },\n { ext: [\"py\"], type: \"language\", name: \"Python 🐓\", bin: false },\n { ext: [\"json\"], type: \"language\", name: \"JavaScript Object Notation\", bin: false },\n { ext: [\"xml\"], type: \"language\", name: \"Extensible Markup\", bin: false },\n { ext: [\"ini\"], type: \"format\", name: \"Configuration File\", bin: false },\n { ext: [\"yml\", \"yaml\"], type: \"language\", name: \"YAML\", bin: false },\n { ext: [\"php\"], type: \"language\", name: \"PHP\", bin: false },\n { ext: [\"rb\"], type: \"language\", name: \"Ruby\", bin: false },\n { ext: [\"pl\"], type: \"language\", name: \"Perl\", bin: false },\n { ext: [\"swift\"], type: \"language\", name: \"Swift\", bin: false },\n { ext: [\"rs\"], type: \"language\", name: \"Rust\", bin: false },\n { ext: [\"go\"], type: \"language\", name: \"Go\", bin: false },\n { ext: [\"ts\"], type: \"language\", name: \"TypeScript\", bin: false },\n { ext: [\"kt\"], type: \"language\", name: \"Kotlin\", bin: false },\n { ext: [\"dart\"], type: \"language\", name: \"Dart\", bin: false },\n { ext: [\"lua\"], type: \"language\", name: \"Lua\", bin: false },\n { ext: [\"sh\"], type: \"language\", name: \"Bash\", bin: false },\n { ext: [\"r\"], type: \"language\", name: \"R\", bin: false },\n { ext: [\"scala\"], type: \"language\", name: \"Scala\", bin: false },\n { ext: [\"lisp\"], type: \"language\", name: \"Lisp\", bin: false },\n { ext: [\"clj\"], type: \"language\", name: \"Clojure\", bin: false },\n { ext: [\"asm\"], type: \"language\", name: \"Assembly\", bin: false },\n { ext: [\"vb\"], type: \"language\", name: \"VB.NET\", bin: false },\n { ext: [\"fs\"], type: \"language\", name: \"F#\", bin: false },\n { ext: [\"ps1\"], type: \"language\", name: \"PowerShell Script\", bin: false },\n { ext: [\"ml\"], type: \"language\", name: \"OCaml\", bin: false },\n { ext: [\"hs\"], type: \"language\", name: \"Haskell\", bin: false },\n { ext: [\"vhd\"], type: \"language\", name: \"VHDL\", bin: false },\n { ext: [\"verilog\"], type: \"language\", name: \"Verilog\", bin: false },\n { ext: [\"ada\"], type: \"language\", name: \"Ada\", bin: false },\n { ext: [\"for\"], type: \"language\", name: \"Fortran\", bin: false },\n { ext: [\"pas\"], type: \"language\", name: \"Pascal\", bin: false },\n { ext: [\"m\"], type: \"language\", name: \"Objective-C\", bin: false },\n { ext: [\"v\"], type: \"language\", name: \"V\", bin: false },\n { ext: [\"img\", \"iso\"], type: \"format\", name: \"Disk Image\", bin: true },\n { ext: [\"dmg\"], type: \"format\", name: \"Apple Disk Image\", bin: true },\n { ext: [\"cab\"], type: \"format\", name: \"Cabinet Archive\", bin: true },\n { ext: [\"dat\"], type: \"format\", name: \"Data File\", bin: true },\n { ext: [\"vmdk\"], type: \"format\", name: \"VMware Virtual Disk\", bin: true },\n { ext: [\"vhd\", \"vhdx\"], type: \"format\", name: \"Virtual Hard Disk\", bin: true },\n { ext: [\"apk\"], type: \"format\", name: \"Android Package\", bin: true },\n { ext: [\"so\"], type: \"format\", name: \"Shared Object Library\", bin: true },\n { ext: [\"obj\"], type: \"format\", name: \"Object File\", bin: true },\n { ext: [\"a\"], type: \"format\", name: \"Static Library\", bin: true },\n { ext: [\"lib\"], type: \"format\", name: \"Library File\", bin: true },\n { ext: [\"o\"], type: \"format\", name: \"Compiled Object File\", bin: true },\n { ext: [\"pdb\"], type: \"format\", name: \"Program Database\", bin: true },\n { ext: [\"nso\"], type: \"format\", name: \"Nintendo Switch Object\", bin: true },\n { ext: [\"iso\"], type: \"format\", name: \"ISO Disk Image\", bin: true },\n { ext: [\"img\"], type: \"format\", name: \"Raw Disk Image\", bin: true },\n { ext: [\"dylib\"], type: \"format\", name: \"Dynamic Library (macOS)\", bin: true },\n { ext: [\"xex\"], type: \"format\", name: \"Xbox Executable File\", bin: true },\n { ext: [\"rom\"], type: \"format\", name: \"ROM Image\", bin: true },\n { ext: [\"pe\"], type: \"format\", name: \"Portable Executable\", bin: true },\n { ext: [\"bpl\"], type: \"format\", name: \"Borland Package Library\", bin: true },\n { ext: [\"vbx\"], type: \"format\", name: \"Visual Basic\", bin: true },\n { ext: [\"ocx\"], type: \"format\", name: \"ActiveX Control\", bin: true },\n { ext: [\"psd\"], type: \"format\", name: \"Photoshop Document\", bin: true },\n { ext: [\"ai\"], type: \"format\", name: \"Adobe Illustrator\", bin: true },\n { ext: [\"indd\"], type: \"format\", name: \"InDesign Document\", bin: true },\n { ext: [\"xd\"], type: \"format\", name: \"Adobe XD\", bin: true },\n { ext: [\"svg\"], type: \"format\", name: \"Scalable Vector Graphics\", bin: false },\n { ext: [\"blend\"], type: \"format\", name: \"Blender Project\", bin: true },\n { ext: [\"obj\"], type: \"format\", name: \"3D Object\", bin: true },\n { ext: [\"fbx\"], type: \"format\", name: \"Autodesk FBX\", bin: true },\n { ext: [\"stl\"], type: \"format\", name: \"STL Model\", bin: true },\n { ext: [\"gltf\", \"glb\"], type: \"format\", name: \"GLTF/GLB Model\", bin: true },\n { ext: [\"png\"], type: \"format\", name: \"Portable Network Graphics\", bin: true },\n { ext: [\"jpg\", \"jpeg\"], type: \"format\", name: \"JPEG Image\", bin: true },\n { ext: [\"bmp\"], type: \"format\", name: \"Bitmap Image\", bin: true },\n { ext: [\"tiff\"], type: \"format\", name: \"Tagged Image File Format\", bin: true },\n { ext: [\"tga\"], type: \"format\", name: \"Targa Image\", bin: true },\n { ext: [\"heic\"], type: \"format\", name: \"High Efficiency Image Format\", bin: true },\n { ext: [\"raw\", \"cr2\", \"nef\", \"orf\"], type: \"format\", name: \"RAW Image\", bin: true },\n { ext: [\"eps\"], type: \"format\", name: \"Encapsulated PostScript\", bin: true },\n { ext: [\"3ds\"], type: \"format\", name: \"3D Studio Max\", bin: true },\n { ext: [\"max\"], type: \"format\", name: \"3ds Max Project\", bin: true },\n { ext: [\"c4d\"], type: \"format\", name: \"Cinema 4D Project\", bin: true },\n { ext: [\"dae\"], type: \"format\", name: \"Collada\", bin: true },\n { ext: [\"skp\"], type: \"format\", name: \"SketchUp\", bin: true },\n { ext: [\"dxf\"], type: \"format\", name: \"Drawing Exchange Format\", bin: true },\n { ext: [\"dwg\"], type: \"format\", name: \"AutoCAD Drawing\", bin: true },\n { ext: [\"iges\", \"igs\"], type: \"format\", name: \"IGES Model\", bin: true },\n { ext: [\"step\", \"stp\"], type: \"format\", name: \"STEP Model\", bin: true },\n { ext: [\"vrml\", \"wrl\"], type: \"format\", name: \"VRML Model\", bin: true },\n { ext: [\"x3d\"], type: \"format\", name: \"X3D Model\", bin: true },\n { ext: [\"mp4\"], type: \"format\", name: \"MPEG-4 Video\", bin: true },\n { ext: [\"bik\"], type: \"format\", name: \"Bink Video\", bin: true },\n { ext: [\"mkv\"], type: \"format\", name: \"Matroska Video\", bin: true },\n { ext: [\"avi\"], type: \"format\", name: \"AVI Video\", bin: true },\n { ext: [\"mov\"], type: \"format\", name: \"QuickTime Movie\", bin: true },\n { ext: [\"flv\"], type: \"format\", name: \"Flash Video\", bin: true },\n { ext: [\"webm\"], type: \"format\", name: \"WebM Video\", bin: true },\n { ext: [\"mp3\"], type: \"format\", name: \"MP3 Audio\", bin: true },\n { ext: [\"wav\"], type: \"format\", name: \"Waveform Audio\", bin: true },\n { ext: [\"aac\"], type: \"format\", name: \"Advanced Audio Coding\", bin: true },\n { ext: [\"ogg\"], type: \"format\", name: \"Ogg Vorbis\", bin: true },\n { ext: [\"m4a\"], type: \"format\", name: \"MPEG-4 Audio\", bin: true },\n { ext: [\"wma\"], type: \"format\", name: \"Windows Media Audio\", bin: true },\n { ext: [\"prproj\"], type: \"format\", name: \"Premiere Pro Project\", bin: true },\n { ext: [\"aep\"], type: \"format\", name: \"After Effects Project\", bin: true },\n { ext: [\"psb\"], type: \"format\", name: \"Photoshop Big Document\", bin: true },\n { ext: [\"cdr\"], type: \"format\", name: \"CorelDRAW Image\", bin: true },\n { ext: [\"afdesign\"], type: \"format\", name: \"Affinity Designer\", bin: true },\n { ext: [\"afphoto\"], type: \"format\", name: \"Affinity Photo\", bin: true },\n { ext: [\"afpub\"], type: \"format\", name: \"Affinity Publisher\", bin: true },\n { ext: [\"sketch\"], type: \"format\", name: \"Sketch Project\", bin: true },\n { ext: [\"xcf\"], type: \"format\", name: \"GIMP Image\", bin: true },\n { ext: [\"kra\"], type: \"format\", name: \"Krita Image\", bin: true },\n { ext: [\"vproj\"], type: \"format\", name: \"Vegas Pro Project\", bin: true },\n { ext: [\"wpd\"], type: \"format\", name: \"WordPerfect Document\", bin: true },\n { ext: [\"vpj\"], type: \"format\", name: \"VideoPad Project\", bin: true },\n { ext: [\"prtl\"], type: \"format\", name: \"Premiere Title\", bin: true },\n { ext: [\"pdn\"], type: \"format\", name: \"Paint.NET Image\", bin: true },\n { ext: [\"tmp\", \"temp\"], type: \"format\", name: \"Temporary file\", bin: true },\n { ext: [\"tmp\", \"temp\"], type: \"format\", name: \"Temporary file\", bin: false },\n { ext: [\"mb\"], type: \"format\", name: \"Maya Binary Project\", bin: true },\n { ext: [\"ma\"], type: \"format\", name: \"Maya ASCII Project\", bin: true },\n { ext: [\"lwo\"], type: \"format\", name: \"LightWave Object\", bin: true },\n { ext: [\"lws\"], type: \"format\", name: \"LightWave Scene\", bin: true },\n { ext: [\"obj\"], type: \"format\", name: \"Wavefront OBJ\", bin: true },\n { ext: [\"abc\"], type: \"format\", name: \"Alembic\", bin: true },\n { ext: [\"bgeo\"], type: \"format\", name: \"Houdini Geometry\", bin: true },\n { ext: [\"vdb\"], type: \"format\", name: \"OpenVDB\", bin: true },\n { ext: [\"usd\"], type: \"format\", name: \"Universal Scene Description\", bin: true },\n { ext: [\"usdz\"], type: \"format\", name: \"Universal Scene Description (zipped)\", bin: true },\n { ext: [\"vox\"], type: \"format\", name: \"MagicaVoxel\", bin: true },\n { ext: [\"cob\"], type: \"format\", name: \"Caligari Object\", bin: true },\n { ext: [\"scn\"], type: \"format\", name: \"3D Scene\", bin: true },\n { ext: [\"3dm\"], type: \"format\", name: \"Rhinoceros 3D Model\", bin: true },\n { ext: [\"ztl\"], type: \"format\", name: \"ZBrush Tool\", bin: true },\n { ext: [\"zpr\"], type: \"format\", name: \"ZBrush Project\", bin: true },\n { ext: [\"bip\"], type: \"format\", name: \"Character Studio Biped\", bin: true },\n { ext: [\"3mf\"], type: \"format\", name: \"3D Manufacturing Format\", bin: true },\n { ext: [\"ply\"], type: \"format\", name: \"Polygon File Format\", bin: true },\n { ext: [\"x\"], type: \"format\", name: \"DirectX Model\", bin: true },\n { ext: [\"ms3d\"], type: \"format\", name: \"MilkShape 3D Model\", bin: true },\n { ext: [\"nif\"], type: \"format\", name: \"Gamebryo Model Format\", bin: true },\n { ext: [\"mdl\"], type: \"format\", name: \"3D Model\", bin: true },\n { ext: [\"wrl\"], type: \"format\", name: \"VRML World\", bin: true },\n { ext: [\"fac\"], type: \"format\", name: \"Autodesk Face\", bin: true },\n { ext: [\"xsi\"], type: \"format\", name: \"Softimage XSI\", bin: true },\n { ext: [\"pov\"], type: \"format\", name: \"POV-Ray File\", bin: true },\n { ext: [\"sldprt\"], type: \"format\", name: \"SolidWorks Part\", bin: true },\n { ext: [\"sldasm\"], type: \"format\", name: \"SolidWorks Assembly\", bin: true },\n { ext: [\"slddrw\"], type: \"format\", name: \"SolidWorks Drawing\", bin: true },\n { ext: [\"prt\"], type: \"format\", name: \"Creo Parametric Part\", bin: true },\n { ext: [\"asm\"], type: \"format\", name: \"Creo Parametric Assembly\", bin: true },\n { ext: [\"nds\"], type: \"format\", name: \"Nintendo DS ROM\", bin: true },\n { ext: [\"z64\"], type: \"format\", name: \"Nintendo 64 ROM\", bin: true },\n { ext: [\"n64\"], type: \"format\", name: \"Nintendo 64 ROM image (V64)\", bin: true },\n { ext: [\"pcx\"], type: \"format\", name: \"PiCture eXchange\", bin: true },\n { ext: [\"wbfs\"], type: \"format\", name: \"Wii Backup File System\", bin: true },\n { ext: [\"si\"], type: \"format\", name: \"Interleaf File\", bin: true },\n { ext: [\"wdb\"], type: \"format\", name: \"World DataBase\", bin: true },\n { ext: [\"asp\"], type: \"format\", name: \"Active Server Pages\", bin: false },\n // Coktel Vision formats:\n { ext: [\"vmd\"], type: \"format\", name: \"Video and Media Data\", bin: true },\n { ext: [\"mesh\"], type: \"format\", name: \"3D Collide Data\", bin: true },\n { ext: [\"tot\"], type: \"format\", name: \"Script file\", bin: true },\n { ext: [\"ext\"], type: \"format\", name: \"Script resource file\", bin: true },\n { ext: [\"ide\"], type: \"format\", name: \"Script function name offset\", bin: true },\n { ext: [\"stk\", \"itk\", \"jtk\", \"ltk\"], type: \"format\", name: \"STK1.0\", bin: true },\n { ext: [\"var\"], type: \"format\", name: \"Variable file\", bin: true },\n { ext: [\"cmp\"], type: \"format\", name: \"Sprite file\", bin: true },\n { ext: [\"tts\"], type: \"format\", name: \"Text to Speech file\", bin: false },\n { ext: [\"pag\"], type: \"format\", name: \"Update file\", bin: false },\n { ext: [\"bcd\"], type: \"format\", name: \"BCD (Information for new Application)\", bin: false },\n { ext: [\"bcd1\"], type: \"format\", name: \"BCD (Information for Environment)\", bin: false },\n { ext: [\"cd1\"], type: \"format\", name: \"CD1 (Setup Information)\", bin: false },\n { ext: [\"rxy\"], type: \"format\", name: \"Relative Sprite Coordinates\", bin: true },\n { ext: [\"fra\"], type: \"format\", name: \"French text (Francais)\", bin: true },\n { ext: [\"all\"], type: \"format\", name: \"German text (Allemand)\", bin: true },\n { ext: [\"ang\"], type: \"format\", name: \"English text (Anglais)\", bin: true },\n { ext: [\"esp\"], type: \"format\", name: \"Spanish text (Espagnol)\", bin: true },\n { ext: [\"ita\"], type: \"format\", name: \"Italian text\", bin: true },\n { ext: [\"fnt\", \"let\"], type: \"format\", name: \"Font\", bin: true },\n { ext: [\"snd\"], type: \"format\", name: \"Sound file\", bin: true },\n { ext: [\"ani\"], type: \"format\", name: \"Animation file\", bin: true },\n { ext: [\"dec\"], type: \"format\", name: \"Decal (Background) file\", bin: true },\n { ext: [\"tbr\"], type: \"format\", name: \"Instrument parameters\", bin: true },\n { ext: [\"mdy\"], type: \"format\", name: \"Music score\", bin: true },\n { ext: [\"err\"], type: \"format\", name: \"Error File\", bin: false },\n { ext: [\"adi\"], type: \"format\", name: \"Debug (Adi) File\", bin: true },\n { ext: [\"bou\"], type: \"format\", name: \"Debug (Adibou) File\", bin: true },\n { ext: [\"pla\"], type: \"format\", name: \"Debug (Playtoons) File\", bin: true },\n { ext: [\"ask\"], type: \"format\", name: \"Installation help\", bin: false },\n { ext: [\"dag\"], type: \"format\", name: \"Dialog Text\", bin: true },\n { ext: [\"seq\"], type: \"format\", name: \"Animation Sequence\", bin: true },\n { ext: [\"scn\"], type: \"format\", name: \"Scene File\", bin: false },\n { ext: [\"rec\"], type: \"format\", name: \"Record File\", bin: true },\n { ext: [\"gam\"], type: \"format\", name: \"Savegame File\", bin: true },\n { ext: [\"lvl\"], type: \"format\", name: \"Level File\", bin: true },\n { ext: [\"stb\"], type: \"format\", name: \"STB (OGG)\", bin: true },\n { ext: [\"adbx\"], type: \"format\", name: \"AdibouX\", bin: true },\n { ext: [\"sav\"], type: \"format\", name: \"Save\", bin: true },\n // Generic formats:\n { ext: [\"flx\", \"flc\"], type: \"format\", name: \"FLIC\", bin: true },\n { ext: [\"md\"], type: \"format\", name: \"Markdown\", bin: false },\n { ext: [\"map\"], type: \"format\", name: \"Mapfile\", bin: false },\n { ext: [\"def\"], type: \"format\", name: \"Definition file\", bin: false },\n { ext: [\"dbt\"], type: \"format\", name: \"Database Text File\", bin: true },\n { ext: [\"cfg\"], type: \"format\", name: \"Config File\", bin: true },\n { ext: [\"inf\"], type: \"format\", name: \"INF file (setup Information file)\", bin: true },\n { ext: [\"icns\"], type: \"format\", name: \"Apple Icon Image format\", bin: true },\n { ext: [\"mdx\"], type: \"format\", name: \"Multidimensional Expressions\", bin: true },\n { ext: [\"qdat\"], type: \"format\", name: \"QuickTime data\", bin: true },\n { ext: [\"pup\"], type: \"format\", name: \"Playstation Update Package\", bin: true },\n { ext: [\"mps\"], type: \"format\", name: \"Mathematical Programming System\", bin: true },\n { ext: [\"gzf\"], type: \"format\", name: \"Ghidra Zip File\", bin: true },\n { ext: [\"cue\"], type: \"format\", name: \"CUE sheet\", bin: false },\n { ext: [\"cat\"], type: \"format\", name: \"Windows Cabinet File\", bin: true },\n { ext: [\"sdb\"], type: \"format\", name: \"Shim Database\", bin: true },\n { ext: [\"mof\"], type: \"format\", name: \"Managed Object Format\", bin: false },\n { ext: [\"nls\"], type: \"format\", name: \"National Language Support\", bin: true },\n { ext: [\"sse\"], type: \"format\", name: \"Streaming SIMD Extensions\", bin: true },\n { ext: [\"res\"], type: \"format\", name: \"Resource file\", bin: true },\n { ext: [\"md5\"], type: \"format\", name: \"MD5 Checksum\", bin: false },\n { ext: [\"db\"], type: \"format\", name: \"Database\", bin: true },\n { ext: [\"xa\"], type: \"audio\", name: \"XA\", bin: true },\n { ext: [\"torrent\"], type: \"format\", name: \"Torrent\", bin: true },\n { ext: [\"bms\"], type: \"format\", name: \"QuickBMS\", bin: false },\n { ext: [\"gbc\"], type: \"format\", name: \"GameBoy Color ROM\", bin: true },\n { ext: [\"tsv\"], type: \"format\", name: \"Tab-Separated Values\", bin: false },\n { ext: [\"st\"], type: \"format\", name: \"ST Disk Image\", bin: true },\n { ext: [\"str\"], type: \"format\", name: \"Streaming Data Movie\", bin: true },\n { ext: [\"rpt\"], type: \"format\", name: \"Report file\", bin: false },\n { ext: [\"iss\"], type: \"format\", name: \"Inno Setup Script\", bin: false },\n { ext: [\"plist\"], type: \"format\", name: \"Property List\", bin: false },\n { ext: [\"vcd\"], type: \"format\", name: \"Value change dump\", bin: false },\n { ext: [\"gitignore\"], type: \"format\", name: \"Git ignore file\", bin: false },\n // ScummVM formats:\n { ext: [\"gob\"], type: \"format\", name: \"Config file (extract_gob_stk)\", bin: false },\n // Director formats:\n { ext: [\"dxr\"], type: \"format\", name: \"Protected Director Movie\", bin: true },\n { ext: [\"cxt\"], type: \"format\", name: \"Adobe Director Protected Cast file\", bin: true },\n { ext: [\"dcr\"], type: \"format\", name: \"Published Shockwave Movie\", bin: true },\n { ext: [\"cct\"], type: \"format\", name: \"Published Shockwave Cast\", bin: true },\n { ext: [\"cst\"], type: \"format\", name: \"Cast file\", bin: true },\n { ext: [\"xobj\"], type: \"format\", name: \"XObjects\", bin: true },\n // 3DS formats:\n { ext: [\"cia\"], type: \"format\", name: \"CTR Importable Archive\", bin: true },\n // Amiga formats:\n { ext: [\"adf\"], type: \"format\", name: \"Amiga Disk File\", bin: true },\n ];\n\n for (var i = 0; i < extensionsDb.length; i++) {\n var extGroup = extensionsDb[i].ext;\n for (var j = 0; j < extGroup.length; j++) {\n if (extGroup[j] === currentFileExtension && extensionsDb[i].bin === isBinaryFile) {\n if (_getNumberOfResults(extensionsDb[i]) < 1) {\n _setResult(\"~\" + extensionsDb[i].type, extensionsDb[i].name, String(), \"by extension\");\n }\n return null;\n }\n }\n }\n }\n}" }, { "path": "db/Binary/__MiniJavaScriptHeuristic_By_DosX.7.sg", "content": "// Detect It Easy: detection rule file\n\n// Author: DosX\n// E-Mail: collab@kay-software.ru\n// GitHub: https://github.com/DosX-dev\n// Telegram: @DosX_dev\n\nfunction detect() { main(); }\n\nfunction main() {\n if (Binary.isHeuristicScan()) {\n switch (Binary.getFileSuffix().toLowerCase()) {\n case \"js\": // JavaScript\n case \"jse\": // JScript Encoded\n case \"jsc\": // JavaScript Compiled\n case \"sg\": // Detect It Easy module\n var options = String();\n\n if (!Binary.isPlainText()) {\n options = \"bytecode\";\n } else {\n if (Binary.getSize() > 3000) {\n var scriptContent = Binary.getString(0x00, Binary.getSize());\n\n // Split the code into segments that are outside of string literals.\n // Handle escaping (\\\", \\\\', \\`) — escaped quotes are not treated as string delimiters.\n // Also include expressions inside template literals `${...}` as code (they will be scanned).\n var segments = [],\n currentSegment = String(),\n insideString = false,\n stringDelimiter = String(),\n isEscaped = false;\n\n for (var i = 0; i < scriptContent.length; i++) {\n var currChar = scriptContent[i];\n\n if (insideString) {\n if (isEscaped) {\n isEscaped = false;\n continue;\n }\n if (currChar === '\\\\') {\n isEscaped = true;\n continue;\n }\n\n // For template literals: when encountering `${` include nested expression into current segment\n if (stringDelimiter === '`' && currChar === '$' && i + 1 < scriptContent.length && scriptContent[i + 1] === '{') {\n // skip '{' and start accumulating the expression content\n i++; // now scriptContent[i] === '{'\n var braceDepth = 1;\n // Inside the expression, handle escaping as well\n while (i + 1 < scriptContent.length && braceDepth > 0) {\n i++;\n var innerChar = scriptContent[i];\n if (innerChar === '\\\\') {\n // capture escaped char and the next one\n currentSegment += innerChar;\n if (i + 1 < scriptContent.length) {\n i++; currentSegment += scriptContent[i];\n }\n continue;\n }\n if (innerChar === '{') { braceDepth++; currentSegment += innerChar; continue; }\n if (innerChar === '}') { braceDepth--; if (braceDepth === 0) break; currentSegment += innerChar; continue; }\n currentSegment += innerChar;\n }\n continue;\n }\n\n if (currChar === stringDelimiter) {\n insideString = false;\n stringDelimiter = String();\n }\n // do not copy characters that are inside strings\n } else {\n // not inside a string\n if (currChar === '\"' || currChar === \"'\" || currChar === '`') {\n // start of string — finish current segment\n if (currentSegment.length > 0) { segments.push(currentSegment); currentSegment = String(); }\n insideString = true;\n stringDelimiter = currChar;\n } else {\n currentSegment += currChar;\n }\n }\n }\n\n if (currentSegment.length > 0) segments.push(currentSegment);\n\n for (var segIndex = 0; segIndex < segments.length; segIndex++) {\n var tokenToProcess = segments[segIndex];\n if (!/( |\\t)/.test(tokenToProcess) && (\n /(((var|let|const)[\\t ]|\\())\\b[a-zA-Z](?:,[a-zA-Z]){3,}\\b/.test(tokenToProcess) ||\n /[a-zA-Z][!=]?=?=![01][;,})]/.test(tokenToProcess)\n )) {\n options = \"minified/compiled\";\n break;\n }\n }\n }\n }\n\n _setResult(\"~language\", \"JavaScript\", String(), Binary.isVerbose() ? options : String());\n\n break;\n }\n }\n}" }, { "path": "db/Binary/_init", "content": "// Detect It Easy: DiE-JS framework file\n// Don't change anything unless you're sure about what you're doing\n\nvar File = Binary;\nvar X = Binary;\n\nincludeScript(\"read\");" }, { "path": "db/Binary/archive.ACE.1.sg", "content": "// Detect It Easy: detection rule file\r\n// Author: Jason Hood \r\n\r\nincludeScript(\"ACE\");\r\n\r\nfunction detect() {\r\n detect_ACE(1);\n\n return result();\n}" }, { "path": "db/Binary/archive.ARJ.1.sg", "content": "// Detect It Easy: detection rule file\r\n// Author: horsicq \r\n\r\nincludeScript(\"arj\");\r\n\r\nfunction detect() {\r\n detect_ARJ(1);\r\n\r\n return result();\r\n}\r\n" }, { "path": "db/Binary/archive.DEFLATE.1.sg", "content": "// Detect It Easy: detection rule file\r\n// Author: horsicq \r\n// Authors:\r\n// LinXP\r\n// Kaens (TG@kaens)\r\n\r\nmeta(\"archive\");\r\n\r\nfunction checkDeflate(start) {\r\n var br = new BitReader(start),\r\n tight = 0,\r\n maxf = Math.min(X.Sz(), 0x100);\r\n do {\r\n var f = br.read(1), bt = br.read(2);\r\n //_log(\"@\"+br.offset+\"^\"+br.n+\" blockType:\"+bt+(f?\" (final)\":\"\"));\r\n var code = 0,\r\n _t = [];\r\n if (!bt) { // copy stored block data\r\n br.init(start);\r\n var len = br.read(8);\r\n len |= br.read(8) << 8;\r\n var nlen = br.read(8);\r\n nlen |= br.read(8) << 8;\r\n if (len != (nlen ^ 0xFFFF)) return 0;\r\n br.consume(len); // br.meta(br.offset);\r\n //_log(\" len=\"+len+\"=\"+Hex(len)+\" br.ofs=\"+Hex(br.offset))\r\n if (br.offset > X.Sz()) return false;\r\n if (f) tight = 1\r\n } else if (bt == 1 || bt == 2) {\r\n if (bt == 1) { // fixed block\r\n //for(i=0; i < 24; i++) {}\r\n tight = 1;\r\n } else { //dynamic block\r\n var hlit = br.read(5) + 257;\r\n if (hlit > 286) return false;\r\n var hdist = br.read(5) + 1,\r\n hclen = br.read(4) + 4;\r\n //_log(\"hlit:\"+hlit+\" hdist:\"+hdist+\" hclen:\"+hclen)\r\n var lent = [];\r\n const lentord = [16, 17, 18, 0, 8, 7, 9, 6, 10, 5, 11, 4, 12, 3, 13, 2, 14, 1, 15];\r\n for (i = 0; i < hclen && br.offset < maxf; i++)\r\n lent[lentord[i]] = br.read(3);\r\n _t = createOrderlyHuffmanTable(lent, 19, br);\r\n if (!_t) return false;\r\n //_log(\"after creating a table @\"+br.offset+\"/\"+br.n)\r\n i = 0;\r\n while (i < hlit + hdist) {\r\n //bitLengthDecoder.decode:\r\n if (!_t.length) return false;\r\n j = 0;\r\n while (_t[j][0] || _t[j][1]) { j = br.read(1) ? _t[j][1] : _t[j][0]; if (!j) return false }\r\n //_log(\"@\"+br.offset+\"^\"+br.n+\" code = \"+_t[j][2])\r\n if (_t[j][2] < 16) { /*auto insert's relevant part*/\r\n if (i >= hlit + hdist) return false;\r\n i++\r\n } else switch (_t[j][2]) { /* beautify preserve:start */\r\n case 16: if (i) br.read(2); else return false; break;\r\n case 17: for (t = br.read(3) + 3; t; t--); break;\r\n case 18: for (t = br.read(7) + 11; t; t--); break;\r\n default: return false;\r\n } /* beautify preserve:end */\r\n if (br.offset > X.Sz()) return false;\r\n }\r\n tight = 2;\r\n f = true\r\n }\r\n } else return false; //block type 3 is out\r\n //if(!X.isDeepScan() && br.ofs() >= maxf) f = true; //to avoid slowing it down with, well, unpacking\r\n } while (!f);\r\n if (tight == 1) {\r\n if (br.offset >= X.Sz()) return false;\r\n //for(;;) { //TODO\r\n // if()\r\n //}\r\n }\r\n return tight\r\n}\r\n\r\nfunction checkZlib(p) {\r\n if (p + 6 > X.Sz()) return false;\r\n var c = X.U8(p++);\r\n if ((c & 0xF) != 8 || (c & 0xF0) > 0x70) return false;\r\n var start = 2,\r\n f = X.U8(p++);\r\n if (f & 0x20) {\r\n if (p + 8 < X.Sz()) return false;\r\n start += 4\r\n }\r\n if (((c << 8) | f) % 31) return false;\r\n //_log(\"zlib, data begins @\"+Hex(start))\r\n if (!checkDeflate(start)) return false;\r\n cmprlvl = [\"fastest\", \"fast\", \"default\", \"max\"][f >> 6];\r\n return true\r\n}\r\n\r\nfunction detect() {\r\n bad = \"\";\r\n if (X.Sz() >= 10 && X.c(\"1FA1\") && checkDeflate(2)) {\r\n sName = \"Gzip hack: Quasijarus Strong Compression (Z.)\";\r\n bDetected = true;\r\n }\r\n if (!bDetected && X.c(\"1F8B\")) { //gzip\r\n method = X.U8(2);\r\n switch (method) { /* beautify preserve:start */\r\n case 0: sVersion = \"store\"; bad = bad.addIfNone(\"!badalgo\"); break;\r\n case 1: sVersion = \"compress\"; bad = bad.addIfNone(\"!badalgo\"); break;\r\n case 2: sVersion = \"pack\"; bad = bad.addIfNone(\"!badalgo\"); break;\r\n case 3: sVersion = \"lz\"; bad = bad.addIfNone(\"!badalgo\"); break;\r\n case 8: sVersion = \"deflate\"; break; //the only format gzip won't throw an error about\r\n default: return false;\r\n }\r\n f = X.U8(3);\r\n fs = [];\r\n if (f & 1) fs.push(\"ASCII_FLAG\");\r\n if (f & 2) fs.push(\"HEADER_CRC\");\r\n if (f & 4) fs.push(\"EXTRA_FIELD\");\r\n if (f & 8) fs.push(\"ORIG_NAME\");\r\n if (f & 0x10) fs.push(\"COMMENT\");\r\n if (f & 0x20) fs.push(\"ENCRYPTED\");\r\n if (f & 0xC0) fs.push(\"RESERVED\");\r\n ts = X.I32(5, _LE);\r\n if (ts <= 0) return false;\r\n if (X.isVerbose()) {\r\n switch (X.U8(8)) { //not really meaningful\r\n case 2: sOption(\"best\"); break;\r\n case 4: sOption(\"fast\");\r\n }\r\n switch (X.U8(9)) {\r\n case 0: s = \"FAT FS (MS-DOS, OS/2, NT/Win32\"; break;\r\n case 1: s = \"Amiga\"; break;\r\n case 2: s = \"(Open)VMS\"; break;\r\n case 3: s = \"Unix\"; break;\r\n case 4: s = \"VM/CMS\"; break;\r\n case 5: s = \"Atari TOS\"; break;\r\n case 6: s = \"HPFS (OS/2, NT)\"; break;\r\n case 7: s = \"Macintosh\"; break;\r\n case 8: s = \"Z-System\"; break;\r\n case 9: s = \"CP/M\"; break;\r\n case 10: s = \"TOPS-20\"; break;\r\n case 11: s = \"NTFS (NT)\"; break;\r\n case 12: s = \"QDOS\"; break;\r\n case 13: s = \"Acorn RISCOS\"; break;\r\n case 255: s = \"unknown OS\"; break;\r\n default: s = \"?\"\r\n } /* beautify preserve:end */\r\n sOption(s, \"OS code:\");\r\n }\r\n p = 10;\r\n if (f & 4) p += 4 + X.U16(p + 2, _LE);\r\n if (f & 8) {\r\n s = X.SA(p, 1024);\r\n p += s.length + 1;\r\n if (X.isVerbose()) sOption(s, 'filename:\"', '\"');\r\n }\r\n if (f & 0x10) {\r\n s = X.SA(p, 1024);\r\n p += s.length + 1;\r\n if (X.isVerbose()) sOptionT(s, \"cmt:\");\r\n }\r\n if (f & 0x2) p += 2;\r\n if (checkDeflate(p)) {\r\n sName = \"GZIP (.gz)\";\r\n bDetected = true;\r\n if (X.isVerbose()) sOption(X.U32(X.Sz() - 4, _LE), \"unp.sz:\")\r\n } else if (X.isHeuristicScan()) {\r\n sName = \"GZIP (.gz)\";\r\n bDetected = true\r\n }\r\n }\r\n if (!bDetected && X.isDeepScan() && X.isHeuristicScan() && X.calculateEntropy(0x40, 0x100) > 7) {\r\n for (s = 1; s < 0x40 && !bDetected; s++) {\r\n if (!bDetected && checkZlib(s)) {\r\n sName = \"Zlib stream (.zlib)\";\r\n sOption(\"@\" + Hex(s));\r\n sOption(cmprlvl, \"lv:\");\r\n bDetected = true\r\n }\r\n if (!bDetected && checkDeflate(s) > 1) {\r\n sName = \"Raw Deflate stream\";\r\n sOptions = \"@\" + Hex(s);\r\n bDetected = true\r\n }\r\n }\r\n }\r\n return result();\r\n}\r\n" }, { "path": "db/Binary/archive.LZ4.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: LinXP\n\n// https://github.com/inikep/lizard/blob/lizard/doc/lizard_Frame_format.md\nmeta(\"archive\");\n\nfunction detect() {\n if (Binary.getSize() >= 9) {\n bDetected = true;\n switch (Binary.read_uint32(0x00, _BE)) {\n case 0x02214C18: sName = \"LZ4 compressed data, legacy (.LZ4)\"; break;\n case 0x04224D18: sName = \"LZ4 compressed data (.LZ4)\"; break;\n case 0x05224D18: sName = \"LZ5 compressed data (.LZ5)\"; break;\n case 0x06224D18: sName = \"Lizard compressed data (.LIZ)\"; break;\n default: bDetected = false;\n }\n\n if (bDetected) {\n var bFlags = Binary.read_uint8(0x04);\n if (bFlags & 64) { sVersion = \"1.0\"; }\n if (bFlags & 128) { sVersion = \"2.0\"; }\n if (bFlags & 64 && bFlags & 128) { sVersion = \"3.0\"; }\n if (Binary.isVerbose()) {\n if (bFlags & 1) { sOption(\"PresetDictionary\"); }\n if (bFlags & 4) { sOption(\"ContentChecksum\"); }\n if (bFlags & 8) { sOption(\"ContentSize\"); }\n if (bFlags & 16) { sOption(\"BlockChecksum\"); }\n if (bFlags & 32) { sOption(\"BlockIndependence\"); }\n }\n }\n }\n\n return result();\n}" }, { "path": "db/Binary/archive.MS_Compound.1.sg", "content": "// Detect It Easy: detection rule file\r\n// Author: horsicq \r\n\r\nmeta(\"archive\", \"Microsoft Compound\");\r\n\r\nfunction detect() {\r\n if (Binary.compare(\"D0CF11E0A1B11AE1\")) {\r\n const // magic values\r\n nSub1 = Binary.readWord(0x200),\r\n nSub2 = Binary.readWord(0x1000);\r\n\r\n if (nSub1 == 0 && nSub2 == 0xFFFD) {\r\n sType = \"installer\";\r\n sName = \"Microsoft Installer (MSI)\";\r\n } else if (nSub1 == 0xA5EC) {\r\n sType = \"format\";\r\n sName = \"Microsoft Office\";\r\n sVersion = \"1997-2003\";\r\n } else {\r\n sVersion = \"Office, 1997-2003\";\r\n }\r\n\r\n bDetected = true;\r\n }\r\n\r\n return result();\r\n}\r\n" }, { "path": "db/Binary/archive.PC_Secure.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"archive\", \"PC Secure\");\n\nfunction detect() {\n if (Binary.compare(\"'PCT7'22\") || Binary.compare(\"'PCT'..20284b\")) {\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/Binary/archive.RAR.1.sg", "content": "// Detect It Easy: detection rule file\r\n// Author: horsicq \r\n\r\nincludeScript(\"rar-file\");\r\n\r\nfunction detect() {\r\n detect_RAR(1);\r\n\r\n return result();\r\n}\r\n" }, { "path": "db/Binary/archive.ZIP.1.sg", "content": "// Detect It Easy: detection rule file\r\n// Author: Jason Hood \r\n\r\nincludeScript(\"zip-file\");\r\n\r\nfunction detect() {\r\n detect_Zip(1);\r\n\r\n return result();\r\n}" }, { "path": "db/Binary/archive.ZLIB.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: LinXP\n\nmeta(\"data\");\nincludeScript(\"zlib\");\n\nfunction detect() {\n if (detect_zlib(Binary, 0)) {\n sName = \"ZLIB data\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/Binary/archive_7z.1.sg", "content": "// Detect It Easy: detection rule file\r\n// Author: horsicq \r\n\r\nmeta(\"archive\", \"7-Zip\");\r\n\r\nfunction detect() {\r\n if (Binary.getSize() >= 64) {\r\n if (Binary.compare(\"'7z'BCAF271C\")) {\r\n sVersion = Binary.readByte(6) + \".\" + Binary.readByte(7);\r\n bDetected = true;\r\n }\r\n }\r\n\r\n return result();\r\n}\r\n" }, { "path": "db/Binary/archive_ANC-Cruncher.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"archive\", \"ANC-Cruncher\");\n\nfunction detect() {\n if (Binary.compare(\"'FVL0'\")) {\n sOptions = \"use ANC-Cruncher's CRLoad for unpack and run\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/Binary/archive_AR.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: LinXP\n// Status: WIP\n// doc-ref: https://en.wikipedia.org/wiki/Ar_(Unix)\nincludeScript(\"archive-file\");\nmeta(\"archive\", \"The archiver (.AR)\");\n\nfunction detect() {\n\n function ParseLibInfo() {\n sType = \"format\";\n sName = \"COFF Library (.LIB)\";\n\n var nMachineOffset = Binary.read_uint32(0x48, _BE) + 0x3C,\n nMachine;\n\n if (Binary.compare(\"0000FFFF\", nMachineOffset)) {\n nMachine = Binary.read_uint16(nMachineOffset + 6);\n } // long format\n else {\n nMachine = Binary.read_uint16(nMachineOffset)\n } // short format\n switch (nMachine) {\n case 0x014c: sVersion = \"I386\"; break; // Intel 386 or later processors and compatible processors\n case 0x0162: sVersion = \"R3000\"; break; // MIPS little-endian, 0x160 big-endian\n case 0x01c0: sVersion = \"ARM\"; break; // ARM little-endian\n case 0x8664: sVersion = \"AMD64\"; break; // x64\n case 0xAA64: sVersion = \"ARM64\"; break; // ARM64 little-endian\n case 0x01c4: sVersion = \"ARMNT\"; break; // Arm Thumb-2 little-endian\n default: sVersion = \"Unknown\";\n }\n }\n\n if (Binary.compare(\"'!'0A\")) {\n bDetected = true;\n var nOffset = 8;\n var nItemCount = 0;\n\n while (nOffset < Binary.getSize()) {\n sFileName = Binary.getString(nOffset, 0x10).trim();\n nOffset += 0x10;\n nOffset += 0x0C; // modification_timestamp\n nOffset += 0x06; // ownerID\n nOffset += 0x06; // groupID\n nOffset += 0x08; // fileMode\n nFileSize = parseInt(Binary.getString(nOffset, 0x0A));\n nOffset += 0x0A;\n nOffset += 0x02; // endMarker\n switch (sFileName) {\n case \"/\": ParseLibInfo(); break;\n case \"debian-binary\": ParseDebInfo(); break;\n case \"/\\/\": break;\n default: Archive.add(nFileSize, nFileSize);\n }\n nOffset += nFileSize;\n if (nFileSize & 1) nOffset += 1; // padding\n nItemCount += 1;\n }\n\n if (Binary.isVerbose()) sOption(Archive.contents()); // TODO: parse DIR\\FILES\n }\n\n function ParseDebInfo() {\n sName = \"Debian Software package (.DEB)\";\n sVersion = Binary.getString(nOffset, nFileSize - 1);\n }\n\n return result();\n}" }, { "path": "db/Binary/archive_ARC.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: LinXP\n// Status: WIP\n\nmeta(\"archive\", \"FreeARC Archive (.ARC)\");\n\nfunction detect() {\n if (Binary.getSize() >= 9) {\n\n if (Binary.compare(\"417243010000\")) {\n bDetected = true;\n }\n }\n\n return result();\n}" }, { "path": "db/Binary/archive_ASAR.1.sg", "content": "// Detect It Easy: detection rule file\r\n// Author: horsicq \r\n\r\n// https://www.mend.io/blog/theres-a-new-stealer-variant-in-town-and-its-using-electron-to-stay-fully-undetected/\r\nmeta(\"archive\", \"Asar Archive (Electron)\");\r\n\r\nfunction detect() {\r\n if (Binary.getSize() >= 28) {\r\n if (Binary.compare(\"04..............................'{\\\"files\\\":{'\")) {\r\n bDetected = true;\r\n }\r\n }\r\n\r\n return result();\r\n}\r\n" }, { "path": "db/Binary/archive_BCSAR.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: Kae \n\n// https://www.3dbrew.org/wiki/BCSAR\nmeta(\"archive\", \"Nintendo Binary CTR Sound ARchive (.BCSAR)\");\n\nfunction detect() {\n if ((!X.c(\"'CSAR'FE\") && !X.c(\"'CSAR'FF\")) || X.U8(5) == X.U8(6) || X.U8(5) < 0xFE) return;\n var e = X.U8(5) == 0xFE ? _LE : _BE;\n if (X.U32(0x14, e) != 0x2000 || X.U32(0x20, e) != 0x2001 || X.U32(0x2C, e) != 0x2002) return;\n if (!X.c(\"'STRG'\", sp = X.U32(0x18, e)) || !X.c(\"'INFO'\", ip = X.U32(0x24, e)) || !X.c(\"'FILE'\", fp = X.U32(0x30, e))) return;\n\n bDetected = true;\n\n sVersion = 'v' + X.U32(8, e).toString(16) + '_' + (e == _LE ? 'le' : 'be');\n\n if (X.isVerbose()) {\n sOption('filenames:' + X.U32(sp + 0x18, e) + ' sz:' + outSz(X.U32(0xC, e)));\n }\n\n return result();\n}" }, { "path": "db/Binary/archive_BZip.1.sg", "content": "// Detect It Easy: detection rule file\r\n// Author: horsicq \r\n// doc-ref: https://github.com/dsnet/compress/blob/master/doc/bzip2-format.pdf\r\n\r\nmeta(\"archive\", \"BZip\");\r\n\r\nfunction detect() {\r\n if (Binary.getSize() >= 9) {\r\n if (Binary.compare(\"'BZ0'\")) {\r\n sVersion = \"1.0\";\r\n sOptions = \"compressed data (.BZ)\";\r\n bDetected = true;\r\n } else if (Binary.compare(\"'BZh'\") && Binary.compare(\"314159265359\", 0x4)) {\r\n sName = \"BZip2 compressed data (.BZ2)\"\r\n bDetected = true;\r\n }\r\n if (bDetected && Binary.isVerbose()) {\r\n sOptions = \"block-size:\" + Binary.getString(3, 1) + \"00 kb\";\r\n }\r\n }\r\n\r\n return result();\r\n}\r\n" }, { "path": "db/Binary/archive_CCA.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: BJNFNE \n\n// https://wiki.multimedia.cx/index.php/Engines/CNCSA\nmeta(\"archive\", \"Click & Create Archive (.CCA)\");\n\nfunction detect() {\n if (Binary.compare(\"'PAME'0702\")) {\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/Binary/archive_CFL3.1.sg", "content": "// https://github.com/horsicq/Detect-It-Easy signature file\n// Author: Kaens (TG @kaens)\n/* beautify ignore:start */\n\nmeta(\"archive\", \"Jari Comppa's Compressed File Library 3 file (.CFL)\");\n\nfunction detect() {\n //ref https://solhsa.com/zip/cfl3r3.zip / src/CFL.cpp & CFLResource.cpp\n var startp = t = 0;\n if (!X.c(\"'CFL3\"))\n if (X.c(\"'3CFL'\", X.Sz() - 4))\n if (X.c(\"'CFL3'\", t = X.Sz() - X.U32(X.Sz() - 8))) startp = t;\n else return false;\n var p = X.U32(startp + 4); p += 12 + X.U32(p + 4); if (!X.c(\"'3CFL'\", p)) return false;\n\n bDetected = true;\n if (X.isVerbose()) {\n if (startp) sOption('begins @' + Hex(startp));\n sOption(outSz(p + 4 - startp), 'sz:')\n }\n\n return result();\n}\n/* beautify ignore:end */" }, { "path": "db/Binary/archive_CKP.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: BJNFNE \n// https://www.mobygames.com/game/60768/adiboo-pazirals-secret/ Used by Adiboo & Paziral's Secret (2002/2003)\n\nmeta(\"archive\", \"CKP\");\n\nfunction detect() {\n if (Binary.compare(\"'.CKP'0001\")) {\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/Binary/archive_Cab.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: Jason Hood \n\nincludeScript(\"cab\");\n\nmeta(\"archive\", \"CAB\");\n\nfunction detect() {\n if (!detect_Cab(0, Binary.getSize())) {\n if (Binary.compare(\"'ISc('\")) {\n sName = \"InstallShield Cabinet File\";\n var nVer = Binary.readWord(4);\n switch (Binary.readByte(7)) {\n case 1:\n sVersion = (nVer >> 12) & 15;\n break;\n case 2:\n case 4:\n sVersion = (nVer / 100).toFixed(2);\n break;\n }\n bDetected = true;\n }\n }\n\n return result();\n}" }, { "path": "db/Binary/archive_DAA.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: BJNFNE \n// Used by PowerISO\n\n// https://github.com/horsicq/Detect-It-Easy/issues/45\n// https://isc.sans.edu/diary/The+DAA+File+Format/25246\nmeta(\"archive\", \"Direct Access Archive (.DAA)\");\n\nfunction detect() {\n if (Binary.compare(\"'DAA'0000000000000000000000004C\")) {\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/Binary/archive_DCP.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: BJNFNE \n// Used by Wintermute Engine\n\n// https://wiki.scummvm.org/index.php/Wintermute\nmeta(\"archive\", \"DCP\");\n\nfunction detect() {\n if (Binary.compare(\"DE AD C0 DE 4A 55 4E 4B\")) {\n var copyrightYear = Binary.getString(58, 5).trim();\n\n if (/^[12]\\d{3}$/.test(copyrightYear)) {\n sVersion = copyrightYear;\n bDetected = true;\n }\n }\n\n return result();\n}" }, { "path": "db/Binary/archive_DXA.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: BJNFNE \n\n// TODO: Add un-xored variant to this signature\n// https://github.com/yumetodo/DxLib/blob/master/source/DxArchive_.h\n// https://himeworks.com/tools/dxextract/\nmeta(\"archive\", \"DXA\");\n\nfunction detect() {\n if (Binary.compare(\"f70ee9a\")) {\n sOptions = \"Arcanum Knights\";\n sVersion = \"xored\";\n bDetected = true;\n } else if (Binary.compare(\"e94c..69\")) {\n sOptions = \"Labyrinth of Touhou 2\";\n sVersion = \"xored\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/Binary/archive_DatPack.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: BJNFNE \n\n// https://wiki.scummvm.org/index.php?title=List_of_games_embedded_in_Adi_4\nmeta(\"archive\", \"DatPack\");\n\nfunction detect() {\n if (Binary.compare(\"07'DatPack'f75b3500e701\")) {\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/Binary/archive_DotBundle.sg", "content": "// Detect It Easy: detection rule file\r\n// Author: horsicq \r\nmeta(\"archive\", \"DotBundle Project\");\r\n\r\nfunction detect() {\r\n if (Binary.compare(\"3C70726F6A6563743E0D0A20203C6D61696E65786520706174683D\")) {\r\n bDetected = true;\r\n }\r\n\r\n return result();\r\n}\r\n" }, { "path": "db/Binary/archive_EdgeDataPak.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: BJNFNE \n// https://www.mobygames.com/game/138556/the-energy-thieves/ Used by Adiboo & The Energy Thieves (2004)\n// Header of EdgeDataPak (2004) is based on CKP's (2002/2003) format\n\nmeta(\"archive\", \"EdgeDataPak (.EDP)\");\n\nfunction detect() {\n if (Binary.compare(\"'.EDP'0001\")) {\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/Binary/archive_Flatpak.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: BJNFNE \n\n// https://flatpak.org/\nmeta(\"archive\", \"Flatpak\");\n\nfunction detect() {\n if (Binary.compare(\"66 6C 61 74 70 61 6B\")) {\n var versionNumber = Binary.getString(24, 33).trim();\n\n if (/^[a-zA-Z0-9\\/._-]{33}/.test(versionNumber)) {\n if (X.isVerbose()) sVersion = versionNumber;\n bDetected = true;\n }\n }\n\n return result();\n}" }, { "path": "db/Binary/archive_GhidraZipFile.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: BJNFNE \n\n// https://github.com/NationalSecurityAgency/ghidra\nmeta(\"archive\", \"Ghidra Zip File\");\n\nfunction detect() {\n if (Binary.compare(\"aced000577..2e30212634e92c200000000100\")) {\n sOptions = File.cleanString(Binary.getString(0x00000014));\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/Binary/archive_GodotPCK.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: BJNFNE \n\n// https://github.com/GDRETools/gdsdecomp/blob/master/utility/pck_creator.cpp\nmeta(\"archive\", \"Godot Pack\");\n\nfunction detect() {\n if (Binary.compare(\"'GDPC'0100000003000000..000000\")) {\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/Binary/archive_HIP.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: BJNFNE \n// Used by EvilEngine games\n\n// https://heavyironmodding.org/wiki/EvilEngine/HIP_(File_Format)\nmeta(\"archive\", \"HIP archive\");\n\nfunction detect() {\n if (Binary.compare(\"'HIPA'00000000'PACK'00000090\")) {\n sVersion = Binary.getString(0x58);\n\n if (sVersion.match(/^[A-Za-z]{3}\\s[A-Za-z]{3}\\s\\d{1,2}\\s\\d{2}:\\d{2}:\\d{2}\\s\\d{4}$/)) {\n sVersion = \"Build date: \" + sVersion;\n bDetected = true;\n }\n }\n\n return result();\n}" }, { "path": "db/Binary/archive_IFP.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: BJNFNE \n// Used by Grand Theft Auto San Andreas\n\n// https://gtamods.com/wiki/IFP\nmeta(\"archive\", \"Animation file\");\n\nfunction detect() {\n if (Binary.compare(\"'ANP3'\")) {\n var versionNumber = Binary.getString(3, 1).trim();\n\n if (/^[0-9]{1}/.test(versionNumber)) {\n if (X.isVerbose()) sVersion = versionNumber;\n bDetected = true;\n }\n }\n\n return result();\n}" }, { "path": "db/Binary/archive_IPW.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: BJNFNE \n\n// https://www.mobygames.com/game/8818/island-peril/\nmeta(\"archive\", \"Peril WAD\");\n\nfunction detect() {\n if (Binary.compare(\"'DT1'00c3030000\")) {\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/Binary/archive_InnoSetup.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: BJNFNE \n\n// https://github.com/YenForYang/innounp/blob/master/Struct5205u.pas\nmeta(\"archive\", \"Inno Setup\");\n\nfunction detect() {\n if (Binary.compare(\"'idska32'1a\")) {\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/Binary/archive_JAM.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: BJNFNE \n// Used by Lego Racers\n\n// https://github.com/JrMasterModelBuilder/JAM-Extractor\nmeta(\"archive\", \"JAM\");\n\nfunction detect() {\n bDetected = Binary.compare(\"'LJAM'0000000002000000\");\n\n return result();\n}" }, { "path": "db/Binary/archive_LAB.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: BJNFNE \n\n// https://gist.github.com/Gemba/c793590c32a6c121445fa14ed361e51d\nmeta(\"archive\", \"LucasArts Binary Archive\");\n\nfunction detect() {\n if (Binary.compare(\"'LABN'00000100\")) {\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/Binary/archive_LRZ.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: LinXP\n// Status: WIP\n\nmeta(\"archive\", \"Long Range ZIP (.LRZ)\");\n\nfunction detect() {\n if (Binary.getSize() >= 9) {\n if (Binary.compare(\"'LRZI'\")) {\n bDetected = true;\n sVersion = Binary.read_uint8(0x04) + \".\" + Binary.read_uint8(0x05);\n\n switch (Binary.read_uint8(0x31)) {\n case 3: break;\n case 4: sOption(\"BZIP2\"); break;\n case 5: sOption(\"LZO\"); break;\n case 6: sOption(\"LZMA\"); break;\n case 7: sOption(\"GZIP\"); break;\n case 8: sOption(\"ZPAQ\"); break;\n default: bDetected = false;\n }\n switch (Binary.read_uint8(0x16)) {\n case 0: break;\n case 1: sOption(\"encrypted\"); break;\n default: bDetected = false;\n }\n switch (Binary.read_uint8(0x15)) {\n case 0: break;\n case 1: sOption(\"md5\"); break;\n default: bDetected = false;\n }\n }\n }\n\n return result();\n}" }, { "path": "db/Binary/archive_LZOP.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: LinXP\n// doc-ref: https://en.wikipedia.org/wiki/Lzop\n\nmeta(\"archive\", \"LZOP compressed data\");\n\nfunction detect() {\n if (Binary.getSize() >= 9) {\n bDetected = Binary.compare(\"89'LZO'000D0A1A0A\");\n }\n\n return result();\n}" }, { "path": "db/Binary/archive_MCS.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: BJNFNE \n\n// https://thedustedarchives.com/de/monsterized-news/\nmeta(\"archive\", \"MCS\");\n\nfunction detect() {\n if (Binary.compare(\"'AHFFMACS0200'\")) {\n var game = Binary.getString(15, 12).trim();\n\n if (/^[A-Z/!]{12}/.test(game)) {\n if (X.isVerbose()) sOptions = game;\n bDetected = true;\n }\n }\n\n return result();\n}" }, { "path": "db/Binary/archive_MS-WIM.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: LinXP\n// Rewritten by BJNFNE\n\n// https://github.com/libyal/assorted/blob/main/documentation/Windows%20Imaging%20%28WIM%29%20file%20format.asciidoc\nmeta(\"archive\", \"Windows Imaging Format (.WIM)\");\n\nfunction detect() {\n if (Binary.getSize() >= 9) {\n\n if (Binary.compare(\"'MSWIM'000000\")) {\n if (Binary.isVerbose()) sOptions = \"{\" + Binary.read_UUID(0x18) + \"}\";\n bDetected = true;\n\n switch (Binary.read_uint16(0x12)) {\n case 0: sOption(\"No compression\"); break;\n case 2: sOption(\"XPRESS compression\"); break;\n case 4: sOption(\"LZX compression\"); break;\n case 8: sOption(\"LZMS compression\"); break;\n default: bDetected = false;\n }\n sOption(\"Part Number:\" + Binary.read_uint16(0x28) + \"/\" + Binary.read_uint16(0x2A));\n\n } else if (Binary.compare(\"'WLPWM'000000\")) { // https://wimlib.net/\n sName += \", wimlib\";\n bDetected = true;\n }\n\n }\n\n return result();\n}" }, { "path": "db/Binary/archive_MWD.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: BJNFNE \n// Used by Frogger\n\n// https://highwayfrogs.net/thread/40/frogger-file-information-megathread\nmeta(\"archive\", \"Medievil WAD\");\n\nfunction detect() {\n if (Binary.compare(\"44 41 57 4D\")) {\n var creationDate = Binary.getString(24, 29).trim();\n\n if (/^[A-Z][a-z]+, \\d{1,2}(?:st|nd|rd|th) [A-Z][a-z]+ \\d{4}$/.test(creationDate)) {\n sOptions = \"Creation date: \" + creationDate;\n bDetected = true;\n }\n }\n\n return result();\n}" }, { "path": "db/Binary/archive_P2L.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: BJNFNE \n\n// https://wiki.multimedia.cx/index.php/Engines/PSM\nmeta(\"archive\", \"PSM Soundsystem (.P2L)\");\n\nfunction detect() {\n if (Binary.compare(\"'PSMLST PSM'\")) {\n var versionNumber = Binary.getString(11, 4).trim();\n\n if (/^[0-9\\.]{4}$/.test(versionNumber)) {\n sVersion = versionNumber;\n bDetected = true;\n }\n }\n\n return result();\n}" }, { "path": "db/Binary/archive_PAK.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: BJNFNE \n\n// PAK archive format is more generic, so extend this signature if required.\n// http://justsolve.archiveteam.org/wiki/PAK\nmeta(\"archive\", \"PAK\");\n\nfunction detect() {\n if (Binary.compare(\"'DPAK'0000010018000000\")) {\n sVersion = \"Lego Creator\";\n bDetected = true;\n } else if (Binary.compare(\"'PACK'7faf000080\")) {\n bDetected = true;\n } else if (Binary.compare(\"'RWPACK'0000000080\")) {\n sOptions = \"PAK Compiler (Raymond Wilson 2008)\"; // https://archive.gamedev.net/archive/reference/articles/article1991.html\n bDetected = true;\n } else if (Binary.compare(\"'MUDGE4'2e30\")) { // https://www.ign.com/games/producer/witan\n sVersion = Binary.getString(8);\n var match = sVersion.match(/(\\d{2})\\/(\\d{2})\\/(\\d{4}).*Copyright\\s+(.+?)(?:\\x00|$)/i);\n if (match) {\n sVersion = match[1] + \"/\" + match[2] + \"/\" + match[3] + \", \" + match[4].trim();\n bDetected = true;\n }\n }\n\n return result();\n}" }, { "path": "db/Binary/archive_PBP.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: BJNFNE \n\n// https://www.psdevwiki.com/ps3/PBP\nmeta(\"archive\", \"PlayStation Update Package\");\n\nfunction detect() {\n if (Binary.compare(\"00 50 42 50\")) {\n var psf = Binary.getString(41, 3).trim();\n\n if (/^[A-Z]{3}/.test(psf)) {\n if (X.isVerbose()) sOptions = psf;\n bDetected = true;\n }\n }\n\n return result();\n}" }, { "path": "db/Binary/archive_PEA.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: LinXP\n// doc-ref: https://peazip.github.io/pea_help.pdf\n\nmeta(\"archive\", \"PeaZip (.PEA)\");\n\nfunction detect() {\n if (Binary.getSize() >= 10) {\n if (Binary.compare(\"EA\") && Binary.compare(\"0000'POD'00\", 0x0A)) {\n sVersion = \"v\" + Binary.read_uint8(0x01) + \".\" + Binary.read_uint8(0x02)\n bDetected = true;\n\n if (bDetected && Binary.isVerbose()) {\n switch (Binary.read_uint8(0x3)) {\n case 0: sOption(\"NOALGO\"); break;\n case 1: sOption(\"ADLER32\"); break;\n case 2: sOption(\"CRC32\"); break;\n case 3: sOption(\"CRC64\"); break;\n case 16: sOption(\"MD5\"); break;\n case 17: sOption(\"RIPEMD160\"); break;\n case 18: sOption(\"SHA1\"); break;\n case 19: sOption(\"SHA256\"); break;\n case 20: sOption(\"SHA512\"); break;\n case 21: sOption(\"WHIRLPOOL\"); break;\n case 22: sOption(\"SHA3_256\"); break;\n case 23: sOption(\"SHA3_512\"); break;\n case 24: sOption(\"BLAKE2S\"); break;\n case 25: sOption(\"BLAKE2B\"); break;\n default:\n bDetected = false;\n }\n }\n }\n }\n\n return result();\n}" }, { "path": "db/Binary/archive_PKG.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: BJNFNE \n\n// https://www.psdevwiki.com/ps3/PKG_files\nmeta(\"archive\", \"System Software Update Packages\");\n\nfunction detect() {\n if (Binary.compare(\"7F 50 4B 47\")) {\n var contentId = Binary.getString(48, 48).trim();\n\n if (/^[A-Z0-9]{6,7}-[A-Z0-9]{9}_00-[A-Z0-9]{16,18}$/.test(contentId)) {\n if (X.isVerbose()) sOptions = \"ContentID: \" + contentId;\n bDetected = true;\n }\n }\n\n return result();\n}" }, { "path": "db/Binary/archive_PSARC.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: BJNFNE \n\n// https://www.psdevwiki.com/ps3/PlayStation_archive_(PSARC)\nmeta(\"archive\", \"PSARC\");\n\nfunction detect() {\n if (Binary.compare(\"50534152000100037a6c6962\")) {\n sVersion = \"1.3\";\n sOptions = \"zlib\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/Binary/archive_PUP.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: BJNFNE \n\n// https://www.psdevwiki.com/ps3/Playstation_Update_Package_(PUP)\nmeta(\"archive\", \"PlayStation Update Package\");\n\nfunction detect() {\n if (Binary.compare(\"'SCEUF'0000....000000\")) {\n sVersion = \"PS3/PS Vita\";\n bDetected = true;\n } else if (Binary.compare(\"'SLB2'..0000000000....02\")) {\n sVersion = \"PS4/PS5\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/Binary/archive_RVZ.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: BJNFNE \n\n// https://github.com/dolphin-emu/dolphin/blob/500728360cd177466f699962b441363cd1dd9ed7/docs/WiaAndRvz.md\nmeta(\"archive\", \"RVZ\");\n\nfunction detect() {\n if (Binary.compare(\"'RVZ'\")) {\n var gameId = Binary.getString(88, 6).trim();\n\n if (/^[A-Z0-9]{6}$/.test(gameId)) {\n if (X.isVerbose()) sOptions = \"GameID: \" + gameId;\n bDetected = true;\n }\n }\n\n return result();\n}\n" }, { "path": "db/Binary/archive_STK.1.sg", "content": "// Detect It Easy: detection rule file\n\n// Author: DosX\n// E-Mail: collab@kay-software.ru\n// GitHub: https://github.com/DosX-dev\n// Telegram: @DosX_dev\n// ---\n// Samples by: BJNFNE \n\n// https://wiki.scummvm.org/index.php?title=Gob/DEV7_Information#STK21_File_Structure\nmeta(\"archive\", \"STK\");\n\nfunction detect() {\n if (Binary.getSize() > 64 && Binary.compare(\"'STK2.' %%\")) {\n var stkMagicSign = Binary.getString(6, 32).trim();\n\n if (/^[0-9]{10,}[A-Za-z0-9]{5,}/.test(stkMagicSign)) {\n if (X.isVerbose()) sOptions = \"Magic signature: \" + stkMagicSign;\n sVersion = Binary.getString(3, 3).trim();\n\n if (/^2\\.[0-9]$/.test(sVersion)) {\n bDetected = true;\n }\n }\n }\n\n return result();\n}" }, { "path": "db/Binary/archive_Shaped.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: BJNFNE \n\n// https://www.adventure-treff.de/spiele-datenbank/14049-iron-willy\nmeta(\"archive\", \"Shaped (.SHP)\");\n\nfunction detect() {\n if (Binary.compare(\"'Shaped'\")) {\n var copyrightYear = Binary.getString(28, 4).trim();\n\n if (/^[12]\\d{3}$/.test(copyrightYear)) {\n sOptions = copyrightYear;\n bDetected = true;\n }\n }\n\n return result();\n}" }, { "path": "db/Binary/archive_TRE.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: BJNFNE \n\n// https://modthegalaxy.com/index.php?threads/tre-explorer.11/\nmeta(\"archive\", \"TRE\");\n\nfunction detect() {\n if (Binary.compare(\"'EERT5000'....0000\")) {\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/Binary/archive_Unity.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: LinXP\n\nmeta(\"archive\", \"Unity\");\n\nfunction detect() {\n var nFileVer, sEngineVer, sMinPlayerVer\n if (Binary.getSize() >= 0x07) {\n if (Binary.compare(\"'UnityFS'00\")) {\n sName += \"/UnityFS\";\n nFileVer = Binary.read_uint32(0x8, _BE);\n sEngineVer = Binary.getString(0x12);\n sMinPlayerVer = Binary.getString(0x0C);\n if (sEngineVer && sMinPlayerVer) {\n sVersion = sVersion.append(\"FileVer:\" + nFileVer);\n sVersion = sVersion.append(\"EngineVer:\" + sEngineVer);\n sVersion = sVersion.append(\"MinPlayerVer:\" + sMinPlayerVer);\n bDetected = true;\n }\n } else if (Binary.compare(\"'UnityRaw'00\")) {\n sName += \"/UnityRaw\";\n nFileVer = Binary.read_uint32(0x9, _BE);\n sEngineVer = Binary.getString(0x13);\n sMinPlayerVer = Binary.getString(0x0D);\n if (sEngineVer && sMinPlayerVer) {\n sVersion = sVersion.append(\"FileVer:\" + nFileVer);\n sVersion = sVersion.append(\"EngineVer:\" + sEngineVer);\n sVersion = sVersion.append(\"MinPlayerVer:\" + sMinPlayerVer);\n bDetected = true;\n }\n } else if (Binary.compare(\"'UnityWeb'00\")) {\n sName += \"/UnityWeb\";\n nFileVer = Binary.read_uint32(0x9, _BE);\n sEngineVer = Binary.getString(0x13);\n sMinPlayerVer = Binary.getString(0x0D);\n if (sEngineVer && sMinPlayerVer) {\n sVersion = sVersion.append(\"FileVer:\" + nFileVer);\n sVersion = sVersion.append(\"EngineVer:\" + sEngineVer);\n sVersion = sVersion.append(\"MinPlayerVer:\" + sMinPlayerVer);\n bDetected = true;\n }\n } else if (Binary.read_uint32(0x10, _BE) == 0) {\n sName += \"/Unity Asset\";\n nFileVer = Binary.read_uint32(0x8, _BE);\n switch (nFileVer) {\n case 9:\n sEngineVer = Binary.getString(0x14);\n break;\n case 15:\n sEngineVer = Binary.getString(0x14);\n break;\n case 17:\n sEngineVer = Binary.getString(0x14);\n break;\n case 20:\n sEngineVer = Binary.getString(0x14);\n break;\n case 21:\n sEngineVer = Binary.getString(0x14);\n break;\n case 22:\n sEngineVer = Binary.getString(0x30);\n break;\n }\n if (sEngineVer && nFileVer <= 22 && nFileVer >= 8) {\n sVersion = sVersion.append(\"FileVer:\" + nFileVer);\n sVersion = sVersion.append(\"EngineVer:\" + sEngineVer);\n bDetected = true;\n }\n }\n }\n\n return result();\n}" }, { "path": "db/Binary/archive_UnrealEngine.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: LinXP\n\nmeta(\"archive\", \"UnrealEngine\");\n\nfunction detect() {\n if (Binary.getSize() >= 0x400) {\n if (Binary.compare(\"C1832A9E\")) {\n bDetected = true;\n sName += \"\\\\Unreal Package\"\n var nVer = Binary.read_uint16(0x04);\n var nLicVer = Binary.read_uint16(0x06);\n sVersion = sVersion.append(nVer, nLicVer);\n\n } else if (Binary.compare(\"E1126F5A\", Binary.getSize() - 204)) {\n bDetected = true;\n sName += \"\\\\UE4 package (.PAK)\"\n sVersion = Binary.read_uint32(Binary.getSize() - 200);\n switch (Binary.read_uint8(Binary.getSize() - 206)) {\n case 0:\n break;\n case 1:\n sOptions = sOptions.append(\"Index Is Encrypted\");\n break;\n default:\n bDetected = false;\n }\n sOptions = sOptions.append(Binary.getString(Binary.getSize() - 160));\n\n }\n\n }\n\n return result();\n}" }, { "path": "db/Binary/archive_ViseInstaller.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: BJNFNE \n\n// https://en.wikipedia.org/wiki/Installer_VISE\nmeta(\"archive\", \"Vise Installer\");\n\nfunction detect() {\n if (Binary.compare(\"'ESIV'abbc19\")) {\n sOptions = \"Big endian\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/Binary/archive_XZP.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: BJNFNE \n\n// https://digiex.net/threads/xzp-tool-v2-0-browse-edit-xbox-360-zxp-files.15990/\nmeta(\"archive\", \"XBox Zip File (.XZP)\");\n\nfunction detect() {\n if (Binary.compare(\"'BDES'00000001\")) {\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/Binary/archive_ZPAQ.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: LinXP\n// Status: WIP\n\nmeta(\"archive\", \"ZPAQ Compressed Archive (.ZPAQ)\");\n\nfunction detect() {\n if (Binary.getSize() >= 9) {\n if (Binary.compare(\"'7kSt'\") && Binary.compare(\"'zPQ'\", 0x0D)) {\n bDetected = true;\n }\n }\n\n return result();\n}" }, { "path": "db/Binary/archive_archives.1.sg", "content": "// Detect It Easy: detection rule file\r\n// Authors: hypn0 , Kaens (TG@kaens), LinXP\r\n\r\nmeta(\"archive\", \"\");\r\n\r\nfunction detect() {\r\n if (Binary.compare(\"a596fdff\")) {\r\n bDetected = true;\r\n sName = \"FTCOMP\";\r\n } else if (Binary.compare(\"a596..0a\")) {\r\n bDetected = true;\r\n sName = \"IBMPACK1\";\r\n } else if (Binary.compare(\"a596feff\")) {\r\n bDetected = true;\r\n sName = \"IBMPACK2\";\r\n } else if (Binary.compare(\"aced00057704\")) {\r\n bDetected = true;\r\n sName = \"IzPack\";\r\n } else if (Binary.compare(\"'bvxn'\")) {\r\n bDetected = true;\r\n sName = \"LZFSE\";\r\n } else if (Binary.compare(\"'SIT!'\")) {\r\n bDetected = true;\r\n sName = \"SIT\";\r\n } else if (Binary.compare(\"06'SKF3.0'\")) {\r\n bDetected = true;\r\n sName = \"SKF\";\r\n } else if (Binary.compare(\"'Archive'00................2800000064\")) {\r\n bDetected = true;\r\n sName = \"ArcFS\";\r\n } else if (Binary.compare(\"'ARCV'0002\")) {\r\n bDetected = true;\r\n sName = \"ARCV 2\";\r\n } else if (Binary.compare(\"09006bea\")) {\r\n bDetected = true;\r\n sName = \"BFF\";\r\n } else if (Binary.compare(\"00069a\") || Binary.compare(\"0006d2\")) {\r\n bDetected = true;\r\n sName = \"DCL\";\r\n } else if (Binary.compare(\"....'-lh'..2d\") || Binary.compare(\"....'-lz'..2d\") || Binary.compare(\"....'-pm'..2d\")) {\r\n sVersion = Binary.getString(2, 5)\r\n bDetected = true;\r\n switch (Binary.getString(3, 3)) {\r\n case \"lh0\":\r\n case \"lh1\":\r\n case \"lh2\":\r\n case \"lh3\":\r\n case \"lh4\":\r\n case \"lh5\":\r\n case \"lh6\":\r\n case \"lh7\":\r\n case \"lhd\":\r\n sName = \"LHA (.LHA)\";\r\n break;\r\n case \"lh8\":\r\n case \"lh9\":\r\n case \"lha\":\r\n case \"lhb\":\r\n case \"lhc\":\r\n case \"lhe\":\r\n sName = \"LHA\";\r\n sOptions = \"Joe Jared ext (.LHA)\";\r\n break;\r\n case \"lhx\":\r\n sName = \"LHA\";\r\n sOptions = \"UNLHA32 ext (.LHA)\"\r\n break;\r\n case \"lzs\":\r\n case \"lz2\":\r\n case \"lz3\":\r\n case \"lz4\":\r\n case \"lz5\":\r\n case \"lz6\":\r\n case \"lz7\":\r\n case \"lz8\":\r\n sName = \"LHA \";\r\n sOptions = \"LArc ext (.LZS)\";\r\n break;\r\n case \"lz7\":\r\n case \"pm0\":\r\n case \"pm2\":\r\n sName = \"LHA archive, PMarc ext (.PMA)\";\r\n break;\r\n default:\r\n bDetected = false;\r\n }\r\n } else if (Binary.compare(\"'mflh'0100\")) {\r\n bDetected = true;\r\n sName = \"MVA\";\r\n } else if (Binary.compare(\"'ViG'....1a\")) {\r\n bDetected = true;\r\n sName = \"PaperPort\";\r\n } else if (Binary.compare(\"'sqsh'0000\")) {\r\n bDetected = true;\r\n sName = \"SquashFS\";\r\n sOptions = \"big endian\";\r\n } else if (Binary.compare(\"'hsqs'0300\")) {\r\n bDetected = true;\r\n sName = \"SquashFS\";\r\n sOptions = \"little endian\";\r\n } else if (Binary.compare(\"'im001V'......50....0000\")) {\r\n sName = \"SW\";\r\n bDetected = true;\r\n var arch_offset = Binary.readByte(0x0e) + 15;\r\n if (Binary.compare(\"1f9d\", arch_offset)) {\r\n sName = \"Z\";\r\n } else if (Binary.compare(\"1f1e\", arch_offset)) {\r\n sName = \"PACK 2\";\r\n }\r\n } else if (Binary.compare(\"0001000401000100010000000000000000000000000000000000000000000000010101\")) {\r\n bDetected = true;\r\n sName = \"VMS SaveSet\";\r\n } else if (Binary.compare(\"'ZOO'............'Archive'\")) {\r\n bDetected = true;\r\n sName = \"ZOO\";\r\n } else if (Binary.compare(\"602213636c00\")) {\r\n bDetected = true;\r\n sName = \"Asymetrix\";\r\n } else if (Binary.compare(\"453dcd28........................'Compressed ROMFS'\")) {\r\n bDetected = true;\r\n sName = \"CRAMFS\";\r\n } else if (Binary.compare(\"'IsZ!@'01\")) {\r\n bDetected = true;\r\n sName = \"Zipped ISO Disk Image (.ISZ)\";\r\n switch (Binary.read_uint32(0x10)) {\r\n case 0:\r\n sOptions = \"no password\";\r\n break;\r\n case 1:\r\n sOptions = \"password\";\r\n break;\r\n case 2:\r\n sOptions = \"password, aes128\";\r\n break;\r\n case 3:\r\n sOptions = \"password, aes182\";\r\n break;\r\n case 4:\r\n sOptions = \"password, aes256\";\r\n break;\r\n }\r\n } else if (Binary.compare(\"aa59f0000002\")) {\r\n bDetected = true;\r\n sName = \"SaveDskF\";\r\n } else if (Binary.compare(\"'AlB'1a\")) {\r\n bDetected = true;\r\n sName = \"BeOS package\";\r\n } else if (Binary.compare(\"'BIGF'00\")) {\r\n bDetected = true;\r\n sName = \"BIGF\";\r\n } else if (Binary.compare(\"01ca'Copyright (c) Genus Microprogramming, Inc.'\")) {\r\n bDetected = true;\r\n sName = \"GXL\";\r\n } else if (Binary.compare(\"0100......00ecf9\")) {\r\n bDetected = true;\r\n sName = \"INSA\";\r\n } else if (Binary.compare(\"..0fd28ccc1f..3c0d8e830dd88f25ac\")) {\r\n bDetected = true;\r\n sName = \"InstallShield ISN\";\r\n } else if (Binary.compare(\"135d658c3a010200\")) {\r\n bDetected = true;\r\n sName = \"InstallShield\";\r\n sVersion = \"3.x\"\r\n } else if (Binary.compare(\"2aab79d800010000\")) {\r\n bDetected = true;\r\n sName = \"InstallShield INST\";\r\n sVersion = \"3.x\"\r\n } else if (Binary.compare(\"'SZDD'88\")) {\r\n bDetected = true;\r\n sName = \"SZDD\";\r\n sOptions = \"by Microsoft\";\r\n } else if (Binary.compare(\"'KWAJ'88\")) {\r\n bDetected = true;\r\n sName = \"KWAJ\";\r\n sOptions = \"by Microsoft\";\r\n } else if (Binary.compare(\"'MDmd'\")) {\r\n bDetected = true;\r\n sName = \"MDCD\";\r\n } else if (Binary.compare(\"'MPQ'1a\")) {\r\n bDetected = true;\r\n sName = \"MPQ\";\r\n sOptions = \"by Blizzard\";\r\n } else if (Binary.compare(\"'_MCT'00'KSLZ'789c\")) {\r\n bDetected = true;\r\n sName = \"MSKN 2\";\r\n sOptions = \"zlib\";\r\n } else if (Binary.compare(\"'PACK'............0000\")) {\r\n bDetected = true;\r\n sName = \"PACK\";\r\n } else if (Binary.compare(\"'PACK'\") && File.read_uint32(4, _BE) > 0 && File.read_uint32(4, _BE) <= 3) {\r\n bDetected = true;\r\n sName = \"Packed git objects (.pack)\";\r\n sVersion = \"v\" + File.read_uint32(4, _BE);\r\n sOptions = File.read_uint32(8, _BE) + \" object(s)\"\r\n } else if (Binary.compare(\"FF'tOc'00000002\")) {\r\n sName = \"Index of packed git objects (.idx)\";\r\n sVersion = \"v\" + File.read_uint32(4, _BE);\r\n bDetected = 1\r\n } else if (Binary.compare(\"'RIDX'00000001\") && File.read_uint32(8, _BE) > 0 && File.read_uint32(8, _BE) <= 2) {\r\n sName = \"Reverse index of packed git objects (.rev)\";\r\n sVersion = \"v1\";\r\n bDetected = true;\r\n switch (File.read_uint32(8, _BE)) {\r\n case 1:\r\n sOptions = \"SHA-1 hashes\";\r\n break;\r\n case 2:\r\n sOptions = \"SHA-256 hashes\";\r\n break;\r\n default:\r\n sOptions = \"unknown hashes\";\r\n }\r\n } else if (Binary.compare(\"00000000000000000000000000007400010074000500\")) {\r\n bDetected = true;\r\n sName = \"PCInstall\";\r\n } else if (Binary.compare(\"'PP20'09\")) {\r\n bDetected = true;\r\n sName = \"PowerPack\";\r\n sOptions = \"by Nico Francois\";\r\n } else if (Binary.compare(\"edabeedb0300\")) {\r\n bDetected = true;\r\n sName = \"RPM package\";\r\n } else if (Binary.compare(\"bd01..00..00..000000\")) {\r\n bDetected = true;\r\n sName = \"HUFF\";\r\n } else if (Binary.compare(\"'SZ '88\")) {\r\n bDetected = true;\r\n sName = \"SZ\";\r\n sOptions = \"by Microsoft\";\r\n } else if (Binary.compare(\"'BAGF'02\")) {\r\n bDetected = true;\r\n sName = \"BAGF\";\r\n } else if (Binary.compare(\"'PAC - 'a9' BVRP Software 1990-2000'\")) {\r\n bDetected = true;\r\n sName = \"PAC\";\r\n sOptions = \"1990-2000 by BVRP Software\";\r\n } else if (Binary.compare(\"'Cr24'02\")) {\r\n bDetected = true;\r\n sName = \"CRX\";\r\n } else if (Binary.compare(\"74c42c84e1e5d428\")) {\r\n bDetected = true;\r\n sName = \"InstallShield INX\";\r\n sVersion = \"7.x\"\r\n } else if (Binary.compare(\"5d0000....ffffffffffffffff00180ddd04\")) {\r\n bDetected = true;\r\n sName = \"LZMA\";\r\n } else if (Binary.compare(\"5d00008000........000000000000\")) {\r\n bDetected = true;\r\n sName = \"LZMA\";\r\n } else if (Binary.compare(\"1fa0\")) {\r\n bDetected = true;\r\n sName = \"SCO\";\r\n } else if (Binary.compare(\"'# PaCkAgE DaTaStReAm'\")) {\r\n bDetected = true;\r\n sName = \"Solaris Package\";\r\n } else if (Binary.compare(\"'SQZE'010000\")) {\r\n bDetected = true;\r\n sName = \"SQZE\";\r\n } else if (Binary.compare(\"'xar!'001c00010000\")) {\r\n bDetected = true;\r\n sName = \"XAR\";\r\n } else if (Binary.compare(\"fd'7zXZ'00\")) {\r\n bDetected = true;\r\n sName = \"XZ\";\r\n }\r\n\r\n function isCompress() {\r\n if (File.getSize() < 3 || !File.compare(\"1F9D\")) return false;\r\n t = File.read_uint8(2);\r\n sversion = t & 0x80 ? \"new\" : \"old\";\r\n t &= 0x7F;\r\n if (t < 9 || t > 16) return false;\r\n return true;\r\n }\r\n if (!bDetected)\r\n if (isCompress()) {\r\n sName = \"Compress (.Z)\";\r\n sVersion = sversion;\r\n bDetected = true;\r\n } else if (Binary.compare(\"'LZK00'000000\")) {\r\n bDetected = true;\r\n sName = \"LZK00\";\r\n } else if (Binary.compare(\"032401010100\")) {\r\n bDetected = true;\r\n sName = \"WPK\";\r\n } else if (Binary.compare(\"'TPWM'\")) {\r\n bDetected = true;\r\n sName = \"TPWM (BlueByte)\";\r\n } else if ((Binary.getSize() >= 500) && (Binary.compare(\"00'ustar'\", 0x100))) {\r\n bDetected = true;\r\n sName = \"tar\";\r\n } else if (Binary.compare(\"'LB'0100\")) {\r\n bDetected = true;\r\n sName = \"XFL game resource file (.XFL)\";\r\n sVersion = \"v1.0\";\r\n sOptions = sOptions.append(Binary.getString(12, 32));\r\n sOptions = sOptions.append(\"& other \" + (Binary.readDword(8) - 1) + \" files\");\r\n } else if (Binary.compare(\"FF060000'sNaPpY'\")) {\r\n bDetected = true;\r\n sName = \"Snappy compressed data (.SZ)\";\r\n } else if (Binary.compare(\"'blkzip'00\")) {\r\n bDetected = true;\r\n sName = \"BulkZip (.BULK)\";\r\n } else if (Binary.compare(\"AE01'NanoZip 0.09 alpha'\")) {\r\n bDetected = true;\r\n sName = \"NanoZip (.NZ)\";\r\n sVersion = \"0.09 alpha\";\r\n } else if (Binary.compare(\"'CM'2805060000\")) {\r\n bDetected = true;\r\n sName = \"RAZOR (.RZ)\";\r\n sOptions = \"by Christian Martelock\"\r\n } else if (Binary.compare(\"28B52FFD\")) {\r\n bDetected = true;\r\n sName = \"Facebook Zstandard/ZSTD compressed data (.ZST)\";\r\n } else if (Binary.compare(\"00'APPL'\", 0x40) && Binary.compare(\"00008181\", 0x78)) {\r\n bDetected = true;\r\n sName = \"MacBinary\";\r\n }\r\n\r\n return result();\r\n}\r\n" }, { "path": "db/Binary/archive_archives.ancient.sg", "content": "// Detect It Easy: detection rule file\n// Author: Kaens (TG@kaens)\n// Mostly from the all-encompassing https://github.com/temisu/ancient\n//Lots of these formats have very shaky signatures, and some won't even have decompression errors...\n\nmeta(\"archive\", \"\");\n/* beautify ignore:start */\ndebug = 0;\n\nfunction detect() {\n\tconst maxsz = 0x40000000; var bad = \"\", xpk = 0, sname = sversion = soptions = \"\";\n\n\t//the following is provisory until the system CRC functions get updated\n\tconst CRC16Table = [\n\t0x0000,0xc0c1,0xc181,0x0140,0xc301,0x03c0,0x0280,0xc241,0xc601,0x06c0,0x0780,0xc741,0x0500,0xc5c1,0xc481,0x0440,\n\t0xcc01,0x0cc0,0x0d80,0xcd41,0x0f00,0xcfc1,0xce81,0x0e40,0x0a00,0xcac1,0xcb81,0x0b40,0xc901,0x09c0,0x0880,0xc841,\n\t0xd801,0x18c0,0x1980,0xd941,0x1b00,0xdbc1,0xda81,0x1a40,0x1e00,0xdec1,0xdf81,0x1f40,0xdd01,0x1dc0,0x1c80,0xdc41,\n\t0x1400,0xd4c1,0xd581,0x1540,0xd701,0x17c0,0x1680,0xd641,0xd201,0x12c0,0x1380,0xd341,0x1100,0xd1c1,0xd081,0x1040,\n\t0xf001,0x30c0,0x3180,0xf141,0x3300,0xf3c1,0xf281,0x3240,0x3600,0xf6c1,0xf781,0x3740,0xf501,0x35c0,0x3480,0xf441,\n\t0x3c00,0xfcc1,0xfd81,0x3d40,0xff01,0x3fc0,0x3e80,0xfe41,0xfa01,0x3ac0,0x3b80,0xfb41,0x3900,0xf9c1,0xf881,0x3840,\n\t0x2800,0xe8c1,0xe981,0x2940,0xeb01,0x2bc0,0x2a80,0xea41,0xee01,0x2ec0,0x2f80,0xef41,0x2d00,0xedc1,0xec81,0x2c40,\n\t0xe401,0x24c0,0x2580,0xe541,0x2700,0xe7c1,0xe681,0x2640,0x2200,0xe2c1,0xe381,0x2340,0xe101,0x21c0,0x2080,0xe041,\n\t0xa001,0x60c0,0x6180,0xa141,0x6300,0xa3c1,0xa281,0x6240,0x6600,0xa6c1,0xa781,0x6740,0xa501,0x65c0,0x6480,0xa441,\n\t0x6c00,0xacc1,0xad81,0x6d40,0xaf01,0x6fc0,0x6e80,0xae41,0xaa01,0x6ac0,0x6b80,0xab41,0x6900,0xa9c1,0xa881,0x6840,\n\t0x7800,0xb8c1,0xb981,0x7940,0xbb01,0x7bc0,0x7a80,0xba41,0xbe01,0x7ec0,0x7f80,0xbf41,0x7d00,0xbdc1,0xbc81,0x7c40,\n\t0xb401,0x74c0,0x7580,0xb541,0x7700,0xb7c1,0xb681,0x7640,0x7200,0xb2c1,0xb381,0x7340,0xb101,0x71c0,0x7080,0xb041,\n\t0x5000,0x90c1,0x9181,0x5140,0x9301,0x53c0,0x5280,0x9241,0x9601,0x56c0,0x5780,0x9741,0x5500,0x95c1,0x9481,0x5440,\n\t0x9c01,0x5cc0,0x5d80,0x9d41,0x5f00,0x9fc1,0x9e81,0x5e40,0x5a00,0x9ac1,0x9b81,0x5b40,0x9901,0x59c0,0x5880,0x9841,\n\t0x8801,0x48c0,0x4980,0x8941,0x4b00,0x8bc1,0x8a81,0x4a40,0x4e00,0x8ec1,0x8f81,0x4f40,0x8d01,0x4dc0,0x4c80,0x8c41,\n\t0x4400,0x84c1,0x8581,0x4540,0x8701,0x47c0,0x4680,0x8641,0x8201,0x42c0,0x4380,0x8341,0x4100,0x81c1,0x8081,0x4040];\n\tfunction _CRC16(ofs,len,acc) {\n\t\tif (!len || ofs+len > X.Sz()) return -1;\n\t\tfor (var i=0; i < len; i++) acc = (acc >> 8) ^ CRC16Table[(acc&0xff) ^ X.U8(ofs+i)];\n\t\treturn acc\n\t}\n\tfunction CRC16(ofs,len,acc) {\n\t\tif(typeof(File.crc16) == \"undefined\")\n\t\t\treturn _CRC16(ofs,len,acc)\n\t\telse {\n\t\t\t_log(\"Please remove the CRC16 implementation from archives.ancient.sg!\");\n\t\t\treturn File.crc16(ofs,len,acc)\n\t\t}\n\t}\n\tfunction CRC16Byte(b, acc) { return (acc >> 8) ^ CRC16Table[(acc&0xff) ^ b] }\n\n\tvar xpkfault = found = false; //for leaving the recursion real quick. For when/if said recursion does happen.\n\tfunction isXPK(reclvl) { if(found) return true;\n\t\tif(reclvl >= 4 || xpkfault) {xpkfault = true; return false }\n\t\tif(X.c(\"'XPKF'\",xpk) && X.Sz() < 0x2C) { xpkfault = true; return false }\n\t\tsz = X.U32(xpk+4,_BE); type = X.SA(xpk+8,4);unpsz=X.U32(xpk+12,_BE);\n\t\tif(!sz || !unpsz || sz > maxsz || unpsz > maxsz ) { xpkfault = true; return false }\n\t\tflags = X.U8(xpk+0x20); xhdrs = flags&1; haspass = flags&2;\n\t\tif(flags&4) hdrsz = 0x26+X.U16(xpk+0x24,_BE); else hdrsz = 0x24;\n\t\tif(xpk+sz+8 > X.Sz()) { xpkfault = true; return false }\ncccc = [ // They often repeat the other detections below, but more standardised. And repeat we shall.\n[/ACCA/,\"André Osterhues's Code Compression Algorithm (XPK-ACCA.)\"],\n[/ARTM/,\"Arithmetic encoding compressor (XPK-ARTM.)\"],\n[/BLZW/,\"LZW-compressor by Bryan Ford (XPK-BLZW.)\"],\n[/BZIP/,\"bzip by Julian Seward (XPK-BZIP.\"],\n[/BZP2/,\"bzip2 by Julian Sadler (XPK-BZP2.)\"],\n[/CBR[01]/,\"RLE-compressor by Bilbo 1st of Hypenosis (XPK-CBR0.,XPK-CBR1.)\"],\n[/CRM2/,\"Crunch-Mania by Thomas Schwarz, LZH-mode (XPK-CRM2.)\"],\n[/CRMS/,\"Crunch-Mania by Thomas Schwarz, sampled LZH-mode (XPK-CRMS.)\"],\n[/CYB[12]/,\"XpkCybPrefs container by Alexis Nasr (XPK-CYB1.,XPK-CYB2.)\"],\n[/GZIP/,\"DEFLATE by Jean-loup Gailly (XPK-GZIP.)\"],\n[/DLTA/,\"Delta encoding by Stephan Fuhrmann (XPK-DLTA.)\"],\n[/FAST/,\"Fast LZ77 compressor by Christian von Roques (XPK-FAST.)\"],\n[/FBR2/,\"FBR2 CyberYAFA compressor (XPK-FBR2.)\"],\n[/FRLE/,\"RLE-compressor by Jorma Oksanen (XPK-FRLE.)\"],\n[/HFMN/,\"Huffman compressor (XPK-HFMN.)\"],\n[/HUFF/,\"Huffman compressor by Marc Zimmermann (XPK-HUFF.)\"],\n[/ILZR/,\"Incremental Lempel-Ziv-Renau compressor (XPK-ILZR.)\"],\n[/IMPL/,\"File Imploder by Peter Struijk (XPK-IMPL.)\"],\n[/LHLB/,\"LZRW-compressor by Gunther Nikl (XPK-LHLB.)\"],\n[/LIN1/,\"LIN1 LINO packer (XPK-LIN1.)\"], [/LIN3/,\"LIN3 LINO packer (XPK-LIN3.)\"],\n[/LIN2/,\"LIN2 LINO packer (XPK-LIN2.)\"], [/LIN4/,\"LIN4 LINO packer (XPK-LIN4.)\"],\n[/LZBS/,\"LZBS CyberYAFA compressor (XPK-LZBS.)\"],\n[/LZCB/,\": LZ-compressor (XPK-LZCB.)\"],\n[/LZW2/,\"LZW2 CyberYAFA compressor (XPK-LZW2.)\"], [/LZW3/,\"LZW3 CyberYAFA compressor (XPK-LZW3.)\"],\n[/LZW4/,\"LZW4 CyberYAFA compressor (XPK-LZW4.)\"],\n[/LZW5/,\"LZW5 CyberYAFA compressor (XPK-LZW5.)\"],\n[/ELZX/,\"LZX-compressor by Piotr Kasprzyk (XPK-ELZX.)\"],\n[/SLZX/,\"LZX-compressor with delta encoding by Piotr Kasprzyk (XPK-SLZX.)\"],\n[/MASH/,\"LZRW-compressor by Zdenek Kabelac (XPK-MASH.)\"],\n[/NONE/,\"Null compressor by Dirk Stöcker (XPK-NONE.)\"],\n[/NUKE/,\"LZ77-compressor by Christian von Roques (XPK-NUKE.)\"],\n[/DUKE/,\"LZ77-compressor by Christian von Roques, with delta encoding (XPK-DUKE.)\"],\n[/PWPK/,\"Power Peak's PowerPacker by Nico François (XPK-PWPK.)\"],\n[/PPMQ/,\"PPM compressor by Charles Bloom (XPK-PPMQ.)\"],\n[/(FRHT|RAKE)/,\"LZ77-compressor (XPK-FRHT.,XPK-RAKE.)\"],\n[/RDCN/,\"Ross data compression (XPK-RDCN.)\"],\n[/RLEN/,\"RLE-compressor (XPK-RLEN.)\"],\n[/SDHC/,\"Sample delta Huffman compressor (XPK-SDHC.)\"],\n[/SHR[I3]/,\"LZ-compressor with arithmetic encoding by Matthias Meixner (XPK-SHR3.,XPK-SHRI)\"],\n[/SLZ3/,\"SLZ3 CyberYAFA compressor by Niels Fröhling (XPK-SLZ3.)\"],\n[/SMPL/,\"Huffman compressor with delta encoding (XPK-SMPL.)\"],\n[/SQSH/,\"Squash compressor for sampled sounds by John Hendrikx (XPK-SQSH.)\"],\n[/SASC/,\"LZ-compressor with arithmetic and delta encoding (XPK-SASC.)\"],\n[/SHSC/,\"Context modeling compressor by Peter Kunath (XPK-SHSC.)\"],\n[/TDCS/,\"LZ77-compressor by Niels Fröhling (XPK-TDCS.)\"],\n[/ZENO/,\"LZW-compressor (XPK-ZENO.)\"],\n//the following aren't implemented in Ancient\n[/BLFH/,\"Blowfish encryption by Bruce Schneider (XPK-BLFH.)\"],\n[/BZIP/,\"Encapsulated Bzip v1 (XPK-BZIP.)\"],\n[/CAST/,\"CAST encryption by Dirk Pauli (XPK-CAST.)\"],\n[/ENCO/,\"Unsafe encryption (XPK-ENCO.)\"],\n[/DHUF/,\"Huffman compressor (lost) (XPK-DHUF.)\"],\n[/DMCB/,\"68881/2 fp-based arithmetic compressor (XPK-DMCB.)\"],\n[/DMCD/,\"68881/2 fp-based arithmetic compressor (XPK-DMCD.)\"],\n[/DMCI/,\"Arithmetic compressor (lost) (XPK-DMCI.)\"],\n[/DMCU/,\"68881/2 fp-based arithmetic compressor (XPK-DMCU.)\"],\n[/FEAL/,\"FEAL-N encryption by Christian von Roques (XPK-FEAL.)\"],\n[/IDEA/,\"IDEA encryption (XPK-IDEA.)\"],\n[/L2XZ/,\"LZMA2 compressor (XPK-L2XZ.)\"],\n[/LZ40/,\"LZ4 compressor (XPK-LZ40.)\"],\n[/LZMA/,\"LZMA2 compressor (XPK-LZMA.)\"],\n[/NUID/,\"IDEA encryption + NUKE (XPK-NUID.)\"],\n[/SHID/,\"IDEA encryption + SHRI (XPK-SHID.)\"],\n[/TLTA/,\"TLTA encoder (lost) (XPK-TLTA.)\"] ]\n\t\tfound = -1;\n\t\tfor(i=0; i < cccc.length && found < 0; i++) if(cccc[i][0].test(type)) found = i;\n\t\tif(found < 0) { xpkfault = true; return false }\n\t\tsname = sname.appendS(cccc[found][1],\"/n\");\n\t\tif(xpk+0x24 > X.Sz()) bad = bad.addIfNone(\"!short\");\n\t\telse { c = 0; for(i=0; i < 0x24; i++) c ^= X.U8(xpk+i);\n\t\t\tif(c) bad = bad.addIfNone(\"!badhdr\"); }\n\t\t//if(X.isDeepScan()) { //TODO check all the chunks; for each: isXPK(reclvl+1); }\n\t\tsz += xpk+8;\n\t\treturn true;\n\t}\n\tif(isXPK()) {\n\t\tif(X.isVerbose()) sName = \"Amiga eXtended PacKer Format container by Dirk Stöcker et al. (XPKF.)\";\n\t\telse sName = \"XPK container (XPKF.)\";\n\t\tsVersion = sversion+(bad!=\"\"?\"malformed\"+bad:\"\"); bDetected = 1;\n\t\tif(X.isVerbose()) sOptions = sname+\"; payload at:\"+Hex(hdrsz)+\" unp.sz:\"+unpsz+\" sz:\"+outSz()\n\t}\n\n\telse if(X.Sz() > 4 && X.c(\"'ACCA'\"))\n\t\t_setResult(\"archive\",\"André Osterhues's Code Compression Algorithm (ACCA.)\",\"\",\"\");\n\n\telse if(X.Sz() > 2 && X.c(\"FF1F\"))\n\t\t_setResult(\"archive\",\"Compact by Colin L. McMaster (.C)\",\"\",\"\");\n\n\tfunction isCompress() {\n\t\tif(X.Sz() < 3 || !X.c(\"1F9D\")) return false;\n\t\tt = X.U8(2); sversion = t&0x80 ? \"new\" : \"old\"; t &= 0x7F;\n\t\tif(t < 9 || t > 16) return false;\n\t\treturn true\n\t}\n\tif(isCompress())\n\t\t_setResult(\"archive\",\"Compress by Spencer Thomas (.Z)\",sversion,\"\");\n\n\tfunction isCrunchMania() {\n\t\tif(X.Sz() < 20) return false;\n\t\tif(!X.c(\"'CrM!'\") && !X.c(\"'CrM2'\") && !X.c(\"'Crm!'\") && !X.c(\"'Crm2'\")\n\t\t && !X.c(\"18051973\") && !X.c(\"'CD'B3B9\") && !X.c(\"'DCS!'\")\n\t\t && !X.c(\"'Iron'\") && !X.c(\"'MSS!'\") && !X.c(\"'mss!'\")) return false;\n\t\tunpsz = X.U32(6,_BE); if(!unpsz || unpsz > maxsz) return false;\n\t\tsz = X.U32(10,_BE)+14; if(sz < 15 || sz > X.Sz() || sz > maxsz) return false;\n\t\thdr = X.SA(0,4); switch(hdr) {\n\t\t case \"\\x18\\x05\\x19\\x73\": case \"CD\\xB3\\xB9\": case \"Iron\": case \"MSS!\": hdr = \"CrM2\"; break;\n\t\t case \"mss!\": hdr = \"Crm2\"; break; case \"DCS!\": hdr = \"CrM!\" }\n\t\tvar isSampled = hdr[2] == 'm', isLZH = hdr[3] == '2';\n\t\tsversion = [\"std\",\"std sampled\",\"LZH\",\"LZH sampled\"][(isLZH?2:0)+(isSampled?1:0)];\n\t\treturn true\n\t}\n\tif(!bDetected && isCrunchMania()) {\n\t\tsName = \"Crunch-Mania by Thomas Schwarz (CRM.)\"; sVersion = sversion;\n\t\tif(X.isVerbose()) sOptions = \"unp.sz:\"+unpsz+\" sz:\"+outSz(); bDetected = 1\n\t}\n\n\tfunction isDMS() { //TODO move to internal CRC16 once that's ready\n\t\tif(!X.c(\"'DMS!'\") || X.Sz() < 0x38) return false;\n\t\tif(X.U16(0x32,_BE) > 6) return false; bad = '';\n\t\tif(_CRC16(4,0x32,0) != X.U16(0x36,_BE)) bad = bad.addIfNone('!badhdr');\n\t\tvar info = X.U16(10,_BE); if(info&0x20) return false;\n\t\tsversion = ''; if(info&2) sversion = \"obfuscated\";\n\t\tp = 0x38; var ctxsz = tsz = acsz = lasttrksz = trks = mintrk = prevtrk = 0;\n\t\tvar ctxszs = [0,0,0x100,0x4000,0x4000,0x1000,0x2000];\n\t\twhile(p+20 < X.Sz()) {\n\t\t\tif(!X.c(\"'TR'\",p)) return false;\n\t\t\tctrk = X.U16(p+2,_BE); if(ctrk < prevtrk) break;\n\t\t\tif(X.isDeepScan())\n\t\t\t\tif(_CRC16(p,18,0) != X.U16(p+18,_BE)) { bad = bad.addIfNone(\"!badtrkhdr\"); break }\n\t\t\tvar mode = X.U8(p+13); if(mode > 6) return false;\n\t\t\tvar ctxsz = Math.max(ctxsz,ctxszs[mode]);\n\t\t\tvar flags = X.U8(p,12);\n\t\t\tif((mode >= 2 && mode <= 4) || (mode >= 5 && (flags&4)))\n\t\t\t\ttsz = Math.max(tsz,X.U16(p+8,_BE));\n\t\t\tvar hksz = X.U16(p+6,_BE);\n\t\t\tif(p+20+hksz > X.Sz()) return false;\n\t\t\t// ↓ potential to slow the script down:\n\t\t\tif(X.isAggressiveScan())\n\t\t\t\tif(_CRC16(p+20,hksz,0) != X.U16(p+16,_BE)) {\n\t\t\t\t\tbad = bad.addIfNone(\"!badtrkcrc\"); break }\n\t\t\tif(ctrk < 80) {\n\t\t\t\tif(ctrk >= trks) lasttrksz = X.U16(p+10,_BE);\n\t\t\t\tif(mintrk > ctrk) mintrk = ctrk; if(ctrk > trks) trks = ctrk;\n\t\t\t\tprevtrk = ctrk\n\t\t\t}\n\t\t\tp += hksz+20; acsz += hksz;\n\t\t\tif(p > X.Sz()) { bad = bad.addIfNone(\"!short\"); break }\n\t\t\tif(ctrk >= 79 && ctrk < 0x8000) break;\n\t\t\tif(bad) break;\n\t\t}\n\t\tvar trksz = (info&16)?22528:11264; //var rawofs = mintrk*trksz;\n\t\tif(mintrk >= trks) bad = bad.addIfNone(\"!badtrknum\");\n\t\tunpsz = (trks-mintrk)*trksz+lasttrksz; //imgsz = trksz*80;\n\t\tsz = p; if(sz > maxsz) bad = bad.addIfNone(\"!badcalcsize\");\n\t\tif(bad) sversion += \"/malformed\"+bad;\n\t\treturn true;\n\t}\n\tif(!bDetected && isDMS()) {\n\t\tsName = \"Disk Masher System (DMS.)\"; sVersion = sversion;\n\t\tif(X.isVerbose()) sOptions = \"unp.sz:\"+unpsz+\" sz:\"+outSz(sz); bDetected = 1\n\t}\n\n\tfunction isFreeze() {\n\t\tif(!X.c(\"1F9E\") && !X.c(\"1F9F\")) return false;\n\t\tvar old = X.c(\"1F9E\");\n\t\tsname = sversion = \"\";\n\t\tif(old) {\n\t\t\tif(X.Sz() > 2) {\n\t\t\t\tvar _t = [0,0,1,3,8,12,42,16];\n\t\t\t\tvar lent = [], i = btl = k = 0;\n\t\t\t\tvar br = new BitReader(2);\n\t\t\t\tfor(; i < 8; i++) for(; k < _t[i]; k++) lent[btl++] = i+1;\n\t\t\t\t_t = createOrderlyHuffmanTable(lent,btl,br); if(!_t) return false;\n\t\t\t}\n\t\t\tsversion = \"v1.x = gzip v0.5\"\n\t\t} else {\n\t\t\tif(X.Sz() < 5) return false;\n\t\t\tt = X.U16(2,_LE); if(t & 0x8000) return false;\n\t\t\tt2 = X.U8(4); if(t2 & 0xC0) return false;\n\t\t\tvar _t = [t&1, (t>>1)&3, (t>>3)&7, (t>>6)&0xF, t>>10, t2];\n\t\t\tvar count = 62; for(i=0; i < 6; i++) count -= _t[i];\n\t\t\tvar weights = 0x100, j = 7;\n\t\t\tfor(i=0; i < 6; i++) weights -= _t[i] << j--;\n\t\t\tif(weights < count || count*2 < weights) return false;\n\t\t\tif(!createOrderlyHuffmanTable())\n\t\t\tsversion = \"v2.x\"\n\t\t}\n\t\treturn true\n\t}\n\tif(!bDetected && isFreeze()) {\n\t\tsName = \"Freeze/Melt by Leonid A. Broukhis (.F,.lzc)\"; sVersion = sversion; bDetected = 1\n\t}\n\n\tfunction isIMP() {\n\t\thdr = X.SA(0,4); switch(hdr) {\n\t\tcase \"ATN!\": case \"EDAM\": case \"IMP!\": case \"M.H.\": add = 7; break;\n\t\tcase \"BDPI\": add = 0x6E8; break; case \"CHFI\": add = 0xFE4; break;\n\t\tcase \"RDC9\": case \"Dupa\": case \"FLT!\": case \"PARA\": add = 0; break;\n\t\tdefault: return false;\n\t\t}\n\t\tunpsz = X.U32(4,_BE); sz = X.U32(8,_BE); sversion = \"\";\n\t\tif(!unpsz || !sz || (sz&1) || (sz < 0xC) || sz+0x32 > X.Sz() || unpsz > maxsz || sz > maxsz) return false;\n\t\tif(X.isDeepScan()) {\n\t\t\tcrc = X.U32(sz+0x2E,_BE);\n\t\t\tfor(i=0; i < sz+0x2E; i += 2) add += X.U16(i,_BE);\n\t\t\tif((add&0xFFFFFFFF) != crc) sversion = \"malformed!CRC\"\n\t\t}\n\t\tsz += 0x32;\n\t\treturn true\n\t}\n\tif(!bDetected && isIMP()) {\n\t\tsName = \"File Imploder by Peter Struijk (FImp.)\"; sVersion = sversion;\n\t\tif(X.isVerbose()) sOptions = \"unp.sz:\"+unpsz+\" sz:\"+outSz(); bDetected = 1\n\t}\n\n\tfunction isLOB() {\n\t\tif(X.Sz() < 12 || !/[\\x01\\x02\\x03]LOB/.test(X.SA(0,4))) return false;\n\t\tvar nV = X.U8(0); method = X.U8(4); if(!method || method > 6) return false;\n\t\tunpsz = 0;\n\t\tif(nV === 1) { unpsz = File.read_uint24(5,_BE); if(!unpsz || unpsz > maxsz) return false; }\n\t\tsz = 12+X.U32(8,_BE);\n\t\tif(method === 2) { var c = 2;\n\t\t\tfor(i = 0; i < c; i += 2) { if(sz+c > X.Sz()) return false;\n\t\t\t\tt1 = X.U8(sz+i); t2 = X.U8(sz+i+1);\n\t\t\t\tif(t1 != t2) { if(t1 < t2) t1 = t2; if(c < t1+i+4) c = t1+i+4; if(c > 1024) return false } }\n\t\t\tsz += c; // the count is also off in Ancient, but it does unpack! (could be an extra 00 at the end)\n\t\t}\n\t\tsversion = [\"BMC: RLE\", \"HUF: Huffman\", \"LZW: 12-bit fixed code\",\n\t\t\t\"LZB: 9 to 12-bit fixed LZW\",\"MSP: LZ variant\",\"MSS: LZSS variant\"][method-1]\n\t\t + [\"\",\"/double\",\"/triple\"][nV-1]\n\t\t +(sz > X.Sz() ? \"/malformed!short\" : \"\");\n\t\treturn true\n\t}\n\tif(!bDetected && isLOB()) {\n\t\tsName = \"LOB's File Compressor aka. Multipak (LOB.)\"; sVersion = sversion;\n\t\tif(X.isVerbose()) sOptions = (unpsz?\"unp.sz:\"+unpsz+\" \":\"\")+\"sz:\"+outSz(); bDetected = 1\n\t}\n\n\tfunction isMMCMP() {\n\t\tif(!X.c(\"'ziRCONia'0E00\") || X.Sz() < 24) return false;\n\t\tvar blkn = X.U16(0x0C,_LE), blkp = X.U32(0x12,_LE);\n\t\tunpsz = X.U32(0x0E,_LE); if(unpsz > maxsz) return false;\n\t\tif(blkp+blkn*4 > X.Sz()) return false;\n\t\tbad = \"\"; sz = 0;\n\t\tfor(i = 0; i < blkn; i++) {\n\t\t\tvar t = X.U32(blkp+i*4,_LE); if(t+20 > X.Sz()) return false;\n\t\t\tvar bkp = t+X.U32(t+4,_LE)+8*X.U16(t+12,_LE)+20;\n\t\t\tif(sz < bkp) sz = bkp\n\t\t}\n\t\treturn true\n\t}\n\tif(!bDetected) if(isMMCMP()) {\n\t\tsName = \"Music Module Compressor by Emmanuel 'Zirconia' Giasson (MMCMP.)\"; nV = X.U16(0x0A,_LE).toString(16).toUpperCase();\n\t\tsVersion = \"v\"+nV[0]+\".\"+nV.slice(1,3);\n\t\tif(X.isVerbose()) sOptions = \"unp.sz:\"+unpsz+\" sz:\"+outSz(); bDetected = 1\n\t}\n\telse if(X.c(\"'MMS '00\")) {\n\t\tsName = \"C(ompression)KIT by Mad Man Software (C4-,C4A,C`A)\"; bDetected = 1;\n\t}\n\n\tfunction isPack() {\n\t\tif(!X.c(\"1F1E\") && !X.c(\"1F1F\") || X.Sz() < 6) return false;\n\t\told = X.c(\"1F1F\");\n\t\tif(old) unpsz = (X.U16(2,_LE) << 16) | X.U16(4,_LE); //PDP-endian\n\t\telse { unpsz = X.U32(2,_BE); t = X.U8(6);\n\t\t\tif(!t || t > 0x18 || 6+t > X.Sz()) return false }\n\t\tif(unpsz > maxsz || (old && !unpsz)) return false;\n\t\tif(old) { var p = 6; var tree = [];\n\t\t\tvar c = X.U16(p,_LE); p += 2; if(c >= 1024) return false;\n\t\t\tfor(i=0; i < c; i++) { t = X.U8(p++);\n\t\t\t\tif(t < 255) tree[i] = t; else { tree[i] = X.U16(p,_LE); p += 2 }\n\t\t\t}\n\t\t\tvar detect = true;\n\t\t\tfunction branch(node,len,bits) { if(!detect) return;\n\t\t\t\tif(node > c) { detect = false; return }\n\t\t\t\tif(tree[node]) {\n\t\t\t\t\tlen++; if(len > 24) { detect = false; return }\n\t\t\t\t\tbits <<= 1; branch(node+tree[node],len,bits);\n\t\t\t\t\tif(node+1 >= c) { detect = false; return }\n\t\t\t\t\tbranch(node+tree[node+1],len,bits|1);\n\t\t\t\t} else if(!len) { detect = false; return }\n\t\t\t}\n\t\t\tbranch(0,0,0); return detect\n\t\t}\n\t\treturn true\n\t}\n\tif(!bDetected && isPack()) {\n\t\tsName = \"Pack (.z)\"; if(old) sVersion = \"old\";\n\t\tif(X.isVerbose()) sOptions = \"unp.sz:\"+unpsz; bDetected = 1\n\t}\n\n\tfunction isPP() {\n\t\tif(X.Sz() < 0x10 || !X.c(\"'PP11'\") && !X.c(\"'PP20'\") && !X.c(\"'PX20'\")\n\t\t && !X.c(\"'CHFC'\") && !X.c(\"'DEN!'\") && !X.c(\"'DXS9'\")\n\t\t && !X.c(\"'H.D.'\") && !X.c(\"'RVV!'\")) return false;\n\t\tvar isObf = false; sversion = \"\";\n\t\tif(X.c(\"'PX20'\")) { if(X.Sz() < 0x12) return false; isObf = true; sversion = \"obfuscated\" }\n\t\tvar m = X.U32(isObf?6:4, _BE);\n\t\tif(m != 0x9090909 && m != 0x90A0A0A && m != 0x90A0B0B && m != 0x90A0C0C && m != 0x90A0C0D)\n\t\t\treturn false;\n\t\tif(X.isDeepScan()) {\n\t\t\tt = X.U32(X.Sz()-4,_BE); unpsz = t>>8;\n\t\t\tif(!unpsz || unpsz > maxsz || (t&0xFF) >= 0x20) return false\n\t\t}\n\t\treturn true\n\t}\n\tif(!bDetected && isPP()) {\n\t\tsName = \"Power Peak's PowerPacker by Nico François (PP.)\"; sVersion = sversion;\n\t\tif(X.isDeepScan() && X.isVerbose()) sOptions = \"unp.sz:\"+unpsz; bDetected = 1\n\t}\n\n\telse if(!bDetected && X.c(\"'SFHD'\"))\n\t\t_setResult(\"archive\",\"PowerPlayer Music Cruncher by Stephan Fuhrmann (PMC.)\",\"v1.0\",\n\t\t\t\"lh.library-based, unp.sz:\"+X.U32(4,_BE)+\" sz:\"+outSz(X.U32(8,_BE)+0xC));\n\telse if(!bDetected && X.c(\"'SFCD'\"))\n\t\t_setResult(\"archive\",\"PowerPlayer Music Cruncher by Stephan Fuhrmann (PMC.)\",\"v2.x\",\n\t\t\t\"LZRW-compressor, unp.sz:\"+X.U32(4,_BE)+\" sz:\"+outSz(X.U32(8,_BE)+0xC));\n\n\tfunction isRNC() {\n\t\tif(!X.c(\"'RNC'01\") && !X.c(\"'RNC'02\") && !X.c(\"'...'01\")) return false;\n\t\tunpsz = X.U32(4,_BE); sz = X.U32(8,_BE);\n\t\tif(!unpsz || !sz || unpsz > maxsz || sz > maxsz) return false;\n\t\tvar verified = false; sversion = \"\";\n\t\tif(X.c(\"'RNC'01\"))\n\t\t\tif(X.Sz() <= 0x12) sversion = \"old\"; else {\n\t\t\t\tvar news = X.U8(0x12), olds = X.U8(sz+0x0B);\n\t\t\t\tif(!(olds&0x80)) sversion = \"new\";\n\t\t\t\telse if((news&3) || !(news&0x7C)) sversion = \"old\";\n\t\t\t\telse if(X.Sz() >= sz+0x12\n\t\t\t\t && (File.isHeuristicScan() || X.isDeepScan() && CRC16(0x12,sz,0) == X.U16(0x0E,_BE))) {\n\t\t\t\t\tsversion = \"new\"; verified = true\n\t\t\t\t} else sversion = \"old\"\n\t\t\t}\n\t\telse if(X.c(\"'RNC'02\"))\n\t\t\tif(X.Sz() <= 0x12) sversion = \"old\"; else {\n\t\t\t\tvar news = X.U8(0x12), olds = X.U8(sz+0x0A);\n\t\t\t\tif(!(olds&0x80)) sversion = \"new\";\n\t\t\t\telse if((news&0x30) == 0x30) sversion = \"old\";\n\t\t\t\telse if(X.Sz() >= sz+0x12\n\t\t\t\t && (File.isHeuristicScan() || X.isDeepScan() && CRC16(0x12,sz,0) == X.U16(0x0E,_BE))) {\n\t\t\t\t\tsversion = \"new\"; verified = true\n\t\t\t\t} else sversion = \"old\"\n\t\t\t}\n\t\telse if(X.c(\"'...'01\")) version = \"new\";// else return false\n\t\tvar hdsz = sversion[0] == \"o\" ? 0x0C : 0x12; bad = \"\";\n\t\tif(hdsz+sz > X.Sz()) bad = \"!short\";\n\t\tif(X.isDeepScan() && sversion[0] == \"n\" && !verified && CRC16(0x12,sz,0) != X.U16(0x0E,_BE))\n\t\t\tbad = bad.addIfNone(\"!badcrc\");\n\t\tsz += hdsz; if(bad) sversion += \"/malformed\"+bad;\n\t\treturn true\n\t}\n\tif(!bDetected && isRNC()) {\n\t\tsName = \"Rob Northen Compressor (RNC\"+X.U8(3)+\".)\"; sVersion = sversion;\n\t\tif(X.isDeepScan() && X.isVerbose()) sOptions = \"unp.sz:\"+unpsz+\" sz:\"+sz; bDetected = 1\n\t}\n\telse if(!bDetected && File.isHeuristicScan() && X.Sz() >= 4 && X.c(\"1FA0\"))\n\t\t_setResult(\"archive\",\"SCO Compress LZH (SCO.)\",\"\",\"\");\n\n\tfunction isSQSH() {\n\t\tif(!X.c(\"'SQSH'\")) return false;\n\t\treturn true\n\t}\n\tif(!bDetected && isSQSH()) {\n\t\tsName = \"Squash compressor by John Hendrikx (SQSH.)\";\n\t\tsOption = \"12-bit LZW\"; bDetected = 1\n\t}\n\n\tfunction isStoneCracker() {\n\t\t//won't recognise an archive with a zero-length file in it, by design, to minimise FPs\n\t\tvar ihdr = X.U32(0,_BE), bhdr = X.readBytes(0,3), hdr = X.SA(0,4);\n\t\tfunction _subdetect() {\n\t\t\tif(ihdr >= 0x08090A08 && ihdr <= 0x08090A0E && ihdr != 0x08090A09) { gen = 2; return true }\n\t\t\tif((ihdr&0xFF) >= 8 && (ihdr&0xFF) <= 0x0E)\n\t\t\t\tif(bhdr[0] != bhdr[1] && bhdr[0] != bhdr[2] && bhdr[1] != bhdr[2]) { gen = 1; return true }\n\t\t\tswitch(hdr.slice(0,3)) { case \"1AM\": gen = 3; return true; case \"2AM\": gen = 6; return true;\n\t\t\t}\n\t\t\tswitch(hdr) {\n\t\t\tcase \"S300\": gen = 3; return true; case \"S310\": gen = 4; return true; case \"S400\": gen = 5; return true;\n\t\t\tcase \"S401\": gen = 6; return true; case \"S403\": case \"Z&G!\": case \"ZULU\": gen = 7; return true;\n\t\t\tcase \"S404\": case \"AYS!\": gen = 8; return true; default: return false\n\t\t\t}\n\t\t}\n\t\tif(!_subdetect()) return false;\n\t\tvar _m = []; sz = unpsz = -1;\n\t\tfunction readModes(value) {\n\t\t\tfor (var i=0; i < 4; i++) {\n\t\t\t\t_m[i] = value >> 24; if (_m[i] < 8 || _m[i] > 14) return false;\n\t\t\t\tvalue <<= 8;\n\t\t\t}\n\t\t}\n\t\tfunction meta() {\n\t\t\tswitch(gen) {\n\t\t\tcase 1: p = 0x12; if(X.Sz() < p) return false; _m[0] = ihdr;\n\t\t\t for(i=1; i < 3; i++) { _m[i] = X.U8(i+15); if(_m[i] < 4 || _m[i] > 7) return false }\n\t\t\t var rlesz = X.U32(4,_BE); if(!rlesz) return false;\n\t\t\t unpsz = X.U32(8,_BE); if(!unpsz || rlesz > unpsz || unpsz > 0x100000) return false;\n\t\t\t sz = X.U32(12,_BE); if(!sz || sz > rlesz) return false; break;\n\t\t\tcase 2: readModes(ihdr); case 4: case 5: case 6: p = 12; if(X.Sz() < p) return false;\n\t\t\t unpsz = X.U32(4,_BE); if(!unpsz) return false;\n\t\t\t sz = X.U32(8,_BE); if(!sz) return false; break;\n\t\t\tcase 3: p = 0x10; if(X.Sz() < p) return false; readModes(X.U32(4,_BE));\n\t\t\t unpsz = X.U32(8,_BE); if(!unpsz) return false;\n\t\t\t sz = X.U32(12,_BE); if(!sz) return false; break;\n\t\t\tcase 7: case 8: p = 0x10; if(X.Sz() < p+2) return false;\n\t\t\t unpsz = X.U32(8,_BE); if(!unpsz) return false;\n\t\t\t sz = X.U32(12,_BE)+2; if(sz < 2) return false; break;\n\t\t\tdefault: return false;\n\t\t\t}\n\t\t\tsz += p; if(sz > X.Sz() || sz > maxsz || unpsz > maxsz) return false;\n\t\t\treturn true\n\t\t}\n\t\tif(gen == 2 && !meta()) gen = 1;\n\t\tif(!meta()) return false;\n\t\tnames = [[\"?\",\"?\"], [\"SC\",\"v2.69-81\"],[\"SC\",\"v2.92-99\"],[\"S300\",\"v3.00\"],[\"S310\",\"v3.10-11b\"],\n\t\t [\"S400\",\"pre-v4.00\"],[\"S401\",\"v4.01\"],[\"S403\",\"v4.02a\"],[\"S404\",\"v4.10\"]][gen];\n\t\treturn true\n\t}\n\tif(!bDetected && isStoneCracker()) {\n\t\tsName = \"StoneCracker by Jouni 'Mr. Spiv' Korhonen (\"+names[0]+\".)\"; sVersion = names[1]; bDetected = 1;\n\t\tif(X.isVerbose())\n\t\t\tsOptions = (unpsz >= 0 ? \"unp.sz:\"+unpsz+\" \" : \"\")+(sz >= 0 ? \"sz:\"+outSz() : \"\")\n\t}\n\n\tfunction isTPWM() {\n\t\tif(X.Sz() < 12 || !X.c(\"'TPWM'\")) return false;\n\t\tunpsz = X.U32(4,_BE); if(!unpsz || unpsz > maxsz) return false;\n\t\treturn true\n\t}\n\tif(!bDetected && isTPWM()) {\n\t\tsName = \"Turbo Packer by Wolfgang Meyerle (TPWM.)\"; if(X.isVerbose()) sOptions = \"unp.sz:\"+unpsz; bDetected = 1\n\t}\n\n\tfunction isVice() {\n\t\tif(X.c(\"'Vice'\")) { return true }\n\t\telse if(!X.c(\"'Vic2'\")) return false;\n\t\telse {\n\t\t\tunpsz = X.U32(4); sz = 0xC+X.U32(8,_BE);\n\t\t\tif(!unpsz || unpsz > maxsz || sz < 1036 || sz > maxsz) return false;\n\t\t}\n\t\treturn true\n\t}\n\tif(!bDetected && isVice()) {\n\t\tsName = \"Huffman compressor with RLE (\"+X.SA(0,4)+\".)\"; bDetected = 1;\n\t\tif(X.isVerbose() && X.U8(3) == 0x32) sOptions = \"unp.sz:\"+unpsz+\" sz:\"+sz\n\t}\n\n\treturn result()\n}\n/* beautify ignore:end */" }, { "path": "db/Binary/archive_btoa.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"archive\", \"btoa\");\n\nfunction detect() {\n var sStr = Binary.getString(0, 11);\n\n if (sStr == \"'xbtoa Begin'\") {\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/Binary/archive_cad.DWG.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: LinXP\n// doc-ref: https://www.opendesign.com/files/guestdownloads/OpenDesign_Specification_for_.dwg_files.pdf\n// https://help.autodesk.com/view/OARX/2018/ENU/?guid=GUID-235B22E0-A567-4CF6-92D3-38A2306D73F3\n\nmeta(\"archive\", \"AutoCAD Drawing (.DWG)\");\n\nfunction detect() {\n if (Binary.getSize() >= 9) {\n bDetected = true;\n\n switch (Binary.getString(0, 0x06)) {\n case 'AC1001': sVersion = \"R2.22\"; break;\n case 'AC1002': sVersion = \"R2.50\"; break;\n case 'AC1003': sVersion = \"R2.60\"; break;\n case 'AC1004': sVersion = \"R9\"; break;\n case 'AC1006': sVersion = \"R10\"; break;\n case 'AC1009': sVersion = \"R11/12\"; break;\n case 'AC1012': sVersion = \"R13\"; break;\n case 'AC1014': sVersion = \"R14\"; break;\n case 'AC1015': sVersion = \"R2000\"; break;\n case 'AC1018': sVersion = \"R2004\"; break;\n case 'AC1021': sVersion = \"R2007\"; break;\n case 'AC1024': sVersion = \"R2010\"; break;\n case 'AC1027': sVersion = \"R2013\"; break;\n case 'AC1032': sVersion = \"R2018\"; break;\n default: return;\n }\n }\n\n return result();\n}" }, { "path": "db/Binary/archive_gp7bank.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: Kaens TG@kaens\n\nmeta(\"archive\", \"Arobas Music Guitar Pro 7+ soundbank (.gp7bank)\");\n\nfunction detect() {\n if (!X.c(\"'AMARCHIVE'..000000\") ||\n !X.c(\"'Samples.xml'00\", 0x25) ||\n !X.c(\"'\r\n// Authors:\r\n// Kaens TG@kaens (for all the https://en.wikipedia.org/wiki/Music_tracker stuff)\r\n// hypn0 \r\n\r\n// Due to the extreme script file size, many good code practices were sacrificed to ensure it loads\r\n/* beautify ignore:start */\r\n\r\nmeta(\"audio\", \"\");\r\nincludeScript(\"chunkparsers\");\r\nincludeScript(\"soundchips\");\r\nincludeScript(\"bytecodeparsers\");\r\nconst debug = 0; //verbosity up to 3, where every note/command is shown. Overrides the debug() function; use _l2r()\r\n\r\nfunction isWinCert() {\r\n\t// I'll skip WIN_CERTIFICATE+bCertificate things for overlay scans to save time :)\r\n\tif(X.Sz() >= (_wcsz=X.U32(0,_LE)) && X.c('00 02 02 00 30', 4)) { // assuming the tag's just present immediately\r\n\t\t_wcp = 9; _wca = X.U8(_wcp++);\r\n\t\tif(_wca < 0x80) {} else if(_wca > 0x80) {\r\n\t\t\t_wcc = _wca ^ 0x80; for(_wci=_wca=0; _wci < _wcc; _wci++) _wca = (_wca << 8) + X.U8(_wcp++); //big-endian here\r\n\t\t} else _wca = -1;\r\n\t\tif(_wca > 0 && _wca+_wcp <= _wcsz && X.c(\"06 09 2A 86 48 86 F7 0D 01 07 02\",_wcp)) return true; //handoff to other decectors\r\n\t}\r\n\treturn false\r\n}\r\n\r\nfunction detect() {\r\n\r\n\tif(isWinCert()) return;\r\n\r\n\t// this C-like pre-declaration is here because lol Qt6\r\n\tvar p = 0, i = 0, j = 0, k = 0, l = 0, r = 0, t = 0, x = 0, sz = -1,\r\n\t\ttitle = '', a = '', c = '', msg = '', info = '', artist = '', soption = '';\r\n\r\n\tif(X.c(\"'[1tracker module]'0D0A\")) {\r\n\t\tsName = \"Shiru's 1tracker module (.1TM)\"; bDetected = 1;\r\n\t\tl = X.fStr(1,0x40,\"Engine=\"); if(l >= 0) {\r\n\t\t\tr = X.fStr(l+7,0x40,\".\");\r\n\t\t\tsVersion = \"for \"+X.SA(l+7,r-l-7)\r\n\t\t}\r\n\t\tif(X.isVerbose()) {\r\n\t\t\tl = X.fStr(r,0x80,\"Title=\"); if(l >= 0) {\r\n\t\t\t\tr = X.fSig(l+6,0x40,\"0D0A\");\r\n\t\t\t\tsOption(X.SA(l+6,r-l-6)) }\r\n\t\t\tl = X.fStr(r,0x80,\"Author=\"); if(l >= 0) {\r\n\t\t\t\tr = X.fSig(l+7,0x40,\"0D0A\");\r\n\t\t\t\tsOption(X.SA(l+7,r-l-7),\"by: \") }\r\n\t\t\tl = X.fStr(r,0x80,\"Speed=\"); if(l >=0 ) {\r\n\t\t\t\tr = X.fSig(l+7,0x40,\"0D0A\");\r\n\t\t\t\tsOption(X.SA(l+7,r-l-7),\"spd:\") }\r\n\t\t}\r\n\t}\r\n\r\n\telse if(X.c(\"'_A2module_'\") && isWithin(nV = X.U8(0xE),1,14)) {\r\n\t\tbDetected = 1; bad = false;\r\n\t\tsName = \"subz3ro's AdLib Tracker II module (.A2M)\";\r\n\t\tsVersion = \"/┤DLiB TR/┤CK3R ][ v\"+nV;\r\n\t\tptn = X.U8(0xF); if(!ptn || ptn>64) bad = \"!badptn\";\r\n\t\tif(bad) sVersion += \"/malformed\"+bad;\r\n\t\telse if(X.isVerbose()) sOption('ptn:'+ptn); //TODO extract more, ver.-dependent\r\n\t}\r\n\r\n\telse if(X.c(\"'_A2tiny_module_'\") && isWithin(nV = X.U8(0x13),1,14)) {\r\n\t\tsName = \"subz3ro's AdLib Tracker II module (.A2T)\"; bDetected = 1; bad = false;\r\n\t\tsVersion = \"/┤DLiB TR/┤CK3R ][ v\"+nV+' tiny';\r\n\t\tptn = X.U8(0x14); if(!ptn || ptn>64) bad = \"!badptn\";\r\n\t\ttmp = X.U8(0x15); spd = X.U8(0x16); rows = X.U16(0x18); trk = X.U8(0x1A);\r\n\t\tif(bad) sVersion += \"/malformed\"+bad;\r\n\t\telse if(X.isVerbose()) sOption('tempo:'+tmp+' spd:'+tmp+' trk:'+trk+' ptn:'+ptn); //TODO extract more\r\n\t}\r\n\r\n\telse if(X.c(\"'EXITgB'2018201820182F18201024C94AA80004660A558006A80000000200042200D28924C1D0A8000424C0D1DF2018D1D82018D1D82018201812D804800000000166F660B4610000'H|'017E01610000'Z|'027E02610000'R|'037E03610000'JL'DF7FFF'NuH'E7FFFE7E01610000AC7E02610000A67E03610000A04CDF7FFF'Nu`'0A602260000092600000'~A'FA....4BF900DFF000'p0;|'000000AA0440001064F4'NuK'F900DFF0003007C0FC\",0x1A) //check D0h bytes\r\n\t\t) {\r\n\t\t// https://www.exotica.org.uk/wiki/Art_%26_Magic_(team)\r\n\t\tbDetected = 1; sName = \"Franck Sauer and Yves Grolet's Art & Magic module (.AAM)\";\r\n\t\tif(X.isVerbose()) {\r\n\t\t\tt = X.fSig(0x8000,Math.min(0xFFFF,X.Sz()),\"'EXIT'\");\r\n\t\t\tif(t >= 0) sOption(outSz(t+4),\"sz:\");\r\n\t\t\telse sVersion = \"malformed!short\"\r\n\t\t}\r\n\t}\r\n\r\n\telse if(X.c(\"'ADLIB'01\")) {\r\n\t\tsName = \"Martin Fernandez's Adlib module (.ADLIB)\"; bDetected = 1;\r\n\t\tif(X.isVerbose()) {\r\n\t\t\tt = X.SA(6,0x100);\r\n\t\t\tg = X.SA(6+t.length+1,0x100);\r\n\t\t\tsOption(t); sOption(g,\"for: \")\r\n\t\t}\r\n\t}\r\n\r\n\telse if(X.c(\"'AERO'00000001\") && X.U8(0x0F) == 0xCA && X.U8(0x1F) == 0xCA && X.U8(0x2F) == 0xCA) {\r\n\t\tsName = \"ioNeo's Aero Studio module (.AERO)\"; bDetected = 1;\r\n\t\tif(X.isVerbose()) sOption('sz:'+outSz(X.U32(8)+12))\r\n\t}\r\n\r\n\telse if(X.fSig(20,0x100,\"' 0) {\r\n\t\tsName = \"Julien Névo's Arkos Tracker 2 module (.AKS)\"; sVersion = 'unpacked'; bDetected = 1;\r\n\t}\r\n\r\n\telse if(X.c(\"'AM01'000000\") && X.c(\"'ASD1'\", 0x38) && (amp=X.fSig(0x40,0x1000000,\"'AMP'.. ........'ASSH'\")) > 0) {\r\n\t\tsName = \"New Beat's Ace Tracker module (.AM)\"; bDetected = 1;\r\n\t\tmaxsz = Math.min(X.Sz(),0x1000000); title = by = bad = ''; ptn = ord = smp = sz = 0; ptns = [];\r\n\t\tp = 0x3C;\r\n\t\twhile(p < amp && smp < 0x40 && (t=X.U32(p,_BE))) { p += t; smp++ } p += 4;\r\n\t\tif(!X.c(\"'AMP'.. ........'ASSH'\",p)) { p = amp; bad = bad.addIfNone('!badsmp'); smp = Math.max(1,smp) }\r\n\t\tampv = X.U8(p+3)-0x30; if(ampv > 3) bad = bad.addIfNone('!unkver');\r\n\t\tsVersion = 'v'+ampv;\r\n\t\tins = X.U32(p+4,_BE); p += 12; inss = [];\r\n\t\tfor(i=0; i < ins; i++,p+=(ampv == 1? 0xCD: ampv == 2? 0xD1: ampv == 3? 0xD4: 0))\r\n\t\t\tif((t=X.SA(p+4,20).trim()) != '' && t != 'Empty') inss.push(t)\r\n\t\tif(!X.c(\"'ASG1'\",p)) bad = bad.addIfNone('!badins');\r\n\t\tasg1 = X.fSig(amp,maxsz,\"'ASG1'\"); ord = ptn = 0;\r\n\t\tif(asg1 < 0) bad = bad.addIfNone('!nosong'); else {\r\n\t\t\ttitle = X.SC(asg1+4,20,'CP437'); by = X.SC(asg1+24,20,'CP437')\r\n\t\t\tfor(i=asg1+0x2C; i < asg1+0x12C; i++) if(t=X.U8(i)) { ord = i-asg1-0x2B; if(t > ptn) ptn = t }\r\n\t\t}\r\n\t\tp = asg1+0x12C; apn1 = X.fSig(asg1,0x400,\"'APN1'\"); ch = ptn_ = -1;\r\n\t\tif(apn1 > 0) {\r\n\t\t\tif(p != apn1) bad = bad.addIfNone('!badptn'); ptn_ = X.U32(apn1+4,_BE);\r\n\t\t\tif(ptn != ptn_) bad = bad.addIfNone('!badptn'+ptn+'/'+ptn_);\r\n\t\t\tfor(i=0,p=apn1+8; i < ptn_; i++) {\r\n\t\t\t\tt = X.SC(p+4,12,'CP437').trim(); if(t.length && t != 'Empty') ptns.push(t);\r\n\t\t\t\tch_ = X.U16(p,_BE); if(ch_ > ch) ch = ch_;\r\n\t\t\t\tp += 16+4*ch_*X.U16(p+2,_BE);\r\n\t\t\t} sz = p\r\n\t\t} else bad = bad.addIfNone('!noptns');\r\n\t\tif(ch > 16) bad = bad.addIfNone('!badchn');\r\n\t\tif(bad.length) sVersion = sVersion.appendS('malformed'+bad,'/');\r\n\t\tif(X.isVerbose()) {\r\n\t\t\tsOptionT(title); sOptionT(by,'by: ');\r\n\t\t\tsOptionT(addEllipsis(inss.filter(funSampleName).join(' ')),'ins/msg:\"','\"');\r\n\t\t\tsOptionT(addEllipsis(ptns.join(' ')),'ptns:\"','\"');\r\n\t\t\tsOption((ch > 0? 'ch:'+ch+' ': '')+'ord:'+ord+' ptn:'+(ptn!=ptn_?ptn+'/':'')+ptn_+' ins:'+ins+' smp:'+smp\r\n\t\t\t\t+' xpos:'+X.I32(0x34)+(sz?' sz:'+outSz(sz):''))\r\n\t\t}\r\n\t}\r\n\r\n\telse if(X.c(\"'ASG1'\") && X.c(\"'APN1'\",0x12C)) {\r\n\t\tsName = \"New Beat's Ace Tracker module patterns (.ASG)\"; bDetected = 1; bad = '';\r\n\t\ttitle = X.SC(4,20,'CP437'); by = X.SC(24,20,'CP437'); ptn = ord = 0;\r\n\t\tfor(p=0x2C; p < 0x12C; p++) if(t=X.U8(p)) { ord = p-0x2B; if(t > ptn) ptn = t }\r\n\t\tch = -1; ptns = [];\r\n\t\tfor(i=0,p=0x134; i < 0xFF; i++) { // unlike what .am has, .asg saves all 255 patterns\r\n\t\t\tch_ = X.U16(p,_BE); if(ch_ > ch) ch = ch_; ptnsz = ch_*X.U16(p+2,_BE); p += 4;\r\n\t\t\tif(ptnsz) { t = X.SC(p,12,'CP437').trim(); if(t.length && t != 'Empty') ptns.push(t); p += 12+4*ptnsz }\r\n\t\t} sz = p;\r\n\t\tif(ch > 16) bad = bad.addIfNone('!badchn');\r\n\t\tif(bad.length) sVersion = sVersion.appendS('malformed'+bad,'/');\r\n\t\tif(X.isVerbose()) {\r\n\t\t\tsOptionT(title); sOptionT(by,'by: '); sOptionT(addEllipsis(ptns.join(' ')),'ptns:\"','\"');\r\n\t\t\tsOption((ch > 0? 'ch:'+ch+' ': '')+'ord:'+ord+' ptn:'+ptn+' sz:'+outSz(sz))\r\n\t\t}\r\n\t}\r\n\r\n\telse if(X.c(\"'AMC V1.2 REPLAY!'\") && X.c(\"0000003C0002\t\",0x4E)) {\r\n\t\t// ref https://gitlab.com/uade-music-player/uade/-/raw/master/amigasrc/players/wanted_team/AMComposer/src/AMComposer 1.2_v4.asm\r\n\t\tsName = \"Marc Hawlitzeck's A.M. Composer module (.AMC)\"; bDetected = 1;\r\n\t\tsVersion = \"v\"+X.SA(5,3);\r\n\t\tif(X.isVerbose()) {\r\n\t\t\td0 = X.U32(0x14,_BE); a3 = X.U32(0x18,_BE); d3 = c = 0; p = 0x48; special = '';\r\n\t\t\tfor(smp = 0; p < X.Sz() && p < a3; p += 16) {\r\n\t\t\t\td2 = X.I32(p,_BE) + 2*X.U16(p+4,_BE); smp++; if(d2 > d3) d3 = d2 } p = d3;\r\n\t\t\tif(p < X.Sz()) {\r\n\t\t\t\twhile(p+c < X.Sz() && isWithin(X.U8(p+c),32,126)) c++;\r\n\t\t\t\tif(!X.U8(p+c) && p+c+1 == X.Sz()) c++; special = X.SA(p,c)\r\n\t\t\t}\r\n\t\t\tsOption(special,'info:\"','\"');\r\n\t\t\tsOption('smp:'+smp+' sz:'+outSz(p+c))\r\n\t\t}\r\n\t}\r\n\r\n\telse if(X.c(\"' 0?' sz:'+outSz(sz):''));\r\n\t\t}\r\n\t}\r\n\r\n\telse if(X.c(\"'ASYLUM Music Format V1.0'00000000 00000000\") && X.U8(0x22) <= 0x40\r\n\t && X.Sz() >= 0xA66+0x800*X.U8(0x23)) {\r\n\t\tsName = \"Electronic Arts' ASYLUM Music Format module (.AMF)\"; bDetected = 1;\r\n\t\tsVersion = \"v\"+X.SA(0x15,3);\r\n\t\tif(X.isVerbose()) {\r\n\t\t\tspd0 = X.U8(0x20); bpm0 = X.U8(0x21);\r\n\t\t\tsmp = X.U8(0x22); ptn = X.U8(0x23); ord = X.U8(0x24);\r\n\t\t\tp = 0x126;\r\n\t\t\tvar allsmpsz = 0; smps = [];\r\n\t\t\tfor(i=0; i < smp; i++) {\r\n\t\t\t\tsmps.push(decAnsi(0x126+0x25*i,0x16,CP437,true,Chars0to1F).trim());\r\n\t\t\t\tallsmpsz += X.U32(0x126+0x25*i+0x19);\r\n\t\t\t}\r\n\t\t\tsz = 0xA66+0x800*ptn+allsmpsz;\r\n\t\t\tsOptionT(addEllipsis(smps.filter(funSampleName).join(\" \"),0x100,0xA0), 'smp/msg:\"','\"')\r\n\t\t\tsOption(\"spd0:\"+spd0+\" bpm0:\"+bpm0+\" ord:\"+ord+\" ptn:\"+ptn+\" smp:\"+smp+\" smpsz:\"+Hex(allsmpsz)+\" sz:\"+outSz(sz))\r\n\t\t}\r\n\t}\r\n\r\n\telse if(X.c(\"'Extreme0'01\") && X.U8(0xF) <= 0x20) {\r\n\t\t//ref http://modland.com/pub/documents/format_documentation/Extreme's%20Tracker%20v1.3%20(.ams).txt\r\n\t\tsName = \"Extreme's Tracker Advanced Module System track (.AMS)\"; bDetected = 1;\r\n\t\t//song tech info\r\n\t\tif(X.isVerbose()) {\r\n\t\t\tcmd = X.U8(9)>>5; sch = (X.U8(9)&0x1F)+1;\r\n\t\t\tsmp = X.U8(10); ptn = X.U16(11); ord = X.U16(13);\r\n\t\t\tvmch = X.U8(15); xtra = X.U16(16);\r\n\t\t\tp = xtra + 18; S = []; allsmpsz = 0;\r\n\t\t\tfor(i=0; i < smp; i++,p+=17) {\r\n\t\t\t\tvar ssz = X.U32(p); allsmpsz += ssz;\r\n\t\t\t\tco = X.U8(p+16)&3; b16 = (X.U8(p+16)&0x80)?2:1; S.push([co,ssz,b16]);\r\n\t\t\t}\r\n\t\t\tsOptionT(X.SC(p+1,X.U8(p),'CP437')); p += 1+X.U8(p); //skip title\r\n\t\t\tsmps = []; for(i=0; i < smp; i++) { //store smp names\r\n\t\t\t\tsmps.push(X.SC(p+1,X.U8(p),'CP437')); p += 1+X.U8(p) }\r\n\t\t\tschs = []; for(i=0; i < sch; i++) { //store \"channel\" names\r\n\t\t\t\tschs.push(X.SC(p+1,X.U8(p),'CP437')); p += 1+X.U8(p) }\r\n\t\t\tfor(i=0; i < ptn; i++) p += 1+X.U8(p); //skip ptn names\r\n\t\t\tmsg = X.readBytes(p+2,X.U16(p),true/*\\0 is a space*/); var msg_ = []; p += 2+X.U16(p);\r\n\t\t\tfor(i=0; i < msg.length; i++) { //RLE\r\n\t\t\t\tif(msg[i] < 0x80) msg_.push(msg[i]);\r\n\t\t\t\telse if(msg[i] <= 0xA0) /*for(j=0; j < msg[i]-0x80; j++)*/ msg_.push(0x20); //too long\r\n\t\t\t\telse msg_.push(0x0A); //this RLE uses too_many_spaces as a line break; let's maybe not\r\n\t\t\t}\r\n\t\t\tmsg = decEncoding(msg_,'CP437'); delete msg_;\r\n\t\t\tmptn = -1;\r\n\t\t\tfor(i=0; i < ord; i++) { t = X.U16(p+2*i); if(t > mptn) mptn = t }\r\n\t\t\tmptn++; p += 2*ord;\r\n\t\t\tfor(i=0; i < ptn; i++) p += 4+X.U32(p);\r\n\t\t\tallsmpcsz = 0;\r\n\t\t\tfor(i=0; i < smp; i++) if(!S[i][0]) p += 8+S[i][1]*S[i][2]; //non-compressed\r\n\t\t\telse if(S[i][1]) { //compressed & smp size > 0\r\n\t\t\t\tp += 4; scosz = X.U32(p); cc = X.U8(p+4); p += 5+scosz; allsmpcsz += scosz\r\n\t\t\t}\r\n\t\t\tdelete S;\r\n\t\t\tsOption(addEllipsis(schs.join(' '),0xA0,0x80),'chns:\"','\"');\r\n\t\t\tsOption(addEllipsis(msg.trim(),0x100,0x80),'msg:\"','\"');\r\n\t\t\tsOption('ord:'+ord+' ptn:'+ptn+(mptn!=ptn?'/'+mptn:'')+' smp:'+smp+' cmd:'+cmd\r\n\t\t\t\t+' strk:'+sch+(vmch?' mtrk:'+vmch:'')+' co.smpsz:'+(allsmpcsz*100/allsmpsz).toFixed(1)+'% sz:'+outSz(p))\r\n\t\t}\r\n\t}\r\n\r\n\telse if(X.c(\"'AMShdr'1A\") && X.U8(7) <= 30 && X.U8(9+X.U8(7)) == 2 && X.U8(8+X.U8(7)) <= 2) {\r\n\t\t//ref http://modland.com/pub/documents/format_documentation/Velvet%20Studio%20v2.2,%20Advanced%20Module%20System%20(.ams).txt\r\n\t\tbDetected = 1; p = 8+X.U8(7); nv = X.U8(p);\r\n\t\tsName = \"Velvet Studio Advanced Module System track (.AMS)\";\r\n\t\tsVersion = \"v\"+X.U8(p+1)+'.'+nv;\r\n\t\tbad = '';\r\n\t\tptn = X.U16(p+3); if(ptn > 1024) bad = bad.addIfNone('!badptn');\r\n\t\tord = X.U16(p+5);\r\n\t\tif(X.isVerbose()) {\r\n\t\t\ttitle = X.SC(8,p-8,'CP437');\r\n\t\t\tins = X.U8(p+2);\r\n\t\t\tp += 7; if(X.Sz() < 36+11+ins*2+ord*2+ptn*4) bad = bad.addIfNone('!short');\r\n\t\t\tif(nv == 2) {\r\n\t\t\t\tbpm0 = Math.max(32<<8, X.U16(p)); p += 2; bpm0 = (bpm0>>8)+'.'+(bpm0&0xFF)\r\n\t\t\t\tspd0 = Math.max(1,X.U8(p++)); p += 3; flg = X.U16(p); p += 2\r\n\t\t\t} else {\r\n\t\t\t\tbpm0 = Math.max(32,X.U8(p++)); spd0 = Math.max(1,X.U8(p++)); flg = X.U8(p++)\r\n\t\t\t}\r\n\t\t\tch = (flg >> 6)&1?'2':'1';\r\n\t\t\tlinfreqtbl = (flg & 0x40) ? \" lnr.freq.tbl.\":\"\";\r\n\t\t\tmidiused = (flg & 0x80) ? \" MIDI used\":\"\";\r\n\t\t\tsOptionT(title);\r\n\t\t\tinss = []; smps = []; S = []; allsmpsz = allsmpcsz = smp = shd = 0;\r\n\t\t\tfor(i = 0; i < ins; i++) {\r\n\t\t\t\tt_ = X.U8(p++); if(t_ > 30) bad = bad.addIfNone('!badins');\r\n\t\t\t\tt = X.SC(p,t_,'CP437').trim(); p += t_; if(t != \"\") inss.push(t);\r\n\t\t\t\tinssmp = X.U8(p++);\r\n\t\t\t\tif(inssmp) {\r\n\t\t\t\t\tif(nv == 0) p += 100; else p += 124;\r\n\t\t\t\t\tt = X.U8(p++); if(t > 63) bad = bad.addIfNone('!badenv');\r\n\t\t\t\t\tp += t*3+4; t = X.U8(p++); if(t > 63) bad = bad.addIfNone('!badpan');\r\n\t\t\t\t\tp += t*3+4; t = X.U8(p++); if(t > 63) bad = bad.addIfNone('!badvibenv');\r\n\t\t\t\t\tp += t*3; t = X.U8(p);\r\n\t\t\t\t\tshdins = t > 0; if(shdins) shd++; p += 5;\r\n\t\t\t\t\tfor(s = 0; s < inssmp; s++) {\r\n\t\t\t\t\t\tt_ = X.U8(p++); if(t_ > 22) bad = bad.addIfNone('!badsmp');\r\n\t\t\t\t\t\tt = X.SC(p,t_,'CP437').trim(); p += t_; //if(t != \"\") smps.push(t);\r\n\t\t\t\t\t\tssz = X.U32(p); p += 4; if(!shdins) smp++;\r\n\t\t\t\t\t\tif(ssz) {\r\n\t\t\t\t\t\t\tif(!shdins) { allsmpsz += ssz; sfl = X.U8(p+15);\r\n\t\t\t\t\t\t\t\tco = sfl&3; b16 = (sfl&4)?2:1; S.push([co,ssz,b16]) }\r\n\t\t\t\t\t\t\tp += 16\r\n\t\t\t\t\t\t}\r\n\t\t\t\t\t}\r\n\t\t\t\t}\r\n\t\t\t}\r\n\t\t\tt_ = X.U8(p++); sOptionT(X.SC(p,t_,'CP437'),'by:'); p += t_; \r\n\t\t\tschs = []; for(i=0; i < 32; i++) { //store \"channel\" names\r\n\t\t\t\tschs.push(X.SC(p+1,X.U8(p),'CP437')); p += 1+X.U8(p) }\r\n\t\t\t// read the description\r\n\t\t\tmsg = X.readBytes(p+11,X.U32(p)-11); msg_ = []; co = X.U8(p+10); p += X.U32(p);\r\n\t\t\tif(co) { for(i=0; i < msg.length;) { //RLE\r\n\t\t\t\t\tc = msg[i++];\r\n\t\t\t\t\tif(c == 0xFF && msg.length-i >= 2) {\r\n\t\t\t\t\t\tc = msg[i++]; n = msg[i++];\r\n\t\t\t\t\t\tif(c != 0x20) for(j=0; j < n; j++) msg_.push(c);\r\n\t\t\t\t\t\telse if(n <= 0x20) msg_.push(0x20); //not too many spaces in one\r\n\t\t\t\t\t\telse msg_.push(0x0A); //too many spaces.\r\n\t\t\t\t\t}\r\n\t\t\t\t\telse msg_.push(c);\r\n\t\t\t\t}\r\n\t\t\t\tmsg = decEncoding(msg_,'CP437');\r\n\t\t\t} else msg = decEncoding(msg,'CP437');\r\n\t\t\tdelete msg_;\r\n\t\t\tp += ord<<1; //skip the orderlist\r\n\t\t\tfor(i=0; i < ptn; i++) p += 4+X.U32(p); //skip the patterns\r\n\t\t\tif(p > X.Sz()) bad = bad.addIfNone('!short');\r\n\t\t\tfor(i=0; i < smp; i++)\r\n\t\t\t\tif(!S[i][0]) {\r\n\t\t\t \t\tp += S[i][1]*S[i][2]; //non-compressed\r\n\t\t\t\t} else if(S[i][1]) { //compressed & smp size > 0\r\n\t\t\t\t\tscosz = X.U32(p+4); cc = X.U8(p+9);\r\n\t\t\t\t\tp += 9+scosz; allsmpcsz += scosz\r\n\t\t\t\t}\r\n\t\t\tsz = p;\r\n\t\t\tsOption(addEllipsis(schs.join(' '),0xA0,0x80),'chns:\"','\"');\r\n\t\t\tsOption(addEllipsis(inss.filter(funSampleName).join(' '),0xA0,0x80),'insts/msg:\"','\"');\r\n\t\t\t//sOption(addEllipsis(smps.join(' '),0xA0,0x80),'smps/msg:\"','\"');\r\n\t\t\tsOption(addEllipsis(msg.trim(),0xA0),'msg:\"','\"');\r\n\t\t\tsOption('ch:'+ch+' ins:'+ins+(shd?'+'+shd+'sh':'')+' ord:'+ord+' ptn:'+ptn+\r\n\t\t\t\t' bpm0:'+bpm0+' spd0:'+spd0+linfreqtbl+midiused+\r\n\t\t\t\t' co.smpsz:'+(allsmpcsz*100/allsmpsz).toFixed(1)+'% sz:'+outSz(sz))\r\n\t\t}\r\n\t\tif(bad) sVersion = sVersion.appendS('malformed'+bad,'/');\r\n\t}\r\n\r\n\telse if(X.c(\"'AMX \")) {\r\n\t\t//ref http://and.intercon.ru/releases/audio/xsynth/\r\n\t\tsName = \"Dmitry 'AND' Andreev's XSynth module (.AMX)\"; bDetected = 1\r\n\t}\r\n\r\n\telse if(X.c(\"'AON4'\") || X.c(\"'AON8'\")) {\r\n\t\t// https://www.exotica.org.uk/wiki/Art_of_Noise\r\n\t\tsName = \"Bastian 'Twice' Spiegel's Art of Noise/Chorus module (.AON)\"; bDetected = 1; ch = X.U8(3)-0x30;\r\n\t\tif(X.isVerbose()) {\r\n\t\t\tid = X.SA(4,0x2A);\r\n\t\t\tp = 0x2E; //header skipped\r\n\t\t\tt = a = d = c = ''; ord = ptn = ins = 0;\r\n\t\t\twhile (p < X.Sz()) {\r\n\t\t\t\tif(X.U8(p) == 0x3F) { p += (4-p) & 3; break }\r\n\t\t\t\thkhd = X.readBytes(p,4); if(charStat(hkhd,1).indexOf('allasc') < 0) break;\r\n\t\t\t\thkhd = decEncoding(hkhd,CP437); hksz = X.U32(p+4,_BE); p += 0x08;\r\n\t\t\t\tswitch (hkhd) {\r\n\t\t\t\t\tcase 'NAME': t = X.SC(p,hksz,'CP1252'); break;\r\n\t\t\t\t\tcase 'AUTH': a = X.SC(p,hksz,'CP1252'); break;\r\n\t\t\t\t\tcase 'DATE': d = X.SC(p,hksz,'CP1252'); break;\r\n\t\t\t\t\tcase 'RMRK': c = X.SC(p,hksz,'CP1252'); break;\r\n\t\t\t\t\tcase \"PLST\": ord = hksz; for(i=0; i < ord; i++) if((o=X.U8(p+i)+1) > ptn) ptn = o; break;\r\n\t\t\t\t\tcase 'WLEN': for(i=0; i < (hksz>>2); i += 4) if(X.U32(p+i,_BE)) ins++; break;\r\n\t\t\t\t}\r\n\t\t\t\tp += hksz;\r\n\t\t\t}\r\n\t\t\tsOptionT(t); sOptionT(a,\"by: \"); sOptionT(d,\"on: \"); sOption(id,\"in: \");\r\n\t\t\tsOption(addEllipsis(c.trim(),0xA0));\r\n\t\t\tsOption('ch:'+ch+' ord:'+ord+' ptn:'+ptn+' ins:'+ins+' sz:'+outSz(p))\r\n\t\t}\r\n\t}\r\n\r\n\telse if(X.c(\"'ADRVPACK'\")) {\r\n\t\tsName = \"Petter A. Urkedal's AProSys module (.APS)\"; bDetected = 1\r\n\t}\r\n\r\n\telse if(X.c(\"'ARP.'\")) {\r\n\t\tsName = \"Major Tom's Player 2 module (.ARP)\"; bDetected = 1\r\n\t}\r\n\r\n\telse if(X.c(\"'ACTIONAMICS SOUND TOOL'\",0x3E)) {\r\n\t\tsName = \"Michael Kleps's Actionamics Sound Tool module (.AST)\"; bDetected = 1;\r\n\t\tsVersion = \"v\"+X.SA(0x56,3);\r\n\t}\r\n\r\n\telse if(X.c(\"08'AST '\") && isWithin(X.U8(9), 4,8) && X.U16(0xA) <= 1001) {\r\n\t\t// http://justsolve.archiveteam.org/wiki/All_Sound_Tracker_module\r\n\t\tsName = \"Patrice 'Cagliostro' Bouchand's All Sound Tracker module (.AST)\";\r\n\t\tsVersion = 'v'+X.SA(5,4); bDetected = 1;\r\n\t\tif(X.isVerbose()) {\r\n\t\t\tL = X.U16(0x0A);\r\n\t\t\tinfo = X.SC(0xC,L+1,'CP850'); p = 0xD+L;\r\n\t\t\ts = \"\";\r\n\t\t\tfor(i = 0; i < L; i+=0x26) {\r\n\t\t\t\tif((t = info.slice(i,i+0x26).trim()).length) s = s.appendS(t,'\\n') //skipping the empty lines\r\n\t\t\t}\r\n\t\t\tsOption(addEllipsis(s,0x200));\r\n\t\t\tord = X.U8(p++); sz = 0;\r\n\t\t\tfor(i=ptn=0; i <= ord; i++) ptn = Math.max(ptn,X.U8(p++)+1);\r\n\t\t\tfmp = X.I32(p); awp = X.I32(p+4); ptnp = X.I32(p+8);\r\n\t\t\tawesonp = X.I32(p+0xC); wavep = X.I32(p+0x10); p += 0x14; sz = Math.max(sz,p);\r\n\t\t\tfor(p=fmp,fmi=0,n=X.U8(p++); n < 0xFF && p < X.Sz(); fmi++) { p += 20; n = X.U8(p++) }\r\n\t\t\tsz = Math.max(sz,p);\r\n\t\t\tfor(p=awp,awes=0,n=X.U8(p++); n < 0xFF && p < X.Sz(); awes++) { p += 51; n = X.U8(p++) }\r\n\t\t\tfor(awei=0,n=X.U8(p++); n < 0xFF && p < X.Sz(); awei++) { p += 39; n = X.U8(p++) }\r\n\t\t\tfor(awed=0,n=X.U8(p++); n < 0xFF && p < X.Sz(); awed++) { p += 3; n = X.U8(p++) }\r\n\t\t\tp += 2;//cht = X.U8(p++); revt = X.U8(p++);\r\n\t\t\tp += 9*(14+9) + 9*(56+9)+1; sz = Math.max(sz,p);\r\n\t\t\tfor(p=ptnp,ptn_=0,n=X.U8(p++); n < 0xFF && p < X.Sz(); ptn_++) { p += 2+X.U16(p); n = X.U8(p++) }\r\n\t\t\tsz = Math.max(sz,p);\r\n\t\t\tfor(p=wavep,wf=0,n=X.U8(p++); n < 0xFF && p < X.Sz(); wf++) { p += 36; n = X.U8(p++) }\r\n\t\t\tsz = Math.max(sz,p); if(sVersion === 'v0001') sz--; //v01 doesn't have the finalising FF, so EoF is how it ends\r\n\t\t\tsOption('def:'+X.U8(9)+' ord:'+ord+' ptn:'+ptn+(ptn_!=ptn?'/'+ptn_:'') +' wavep:'+Hex(wavep)\r\n\t\t\t\t+(fmi?' FMins:'+fmi:'')+(awes?' AWEsmp:'+awes:'')\r\n\t\t\t\t+(awei?' AWEins:'+awei:'')+(wf?' wf:'+wf:'')+' sz:'+outSz(sz))\r\n\t\t}\r\n\t}\r\n\r\n\telse if(X.c(\"'AudioSculpture10'00180018\")) {\r\n\t\tsName = \"Synchron Assembly's Audio Sculpture synth file (.AS)\"; bDetected = 1\r\n\t}\r\n\r\n\telse if(X.c(\"'##synth'0D0A\")) {\r\n\t\tsName = \"Athaudia's Athtune module (.ATHTUNE)\"; bDetected = 1\r\n\t}\r\n\r\n\telse if(X.c(\"'FORM'.... ....'AXSFUSER'\") && X.c(\"'SHDR'\", t=X.U32(0x10,_BE)+0x14)\r\n\t && X.c(\"'SONG'\",X.U32(t+4,_BE)+t+8)) {\r\n\t \t//ref https://web.archive.org/web/20141129231503/http://www.resolutionaudio.nl/\r\n\t\tsName = \"Resolution's AXS module (.AXS)\"; bDetected = 1;\r\n\t\tif(X.isVerbose()) {\r\n\t\t\tfor(ord=ptn=ins=smp=0,sz=X.U32(4,_BE)+8,p=0xC,maxsz=Math.min(sz,X.Sz()); p < maxsz;) {\r\n\t\t\t\thkhd = X.readBytes(p,4); if(charStat(hkhd,1).indexOf('allasc') < 0) break;\r\n\t\t\t\thkhd = decEncoding(hkhd,CP437); hksz = X.U32(p+4,_BE); p += 8;\r\n\t\t\t\tswitch(hkhd) {\r\n\t\t\t\tcase 'SONG': ord = hksz >> 3; break;\r\n\t\t\t\tcase 'BLOK': ptn++; break;\r\n\t\t\t\tcase 'INST': ins++; break;\r\n\t\t\t\tcase 'SAMP': smp++; break\r\n\t\t\t\t}\r\n\t\t\t\tp += hksz\r\n\t\t\t}\r\n\t\t\tsOption('ord:'+ord+' ptn:'+ptn+(ins?' syn:'+ins:'')+(smp?' smp:'+smp:'')+' sz:'+outSz(sz))\r\n\t\t}\r\n\t}\r\n\r\n\telse if(X.c(\"'BBSONG'00'0001'00\")) {\r\n\t\t//ref https://github.com/atsidaev/beepola/blob/master/STSong.pas etc.\r\n\t\tsName = \"Shiru's Beepola module (.BBSONG)\"; bDetected = 1;\r\n\t\tp = 0xC; var layouttag = false;\r\n\t\tord = orn = ptn = svgptn = svgwarp = phains = 0; bad = title = auth = engine = '';\r\n\t\twhile(p < X.Sz()) {\r\n\t\t\tif(p >= X.Sz()) break;\r\n\t\t\tif(X.U8(p++) != 0x3A) { p--; break }\r\n\t\t\tt = X.SA(p,254); p += t.length+1;\r\n//_log(t+' @'+Hex(p));\r\n\t\t\tswitch(t) {\r\n\t\t\tcase 'INFO':\r\n\t\t\t\tfor(; p < X.Sz();) {\r\n\t\t\t\t\tt = X.SC(p,TOEOF,'CP1251'); p += t.length + 1; if(t === ':END') break;\r\n\t\t\t\t\txx = t.split('='); if(xx.length > 2) xx = [xx[0], xx.slice(1,xx.length).join('=')];\r\n\t\t\t\t\tswitch(xx[0]) {\r\n\t\t\t\t\tcase 'Title': title = xx[1]; break;\r\n\t\t\t\t\tcase 'Author': auth = xx[1]; break;\r\n\t\t\t\t\tcase 'Engine': engine = xx[1]; break;\r\n\t\t\t\t\t}\r\n\t\t\t\t}\r\n\t\t\t\tbreak;\r\n\t\t\tcase 'LAYOUT':\r\n\t\t\t\tlayouttag = true;\r\n\t\t\t\twhile(p < X.Sz()) {\r\n\t\t\t\t\tt = X.SC(p,TOEOF,'CP1251'); p += t.length + 1; if(t === ':END') break;\r\n\t\t\t\t\txx = t.split('='); if(xx.length > 2) xx = [xx[0], xx.slice(1,xx.length).join('=')];\r\n\t\t\t\t\tswitch(xx[0]) {\r\n\t\t\t\t\tcase 'LoopStart': lp = +xx[1]; break;\r\n\t\t\t\t\tcase 'Length': ord = +xx[1]; ptn = 0;\r\n\t\t\t\t\t\tfor(i=0; i < ord; i++) if(ptn <= (t=X.U8(p++))) ptn = t+1; break;\r\n\t\t\t\t\t}\r\n\t\t\t\t}\r\n\t\t\t\tbreak;\r\n\t\t\tcase 'PATTERNDATA':\r\n\t\t\t\twhile(p < X.Sz()) {\r\n\t\t\t\t\tt = X.SC(p,0x400,'CP1251'); p += t.length + 1; if(t === ':END') break;\r\n\t\t\t\t\txx = t.split('='); if(xx.length > 2) xx = [xx[0], xx.slice(1,xx.length).join('=')];\r\n\t\t\t\t\tswitch(xx[0]) {\r\n\t\t\t\t\tcase 'PatternCount': ptns = +xx[1];\r\n\t\t\t\t\t\tfor(i = 0; i < ptns && p < X.Sz(); i++) {\r\n\t\t\t\t\t\t\tt = X.SC(p,0x500,'CP1251'); p += t.length + 1; if(t === ':END') break;\r\n\t\t\t\t\t\t\txx = t.split('='); if(xx.length > 2) xx = [xx[0], xx.slice(1,xx.length).join('=')];\r\n\t\t\t\t\t\t\tif(xx[0] === 'PatternName') p += 8+5*X.U32(p);\r\n\t\t\t\t\t\t}\r\n\t\t\t\t\t\tbreak;\r\n\t\t\t\t\t}\r\n\t\t\t\t}\r\n\t\t\t\tbreak;\r\n\t\t\tcase 'SVGPATTERNDATA':\r\n\t\t\t\twhile(p < X.Sz()) {\r\n\t\t\t\t\tt = X.SC(p,0x400,'CP1251'); p += t.length + 1; if(t === ':END') break;\r\n\t\t\t\t\txx = t.split('='); if(xx.length > 2) xx = [xx[0], xx.slice(1,xx.length).join('=')];\r\n\t\t\t\t\tswitch(xx[0]) {\r\n\t\t\t\t\tcase 'PatternCount': svgptn = +xx[1];\r\n\t\t\t\t\t\tfor(i = 0; i < svgptn && p < X.Sz(); i++) p += 4+16*X.U32(p);\r\n\t\t\t\t\t\tbreak;\r\n\t\t\t\t\t}\r\n\t\t\t\t}\r\n\t\t\t\tbreak;\r\n\t\t\tcase 'SVGWARPDATA':\r\n\t\t\t\twhile(p < X.Sz()) {\r\n\t\t\t\t\tt = X.SC(p,0x400,'CP1251'); p += t.length + 1; if(t === ':END') break;\r\n\t\t\t\t\txx = t.split('='); if(xx.length > 2) xx = [xx[0], xx.slice(1,xx.length).join('=')];\r\n\t\t\t\t\tswitch(xx[0]) {\r\n\t\t\t\t\tcase 'PatternCount': svgwarp = +xx[1];\r\n\t\t\t\t\t\tfor(i = 0; i < svgwarp && p < X.Sz(); i++) p += 4+2*X.U32(p);\r\n\t\t\t\t\t\tbreak;\r\n\t\t\t\t\t}\r\n\t\t\t\t}\r\n\t\t\t\tbreak;\r\n\t\t\tcase 'P1INSTR':\r\n\t\t\t\twhile(p < X.Sz()) {\r\n\t\t\t\t\tt = X.SC(p,0x400,'CP1251'); p += t.length + 1; if(t === ':END') break;\r\n\t\t\t\t\txx = t.split('='); if(xx.length > 2) xx = [xx[0], xx.slice(1,xx.length).join('=')];\r\n\t\t\t\t\tswitch(xx[0]) {\r\n\t\t\t\t\tcase 'Length': phains = +xx[1]; p += phains; break;\r\n\t\t\t\t\t}\r\n\t\t\t\t}\r\n\t\t\t\tbreak;\r\n\t\t\tcase 'SVGORNAMENTS':\r\n\t\t\t\twhile(p < X.Sz()) {\r\n\t\t\t\t\tt = X.SC(p,0x400,'CP1251'); p += t.length + 1; if(t === ':END') break;\r\n\t\t\t\t\txx = t.split('='); if(xx.length > 2) xx = [xx[0], xx.slice(1,xx.length).join('=')];\r\n\t\t\t\t\tswitch(xx[0]) {\r\n\t\t\t\t\tcase 'OrnamentCount': orn = +xx[1];\r\n\t\t\t\t\t\tfor(i = 0; i < orn && p < X.Sz(); i++) p += 4+X.U32(p);\r\n\t\t\t\t\t\tbreak;\r\n\t\t\t\t\t}\r\n\t\t\t\t}\r\n\t\t\t\tbreak;\r\n\t\t\tdefault: bad = bad.addIfNone('!badchunk')\r\n\t\t\t}\r\n//_log(' ...ends @'+Hex(p));\r\n\t\t}\r\n\t\tif(!layouttag) bad = bad.addIfNone('!corrupt');\r\n\t\tsVersion = 'engine:'+engine; if(bad != '') sVersion = sVersion.appendS('malformed'+bad,'/');\r\n\t\tif(X.isVerbose()) {\r\n\t\t\tsOptionT(title); sOptionT(auth,\"by: \");\r\n\t\t\tsOption('ord:'+ord+(lp?' lp:'+lp:'')+' ptn:'+ptn+(svgptn?'+svg':'')\r\n\t\t\t\t+(svgwarp?' warp':'')+(orn?' orn':'')+(phains?' phasers':'')+' sz:'+outSz(p))\r\n\t\t}\r\n\t}\r\n\r\n\telse if(X.c(\"000003F3\") && X.U8(0x14)\r\n\t && X.c(\"70FF4E75'DAGLISH!'\",0x20)\r\n\t && X.U32(0x2C,_BE) && X.U32(0x30,_BE)\r\n\t && X.U32(0x34,_BE) && X.U32(0x38,_BE)) {\r\n\t\tbDetected = 1;\r\n\t\tsName = \"Ben Daglish's SID (.BDS)\"; sVersion = \"v1.1\";\r\n\t\tif(X.isVerbose()) {\r\n\t\t\ttitle = X.SA(0x20+X.U32(0x3C,_BE),0x100);\r\n\t\t\tauth = X.SA(0x20+X.U32(0x40,_BE),0x100);\r\n\t\t\tmisc = X.SA(0x20+X.U32(0x44,_BE),0x100);\r\n\t\t\tsOptionT(title);\r\n\t\t\tx = X.U32(0x38,_BE); if(x > 1) sOption(x,\"×\");\r\n\t\t\tsOptionT(auth,\"by: \");\r\n\t\t\tsOptionT(misc);\r\n\t\t}\r\n\t}\r\n\r\n\telse if(/BMF1\\.[012]/.test(X.SA(0,6)) && X.Sz() > 8 && X.fSig(6,42,\"00\") > 6) {\r\n\t\t//ref https://github.com/adplug/adplug/blob/master/src/bmf.cpp\r\n\t\tsName = \"The Brain's Easy Adlib module (.BMF)\"; sV = X.SA(5,1);\r\n\t\tsVersion = \"v1.\"+sV; bDetected = 1;\r\n\t\tif(X.isVerbose() && sV > '0') {\r\n\t\t\tp = 6; bad = title = author = \"\";\r\n\t\t\tf = X.fSig(p,-1,\"00\");\r\n\t\t\ttitle = X.SA(p,f-p); p += title.length+1; //read title\r\n\t\t\tf = X.fSig(p,-1,\"00\"); if(f > 0) {\r\n\t\t\tauthor = X.SA(p,f-p); p += author.length+1; //read author\r\n\t\t\tspd = X.U8(p++);\r\n\t\t\tif(X.isDeepScan()) {\r\n\t\t\t\tfl = X.U32(p); p += 4; ins = 0;\r\n\t\t\t\tfor(i = 0; i < 32; i++) {\r\n\t\t\t\t\tif(fl&1) { p += 24; if(p > X.Sz()) bad = bad.addIfNone('!short') } fl >>= 1; ins++\r\n\t\t\t\t}\r\n\t\t\t\tfl = X.U32(p); p += 4; const last = 1023;\r\n\t\t\t\ttrk = 0; trkend = false;\r\n\t\t\t\tfor(i = 0; i < 32; i++) {\r\n\t\t\t\t\tif(fl&1) { trk++; trkend = false;\r\n\t\t\t\t\t\tfor(q = 0; p < X.Sz() && !trkend && q <= last; q < last && q++) {\r\n\t\t\t\t\t\t\tt = X.U8(p++);\r\n\t\t\t\t\t\t\tswitch(t) {\r\n\t\t\t\t\t\t\tcase 0xFE: trkend = true; break; //end of reader\r\n\t\t\t\t\t\t\tcase 0xFC: case 0x7D: break; //set marker, loop to marker\r\n\t\t\t\t\t\t\tdefault:\r\n\t\t\t\t\t\t\t\tevnote = t & 0x7F; if(!(t & 0x80)) break;\r\n\t\t\t\t\t\t\t\tt = X.U8(p);\r\n\t\t\t\t\t\t\t\tif(t & 0x80) {\r\n\t\t\t\t\t\t\t\t\tevdly = t & 0x3F; p++; if(!(t & 0x40)) break;\r\n\t\t\t\t\t\t\t\t}\r\n\t\t\t\t\t\t\t\tt = X.U8(p++);\r\n\t\t\t\t\t\t\t\tif(0x40 <= t) { evvol = t+1-0x40; }\r\n\t\t\t\t\t\t\t\telse if(0x20 <= t && t <= 0x3F) { evins = t+1-0x20; }\r\n\t\t\t\t\t\t\t\telse {\r\n\t\t\t\t\t\t\t\t\tif(sV == '2') if(1 <= t && t <= 6) p++\r\n\t\t\t\t\t\t\t\t}\r\n\t\t\t\t\t\t\t}\r\n\t\t\t\t\t\t}\r\n\t\t\t\t\t}\r\n\t\t\t\t\tfl >>= 1\r\n\t\t\t\t}\r\n\t\t\t\tif(!trkend) { bad = bad.addIfNone('!short'); p = -1 }\r\n\t\t\t}//if deepscan\r\n\t\t\t}//if author is null-terminated\r\n\t\t\telse bad = bad.addIfNone('!badtags');\r\n\t\t\tif(bad != \"\") sVersion = sVersion.appendS('malformed'+bad,'/');\r\n\t\t\tsOptionT(title); sOptionT(author,'by: ');\r\n\t\t\tsOption('spd:'+spd+(X.isDeepScan()?' trk:'+trk+' ins:'+ins+' sz:'+outSz(p):''));\r\n\t\t}\r\n\t}\r\n\r\n\telse if(X.Sz() > 0x180 && X.c(\"'Buzz'\") && isWithin(X.U32(4),1,0xC) && X.c(\"7C010000\",0xC) && X.fSig(8,0x40,\"'MACH'\") > 0) {\r\n\t\tsName = \"Oskari Tammelin's Jeskola Buzz module (.BMX)\"; bDetected = 1;\r\n\t\t// Do NOT waste time trying to extract anything else...\r\n\t\t// You'll find the format dox lie and formats differ\r\n\t\t// For example, the no. of machines overlaps with some beta's version string\r\n\t\t// For example, that beta has no float x/y coordinates\r\n\t\t// And there is no signature difference.\r\n\t}\r\n\r\n\telse if(X.Sz() >= 0x6E5C && X.c(\"0100'ADLIB'9D02A0021C000000\") && X.adler32(0,0x6E5C) == 0x1DF2E9B9) {\r\n\t\tsName = 'Instrument bank for Adlib Visual Composer (STANDARD.BNK)'; bDetected = 1;\r\n\t\tif(X.isVerbose()) sOption(outSz(0x6E5C),'sz:')\r\n\t}\r\n\r\n\telse if(X.c(\"'BRTF'\") && ['NAME','INFO'].includes(X.SA(8,4))) {\r\n\t\tsName = \"Benjamin 'BeRo' Rousseaux's BeRoTracker module (.BRT)\"; bDetected = 1;\r\n\t\tif(X.isVerbose()) {\r\n\t\t\tp = 8; t = c = q = ''; instmsg = []; sainmsg = [];\r\n\t\t\tins = smp = ptn = ord = 0; //TODO figure out how to get ptn\r\n\t\t\tbpm0 = spd0 = st0 = mvol = rowsperbeat = hltu = hltd = 0; end = false;\r\n\t\t\twhile (!end && p < X.Sz()) {\r\n\t\t\t\thkhd = X.SA(p,4);\r\n\t\t\t\thksz = X.U32(p+4,_LE);\r\n\t\t\t\tp += 8;\r\n\t\t\t\tswitch (hkhd) {\r\n\t\t\t\t\tcase \"NAME\": t = X.UCSD(p); break;\r\n\t\t\t\t\tcase \"MESS\": c = X.SC(p+2,X.U32(p,_LE),'CP1252'); break;\r\n\t\t\t\t\tcase \"BPMI\": rpb = X.U8(p); break;\r\n\t\t\t\t\tcase \"INFO\":\r\n\t\t\t\t\t\tspd0 = X.U8(p+4); bpm0 = X.U8(p+5);\r\n\t\t\t\t\t\tst0 = X.U8(p+6); mvol = X.U8(p+10);\r\n\t\t\t\t\t\tbreak;\r\n\t\t\t\t\tcase \"PORD\": ord = X.U8(p); break;\r\n\t\t\t\t\tcase \"PATT\": ptn++; break;\r\n\t\t\t\t\tcase \"PAIN\": hltu = X.U8(p+1); hltd = X.U8(p+2); break;\r\n\t\t\t\t\tcase \"SAIN\":\r\n\t\t\t\t\t\tsmp++;\r\n\t\t\t\t\t\tq = X.UCSD(p+2); if(q.trim().length) sainmsg.push(q);\r\n\t\t\t\t\t\tbreak;\r\n\t\t\t\t\tcase \"INST\":\r\n\t\t\t\t\t\tif(X.U8(p)) ins++;\r\n\t\t\t\t\t\tq = X.UCSD(p+1); if(q.trim().length) instmsg.push(q);\r\n\t\t\t\t\t\tbreak;\r\n\t\t\t\t\tcase \"DONE\": end = true; break;\r\n\t\t\t\t}\r\n\t\t\t\tp += hksz;\r\n\t\t\t}\r\n\t\t\tsOption(t); sOption(c);\r\n\t\t\tsOption(instmsg.filter(funSampleName).join(\"\\n\"),\"ins/msg:\\n\");\r\n\t\t\tsOption(sainmsg.filter(funSampleName).join(\"\\n\"),\"smp/msg:\\n\");\r\n\t\t\tsOption('bpm0:'+bpm0+' spd0:'+spd0+' ord:'+ord+' ins:'+ins+' smp:'+smp+' hlt:'+hltu+'/'+hltd+\r\n\t\t\t\t' RPB:'+rpb+' st.sep0:'+st0+' mixvol:'+mvol+' sz:'+outSz(X.U32(4)+8));\r\n\t\t}\r\n\t}\r\n\r\n\telse if(X.c(\"01000000\") && isWithin(X.U8(4),1,0xF) && X.c(\"FFFFFFFF\",0x34)\r\n\t && X.c(\"1027\",0x15C) && X.c(\"1027\",0x164) && X.c(\"1027\", 0x16C)) {\r\n\t\tsName = \"Christer Andersson's BoyScout module (.BSF)\"; bDetected = 1\r\n\t}\r\n\r\n\telse if(X.c(\"'FUCO'\") && X.c(\"'DIGI'\",0x4404) && X.c(\"'DIGP'\",0x47F8)) {\r\n\t\tsName = \"Anthony J. 'Slates' Bybell's BSI Future Composer module (.BSI)\"; bDetected = 1;\r\n\t\tbad = '';\r\n\t\tfor(smp=smpsz=i=0; i < 63; i++) {\r\n\t\t\tif(t=X.U32(0x440C+i*16,_BE)) smp++; smpsz += t;\r\n\t\t\tif(t > 0x20000) bad = bad.addIfNone('!badsmpsz')\r\n\t\t} if(bad != '') sVersion = sVersion.appendS('malformed'+bad,'/');\r\n\t\tif(X.isVerbose()) {\r\n\t\t\tsOption('smp:'+smp+' sz:'+outSz(0x47FC+smpsz))\r\n\t\t}\r\n\t}\r\n\r\n\telse if(X.c(\"'NuBEATHOVEN'\",0x22)) {\r\n\t\tbDetected = 1;\r\n\t\tsName = \"Thomas 'Dr.Nobody' Lopatic's Beathoven Synthesizer (.BSS)\";\r\n\t\tsVersion = \"v\"+X.SA(0x2D,3);\r\n\t\tif(X.isVerbose()) {\r\n\t\t\ttitle = X.SA(0x6C,0x100);\r\n\t\t\tauth = X.SA(0x6C+title.length+1,0x100);\r\n\t\t\tmisc = X.SA(0x6C+title.length+auth.length+2,0x100);\r\n\t\t\tsOptionT(title);\r\n\t\t\tsOptionT(auth,\"by: \");\r\n\t\t\tsOptionT(misc);\r\n\t\t}\r\n\t}\r\n\r\n\telse if(X.c(\"'CBA'F9\") && X.U8(0x24) == 0x1A && 0x14C+X.U16(0x25)+X.U8(0x29)*0x30 <= X.Sz()\r\n\t && isWithin(X.U8(0x27),1,32) && X.U8(0x2B) && X.U8(0x2C) >= 32) {\r\n\t\tsName = \"Chuck Biscuits & Zenic/Heretics' module (.CBA)\"; bDetected = 1;\r\n\t\tif(X.isVerbose()) {\r\n\t\t\tmsglen = X.U16(0x25); ch = X.U8(0x27); ptn = X.U8(0x28)+1; ord = X.U8(0x29);\r\n\t\t\tsmp = X.U8(0x2A); spd0 = X.U8(0x2B); tmp0 = X.U8(0x2C);\r\n\t\t\tfor(i=smpsz=0; i < smp; i++) smpsz += X.U32(0x14C+i*0x30+0x24);\r\n\t\t\tsz = 0x14C + smp*0x30 + ptn*64*5*ch + smpsz;\r\n\t\t\tmsg = X.SC(sz,msglen,\"CP437\").trim(); sz += msglen;\r\n\t\t\tsOptionT(X.SA(4,0x20)); //some sample names have user messages but few, no good way to tell\r\n\t\t\tsOption(addEllipsis(msg,0xC0,0xA0),'msg:\"','\"');\r\n\t\t\tsOption('spd:'+spd0+' tempo:'+tmp0+' ord:'+ord+' ptn:'+ptn+' smp:'+smp+' sz:'+outSz(sz))\r\n\t\t}\r\n\t}\r\n\r\n\telse if(X.c(\"''1ADEE0\") && (!X.U8(0x13) && X.c(\"'CUD-FM-File - SEND A POSTCARD -'\",0x601)\r\n\t || X.U8(0x13) && X.c(\"'YsComp'07'CUD1997'1A04\",0x20))) {\r\n\t\t//ref https://github.com/adplug/adplug/blob/master/src/cff.cpp\r\n\t\tsName = \"Daniel Eshcbach/CUD's Boom Tracker 4 module (.CFF)\"; sVersion = 'v'+X.U8(0x10); bDetected = 1; \r\n\t\tif(X.U8(0x13)) sVersion += '/LZW-packed';\r\n\t\tif(X.isVerbose()) sOption(outSz(0x20+X.U16(0x11)),'sz:')\r\n\t}\r\n\r\n\telse if(X.c(\"'CHIPv1.0'\")) {\r\n\t\t//ref http://alonecoder.nedopc.com/zx/CHIP14SRC.rar / chip\r\n\t\tsName = \"Dmitry 'Alone Coder' Bystrov's Chip Tracker module (.CHI)\"; bDetected = 1;\r\n\t\tsVersion = \"v\"+X.SA(5,1); bad = ''; if(X.Sz() <= 0x100) bad = bad.addIfNone('!badsz');\r\n\t\tptn = smp = 0; tempo = X.U8(0x28); ord = X.U8(0x29)+1; lp = X.U8(0x30);\r\n\t\tfor(i=0; i < ord; i++) { p = X.U8(0x100+i)+1; if(p > ptn) ptn = p; if(p > 31) bad = bad.addIfNone('!badord') }\r\n\t\tsz = 0x200+0x200*ptn;\r\n\t\tfor(i=0; i < 16; i++) if(ssz = X.U16(45+i*4)) { smp++; sz += ssz; if(sz&0xFF) sz += 0x100-(sz & 0xFF) }\r\n\t\tif(bad.length) sVersion = sVersion.appendS('malformed'+bad,'/');\r\n\t\tif(X.isVerbose()) {\r\n\t\t\tsOptionT(decAnsi(8,0x20,CPSpeccy,false,Chars0to1FSpeccy));\r\n\t\t\tsOption('tempo:'+tempo+' ord:'+(lp?lp+'-':'')+ord+' ptn:'+ptn+' smp:'+smp+' sz:'+outSz(sz))\r\n\t\t}\r\n\t}\r\n\r\n\telse if(X.c(\"000003F3\") && X.c(\"70FF4E75'S.PHIPPS'\",0x20) &&\r\n\t 0 < X.I32(0x40,_BE) < X.Sz() && 0 < X.I32(0x44,_BE) < X.Sz() ) {\r\n\t\tsName = \"Simon Phipps/Core Design module (.CORE)\"; bDetected = 1;\r\n\t\tif(X.isVerbose()) {\r\n\t\t\ttitle = X.SA(0x68,0x100);\r\n\t\t\tauth = X.SA(0x68+title.length+1,0x100);\r\n\t\t\tmisc = X.SA(0x68+title.length+auth.length+2,0x100);\r\n\t\t\tsOptionT(title);\r\n\t\t\tsOptionT(auth,\"by: \");\r\n\t\t\tsOptionT(misc);\r\n\t\t}\r\n\t}\r\n\r\n\telse if(X.c(\"'CAT '................'FORM'\")) {\r\n\t\tsName = \"Andreas Öman's Cybertracker module (.CT)\"; bDetected = 1;\r\n\t}\r\n\r\n\telse if(X.c(\"0004'NNTRKMZX'\")) {\r\n\t\tsName = \"CyberBrain's Cybertracker C64 module (.CT)\"; bDetected = 1;\r\n\t\t//ref https://noname.c64.org/download.php/ctmisc/ctfileformat-1_01.html\r\n\t\tsVersion = \"v\"+X.U8(0x0B)+\".\"+X.U8(0x0A);\r\n\t\tif(X.isVerbose()) {\r\n\t\t\tfor(sng=0; sng < X.U16(0x4B9,_LE); sng++)\r\n\t\t\t\tif(X.U8(0x4BB+sng-1) == 0) break;\r\n\t\t\tif(sng) {\r\n\t\t\t\tsng0ord = X.U8(0x4BB);\r\n\t\t\t\tloop0 = X.U8(0x6BD);\r\n\t\t\t\tif(sng > 1) sOption(\"×\"+sng+\" ord0:\"+sng0ord+\" loop0:\"+loop0);\r\n\t\t\t\telse sOption(\" ord:\"+sng0ord+\" loop:\"+loop0)\r\n\t\t\t}\r\n\t\t\telse sOption(\"empty\");\r\n\t\t}\r\n\t}\r\n\r\n\telse if(X.c(\"0004'NNTRKINS'\")) {\r\n\t\tsName = \"CyberBrain's Cybertracker C64 instrument (.CI)\"; bDetected = 1;\r\n\t\tsVersion = \"v\"+X.U8(0x0B)+\".\"+X.U8(0x0A);\r\n\t\tif(X.isVerbose())\r\n\t\t\tsOptionT(X.SA(0x1A,0x10))\r\n\t}\r\n\r\n\telse if(X.c(\"000003F3\") && (X.fStr(0x20,0x100,\"NuDELIRIUM\") > 0)) {\r\n\t\tsName = \"DeliTracker player addon or Amiga Custom Module (.CUST)\"; bDetected = 1;\r\n\t\tsVersion = \"CustomPlay\";\r\n\t\tif(X.isVerbose())\r\n\t\t\tsOptionT(X.SA(X.fStr(0,0x100,\"NuDELIRIUM\")+20,0x100))\r\n\t}\r\n\r\n\telse if(X.c(\"'JCH'26026601\") && X.c(\"'Creative Voice File'1A1A000A01291101......C300\",0x40)) {\r\n\t\tsName = \"Jens Christian 'JCH/Vibrants' Huus's Edlib Tracker samples (.S01)\"; bDetected = 1\r\n\t}\r\n\r\n\telse if(X.Sz() < 0xFFFF && (X.c(\"'JCH'26 026600\") || X.c(\"'JCH'26 026680\"))\r\n\t && (X.c(\"FFFF\",X.U16(0x71,_LE)-2) || X.c(\"FFFF\",X.U16(0x73,_LE)-2))) {\r\n\t\t//ref http://ftp.modland.com/pub/documents/format_documentation/Edlib%20Tracker%20(.edl,%20.d00,%20.d01).txt\r\n\t\tmsgp = 0; i = 0; //bruteforce-find the message at the end of the file (version-dependent)\r\n\t\twhile (i < 4) { t = X.U16(0x71+i,_LE); if(t != 0xFFFF && t > msgp) msgp = t; i += 2 }\r\n\t\tsz = X.fSig(msgp,TOEOF,\"FFFF\")+2;\r\n\t\tbDetected = 1; bad = 0;\r\n\t\tsName = \"Jens Christian 'JCH/Vibrants' Huus's Edlib Tracker module (.D00,.D01)\";\r\n\t\tsVersion = \"v\"+X.U8(7);\r\n\t\t//if(X.U8(6) == 4) bad = 1;\r\n\t\tif(X.U8(0xA) > 1) bad = 1;\r\n\t\tif(bad) sVersion += \"/malformed\"+bad;\r\n\t\tif(X.isVerbose()) {\r\n\t\t\tx = X.U8(9);\r\n\t\t\tsOptionT(X.SC(0x0B,0x20,'CP850'));\r\n\t\t\tif(x > 1) sOption(x,\"×\");\r\n\t\t\tsOptionT(X.SC(0x2B,0x20,'CP850'),\"by: \");\r\n\t\t\tsOptionT(X.SC(msgp,sz-msgp-2,'CP850'));\r\n\t\t\tsOption(outSz(sz),\"sz:\")\r\n\t\t}\r\n\t}\r\n\r\n\telse if(X.c(\"'DBM0'........'NAME'0000002C\") && X.U8(4) < 4\r\n\t && X.c(\"'INFO'0000000A\",0x3C) && X.c(\"'SONG'\",0x4E)\r\n\t && X.U16(0x44,_BE) <= 255 && X.U16(0x46,_BE) <= 255\r\n\t && X.U16(0x4A,_BE) <= 1024 && X.U16(0x4C,_BE) >=4\r\n\t && X.U16(0x4C,_BE) <= 254 && !(X.U16(0x4C,_BE)%1)) {\r\n\t\t// ref http://www.digibooster.de/en/format.php\r\n\t\t// & https://www.amigafuture.de/app.php/dlext/details?df_id=5071\r\n\t\tsName = \"APC&TCP/Andeas Magerl's DigiBooster Pro module (.DBM)\"; bDetected = 1;\r\n\t\tsVersion = \"v\"+X.U8(4)+\".\"+X.U8(5).padStart(2,'0');\r\n\t\tp = 8; done = gotinfo = false; bad = \"\"; if(X.isVerbose()) ord = []; insts = []; titles = [];\r\n\t\twhile(!done && p < X.Sz()) {\r\n\t\t\thkhd = X.SA(p,4); hksz = X.U32(p+4,_BE); p += 8;\r\n\t\t\tswitch(hkhd) {\r\n\t\t\tcase \"INFO\": x = X.U16(p+4,_BE); ins = X.U16(p,_BE);\r\n\t\t\t\tinfo = \"ch:\"+X.U16(p+8,_BE)+\" ptn:\"+X.U16(p+6,_BE)\r\n\t\t\t\t+\" ins:\"+ins+\" smp:\"+X.U16(p+2,_BE);\r\n\t\t\t\tgotinfo = true;\r\n\t\t\t\tbreak;\r\n\t\t\tcase \"SONG\": if(!gotinfo) { bad = bad.addIfNone(\"!badchunkorder\"); break }\r\n\t\t\t\tif(!X.isVerbose()) break; q = 0;\r\n\t\t\t\twhile(q+44 < hksz) { t = X.SC(p+q,44,'CP1250').trim(); titles.push(t);\r\n\t\t\t\t\tq += 44; ord.push(X.U16(p+q,_BE)); q += 2+ord[ord.length-1]*2 }\r\n\t\t\t\tbreak;\r\n\t\t\tcase \"INST\": if(!gotinfo) { bad = bad.addIfNone(\"!badchunkorder\"); break }\r\n\t\t\t\tfor(i = 0; i < ins; i++) {\r\n\t\t\t\t\tt = X.SA(p+i*50,34).trim(); if(t != \"\") insts.push(t);\r\n\t\t\t\t\tc3freq = X.U32(p+i*50+34,_BE);\r\n\t\t\t\t\tif(c3freq < 2000 || c3freq > 192000) bad = bad.addIfNone(\"!badc3freq\");\r\n\t\t\t\t} break;\r\n\t\t\tcase \"SMPL\": if(!gotinfo) bad = bad.addIfNone(\"!badchunkorder\"); done = true\r\n\t\t\t}\r\n\t\t\tp += hksz;\r\n\t\t}\r\n\t\tif(!done || p > X.Sz()) bad = bad.addIfNone(\"!short\");\r\n\t\tif(bad != \"\") sVersion = sVersion.appendS(\"malformed\"+bad,\"/\");\r\n\t\tif(X.isVerbose()) {\r\n\t\t\ttitle = X.SA(0x10,0x2C).trim(); sOption(title);\r\n\t\t\tsOption(titles.join(\"; \"),(!title && title.length == 1 ? \"songs:\" : \"\"));\r\n\t\t\tif(title == \"\" && !titles.length) sOptionT(X.SA(0xD8,28));\r\n\t\t\tif(x > 1) sOption(x,\"×\");\r\n\t\t\tsOptionT(addEllipsis(insts.join(\" \"),0x100,0xA0),'smp/msg: \"','\"');\r\n\t\t\tinfo = \"ord:\"+ord.join(\"+\")+\" \"+info; sOption(info+\" sz:\"+outSz(p))\r\n\t\t}\r\n\t}\r\n\r\n\telse if(X.c(\"'DSNGSEQU'00\")) {\r\n\t\tsName = \"David Hanney's module (.DH)\"; bDetected = 1\r\n\t}\r\n\r\n\telse if(X.c(\"'DIGI Booster module'00\") && X.Sz() >= 0x624 && X.U8(0x19)\r\n\t && X.U8(0x19) <= 8 && X.U8(0x2F) <= 0x7F) {\r\n\t\tsName = \"APC&TCP/Andeas Magerl's DigiBooster module (.DIGI)\"; bDetected = 1;\r\n\t\tnV = X.U8(0x18); sVersion = \"v\"+(nV>>4)+\".\"+(nV&0xF); co = X.U8(0x1A);\r\n\t\tif(sVersion != X.SA(0x14,4).toLowerCase()) sVersion += '/\"'+X.SA(0x14,4)+'\"';\r\n\t\tif(co) sVersion = sVersion.appendS(\"co.ptn\",\"/\");\r\n\t\tif(X.isVerbose()) {\r\n\t\t\tsOptionT(decAnsi(0x262,0x20,CPAmiga,true)); msg = []; ch = X.U8(0x19);\r\n\t\t\tord = X.U8(0x2F)+1; ptn = X.U8(0x2E)+1;\r\n\t\t\tsmp = ssz = 0;\r\n\t\t\tfor(i=0; i < 31; i++) {\r\n\t\t\t\tslen = X.U32(0xB0+4*i,_BE);\r\n\t\t\t\tif(slen) { smp++; ssz += slen }\r\n\t\t\t}\r\n\t\t\tfor(i=0; i < 31; i++)\r\n\t\t\t\tmsg.push(decAnsi(0x282+0x1E*i,0x1E,CPAmiga,true).trim());\r\n\t\t\tsz = 0x624;\r\n\t\t\tif(co) for(i=0; i < ptn && sz <= X.Sz(); i++) sz += 2+X.U16(sz,_BE);\r\n\t\t\telse sz += 0x100*ptn*ch;\r\n\t\t\tsz += ssz;\r\n\t\t\tif(sz > X.Sz() && !X.isVerbose()) sVersion = sVersion.appendS(\"malformed!short\",\"/\");\r\n\t\t\tsOptionT(addEllipsis(msg.filter(funSampleName).join(\" \"),0x100,0xA0),'by/msg: \"','\"');\r\n\t\t\tsOption(\"ord:\"+ord+\" ptn:\"+ptn+\" smp:\"+smp+\" sz:\"+outSz(sz))\r\n\t\t}\r\n\t}\r\n\r\n\telse if(X.c(\"000003F3\") && X.c(\"70FF'NuUNCLEART'\",0x20)\r\n\t && X.U8(0x14) && X.U32(0x2C,_BE)\r\n\t && X.U32(0x30,_BE) && X.U32(0x38,_BE)) {\r\n\t\tsName = \"Dave 'Uncle Tom' Lowe module (.DL)\"; bDetected = 1;\r\n\t\tif(X.isVerbose()) {\r\n\t\t\tsmpip = 0x20+X.U32(0x3C,_BE);\r\n\t\t\tsmpiep = 0x20+X.U32(0x40,_BE);\r\n\t\t\tif(!smpiep) smp = 0;\r\n\t\t\telse smp = Math.floor((smpiep-smpip)/14);\r\n\t\t\ttitle = X.SA(0x20+X.U32(0x50,_BE),0x100);\r\n\t\t\tauth = X.SA(0x20+X.U32(0x54,_BE),0x100);\r\n\t\t\tcmt = X.SA(0x20+X.U32(0x58,_BE),0x100);\r\n\t\t\tloadsz = 0x20+X.U32(0x5C,_BE);\r\n\t\t\tsz = 0x20+X.U32(0x60,_BE);\r\n\t\t\tsza = Hex(X.Sz()-sz); //TODO value different, why? Where does it start?\r\n\t\t\tsmpsz = 0x20+X.U32(0x64,_BE);\r\n\t\t\tsongsz = 0x20+X.U32(0x68,_BE);\r\n\t\t\tsfx = 0x20+X.U32(0x6C,_BE);\r\n\t\t\tx = 1;\r\n\t\t\td1 = 0x20+X.U32(0x4C,_BE);\r\n\t\t\tif(d1) {\r\n\t\t\t\ta1 = d1;\r\n\t\t\t\twhile(1) {\r\n\t\t\t\t\ta1 += 16;\r\n\t\t\t\t\td1 = X.U32(a1,_BE);\r\n//_log(\"read(0x20+a1:\"+Hex(a1)+\") = \"+Hex(d1));\r\n\t\t\t\t\tif(!d1) break;\r\n\t\t\t\t\td1 -= X.U8(a1+3);\r\n\t\t\t\t\tif(!d1) break; else x++\r\n\t\t\t\t}\r\n\t\t\t}\r\n\t\t\tsOptionT(title);\r\n\t\t\tif(x > 1) sOption(x,\"×\");\r\n\t\t\tsOptionT(auth,\"by: \");\r\n\t\t\tsOptionT(cmt);\r\n\t\t\tsOption(\"smp:\"+smp+\" sfx:\"+sfx)//+\" sz:\"+outSz(sz)+\" a:\"+sza+\" smpsz:\"+smpsz+\" songsz:\"+songsz+\" loadsz:\"+loadsz);\r\n\t\t}\r\n\t}\r\n\r\n\telse if(X.c(\"'ALL '0000 .... 0000\") && X.U8(6) <= 1 && X.U8(10) <= 1) {\r\n\t\tsName = \"Bent 'SHOGUN' Nielsen's Delta Music module (.DM)\"; sVersion = 'v1.3'; bDetected = 1\r\n\t}\r\n\r\n\telse if(X.c(\"4A00670003B40C000001670001EC0C000002670A0C000003671270004E7541FA0B680201003F11\",4)\r\n\t && X.c(\"0000'.FNL'\",0xBC4)) { //the module data begins at 878h\r\n\t\tsName = \"Bent 'SHOGUN' Nielsen's Delta Music 2 module (.DM2)\"; sVersion = 'v2.0'; bDetected = 1\r\n\t}\r\n\r\n\telse if(X.c(\"'DMF'0E\")) {\r\n\t\tsName = \"Webfoot Digital Sound and Music Interface Advanced Music Format hack (.DMF)\";\r\n\t\tsOption(\"delta samples & no text\"); bDetected = 1\r\n\t}\r\n\r\n\telse if(X.c(\"'DDMF'\") && X.U8(4) && X.U8(4) <= 10\r\n\t\t&& X.U16(0x3F) && X.c(\"'CMSG'\", 0x42)) {\r\n\t\t//ref https://github.com/OpenMPT/openmpt/blob/master/soundlib/Load_dmf.cpp\r\n\t\tsName = \"D-Lusion X-Tracker module (.DMF)\"; bDetected = 1;\r\n\t\tnV = X.U8(4); sVersion = \"v\"+nV;\r\n\t\tp = 0x42; hkhd = hksz = end = lpst = ch = ord = ptn = smp = sz = ptntotallen = allsmpsz = 0; lped = 0xFFFF;\r\n\t\twhile(hkhd != \"ENDE\" && p < X.Sz()) {\r\n\t\t\thkhd = X.SA(p,4); hksz = X.U32(p+4); p += 8;\r\n//_log(\"@\"+Hex(p-4)+\" \"+hkhd+\" [\"+Hex(p)+\" -> \"+Hex(p+hksz)+\"]\");\r\n\t\t\tswitch(hkhd) {\r\n\t\t\tcase \"SEQU\": ord = 0;\r\n\t\t\t\tif(nV == 3) p += 2; else if(nV == 4) p += 4;\r\n\t\t\t\tu = p;\r\n\t\t\t\tif(nV >= 3) { lpst = X.U16(u); u += 2 }\r\n\t\t\t\tif(nV >= 4) { lpst = X.U16(u); u += 2 }\r\n\t\t\t\tif(nV === 4 & !lped) lped = 0xFFFF;\r\n\t\t\t\tord = (p+hksz-u)>>1; break;\r\n\t\t\tcase \"PATT\":\r\n\t\t\t\tvar ptnhdsz = nV < 3 ? 9 : 8; u = p;\r\n\t\t\t\tptn = X.U16(u); trk = X.U8(u+2); u += 3;\r\n\t\t\t\tch = trk; if(ch < 1) ch = 1; if(ch > 32) ch = 32;\r\n\t\t\t\tfor(i = 0; i < ptn; i++) {\r\n\t\t\t\t\tu += ptnhdsz-4;\r\n\t\t\t\t\tvar ptnlen = X.U32(u); ptntotallen += ptnlen; u += ptnlen;\r\n\t\t\t\t}\r\n\t\t\t\tbreak;\r\n\t\t\tcase \"SMPI\": u = p; smp = X.U8(u++);\r\n\t\t\t\tfor(i = 0; i < smp; i++) {\r\n\t\t\t\t\tvar snamelen = nV < 2 ? 30 : X.U8(u++);\r\n\t\t\t\t\tvar sname = X.SC(u,snamelen,'CP437').trim(); u += snamelen;\r\n\t\t\t\t\tvar ssz = X.U32(u); allsmpsz += ssz;\r\n//_log(\"slen @\"+Hex(u)+\" = \"+Hex(slen));\r\n\t\t\t\t\tu += 4+4+4+2;\r\n\t\t\t\t\tvar svol = X.U8(u++), sf = X.U8(u++);\r\n//_log(\"smp[\"+i+\"] \"+sname+\" length:\"+Hex(slen)+\" total:\"+Hex(smptotallen)+(svol?\"\":\" ignored\"));\r\n\t\t\t\t\tif(nV >= 8) { var libname = X.SC(u,8,'CP437'); u += 8 }\r\n\t\t\t\t\tu += nV > 1 ? 6 : 2;\r\n\t\t\t\t}\r\n\t\t\t\tbreak;\r\n\t\t\tcase \"SMPD\":\r\n\t\t\t\tif(!X.c(\"'ENDE'\",p+hksz)) {\r\n\t\t\t\t\t// Simply search for it. It's unique enough.\r\n\t\t\t\t\t// The multiplier of 3 is chosen for stereo + white noise \"compression\"\r\n\t\t\t\t\tt = X.fSig(p,Math.min(X.Sz()-p, allsmpsz*3),\"'ENDE'\");\r\n\t\t\t\t\tif(t < 0) { sVersion += \"/malformed!noeof\"; hkhd = \"ENDE\"; break }\r\n\t\t\t\t\telse {\r\n\t\t\t\t\t\thksz = t-p;\r\n//_log(\"SMPD length should be \"+Hex(hksz));\r\n\t\t\t\t\t}\r\n\t\t\t\t}\r\n\t\t\t\tbreak;\r\n\t\t\tcase \"ENDE\": p -= 4+hksz; break;\r\n\t\t\t}\r\n\t\t\tsz = p;\r\n\t\t\tp += hksz;\r\n\t\t}\r\n\t\tif(hkhd != \"ENDE\") sVersion += \"/malformed!short\"; else sz = p;\r\n\t\tif(X.isVerbose()) {\r\n\t\t\tsOptionT(X.SC(0xD,30,'CP437'));\r\n\t\t\tsOptionT(X.SC(0x2B,20,'CP437'),\"by: \");\r\n\t\t\tyy = X.U8(0x41);\r\n\t\t\tif(yy < 80) yyyy = \"20\"; else yyyy = \"19\"; yyyy += yy.padStart(2,'0');\r\n\t\t\tsOptionT(yyyy+\"-\"+X.U8(0x40).padStart(2,'0')+\r\n\t\t\t\t\"-\"+X.U8(0x3F).padStart(2,'0'),\"on: \");\r\n\t\t\tsOptionT(X.SA(5,8),\"in: \");\r\n\t\t\tcmt = \"\"; cnt = X.U32(0x46)-1; var linelen = 40, readpos = 0x4B;\r\n\t\t\twhile(cnt) {\r\n\t\t\t\tvar readlen = Math.min(cnt,linelen,0x200);\r\n\t\t\t\tvar curline = X.SC(readpos,readlen,'CP437');\r\n\t\t\t\tif(curline != \"\") cmt = cmt.appendS(curline,'\\n');\r\n\t\t\t\tcnt -= readlen; readpos += readlen;\r\n\t\t\t}\r\n\t\t\tsOption(addEllipsis(cmt,0x100,0x80));\r\n\t\t\tsOption(\"ch:\"+ch+\"+1 ord:\"+ord+\" ptn:\"+ptn+\" smp:\"+smp+\" sz:\"+outSz(sz))\r\n\t\t}\r\n\t}\r\n\r\n\telse if(X.c(\"'.DelekDefleMask.'\")) {\r\n\t\t//ref https://web.archive.org/web/20150226185703if_/http://www.delek.com.ar:80/soft/deflemask/DMF_SPECS.txt\r\n\t\t// It's a pretty damn old document though...\r\n\t\tsName = \"Leonardo Demartino's DeFleMask module (.DMF)\"; bDetected = 1;\r\n\t\tsVersion = \"v\"+X.U8(0x10);\r\n\t\tif(X.isVerbose()) {\r\n\t\t\tswitch(X.U8(0x11)) { //TODO add more new chip versions\r\n\t\t\tcase 0x01: sVersion += \"#YMU759\"; ch = 17; break;\r\n\t\t\tcase 0x02: sVersion += \"#Genesis (10ch)\"; ch = 10; break;\r\n\t\t\tcase 0x03: sVersion += \"#SMS (4ch)\"; ch = 4; break;\r\n\t\t\tcase 0x04: sVersion += \"#GameBoy (4ch)\"; ch = 4; break;\r\n\t\t\tcase 0x05: sVersion += \"#PCEngine (6ch)\"; ch = 6; break;\r\n\t\t\tcase 0x06: sVersion += \"#NES (5ch)\"; ch = 5; break;\r\n\t\t\tcase 0x07: case 0x47: sVersion += \"#C64 (3ch)\"; ch = 3; break;\r\n\t\t\tcase 0x08: sVersion += \"#YM2151 (13ch)\"; ch = 13; break;\r\n\t\t\tdefault: ch = 4 //just 'cause\r\n\t\t\t}\r\n\t\t\tsOption(X.UCSD(0x12));\r\n\t\t\tl = X.U8(0x12); p = 0x12+l+1;\r\n\t\t\tsOption(X.UCSD(p),\"by: \");\r\n\t\t\tl = X.U8(p); p += l+1+2;\r\n\t\t\ttbase = X.U8(p++);\r\n\t\t\ttick1 = X.U8(p++); tick2 = X.U8(p++);\r\n\t\t\tHz = X.U8(p++)?\"60(NTSC)\":\"50(PAL)\";\r\n\t\t\tif(X.U8(p++)) Hz = X.U8(p++)+\":\"+X.U8(p++)+\":\"+X.U8(p++);\r\n\t\t\telse p+=3;\r\n\t\t\t//These have changed over the years it seems, TODO: RE it\r\n\t\t\t//p++; _ripm = X.U8(p++);\r\n\t\t\t//arptick = X.U8(p++); p += ch*_ripm;\r\n\t\t\t//ins = X.U8(p++);\r\n\t\t\tsOption(\"tbase:\"+tbase+\" tck:\"+tick1+\":\"+tick2+\" freq:\"+Hz); //+\" ins:\"+ins+\" arp.tick:\");\r\n\t\t}\r\n\t}\r\n\r\n\telse if(X.c(\"' M'........'IAN'\") && X.c(\"0000....0000....0000....0000\",0x1C) && (smp=X.U32(0x44,_BE)) <= 255\r\n\t\t&& ( !((smpsz=X.U32(0x48,_BE)) && !smp) || (smp && smpsz) ) && isWithin(ins=X.U32(0x3C,_BE),1,255)) {\r\n\t\tsName = \"Reinier 'Rhino' van Vliet's Digital Mugician module (.DMU,.MUG)\";\r\n\t\tif((sv=X.SA(9,1)) == '/') sVersion = 'v1'; else if(sv == '2') sVersion = 'v2'; bDetected = 1;\r\n\t\tif(X.isVerbose()) {\r\n\t\t\tx = ord = 0; ptn = X.U16(0x1A,_BE); wf = X.U32(0x40,_BE);\r\n\t\t\tfor (i=0x4C, p = 0x1C, a2 = 0xCC; i < 0xCC; i += 0x10, p += 4) {\r\n\t\t\t\tif(!X.U32(i,_BE)) break; if(X.U32(p,_BE) != 1 || X.U32(a2,_BE) || X.U32(a2+4,_BE)) x++;\r\n\t\t\t\ta2 += X.U32(p,_BE) << 3;\r\n\t\t\t\tt = X.SA(i+4,12); while(t[t.length-1] < ' ') t = t.slice(0,t.length-1); sOptionT(t)\r\n\t\t\t}\r\n\t\t\tfor(i=0x1C; i < 0x3C; i += 4) ord += X.U32(i,_BE);\r\n\t\t\tsz = smp*0x20+ins*0x10+smpsz+0x1CC+ptn*0x100+wf*0x80+ord*8;\r\n\t\t\tif(x > 1) sOption(x,'×');\r\n\t\t\tsOption('ord:'+ord+' ptn:'+ptn+' ins:'+ins+' smp/syn:'+smp+'+'+wf+' sz:'+outSz(sz))\r\n\t\t}\r\n\t}\r\n\r\n\telse if(X.c(\"'DSM'10\") && X.c(\"1A\",0x24) && X.U16(0xB2)-X.U16(0xB0) == 4\r\n\t && X.c(\"'DSI'10\",X.U16(0xB0) << 4) && X.c(\"'DSI'10\",X.U16(0xB0+X.U8(0x27)*2-2) << 4)) {\r\n\t \t//see also https://modland.com/pub/documents/format_documentation/Digital%20Audio%20Sound%20Interface%20Kit%20spec%20(.dsm)-v0.1.txt\r\n\t\tsName = \"Carlos Hasan's Digital Audio Sound Interface Kit module (.DSM)\"; bDetected = 1;\r\n\t\tif(X.isVerbose()) {\r\n\t\t\tfor(i=0xAF; i >= 0x30 && X.U8(i) == 0xFF; i--) {} rord = i-0x2F;\r\n\t\t\tfor(mptn = 0; i >= 0x30; i--) if((t=X.U8(i)+1) > mptn) mptn = t;\r\n\t\t\tord = X.U8(0x26); ptn = X.U8(0x28);\r\n\t\t\tp = X.U16(0xB0)<<4; inss = []; mp = 0;\r\n\t\t\tfor(i=ins=0; i < X.U8(0x27); i++,p+=0x40) {\r\n\t\t\t\tif(!X.c(\"'DSI'10\",p)) bad = bad.addIfNone('!badins');\r\n\t\t\t\tinss.push(X.SC(p+4,0x20,'CP437').trim());\r\n\t\t\t\tvar sp = X.U16(p+0x24)<<4; if(sp) ins++; if(sp > mp) mp = sp+X.U16(p+0x26)\r\n\t\t\t}\r\n\t\t\tp = 0xB0+X.U8(0x27)*2+ptn*2-2; p = X.U16(p) << 4; p += 2+X.U16(X.U16(p)); //past the last pattern\r\n\t\t\tsz = Math.max(mp,p);\r\n\t\t\tsOptionT(X.SC(4,0x20,'CP437'));\r\n\t\t\tsOption(addEllipsis(inss.filter(funSampleName).join(' '),0xA0),'ins/msg:\"','\"');\r\n\t\t\tsOption('ord:'+(rord==ord?'':rord+'/')+ord+' ptn:'+(mptn==ptn?'':mptn+'/')+ptn\r\n\t\t\t\t+' ins:'+ins+' sz:'+outSz(sz))\r\n\t\t}\r\n\t}\r\n\r\n\telse if(X.c(\"'RIFF'........'DSMFSONG'\") && X.U16(0x36) <= 128 && X.U16(0x38) <= 128\r\n\t && X.U16(0x3C) <= 256 && X.U16(0x3E) <= 16) {\r\n\t\tsName = \"Carlos Hasan's Digital Sound Interface Kit module (.DSM)\"; bDetected = 1;\r\n\t\tsVersion = \"RIFF\";\r\n\t\tif(X.isVerbose()) {\r\n\t\t\tsOptionT(X.SC(0x14,28,'CP437'));\r\n\t\t\tsz = X.U32(4)+8; p = 0xC; smp = 0;\r\n\t\t\twhile(p < sz) {\r\n\t\t\t\thkhd = X.SA(p,4); hksz = X.U32(p+4); p += 8;\r\n\t\t\t\tif(hkhd == \"INST\") smp++\r\n\t\t\t\tp += hksz;\r\n\t\t\t}\r\n\t\t\tif(p > X.Sz()) sVersion += \"/malformed!badchunk\";//+hkhd+\" @\"+Hex(p-hksz-8)+\"=\"+Hex(hksz);\r\n\t\t\tsOption(\"ch:\"+Math.max(1,X.U16(0x3E))+\" spd0:\"+X.U8(0x42)+\" bpm0:\"+X.U8(0x43)\r\n\t\t\t\t+\" ord:\"+X.U16(0x38)+\"(\"+X.U16(0x34)+\"-\"+X.U16(0x36)\r\n\t\t\t\t+\") ptn:\"+X.U16(0x3C)+\" smp:\"+X.U16(0x3A)+\"/\"+smp\r\n\t\t\t\t+\" sz:\"+outSz(sz))\r\n\t\t}\r\n\t}\r\n\r\n\telse if(X.c(\"'DSm'1A20\")) {\r\n\t\tsName = \"The Loom Syndicate's Dynamic Studio module (.DSM)\"; bDetected = 1;\r\n\t\tif(X.isVerbose()) {\r\n\t\t\tsOptionT(X.SA(5,20));\r\n\t\t\tsOptionT(X.SA(25,20),\"by: \");\r\n\t\t}\r\n\t}\r\n\r\n\telse if(X.c(\"'DSFmt1'0D0A\")) {\r\n\t\tsName = \"Audio Simulation's DreamStation module (.DSS)\"; bDetected = 1;\r\n\t\tsVersion = \"v1.0\";\r\n\t\tif(X.isVerbose()) {\r\n\t\t\tpt = X.fSig(0,TOEOF,\"F0E40001\")+4; //the 00/01 at the end is \"show info at track load\"\r\n\t\t\tif(pt < 4) pt = X.fSig(0,TOEOF,\"F0E40000\")+4;\r\n\t\t\tif(pt >= 4) {\r\n\t\t\t\tpa = X.fSig(pt,TOEOF,\"0D0A\"); t = X.SA(pt,pa-pt); pa += 2;\r\n\t\t\t\tpc = X.fSig(pa,TOEOF,\"0D0A\"); a = X.SA(pa,pc-pa); pc += 2;\r\n\t\t\t\tc = X.SA(pc,X.Sz()-pc);\r\n\t\t\t\tsOption(t); sOption(a,\"by: \"); sOption(c)\r\n\t\t\t}\r\n\t\t}\r\n\t}\r\n\r\n\telse if(X.c(\"'DS2F0'....'Default'\")) {\r\n\t\tsName = \"Audio Simulation's DreamStation II module (.DS2)\"; bDetected = 1;\r\n\t\tsVersion = \"v2\";\r\n\t\tif(X.isVerbose()) {\r\n\t\t\tts=X.U8(0x62); t=X.SA(0x63,ts);\r\n\t\t\tpa=0x62+ts+1; as=X.U8(pa); a=X.SA(pa+1,as);\r\n\t\t\tpc=pa+as+1; cs=X.U8(pc); c=X.SA(pc+1,cs);\r\n\t\t\tsOption(t);\r\n\t\t\tsOption(a,\"by: \");\r\n\t\t\tsOption(c);\r\n\t\t}\r\n\t}\r\n\r\n\telse if(X.c(\"'MMU2'00\")) {\r\n\t\tsName = \"Great Valley Products' Digital Sound Studio module (.DSS)\"; bDetected = 1;\r\n\t\tsVersion = \"v1-3.0\";\r\n\t\tif(X.isVerbose()) {\r\n\t\t\tsOptionT(X.SA(10,32));\r\n\t\t\tsOption(\"ord:\"+X.I16(0x59C,_BE));\r\n\t\t}\r\n\t}\r\n\r\n\telse if(X.c(\"'DTL'00\") && X.c(\"0000001000\", 0x16)) {\r\n\t\tsName = \"Larry Tipton's Drum Traker module (.DTL)\"; bDetected = 1;\r\n\t\tif(X.isVerbose()) {\r\n\t\t\tsOptionT(X.SA(4,20));\r\n\t\t\t//sOption('sz:'+outSz(0xD0+(1+X.U16(0x1B))*0xE0))\r\n\t\t}\r\n\t}\r\n\r\n\telse if(X.c(\"'D.T.'00\")) {\r\n\t\tsv = [\"S.Q.\",\"VERS\"].indexOf(X.SA(0x2A,4));\r\n\t\tif(sv >= 0) {\r\n\t\t\tsName = \"Softjee's Digital Tracker module (.DTM)\"; bDetected = 1;\r\n\t\t\tif(X.isVerbose()) {\r\n\t\t\t\tif(sv==0) sOptionT(X.SA(0x16,20))\r\n\t\t\t\t//let's play along with Bummtschak here\r\n\t\t\t\telse sOptionT(X.SA(0x16,24))\r\n\t\t\t}\r\n\t\t}\r\n\t}\r\n\r\n\telse if(X.c(\"'DeFy DTM'\")) {\r\n\t\tsName = \"DeFy AdLib Tracker module (.DTM)\"; bDetected = 1;\r\n\t\tsVersion = \"v\"+X.SA(9,3);\r\n\t\tif(X.isVerbose()) {\r\n\t\t\tsOptionT(X.SA(0xD,20));\r\n\t\t\tsOptionT(X.SA(0x21,20),'by: ');\r\n\t\t}\r\n\t}\r\n\r\n\telse if(X.c(\"'SONG'........'NAME'\")) {\r\n\t\t//ref http://hackipedia.org/browse.cgi/File%20formats/Music%20tracker/Digitrakker/DigiTrekker%20Module%20Format%20by%20Horst%20Beham%20Jr.%20v1.0.txt\r\n\t\tsName = \"Horst Beham Jr.'s DigiTrekker module (.DTM)\"; bDetected = 1;\r\n\t\tif(X.isVerbose())\r\n\t\t\tsOptionT(X.SA(0x10,20));\r\n\t}\r\n\r\n\telse if(X.c(\"48E7F1FE610000964CDF7F8F'NuH'E70010610000'$L'DF0800'NuH'E7F1FE610001844CDF7F8F'NuH'E70010610000'NL'DF0800'NuG'FAFFC651EB05',Q'EB05'PQ'EB05'tQ'EB059833FC000F00DFF09633FC00FF00DFF09E33FC000000DFF0A833FC000000DFF0B833FC000000DFF0C833FC000000DFF0D8'NuG'FAFF80177C00010524177C00010548177C0001056C177C00010590'NuG'FAFF'bJ+'00BA670E'S+'00B96608177C000600B9'Nu`'0003180006\")) {\r\n\t\tsName = \"David Whittaker's SFX module (.DW)\"; bDetected = 1\r\n\t}\r\n\r\n\telse if(X.c(\"' PWD'03\") && X.c(\"'Master'\",0x0E)) {\r\n\t\tsName = \"Daniel Werner/ExperimentalScene's DarkWave Studio module (.DWP)\"; bDetected = 1\r\n\t}\r\n\r\n\telse if(X.c(\"'EASO'\")) {\r\n\t\tsName = \"Morten Grouleff's EarAche module (.EA,.EAS)\"; bDetected = 1;\r\n\t}\r\n\r\n\telse if(X.c(\"'FORM'.... ....'EMODEMIC'\")\r\n\t && X.c(\"'PATT'\",pt=0x14+X.U32(0x10,_BE)) && X.c(\"'8SMP'\",q=pt+8+X.U32(pt+4,_BE))) {\r\n\t\t//ref https://github.com/libxmp/libxmp/blob/master/src/loaders/emod_load.c\r\n\t\tsName = \"Bo Lincoln's Quadra Composer module (.EMOD)\"; bDetected = 1; sVersion = 'v'+X.U16(0x14,_BE);\r\n\t\tsmp = X.U8(0x3F); if(smp) smps = []; sz = X.U32(4,_BE)+8;\r\n\t\tfor(i=ssz=0,p=0x40; i < smp; i++,p+=0x22) {\r\n\t\t\tif((t=X.SC(p+4,0x14,'CP1252').trim()) != '') smps.push(t);\r\n\t\t\tssz += X.U16(p+2,_BE) << 1;\r\n\t\t}\r\n\t\tbad = ''; if(ssz != X.U32(q+4,_BE)) bad = bad.addIfNone('!badsmplen:'+X.U32(q+4,_BE)+' vs '+ssz)\r\n\t\tptn = X.U8(++p); p++; p += 0x1A*ptn;\r\n\t\t// for (i=0; i < ptn; i++,p+=0x1A) if((t=X.SC(p+2,0x14,'CP1252').trim()) != '') smps.push(t);\r\n\t\tif(X.c(\"'MDIN'\",q1=q+8+X.U32(q+4,_BE))) q = q1;\r\n\t\tif(Math.abs(sz-(sz1=q+8+X.U32(q+4,_BE))) > 1) bad = bad.addIfNone('!badlen:'+sz+' vs '+sz1);\r\n\t\tif(sz < sz1) sz = sz1; ord = X.U8(p++); if(bad != '') sVersion = sVersion.appendS('malformed'+bad,'/');\r\n\t\tif(X.isVerbose()) {\r\n\t\t\tsOptionT((t=X.SA(0x16,0x14)) === ''? '': t);\r\n\t\t\tif(smp) sOptionT(addEllipsis(smps.join(' '),0xC0,0xA0),'smp/msg: \"','\"'); delete smps;\r\n\t\t\tsOption('bpm:'+X.U8(0x3E)+' ord:'+ord+' ptn:'+ptn+' smp:'+smp+' sz:'+outSz(sz))\r\n\t\t}\r\n\t}\r\n\r\n\telse if(X.c(\"'E.M.S. V6.0'..00010000\") && isWithin(X.U8(0xB),0x31,0x36)) {\r\n\t\tsName = \"Sean 'Odie' Connolly's Electronic Music System module (.EMS)\"; bDetected = 1;\r\n\t\tsVersion = \"v6.\"+X.SA(10,2);\r\n\t\tif(X.isVerbose()) {\r\n\t\t\t//ref ems_player_dis.asm\r\n\t\t\ta1 = X.U32(0xE,_BE); a2 = X.U32(0x12,_BE); a3 = X.U32(0x16,_BE); p = lb0 = 0x22;\r\n\t\t\tp += a1; lb4 = p; p += a2; lb8 = p; p += a3; insp = p; sz = p+X.U32(0x1E,_BE);\r\n//_log(Hex(lb0)+'; [4]:'+Hex(lb4)+'; [8]:'+Hex(lb8)+'; insp:'+Hex(insp))\r\n\t\t\t// p = a2 = lb4; lbdata = a5 = 0x13740;\r\n\t\t\t// ssp = ( 0 & 0x1F)*0x84; ss1 = X.U16(p+ssp,_BE); ss2 = X.U16(p+ssp+2,_BE);\r\n//_log('subsong @'+Hex(p+ssp)+' has '+Hex(ss1)+' and '+Hex(ss2))\r\n\t\t\t// In the player, the following bit was copying the modified offsets (of something) to the data buffer:\r\n\t\t\t// p += ssp+4; p1 = p;\r\n\t\t\t// for(d1 = 0, ptrs=[]; d1 < 0x20; d1++) { t = X.U32(p,_BE)+p1; p += 4; ptrs.push(t) }\r\n\t\t\tsOption('sz:'+outSz(sz))\r\n\t\t}\r\n\t}\r\n\r\n\telse if(X.c(\"'ENF '....'scor'\")) {\r\n\t\tsName = \"Musitek SmartScore Extended Notation Format sheet music (.ENF)\"; bDetected = 1;\r\n\t\tp = 6; staf = brln = 0; hkhd = \"dumm\";\r\n\t\twhile(p < X.Sz()) {\r\n\t\t\thkhd = X.SA(p,4);\r\n\t\t\tif(!/[a-z\\[\\]\\-0-9]{4}/.test(hkhd)) break;\r\n\t\t\thksz = X.U16(p+4,_BE);\r\n\t\t\tif(hkhd === \"staf\") staf++;\r\n\t\t\telse if(hkhd === \"brln\") brln++;\r\n\t\t\tp += hksz //this format includes signatures into the chunk size\r\n\t\t}\r\n\t\tsOption(\"staves:\"+staf+\" bars:\"+brln+\" sz:\"+outSz(p))\r\n\t}\r\n\r\n\telse if(X.Sz() > 0x24 && X.c(\"'ETracker (C) BY ESI.'\",10) ||\r\n\t (X.Sz() > 0x4D4 && (X.c(\"21B384\") ||X.c(\"21B304\")) && X.c(\"'ETracker (C) BY ESI.'\",0x4BD))) {\r\n\t\t//kudos to horsicq for helping narrow down the bad samples in modland files\r\n\t\tsName = \" Maciej J. Wołoszyk & Andrzej Siuda's E-Tracker file (.ETC,.SAA)\"; bDetected = 1;\r\n\t\tif(X.c(\"21B384\") || X.c(\"21B304\")) { sVersion = \"&player\"; ofs = 0x4B3 } else ofs = 0;\r\n\t\tp = ofs; x = mp = sz = 0; ords = []; ptns = [];\r\n\t\twhile(p < X.Sz()-0x24 && X.c(\"'ETracker (C) BY ESI.'\",p+10)) {\r\n\t\t\tx++; //TODO not too good for a ripper but there're multitrack files like this, iono\r\n\t\t\tordp = p+X.U16(p); if(ordp > mp) mp = ordp;\r\n\t\t\tptnp = p+X.U16(p+2); if(ptnp > mp) mp = ptnp;\r\n\t\t\tsmpp = p+X.U16(p+4); if(smpp > mp) mp = smpp;\r\n\t\t\tornp = p+X.U16(p+6); if(ornp > mp) mp = ornp; svd = ofs+X.U16(p+6); if(svd > mp) mp = svd;\r\n\t\t\tif(sz < mp) sz = mp;\r\n\t\t\tif(x == 1 && sz > X.Sz()) return false;\r\n//_log('Track at '+Hex(p)+': ordp:'+Hex(ordp)+' ptnp:'+Hex(ptnp)+' smpp:'+Hex(smpp)+' ornp:'+Hex(ornp)+' svd:'+Hex(svd))\r\n\t\t\tord = lp = xpos = ptn = 0; var ordl = [];\r\n\t\t\tfor(p = ordp; p < X.Sz(); p++) {\r\n\t\t\t\to = X.U8(p);\r\n\t\t\t\tif(o == 0xFF) { p++; break }\r\n\t\t\t\telse if(o == 0xFE) lp = ord;\r\n\t\t\t\telse if(o >= 0x60) xpos = o-0x60;\r\n\t\t\t\telse {\r\n\t\t\t\t\tif(x == 1 && o%3) { _log('SAAFault @'+Hex(p)+': trk '+x+' pos not divisible by 3'); return false }\r\n\t\t\t\t\to = Util.div64(o,3);\r\n\t\t\t\t\tif(x == 1 && o > 0x1F) { _log('SAAFault: trk '+x+' pos over 1Fh'); return false }\r\n\t\t\t\t\tif(o > ptn) ptn = o; ord++\r\n\t\t\t\t}\r\n\t\t\t\tif(ord > 254) { _log('SAAFault: trk '+x+' pos not divisible by 3'); return false }\r\n\t\t\t}\r\n\t\t\tif(!ord) return false; ords.push(++ord); ptns.push(++ptn);\r\n\t\t\tif(sz < p) sz = p;\r\n\t\t\tp = ptnp+12*ptn; //a pattern record contains uint16_t pattern offsets for 6 channels\r\n\t\t\tfor(i=ptnp; i < p; i += 2) { //find if the a pattern isn't after its record (doesn't seem to ever happen)\r\n\t\t\t\tif((t=X.U16(i)) > mp-ofs) mp = ofs+t;\r\n\t\t\t\tif(t < 0x1E) return false;\r\n\t\t\t}\r\n\t\t\tif(x == 1 && mp > X.Sz()) return false;\r\n\t\t\tnotes = -1;\r\n\t\t\tif(t > p) { // the hard way\r\n\t\t\t\tp = t+64;\r\n\t\t\t\t//parse the last pattern\r\n\t\t\t\tp = ptnp; notes = 0; chncnt = [64,64,64,64,64,64];\r\n\t\t\t\tfor(l=0; l < 64; l++) { //lines\r\n\t\t\t\t\tfor(c=0; c < 6; c++) { //channels\r\n\t\t\t\t\t\tif(chncnt[c]) { chncnt[c]--; continue }\r\n\t\t\t\t\t\twhile(p < X.Sz()) { //ParseChannel\r\n\t\t\t\t\t\t\tcmd = X.U8(p++);\r\n\t\t\t\t\t\t\tif(cmd >= 0xD2) { chncnt[c] -= cmd-0xD2; break }\r\n\t\t\t\t\t\t\telse if(cmd >= 0x72) notes++; //set note cmd-0x72\r\n\t\t\t\t\t\t\telse if(cmd >= 0x52) {} //set sample cmd-0x52\r\n\t\t\t\t\t\t\telse if(cmd >= 0x51) break; //isn't this just if cmd == 0x51?\r\n\t\t\t\t\t\t\t//else if(cmd >= 0x50) {} //set ornament cmd-0x30\r\n\t\t\t\t\t\t\t//else if(cmd >= 0x2E) {} //set swap sample channels with \"cmd > 0x2E\"\r\n\t\t\t\t\t\t\t//else if(cmd >= 0x21) {} //set envelope cmd-0x21\r\n\t\t\t\t\t\t\t//else if(cmd >= 0x11) {} //set attenuation cmd-0x11\r\n\t\t\t\t\t\t\t//else if(cmd >= 0x0F) {} //set noise to \"cmd != 0xF? 3: cmd-0xF\" (so either 3 or 0!)\r\n\t\t\t\t\t\t\t//else {} //set tempo cmd+1\r\n\t\t\t\t\t\t}\r\n\t\t\t\t\t}\r\n\t\t\t\t}\r\n\t\t\t}\r\n\t\t\tif(sz < p) sz = p;\r\n\t\t\tif(ornp == mp)\r\n\t\t\t\tif(sz < mp) sz = mp //never happens so no further parsing\r\n\t\t\tif(smpp == mp)\r\n\t\t\t\tif(sz < mp) sz = mp; //ditto\r\n\t\t\tif(svd == mp) if(sz < mp) sz = mp //ditto\r\n\t\t}\r\n\t\tif(X.isVerbose()) {\r\n\t\t\tif(x > 1) sOption(x,'×');\r\n\t\t\tsOption('ord:'+ords.join('+')+(lp?' looped':'')+' ptn:'+ptns.join('+')+(xpos?' xpos:'+xpos:'')\r\n\t\t\t\t+(notes>-1?' notes:'+notes:'')+' sz:'+outSz(sz))\r\n\t\t}\r\n\t}\r\n\r\n\telse if((X.Sz() > 2048+6+6)\r\n\t && X.c(\"00000000000000000000000000000000000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF\", 0x3E1)\r\n\t && X.c(\"......00 ......00 ......00 ......00 ......00 ......00 ......00\",0x4D4)\r\n\t\t) {\r\n\t\tsName = \"EUPHONY module (.EUP)\"; bDetected = 1;\r\n\t\tif(X.isVerbose()) {\r\n\t\t\tsOption(X.SC(0,0x20,'CP932'))\r\n\t\t}\r\n\t}\r\n\r\n\telse if(X.c(\"'EuGH'\") && X.c(\"'EuSH'\",t=8+X.U32(4,_BE))\r\n\t && X.c(\"'MThd'\",t=t+8+X.U32(t+4,_BE)) && X.c(\"'MTrk'\",p=t+8+X.U32(t+4,_BE))) {\r\n\t\tsName = \"Fujitsu EUPHONY II/MTR module (.EUX)\"; bDetected = 1;\r\n\t\t//from here on it's just a MIDI file\r\n\t\ttrk = X.U16(t+0xA,_BE); //seems it's always 100 in this format\r\n\t\tsz = p; txt = by = title = lyr = \"\";\r\n\t\tfor(i=0; i < trk; i++) {\r\n\t\t\tvar readmore = 20;\r\n\t\t\tif(!X.c(\"'MTrk'\",p) || (i && !X.c(\"FF2F00\",p-3))) { bad += \"!badtrk\"+i; break }\r\n\t\t\tlen = X.U32(p+4,_BE); p += 8; sz = p;\r\n\t\t\twhile(readmore && p < sz+len && p < X.Sz()) {\r\n\t\t\t\treadmore--; dt = readVarUInt(p);\r\n\t\t\t\tp += dt[0];\r\n\t\t\t\tswitch(X.U8(p++)) {\r\n\t\t\t\tcase 0xF0: case 0xF7: t = readVarUInt(p); p += t[0]+t[1]; break;\r\n\t\t\t\tcase 0xFF: a = X.U8(p++);\r\n\t\t\t\t\tswitch(a) {\r\n\t\t\t\t\t\tcase 0: if(X.U8(p++) != 2) readmore = 0; else p += 4; break;\r\n\t\t\t\t\t\tcase 3: t = readVarUInt(p); p += t[0];\r\n\t\t\t\t\t\t\ttitle = title.append(X.SC(p,t[1],'SJIS')); p += t[1];\r\n\t\t\t\t\t\t\tbreak;\r\n\t\t\t\t\t\tcase 2: t = readVarUInt(p); p += t[0];\r\n\t\t\t\t\t\t\tby = by.append(X.SC(p,t[1],'SJIS')); p += t[1]; break;\r\n\t\t\t\t\t\tcase 1: t = readVarUInt(p); p += t[0];\r\n\t\t\t\t\t\t\ttxt = txt.append(X.SC(p,t[1],'SJIS')); p += t[1]; break;\r\n\t\t\t\t\t\tcase 5: t = readVarUInt(p); p += t[0];\r\n\t\t\t\t\t\t\tlyr = lyr.append(X.SC(p,t[1],'SJIS'),\"-\"); p += t[1];\r\n\t\t\t\t\t\t\tbreak;\r\n\t\t\t\t\t\tcase 4: case 6: case 7: t = readVarUInt(p); p += t[0]+t[1]; break;\r\n\t\t\t\t\t\tcase 0x20: t = readVarUInt(p); p += t[0]+t[1]; if(t[1] != 1) {\r\n\t\t\t\t\t\t\treadmore = 0; bad += \"!badprefix@\"+(p-t[0]-t[1]) } break\r\n\t\t\t\t\t\tcase 0x2F: t = readVarUInt(p); p += t[0]+t[1]; if(t[1])\r\n\t\t\t\t\t\t\tbad += \"!badEoTtag@\"+(p-t[0]-t[1]); readmore = 0; break;\r\n\t\t\t\t\t\tcase 0x51: t = readVarUInt(p); p += t[0]+t[1]; if(t[1] != 3) {\r\n\t\t\t\t\t\t\treadmore = 0; bad += \"!badtempo@\"+(p-t[0]-t[1]) } break;\r\n\t\t\t\t\t\tcase 0x54: t = readVarUInt(p); p += t[0]+t[1]; if(t[1] != 5) {\r\n\t\t\t\t\t\t\treadmore = 0; bad += \"!badSMPTE@\"+(p-t[0]-t[1]) } break;\r\n\t\t\t\t\t\tcase 0x58: t = readVarUInt(p); p += t[0]+t[1]; if(t[1] < 2 || t[1] > 4) {\r\n\t\t\t\t\t\t\treadmore = 0; bad += \"!badtime@\"+(p-t[0]-t[1]) } break;\r\n\t\t\t\t\t\tcase 0x59: t = readVarUInt(p); p += t[0]+t[1]; if(t[1] != 2) {\r\n\t\t\t\t\t\t\treadmore = 0; bad += \"!badkey@\"+(p-t[0]-t[1]) } break;\r\n\t\t\t\t\t\tdefault: t = readVarUInt(p); p += t[0]+t[1]\r\n\t\t\t\t\t} break;\r\n\t\t\t\tdefault:\r\n\t\t\t\t}\r\n\t\t\t\tif((txt != \"\" && by != \"\" && title != \"\") || p-sz > 0x200) readmore = 0;\r\n\t\t\t}\r\n\t\t\tsz += len; p = sz; if(p > X.Sz() && !X.isVerbose()) { bad += \"!short\"; break }\r\n\t\t} //for..trk\r\n\t\tif(bad) sVersion = sVersion.appendS('malformed'+bad,'/');\r\n\t\tif(X.isVerbose()) {\r\n\t\t\tsOptionT(title); sOptionT(by,\"by: \"); sOptionT(txt);\r\n\t\t\tsOption((trk>1?'trk:'+trk+' ':'')+'sz:'+outSz(sz))\r\n\t\t}\r\n\t}\r\n\r\n\telse if(X.c(\"'FAR'FE\") && X.c(\"0D0A1A\",0x2C) && X.Sz() > X.U16(0x2F)) {\r\n\t\t//ref https://web.archive.org/web/20151027135146/http://hackipedia.org/File%20formats/Music/Sample%20based/text/Format%20Specifications%20(FAR,%20FSM,%20USM,%20F2R)%20by%20Daniel%20Potter.cp437.txt.utf-8.txt\r\n\t\tbDetected = 1; nV = X.U8(0x31);\r\n\t\tsName = \"Daniel Potter/Digital Infinity's Farandole Composer module (.FAR)\";\r\n\t\tsVersion = \"v\"+ (nV>>4) +\".\"+ (nV&0x0F);\r\n\t\tch = X.readBytes(0x32,16).filter(function(x){return x==1}).length;\r\n\t\tif(X.isVerbose()) {\r\n\t\t\tsOptionT(X.SC(4,0x28,'CP437'));\r\n\t\t\tmsgsz = X.U16(0x60); msg = [];\r\n\t\t\tfor(i=0,p=0x62; i < msgsz && p < X.Sz(); i+=132,p+=Math.max(0,Math.min(132,msgsz-i)))\r\n\t\t\t\tmsg.push(X.SC(p,Math.max(0,Math.min(132,msgsz-i)),'CP437').trim());\r\n\t\t\tsOptionT(addEllipsis(msg.join(' '),0x100),'msg:\"','\"');\r\n\t\t\tp = 0x62+msgsz+0x100; ptn = X.U8(p++); ord = X.U8(p++); lp = X.U8(p++);\r\n\t\t\tfor(i=psz=0; i < 0x100; i++,p += 2) psz += X.U16(p);\r\n\t\t\tp = X.U16(0x2F)+psz;\r\n\t\t\tsmp = 0; smpm = X.readBytes(p,8); smps = []; p += 8;\r\n\t\t\tfor(i=0; i < 64; i++) if(smpm[i >> 3] & (1 << (i & 7))) smp++;\r\n\t\t\tfor(i=0; i < smp; i++) { smps.push(X.SC(p,0x20,'CP437')); p += 0x30+X.U32(p+0x20) }\r\n\t\t\tsOptionT(addEllipsis(smps.filter(funSampleName).join(' '),0x100),'smp/msg:\"','\"');\r\n\t\t\tsOption('ch:'+ch+' ord:'+(lp?lp+'~':'')+ord+' ptn:'+ptn+' smp:'+smp+' sz:'+outSz(p))\r\n\t\t}\r\n\t}\r\n\r\n\telse if(X.c(\"'FPT'FE\") && X.c(\"0D0A1A\",0x24)) {\r\n\t\t//ref https://web.archive.org/web/20151027135146/http://hackipedia.org/File%20formats/Music/Sample%20based/text/Format%20Specifications%20(FAR,%20FSM,%20USM,%20F2R)%20by%20Daniel%20Potter.cp437.txt.utf-8.txt\r\n\t\tsName = \"Daniel Potter/Digital Infinity's Farandole Composer pattern (.FPT)\"; bDetected = 1;\r\n\t\tif(X.isVerbose())\r\n\t\t\tsOptionT(X.SC(4,0x20,'CP850'));\r\n\t}\r\n\r\n\telse if(X.c(\"'FSM'FE\") && X.c(\"0A0D1A\",0x24)) {\r\n\t\t//ref https://web.archive.org/web/20151027135146/http://hackipedia.org/File%20formats/Music/Sample%20based/text/Format%20Specifications%20(FAR,%20FSM,%20USM,%20F2R)%20by%20Daniel%20Potter.cp437.txt.utf-8.txt\r\n\t\tsName = \"Daniel Potter/Digital Infinity's Farandole Composer sample (.FSM)\"; bDetected = 1;\r\n\t\tif(X.isVerbose()) {\r\n\t\t\tsOptionT(X.SC(4,0x20,'CP850'));\r\n\t\t\tif(X.U8(0x35)) type = \"16bit\"; else type = \"8bit\";\r\n\t\t\tif(X.U8(0x36)&4) looped = \" looped\"; else looped = \"\";\r\n\t\t\tsVersion = type+looped;\r\n\t\t\tsOption(outSz(X.U32(0x27)),'sz:');\r\n\t\t}\r\n\t}\r\n\r\n\telse if(X.c(\"'SMOD'\") && X.Sz() > 0x70 && isWithin(X.U32(8,_BE),0x70,X.Sz()) && isWithin(X.U32(0x10,_BE),0x70,X.Sz())\r\n\t && isWithin(X.U32(0x18,_BE),0x70,X.Sz()) && isWithin(X.U32(0x20,_BE),0x70,X.Sz())) {\r\n\t\t//ref https://github.com/tonioni/WinUAE/blob/master/prowizard/rippers/FutureComposer13.c\r\n\t\t// & https://github.com/neumatho/NostalgicPlayer/blob/main/Source/Agents/ModuleConverters/ModuleConverter/Formats/FutureComposer13Format.cs\r\n\t\tsName = \"Superions' Future Composer module (.FC,.FC13,.SMOD)\"; sVersion = \"v1.0~3\"; bDetected = 1;\r\n\t\tif(X.isVerbose()) {\r\n\t\t\tordsz = X.U32(4,_BE); ordsz += ordsz%2; ord = Util.divu64(ordsz,13); if(!ord) ord = 1;\r\n\t\t\tptnp = X.U32(8,_BE); ptnsz = X.U32(0xC,_BE); ptn = ptnsz >> 6;\r\n\t\t\tsmpp = X.U32(0x20,_BE); smpsz = X.U32(0x24,_BE); smp = wf = 0;\r\n\t\t\tsszs = []; for(p=0x28,i=0; i < 10; i++,p+=6) { if(t=X.U16(p,_BE)<<1) smp++; sszs.push(t) }\r\n\t\t\tfor(i=10; i < 90; i++) sszs.push(X.U8(p++)<<1);\r\n\t\t\tfor(i=89; i >= 10; i--) if(sszs[i]) break; wf = i-9; delete sszs;\r\n\t\t\tsOption('ord:'+ord+' ptn:'+ptn+' smp:'+smp+' wf:'+wf+' sz:'+outSz(smpp+smpsz))\r\n\t\t}\r\n\t}\r\n\r\n\telse if(X.c(\"'FC14'\") && X.Sz() > 0xC0 && isWithin(X.U32(8,_BE),0xC0,X.Sz()) && isWithin(X.U32(0x10,_BE),0xC0,X.Sz())\r\n\t && isWithin(X.U32(0x20,_BE),0xC0,X.Sz()) && isWithin(X.U32(0x24,_BE),0xC0,X.Sz())) {\r\n\t\t//ref https://github.com/tonioni/WinUAE/blob/master/prowizard/rippers/FutureComposer14.c\r\n\t\t// & https://github.com/neumatho/NostalgicPlayer/blob/main/Source/Agents/Players/FutureComposer/FutureComposerWorker.cs\r\n\t\tsName = \"Superions' Future Composer module (.FC,.FC14)\"; sVersion = \"v1.4\"; bDetected = 1;\r\n\t\tif(X.isVerbose()) {\r\n\t\t\tordsz = X.U32(4,_BE); ord = Util.divu64(ordsz,13); if(!ord) ord = 1;\r\n\t\t\tptnp = X.U32(8,_BE); ptnsz = X.U32(0xC,_BE); ptn = ptnsz >> 6;\r\n\t\t\tsmpp = X.U32(0x20,_BE); wfp = X.U32(0x24,_BE); smp = 10; rsmp = msmp = wf = 0;\r\n\t\t\tsszs = []; for(p=0x28,i=0; i < 10; i++,p+=6) sszs.push(X.U16(p,_BE)<<1);\r\n\t\t\tfor(sz=0,i=10; i < 90; i++) { sz += t=X.U8(p++)<<1; sszs.push(t) }\r\n\t\t\tfor(i=89; i >= 10; i--) if(sszs[i]) break; wf = i-9; sz += X.U32(0x24,_BE);\r\n\t\t\tfor(p=smpp,i=0; i < 10; i++) {\r\n\t\t\t\trsmp++; if(sszs[i]) {\r\n\t\t\t\t\tif(X.c(\"'SSMP'\")) { mszs = [];\r\n\t\t\t\t\t\tp += 4; msmp++; smp--; rsmp--; for(j=0; j < 20; j++, p+=20) mszs.push(X.U16(p+4,_BE)<<1);\r\n\t\t\t\t\t\tfor(j=0; j < 20; j++) if(mszs[j]) rsmp++; smp++\r\n\t\t\t\t\t}\r\n\t\t\t\t}\r\n\t\t\t} delete sszs; delete mszs;\r\n\t\t\tsOption('ord:'+ord+' ptn:'+ptn+' smp:'+rsmp+(smp!=rsmp?'('+smp+')':'')\r\n\t\t\t\t+(msmp?' ssmp:'+msmp:'')+' wf:'+wf+' sz:'+outSz(sz))\r\n\t\t}\r\n\t}\r\n\r\n\telse if(X.c(\"'FMK!'\") && X.U8(0x3C) == 0xF4 && isWithin(X.U8(0x3D),1,2)) {\r\n\t\tsName = \"Sami Wilenius's FM-Kingtracker module (.FMK)\";\r\n\t\tsVersion = [,'v1.00~03','v1.06+'][X.U8(0x3D)]; bDetected = 1;\r\n\t\tif(X.isVerbose()) {\r\n\t\t\ttext = true; for(i=0; i < 0x38; i++) if(0x20 > X.U8(i+4)) { text = false; break }\r\n\t\t\tif(text) {\r\n\t\t\t\tsOptionT(X.SA(0x04,0x1C));\r\n\t\t\t\tsOptionT(X.SA(0x20,0x1C),\"by: \");\r\n\t\t\t}\r\n\t\t\tsOption('ord:'+X.U8(0x4A)+' ptn:'+X.U8(0x4C)+' ins:'+X.U8(0x4B))\r\n\t\t}\r\n\t}\r\n\r\n\telse if(X.c(\"'FMTracker'....'The FM Tracker!'\")) {\r\n\t\tsName = \"Davey W. Taylor's FM Tracker module (.FMT)\"; bDetected = 1;\r\n\t\tsVersion = \"v\"+X.U8(9)+\".\"+X.U8(10);\r\n\t\tif(X.isVerbose())\r\n\t\t\tsOptionT(X.SA(0x1F,0x20));\r\n\t}\r\n\r\n\telse if(X.c(\"'JSR_FMT~\")) {\r\n\t\t//ref https://github.com/XorJS/FM-Tracker & https://jsr-productions.com/_blogpost3319ddc.html\r\n\t\t// & https://github.com/XorJS/FM-Tracker/blob/main/FM.ASM\r\n\t\tsName = \"Jean-Sebastien 'XorJS' Royer's FM-Tracker module (.FMT)\"; bDetected = 1\r\n\t}\r\n\r\n\telse if(X.c(\"'FMTRK'1A\")) {\r\n\t\tsName = \"Morten Stenshorne/Sagitta Software's FM Tracker module (.FMT)\"; bDetected = 1;\r\n\t\tif(X.isVerbose())\r\n\t\t\tsOptionT(X.SA(0x10,0x20));\r\n\t}\r\n\r\n\telse if(X.c(\"000003F3\") && X.U8(0x14)\r\n\t && X.c(\"70FF4E75'F.PLAYER'\",0x20) && X.I32(0x40,_BE)) {\r\n\t\tsName = \"Paul van der Valk's Future Player module (.FP)\"; bDetected = 1;\r\n\t\tif(X.isVerbose()) {\r\n\t\t\tsOptionT(X.SA(X.I32(0x2C,_BE)+0x20,0x100));\r\n\t\t\tx = 1; p = 0x48;\r\n\t\t\tdo { t = X.U32(p,_BE); if(t) x++; p += 8 } while(t);\r\n\t\t\tif(x > 1) sOption(x,\"×\");\r\n\t\t\tsOptionT(X.SA(X.I32(0x30,_BE)+0x20,0x100),\"by:\");\r\n\t\t\tsOptionT(outSz(X.I32(0x38,_BE)+0x20),\"sz:\")\r\n\t\t}\r\n\t}\r\n\r\n\telse if(X.c(\"'Fred Editor '0000\") && X.U16(0xE,_BE) <= 10) {\r\n\t//ref https://github.com/neumatho/NostalgicPlayer/blob/main/Source/Agents/ModuleConverters/ModuleConverter/Formats/FredEditorFinalFormat.cs\r\n\t\tp = 0x10+0x401*(x=X.U16(0xE,_BE));\r\n\t\tspds = []; for(i=0x10; i < 0x10+x; i++) if(spds.indexOf(t=X.U8(i)) < 0 ) spds.push(t); \r\n\t\tif(p < X.Sz()) for(i=0; i < 128 && p < X.Sz(); i++) { trksz = X.U32(p,_BE); p += trksz+4 }\r\n\t\tif(p < X.Sz()) {\r\n\t\t\tins = X.U16(p,_BE); p += 2;\r\n\t\t\tfor(i = syn = un = 0; i < ins && p < X.Sz(); i++) {\r\n\t\t\t\tswitch(X.U8(p+0x53)) {\r\n\t\t\t\tcase 0xFF: un++; break;\r\n\t\t\t\tdefault: syn++\r\n\t\t\t\t}\r\n\t\t\t\tp += 0x60; //name & parameters\r\n\t\t\t}\r\n\t\t}\r\n\t\tsmp = X.U16(p,_BE); syn -= smp; p += 2; for(i=0; i < smp && p < X.Sz(); i++) p += 4+X.U16(p+2,_BE);\r\n\t\tif(X.c(\"12345678\",p)) { bDetected = 1; sz = p+4 }\r\n\t\tif(bDetected) {\r\n\t\t\tsName = \"Fred & Julien Clermonte's Fred Editor module (.FRED,.MOD)\"; sVersion = 'project';\r\n\t\t\tif(X.isVerbose()) {\r\n\t\t\t\tif(x > 1) sOption(x,'×');\r\n\t\t\t\tsOption('tempos:'+spds.sort().join('-')+' ins:'+(ins-un)+(un?'('+ins+')':'')\r\n\t\t\t\t\t+(smp?' smp:'+smp:'')+(syn?' syn:'+syn:'')+' sz:'+outSz(sz))\r\n\t\t\t}\r\n\t\t}\r\n\t}\r\n\r\n\tif(!bDetected) if(X.c(\"'FTMN'03\") && X.U8(5) < 64 && X.U16(8,_BE) >= 0x1000 && X.U16(8,_BE) < 0x5000\r\n\t && X.U8(0xA) < 12 && X.U8(0xC) < 64 && !(X.U8(0xD) & 0xFC) && X.U8(0xE) && X.U8(0xE) <= 24\r\n\t && X.U8(0xF) >= 4 && X.U8(0xF) <= 96 && X.U8(0xF) == Util.div64(96,X.U8(0xE))\r\n\t && X.U8(0x50) <= 64 && !X.U8(0x51) && X.Sz() >= 0x52+X.U8(5)*32+X.U8(0x50)*4) {\r\n\t \t//ref https://github.com/OpenMPT/openmpt/blob/master/soundlib/Load_ftm.cpp\r\n\t\tsName = \"Jörg W.Schmidt/MAXON's Face the Music module (.FTM)\"; sVersion = 'v'+X.U8(4); bDetected = 1;\r\n\t\tif(X.isVerbose()) {\r\n\t\t\tsmp = X.U8(5); msr = X.U16(6,_BE); bpm0 = (1766278.163/X.U16(8,_BE)).toFixed(0);\r\n\t\t\tfl = X.U8(0xD); fx = X.U8(0x50); gvol0 = X.U8(0xC);\r\n\t\t\tp = 0x52+smp*32; realsmp = 0;\r\n\t\t\tfor(i=0; i < smp; i++) if(X.U8(0x52+i*32)) realsmp++;\r\n\t\t\tfxln = 0; ticksper = X.U8(0xE); rowsper = X.U8(0xF);\r\n\t\t\tfor(i=0; i < fx; i++) { t = X.U16(p,_BE); fxln += t; p+=4+4*t }\r\n\t\t\tif(msr) for(i=0; i < 8; i++) p += 6+X.U32(p+2,_BE);\r\n\t\t\tif(fl&1) for(i=0; i < realsmp; i++) p += 4+2*(X.U16(p,_BE)+X.U16(p+2,_BE));\r\n\t\t\tsOptionT(decAnsi(0x10,0x20,CPAmiga));\r\n\t\t\tsOptionT(decAnsi(0x30,0x20,CPAmiga),'by: ');\r\n\t\t\tsOption('bpm0:'+bpm0+' ptn:'+msr+' smp:'+realsmp+'/'+smp+' fx:'+fx+'/'+fxln\r\n\t\t\t\t+' msr:'+ticksper+'/'+rowsper+(!(fl&1)?' ext.smps':'')+' gvol0:'+gvol0+' sz:'+outSz(p))\r\n\t\t}\r\n\t}\r\n\r\n\telse if(X.c(\"'FMS!'..000000\")) {\r\n\t\tsName = \"BleuBleu's FamiStudio module (.FMS)\"; bDetected = 1;\r\n\t\tsVersion = \"v\"+X.U8(4)\r\n\t}\r\n\r\n\telse if(X.c(\"'FamiTracker Module'\") && X.fSig(0x12,0x10,\"00'PARAMS'\") > 0\r\n\t && X.fSig(0x18,0x100,\"00'INFO'\") > 0) {\r\n\t\tsName = \"Jonathan Liss's FamiTracker module (.FTM)\"; bDetected = 1;\r\n\t\tif(X.isVerbose()) {\r\n\t\t\titag = X.fStr(0x18,0x100,\"INFO\");\r\n\t\t\tsOptionT(X.SA(itag+0x18,0x20));\r\n\t\t\tsOptionT(X.SA(itag+0x38,0x20),\"by: \");\r\n\t\t\tsOptionT(X.SA(itag+0x58,0x20))\r\n\t\t}\r\n\t}\r\n\r\n\telse if(X.c(\"'-Furnace '\")) {\r\n\t\t// from https://github.com/tildearrow/furnace/blob/master/papers/format.md\r\n\t\tswitch(X.SA(9,7)) {\r\n\t\t\tcase 'module-':\r\n\t\t\t\tcV = 'm'; bDetected = 1; sName = \"tildearrow et al.'s Furnace Tracker module (.FUR)\"; break;\r\n\t\t\tcase 'instr.-':\r\n\t\t\t\tcV = 'i'; bDetected = 1; sName = \"tildearrow et al.'s Furnace Tracker instrument (.FUI)\"; break;\r\n\t\t\tcase 'waveta-':\r\n\t\t\t\tcV = 'w'; bDetected = 1; sName = \"tildearrow et al.'s Furnace Tracker wavetable (.FUW)\"; break\r\n\t\t\tdefault:\r\n\t\t\t\tcv = \"?\"; bDetected = 1; sName = \"unknown tildearrow et al.'s Furnace Tracker file\"\r\n\t\t}\r\n\t\tnV = X.U16(0x10,_LE);\r\n\t\t//ref https://github.com/tildearrow/furnace/blob/master/papers/format.md\r\n\t\t//they update it every 0.1 femtosecond, why not help out since you're reading this?\r\n\t\tif(nV < 12) sVersion = \"[\"+nV+\"]\"; else\r\n\t\tif(nV <= 14) sVersion = \"v0.2.x\"; else\r\n\t\tif(nV <= 16) sVersion = \"v0.3.x\"; else\r\n\t\tif(nV <= 27) sVersion = \"v0.4.x\"; else\r\n\t\tif(nV < 35) sVersion = \"[\"+nV+\"]\"; else\r\n\t\tif(nV <= 54) sVersion = \"v0.5.x\"; else\r\n\t\tif(nV < 57) sVersion = \"[\"+nV+\"]\"; else\r\n\t\tif(nV == 75) sVersion = \"v.dev75/April Fools' 0.6pre0\"; else\r\n\t\tif(nV <= 99) sVersion = \"v.dev\"+nV; else\r\n\t\tif(nV == 100) sVersion = \"v0.6pre1\"; else\r\n\t\tif(nV == 101) sVersion = \"v0.6pre1 (dev101)\"; else\r\n\t\tif(nV == 102) sVersion = \"v0.6pre1 (dev102)\"; else\r\n\t\tif(nV <= 115) sVersion = \"v.dev\"+nV; else\r\n\t\tif(nV == 116) sVersion = \"v.0.6pre1.5\"; else\r\n\t\tif(nV <= 131) sVersion = \"v.dev\"+nV; else\r\n\t\tif(nV == 132) sVersion = \"v.0.6pre2\"; else\r\n\t\tif(nV == 133) sVersion = \"v.0.6pre3\"; else\r\n\t\tif(nV <= 140) sVersion = \"v.dev\"+nV; else\r\n\t\tif(nV == 141) sVersion = \"Tournament Edition\"; else\r\n\t\tif(nV == 142) sVersion = \"v.dev\"+nV; else\r\n\t\tif(nV == 143) sVersion = \"v.0.6pre4\"; else\r\n\t\tif(nV <= 145) sVersion = \"v.dev\"+nV; else\r\n\t\tif(nV == 146) sVersion = \"v.Pro (joke edition)\"; else\r\n\t\tif(nV <= 157) sVersion = \"v.dev\"+nV; else\r\n\t\tif(nV == 158) sVersion = \"v.0.6pre5\"; else\r\n\t\tif(nV <= 160) sVersion = \"v.dev\"+nV; else\r\n\t\tif(nV == 161) sVersion = \"v.0.6pre6\"; else\r\n\t\tif(nV == 162) sVersion = \"v.0.6pre7\"; else\r\n\t\tif(nV <= 165) sVersion = \"v.dev\"+nV; else\r\n\t\tif(nV == 166) sVersion = \"v.0.6pre8\"; else\r\n\t\tif(nV <= 168) sVersion = \"v.dev\"+nV; else\r\n\t\tif(nV == 169) sVersion = \"v.0.6pre9\"; else\r\n\t\tif(nV <= 170) sVersion = \"v.dev\"+nV; else\r\n\t\tif(nV == 171) sVersion = \"v.0.6pre10\"; else\r\n\t\tif(nV == 172) sVersion = \"v.0.6pre11\"; else\r\n\t\tif(nV == 173) sVersion = \"v.0.6pre12\"; else\r\n\t\tif(nV == 174) sVersion = \"v.0.6pre13\"; else\r\n\t\tif(nV == 175) sVersion = \"v.0.6pre14\"; else\r\n\t\tif(nV <= 176) sVersion = \"v.dev\"+nV; else\r\n\t\tif(nV == 177) sVersion = \"v.0.6pre15\"; else\r\n\t\tif(nV == 178) sVersion = \"v.0.6pre16\"; else\r\n\t\tif(nV == 179) sVersion = \"v.0.6pre17\"; else\r\n\t\tif(nV == 180) sVersion = \"v.0.6pre18\"; else\r\n\t\tif(nV == 181) sVersion = \"v.0.6\"; else\r\n\t\tif(nV <= 191) sVersion = \"v.dev\"+nV; else\r\n\t\tif(nV == 192) sVersion = \"v.0.6.1\"; else\r\n\t\tif(nV <= 196) sVersion = \"v.dev\"+nV; else\r\n\t\tif(nV == 197) sVersion = \"v.0.6.2\"; else\r\n\t\tif(nV <= 200) sVersion = \"v.dev\"+nV; else\r\n\t\tif(nV == 201) sVersion = \"v.0.6.3\"; else\r\n\t\tif(nV <= 211) sVersion = \"v.dev\"+nV; else\r\n\t\tif(nV == 212) sVersion = \"v.0.6.4\"; else\r\n\t\tif(nV <= 213) sVersion = \"v.dev\"+nV; else\r\n\t\tif(nV == 214) sVersion = \"v.0.6.5\"; else\r\n\t\tif(nV <= 217) sVersion = \"v.dev\"+nV; else\r\n\t\tif(nV == 218) sVersion = \"v.0.6.6\"; else\r\n\t\tif(nV == 219) sVersion = \"v.0.6.7\"; else\r\n\t\tif(nV <= 224) sVersion = \"v.dev\"+nV; else\r\n\t\tif(nV == 225) sVersion = \"v.0.6.8pre1\"; else\r\n\t\tif(nV == 226) sVersion = \"v.0.6.8pre2\"; else\r\n\t\tif(nV == 227) sVersion = \"v.0.6.8\"; else\r\n\t\tif(nV == 228) sVersion = \"v.0.6.8.1\";\r\n\t\telse sVersion = \"[\"+nV+\"]\";\r\n\t\tif(cV === 'i') {\r\n\t\t\tp = X.U32(0x14,_LE);\r\n\t\t\tif(p>0 && X.c(\"'INST'\",p)) {\r\n\t\t\t\tity = X.U16(0x10,_LE);\r\n\t\t\t\tswitch(ity) {\r\n\t\t\t\t\tcase 0: sVersion += \"/std\"; break;\r\n\t\t\t\t\tcase 1: sVersion += \"/FM (OPM/OPN)\"; break;\r\n\t\t\t\t\tcase 2: sVersion += \"/Game Boy\"; break;\r\n\t\t\t\t\tcase 3: sVersion += \"/C64\"; break;\r\n\t\t\t\t\tcase 4: sVersion += \"/Amiga|smp\"; break;\r\n\t\t\t\t\tcase 5: sVersion += \"/PC Engine\"; break;\r\n\t\t\t\t\tcase 6: sVersion += \"/AY-3-8910\"; break;\r\n\t\t\t\t\tcase 7: sVersion += \"/AY8930\"; break;\r\n\t\t\t\t\tcase 8: sVersion += \"/TIA\"; break;\r\n\t\t\t\t\tcase 9: sVersion += \"/SAA1099\"; break;\r\n\t\t\t\t\tcase 10: sVersion += \"/VIC\"; break;\r\n\t\t\t\t\tcase 11: sVersion += \"/PET\"; break;\r\n\t\t\t\t\tcase 12: sVersion += \"/VRC6\"; break;\r\n\t\t\t\t\tcase 13: sVersion += \"/OPLL\"; break;\r\n\t\t\t\t\tcase 14: sVersion += \"/OPL\"; break;\r\n\t\t\t\t\tcase 15: sVersion += \"/FDS\"; break;\r\n\t\t\t\t\tcase 16: sVersion += \"/Vritual Boy\"; break;\r\n\t\t\t\t\tcase 17: sVersion += \"/Namco 163\"; break;\r\n\t\t\t\t\tcase 18: sVersion += \"/SCC\"; break;\r\n\t\t\t\t\tcase 19: sVersion += \"/OPZ\"; break;\r\n\t\t\t\t\tcase 20: sVersion += \"/POKEY\"; break;\r\n\t\t\t\t\tcase 21: sVersion += \"/PC Speaker\"; break;\r\n\t\t\t\t\tcase 22: sVersion += \"/WonderSwan\"; break;\r\n\t\t\t\t\tcase 23: sVersion += \"/Lynx\"; break;\r\n\t\t\t\t\tcase 24: sVersion += \"/VERA\"; break;\r\n\t\t\t\t\tcase 25: sVersion += \"/X1-010\"; break;\r\n\t\t\t\t\tcase 26: sVersion += \"/VRC6(saw)\"; break;\r\n\t\t\t\t\tcase 27: sVersion += \"/ESS5506\"; break;\r\n\t\t\t\t\tcase 28: sVersion += \"/MultiPCM\"; break;\r\n\t\t\t\t\tcase 29: sVersion += \"/SNES\"; break;\r\n\t\t\t\t\tcase 30: sVersion += \"/Sound Unit\"; break;\r\n\t\t\t\t\tcase 31: sVersion += \"/Namco WSG\"; break;\r\n\t\t\t\t\tdefault: sVersion += \"/unk\"\r\n\t\t\t\t}\r\n\t\t\t\tif(X.isVerbose()) {\r\n\t\t\t\t\twvt = X.U16(p+0x18,_LE);\r\n\t\t\t\t\tsmp = X.U16(p+0x1A,_LE);\r\n\t\t\t\t\tsOptionT(X.SC(p+0x0C,0x200,\"UTF8\"));\r\n\t\t\t\t\tsOption(\" wvt:\"+wvt+\" smp:\"+smp);\r\n\t\t\t\t}\r\n\t\t\t} //verbose inst\r\n\t\t} //inst\r\n\t\tif(cV === 'm' && X.isVerbose()) {\r\n\t\t\tp = X.U32(0x14,_LE);\r\n\t\t\tif(p>0 && X.c(\"'INFO'\",p)) {\r\n\t\t\t\tt = X.SC(p+0x100,0x200,\"UTF8\");\r\n\t\t\t\tp1 = X.fSig(p+0x100,0x200,\"00\")+1;\r\n\t\t\t\ta = X.SC(p1,0x200,\"UTF8\");\r\n\t\t\t\tp1 = X.fSig(p1,0x200,\"00\")+1;\r\n\t\t\t\tins = X.U16(p+0x16,_LE);\r\n\t\t\t\twvt = X.U16(p+0x18,_LE);\r\n\t\t\t\tsmp = X.U16(p+0x1A,_LE);\r\n\t\t\t\tptng = X.U32(p+0x1C,_LE);\r\n\t\t\t\tfreq = X.F32(p+0x0C,_LE);\r\n\t\t\t\tA4freq = X.F32(p1,_LE);\r\n\t\t\t\ts1spd = X.U8(p+9)+\"/\"+X.U8(p+0x0A);\r\n\t\t\t\ts1ptn = X.U16(p+0x10);\r\n\t\t\t\ts1ord = X.U16(p+0x12);\r\n\t\t\t\tsOptionT(t);\r\n\t\t\t\tsOptionT(a,\"by: \");\r\n\t\t\t\tchips = []; el = false; i = 0;\r\n\t\t\t\twhile(!el && (i<32)) {\r\n\t\t\t\t\tswitch(X.U8(p+0x20+i)) {\r\n\t\t\t\t\tcase 0: el = true; break;\r\n\t\t\t\t\tcase 0x01: chips[i] = \"YMU759 (17ch)\"; break;\r\n\t\t\t\t\tcase 0x02: chips[i] = \"Genesis (10ch comp.)\"; break;\r\n\t\t\t\t\tcase 0x03: chips[i] = \"SN76489 (SMS) (4ch)\"; break;\r\n\t\t\t\t\tcase 0x04: chips[i] = \"Game Boy (4ch)\"; break;\r\n\t\t\t\t\tcase 0x05: chips[i] = \"PC Engine (6ch)\"; break;\r\n\t\t\t\t\tcase 0x06: chips[i] = \"NES (5ch)\"; break;\r\n\t\t\t\t\tcase 0x07: chips[i] = \"C64 (8580) (3ch)\"; break;\r\n\t\t\t\t\tcase 0x08: chips[i] = \"Arcade (YM2151+SegaPCM) (13ch)\"; break;\r\n\t\t\t\t\tcase 0x09: chips[i] = \"Neo Geo CD (YM2610) (13ch)\"; break;\r\n\t\t\t\t\tcase 0x42: chips[i] = \"Genesis extended (13ch)\"; break;\r\n\t\t\t\t\tcase 0x43: chips[i] = \"SN76489 (SMS) + YM2413 (OPLL) (13ch comp.)\"; break;\r\n\t\t\t\t\tcase 0x46: chips[i] = \"NES+VRC7 (11ch)\"; break;\r\n\t\t\t\t\tcase 0x47: chips[i] = \"C64 (6581) (3ch)\"; break;\r\n\t\t\t\t\tcase 0x49: chips[i] = \"Neo Geo CD extended (16ch)\"; break;\r\n\t\t\t\t\tcase 0x80: chips[i] = \"AY-3-8910 (3ch)\"; break;\r\n\t\t\t\t\tcase 0x81: chips[i] = \"Amiga (4ch)\"; break;\r\n\t\t\t\t\tcase 0x82: chips[i] = \"YM2151 (8ch)\"; break;\r\n\t\t\t\t\tcase 0x83: chips[i] = \"YM2612 (6ch)\"; break;\r\n\t\t\t\t\tcase 0x84: chips[i] = \"TIA (2ch)\"; break;\r\n\t\t\t\t\tcase 0x85: chips[i] = \"VIC-20 (4ch)\"; break;\r\n\t\t\t\t\tcase 0x86: chips[i] = \"PET (1ch)\"; break;\r\n\t\t\t\t\tcase 0x87: chips[i] = \"SNES (8ch)\"; break;\r\n\t\t\t\t\tcase 0x88: chips[i] = \"VRC6 (3ch)\"; break;\r\n\t\t\t\t\tcase 0x89: chips[i] = \"YM2413 (OPLL) (9ch)\"; break;\r\n\t\t\t\t\tcase 0x8A: chips[i] = \"FDS (1ch)\"; break;\r\n\t\t\t\t\tcase 0x8B: chips[i] = \"MMC5 (3ch)\"; break;\r\n\t\t\t\t\tcase 0x8C: chips[i] = \"Namco 163 (8ch)\"; break;\r\n\t\t\t\t\tcase 0x8D: chips[i] = \"YM2203 (6ch)\"; break;\r\n\t\t\t\t\tcase 0x8E: chips[i] = \"YM2608 (16ch)\"; break;\r\n\t\t\t\t\tcase 0x8F: chips[i] = \"YM3526 (OPL) (9ch)\"; break;\r\n\t\t\t\t\tcase 0x90: chips[i] = \"YM3812 (OPL2) (9ch)\"; break;\r\n\t\t\t\t\tcase 0x91: chips[i] = \"YMF262 (OPL3) (18ch)\"; break;\r\n\t\t\t\t\tcase 0x92: chips[i] = \"MultiPCM (28ch)\"; break;\r\n\t\t\t\t\tcase 0x93: chips[i] = \"Intel 8253 (beeper) (1ch)\"; break;\r\n\t\t\t\t\tcase 0x94: chips[i] = \"POKEY (4ch)\"; break;\r\n\t\t\t\t\tcase 0x95: chips[i] = \"RF5C68 (8ch)\"; break;\r\n\t\t\t\t\tcase 0x96: chips[i] = \"WonderSwan (4ch)\"; break;\r\n\t\t\t\t\tcase 0x97: chips[i] = \"Philips SAA1099 (6ch)\"; break;\r\n\t\t\t\t\tcase 0x98: chips[i] = \"OPZ (YM2414) (8ch)\"; break;\r\n\t\t\t\t\tcase 0x99: chips[i] = \"Pokémon Mini (1ch)\"; break;\r\n\t\t\t\t\tcase 0x9A: chips[i] = \"AY8930 (3ch)\"; break;\r\n\t\t\t\t\tcase 0x9B: chips[i] = \"SegaPCM (16ch)\"; break;\r\n\t\t\t\t\tcase 0x9C: chips[i] = \"Virtual Boy (6ch)\"; break;\r\n\t\t\t\t\tcase 0x9D: chips[i] = \"VRC7 (6ch)\"; break;\r\n\t\t\t\t\tcase 0x9E: chips[i] = \"YM2610B (16ch)\"; break;\r\n\t\t\t\t\tcase 0x9F: chips[i] = \"ZX Spectrum (beeper) (6ch)\"; break;\r\n\t\t\t\t\tcase 0xA0: chips[i] = \"YM2612 extended (9ch)\"; break;\r\n\t\t\t\t\tcase 0xA1: chips[i] = \"Konami SCC (5ch)\"; break;\r\n\t\t\t\t\tcase 0xA2: chips[i] = \"OPL drums (YM3526) (11ch)\"; break;\r\n\t\t\t\t\tcase 0xA3: chips[i] = \"OPL2 drums (YM3812) (11ch)\"; break;\r\n\t\t\t\t\tcase 0xA4: chips[i] = \"OPL3 drums (YMF262) (20ch)\"; break;\r\n\t\t\t\t\tcase 0xA5: chips[i] = \"Neo Geo (YM2610) (14ch)\"; break;\r\n\t\t\t\t\tcase 0xA6: chips[i] = \"Neo Geo extended (YM2610) (17ch)\"; break;\r\n\t\t\t\t\tcase 0xA7: chips[i] = \"OPLL drums (YM2413) (11ch)\"; break;\r\n\t\t\t\t\tcase 0xA8: chips[i] = \"Atari Lynx (4ch)\"; break;\r\n\t\t\t\t\tcase 0xA9: chips[i] = \"SegaPCM (DefleMask compat.) (5ch)\"; break;\r\n\t\t\t\t\tcase 0xAA: chips[i] = \"MSM6295 (4ch)\"; break;\r\n\t\t\t\t\tcase 0xAB: chips[i] = \"MSM6258 (1ch)\"; break;\r\n\t\t\t\t\tcase 0xAC: chips[i] = \"Commander X16 (VERA) (17ch)\"; break;\r\n\t\t\t\t\tcase 0xAD: chips[i] = \"Bubble System WSG (2ch)\"; break;\r\n\t\t\t\t\tcase 0xAE: chips[i] = \"OPL4 (YMF278B) (42ch)\"; break;\r\n\t\t\t\t\tcase 0xAF: chips[i] = \"OPL4 drums (YMF278B) (44ch)\"; break;\r\n\t\t\t\t\tcase 0xB0: chips[i] = \"Seta/Allumer X1-010 (16ch)\"; break;\r\n\t\t\t\t\tcase 0xB1: chips[i] = \"Ensoniq ES5506 (32ch)\"; break;\r\n\t\t\t\t\tcase 0xB2: chips[i] = \"Yamaha Y8950 (10ch)\"; break;\r\n\t\t\t\t\tcase 0xB3: chips[i] = \"Yamaha Y8950 drums (12ch)\"; break;\r\n\t\t\t\t\tcase 0xB4: chips[i] = \"Konami SCC+ (5ch)\"; break;\r\n\t\t\t\t\tcase 0xB5: chips[i] = \"tildearrow Sound Unit (8ch)\"; break;\r\n\t\t\t\t\tcase 0xB6: chips[i] = \"YM2203 extended (9ch)\"; break;\r\n\t\t\t\t\tcase 0xB7: chips[i] = \"YM2608 extended (19ch)\"; break;\r\n\t\t\t\t\tcase 0xB8: chips[i] = \"YMZ280B (8ch)\"; break;\r\n\t\t\t\t\tcase 0xB9: chips[i] = \"Namco WSG (3ch)\"; break;\r\n\t\t\t\t\tcase 0xBA: chips[i] = \"Namco 15xx (8ch)\"; break;\r\n\t\t\t\t\tcase 0xBB: chips[i] = \"Namco CUS30 (8ch)\"; break;\r\n\t\t\t\t\tcase 0xBC: chips[i] = \"MSM5232 (8ch)\"; break;\r\n\t\t\t\t\tcase 0xBD: chips[i] = \"YM2612 extra features extended (11ch)\"; break;\r\n\t\t\t\t\tcase 0xBE: chips[i] = \"YM2612 extra features (7ch)\"; break;\r\n\t\t\t\t\tcase 0xBF: chips[i] = \"T6W28 (4ch)\"; break;\r\n\t\t\t\t\tcase 0xC0: chips[i] = \"PCM DAC (1ch)\"; break;\r\n\t\t\t\t\tcase 0xC1: chips[i] = \"YM2612 CSM (10ch)\"; break;\r\n\t\t\t\t\tcase 0xC2: chips[i] = \"Neo Geo CSM (YM2610) (18ch)\"; break;\r\n\t\t\t\t\tcase 0xC3: chips[i] = \"YM2203 CSM (10ch)\"; break;\r\n\t\t\t\t\tcase 0xC4: chips[i] = \"YM2608 CSM (20ch)\"; break;\r\n\t\t\t\t\tcase 0xC5: chips[i] = \"YM2610B CSM (20ch)\"; break;\r\n\t\t\t\t\tcase 0xC6: chips[i] = \"K007232 (2ch)\"; break;\r\n\t\t\t\t\tcase 0xC7: chips[i] = \"GA20 (4ch)\"; break;\r\n\t\t\t\t\tcase 0xC8: chips[i] = \"SM8521 (4ch)\"; break;\r\n\t\t\t\t\tcase 0xC9: chips[i] = \"M114S (16ch)\"; break;\r\n\t\t\t\t\tcase 0xCA: chips[i] = \"ZX Spectrum (beeper/QuadTone) (5ch)\"; break;\r\n\t\t\t\t\tcase 0xCB: chips[i] = \"Casio PV-1000 (3ch)\"; break;\r\n\t\t\t\t\tcase 0xCC: chips[i] = \"K053260 (4ch)\"; break;\r\n\t\t\t\t\tcase 0xCD: chips[i] = \"TED (2ch)\"; break;\r\n\t\t\t\t\tcase 0xCE: chips[i] = \"Namco C140 (24ch)\"; break;\r\n\t\t\t\t\tcase 0xCF: chips[i] = \"Namco C219 (16ch)\"; break;\r\n\t\t\t\t\tcase 0xD0: chips[i] = \"Namco C352 (32ch)\"; break;\r\n\t\t\t\t\tcase 0xD1: chips[i] = \"ESFM (18ch)\"; break;\r\n\t\t\t\t\tcase 0xD2: chips[i] = \"Ensoniq ESS503 (32ch)\"; break;\r\n\t\t\t\t\tcase 0xD4: chips[i] = \"PowerNoise (4ch)\"; break;\r\n\t\t\t\t\tcase 0xD5: chips[i] = \"Dave (4ch)\"; break;\r\n\t\t\t\t\tcase 0xD6: chips[i] = \"NDS (16ch)\"; break;\r\n\t\t\t\t\tcase 0xD7: chips[i] = \"GBA (direct) (2ch)\"; break;\r\n\t\t\t\t\tcase 0xD8: chips[i] = \"GBA (MinMod) (16ch)\"; break;\r\n\t\t\t\t\tcase 0xD9: chips[i] = \"Bifurcator (4ch)\"; break;\r\n\t\t\t\t\tcase 0xDA: chips[i] = \"SCSP (32ch)\"; break;\r\n\t\t\t\t\tcase 0xDB: chips[i] = \"YMF271 (OPX) (48ch)\"; break;\r\n\t\t\t\t\tcase 0xDC: chips[i] = \"RF5C400 (32ch)\"; break;\r\n\t\t\t\t\tcase 0xDD: chips[i] = \"YM2612 XGM (9ch)\"; break;\r\n\t\t\t\t\tcase 0xDE: chips[i] = \"YM2610B extended (19ch)\"; break;\r\n\t\t\t\t\tcase 0xDF: chips[i] = \"YM2612 XGM extended (13ch)\"; break;\r\n\t\t\t\t\tcase 0xE0: chips[i] = \"QSound (19ch)\"; break;\r\n\t\t\t\t\tcase 0xE1: chips[i] = \"PS1 (24ch)\"; break;\r\n\t\t\t\t\tcase 0xE2: chips[i] = \"C64 (6581)+PCM (4ch)\"; break;\r\n\t\t\t\t\tcase 0xE3: chips[i] = \"Watara Supervision (4ch)\"; break;\r\n\t\t\t\t\tcase 0xE5: chips[i] = \"µPD1771C-017 (4ch)\"; break;\r\n\t\t\t\t\tcase 0xF0: chips[i] = \"SID2 (3ch)\"; break;\r\n\t\t\t\t\tcase 0xF1: chips[i] = \"5E01 (5ch)\"; break;\r\n\t\t\t\t\tcase 0xF5: chips[i] = \"SID3 (7ch)\"; break;\r\n\t\t\t\t\tcase 0xFC: chips[i] = \"Pong (1ch)\"; break;\r\n\t\t\t\t\tcase 0xFD: chips[i] = \"Dummy System (8ch)\"; break;\r\n\t\t\t\t\tcase 0xFE: case 0xFF: chips[i] = \"reserved for development\"; break;\r\n\t\t\t\t\tdefault: chips[i] = \"unk.\";\r\n\t\t\t\t\t}\r\n\t\t\t\t\tif(!el) i++;\r\n\t\t\t\t}\r\n\t\t\t\tsOption(\"chips: \"+chips.join(\"+\")); //sVersion += #chip1#chip2?\r\n\t\t\t\tsOption(\"ticks=\"+freq.toFixed(2)+\"Hz, A4=\"+A4freq+\"Hz\");\r\n\t\t\t\tsOption(\"ins:\"+ins+\" wvt:\"+wvt+\" smp:\"+smp+\" glob.ptn:\"+ptng);\r\n\t\t\t\tsOption(\"1st song's spd:\"+s1spd+\" ptn:\"+s1ptn+\" ord:\"+s1ord);\r\n\t\t\t} //verbose mod\r\n\t\t} //mod\r\n\t}\r\n\telse if(X.c(\"'FWMP'00\")) {\r\n\t\tsName = \"Capcom/ARC Developments' Forgotten Worlds BGM module (.FW)\"; bDetected = 1;\r\n\t}\r\n\telse if(X.c(\"'FXSM'\")) { //same as AY Amadeus!\r\n\t\tsName = \"František Fuka's Fuxoft AY Language module (.FXM)\"; bDetected = 1;\r\n\t}\r\n\telse if(X.c(\"'GBRF'..00\") && isWithin(X.U8(4), 1, 0x30) && isWithin(X.U8(6), 0,3) && isWithin(X.U8(7), 1,3)\r\n\t //&& [...Array(0x10).keys()].every(i => [0, 0xFF].includes(X.U8(0x10+i))) //Qt5 compatibility\r\n\t ) {\r\n\t\tsName = \"Gameboy Ripped Format chiptune (.GBR)\"; bDetected = 1;\r\n\t\tt = X.SA(0x154,0x13);\r\n\t\tif(t != \"\") if(/^([a-zA-Z0-9_ -]{4,})/.test(t)) sOptions = sOptions.append(t);\r\n\t}\r\n\telse if(X.Sz() > 0x70 && X.c(\"'GBS'01\") && X.U8(4) && X.U8(0xD) >= 0xA7) {\r\n\t\tbDetected = 1;\r\n\t\tsName = \"Gameboy Sound chiptune (.GBS)\";\r\n\t\tif(X.isVerbose())\r\n\t\t\tsOptionT(X.SA(0x10,0x20));\r\n\t\ttc = X.U8(4); if(tc > 1) sOption(tc,\"×\");\r\n\t\tif(X.isVerbose()) {\r\n\t\t\tsOptionT(X.SA(0x30,0x20),\"by: \");\r\n\t\t\tsOptionT(X.SA(0x50,0x20));\r\n\t\t}\r\n\t}\r\n\telse if(X.c(\"'GDM'FE\") && X.c(\"0D0A1A'GMFS'\",0x44) && X.U16(0x74) <= 9\r\n\t && isWithin(ordp=X.U32(0x76), 0x9D,X.Sz()) && isWithin(ptnp=X.U32(0x7B), 0x9D,X.Sz())\r\n\t && isWithin(smptp=X.U32(0x80), 0x9D,X.Sz()) && isWithin(smpp=X.U32(0x84), 0x9D,X.Sz())) {\r\n\t\t//ref https://github.com/OpenMPT/openmpt/blob/master/soundlib/Load_gdm.cpp\r\n\t\tsName = \"BWSB General Digital Music module (.GDM)\"; bDetected = 1;\r\n\t\ttrkr = \"\";\r\n\t\tif(X.U16(0x4D,_BE)==0) trkr = \"2gdm\";\r\n\t\tsVersion = \"v\"+ X.U8(0x4B) +\".\"+ X.U8(0x4C);\r\n\t\tif(trkr != \"\") sVersion += \"/\"+trkr+\" v\"+X.U8(0x4F)+\".\"+X.U8(0x50);\r\n\t\tif(X.isVerbose()) {\r\n\t\t\tord = X.U8(0x7A)+1; ptn = X.U8(0x7F)+1; smp = X.U8(0x88)+1;\r\n\t\t\tfor(ch=0,i=0x51; i < 0x71; ch+=X.U8(i++) != 0xFF);\r\n\t\t\tsmps = [];\r\n\t\t\tfor(allsmpsz=0,i=0,p=smptp; i++ < smp; p+=0x3E) {\r\n\t\t\t\tsmps.push(X.SC(p,0x20,'CP437').trim()); allsmpsz += X.U32(p+0x2D)\r\n\t\t\t}\r\n\t\t\tswitch(Math.max(ordp,ptnp,smptp,smpp)) {\r\n\t\t\tcase ordp: sz = ordp+ord; break;\r\n\t\t\tcase ptnp: for(p=ptnp,i=0; i++ < ptn && p < X.Sz(); p+=X.U16(p)); sz = p; break;\r\n\t\t\tcase smptp: sz = smptp+0x3E*smp; break;\r\n\t\t\tcase smpp: sz = smpp + allsmpsz; break; //the only case I ever saw\r\n\t\t\t}\r\n\t\t\tsOptionT(X.SC(0x04,0x20,'CP437'));\r\n\t\t\tsOptionT(X.SC(0x24,0x20,'CP437'),\"by: \");\r\n\t\t\tsOption(['','ProTracker MOD','Multitracker','Scream Tracker 3','Composer 669 / UNIS 669',\r\n\t\t\t\t'Farandole Composer','UltraTracker','Scream Tracker 2','OctaMED',\r\n\t\t\t\t'Epic Megagames MASI'][X.U16(0x74)],'orig:');\r\n\t\t\tsOptionT(X.SC(X.U32(0x89),X.U32(0x8D),'CP437'));\r\n\t\t\t//Seems absolutely no-one used the message pointers, but samples do have info\r\n\t\t\tsOptionT(addEllipsis(smps.filter(funSampleName).join('\\n'),0xB0),'smp/msg:\"\\n','\"');\r\n\t\t\tsOption('ch:'+ch+' tmp0:'+X.U8(0x72)+' bpm0:'+X.U8(0x73)+' ord:'+ord+' ptn:'+ptn\r\n\t\t\t\t+' smp:'+smp+' sz:'+outSz(sz))\r\n\t\t}\r\n\t}\r\n\telse if(X.c(\"'GLUE'B8B3AABA\")) {\r\n\t\t//TODO reverse & find calcsize\r\n\t\tsName = \"Lars 'GlueMaster' Malmborg's GlueMon module (.GLUE)\"; bDetected = 1;\r\n\t\tif(X.isVerbose()) {\r\n\t\t\tsOptionT(X.SA(8,8));\r\n\t\t\tins = X.U8(0x7F);\r\n\t\t\tord = X.U8(0x9E); ptn = 0;\r\n\t\t\tfor(i=0; i < ord; i++) { t = X.U8(0x9F+i); if(t != 0xFF && ptn < t) ptn = t }\r\n\t\t\tptn++;\r\n\t\t\tsOption(\"ord:\"+ord+\" ptn:\"+ptn+\" ins:\"+ins)\r\n\t\t}\r\n\t}\r\n\telse if(X.c(\"'NuFREDGRAY'\",0x22)) {\r\n\t\tsName = \"Fred Gray's module (.GRAY)\"; bDetected = 1;\r\n\t\tif(X.isVerbose()) {\r\n\t\t\tt = X.SA(0x50,0x100); pn = 0x50+t.length+1;\r\n\t\t\ta = X.SA(pn,0x100); pn += a.length+1;\r\n\t\t\tc = X.SA(pn,0x100);\r\n\t\t\tsOptionT(t); sOptionT(a,\"by: \"); sOptionT(c)\r\n\t\t}\r\n\t}\r\n\telse if(X.c(\"'GTK'\") && isWithin(X.U8(3),1,4) && X.U16(0xC4,_BE) <= 255 && isWithin(X.U16(0xC6,_BE),1,256)\r\n\t && isWithin(X.U16(0xC8,_BE),1,32) && (ord = X.U16(0xCA,_BE)) <= 256 && X.U16(0xCC,_BE) <= ord\r\n\t || X.c(\"'GT2'\") && (X.U8(3) > 5 && X.U32(4,_BE) == 0xE4 || X.U32(4,_BE) == 0xEC+2*X.U16(0xEA,_BE))\r\n\t && isWithin(X.U16(0xCA,_BE),1994,9999)) {\r\n\t\t//GTK from http://ldesoras.free.fr/src/gt2/dev_gtk.zip / formats.txt\r\n\t\t//GT2 from mod_gt2.cpp\r\n\t\t//+ input from the author (http://ldesoras.free.fr)\r\n\t\tbDetected = 1;\r\n\t\tsigv = 0; bad = '';\r\n\t\tswitch(X.U8(2)) {\r\n\t\t\tcase 0x4B: sName = \"Laurent 'Dumbo' de Soras's Graoumf Tracker module (.GTK)\"; sVersion = \"Amiga \"; sigv = 1; break;\r\n\t\t\tcase 0x32: sName = \"Laurent 'Dumbo' de Soras's Graoumf Tracker 2 module (.GT2)\"; sVersion = \"PC \" ; sigv = 2;\r\n\t\t}\r\n\t\tv = X.U8(3); sVersion += \"v\"+v;\r\n\t\tif(sigv == 1 && v < 6) switch(v) {\r\n\t\t\tcase 1: sVersion += \"/GT v0.7\"; break;\r\n\t\t\tcase 2: sVersion += \"/GT v0.726\"; break;\r\n\t\t\tcase 3: sVersion += \"/GT v0.731\"; break;\r\n\t\t\t//lost in time\r\n\t\t}\r\n\t\telse {\r\n\t\t\t if(v == 9) sVersion += \"/GT r27\"; //TODO maybe track down some other values\r\n\t\t}\r\n\t\ttracker = statln = '';\r\n\t\tif(sigv == 1) { //m68k GTK\r\n\t\t\tt = X.SC(4,0x20,'ISO8859-1').trim(); d = xc = \"\";\r\n\t\t\tc = X.SC(0x24,0xA0,'ISO8859-1').trim(); //the author says he never implemented this\r\n\t\t\ttrk = X.U16(0xC8,_BE); ord = X.U16(0xCA,_BE); smp = 0; smprecs = X.U16(0xC4,_BE);\r\n\t\t\trows = X.U16(0xC6,_BE); lp = X.U16(0xCC,_BE); smpinfosz = v <= 2 ? 0x30 : 0x40;\r\n\t\t\tsszofs = v == 1 ? 32 : 28; if(v >= 3) sszofs += 16; if(v >= 2) sszofs += 4;\r\n\t\t\tsmp = smpsz = 0; p = 0xCE; for(i=0; i < smprecs; i++) {\r\n\t\t\t\tif(ssz = X.U32(p+sszofs,_BE)) { smpsz += ssz; smp++ }; p += smpinfosz;\r\n\t\t\t\tif(ssz%2) bad = bad.addIfNone('!oddsmpsz') }\r\n\t\t\tptn = 0; for(i=0; i < ord; i++) { if((pt=X.U16(p,_BE)) > ptn) ptn = pt; p += 2 } ptn++;\r\n\t\t\tnn = v == 4 ? 5 : 4;\r\n\t\t\tsongsz = 0x2CE + smprecs*smpinfosz + ptn*rows*trk*nn; //hdr, smpinfo, order, ptns\r\n\t\t\tsz = songsz+smpsz;\r\n\t\t\tstatln = 'trk:'+trk+' ord:'+ord+' ptn:'+ptn+' smp:'+smp+(lp?' lp:'+lp:'')+' sz:'+outSz(sz)\r\n\t\t}\r\n\t\telse { //x86 GT2\r\n\t\t\tt = X.SA(8,0x20).trim();\r\n\t\t\td = X.U16(0xCA,_BE)+\"-\"+X.U8(0xC9).padStart(2,'0')+\"-\"+X.U8(0xC8).padStart(2,'0');\r\n\t\t\tc = X.SA(0x28,0xA0).trim(); tracker = X.SA(0xCC,0x18);\r\n\t\t\tpn = songhk = spd = bpm = ord = lp = mptn = ptn = ins = smp = trk = 0; sz = -1; xc = [];\r\n\t\t\tif(v < 6) { spd = X.U16(0xE4,_BE); bpm = X.U16(0xE6,_BE) }\r\n\t\t\twhile(pn < X.Sz()) {\r\n\t\t\t\thkhd = X.SA(pn,4); hksz = X.U32(pn+4,_BE); pn += 8;\r\n\t\t\t\tswitch (hkhd) {\r\n\t\t\t\tcase 'SONG': ord = X.U16(pn,_BE); lp = X.U16(pn+2,_BE);\r\n\t\t\t\t\tmptn = 0; p = pn+4; for(i=0; i 0)? hksz - 8 : 0;\r\n\t\t\t\tif(sz >= 0) break; //or one could see a mod with no ENDC. gimmekuh!.gt2 (v==1)? Any modern TCN2 thing?\r\n\t\t\t\tif(charStat(next = X.SA(pn,4)).indexOf('allasc') < 0 //check for all 4ccs being ok\r\n\t\t\t\t || next.toUpperCase() != next) break;\r\n\t\t\t}\r\n\t\t\tif(!songhk) bad = bad.addIfNone('!noSONG');\r\n\t\t\tif(sz <= 0) { sz = pn; bad = bad.addIfNone('!noendtag') }\r\n\t\t\tif(ptn != mptn) ptn = mptn+'/'+ptn;\r\n\t\t\tstatln = statln.appendS((bpm?'bpm0:'+bpm+' ':'')+(spd?'spd0:'+spd+' ':'')+'trk:'+trk\r\n\t\t\t\t+' ord:'+ord+(lp?' lp:'+lp:'')+' ptn:'+ptn+' ins:'+ins+' smp:'+smp+' sz:'+outSz(sz),' ')\r\n\t\t}\r\n\t\tif(X.isVerbose()) {\r\n\t\t\tsOption(t); sOption(d,'on:'); sOption(tracker,'in:'); sOption(c);\r\n\t\t\tif(xc.length) sOption(addEllipsis(xc.join('\\n'),0x100,0xA0),'msg: \"','\"');\r\n\t\t\tsOption(statln)\r\n\t\t}\r\n\t\tif(bad != '') sVersion = sVersion.appendS('malformed'+bad,'/')\r\n\t}\r\n\telse if(X.c(\"'NuH.DAVIES'\",0x22)) {\r\n\t\tsName = \"Howie Davies's module (.HD)\"; bDetected = 1;\r\n\t\tif(X.isVerbose()) {\r\n\t\t\tt = X.SA(0x64,0x100); pn = 0x64+t.length+1;\r\n\t\t\ta = X.SA(pn,0x100); pn += a.length+1;\r\n\t\t\tc = X.SA(pn,0x100);\r\n\t\t\tsOptionT(t);\r\n\t\t\tsOptionT(a,\"by: \");\r\n\t\t\tsOptionT(c);\r\n\t\t}\r\n\t}\r\n\telse if(X.c(\"'HESM'00\") && isWithin(X.U8(7),0x7D,0xFE) && X.c(\"FFF8\", 8)\r\n\t && isWithin(X.I8(0xA),-8,0x20) && isWithin(X.I8(0xB),-8,0x20) && isWithin(X.I8(0xC),-8,0x20)\r\n\t && isWithin(X.I8(0xD),-8,0x20) && isWithin(X.I8(0xE),-8,0x20) && X.c(\"'DATA'\", 0x10)\r\n\t && [0,0xE0].indexOf(X.U8(0x14)) >= 0 && X.c(\"002000000000000000\", 0x17) && X.Sz() >= 0x100) {\r\n\t \t//ref https://github.com/libgme/game-music-emu/blob/master/gme/Hes_Emu.cpp\r\n\t\tsName = \"Hudson Entertainment System multitrack tune (.HES)\"; bDetected = 1;\r\n\t\tsVersion = \"v\"+X.U8(4); startsong = X.U8(5); reqaddr = X.U16(6);\r\n\t\tdtsz = X.U32(0x14); dtaddr = X.U32(0x18);\r\n\t\tif(X.isVerbose()) {\r\n\t\t\tt = a = c = \"\"; p = 0x40;\r\n\t\t\tfunction getText() { if(X.U8(p)) {\r\n\t\t\t\tvar len = 0x20; if(X.U8(p+0x1F) && !X.U8(p+0x2F)) len = 0x30; //some are longer than t'others\r\n\t\t\t\tvar s = X.readBytes(p,len), z = s.indexOf(0); if(z < 0) return '';\r\n\t\t\t\tif(charStat(s.slice(0,z),1).indexOf('asc') < 0) return '';\r\n\t\t\t\tp += len; s = decEncoding(s,CP437,true,Chars0to1F); if(s == '') return ''; else return s\r\n\t\t\t} else return '' }\r\n\t\t\tif(X.U8(p) >= 0x20) { sOptionT(getText()); sOptionT(getText(),\"by:\"); sOptionT(getText()) }\r\n\t\t\tsOption('from:'+startsong+' sz:'+outSz(dtaddr+dtsz))\r\n\t\t}\r\n\t}\r\n\telse if(X.c(\"'GTI5'\")) {\r\n\t\tsName = \"Lasse 'Faust' Öörni's GoatTracker 2 Instrument (.INS)\"; bDetected = 1\r\n\t}\r\n\telse if(X.c(\"'ISM!V1.2'\")) {\r\n\t\tsName = \"Hans Bergstedt's Sound Invasion Music System/In Stereo! module (.IS)\"; bDetected = 1;\r\n\t\tsVersion = \"v\"+X.SA(5,3);\r\n\t\tif(X.isVerbose())\r\n\t\t\tsOptionT(X.SA(0x24,25))\r\n\t}\r\n\telse if(X.c(\"'IS20DF10STBL'\")) {\r\n\t\tsName = \"Hans Bergstedt's Sound Invasion Music System/In Stereo! module (.IS20)\"; bDetected = 1;\r\n\t\tsVersion = \"v2.0\";\r\n\t}\r\n\telse if(X.c(\"'IXS!'\")) {\r\n\t\tsName = \"Sahara Surfers' iXalance module (.IXS)\"; bDetected = 1; sVersion = 'compressed';\r\n\t\tif(X.isVerbose()) {\r\n\t\t\tsOptionT(X.SA(0x18,0x20)); sOption(outSz(0x38+X.U32(0x10)),'sz:')\r\n\t\t}\r\n\t\t//Unpacked module detection is in the sanity checks\r\n\t}\r\n\telse if((X.c(\"'MUSE'DEADBEAF\") || X.c(\"'MUSE'DEADBABE\")) && X.U32(16)+24 == X.U32(8)) {\r\n\t\tsName = \"Jazz Jackrabbit 2 container (.J2B)/Galaxy Sound System module\";\r\n\t\tsVersion = \"compressed\"; bDetected = 1;\r\n\t\tif(X.isVerbose())\r\n\t\t\tsOption('sz:'+X.U32(8))\r\n\t\t//TODO: confirm if zlib extraction available; if so, derive the module info too\r\n\t\t//Unpacked module detection is in the sanity checks\r\n\t}\r\n\telse if(X.c(\"'NuJ.FLOGEL'\",0x22)) {\r\n\t\tsName = \"Janko Mrsic-Flogel's module (.JMF)\"; bDetected = 1;\r\n\t\tif(X.isVerbose()) {\r\n\t\t\tt = X.SA(0x54,0x100); pn = 0x54+t.length+1;\r\n\t\t\ta = X.SA(pn,0x100); pn += a.length+1;\r\n\t\t\tc = X.SA(pn,0x100);\r\n\t\t\tsOptionT(t); sOptionT(a,\"by: \"); sOptionT(c)\r\n\t\t}\r\n\t}\r\n\telse if( X.c(\"2B7C.... ........ 2B7C.... ........ 2B7C.... ........ 2B7C.... ........ 303C00FF 32004EB9 ........ 4E75\")\r\n\t && X.I32(2,_BE) >= 0x2E) {\r\n\t\tsName = \"Steve Turner's module (.JPO)\"; bDetected = 1;\r\n\t\tif(X.isVerbose()) {\r\n\t\t\t//from https://gitlab.com/uade-music-player/uade/-/raw/master/amigasrc/players/wanted_team/SteveTurner/src/Steve%20Turner_v4.asm\r\n\t\t\tofs = X.U32(2,_BE);\r\n\t\t\tp1 = p = X.U32(0x12,_BE)-ofs+0x2E; d1 = 10;\r\n\t\t\twhile(p <= Math.min(X.Sz(),0x100000)) {\r\n\t\t\t\tt = X.U16(p,_BE); if(t == 0xF0FF) break; p += 2;\r\n\t\t\t\td0 = t; if(d0 > d1) d1 = d0;\r\n\t\t\t}\r\n\t\t\tsz = X.fSig(p1+d1,TOEOF,\"FF\"); if(sz > 0) sz++;\r\n\t\t\tp = X.U32(0xA,_BE)-ofs+0x2E; x = 0; // e4ec~e4fe\r\n\t\t\twhile(p < X.Sz()) { d0 = X.U16(p,_BE)&0xFFF0; if(d0) break; p += 0x0C; x++ }\r\n\t\t\tif(X.c(\"2b7c0004449c0faa2b7c000479840fa22b7c00047ab40fa62b7c000458980fae\"))\r\n\t\t\t\tx = 5; // paradroid90.jpo\r\n\t\t\td0 = 0x14+X.U32(0x1A,_BE)-ofs;\r\n\t\t\tsmp = (X.U32(d0,_BE) >> 2)-1;\r\n\t\t\tsmpsz = X.U32(d0+4,_BE);\r\n\t\t\tif(x > 1) sOption(x,\"×\"); sOption(\"smp:\"+smp+\" smpsz:\"+Hex(smpsz)+\" sz:\"+outSz(sz))\r\n\t\t}\r\n\t}\r\n\telse if((X.c(\"'KSCC'\") && !X.U8(0xE) && !(X.U8(0xF) & 0xE0)) || //&meant to be 0xF0 but majutsushi*.kss have 0x10 there\r\n\t (X.c(\"'KSSX'\") && !X.U32(0x14))) {\r\n\t\t// ref https://sourceforge.net/p/nezplug/code/HEAD/tree/nezplug/trunk/src/nes/m_kss.c & trunk/in_nez.txt\r\n\t\tsName = \"Konami's KSS chiptune (.KSS)\"; bDetected = 1;\r\n\t\tif(X.c(\"'KSSX'\")) { nv = 1; sVersion = \"extended\" } else nv = 0;\r\n\t\tbnk = X.U8(0xD) & 0x7F; bnk16 = X.U8(0xD) & 0x80 ? 1 : 2;\r\n\t\tif(bnk) sVersion = sVersion.appendS('banks'+(bnk16 == 1?'8k':'16k'), ',');\r\n\t\tchip = X.U8(0xF);\r\n\t\tif(X.isVerbose()) if(X.c(\"'MBM'\",0x20)) sOptionT(X.SA(0x24,0x34));\r\n\t\tsz = 0x10+X.U8(0xE)+X.U16(6)+0x2000*bnk*bnk16;\r\n\t\thnmmode = rammode = false; scc = true; ch = 1;\r\n\t\tif(chip & 2) {\r\n\t\t\tsVersion = sVersion+'#SEGA-MkIII(SMS)';\r\n\t\t\tif(chip & 4) { sVersion = sVersion+'/GameGear-Stereo'; ch = 2 }\r\n\t\t\telse sVersion = sVersion+'/SMS-SNG(SN76489)';\r\n\t\t\tif(chip & 1) sVersion = sVersion+'/FM-UNIT(YM2413)';\r\n\t\t\tif(chip & 0x88) rammode = true;\r\n\t\t\tscc = false\r\n\t\t} else {\r\n\t\t\tif(chip & 0x10) {\r\n\t\t\t\tif(chip & 8) { sVersion = sVersion+'#MSX-AUDIO-STEREO'; ch = 2 }\r\n\t\t\t\telse { sVersion = sVersion+'#MSX-AUDIO'; hnmmode = true }\r\n\t\t\t} else sVersion = sVersion+'#MSX-AUDIO';\r\n\t\t\tif(chip & 1) sVersion = sVersion+'/MSX-MUSIC';\r\n \t\t\tif(chip & 0x80) { rammode = true; scc = false }\r\n\t\t\telse {\r\n\t\t\t\trammode = (chip & 4) != 0; scc = !rammode\r\n\t\t\t}\r\n\t\t} \r\n\t\tif(rammode) sVersion = sVersion+'/RAM'; if(scc) sVersion = sVersion+'/SCC';\r\n\t\tif(hnmmode) sVersion = sVersion+'/牌の魔術師DAC';\r\n\t\tif(nv) if(X.U8(0xE) >= 0xB) if(X.isVerbose()) {\r\n\t\t\tx1 = X.U16(0x18); x2 = X.U16(0x1A);\r\n\t\t\tif(x2-x1 > 1) sOption('subsongs '+x1+'-'+x2);\r\n\t\t}\r\n\t\tif(X.isVerbose()) sOption('ch:'+ch+(bnk?' ex.bnk:'+bnk:'')+' sz:'+outSz(sz))\r\n\t}\r\n\telse if(X.c(\"'cyd!song'\") && X.U8(8) < 30) { //v27 was the last I saw, give it time...\r\n\t\t//ref https://github.com/kometbomb/klystron/tree/master/src/snd/music.c , .h : mus_load_song_RW\r\n\t\tsName = \"Tero 'kometbomb' Lindeman's Klystrack/Klystron module (.KT)\"; bDetected = 1;\r\n\t\tv = X.U8(8); sVersion = \"v\"+v;\r\n\t\tif(X.isVerbose()) {\r\n\t\t\tp = 9;\r\n\t\t\tif(v >= 6) ch = X.U8(p++); else if(v > 3) ch = 4; else ch = 3;\r\n\t\t\ttimesig = X.U8(p++)+\"/\"+X.U8(p++);\r\n\t\t\tif(v >= 17) p += 2; //seqstep\r\n\t\t\tins = X.U8(p++); ptn = X.U16(p); p += 2;\r\n\t\t\tnseq = []; for(i=0; i < ch; i++,p+=2) nseq[i] = X.U16(p); //seq cnt per channel\r\n\t\t\tlen = X.U16(p); p += 2; /*lp = X.U16(p);*/ p += 2;\r\n\t\t\tif(v >= 12) p++; //master_volume\r\n\t\t\tspd = X.U8(p++); spd2 = X.U8(p++);\r\n\t\t\trate = X.U8(p++); //bpm?...\r\n\t\t\tif(v > 2) { fl = X.U32(p); p += 4 } else fl = 0; if(v >= 9) p++; if(v >= 16) p++; //flags, mulpd, ptcin\r\n\t\t\ttlen = 17; if(v >= 11) tlen = X.U8(p++);\r\n\t\t\tif(v >= 5) tlen = Math.min(tlen,65);\r\n\t\t\tsOptionT(X.SC(p,tlen,'CP1250')); p += tlen;\r\n\t\t\tif(v >= 10) fx = X.U8(p++); else if(fl&1) fx = 1;\r\n\t\t\tif(fx)\r\n\t\t\t\tif(v >= 10) for(i=0; i < fx; i++) { //inner_load_fx\r\n\t\t\t\t\tif(v >= 22) { nsz = X.U8(p++); /*_l2r('kt',p,'fx#'+i+': '+X.SA(p,nsz));*/ if(nsz) p += Math.min(nsz,32) }\r\n\t\t\t\t\tp += 9; if(v < 27) p++; if(v < 21) p++;\r\n\t\t\t\t\tif(v >= 27) p += 6*16; else p += 4*8;//taps\r\n\t\t\t\t\tp++; if(v >= 19) p++;\r\n\t\t\t\t} else p += 8*8*fx;\r\n\t\t\tif(v >= 13) p += ch*2;//dfltvol,dfltpan\r\n\t\t\tinsn = [];\r\n\t\t\tfor(i=0; i < ins; i++) {\r\n\t\t\t\tp += 0x11; p += 2*X.U8(p)+1; //progsteps\r\n\t\t\t\tp += 7; if(v >= 20) p++;//finetune\r\n\t\t\t\tnsz = (v < 11)? 16: Math.min(X.U8(p++),33);\r\n\t\t\t\tinsn.push(X.SC(p,nsz,'CP1250').trim()); p += nsz;\r\n\t\t\t\tif(v >= 1) p += 4;\r\n\t\t\t\tif(v >= 7) p += 3;\r\n\t\t\t\tif(v >= 10) p++; //fx_bus\r\n\t\t\t\tif(v >= 11) p += 3;\r\n\t\t\t\tif(v >= 18) p++;\r\n\t\t\t\tif(v >= 12) wt_entry = X.U8(p++); else wt_entry = 0;\r\n\t\t\t\tif(v >= 23) p += 11;\r\n\t\t\t\tif(v >= 25) p++;\r\n\t\t\t\tif(v >= 23) fm_wave = X.U8(p++); else fm_wave = 0;\r\n\t\t\t}\r\n\t\t\tord = 0; //????\r\n\t\t\tfor(i=0; i < ch; i++) { ord = Math.max(nseq[i],ord); if(v < 8) p += 6*nseq[i]; else p += 5*nseq[i] }\r\n\t\t\tnotes = 0;\r\n\t\t\tfor(i=0; i < ptn; i++) {\r\n\t\t\t\tsteps = X.U16(p); p += 2;\r\n\t\t\t\tif(v >= 24) p++; //colour\r\n\t\t\t\tif(v < 8) {\r\n\t\t\t\t\ts = v < 2? 3: 6; p += steps*s;\r\n\t\t\t\t} else {\r\n\t\t\t\t\tslen = (steps >> 1)+(steps&1); packed = X.readBytes(p,slen); p += slen;\r\n\t\t\t\t\tfor(s=c=0; s < steps; s++) {\r\n\t\t\t\t\t\tbits = ((s&1) || (s == steps-1))? packed[c] & 0xF : packed[c] >> 4;\r\n\t\t\t\t\t\tif(bits&1) { p++; notes++ } if(bits&2) p++;\r\n\t\t\t\t\t\tif(bits&4) { ctl = X.U8(p++); if(v >= 14) bits |= ctl & ~7 }\r\n\t\t\t\t\t\tif(bits&8) p += 2; if(bits&0x80) p++;\r\n\t\t\t\t\t\tif(s&1) c++\r\n\t\t\t\t\t}\r\n\t\t\t\t}\r\n\t\t\t}\r\n\t\t\tmaxwt = 0;\r\n\t\t\tif(v >= 12) {\r\n\t\t\t\tmaxwt = X.U8(p++);\r\n\t\t\t\tfor(i=0; i < maxwt; i++) {\r\n\t\t\t\t\tsn = X.U32(p+8);\r\n\t\t\t\t\tp += 0x16;\r\n\t\t\t\t\tif(sn) if(v < 15) p += sn*2;\r\n\t\t\t\t\telse { dtsz = X.U32(p)/*in bits*/; p += 4+Util.divu64(dtsz+7,8) }\r\n\t\t\t\t}\r\n\t\t\t}\r\n\t\t\twts = [];\r\n\t\t\tif(v >= 26) for(i=0; i < maxwt; i++) {\r\n\t\t\t\tt = X.U8(p++); wts.push(X.SC(p,t,'CP1250').trim()); p += t\r\n\t\t\t}\r\n\t\t\tsOptionT(addEllipsis(insn.filter(funSampleName).join(',')),'ins/msg:\"','\"');\r\n//\t\t\tsOptionT(addEllipsis(wts.filter(funSampleName).join(',')),'smp/msg:\"','\"');\r\n\t\t\tsOption('ch:'+ch+' tsig:'+timesig+' rate:'+rate+' ord:'+ord+' ptn:'+ptn+' ins:'+ins+' wt:'+maxwt\r\n\t\t\t\t+' notes:'+notes+' spd:'+spd+'-'+spd2+' fx:'+fx+' sz:'+outSz(p))\r\n\t\t}\r\n\t}\r\n\telse if(X.c(\"'cyd!inst'\") ) {\r\n\t\tsName = \"Tero 'kometbomb' Lindeman's Klystrack instrument (.KI)\"; bDetected = 1\r\n\t}\r\n\telse if(X.c(\"'cyd!efex'\") ) {\r\n\t\tsName = \"Tero 'kometbomb' Lindeman's Klystrack effects (.KF?)\"; bDetected = 1\r\n\t}\r\n\telse if( X.c(\"'ADL '0000....'MDhd'00000008000080..00000080'MThd'00000006000200..01E0'MTrk'0000....00FF03\")\r\n\t || ( X.U32(0,_LE)==X.Sz() && X.c(\"'AD'\",4) ) ) {\r\n\t\tsName = \"Lucas Arts Adlib chiptune (.LAA)\"; bDetected = 1;\r\n\t\tif(X.SA(0,4)===\"ADL \") sVersion = \"new\"; else sVersion = \"old\"\r\n\t}\r\n\telse if( X.c(\"'Liquid Module:'\") ||\r\n\t ( (X.isHeuristicScan() || X.c(\"'NO'\"))\r\n\t\t && extIs(\"liq\"))\r\n\t || X.c(\"21\",0x01D6) && X.c(\"21\",0x0AD2) && X.c(\"21\",0x0BE6)\r\n\t && X.c(\"FF\",0x0ED4) && X.c(\"FF\",0x0EE8) ) {\r\n\t\tsName = \"Nir Oren's Liquid Tracker module (.LIQ)\"; bDetected = 1;\r\n\t\tsVersion = X.SA(0x41,0x14).trim();\r\n\t\tif(X.isVerbose()) {\r\n\t\t\tif(X.SA(0,2) == \"NO\")\r\n\t\t\t\tsOptionT(X.SA(5,0x14))\r\n\t\t\telse if(X.SA(0,3) == \"Liq\") {\r\n\t\t\t\tsOptionT(X.SA(0x0E,0x32));\r\n\t\t\t\tsOptionT(X.SA(0x0E,0x0F),\"by: \");\r\n\t\t\t}\r\n\t\t}\r\n\t}\r\n\telse if(X.Sz() > 0x38 && X.c(\"'LME'00\") && X.fSig(4,0x20,\"00\") < 0 && !X.U32(0x24,_BE)) {\r\n\t\t//ref https://gitlab.com/uade-music-player/uade/-/raw/master/amigasrc/players/wanted_team/LME/src/LMEv3.asm\r\n\t\tsName = \"Steve 'Leggless' Hasler module (.LME)\"; bDetected = 1;\r\n\t\tif(X.isVerbose()) {\r\n\t\t\tinfo = decAnsi(4,0x20,CPAmiga).trim(); songsz = 0x2C+X.U32(0x34,_BE);\r\n\t\t\td3 = ins = Util.divu64(X.U32(0x38,_BE) - (i=X.U32(0x28,_BE)), 58);\r\n\t\t\tx = (i-0x10) >> 4; i += 0x28; smp = synsmp = smpsz = 0;\r\n\t\t\tfor(d7 = 3; d3; d3--, i += 0x3A)\r\n\t\t\t\tif(!(t=X.U32(i,_BE))) synsmp++\r\n\t\t\t\telse if(t > d7) { d7 = t; smpsz += X.U16(i+4,_BE) << 1; smp++ }\r\n\t\t\tsteps = (X.U32(0x30,_BE) - X.U32(0x2C,_BE)) >> 2; sz = songsz+smpsz;\r\n\t\t\tif(x > 1) sOption(x,'×'); sOption(info,'info:\"','\"');\r\n\t\t\tsOption('steps:'+steps+' ins:'+ins+' sz:'+outSz(sz))\r\n\t\t}\r\n\t}\r\n\telse if(X.c(\"'sa-team 89a'10610A6108610678006000\",0x16C)\r\n\t && X.c(\"'dynamite89'\",0x234) && isWithin(X.U16(0x50A,_BE), 0,15)) {\r\n\t\tsName = \"Oscar Giesen & Marco Swagerman's Music Assembler module (.MA)\"; bDetected = 1; if(X.isVerbose()) {\r\n//ref https://web.archive.org/web/20071010162252/http://www.exotica.org.uk/tunes/formats/ma/ma_v0.zip / ma_fmt.txt\r\n\t\t\tx = ptn = 0; vp = []; ptns = []; ord = []; ch = [];\r\n\t\t\tfor(p=0x4B0,i=0; i < 40; i++,p+=2) vp[i] = 0x622+X.U16(p,_BE);\r\n\t\t\tfor(i=0; i < 40; i+=4) { ch_ = ord_ = 0;\r\n\t\t\t\tfor(j=i; j < i+4 && j < 40; j++) if(X.U8(vp[j]) != 0xFE) ch_++;\r\n\t\t\t\tif(ch_) {\r\n\t\t\t\t\tfor(j=i,p=vp[j]; j < i+4 && p < X.Sz(); p+=2)\r\n\t\t\t\t\t\tif((t=X.U8(p)) == 0xFE) break; else if(t == 0xFF) j++;\r\n\t\t\t\t\t\telse { ord_++; if(ptns.indexOf(t) < 0) ptns.push(t) }\r\n\t\t\t\t\tif(ord_) { x++; ord.push(ord_) }\r\n\t\t\t\t\tch.push(ch_)\r\n\t\t\t\t}\r\n\t\t\t}\r\n\t\t\tif(x > 1) sOption(x,'×');\r\n\t\t\tinsp = 0x622+X.U32(0x5B6,_BE); ins = Util.divu64(vp[0]-insp,0x18);\r\n\t\t\tsOption('ch:'+ch.join('/')+' ord:'+ord.join('+')+' ptn:'+ptns.length+' ins:'+ins+' sz:'+outSz(0x622+X.U32(0x5AE,_BE)))\r\n\t\t}\r\n\t}\r\n\telse if(X.c(\"'MADG'\") ) {\r\n\t\tsName = \"B. Birney's PlayerPro module (.MAD)\"; bDetected = 1;\r\n\t\tif(X.isVerbose())\r\n\t\t\tsOption(X.SA(4,0x12))\r\n\t}\r\n\telse if(X.c(\"D040D0404EFB\")) {\r\n\t\tsName = \"Mark Cooksey's module (.MC)\"; sVersion = \"new\"; bDetected = 1\r\n\t}\r\n\telse if(X.c(\"'MDC'1A 00080040\")) {\r\n\t\t//from https://github.com/ValleyBell/MidiConverters/blob/master/mdc2mid.c\r\n\t\tsName = \"かるちゃん/CUL.'s music creative driver module (.MDC)\"; bDetected = 1;\r\n\t\tinfo = ''; maxsz = Math.max(X.Sz(),65536);\r\n\t\tsz = X.U32(8,_BE); p = X.U32(0x14,_BE); midires = X.U16(0x2C,_BE);\r\n\t\tif(p && p < maxsz && (t=X.fSig(p,maxsz,'0D0A1A')) > 0) info = X.SC(p,t-p,'Shift_JIS');\r\n\t\tp = trkp = X.U32(0x10,_BE); x = X.U16(p,_BE); if(x > 0x20) sVersion = '!badsongcnt';\r\n\t\tfor(i=ch=0,p+=2; i < Math.min(x,0x20); i++,p+=8) if(ch < X.U8(p+5)) ch = X.U8(p+5)\r\n\t\tif(X.isVerbose()) {\r\n\t\t\tsOptionT(info); if(x > 1) sOption(x,'×'); sOption('ch:'+ch+(sz?' sz:'+outSz(sz):''));\r\n\t\t}\r\n\t}\r\n\telse if(X.c(\"'DMDL'..'IN'\")) {\r\n\t\tsName = \"Digitrakker module (.MDL)\"; bDetected = 1;\r\n\t\tif(X.isVerbose()) {\r\n\t\t\tsOptionT(X.SA(0x0B,32));\r\n\t\t\tsOptionT(X.SA(0x2B,20),\"by: \");\r\n\t\t}\r\n\t}\r\n\telse if(X.c(\"'MMDC'\")) { //before the more generic compare(\"'MMD'\")\r\n\t\tsName = \"Tony Crowther's packed MED module (.MMDC)\"; bDetected = 1;\r\n\t\tif(X.isVerbose()) sOption(outSz(X.U32(4,_BE)),\"sz:\")\r\n\t}\r\n\telse if(X.c(\"000001001100010014000000'GameBoy Music Module'\")) {\r\n\t\tsName = \"Paragon 5/Beyond Game Boy Tracker module (.MGB)\"; bDetected = 1\r\n\t\t//it's proprietary and seemingly packed in some manner, not easy to extract data. TODO?\r\n\t}\r\n\telse if(X.c(\"'MGT'11BD'MCS'\")) {\r\n\t\tsName = \"Megatracker module (.MGT)\"; bDetected = 1;\r\n\t\tsOptionT(X.SA(0x3A,0x20))\r\n\t}\r\n\telse if(X.c(\"'MThd'\") && X.c(\"'MTrk'\",8+X.U32(4,_BE)) && X.U16(8,_BE) <= 2) {\r\n\t\t//ref. spec. from midi.org: RP-001_v1-0_Standard_MIDI_Files_Specification_96-1-4.pdf\r\n\t\tsName = \"Standard MIDI File (.MID)\"; sVersion = \"v1.0\";\r\n\t\tnV = X.U16(8,_BE); bad = \"\"; bDetected = 1;\r\n\t\tswitch(nV) {\r\n\t\tcase 0: sVersion += \" t.0:one track\"; break;\r\n\t\tcase 1: sVersion += \" t.1:tracks\"; break;\r\n\t\tcase 2: sVersion += \" t.2:tracks+tempo\"\r\n\t\t}\r\n\t\tbDetected = 1;\r\n\t\tcharset = 'SJIS'; //'CP1252'\r\n\t\ttrk = X.U16(0x0A,_BE); if(trk > 1) sOption(trk,\"trk:\");\r\n\t\tif(nV == 0 && trk != 1) bad += \"!badvertrk\";\r\n\t\tsz = p = 0x0E; txt = by = title = lyr = \"\";\r\n\t\tfor(i=0; i < trk; i++) {\r\n\t\t\tvar readmore = 20; //mostly enough to catch the info messages; set to 0xFFFFFFFF for all of 'em\r\n\t\t\tif(!X.c(\"'MTrk'\",p) || (i && !X.c(\"FF2F00\",p-3))) { bad += \"!badtrk\"; break }\r\n\t\t\tlen = X.U32(p+4,_BE); p += 8; sz = p;\r\n\t\t\twhile(readmore && p < sz+len && p < X.Sz()) {\r\n\t\t\t\treadmore--; dt = readVarUInt(p);\r\n//logpart1=\"@\"+Hex(p)+\" on \"+dt+\": \";\r\n\t\t\t\tp += dt[0];\r\n\t\t\t\tswitch(X.U8(p++)) {\r\n\t\t\t\tcase 0xF0: case 0xF7: t = readVarUInt(p); p += t[0]+t[1]; break;\r\n\t\t\t\tcase 0xFF: a = X.U8(p++);\r\n//_log(logpart1+\"[\"+readVarUInt(p)+\"] meta event \"+Hex(a));\r\n\t\t\t\t\tswitch(a) {\r\n\t\t\t\t\t\tcase 0: if(X.U8(p++) != 2) readmore = 0; else p += 4; break;\r\n\t\t\t\t\t\tcase 3: t = readVarUInt(p); p += t[0];\r\n\t\t\t\t\t\t\ttitle = title.append(X.SC(p,t[1],charset).trim()); p += t[1];\r\n\t\t\t\t\t\t\tbreak;\r\n\t\t\t\t\t\tcase 2: t = readVarUInt(p); p += t[0];\r\n\t\t\t\t\t\t\tby = by.append(X.SC(p,t[1],charset).trim()); p += t[1]; break;\r\n\t\t\t\t\t\tcase 1: t = readVarUInt(p); p += t[0];\r\n\t\t\t\t\t\t\ttxt = txt.append(X.SC(p,t[1],charset).trim()); p += t[1]; break;\r\n\t\t\t\t\t\tcase 5: t = readVarUInt(p); p += t[0];\r\n\t\t\t\t\t\t\tlyr = lyr.append(X.SC(p,t[1],charset,\"-\").trim()); p += t[1];\r\n\t\t\t\t\t\t\tbreak;\r\n\t\t\t\t\t\tcase 4: case 6: case 7: t = readVarUInt(p); p += t[0]+t[1]; break; //ins., lyrics, markers, cues\r\n\t\t\t\t\t\tcase 0x20: t = readVarUInt(p); p += t[0]+t[1]; if(t[1] != 1) {\r\n\t\t\t\t\t\t\treadmore = 0; bad += \"!badprefix@\"+(p-t[0]-t[1]) } break\r\n\t\t\t\t\t\tcase 0x2F: t = readVarUInt(p); p += t[0]+t[1]; if(t[1])\r\n\t\t\t\t\t\t\tbad += \"!badEoTtag@\"+(p-t[0]-t[1]); readmore = 0; break;\r\n\t\t\t\t\t\tcase 0x51: t = readVarUInt(p); p += t[0]+t[1]; if(t[1] != 3) {\r\n\t\t\t\t\t\t\treadmore = 0; bad += \"!badtempo@\"+(p-t[0]-t[1]) } break;\r\n\t\t\t\t\t\tcase 0x54: t = readVarUInt(p); p += t[0]+t[1]; if(t[1] != 5) {\r\n\t\t\t\t\t\t\treadmore = 0; bad += \"!badSMPTE@\"+(p-t[0]-t[1]) } break;\r\n\t\t\t\t\t\tcase 0x58: t = readVarUInt(p); p += t[0]+t[1]; if(t[1] < 2 || t[1] > 4) {\r\n\t\t\t\t\t\t\treadmore = 0; bad += \"!badtime@\"+(p-t[0]-t[1]) } break;\r\n\t\t\t\t\t\tcase 0x59: t = readVarUInt(p); p += t[0]+t[1]; if(t[1] != 2) {\r\n\t\t\t\t\t\t\treadmore = 0; bad += \"!badkey@\"+(p-t[0]-t[1]) } break;\r\n\t\t\t\t\t\tdefault: t = readVarUInt(p); p += t[0]+t[1]\r\n\t\t\t\t\t} break;\r\n\t\t\t\tdefault: //p += readVarUInt(p)[0];\r\n//_log(logpart1+\"default...\");\r\n\t\t\t\t}\r\n\t\t\t\tif((txt != \"\" && by != \"\" && title != \"\") || p-sz > 0x200) readmore = 0;\r\n\t\t\t}\r\n\t\t\tsz += len; p = sz; if(p>X.Sz()) { bad += \"!short\"; break }\r\n\t\t} //for..trk\r\n\t\tif(bad) sVersion = sVersion.appendS('malformed'+bad,'/');\r\n\t\tif(X.isVerbose()) {\r\n\t\t\tsOptionT(title); sOptionT(by,\"by: \"); sOptionT(txt);\r\n\t\t\tsOption(outSz(sz),\"sz:\")\r\n\t\t}\r\n\t} else if(X.c(\"'SMF2CLIP'\")) {\r\n\t\t//ref. spec. from midi.org: M2-104-UM, MA06\r\n\t\tsName = \"MIDI Clip File (.midi2)\"; sVersion = \"v2.0\"; bDetected = 1;\r\n\t}\r\n\telse if(X.c(\"'MKJamz'\")) {\r\n\t\tsName = \"MK-Jamz module (.MKJ)\"; bDetected = 1\r\n\t}\r\n\telse if(X.c(\"'MLEDMODL'000000\")\r\n\t && X.c(\"'VERS'\",X.U32(8,_BE)+12)) {\r\n\t\tsName = \"Musicline Editor module (.ML)\"; bDetected = 1;\r\n\t\tp = 4; //header skipped\r\n\t\tt = \"\"; c = \"\"; x = 0; ch = smp = ins = ptn = 0;\r\n\t\twhile (p < X.Sz()) {\r\n\t\t\thkhd = X.SA(p,4); hksz = X.U32(p+4,_BE);\r\n//_log(hkhd+': ['+Hex(p)+'..'+Hex(p+hksz)+']')\r\n\t\t\tif(charStat(hkhd).indexOf('allasc') < 0) break; //break off if it doesn't look like a 4cc\r\n\t\t\tp += 8;\r\n\t\t\tswitch (hkhd) {\r\n\t\t\tcase \"VERS\":\r\n\t\t\t\tv = X.U16(p,_BE); //skips MODL and VERS 4cc+4sz\r\n\t\t\t\tsVersion = \"v\"+(v>>8)+\".\"+((v&0xF0)>>4)+(v&0x0F);\r\n\t\t\t\tbreak;\r\n\t\t\tcase \"TUNE\":\r\n\t\t\t\tx ++; t = t.appendS(X.SC(p,hksz,'CP1252').trim(),'; ');\r\n\t\t\t\ttmp0 = X.U16(p+0x20,_BE); spd0 = X.U8(p+0x22,_BE);\r\n\t\t\t\tgroove = X.U8(p+0x23,_BE); ch = X.U8(p+0x27);\r\n\t\t\t\t//v0.79 through v1.06 = hksz broken, v1.10+ good, no samples of 1.07~1.09 :( We'll calc\r\n\t\t\t\t//if(v <= 0x106) {\r\n\t\t\t\tchsz = 0; hksz = 0x28; //we'll recalc the chunk size instead\r\n\t\t\t\tfor(i=0; i < ch; i++) { chsz += X.U32(p+hksz,_BE); hksz += 4 }\r\n\t\t\t\thksz += chsz; //fetch chdata sizes, skip data\r\n\t\t\t\t//}\r\n\t\t\t\tbreak;\r\n\t\t\tcase \"INFO\":\r\n\t\t\t\tq = 0;\r\n\t\t\t\twhile(q < hksz) {\r\n\t\t\t\t\tz = X.fSig(p+q,hksz-q,\"00\");\r\n\t\t\t\t\tif(z > -1) l = z-p-q;\r\n\t\t\t\t\telse l = hksz;\r\n\t\t\t\t\tc += X.SC(p+q,l,'CP1252')+\"\\n\";\r\n\t\t\t\t\tq += l+1;\r\n\t\t\t\t} break;\r\n\t\t\tcase \"PART\": ptn++; break\r\n\t\t\tcase \"INST\": ins++; break\r\n\t\t\tcase \"SMPL\":\r\n\t\t\t\tsmp++; p += 6; break;\r\n\t\t\t}\r\n\t\t\tp += hksz;\r\n\t\t}\r\n\t\tif(X.isVerbose()) {\r\n\t\t\tif(x > 1) sOption(x,'×');\r\n\t\t\tsOptionT(t); sOptionT(addEllipsis(c,0xA0,0x80),'msg: \"','\"');\r\n\t\t\tsOption('ch:'+ch+' ptn:'+ptn+' ins:'+ins+' smp:'+smp+' sz:'+outSz(p));\r\n\t\t}\r\n\t}\r\n\telse if(X.c(\"'FORM'........'MMV8SDAT'................'SE'\")) {\r\n\t\tsName = \"Thomas Winischhofer's Music Maker EXT module (.MM8,.MM4)\"; bDetected = 1;\r\n\t\tsVersion = \"v8\";\r\n\t\tif(X.isVerbose()) {\r\n\t\t\tsOptionT(X.SA(0x1A,0x14));\r\n\t\t\tsOptionT(X.SA(0x36,0x29));\r\n\t\t\tsOption(outSz(X.I32(4,_BE)+8),\"sz:\")\r\n\t\t}\r\n\t}\r\n\t//TODO insert the SDATA format of Music Maker\r\n\telse if(X.c(\"'SEI1XX'00\")) { //TODO find more than 2 files to test on :)\r\n\t\tsName = \"Music Maker STD instrument (.IP)\"; bDetected = 1;\r\n\t\tsVersion = \"v8 old\";\r\n\t}\r\n\telse if(X.c(\"'MO3'\")) {\r\n\t\tsName = \"MO3 MOD module (.MO3)\"; bDetected = 1\r\n\t}\r\n\telse if(X.c(\"'RASP'\",0x438)) {\r\n\t\t// TODO find out what format it was...\r\n\t\tsName = \"Generic module (.MOD)\"; bDetected = 1;\r\n\t\tsVersion = X.SA(0x438,4);\r\n\t\tif(X.isVerbose()) {\r\n\t\t\tsOptionT(X.SC(0,0x14,\"IBM850\"));\r\n\t\t\tsOptionT(X.SC(0x14,0x16,\"IBM850\"),\"by/inst: \")\r\n\t\t}\r\n\t}\r\n\telse if(X.c(\"08'MONOTONE'\") && X.Sz() >= 0x15F) {\r\n\t\t//ref https://github.com/MobyGamer/MONOTONE/blob/master/MTSRC/MT_SONG.PAS\r\n\t\tsName = \"MONOTONE module (.MON)\"; bDetected = 1;\r\n\t\tsVersion = \"v\"+X.U8(0x5B);\r\n\t\tif(X.isVerbose()) {\r\n\t\t\tsOptionT(X.UCSD(0x09));\r\n\t\t\tsOptionT(X.UCSD(0x32));\r\n\t\t\tptn = X.U8(0x5C); trk = X.U8(0x5D); cellsz = X.U8(0x5E);\r\n\t\t\tord = 0; i = 0x5F; do { t = X.U8(i++); if(t != 0xFF) ord++ } while(i < 0x15F && i != 0xFF)\r\n\t\t\tsOption('trk:'+trk+' ord:'+ord+' ptn:'+ptn+' sz:'+outSz(0x15F+0x40*ptn*trk*cellsz));\r\n\t\t}\r\n\t}\r\n\telse if(/SONG[0-9.]{4}(COMP|NORM)/.test(X.SA(0,12))) {\r\n\t\tsName = \"Megastation track (.MS)\"; bDetected = 1;\r\n\t\tsVersion = \"v\"+X.SA(4,5).toLowerCase()\r\n\t}\r\n\telse if(/SNGM[0-9.]{4}(COMP|NORM)/.test(X.SA(0,12))) {\r\n\t\tsName = \"Megastation MOD module (.MSM)\"; bDetected = 1;\r\n\t\tsVersion = \"v\"+X.SA(4,5).toLowerCase()\r\n\t}\r\n\telse if(X.c(\"'MSOB'00000026\") && X.c(\"FFFF0000\",0x24) && (x=X.U16(0x28,_BE)) > 0) {\r\n\t\tsName = \"Medley module (.MSO)\"; bDetected = 1;\r\n\t\tif(X.isVerbose())\r\n\t\t\tif(x > 1) sOption(x,'×')\r\n\t}\r\n\telse if(X.c(\"'MTC1'00\") && X.U8(5) < 0x10 && X.Sz() >= (sz=X.U32(4,_BE)+8)) {\r\n\t\tsName = \"Multi-track Container module (.MTC)\"; bDetected = 1;\r\n\t\tif(X.isVerbose()) {\r\n\t\t\tname = auth = c = ''; p = 8; x = 0; //ignoring PROP--it's never useful\r\n\t\t\twhile(p < sz) {\r\n\t\t\t\thkhd = X.SA(p,4); hksz = X.U32(p+4,_BE); p += 8;\r\n\t\t\t\tswitch(hkhd) {\r\n\t\t\t\tcase \"NAME\": name = name.addIfNone(decAnsi(p,hksz,CPSpeccy),'/'); break;\r\n\t\t\t\tcase \"AUTH\": auth = auth.addIfNone(decAnsi(p,hksz,CPSpeccy),'/'); break;\r\n\t\t\t\tcase \"ANNO\": c = c.addIfNone(decAnsi(p,hksz,CPSpeccy),'/'); break;\r\n\t\t\t\tcase \"TRCK\": x++; break\r\n\t\t\t\t}\r\n\t\t\t\tp += hksz; if(p%2) p++\r\n\t\t\t}\r\n\t\t\tsOptionT(name); sOptionT(auth,'by:'); sOptionT(addEllipsis(c,0xA0));\r\n\t\t\tsOption('trk:'+x+' sz:'+outSz(sz))\r\n\t\t}\r\n\t}\r\n\telse if(X.c(\"'mpu401tr'92'kk'EE'r'\")) {\r\n\t\tsName = \"MPU-401 Trakker Adlib module (.MTK)\"; bDetected = 1;\r\n\t\tif(X.isVerbose()) {\r\n\t\t\tt = X.UCSD(0x18); sOptionT(t);\r\n\t\t\tsOptionT(X.SA(0x18+t.length+2),\"by: \")\r\n\t\t}\r\n\t}\r\n\telse if(X.c(\"'MTM'\")) {\r\n\t\t//ref https://github.com/libxmp/libxmp/blob/master/docs/formats/Mtm-form.txt\r\n\t\tsName = \"StarScream/Renaissance's Multitracker module (.MTM)\"; bDetected = 1;\r\n\t\tv=X.U8(3); sVersion = \"v\"+(v>>4)+\".\"+(v & 0x0F);\r\n\t\tif(X.isVerbose()) {\r\n\t\t\tsOptionT(X.SA(4,20));\r\n\t\t\ttrk = X.U16(24); ptn = X.U8(26);\r\n\t\t\tord = X.U8(27)+1; csz = X.U16(28);\r\n\t\t\tnos = X.U8(30); bpt = X.U8(32); smpsz = 0;\r\n\t\t\tfor(i=66+22; i < 66+22+nos*37; i += 37) smpsz += X.U32(i);\r\n\t\t\tpxc = 194+nos*37+trk*192+(ptn+1)*32*2;\r\n\t\t\tc = X.SA(pxc,csz); sz = pxc+csz+smpsz;\r\n\t\t\tif(c.length < csz) c = c.trim()+' <...>';\r\n\t\t\tsOptionT(c);\r\n\t\t\tsOption('trk:'+(trk+1)+' ord:'+(ord+1)+' ptn:'+(ptn+1)+' smp:'+nos+' sz:'+outSz(sz))\r\n\t\t}\r\n\t}\r\n\r\n\telse if(X.c(\"'MT20'\") && X.Sz() >= 0x184 && X.U8(9) == 2\r\n\t && X.U16(0x70) < 64 && X.U16(0x6A) <= 0x100) {\r\n\t\t//ref https://github.com/OpenMPT/openmpt/blob/master/soundlib/Load_mt2.cpp\r\n\t\tsName = \"MadTracker 2 module (.MT2)\"; nV = X.U8(8); bDetected = 1;\r\n\t\tsVersion = \"v\"+X.U8(9)+\".\"+nV.toString(16).padStart(2,'0');\r\n\t\tbad = \"\";\r\n\t\tord = X.U16(0x6A); loop = X.U16(0x6C);\r\n\t\tptn = X.U16(0x6E); trk = X.U16(0x70);\r\n\t\tflags = X.U32(0x76);\r\n\t\tins = X.U16(0x7A); smp = X.U16(0x7C);\r\n\t\thasdrums = X.U16(0x17E) != 0; //:477\r\n\t\tif(hasdrums) dptn = X.U16(0x180); else dptn = 0; // this one line's :789\r\n\t\tp = 0x184+(hasdrums?0x112:0); //180 = filehdr+hasdrums+orders\r\n\t\taddp = p+X.U32(p-4); msg = \"\"; vst2 = 0; igskip = 0;\r\n//_log(\"addp @\"+Hex(addp));\r\n\t\tsmpszs = []; insszs = []; inss = []; smps = []; extsmp = [];\r\n\t\twhile(p < addp) { //:578\r\n\t\t\thkhd = X.SA(p,4); hksz = X.U32(p+4); p += 8;\r\n\t\t\tswitch(hkhd) {\r\n\t\t\t\tcase \"MSG\": showmsg = X.U8(p);\r\n\t\t\t\t\tmsg = X.SC(p+1,hksz-1,'CP1252')\r\n\t\t\t\t\t .replace(\"\\r\",\"\\n\").replace(\"\\n\\n\",\"\\n\"); break;\r\n\t\t\t\tcase \"SUM\": artist = X.SC(p+6,hksz-6,'CP1252');\r\n\t\t\t\t\tif(artist == \"Unregistered\") artist == \"\"; break;\r\n\t\t\t\tcase \"VST2\": vst2 = X.U32(p); break;\r\n\t\t\t}\r\n\t\t\tp += hksz\r\n\t\t}\r\n//_log(\"ptns @\"+Hex(p));\r\n\t\tif(p > addp) bad = bad.addIfNone(\"!badaddsz\");\r\n\t\telse if(p > X.Sz()) bad = bad.addIfNone(\"!short\");\r\n\t\telse {\r\n\t\t\tfor(i=0; i < ptn && p < X.Sz(); i++) p += 6+((X.U32(p+2)+1)&~1)\r\n//_log(\"drums? @\"+Hex(p));\r\n\t\t\tif(hasdrums) { //:786\r\n\t\t\t\tfor(i=0; i < dptn && p < X.Sz(); i++) { //:811\r\n\t\t\t\t\tp += 2+X.U16(p)*32 }\r\n\t\t\t}\r\n//_log(\"atmt @\"+Hex(p));\r\n\t\t\tif(flags & 2) { //automation; 8 is drum autn., 0x10 is master autn.\r\n\t\t\t\tenv = trk + (flags & 8) + ((nV >= 0x50) ? vst2 : 0) + ((flags & 0x10) ? 1 : 0);\r\n\t\t\t\tfor(q = 0; q < ptn; q++)\r\n\t\t\t\t\tfor(var e = 0; e < env && p+4 <= X.Sz(); e++) {\r\n\t\t\t\t\t\tif(nV >= 3) { fl = X.U32(p); p += 8 }\r\n\t\t\t\t\t\telse { fl = X.U16(p); p += 4 }\r\n\t\t\t\t\t\twhile(fl) {\r\n\t\t\t\t\t\t\tif(fl&1) p += 0x104; fl >>= 1;\r\n\t\t\t\t\t\t\tif(fl<0)fl=-fl //fixes something suspiciously like a JS glitch\r\n\t\t\t\t\t\t}\r\n\t\t\t\t\t}\r\n\t\t\t}\r\n\t\t}\r\n//_log(\"ins @\"+Hex(p));\r\n\t\tif(p > X.Sz()) bad = bad.addIfNone(\"!short\");\r\n\t\telse {\r\n\t\t\tfor(i=0; i < 255; i++) {\r\n\t\t\t\tif(!msg && inss.length < 3) {\r\n\t\t\t\t\tt = X.SC(p,0x20,'CP1252'); if(t.trim() != \"\") inss.push(t) }\r\n\t\t\t\tdtlen = X.U32(p+0x20); if(dtlen == 0x20) dtlen += 0x18C;\r\n\t\t\t\tif(nV > 1 && dtlen) dtlen += 4;\r\n\t\t\t\tif(dtlen) igskip += X.U16(p+0x24)<<3; p += 0x24+dtlen;\r\n\t\t\t}\r\n\t\t}\r\n//_log(\"smp @\"+Hex(p));\r\n\t\tif(p > X.Sz()) bad = bad.addIfNone(\"!short\");\r\n\t\telse {\r\n\t\t\tfor(i=0; i < 256; i++) {\r\n\t\t\t\tif(!msg) {\r\n\t\t\t\t\tt = X.SA(p,0x20); if(i < smp && t.trim() != \"\") smps.push(t) }\r\n\t\t\t\tdtlen = X.U32(p+32); p += 0x24;\r\n\t\t\t\tif(dtlen && i < smp) {\r\n\t\t\t\t\tslen = X.U32(p); sfl = X.U8(p+10);\r\n\t\t\t\t\tif(sfl&5) smpszs.push({\"ext\":1,\"slen\":0}); else if(slen) smpszs.push({\"ext\":0,\"slen\":slen});\r\n\t\t\t\t\tp += dtlen;\r\n\t\t\t\t}\r\n\t\t\t}\r\n\t\t\tp += igskip;\r\n\t\t\tif(p > X.Sz()) bad = bad.addIfNone(\"!short\");\r\n\t\t\telse for(i=0; i < smp && p < X.Sz(); i++) {\r\n\t\t\t\tif(smpszs[i][\"ext\"]) {\r\n\t\t\t\t\tslen = X.U32(p); p += 0x10;\r\n\t\t\t\t\tiextsmp.push(X.SA(p,slen));\r\n\t\t\t\t\tp += slen;\r\n\t\t\t\t} else p += smpszs[i][\"slen\"];\r\n\t\t\t}\r\n\t\t}\r\n\t\tif(bad != \"\") sVersion += \"/malformed\"+bad\r\n\t\tif(X.isVerbose()) {\r\n\t\t\tsOptionT(X.SA(0x2A,0x40));\r\n\t\t\tif(msg != \"\")\r\n\t\t\t\tif(showmsg) sOption(addEllipsis(msg,0x80),\"msg: \");\r\n\t\t\t\telse sOption(\"(\"+addEllipsis(msg,0x80)+\")\",\"msg: \");\r\n\t\t\telse if(inss.length) sOption(\"\\\"\"+addEllipsis(inss.join(\" \"),200)+\"\\\"\",\"ins/msg:\");\r\n\t\t\telse if(smps.length) sOption(\"\\\"\"+addEllipsis(smps.join(\" \"),200)+\"\\\"\",\"smp/msg:\");\r\n\t\t\tsOption(\"ord:\"+ord+\" loop:\"+loop+\" ptn:\"+ptn+(hasdrums?\"+\"+dptn:\"\")+\" ins:\"+ins+\r\n\t\t\t \" smp:\"+smp+(extsmp.length > 0 ? \" ext.smp: [\"+extsmp.join(\",\")+\"]\" : \"\")+\r\n\t\t\t \" trk:\"+trk+(hasdrums?\"+8\":\"\")+(vst2?(\"vst2:\"+vst2):\"\")+\" sz:\"+outSz(p))\r\n\t\t}\r\n\t}\r\n\r\n\telse if(X.c(\"'MTRAC'\") && X.U8(0x31) == 0x1A) {\r\n\t\tsName = \"Pyro-Fyre/Arkham's Master Tracker module (.MTR)\"; bDetected = 1;\r\n\t\t//TODO parse master tracker\r\n\t\t// x = X.readBytes(0,X.fSig(0,TOEOF,\"1A\"));\r\n\t\t// tt = X.SA(5,20).trim();\r\n\r\n\t\t// if(v!=null) sVersion = \"v\"+v;\r\n\t\t// if(X.isVerbose())\r\n\t\t// sOptionT(X.SA(0x2A,0x40))\r\n\t}\r\n\telse if(X.c(\"3C4F3123 20391E00 1FdF1F9F 0C020C05 04040407 1AF60627\")) {\r\n\t\tsName = \"Packen/ぱっくん Software MUAP98/みゅあっぷ tone data (TONES.DTA)\"; bDetected = 1;\r\n\t\tif(X.isVerbose()) sOption(outSz(6400),'sz:')\r\n\t}\r\n\telse if(X.c(\"'MVSM1'\")) {\r\n\t\tsName = \"Kaneda's MVSTracker Suite module (.MUS)\"; bDetected = 1\r\n\t}\r\n\telse if(X.c(\"'MUS'1A\") && (X.U16(4) >= X.U16(6))) {\r\n\t\tsName = \"idSoft's DOOM music module (.MUS)\"; bDetected = 1;\r\n\t\tif(X.isVerbose())\r\n\t\t\tsOption(outSz(X.U16(4)),'sz:')\r\n\t}\r\n\telse if(X.c(\"'MXM'00\") && isWithin(X.U32(4),1,256) && X.U32(8) < X.U32(4)\r\n\t && isWithin(X.U32(0xC),1,255) && X.U32(0x10)) {\r\n\t\t// from https://www.cubic.org/source/mxmplay-1.6.zip / xm2mxm.cpp\r\n\t\tsName = \"Niklas 'pascal' Beisert's MXMplay module (.MXM)\"; bDetected = 1;\r\n\t\tif(X.isVerbose()) {\r\n\t\t\tord = X.U32(4); lp = X.U32(8); ch = X.U32(0xC); ptn = X.U32(0x10); ins = X.U32(0x14);\r\n\t\t\tspd0 = X.U8(0x18); bpm0 = X.U8(0x19);\r\n\t\t\tsOption('spd0:'+spd0+' bpm0:'+bpm0+' ch:'+ch+' ord:'+(lp?lp+'-':'')+ord+' ptn:'+ptn+' ins:'+ins)\r\n\t\t}\r\n\t}\r\n\telse if(X.c(\"'MXTX'00\")) {\r\n\t\tsName = \"David 'Talin' Joiner & Joe Pearce's MaxTrax/Music-X module (MXTX.+SMPL.)\"; bDetected = 1\r\n\t}\r\n\telse if(X.c(\"'TWNNSNG1'00\")) { // looks like the first ProTrekkr was called this\r\n\t\tsName = \"J.A.A. 'Arguru' Ruis's NoiseTrekker module (.NTK)\"; bDetected = 1;\r\n\t\tsVersion = \"v1.6b\";\r\n\t\tif(X.isVerbose())\r\n\t\t\tsOption(X.SA(9,20))\r\n\t}\r\n\telse if(X.c(\"'TWNNSNG2'00\")) { // looks like the first ProTrekkr was called this\r\n\t\tsName = \"J.A.A. 'Arguru' Ruis's NoiseTrekker module (.NTK)\"; bDetected = 1;\r\n\t\tsVersion = \"v2.0\";\r\n\t\tif(X.isVerbose())\r\n\t\t\tsOption(X.SA(9,20))\r\n\t}\r\n\telse if((X.c(\"'TWNNSNG'..00\") && [\"6\",\"G\",\"I\"].indexOf(X.SA(7,1) >= 0))\r\n\t || X.c(\"'PROTREK'\")) {\r\n\t\t//ref https://github.com/hitchhikr/protrekkr/blob/c321b1995d127fc232d8ea50e359d7e2603882b8/src/ptk.cpp#L2434\r\n\t\tsName = \"J.A.A. 'Arguru' Rius et al.'s ProTrekkr module (.PTK)\"; bDetected = 1;\r\n\t\tsVersion = \"v\"+X.SA(0x7,1);\r\n\t\tif(X.isVerbose()) // this stuff has compression in most versions, TODO?\r\n\t\t\tif(sVersion == \"v6\") sOption(X.SA(9,20))\r\n\t}\r\n\telse if(X.c(\"'NESM'1A\") || X.c(\"'NSFE'\")) {\r\n\t\t//ref http://www.nesdev.org/wiiki/NSF\r\n\t\tsName = \"Nintendo Sound Format audio (.\"; bDetected = 1;\r\n\t\tsig = X.SA(0,4);\r\n\t\tif(sig === \"NSFE\") filever = \"NSFe\";\r\n\t\telse if(X.U8(5) == 2) filever = \"NSF2\";\r\n\t\telse filever = \"NSF\";\r\n\t\tsName += filever+\")\";\r\n\t\tINFOready = false; NEND = false; hkhd = \"\"; pn = 4;\r\n\t\tnsf2jump = palntsc = sz = -1; spd = \"\"; vrc7repl = 0;\r\n\t\tplaytime = Number(0); g=\"\"; t=\"\"; a=\"\"; c=\"\"; taut=[]; tlbl=[]; xc=\"\";\r\n\t\tif(filever === \"NSFe\") {\r\n\t\t\tif(X.isVerbose()) //no base header, find INFO first\r\n\t\t\t while(pn < X.Sz()){\r\n\t\t\t\thksz = X.U32(pn,_BE); hkhd = X.SA(pn+4,4);\r\n\t\t\t\tif(hkhd === \"INFO\") break;\r\n\t\t\t\telse pn += hksz+8;\r\n\t\t\t}\r\n\t\t\tnsf2jump = 0;\r\n\t\t}\r\n\t\telse { //NSF v1/2 have a hardplaced header, let's read that\r\n\t\t\tbDetected = 1;\r\n\t\t\tsVersion = \"\";\r\n\t\t\tif(X.isVerbose()) {\r\n\t\t\t\tpalntsc = X.U8(0x7A);\r\n\t\t\t\tchip = X.U8(0x7B);\r\n\t\t\t\ttc = X.U8(6); t = X.SA(0x0E,0x20);\r\n\t\t\t\ta = X.SA(0x2E,0x20); c = X.SA(0x4E,0x20);\r\n\t\t\t}\r\n\t\t\tINFOready = true;\r\n\t\t\tnsf2jump = X.U24(0x7D,_LE);\r\n\t\t\tpn += nsf2jump; //NSF v1 files ALSO can have this jump... orz\r\n\t\t}\r\n\t\t// at this point we're standing at the first hunk unless it's a pure NSF, and at \"INFO\" for NSFe\r\n\t\tif(nsf2jump >= 0 && filever === \"NSFe\" && X.isVerbose())\r\n\t\t\twhile(pn < X.Sz() && !NEND) {\r\n\t\t\t\thksz = X.U32(pn,_LE); hkhd = X.SA(pn+4,4); pn+=8;\r\n\t\t\t\tswitch (hkhd) {\r\n\t\t\t\t\tcase \"NEND\": //end of hunks\r\n\t\t\t\t\t\tNEND = true; break;\r\n\t\t\t\t\tcase \"INFO\": //really shouldn't happen with nsf1/2\r\n\t\t\t\t\t\tif(INFOready) break;\r\n\t\t\t\t\t\tpalntsc = X.U8(pn+6);\r\n\t\t\t\t\t\tchip = X.U8(pn+7);\r\n\t\t\t\t\t\ttc = X.U8(pn+7);\r\n\t\t\t\t\t\tINFOready = true; break;\r\n\t\t\t\t\tcase \"RATE\":\r\n\t\t\t\t\t\tspd = \"rate :: NTSC: \"+X.U16(pn,_LE)+\" ticks\";\r\n\t\t\t\t\t\tpalspd = X.U16(pn+2,_LE);\r\n\t\t\t\t\t\tif(palspd > 0) spd += \", PAL: \"+palspd+\" ticks\";\r\n\t\t\t\t\t\tdendyspd = X.U16(pn+4,_LE);\r\n\t\t\t\t\t\tif(dendyspd > 0) spd += \", Dendy: \"+dendyspd+\" ticks\";\r\n\t\t\t\t\t\tbreak;\r\n\t\t\t\t\tcase \"VRC7\":\r\n\t\t\t\t\t\tvrc7repl = X.U8(pn); break;\r\n\t\t\t\t\tcase \"time\":\r\n\t\t\t\t\t\tfor(i=0; i*4 < hksz; i++) {\r\n\t\t\t\t\t\t\tif(i*4 >= hksz) curtime=-1\r\n\t\t\t\t\t\t\telse curtime = X.I32(pn+i*4,_LE);\r\n\t\t\t\t\t\t\tif(curtime < 0) curtime = 2*60000; //default time: 2 minutes :V\r\n\t\t\t\t\t\t\tplaytime += curtime/1000;\r\n\t\t\t\t\t\t} break;\r\n\t\t\t\t\tcase \"auth\":\r\n\t\t\t\t\t\tapn = 0;\r\n\t\t\t\t\t\tg = X.SC(pn,0x100,\"UTF8\"); apn+=g.length+1;\r\n\t\t\t\t\t\ta = X.SC(pn+apn,0x100,\"UTF8\"); apn+=a.length+1;\r\n\t\t\t\t\t\tc = X.SC(pn+apn,0x100,\"UTF8\"); apn+=c.length+1;\r\n\t\t\t\t\t\tc += \", rip: \"+X.SC(pn+apn,0x100,\"UTF8\");\r\n\t\t\t\t\t\tbreak;\r\n\t\t\t\t\tcase \"taut\":\r\n\t\t\t\t\t\tif(X.isDeepScan()) {\r\n\t\t\t\t\t\t\tapn = 0;\r\n\t\t\t\t\t\t\twhile(apn < hksz) {\r\n\t\t\t\t\t\t\t\ttrkauth = X.SC(pn+apn,hksz-apn,\"UTF8\"); apn += trkauth.length+1;\r\n\t\t\t\t\t\t\t\ttaut.push(trkauth)\r\n\t\t\t\t\t\t\t}\r\n\t\t\t\t\t\t} break;\r\n\t\t\t\t\tcase \"tlbl\":\r\n\t\t\t\t\t\tif(X.isDeepScan()) {\r\n\t\t\t\t\t\t\tapn = 0;\r\n\t\t\t\t\t\t\twhile(apn < hksz) {\r\n\t\t\t\t\t\t\t\ttrklbl = X.SC(pn+apn,hksz-apn,\"UTF8\"); apn += trklbl.length+1;\r\n\t\t\t\t\t\t\t\ttlbl.push(trklbl)\r\n\t\t\t\t\t\t\t}\r\n\t\t\t\t\t\t} break;\r\n\t\t\t\t\tcase \"text\":\r\n\t\t\t\t\t\tif(X.isDeepScan())\r\n\t\t\t\t\t\t\txc = X.SC(pn,hksz,\"UTF8\");\r\n\t\t\t\t}\r\n\t\t\t\tpn += hksz; sz = pn;\r\n\t\t\t}\r\n\t\tif(X.isVerbose() && INFOready) {\r\n\t\t\tswitch(palntsc) {\r\n\t\t\t\tcase 0: sVersion += \" NTSC\"; break;\r\n\t\t\t\tcase 1: sVersion += \" PAL\"; break;\r\n\t\t\t\tcase 2: sVersion += \" NTSC/PAL\"\r\n\t\t\t}\r\n\t\t\tif(chip&0x01) sVersion += \"#VRC6\";\r\n\t\t\tif(chip&0x02) switch(vrc7repl) {\r\n\t\t\t\tcase 1: sVersion += \"#YM2413\"; break;\r\n\t\t\t\tdefault: sVersion += \"#VRC7\" }\r\n\t\t\tif(chip&0x04) sVersion += \"#FDS\";\r\n\t\t\tif(chip&0x08) sVersion += \"#MMC5\";\r\n\t\t\tif(chip&0x10) sVersion += \"#Namco163\";\r\n\t\t\tif(chip&0x20) sVersion += \"#Sunsoft5B\";\r\n\t\t\tsOptionT(t);\r\n\t\t\tif(tc > 1) sOption(tc,\"×\");\r\n\t\t\tsOptionT(a,\"by: \");\r\n\t\t\tsOptionT(c);\r\n\t\t}\r\n\t\tif(X.isVerbose()) {\r\n\t\t\tif(playtime > 1)\r\n\t\t\t sOption(new Date(Math.round(playtime*1000)).toISOString().substr(11, 8),\"Playtime: \");\r\n\t\t\tif(Math.max(tlbl.length,taut.length)>0) sOption(\"[Tracks]\");\r\n\t\t\tfor (i=0; i < Math.max(tlbl.length,taut.length); i++) {\r\n\t\t\t\tif(i < tlbl.length) ttlbl = tlbl[i];\r\n\t\t\t\telse ttlbl = \"#\"+(i+1);\r\n\t\t\t\tif(i < taut.length) ttaut = \" by: \"+taut[i];\r\n\t\t\t\telse ttaut = \"\";\r\n\t\t\t\tsOption(ttlbl+ttaut)\r\n\t\t\t}\r\n\t\t\tif(xc != \"\") sOption(xc,\"[Commentary]: \");\r\n\t\t\tif(sz > -1) sOption(outSz(sz),\"sz:\")\r\n\t\t}\r\n\t}\r\n\telse if(X.c(\"'OKTASONGCMOD'00000008\") && X.c(\"'SAMP'00000480\", 0x18)\r\n\t && X.c(\"'SPEE'00000002....'SLEN'00000002....'PLEN'00000002....'PATT'00000080\", 0x4A0)\r\n\t && X.c(\"'PBOD'\", 0x546)) {\r\n\t\tsName = \"Armin Sander's Oktalyzer module (.OK,.OKT,.OKTA)\"; bDetected = 1;\r\n\t\tsVersion = 'v'+X.U16(0x14,_BE)+'.'+X.U16(0x16,_BE).padStart(2,'0');\r\n\t\tif(X.isVerbose()) {\r\n\t\t\tfor(p=0x20,smp=0,smps=[]; p < 0x4A0; p += 0x20) {\r\n\t\t\t\tif((t=decAnsi(p,0x14,CPAmiga).trim()) != '') smps.push(t); if(X.U32(p+0x14,_BE)) smp++;\r\n\t\t\t}\r\n\t\t\tsOption(addEllipsis(smps.join(' ')),'smp/msg:\"','\"');\r\n\t\t\ttmp0 = X.U16(0x4A8,_BE); ptn = X.U16(0x4B2,_BE); ord = X.U16(0x4BC,_BE); rsmp = 0;\r\n\t\t\tp = 0x546; while(p < X.Sz() && rsmp < smp) {\r\n\t\t\t\thkhd = X.SA(p,4); if(charStat(hkhd,1).indexOf('allasc') < 0) break;\r\n\t\t\t\thksz = X.U32(p+4,_BE); if(hkhd === 'SBOD') rsmp++; p += 8+hksz\r\n\t\t\t}\r\n\t\t\tsOption('tmp0:'+tmp0+' ord:'+ord+' ptn:'+ptn+' smp:'+(rsmp!=smp?rsmp+'/':'')+smp+' sz:'+outSz(p))\r\n\t\t}\r\n\t}\r\n\telse if(X.c(\"'Onyx Music File'1A0001\") && X.c(\"80808080\",0x18E)) {\r\n\t\t// ref ftp://http.modland.com/pub/documents/format_documentation/Onyx%20Music%20File%20(.omf).txt\r\n\t\tsName = \"Altar/Onyx's Onyx Music File (.OMF)\"; bDetected = 1;\r\n\t\tif(X.isVerbose()) {\r\n\t\t\tch = X.U8(0x192)+1;\r\n\t\t\tptn = X.U8(0x193)+1;\r\n\t\t\tord = X.U8(0x194)/2+1;\r\n\t\t\ttitle = X.SA(0x195,0x1F).trim();\r\n\t\t\tsn = []; smp = smpsz = 0;\r\n\t\t\tfor(i=0; i < 31; i++) {\r\n\t\t\t\tt = X.SA(0x1B4+i*0x1C,21).trim(); if(t.length) sn.push(t);\r\n\t\t\t\tt = X.U16(0x1CC+i*0x1C); if(t) { smpsz += t; smp++ }\r\n\t\t\t}\r\n\t\t\tfor(i=0,p=0x51A; i < ptn; i++) p += 3+X.U8(p+2)*0x100; sz = p+smpsz+smp*3;\r\n\t\t\tfor(i=0; i < smp; i++) p += 3+X.U16(p+1); if(p != sz) sVersion = 'malformed!badsmpcnk';\r\n\t\t\tsOptionT(title); sOptionT(addEllipsis(sn.filter(funSampleName).join(' ')),'smp/msg:\"','\"');\r\n\t\t\tsOption('ch:'+ch+' ord:'+ord+' ptn:'+ptn+' smp:'+smp+' sz:'+outSz(sz))\r\n\t\t}\r\n\t}\r\n\telse if((X.c(\"'Org-02'\") || X.c(\"'Org-03'\")) && X.Sz() >= 114) {\r\n\t\tsName = \"Amaya 'Pixel' Daisuke's Organya/ORG Maker module (.ORG)\"; bDetected = 1;\r\n\t\tif(X.U8(5) === 0x32) sVersion == \"v1\"; else sVersion = \"v2\";\r\n\t\tif(X.isVerbose()) {\r\n\t\t\tc = ins = 0; for(i=0; i < 16; i++) {\r\n\t\t\t\tt = X.U16(0x16+6*i); if(t) { ins++; c += t }\r\n\t\t\t}\r\n\t\t\tsOption(\"ins:\"+ins+\" tempo:\"+X.U16(6)+\" rhythm:\"+X.U8(8)\r\n\t\t\t +\"/\"+X.U8(9)+\" notes:\"+c+\" sz:\"+outSz(114+(c<<3)))\r\n\t\t}\r\n\t}\r\n\telse if(X.c(\"'OBISYNTHPACK'\") && X.Sz() > 0x510 && ( X.c(\"0100\",0x50C) || !X.U32(0x50C,_BE) )) {\r\n\t\tsName = \"Karsten 'Obi' Obarski's Synth Pack module (.OSP+SMP.set)\"; bDetected = 1;\r\n\t\tif(X.isVerbose()) { //from initplayer RE\r\n\t\t\tp = a2 = 0xC; // @650\r\n\t\t\tfor(x = ord = 0, d1 = 0x40; p < X.Sz() && d1--;) {\r\n\t\t\t\td2 = X.U32(p,_BE); p += 4; if(!d2) break; ord++; d2 &= 0xFFFF;\r\n\t\t\t\tif(d2 == 0xF0) x++; // @656~664\r\n\t\t\t}\r\n\t\t\tfor(d3 = d6 = 0; a2 < X.Sz() && d6 < 0x40;) { // @668~698\r\n\t\t\t\td4 = X.U32(a2,_BE); a2 += 4;\r\n\t\t\t\tif(!d4) { if(X.U32(a2,_BE)) d6++;\r\n\t\t\t\t} else {\r\n\t\t\t\t\td4 &= 0xFF00;\r\n\t\t\t\t\tif(d4 == 0xFE00 || d4 == 0xFC00) d3++;\r\n\t\t\t\t\td6++;\r\n\t\t\t\t}\r\n\t\t\t\tif(d6 >= 0x40) break;\r\n\t\t\t}\r\n\t\t\tif(d3 > x) { x = d3; ord = d6 } // @69a~6a0\r\n\t\t\tif(X.c(\"2000\",0xC) || X.c(\"FE\",0xE)) x = 7; // @6a2~6b8\r\n\t\t\td1 = 0x100;\r\n\t\t\tif(p < X.Sz()) p = 0x10C; ptn = 0; // @6bc~6c4\r\n\t\t\tfor(; p < X.Sz() && d1--;) { if((t = X.U8(p)) > ptn) ptn = t; p += 4 } // @6c6~6d2\r\n\t\t\tif(p < X.Sz()) p = 0x50C; // @6d6...\r\n\t\t\tif(!X.U32(0x50C,_BE)) // to @6fe\r\n\t\t\t\tp += (ptn+1)*0x180; //\r\n\t\t\telse {\r\n\t\t\t\tfor(; p < X.Sz(); p += 2) if(!X.U16(p,_BE)) break;\r\n\t\t\t\tfor(p += X.U16(p-2,_BE); p < X.Sz(); p += 2) if(X.c(\"FFFFFFFF5FFF\",p)) break; // @6e8~f2\r\n\t\t\t\tp += 6;\r\n\t\t\t}\r\n\t\t\tif(x > 1) sOption(x,'×');\r\n\t\t\tsOption('ord:'+ord+' ptn:'+ptn+' sz:'+outSz(p))\r\n\t\t}\r\n\t}\r\n\telse if(X.c(\"'OBISYNTHPACK'\")) { //this must be the sample set\r\n\t\tfor(p=0xC,i=smp=0; p < X.Sz() && i < 0x40; i++) {\r\n\t\t\tt = X.U32(p+4,_BE)-X.U32(p,_BE); p += 4; if(t) smp++;\r\n\t\t} p -= 4; sz = X.U32(p,_BE);\r\n\t\tif(sz <= X.Sz()) {\r\n\t\t\tsName = \"Karsten 'Obi' Obarski's Synth Pack's sample set (SMP.SET)\"; bDetected = 1;\r\n\t\t\tif(X.isVerbose()) sOption('smp:'+smp+' sz:'+outSz(sz))\r\n\t\t}\r\n\t}\r\n\telse if(X.c(\"00800404 1214191C 1FCE26D6 328E35EA 3CF23CF2\") && X.c(\"0C000384000000000000\",0x80)) {\r\n\t\t// I'm specifically detecting the one for Dyter-07 here\r\n\t\tfor(p=0,i=smp=0; p < X.Sz() && i < 0x40; i++) {\r\n\t\t\tt = X.U16(p+2,_BE)-X.U16(p,_BE); p += 2; if(t) smp++;\r\n\t\t} p -= 2; sz = X.U16(p,_BE);\r\n\t\tif(sz <= X.Sz()) {\r\n\t\t\tsName = \"Synth Pack's sample set (SMP.SET)\"; sVersion = \"headerless\"; bDetected = 1;\r\n\t\t\tif(X.isVerbose()) sOption('smp:'+smp+' sz:'+outSz(sz))\r\n\t\t}\t\t\r\n\t}\r\n\telse if(X.c(\"'PACG'........'PAIN'\") && (t=X.fSig(0xC,0x100,\"'SOIN'\")+8) > 0x10 && X.U16(t+2)\r\n\t && X.U8(t+4) && X.c(\"4005\",t+5) && X.U32(4)+8 <= X.Sz()) {\r\n\t \t//ref http://hackipedia.org/browse.cgi/File%20formats/Music%20tracker/PAC%2c%20SBStudio%20II/SBStudio%20II%20by%20Henning%20Hellstrom%20v1%2e04%20%281994%29%2etxt\r\n\t\tsName = \"Henning Hellström's SBStudio II module (.PAC)\"; bDetected = 1;\r\n\t\tp = 8; sz = p+X.U32(4);\r\n\t\ttitle = tracker = bad = ''; end = trk = ord = ptn = spd0 = bpm0 = smp = 0;\r\n\t\twhile (p < X.Sz()) {\r\n\t\t\thkhd = X.SA(p,4); if(charStat(hkhd).indexOf('allasc') < 0) break;\r\n\t\t\thksz = X.U32(p+4); p+=0x08; //chunk header = 4xfourcc + 4xsize\r\n\t\t\tswitch (hkhd) {\r\n\t\t\tcase \"SND \": smp++; break;\r\n\t\t\tcase \"SOIN\": spd0 = X.U8(p); bpm0 = X.U8(p+1); ptn = X.U16(p+2); trk = X.U8(p+4); break;\r\n\t\t\tcase \"SONA\": title = X.SC(p,hksz,'CP850'); break;\r\n\t\t\tcase \"SOOR\": ord = hksz>>1; break;\r\n\t\t\tcase \"PAOR\": tracker = X.SC(p,hksz,'CP850'); break;\r\n\t\t\tcase \"END \": end = 1; break\r\n\t\t\t}\r\n\t\t\tp += hksz; if(end) break\r\n\t\t}\r\n\t\tif(bad != '') sVersion = sVersion.appendS('malformed'+bad,'/');\r\n\t\tif(X.isVerbose()) {\r\n\t\t\tsOptionT(title); sOption(tracker,'in: ');\r\n\t\t\tsOption('trk:'+trk+' ord:'+ord+' ptn:'+ptn+' smp:'+smp+' sz:'+outSz(X.U32(4)+8))\r\n\t\t}\r\n\t}\r\n\telse if(X.c(\"'PLM'1A..10\") && isWithin(ch=X.U8(0x36),1,32)\r\n\t && X.Sz() >= 4*((smp=X.U8(0x5C))+(ptn=X.U8(0x5D))+(ord=X.U16(0x5E,_LE)))\r\n\t && firstNotOf(0x3C,0x20,[0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15]) < 0) {\r\n\t\tsName = \"Alex 'Statix' Evans' Disorder Tracker 2 module (.PLM)\"; bDetected = 1;\r\n\t\tp = X.U8(4); ofs = rsmp = 0; rptn = []; ptns = []; smps = []; mp = [0,'unk']; bad = '';\r\n\t\tfor(i=0; i < ord; i++,p+=4) if(rptn.indexOf(t = X.U8(p+3)) < 0) rptn.push(t);\r\n\t\tfor(i=0; i < ptn; i++,p+=4) {\r\n\t\t\tif((t = X.U32(p)) > mp[0]) mp = [t,'ptn'];\r\n\t\t\tt = X.SC(t+7,25,\"CP437\").trim(); if(t.length) ptns.push(t)\r\n\t\t}\r\n\t\tfor(i=0; i < smp; i++,p+=4) {\r\n\t\t\tif((t = X.U32(p)) > mp[0]) mp = [t,'smp'];\r\n\t\t\tif(!t) continue; //fixes juice music... 10-8 eve again\r\n\t\t\tif(!X.c(\"'PLS'1A\",t)) bad = bad.addIfNone('!badsmpsig:'+X.SA(t,4));\r\n\t\t\tif(!isWithin(X.I8(t+0x32),-1,15)) bad = bad.addIfNone('!badsmppan');\r\n\t\t\tif(X.U8(t+0x33) > 64) bad = bad.addIfNone('!badsmpvol');\r\n\t\t\tsmps.push(X.SC(t+6,0x20,'CP437').trim());\r\n\t\t\tif(X.U32(t+0x43)) rsmp++;\r\n\t\t}\r\n\t\trptn = rptn.length;\r\n\t\tif(p > X.Sz()) bad = bad.addIfNone('!short'); sz = Math.max(mp[0],p);\r\n\t\tswitch(mp[1]) {\r\n\t\tcase 'ptn': sz = mp[0]+X.U32(mp[0],_LE); break;\r\n\t\tcase 'smp': sz = mp[0]+X.U8(mp[0]+4)+X.U32(mp[0]+0x43,_LE); break\r\n\t\t}\r\n\t\tif(bad.length) sVersion = sVersion.appendS('malformed'+bad,'/');\r\n\t\tif(X.isVerbose()) {\r\n\t\t\tsOptionT(X.SC(6,0x30,'CP437'));\r\n\t\t\t//sOption(addEllipsis(ptns.join(', '),0xE0),'ptn:\"','\"');\r\n\t\t\tsOption(addEllipsis(smps.filter(funSampleName).join(' '),0xE0),'smp/msg:\"','\"');\r\n\t\t\tsOption('ch:'+X.U8(0x36)+' bpm0:'+X.U8(0x3A)+' spd0:'+X.U8(0x3B)+' ord:'+ord\r\n\t\t\t\t+' ptn:'+(rptn != ptn? rptn+'/':'')+ptn+' smp:'+(rsmp != smp? rsmp+'/':'')+smp+' sz:'+outSz(sz));\r\n\t\t}\r\n\t}\r\n\telse if(X.c(\"'PLX'\") && X.U8(3) <= 2 && X.U8(4) && X.U16(7) < X.Sz() && X.U16(9) < X.Sz() && X.U16(11) < X.Sz()) {\r\n\t\t//ref https://adplug.github.io/library/entry/Palladix.html\r\n\t\tsName = \"Rainbow Arts' Palladix Sound System module (.PLX)\"; bDetected = 1;\r\n\t\tif(X.isVerbose()) {\r\n\t\t\tfor(ch=0,p=7; p < 17; p+=2) if(X.U16(p)) ch++;\r\n\t\t\tsOption('ch:'+ch)\r\n\t\t}\r\n\t}\r\n\telse if(X.c(\"FFFFE002E102\")) {\r\n\t\tsName = \"Achim Haertel's POKEYNoise chiptune (.PN)\"; bDetected = 1\r\n\t}\r\n\telse if(X.c(\"01080B08 E1079E32 30363100 000078D8 A2FF9A20 1B082000\")) {\r\n\t\tsName = \"Aleksi Eeben's Polyanna module (.PRG)\"; sVersion = \"v1.0&player\"; bDetected = 1;\r\n\t\tif(X.isVerbose()) sOption('sz:'+outSz(0x5801))\r\n\t\t//TODO add info\r\n\t}\r\n\telse if(X.c(\"'PSA'00\") && 0x34 < X.U32(0x28,_BE) < X.Sz()\r\n\t && 0x34 < X.U32(0x2C,_BE) < X.Sz()\r\n\t && 0x34 < X.U32(0x30,_BE) < X.Sz()) {\r\n\t\tsName = \"Professional Sound Artists module (.PSA)\"; bDetected = 1;\r\n\t\tif(X.isVerbose()) {\r\n\t\t\tsOptionT(X.SA(0x4,0x14));\r\n\t\t\t//ref https://gitlab.com/uade-music-player/uade/-/raw/master/amigasrc/players/wanted_team/PSA/PSA_v2.asm\r\n\t\t\td2 = X.U32(0x28,_BE);\r\n\t\t\tx = (d2-56) >> 3; if(x > 1) sOption(x,\"×\");\r\n\t\t\td3 = X.U32(0x2C,_BE); d0 = X.U32(0x30,_BE);\r\n\t\t\tins = ((d3-d2) >> 6); d3 = ins;\r\n\t\t\tsynsmp = 0; smp = 0; allsmpsz = 0; d7 = 3;\r\n\t\t\twhile(d3) { //hop\r\n\t\t\t\tts = X.U32(d2,_BE); //ins size?\r\n\t\t\t\tif(ts) {\r\n\t\t\t\t\tif(ts < d7) {\r\n\t\t\t\t\t\td7 = ts;\r\n\t\t\t\t\t\tsmpsz = (X.U16(d2,_BE)+4) << 1;\r\n\t\t\t\t\t\tallsmpsz += smpsz;\r\n\t\t\t\t\t\tsmp++\r\n\t\t\t\t\t}\r\n\t\t\t\t} else synsmp++; //synth\r\n\t\t\t\td2 += 64; d3--\r\n\t\t\t}\r\n\t\t\tsz = X.U32(36,_BE); songsz = sz-allsmpsz; ptn = (songsz-d0) >> 10;\r\n\t\t\tsOption(\"ptn:\"+ptn+\" ins:\"+ins+\" smp:\"+smp+\" syn.smp:\"+synsmp+\" songsz:\"+songsz+\" sz:\"+outSz(sz))\r\n\t\t}\r\n\t}\r\n\r\n\telse if(X.c(\"'PSF'\")) {\r\n\t\t//ref https://gist.github.com/SaxxonPike/a0b47f8579aad703b842001b24d40c00\r\n\t\tnV = X.U8(3);\r\n\t\tif(nV > 0) {\r\n\t\t\tbDetected = 1;\r\n\t\t\tsName = \"Neil Corlett's Portable Sound Format module (.\";\r\n\t\t\tswitch(nV) {\r\n\t\t\t\tcase 0x01: sName += \"PSF,.PSF1,.MINIPSF,.MINIPSF1)\"; sVersion = \"Playstation\"; break;\r\n\t\t\t\tcase 0x02: case 0x03: sName += \"PSF2,.MINIPSF2)\"; sVersion = \"Playstation 2\"; break;\r\n\t\t\t\tcase 0x11: sName += \"SSF,.MINISSF)\"; sVersion = \"Saturn\"; break;\r\n\t\t\t\tcase 0x12: sName += \"DSF,.MINIDSF)\"; sVersion = \"Dreamcast\"; break;\r\n\t\t\t\tcase 0x21: sName += \"USF,.MINIUSF)\"; sVersion = 'Ultra64'; break;\r\n\t\t\t\tcase 0x22: sName += \"GSF,.MINIGSF)\"; sVersion = 'Gameboy'; break;\r\n\t\t\t\tcase 0x23: sName += \"SNSF,.MINISNSF)\"; sVersion = 'Super Nintendo'; break;\r\n\t\t\t\tcase 0x24: sName += \"2SF,.MINI2SF)\"; sVersion = 'Nintendo DS'; break;\r\n\t\t\t\tcase 0x25: sName += \"NCSF,.MININCSF)\"; sVersion = 'Nintendo DS Nitro Sound'; break;\r\n\t\t\t\tcase 0x41: sName += \"QSF,.MINIQSF)\"; sVersion = 'Capcom Q-Sound'; break;\r\n\t\t\t\t//case ??: sName += \"DCSF,.MINIDCSF)\"; sVersion = '?'; break;\r\n\t\t\t\tdefault: sName += \"*SF,.MINI*SF)\"; sVersion = \"unk.console\";\r\n\t\t\t}\r\n\t\t\tsVersion = \"v\"+Hex(nV)+\" \"+sVersion;\r\n\t\t\tif(X.isVerbose()) {\r\n\t\t\t\t//fs1 = Math.max(X.Sz()-0x200,0); fs2 = Math.min(X.Sz(),0x200);\r\n\t\t\t\t//ptags = X.fSig(fs1,fs2,\"'[TAG]'\")+5;\r\n\t\t\t\tptags = X.U32(8,_LE)+0x15; sig2 = false;\r\n\t\t\t\tif(0x15 < ptags && ptags < X.Sz()) sig2 = X.SA(ptags-5,5) === \"[TAG]\";\r\n\t\t\t\tif(!sig2) { //coincides with pv==2\r\n\t\t\t\t\tptags = X.U32(4,_LE)+0x15;\r\n\t\t\t\t\tif(0x15 < ptags && ptags < X.Sz()) sig2 = X.SA(ptags-5,5) === \"[TAG]\";\r\n\t\t\t\t}\r\n\t\t\t\tif(sig2) {\r\n\t\t\t\t\ttags = X.SC(ptags,X.Sz()-ptags,\"UTF8\").trim();\r\n\t\t\t\t\ta=\"\"; g=\"\"; t=\"\"; y=\"\"; l=\"\";\r\n\t\t\t\t\ttagl = tags.split('\\n');\r\n\t\t\t\t\t for (i=0; i= 0 && X.fStr(16,50,'MAINSONG') >= 0) {\r\n\t\tsName = \"Epic Megagames MASI module (.PSM)\"; bDetected = 1;\r\n\t\tif(X.isVerbose()) {\r\n\t\t\tpt = X.fStr(16,50,\"MAINSONGTITL\");\r\n\t\t\tif(pt>0) {\r\n\t\t\t\tts = X.U32(pt+12);\r\n\t\t\t\tsOptionT(X.SA(pt+16,ts));\r\n\t\t\t}\r\n\t\t\tsOption(outSz(X.U32(4)+12),'sz:')\r\n\t\t}\r\n\t}\r\n\telse if(X.c(\"'PSY'..'SONG\")) {\r\n\t\tsName = \"J.M.A. Segura/Psycledelics' Psycle Modular Music Creation Studio module (.PSY)\"; bDetected = 1;\r\n\t\tsV = X.SA(3,1); sVersion = \"v\"+sV;\r\n\t\tif(X.isVerbose()) {\r\n\t\t\tswitch(sV) {\r\n\t\t\t\tcase \"0\": case \"1\":\r\n\t\t\t\t\tsOptionT(X.SC(0x08,0x20,'CP1252'));\r\n\t\t\t\t\tsOptionT(X.SC(0x28,0x20,'CP1252'),\"by: \");\r\n\t\t\t\t\tsOptionT(X.SC(0x48,0x80,'CP1252')); break;\r\n\t\t\t\tcase \"2\":\r\n\t\t\t\t//ref https://sourceforge.net/p/psycle/code/HEAD/tree/trunk/psycle-core/src/psycle/core/psy2filter.cpp\r\n\t\t\t\t\tsOptionT(X.SC(0x08,0x20,'CP1252'));\r\n\t\t\t\t\tsOptionT(X.SC(0x28,0x20,'CP1252'),\"by: \");\r\n\t\t\t\t\tsOptionT(X.SC(0x48,0x80,'CP1252'));\r\n\t\t\t\t\tbpm = X.I32(0xC8); ord = X.I32(0x191);\r\n\t\t\t\t\ttrk = X.I32(0x195); ptn = X.I32(0x199);\r\n\t\t\t\t\tp = 0x19D;\r\n\t\t\t\t\tif(X.isDeepScan()) {\r\n\t\t\t\t\t\tinss = []; vsts = []; macs = []; waves = mach = 0; bad = \"\";\r\n\t\t\t\t\t\tfor(i=0; i < ptn; i++) { rows = X.I32(p); p += 0x24+0xA0*rows }\r\n\t\t\t\t\t\tp += 4; inss = [];\r\n\t\t\t\t\t\tfor(i=0; i < 0xFF; i++) { t = X.SC(p,0x20,'CP1252').trim();\r\n\t\t\t\t\t\t\tif(t != \"\" && t != \"empty\") inss.push(t); p += 0x20 }\r\n\t\t\t\t\t\tp += 0x37CC; //_log(\"waves @\"+Hex(p))\r\n\t\t\t\t\t\tif(p > X.Sz()) bad = bad.addIfNone(\"!short\");\r\n\t\t\t\t\t\telse for(i=0; i < 0xFF && p < X.Sz(); i++)\r\n\t\t\t\t\t\t\tfor(w=0; w < 0x10 && p < X.Sz(); w++) { t = X.U32(p); p += 4;\r\n//if(t || p+t*2 > X.Sz()) _log(\"wave[\"+i+\",\"+w+\"] @\"+Hex(p)+\" [\"+Hex(t)+\"]: \"+X.SC(p,0x20,'CP1252').trim());\r\n\t\t\t\t\t\t\t\tif(t) { if(!w) waves++; p += 0x2D; var st = X.U8(p++)+1; p += t< X.Sz()) bad = bad.addIfNone(\"!short\");\r\n\t\t\t\t\t\telse for(i=0; i < 0x100; i++) {\r\n\t\t\t\t\t\t\tt = X.U8(p++); if(t) {\r\n//_log(\"vst[\"+i+\"] @\"+Hex(p));\r\n\t\t\t\t\t\t\t\tt = X.SC(p,0x80,'CP1252').trim(); if(t != \"\") vsts.push(t);\r\n\t\t\t\t\t\t\t\tp += 0x80; t = X.I32(p); p += 4+t*4;\r\n\t\t\t\t\t\t\t}\r\n\t\t\t\t\t\t}\r\n//_log(\"mach @\"+Hex(p));\r\n\t\t\t\t\t\tm = []; for(i = 0; i < 128; i++) { t = X.U8(p++); if(t) mach++; m[i] = t }\r\n\t\t\t\t\t\tt = oldt = 0;\r\n\t\t\t\t\t\tconst mtMa=0,mtRM=1,mtDi=2,mtSa=3,mtDe=4,mtF2=5,mtGa=6,mtFl=7,mtPl=8,\r\n\t\t\t\t\t\t mtVI=9,mtVF=10,mtSc=11,mtAB=12,mtA1=13,mtA2=14,mtA21=15,mtDu=255;\r\n\t\t\t\t\t\tfor(i=0; i < 128; i++) if(m[i]) {\r\n\t\t\t\t\t\t\tt = X.I32(p+8); p += 12;\r\n\t\t\t\t\t\t\ttn = X.SA(t===mtPl?p+0x100:p, 0x10);\r\n\t\t\t\t\t\t\ttpn = t === mtPl ? X.SA(p,0x100) : \"\"; ts = tn+tpn;\r\n//_log(\"ts: \"+ts+\", oldt = \"+oldt);\r\n\t\t\t\t\t\t\tnonascii = false; for(q=0; q < ts.length; q++)\r\n\t\t\t\t\t\t\t\tif(ts[q] < \" \" || ts[q] > \"~\" || /[\"+?*]/.test(ts[q])) {nonascii = true; break }\r\n\t\t\t\t\t\t\tif(((15 < t && t < 255) || ts.length < 2 || nonascii) && oldt === mtPl) {\r\n\t\t\t\t\t\t\t\tbad = bad.addIfNone(\"!pluginDefinedDataSize\"); break\r\n\t\t\t\t\t\t\t}\r\n\t\t\t\t\t\t\telse if(15 < t && t < 255) { bad = bad.addIfNone(\"!badMachineType\"); break }\r\n\t\t\t\t\t\t\toldt = t;\r\n\t\t\t\t\t\t\tswitch(t) {\r\n\t\t\t\t\t\t\tcase mtPl: macs.push(tn);\r\n\t\t\t\t\t\t\t\tt = X.I32(p+0x110); p += 0x114+4*t;\r\n//_log(\" [\"+macs[macs.length-1]+\"] post-\"+Hex(t)+\" vals @\"+Hex(p));\r\n\t\t\t\t\t\t\t\tp += 0x181; break;\r\n\t\t\t\t\t\t\tcase mtVI: case mtVF: vsts.push(tn); p += 0x197; break;\r\n\t\t\t\t\t\t\tdefault: macs.push(X.SA(p,0x10)); p += 0x191\r\n\t\t\t\t\t\t\t}\r\n\t\t\t\t\t\t}\r\n\t\t\t\t\t\tif(p > X.Sz()) bad = bad.addIfNone(\"!short\");\r\n//_log(\"patch 0 @\"+Hex(p));\r\n\t\t\t\t\t\tp += 5*0xFF; //patch 0\r\n\t\t\t\t\t\tif(p > X.Sz()) bad = bad.addIfNone(\"!noP0\");\r\n//_log(\"patch 1 @\"+Hex(p));\r\n\t\t\t\t\t\tp += 0x40;\r\n\t\t\t\t\t\tif(p > X.Sz()) bad = bad.addIfNone(\"!noP1\");\r\n//_log(\"patch 2 @\"+Hex(p));\r\n\t\t\t\t\t\tif(p < X.Sz() && X.U8(p++))\r\n\t\t\t\t\t\t\tp += 4+X.U32(p);\r\n\t\t\t\t\t\tif(bad != \"\") sVersion += \"/malformed\"+bad;\r\n\t\t\t\t\t\tif(inss.length) sOption(\"inss: [\"+inss.join(\",\")+\"]\");\r\n\t\t\t\t\t\tif(vsts.length) sOption(\"vsts: [\"+vsts.join(\",\")+\"]\");\r\n\t\t\t\t\t\tif(macs.length) sOption(\"mcn: [\"+macs.join(\",\")+\"]\");\r\n\t\t\t\t\t\tsOption(\"ord:\"+ord+\" ptn:\"+ptn+\" trk:\"+trk+\" bpm:\"+bpm+\" mach:\"+mach+\" smp:\"+waves+\" sz:\"+outSz(p));\r\n\t\t\t\t\t} //isdeep\r\n\t\t\t\t\telse sOption(\"ord:\"+ord+\" ptn:\"+ptn+\" trk:\"+trk+\" bpm:\"+bpm);\r\n\t\t\t\t\tbreak;\r\n\t\t\t\tcase \"3\":\r\n\t\t\t\t//ref https://sourceforge.net/p/psycle/code/HEAD/tree/trunk/psycle-core/src/psycle/core/psy3filter.cpp\r\n\t\t\t\t\tnV = X.I32(8);\r\n\t\t\t\t\tsVersion+=\"/\"+nV;\r\n\t\t\t\t\tp = 0x10+X.U32(0x0C); //chunk header = 4xfourcc + 4xver + 4xsize\r\n\t\t\t\t\thkn = X.U32(0x10,_LE);\r\n\t\t\t\t\tt=''; a=''; c=''; trk=0; bpm=0; ptnlns=0; ptn=0; mac=0; ins=0; eins=0;\r\n\t\t\t\t\twhile (hkn > 0) {\r\n\t\t\t\t\t\thkhd = X.SA(p,4);\r\n\t\t\t\t\t\thkn--;\r\n\t\t\t\t\t\tcV = X.U32(p+4,_LE);\r\n\t\t\t\t\t\thksz = X.U32(p+8,_LE);\r\n\t\t\t\t\t\tp+=0x0C;\r\n\t\t\t\t\t\tswitch (hkhd) {\r\n\t\t\t\t\t\t\tcase \"INFO\":\r\n\t\t\t\t\t\t\t\tp1 = p;\r\n\t\t\t\t\t\t\t\tif((cV & 0xFF00)==0) {\r\n\t\t\t\t\t\t\t\t\tt = X.SC(p1,128,'CP1252'); p1+=t.length+1;\r\n\t\t\t\t\t\t\t\t\ta = X.SC(p1,64,'CP1252'); p1+=a.length+1;\r\n\t\t\t\t\t\t\t\t\tc = X.SC(p1,0xFFFF,'CP1252'); p1+=c.length+1;\r\n\t\t\t\t\t\t\t\t\tif(cV == 0) hksz=t.length+a.length+c.length+3 //bug workaround\r\n\t\t\t\t\t\t\t\t}\r\n\t\t\t\t\t\t\t\tbreak;\r\n\t\t\t\t\t\t\tcase \"SNGI\":\r\n\t\t\t\t\t\t\t\tif((cV & 0xFF00) == 0) {\r\n\t\t\t\t\t\t\t\t\ttrk=X.I32(p,_LE);\r\n\t\t\t\t\t\t\t\t\tif(cV==0) hksz = 11*4+trk*2; //bug workaround\r\n\t\t\t\t\t\t\t\t\tbpm=X.I16(p+4,_LE) + X.I16(p+6,_LE)/100.0;\r\n\t\t\t\t\t\t\t\t}\r\n\t\t\t\t\t\t\t\tbreak;\r\n\t\t\t\t\t\t\tcase \"SEQD\":\r\n\t\t\t\t\t\t\t\tif((cV & 0xFF00) == 0)\r\n\t\t\t\t\t\t\t\t\tseqlen=X.I32(p+4,_LE);\r\n\t\t\t\t\t\t\t\tbreak;\r\n\t\t\t\t\t\t\tcase \"PATD\":\r\n\t\t\t\t\t\t\t\tif((cV & 0xFF00) == 0) {\r\n\t\t\t\t\t\t\t\t\t_idx = X.I32(p,_LE);\r\n\t\t\t\t\t\t\t\t\tptnlns = X.I32(p+4,_LE);\r\n\t\t\t\t\t\t\t\t\tptnn = X.SA(p+0x0C,0x20);\r\n\t\t\t\t\t\t\t\t\tp1=p+0x0C+ptnn.length+1;\r\n\t\t\t\t\t\t\t\t\tptnsz = X.I32(p1,_LE);\r\n\t\t\t\t\t\t\t\t\tptn++; p1+=4;\r\n\t\t\t\t\t\t\t\t\tif((cV == 0) && (p1+ptnsz == p+hksz+4)) hksz += 4; //bug workaround\r\n\t\t\t\t\t\t\t\t}\r\n\t\t\t\t\t\t\t\tbreak;\r\n\t\t\t\t\t\t\tcase \"MACD\":\r\n\t\t\t\t\t\t\t\tmac++;\r\n\t\t\t\t\t\t\t\t//bugfix impossible here, let's pretend it won't happen and move on\r\n\t\t\t\t\t\t\t\tbreak;\r\n\t\t\t\t\t\t\tcase \"INSD\":\r\n\t\t\t\t\t\t\t\tins++;\r\n\t\t\t\t\t\t\t\tbreak;\r\n\t\t\t\t\t\t\tcase \"EINS\":\r\n\t\t\t\t\t\t\t\tif((cV & 0xFFFF0000) == 0x10000) {\r\n\t\t\t\t\t\t\t\t\teins = X.U32(p,_LE)\r\n\t\t\t\t\t\t\t\t\t//and again, pretending there's no bug (and no samples)\r\n\t\t\t\t\t\t\t\t}\r\n\t\t\t\t\t\t\t\tbreak;\r\n\t\t\t\t\t\t}\r\n\t\t\t\t\t\tp += hksz;\r\n\t\t\t\t\t}\r\n\t\t\t\t\tsOptionT(t); sOptionT(a,\"by: \"); sOptionT(c);\r\n\t\t\t\t\tsOption(\"bpm:\"+bpm+\" trk:\"+trk+\" ptnlns:\"+ptnlns+\r\n\t\t\t\t\t\t\" mac:\"+mac+\" ptn:\"+ptn+\"/idx:\"+_idx+\" ins:\"+ins+\" eins:\"+eins+\" sz:\"+outSz(p));\r\n\t\t\t\t\tbreak;\r\n\t\t\t\tcase \"4\":\r\n\t\t\t\t//ref https://sourceforge.net/p/psycle/code/HEAD/tree/trunk/psycle-core/src/psycle/core/psy4filter.cpp\r\n\t\t\t\t\tsVersion+=\"/future\";\r\n\t\t\t\t\t//yet another zipped-xmls format\r\n\t\t\t}\r\n\t\t}\r\n\t}\r\n\r\n\telse if(X.c(\"'PSMP'\") && [0,0x10].indexOf(X.U8(4)) >= 0) {\r\n\t\tsName = 'Sega MegaDrive Pre-SMP chiptune (.PSZ)'; bDetected = 1;\r\n\t\tsVersion = X.U8(4)? 'BE': 'LE';\r\n\t\tif(X.isVerbose()) sOption('tempo:'+X.U8(5))\r\n\t}\r\n\r\n\telse if(X.c(\"'PTCOLLAGE-'\") || X.c(\"'PTTUNE--20'\")) {\r\n\t\t//ref source code / pxtnService.cpp, pxtnDescriptor.cpp\r\n\t\tbDetected = 1;\r\n\t\tv1 = X.SA(2,1);\r\n\t\tif(v1 === \"T\") { rough = 10; //used for clocking\r\n\t\t\tsName = \"Amaya 'Pixel' Daisuke's pxtone tune (.PTTUNE)\" }\r\n\t\telse { rough = 1;\r\n\t\t\tsName = \"Amaya 'Pixel' Daisuke's pxtone project (.PTCOP)\" }\r\n\t\tdt = X.SA(10,6);\r\n\t\tif(dt <= \"050227\") { sV = \"v.x1x\"; nV = 1 }\r\n\t\telse if(dt <= \"050608\") { sV = \"v.x2x\"; nV = 2 }\r\n\t\telse if(dt <= \"060115\") { sV = \"v.x3x\"; nV = 3 }\r\n\t\telse if(dt <= \"060930\") { sV = \"v.x4x\"; nV = 4 }\r\n\t\telse if(dt <= \"071119\") { sV = \"v5\"; nV = 5 }\r\n\t\td = dt.substr(0,2)+\"-\"+dt.substr(2,2)+\"-\"+dt.substr(4,2);\r\n\t\tsVersion = sV+\"/20\"+d;\r\n\t\tswitch(nV) {\r\n\t\t\tcase 1: case 2: p = 0x10; break;\r\n\t\t\tcase 3: case 4: p = 0x14; break;\r\n\t\t\tdefault: p = 0x14\r\n\t\t}\r\n\t\tt = c = bad = \"\"; bclock = lclock = bnum = btempo = bps = ch = 0; bEnd = false;\r\n\t\twhile(!bEnd && p < X.Sz()) {\r\n\t\t\thkhd = X.SA(p,8); hksz = X.U32(p+8,_LE);\r\n//_l2r('px',p,hkhd)\r\n\t\t\tswitch (hkhd) {\r\n\t\t\t\tcase \"PROJECT=\":\r\n\t\t\t\t\tt = X.SC(p+12,0x10,\"Shift_JIS\");\r\n\t\t\t\t\tbtempo = X.F32(p+0x1C,_LE).toFixed(0);\r\n\t\t\t\t\tbclock = X.I16(p+0x20,_LE);\r\n\t\t\t\t\tbnum = X.I16(p+0x22,_LE);\r\n\t\t\t\t\tbreak;\r\n\t\t\t\tcase \"evenMAST\": //x4x\r\n\t\t\t\t\tif(X.U16(p+12,_LE) != 3)\r\n\t\t\t\t\t\tsVersion += \"/unk\";\r\n\t\t\t\t\telse {\r\n\t\t\t\t\t\tvar p_ = X.fSig(p+3,0x100,\"'textNAME'\")-12;\r\n\t\t\t\t\t\tif(p_ > -12) p = p_-hksz;\r\n\t\t\t\t\t\telse {\r\n\t\t\t\t\t\t\tp_ = X.fSig(p+3,0x100,\"'textCOMM'\")-12;\r\n\t\t\t\t\t\t\tif(p_ > -12) p = p_-hksz;\r\n\t\t\t\t\t\t}\r\n\t\t\t\t\t}\r\n\t\t\t\t\tbreak; //not gonna parse what vari-read gives me\r\n\t\t\t\tcase \"MasterV5\": //x5x\r\n\t\t\t\t\tif(hksz != 0xF) bad = bad.addIfNone('!badv5fmt');\r\n\t\t\t\t\tbclock = X.I16(p+12)*rough;\r\n\t\t\t\t\tbnum = X.I8(p+14);\r\n\t\t\t\t\tbtempo = X.F32(p+15).toFixed(0);\r\n\t\t\t\t\tlmeas = (X.I32(p+0x17)/(bnum*bclock)).toFixed(0);\r\n//_l2r('px',p+15+12,'So, the last measure is '+lmeas+' at tempo '+btempo);\r\n\t\t\t\t\tbreak;\r\n\t\t\t\tcase \"Event V5\":\r\n\t\t\t\t\tvar e, evtn = X.U32(p+12,_LE);\r\n\t\t\t\t\tq = p+11;\r\n\t\t\t\t\tfor(e=0; e < evtn; e++) { //hksz is broken in this chunk so it's like this, and yes it is slow\r\n\t\t\t\t\t\tfor(i=0; i < 5; i++) { if(X.U8(++q) < 0x80) break }\r\n\t\t\t\t\t\tq += 2;\r\n\t\t\t\t\t\tfor(i=0; i < 5; i++) { if(X.U8(++q) < 0x80) break }\r\n\t\t\t\t\t}\r\n\t\t\t\t\thksz = 4+q-p-11;\r\n\t\t\t\t\tbreak;\r\n\t\t\t\tcase \"textNAME\":\r\n\t\t\t\t\tt = X.SC(p+12,hksz,\"Shift_JIS\"); break;\r\n\t\t\t\tcase \"textCOMM\":\r\n\t\t\t\t\tc = addEllipsis(X.SC(p+12,hksz,\"Shift_JIS\"),0xA0); break;\r\n\t\t\t\tcase \"assiWOIC\": ch++; break;\r\n\t\t\t\tcase \"END=====\": case \"pxtoneND\":\r\n\t\t\t\t\tbEnd = true; break\r\n\t\t\t}\r\n\t\t\tp += 12+hksz;\r\n\t\t}\r\n\t\tif(bad.length) sVersion = sVersion.appendS('malformed'+bad, '/');\r\n\t\tif(X.isVerbose()) {\r\n\t\t\tif(t != \"no name\") sOption(t); sOptionT(c);\r\n\t\t\tif(bclock+btempo+bnum > 0)\r\n\t\t\t\tsOption('ch:'+ch+\" bpm:\"+btempo+\" bclock:\"+bclock+\" bnum:\"+bnum);\r\n\t\t\tsOption(outSz(p),\"sz:\")\r\n\t\t}\r\n\t}\r\n\r\n\telse if(X.c(\"'PTNOISE-'\")) {\r\n\t\tsName = \"Amaya 'Pixel' Daisuke's pxtone Noise instrument (.PTNOISE)\"; bDetected = 1\r\n\t}\r\n\r\n\telse if(X.c(\"'PTVOICE-'\")) {\r\n\t\tsName = \"Amaya 'Pixel' Daisuke's pxtone Voice instrument (.PTVOICE)\"; bDetected = 1;\r\n\t\tif(X.isVerbose()) sOption(outSz(X.U32(0x0C)+0x10),\"sz:\")\r\n\t}\r\n\r\n\telse if(X.c(\"'PTMF'\",0x2C) && X.U8(0x1C) == 0x1A && X.U8(0x1E) <= 2 && isWithin(ch=X.U16(0x26),1,32)\r\n\t && (ord=X.U16(0x20)) < 256 && isWithin(ins=X.U16(0x22),1,255) && isWithin(ptn=X.U16(0x24),1,128)) {\r\n\t\t// ref https://web.archive.org/web/20151027135201if_/http://hackipedia.org/File%20formats/Music/Sample%20based/text/Poly%20Tracker%20module%20format.cp437.txt.utf-8.txt\r\n\t\tsName = \"Lone Ranger/AcmE's Poly Tracker module (.PTM)\"; bDetected = 1;\r\n\t\tsV = Hex(X.U16(0x1D)); sVersion = \"v\"+sV.substr(0,1)+'.'+sV.substr(1,2);\r\n\t\tbad = '';\r\n\t\tfor(sn=[],i=mp=rsmp=0,p=0x260; i < ins; i++,p+=0x50) {\r\n\t\t\tif(X.U8(p) & 3) { rsmp++; t = X.U32(p+0x12); if(mp < t) { mp = t; sz = t+X.U32(p+0x16) } }\r\n\t\t\tt = X.SC(p+0x30,0x1C,'CP437').trim(); if(t.length) sn.push(t);\r\n\t\t} sz = Math.max(sz,p);\r\n\t\tif(!rsmp) bad = bad.addIfNone('!badsmpavl');\r\n\t\tif(bad.length) sVersion = sVersion.appendS('malformed'+bad,'/');\r\n\t\tif(X.isVerbose()) {\r\n\t\t\tsOptionT(X.SC(0,0x1C,'CP437')); sOption(addEllipsis(sn.join(' ')),'ins/msg:\"','\"');\r\n\t\t\tsOption('ch:'+ch+' ord:'+ord+' ptn:'+ptn+' ins:'+ins+' smp:'+rsmp+' sz:'+outSz(sz))\r\n\t\t}\r\n\t}\r\n\r\n\telse if(X.c(\"'RAD by REALiTY!!'\")) {\r\n\t\t//ref https://www.3eality.com/Public/Releases/RAD/radv2_0a.zip source/validate20.cpp\r\n\t\t// & https://www.3eality.com/Public/Releases/RAD/radv1_1a.zip player.asm\r\n\t\tsName = \"Shayde & Rogue & Void's Reality ADlib Tracker module (.RAD)\"; bDetected = 1;\r\n\t\tsV = (nV = X.U8(0x10)).toString(16);\r\n\t\tsVersion = \"v\"+sV[0]+\".\"+sV[1]; bad = \"\";\r\n\t\tif(X.isVerbose()) {\r\n\t\t\tal = X.U8(0x11);\r\n\t\t\tfbpm = nV > 0x20 && (al & 0x20); // in v2.1, if the bpm flag is set, bpm != 125 and is the next byte\r\n\t\t\tif((nV == 0x10 && (al & 0x80)) || nV >= 0x20) { //desc present\r\n\t\t\t\tl = 0x12; if(fbpm) l += 2;\r\n\t\t\t\tdesc = \"\"; maxdesc = 250; cutoff = false;\r\n\t\t\t\tr = X.fSig(l,X.Sz()-32-l,\"00\"); p = r+1;\r\n\t\t\t\tif(r < 0) { maxdesc = 0; bad = bad.addIfNone(\"!baddesc\") }\r\n\t\t\t\telse if(r > l+maxdesc) { r = l+maxdesc; cutoff = true }\r\n\t\t\t\ttmp = X.readBytes(l,r-l);\r\n\t\t\t\tfor(i=0; desc.length < maxdesc && i < r-l; i++)\r\n\t\t\t\t\tswitch(tmp[i]) {\r\n\t\t\t\t\tcase 0: i = r-l; break;\r\n\t\t\t\t\tcase 1: desc += \"\\n\"; break;\r\n\t\t\t\t\tdefault:\r\n\t\t\t\t\t\tif(tmp[i] < 0x20) for(j=0; j < tmp[i] && desc.length <= maxdesc; j++) desc += \" \";\r\n\t\t\t\t\t\telse desc += String.fromCharCode(tmp[i])\r\n\t\t\t\t\t}\r\n\t\t\t\tif(cutoff) { desc += \"...\" } sOptionT(desc);\r\n\t\t\t} else p = 0x12;\r\n\t\t\tspd0 = al&0x1F;\r\n\t\t\tif(fbpm) bpm = X.U16(0x12); else bpm = 125;\r\n\t\t\tins = 0;\r\n//_l2r('rad',p,'pre-ins')\r\n\t\t\tinsns = [];\r\n\t\t\twhile(p < X.Sz()) {\r\n\t\t\t\tinsn = X.U8(p++); if(!insn || p > X.Sz()) break;\r\n\t\t\t\tins++;\r\n\t\t\t\tif(nV == 0x10) p += 11;\r\n\t\t\t\telse if(nV == 0x21) {\r\n\t\t\t\t\tnmlen = X.U8(p++); insns.push(X.SA(p,nmlen));\r\n\t\t\t\t\tp += nmlen;\r\n\t\t\t\t\trm = X.U8(p); riff = rm & 0x80; midi = (rm&7)==7;\r\n\t\t\t\t\tif(midi) p += 7; else p += 24;\r\n\t\t\t\t\tif(riff) p += X.U16(p)+2;\r\n\t\t\t\t} else bad = bad.addIfNone(\"!badver\");\r\n\t\t\t}\r\n//_l2r('rad',p,'pre-orderlist')\r\n\t\t\tord = X.U8(p++); p += ord; //TODO parse jumps\r\n\t\t\tif(!ord || ord > 128) bad = bad.addIfNone(\"!badord\");\r\n//_l2r('rad',p,'pre-ptns')\r\n\t\t\tptn = ptns = 0;\r\n\t\t\tif(nV > 0x20) while(p < X.Sz()) { if((t = X.U8(p++)) == 0xFF) break;\r\n\t\t\t\tptns++; if(ptn <= t) ptn = t+1; p += 2+X.U16(p);\r\n\t\t\t}\r\n\t\t\telse { //v1\r\n\t\t\t\tfor(i=mptn=0; i < 32; ++i,p+=2) { if(t=X.U16(p)) ptn++;\r\n\t\t\t\t\tmptn = Math.max(mptn,t); if(t > X.Sz()) bad = bad.addIfNone('!short')\r\n\t\t\t\t}\r\n\t\t\t\tif(mptn) for(p=mptn,end=false; !end && p < X.Sz();) { //parse the last ptn\r\n\t\t\t\t\tt = X.U8(p++);\r\n//_l2r('rad1',p-1,'newptnline #'+Hex(t&0x7F)+(t&0x80?'::last':''))\r\n\t\t\t\t\tif(t & 0x80) end = true; //line\r\n\t\t\t\t\twhile(p < X.Sz()) { t = X.U8(p); p += 2; if(X.U8(p++) & 0x07) p++; if(t & 0x80) break } //notes/fx in line\r\n\t\t\t\t}\r\n\t\t\t}\r\n\t\t\tif(!ptn) bad = bad.addIfNone(\"!badptn\"); if(!ins) bad = bad.addIfNone(\"!badins\");\r\n\t\t\triff = riffs = 0;\r\n\t\t\tif(nV > 0x20) {\r\n//_l2r('rad2',p,'pre-riffs')\r\n\t\t\t\twhile(p < X.Sz()) {\r\n\t\t\t\t\tif((t = X.U8(p++)) == 0xFF) break; riffs++; if(riff < t) riff = t; p += 2+X.U16(p);\r\n\t\t\t\t}\r\n\t\t\t\tsOptionT(addEllipsis(insns.filter(funSampleName).join(' '),0x100),'ins:\"','\"');\r\n\t\t\t\tsOption('spd0:'+spd0+' bpm:'+bpm+' ord:'+ord+' ptn:'+ptns+(ptn!=ptns?'/'+ptn:'')\r\n\t\t\t\t\t+' ins:'+ins+' riffs:'+riffs+(riff!=riffs?'/'+riff:''))\r\n\t\t\t}\r\n\t\t\telse sOption('spd0:'+spd0+' bpm:'+bpm+' ord:'+ord+' ptn:'+ptn+' ins:'+ins)\r\n\t\t\tif(bad) sVersion += \"/malformed\"+bad\r\n\t\t\tsOption('sz:'+outSz(p))\r\n\t\t}//isVerbose\r\n\t}\r\n\r\n\telse if(X.c(\"'RAWADATA'\") && X.Sz() > 10) {\r\n\t\tsName = \"Raw OPL Capture chiptune (.RAW)\"; bDetected = 1;\r\n\t\tif(X.isVerbose() && (X.isDeepScan() || X.Sz() < 0xFFFF)) { //may take a sec\r\n\t\t\t//taken from https://github.com/adplug/adplug/blob/master/src/raw.cpp\r\n\t\t\tp = 10; len = (X.Sz()-10) >> 1;\r\n\t\t\ttagdata = false; t = a = d = \"\"; next = 0;\r\n\t\t\tfor(i=0; i < len && p < X.Sz(); i++) {\r\n\t\t\t\tx = (tagdata ? 0xFFFF : X.U16(p));\r\n\t\t\t\tp += 2;\r\n\t\t\t\tif(!tagdata && x==0xFFFF) { //trying to stop at the RAW EOF data marker\r\n\t\t\t\t\ttagcode = X.U8(p++);\r\n\t\t\t\t\tif(tagcode == 0x1A) tagdata = true; //tag marker found\r\n\t\t\t\t\telse if(!tagcode && charStat(X.readBytes(p,5),true).includes('allxsc')) { //old comment (music archive 2004)\r\n\t\t\t\t\t\td = X.SA(p,1023); p += 1023; tagdata = true }\r\n\t\t\t\t\telse p--;\r\n\t\t\t\t}\r\n\t\t\t}\r\n//_logIt('@'+Hex(p)+' tagdata? '+tagdata);\r\n\t\t\tif(tagdata && p+40 <= X.Sz()) { //searching for tags\r\n\t\t\t\ttitle = X.SA(p,40); p += 40;\r\n\t\t\t\tif(X.U8(p++) != 0x1B) { //if not, skip \"author\"\r\n\t\t\t\t\tp--;\r\n\t\t\t\t\tif(X.U8(p) >= 0x20) { //older version tag, eg. stunts.raw\r\n\t\t\t\t\t\ta = X.SA(p,60); p += 60;\r\n\t\t\t\t\t\td = X.SA(p,1023); p += 1023;\r\n\t\t\t\t\t\tnext = 2; //end_section\r\n\t\t\t\t\t} else p--;\r\n\t\t\t\t\tnext = 1; //desc_section\r\n\t\t\t\t}\r\n\t\t\t\tif(!next) {\r\n\t\t\t\t\ta = X.SA(p,40); p += 40\r\n\t\t\t\t}\r\n\t\t\t\tif(next == 1) { next = 0;\r\n\t\t\t\t\tif(X.U8(p++) != 0x1C) next = 2;\r\n\t\t\t\t\tif(!next) {\r\n\t\t\t\t\t\td = X.SA(p,1023); p += 1023\r\n\t\t\t\t\t}\r\n\t\t\t\t}\r\n\t\t\t}\r\n\t\t\tsOption(title); sOption(a,'by: '); sOption(d)\r\n\t\t} //isDeepVerbose\r\n\t\tif(X.isVerbose()) sOption(X.U16(8),'clkspd:')\r\n\t}\r\n\r\n\telse if(X.c(\"'RNS0'\") && X.c(\"'>>> Chunk Start <<<'00\", 9)) {\r\n\t\tsName = \"Eduard Müller's Renoise module (.RNS)\"; bDetected = 1;\r\n\t\tsV = X.SA(3,4); sVersion = \"v\"+sV;\r\n\t\tif(sV < \"05\") sVersion += \"/RN<1.1.1\";\r\n\t\telse if(sV === \"05\") sVersion += \"/RN1.1.1\";\r\n\t\telse if(sV < \"015\") sVersion += \"/RN<1.2.7\";\r\n\t\telse if(sV === \"015\") sVersion += \"/RN1.2.7\";\r\n\t\telse if(sV < \"018\") sVersion += \"/RN<1.5.2\";\r\n\t\telse if(sV === \"018\") sVersion += \"/RN1.5.2\";\r\n\t\telse sVersion += \"/RN>1.5.2\"\r\n\t\tif(X.isVerbose()) {\r\n\t\t\tp = 9;\r\n\t\t\twhile (p < X.Sz()) {\r\n\t\t\t\tif(!X.c(\"'>>> Chunk Start <<<'00\",p)) break;\r\n\t\t\t\tp += 20;\r\n\t\t\t\tif(X.c(\"'Header V00 '00\",p)) {\r\n\t\t\t\t\tsOptionT(X.SC(p+20,20,'CP1252'));\r\n\t\t\t\t\tsOptionT(X.SC(p+40,20,'CP1252'),\"by: \");\r\n\t\t\t\t\tsOptionT(X.SC(p+60,20,'CP1252'),\"style: \");\r\n\t\t\t\t\tbreak;\r\n\t\t\t\t}\r\n\t\t\t\telse if(X.c(\"'Header V01 '00\",p)) { p += 20;\r\n\t\t\t\t\tsz = X.U32(p); sOptionT(X.SC(p+4,sz,'CP1252')); p+=sz+4;\r\n\t\t\t\t\tsz = X.U32(p); sOptionT(X.SC(p+4,sz,'CP1252'),\"by: \"); p+=sz+4;\r\n\t\t\t\t\tsz = X.U32(p); sOptionT(X.SC(p+4,sz,'CP1252'),\"style: \");\r\n\t\t\t\t\tbreak;\r\n\t\t\t\t}\r\n\t\t\t\telse if(X.c(\"Header V02 '00\",p)) { p += 20;\r\n\t\t\t\t\tsz = X.U32(p); sOptionT(X.SC(p+4,sz,'CP1252')); p+=sz+4;\r\n\t\t\t\t\tsz = X.U32(p); sOptionT(X.SC(p+4,sz,'CP1252'),\"by: \"); p+=sz+4;\r\n\t\t\t\t\tsz = X.U32(p); sOptionT(X.SC(p+4,sz,'CP1252'),\"style: \"); p+=sz+4+5;\r\n\t\t\t\t\tsz = X.U32(p); sOptionT(X.SC(p+4,sz,'CP1252'));\r\n\t\t\t\t\tbreak;\r\n\t\t\t\t}\r\n\t\t\t\tp = X.fSig(p+1,TOEOF,\"''>>> Chunk End <<<'00\");\r\n\t\t\t\tif(p == -1) break;\r\n\t\t\t\tp += 20\r\n\t\t\t}\r\n\t\t}\r\n\t}\r\n\telse if(extIs(\"xrns\") && X.c(\"'PK'0304\")) {\r\n\t\t//TODO when ZIP parsing is available\r\n\t\tsName = \"Eduard Müller's Renoise module (.XRNS)\"; sType = '~audio'; sVersion = \"xml\"; bDetected = 1\r\n\t\t//versions vs doc_version:\r\n\t\t// 10: 1.9.1 14: 2.0.0 15: 2.1.0 21: 2.5.1 22: 2.6.1 30: 2.7.0, 2.7.1, 2.7.2\r\n\t\t// 37: 2.8.2 54: 3.0.1 63: 3.1.0 65: 3.3.2 66: 3.4.2\r\n\t}\r\n\telse if(extIs(\"xrdp\") && X.fStr(0,0x100,\"=0) {\r\n\t\tsName = \"Eduard Müller's Renoise filter device preset (.XRDP)\"; bDetected = 1;\r\n\t\tp = X.fStr(20,0x100,\"doc_version=\");\r\n\t\tif(p < 0) sVersion = \"malformed\";\r\n\t\telse {\r\n\t\t\tsVp = X.SA(p,0x10); sVersion = \"v\"+/doc_version=\\\"(\\d*)\\\"/.exec(sVp)[1]\r\n\t\t}\r\n\t}\r\n\telse if(extIs(\"xrni\") && X.c(\"'PK'0304\")) {\r\n\t\t//TODO when ZIP parsing is available\r\n\t\tsName = \"Eduard Müller's Renoise instrument (.XRNI)\"; sType = '~audio'; sVersion = \"xml\"; bDetected = 1\r\n\t}\r\n\telse if(extIs(\"xrno\") && (X.fStr(0,0x100,\"=0)) {\r\n\t\tsName = \"Eduard Müller's Renoise sample modulation set (.XRNO)\"; bDetected = 1;\r\n\t\tp = X.fStr(15,0x100,\"doc_version=\");\r\n\t\tif(p < 0) sVersion = \"malformed\";\r\n\t\telse {\r\n\t\t\tsVp = X.SA(p,0x10); sVersion = \"v\"+/doc_version=\\\"(\\d*)\\\"/.exec(sVp)[1]\r\n\t\t}\r\n\t}\r\n\telse if(extIs(\"xrnt\") && (X.fStr(0,0x100,\"=0)) {\r\n\t\tsName = \"Eduard Müller's Renoise effect chain (.XRNT)\"; bDetected = 1;\r\n\t\tp = X.fStr(15,0x100,\"doc_version=\");\r\n\t\tif(p < 0) sVersion = \"malformed\";\r\n\t\telse {\r\n\t\t\tsVp = X.SA(p,0x10); sVersion = \"v\"+/doc_version=\\\"(\\d*)\\\"/.exec(sVp)[1]\r\n\t\t}\r\n\t}\r\n\telse if(extIs(\"xrnt\") && X.c(\"'PK'0304\")) {\r\n\t\tsName = \"Eduard Müller's Renoise effect chain (.XRNT)\"; sVersion = \"v<3.0\"; bDetected = 1\r\n\t}\r\n\telse if(extIs(\"xrnz\") && (X.fStr(0,0x100,\"=0)) {\r\n\t\tsName = \"Eduard Müller's Renoise instrument phrase (.XRNZ)\"; bDetected = 1;\r\n\t\tp = X.fStr(15,0x100,\"doc_version=\");\r\n\t\tif(p < 0) sVersion = \"malformed\";\r\n\t\telse {\r\n\t\t\tsVp = X.SA(p,0x10); sVersion = \"v\"+/doc_version=\\\"(\\d*)\\\"/.exec(sVp)[1]\r\n\t\t}\r\n\t}\r\n\r\n\telse if(X.c(\"'NuRIFFRAFF'\",0x22)) {\r\n\t\tsName = \"Riff Raff module (.RIFF)\"; bDetected = 1;\r\n\t\tif(X.isVerbose()) {\r\n\t\t\tt = X.SC(0x64,0x100,'CP1252');\r\n\t\t\ta = X.SC(0x64+t.length+1,0x100,'CP1252');\r\n\t\t\tc = X.SC(0x64+t.length+a.length+2,0x100,'CP1252');\r\n\t\t\tsOptionT(t); sOptionT(a,\"by: \"); sOptionT(c)\r\n\t\t}\r\n\t}\r\n\r\n\telse if(X.c(\"'RON_KLAREN_SOUNDMODULE!'00\", 0x28)) {\r\n\t\tsName = \"Ron Klaren module (.RK)\"; bDetected = 1\r\n\t}\r\n\r\n\telse if(X.c(\"'RTMM '\") && X.U8(0x25) == 0x1A && X.c(\"'RTND'\",0x2A+X.U16(0x28)+X.U32(0x88))) {\r\n\t\tsName = \"Arnaud Hasenfratz's Real Tracker module (.RTM)\"; bDetected = 1;\r\n\t\tsVersion = \"v\"+X.SA(0x37,7)+'/'+Hex(X.U16(0x26));\r\n\t\tif(X.isVerbose()) {\r\n\t\t\trtmmxds = X.U32(0x88);\r\n\t\t\tsOptionT(X.SC(5,0x20,'CP1252'));\r\n\t\t\tsOptionT(X.SC(0x3E,0x20,'CP1252'),\"by: \");\r\n\t\t\tsOptionT(X.SC(0x8C,0x20,'CP1252'),\"orig.: \");\r\n\t\t\tsOption('ch:'+X.U8(0x60)+' spd0:'+X.U8(0x66)+' bpm0:'+X.U8(0x67)\r\n\t\t\t\t+' ord:'+X.U16(0x62)+' ptn:'+X.U16(0x64)+' ins:'+X.U8(0x61))\r\n\t\t}\r\n\t}\r\n\r\n\telse if(X.c(\"01FF..3EFF32018079FEFF2846320280B7201301FF013E1CED79053E02ED79AF320180C9\") && X.c(\"21A9843D280E232347237E2BB67820F6232318EF5E23567AB328D22B2224803EFE320E823E08325280C35C80\", 0x26)) {\r\n\t\tsName = \"František Fuka/Fuxoft's Samadeus module (.samadeus)\"; bDetected = 1;\r\n\t\t//TODO reverse and extract info\r\n\t}\r\n\r\n\telse if(X.c(\"00000000 00000200\",0x0C) && X.c(\"00\")\r\n\t && X.U16(0x18,_LE) === X.U16(0x40,_LE)\r\n\t && X.c(\"00'ST-Module.'\", 0x4B7)) {\r\n\t\tsName = \"Oliver 'BSC' Mayer's Amstrad CPC Soundtrakker module (.STK)\"; bDetected = 1;\r\n\t\tdatasz = X.U16(0x18,_LE); sz = datasz + 0x80;\r\n\t\tif(sz < X.Sz()) sVersion = \"malformed\";\r\n\t\tcrc = 0; for(i=0; i < 67; i++) crc += X.U8(i); crc &= 0xFFFF;\r\n\t\tif(crc != X.U16(0x43)) sVersion += sVersion != \"\" ? \"!badCRC\" : \"/malformed!badCRC\";\r\n\t\tif(X.isVerbose())\r\n\t\t\tsOptionT(X.SA(1,8));\r\n\t\t\tsOption(outSz(sz),\"sz:\")\r\n\t}\r\n\r\n\telse if(X.c(\"00000000 00000200\",0x0C) && X.c(\"00\")\r\n\t && X.U16(0x18,_LE) === X.U16(0x40,_LE)\r\n\t && X.SA(1,8) === X.SA(0xB10,8)) {\r\n\t\tsName = \"Oliver 'BSC' Mayer's Amstrad CPC Soundtrakker 128K module (.128)\"; bDetected = 1;\r\n\t\tdatasz = X.U16(0x18,_LE); sz = datasz + 0x80;\r\n\t\tif(sz < X.Sz()) sVersion = \"malformed\";\r\n\t\tcrc = 0; for(i=0; i < 67; i++) crc += X.U8(i); crc &= 0xFFFF;\r\n\t\tif(crc != X.U16(0x43)) sVersion += sVersion != \"\" ? \"!badCRC\" : \"/malformed!badCRC\";\r\n\t\tif(X.isVerbose())\r\n\t\t\tsOptionT(X.SA(1,8));\r\n\t\t\tinst = []; ins = 0;\r\n\t\t\tfor(i=0; i < 16; i++) if(![0,0x20].indexOf(X.U8(0xB18+8*i))) {\r\n\t\t\t\tins++; inst.push(X.SA(0xB18+8*i,8).trim())\r\n\t\t\t} //TODO confirm that that's how to count the instruments\r\n\t\t\tsOption(inst);\r\n\t\t\tsOption(\"ins:\"+ins+\" sz:\"+outSz(sz))\r\n\t}\r\n\r\n\telse if(X.c(\"00'ST-Module.'\",0x437)) {\r\n\t\tsName = \"Oliver 'BSC' Mayer's Amstrad CPC Soundtrakker module (.STK)\"; bDetected = 1;\r\n\t\tsVersion = \"headerless\"\r\n\t}\r\n\r\n\telse if(X.Sz() > 0x20 && /S98[0-3]/.test(X.SA(0,4))\r\n\t && X.U32(4) <= 0x20 && !X.U32(0xC)\r\n\t && (!X.U32(0x10) || isWithin(X.U32(0x10),0x20,0x800000))\r\n\t && X.U32(0x14) < 0x20000\r\n\t && (!X.U32(0x18) || isWithin(X.U32(0x18),X.U32(0x14),0x800000)) //the highest loop point I saw is 2FB39Ah @ \"Snatcher/47 staffroll2.s98\"\r\n\t && X.U32(0x1C) <= 0x40) {\r\n\t\t//ref https://www.purose.net/befis/download/lib/t98/ins98131s.zip / s98spec1.txt\r\n\t\t// & http://www.purose.net/befis/download/kmp/old/s98spec2.txt\r\n\t\t// & https://github.com/rururutan/s98spec3/blob/master/s98spec3-ja.txt\r\n\t\tsName = \"Ru³'s S98 chiptune (.S98)\"; bDetected = 1;\r\n\t\tnv = X.U8(3)-0x30; sVersion = 'v'+nv; dev = X.U32(0x1C);\r\n\t\tif(!dev || (nv >= 2 && !X.U32(0x20))) sVersion += '#OPNA(YM2608)@7.6MHz';\r\n\t\telse for(i=0,p=0x20; i < dev && X.U32(p); i++,p+=0x10) {\r\n\t\t\tclk = (X.U32(p+4)/0x100000).toFixed(1)+'MHz';\r\n\t\t\tif((dt=X.U32(p)) > 16) sVersion += '#unk@'+clk;\r\n\t\t\telse sVersion += '#'+['',\r\n\t\t\t\t'PSG(YM2149)','OPN(YM2203)','OPN2(YM2612)','OPNA(YM2608)','OPM(Y2151)',\r\n\t\t\t\t'OPLL(YM2413)','OPL(YM3526)','OPL2(YM3812)','OPL3(YMF262)',\r\n\t\t\t\t'unk0A','unk0B','unk0C','unk0D','unk0E','PSG(AY-3-8910)','DCSG(SN76489)'][dt] + '@'+clk\r\n\t\t\t}\r\n\t\tbad = ''; \r\n\t\tif(X.U32(0x14) > X.Sz() || X.U32(0x18) > X.Sz()) bad += '!short';\r\n\t\tif(X.U32(0x10) > X.Sz()-7) bad += '!badmetadata';\r\n\t\tif(bad.length) sVersion += '/malformed'+bad;\r\n\t\tif(X.isVerbose()) {\r\n\t\t\ta = c = s = g = ti = y = '';\r\n\t\t\tswitch(nv) {\r\n\t\t\t\tcase 0: case 1: case 2:\r\n\t\t\t\t\tp = X.U32(0x10);\r\n\t\t\t\t\tif(p > 0)\r\n\t\t\t\t\t\tsOptionT(X.SC(p,0x40,'Shift_JIS').replace('\\\\','¥'));\r\n\t\t\t\t\tpk = X.U32(0x0C);\r\n\t\t\t\t\tif(pk) { sVersion += ' compressed';\r\n\t\t\t\t\t\tsOption(\"Please send this file over Telegram to @kaens, the detection author! It's unique and needs research\") }\r\n\t\t\t\t\tbreak;\r\n\t\t\t\tcase 3:\r\n\t\t\t\t\tptags = X.U32(0x10);\r\n\t\t\t\t\tif(ptags > 6 && X.c(\"'[S98]'\",ptags)) {\r\n\t\t\t\t\t\tptags += 5;\r\n\t\t\t\t\t\tbUTF8 = X.c(\"EFBBBF\",ptags); //if BOM's there\r\n\t\t\t\t\t\tif(bUTF8) tags = X.SC(ptags,0x200,'UTF8');\r\n\t\t\t\t\t\telse tags = X.SC(ptags,0x200,'Shift_JIS');\r\n\t\t\t\t\t\ttagl = tags.split('\\x0A');\r\n\t\t\t\t\t\tfor (i=0; i < tagl.length; i++) {\r\n\t\t\t\t\t\t\ttag = tagl[i].split(\"=\");\r\n\t\t\t\t\t\t\tswitch (tag[0]) {\r\n\t\t\t\t\t\t\t\tcase 'title': case 'title': ti = tag[1]; break;\r\n\t\t\t\t\t\t\t\tcase 'game': case 'game': g = tag[1]; break;\r\n\t\t\t\t\t\t\t\tcase 'system': case 'system': s = tag[1]; break;\r\n\t\t\t\t\t\t\t\tcase 'artist': case 'artist': a = tag[1]; break;\r\n\t\t\t\t\t\t\t\tcase 'year': case 'year': y = tag[1]; break;\r\n\t\t\t\t\t\t\t\tcase 'copyright': case 'copyright': if(a==\"\") a = tag[1]; break;\r\n\t\t\t\t\t\t\t\tcase 's98by': case 's98by': if(a==\"\") a = tag[1]; break;\r\n\t\t\t\t\t\t\t\tcase 'comment': case 'comment': c = tag[1]; break;\r\n\t\t\t\t\t\t\t}\r\n\t\t\t\t\t\t}\r\n\t\t\t\t\t\tsOption(ti); sOption(a,'by: '); sOption(y, y.length < 4? \"y'\": 'y');\r\n\t\t\t\t\t\tsOption(g,'for: '); sOption(s,'on: '); sOption(c);\r\n\t\t\t\t\t\tif(ptags > 6 && X.c(\"'[S98]'\",ptags-5) && (t=X.fSig(ptags,0x300,\"00\")) > -1)\r\n\t\t\t\t\t\t\tsOption(outSz(t+1),'sz:')\r\n\t\t\t\t\t\tbreak\r\n\t\t\t\t\t} //if correct tag\r\n\t\t\t\t\telse if(ptags > 6)\r\n\t\t\t\t\t\tt = X.SC(ptags,0x40,'Shift_JIS').replace('\\\\','¥') //if it's some text—shouldn't happen in v3\r\n\t\t\t}//switch nv\r\n\t\t}//isVerbose\r\n\t}\r\n\r\n\telse if(X.c(\"'SAP'0D0A\") && (p=X.fSig(3,TOEOF,\"0D0AFFFF\")) >= 3 && X.U16(p+4) < X.U16(p+6)) {\r\n\t\t//ref https://asap.sourceforge.net/sap-format.html\r\n\t\tsName = \"Adam Bienias's Slight Atari Player chiptune (.SAP)\"; bDetected = 1;\r\n\t\tif(X.isVerbose()) {\r\n\t\t\tbad = false; t=\"\"; a=\"\"; dt=\"\"; tp=\"\"; tm=\"\";\r\n\t\t\ttaghunk = X.SA(5,p);\r\n\t\t\tif(taghunk.length > 5) {\r\n\t\t\t\ttags = taghunk.split(\"\\x0D\\x0A\");\r\n\t\t\t\tfor(i=0; i < tags.length; i++) {\r\n\t\t\t\t\ttagdiv = tags[i].indexOf(\" \");\r\n\t\t\t\t\ttagl = tags[i].substr(0,tagdiv);\r\n\t\t\t\t\ttagr = tags[i].substr(tagdiv+1,tags[i].length);\r\n\t\t\t\t\tswitch(tagl) {\r\n\t\t\t\t\t\tcase \"NAME\": if(tagr != '\"\"') t = tagr.substr(1,tagr.length-2); break;\r\n\t\t\t\t\t\tcase \"AUTHOR\": if(tagr != '\"\"') a = tagr.substr(1,tagr.length-2); break;\r\n\t\t\t\t\t\tcase \"DATE\": if(tagr != '\"\"') dt = tagr.substr(1,tagr.length-2); break;\r\n\t\t\t\t\t\tcase \"TYPE\": sVersion = \"t.\"+tagr; break;\r\n\t\t\t\t\t\tcase \"TIME\": tm = tagr; break\r\n\t\t\t\t\t}\r\n\t\t\t\t}\r\n\t\t\t}\r\n\t\t\tif(bad) sVersion += \"/malformed\";\r\n\t\t\tsOption(t); sOption(a,\"by: \"); sOption(dt,\"'\"); sOption(tm,\"len: \");\r\n\t\t\tt = parseAtariBinary(p+2); sOption(t[1].length,'binblks:'); sOption(outSz(t[0]),'sz:')\r\n\t\t}\r\n\t}\r\n\r\n\telse if(X.c(\"'SC68 Music-file / (c) (BeN)jamin Gerard / SasHipA-Dev '00'SC68'........'SCFN'\")) {\r\n\t\tsName = \"SC 68000 programmatic chiptune (.SC68)\"; bDetected = 1;\r\n\t\tif(X.isVerbose()) {\r\n\t\t\thdrl = X.SA(0,0x100).length+1;\r\n\t\t\tp = hdrl; //header skipped\r\n\t\t\tt=''; a=''; cp=''; st=''; df=-1; x=0; ef=false; mn = [];\r\n\t\t\twhile (p < X.Sz()) {\r\n\t\t\t\thkhd = X.SA(p,4);\r\n\t\t\t\thksz = X.U32(p+4,_LE);\r\n\t\t\t\tp += 0x08; //chunk header = 4xfourcc + 4xsize\r\n\t\t\t\tswitch (hkhd) {\r\n\t\t\t\t\tcase \"SC68\": if(hksz+hdrl != X.Sz()) sVersion = \"malformed\"; hksz = 0; break;\r\n\t\t\t\t\tcase \"SCFN\": t = X.SC(p,hksz,'CP1252'); break;\r\n\t\t\t\t\tcase \"SCDF\": df = X.U32(p,_LE)+1; break;\r\n\t\t\t\t\tcase \"SCMN\":\r\n\t\t\t\t\t\tmn.push(X.SC('CP1252',p,hksz));\r\n\t\t\t\t\t\tif(st==\"\" || df==mn.length)\r\n\t\t\t\t\t\t\tst = mn[mn.length-1];\r\n\t\t\t\t\t\tbreak;\r\n\t\t\t\t\tcase \"SCAN\": a = X.SC(p,hksz,'CP1252'); break;\r\n\t\t\t\t\tcase \"SCCN\": cp = X.SC(p,hksz,'CP1252'); break;\r\n\t\t\t\t\tcase \"SCEF\": ef = true; p = X.Sz(); break\r\n\t\t\t\t}\r\n\t\t\t\tp += hksz;\r\n\t\t\t}\r\n\t\t\tsOptionT(t); if(mn.length > 1) sOption(mn.length,\"×\");\r\n\t\t\tsOptionT(mn.join(\";\"));\r\n\t\t\tsOptionT(a,\"by: \"); sOptionT(cp,\"(c)\"); sOption(outSz(p),\"sz:\")\r\n\t\t\tif(!ef) sVersion = \"malformed!short\"\r\n\t\t}\r\n\t}\r\n\r\n\telse if(X.c(\"'shro'020000\")) {\r\n\t\tsName = \"Mario Paint's Shroom module (.SHO)\"; bDetected = 1;\r\n\t\tif(X.isVerbose()) {\r\n\t\t\tsOptionT(X.SA(7,0x20));\r\n\t\t\tsOptionT(X.SA(0x27,0x20),\"by: \")\r\n\t\t}\r\n\t}\r\n\r\n\telse if(X.c(\"'PSID'\") || X.c(\"'RSID'\")) {\r\n\t\tv1 = X.SA(0,1); bDetected = 1;\r\n\t\tif(v1 == \"P\") sName = \"PlaySID programmatic chiptune (.SID, .PSID)\";\r\n\t\telse sName = \"RealSID programmatic chiptune (.SID, .RSID)\";\r\n\t\tv2 = X.U16(4,_BE);\r\n\t\tsVersion = \"v\"+Hex(v2);\r\n\t\tbad = '';\r\n\t\tx = X.U16(0x0E,_BE);\r\n\t\tif(!isWithin(x, 1,256)) bad = bad.addIfNone('!badsubsongs');\r\n\t\telse if(x > 1) sOption(x,\"×\");\r\n\t\tstartSong = X.U16(0x10,_BE);\r\n\t\tif(startSong > x) bad = bad.addIfNone('!badstartsong');\r\n\t\tdataOfs = X.U16(0x06,_BE);\r\n\t\tif((v2 == 1 && dataOfs != 0x0076) || (v2 == 2 && dataOfs != 0x007C))\r\n\t\t\tbad = bad.addIfNone('!baddatap');\r\n\t\tloadAddr = X.U16(0x08,_BE);\r\n\t\tif(v1==\"R\" && isWithin(loadAddr, 1,0x07E7)) bad = bad.addIfNone('!badloadp');\r\n\t\tinitAddr = X.U16(0x0A,_BE);\r\n\t\tif(v1==\"R\" && !isWithinRanges(initAddr, [[0x7E8,0x9FFF], [0xC000,0xCFFF]]))\r\n\t\t\tbad = bad.addIfNone('!badinitp');\r\n\t\tflags = X.U16(0x76,_BE);\r\n\t\tif(v1==\"R\" && ((flags >> 1) & 1) && initAddr > 0)\r\n\t\t\tbad = bad.addIfNone('!badinitp2');\r\n\t\tsidn = 1;\r\n\t\tif(v2 == 0x4E) sidn += (dataOfs-0x7C) >> 1; else {\r\n\t\t\tif(v2 >= 3 && !((a2=X.U8(0x7A))&1) && !isWithinRanges(a2, [[0,0x41],[0x80,0xDF]])) sidn++;\r\n\t\t\tif(v2 >= 4 && !((a3=X.U8(0x7B))&1) && a2 != a3 && !isWithinRanges(a3, [[0,0x41],[0x80,0xDF]])) sidn++;\r\n\t\t}\r\n\t\tvar sidt = [0,0,0,0, 0,0,0,0, 0,0,0,0, 0,0,0,0]; //upto 16SID\r\n\t\tswitch((flags >> 4) & 3) { case 1: sidt[0] = 1; break; case 2: sidt[0] = 2; break; case 3: sidt[0] = 3; break }\r\n\t\tif(v2 >= 3) switch((flags >> 6) & 3) {\r\n\t\t\tcase 1: sidt[1] = 1; break; case 2: sidt[1] = 2; break; case 3: sidt[1] = 3; break; default: sidt[1] = sidt[0] }\r\n\t\tif(v2 == 0x4E) for(i=2,q=0x7C; i < sidn; i++,q+=2) switch((X.U16(q,_BE) >> 4) & 3) {\r\n\t\t\tcase 1: sidt[i] = 1; break; case 2: sidt[i] = 2; break; case 3: sidt[i] = 3; break; default: sidt[i] = sidt[0]\r\n\t\t} else if(v2 >= 4) switch((flags >> 8) & 3) {\r\n\t\t\tcase 1: sidt[2] = 1; break; case 2: sidt[2] = 2; break; case 3: sidt[2] = 3; break; default: sidt[2] = sidt[0] }\r\n\t\tif(sidn > 1) sVersion += \"/\"+sidn+\"SID\";\r\n\t\tsidtt = [0, 0, 0, 0]; //count different chips\r\n\t\tfor(i=0; i < sidn; i++) sidtt[sidt[i]]++;\r\n\t\tfor(i=0; i < 4; i++) if(sidtt[i]) sVersion += ' #'+['unk','6581','8580','6581&8580'][i] + (sidtt[i]>1? '×'+sidtt[i]:'');\r\n\t\tswitch((flags & 0x0C) >> 2) {\r\n\t\t\tcase 1: sVersion += \"/PAL\"; break;\r\n\t\t\tcase 2: sVersion += \"/NTSC\"; break;\r\n\t\t\tcase 3: sVersion += \"/PAL&NTSC\"; break;\r\n\t\t}\r\n\t\tif(bad > 0) sVersion += \"/malformed\"+bad;\r\n\t\tif(X.isVerbose()) {\r\n\t\t\tt = X.SC(0x16,0x20,'CP1252'); if(t == \"\") t = \"\"; sOptionT(t);\r\n\t\t\ta = X.SC(0x36,0x20,'CP1252'); if(a == \"\") a = \"\"; sOptionT(a,\"by: \");\r\n\t\t\tc = X.SC(0x56,0x20,'CP1252'); if(c == \"\") c = \"\"; sOptionT(c);\r\n\t\t}\r\n\t}\r\n\r\n\telse if(X.c(\"00 FF00FF00 9100FF00 FF008000 92..00967F 01\", 0x07)\r\n\t && X.c(\"9908\", 0x1542)) {\r\n\t\tsName = \"Tony 'Nissimo' Willams' Sound Images module (.SIG)\"; sVersion = 'gen.2'; bDetected = 1\r\n\t}\r\n\r\n\telse if(X.c(\"0100FEFF09000000'ALIM3'\")) {\r\n\t\tsName = \"Ruben Ramos 'baktery' Salvador's Skale Tracker module (.SKM)\"; bDetected = 1;\r\n\t\tif(X.isVerbose()) sOptionT(X.SA(0x19));\r\n\t}\r\n\r\n\telse if(X.c(\"'0)) {\r\n\t\tsName = \"Benjamin 'BeRo' Rousseaux's Picatune module v1 (.SMUFI) or v2 (.PT2)\"; bDetected = 1;\r\n\t\tif(X.isVerbose()) {\r\n\t\t\ts = X.SC(0,0x100,\"UTF8\");\r\n\t\t\tt = /.*name=\"([^\"]*)\".*/.exec(s);\r\n\t\t\tif(t != null) sOptionT(t[1]);\r\n\t\t\ta = /.*author=\"([^\"]*)\".*/.exec(s);\r\n\t\t\tif(a != null) sOptionT(a[1],\"by: \");\r\n\t\t\tspd = /.*speed=\"([^\"]*)\".*/.exec(s);\r\n\t\t\tbpm = /.*bpm=\"([^\"]*)\".*/.exec(s);\r\n\t\t\tif(spd != null) sVersion+=\" spd: \"+spd[1];\r\n\t\t\tif(bpm != null) sVersion+=\" bpm: \"+bpm[1];\r\n\t\t}\r\n\t}\r\n\r\n\telse if(X.c(\"'SNGs'\") && X.Sz() > 0x10 && X.U8(0xA) <= X.U8(7) && X.U8(0xB) <= 0x1E && isWithin(X.U8(0xC),0,0x78)\r\n\t && isWithin(X.U8(0xD),1,30) && isWithin(X.U8(0xE),1,30)) {\r\n\t \t//TODO RE reading additional data\r\n\t \t// blocks: SMP SYN BNK SNG BLK TMP\r\n\t\tsName = \"BlueMoon's Sound Club for DOS module (.SN)\"; bDetected = 1;\r\n\t\tif(!(ord=X.U8(7))) sVersion = 'malformed!0ord';\r\n\t\tif(X.isVerbose()) {\r\n\t\t\tsOptionT(X.SA(0x0F,0x1A));\r\n\t\t\tlp = X.U8(0xA); gvol = X.U8(0xB)*5; tx = X.U8(0xC); tpb = X.U8(0xD); bpms = X.U8(0xE);\r\n\t\t\tsOption('rhythm:'+tpb+'/'+bpms+' ord:'+X.U8(7)+' ins:'+X.U8(4)+' gvol:'+gvol+'%')\r\n\t\t}\r\n\t}\r\n\r\n\telse if(X.c(\"'SN2'\") && isWithin(X.U32(0x13),0,0x78) && isWithin(X.U32(0x17),1,30) && isWithin(X.U32(0x1B),1,30)\r\n\t && X.c(\"'NAM'\",0x1F) && X.c(\"'SEQ'\",0x26+X.U32(0x22))) {\r\n\t\tsName = \"Bluemoon's Sound Club for Windows module (.SN2)\"; bDetected = 1;\r\n\t\tif(X.isVerbose()) {\r\n\t\t\tsOptionT(addEllipsis(X.SA(0x26,X.U32(0x22)))); sz = X.U32(3)+7;\r\n\t\t\tlp = X.U32(0x0F); tx = X.U32(0x13); tpb = X.U32(0x17); bpms = X.U32(0x1B);\r\n\t\t\t//TODO instead of a quartic approximated curve, find out the actual calculation lol\r\n\t\t\ttempop = Math.round(200 - tx*(4.27246 - tx*(0.0603477 + tx*(-0.000453202 + 1.33871*tx/1000000))));\r\n\t\t\tp = 0x26+X.U32(0x22); ord = ptn = ins = 0;\r\n\t\t\tend = false; while(!end && p < X.Sz()) {\r\n\t\t\t\thkhd = X.SA(p,3); hksz = X.U32(p+3); p += 7;\r\n\t\t\t\tswitch(hkhd) {\r\n\t\t\t\tcase 'PAT': ptn++; break;\r\n\t\t\t\tcase 'SEQ': ord = Util.divu64(hksz,4); break;\r\n\t\t\t\tcase 'INS': ins++; break;\r\n\t\t\t\t}\r\n\t\t\t\tp += hksz\r\n\t\t\t}\r\n\t\t\tsOption('rhythm:'+tpb+'/'+bpms+' tempo: '+tempop+'% ord:'+ord+(lp?' lp:'+lp:'')\r\n\t\t\t\t+' ptn:'+ptn+' ins:'+ins+' sz:'+outSz(sz))\r\n\t\t}\r\n\t}\r\n\r\n\telse if(X.c(\"'SNDH'\",0x0C) && (X.isHeuristicScan() || X.c(\"6000............6000\"))) {\r\n\t\t//ref https://sndh.atari.org/files/sndhv21.txt\r\n\t\tsName = \"Atari ST Sound Header module (.SND,.SNDH)\"; sVersion = \"uncompressed\"; bDetected = 1;\r\n\t\tif(X.isVerbose()) {\r\n\t\t\tp = 0x10; title=artist=yr=\"\"; totaltime = i = 0; x = 1;\r\n\t\t\twhile(i < 10 && p < X.Sz()) {\r\n\t\t\t\tt = X.SA(p,4); if(t === \"TIME\") {\r\n\t\t\t\t\tfor(j=0; j < x; j++) totaltime += X.U16(p+4+j*2,_BE);\r\n\t\t\t\t\ttlen = 4+x*2-1; if((p+tlen+1)%2) tlen++;\r\n\t\t\t\t}\r\n\t\t\t\telse { t = X.SA(p,Math.min(X.Sz()-p),0x100); tlen = t.length }\r\n\t\t\t\tif(tlen >= 4) {\r\n\t\t\t\t\thd = t.substr(0,4); tag = t.substr(4,tlen);\r\n\t\t\t\t\tswitch(hd) {\r\n\t\t\t\t\t\tcase \"TITL\": if(tag.substr(0,7) != \"Unknown\") title = tag; break;\r\n\t\t\t\t\t\tcase \"COMM\": if(tag.substr(0,7) != \"Unknown\") artist = tag; break;\r\n\t\t\t\t\t\tcase \"YEAR\": yr = tag; break;\r\n\t\t\t\t\t\tcase \"HDNS\": i = 8; break;\r\n\t\t\t\t\t\tdefault: if(/##\\d\\d/.test(hd)) x = hd.slice(2,4);\r\n\t\t\t\t\t\t\telse if(/#!\\d\\d/.test(hd)) if((p+tlen+1)%1) tlen++;\r\n\t\t\t\t\t\t\tbreak;\r\n\t\t\t\t\t}\r\n\t\t\t\t}\r\n\t\t\t\tp += tlen+1; i++\r\n\t\t\t}\r\n\t\t\tsOptionT(title); if(x > \"01\") sOption(x,\"×\"); sOptionT(artist,\"by: \"); sOptionT(yr,\"'\");\r\n\t\t\tif(totaltime) sOption(secondsToTimeStr(totaltime,\"time:\"));\r\n\t\t}\r\n\t}\r\n\r\n\telse if(X.c(\"'FMC!'\")) {\r\n\t\tsName = \"Lasse 'Faust' Öörni's Faust Music Creator module (.SNG)\"; bDetected = 1;\r\n\t\tif(X.isVerbose())\r\n\t\t\tsOptionT(X.SA(4,20));\r\n\t}\r\n\r\n\telse if(/GTS[25!]/.test(X.SA(0,4)) && X.U8(0x64) <= 32) {\r\n\t\t//ref https://github.com/leafo/goattracker2/blob/a78e7e5273bfbeb17c3777b1f5ceb63b8e6b4667/src/gsong.c#L177\r\n\t\tsName = \"Lasse 'Faust' Öörni's GoatTracker module (.SNG)\"; bDetected = 1;\r\n\t\tnV = X.U8(3)-0x30; if(nV < 0) nV = 1;\r\n\t\tif(nV >= 2) sVersion = 'v2.'+nV; else sVersion = 'v1.x';\r\n\t\tx = X.U8(0x64); p = 0x65; ords = []; ptn = mptn = 0; bad = '';\r\n\t\tfor(ordc = 0; p < X.Sz(); ) { q = X.U8(p); if(!X.c(\"FF\",p+q)) break;\r\n\t\t\tfor(i=0, p++; i < q; i++) if((t=X.U8(p++)) <= 0xCF && t+1 > mptn) mptn = t+1;\r\n\t\t\tordc++; ords.push(q); p++ }\r\n\t\tch = 3; if(ordc == x*6) { sVersion += ' stereo'; ch = 6 }\r\n\t\telse if(ordc != x*3) bad = bad.addIfNone('!badordcnt');\r\n\t\tif(bad.length) sVersion = sVersion.appendS('malformed'+bad,'/');\r\n\t\tins = nV >= 2? X.U8(p++): 31; inss = [];\r\n\t\tfor(i=0; i < ins; i++) {\r\n\t\t\tt = X.SC(p+(nV > 1? 9: 8),0x10,'CP1250').trim(); if(t.length) inss.push(t);\r\n\t\t\tif(nV > 1) p += 0x19; else p += 0x18+2*(X.U8(p+7)>>1);\r\n\t\t}\r\n\t\tfor(i=0; i < (nV == 1? 0: nV == 2? 3: 4); i++) p += 1+2*X.U8(p); //skip the tables\r\n\t\tptn = X.U8(p++); for(i=0; i < ptn; i++) p += 1 + (nV == 1? 1: 4) * X.U8(p);\r\n\t\tif(nV == 1 && X.Sz() != p) p += 0x100; //the (optional?) filtertable at the end\r\n\t\tif(X.isVerbose()) {\r\n\t\t\tsOptionT(X.SC(4,0x20,'CP1250'));\r\n\t\t\tif(x > 1) sOption(x,'×');\r\n\t\t\tsOptionT(X.SC(0x24,0x20,'CP1250'),'by: ');\r\n\t\t\tsOptionT(X.SC(0x44,0x20,'CP1250'));\r\n\t\t\tsOptionT(addEllipsis(inss.join(', '),0xA0),'ins/msg:\"','\"');\r\n\t\t\tfor(i=0, ordc = []; i < ords.length/ch; i++) {\r\n\t\t\t\tfor(c = j = 0; j < ch; j++) c += ords[i*ch+j];\r\n\t\t\t\tordc.push(c)\r\n\t\t\t}\r\n\t\t\tsOption('ch:'+ch+' ord:'+ordc.join('+')+' ptn:'+(ptn == mptn? mptn: '/'+ptn)+' ins:'+ins+' sz:'+outSz(p))\r\n\t\t}\r\n\t}\r\n\r\n\telse if(X.c(\"'ObsM'\")) {\r\n\t\tsName = \"Jonne Valtonen's SNG Player module (.SNG)\"; bDetected = 1;\r\n\t\tif(X.U8(0x0B)) sVersion += \"compressed\";\r\n\t\tlen = X.U16(4,_LE); if(len>X.Sz()) sVersion += \"malformed\";\r\n\t\tif(X.isVerbose()) {\r\n\t\t\t//ref https://github.com/adplug/adplug/blob/master/src/sng.cpp\r\n\t\t\tstart = X.U16(6,_LE);\r\n\t\t\tloop = X.U16(8,_LE); delay = X.U16(0x0A,_LE);\r\n\t\t\tsOption(\"len:\"+Hex(len)+\" start:\"+Hex(start)+\" loop:\"+Hex(loop)+\" delay:\"+delay)\r\n\t\t}\r\n\t}\r\n\r\n\telse if(X.c(\"'RJP'3.'SMOD'\")) {\r\n\t\tsName = \"Richard Joseph's module (.SNG)\"; bDetected = 1;\r\n\t\tsVersion = \"v\"+X.SA(3,1)\r\n\t}\r\n\r\n\telse if(X.c(\"'SYNC'\") || X.c(\"'SYNB'\")) {\r\n\t\tsName = \"Synder SNG-player module (.SNG)\"; bDetected = 1;\r\n\t\tsVersion = \"ver.\"+X.SA(3,1);\r\n\t\tif(X.isVerbose()) sOption(X.SA(0x10,0x200))\r\n\t}\r\n\r\n\telse if(X.c(\"'SYND'....'S0'\")) {\r\n\t\tsName = \"Synder Tracker module (.SNG)\"; bDetected = 1; //TODO unpack & read tags\r\n\t\tsVersion = \"ver.\"+X.SA(3,1)\r\n\t\t//if(X.isVerbose()) sOption(X.SA(0x10,0x200))\r\n\t}\r\n\r\n\telse if(X.c(\"'SYND'\") || X.c(\"'SYNF'\") || X.c(\"'SYNH'\")) {\r\n\t\tsName = \"Synder SNG-player Stereo module (.SNG)\"; bDetected = 1;\r\n\t\tsVersion = \"ver.\"+X.SA(3,1);\r\n\t\tif(X.isVerbose()) sOption(X.SA(0x10,0x200))\r\n\t}\r\n\r\n\telse if(isWithin(t = ((X.U8(0)+1) << 4) + ((X.U8(1)+1) << 7) + 0x365,0x366,X.Sz())\r\n\t && (/df\\d:/.test(X.SA(t,4)) || /[sS]amples/.test(X.SA(t,7)))) {\r\n\t\t//from https://gitlab.com/uade-music-player/uade/-/raw/master/amigasrc/players/wanted_team/ZoundMonitor/src/ZoundMonitor_v1.asm\r\n\t\tsName = \"AJ [Activas]'s ZoundMonitor module (.SNG + Samples/)\"; bDetected = 1;\r\n\t\tif(X.isVerbose()) {\r\n\t\t\tptn = X.U8(1)+1; ord = X.U8(3)+1; spd = X.U8(4);\r\n\t\t\tfor(p=5,smp=0; p < 0x32F; p+=0x36) if(X.U8(p+4)) smp++;\r\n\t\t\tsOption('spd:'+spd+' ord:'+ord+' ptn:'+ptn+' smp:'+smp\r\n\t\t\t\t+' len '+secondsToTimeStr(1+Util.divu64(spd*ord*32,50))+' sz:'+outSz(t+101))\r\n\t\t}\r\n\t}\r\n\r\n\telse if(X.c(\"'RJP'3. 0000 0000\")) {\r\n\t\tsName = \"Richard Joseph's module instruments (.INS)\"; bDetected = 1;\r\n\t\tsVersion = \"v\"+X.SA(3,1)\r\n\t}\r\n\r\n\telse if(X.c(\"'SNES-SPC700 Sound File Data'\")) {\r\n\t\t// ref http://snesmusic.org/files/spc_file_format.txt and snippets from\r\n\t\t// http://www.alpha-ii.com/Source/SAmp310s.rar/snes/id666.cpp, .h\r\n\t\tsName = \"Nintendo SNES SPC chiptune (.SPC)\"; bDetected = 1;\r\n\t\tsVersion = \"v0.\"+X.U8(0x24);\r\n\t\tif(X.isVerbose()) {\r\n\t\t\tid666inhdr = X.U8(0x23)==0x1A;\r\n\t\t\tt=\"\"; a=\"\"; c=\"\"; g=\"\"; dumper=\"\"; emu=\"\";\r\n\t\t\tpreferBin = false;\r\n\t\t\tif(id666inhdr){\r\n\t\t\t\tt = X.SA(0x2E,0x20);\r\n\t\t\t\tg = X.SA(0x4E,0x20);\r\n\t\t\t\tdumper = X.SA(0x6E,0x10);\r\n\t\t\t\tdumpdate = X.SA(0x9E,11);\r\n\t\t\t\temu = X.U8(0xD2);\r\n\t\t\t\tif(emu>=0x30 && emu<=0x39)\r\n\t\t\t\t\temu -= 0x30;\r\n\t\t\t\tswitch(emu) {\r\n\t\t\t\t\tcase 1: emu = \"ZSNES\"; break;\r\n\t\t\t\t\tcase 2: emu = \"Snes9x\"; break;\r\n\t\t\t\t\tcase 3: emu = \"ZST2SPC\"; break;\r\n\t\t\t\t\tcase 4: emu = \"ETC\"; break;\r\n\t\t\t\t\tcase 5: emu = \"SNEShout\"; break;\r\n\t\t\t\t\tcase 6: emu = \"ZSNESW\"; break;\r\n\t\t\t\t\tdefault: emu = \"\"\r\n\t\t\t\t}\r\n\t\t\t\tc = X.SA(0x7E,0x20);\r\n\t\t\t\tslen = X.SA(0xA9,3); lp=X.SA(0xAC,4);\r\n\t\t\t\tif((slen+lp+dumpdate).length < 5) {\r\n\t\t\t\t\tchnDis = X.U8(0xD1);\r\n\t\t\t\t\tif(chnDis == 1 && emu == \"\") bin = true; else bin = preferBin;\r\n\t\t\t\t} else if( /[0-9/]*/.test(slen+lp+dumpdate) ) { //id666 text format\r\n\t\t\t\t\tsonglen = Number(slen); //in seconds\r\n\t\t\t\t\ta = X.SA(0xB1,0x20);\r\n\t\t\t\t} else {\r\n\t\t\t\t\tbin = true;\r\n\t\t\t\t\t//check songlen bitness\r\n\t\t\t\t\tsonglen = X.U8(0xA9)<<16+X.U8(0xAA)<<8+X.U8(0xAB); //in seconds\r\n\t\t\t\t\ta = X.SA(0xB0,0x20);\r\n\t\t\t\t}\r\n\t\t\t}\r\n\t\t\telse\r\n\t\t\t\tt = X.SA(0x30,0x14);\r\n\t\t\tsOption(t); sOption(g,\"for: \"); sOption(a,\"by: \"); sOption(c);\r\n\t\t\tif(emu != \"\") sVersion += \" \"+emu;\r\n\t\t}\r\n\t}\r\n\r\n\telse if(X.c(\"'STK1.0SONG'\") && [1,2,3].indexOf(X.U8(0x34)) >= 0\r\n\t && X.U8(0x35) <= X.U8(0x3A) && X.U8(0x36) <= X.U8(0x35)\r\n\t && X.U8(0x38) <= 0x3F && X.U8(0x39) <= 5) {\r\n\t\t// format details here: https://modland.com/pub/documents/format_documentation/STarKos%20(.sks).md\r\n\t\tsName = \"Julien 'Targhan' Nevo's STarKos module (.SKS)\"; bDetected = 1;\r\n\t\tbad = \"\";\r\n\t\tswitch(X.U8(0x39)) {\r\n\t\tcase 0: hz = 13; break; case 1: hz = 25; break; case 2: hz = 50; break;\r\n\t\tcase 3: hz = 100; break; case 4: hz = 150; break; case 5: hz = 300; break;\r\n\t\tdefault: hz = 0; bad = bad.addIfNone(\"!badRepFreq\")\r\n\t\t}\r\n\t\txpos = X.I8(0x37).toString(); if(xpos[0] != \"-\") xpos = \"+\"+xpos;\r\n\t\tspd0 = X.U8(0x38); ord = 1+X.U16(0x3A);\r\n\t\tptn = -1; rows = ptnxpos = 0; p = 0x3C;\r\n\t\tfor(i=0; i < ord*4; i++) {\r\n\t\t\tif((i%4) == 3) rows += X.U8(p)+1;\r\n\t\t\telse { t = X.U8(p); if(ptn < t) ptn = t; if(X.I8(p+1)>>1) ptnxpos++ }\r\n\t\t\tp += 2\r\n\t\t} ptn++;\r\n\t\tinsns = [];\r\n\t\tconst ifHard = 0x80, ifPitch = 0x40, ifArp = 0x20, ifNoiseEtc = 0x10;\r\n\t\tfor(ins = 0; p < X.Sz() && ins < 0x100; ins++) {\r\n\t\t\tinsn = X.U16(p); p += 2;\r\n\t\t\tif(insn == 0xFFFF) break;\r\n\t\t\tip = p; isz = X.U16(ip); p += 4;\r\n\t\t\tiend = 1+X.U8(p+2);\r\n\t\t\tp += 5;\r\n\t\t\tiname = X.SA(p,8).trim(); p += 8; if(iname != \"\") insns.push(iname);\r\n\t\t\tif(X.isDeepScan())\r\n\t\t\tfor(l = 0; l < iend; l++) {\r\n\t\t\t\tx = X.U8(p++);\r\n\t\t\t\tif(!x) continue;\r\n\t\t\t\tif((x & ifHard)) {\r\n\t\t\t\t\ty = X.U8(p++); if(x & 8) p++; if(y & 0x40) p++; if(x & 2) p++;\r\n\t\t\t\t\tif(x & 4) p += 2; if(x & 0x10) p += 2; if(x & 0x20) p += 2\r\n\t\t\t\t} else {\r\n\t\t\t\t\tif(x & ifNoiseEtc) { y = X.U8(p++);\r\n\t\t\t\t\t\tif(y & 0x40) { p += 2;\r\n\t\t\t\t\t\t\tif(x & (ifArp | ifPitch)) { bad = bad.addIfNone(\"!badinsflags\"); ins=l=0xFFFE; break }\r\n\t\t\t\t\t\t}\r\n\t\t\t\t\t}\r\n\t\t\t\t\tif(x & ifArp) p++; if(x & ifPitch) p += 2\r\n\t\t\t\t}\r\n\t\t\t} else p = ip+isz;\r\n\t\t}\r\n\t\tfor(sptn = 0; p < X.Sz(); sptn++) {\r\n\t\t\tcurptn = X.U16(p); p += 2; if(curptn == 0xFFFF) break;\r\n\t\t\tp += X.U8(p)\r\n\t\t}\r\n\t\tif(X.isDeepScan()) notecnt = 0;\r\n\t\tif(p < X.Sz() && ins < 0xFFFE) for(i = 0; i <= ptn; i++) {\r\n\t\t\tcurptn = X.U16(p); p += 2;\r\n\t\t\tif(curptn != 0xFF && curptn != 0xFFFF && curptn > 0x200) { bad = bad.addIfNone(\"!badnptn\"); break }\r\n\t\t\tif(curptn == 0xFFFF) break;\r\n\t\t\tpp = p; psz = X.U16(pp);\r\n\t\t\tif(X.isDeepScan()) {\r\n\t\t\t\tp += 2; var pvol = pins = -1, lc = 0;\r\n\t\t\t\twhile(p < Math.min(X.Sz(), pp+psz)) {\r\n\t\t\t\t\tvar ppitch = 0, lnp = p,\r\n\t\t\t\t\t\tpfnote = pfvol = pfpitch = false;\r\n\t\t\t\t\tx = X.U8(p++);\r\n\t\t\t\t\tif(x == 0xFF) break;\r\n\t\t\t\t\telse if(x & 0x80) lc += x & 0x7F;\r\n\t\t\t\t\telse if(x >= 0x60)\r\n\t\t\t\t\t\tswitch(x & 0xF) {\r\n\t\t\t\t\t\tcase 0: pfvol = true; pfpitch = false; pvol = 0xF - X.U8(p++);\r\n\t\t\t\t\t\t\tif(pvol < 0) { bad = bad.addIfNone(\"!badptnvol0\"); i = ptn; p = pp+psz; break; }\r\n\t\t\t\t\t\tcase 1: pfvol = false; pfpitch = true; ppitch = - X.U8(p++); break;\r\n\t\t\t\t\t\tcase 2: pfvol = pfpitch = true; pvol = 0xF - X.U8(p++);\r\n\t\t\t\t\t\t\tif(pvol < 0) { bad = bad.addIfNone(\"!badptnvol2\"); i = ptn; p = pp+psz }\r\n\t\t\t\t\t\t\tppitch = - X.U8(p++); break;\r\n\t\t\t\t\t\tcase 3: pfnote = true; pnote = \"rst\"; break;\r\n\t\t\t\t\t\tcase 4: pfnote = true; pnote = \"spl\"; pins = X.U8(p++); break;\r\n\t\t\t\t\t\t}\r\n\t\t\t\t\telse {\r\n\t\t\t\t\t\tpfnote = true;\r\n\t\t\t\t\t\ty = X.U8(p++);\r\n\t\t\t\t\t\tpfvol = !(y & 0x40);\r\n\t\t\t\t\t\tif(pfvol) pvol = 0xF - (y & 0xF);\r\n\t\t\t\t\t\tif(pins < 0 || !(y & 0x20)) pins = X.U8(p++);\r\n\t\t\t\t\t\tpfpitch = y & 0x10;\r\n\t\t\t\t\t\tif(pfpitch) ppitch = - X.I8(p++);\r\n\t\t\t\t\t}\r\n\t\t\t\t\tif(pfnote) notecnt++;\r\n\t\t\t\t\tlc++\r\n\t\t\t\t} //single pattern cycle\r\n\t\t\t} else p = pp+psz;\r\n\t\t} //patterns cycle\r\n\t\tif(p > X.Sz()) bad = bad.addIfNone(\"!short\");\r\n\t\tif(bad != \"\") sVersion = sVersion.appendS(\"malformed\"+bad,\"/\");\r\n\t\tif(X.isVerbose()) {\r\n\t\t\tsOptionT(X.SA(0x14,0x20));\r\n\t\t\tsOptionT(X.SA(0x0A,0x0A),\"by: \");\r\n\t\t\tsOption(\"spd0:\"+spd0+(xpos!=\"+0\"?\" xpos:\"+xpos:\"\")+\" ord:\"+ord+\" ptn:\"+ptn+\"+\"+sptn+\" ins:\"+ins\r\n\t\t\t\t+(ptnxpos?\" ptn.xpos:\"+ptnxpos:\"\")+\" smp.ch:\"+X.U8(0x34)+\" rep.freq:\"+hz+\"Hz\"\r\n\t\t\t\t+\" loop:\"+(X.U8(0x36) ? Hex(X.U8(0x36))+\"-\" : \"\")\r\n\t\t\t\t+Hex(X.U8(0x35))+(X.isDeepScan()?\" notes:\"+notecnt:\" rows:\"+rows)+\" sz:\"+p)\r\n\t\t}\r\n\t}//.SKS\r\n\r\n\telse if(!X.U8(0) && X.c(\"'SK10'\",0x80) && [1,2,3].indexOf(X.U8(0x86)) >= 0\r\n\t && [13,25,50,100,150,300].indexOf(X.U16(0x87)) >= 0 && X.U16(0x18) == X.U16(0x40)) {\r\n\t\t//from https://web.archive.org/web/20240331033458_nf/https://www.grimware.org/doku.php/documentations/software/starkos/start#tweaking.the.song\r\n\t\tsName = \"STarKos module (.BIN)\"; sVersion = \"compiled/ofs:80h\"; bDetected = 1;\r\n\t\tcrc = 0; for(i=0;i<67;i++) crc += X.U8(i); crc &= 0xFFFF;\r\n\t\tif(crc != X.U16(0x43)) sVersion += \"/malformed!badCRC\";\r\n\t\tif(X.isVerbose()) {\r\n\t\t\tsOption(X.SA(1,8).trim()+\".\"+X.SA(9,3).trim());\r\n\t\t\tsOption(X.U16(0x87)+\"Hz\");\r\n\t\t\tsOption(Hex(X.U16(0x84)),\"base:\");\r\n\t\t\tsOption(outSz(X.U24(0x40)+0xBC),\"sz:\");\r\n\t\t}\r\n\t}\r\n\r\n\telse if(X.c(\"'Nu!SOPROL!'\", 0x22)) {\r\n\t\tsName = \"Holger Gehrmann's Sound Programming Language/SOPROL module (.SPL)\"; bDetected = 1;\r\n\t\tif(X.isVerbose()) {\r\n\t\t\tt = X.SA(0x58,0x100);\r\n\t\t\ta = X.SA(0x58+t.length+1,0x100);\r\n\t\t\tc = X.SA(0x58+t.length+a.length+2,0x100);\r\n\t\t\tsOptionT(t); sOptionT(a,\"by: \"); sOptionT(c)\r\n\t\t}\r\n\t}\r\n\r\n\tif(/SPM[\\x01-\\x02]/.test(X.SA(0,4))) {\r\n\t\t//ref http://aminet.net/mus/edit/stonefree1.lha\r\n\t\tsName = \"Emmanuel Marty & Michael Lavaire's Stonetracker module (.SPM)\";\r\n\t\tsVersion = \"v\"+X.U8(3); bDetected = 1;\r\n\t\tif(X.isVerbose()) {\r\n\t\t\tsOptionT(decAnsi(4,0x20,CPAmiga));\r\n\t\t\t//TODO find chunks and read the extra info\r\n\t\t}\r\n\t}\r\n\r\n\tif(/SPS[\\x01-\\x02]{2}/.test(X.SA(0,5)) && X.c(\"'psn'\",6+0x20*(smp=X.U8(5)))) {\r\n\t\tsName = \"Emmanuel Marty & Michael Lavaire's Stonetracker sample bank (.SPS)\";\r\n\t\tsVersion = \"v\"+X.U8(3); bDetected = 1;\r\n\t\tif(X.isVerbose()) {\r\n\t\t\tfor(i=smpsz=0,smps=[]; i < smp; i++)\r\n\t\t\t\tif((t=decAnsi(0x20*i+6,8,CPAmiga).trim()).length) smps.push(t);\r\n\t\t\tsOption(addEllipsis(smps.join(' ')),'smp/msg:\"','\"'); sOption('smp:'+smp)\r\n\t\t}\r\n\t}\r\n\r\n\telse if(X.c(\"'SPU'00\") || X.c(\"'SPU1'\") ||\r\n\t\t(X.fSig(X.Sz()-6,TOEOF,\"1D80FF\"))>-1) {\r\n\t\tbDetected = 1; sName = \"Eternal SPU chiptune (.SPU)\";\r\n\t\tif(X.c(\"'SPU'\")) {\r\n\t\t\tif(!X.U8(3)) sVersion = \"v0\"; else sVersion = \"v1\"; }\r\n\t\telse sVersion = \"headerless\";\r\n\t\tif(X.isVerbose() && (sVersion != \"headerless\")) {\r\n\t\t\tgame = X.SC(4,0x40,\"Shift_JIS\");\r\n\t\t\ttitle = X.SC(0x44,0x40,\"Shift_JIS\");\r\n\t\t\tsOptionT(title); sOptionT(game, \"game: \");\r\n\t\t\tartist = X.SC(0x84,0x20,\"Shift_JIS\"); sOptionT(artist,\"by: \");\r\n\t\t\tcmt = X.SC(0xA4,0xF00,\"Shift_JIS\"); sOptionT(cmt);\r\n\t\t}\r\n\t}\r\n\r\n\telse if(X.c(\"'SPEEDY-SYSTEM'\")) {\r\n\t\tbDetected = 1; sName = \"Speedy System module (.SS)\"; sVersion = \"v1\"\r\n\t}\r\n\r\n\telse if(X.c(\"'ZXAYST11'\")) {\r\n\t\tsName = \"Sound Tracker module (.ST1, .ST11)\"; bDetected = 1;\r\n\t\tsVersion = \"v1.1/uncompiled\";\r\n\t\tif(X.isVerbose()) {\r\n\t\t\tt_= X.U8(0x17); t = X.SA(0x18,t_-1).trim();\r\n\t\t\tif(t != \"Some SoundTracker Song\") sOption(t);\r\n\t\t}\r\n\t}\r\n\r\n\telse if(X.c(\"'STP3'\")) {\r\n\t\tsName = \"Soundtracker Pro II module (.STP)\"; bDetected = 1;\r\n\t}\r\n\r\n\telse if(X.c(\"48E7FFFE 4DFA.... 4A2E\") && isWithin(X.I8(6),-1,6) && [0x61,0x66].indexOf(X.U8(0xC)) >= 0) {\r\n\t\tsName = \"SUNtronic module (.SUN)\"; bDetected = 1\r\n\t}\r\n\r\n\telse if(X.c(\"'SVOX'00000000\")) {\r\n\t\tsName = \"SunVox module (.SUNVOX)\"; bDetected = 1;\r\n\t\tif(X.isVerbose()) {\r\n\t\t\tp=8;\r\n\t\t\tt=''; bpm=0; spd=0; tme=0; ptn=0; blk=0;\r\n\t\t\twhile (p < X.Sz()) {\r\n\t\t\t\thkhd = X.SA(p,4); if(charStat(hkhd).indexOf('allasc') < 0) break;\r\n\t\t\t\thksz = X.U32(p+4,_LE); p += 8;\r\n\t\t\t\tswitch(hkhd) {\r\n\t\t\t\t\tcase \"VERS\":\r\n\t\t\t\t\t\tnV = X.U32(p,_LE); aV=[];\r\n\t\t\t\t\t\tfor(i=0; i < 4; i++) aV[3-i] = (nV>>(8*i))&0xFF;\r\n\t\t\t\t\t\tsVersion += \"v\"+aV.join(\".\"); break;\r\n\t\t\t\t\tcase \"BVER\":\r\n\t\t\t\t\t\tnB = X.U32(p,_LE);\r\n\t\t\t\t\t\tif(nB != nV) { aV = [];\r\n\t\t\t\t\t\t\tfor(i=0; i < 4; i++) aV[3-i] = (nB>>(8*i))&0xFF;\r\n\t\t\t\t\t\t\tsVersion += \"/v\"+aV.join(\".\");\r\n\t\t\t\t\t\t}\r\n\t\t\t\t\t\tbreak;\r\n\t\t\t\t\tcase \"NAME\": t = X.SA(p,hksz); break;\r\n\t\t\t\t\tcase \"BPM \": bpm = X.U32(p,_LE); break;\r\n\t\t\t\t\tcase \"SPED\": spd = X.U32(p,_LE); break;\r\n\t\t\t\t\tcase \"TIME\": tme = X.U32(p,_LE); break;\r\n\t\t\t\t\tcase \"SNAM\": blk++; break;\r\n\t\t\t\t\tcase \"PDTA\": ptn++; break;\r\n\t\t\t\t}\r\n\t\t\t\tp += hksz;\r\n\t\t\t}\r\n\t\t\tsOptionT(t);\r\n\t\t\tif(bpm > 0) sOption(bpm,\"bpm:\"); if(spd > 0) sOption(spd,\"spd:\");\r\n\t\t\tif(tme > 0) sOption(tme,\"len:\"); if(ptn > 0) sOption(ptn,\"ptn:\"); if(blk > 0) sOption(blk,\"blk:\");\r\n\t\t\tsOption(outSz(p),'sz:')\r\n\t\t}\r\n\t}\r\n\r\n\telse if(X.c(\"'SymM'\")) {\r\n\t\t//ref https://github.com/OpenMPT/openmpt/blob/master/soundlib/Load_symmod.cpp\r\n\t\t// & https://github.com/patricklyte/SymphonieFx\r\n\t\tsName = \"Patrick Meng's Symphonie module (.SYMMOD)\"; bDetected = 1;\r\n\t\tsVersion = \"v\"+X.U32(4,_BE);\r\n\t\tif(X.isVerbose()) {\r\n\t\t\tp=8;\r\n\t\t\ttitle=''; bpm='?'; done=false; ch=0; len=0; extsmp=false; pro=false;\r\n\t\t\twhile (p < X.Sz()) {\r\n\t\t\t\thkhd = X.I32(p,_BE); hkhx = Hex(X.U32(p,_BE)); hksz = 4;\r\n//_l2r('symmod',p,hkhd+' / '+hkhx)\r\n\t\t\t\tif(done || charStat(hkhd).indexOf('allasc') < 0) break;\r\n\t\t\t\tp += 0x04; //chunk header = 4xtype (the following will change by chunk type)\r\n\t\t\t\tswitch (hkhd) {\r\n\t\t\t\t\tcase -16:\r\n\t\t\t\t\t\tpklen=X.U32(p,_BE); hksz+=pklen; o=4; //InfoText RLE-COMPRESSED YO\r\n\t\t\t\t\t\tif(pklen>=10 && X.c(p+o,\"'PACK'FFFF\")) if(!X.isDeepScan()) { p = 0; break } else {\r\n\t\t\t\t\t\t\to+=6; unplen = X.U32(p+o,_BE); o+=4;\r\n\t\t\t\t\t\t\tmaxlen = pklen-10; if(0xFFFFFFFF/170 >= maxlen) maxlen *= 170; else maxlen = 0xFFFFFFFF;\r\n\t\t\t\t\t\t\tif(unplen > maxlen) unplen = maxlen;\r\n\t\t\t\t\t\t\tdone = false; ofs = 0; left = unplen;\r\n\t\t\t\t\t\t\twhile(!done && o < hksz) {\r\n\t\t\t\t\t\t\t\ttp = X.I8(p+o); o++;\r\n\t\t\t\t\t\t\t\tswitch(tp) {\r\n\t\t\t\t\t\t\t\tcase 0:\r\n\t\t\t\t\t\t\t\t\tl = X.U8(p+o); o++;\r\n\t\t\t\t\t\t\t\t\tif(left >= l) {\r\n\t\t\t\t\t\t\t\t\t\tt += X.SA(p+o,l);\r\n\t\t\t\t\t\t\t\t\t\to += l; left -= l;\r\n\t\t\t\t\t\t\t\t\t} else done=true;\r\n\t\t\t\t\t\t\t\t\tbreak;\r\n\t\t\t\t\t\t\t\tcase 1:\r\n\t\t\t\t\t\t\t\t\tl = X.U8(p+o); o++;\r\n\t\t\t\t\t\t\t\t\tdw = X.SA(p+o,4); o += 4;\r\n\t\t\t\t\t\t\t\t\tif(left >= l*4 && o < pklen) {\r\n\t\t\t\t\t\t\t\t\t\tleft -= l*4;\r\n\t\t\t\t\t\t\t\t\t\twhile(l--) t += dw;\r\n\t\t\t\t\t\t\t\t\t} else done = true;\r\n\t\t\t\t\t\t\t\t\tbreak;\r\n\t\t\t\t\t\t\t\tcase 2:\r\n\t\t\t\t\t\t\t\t\tdw = X.SA(p+o,4); o += 4;\r\n\t\t\t\t\t\t\t\t\tif(left >= l*4 && o= l) left-=l;\r\n\t\t\t\t\t\t\t\t\telse done = true;\r\n\t\t\t\t\t\t\t\t\tbreak;\r\n\t\t\t\t\t\t\t\tcase -1: done = true; break;\r\n\t\t\t\t\t\t\t\tdefault: sVersion += \"/malformed\"; done = true; break;\r\n\t\t\t\t\t\t\t\t}//switch\r\n\t\t\t\t\t\t\t}\r\n\t\t\t\t\t\t} else //if no RLE sig:\r\n\t\t\t\t\t\ttitle = X.SC(p+o,hksz,'CP1252'); break;\r\n\t\t\t\t\tcase -1: ch = X.I32(p,_BE); break; //NumChannels\r\n\t\t\t\t\tcase -2: len = X.I32(p,_BE); if(len > 1024) len = \"malformed\"; break; //TrackLength\r\n\t\t\t\t\tcase -3: case -4: case -5: break;\r\n\t\t\t\t\tcase -7: extsmp = true; break; //ExternalSamples\r\n\t\t\t\t\tcase 10: case 11: case 12: pro=true; break; //Sample Boost/Detune/Phase\r\n\t\t\t\t\tcase -6: bpm = Math.round(1.24*Math.min(X.I32(p,_BE),800)); break; //Tempo\r\n\t\t\t\t\tcase -12: hksz = 0; break; //EmptySample\r\n\t\t\t\t\tcase -10: case -11: case -13: case -14: case -15: case -17: case -18:\r\n\t\t\t\t\tcase -19: case -20: case -21: hksz+=X.I32(p,_BE); break;\r\n\t\t\t\t\tdefault: _l2r('symmod',p,hkhd+\"/\"+hkhx+\" (\"+Hex(hksz,8)+\"): ?!?!?!?!?!\");\r\n\t\t\t\t}\r\n\t\t\t\tp += hksz;\r\n\t\t\t}\r\n\t\t\tsOption(title);\r\n\t\t\tsOption('ch:'+ch+' bpm:'+bpm+' len:'+len+(done?'sz:'+outSz(p):''));\r\n\t\t\tif(extsmp) sOption(\"extsmp\"); if(pro) sVersion+=\"/Pro\"\r\n\t\t\t}\r\n\t}\r\n\r\n\telse if(X.c(\"'Synth'\") && !X.c(\"'esi'\",5)) {\r\n\t\tsName = \"C. 'Mr Soundwave' Herbst & B. MIkic/BrainTrace Design's Synthesis module (.SYN)\"; bDetected = 1;\r\n\t\tif(X.c(\"'Synth'\",0x1F0E)) {\r\n\t\t\tsVersion = \"v\"+X.SA(0x1F13,3);\r\n\t\t\tif(X.isVerbose()) {\r\n\t\t\t\tsOptionT(X.SA(0x1F32,0x1B));\r\n\t\t\t\tsOptionT(X.SA(0x1F4E,0x100))\r\n\t\t\t}\r\n\t\t} else {\r\n\t\t\tsVersion = \"v\"+X.SA(5,3);\r\n\t\t\tif(X.isVerbose()) {\r\n\t\t\t\tsOptionT(X.SA(0x24,0x1B));\r\n\t\t\t\tsOptionT(X.SA(0x40,0x100))\r\n\t\t\t}\r\n\t\t}\r\n\t}\r\n\r\n\telse if(X.c(\"'SYNTRACKER-SONG:'00\")) {\r\n\t\tsName = \"Bastian 'flink'/'twiCe' Spiegel's SynTracker module (.SYNMOD)\"; bDetected = 1;\r\n\t\tif(X.isVerbose()) {\r\n\t\t\tt1 = X.SC(0x14,0x20,'CP1252'); sOptionT(t1,\"title/inst: \");\r\n\t\t\tt2 = X.SC(0x34,0x20,'CP1252'); sOptionT(t2);\r\n\t\t\tt3 = X.SC(0x54,0x20,'CP1252'); sOptionT(t3);\r\n\t\t}\r\n\t}\r\n\r\n\telse if(X.c(\"'T0AST'\")) {\r\n\t\t// ref T0AST.src.zip/ SoundEnginePlayer.pas, synth.pas\r\n\t\t// Kudos to BeRo for the tracker sources\r\n\t\tsName = \"Benjamin 'BeRo' Rousseaux's The 0ok Amazing Synth Tracker module (.T0AST)\"; bDetected = 1;\r\n\t\tif(X.c(\"'0OK'\",5)) { nV = 1; sVersion = \"v1\"; } else\r\n\t\tif(X.c(\"010001\",5)) { nV = 2; sVersion = \"v2\"; } else\r\n\t\t\t{ nV = -1; sVersion = \"v.unk\"; }\r\n\t\tfunction info() {\r\n\t\t\tif(nV == 1) p = 0x1DA;\r\n\t\t\telse if(nV == 2) p = 0x34A;\r\n\t\t\telse return;\r\n\t\t\tdrummode = X.U8(p++);\r\n\t\t\tchipmode = X.U8(p++);\r\n\t\t\tchs = X.U8(p++); ch = 0;\r\n\t\t\tif(chs > 16) { sVersion += \"/malformed\"; return; }\r\n\t\t\tfor(i=0; i<16; i++)\r\n\t\t\t\tif(X.U8(p++)) { ch++; p += 3; }\r\n\t\t\tins = 0;\r\n\t\t\tfor(i=0; i<16; i++)\r\n\t\t\t\tif(X.U8(p++)) { ins++; p += 25; }\r\n\t\t\tord = X.U16(p,_LE); p += 2+ord;\r\n\t\t\tptn = 0; notes = 0;\r\n\t\t\tfor(k=0; k<=255; k++)\r\n\t\t\t\tif(X.U8(p++)) { //gotta do what you gotta do\r\n\t\t\t\t\tptn++;\r\n\t\t\t\t\tfor(i=0; i 0\r\n\t \t&& t == X.I32(0x26,_BE) && t == X.I32(0x2A,_BE) && t == X.I32(0x2E,_BE)\r\n\t ) {\r\n\t\tsName = \"Tim Follin & Mike D.'s Follin Player II module (.TF)\";\r\n\t\tsVersion = 'f.'+(X.U8(0) == 0x4E?'0':'1'); bDetected = 1\r\n}\r\n\r\n\telse if(X.c(\"'TFMD'\")) {\r\n\t\tsName = \"Shiru's TFM Music Maker tune (.TFD)\"; bDetected = 1;\r\n\t\tif(X.isVerbose()) {\r\n\t\t\tp = 4;\r\n\t\t\tt = X.SA(p,0x200); //I've seen CP1251 and CP936 already, nobody seems to care\r\n\t\t\tp = X.fSig(p,0x200,\"00\")+1;\r\n\t\t\ta = X.SA(p,0x200);\r\n\t\t\tp = X.fSig(p,0x200,\"00\")+1;\r\n\t\t\tc = X.SA(p,0x200);\r\n\t\t\tsOptionT(t); sOptionT(a,\"by: \"); sOptionT(c);\r\n\t\t}\r\n\t}\r\n\r\n\telse if(X.c(\"'TFMfmtV2'\")) { // this format is very similar to VGE\r\n\t\tsName = \"Shiru's TFM Music Maker module (.TFE)\"; bDetected = 1;\r\n\t\tif(X.isVerbose()) {\r\n\t\t\tp = 0;\r\n\t\t\t//WELP, time to read the entire file, or at least the fun part\r\n\t\t\tx = [], tobuf = true, p = 0, b = 0x3F; // '?' by default. If this pops up, the file's garbled\r\n\t\t\tfor(n=0, c = X.U8(p++); n < 0x223DD9 && p < X.Sz(); ) {\r\n\t\t\t\t// The logic is:\r\n\t\t\t\t// a byte is read and if it's not 0x80, put to buffer (and memorised)\r\n\t\t\t\t// if the following byte is 80, it's RLE:\r\n\t\t\t\t// \t - the following byte gives 7 bits of the number of repeats of the memorised byte\r\n\t\t\t\t// - if the length byte's bit 7 is set, this is the last byte, otherwise adds the next higher 7 bits\r\n\t\t\t\t//\t - if the length is 0, store 0x80\r\n\t\t\t\t//\t - else store the memorised byte repeats-1 times\r\n\t\t\t\tif(tobuf && n > 0x312) tobuf = false;\r\n\t\t\t\tif(c != 0x80) { b = c; n++; c = X.U8(p++); if(tobuf) x.push(b) }\r\n\t\t\t\telse {\r\n\t\t\t\t\tc = X.U8(p++); next = true; reps = shl = 0;\r\n\t\t\t\t\twhile (next && shl < 57 && p < X.Sz()) { //read the vari-len int\r\n\t\t\t\t\t\tnext = !(c & 0x80); c &= 0x7F; reps |= Util.shlu64(c,shl); shl += 7; c = X.U8(p++)\r\n\t\t\t\t\t}\r\n\t\t\t\t\tif(!reps) { if(tobuf) x.push(0x80); n++ } //special case for the RLE character\r\n\t\t\t\t\telse { reps -= 1; n += reps; shl = 0; if(tobuf) for(j=0; j < reps; j++) x.push(b) }\r\n\t\t\t\t}\r\n\t\t\t} p--;\r\n\t\t\tspd1 = x[8]; spd2 = x[9]; intlv = x[0xA]; ord = x[0xB]; if(!ord) ord = 256; lp = x[0xC];\r\n\t\t\td1 = x[0x0D]+(x[0x0E] << 8); d2 = x[0x0F]+(x[0x10] << 8); saves = x[0x11]+(x[0x12] << 8);\r\n\t\t\td1 = '20'+(d1&0x7F).padStart(2,'0')+'-'+(((d1>>7)&0xF)+1).padStart(2,'0')+'-'+(((d1>>11)&0x1F)).padStart(2,'0');\r\n\t\t\td2 = '20'+(d2&0x7F).padStart(2,'0')+'-'+(((d2>>7)&0xF)+1).padStart(2,'0')+'-'+(((d2>>11)&0x1F)).padStart(2,'0');\r\n\t\t\tauth = decEncoding(x.slice(0x13,0x52),CP1251); //I've seen CP1251 and CP936 already, but yeah\r\n\t\t\ttitle = decEncoding(x.slice(0x53,0x94),CP1251);\r\n\t\t\tcmt = decEncoding(x.slice(0x93,0x214),CP1251);\r\n\t\t\tfor(i=ptn=0; i < ord; i++) if(x[i+0x213]+1 > ptn) ptn = x[i+0x213]+1;\r\n\t\t\tsz = n == 0x223DD9 ? p : -1; if(sz < 0) sVersion = sVersion.appendS('malformed:'+Hex(n),'/');\r\n\t\t\tsOptionT(title); sOptionT(auth,'by: '); sOptionT(cmt);\r\n\t\t\tsOption('on: '+d1+(d1 != d2? ' to '+d2: ''));\r\n\t\t\tsOption('spd:'+spd1+'/'+spd2+' ord:'+(lp?lp+'-':'')+ord+' ptn:'+ptn+\" intlv:\"+intlv+' saves:'+saves+(X.isDeepScan()? ' sz:'+outSz(sz):''));\r\n\t\t}\r\n\t}\r\n\r\n\telse if(X.Sz() >= 0x386 && isWithin(X.U8(0x25),1,4) && (bin=parseAtariBinary())[0] > 0\r\n\t && X.c(\"0E158D\",6) && X.c(\"8D150E\",0x1A) && X.U16(0x1D) == bin[1][0][1]\r\n\t && (X.c(\"'TMC SONG FILE 2.0'\",9) || X.c(\"D4CDC3A0 D3CFCEC7A0 C6C9CCC5A0 B2AEB0\",9))) {\r\n\t\t//ref http://atariki.krap.pl/index.php/TM2\r\n\t\tsName = \"Marcin 'Jaskier' Lewandowski's Theta Music Composer (.TM2)\"; sVersion = 'v2.0'; bDetected = 1; bad = '';\r\n//\t\tsOption(decAnsi(6,0x17,CPATASCII,0,Chars0to1FATASCII))\r\n\t\tfor(ins=0,p0=0x10000,p=0x86; p < 0x106; p++) {\r\n\t\t\tt = ((X.U8(p+0x280) << 8) | X.U8(p))-X.U16(2)+6; if(t < 0) break;\r\n\t\t\tif(t > 0)\r\n\t\t\t\tif(!isWithin(t,0x380,bin[1][0][1]+6)) bad = bad.addIfNone('!badinsp');\r\n\t\t\t\telse { if(p0 > t) p0 = t; if(X.U8(t) != 0xFF) ins++ }\r\n\t\t}\r\n\t\tfor(ptn=0,p=0x106; p < 0x206; p++) {\r\n\t\t\tt = ((X.U8(p+0x100) << 8) | X.U8(p))-X.U16(2)+6; if(t < 0) break;\r\n\t\t\tif(t > 0)\r\n\t\t\t\tif(!isWithin(t,0x380,bin[1][0][1])) bad = bad.addIfNone('!badptnp');\r\n\t\t\t\telse { if(p0 > t) p0 = t; if(X.U8(t) != 0xFF) ptn++ } //some patterns may be actually used despite being empty\r\n\t\t}\r\n\t\tfor(ord=(p0-0x386)/0x11,p=0x386,pt=-1; p < p0; p += 0x11) {\r\n\t\t\tfor(q=p+1; q < p+0x11; q += 2) if(X.U8(q) >= pt) pt = X.U8(q)+1; //actually used pattern number\r\n\t\t\tif(isWithin(X.U8(p+16),0x41,0x7F)) bad = bad.addIfNone('!badord');\r\n\t\t\tif(X.I8(p+16) <= 0) break //loop or end\r\n\t\t}\r\n\t\tif(bad.length) sVersion = sVersion.appendS('malformed'+bad,'/');\r\n\t\tif(X.isVerbose()) {\r\n\t\t\tfor(p=0x26, t=''; p < 0x86; p += 0x20)\r\n\t\t\t\tt = t.appendS(decAnsi(p,0x20,CPATASCII,0,Chars0to1FATASCII).trim(),' | ');\r\n\t\t\tsOption(t);\r\n\t\t\tif(!(t=X.U8(0x1F))) t = 'mono'; else if(isWithin(t,1,0x3F)) t = 'stereo';\r\n\t\t\telse if(isWithin(t,0x40,0x7F)) t = 'RMT stereo'; else t = 'quadro';\r\n\t\t\t\tsOption('ch:'+t+' spd0:'+X.U8(0x24)+' ticks:'+X.U8(0x25)+' ord:'+ord\r\n\t\t\t\t+' ptn:'+ptn+(pt!=ptn? '/'+pt:'')+' ins:'+ins+' sz:'+outSz(bin[0]))\r\n\t\t}\r\n\t}\r\n\r\n\telse if(X.c(\"0000050F0000050F0000050F0000050F0000050F0000050F0000050F0000050F0000050F0000050F0000050F0000050F\", 0x14)\r\n\t && X.c(\"FFFF001000000030000000\", 0x181)) {\r\n\t\tsName = \"N.J. Luuring Jr.'s The Musical Enlightenment module (.TME)\"; bDetected = 1;\r\n\r\n\t}\r\n\r\n\telse if(X.Sz() >= 0x3000 && X.c(\"'TRK01/TV.ES.'\")) {\r\n\t\tsName = \"Adam Davidson & Ramjet & Toxic Volume's RamTracker module (.TRK)\"; bDetected = 1;\r\n\t\tif(X.isVerbose()) {\r\n\t\t\tsOptionT(X.SC(0x0F,0x20,'CP850'));\r\n\t\t\tsOptionT(X.SC(0x2F,0x20,'CP850'),\"by: \");\r\n\t\t\tp = 0x453; ptn = -1; ord = 0;\r\n\t\t\tfor(;;) { t = X.U8(p++); if(t >= 0xFE || p > X.Sz()) break;\r\n\t\t\t\tord++; if(ptn < t) ptn = t }\r\n\t\t\tptn++;\r\n\t\t\tsOption(\"ord:\"+ord+\" ptn:\"+ptn)\r\n\t\t}\r\n\t}\r\n\r\n\telse if(X.c(\"'S'8F'NG.'\") && /[BW][48]/.test(X.SA(5,2))\r\n\t && (pp=X.fSig(8,0x80*(ch=X.U8(6)-0x30),\"DD48\")) > 0 && !(pp % 2)) {\r\n\t\t//ref the eagleplayer BladePacker(?!)\r\n\t\tsName = \"Unique Development/BladePacker's module (UDS.+SMP.)\"; bDetected = 1;\r\n\t\tif(X.isVerbose()) {\r\n\t\t\tptn = mptn = 0; maxp = Math.min(X.Sz(), 0x10000);\r\n\t\t\tbw = X.SA(5,1) == 'B'? 1: 2; ord = (pp-8) >> (bw+1);\r\n\t\t\tfor(p = 8; p < pp; p++) if((t=X.U8(p)+1) > mptn) mptn = t;\r\n\t\t\tp += 2; t = 0;\r\n\t\t\tif(bw == 1) for(; X.U16(p,_BE) != 0xD8F1 && p < maxp; ) { //for() twice for speed opt\r\n\t\t\t\tif((q=X.U8(p++)) > t) t = q; if((q=X.U8(p++)) > t) t = q }\r\n\t\t\telse\r\n\t\t\t\tfor(; (q=X.U16(p,_BE)) != 0xD8F1 && p < maxp; p += 2) if(q > t) t = q;\r\n\t\t\tptnp = p; ptn = (p-pp-2) >> (bw+5); p += 2 + ((t+1) << 2); //if p > Sz undetect\r\n\t\t\tsz = p;\r\n\t\t\t//subsongs @f732:\r\n\t\t\tp = o = x = 0; a2 = pp+2;\r\n\t\t\t_f742: for(; p < maxp; ) {\r\n\t\t\t\tp = 8 + o * ch;\r\n\t\t\t\tif(p != pp) {\r\n\t\t\t\t\ta0ch = a0 = p+ch; o++;\r\n\t\t\t\t\t_f756: for(; p < maxp; ) {\r\n\t\t\t\t\t\ta0 = pp+2+(X.U8(p++) << (bw+5));\r\n\t\t\t\t\t\t_f76a: for(d6 = 0x40; d6 && p < maxp; ) {\r\n\t\t\t\t\t\t\tif(bw == 1) d1 = X.U8(a0++); else { d1 = X.U16(a0,_BE); a0 += 2 }\r\n\t\t\t\t\t\t\td1 <<= 2;\r\n\t\t\t\t\t\t\tif([0x2C,0x20].indexOf(X.U8(ptnp+4+d1)) >= 0) {\r\n\t\t\t\t\t\t\t\tx++;\r\n\t\t\t\t\t\t\t\tcontinue _f742\r\n\t\t\t\t\t\t\t}\r\n\t\t\t\t\t\t\telse {\r\n\t\t\t\t\t\t\t\tif(--d6) continue _f76a;\r\n\t\t\t\t\t\t\t\tif(p != a0ch) continue _f756; else continue _f742;\r\n\t\t\t\t\t\t\t}\r\n\t\t\t\t\t\t}\r\n\t\t\t\t\t}\r\n\t\t\t\t} else break _f742;\r\n\t\t\t}\r\n\t\t\tif(!x) x = 1; if(x > 1) sOption(x,'×');\r\n\t\t\tsOption('ch:'+ch+' ord:'+ord+' ptn:'+(mptn==ptn?'':mptn+'/')+ptn+' sz:'+outSz(sz))\r\n\t\t}\r\n\t}\r\n\r\n\telse if((X.Sz() > 0x133) && X.c(\"'MAS_UTrack_V00'\") && isWithin(X.U8(0xE),0x31,0x34)\r\n\t && X.Sz() > X.U8(0x2F)*0x20+0x50) {\r\n\t\t//ref https://github.com/OpenMPT/openmpt/blob/master/soundlib/Load_ult.cpp\r\n\t\tsName = \"Marc 'MAS' Schallehn's UltraTracker module (.ULT)\"; bDetected = 1;\r\n\t\tnV = X.U8(0xE)-0x30; sVersion = 'v'+['<1.4','1.4','1.5','1.6'][nV-1]; bad = '';\r\n\t\tmsgn = X.U8(0x2F); p = 0x30+msgn*0x20;\r\n\t\tsmp = X.U8(p++); smpsz = 0; smps = [];\r\n\t\tfor(i=0; i < smp; i++) {\r\n\t\t\tt = X.SC(p,0x20,'CP437').trim(); if(t != '') smps.push(t);\r\n\t\t\tssz = X.U32(p+0x38) - X.U32(p+0x34);\r\n\t\t\tif(ssz < 0) bad = bad.addIfNone('!badsmpsz');\r\n\t\t\telse smpsz += ((X.U8(p+0x3D)&4)? 2: 1)*ssz; //16-bit flag\r\n\t\t\tif(nV >= 4) p += 0x42; else p += 0x40;\r\n\t\t}\r\n\t\tfor(i=ord=mp=0; i < 0x100; i++) if((o=X.U8(p++)) < 0xFE) { ord++; if(mp < o) mp = o }\r\n\t\tch = X.U8(p++)+1; ptn = X.U8(p++)+1; mp++;\r\n\t\tp += ch;\r\n\t\tfor(c=notes=0; c < ch; c++) for(t=0; t < ptn && p < X.Sz(); t++) {\r\n\t\t\trow = 0;\r\n\t\t\twhile(row < 64) {\r\n\t\t\t\trp = 1; b = X.U8(p++); if(b == 0xFC) { rp = X.U8(p++); b = X.U8(p++) }\r\n\t\t\t\tnote = isWithin(b,1,96); p += 4; if(rp+row > 64) rp = 64-row;\r\n\t\t\t\tif(!rp) break; row += rp; if(note) notes += rp;\r\n\t\t\t}\r\n\t\t}\r\n\t\tif(p > X.Sz()) bad = bad.addIfNone('!short');\r\n\t\tsz = p + smpsz;\r\n\t\tif(bad != '') sVersion = sVersion.appendS('/malformed'+bad,'/');\r\n\t\tif(X.isVerbose()) {\r\n\t\t\tsOptionT(X.SC(0x0F,0x20,'CP437'));\r\n\t\t\tspecialmsg =\r\n\t\t\t\t(msgn==23&&sz==297221&&ch==7&&ord==20&&ptn==29&&smp==17&¬es==1572); //Handleless - :) falling and flying :(.ult\r\n\t\t\tfor(p=0x30,i=0,msg=[]; i < msgn; i++) {\r\n\t\t\t\tt = decAnsi(p,0x20,CP437,Chars0to1F); if(!specialmsg) t = t.trim();\r\n\t\t\t\tif(t != '') msg.push(t); p += 0x20\r\n\t\t\t}\r\n\t\t\tmsg = addEllipsis(msg.join(specialmsg?'\\n':' '), specialmsg?0x2000:0xC0, specialmsg?0x2000:0xA0);\r\n\t\t\tsOption(msg, 'msg:'+(specialmsg?'\\n':'\"'), specialmsg?'\\n':'\"');\r\n\t\t\tif(!msg.length) sOption(addEllipsis(smps.join(','),0x80,0x60),'smp/msg:\"','\"');\r\n\t\t\tsOption('ch:'+ch+' ord:'+ord+' ptn:'+mp+(ptn!=mp?'/'+ptn:'')\r\n\t\t\t\t+' smp:'+smp+' notes:'+notes+' sz:'+outSz(sz))\r\n\t\t}\r\n\t}\r\n\r\n\telse if(X.c(\"'VGEfmtV'\") && isWithin(nV=X.U8(7)-0x30,1,3)) { // this format is similar to TFM Music Maker\r\n\t\tsName = \"Shiru's VGM Music Maker module (.VGE)\"; bDetected = 1;\r\n\t\tsVersion = 'v'+nV; ord = -1; //TODO determine whether to unpack from 0 or 0x10, and RE v1\r\n\t\tif(X.isVerbose()) {\r\n\t\t\tp = 0; ptn = 1; n = next = 0; tobuf = true; x = [];\r\n\t\t\tif(nV > 1) for(c = X.U8(p++); n < 0x6E59D1 && p < X.Sz(); ) { //see description in .TFM\r\n\t\t\t\tif(tobuf && n > 0x327) tobuf = false;\r\n\t\t\t\tif(c != 0x80) { b = c; n++; c = X.U8(p++); if(tobuf) x.push(b) }\r\n\t\t\t\telse {\r\n\t\t\t\t\tc = X.U8(p++);\r\n\t\t\t\t\tif(nV == 1 && !c) { x.push(0x80); n++; c = X.U8(p++); continue }\r\n\t\t\t\t\tnext = true; reps = shl = 0;\r\n\t\t\t\t\twhile (next && shl < 57 && p <= X.Sz()) { //read the vari-len int\r\n\t\t\t\t\t\tnext = !(c & 0x80); c &= 0x7F; reps |= Util.shlu64(c,shl); shl += 7; c = X.U8(p++)\r\n\t\t\t\t\t}\r\n\t\t\t\t\tif(!reps) { if(tobuf) x.push(0x80); n++ } //special case for the RLE character\r\n\t\t\t\t\telse { reps--;\r\n\t\t\t\t\t\tn += reps; shl = 0; if(tobuf) for(i=0; i < reps; i++) x.push(b) }\r\n\t\t\t\t}\r\n\t\t\t} else p = 1;\r\n\t\t\tp--;\r\n\t\t\tswitch(nV) {\r\n\t\t\t// case 1: // n/a for now: the compression seems to be kinda quirky, the algo fails\r\n\t\t\t// \tspd1 = x[0x10]; spd2 = x[0x11]; intlv = x[0x12];\r\n\t\t\t// \td1 = x[0x14]+(x[0x15] << 8); d2 = x[0x16]+(x[0x17] << 8); saves = x[0x18]+(x[0x19] << 8);\r\n\t\t\t// \tord = x[0x1B]; lp = x[0x1C];\r\n\t\t\t// \tbreak;\r\n\t\t\tcase 2:\r\n\t\t\t\tspd1 = x[0x10]; spd2 = x[0x11]; intlv = x[0x12];\r\n\t\t\t\td1 = x[0x14]+(x[0x15] << 8); d2 = x[0x16]+(x[0x17] << 8); saves = x[0x18]+(x[0x19] << 8);\r\n\t\t\t\tord = x[0x1B]; lp = x[0x1C];\r\n\t\t\t\tbreak;\r\n\t\t\tcase 3:\r\n\t\t\t\tspd1 = x[0x1A]; spd2 = x[0x1B]; intlv = x[0x1C];\r\n\t\t\t\tord = x[0x25]; lp = x[0x26];\r\n\t\t\t\td1 = x[0x1F]+(x[0x20] << 8); d2 = x[0x21]+(x[0x22] << 8); saves = x[0x23]+(x[0x24] << 8);\r\n\t\t\t\tbreak\r\n\t\t\t}\r\n\t\t\tif(nV != 1) { //TODO VGE does something different here\r\n\t\t\t\tif(ord > 1) for(i=0; i < 255; i++) if((t=x[0x227+i])+1 > ptn) ptn = t+1;\r\n\t\t\t\td1 = '20'+(d1&0x7F).padStart(2,'0')+'-'+(((d1>>7)&0xF)+1).padStart(2,'0')+'-'+(((d1>>11)&0x1F)).padStart(2,'0');\r\n\t\t\t\td2 = '20'+(d2&0x7F).padStart(2,'0')+'-'+(((d2>>7)&0xF)+1).padStart(2,'0')+'-'+(((d2>>11)&0x1F)).padStart(2,'0');\r\n\t\t\t} else { d1 = d2 = spd1 = spd2 = intlv = saves = '?'; lp = 0 }; //TODO same\r\n\t\t\tauth = decEncoding(x.slice(0x27,0x67),CP1251); //I've seen CP1251 and CP936 already, but yeah\r\n\t\t\ttitle = decEncoding(x.slice(0x67,0xA7),CP1251);\r\n\t\t\tcmt = decEncoding(x.slice(0xA7,0x227),CP1251);\r\n\r\n\t\t\tsz = n == 0x6E59D1? p : -1; sOptionT(title); sOptionT(auth,'by: '); sOptionT(cmt);\r\n\t\t\tsOption('on: '+d1+(d1 != d2? ' to '+d2: ''));\r\n\t\t\tsOption('spd:'+spd1+'/'+spd2+' ord:'+(lp?lp+'-':'')+ord+' ptn:'+ptn\r\n\t\t\t\t+' intlv:'+intlv+' saves:'+saves+' sz:'+outSz(sz));\r\n\t\t}\r\n\t}\r\n\r\n\telse if( X.c(\"'Vgm '\") && X.Sz() >= (eof = X.U32(4)+4)\r\n\t && (nV = X.U32(8)) && nV < 0x300 //give'em time tho\r\n\t && ( !X.U32(0x14) || X.c(\"'Gd3 '\",X.U32(0x14)+0x14) )) {\r\n\t\t//ref https://vgmrips.net/wiki/VGM_Specification\r\n\t\t// & https://vgmrips.net/wiki/GD3_Specification\r\n\t\tbDetected = 1; bad = '';\r\n\t\tnV = 1000*(nV>>12)+100*((nV>>8)&0xF)+10*((nV>>4)&0xF)+(nV&0xF); //BCD be like...\r\n\t\tsName = \"Video Game Music chiptune stream (.VGM)\";\r\n\t\teoh = X.U32(0x34)+0x34; if(nV < 150 || eoh == 0x34) eoh = 0x40;\r\n\t\tif(nV >= 150 && eoh < 0x40) bad = '!dataofs';\r\n\t\tsVersion = \"v\"+(nV/100).toFixed(2);\r\n\t\tif(X.isVerbose()) {\r\n\t\t\ttags = []; //11 of them\r\n\t\t\tgd3p = X.U32(0x14,_LE)+0x14;\r\n\t\t\tif(gd3p > 0x14)\r\n\t\t\tif(X.SA(gd3p,4) === \"Gd3 \") {\r\n\t\t\t\tsVersion += \"/Gd3 v\"+(X.readBytes(gd3p+4,4).join(\"\")/100);\r\n\t\t\t\ttaglen = X.U32(gd3p+8,_LE); gd3p += 12;\r\n\t\t\t\tif(gd3p+taglen > X.Sz()) bad = bad.addIfNone('!tagsz');\r\n\t\t\t\ti = 0;\r\n\t\t\t\twhile(i < 11 && gd3p <= X.Sz()) {\r\n\t\t\t\t\ttpos = X.fSig(gd3p,TOEOF,\"0000\");\r\n\t\t\t\t\tif(tpos >= 0) {\r\n\t\t\t\t\t\ttags[i] = X.SU16(gd3p,taglen);\r\n\t\t\t\t\t\tgd3p += tags[i].length*2+2;\r\n\t\t\t\t\t}\r\n\t\t\t\t\telse {\r\n\t\t\t\t\t\ttags[i] = \"\"; gd3p += 2\r\n\t\t\t\t\t}\r\n\t\t\t\t\ti++;\r\n\t\t\t\t}\r\n\t\t\t\tif(i < 11) bad = bad.addIfNone('!tagnum'); else tagn = Math.max(0,i-1);\r\n\t\t\t\tsOption(slashTag(tags[0],tags[1])); sOption(slashTag(tags[6],tags[7]),\"by: \");\r\n\t\t\t\tsOption(slashTag(tags[2],tags[3]),\"for: \"); sOption(slashTag(tags[4],tags[5]),\"on: \");\r\n\t\t\t\tsOption(tags[8],\"date: \"); sOption(tags[9],\"ripper: \"); sOption(tags[10],\"notes: \")\r\n\t\t\t}\r\n\t\t\tsmp = X.U32(0x18); if(!smp) bad = bad.addIfNone('!badlen');\r\n\t\t\tlp = X.U32(0x1C)+0x1C; lpsmp = X.U32(0x20);\r\n\t\t\tif(lp >= eof || lpsmp > smp) {lp = 0; bad = bad.addIfNone('!badloop') }\r\n\t\t\trate = X.U32(0x24);\r\n\t\t\tif(nV > 100) if(!rate) rate = 'n/a'; else\r\n\t\t\t\tif(rate == 50) rate += 'Hz(PAL)'; else if(rate == 60) rate += 'Hz(NTSC)'; else rate += 'Hz';\r\n\t\t\tchips = [[0xC,'SN76489',0], [0x10,'YM2413',0], [0x2C,'YM2612',110], [0x30,'YM2151',110],\r\n\t\t\t\t[0x38,'SegaPCM',151], [0x40,'RF5C68',151], [0x44,'YM2203',151], [0x48,'YM2608',151],\r\n\t\t\t\t[0x4C,'YM2610/B',151], [0x50,'YM3812',151], [0x54,'YM3526',151], [0x58,'Y8950',151],\r\n\t\t\t\t[0x5C,'YMF262',151], [0x60,'YM278B',151], [0x64,'YMF271',151], [0x68,'YMZ280B',151],\r\n\t\t\t\t[0x6C,'RF5C164',151], [0x70,'PWM',151], [0x74,'AY8910',151], [0x80,'GameBoyDMG',161],\r\n\t\t\t\t[0x84,'NES_APU',161], [0x88,'MultiPCM',161], [0x8C,'uPD7759',161], [0x90,'OKIM6258',161],\r\n\t\t\t\t[0x98,'OKIM6295',161], [0x9C,'K051649/K052539',161], [0xA0,'K054539',161],\r\n\t\t\t\t[0xA4,'HuC6280',161], [0xA8,'C140',161], [0xAC,'K053260',161], [0xB0,'Pokey',161],\r\n\t\t\t\t[0xB4,'QSound',161], [0xB8,'SCSP',171], [0xC0,'WonderSwan',171], [0xC4,'VSU',171],\r\n\t\t\t\t[0xC8,'SAA_1099',171], [0xCC,'ES5503',171], [0xD0,'ES5505/ES5506',171],\r\n\t\t\t\t[0xD8,'X1-010',171], [0xDC,'C352',171], [0xE0,'GA20',171], [0xE4,'Mikey/Atari_Lynx',172]\r\n\t\t\t]; chipn = 0;\r\n\t\t\txhdr = 0; if(nV >= 170) { t = X.U32(0xBC); if(t) xhdr = t+0xBC; if(xhdr) {\r\n\t\t\t\txhdsz = X.U32(xhdr); if(!xhdsz) { xhdr = 0; bad = bad.addIfNone('!badxhdr') } } }\r\n\t\t\tfor(i=0; i < chips.length; i++) {\r\n\t\t\t\tif(chips[i][0] >= eoh || (xhdr && chips[i][0] > xhdr)) break; clk = X.U32(chips[i][0]);\r\n\t\t\t\tb30 = Util.shru64(clk,30); b31 = b30 >> 1; b30 &= 1; clk &= 0x3FFFFFFF;\r\n\t\t\t\tif(nV < chips[i][2] || !clk) continue; chipn++;\r\n//_log('@'+Hex(chips[i][0])+' b30:'+b30+' b31:'+b31+' clk:'+clk);\r\n\t\t\t\tchip = chips[i][1]; //tentatively\r\n\t\t\t\tswitch(chips[i][0]) { //all the devils in the details\r\n\t\t\t\tcase 0xC: if(b30 && b31) chip = 'T6W28';\r\n\t\t\t\t\tif(nV <= 151 && !(X.U8(0x2B)&4)) chip += \"/GGStereo\";\r\n\t\t\t\t\tbreak;\r\n\t\t\t\tcase 0x10: if(nV <= 101 && clk > 5000000) chip = 'YM2612'; break;\r\n\t\t\t\tcase 0x2C:\r\n\t\t\t\t\tif(nV >= 151) if(b31) chip = 'YM3438';\r\n\t\t\t\t\tif(nV <= 101) { clk1 = X.U32(0x10)&0x3FFFFFFF; if(clk1 > 5000000) clk = clk1 }\r\n\t\t\t\t\tbreak;\r\n\t\t\t\tcase 0x30:\r\n\t\t\t\t\tif(nV >= 151) if(b31) chip = 'YM2164';\r\n\t\t\t\t\tif(nV <= 101) { clk1 = X.U32(0x10)&0x3FFFFFFF; if(clk1 < 5000000) clk = clk1 }\r\n\t\t\t\t\tbreak;\r\n\t\t\t\tcase 0x4C: if(b31) chip = 'YM2610B'; else chip = 'YM2610'; break;\r\n\t\t\t\tcase 0x74:\r\n\t\t\t\t\tswitch(X.U8(0x78)) {\r\n\t\t\t\t\tcase 0: break; case 1: chip = 'AY8912'; break; case 2: chip = 'AY8913'; break;\r\n\t\t\t\t\tcase 3: chip = 'AY8930'; break; case 4: chip = 'AY8914'; break;\r\n\t\t\t\t\tcase 0x10: chip = 'YM2149'; break; case 0x11: chip = 'YM3439'; break;\r\n\t\t\t\t\tcase 0x12: chip = 'YMZ284'; break; case 0x13: chip = 'YMZ294'; break;\r\n\t\t\t\t\tdefault: chip += \"-ish\"\r\n\t\t\t\t\t}\r\n\t\t\t\t\tbreak;\r\n\t\t\t\tcase 0x84: if(b31) chip += '/FDS'; break;\r\n\t\t\t\tcase 0x90: if(X.U8(0x94)&8) chip += '12bit'; else chip += '10bit'; break;\r\n\t\t\t\tcase 0x9C: if(b31) chip = 'K052539'; else chip = 'K051649'; break;\r\n\t\t\t\tcase 0xA8:\r\n\t\t\t\t\tswitch(X.U8(0x96)) {\r\n\t\t\t\t\tcase 0: chip = 'C140+NamcoSystem2'; break; case 1: chip = 'C140+NamcoSystem21'; break;\r\n\t\t\t\t\tcase 2: chip = '219_ASIC+NamcoNA-1/2'; break; default: chip += \"-ish\"\r\n\t\t\t\t\t}\r\n\t\t\t\t\tbreak;\r\n\t\t\t\tcase 0xCC: chip += ':'+X.U8(0xD4)+'ch'; break;\r\n\t\t\t\tcase 0xD0: if(b31) chip = 'ES5506'; else chip = 'ES5505'; chip += ':'+X.U8(0xD5)+'ch'; break;\r\n\t\t\t\t}\r\n\t\t\t\tsVersion = sVersion.appendS(chip/*+'@'+clk*/,'#');\r\n\t\t\t}\r\n\t\t\tvolmod = -1; if(eoh > 0x7C) {\r\n\t\t\t\tvolmod = X.U8(0x7C); if(volmod > 0xC0) volmod -= 0x100; if(volmod == -63) volmod = -64;\r\n\t\t\t\tvolmod = (2^(volmod/0x20))*100; volmod = Math.round(volmod)+'%' }\r\n\t\t\tif(chipn > 2) bad = bad.addIfNone('!toomanychips');\r\n\t\t\tif(eof < X.Sz())\r\n\t\t\t\tif(X.SA(eof,4) == \"Vgm \") sOption(\"multisong\");\r\n\t\t\t\telse sOption(\"+extra data\");\r\n\t\t\tsOption('rate: '+rate+' len: '+secondsToTimeStr(Util.divu64(smp+22000,44100))+(lp?' looped':'')\r\n\t\t\t\t+(volmod !== -1 && volmod !== ' 100%'?' vol: '+volmod:'')+(xhdr?' xhdr':'')\r\n\t\t\t\t+' sz:'+outSz(eof))\r\n\t\t}\r\n\t\tif(bad != '') sVersion = sVersion.appendS(\"malformed\"+bad,'/')\r\n\t}\r\n\r\n\telse if(X.Sz() > 0x8C2 && X.c(\"0033'T1'\") && [1,2].includes(X.U8(4)) && X.U8(5) <= 1 && X.U8(6) <= 10\r\n\t && !X.U16(7) && X.U8(9) && X.U8(0xC) <= X.U8(0xB)) {\r\n\t\t//ref http://www.kahlin.net/daniel/victracker/vt-2.0/fileformat.txt\r\n\t\tsName = \"Daniel Kahlin's VIC-TRACKER module (.VT)\"; bDetected = 1;\r\n\t\tif(X.isVerbose()) {\r\n\t\t\tsOptionT(X.SA(0x19E,0x10)); //TODO? https://c64os.com/post/Vic20C64SuperChart\r\n\t\t\tx = 0; minst = 0xFFF; maxed = 0;\r\n\t\t\tfor(p=0xA; p < 0x42; p+=4) {\r\n\t\t\t\tif(!X.U8(p+1)) continue;\r\n\t\t\t\tminst = Math.min(minst,X.U8(p)); maxed = Math.max(maxed,X.U8(p+1)); x++\r\n\t\t\t}\r\n\t\t\tfor(ptn=0,p=0x3C2; p < 0x7C2; p++) ptn = Math.max(X.U8(p),ptn); ptn++;\r\n\t\t\tif(x > 1) sOption(x,'×');\r\n\t\t\tsOptionT(X.SA(0x1AE,0x10),\"by: \"); sOptionT(X.SA(0x1BE,0x10),\"'\");\r\n\t\t\tsOption('ptn:'+ptn+' sz:'+outSz(0x8C2+0x40*ptn))\r\n\t\t}\r\n\t}\r\n\r\n\telse if(X.fSig(X.Sz()-0x20,TOEOF,\"'VSS0'00\") > -1) {\r\n\t\t//TODO thaaat's not a good way to detect a thing...\r\n\t\tsName = \"Tomas Partl's Voodoo Supreme Synthesizer audio (.VSS)\"; bDetected = 1\r\n\t}\r\n\r\n\telse if(X.c(\"6000\") && X.c(\"48E7FFFE610000\",0x04)\r\n\t\t&& X.c(\"4CDF7FFF'Nu'\",0x0C)) {\r\n\t\tsName = \"Wally Beben's module (.WB)\"; bDetected = 1\r\n\t}\r\n\r\n\telse if(X.c(\"'WSRF'\",X.Sz()-0x20) && X.c(\"EA\",X.Sz()-0x10)) {\r\n\t\t//ref http://daifukkat.su/docs/wsman/#wsr\r\n\t\tsName = \"WonderSwan R programmatic chiptune (.WSR)\"; bDetected = 1;\r\n\t\tp = X.Sz()-0x20;\r\n\t\tsVersion = \"v\"+X.U8(p+4);\r\n\t\tif(X.isVerbose()) {\r\n\t\t\tsOption(Hex(X.U8(p+0x18)),\"CartID:\")\r\n\t\t\tpub = X.U8(p+0x16);\r\n\t\t\tswitch(pub) {\r\n\t\t\tcase 0: sOption(\"(invalid publisher)\"); break;\r\n\t\t\tcase 1: sOption(\"Bandai\"); break;\r\n\t\t\tcase 2: sOption(\"Taito\"); break;\r\n\t\t\tcase 3: sOption(\"Tomy\"); break;\r\n\t\t\tcase 4: sOption(\"Koei\"); break;\r\n\t\t\tcase 5: sOption(\"Data East\"); break;\r\n\t\t\tcase 6: sOption(\"Asmik Ace\"); break;\r\n\t\t\tcase 7: sOption(\"Media Entertainment\"); break;\r\n\t\t\tcase 8: sOption(\"Nichibutsu\"); break;\r\n\t\t\tcase 0x0A: sOption(\"Coconuts Japan\"); break;\r\n\t\t\tcase 0x0B: sOption(\"Sammy\"); break;\r\n\t\t\tcase 0x0C: sOption(\"Sunsoft\"); break;\r\n\t\t\tcase 0x0D: sOption(\"Mebius\"); break;\r\n\t\t\tcase 0x0E: sOption(\"Banpresto\"); break;\r\n\t\t\tcase 0x10: sOption(\"Jaleco\"); break;\r\n\t\t\tcase 0x11: sOption(\"Imagineer\"); break;\r\n\t\t\tcase 0x12: sOption(\"Konami\"); break;\r\n\t\t\tcase 0x16: sOption(\"Kobunsha\"); break;\r\n\t\t\tcase 0x17: sOption(\"Bottom Up\"); break;\r\n\t\t\tcase 0x18: sOption(\"Kaga Tech\"); break;\r\n\t\t\tcase 0x19: sOption(\"Sunrise\"); break;\r\n\t\t\tcase 0x1A: sOption(\"Cyber Front\"); break;\r\n\t\t\tcase 0x1B: sOption(\"Mega House\"); break;\r\n\t\t\tcase 0x1D: sOption(\"Interbec\"); break;\r\n\t\t\tcase 0x1E: sOption(\"Nihon Application\"); break;\r\n\t\t\tcase 0x1F: sOption(\"Bandai Visual\"); break;\r\n\t\t\tcase 0x20: sOption(\"Athena\"); break;\r\n\t\t\tcase 0x21: sOption(\"KID\"); break;\r\n\t\t\tcase 0x22: sOption(\"HAL Corporation\"); break;\r\n\t\t\tcase 0x23: sOption(\"Yuki Enterprise\"); break;\r\n\t\t\tcase 0x24: sOption(\"Omega Micott\"); break;\r\n\t\t\tcase 0x25: sOption(\"Layup\"); break;\r\n\t\t\tcase 0x26: sOption(\"Kadokawa Shoten\"); break;\r\n\t\t\tcase 0x27: sOption(\"Shall Luck\"); break;\r\n\t\t\tcase 0x28: sOption(\"Squaresoft\"); break;\r\n\t\t\tcase 0x2B: sOption(\"Tom Create\"); break;\r\n\t\t\tcase 0x2D: sOption(\"Namco\"); break;\r\n\t\t\tcase 0x2E: sOption(\"Movic(?)\"); break;\r\n\t\t\tcase 0x2F: sOption(\"E3 Staff(?)\"); break;\r\n\t\t\tcase 0x31: sOption(\"Vanguard\"); break;\r\n\t\t\tcase 0x32: sOption(\"Megatron\"); break;\r\n\t\t\tcase 0x33: sOption(\"Wiz\"); break;\r\n\t\t\tcase 0x34: sOption(\"Capcom\"); break;\r\n\t\t\tdefault: sOption(\"(unknown publisher)\")\r\n\t\t\t}\r\n\t\t\tsOption(X.U8(p+5),\"1sttrk: \");\r\n\t\t}\r\n\t}\r\n\telse if(X.c(\"3026b2758e66cf11a6d900aa0062ce6c\")) { //TODO organise to a non-module file\r\n\t\tsName = \"Windows Media (.WMV/WMA)\"; bDetected = 1\r\n\t}\r\n\telse if(X.c(\"'XAD!'\")) {\r\n\t\tsName = \"Riven the Mage's Exotic AdLib module (.XAD)\"; bDetected = 1;\r\n\t\tif(X.isVerbose()) {\r\n\t\t\tsOptionT(X.SA(0x04,0x24));\r\n\t\t\tsOptionT(X.SA(0x28,0x24),\"by: \");\r\n\t\t}\r\n\t}\r\n\r\n\telse if(X.c(\"'Extended Module: '\") && X.c(\"1A\",0x25) && isWithin(X.U16(0x48),1,256)) {\r\n\t\t//ref https://github.com/OpenMPT/openmpt/blob/master/soundlib/Load_xm.cpp et al.\r\n\t\tV = X.U16(0x3A); charset = 'CP437';\r\n\t\tsName = \"Fast Tracker 2 Extended module (.XM)\"; bDetected = 1;\r\n\t\ttext = tracker = mVlsw = bad = \"\"; insns = []; smpns = [];\r\n\t\thdrp = 0x3C; hdrsz = X.U32(hdrp); restartp = X.U16(hdrp+6); flags = X.U16(hdrp+0x0E);\r\n\t\tlinearSlides = flags & 1; xFilter = flags & 0x1000;\r\n\t\tord = X.U16(hdrp+4); chn = X.U16(hdrp+8); ptn = X.U16(hdrp+0x0A); ins = X.U16(hdrp+0x0C);\r\n\t\ttmp0 = X.U16(hdrp+0x10); bpm0 = X.U16(hdrp+0x12);\r\n\t\tvar ptnhdp = p = hdrp+hdrsz;\r\n\t if(V >= 0x104) for(i=0; i < ptn; i++) p += X.U32(p)+X.U16(p+7);\r\n\t\tconst verUnknown = 0, verOldModPlug = 1, verNewModPlug = 2, verMPfBiDi = 4, verOpenMPT = 8,\r\n\t\tverConfirmed = 0x10, verFT2Generic = 0x20, verOther = 0x40, verFT2Clone = 0x80,\r\n\t\tverPlayerPRO = 0x100, verDigiTrakker = 0x200, verUNMO3 = 0x400, verEmptyOrders = 0x800;\r\n\t\tvar isMadTracker = isOMPTMade = isOXM = mixlevCompatFT2 = false;\r\n\t\tmadewith = verUnknown;\r\n\t\tif(X.c(\"'FastTracker v2.00 '\",0x26) && hdrsz === 276) { //version detection pt.1/9001\r\n\t\t\tif(V < 0x104) madewith = verFT2Generic | verConfirmed;\r\n\t\t\telse if((t=X.fSig(0x11,0x14,\"00\")) >= 0) { //song title space or zero padded?\r\n\t\t\t\tif(restartp)\r\n\t\t\t\t\tmadewith = verFT2Clone | verNewModPlug | verEmptyOrders;\r\n\t\t\t\telse if(t == 0x24) // just the last character's zero\r\n\t\t\t\t\tmadewith = verFT2Clone | verNewModPlug | verPlayerPRO | verEmptyOrders;\r\n\t\t\t\telse if(firstNotOf(t+1,0x24-t,0x20) < 0) // space-padded ascii-z?!\r\n\t\t\t\t\tmadewith = verPlayerPRO | verConfirmed;\r\n\t\t\t\telse\r\n\t\t\t\t\tmadewith = verFT2Clone | verNewModPlug | verEmptyOrders;\r\n\t\t\t}\r\n\t\t\telse if(restartp) madewith = verFT2Generic | verNewModPlug;\r\n\t\t\telse madewith = verFT2Generic | verNewModPlug | verPlayerPRO;\r\n\t\t}\r\n\t\telse if(X.c(\"'FastTracker v 2.00 '\",0x26)) madewith = verOldModPlug;\r\n\t\telse {\r\n\t\t\tmadewith = verUnknown | verConfirmed;\r\n\t\t\ttracker = X.SC(0x26,0x14,charset).trim();\r\n\t\t\tif(X.c(\"'OpenMPT '\",0x26)) madewith = verOpenMPT | verConfirmed | verEmptyOrders;\r\n\t\t\telse if(X.c(\"'MilkyTracker '\",0x26)) { if(!X.c(\"' '\",0x32)) mixlevCompatFT2 = true }\r\n\t\t\telse if(X.c(\"'Fasttracker II clone'\",0x26)) madewith = verFT2Generic | verConfirmed;\r\n\t\t\telse if(X.c(\"'MadTracker 2.0'00\",0x26)) {\r\n\t\t\t\tisMadTracker = true; if(X.c(\"00000000\",0x35)) tracker = 'MadTracker 2';\r\n\t\t\t\telse tracker = 'MadTracker 2 (registered)'\r\n\t\t\t}\r\n\t\t\telse if(X.c(\"'*Converted '\",0x26) && X.c(\"'-File*'\",0x34)) {\r\n\t\t\t\tmadewith = verDigiTrakker | verConfirmed; tracker = 'Digitrakker' }\r\n\t\t}\r\n\t\tif(xFilter && (madewith & verNewModPlug))\r\n\t\t\tmadewith = verFT2Clone | verNewModPlug | verConfirmed | verEmptyOrders;\r\n\t\t//back on track\r\n\t\tsmp = smpReserved = 0; insp = p; anyADPCM = anyInsSmp = false; sflags = [];\r\n\t\t\tsmpsz = lastsmphdsz = lastinstp = lastsmpreserved = -1;\r\n\t\tif(!ord && !verEmptyOrders) ord = 1; //a fix for dark lighthouse.xm\r\n\t\tfor(i=0; i < ins; i++) {\r\n\t\t\tif(p+4 > X.Sz()) { bad = bad.addIfNone('!short'); break }\r\n\t\t\tihdsz = X.U32(p); if(!ihdsz) ihdsz = 263; instp = X.U8(p+0x1A);\r\n\t\t\tinst = X.SC(p+4,0x16,'CP437').trim(); if(inst.length) insns.push(inst);\r\n\t\t\tsmpn = X.U16(p+0x1B); smphdsz = X.U32(p+0x1D);\r\n\t\t\tif(madewith == verOldModPlug) { madewith |= verConfirmed;\r\n\t\t\t\tif(ihdsz == 245) { mVlsw = \"1.00.00.A5\"; tracker = \"ModPlug Tracker 1.0 alpha\" }\r\n\t\t\t\telse if(ihdsz == 263) { mVlsw = \"1.00.00.B3\"; tracker = \"ModPlug Tracker 1.0 beta\" }\r\n\t\t\t\telse madewith = verUnknown | verConfirmed;\r\n\t\t\t} else if(!smpn) {\r\n\t\t\t\tif(ihdsz == 263 && !smphdsz && (madewith & verNewModPlug)) madewith |= verConfirmed;\r\n\t\t\t\telse if(ihdsz != 29 && (madewith & verDigiTrakker)) madewith &= ~verDigiTrakker;\r\n\t\t\t\telse if((madewith & (verFT2Clone|verFT2Generic)) && ihdsz != 33) madewith = verUnknown;\r\n\t\t\t\tif(ihdsz != 33) madewith &= ~verPlayerPRO;\r\n\t\t\t\telse if(smphdsz > 40 && (madewith & verPlayerPRO)) {\r\n\t\t\t\t\tif(anyInsSmp || (lastsmphdsz != -1 && smphdsz != lastsmphdsz))\r\n\t\t\t\t\t\tmadewith = verPlayerPRO | verConfirmed;\r\n\t\t\t\t\tlastsmphdsz = smphdsz\r\n\t\t\t\t}\r\n\t\t\t}\r\n\t\t\tif(lastinstp == -1) lastinstp = instp;\r\n\t\t\telse if(lastinstp != instp && (madewith & verFT2Generic)) {\r\n\t\t\t\tmadewith &= ~verFT2Generic; madewith |= verFT2Clone;\r\n\t\t\t}\r\n\t\t\tvls = X.U8(p+40+0xC3); vle = X.U8(p+40+0xC4); vef = X.U8(p+40+0xC8);\r\n\t\t\tpls = X.U8(p+40+0xC6); ple = X.U8(p+40+0xC7); pef = X.U8(p+40+0xC9);\r\n\t\t\tmidichecks = X.U8(p+40+0xD0) | X.U8(p+40+0xD1) | X.U16(p+40+0xD2) | X.U8(p+40+0xD6);\r\n\t\t\tp += ihdsz; smp += smpn;\r\n\t\t\tif(p > X.Sz()) { bad = bad.addIfNone(\"!short\"); break }\r\n\t\t\tif(V >= 0x104) sflags = [];\r\n\t\t\tvar ssizes = [], slens = 0;\r\n\t\t\tif(smpn) {\r\n\t\t\t\tanyInsSmp = true;\r\n\t\t\t\tif(midichecks) madewith &= ~(verOldModPlug | verNewModPlug | verPlayerPRO);\r\n\t\t\t\tif(ihdsz != 0x107 || instp) madewith &= ~verPlayerPRO;\r\n\t\t\t\tif(!(madewith & verConfirmed) && (madewith & verPlayerPRO))\r\n\t\t\t\t\tif(!(vef & 4) && vls == 0xFF && vle == 0xFF\r\n\t\t\t\t\t || !(pef & 4) && pls == 0xFF && ple == 0xFF) {\r\n\t\t\t\t\t \tmadewith &= ~verNewModPlug; madewith |= verConfirmed\r\n\t\t\t\t\t}\r\n\t\t\t\tfor(j=0; j < smpn; j++) {\r\n\t\t\t\t\tslen = ssizes[j] = X.U32(p); //lpst @ p+4, lpsz @ p+8, vol0 @ p+0xC, relnote @ p+0x10\r\n\t\t\t\t\tvar sft = X.I8(p+0xD), sf = X.U8(p+0xE), sp = X.U8(p+0x0F), sr = X.U8(p+0x11),\r\n\t\t\t\t\t sname = X.SC(p+0x12,22,'CP437'), snt = sname.trim(); smpReserved |= sr;\r\n\t\t\t\t\tsmpns.push(snt);\r\n\t\t\t\t\tisADPCM = (sr === 0xAD) && !(sf&0x30); //flags sample16bit=10h and sampleStereo=20h\r\n\t\t\t\t\tif(sr && sr != 0xAD) madewith &= ~(verOldModPlug | verNewModPlug | verOpenMPT);\r\n\t\t\t\t\tif(lastsmpreserved == -1) lastsmpreserved = sr;\r\n\t\t\t\t\telse if(lastsmpreserved != sr) madewith &= ~verPlayerPRO;\r\n\t\t\t\t\tif(sp != 128) madewith &= ~verPlayerPRO;\r\n\t\t\t\t\tif((sft&0xF) && sft != 127) madewith &= ~verPlayerPRO;\r\n\t\t\t\t\tsflags.push([sf, isADPCM]); if(isADPCM) anyADPCM = true;\r\n\t\t\t\t\tslens += isADPCM ? 16+(slen+1 >> 1) : slen;\r\n\t\t\t\t\tp += 40; //not smphdsz; considering there are files with smphdsz = 0...\r\n\t\t\t\t\tif((madewith & (verFT2Generic | verFT2Clone)) && (madewith & (verNewModPlug | verPlayerPRO))\r\n\t\t\t\t\t && !(madewith & verConfirmed) && (sr > 22 || sname.slice(sr).indexOf(' ') < 0)) {\r\n\t\t\t\t\t\tmadewith &= ~verFT2Generic; madewith |= verFT2Clone | verConfirmed\r\n\t\t\t\t\t}\r\n\t\t\t\t\tif((sf&3) === 3 && (madewith & verNewModPlug)) madewith |= verMPfBiDi;\r\n\t\t\t\t} //read the instrument's samples info\r\n\t\t\t\tsmpsz += slens;\r\n\t\t\t\tif(V >= 0x104) { if(X.c(\"'OggS'\",p)) isOXM = true; p += slens }\r\n\t\t\t} //if smpn\r\n\t\t} //for i in ins\r\n\t\tif(!smpReserved && (madewith & verNewModPlug) && X.fSig(0x11,0x14,\"00\") > -1)\r\n\t\t\tmadewith |= verConfirmed;\r\n\t\tif(V < 0x104) {\r\n\t\t\tfor(i=0; i < ptn; i++)\r\n\t\t\t\tp += X.U32(p)+X.U16(p+(V == 0x102 ? 6 : 7));\r\n\t\t\tif(X.c(\"'OggS'\",p)) isOXM = true;\r\n\t\t\tp += smpsz\r\n\t\t}\r\n\t\tbasesz = p;\r\n\t\tif(tracker == \"\") {\r\n\t\t\tif((madewith&verDigiTrakker) && !smpReserved && (lastinstp ? lastinstp : -1) == -1)\r\n\t\t\t\ttracker = \"Digitrakker\";\r\n\t\t\telse if(madewith&verFT2Generic)\r\n\t\t\t\ttracker = \"FastTracker 2 or compatible\";\r\n\t\t\telse tracker = \"Unknown\"\r\n\t\t}\r\n\t\t//catch plugins, settings, messages from various XM flavours\r\n\t\tfx = 0; xt = \"\";\r\n\t\twhile(p+6 < X.Sz()) {\r\n\t\t\tt = X.SA(p,4); it = X.U32(p);\r\n\t\t\tif(it && X.U16(p+4)\r\n\t\t\t && (t === \"228\\x04\" || (it & 0x80808080) || !(it & 0x60606060))) {\r\n\t\t\t\t//I haven't seen files with that to see how that goes so we'll just cut here!\r\n\t\t\t\tbreak\r\n\t\t\t}\r\n\t\t\tif(t === \"text\") {\r\n\t\t\t\tt = X.U32(p+4); p += 8; xt = xt.append(\"t\");\r\n\t\t\t\ttext = X.SC(p,t,'CP437').trim(); p += t;\r\n\t\t\t\tmadewith &= ~verPlayerPRO; madewith |= verConfirmed\r\n\t\t\t} else if(/F[0-9X]\\d\\d/.test(t)) {\r\n\t\t\t\tt = X.U32(p+4); if(p+8+t <= X.Sz()) { p += 8+t; fx++ }\r\n\t\t\t\tmadewith |= verConfirmed\r\n\t\t\t} else if(t === \"MIDI\") {\r\n\t\t\t\tt = X.U32(p+4); madewith &= ~verPlayerPRO; madewith |= verConfirmed;\r\n\t\t\t\tif(p+8+t <= X.Sz()) { p += 8+t; xt = xt.append(\"m\") }\r\n\t\t\t} else if(t === \"CHFX\" || t === \"CNAM\" || t === \"PNAM\") {\r\n\t\t\t\tt = X.U32(p+4); if(p+8+t <= X.Sz()) p += 8+t;\r\n\t\t\t\tmadewith &= ~verPlayerPRO; madewith |= verConfirmed\r\n\t\t\t} else if(t === \"XTPM\") {\r\n\t\t\t\tp += 4; xt = xt.append(\"x\");\r\n\t\t\t\tmadewith &= ~verPlayerPRO; madewith |= verConfirmed; isOMPTMade = true;\r\n\t\t\t\tt = X.SA(p,4);\r\n\t\t\t\twhile(p+7 < X.Sz()) {\r\n\t\t\t\t\tif(!X.U8(p)) { p++; break }\r\n\t\t\t\t\tcode = X.SA(p,4); icode = X.U32(p);\r\n\t\t\t\t\tif(code === \"STPM\" || code === \"228\\x04\"\r\n\t\t\t\t\t || (icode & 0x80808080) || !(icode & 0x60606060))\r\n\t\t\t\t\t\tbreak;\r\n\t\t\t\t\tprsz = X.U16(p+4); p += 6;\r\n\t\t\t\t\tfor(i=0; i < ins; i++) p += prsz }\r\n\t\t\t} else if(t === \"STPM\") {\r\n\t\t\t\tp += 4; xt = xt.append(\"s\"); madewith &= ~verPlayerPRO; madewith |= verConfirmed;\r\n\t\t\t\twhile(p+6 < X.Sz()) {\r\n\t\t\t\t\tif(!X.U8(p)) { p++; break }\r\n\t\t\t\t\tif(X.c(\"'VWSL'\",p)) { v = 0;\r\n\t\t\t\t\t\tfunction itV(v) { return v.slice(0,1)+'.'+v.slice(1,3)+'.'+v.slice(3,5)+'.'+v.slice(5,7) }\r\n\t\t\t\t\t\tswitch(X.U16(p+4)) {\r\n\t\t\t\t\t\tcase 1: v = X.U8(p+6); break; case 2: v = X.U16(p+6); break;\r\n\t\t\t\t\t\tcase 3: v = X.U24(p+6); break; case 8: v = X.U64(p+6); break;\r\n\t\t\t\t\t\tdefault: v = X.U32(p+6) }\r\n\t\t\t\t\t\tif(v) mVlsw = itV(v.toString(16).toUpperCase().padStart(7,'0')); break;\r\n\t\t\t\t\t}\r\n\t\t\t\t\tp += 6+X.U16(p+4)\r\n\t\t\t\t}\r\n\t\t\t} else break;\r\n\t\t}\r\n\t\tif(madewith & verConfirmed)\r\n\t\t\tif(madewith & verMPfBiDi) {\r\n\t\t\t\tmVlsw = \"1.11\"; tracker = \"ModPlug Tracker 1.0-11\";\r\n\t\t\t} else if((madewith & verNewModPlug) && !(madewith & verPlayerPRO)) {\r\n\t\t\t\tmVlsw = \"1.16\"; tracker = \"ModPlug Tracker 1.0-16\";\r\n\t\t\t} else if((madewith & verNewModPlug) && (madewith & verPlayerPRO)) {\r\n\t\t\t\tmVlsw = \"1.16\"; tracker = \"ModPlug Tracker 1.0-16 / PlayerPRO\";\r\n\t\t\t} else if(!(madewith & verNewModPlug) && (madewith & verPlayerPRO))\r\n\t\t\t\ttracker = \"PlayerPRO\";\r\n\t\tif(X.c(\"'OpenMPT '\",0x26)) {\r\n\t\t\tmVlsw = X.SA(0x2E,12).trim(); madewith = verOpenMPT|verConfirmed;\r\n\t\t}\r\n\t\tif(isOMPTMade && mVlsw < \"1.17\") mVlsw = \"1.17\";\r\n\t\tif(mVlsw >= \"1.17\") tracker = \"OpenMPT v\"+mVlsw;\r\n\t\tsz = p;\r\n\t\tcharset = (mVlsw != \"\" || isMadTracker) ? 'CP1252' : 'CP437';\r\n\t\tif(X.isVerbose()) {\r\n\t\t\tsOptionT(X.SC(0x11,0x14,charset));\r\n\t\t\tsOptionT(tracker,\"in:\");\r\n\t\t\tif(isOXM) sOption(\"OggMod FastTracker 2 (.OXM)\",\"via:\");\r\n\t\t\tif(text.length) sOption(addEllipsis(text,0x100));\r\n\t\t\tif(insns.length) sOption(addEllipsis(insns.filter(funSampleName).join(' '),0x100),'ins/msg:\"','\"');\r\n\t\t\tif(smpns.length) sOption(addEllipsis(smpns.filter(funSampleName).join(' '),0x100),'smp/msg:\"','\"')\r\n\t\t\tvar info = 'chn:'+chn+' ord:'+ord+' ptn:'+ptn+' ins:'+ins+' smp:'+smp;\r\n\t\t\tif(fx) info += ' fx:'+fx; if(xt.length) info += ' xt:'+xt;\r\n\t\t\tif(sz != basesz) info += \" base_sz:\"+basesz; info += \" sz:\"+outSz(sz); sOption(info)\r\n\t\t}\r\n\t\tsVersion = \"v\"+(V>>8)+\".\"+(V&0xFF)+bad+(anyADPCM?\"/ADPCMpacked\":\"\");\r\n\t}\r\n\r\n\telse if(X.c(\"'FORM' 0000000E 'XDIRINFO' 00000002 .... 'CAT ' ........ 'XMIDFORM' ........ 'XMID'\")) {\r\n\t\tbDetected = 1;\r\n\t\tsName = \"Extended MIDI chiptune (.XMI,.C55,.PCS)\";\r\n\t\tif(X.isVerbose()) {\r\n\t\t\tif((x=X.U8(0x14)) > 1) sOption(x,'×')\r\n\t\t\tsOption(outSz(0x1E+X.U32(0x1A,_BE)),'sz:')\r\n\t\t}\r\n\t}\r\n\r\n\telse if(X.c(\"'ofTAZ!'\")) {\r\n\t\tsName = \"Davey W. Taylor's Extra Simple Music module (.XSM)\"; bDetected = 1\r\n\t}\r\n\telse if(/YM\\d!/.test(X.SA(0,4)) || X.c(\"'YM3b!'\")\r\n\t\t || /YMT\\dLeOnArD!/.test(X.SA(0,0xC)) || X.c(\"'MIX1LeOnArD!'\")) {\r\n\t\t//ref https://github.com/cpcsdk/libstsound/blob/master/Ymload.cpp\r\n\t\tbDetected = 1; bad = ''; frm = smp = voc = loop = ddn = 0;\r\n\t\tsName = \"ST-Sound chiptune stream (.YM)\";\r\n\t\tsV = X.SA(0,4).replace(/!/g,\"\");\r\n\t\tswitch(sV) {\r\n\t\tcase \"YM1\": sVersion = \"YM1\"; break;\r\n\t\tcase \"YM2\": sVersion = \"MADMAX specific\"; break;\r\n\t\tcase \"YM3\": sVersion = \"YM-Atari\"; break;\r\n\t\tcase \"YM3b\": sVersion = \"YM-Atari+loopinfo\";\r\n\t\t\tloop = X.U32(X.Sz()-4,_LE); break;\r\n\t\tcase \"YM4\": sVersion = \"YM-Atari extended\"; break;\r\n\t\tcase \"YM5\": case \"YM6\": sVersion = \"Generic YM2149 extended\"; break;\r\n\t\tcase \"MIX1\": sVersion = \"Atari Remix digital\"; break;\r\n\t\tcase \"YMT1\": case \"YMT2\": sVersion = \"YM-Tracker\"; break;\r\n\t\t}\r\n\t\tif([\"YM2\",\"YM3\",\"YM3b\"/*,\"YM4\"*/].indexOf(sV) >= 0) //No YM4 in the wilderness, ignoring\r\n\t\t\tfrm = Util.divu64(X.Sz()-4,14);\r\n\t\tif([\"YM5\",\"YM6\",\"YMT1\",\"YMT2\",\"MIX1\"].indexOf(sV) >= 0) {\r\n\t\t\tif(X.SA(4,8)!=\"LeOnArD!\") bad = bad.addIfNone('!badsig');\r\n\t\t\tif(([\"YM6!\",\"YMT1\",\"YMT2\"].indexOf(sV) >=0)\r\n\t\t\t\t&& (X.SA(X.Sz()-4)!=\"End!\")) bad = bad.addIfNone('!badfilesz');\r\n\t\t\t//if(sV===\"YM4\") p=0x1C; else\r\n\t\t\tif([\"YM5\",\"YM6\"].indexOf(sV) >= 0) {\r\n\t\t\t\tddn = X.U16(0x14,_BE);\r\n\t\t\t\tloop = X.U32(0x1C,_BE);\r\n\t\t\t\tp = X.U16(0x20,_BE)+0x22;\r\n\t\t\t\tfor(i=0; i < ddn; i++) {\r\n\t\t\t\t\tds = X.U16(p,_BE); p += 2+ds; if(p >= X.Sz()) {bad = bad.addIfNone('!tooshort'); break}\r\n\t\t\t\t}\r\n\t\t\t} else\r\n\t\t\tif(sV === \"MIX1\") {\r\n\t\t\t\tp = 0x18;\r\n\t\t\t\tsmp = X.U32(0x10,_BE);\r\n\t\t\t\tmixblk = X.U32(0x14,_BE);\r\n\t\t\t\tfor(i=0;i= 0) {\r\n\t\t\t\tddn = X.U16(0x18,_BE);\r\n\t\t\t\tvoc = X.U16(0x0D,_BE);\r\n\t\t\t\tfrm = X.U32(0x10,_BE);\r\n\t\t\t\tp = 0x1E;\r\n\t\t\t}\r\n\t\t\t//read the three tags from here\r\n\t\t\tif(p>=X.Sz()) bad = bad.addIfNone('!nodata');\r\n\t\t\telse {\r\n\t\t\t\tt = p; t_ = X.fSig(p,TOEOF,\"00\")-p;\r\n\t\t\t\tif(t_ >= 0) {\r\n\t\t\t\t\tp += t_+1; a = p; a_ = X.fSig(p,TOEOF,\"00\")-p;\r\n\t\t\t\t\tp += a_+1; c = p; c_ = X.fSig(p,TOEOF,\"00\")-p;\r\n\t\t\t\t\tp += c_+1;\r\n\t\t\t\t\tif([\"YM5\",\"YM6\"].indexOf(sV) >= 0)\t\r\n\t\t\t\t\t\tif(!X.c(\"'End!'\",p+((frm = X.U32(0xC,_BE)) << 4))) {\r\n\t\t\t\t\t\t\tbad = bad.addIfNone('!badframes'); sOption(\"frm/frames: \"+(frm<<4)+\"/\"+(X.Sz()-p-4)) }\r\n\t\t\t\t}\r\n\t\t\t}\r\n\t\t\tif(X.isVerbose()) {\r\n\t\t\t\tsOptionT(X.SA(t,t_));\r\n\t\t\t\tsOptionT(X.SA(a,a_),\"by: \");\r\n\t\t\t\tsOptionT(X.SA(c,c_));\r\n\t\t\t}\r\n\t\t}\r\n\t\tif(X.isVerbose()) {\r\n\t\t\tif(voc) sOption(voc,\"voc:\");\r\n\t\t\tif(smp) sOption(outSz(p+smp),'sz:');\r\n\t\t\tif(ddn) sOption(ddn, \"digidrums:\")\r\n\t\t\tif(frm) sOption('len:'+frm+' sz:'+outSz(p+(frm<<4)+4));\r\n\t\t}\r\n\t\tif(bad != '') sVersion= sVersion.appendS('malformed'+bad,'/')\r\n\t}\r\n\telse if(X.c(\"'YMST'\")) {\r\n\t\tsName = \"Nicolas 'Mr.Styckx' Pomarede's MYST ST-YM module (.YMST,.YM)\"; bDetected = 1;\r\n\t\tif(X.isVerbose()) {\r\n\t\t\tfor(i=0,p=4; i < 48; i++) { p += 8; if(!X.U16(p-8,_BE)) break }\r\n\t\t\tt = p; t_ = X.fSig(p,TOEOF,\"00\")-p;\r\n\t\t\tif(t_ >= 0) {\r\n\t\t\t\tp += t_+1; a = p; a_ = X.fSig(p,TOEOF,\"00\")-p;\r\n\t\t\t\tp += a_+1; c = p; c_ = X.fSig(p,TOEOF,\"00\")-p;\r\n\t\t\t\tif(X.isVerbose()) {\r\n\t\t\t\t\tsOptionT(X.SA(t,t_));\r\n\t\t\t\t\tsOptionT(X.SA(a,a_),\"by: \");\r\n\t\t\t\t\tsOptionT(X.SA(c,c_));\r\n\t\t\t\t}\r\n\t\t\t}\r\n\t\t}\r\n\t}\r\n\r\n// pure signature detection end\r\n\r\n\r\n// AND NOW,\r\n// THE HEAVIEST STUFF GOES DOWN HERE\r\n// THE SANITY CHECK-STYLE DETECTION\r\n// (* It's still hella fast tho, no worries)\r\n\r\nfunction isAYAmadeus() {\r\n\t//the underlying format is the same as FXM\r\n\t//ref https://vgmrips.net/wiki/AY_File_Format\r\n\tif(!X.c(\"'ZXAYAMAD'\") || X.U8(9) > 3) return false;\r\n\tauthp = 0x0C+X.I16(0x0C,_BE); if(authp < X.Sz()) auth = authp?X.SA(authp,0x100):''; else return false;\r\n\tmiscp = 0x0E+X.I16(0x0E,_BE); if(miscp < X.Sz()) misc = miscp?X.SA(miscp,0x100):''; else return false;\r\n\tx = X.U8(0x10)+1; p = 0x12+X.I16(0x12,_BE); if(p > X.Sz()) return false;\r\n\ttitles = []; for(i=0; i < x; i++,p+=4) if(t = p+X.I16(p,_BE))\r\n\t\tif(t < X.Sz()) titles.push(X.SA(t,0x100).trim()); else return false;\r\n\treturn true\r\n}\r\nif(!bDetected && isAYAmadeus()) {\r\n\tsName = \"František Fuka/Fuxoft's AY Amadeus module (.AMAD)\";\r\n\tsVersion = [X.U8(8)?'Rel '+X.U8(8):'', X.U8(9)?'Plr '+X.U8(9):''].join(' ').trim();\r\n \tif(X.isVerbose()) {\r\n\t\tsOptionT(titles.join(',')); if(x > 1) sOption(x,'×');\r\n\t\tif(authp) sOptionT(auth,'by: '); if(miscp) sOptionT(misc);\r\n\t}\r\n}\r\n\r\n\r\nfunction isAYEmul() {\r\n\t// ref https://vgmrips.net/wiki/AY_File_Format\r\n\tif(!X.c(\"'ZXAYEMUL'\") || X.U8(9) > 3) return false;\r\n\tauthp = 0x0C+X.I16(0x0C,_BE);\r\n\tif(authp < X.Sz()) auth = authp?X.SC(authp,0x100,'CP1250'):''; else return false;\r\n\tmiscp = 0x0E+X.I16(0x0E,_BE);\r\n\tif(miscp < X.Sz()) misc = miscp?X.SC(miscp,0x100,'CP1250'):''; else return false;\r\n\tx = X.U8(0x10)+1; p = 0x12+X.I16(0x12,_BE); if(p > X.Sz()) return false;\r\n\ttitles = []; for(i=0; i < x; i++,p+=4) if(t = p+X.I16(p,_BE))\r\n\t\tif(t < X.Sz()) titles.push(X.SC(t,0x100,'CP1250').trim()); else return false;\r\n\treturn true\r\n}\r\nif(!bDetected && isAYEmul()) {\r\n\tsName = \"Sergej Bulba's AY Emul chiptune (.EMUL)\"; bDetected = 1;\r\n\tsVersion = [X.U8(8)?'Rel '+X.U8(8):'', X.U8(9)?'Plr '+X.U8(9):''].join(' ').trim();\r\n \tif(X.isVerbose()) {\r\n\t\tsOptionT(titles.join(',')); if(x > 1) sOption(x,'×');\r\n\t\tif(authp) sOptionT(auth,'by: '); if(miscp) sOptionT(misc);\r\n\t}\r\n}\r\n\r\n\r\nfunction isBobsAdlib() {\r\n\tif(!X.c(\"'CBMF'\")) return false;\r\n\t//ref https://github.com/adplug/adplug/blob/master/src/bam.cpp\r\n\t// & https://rpg.hamsterrepublic.com/ohrrpgce/BAM_Format\r\n\tp = 4; notes = ins = 0; var songend = false, m = Math.min(X.Sz(), 0x10000), v = [];\r\n\tfor(i=0; i < 16; i++) v[i] = false;\r\n\twhile(!songend && p < m) {\r\n\t\twhile(!songend && (b=X.U8(p++)) < 0x80 && p < m)\r\n\t\t\tif(isWithin(b, 1,0xF) || isWithin(b, 0x40,0x4F) || isWithin(b, 0x71,0x7E)) return false; //per draft 3\r\n\t\t\telse switch(b>>4) {\r\n\t\t\tcase 0: if(!X.isHeuristicScan()) songend = true; break; //this isn't guaranteed!\r\n\t\t\tcase 1: if(!v[b-0x10]) return false; p++; notes++; break; //start note\r\n\t\t\tcase 2: break; //stop note\r\n\t\t\tcase 3: v[b-0x30] = true; p += 11; break; //define ins\r\n\t\t\tcase 5: break; //set label\r\n\t\t\tcase 6: p++; break; //jump\r\n\t\t\tcase 7: //end of chorus\r\n\t\t\tdefault: break;\r\n\t\t\t}\r\n\t\t//if b >= 0x80 it's a pause\r\n\t}\r\n\tif(!X.isHeuristicScan()) {\r\n\t\tif((!songend && m < X.Sz()) || notes < 0x10) return false; //we'll ignore the \"zero at the start\" stupid files unless you really want them, but then the detection becomes much worse\r\n\t\tfor(i=0; i < 16; i++) if(v[i]) ins++; if(!ins) return false; //\r\n\t}\r\n\treturn true\r\n}\r\nif(!bDetected && isBobsAdlib()) {\r\n\tsName = \"Bob's Adlib Music module (.BAM)\"; bDetected = 1\r\n\tsOption('ch:'+ins+' notes:'+notes+' sz:'+outSz(p))\r\n}\r\n\r\n\r\nfunction isCMF() {\r\n\tif(!X.c(\"'CTMF'\")) return false;\r\n\tif(!isWithin(X.U16(4),0x100,0x101) || !isWithin(X.U16(8),0x25,X.Sz()-1)) return false;\r\n\t//ref https://github.com/adplug/adplug/blob/master/src/cmf.cpp\r\n\t// & https://moddingwiki.shikadi.net/wiki/CMF_Format\r\n\tnV = X.U16(4,_LE); ic = 0 /*invalid values for heuristics*/; bad = '';\r\n\tpins = X.U16(6,_LE); pmus = X.U16(8,_LE); //instruments, music ptr\r\n\tif(pmus <= pins) {ic++; bad = bad.addIfNone('!badptr') }\r\n\tif(nV >= 0x101) { p = 0x28; ins = X.U16(0x24) } else { p = 0x25; ins = X.U8(0x24) }\r\n\tif((t=Util.divu64(pmus-pins,0x10)) != ins) { ic++; bad = bad.addIfNone('!inconsistentinscnt'+t) }\r\n\ttp = X.U16(0x0E,_LE); if(tp && !isWithin(tp,p,pins-1)) { tp = 0; ic++; bad = bad.addIfNone('!badptr') }\r\n\tap = X.U16(0x10,_LE); if(ap && !isWithin(ap,p,pins-1)) { ap = 0; ic++; bad = bad.addIfNone('!badptr') }\r\n\tcp = X.U16(0x12,_LE); if(cp && !isWithin(cp,p,pins-1)) { cp = 0; ic++; bad = bad.addIfNone('!badptr') }\r\n\tch = 0; for(i=0x14; i < 0x24; i++) { if((t=X.U8(i)) == 1) ch++; else if(t > 1) ic++} if(!ch) ic++;\r\n\tsz = X.fSig(pmus,Math.min(0x10000,X.Sz()),\"FF2F00\");\r\n\tif(sz < 0) { sz = X.fSig(pmus,Math.min(0x10000,X.Sz()),\"FF2FFE\"); bad = bad.addIfNone('!badeof')}\r\n\tif(sz > 0) sz += 3;\r\n\treturn ic < 5\r\n}\r\nif(!bDetected && isCMF()) {\r\n\tsName = \"Creative Labs' Creative Music Format chiptune (.CMF)\"; bDetected = 1;\r\n\tsVersion = \"v\"+(nV>>8)+\".\"+(nV&0xFF);\r\n\tif(bad != '') sVersion += \"/malformed\"+bad;\r\n\tif(X.isVerbose()) {\r\n\t\tif(tp) sOptionT(addEllipsis(X.SC(tp,0x100,'CP437')));\r\n\t\tif(ap) sOptionT(addEllipsis(X.SC(ap,0x100,'CP437')),\"by: \");\r\n\t\tif(cp) sOptionT(addEllipsis(X.SC(cp,0x100,'CP437')));\r\n\t\tif(nV >= 0x101 && X.U8(sz) == 0xFF) sz++; //a lot of v1.1 CMFs end in FF, enough to be significant?\r\n\t\tsOption('ch:'+ch+' ins:'+ins+' sz:'+outSz(sz))\r\n\t}\r\n}\r\n\r\n\r\nfunction isDSym() {\r\n\t//ref https://github.com/OpenMPT/openmpt/blob/master/soundlib/Load_dsym.cpp\r\n\t// & https://sourceforge.net/p/xmp/libxmp/ci/master/tree/src/loaders/sym_load.c\r\n\tif(X.Sz() < 90 || !X.c(\"02011313 1412010B\") || X.U8(8) > 1 || !isWithin(ch=X.U8(9), 1,8)\r\n\t || (ord=X.U16(0xA)) > 4096 || (ptn=X.U16(0xC)) > 4096) return;\r\n\tvar infolen = X.U24(0x0E), smpsz = [], smpnsz = [];\r\n\tsmp = 0; p = 0x11;\r\n\tfor(i=0; i < 63; i++,p++) {\r\n\t\tsmpnsz[i] = X.U8(p); if(!(X.U8(p) & 0x80)) { smp++; smpsz[i] = X.U24(p+1); p += 3 } }\r\n\ttitle = X.UCSD(p); p += 1+X.U8(p);\r\n\tvar ac = X.readBytes(p,8); p += 8; if(p > X.Sz()) return;\r\n\t//TODO? lzw unpacking and whatnot\r\n\treturn true\r\n}\r\nif(!bDetected && isDSym()) {\r\n\tsName = \"Oregan Developments' Digital Symphony module (.DSYM)\"; sVersion = 'v'+X.U8(8); bDetected = 1;\r\n\tif(X.isVerbose()) {\r\n\t\tsOptionT(title); sOption('ch:'+ch+' ord:'+ord+' ptn:'+ptn+' smp:'+smp);\r\n\t}\r\n}\r\n\r\n\r\nfunction isDigitalFM() {\r\n\t//ref https://verhaagr.home.xs4all.nl/dfm.zip / dfm.pas\r\n\tif(!X.c(\"'DFM'1A\") || X.U8(4) > 1 || [0,1,0x63].indexOf(X.U8(5)) < 0 || X.U8(6) > 0x20\r\n\t || !isWithin(tmp0=X.U8(0x27), 5,0x1F)) return;\r\n\tinss = [];\r\n\tfor(i=0,p=0x28; i < 32; i++,p+=12) if(X.U8(p) > 11) return; else inss.push(X.UCSD(p)); p += 0x160;\r\n\tfor(ord=ptn=i=0; i < 128 && X.U8(p+i) != 0x80; i++,ord++) ptn = Math.max(ptn,X.U8(p+i)+1);\r\n\tfor(i++; i < 128; i++) if(X.U8(p+i)) return;\r\n\tp += 0x80; optn = X.U8(p++);\r\n\t//from here the original code ignores the pattern count and just keeps reading patterns until EoF!\r\n\tfor(rptn=next=0; rptn < optn && p < X.Sz(); rptn = next+1) {\r\n\t\tnext=X.U8(p++); for(i=0; i < 64*9; i++) if(X.U8(p++) & 0x80) p++\r\n\t}\r\n\treturn true\r\n}\r\nif(!bDetected && isDigitalFM()) {\r\n\tsName = \"Rene Verhaag's Digital-FM module (.DFM)\";\r\n\tsVersion = 'v'+X.U8(4)+'.'+X.U8(5).padStart(2,'0'); bDetected = 1;\r\n\tif(X.isVerbose()) {\r\n\t\tsOptionT(X.SC(7,32,'CP1252'));\r\n\t\tsOptionT(addEllipsis(inss.filter(funSampleName).join(' ')),'ins/msg:\"','\"');\r\n\t\tsOption('ch:'+X.U8(6)+' tmp0:'+tmp0+' ord:'+ord\r\n\t\t\t+' ptn:'+(ptn!=optn?ptn+'/':'')+(rptn!=optn?rptn+'/':'')+optn+' sz:'+outSz(p));\r\n\t}\r\n}\r\n\r\n\r\nfunction isDRO() {\r\n\t//ref https://github.com/ValleyBell/libvgm/blob/master/player/droplayer.cpp\r\n\tif(!X.c(\"'DBRAWOPL'\")) return;\r\n\tif((t = X.U32(8)) & 0xFF00FF00) { sVersion = 'v0'; mV = MV = 0 }\r\n\telse if(!(t & 0x0000FFFF)) { mV = X.U16(8); MV = X.U16(0xA) }\r\n\telse { MV = X.U16(8); mV = X.U16(0xA) }\r\n\tif(MV > 3) return;\r\n\t//we only know about v2 but it may happen one day\r\n\tif(MV) sVersion = 'v'+MV+'.'+mV.padStart(2,'0'); db = '';\r\n\tswitch(MV) {\r\n\tcase 0:\r\n\t\tdb = 'DOSBox 0.62'; lenMS = X.U32(8); dtsz = X.U32(0xC);\r\n\t\thw = X.U8(0x10); dtofs = 0x11; //fallthrough\r\n\tcase 1:\r\n\t\tif(MV == 1) {\r\n\t\t\tdb = 'DOSBox 0.63'; lenMS = X.U32(0xC); dtsz = X.U32(0x10);\r\n\t\t\thw = (t=X.U32(0x14)) <= 0xFF ? t : 0xFF; dtofs = 0x18;\r\n\t\t}\r\n\t\tif(hw == 1) hw = 2; else if(hw == 2) hw = 1;\r\n\t\tfmt = 0; co = 0; break;\r\n\tcase 2:\r\n\t\tdb = 'DOSBox 0.73'; dtsz = X.U32(0xC) << 1; lenMS = X.U32(0x10); hw = X.U8(0x14);\r\n\t\tfmt = X.U8(0x15); co = X.U8(0x16); ds = X.U8(0x17); dl = X.U8(0x18); regcmdcnt = X.U8(0x19);\r\n\t\tdtofs = 0x1A+regcmdcnt; if(regcmdcnt > 0x80) regcmdcnt = 0x80; regmap = X.readBytes(0x1A,regcmdcnt);\r\n\t\t//scan init block\r\n\t\tif(hw == 1) {\r\n\t\t\tp = dtofs; opl3on = 0; reginit = []; for(i=0; i < 0x200; i++) reginit[i] = false;\r\n\t\t\twhile(p < X.Sz()) {\r\n\t\t\t\tt = X.U8(p); if(t == ds || t == dl) break; if((t & 0x7F) >= regcmdcnt) break;\r\n\t\t\t\tcreg = ((t & 0x80) << 1) | regmap[t & 0x7F]; reginit[creg] = true; if(creg == 0x105) opl3en = X.U8(p+1);\r\n\t\t\t\tp += 2\r\n\t\t\t}\r\n\t\t\tif(reginit[0x105] && (opl3en & 1)) hw = 2;\r\n\t\t}\r\n\t\thw = ['YM3812 (OPL2)', 'YM3812 (Dual OPL2)', 'YMF262 (OPL3)'].indexOf(hw);\r\n\t\tif(hw === -1) hw = 'YMF262(portshift)';\r\n\t}\r\n\treturn true\r\n}\r\nif(!bDetected && isDRO()) {\r\n\tsName = \"DOSBox Raw OPL chiptune (.DRO)\";\r\n\tsVersion = sVersion.appendS(hw,'#'); bDetected = 1;\r\n\t\tif(X.isVerbose()) {\r\n\t\t\tsOption('len: '+secondsToTimeStr(Util.divu64(lenMS+500,1000))+' via: '+db+' packed:'+co\r\n\t\t\t\t+' sz:'+outSz(dtofs+dtsz))\r\n\t\t}\r\n\r\n}\r\n\r\n\r\nfunction isFunktracker() {\r\n\tif(X.Sz() < 0x8FF || !X.c(\"'Funk'\")) return false;\r\n\t//ref https://sourceforge.net/p/xmp/libxmp/ci/master/tree/docs/formats/FORMAT.FunktrackerGOLD\r\n\tsz = X.U32(8); if(!isWithin(sz,0x8FF,0x100000)) return false;\r\n\tt = X.U32(4); sV = X.SA(0x0C,4); bad = ''; sus = 0;\r\n\tif(/F2\\d\\d/.test(sV))\r\n\t\tsversion = \"R2 GOLD \"+(1980+((t>>9)&0x7F))+\"-\"\r\n\t\t +((t>>5)&0xF).padStart(2,'0')+\"-\"+(t&0x1F).padStart(2,'0')+\" \";\r\n\telse sversion = \"R1\";\r\n\tif(/F[2vk]\\d\\d/.test(sV)) ch = X.SA(0x0E,2);\r\n\telse { sversion += \"b\"; ch = 8; sus++ }\r\n\tswitch((t>>20)&0xF) {\r\n\tcase 1: case 2: t = \"IBM\"; break; case 3: t = \"Intel 386\"; break;\r\n\tcase 4: t = \"Intel 486\"; break; case 5: t = \"Pentium\"; break; case 6: t = \"Linux\"; break;\r\n\tcase 7: t = \"FreeBSD\"; break; case 8: t = \"N/A\"; break; default: t = \"unk.system\" }\r\n\tsversion += \"#\"+t;\r\n\tswitch((t>>16)&0xF) {\r\n\tcase 0: t = \"SB 2.0\"; break; case 1: t = \"SB Pro\"; break;\r\n\tcase 2: t = \"GUS+ch.pan\"; break; case 3: t = \"SB compatible\"; break;\r\n\tcase 4: t = \"SB 16\"; break; case 5: t = \"GUS\"; break; case 6: t = \"conversion\"; break;\r\n\tcase 7: t = \"Pro Audio Spectrum\"; break; case 8: t = \"Voxware /dev/dsp 8 bit\"; break;\r\n\tcase 9: t = \"Voxware /dev/dsp 16 bit\"; break; case 15: t = \"unk.soundcard\"; break;\r\n\tdefault: t = \"soundcard N/A\" }\r\n\tsversion += \":\"+t;\r\n\tif(!X.isVerbose() && X.Sz() < sz) bad = bad.addIfNone('!short');\r\n\tord = 0; ptn = -1; for(i = 0; i < 256; i++) {\r\n\t\tt = X.U8(0x11+i); if(t == 0xFF) break; ord++;\r\n\t\tif(t > 0x79)\r\n\t\t\tif(X.isHeuristicScan()) { bad = bad.addIfNone(\"!badord\") }\r\n\t\t\telse return false;\r\n\t\telse if(t > ptn) ptn = t;\r\n\t} ptn++;\r\n\tlp = X.U8(0x10); if(lp != 0xFF && lp > ord) bad += \"!badloop\";\r\n\tsmp = sus = 0; smps = [];\r\n\tfor(i = 0x190; i < 0x8BF; i += 0x20) {\r\n\t\tif(!isWithin(X.U8(i),1,0x4F)) return false; //vol\t\t\r\n\t\tif(X.U32(i+0x18)) smp++; //length\r\n\t\tif(charStat(X.readBytes(i+1,0x13),1).indexOf('allasc') < 0) sus++; if(sus > 3) return false\r\n\t\tsmps.push(X.SC(i+1,0x13,'CP437').trim()) //smp name; charset TBD\r\n\t}\r\n\treturn true\r\n}\r\nif(!bDetected && isFunktracker()) {\r\n\tsName = \"Jason Nunn's Funktracker module (.FNK,.Funk)\"; sVersion = sversion; bDetected = 1;\r\n\tif(bad != \"\") sVersion += \"/malformed\"+bad;\r\n\tif(X.isVerbose()) {\r\n\t\tbpm = X.U8(4); bits = bpm&1 ? 16 : 8; bpm >>= 1; var sine = bpm >> 6;\r\n\t\tbpm &= (1<<6)-1; if(sine) bpm = 125-bpm; else bpm = 125+bpm;\r\n\t\tsOptionT(addEllipsis(smps.filter(funSampleName).join(' ')),'smp/msg:\"','\"');\r\n\t\tsOption('ch:'+ch+' bpm0:'+bpm+' ord:'+(lp!=0xFF?lp+'~':'')+ord+' ptn:'+ptn\r\n\t\t\t+' smp:'+smp+' ' +bits+'bit sz:'+outSz(sz))\r\n\t}\r\n}\r\n\r\n\r\nfunction isPreTracker() {\r\n\t \t//ref https://git.platon42.de/chrisly42/PretrackerRaspberryCasket/src/branch/main/src/raspberry_casket.asm lines 257+\r\n\tif(!X.c(\"'PRT'\") || !isWithin(ins=X.U8(0x40), 1,0x40)) return;\r\n\tif(!isWithin(nV=X.U8(3), 10,50)) return;\r\n\tif(nV < 30) if(!(ptn=[X.U8(0x3D)])[0] || !(ord=[X.U8(0x3E)])[0] || (lp=[X.U8(0x3C)])[0] > ord[0]) return;\r\n\tx = 1; p = 0x5A; ptnp = [];\r\n\tif(nV >= 30) x = X.U8(p++); if(!x) return;\r\n\tif(nV >= 30) { ord = []; lp = []; ptn = []; }\r\n\tvar steps = [];\r\n\tfor(i=0; i < x; i++) {\r\n\t\tlp.push(X.U8(p++)); ptn.push(X.U8(p++)); steps.push(X.U8(p++));\r\n\t\tord.push(X.U8(p++)); ptnp.push(X.U32(p,_BE)); p += 4;\r\n//_l2r('prt',i,'ord:'+lp[i]+'-'+ord[i]+' ptn:'+ptn[i]+' steps:'+steps[i]+' +pp:'+Hex(ptnp[i]))\r\n\t\tp += ord[i]*4*2;\r\n\t\t//if(!ord[i] || ptnp[i] < 0x5B+8) return\r\n\t\tfor(i=0; i < x; i++) ptnp[i] += p;\r\n\t\tmpp = (function(){var i=ptnp.indexOf(Math.max.apply(null,ptnp));return [ptnp[i],steps[i]];}());\r\n//_l2r('prt',p,outArray(ptnp,16)+' s'+outArray(steps,16)+' ->'+outArray(mpp,16))\r\n\t}\r\n\t//ptn data\r\n//_l2r('prt',p,'ptn')\r\n//p = mpp[0]+3*mpp[1];\r\n//_l2r('prt',p,outArray(X.readBytes(p,6),16))\r\n// TODO: Pink's PreTracker WIP\r\n\treturn X.Sz() > p\r\n}\r\nif(!bDetected && isPreTracker()) {\r\n\tsName = \"Manfred 'Pink' Linzner's PreTracker module (.PRT)\"; bDetected = 1;\r\n\tif(nV < 25) sVersion = \"v<0.3\"; else\r\n\tif(nV == 25) sVersion = \"v0.3~0.866\"; else\r\n\tif(nV == 26) sVersion = \"v0.87~0.92\"; else\r\n\tif(isWithin(nV, 27,29)) sVersion = \"v.[0.93~1.5)\"; else\r\n\tif(nV == 30) sVersion = \"v1.5+\";\r\n\telse sVersion = \"v.TODO\";\r\n\tif(X.isVerbose()) {\r\n\t\tsOptionT(X.SA(0x14,0x14));\r\n\t\tif(x > 1) sOption(x,'×');\r\n\t\tsOptionT(X.SA(0x28,0x14),\"by: \");\r\n\t\tsOption('ord:'+(lp?lp+'-':'')+ord+' ptn:'+ptn+' ins:'+ins+' wf:'+(wf=X.U8(0x41)))\r\n\t}\r\n}\r\n\r\n\r\nfunction isComebackTracker() {\r\n\t//ref REing PreTracker 1.5 which has CBT beta import routines\r\n\tif(X.Sz() < 0x64 || !X.c(\"'CBT'\") || !isWithin(nV=X.U8(3), 1,12)) return;\r\n\t// ecx = 0x10; eax = ecx+1; max = Math.min(0x10000,X.Sz());\r\n\t// while(X.U8(ecx++));\r\n\treturn true\r\n}\r\nif(!bDetected && isComebackTracker()) {\r\n\tsName = \"Manfred 'Pink' Linzner's Comeback Tracker module (.CBT)\"; bDetected = 1;\r\n\tsVersion = 'v'+nV+'β'\r\n}\r\n\r\n\r\nfunction isProSoundMaker_c() {\r\n\t//ref https://ay.strangled.net/Ay_Emul30.src.7z /Help/html/ay_ru_fmt_psm.htm\r\n\tbad = ''; sus = lp = 0; m = Math.min(X.Sz(), 0x4000);\r\n\tvar ordp = X.U16(0); if(!isWithin(ordp,8,0xFF)) { sus++; bad += '!badpos' }\r\n\tvar smpp = X.U16(2); if(!isWithin(smpp, ordp,0x1FF)) { sus++; bad += '!badsmp' }\r\n\tvar ornp = X.U16(4); if(ornp && !isWithin(ornp, smpp,0x4FF)) { sus++; bad += '!badorn' }\r\n\tvar ptnp = X.U16(6); if(!isWithin(ptnp, ornp,0x5FF)) { sus++; bad += '!badptn' }\r\n\ttitle = '';\r\n\tif(ordp >= 0xD) {\r\n\t\tvar idfound = X.c(\"'psm1'00\", 8), titlep = idfound? 0xD: 8;\r\n\t\tif(titlep < ordp) title = decAnsi(titlep,ordp-titlep,CPSpeccy);\r\n\t\tif(idfound) sus -= 2\r\n\t}\r\n\tif(sus > 2) return;\r\n\tvar ords = [], smps = [0], orns = [0], ptns = [];\r\n\tfor(p=ordp,ord=ptn=0; p < m; ord++) {\r\n\t\tvar o = X.U8(p++); t = X.U8(p); var ti = X.I8(p++);\r\n\t\tif(o == 0xFF) { if(t == 0xFF) break; if(t & 0x80) { if((t & 0x1F) >= ord) return; else lp = t & 0x1F } break }\r\n\t\tif(!isWithin(ti, -36,36) || ord > 100 || o > 32) return;\r\n\t\tif(!ords.includes(o)) ords.push(o); if(o >= ptn) ptn = o+1;\r\n\t} if(!ord) return;\r\n\tq = X.U16(smpp); smp = (q-smpp) >> 1;\r\n\tfor(p=smpp; p < q; p+=2) if(!isWithin(t=X.U16(p), smpp,ornp)) return; else if(!smps.includes(t)) smps.push(t);\r\n\tif(ornp == ptnp) orn = 0; else { q = X.U16(ornp); orn = (q-ornp) >> 1;\r\n\t\tfor(p=ornp; p < q; p+=2) if(!isWithin(t=X.U16(p), ornp,ptnp)) return; else if(!orns.includes(t)) orns.push(t) }\r\n\ttmp = [100, 0];\r\n\tfor(i=0,p=ptnp; i < ptn; i++) {\r\n\t\tif(!isWithin(t=X.U8(p++), 2,50)) return;\r\n\t\tif(tmp[0] > t) tmp[0] = t; if(tmp[1] < 1) tmp[1] = t;\r\n\t\tfor(j=0; j < 3; j++,p+=2)\r\n\t\t\tif(!isWithin(t=X.U16(p), ptnp,m)) return;\r\n\t\t\telse { if(!ptns.includes(t)) ptns.push(t) }\r\n\t}\r\n\tptns.sort(function(a,b){return a-b}); if(Util.divu64(ptns[0]-ptnp,7) != ptn) return;\r\n\tfor(i=1; i < ptns.length; i++) if(!isWithinRanges(t=X.U8(ptns[i]-1), [0xFF,[0xB8,0xF8]])) { sus++; if(sus > 5) return }\r\n\t// parse the highest pattern, find size\r\n\tfor(p=ptns.pop(); p < m;) {\r\n\t\tc = X.U8(p++);\r\n\t\tif(c == 0xFF) break;\r\n\t\tif(isWithin(c, 0xB1,0xB7) || c == 0xFC) p++;\r\n\t\telse if(c == 0xF9) p += 4;\r\n\t\telse if([0xFD, 0xFE].includes(c)) return\r\n\t}\r\n\tsz = p;\r\n\treturn true\r\n}\r\nif(!bDetected && isProSoundMaker_c()) {\r\n\tsName = \"Denis 'Dexus' Dratov's Pro Sound Maker module (.PSM)\"; sVersion = 'compiled'; bDetected = 1; \r\n\tif(sus>0 || bad.length) sVersion += '/malformed'+bad+'/sus'+sus;\r\n\tif(X.isVerbose()) {\r\n\t\tsOptionT(title);\r\n\t\tsOption('tmp:'+tmp[0]+(tmp[0] == tmp[1]?'':'-'+tmp[1])+' ord:'+(lp?lp+'~':'')+ord\r\n\t\t\t+' ptn:'+ptn+' smp:'+smp+(orn?' orn:'+orn:'')+' sz:'+outSz(sz))\r\n\t}\r\n}\r\n\r\n\r\nfunction isProtrackerIFF() {\r\n\tif(!X.c(\"'FORM'........ 'MODLVERS'00000016\") || !X.c(\"'INFO'00000048\",0x1E)\r\n\t || !X.c(\"'CMNT'000001A4\",0x66) || !X.c(\"'PTDT'\",0x20A)) return false;\r\n\tinfo = cmt = dt = pt = sv = ''; smp = ord = ptn = tmp0 = 0; sz = X.U32(4,_BE)+8;\r\n\tmaxsz = Math.min(sz,X.Sz());\r\n\tp = 0x1E; while (!bDetected && p < maxsz) {\r\n\t\thkhd = X.SA(p,4); hksz = X.U32(p+4,_BE); if(charStat(hkhd,1).indexOf('allasc') < 0) break;\r\n\t\tswitch (hkhd) {\r\n\t\tcase 'INFO': info = decAnsi(p+8,0x20,CPAmiga).trim();\r\n\t\t\tsmp = X.U16(p+0x28,_BE); ord = X.U16(p+0x2A,_BE);\r\n\t\t\tptn = X.U16(p+0x2C,_BE); bpm0 = X.U16(p+0x30,_BE);\r\n\t\t\tvar dd = X.U16(p+0x34,_BE); if(!isWithin(dd,1,31)) return false;\r\n\t\t\tvar mm = X.U16(p+0x36,_BE); if(!isWithin(mm,0,12)) return false;\r\n\t\t\tvar yy = X.U16(p+0x38,_BE); if(isWithin(yy,30,88)) return false;\r\n\t\t\tdt = (1900+yy)+'-'+mm.padStart(2,'0')+'-'+dd.padStart(2,'0')+' '\r\n\t\t\t\t+X.U16(p+0x3A,_BE).padStart(2,'0')+':'+X.U16(p+0x3C,_BE).padStart(2,'0')\r\n\t\t\t\t+':'+X.U16(p+0x3E,_BE).padStart(2,'0');\r\n\t\t\tpt = secondsToTimeStr(X.U16(p+0x40,_BE)*3600+X.U16(p+0x42,_BE)*60+X.U16(p+0x44,_BE));\r\n\t\t\tbreak;\r\n\t\tcase 'CMNT': auth = decAnsi(p+8,0x20,CPAmiga).trim(); if(auth === 'UNNAMED AUTHOR') auth = '';\r\n\t\t\tcmt = decAnsi(p+0x28,hksz-0x20,CPAmiga).trim(); break;\r\n\t\tcase 'PTDT': return true\r\n\t\t}\r\n\t\tp += hksz\r\n\t}\r\n}\r\nif(!bDetected && isProtrackerIFF()) {\r\n\tsName = \"ProTracker IFF-wrapped module (.PTM)\"; bDetected = 1;\r\n\tsv = X.SA(0x18,6).trim(); if(!sv.length) sv = 'v3.6'; sVersion = sv;\r\n\tif(X.isVerbose()) {\r\n\t\tsOption(info); sOption(auth,'by: '); sOption(cmt);\r\n\t\tsOption(dt,'on '); sOption(pt,'len ');\r\n\t\tsOption('bpm0:'+bpm0+' ord:'+ord+' ptn:'+ptn+' smp:'+smp);\r\n\t\tsOption(outSz(sz),'sz:')\r\n\t}\r\n}\r\n\r\n\r\nfunction isS3M() {\r\n\t//ref https://moddingwiki.shikadi.net/wiki/S3M_Format\r\n\t//from https://github.com/OpenMPT/openmpt/blob/master/soundlib/S3MTools.h & Load_s3m.cpp\r\n\t// & http://asle.free.fr/prowiz/prowiz.src.zip / r/S3M.c\r\n\tif(!X.c(\"'SCRM'\", 0x2C) || !X.c(\"10\",0x1D) || [1,2].indexOf(X.U8(0x2A)) < 0 || X.Sz() < 0x60) return false;\r\n\tkeepmidims = fmttrkstr = trknc = isST3 = isSchism = false;\r\n\ttracker = lswv = bad = ''; sus = 0;\r\n\tif(!X.c(\"1A\",0x1C)) {sus++; bad = bad.addIfNone('!badsig1a') }\r\n\tz1 = X.U16(0x1E); if(z1) { sus++; bad = bad.addIfNone('!badsig0') }\r\n\tord = X.U16(0x20); if(ord & 1) { sus++; bad = bad.addIfNone('!oddord') }\r\n\tsmp = X.U16(0x22); ptn = X.U16(0x24);\r\n\tfl = X.U16(0x26); cwtv = X.U16(0x28); tv = cwtv >> 12; wtv = cwtv & 0xFFF; fmtv = X.U16(0x2A);\r\n\tgvol = X.U8(0x30); spd = X.U8(0x31); tmp = X.U8(0x32); mvol = X.U8(0x33); uc = X.U8(0x34);\r\n\tusept = (X.U8(0x35) && 0xFC) > 0; r2 = X.U16(0x36); special = X.U16(0x3E);\r\n\tch = 4; for(i=0; i < 0x20; i++) if(X.U8(0x40+i) != 0xFF) ch = i+1;\r\n\tt = Hex(cwtv); sv = t.substr(1,1)+'.'+t.substr(2,2).padStart(2,'0');\r\n\tswitch(tv) {\r\n\tcase 0x208 & tv: tracker = 'Akord'; break;\r\n\tcase 1: if(X.c(\"'SCLUB2.0'\",0x36)) tracker = 'Sound Club 2';\r\n\t\telse if(cwtv == 0x1320 && !special && !(ord & 0xF) && !uc && !(fl & ~0x50) && usept) {\r\n\t\t\tif(mvol) { lswv = '1.16'; tracker = 'ModPlug Tracker/OpenMPT 1.17' }\r\n\t\t\telse { lswv = '1.00.00.A0'; tracker = 'ModPlug Tracker 1.0 alpha' }\r\n\t\t\tkeepmidims = trknc = true\r\n\t\t} else if(cwtv == 0x1320 && !special && !uc && !fl && !usept) {\r\n\t\t\tif(gvol == 64 && mvol == 48) tracker = 'PlayerPRO';\r\n\t\t\telse tracker = 'Velvet Studio' //TODO attribute in a brief way\r\n\t\t} else if(cwtv == 0x1320 && !special && !uc && fl == 8 && !usept)\r\n\t\t\ttracker = \"J.Lim's Impulse Tracker < 1.03\";\r\n\t\telse {\r\n\t\t\tisST3 = true; if(cwtv == 0x1320) tracker = \"Psi's Scream Tracker 3.20-21\"; else {\r\n\t\t\t\ttracker = \"Psi's Scream Tracker\"; fmttrkstr = true }\r\n\t\t} break;\r\n\tcase 2: fmttrkstr = cwtv != 0x2013; if(fmttrkstr) tracker = 'Imago Orpheus'; else tracker = 'PlayerPRO';\r\n\t\ttrknc = true; break;\r\n\tcase 3: if(cwtv == 0x3320) tracker = 'Impulse Tracker 1.03';\r\n\t\telse { if(r2 > 0x214) tracker = \"Impulse Tracker 2.15\";\r\n\t\t\telse if(isWithin(wtv,0x215,0x217))\r\n\t\t\t\t\ttracker = 'Impulse Tracker 2.14p'+(wtv == 0x215? '1-2': wtv == 0x216? '3': '4-5');\r\n\t\t\t\telse tracker = 'Impulse Tracker '+((wtv&0xF00)>>8)+'.'+(wtv&0xFF).toString(16).padStart(2,'0');\r\n\t\t}\r\n\t\t// if(cwtv >= 0x3207 && X.U32(0x38)) {} // could decode the total edit time here if you wanted\r\n\t\ttrknc = true; break;\r\n\tcase 4: if(cwtv == 0x4100) tracker = 'BeRoTracker';\r\n\t\telse {\r\n\t\t\tisSchism = true;\r\n\t\t\tvar dt = 734016 + (wtv < 0xFFF? wtv-0x050: r2);\r\n\t\t\tvar y = Util.div64(dt*10000+14780, 3652425);\r\n\t\t\tvar ddd = dt - (365*y + Util.div64(y,4) - Util.div64(y,100) + Util.div64(y,400));\r\n\t\t\tif(ddd < 0) { y--; ddd = dt - (365*y + Util.div64(y,4) - Util.div64(y,100) + Util.div64(y,400)) }\r\n\t\t\tvar mi = Util.div64(100*ddd+52, 3060);\r\n\t\t\ttracker = 'Schism Tracker '+(y+Util.div64(mi+2,12)).padStart(4,'0')+'-'\r\n\t\t\t\t+((mi+2)%12+1).padStart(2,'0')\r\n\t\t\t\t+'-'+(ddd - Util.div64(mi*306+5,10) + 1).padStart(2,'0')\r\n\t\t}\r\n\t\ttrknc = true; break;\r\n\tcase 5: if((cwtv >> 8) == 0x57) { tracker = 'NESMusa'; fmttrkstr = true\r\n\t\t} else if(!r2 && uc == 16 && X.U8(0x41) != 1) { tracker = 'Liquid Tracker'; fmttrkstr = true\r\n\t\t} else if(cwtv != 0x5447) {\r\n\t\t\tv = wtv << 16; if(v >= 0x01290000) v |= r2;\r\n\t\t\tfunction itV(v) { return v.slice(0,1)+'.'+v.slice(1,3)+'.'+v.slice(3,5)+'.'+v.slice(5,7) }\r\n\t\t\tlswv = itV(v.toString(16).toUpperCase().padStart(7,'0')); tracker = 'OpenMPT '+lswv\r\n\t\t} else tracker = \"Dumbo's Graoumf Tracker\";\r\n\t\tbreak;\r\n\tcase 6: tracker = 'BeRoTracker'; break;\r\n\tcase 7: tracker = \"BeRo's CreamTracker\"; break;\r\n\tdefault:\r\n\t\tif(cwtv == 0xCA00) tracker = 'Camoto';\r\n\t}\r\n\tif(sus >= 2) return false;\r\n\tif(fmttrkstr) tracker += ' '+sv;\r\n\tcharset = lswv != ''? 'CP1252': 'CP437';\r\n\tp = 0x60+ord+smp*2; max = sz = 0;\r\n\tfor (i=0; i < ptn; i++) {\r\n\t\tvar p1 = X.U16(p+i*2) << 4;\r\n\t\tif(!p1) continue;\r\n\t\tif (p1 > max) { max = p1; sz = max + X.U16(p1) }\r\n\t}\r\n\tif(sz%16) sz += 16-(sz%16);\r\n\tif(usept) { var anyunpannedch = false; p += ptn*2;\r\n\t\tfor(i=0; i < ch; i++)\r\n\t\t\tif(isST3 && isWithin(X.U8(0x40+(i&0xFF)), 16, 29) && X.U8(p+i) < 0x10)\r\n\t\t\t\tanyunpannedch = true;\r\n\t\tif(ch < 32 && lswv.indexOf('1.16') >= 0)\r\n\t\t\tif(anyunpannedch) tracker = 'ModPlug Tracker 1.16/OpenMPT 1.17';\r\n\t\t\telse tracker = 'ModPlug Tracker'\r\n\t}\r\n\tp = 0x60+ord; anysmp = anyADPCM = false; gus = 0; smps = [];\r\n\tfor(i=0; i < smp; i++) {\r\n\t\tsi = X.U16(p+i*2) << 4; if(!si) continue; else if(si > X.Sz()) { bad = bad.addIfNone('!short'); continue }\r\n\t\tst = X.U8(si); ssz = X.U32(si+0x10); t = X.SC(si+0x30,0x1C,charset).trim(); if(t != '') smps.push(t);\r\n\t\tif(st < 2) {\r\n\t\t\tif(ssz) {\r\n\t\t\t\tanysmp = true; sf = X.U8(0x1F);\r\n\t\t\t\tif(!anyADPCM && X.U8(si+0x14) == 4 && !(sf & 6)) anyADPCM = true }\r\n\t\t\tgus |= X.U16(si+0x28) }\r\n\t\tif(X.U8(si) === 1) {\r\n\t\t\tsofs = X.U16(si+14) << 4;\r\n\t\t\tif (sofs > max) {\r\n\t\t\t\tif (sf & 4) ssz *= 2; //16-bit\r\n\t\t\t\tmax = sofs; if(sz < max+ssz) sz = max+ssz;\r\n\t\t\t}\r\n\t\t}\r\n\t}\r\n\tusegus = gus > 1;\r\n\tif(isST3 && anysmp && !gus && cwtv != 0x1300) {\r\n\t\tisST3 = false; tracker = 'Unknown';\r\n\t\tif(cwtv == 0x1301 && !uc) {\r\n\t\t\tif(!(fl & ~0x50) && (mvol & 0x80) && usept) tracker = \"Laurent Clévy's UNMO3\";\r\n\t\t\telse if(!fl && gvol == 48 && mvol == 176 && tmp == 150 && !usept)\r\n\t\t\t\ttracker = \"Slixter's deMODifier\";\r\n\t\t\telse if(!fl && gvol == 64 && (mvol & 0x7F) == 48 && spd == 6 && tmp == 125 && !usept)\r\n\t\t\t\ttracker = \"Zab/Kosmic's To-S3M\"\r\n\t\t}\r\n\t} else if(isST3) tracker += usegus? ' (GUS)': ' (SB)';\r\n\tif(anyADPCM) tracker += ' (ADPCM packed)';\r\n\treturn true\r\n}\r\nif(!bDetected && isS3M()) {\r\n\tsName = \"Sami 'Psi' Tammilehto's ScreamTracker 3 module (.S3M)\"; bDetected = 1;\r\n\tif(sus) sVersion = sVersion.appendS('malformed'+bad+' sus'+sus,'/');\r\n\tif(X.isVerbose()) {\r\n//if(!spd || spd == 0xFF && isST3) spd = 6; if(tmp < 33) tmp = isST3? 125: 32; //fixes for playback, include?\r\n\t\tsOptionT(X.SC(0,0x1C,charset)); sOption(tracker,'in:');\r\n\t\tsOption(addEllipsis(smps.join(' '),0xA0),'smp/msg:\"','\"');\r\n\t\tsOption('ch:'+ch+' tempo0:'+tmp+' spd0:'+spd+' ord:'+ord+' ptn:'+ptn+' smp:'+smp\r\n\t\t\t+' gvol:'+gvol+' smpvol:'+(mvol&0x7F)+(mvol&0x80?'/mono':'/stereo')+' sz:'+outSz(sz));\r\n\t}\r\n}\r\n\r\n\r\nfunction isMlatAT() {\r\n\tif(!X.c(\"'MAD+'\")) return;\r\n\tord = X.U8(0xB9); ptn = X.U8(0xBA); tmr = X.U8(0xBB);\r\n\tfor(i=0,p=0xBC; i < ptn*32*9; i++) if(isWithin(X.U8(p++),0x60,0xFD)) return;\r\n\tfor(i=0; i < ord; i++) if(!isWithin(X.U8(p++), 1,ptn)) return;\r\n\treturn true\r\n}\r\nif(!bDetected && isMlatAT()) {\r\n\tsName = \"Mlat Adlib Tracker module (.MAD)\"; bDetected = 1;\r\n\t//if(bad.length) sVersion = 'malformed'+bad;\r\n\tif(X.isVerbose()) sOption('ord:'+ord+' ptn:'+ptn+' sz:'+outSz(p))\r\n}\r\n\r\n\r\nfunction isProtoTracker() {\r\n\tif(!X.c(\"'SONG'\") ) return;\r\n\t//ref https://github.com/kometbomb/prototracker/blob/master/doc/FORMAT.TXT\r\n\t//TODO tighten somewhat\r\n\tsz = X.U32(4,_LE); p = 8;\r\n\tv = X.U8(p++); trk = v >= 1? X.U8(p++):4; fxprm = v >= 17? X.U8(p++): 1;\r\n\tfxc = v >= 17? X.U8(p++): 0;\r\n\ttitle = X.SC(p,0x1000,'CP1250'); p += title.length+1;\r\n\tptnr = X.U8(p++)+1; seqr = X.U8(p++)+1;\r\n\tif(!ptnr || !seqr) return; mcr = 0;\r\n\tfor(i=eof=0; p < X.Sz() && !eof; p += X.U32(p+4)) {\r\n\t\tswitch(X.SA(p,4)) {\r\n\t\tcase 'SEQU': if(X.U8(p+8) > seqr) return; i |= 1; break;\r\n\t\tcase 'PATT': i |= 0x10; break;\r\n\t\tcase 'MACR': i |= 0x100; mcr = X.U8(p+8); break;\r\n\t\tdefault: if(i < 0x11) return; eof = 1\r\n\t\t}\r\n\t}\r\n\tsz = p;\r\n\treturn true\r\n}\r\nif(!bDetected && isProtoTracker()) {\r\n\t\tsName = \"Tero 'kometbomb' Lindeman's ProtoTracker module (.SONG)\"; bDetected = 1;\r\n\t\tsVersion = sVersion = \"v\"+v;\r\n\t\tif(X.isVerbose()) {\r\n\t\t\tsOption(title);\r\n\t\t\tsOption('trk:'+trk+(fxc?' fx:'+fxc:'')+(mcr?' mcr:'+mcr:'')+' sz:'+outSz(sz))\r\n\t\t}\r\n}\r\n\r\n\r\nfunction isBeaverSweeper() {\r\n\t// ref https://www.pouet.net/prod.php?which=19993 /src/gtk_format.*, isSynth/*\r\n\tif(!X.c(\"'+SNT'\")) return;\r\n\t// read synth:\r\n\t// read samples\r\n\tfor(i=smp=0,p=4; i < 32; i++) if(X.U8(p) > 7) return; else if(X.U8(p++) & 1) {\r\n\t\tvar ssz = X.U24(p); p += 3+ssz*2; var lpst = X.U24(p), lped = X.U24(p+3); p += 6;\r\n\t\tif(lpst > ssz || lped > ssz || lped < lpst) return;\r\n\t\tif(ssz) smp++\r\n\t}\r\n\t// read ins\r\n\tvs = [];\r\n\tfunction parseType() {\r\n\t\t\tswitch(X.U8(p++)) {\r\n\t\t\tcase 1/*env*/: if(X.U8(p+0xB) > 1 || !isWithin(X.F32(p+3),-0.1,1.1)) return; p += 0xC; break;\r\n\t\t\tcase 2 /*LFO*/: if(X.U8(p+1) > 1 || X.U8(p+7) > 1) return; p += 0xE; break; case 3 /*ctlr*/: p += 5; break;\r\n\t\t\tcase 4 /*oscr*/: if(X.U8(p+9) > 1) return; p += 0x37; break;\r\n\t\t\tcase 5 /*flt*/: if(X.U8(p+1) > 1) return; p += 0x1D; break; case 6 /*distortion*/: p += 9; break;\r\n\t\t\tcase 7 /*delay*/: p += 0x18; break; case 8 /*chorus*/: if(X.U8(p+0x18) > 1) return; p += 0x19; break;\r\n\t\t\tdefault: return;\r\n\t\t\t}\r\n\t\treturn true\r\n\t}\r\n\tfunction parseTypes() {\r\n\t\tvar nr = X.U8(p++); for(var i=0; i < nr && p < X.Sz(); i++) if(!parseType()) return;\r\n\t\treturn true;\r\n\t}\r\n\tfor(i=ins=0; i < 16 && p < X.Sz(); i++) { //for each instrument:\r\n\t\tvar v = X.U8(p++);\r\n\t\tp += v; //polyvoice array\r\n\t\tif(v) ins++;\r\n\t\tfor(j=0; j < v && p < X.Sz(); j++) { //...for each voice: \r\n\t\t\tp+=2; //note range\r\n\t\t\tif(!parseTypes()) return; //modulators\r\n\t\t\tp += 1+55*X.U8(p); //oscillators\r\n\t\t\tif(X.U8(p) > 8) return; //max inserts\r\n\t\t\tif(!parseTypes()) return;\r\n\t\t\tp += 0xA; //modulation\r\n\t\t}\r\n\t\tt = X.U8(p++); if(t > 1) return; if(t) if(!parseType()) return; //distortion\r\n\t\tt = X.U8(p++); if(t > 1) return; if(t) p += 0xC1; // arpeggiator\r\n\t}\r\n\tp += 0x140; //instr. mixer settings\r\n\tfor(i=0; i < 3; i++) { //load effect chains\r\n\t\tfl = X.U8(p++);\r\n\t\tif(fl&1) if(!parseType()) return; if(fl&2) if(!parseType()) return; if(fl&4) if(!parseType()) return;\r\n\t}\r\n\tif(!X.c(\"'-SNT'\",p)) return; p += 4;\r\n\t//read the main module\r\n\tif(!X.c(\"'GOAT'\",p)) return;\r\n\tbad = ''; nv = X.U16(p+4); ch = X.U8(p+6); ptn = X.U8(p+7); ins = X.U8(p+8);\r\n\tbpm0 = X.U8(p+9); if(!bpm0) bpm0 = 125; p += 12;\r\n\tvar chlens = []; ord = 0;\r\n\tfor(i=0; i < ch; i++) {\r\n\t\tvar id = X.U8(p++);\r\n\t\tif(nv == 0x102) t = X.U8(p++); else { t = X.U16(p); p += 2 }\r\n\t\tord = Math.max(t,ord);\r\n\t\tfor(j=0; j < t; j++) {\r\n\t\t\tf = X.U16(p); p += 2; if(f > 0x100) bad = bad.addIfNone('!badchnum');\r\n\t\t\tif(f) for(k=0x100; k; k>>=1) if(f&k) p++\r\n\t\t}\r\n\t}\r\n\tvar ptsz = 64, rows;\r\n\tfor(i=0; i < ptn; i++) {\r\n\t\tvar id = X.U8(p++);\r\n\t\tif(nv == 0x102) rows = X.U8(p++); else { rows = X.U16(p); p += 2 }\r\n\t\tif(!rows) bad = bad.addIfNone('!badptnrows');\r\n\t\tfor(j=0; j < rows; j++) {\r\n\t\t\tf = X.U32(p); p += 4; if(f) for(k=0x10000; k; k>>=1) if(f&k) p += 4\r\n\t\t}\r\n\t}\r\n\treturn true\r\n}\r\nif(!bDetected && isBeaverSweeper()) {\r\n\tsName = \"Fredrik 'Gnilk' Kling & Stefan 'Steffo' Hållén & Zyrax's Beaver Sweeper module (.GTK)\";\r\n\tsVersion = 'v'+nv.toString(16).padStart(4,'0');\r\n\tif(bad.length) sVersion = sVersion.appendS('malformed'+bad,'/'); bDetected = 1;\r\n\tif(X.isVerbose()) {\r\n\t\tsOption('ch:'+ch+' bpm0:'+bpm0+' ord:'+ord+' ptn:'+ptn+(ins?' ins:'+ins:'')+' smp:'+smp+' sz:'+outSz(p))\r\n\t}\r\n}\r\n\r\n\r\nfunction isAnders0land() {\r\n\t//ref https://gitlab.com/uade-music-player/uade/-/raw/master/amigasrc/players/wanted_team/Anders0land/SRC_Anders0land/Anders 0land_v1.asm\r\n\tif(!X.c(\"'mpl'\")) return false;\r\n\tp = X.U32(4,_BE); if(p > X.Sz() || (p&1)) return false;\r\n\tsongp = p+8;\r\n\tif(!X.c(\"'mdt'\",p)) return false;\r\n\tp += X.I32(p+4,_BE); if(p > X.Sz() || (p&1)) return false;\r\n\tif(!X.c(\"'msm'\",p)) return false;\r\n\tp += X.I32(p+4,_BE); if(p < X.Sz()) return false;\r\n\tsz = p;\r\n\tsmpp = songp+X.I32(songp-4,_BE);\r\n\tsmpsz = X.I32(smpp-4,_BE);\r\n\tsmp = (X.I16(songp+20,_BE) - X.I16(songp+18,_BE)) >> 2;\r\n\tsongsz = songp-8;\r\n\tx = (X.I16(songp+4,_BE) - X.I16(songp+2,_BE)) >> 2;\r\n\tp = X.I16(songp,_BE);\r\n\tord = X.I16(songp+6,_BE)-p-X.I32(songp+p+12,_BE);\r\n\treturn true\r\n}\r\nif(!bDetected && isAnders0land()) {\r\n\tsName = \"Anders 'Zonix' 0land's Music & Player module (.HOT)\"; bDetected = 1;\r\n\tsVersion = \"v\"+X.SA(3,1);\r\n\tif(X.isVerbose()) {\r\n\t\tif(x > 1) sOption(x,\"×\");\r\n\t\tsOption(\"ord:\"+ord+\" smp:\"+smp+\" songsz:\"+Hex(songsz)+\" smpsz:\"+Hex(smpsz));\r\n\t\tsOption(outSz(sz),\"sz:\")\r\n\t}\r\n}\r\n\r\n\r\nfunction isUNIMOD() {\r\n\t// ref https://github.com/sezero/mikmod/blob/master/libmikmod/loaders/load_uni.c\r\n\tif(!/(UN0[4-6].*|APUN\\x01[1-6])/.test(X.SA(0,6))) return;\r\n\tp = 4; voc = 0; var v, e;\r\n\tif(X.SA(3,1) != 'N') { v = X.U8(3)-0x30; if(v > 6) v = X.U16(4,_BE) } else v = 0x100;\r\n\tif(v >= 6) { e = _BE;\r\n\t\tif(v == 6) p++; else { v = X.U16(p,e); p+=2 }\r\n\t\tflg = X.U16(p,e); p+=2;\r\n\t\tch = X.U8(p++);\r\n\t\tvoc = X.U8(p++);\r\n\t\tord = X.U16(p,e); ptn = X.U16(p+2,e); trk = X.U16(p+4,e); ins = X.U16(p+6,e);\r\n\t\tsmp = X.U16(p+8,e); reppos = X.U16(p+0xA,e); p+=0xC;\r\n\t\tspd0 = X.U8(p++); tmp0 = X.U8(p++); vol0 = X.U8(p++);\r\n\t\tif(v >= 0x106) { bpmlimit = X.U16(p,e); p+=2 }\r\n\t\telse bpmlimit = 32;\r\n\t}\r\n\telse { e = _LE;\r\n\t\tch = X.U8(p++);\r\n\t\tord = X.U16(p,e); p+=2;\r\n\t\tif(v == 5) { lp = X.U16(p,e); p+=2 } else lp = 0;\r\n\t\tptn = X.U16(p,e);\r\n\t\ttrk = X.U16(p+2,e);\r\n\t\tins = X.U16(p+4,e); p += 6;\r\n\t\tsmp = 0; spd0 = X.U8(p++); tmp0 = X.U8(p++);\r\n\t\tp += 256+32; // positions+panning\r\n\t\tflg = X.U8(p++);\r\n\t\tbpmlimit = 32;\r\n\t}\r\n\tsv = X.SA(3,1) == 'N'? 'v.APlayer': 'v'+Hex(v);\r\n\tif((v < 6 && !(isWithin(ch,1,32) || isWithin(ord,1,256))) || lp > ord || !trk || !ptn\r\n\t || !isWithin(ins,1,256) || !spd0 || !tmp0) return;\r\n\ttitlesz = X.U16(p,_LE); titlep = p+2; p += 2+titlesz;\r\n\tif(v < 0x102) {\r\n\t\torigssz = X.U16(p,_LE); origsp = p+2;\r\n\t\tp = p1 = p+2+origssz; p = origsp+origssz;\r\n\t} else origssz = 0;\r\n\tcmtsz = X.U16(p,_LE); cmtp = p+2; p += 2+cmtsz;\r\n\tif(v >= 6) {\r\n\t\tif(v >= 0x100) p += ord*2; else p += ord;\r\n\t\tp += ch*3;\r\n\t}\r\n\tsmps = []; inss = []; smpsz = 0;\r\n\tif(v >= 6) {\r\n\t\tfor(i=0; i < smp; i++) { //loadsmp6\r\n\t\t\tsmpsz += X.U32(p+7,e); t = X.U16(p+0x23,_LE); p += 0x25; smps.push(X.SC(p,t,'CP437').trim()); p += t\r\n\t\t}\r\n\t\tfor(i=0; i < ins; i++) { //loadinstr6\r\n\t\t\tp += 13;\r\n\t\t\tpt = X.U8(p+1); p += 6 + (v>=0x100? 0x20: pt)*4;\r\n\t\t\tpt = X.U8(p+1); p += 6 + (v>=0x100? 0x20: pt)*4;\r\n\t\t\tpt = X.U8(p+1); p += 6 + (v>=0x100? 0x20: pt)*4;\r\n\t\t\tif(v >= 0x103) p += 240*smp; else p += 120*smp;\r\n\t\t\tt = X.U16(p,_LE); p += 2; inss.push(X.SC(p,t,'CP437').trim()); p += t\r\n\t\t}\r\n\t} else {\r\n\t\tfor(i=0; i < ins; i++) { //loadinstr5\r\n\t\t\tsmpn = X.U8(p); smp += smpn; p += 0xD1;\r\n\t\t\tt = X.U16(p,_LE); p += 2; if(t) { inss.push(X.SC(p,t,'CP437').trim()); p += t }\r\n\t\t\tfor(j=0; j < smpn; j++) {\r\n\t\t\t\tsmpsz += X.U32(p+5,e);\r\n\t\t\t\tt = X.U16(p+0x13,_LE); p += 0x15; if(t) { smps.push(X.SC(p,t,'CP437').trim()); p += t }\r\n\t\t\t}\r\n\t\t}\r\n\t}\r\n\tp += 2*ptn + 2*ch*ptn;\r\n\tfor(i=0; i < trk; i++) p += X.U16(p,e)+2;\r\n\tsz = p+smpsz;\r\n\treturn true\r\n}\r\nif(!bDetected && isUNIMOD()) {\r\n\tsName = \"Otto Chrons/libmikmod UNIMOD/UNITRK module (.UNI)\"; sVersion = sv; bDetected = 1;\r\n\tif(X.isVerbose()) {\r\n\t\tsOptionT(X.SC(titlep,titlesz,'CP437'));\r\n\t\tif(origssz) sOptionT(X.SA(origsp,origssz),\"orig: \");\r\n\t\tsOptionT(X.SC(p1+2,X.U16(p1),'CP437'));\r\n\t\tsOption(addEllipsis(inss.filter(funSampleName).join(' ')),'ins/msg:\"','\"');\r\n\t\t// sOption(addEllipsis(smps.filter(funSampleName).join(' ')),'smp/msg:\"','\"');\r\n\t\tsOption('ch:'+ch+(voc?'/'+voc:'')+' spd0:'+spd0+' tmp0:'+tmp0+' trk:'+trk\r\n\t\t\t+' ord:'+(lp?lp+'~':'')+ord+' ptn:'+ptn+' ins:'+ins+(smp?' smp:'+smp:'')+' sz:'+outSz(sz))\r\n\t}\r\n}\r\n\r\n\r\nfunction isD00nohdr() {\r\n\t// ref https://github.com/adplug/adplug/blob/master/src/d00.h & .cpp\r\n\tif(X.Sz() < 40 || X.Sz() >= 0xFFFF) return false;\r\n\tif(X.c(\"0001.... 000D00\") && X.c(\"FFFF\",0xB)) nV = 0;\r\n\telse if(X.c(\"01..01.. 000F00\") && X.c(\"FFFF\",0xD)) nV = 1; else return false;\r\n\tseqp = X.U16(3,_LE); if(seqp < 13 || seqp > X.Sz()) return false; // ptr to sequence pointer table\r\n\tx = 1;\r\n\tseqtest = X.fSig(seqp+18+9,TOEOF,\"0000000000 FFFF\")-seqp; // reserved bytes are 0; endmark follows \r\n\twhile (seqtest > 0x20) { x++; seqtest -= 0x20; if(!X.c(\"0000000000\",seqp+seqtest)) return false }\r\n\t//there may be several sequence tables but they end the same\r\n\ttrkp = t = X.U16(5,_LE); if(!X.c(\"FFFF\",trkp-2) || trkp < 13) return false; // ptr to track pointer table\r\n\tinsp = X.U16(7,_LE); if(!X.c(\"FFFF\",insp-2) || insp < 13) return false; // to instrument pointer table\r\n\tsz = X.U16(9,_LE); if(!X.c(\"FFFF\",sz-2) || sz < 13) return false; // to message\r\n\tif(nV == 1) { sfxp = X.U16(11,_LE); if(!X.c(\"FFFF\",sfxp+8)) return false; } // to sfx\r\n\tif(Math.abs(trkp-seqp) < 20 || Math.abs(trkp-insp) < 20 || Math.abs(seqp-insp) < 20) return false;\r\n\toldp = trkp; p = X.U16(trkp,_LE);\r\n\tip = 0, once = 0; // count pointers out of order, heuristic\r\n\twhile(t < trkp+18 && trkp < X.Sz()) { // check 9 pointers from TPoin for validity\r\n\t\tif(t === trkp) p = oldp = t; // for the first pointer\r\n\t\tif(p) oldp = p;\r\n\t\tp = X.U16(t,_LE); if(!p || p < trkp || p > X.Sz()) return false;\r\n\t\tif(!X.c(\"FFFF\",p-2)) { once++; if(once > 1) return false }\r\n\t\tif(p < oldp) { ip++; if(ip > 2) return false } // some D00s do have pointers out of order\r\n\t\tq = p; while(!X.c(\"FFFF\",q) && q < X.Sz()) q += 2; //check the table data for having a FFFF somewhere near\r\n\t\tif(!X.c(\"FFFF\",q)) { _log(\"D00nohdr: boh. t=\"+Hex(t)+\" p=\"+Hex(p)+\" q=\"+Hex(q)); return false; }\r\n\t\tt += 2\r\n\t}\r\n\tmsg = \"\"; t = X.fSig(sz,0x200,\"FFFF\"); if(t > 0) { // the message exists and ends in FFFF\r\n\t\tmsg = X.SC(sz,t-sz,'CP437').trim(); sz = t+2\r\n\t} else { // the message may exist but it may also be garbage, checking...\r\n\t\tmsg = X.readBytes(sz,Math.min(sz+0x100,X.Sz())-sz);\r\n\t\tc = charStat(msg,1); if(c.indexOf(\"allxsc\") >= 0) {\r\n\t\t\tmsg = decEncoding(msg,CP437); sz += msg.length; msg = msg.trim()\r\n\t\t} else msg = ''\r\n\t}\r\n\treturn true;\r\n}\r\nif(!bDetected && X.isDeepScan() && isD00nohdr()) {\r\n\tsName = \"Jens Christian 'JCH/Vibrants' Huus's Edlib Tracker module (.D00)?\"; sVersion = \"old v\"+X.U8(0); bDetected = 1;\r\n\tif(X.isVerbose()) {\r\n\t\tif(x > 1) sOption(x,'×');\r\n\t\tsOptionT(addEllipsis(msg,0x100,0x80),'msg:\"','\"');\r\n\t\tsOption(\"sz:\"+outSz(sz))\r\n\t}\r\n}\r\n\r\n\r\nfunction isProtrackerMOD() {\r\n\t//from https://github.com/OpenMPT/openmpt/blob/master/soundlib/Load_mod.cpp\r\n\tif(X.Sz() < 0x43C) return false;\r\n\tvar b = X.readBytes(0x438,4), s = X.SA(0x438,4), hdr = 0x43C/*1084*/, plist = 0x3B8/*952*/, msmp = 0x1F;\r\n\tvar isStarTrekker = isGenericMCh = isMdKd = maybeWOW = isHMNT = isInconexia = isNoiseTracker\r\n\t = setMODVBlankTiming = hasLongSmp = hasEmptySmpwVol = hasRepLen0 = false;\r\n\tvar maybeAS = 0, ibtrsh = 40; //typical threshold for invalid bytes (in samples); _FRAGILE is 1\r\n\r\n\t//test signatures\r\n\tif(/(M\\.K\\.|M!K!|PATT|NSMS|LARD)/.test(s)) {\r\n\t\tchn = 4; tracker = \"generic Protracker-compatible\";\r\n\t\tif(s === \"M.K.\") { isMdKd = true; maybeWOW = true } }\r\n\telse if(/(M&K!|FEST|N\\.T\\.)/.test(s)) {\r\n\t\tchn = 4; if(s === \"N.T.\") tracker = \"Pex 'Mahoney' Tufvesson & Anders 'Kaktus' Berkeman's NoiseTracker\";\r\n\t\telse { tracker = \"Pex 'Mahoney' Tufvesson & Anders 'Kaktus' Berkeman's His Master's NoiseTracker\"; isHMNT = true }\r\n\t\tisNoiseTracker = true }\r\n\telse if(/O[KC]TA/.test(s)) { chn = 8; tracker = \"Armin Sander's Oktalyzer\" }\r\n\telse if(/CD[68]1/.test(s)) { chn = b[2]-0x30; tracker = \"Christian Dahl et al.'s Octalyser STE (Atari)\" }\r\n\telse if(compareArrays(b, [0x4D,0,0,0]) || compareArrays(b, [0x38,0,0,0])) {\r\n\t\tif(b[0] === 0x38) chn = 8; else chn = 4; ibtrsh = 1; // fragile, needs more detects!\r\n\t\ttracker = \"Inconexia demo\"; isInconexia = true }\r\n\telse if(/FA0[4-8]/.test(s)) { chn = b[3]-0x30; tracker = \"Digital Tracker\"; hdr = 0x440 }\r\n\telse if(/(FLT|EXO)[48]/.test(s)) {\r\n\t\tchn = b[3]-0x30; if(chn == 4) maybeAS++;\r\n\t\tisStarTrekker = setMODVBlankTiming = true; tracker = \"Startrekker\";\r\n\t}\r\n\telse if(/[1-9]CHN/.test(s)) { chn = b[0]-0x30; isGenericMCh = true; tracker = \"generic MOD-compatible\" }\r\n\telse if(/[1-9][0-9]C[HN]/.test(s)) {\r\n\t\tchn = b[0]*10+b[1]-0x210; isGenericMCh = true; tracker = \"generic MOD-compatible\" }\r\n\telse if(/TDZ[1-3]/.test(s)) { chn = b[3]-0x30; tracker = \"Twaddler and Dr. Zon's TakeTracker\" }\r\n\t//else if(/\\.M\\.K/.test(s)) { chn = 4; swapBytes = true } just one hacked module, TODO after fast patches are in\r\n\telse if(/WARD/.test(s)) { chn = 8; isGenericMCh = true; tracker = \"generic MOD-compatible\" }\r\n\telse return false;\r\n\tif(!chn) return false;\r\n\trestartpos = X.U8(plist-1);\r\n\t//test samples\r\n\tp = 0x14; wowsmpsz = ib = 0;\r\n\tfor(; p < 0x3B6; p += 0x1E) {\r\n\t\tvar ssz = X.U16(p+0x16,_BE)<<1; //length\r\n\t\twowsmpsz += ssz;\r\n\t\tif(!isHMNT && !hasLongSmp && ssz >= 0x20000) hasLongSmp = true;\r\n\t\tvar sft = X.U8(p+0x18), svol = X.U8(p+0x19), sls = X.U16(p+0x1A,_BE)<<1, sll = X.U16(p+0x1C,_BE)<<1;\r\n\t\tif(sft || (ssz && svol != 0x40)) maybeWOW = false; if(sft > 15) ib++; //finetune <= 15\r\n\t\tif(svol > 0x40) ib++; //volume <= 64\r\n\t\tif(!ssz && svol == 0x40) { hasEmptySmpwVol = true;\r\n\t\t\tif(maybeAS && !sls && sll <= 2) maybeAS++ }\r\n\t\tif(sls > ssz) ib++; //loopstart. looplen gets weird, it's ok\r\n\t\tif(!hasRepLen0 && ssz && !sll) hasRepLen0 = true;\r\n\t\tif(ib > ibtrsh) return false;\r\n\t}\r\n\tisFLT8 = isStarTrekker && (chn == 8);\r\n\tvar smpsz31 = wowsmpsz;\r\n\tif(restartpos) maybeWOW = false; if(!maybeWOW) wowsmpsz = 0;\r\n\tif(maybeAS >= 2) tracker += '/Audio Sculpture'\r\n\r\n\t//test patterns\r\n\tfunction cntBadPtnData(ofs) {\r\n\t\tvar c = 0;\r\n\t\tfor(i = 0; i < chn*64; i++)\r\n\t\t\tif(X.U8(ofs+(i<<2)) & 0xE0) c++;\r\n\t\treturn c\r\n\t}\r\n\t//get real ptn:\r\n\tord = X.U8(plist-2); if(!ord) return false;\r\n\tol = X.readBytes(plist,0x80); //orderlist\r\n\tif(ord > 0x80) ord = 0x80;\r\n\telse if(!ord) { ord = 0x80; while(ord > 1 && !ol[ord-1]) ord-- }\r\n\tptn = iptn = optn = 0; i = plist;\r\n\tfor(i=0; i < 0x80; i++) {\r\n\t\tif(isFLT8) ol[i] /= 2; var pt = ol[i];\r\n\t\tif(pt < 0x80 && pt >= ptn) { ptn = pt+1; if(i < ord) optn = ptn } //official patterns\r\n\t\tif(ptn >= iptn) iptn = ptn+1 // illegal patterns\r\n\t}\r\n\t//weirdness checks\r\n\tvar alignedfsz = X.Sz() & ~1;\r\n\tif(wowsmpsz && wowsmpsz+hdr+ptn*8*256 == alignedfsz) {\r\n\t\tif(cntBadPtnData(hdr+ptn*4*256) < 16) chn = 8; //⚠no good for ripping -- best to err toward no WOW\r\n\t}\r\n\telse if(ptn != optn && cntBadPtnData(hdr+optn*chn*256) > 64) ptn = optn;\r\n\tif(iptn > ptn && hdr+ssz+iptn*chn*256 == alignedfsz) ptn = iptn;\r\n\r\n\tif(maybeWOW && chn === 8) { tracker = \"Mod's Grave\"; isGenericMCh = true }\r\n\tif(restartpos >= ord || (restartpos == 0x78 && chn === 4)) restartpos = 0; //because that's actually bpm\r\n\r\n\tvar onlyAmigaNotes = true, fix7BitPanning = leftPan = extPan = maxPan = 0;\r\n\tif(!isNoiseTracker) {\r\n\t\tisNoiseTracker = isMdKd && !hasEmptySmpwVol && !hasLongSmp;\r\n\t\tp = hdr;\r\n\t\tfor(pt = 0; pt < ptn; pt++) {\r\n\t\t\tvar ptnbrk = 0;\r\n\t\t\tfor(; p < pt*chn*256; p += 4) {\r\n\t\t\t\tvar d = X.readBytes(p,4);\r\n\t\t\t\tvar np = ((d[0]&0xF)<<8) | d[1]; // note period\r\n\t\t\t\tif(np && np != 0xFFF) {\r\n\t\t\t\t\tif(onlyAmigaNotes && (np < 113 || np > 856)) onlyAmigaNotes = isNoiseTracker = false;\r\n\t\t\t\t}\r\n\t\t\t\tvar cmd = d[2]&0xF, prm = d[3] /*, dsmp = (d[2]>>4) | (d[0]&0x10)*/;\r\n\t\t\t\tif((cmd > 6 && cmd < 0xA) || (cmd == 0xE && prm > 1)\r\n\t\t\t\t\t|| (cmd == 0xF && prm > 0x1F) || (cmd == 0xD && ++ptnbrk > 1))\r\n\t\t\t\t\tisNoiseTracker = false;\r\n\t\t\t\tif(cmd == 8) {\r\n\t\t\t\t\tif(prm > maxPan) maxPan = prm;\r\n\t\t\t\t\tif(prm < 0x80) leftPan = true;\r\n\t\t\t\t\telse if(prm > 0x8F && prm != 0xA4) extPan = true;\r\n\t\t\t\t}\r\n\t\t\t}\r\n\t\t}\r\n\t\tfix7BitPanning = leftPan && !extPan && maxPan >= 0x30;\r\n\t}\r\n\tif(onlyAmigaNotes && !hasRepLen0 && ['M.K.','M!K!','PATT'].indexOf(s) >= 0) {}\r\n\telse if(!onlyAmigaNotes && restartpos == 0x7F && isMdKd && restartpos+2 >= ord)\r\n\t\ttracker = \"Sami 'Psi/Future Crew' Tammilehto's Scream Tracker\";\r\n\t//modsize\r\n\tsz = hdr+ptn*chn*256;\r\n\tif(sz > X.Sz()) return false;\r\n\tp = 0x14; smp = 0; songsz = sz; ib = 0; smps = [];\r\n\tvar anyADPCM = 0;\r\n\tfor(; p < 0x3B6; p += 0x1E) {\r\n\t\tif(!isHMNT) { //His Master's Noise have data in sample titles\r\n\t\t\tt = X.readBytes(p,22,true); t = decEncoding(t,CPAmiga).trim(); if(t.length) smps.push(t)\r\n\t\t}\r\n\t\tvar ssz = X.U16(p+0x16,_BE)*2;\r\n\t\tif(ssz) smp++;\r\n\t\t//if(isMdKd && onlyAmigaNotes && !hasEmptySmpwVol) ssz = Math.max(ssz,X.U16(p+0x1C,_BE)*2);\r\n\t\tif(X.c(\"'ADPCM'\",sz)) { anyADPCM++; ssz = (ssz+1>>1)+5+16; }\r\n\t\tsz += ssz;\r\n\t}\r\n\tif(X.c(\"8BBEB4BA 8BADBEBC B4BAAD\",sz)) {\r\n\t\tvar exts = '', ext = [];\r\n\t\twhile(sz < X.Sz() && isWithin(X.U8(sz) ^ 0xDF, 0xA,0x7F)) ext.push(X.U8(sz++)^0xDF);\r\n\t\texts = decEncoding(ext,CP437);\r\n\t\ttracker = \"Twaddler and Dr. Zon's TakeTracker\";\r\n\t\tif(/\\ version\\ \\d+\\./.test(exts)) tracker +=' v' + /\\ version\\ (\\d[^!]+)/.exec(exts)[1];\r\n//\t\tif(smps.length) smps.unshift('/'); smps.unshift(exts);\r\n\t}\r\n\telse if(isMdKd && X.c(\"001155332211\",sz)) {\r\n\t\ttracker = 'Tetra Music Editor:'+X.U24(sz+6,_BE).padStart(6,'0'); sz += 9\r\n\t}\r\n\tif(anyADPCM && !isInconexia) tracker += ' (ADPCM packed: '+anyADPCM+')';\r\n\treturn true\r\n}\r\nif(!bDetected && isProtrackerMOD()) {\r\n\tsName = \"Amiga Freelancers' Protracker module (.MOD)\"; bDetected = 1;\r\n\tsVersion = X.SA(0x438,4);\r\n\tif(X.isVerbose()) {\r\n\t\tsOptionT(decAnsi(0,20,CPAmiga));\r\n\t\tsOption(tracker,'in: ');\r\n\t\tsOptionT(addEllipsis(smps.filter(funSampleName).join(\" \"),200),'smp/msg:\\\"','\"');\r\n\t\tsOption('ch:'+chn+' ord:'+ord+' ptn:'+(optn!=ptn?optn+'/':'')+ptn+(iptn!=ptn?'('+iptn+')':'')\r\n\t\t\t+' smp:'+smp+' sz:'+outSz(sz))\r\n\t}\r\n}\r\n\r\n\r\nfunction isKRIS() {\r\n\t//from https://gitlab.com/uade-music-player/uade/-/raw/master/amigasrc/players/wanted_team/ChipTracker/ChipTracker_v3.asm\r\n\t// & https://github.com/OpenMPT/openmpt/blob/master/soundlib/Load_kris.cpp\r\n\tif(X.Sz() < 0x7C0+0x100 || !X.c(\"'KRIS'\",0x3B8)) return false;\r\n\tord = X.U8(0x3BC); if(ord > 0x80) return false;\r\n\tloop = X.U8(0x3BD); if(loop > 0x7F || (loop < 0x7F && loop >= ord)) return false;\r\n\tconst ibtrsh = 40; //typical threshold for invalid bytes (in samples); _FRAGILE is 1\r\n\tp = 0x16; var totalsmpsz = ib = 0; smp = synwf = 0; smps = [];\r\n\tfor(var i=0; i < 31; p += 0x1E, ++i)\r\n\t\tif(!X.U8(p)) {\r\n\t\t\tvar maxwf = Math.max(X.U8(p+1),X.U8(p+5),X.U8(p+10),X.U8(p+19));\r\n\t\t\tif(maxwf && maxwf >= synwf) synwf = maxwf+1;\r\n\t\t} else {\r\n\t\t\tt = X.SC(p,20,\"IBM850\").trim(); if(t != \"\" && t != \"\\x01\") smps.push(t);\r\n\t\t\tvar ssz = X.U16(p+0x16,_BE)*2; //length\r\n\t\t\ttotalsmpsz += ssz;\r\n\t\t\tvar sft = X.U8(p+0x18);\r\n\t\t\tif(sft & 0xF0) ib++; //finetune <= 15\r\n\t\t\tvar svol = X.U8(p+0x19); if(svol > 0x40) ib++; //volume <= 64\r\n\t\t\tif(X.U16(p+0x1A,_BE)*2 > ssz) ib++;\r\n\t\t\tif(ib > ibtrsh) return false;\r\n\t\t\tsmp++\r\n\t\t}\r\n\tptn = 0; p = 0x3BE;\r\n\tord = X.U8(0x3BC);\r\n\tfor(i=0; i < (ord << 2); i++,p+=2) if(ptn < X.U8(p)) ptn = X.U8(p);\r\n\tptn++;\r\n\tsz = 0x7C0+(synwf<<6)+(ptn<<8)+totalsmpsz;\r\n\treturn true;\r\n}\r\nif(!bDetected && isKRIS()) {\r\n\tsName = \"Krister Wombell's ChipTracker module (.KRIS,.MOD)\"; bDetected = 1;\r\n\tif(X.isVerbose()) {\r\n\t\tsOption(X.SA(0,16));\r\n\t\tsOptionT(addEllipsis(smps.join(\" \"),200),'smp/msg:\\\"','\"');\r\n\t\tsOption('ord:'+(loop && loop < 0x7F? loop+'-':'')+ord+' ptn:'+ptn+' smp:'+smp+(synwf? ' synwf:'+synwf: '')+' sz:'+outSz(sz));\r\n\t}\r\n}\r\n\r\n\r\nfunction isMTNICE() {\r\n\t//ref https://github.com/OpenMPT/openmpt/blob/master/soundlib/Load_ice.cpp\r\n\tif(X.c(\"'MTN'000000\",0x5B8)) tracker = \"MnemoTroN's SoundTracker\";\r\n\telse if(X.c(\"'IT10'00\",0x5B8)) tracker = \"Icepic's IceTracker 1.0~2'\";\r\n\telse return false;\r\n\tsmp = smpsz = 0; smps = [];\r\n\tfor(p=20; p < 20+30*31; p+=30) {\r\n\t\tt = decAnsi(p,22,CPAmiga).trim(); if(t != '') smps.push(t);\r\n\t\tssz = X.U16(p+22,_BE); if(ssz) smp++; smpsz += ssz\r\n\t}\r\n\tord = X.U8(p++); ptn = X.U8(p++); if(ord > 128) return false;\r\n\tfor(i=0; i < 128*4; i++) if(X.U8(p++) > ptn) return false;\r\n\tsz = 0x5BC+ptn*64*4+smpsz;\r\n\treturn true\r\n}\r\nif(!bDetected && isMTNICE()) {\r\n\tsName = tracker+\" module (.ST26,.ICE)\"; sVersion = \"v2.6\"; bDetected = 1;\r\n\tif(X.isVerbose()) {\r\n\t\tsOptionT(decAnsi(0,0x14,CPAmiga));\r\n\t\tsOptionT(addEllipsis(smps.join(' '),0x80),'smps/msg:\"','\"')\r\n\t\tsOption('ord:'+ord+' ptn:'+ptn+' smp:'+smp+' sz:'+sz)\r\n\t}\r\n}\r\n\r\n\r\nfunction isMVXModule() {\r\n/*header:\r\n1 dword: 'MVM\\0'\r\n1 byte: BPM\r\n1 byte: ticks per beat\r\n1 dword: song length in rows\r\n1 byte: machine count\r\n N byte: machine IDs (N = machine count)\r\n N byte: machine order (N = machine count)\r\n1 byte: machine connection count\r\n N * 3 bytes: machine connections (source, target, volume)*/\r\n\tif(!X.c(\"'MVM'00\") || !X.U8(4) || !X.U8(5) || X.U32(6) > 10000 || !X.U8(0xA)) return;\r\n\tvar idsm = [], ordm = [], lstm = [];\r\n\tp = 10; mach = X.U8(p++); for(i=0; i < mach; i++) idsm.push(X.U8(p++));\r\n\tfor(i=0; i < mach; i++) { t = X.U8(p++); if(ordm.indexOf(t) >= 0) return; ordm.push(t); lstm.push(i) }\r\n//_l2r('idsm',0,outArray(idsm)); _l2r('ordm',0,outArray(ordm.sort()));\r\n\tvar cnx = X.U8(p++);\r\n\tfor(i=0; i < cnx; i++) {\r\n\t\tvar src = X.U8(p++), tgt = X.U8(p++); p++;\r\n\t\tif(src > mach || tgt > mach || src == tgt) return;\r\n\t\tlstm = lstm.filter(function() { return lstm.indexOf(src) < 0 && lstm.indexOf(tgt) < 0 })\r\n\t}\r\n\tif(lstm.length) return; //all machines must have connections, otherwise it's an export failure\r\n\treturn true\r\n}\r\nif(!bDetected && isMVXModule()) {\r\n\tsName = \"Gargaj/Conspiracy's MVX Module (.MVM)\"; bDetected = 1;\r\n\tif(X.isVerbose()) {\r\n\t\tsOption('bpm0:'+X.U8(4)+' ticks:'+X.U8(5)+' rows:'+X.U32(6)+' machines:'+mach)\r\n\t}\r\n}\r\n\r\n\r\nfunction isOctaMed() {\r\n\t//from http://fileformats.archiveteam.org/wiki/OctaMED_module_(MED)\r\n\t// & https://github.com/neumatho/NostalgicPlayer/blob/main/Source/Agents/ModuleConverters/ModuleConverter/Formats/Med4Format.cs\r\n\t// & https://github.com/neumatho/NostalgicPlayer/blob/main/Source/Agents/Players/Med/MedWorker.cs\r\n\tif(!/MED[\\x02-\\x04]/.test(X.SA(0,4))) return false;\r\n\tnV = X.U8(3); switch(nV) {\r\n\t\t//TODO find the non-\\x04 files to test on\r\n\t\tcase 2: sVersion = \"v1.12\"; break;\r\n\t\tcase 3: sVersion = \"v2.00\"; break;\r\n\t\tcase 4: sVersion = \"v2.10+\"; break;\r\n\t}\r\n\tx = 1; p = sz = ptn = ord = trk = midi = syhy = smp = realsmp = 0; smps = []; cs = bad = \"\";\r\n\tif(nV < 3) {\r\n\t\t//TODO\r\n\t} else {\r\n\t\t//going through the sample info\r\n\t\tvar smpbmp0 = X.U8(4); p = 5;\r\n\t\twhile(smpbmp0) {\r\n\t\t\tif(smpbmp0&1) { var smpbmp = X.U8(p++);\r\n\t\t\t\twhile(smpbmp) { smp += smpbmp&1; smpbmp >>= 1 } }\r\n\t\t\tsmpbmp0 >>= 1;\r\n\t\t}\r\n\t\tfor(i=0; i < smp; i++) {\r\n\t\t\tfl = X.U8(p++); smpnl = X.U8(p++);\r\n\t\t\tsmps.push(X.SA(p,smpnl)); p += smpnl;\r\n\t\t\tif(!(fl&1)) p+=2; if(!(fl&2)) p+=2; if(!(fl&4)) p++; if(!(fl&8)) p++;\r\n\t\t\tif(!(fl&0x30)) svol = X.U8(p++); if(svol > 0x40) return false;\r\n\t\t\tif(!(fl&0x40)) p++;\r\n\t\t}\r\n\t\tfor(i = 62; i >= 0; i--) if(smps[i] && smps[i].length) {realsmp = i+1; break }\r\n\t\tptn = X.U16(p,_BE); ord = X.U16(p+2,_BE); if(!ord || ord > 0x100) return false;\r\n\t\tp += 4; for(i=0; i < ord; i++) if(X.U8(p++) > ptn) return false;\r\n\t\textsmp = !(X.U8(p+3)&8);\r\n\t\ttmp0 = X.U16(p,_BE)+\"//\"+X.U16(p+4,_BE); p += 26;\r\n\t\tfor(i=0; i < 16; i++) if(X.U8(p++) > 0x40) return false;\r\n\t\tmvol = X.U8(p++); if(mvol > 0x40) return false;\r\n\t\tif(p > X.Sz()) return false;\r\n\t\tfunction SkipMidi() { var f = X.U32(p,_BE); p += 4;\r\n\t\t\tfor (var i=0; i < 32; i++) { if(f < 0) f = -f; if((f & 0x80000000)) {midi++; p++ } f <<= 1 } }\r\n\t\tif(nV === 3) { SkipMidi(); SkipMidi() }\r\n\t\tfor(i=0; i < ptn; i++) {\r\n\t\t\tvar hdsz = X.U8(p++);\r\n\t\t\tvar ptntrk = X.U8(p); if(trk < ptntrk) trk = ptntrk;\r\n\t\t\tvar rows = X.U8(p+1), hksz = X.U16(p+2,_BE);\r\n//_log(\"ptn[\"+i+\"] @\"+Hex(p)+\": (\"+Hex(hdsz)+\") -> \"+Hex(p+hdsz+hksz)+\"], rows:\"+rows+\" trk:\"+ptntrk);\r\n\t\t\tp += hdsz+hksz;\r\n\t\t}\r\n\t\tif(!extsmp) {\r\n\t\t\tvar br = new BitReader(p,_BE), smp2process = 0; br.read(1);\r\n\t\t\tfor(i=0; i < realsmp; i++) smp2process += br.read(1); delete br;\r\n//_log(\"found \"+smp2process+\" samples to process\");\r\n\t\t\tp += 8; for(i=0; i < smp2process; i++) {\r\n\t\t\t\thksz = X.U32(p,_BE); hktp = X.U16(p+4,_BE); p += 6;\r\n//_log(\"smp[\"+i+\"] (\"+Hex(p)+\" -> \"+Hex(p+hksz)+\")\")\r\n\t\t\t\tif(hktp == 0xFFFF || hktp == 0xFFFE) syhy++; p += hksz;\r\n\t\t\t}\r\n\t\t}\r\n\t\tif(X.c(\"'MEDV'\",p))\r\n\t\t\twhile(p+8 <= X.Sz() && /[A-Z]{4}/.test(X.SA(p,4))) {\r\n\t\t\t\thkhd = X.SA(p,4); hksz = X.U32(p+4,_BE); p += 8;\r\n\t\t\t\tswitch(hkhd) {\r\n\t\t\t\tcase \"MEDV\": sVersion = \"v\"+X.U8(p+2)+'.'+X.U8(p+3).padStart(2,'0'); break;\r\n\t\t\t\tcase \"ANNO\": cs = X.SC(p,hksz,'CP1252'); break;\r\n\t\t\t\tcase \"HLDC\": break;\r\n\t\t\t\tdefault: _log(\"Unknown MED header: \"+hkhd) //shouldn't exist but you know how they get\r\n\t\t\t\t}\r\n\t\t\t\tp += hksz\r\n\t\t\t}\r\n\t}\r\n\tsz = p;\r\n\tif(sz > X.Sz()) bad = \"!short\";\r\n\treturn true\r\n}\r\nif(!bDetected && isOctaMed()) {\r\n\tsName = \"OctaMED module (.MED)\"; bDetected = 1;\r\n\tif(bad != \"\") sVersion += \"/malformed\"+bad;\r\n\tif(X.isVerbose()) {\r\n\t\tsOptionT(cs);\r\n\t\twhile(smps[smps.length] == '') delete(smps[smps.length]);\r\n\t\tif(smps.length) sOption(\"[\"+smps.join(\",\")+\"]\",\"smps:\");\r\n\t\tsOption(\"ord:\"+ord+\" ptn:\"+ptn+\" smp:\"+smp+(realsmp != smp ? \"(\"+realsmp+\")\" : \"\")\r\n\t\t +(extsmp?\"(ext.)\":\"\")+(syhy?\" synth+hybrid:\"+syhy:\"\")+(midi?\" midi:\"+midi:\"\")+\" trk:\"+trk+\" tmp0:\"+tmp0\r\n\t\t +\" mvol:\"+mvol+\" sz:\"+outSz(sz))\r\n\t}\r\n}\r\n\r\n\r\nfunction isOctaMedMMD() {\r\n\t//from https://web.archive.org/web/20220109073109if_/http://www.textfiles.com/programming/FORMATS/med-form.txt\r\n\tif(!X.c(\"'MMD'\")) return false;\r\n\tnV = X.U8(3)-48; if(nV < 0 || nV > 3) return false;\r\n\tswitch(nV) {\r\n\t\tcase 0: sname = \"MED module (.MED,.MMD0)\"; sversion = \"v2.1 Med MoDule 0\"; break;\r\n\t\tcase 1: sname = \"OctaMED Professional module (.MED,.MMD1)\"; sversion = \"v.3.00-4.x\"; break;\r\n\t\tcase 2: sname = \"OctaMED Professional module (.MED,.MMD2)\"; sversion = \"v5.x\"; break;\r\n\t\tcase 3: sname = \"OctaMED Professional module (.MED,.MMD3)\"; sversion = \"v6.x?\"; break;\r\n\t}\r\n\tptnsp = X.U32(0x10,_BE); if(ptnsp < 0x34) return false;\r\n\tsmpsp = X.U32(0x18,_BE); if(smpsp && smpsp < 0x34) return false;\r\n\texpp = X.U32(0x20,_BE); if(expp > X.Sz()) return false;\r\n\tsec = p = 0; sngp = X.U32(p+8,_BE);\r\n\tif(sngp < 0x34 || sngp > 0xFFFFFEFF-63*8) return false;\r\n\tif(X.Sz() < Math.max(sngp+63*8+0x100, ptnsp, smpsp?smpsp:0x34, expp+0x34)) return false;\r\n\tsongname = anno = iinfo = \"\"; ch = 4; xsngs = X.U8(0x33); x = expp?xsngs+1:1;\r\n\tif(expp) {\r\n\t\tpsongname = X.U32(expp+0x2C,_BE);\r\n\t\tif(psongname) {\r\n\t\t\tsongnamelen = X.U32(expp+0x30,_BE);\r\n\t\t\tif(songnamelen)\r\n\t\t\t\tsongname = X.SC(psongname,songnamelen,'CP1252');\r\n\t\t}\r\n\t\tpannotxt = X.U32(expp+0x0C,_BE);\r\n\t\tif(pannotxt > 0) {\r\n\t\t\tannolen = X.U32(expp+0x10,_BE);\r\n\t\t\tanno = X.SC(pannotxt,annolen,'CP1252');\r\n\t\t}\r\n\t\tpMMDInstrInfo = X.U32(expp+0x14,_BE);\r\n\t\tif(pMMDInstrInfo > 0)\r\n\t\t\tiinfo = X.SC(expp,40,'CP1252');\r\n\t} //if expp\r\n\tptn = 0; ord = []; var ptntp = X.U32(0x10,_BE);\r\n\tfor(i=0; i < x; i++) {\r\n\t\tp = sngp+63*8;\r\n\t\tptn1 = X.U16(p,_BE); if(ptn1 > 0x7FFF) ch = 4; ptn += ptn1;\r\n\t\tfor(j = 0; j < ptn1; j++) {\r\n\t\t\tpj = j*4+ptntp; if(pj > X.Sz()) continue;\r\n\t\t\tpj = X.U32(pj,_BE); if(pj > X.Sz()) continue;\r\n\t\t\tpj = nV < 1 ? X.U8(pj+4) : X.U16(pj+4,_BE); if(pj > ch) ch = pj\r\n\t\t}\r\n\t\tif(nV < 2) { ord[0] = X.U16(p+2,_BE); if(ord[0] > 256) return false }\r\n\t\telse {\r\n\t\t\tsec = X.U16(p+2,_BE); trk = X.U16(p+0x10,_BE);\r\n\t\t\tif(!trk || trk > 0x40) return false;\r\n\t\t\tsectp = X.U32(p+8,_BE); if(sectp+sec*2 > X.Sz()) continue;\r\n\t\t\tplayseqtp = X.U32(p+4,_BE); nplayseq = X.U16(p+0x12,_BE);\r\n\t\t\tsecs = []; for(j = 0; j < sec; j++) secs.push(X.U16(sectp+j*2,_BE));\r\n\t\t\tfor(j = 0; j < secs.length; j++) if(j <= nplayseq)\r\n\t\t\t\tord.push(X.U16(X.U32(playseqtp,_BE)+0x28,_BE));\r\n\t\t}\r\n\t\texpp = X.U32(sngp+0x20,_BE);\r\n\t\tif(expp && (X.U32(expp,_BE) < sngp || expp > X.Sz())) { x = i+1; break }\r\n\t\tsngp = X.U32(expp,_BE);\r\n\t}\r\n\tsmp = X.U8(p+0x11B); if(smp > 63) return false;\r\n\treturn true\r\n}\r\nif(!bDetected && isOctaMedMMD()) {\r\n\tsName = sname; sVersion = sversion; bDetected = 1;\r\n\tif(X.isVerbose()) {\r\n\t\tif(songname != \"\" && songname != \"\")\r\n\t\t\tsOption(songname);\r\n\t\tsOptionT(anno);\r\n\t\tsOptionT(iinfo,\"ins0:\");\r\n\t\tif(x > 1) sOption(x,\"×\");\r\n\t\tsOption((X.isDeepScan()?\"ch:\"+ch+\" \":\"\")+\"ord:\"+ord.join(\"+\")+\" ptn:\"+ptn+\" smp:\"+smp+\" sz:\"+outSz(X.U32(4,_BE)))\r\n\t}\r\n}\r\n\r\n\r\nfunction isAHX() {\r\n\t//ref http://lclevy.free.fr/exotica/ahx/ahxformat.txt\r\n\t// & https://github.com/pete-gordon/hivelytracker/blob/master/Replayer_Windows/hvl_replay.c\r\n\tif(X.Sz() < 30) return false;\r\n\tif(X.c(\"'THX'0.\")) fmt = \"ahx\";\r\n\telse if(X.c(\"'HVL'0.\")) fmt = \"hvl\";\r\n\telse return false;\r\n\tbad = 0;\r\n\tvar b6 = X.U8(6);\r\n\ttrk0saved = b6 >> 7;\r\n\tswitch((b6 >> 4) & 7) {\r\n\tcase 0: spd = \"50Hz\"; break;\r\n\tcase 1: spd = \"100Hz\"; break;\r\n\tcase 2: spd = \"150Hz\"; break;\r\n\tcase 3: spd = \"200Hz\"; break;\r\n\tdefault: bad++; spd = \"?Hz\"\r\n\t}\r\n\tord = X.U16(6,_BE) & 0xFFF;\r\n\tif(ord > 999) bad++; if(!ord || ord > 1024) bad++;\r\n\tif(fmt === \"ahx\") {\r\n\t\tlp = X.U16(8,_BE); if(lp >= ord) bad++;\r\n\t}\r\n\telse chn = (X.U8(8) >> 2)+4;\r\n\tif(bad > 1) return false;\r\n\ttrl = X.U8(10); if(!trl || trl > 64) return false;\r\n\ttrk = X.U8(11);\r\n\tins = X.U8(12); if(ins > 63) return false;\r\n\tsub = X.U8(13);\r\n\tif(fmt === \"ahx\") {\r\n\t\tsz = 14+sub*2+ord*8+trk*trl*3; if(!trk0saved) sz += trl*3\r\n\t\tfor(i=0; i < ins; i++) {\r\n\t\t\tvar spls = X.U8(sz+21);\r\n\t\t\tsz += 22+spls*4;\r\n\t\t}\r\n\t}\r\n\telse {\r\n\t\tsz = 16+sub*2+ord*chn*2;\r\n\t\tif(trk0saved) i = 1; else i = 0;\r\n\t\tfor(; i <= trk; i++)\r\n\t\t\tfor(j=0; j < trl; j++) {\r\n\t\t\t\tif(X.U8(sz) == 0x3F) { sz++; continue }\r\n\t\t\t\tsz += 5;\r\n\t\t\t}\r\n\t\tfor(i=0; i < ins; i++) {\r\n\t\t\tvar spls = X.U8(sz+21);\r\n\t\t\tsz += 22+spls*5;\r\n\t\t}\r\n\t}\r\n\ttitle = \"\";\r\n\tfor(i=0;i <= ins;i++) { var r = sz;\r\n\t\twhile(X.U8(sz) && sz X.Sz()) bad++;\r\n\treturn true\r\n}\r\nif(!bDetected && isAHX()) {\r\n\tif(fmt === \"ahx\") {\r\n\t\tsName = \"Abyss' Highest eXperience module (.AHX)\";\r\n\t\tif(!X.U8(3)) sVersion = \"v1.00~1.27\"; else sVersion = \"v2.0+\";\r\n\t}\r\n\telse\r\n\t\tsName = \"Hively Tracker module (.HVL)\";\r\n\tbDetected = 1;\r\n\tif(bad) sVersion += \"/malformed\"+bad;\r\n\tif(X.isVerbose()) {\r\n\t\tif(title != \"\") sOption(title); if(sub) sOption(sub,\"×\");\r\n\t\tn=0; p = 14+sub*2+ord*8; c = trk*trl; if(!trk0saved) c += trl; hp = false;\r\n\t\tfor(i=0;i < c;i++) {\r\n\t\t\tnote = X.U8(p+i*3)>>2; if(note) n++;\r\n\t\t\tif(note > 60) if(fmt == \"ahx\") hp = true;\r\n\t\t}\r\n\t\tif(hp) sVersion += \"/hi-pitch!\"\r\n\t\tif(fmt === \"ahx\")\r\n\t\t\tsOption(\"spd:\"+spd+\" ord:\"+ord+\" lp:\"+lp+\" trk:\"+trk+\" ins:\"+ins+\" notes:\"+n+\" sz:\"+outSz(sz))\r\n\t\telse\r\n\t\t\tsOption(\"ch:\"+chn+\" spd:\"+spd+\" ord:\"+ord+\" trk:\"+trk+\" ins:\"+ins+\" notes:\"+n+\" sz:\"+outSz(sz))\r\n\t}\r\n}\r\n\r\n\r\nfunction isPha() {\r\n\t// ref http://asle.free.fr/prowiz/prowiz.src.zip / r/pha.c\r\n\tif(X.Sz() < 0x3C0 || !X.c(\"000003C0\",8)) return;\r\n\t//!(X.U8(0) < 0x30 && isWithin(X.U8(2), 0x60,0x80) && X.U8(3) <= 0x40 && X.U8(4) < 0x10 && X.c(\"00400600\", 0x1B6)\r\n\tins = 0; smp = []; var allsmpsz = olds = 0;\r\n\tfor(p=0; p < 0x1B2; p+=14) {\r\n\t\tif(X.U8(p+3) > 0x40 || (ssz=X.U16(p,_BE)) < X.U16(p+4,_BE)) return; //vol > 64, smpsz < lpstart\r\n\t\tif(!isWithin(sofs=X.U32(p+8,_BE), 0x3C0,X.Sz()) || sofs%2) return; // smpp\r\n\t\tallsmpsz += ssz << 1; if(X.U16(p,_BE)) ins++; if(!smp.includes(sofs)) smp.push(sofs);\r\n\t\tif(p && Math.abs(sofs-olds) > 2) return;\r\n\t\tolds = sofs + (ssz << 1)\r\n\t}\r\n\tsmp = smp.length;\r\n\tif(!isWithin(allsmpsz, 3,31*65535)) return;\r\n\tvar ptnM = 0, ptnm = 0xFFFFFFFF; ptn = [];\r\n\tfor(p=0x1C0; p < 0x3C0; p+=4) {\r\n\t\tt = X.U32(p,_BE); if(t+2 < allsmpsz+0x3C0 || t > X.Sz()) return;\r\n\t\tptnM = Math.max(ptnM,t); ptnm = Math.min(ptnm,t);\r\n\t\tif(!ptn.includes(t)) ptn.push(t);\r\n\t}\r\n\tif(ptnm%2 || Math.abs(0x3C0+allsmpsz-ptnm) > 2) return;\r\n\tfor(ord=127,p = 0x3B8; p > 0x1C0; p-=4,ord--) if(X.U32(p,_BE) != t) break; else t = X.U32(p,_BE);\r\n\tptn = ptn.length; p = ptnM;\r\n\tfor(i = 0; i < 0x100; i++) if(X.U8(p) >= 0xC0) { i += 254-X.U8(p+1); p += 2 } else p += 4;\r\n\tsz = p;\r\n\treturn true\r\n}\r\nif(!bDetected && isPha()) {\r\n\tsName = \"Azatoth/Phenomena's Pha Packer module (.PHA)\"; bDetected = 1;\r\n\tif(X.isVerbose()) {\r\n\t\tsOption('ord:'+ord+' ptn:'+ptn+' ins:'+ins+' smp:'+smp+' sz:'+outSz(sz))\r\n\t}\r\n}\r\n\r\n\r\nfunction isSTM() {\r\n\t//ref https://github.com/OpenMPT/openmpt/blob/master/soundlib/Load_stm.cpp\r\n\tt = X.readBytes(0x14,8); for(i = 0; i < 8; i++) { if(t[i] < 0x20 || t[i] >= 0x7F) return false }\r\n\tfunction _isstm() {\r\n\t\tif([0x1A,2].indexOf(X.U8(0x1C)) < 0) return false;\r\n\t\tif([1,2].indexOf(X.U8(0x1D)) < 0) return false;\r\n\t\tif(!X.c(\"02\",0x1E)) return false;\r\n\t\tif([0,10,20,21].indexOf(X.U8(0x1F)) < 0) return false;\r\n\t\tif(X.U8(0x21) > 0x40) return false;\r\n\t\tgvol = X.U8(0x22);\r\n\t\tif(gvol > 0x40 && gvol != 0x58) return false;\r\n\t\tnVm = X.U8(0x1F); ptn = X.U8(0x21);\r\n\t\tif(nVm) maxord = 128; else maxord = 64;\r\n\t\tminsz = 0x30+31*0x20+maxord+ptn*256; if(X.Sz() < minsz) return false;\r\n\t\tsmp = 0; ord = -1; tracker = \"Sami 'Psi' Tammilehto's Scream Tracker 2 module\"; ext = \"STM\"; return true\r\n\t}\r\n\tfunction _isstx() {\r\n\t\tif(!X.c(\"'SCRM'\",0x3C)) return false;\r\n\t\tptnsz = X.U16(0x1C); if((ptnsz < 64 && ptnsz != 0x1A) || ptnsz > 0x840) return false;\r\n\t\tif(X.U16(0x1E) || X.U32(0x26) || X.U32(0x2C) != 1) return false;\r\n\t\tt = X.U8(0x2A); if(t > 0x40 && t != 0x58) return false;\r\n\t\tptn = X.U16(0x30); if(ptn > 64) return false;\r\n\t\tsmp = X.U16(0x32); if(smp > 96) return false;\r\n\t\tord = X.U16(0x34); if(ord > 0x81 && ord != 0x101) return false;\r\n\t\tptntp = X.U16(0x20)<<4; smptp = X.U16(0x22)<<4; chtp = X.U16(0x24)<<4;\r\n\t\tminsz = 0x40 + Math.max(ptntp+ptn*2, smptp+smp*2, chtp+32+ord*5); if(X.Sz() < minsz) return false;\r\n\t\tif(findIntersections([[ptntp,ptn*2], [smptp,smp*2],[chtp,32+ord*5]]).length) return false;\r\n\t\tfor(p=chtp+32,i=0; i < ord; i++,p+=5) {\r\n\t\t\tt = X.U8(p); if(t > 63 && t != 99 && t != 255) return false;\r\n\t\t}\r\n\t\ttracker = \"Sami 'Psi' Tammilehto's Scream Tracker Music Interface Kit module\"; ext = \"STX\"; return true;\r\n\t}\r\n\tisstm = _isstm(); if(!isstm) { isstx = _isstx(); if(!isstx) return false }\r\n\tsz = sz1 = minsz; smpn = []; max = 0;\r\n\r\n\tif(isstm) { //STM things\r\n\t\tfor(i = 0; i < 31; i++) {\r\n\t\t\tzero = X.U8(0x30+i*0x20+12);\r\n\t\t\tif(zero && zero != 46) return false;\r\n\t\t\tsmpn.push(X.SC(0x30+i*0x20,12,'CP437').trim());\r\n\t\t\tvar sofs = X.U16(0x30+i*0x20+0x0E,_LE) << 4;\r\n\t\t\tvar ssz = X.U16(0x30+i*0x20+0x10,_LE);\r\n\t\t\tif(ssz && sofs > 0x30 && sofs < X.Sz()) {\r\n\t\t\t\tif(ssz) sz1 = sofs+ssz;\r\n\t\t\t\t//Actually it seems that if ssz is 1 it still must be 0, but then it'll just ignore\r\n\t\t\t\t// the potentially interesting byte, so let's rip it too, just in case.\r\n\t\t\t\tif(sz1 > sz) sz = sz1;\r\n\t\t\t\t//We won't count it towards the smp counter though, that one's for the meaningful stuff.\r\n\t\t\t\tif(ssz > 1) smp++\r\n\t\t\t}\r\n\t\t}\r\n\t\tfor(i=0; i < maxord; i++) {\r\n\t\t\tt = X.U8(0x410+i);\r\n\t\t\tif(t === 99 || t === 255) t = 255;\r\n\t\t\telse if(t > 63) return false;\r\n\t\t\telse ord++;\r\n\t\t} ord++;\r\n\t}\r\n\telse if(isstx) { //STX things\r\n\t\tp = smptp; for(i = 0; i < smp; i++) {\r\n\t\t\tsi = X.U16(p+i*2) << 4;\r\n\t\t\tsmpn.push(X.SC(si+0x30,28,'CP437').trim());\r\n\t\t\tif(!si) continue;\r\n\t\t\tif(X.U8(si) === 1) {\r\n\t\t\t\tsofs = X.U16(si+14)<<4;\r\n\t\t\t\tif(sofs > max) {\r\n\t\t\t\t\tssz = X.U32(si+16); if(X.U8(si+31)&4) ssz *= 2; //16bit\r\n\t\t\t\t\t//if(ssz%16) ssz += 16-ssz%16; //the padding. Although STM2STX.EXE v1.0 doesn't pad\r\n\t\t\t\t\tmax = sofs; if(sz < max+ssz) sz = max+ssz\r\n\t\t\t\t}\r\n\t\t\t}\r\n\t\t}\r\n\t\tfmt = 1;\r\n\t\tif(ptntp && ptnsz != 0x1A) {\r\n\t\t\tp = X.U16(ptntp) << 4;\r\n\t\t\tif(p > X.Sz())\r\n\t\t\t\tif(X.isHeuristicScan()) {\r\n\t\t\t\t\tbad = bad.addIfNone(\"!badptnp\"); return true\r\n\t\t\t\t}\r\n\t\t\t\telse return false;\r\n\t\t\tif(X.U16(p) === ptnsz) fmt = 0;\r\n\t\t}\r\n\t\tfor(i=0,p=ptntp; i < ptn; i++,p+=2) {\r\n\t\t\tif((t=(X.U16(p)<<4)) > X.Sz())\r\n\t\t\t\tif(X.isHeuristicScan()) {\r\n\t\t\t\t\tbad = bad.addIfNone(\"!badptnp\"); return true\r\n\t\t\t\t}\r\n\t\t\t\tif(fmt == 0 && X.U16(t) > 0x840) return false\r\n\t\t} \r\n\t}\r\n\telse return false; return true\r\n}\r\nif(!bDetected && isSTM()) {\r\n\tsName = tracker+\" (.\"+ext+\")\"; bDetected = 1;\r\n\tif(X.isVerbose()) {\r\n\t\tsOptionT(X.SC(0,0x14,'CP437'));\r\n\t\tsOptionT(addEllipsis(smpn.filter(funSampleName).join(' ')),'smp/msg: \"','\"');\r\n\t\tif(ext === \"STM\") sVersion = \"v\"+X.U8(0x1E)+\".\"+nVm;\r\n\t\telse /*STX*/ sVersion = \"v1.\"+fmt;\r\n\t\ttmp0 = X.U8(0x20); gvol = X.U8(0x22);\r\n\t\tsOption(\"ord:\"+ord+\" ptn:\"+ptn+\" smp:\"+smp+\" gvol:\"+gvol+\" sz:\"+outSz(sz))\r\n\t}\r\n}\r\n\r\n\r\nfunction isIT() {\r\n\t//from https://github.com/OpenMPT/openmpt/blob/master/soundlib/Load_it.cpp et al.\r\n\t// Now, this detection is TOO MUCH\r\n\t// I'm still going to do as much as I can, but people should have a choice to live without most of it :D\r\n\t// Which is to say, do NOT use deepscan unless you need calcsize\r\n\tvar t = 0;\r\n\tif(X.c(\"'IMPM'\")) type = \"it\";\r\n\telse if(X.c(\"'tpm.'\")) type = \"mpt\";\r\n\telse return false;\r\n\tord = X.U16(0x20,_LE); if(!ord) t++;\r\n\tins = X.U16(0x22,_LE); if(ins > 0x63) t++;\r\n\tsmp = X.U16(0x24,_LE); if(smp > 255) t++;\r\n\tptn = X.U16(0x26,_LE); if(!ptn && !X.isHeuristicScan()) t++;\r\n\tif(X.Sz() < 0xC0+4*(ins+smp+ptn)) return false; //itfileheader size\r\n\tcwtv /*make*/ = X.U16(0x28,_LE); cmwt /*compat*/ = X.U16(0x2A,_LE);\r\n\tflags = X.U16(0x2C,_LE); special = X.U16(0x2E,_LE);\r\n\tgvol = X.U8(0x30); if(gvol > 0x80) t++;\r\n\tmvol = X.U8(0x31); if(mvol > 0x80) t++;\r\n\tspd0 = X.U8(0x32); if(!spd0) t++;\r\n\ttmp0 = X.U8(0x33); if(tmp0 < 31) t++;\r\n\tsep = X.U8(0x34); if(sep > 0x80) t++;\r\n\tmsglen = X.U16(0x36,_LE); msgofs = X.U32(0x38,_LE); if(msgofs+msglen > X.Sz()) t++;\r\n\tif(t > 2) return false; bad = \"\"; if(t) bad = bad.addIfNone(\"!badinitinfo\");\r\n\tpwd = X.U8(0x35);\r\n\tnreserved = X.U32(0x3C,_LE); sreserved = X.SA(0x3C,4);\r\n\ttracker = auth = \"\"; mVlsw = mVcw = sV =\"?\"; ch = 1; cord = 0; sz = -1;\r\n\tvar mptp = 0, lastsmpofs = 0; type = \"it\"; chnm = []; insnlst = []; smpnlst = [];\r\n\tif(X.isDeepScan()) {\r\n\t\t//The DeepScan part of the crazily complex Impulse Tracker/MPTM detection\r\n\t\t//Would be much easier if we didn't have to calculate the size! But we do, so there we go.\r\n\t\tconst ITSampleSz = 0x50, ITHistorySz = 8, verLoadLimit = 0x1000;\r\n\t\tconst sEmbedMsg = 1, sEditHistory = 2, sEmbedPtnHL = 4, sEmbedMIDIC = 8;\r\n\t\tconst fEmbedMIDIC = 0x80, fEFR = 0x1000;\r\n\t\tvar interpretModPlugMade = false; var FFchnpan = X.fSig(0x40,0x40,\"FF\") >= 0;\r\n\t\tvar mptV = 0;\r\n\t\tfunction itV(v) { return v.slice(0,1)+'.'+v.slice(1,3)+'.'+v.slice(3,5)+'.'+v.slice(5,7) }\r\n\r\n\t\t//TODO this↓ part is not ripper-friendly but thankfully also likely unnecessary:\r\n\t\tif(X.c(\"'tpm.'\")) { type = \"mpt\";\r\n\t\t\tp = X.Sz()-4; mptp = X.U32(p,_LE);\r\n\t\t\tif(X.c(\"'228'04'mptm'\",mptp)) sz = X.Sz(); else mptp = 0;\r\n\t\t} else {\r\n\t\t\tif(0x888 < cwtv <= 0xFFF) {\r\n\t\t\t\tp = X.Sz()-4; mptp = X.U32(p,_LE);\r\n\t\t\t\tif(0x100 <= mptp < X.Sz()-4)\r\n\t\t\t\t\tif(X.c(\"'228'04'mptm'\",mptp)) {\r\n\t\t\t\t\t\ttype = \"mpt\"; sz = X.Sz(); if(cwtv >= verLoadLimit) {\r\n\t\t\t\t\t\t\tsV = \"future\"; charset = \"UTF8\"; extsmp = 0; return true }\r\n\t\t\t\t\t} else mptp = 0;\r\n\t\t\t\t//if the above fails, there's a near-zero chance the ords will be misread and everything goes oof\r\n\t\t\t\t//that's expected behaviour, as the v1.17.02.46 format was experimental :)\r\n\t\t\t}\r\n\t\t\t//detecting made-with, part 1 of 3496987\r\n\t\t\tif(type === \"it\") {\r\n\t\t\t\tif((cwtv & 0xF000) === 0x5000) {\r\n\t\t\t\t\tmptV = (cwtv&0xFFF) << 16;\r\n\t\t\t\t\tif(X.c(\"'OMPT'\",0x3C)) interpretModPlugMade = true;\r\n\t\t\t\t\telse if(mptV >= 0x01290000) mptV |= nreserved & 0xFFFF;\r\n\t\t\t\t\tmVlsw = itV(mptV.toString(16).toUpperCase().padStart(7,'0'));\r\n\t\t\t\t} else if(cwtv === 0x888 || cmwt === 0x888) {\r\n\t\t\t\t\tinterpretModPlugMade = true; mVlsw = \"1.17.00.00\";\r\n\t\t\t\t} else if(cwtv === 0x214 && cmwt === 0x202 && !nreserved) {\r\n\t\t\t\t\tmVlsw = \"1.09.00.00\"; tracker = \"ModPlug Tracker b3.2 - 1.09\";\r\n\t\t\t\t\tinterpretModPlugMade = true\r\n\t\t\t\t} else if(cwtv === 0x300 && cmwt === 0x300 && !nreserved\r\n\t\t\t\t\t\t\t&& ord === 256 && sep === 128 && !pwd) {\r\n\t\t\t\t\tmVlsw = \"1.17.02.20\"; interpretModPlugMade = true\r\n\t\t\t\t}\r\n\t\t\t}\r\n\t\t}\r\n\t\tvar b32ord = -1, lastord = 0;\r\n\t\t// 32bit orders: a deprecated format. OpenMPT 1.17.02.46 - 1.17.02.48.\r\n\t\tif(type === \"mpt\" && 0x88A < cwtv && cwtv <= 0x88D) {\r\n\t\t\tp = 0xC0; if(X.U16(p,_LE)) return false; p += 2;\r\n\t\t\tb32ord = X.U32(p,_LE); p += 4;\r\n\t\t\tif(b32ord > 256 || X.Sz() < p+b32ord*4) return false\r\n\t\t} else p = 0xC0;\r\n\t\tif(b32ord >= 0) ord = b32ord;\r\n\t\tfor(i=0; i < ord; i++)\r\n\t\t\tif(b32ord < 0) { o = X.U8(p++);\r\n\t\t\t\tif(o === 0xFE) lastord = 0xFFFE; else { cord++; if(o === 0xFF) lastord = 0xFFFF } }\r\n\t\t\telse { o = X.U32(p,_LE); p += 4; lastord = o; cord++ }\r\n\r\n//_log(\"read pointers & find the smallest @\"+Hex(p));\r\n\t\t//TODO maybe, at some point in the future, autodetect b32ord\r\n\t\t//by making sure these pointers actually lead to intended things, and trying the b32 way if not\r\n\t\tminp = 0xFFFFFFFF;\r\n\t\tvar insp = []; for(i=0; i < ins; i++) { t = X.U32(p,_LE); p += 4;\r\n\t\t\tif(t <= p || t > X.Sz()) return false;\r\n\t\t\tq = X.readBytes(t+0x20,0x1A,true); q = decEncoding(q,CP437,false).trim(); if(q != \"\") insnlst.push(q);\r\n\t\t\tif(sz < t) sz = t; if(t && t < minp) minp = t; insp.push(t) }\r\n\t\tvar smpp = []; for(i=0; i < smp; i++) { t = X.U32(p,_LE); p += 4;\r\n\t\t\tif(t > X.Sz()) bad = bad.addIfNone(\"!short\");\r\n\t\t\tq = X.readBytes(t+0x14,0x1A,true); q = decEncoding(q,CP437,false).trim(); if(q != \"\") smpnlst.push(q);\r\n\t\t\tif(sz < t) sz = t; if(t && t < minp) minp = t; smpp.push(t) }\r\n\t\tvar ptnp = []; for(i=0; i < ptn; i++) { t = X.U32(p,_LE); p += 4;\r\n\t\t\tif((t > 0x1E && t <= p) || t > X.Sz()) return false;\r\n\t\t\tif(sz < t) sz = t; if(t && t < minp) minp = t; ptnp.push(t) }\r\n\t\tif(special & sEmbedMsg) { minp = Math.min(minp,msgofs);\r\n\t\t\tif(sz < msgofs+msglen) sz = msgofs+msglen }\r\n\t\tvar possiblyUNMO3 = cmwt === 0x214 && (!cwtv || cwtv === 0x214)\r\n\t\t && !X.U16(0x1E) && !pwd && !nreserved && !(flags & 0xC0);\r\n\t\tif(possiblyUNMO3 && !ins && smp && p+4*smpp.length+2 <= minp) {\r\n\t\t\tvar oldUNMO3 = true;\r\n\t\t\tfor(i=0; i < smp; i++)\r\n\t\t\t\tif(X.U32(p)) { oldUNMO3 = false; p -= i*4; break } else p += 4;\r\n\t\t\tif(oldUNMO3) tracker = \"UNMO3 <= v2.4\";\r\n\t\t}\r\n\t\tif(possiblyUNMO3 && !cwtv) tracker = \"UNMO3 v0/1\";\r\n\t\tif(special & sEditHistory) {\r\n\t\t\t//is edit history stored?\r\n\t\t\tvar nflt = X.U16(p);\r\n\t\t\tif(X.Sz() > p+nflt*8 && p+nflt*8 <= minp) {\r\n\t\t\t\tp += 2+nflt*8;\r\n\t\t\t\tif(possiblyUNMO3 && !nflt)\r\n\t\t\t\t\tif(special & sEmbedPtnHL) tracker = \"UNMO3 <= 2.4.0.1\";\r\n\t\t\t\t\telse tracker = \"UNMO3\"\r\n\t\t\t}\r\n\t\t} else if(possiblyUNMO3 && special <= 1 && !X.U16(p)) {\r\n\t\t\ttracker = \"UNMO3 <= 2.4\"; p += 2\r\n\t\t}\r\n\t\tvar hasMIDIC = (flags & fEmbedMIDIC) || (special & sEmbedMIDIC), u = 0;\r\n\t\tif(hasMIDIC) p += 0x1320; if(p > X.Sz()) return false;\r\n//_log(\"chunks expected @\"+Hex(p));\r\n\t\tvar isBeroTracker = hasPluginChunks = hasMPTM = false;\r\n\t\twhile(p+9 < X.Sz()) {\r\n\t\t\thkhd = X.SA(p,4); hksz = X.U32(p+4,_LE);\r\n//_log(hkhd+\":\"+Hex(p));\r\n\t\t\tif(hkhd === \"MODU\") isBeroTracker = true;\r\n\t\t\telse if(hkhd === \"CNAM\") { ch = hksz/20; u = p+8; hasMPTM = true;\r\n\t\t\t\tfor(i = 0; i < ch; i++) {\r\n\t\t\t\t\tt = X.SA(u,20).trim(); u += 20;\r\n\t\t\t\t\tif(t != \"\") chnm.push(t);\r\n\t\t\t\t}\r\n\t\t\t}\r\n\t\t\telse if(hkhd === \"PNAM\") hasMPTM = true;\r\n\t\t\telse if(hkhd === \"CHFX\" || /F[X0-9]\\d\\d/.test(hkhd)) hasPluginChunks = true;\r\n\t\t\tif([\"IMPI\",\"IMPS\",\"XTPM\",\"STPM\"].indexOf(hkhd) >= 0\r\n\t\t\t || p+8+hksz > X.Sz() || p >= msgofs)\r\n\t\t\t\tbreak;\r\n\t\t\t//PNAM may have fun info but that's for when someone feels less tedium otherwise\r\n\t\t\telse p += 8+hksz\r\n\t\t}\r\n\t\tif(cwtv === 0x217 && cmwt === 0x200 && !nreserved && !isBeroTracker) {\r\n\t\t\tif(hasMPTM || (ord > 0 && lastord == 0xFFFF) || FFchnpan) {\r\n\t\t\t\tmVlsw = \"1.16.00.00\"; tracker = \"ModPlug Tracker 1.09-16\";\r\n\t\t\t} else {\r\n\t\t\t\tmVlsw = \"1.17.00.00\"; tracker = \"OpenMPT 1.17 (compat.export)\";\r\n\t\t\t}\r\n\t\t\tinterpretModPlugMade = true\r\n\t\t}\r\n\r\n\t\tvar lastsmpofs = (smp > 0 ? smpp[smp-1]+ITSampleSz : p); var lastsmpco = false;\r\n\r\n// Deriving the size of just the last sample (it might already be tasking indeed)\r\n\t\tconst/*for IT sample flags*/ s16b=2,sSt=4,sCo=8;\r\n\t\tconst/*for cvt flags*/ cSS=1,cBE=2,cD=4,cTo16=8,cOPL=0x40,cExt=0x80,cPCM=0xFF;\r\n\t\t //Possible codec values:\r\n\t\t //\"sPCM\" \"uPCM\" \"dPCM\" \"fPCM\" \"IT214\" \"IT215\" \"AMS\" \"DMF\" \"MDL\" \"8d16\"\r\n\t\t //\"ADPCM\" \"MT2\" \"fPCM15\" \"fPCM23\" \"fPCMn\" \"sPCMn\" \"uLaw\" \"aLaw\"\r\n\t\textsmp = []; var possibleXMconv = false;\r\n\t\tSs = []; //for gathering all info\r\n\t\tmaxsmpofs = -1;\r\n\t\tfor(i=0; i < smp; i++) {\r\n\t\t\tif(!smpp[i]) continue;\r\n\t\t\tif(smpp[i] > X.Sz()) { bad = bad.addIfNone(\"!short\"); continue }\r\n\t\t\tif(!X.c(\"'IMPS'\",smpp[i])) bad = bad.addIfNone(\"!badsmp\");\r\n//_log(X.SA(smpp[i]+4,13)+\": \"+decAnsi(smpp[i]+0x14,0x1A,CP437,false).trim()+\" @\"+Hex(smpp[i]))\r\n\t\t\tvar sf = X.U8(smpp[i]+0x12); var cvt = X.U8(smpp[i]+0x2E);\r\n\t\t\tvar slen = X.U32(smpp[i]+0x30); var smpofs = X.U32(smpp[i]+0x48);\r\n\t\t\tS = { \"ofs\":0, \"slen\":0,\r\n\t\t\t\t\"bits\":(sf & s16b)? 16 : 8, \"chn\":1,// 1 channel if mono, 2 if joint or split stereo\r\n\t\t\t\t\"en\":\"LE\",\"codec\":\"sPCM\",\"bps\":0,\"length\":0 //length is calculated from length in samples\r\n\t\t\t};\r\n\t\t\tp = smpofs; S[\"ofs\"] = smpofs; S[\"slen\"] = slen;\r\n\t\t\tif(cvt === cOPL) p += 12;\r\n\t\t\telse if(cvt === cExt) {\r\n\t\t\t\tt = readVarUInt(p); extsmp.push(X.SA(p+1,t[1]));\r\n\t\t\t\tp += t[0]+t[1]; }\r\n\t\t\telse if(X.c(\"'fLaC'\",smpofs)) { S[\"codec\"] = \"FLAC\" }\r\n\t\t\telse if(X.c(\"'OggS'\",smpofs)) { S[\"codec\"] = \"Ogg\" }\r\n\t\t\telse { //GetSampleFormat\r\n\t\t\t\tS[\"codec\"] = (cvt & cSS) ? \"sPCM\" : \"uPCM\";\r\n\t\t\t\tif((sf & sSt) && cwtv >= 0x214) S[\"chn\"] = 2;\r\n\t\t\t\tif(sf & sCo)\r\n\t\t\t\t\tS[\"codec\"] = (cvt & cD) ? \"IT215\" : \"IT214\";\r\n\t\t\t\telse {\r\n\t\t\t\t\tif(!(sf & s16b) && cvt == cPCM) S[\"codec\"] = \"ADPCM\";\r\n\t\t\t\t\telse {\r\n\t\t\t\t\t\tif(cvt & cBE) S[\"en\"] = \"BE\";\r\n\t\t\t\t\t\tif(cvt & cD) S[\"codec\"] = \"dPCM\";\r\n\t\t\t\t\t\tif(cvt & cTo16) S[\"codec\"] = \"8d16\"\r\n\t\t\t\t\t}\r\n\t\t\t\t}\r\n\t\t\t\tswitch(S[\"codec\"]) {\r\n\t\t\t\tcase \"sPCM\": case \"uPCM\": case \"dPCM\": case \"fPCM\": case \"MT2\": case \"fPCM15\":\r\n\t\t\t\tcase \"fPCM23\": case \"fPCMn\": case \"sPCMn\": S[\"bps\"] = S[\"bits\"]; break;\r\n\t\t\t\tcase \"8d16\": S[\"bps\"] = 16; break;\r\n\t\t\t\tcase \"ADPCM\": S[\"bps\"] = 4; break; //encoded header size for this one is 16, 0 otherwise\r\n\t\t\t\tcase \"uLaw\": case \"aLaw\": S[\"bps\"] = 8; break;\r\n\t\t\t\t//case \"IT214\": case \"IT215\": case \"AMS\": case \"DMF\": case \"MDL\": S[\"bps\"] = 0; //and\r\n\t\t\t\tdefault: S[\"bps\"] = 0 //variable length-encoded\r\n\t\t\t\t}\r\n\t\t\t\tif(!S[\"bps\"]) lastsmpco = true; //...and we'll decompress it further down\r\n\t\t\t\telse {\r\n\t\t\t\t\tS[\"length\"] = slen*S[\"chn\"]*(S[\"bps\"]>>3);\r\n\t\t\t\t\tp += S[\"length\"];\r\n\t\t\t\t}\r\n\t\t\t\tSs[i] = S;\r\n\t\t\t} //GetSampleFormat\r\n\t\t\tif(lastsmpofs < p) lastsmpofs = p; if(sz < lastsmpofs) sz = lastsmpofs;\r\n\t\t\tif(S[\"codec\"] === \"uPCM\" && slen) possibleXMconv = true;\r\n//_log(X.SA(smpp[i]+0x14,0x1A)+\" @\"+Hex(smpofs)+\": sf:\"+Hex(sf)+\" [\"+S[\"codec\"]+\"] slen:\"+slen+\" ch:\"+S[\"chn\"]+\" bps:\"+S[\"bps\"]+\" bits:\"+S[\"bits\"]+\", ends @\"+Hex(smpofs+S[\"length\"]));\r\n\t\t}\r\n// Load_it.cpp:845\r\n\t\tif(possibleXMconv && cwtv === 0x204 && cmwt === 0x200 && !special && !nreserved\r\n\t\t && (flags & (~8)) === 0x15 && gvol === 128 && mvol === 48\r\n\t\t && sep === 128 && !pwd && !msglen) {\r\n\t\t\tfor(i=0; i < 64; i++) if([0x20,0x40].indexOf(X.U8(0x40+i)) < 0) {\r\n\t\t\t\tpossibleXMconv = false; break } //testing pans\r\n\t\t\tif(possibleXMconv) for(i=0; i < 64; i++) if(X.U8(0x80+i) != 0x40) {\r\n\t\t\t\tpossibleXMconv = false; break } //testing vols\r\n\t\t\tif(possibleXMconv) for(i=20; i < 26; i++) if(X.U8(4+i)) {\r\n\t\t\t\tpossibleXMconv = false; break } //testing songname\r\n\t\t\tif(possibleXMconv) tracker = \"XM Conversion\"\r\n\t\t}\r\n// Load_it.cpp:885 :: Scan all of the patterns to see how many channels we need\r\n\t\tfor(i=0; i < ptn; i++) { t = ptnp[i];\r\n\t\t\tif(!t || t > X.Sz()) continue;\r\n\t\t\tvar len = X.U16(t,_LE), rows = X.U16(t+2,_LE); t += 4;\r\n\t\t\tif(!rows || rows > 0x400 || t+4 > X.Sz()) continue; p = t+4;\r\n\t\t\tvar chnMask = [], row = 0;\r\n\t\t\twhile(row < rows && p < X.Sz()) {\r\n\t\t\t\tvar y = X.U8(p++); if(!y) { row++; continue }\r\n\t\t\t\tvar c = y&0x7F; if(c) c--;\r\n\t\t\t\tif(y&0x80) chnMask[c] = X.U8(p++);\r\n\t\t\t\tif(chnMask[c] & 0x0F) if(ch <= c && c < 0x7F) ch = c+1;\r\n\t\t\t\tif(chnMask[c] & 1) p++; if(chnMask[c] & 2) p++;\r\n\t\t\t\tif(chnMask[c] & 4) p++; if(chnMask[c] & 8) p += 2;\r\n\t\t\t}\r\n\t\t\tif(lastsmpofs < p) lastsmpofs = p; if(sz < lastsmpofs) sz = lastsmpofs\r\n\t\t}\r\n\t\tif(!ch) ch = 1;\r\n//find the expected length of the final compressed sample\r\n\t\tif(lastsmpofs) { p = lastsmpofs;\r\n\t\t\tif(lastsmpco) {\r\n\t\t\t\tS = Ss[Ss.length-1];\r\n\t\t\t\t//smp length calc\r\n\t\t\t\tif(S[\"bps\"])\r\n\t\t\t\t\tif(S[\"bps\"]%8) S[\"length\"] = (S[\"codec\"] == \"ADPCM\"?16:0)\r\n\t\t\t\t\t\t\t+Math.ceil((slen+1)/2*S[\"ch\"]);\r\n\t\t\t\t\telse S[\"length\"] = (S[\"codec\"] == \"ADPCM\"?16:0)\r\n\t\t\t\t\t\t\t+S[\"slen\"]*S[\"bps\"]/8*S[\"chn\"];\r\n\t\t\t\telse { //let the crazy shit begin.\r\n\t\t\t\t\t// ref https://github.com/nicolasgramlich/AndEngineMODPlayerExtension/blob/master/jni/loaders/itsex.c\r\n\t\t\t\t\t// but mainly OpenMPT's SampleIO::ReadSample :142\r\n\t\t\t\t\tif(S[\"bps\"] == 4 && S[\"chn\"] == 1 && S[\"en\"] == \"LE\" && S[\"codec\"] == \"ADPCM\") {\r\n\t\t\t\t\t\tS[\"length\"] = 16+(S[\"slen\"]+1)/2; p += S[\"length\"]\r\n\t\t\t\t\t} else if(S[\"slen\"] > 1 && (S[\"codec\"] === \"IT214\" || S[\"codec\"] === \"IT215\")) { //:165\r\n\t\t\t\t\t\t// Let's try a quick-n-dirty first.\r\n\t\t\t\t\t\tvar u = p, ulen = 0, quickndirty = 0;\r\n\t\t\t\t\t\twhile(u < X.Sz() && ulen < S[\"slen\"] /*packers have their limits*/) {\r\n\t\t\t\t\t\t\tif(X.c(\"'XTPM'\",u) || X.c(\"'STPM'\",u) || X.c(\"'228'04'mptm'\",u))\r\n\t\t\t\t\t\t\t\t{ quickndirty = 1; p = u; break }\r\n\t\t\t\t\t\t\tucsz = X.U16(u,_LE); ulen += ucsz; u += 2+ucsz;\r\n\t\t\t\t\t\t}\r\n\t\t\t\t\t\tif(quickndirty) { p = u } else {\r\n\t\t\t\t\t\t//orrrr if no MPTX block is present, we gotta do it the hard way I guess :<\r\n\t\t\t\t\t\t//ITDecompression(file,sample,getencoding=it215)\r\n\t\t\t\t\t\tvar bit_n = bit_buf = cend = readdef = 0;\r\n\t\t\t\t\t\tfunction readBits(b) {\r\n\t\t\t\t\t\t\twhile(bit_n < b) { bit_buf |= Util.shlu64(X.U8(p++),bit_n); bit_n += 8 }\r\n\t\t\t\t\t\t\tvar v = bit_buf & (Util.shlu64(1,b) - 1); bit_buf = Util.shru64(bit_buf,b); bit_n -= b;\r\n\t\t\t\t\t\t\t//if(p <= X.Sz()) return v; else return 0 }\r\n\t\t\t\t\t\t\treturn v }\r\n\r\n\t\t\t\t\t\tif(S[\"bits\"] == 16) { fetchA=4, lowerB=-8, upperB=7, defW=17 }\r\n\t\t\t\t\t\telse { fetchA=3, lowerB=-4, upperB=3, defW=9 }\r\n\t\t\t\t\t\tfor(c = 0; c < S[\"chn\"]; c++) { //ITCompression.cpp:322\r\n\t\t\t\t\t\t\tvar rs = S[\"slen\"], v = csz = clen = topbit = 0;\r\n\t\t\t\t\t\t\tcend = p;\r\n\t\t\t\t\t\t\twhile(rs && p < X.Sz()) { //:325\r\n\t\t\t\t\t\t\t\tcsz = X.U16(p,_LE); p += 2; cend = p+csz;\r\n\t\t\t\t\t\t\t\tif(!csz) { readdef = 10; _log(\"IT @\"+Hex(p)+\" malformed sample?\"); continue }\r\n\t\t\t\t\t\t\t\tif(cend > X.Sz()) { c = 0xE0F; bad = bad.addIfNone(\"!short\"); break }\r\n\t\t\t\t\t\t\t\tclen = Math.min(rs, 0x8000>>(S[\"bits\"]>>4));\r\n\t\t\t\t\t\t\t\tvar w = defW; bit_buf = bit_n = 0;\r\n\t\t\t\t\t\t\t\twhile(clen && p < X.Sz()) { //:357\r\n\t\t\t\t\t\t\t\t\tif(w > defW) {\r\n//_log(\"! IT @\"+Hex(p)+\" w=\"+Hex(w)+\" > \"+defW+\" rs:\"+rs+\" clen:\"+Hex(clen)+\" cend:\"+Hex(cend));\r\n\t\t\t\t\t\t\t\t\t\tbad = bad.addIfNone(\"!badITsmp\"); rs = 0; break }\r\n\t\t\t\t\t\t\t\t\tv = readBits(w); topbit = 1<<(w-1);\r\n\t\t\t\t\t\t\t\t\tif(w < 7) {\r\n\t\t\t\t\t\t\t\t\t\tif(v == topbit) {\r\n\t\t\t\t\t\t\t\t\t\t\tv = readBits(fetchA)+1; if(v >= w) v++; w = v; continue\r\n\t\t\t\t\t\t\t\t\t\t}\r\n\t\t\t\t\t\t\t\t\t} else if(w < defW) {\r\n\t\t\t\t\t\t\t\t\t\tif(v >= topbit+lowerB && v <= topbit+upperB) {\r\n\t\t\t\t\t\t\t\t\t\t\tv -= topbit-1+lowerB; if(v >= w) v++; w = v;\r\n\t\t\t\t\t\t\t\t\t\t\tcontinue\r\n\t\t\t\t\t\t\t\t\t\t}\r\n\t\t\t\t\t\t\t\t\t} else if(v & topbit) { w = (v&0xFF)+1; continue }\r\n\t\t\t\t\t\t\t\t\tclen--; rs--\r\n\t\t\t\t\t\t\t\t}\r\n\t\t\t\t\t\t\t}\r\n\t\t\t\t\t\t\tif(p > X.Sz()) bad = bad.addIfNone(\"!short\");\r\n\t\t\t\t\t\t} } //if quickndirty else\r\n\t\t\t\t\t} //if IT215||IT214\r\n\t\t\t\t\telse if(S[\"codec\"] === \"FLAC\") {\r\n\t\t\t\t\t\t//TODO, or maybe not\r\n\t\t\t\t\t} else if(S[\"codec\"] === \"Ogg\") {\r\n\t\t\t\t\t\t//TODO, or maybe not\r\n\t\t\t\t\t} else if(S[\"codec\"] === \"AMS\" && S[\"chn\"] == 1) { //SampleIO:170\r\n\t\t\t\t\t\t//TODO test it at least\r\n\t\t\t\t\t\tsOption(\"\\n!!! Please send this file to the detector dev!!! Poor fella hasn't any to test on\")\r\n\t\t\t\t\t\tvar srcsz = X.U32(p+4,_LE), pc = X.U8(p+8);\r\n\t\t\t\t\t\tS[\"length\"] = srcsz+9\r\n\t\t\t\t\t} else if(S[\"codec\"] === \"8d16\" && S[\"chn\"] == 1 && S[\"bps\"] == 16) {\r\n\t\t\t\t\t\tsOption(\"\\n!!! Please send this file to the detector dev!!! Poor fella hasn't any to test on\")\r\n\t\t\t\t\t\t//TODO CopyMonoSample(sample, source, fsize)\r\n\t\t\t\t\t} else if(S[\"codec\"] === \"MDL\" && S[\"chn\"] == 1 && S[\"bps\"] <= 16) {\r\n\t\t\t\t\t\tvar srcsz = X.U32(p); S[\"length\"] = 4+srcsz\r\n\t\t\t\t\t} else if(S[\"codec\"] === \"DMF\" && S[\"chn\"] == 1 && S[\"bps\"] <= 16) {\r\n\t\t\t\t\t\tsOption(\"\\n!!! Please send this file to the detector dev!!! Poor fella hasn't any to test on\")\r\n\t\t\t\t\t\t//TODO DMFUnpack, or not to do\r\n\t\t\t\t\t} else if((S[\"codec\"] === \"uLaw\" || S[\"codec\"] === \"aLaw\") /*TODO && mono or stereoInterleaved */ && S[\"bps\"] == 16) {\r\n\t\t\t\t\t\tS[\"length\"] = S[\"slen\"]*S[\"chn\"]\r\n\t\t\t\t\t}\r\n\t\t\t\t} //actual length teller\r\n\t\t\t\tif(sz < p) sz = p\r\n\t\t\t}\r\n\t\t}\r\n\t\tvar bLoadXIProps = false;\r\n\t\tif(X.c(\"'XTPM'\",p)) { // 'MPTX'\r\n\t\t\tp += 4;\r\n\t\t\twhile(p+6 < X.Sz()) {\r\n\t\t\t\tt = X.SA(p,4); it = X.U32(p);\r\n\t\t\t\tif(t === \"STPM\" || t === \"228\\x04\" || (it&0x80808080) || !(it&0x60606060)) break;\r\n\t\t\t\tvar prsz = X.U16(p+4,_LE); p += 6;\r\n\t\t\t\tfor(i=0; i < ins; i++) p += prsz\r\n\t\t\t}\r\n\t\t\tbLoadXIProps = true;\r\n\t\t\tif(sz < p) sz = p;\r\n\t\t}\r\n// Load_it.cpp:978\r\n\t\tinterpretModPlugMade |= bLoadXIProps;\r\n// Load_it.cpp:985\r\n\t\tif(X.c(\"'STPM'\",p)) {\r\n\t\t\tp += 4;\r\n\t\t\twhile(p+7 < X.Sz()) {\r\n\t\t\t\tt = X.SA(p,4); it = X.U32(p);\r\n\t\t\t\tprsz = X.U16(p+4,_LE);\r\n\t\t\t\tif(t === \"228\\x04\" || t == \"228\\x02\") { mptp = p; break; } //TODO check for 228\\x02TC!\r\n\t\t\t\tif((it&0x80808080) || !(it&0x60606060) || p+6+prsz > X.Sz()) break;\r\n\t\t\t\tp += 6;\r\n\t\t\t\tswitch(t) {\r\n\t\t\t\tcase \"...C\": var chn = 0;\r\n\t\t\t\t\tswitch(prsz) {\r\n\t\t\t\t\tcase 2: chn = X.U16(p,_LE); break; case 3: chn = X.U24(p,_LE); break;\r\n\t\t\t\t\tcase 4: chn = X.U32(p,_LE); break; default: chn = X.U8(p) }\r\n\t\t\t\t\tif(chn > ch) ch = chn; break;\r\n\t\t\t\tcase \".VWC\": var v = 0;\r\n\t\t\t\t\tswitch(prsz) {\r\n\t\t\t\t\tcase 1: v = X.U8(p); break; case 2: v = X.U16(p,_LE); break;\r\n\t\t\t\t\tcase 3: v = X.U24(p,_LE); break; case 8: v = X.U64(p,_LE); break;\r\n\t\t\t\t\tdefault: v = X.U32(p,_LE) }\r\n\t\t\t\t\tif(v) mVcw = itV(v.toString(16).toUpperCase().padStart(7,'0')); break;\r\n\t\t\t\tcase \"VWSL\": var v = 0;\r\n\t\t\t\t\tswitch(prsz) {\r\n\t\t\t\t\tcase 1: v = X.U8(p); break; case 2: v = X.U16(p,_LE); break;\r\n\t\t\t\t\tcase 3: v = X.U24(p,_LE); break; case 8: v = X.U64(p,_LE); break;\r\n\t\t\t\t\tdefault: v = X.U32(p,_LE) }\r\n\t\t\t\t\tif(v) mVlsw = itV(v.toString(16).toUpperCase().padStart(7,'0')); break;\r\n\t\t\t\tcase \"AUTH\":\r\n\t\t\t\t\tauth = X.SC(p,prsz,\"UTF8\"); break;\r\n\t\t\t\t}\r\n\t\t\t\tp += prsz;\r\n\t\t\t}\r\n\t\t\tif(sz < p) sz = p;\r\n\t\t}\r\n\r\n\t\ttunings = 0;\r\n\t\tif(X.c(\"'HSCT'\",p)) { //the first-ever way of storing the tunings in an mptm\r\n//tuningCollection.cpp\r\n\t\t\tvar skip = false; var v = X.I32(p+4,_LE); p += 8;\r\n\t\t\tif(v == 1) { //can't find any files to test this\r\n\t\t\t\tsOption(\"Please send this file to the detection author!!! This is ultra-rare, how did you make it?!\");\r\n\t\t\t\tp += X.U32(p); p += 4+Math.min(256,l)\r\n\t\t\t} else if( v == 2 ) {\r\n//_log(\"tunings text: \"+X.UCSD(p));\r\n\t\t\t\tp += 1+X.U8(p);\r\n\t\t\t} else { skip = true; bad = bad.addIfNone(\"!badtuningver\") }\r\n\t\t\tif(!skip) {\r\n\t\t\t\ttunings = X.U32(p+2); p += 6;\r\n\t\t\t\tt = X.fSig(p,0x1000,\"'FSCT'\"); if(t >= p) p = t+4;\r\n\t\t\t}\r\n\t\t\tif(sz < p) sz = p;\r\n\t\t}\r\n\t\telse if(X.c(\"'228'04'mptm'\",p)) { //TODO there can be old-ass tunings instead here\r\n\t\t\tif(!mptp) mptp = p;\r\n// Load_it.cpp:1299\r\n\t\t\tfunction readaintle(bits) { //ReadAdaptiveInt32LE et al.\r\n\t\t\t\tvar b = 0, add = 0, r = 0, oldp = p;\r\n\t\t\t\tif(p+1 < X.Sz()) { b = X.U8(p++);\r\n\t\t\t\t\tif(bits == 16) add = b & 1; else if(bits == 32) add = b & 3;\r\n\t\t\t\t\telse if(bits == 64) add = (1<<(b&3))-1; else return 0;\r\n\t\t\t\t\tif(bits == 16) r = b >> 1; else r = b >> 2;\r\n\t\t\t\t\tfor(var i=0; i < add; i++) { b = 0;\r\n\t\t\t\t\t\tif(p+1 < X.Sz()) { b = X.U8(p++); r |= b << ((i+1)*8-2);\r\n\t\t\t\t\t\t} else return 0 }\r\n\t\t\t\t} else return 0;\r\n\t\t\t\treturn r\r\n\t\t\t}\r\n// serialization_utils.cpp:399\r\n\t\t\tfunction mptBeginRead() {\r\n\t\t\t\tif(!X.c(\"'228'\",p)) return false; posstart = p; p += 3;\r\n\t\t\t\tvar l = X.U8(p++); h = X.SA(p,l); p += l;\r\n\t\t\t\tflagbyte = 0; hd = X.U8(p++);\r\n\t\t\t\tidbytes = ((hd & 3) === 3) ? 4 : (hd & 3); twochar = hd&(1<<6);\r\n\t\t\t\thsz = readaintle(32);\r\n\t\t\t\tif(hsz > 1) { t = X.U8(p++); if(!t) flagbyte = X.U8(p); p += hsz-1 }\r\n\t\t\t\tif(hd & (1<<4)) t = readaintle(64); var srlV = itV(t.toString(16).toUpperCase().padStart(7,'0'));\r\n\t\t\t\tif(mVlsw === \"?\") mVlsw = srlV+\"[mptinfo]\";\r\n\t\t\t\tif(hd & (1<<5)) p += X.U8(p++); //:477\r\n\t\t\t\tif(flagbyte & 1) { t = X.U8(p++);\r\n\t\t\t\t\tif(t&1) idbytes = 65535; else idbytes = t >> 1 }\r\n\t\t\t\tfes = 0; if(flagbyte & (1<<1)) fes = readaintle(32); //:496\r\n\t\t\t\thasstartpos=hd&(1<<2); hassz=hd&(1<<3); hasid=idbytes; hasdesc=hd&(1<<7);\r\n\t\t\t\thasmap = hasid || hasstartpos || hassz || hasdesc;\r\n\t\t\t\tif(flagbyte&(1<<2)) { t = readaintle(16); //:512\r\n//_log(\" @\"+Hex(p)+\" desc[\"+t+\"]:\"+(twochar ? X.SC(p,t,\"UTF8\") : X.SA(p,t)));\r\n\t\t\t\t p += t*(twochar ? 2 : 1) }\r\n\t\t\t\tif(flagbyte&(1<<3)) p += 5; //:517\r\n\t\t\t\tentries = readaintle(64); //if(entries > 16000) break;\r\n\t\t\t\tif(hasmap) t = readaintle(64); if(p > X.Sz()) return false; //:533\r\n\t\t\t\t//endOfHdrData = rposEndOfHdrData = p-posstart;\r\n\t\t\t\trposMapBegin = hasmap ? t : p-posstart;\r\n\t\t\t\treturn true\r\n\t\t\t}\r\n\r\n\t\t\tif(mptBeginRead()) {\r\n// serialization_utils.cpp:558\r\n//I've left the pieces of map code intact in case there's fun in finding out what MPT-only tweaks there are\r\n\t\t\t\tif(hasmap || fes) {\r\n\t\t\t\t\tp = posstart+rposMapBegin;\r\n\t\t\t\t\t//var idArray = [], mapdata = [];\r\n\t\t\t\t\tfor(i=0; i < entries && p < X.Sz(); i++) {\r\n\t\t\t\t\t\tvar idsz = idbytes;\r\n\t\t\t\t\t\tif(idsz == 65535) idsz = readaintle(16);\r\n\t\t\t\t\t\t// md = {\"idlen\":idsz, \"idpos\":oldEnd, \"id:\":\"\", \"rposst\":0, \"rposend\":0, \"sz\":-1 }\r\n\t\t\t\t\t\t// var oldEnd = mapdata.length; if(idsz) md[\"id\"] = X.SA(p,idsz);\r\n\t\t\t\t\t\tp += idsz;\r\n\t\t\t\t\t\tif(hasstartpos) /*md[\"rposst\"] =*/ readaintle(64);\r\n\t\t\t\t\t\tif(!fes) { if(hassz) /*md[\"sz\"] =*/ readaintle(64) } //else md[\"sz\"] = fes\r\n\t\t\t\t\t\t// if(md[\"sz\"] >= 0 && !hasstartpos)\r\n\t\t\t\t\t\t// md[\"rposst\"] = !i ? 0 : mapdata[i-1][\"rposst\"] + mapdata[i-1][\"sz\"];\r\n\t\t\t\t\t\tif(hasdesc) { t = readaintle(16); p += t*(twochar ? 2 : 1) }\r\n\t\t\t\t\t\t//mapdata.push(md)\r\n\t\t\t\t\t}\r\n\t\t\t\t} //posmapend = p\r\n\t\t\t}\r\n\t\t\tif(sz < p+4) sz = p+4; if(X.U32(p,_LE) != mptp) bad = bad.addIfNone(\"!badmptptr\");\r\n\t\t} //if 228.mptm\r\n\r\n// Load_it.cpp:1158\r\n\t\tif(mVlsw === \"?\" && cwtv === 0x888) mVlsw = \"1.17.00.00\";\r\n\t\tif(mVlsw != \"?\" && tracker === \"\") {\r\n\t\t\ttracker = \"OpenMPT\";\r\n\t\t\t//not sure how many people care about these but...\r\n\t\t\tisCompatX = (cwtv&0xF000) === 0x5000;\r\n\t\t\tif(mVlsw === \"1.17.00.00\" && sreserved != \"OMPT\") isCompatX = false;\r\n\t\t\tif(isCompatX) tracker += \" (compat. export)\";\r\n\t\t\telse if((mVlsw > \"1.17.02.54\" && mVlsw < \"1.18.02.00\" && mVlsw != \"1.18.00.00\")\r\n\t\t\t || (mVlsw > \"1.18.02.00\" && mVlsw.slice(mVlsw.length-2,mVlsw.length) != \"00\"))\r\n\t\t\t\ttracker += \" (test build)\"\r\n\t\t}\r\n\t\telse {\r\n\t\t\tvar STdv = 734016 + (cwtv === 0x1FFF ? nreserved : cwtv-0x1050);\r\n\t\t\tswitch(cwtv >> 12) {\r\n\t\t\tcase 0:\r\n\t\t\t\tif(isBeroTracker) tracker = \"BeRoTracker\";\r\n\t\t\t\telse if(cwtv === 0x214 && cmwt === 0x200 && flags === 9 && !special\r\n\t\t\t\t && !X.U16(0x3E) && !ins && ptn+1 === ord && gvol === 128 && mvol === 100\r\n\t\t\t\t && spd === 1 && sep === 128 && !pwd && !msglen && !msgofs && !nreserved)\r\n\t\t\t\t\ttracker = \"OpenSPC conversion\";\r\n\t\t\t\telse if(cwtv === 0x214 && cmwt === 0x200 && !X.U16(0x3E) && !nreserved) {\r\n\t\t\t\t\tmVlsw = \"1.00.00.A5\"; tracker = \"ModPlug Tracker 1.00a5\"; interpretModPlugMade = true\r\n\t\t\t\t} else if(cwtv === 0x214 && cmwt === 0x214 && sreserved === \"CHBI\")\r\n\t\t\t\t\ttracker = \"ChibiTracker\";\r\n\t\t\t\telse if(cwtv === 0x214 && cmwt === 0x214 && special <= 1 && !pwd && !nreserved\r\n\t\t\t\t && (flags&0x10A6) === 4 && smp > 1 && X.c(\"'XXXXXXXX.YYY'\",smpp[1]+4))\r\n\t\t\t\t\ttracker = \"CheeseTracker\";\r\n\t\t\t\telse if(!cwtv && tracker === \"\") tracker = \"Unknown\";\r\n\t\t\t\telse if(cmwt < 0x300 && tracker === \"\") {\r\n\t\t\t\t\tif(cmwt > 0x214) tracker = \"Impulse Tracker 2.15\";\r\n\t\t\t\t\telse if(isWithin(cwtv,0x215,0x217))\r\n\t\t\t\t\t\ttracker = 'Impulse Tracker 2.14p'+(cwtv == 0x215? '1-2': cwtv == 0x216? '3': '4-5');\r\n\t\t\t\t\telse tracker = 'Impulse Tracker '+((cwtv&0xF00)>>8)+'.'+(cwtv&0xFF).toString(16).padStart(2);\r\n\t\t\t\t\t//a good place to find the total edit time if you care\r\n\t\t\t\t}\r\n\t\t\t\tbreak;\r\n\t\t\tcase 1:\r\n\t\t\t\t// function SchismEpoch(y,m,d) { var mm = (m+9)%12; var yy = y-mm/10;\r\n\t\t\t\t// return yy*365 + yy/4 - yy/100 + yy/400 + (mm*306+5)/10 + d-1 }\r\n\t\t\t\tvar mk = cwtv & 0xFFF;\r\n\t\t\t\tif(mk <= 0x50) tracker = \"Schism Tracker 0.\"+mk.toString(16);\r\n\t\t\t\telse {\r\n\t\t\t\t\tvar dt = 734016 + (mk < 0xFFF ? mk-0x050 : nreserved);\r\n\t\t\t\t\tvar y = Util.div64(dt*10000+14780, 3652425);\r\n\t\t\t\t\tvar ddd = dt - (365*y + Util.div64(y,4) - Util.div64(y,100) + Util.div64(y,400));\r\n\t\t\t\t\tif(ddd < 0) { y--; ddd = dt - (365*y + Util.div64(y,4) - Util.div64(y,100) + Util.div64(y,400)) }\r\n\t\t\t\t\tvar mi = Util.div64(100*ddd+52, 3060);\r\n\t\t\t\t\ttracker = \"Schism Tracker \"+(y+Util.div64(mi+2,12)).padStart(4,'0')+\"-\"\r\n\t\t\t\t\t\t+((mi+2)%12+1).padStart(2,'0')\r\n\t\t\t\t\t\t+\"-\"+(ddd - Util.div64(mi*306+5,10) + 1).padStart(2,'0')\r\n\t\t\t\t} break;\r\n\t\t\tcase 4: tracker = \"pyIT \"+((cwtv&0xF00)>>8)+\".\"+((cwtv&0xFF).toString(16)); break;\r\n\t\t\tcase 6: tracker = \"BeRoTracker\"; break;\r\n\t\t\tcase 7:\r\n\t\t\t\tif(cwtv === 0x7FFF && cmwt === 0x215) tracker = \"munch.py\";\r\n\t\t\t\telse tracker = \"ITMCK \"+((cwtv>>8)&0xF)+\".\"+((cwtv>>4)&0xF)+\".\"+(cwtv&0xF);\r\n\t\t\t\tbreak;\r\n\t\t\tcase 0xD:\r\n\t\t\t\tif(cwtv == 0xDAEB) tracker = \"spc2it\";\r\n\t\t\t\telse if(cwtv == 0xD1CE) tracker = \"itwriter\";\r\n\t\t\t\telse tracker = \"unknown\";\r\n\t\t\t}\r\n\t\t}\r\n\t} //if isDeepScan\r\n\tif(mVlsw != \"?\") { charset = 'CP1252'; if(mVcw == \"?\") sV = mVlsw; else if(mVcw != mVlsw) sV = \"cw:\"+mVcw+\"/lsw:\"+mVlsw; else sV = mVcw }\r\n\telse { charset = 'CP437'; if(mVcw != \"?\") sV = mVcw }\r\n\tvar badc = 0; for(i=0;i0)if(q < p+hksz && [\"SAMP\",\"INST\"].indexOf(decAnsi(q,4,'CP437')) < 0) _log(\" | ^WTF J2B @\"+Hex(q-hsz)+\"->\"+Hex(q))\r\n\t\t\t\t}\r\n\t\t\t\tbreak\r\n\t\t\t}\r\n\t\t\tp += hksz+align*(hksz&1)\r\n\t\t}\r\n\tif(p > sz || !ok || !ord || !ptn || (!smp && !ins)) return false;\r\n\treturn true\r\n}\r\nif(!bDetected && isJ2B()) {\r\n\tsName = \"Jazz Jackrabbit 2/Galaxy Sound System module (.J2B)\"; sVersion = \"v.\"+(align?\"__\":\"FF\"); bDetected = 1;\r\n\tif(X.isVerbose()) {\r\n\t\tsOptionT(X.SA(0x14,64));\r\n\t\tsOptionT(addEllipsis(insts.join('\\n'),0x100,0xA0),'msg:\"','\"');\r\n\t\tsOption(\"ord:\"+ord+\" loop:\"+loop+\" ptn:\"+mptn+(mptn!=ptn ? \"/\"+ptn : \"\")\r\n\t\t\t+(ins?\" ins:\"+ins:\"\")+(smp?\" smp:\"+smp:\"\")+\" sz:\"+outSz(sz))\r\n\t}\r\n}\r\n\r\n\r\nfunction isRHST() {\r\n\t//from https://gitlab.com/uade-music-player/uade/-/raw/master/amigasrc/players/wanted_team/RobHubbard_ST/src/Rob%20Hubbard%20ST_v2.asm\r\n\t if(!X.c(\"00407F40 00C081C0\") || !X.c(\"41FAFFEE\",0x38)) return false;\r\n\tp = 180; const max = Math.min(0x10000,X.Sz());\r\n\tdo { t = X.U16(p,_BE); p += 2 } while(p < max && t != 0x4E75); //findplay \r\n\tif(p > max) return false;\r\n\tplayp = p;\r\n\tdo { t = X.U16(p,_BE); p += 2 } while(p < max && t != 0xDFFC); //findend\r\n\tif(p > max) return false;\r\n\tp += 4; endp = p;\r\n\tdo { t = X.U16(p,_BE); p += 2 } while(p < max && t != 0x4E75); //findinit\r\n\tif(p > max) return false;\r\n\tdo { t = X.U16(p,_BE); p += 2 } while(p < max && t != 0x7E02); //findIt1\r\n\tif(p > max) return false;\r\n\tsongp = p+X.U16(p+2,_BE)+2;\r\n\td0 = X.U32(songp,_BE)>>2; x = d0/3;\r\n\ta1 = p = songp;\r\n\tfor(d5=0; d0--;) { //find the max ptr\r\n\t\tp = songp+X.U32(a1,_BE); a1 += 4;\r\n\t\twhile(p < max) { t = X.U32(p,_BE); p += 4; if(!t) break; if(t > d5) d5 = t }\r\n\t}\r\n\tsz = songp+d5;\r\n\tdo t = X.U8(sz++); while(t != 0x87);\r\n\treturn true\r\n}\r\nif(!bDetected && isRHST()) {\r\n\tsName = \"Rob Hubbard ST module (.RHO)\"; sVersion = \"v1.1\"; bDetected = 1;\r\n\tif(X.isVerbose()) {\r\n\t\tif(x > 1) sOption(x,\"×\");\t\r\n\t\tsOption(outSz(sz),\"sz:\")\r\n\t}\r\n}\r\n\r\nfunction isASC1() { //basically ASC0 + loop pos\r\n\t//ref https://ay.strangled.net/Ay_Emul30.src.7z/Players.pas -> FoundASC1\r\n\tif(X.Sz() < 9) return false;\r\n\tptntp = X.U16(2,_LE); ord = X.U8(8); //patterns table ptr & num of positions\r\n\tif(ptntp-ord != 9 && ptntp-ord != 72) return false;\r\n\tsmptp = X.U16(4,_LE); if(smptp > X.Sz()) return false; //samples table ptr\r\n\torntp = X.U16(6,_LE); if(orntp > X.Sz()) return false; //ornaments table ptr\r\n\tif(X.U16(smptp,_LE) != 0x40 || X.U16(orntp,_LE) != 0x40) return false;\r\n\tptn = 0; for(i=0; i < ord; i++) { p = X.U8(9+i); if(ptn < p) ptn = p }\r\n\tptn++; if(X.U16(ptntp,_LE) != ptn*6) return false;\r\n\tj = X.U16(orntp+0x40-2,_LE)+orntp;\r\n\twhile((j < X.Sz()) && (j < 65535) && !(X.U8(j)&0x40)) j += 2;\r\n\tbad = '';\r\n\tif(j > 65534 || j >= X.Sz())\r\n\t if(X.isHeuristicScan()) bad = '/malformed!short';\r\n\t else return false;\r\n\tsz = j+2; delay = X.U8(0); loop = X.U8(1);\r\n\treturn true\r\n}\r\nif(!bDetected && isASC1()) {\r\n\tsName = \"A.'Andrew Strikes Code' Sendetskii/Power of Sound's ASC/Advanced Sound Master module (.ASC)\"; sVersion = 'v1.x-2.x'+bad; bDetected = 1;\r\n\t//TODO find out how exactly to credit this one\r\n\tif(X.isVerbose()) {\r\n\t\tpt = X.fSig(8,0x80,\"'ASM COMPILATION OF '\")+0x13;\r\n\t\tif(pt > 8) {\r\n\t\t\tpa = X.fSig(pt+0x13,0x20,\"' BY '\");\r\n\t\t\tsOptionT(X.SA(pt,pa-pt)); sOptionT(X.SA(pa+4,0x14),'by: ')\r\n\t\t}\r\n\t\tsOption('ord:'+ord+' ptn:'+ptn+' delay:'+delay+' loop:'+loop+' sz:'+outSz(sz))\r\n\t}\r\n}\r\n\r\n\r\nfunction isASC0() {\r\n\t//ref https://ay.strangled.net/Ay_Emul30.src.7z/Players.pas -> FoundASC0\r\n\tif(X.Sz() < 8) return false;\r\n\tptntp = X.U16(1,_LE); ord = X.U8(7); //patterns table ptr & num of positions\r\n\tif(ptntp-ord != 8 && ptntp-ord != 71) return false;\r\n\tsmptp = X.U16(3,_LE); if(smptp > X.Sz()) return false; //samples table ptr\r\n\torntp = X.U16(5,_LE); if(orntp > X.Sz()) return false; //ornaments table ptr\r\n\tif(X.U16(smptp,_LE) != 0x40 || X.U16(orntp,_LE) != 0x40) return false;\r\n\tptn = 0; for(i=0; i < ord; i++) { p = X.U8(8+i); if(ptn < p) ptn = p; }\r\n\tptn++; if(X.U16(ptntp,_LE) != ptn*6) return false;\r\n\tj = X.U16(orntp+0x40-2,_LE)+orntp;\r\n\twhile((j < X.Sz()) && (j < 65535) && !(X.U8(j)&0x40)) j += 2;\r\n\tbad = '';\r\n\tif(j > 65534 || j >= X.Sz())\r\n\t\tif(X.isHeuristicScan()) bad = '/malformed!short';\r\n\t\telse return false;\r\n\tsz = j+2; delay = X.U8(0);\r\n\treturn true\r\n}\r\nif(!bDetected && isASC0()) {\r\n\tbDetected = 1; sVersion = 'v0.x'+bad;\r\n\tsName = \"Andrei 'Andrew Strikes Code' Sendetskii/Titus's Advanced Sound Master module (.AS0)\";\r\n\tif(X.isVerbose()) {\r\n\t\tpt = X.fSig(7,0x80,\"'ASM COMPILATION OF '\")+0x13;\r\n\t\tif(pt > 7) {\r\n\t\t\tpa = X.fSig(pt+0x13,0x20,\"' BY '\");\r\n\t\t\tsOptionT(X.SA(pt,pa-pt)); sOptionT(X.SA(pa+4,0x12),'by: ')\r\n\t\t}\r\n\t\tsOption('ord:'+ord+' ptn:'+ptn+' delay:'+delay+' sz:'+outSz(sz))\r\n\t}\r\n}\r\n\r\n\r\nfunction isGlobalTracker() {\r\n//ref https://ay.strangled.net/Ay_Emul30.src.7z/Players.pas -> FoundGTR\r\n\tif(X.Sz() < 296) return;\r\n\tp = 0x29; var adr = X.U16(5), mp = 0, old = X.U16(p-2)-adr, t;\r\n\tfor(i=0; i < 14; i++) { t = X.U16(p)-adr; //sample ptrs check\r\n\t\tif(t-old < 6 || (t-old-2) % 4 || t > X.Sz()) return; p += 2; old = t }\r\n\told = X.U16(p)-adr; p += 2;\r\n\tfor(i=0; i < 15; i++) { t = X.U16(p)-adr; //ornament ptrs check\r\n\t\tif(t-old < 3 || t > X.Sz() || t-old != 2+X.U8(old+1) /* orn. loop end */) return; p += 2; old = t }\r\n\tsz = t+2+X.U8(t+1); //it's always the ornaments that come last, so we'll take the last one\r\n\told = X.U16(p)-adr; p += 2;\r\n\tfor(i=1; i < 32*3; i++) { t = X.U16(p)-adr; //pattern ptrs check\r\n\t\tif(t-old < 3 || t > X.Sz()) return; p += 2; old = t }\r\n\tord = X.U8(p++); lp = X.U8(p++); if(lp > ord) return;\r\n\tfor(i=0; i < ord; i++) if(X.U8(p++) % 6) return; // all positions must be divisible by 6\r\n\tif(X.U16(0x65) != p) return; // start of PatChns; must match the pointer to PatChns[0]\r\n\treturn true\r\n}\r\nif(!bDetected && isGlobalTracker()) {\r\n\tsName = \"Doctor Max/Global Corp.'s' Global Tracker module (.GTR)\"; bDetected = 1;\r\n\tsVersion = 'v'+(X.U8(4)>>4)+'.'+(X.U8(4)&0xF);\r\n\tif(X.isVerbose()) {\r\n\t\tdly = X.U8(0); ptn = X.U8(0x125); lp = X.U8(0x126);\r\n\t\tsOptionT(X.SA(7,0x20));\r\n\t\tsOption('ord:'+(lp>0?lp+'-':'')+ord+' ptn:'+ptn+' delay:'+dly+' sz:'+outSz(sz));\r\n\t}\r\n}\r\n\r\n\r\nfunction isBPSoundMon() {\r\n\t//ref https://github.com/tonioni/WinUAE/blob/master/prowizard/rippers/BP-Soundmonitor.c\r\n\t// & src/BS02-92.S for BPSM version\r\n\tif(X.Sz() < 0x200) return false;\r\n\told = false; bad = \"\";\r\n\tif(!/V\\.\\d/.test(X.SA(0x1A,3)))\r\n\t\tif(X.c(\"'BPSM'\",0x1A)) old = true; else return false;\r\n\tord = X.U16(0x1E,_BE); if(525+ord*16 > X.Sz()) return false;\r\n\tallsmpsz = smp = 0;\r\n\tfor(i=0; i < 15; i++) {\r\n\t\tif(X.U8(0x20+i*0x20) == 0xFF) continue;\r\n\t\tsn = X.readBytes(0x20+i*0x20,0x18); if(charStat(sn,CS_ALL).indexOf('xsc') < 0) return false;\r\n\t\tslen = X.U16(0x20+0x18+i*0x20,_BE)<<1; lp = X.U16(0x3A+i*0x20,_BE);\r\n\t\tlpl = X.U16(0x3A+i*0x20,_BE); svol = X.U16(0x3E+i*0x20,_BE);\r\n\t\tif(lpl > slen || lp-1 > slen || lpl-1 > slen) return false;\r\n\t\tif(svol > 0x60) return false; else if(svol > 0x40) bad = bad.addIfNone(\"!badvol\")\r\n\t\tallsmpsz += slen; if(slen) smp++\r\n\t}\r\n\tsz = 0x200+allsmpsz+ord*0x10;\r\n\tif(!old) sz += X.U8(0x1D)*0x40; //what IS this value?\r\n\tptn = 0;\r\n\tfor(i=0; i < ord*16; i+=4) { p = X.U16(0x200+i,_BE); if(p>ptn) ptn = p }\r\n\tsz += ptn*0x30;\r\n\treturn true\r\n}\r\nif(!bDetected && X.isDeepScan() && isBPSoundMon()) {\r\n\tbDetected = 1;\r\n\tsName = \"Brian Postma's SoundMon module (.BP)\";\r\n\tif(old) sVersion = \"old\"; else sVersion = \"v\"+X.SA(0x1C,1);\r\n\tif(X.Sz() < sz) bad = bad.addIfNone(\"!short\");\r\n\tif(bad != \"\") sVersion = sVersion.appendS(\"malformed\"+bad,'/');\r\n\tif(X.isVerbose()) {\r\n\t\tsOptionT(X.SA(0,0x1A));\r\n\t\tsOption(\"ord:\"+ord+\" ptn:\"+ptn+\" smp:\"+smp+\" sz:\"+outSz(sz));\r\n\t}\r\n}\r\n\r\n\r\nfunction isFuchs() {\r\n\t//ref https://github.com/tonioni/WinUAE/blob/master/prowizard/rippers/FuchsTracker.c\r\n\tif(X.Sz() < 0xC0 || !X.c(\"'SONG'\",0xC0) || !X.c(\"'INST'\",0xC8+X.U32(0xC4,_BE))) return false;\r\n\tallsmpsz = X.U32(0x0A,_BE);\r\n\tif(allsmpsz <= 2 || allsmpsz >= 65535*16) return false;\r\n\tsmpdescs = 0; smp = 0;\r\n\tfor(i=0; i < 16; i++) {\r\n\t\tssz = X.U16(0x0E+i*2,_BE); if(ssz) smp++;\r\n\t\tlpst = X.U16(0x4E+i*2,_BE); if(ssz < lpst) return false;\r\n\t\tif(X.U8(0x2E+i*2) > 0x40) return false; //vol\r\n\t\tsmpdescs += ssz\r\n\t}\r\n\tif(smpdescs <= 2 || smpdescs > allsmpsz) return false;\r\n\tord = X.U8(0x6F); if(!ord || ord > 0x28) return false;\r\n\tptn = 0; //last pattern\r\n\tfor(i=0; i < 0x28; i++) {\r\n\t\tpt = X.U8(0x71+i*2); if(pt > 40) return false; if(pt > ptn) ptn = pt }\r\n\tptn++; k = ptn*1024; if(k+204 > X.Sz()) return false;\r\n\tsz = smpdescs+k+204;\r\n\treturn true\r\n}\r\nif(!bDetected && isFuchs()) {\r\n\tsName = \"Andreas Fuchs's FuchsTracker module (.FUCHS)\";\r\n\tbDetected = 1;\r\n\tif(X.isVerbose()) sOption('ord:'+ord+' ptn:'+ptn+' smp:'+smp+' sz:'+outSz(sz))\r\n}\r\n\r\n\r\nfunction isGMC() {\r\n\t//ref https://github.com/tonioni/WinUAE/blob/master/prowizard/rippers/GMC.c\r\n\t// & https://github.com/OpenMPT/openmpt/blob/master/soundlib/Load_gmc.cpp\r\n\tif(X.Sz() < 444 || !X.c(\"000000\",0xF0)) return;\r\n\t//smp descriptions\r\n\tallsmpsz = 0; j = 0; smps = [];\r\n\tfor(k=p=0; k < 15; k++,p+=0x10) {\r\n\t\to = X.U32(p,_BE); if(o > 0x7FFFFF || (o&1)) return; //ofs\r\n\t\tl = X.U16(p+4,_BE)<<1; //length\r\n\t\tif(l > 0xFFFF) return;\r\n\t\tif(X.U8(p+6)) return; //zero byte\r\n\t\tif(X.U8(p+7) > 0x40) return; //vol\r\n\t\ta = X.U32(p+8,_BE); if(a > 0x7FFFFF || (a&1)) return; //address\r\n\t\tn = X.U16(p+0xC,_BE); //looplen\r\n\t\tif(n > 2 && n > l) return;\r\n\t\tif(X.U16(p+0xE,_BE) & 1) return; //datastart\r\n\t\tallsmpsz += l;\r\n\t\tif(l) smps.push([o,l]);\r\n\t}\r\n\tif(allsmpsz <= 4) return;\r\n\tsmps.sort(function(a,b){return a[0]-b[0]});\r\n\tfor(k=0; k < smps.length-1; k++) if(smps[k][0]+smps[k][1] > smps[k+1][0]) return;\r\n\tord = X.U8(0xF3); //ptn table size\r\n\tif(!isWithin(ord, 1, 0x64)) return;\r\n\tptn = 0; ords = [];\r\n\tfor (i=0; i < 100; i++) { //ptn order table\r\n\t\tp = X.U16(0xF4+i*2,_BE);\r\n\t\tif (p & 0x3FF) return;\r\n\t\tif(i < ord) { p >>= 10; if(p > ptn && p != 63) ptn = p }\r\n\t} ptn++;\r\n\tif(ptn > 64) return;\r\n\tm = notes = badnotes = badled = 0; end = false; p = 0x1BC; nps = [];\r\n\tif(p+ptn*0x400 > Math.min(X.Sz(),0xFFFC)) return;\r\n\tfor (i=0; i < ptn && !end; i++) { //test pattern data\r\n\t\tbadnotes = badled = 0;\r\n\t\tfor (j = 0; j < 256 && !end; j++,p+=4) {\r\n\t\t\td = X.readBytes(p,4);\r\n\t\t\tnp = (d[0]<<8)+d[1];\r\n\t\t\tif(np && np != 0xFFFE)\r\n\t\t\t\tif(isWithin(np, 113,856)) {\r\n\t\t\t\t\tnotes++; if(!nps.includes(np)) nps.push(np);\r\n\t\t\t\t\tif(notes > 100 && !X.isDeepScan()) end = true;\r\n\t\t\t\t}\r\n\t\t\t\telse badnotes++;\r\n\t\t\td[2] &= 0xF;\r\n\t\t\tif(d[2] == 3 && d[3] > 0x40) badnotes++; //vol effect\r\n\t\t\tif(d[2] == 4 && d[3] > 0x63) return;\r\n\t\t\tif(d[2] == 5 && d[3] > ord+1) return;\r\n\t\t}\r\n\tif(badnotes > 16) { if(debug>0)_log(\"GMCFault: over 16 bad notes\"); return}\r\n\t}\r\n\tnps = nps.length;\r\n\tif(!notes) return;\r\n\tif(nps <= 2 && !X.isHeuristicScan()) return; // that's not music...\r\n\tsz = 0x1BC + ptn*0x400 + allsmpsz;\r\n\treturn true\r\n}\r\nif(!bDetected && isGMC()) {\r\n\tbDetected = 1;\r\n\tsName = \"Andreas Tadic's Game Music Creator module (.GMC)\";\r\n\tif(X.isVerbose()) {\r\n\t\tsOption(\"ord:\"+ord+\" ptn:\"+ptn+\" smp:\"+smps.length\r\n\t\t\t+((X.isDeepScan() || notes < 100) ? \" notes:\"+notes+\"(\"+nps+\" diff.)\" : '')\r\n\t\t\t+\" sz:\"+outSz(sz)); if(X.Sz() < sz) sVersion = \"malformed!short\"\r\n\t}\r\n}\r\n\r\n\r\nfunction isMoonBlaster() {\r\n\t//ref https://www.msx.org/wiki/Moonblaster_file_format\r\n\t//TODO check for the sanity of more values passed to MSX-AUDIO, like instr/vol\r\n\tif(X.Sz() < 0x179) return false;\r\n\tord = X.U8(0); ofs = unpsz = 0;\r\n\tif(ord > 220 && ord < 255) return false; //not sure if the manual is right about 220 being the maximum\r\n\tif(ord == 255) { ofs = 1; ord = 200 } //a subformat. Always 200 positions, 01-filled; all offsets are +1\r\n\telse ord++;\r\n\tfor(i=0; i < 0x20; i++) if(X.U8(0xA3+ofs+i) > 0x16) { /*_log('MBM: instr/vol error');*/ return false }\r\n\ttmp0 = X.U8(ofs+0xCD); if(!tmp0) { /*_log('MBM: tempo = 0 error');*/ return false }\r\n\tp = ofs+0x178+ord; ptn = -1; for(i=ofs+0x178; i < p; i++) { t = X.U8(i); if(t > ptn) ptn = t }\r\n\t// Start pattern number is 1, no need to ptn++. Funnily, the manual says patterns start from 0\r\n\tif(ptn < 1) return false;\r\n\tptnp = p+ofs; ptn1 = oldp = X.U16(ptnp);\r\n\tif(ptn1 > X.Sz()) { /*_log('MBM: ptn1 @'+Hex(ptn1)+\">\"+Hex(X.Sz()));*/ return false }\r\n\tfor(i=0; p < X.Sz() && i < ptn; i++) {\r\n\t\tp = X.U16(ptnp+i*2);\r\n\t\tif(!i) unpsz = p; // patterns should start from the current unpsz\r\n\t\tif(p < ptnp+i*2 || p > X.Sz()) {\r\n\t\t\t/*_log('MBM: ptn ptr['+Hex(i)+'] error @'+Hex(ptnp+i*2)+': '+Hex(p));*/ return false }\r\n\t\tif(i && p-oldp > 0x100) { /*_log('MBM: ptn too large @'+Hex(ptnp+i*2));*/ return false }\r\n\t\toldp = p;\r\n\t}\r\n\tif(!ofs) { p = ptnp+i*2;\r\n\t\tif((unpsz != p || p > X.Sz())) { /*_log('MBM: pattern offset error: p='+Hex(p));*/ return false }\r\n\t} else p = ptn1\r\n\t//decruncher: going over all the patterns at once\r\n\twhile(p < X.Sz()) { c = X.U8(p++);\r\n\t\tif(!c) break; else if(c <= 0xF2) unpsz++; else /*decrunching 0's*/ unpsz += c-0xF2;\r\n\t}\r\n\tif(!isWithin(p, 0x178,0x3DC0)) return false;\r\n\tsz = p;\r\n\treturn true\r\n}\r\nif(!bDetected && isMoonBlaster()) {\r\n\t//MUS is \"FST-song\", MBM is song, MBK is drumkit, MBV is voice-e, MBB is voice-b, MBS is samples\r\n\tsName = \"Remco Schrijvers et al.'s MSX MoonBlaster for MoonSound module (.MBM)\";\r\n\tbDetected = 1; if(ofs) sVersion = '200-pos.ver.';\r\n\tdrumkit = X.SA(ofs+0x140,8).trim();\r\n\tif(drumkit != 'NONE') sVersion = sVersion.appendS('+'+drumkit+'.MBK','/');\r\n\tif(X.isVerbose()) {\r\n\t\tsOption(X.SA(ofs+0xCF,40).trim());\r\n\t\tsOption('tempo0:'+tmp0+' ord:'+ord+' ptn:'+ptn+' unpsz:'+unpsz+' sz:'+outSz(sz))\r\n\t}\r\n}\r\n\r\n\r\nfunction isProTracker1_sp() {\r\n\t//PT1's project file\r\n\t//TODO()\r\n}\r\n\r\n\r\nfunction isProTracker1_c() {\r\n\t//ref https://bitbucket.org/zxtune/zxtune/src/develop/src/formats/chiptune/aym/protracker1.cpp\r\n\t// & https://ay.strangled.net/Ay_Emul30.src.7z/Formats.pas -> FoundPT1\r\n\tif(X.Sz() < 0x66) return;\r\n\ttempo = X.U8(0); if(!isWithin(tempo, 2,15)) return; //delay\r\n\tptntp = X.U16(0x43); if(ptntp >= X.Sz()) return; //patterns table pointer\r\n\tnumofpos = X.U8(1);// if(len == 0) return; //numofpositions, can be corrupted?\r\n\tloop = X.U8(2);\r\n\tj = 0; j1 = 65535;\r\n\tfor(i=0; i < 0x10; i++) { //samples pointers\r\n\t\tsp = X.U16(3+i*2); if(sp > X.Sz()) return;\r\n\t\tif(j < sp) j = sp;\r\n\t\top = X.U16(0x23+i*2); if(op > X.Sz()) return;\r\n\t\tif(op && j1 > op) j1 = op\r\n\t}\r\n\tif((j1 < 0x67) || (j < 0x67) || (j > 65534) || (j > X.Sz())\r\n\t || (j + X.U8(j) * 3 + 2 != j1)) return;\r\n\tfor(i=j=0; i < 0x10; i++) { //ornaments pointers\r\n\t\top = X.U16(0x23+i*2,_LE); if(op > X.Sz()) return;\r\n\t\tif(j < op) j = op\r\n\t}\r\n\tif(j < 0x67) return;\r\n\tlen = j+0x40; if(len > 0x10000 || len > X.Sz()+1) return;\r\n\tj = 0x63;\r\n\twhile(j <= ptntp && X.U8(j) < 0xFF) j++;\r\n\tif(j+1 != ptntp) return;\r\n\tord = j-0x63; if(loop > ord) return;\r\n\treturn true\r\n}\r\nif(!bDetected && isProTracker1_c()) {\r\n\tsName = \"Golden Disk ProTracker module (.PT1)\"; sVersion = \"v1.x/compiled\"; bDetected = 1;\r\n\tif(X.isVerbose()) {\r\n\t\tsOptionT(X.SA(0x45,0x1E)); //musicname\r\n\t\tsOption(\"tempo:\"+tempo+\" ord:\"+ord+\" len:\"+len)\r\n\t}\r\n}\r\n\r\n\r\nfunction isProTracker2() {\r\n\t//ref https://bitbucket.org/zxtune/zxtune/src/develop/src/formats/chiptune/aym/protracker2.cpp\r\n\t// & https://ay.strangled.net/Ay_Emul30.src.7z /Players.pas & /Help/html/ay_ru_fmt_pt2.htm\r\n\tif(X.Sz() < 132) return; //the smallest pt2 in all actual collections is 521 bytes long\r\n\ttmp = X.U8(0); if(!isWithin(tmp,2,15)) return;\r\n\tconst maxsz = X.Sz()+X.isHeuristicScan()*0x200;\r\n\tord = X.U8(1); lp = X.U8(2); if(!ord || lp > ord || 0x83+ord > maxsz-2) return;\r\n\tsmp0 = X.U16(3); orn0 = X.U16(0x43); if(orn0-smp0 > maxsz+2 || orn0 < smp0) return;\r\n\tptnp = X.U16(0x63); if(!isWithin(ptnp,0x65,orn0)) return; smp = orn = 0;\r\n\tfor(i=mps=0,p=3; i < 0x20; i++,p+=2) { t = X.U16(p); if(t > mps) mps = t;\r\n\t\tif(t) { smp++; if(!isWithin(t,0x65,maxsz-2)) return }\r\n\t}\r\n\tfor(mp=0; i < 0x30; i++,p+=2) { t = X.U16(p); if(t > mp) mp = t;\r\n\t\tif(t) { orn++; if(orn <= 2 && !isWithin(t,Math.max(mps,orn0),maxsz)) return }\r\n\t\t//just check the first two orns. Ornament records seem to be optional, and,\r\n\t\t//despite the pointers being present, some modules are just cut off early \r\n\t}\r\n\tfor(p=0x83,ptn=i=0; i <= 0xFF; i++,p++) {\r\n\t\tif(p > X.Sz()-2) return; if((o=X.U8(p)) == 0xFF) break; if(o > ptn) ptn = o\r\n\t} ptn++; p++;\r\n\tif(ord != i || ptnp != p) return;\r\n\tfor(rptn=0; p < X.Sz(); rptn++,p+=2) { if(!(t=X.U16(p))) break; else if(!isWithin(t,ptnp+ptn*6,X.Sz())) return }\r\n\tif(rptn != ptn*3) return; sz = mp+2+X.U8(mp);\r\n\treturn true\r\n}\r\nif(!bDetected && isProTracker2()) {\r\n\tsName = \"Golden Disk ProTracker module (.PT2)\"; sVersion = 'v2.x'; bDetected = 1;\r\n\tif(X.isVerbose()) {\r\n\t\tnc = charStat(t=X.readBytes(0x65,0x1E), 1);\r\n\t\tif(nc.indexOf('allxsc') >= 0) sOptionT(decEncoding(t,CPSpeccy)); else sOption('');\r\n\t\tsOption('tmp:'+tmp+' ord:'+(lp?lp+'-':'')+ord+' ptn:'+ptn+' smp:'+smp+' orn:'+orn+' sz:'+outSz(sz))\r\n\t}\r\n}\r\n\r\n\r\nfunction isProTracker3(ofs) { //PT3's detection but sanity checks because SOME people -_-\r\n\t//ref https://bitbucket.org/zxtune/zxtune/src/develop/src/formats/chiptune/aym/protracker3_compiled.cpp\r\n\t// & https://ay.strangled.net/Ay_Emul30.src.7z /Help/html/ay_ru_fmt_pt3.htm\r\n\t// & https://bitbucket.org/zxtune/zxtune/src/develop/src/formats/chiptune/aym/turbosound.cpp\r\n\tif(X.Sz()-ofs < 0xCA) return; p = 0; var maxsz = Math.min(65535,X.Sz()+X.isHeuristicScan()*0x200);\r\n\tvar smps=[], orns=[], trks=[], ptns=[]; bad = '';\r\n\tfunction re(msg) { if(debug>1)_l2r('pt3',p,msg); return }\r\n\tttn = X.U8(ofs+0x63); if(ttn > 4) if(X.isHeuristicScan()) bad = bad.addIfNone('!badtuning'); else return;\r\n\ttmp0 = X.U8(ofs+0x64); if(!tmp0) return;\r\n\tord = X.U8(ofs+0x65); ptnp = ofs+0xCA+ord;\r\n\tif(ptnp != X.U16(ofs+0x67)+ofs || ptnp > X.Sz()-2) return re('!badptnp+'+Hex(ptnp));\r\n\tlp = X.U8(ofs+0x66); if(lp > ord-1) return re('!badlp');\r\n\torn = smp = mp = 0; if(!ofs) ptnp0 = ptnp;\r\n\tfor(p=ofs+0x69; p < ofs+0xA9; p+=2) if(X.U16(p)) smp++; for(; p < ofs+0xC9; p+=2) if(X.U16(p)) orn++;\r\n\tfor(ptn=i=0,p=ofs+0xC9; i <= 0xFF; i++) { if((o=X.U8(p++)) == 0xFF) break; if(o%3) return;\r\n\t\tif(ptns.indexOf(o/3) < 0) ptns.push(o/3); if(o/3 > ptn) ptn = o/3 }\r\n\tptn++; if(!i || i != ord) return re('!realord:'+i+' != ord:'+ord);\r\n\tt = X.readBytes(ofs,10); tracker = '';\r\n\tif(charStat(t,1).indexOf('allasc') >= 0) { t = decEncoding(t,CPSpeccy);\r\n\t\tif(t == 'ProTracker') { tracker = 'Pro Tracker'; sv = 'v'+X.SA(ofs+0xB,4).trim(); nv = X.U8(ofs+0xD)-0x30 }\r\n\t\telse if(t == 'Vortex Tra') { tracker = 'Vortex Tracker ]['; sv = 'v'+X.SA(ofs+0x12,4).trim(); nv = 7 }\r\n\t\telse { tracker = '\"'+X.SA(ofs,14)+'\"'; sv = 'v3.x'; nv = 7 }\r\n\t} else { tracker = 'hacked Pro Tracker'; sv = 'v3.x'; nv = 7 }\r\n\t//track parser\r\n\tfunction isTrkIn(tracks,track) {\r\n\t\tfor(var i=0; i < tracks.length; i++) if(tracks[i][0] == track[0]) return true; return }\r\n\tfor(i=notes=0; i < ptn*3 && p < maxsz; i++,p+=2) {\r\n\t\t// echo track addresses, pertinent to debugging:\r\n\t\t// 6F3, 719, 745...\r\n\t\tif(!isWithin(t=X.U16(p)+ofs, p,maxsz)) return re('!badptnp2:'+Hex(t));\r\n\t\tif(ptns.indexOf(Util.divu64(i,3)) < 0) continue;\r\n\t\ttrk = [t,0]; if(isTrkIn(trks,trk)) continue;\r\n\t\tvar lines = 0, eot = false;\r\n\t\ttrkparse: while(!eot && lines < 256 && t < maxsz) {\r\n\t\t\teol = false; z = 0; // counter of all effect parameters\r\n\t\t\twhile(!eol && t < X.Sz()) {\r\n\t\t\t\tif((x=X.U8(t++)) == 0) eol = eot = true;\r\n\t\t\t\telse if(x == 1 || x == 8) z += 3; else if(x == 2) z += 5; else if([3,4,6,9].indexOf(x) >= 0) z++;\r\n\t\t\t\telse if(x == 5) z += 2; else if(x == 7) bad = bad.addIfNone('!badcmd07h');\r\n\t\t\t\telse if(x == 0x10) { x = X.U8(t++); y = X.U16(0x69+x)+ofs; if(smps.indexOf(x) < 0) {\r\n\t\t\t\t\tif(y > ofs && !isWithin(y, ptnp,maxsz)) bad = bad.addIfNone('!badsmp'); smps.push(x) } }\r\n\t\t\t\telse if(x < 0x20) { t += 2; x = X.U8(t++); y = X.U16(0x69+x)+ofs; if(smps.indexOf(x) < 0) {\r\n\t\t\t\t\tif(y > ofs && !isWithin(y, ptnp,maxsz)) bad = bad.addIfNone('!badsmp'); smps.push(x) } }\r\n\t\t\t\telse if(x < 0x40) { /* could check if this isn't channel B but may be too much */ }\r\n\t\t\t\telse if(x < 0x50) { x &= 0xF; if(orns.indexOf(x) < 0) { orns.push(x); if(mp < (y=X.U16(ofs+0xA9+x*2)+ofs)) mp = y } }\r\n\t\t\t\telse if(x < 0xB0) { notes++; eol = true } else if(x == 0xB0) { /*envoff*/ }\r\n\t\t\t\telse if(x == 0xB1) { lines += X.U8(t++) } else if(x < 0xC0) t += 2; else if(x == 0xC0) eol = true;\r\n\t\t\t\telse if(x < 0xD0) { /*setvol*/ } else if(x == 0xD0) eol = true;\r\n\t\t\t\telse if(x < 0xF0) { x = (x&0x1F)<<1; y = X.U16(ofs+0x69+x)+ofs; if(smps.indexOf(x) < 0) {\r\n\t\t\t\t\tif(y > ofs && !isWithin(y, ptnp,maxsz)) bad = bad.addIfNone('!badsmp1'); smps.push(x) } }\r\n\t\t\t\telse { x &= 0xF; if(orns.indexOf(x) < 0) { orns.push(x); if(mp < (y=X.U16(ofs+0xA9+x*2))) mp = y }\r\n\t\t\t\t\tx = X.U8(t++); y = X.U16(ofs+0x69+x)+ofs; if(smps.indexOf(x) < 0) {\r\n\t\t\t\t\t\tif(y > ofs && !isWithin(y, ptnp,maxsz)) bad = bad.addIfNone('!badsmp2'); smps.push(x) } }\r\n\t\t\t}\r\n\t\t\tlines++; t += z; z = 0; if(lines > 256) if (!X.isHeuristicScan()) return re('!badlines'); else bad = bad.addIfNone('!badlns')\r\n\t\t}//trkparse\r\n\t\ttrk[1] = t-trk[0]; if(!isTrkIn(trks,trk)) trks.push(trk); if(mp < t) mp = t\r\n\t}//all tracks parsed\r\n//\tfunction tupleSort(lst) { function sf(a, b) { if(a[0] != b[0]) return a[0]-b[0]; else return a[1]-b[1] } return lst.sort(sf) }\r\n//_l2r('pt3',0,outArray(tupleSort(trks),16)+'::: '+outArray(findGaps(trks,0),16)+' :: '+outArray(findIntersections(trks,true),16))\r\n\tif(t=findIntersections(trks,true).length) if(!X.isHeuristicScan() || t > 5) return re('trackxsections');\r\n\t\telse bad = bad.addIfNone('!trkxsec'); //so there are some broken files, like echo.pt3 (5753 bytes)\r\n\tif(t=findGaps(trks,0).length) if(!X.isHeuristicScan() || t > 5) return re('trackgaps');\r\n\t\telse bad = bad.addIfNone('!trkgap'); //tracks are monolithic BUT SOME PEOPLE\r\n\trsmp = smps.length; rorn = orns.length; rptn = ptns.length; if(!rptn || rsmp > 32) return re('!rptn='+rptn+',rsmp='+rsmp);\r\n\tif(X.fStr(\"compilation of\",10,20) < 0 && !rsmp) return re('!nosmp');\r\n\tsz = mp+2+X.U8(mp+1); //ornaments! either at the last orn ptr, or just straight after the patterns\r\n\treturn true\r\n}\r\nif(!bDetected && isProTracker3(0)) {\r\n\tsName = \"Golden Disk ProTracker module (.PT3)\"; sVersion = sv; bDetected = 1;\r\n\ttsmode = nv >= 5 && (X.U8(0x62) != 0x20 || X.c(\"'Vortex Tra'\",sz) || X.c(\"'ProTracker 3'\",sz));\r\n\tif(X.isVerbose()) info1 = 'tmp0:'+tmp0+' ord:'+(lp?lp+'-':'')+ord\r\n\t\t\t+' ptn:'+(rptn!=ptn?rptn+'/':'')+ptn+' smp:'+(rsmp!=smp?smp+'/':'')+rsmp\r\n\t\t\t+' orn:'+(rorn!=orn?rorn+'/':'')+orn+' notes:'+notes;\r\n\tsz1 = sz; ord1 = ord; tmp1 = tmp0;\r\n\tif(tsmode) if(!isProTracker3(sz) || ord1 != ord || tmp1 != tmp0) tsmode = false;\r\n\tif(tsmode) { //TurboSound container? check the footer, should be nearby (or isn't a footer)\r\n\t\tif((t=X.fSig(sz,0x200,\"'02TS'\")) > sz) if(X.SA(t-6,4) === X.SA(t-12,4)) if(sz1 == X.U16(t-8,_LE)) {\r\n\t\t\tsVersion += '[TurboSound:'+X.SA(t-6,4)+']'; sz = t+4;\r\n\t\t}\r\n\t\telse if(nv >= 7) sVersion += '/TurboSound'; else bad = bad.addIfNone('badTSver')\r\n\t}\r\n\tif(bad.length) sVersion = sVersion.appendS('malformed'+bad,'/');\r\n\tif(X.isVerbose()) {\r\n\t\tif(X.c(\"'by \",0x3F)) { sOptionT(decAnsi(0x1E,0x20,CPSpeccy)); sOptionT(decAnsi(0x42,0x20,CPSpeccy),'by: ') }\r\n\t\tsOptionT(tracker,'in: ');\r\n\t\tswitch(ttn) {\r\n\t\t\tcase 0: sOption('tuning 0: 1625000Hz PT3.3'); break;\r\n\t\t\tcase 1: sOption('tuning 1: Sound Tracker'); break;\r\n\t\t\tcase 2: sOption('tuning 2: ASM/PSC 1.75MHz'); break;\r\n\t\t\tcase 3: sOption('tuning 3: RS 1625000Hz'); break;\r\n\t\t\tcase 4: sOption(\"tuning 4: Ivan Roshchin's Natural Cmaj/Am\"); break;\r\n\t\t\tdefault: sOption('tuning '+ttn+'/custom')\r\n\t\t}\r\n\t\tsOption((tsmode?'chip#1: ':'')+info1);\r\n\t\tif(tsmode) {\r\n\t\t\tsOption('chip#2: ptn:'+(rptn!=ptn?rptn+'/':'')+ptn+' smp:'+(rsmp!=smp?smp+'/':'')+rsmp\r\n\t\t\t+' orn:'+(rorn!=orn?rorn+'/':'')+orn+' notes:'+notes);\r\n\t\t}\r\n\t\tsOption(outSz(sz),'sz:')\r\n\t}\r\n}\r\n\r\n\r\nfunction isProSoundCreator_c(v14/*must take 0 or 1*/) {\r\n\t//from https://ay.strangled.net/Ay_Emul30.src.7z /Players.pas → FoundPSC\r\n\tswitch(v14) { case 1: sv = 'v1.04+'; break; case 0: sv = 'v1.00~3'; break; default: return }\r\n\tconst max = Math.min(X.Sz(),0x10000); if(max < 0x4E) return;\r\n\tvar sap = X.U16(0x45), ordp = X.U16(0x47), ornp = X.U16(0x4A); //sample pointer table begins from 4Ch\r\n\tif(!isWithin(sap, 0x4E,max) || !isWithin(ordp, 0x4E,max-11)\r\n\t\t|| !isWithin(ornp, 0x4E,Math.min(max,0x8C)) || ornp % 2) return;\r\n\tvar o0 = X.U16(ornp)+v14*ornp, s0 = X.U16(0x4C)+v14*0x4C, t = X.U16(ornp-2)+v14*0x4C;\r\n\tif(s0 > Math.min(ornp+0x40,X.Sz()-5) || o0 >= max || t >= max || o0-t < 8 || (o0-t) % 6 != 2) return;\r\n\tfor(p=s0+4,smp=0; p < max && (X.U8(p) & 0x20); p += 6) smp++;\r\n\tif(p > 0xFFFE || p > X.Sz()) return;\r\n\tif(ornp-0x4C-2 > 0) { if(p+3 != X.U16(0x4E)+v14*0x4C) return } else if(p+4 != o0) return;\r\n\tp = ordp+1; if(X.U8(p) == 0xFF) return;\r\n\tfor(ord=ptn=0; p+3 < max;) {\r\n\t\tif(!isInside(X.U16(p+1), o0,ordp) || !isInside(X.U16(p+3), o0,ordp) || !isInside(X.U16(p+5), o0,ordp)) return;\r\n\t\tp += 8; ord++;\r\n\t\tif(X.U8(p) == 0xFF) { if(X.U8(p-1) >= ord) return; lp = X.U8(p-1); break }\r\n\t\telse ptn = Math.max(ptn,X.U8(p-1)+1)\r\n\t}\r\n\tsz = p+3; dly = X.U8(0x49);\r\n\tftitle = charStat(X.readBytes(0,0x18),true).indexOf('allasc') >= 0;\r\n\tfby = charStat(X.readBytes(0x2E,0x17),true).indexOf('allasc') >= 0;\r\n\treturn true\r\n}\r\nif(!bDetected && (isProSoundCreator_c(1) || isProSoundCreator_c(0))) {\r\n\t\tsName = \"Viktor 'KVA' Kuźmin's Pro Sound Creator module (.PSC)\"; //Виктор Кузьмин\r\n\t\tsVersion = sv+'/compiled'; bDetected = 1;\r\n\t\tif(X.isVerbose()) {\r\n\t\t\tif(ftitle) sOptionT(decAnsi(0x19,0x14,CPSpeccy,false,Chars0to1FSpeccy));\r\n\t\t\tif(fby) sOptionT(decAnsi(0x31,0x14,CPSpeccy,false,Chars0to1FSpeccy),\"by: \");\r\n\t\t\tsOption('ord:'+(lp>0?'('+lp+'-)':'')+ord+' ptn:'+ptn+' smp:'+smp+' sz:'+outSz(sz))\r\n\t\t}\r\n\t}\r\n\r\n\r\nfunction isFTC() {\r\n\t//from https://ay.strangled.net/Ay_Emul30.src.7z /Players.pas → FoundFTC\r\n\t//if(X.c(\"'Module: '\") && X.c(\"';Fast Tracker v1.00'\", 0x32)) // we KNOW someone broke this in their music\r\n\tif(X.Sz() < 0xD7) return; const max = Math.min(0x10000,X.Sz());\r\n\tswitch(X.U8(0x32)) { case 0x3B: notet = 0; break; case 1: notet = 1; case 2: notet = 2; default: return }\r\n\tif((ptnp=X.U16(0x4B)) >= X.Sz()) return false;\tif(X.U16(0x92) <= X.U16(0x52)) return false;\r\n\tfor(p=0xD4,ptn=0; p < 0x1D4 && p < X.Sz() && X.U8(p) < 0x80; p += 2, ord++) ptn = Math.max(ptn,X.U8(p)+1);\r\n\tlp = X.U8(0x46); if(p >= 0x1D4 || lp > ord) return;\r\n\tvar ofs = X.U16(ptnp) - (ptn*6 + ptnp+2); if(ofs < 0) return;\r\n\tif(X.U16(0x52)-ofs >= X.Sz() || ptnp >= X.U16(0x52)-ofs || X.U16(0x92)-ofs >= X.Sz()) return;\r\n\tvar ornpm = 0xFFFF, ornpM = 0, msmpp = 0;\r\n\tfor(p=0x52; p < 0x92; p+=2) msmpp = Math.max(msmpp,X.U16(p));\r\n\tfor(; p < 0xD4; p+=2) { ornpm = Math.min(ornpm,X.U16(p)); ornpM = Math.max(ornpM,X.U16(p)) }\r\n\tif(msmpp-ofs >= Math.min(65534,X.Sz()) || ornpm-ofs >= max || ornpM-ofs >= max\r\n\t || msmpp <= ptnp || msmpp+3+(X.U8(msmpp-ofs+2)+1)*5 != ornpm) return;\r\n\tsz = msmpp+3+(X.U8(msmpp-ofs+2)+1)*2-ofs;\r\n\tif(sz < ptnp) return false;\r\n\treturn true\r\n}\r\nif(!bDetected && isFTC()){\r\n\tsName = \"S.'Orion' Matveev & A.'Sand' Plużnikov's Fast Tracker module (.FTС)\";\r\n\t//Сергей Матвеев & Александр Плужников\r\n\tbDetected = 1;\r\n\tif(X.isVerbose()) {\r\n\t\tsOptionT(X.SA(8,0x2A));\r\n\t\tsOption('ord:'+(lp>0?'('+lp+'-)':'')+ord+' ptn:'+ptn+(ofs?' ofs:'+Hex(ofs):'')+' sz:'+outSz(sz))\r\n\t}\r\n}\r\n\r\nfunction isSoundTrackerProF() {\r\n\t//ref https://bitbucket.org/zxtune/zxtune/src/develop/src/formats/chiptune/aym/soundtracker.cpp\r\n\t// & https://ay.strangled.net/STPDocs.7z -> Xplay79f.txt\r\n\tif(X.Sz() < 3009+576) return false; //header + patterns\r\n\tfor(p=smp=0; smp < 15; smp++) {\r\n\t\tfor(i=0; i < 32; i++) if(X.U8(p++) > 0x0F) return false; //levels\r\n\t\tfor(i=0; i < 32; i++) if(X.U8(p++) & 0x20) return false; //noises\r\n\t\tfor(i=0; i < 32; i++) { p++; if(X.U8(p++) > 0x1F) return false } //additions\r\n\t\tfor(i=0; i < 2; i++) if(X.U8(p++) > 0x1F) return false; //loops\r\n\t}\r\n\tfor(i=0; i < 0x100; i++) { if(!isWithin(X.U8(p),1,0x20)) return false; p += 2 } //positions\r\n\t// at this point, p should be 15*0x82\r\n\tif(X.U8(p++) & 0x80) return false;\r\n\tp += 32*17; //ornaments\r\n\tdly=X.U8(p++); if(!isWithin(dly,1,0xF)) return false;\r\n\tpts=X.U8(p); if(!isWithin(pts,1,0x40)) return false;\r\n\treturn true;\r\n}\r\nif(!bDetected && isSoundTrackerProF()) {\r\n\tsName = \"Stanislav 'KSA' Kuzin's Sound Tracker Pro module (.STF,.F)\";\r\n\tsVersion = \"uncompiled/packed\"; bDetected = 1;\r\n\tif(X.isVerbose()) {\r\n\t\tsOption('dly:'+dly+' pts:'+pts)\r\n\t}\r\n}\r\n\r\n\r\nfunction isSoundTrackerPro() {\r\n\t//from https://ay.strangled.net/STPDocs.7z -> stp.txt\r\n\ttmp = X.U8(0); if(!isWithin(tmp,1,50)) return;\r\n\tconst max = X.Sz()-2;\r\n\tvar ordtp = X.U16(1,_LE); ord = X.U8(ordtp); lp = X.U8(ordtp+1); //ord, loop, orderlist and ptn transpose\r\n\tif(!isWithin(ordtp,10,max) || lp > ord || !ord) return;\r\n\tvar ptntp = X.U16(3,_LE); if(!isWithin(ptntp,ordtp+2+ord*2,max)) return; //pattern offsets\r\n\tvar orntp = X.U16(5,_LE); if(!isWithin(orntp,10,max)) return; //ornament offsets\r\n\tvar smptp = X.U16(7,_LE); if(!isWithin(smptp,10,max)) return; //sample offsets\r\n\tsz = smptp+30; if(sz > X.Sz()) return; var ptnp = [], smpp = [];\r\n\tfor(i=0; i < ord; i++)\r\n\t\tif(X.U8(ordtp+2+i*2)%6 || !isWithin(t=X.U16(ptntp+i*2,_LE),10,max)) return false; else if(ptnp.indexOf(t) < 0) ptnp.push(t)\r\n\tfor(i=0; i < 15; i++)\r\n\t\tif(!isWithin(t=X.U16(smptp+i*2),10,max)) return; else if(smpp.indexOf(t) < 0) smpp.push(t);\r\n\tptn = ptnp.length; smp = smpp.length; if(!ptn) return;\r\n\treturn true;\r\n}\r\nif(!bDetected && isSoundTrackerPro()) {\r\n\tsName = \"Stanislav 'KSA' Kuzin's Sound Tracker Pro module (.STP)\"; sVersion = \"compiled\"; bDetected = 1;\r\n\tif(X.isVerbose()) {\r\n\t\tif(X.c(\"'KSA SOFTWARE COMPILATION OF '\",10)) sOptionT(X.SC(0x26,0x19,'CP1251'));\r\n\t\tsOption('tmp:'+tmp+' ord:'+(lp?lp+'-':'')+ord+' ptn:'+ptn+' smp:'+smp+' sz:'+outSz(sz))\r\n\t}\r\n}\r\n\r\n\r\nfunction isSQTracker() {\r\n\t//ref https://ay.strangled.net/Ay_Emul30.src.7z/Players.pas -> FoundSQT\r\n\tif(X.Sz() < 17) return false;\r\n\tsz = X.U16(0); if(X.Sz() < sz) return false;\r\n\tsmptp = X.U16(2); if(smptp < 10) return false; //samples table ptr\r\n\torntp = X.U16(4); ptntp = X.U16(6); //ornaments & patterns table ptrs\r\n\tpostp = X.U16(8); lpp = X.U16(0xA); //positions table ptr & loop ptr\r\n\tif(orntp <= smptp+1) return false; if(ptntp < orntp) return false;\r\n\tif(postp <= ptntp) return false; if(lpp < postp) return false;\r\n\tmembase = smptp-10; //to eventually realign to file, not memory\r\n\tif(lpp-membase >= sz) return false;\r\n\ti = postp-membase; b = X.U8(i); if(!b) return false; //can't have 0 patterns\r\n\tord = 0; ptn = 0;\r\n\twhile(b) { //find the highest pattern #\r\n\t\tif(i+7 >= sz) return false;\r\n\t\tord++;\r\n\t\tif(ptn < (t = b&0x7F)) ptn = t; i += 2; b = X.U8(i);\r\n\t\tif(ptn < (t = b&0x7F)) ptn = t; i += 2; b = X.U8(i);\r\n\t\tif(ptn < (t = b&0x7F)) ptn = t; i += 3; b = X.U8(i)\r\n\t} ptn++;\r\n\tp = X.U16(smptp-membase+2);\r\n\tif(p-ptntp != ptn*2) return false;\r\n\tp = 12; len = i+7;\r\n\tif(len != sz) return false;\r\n\tt = X.U16(12);\r\n\tfor(i = 1; i <= (orntp-smptp)>>1; i++) {\r\n\t\tp += 2; j3 = X.U16(p);\r\n\t\tif(j3-t != 0x62 && (sz != 1337 || ord != 10 || ptn != 11)) return false;\r\n\t\tt = j3;\r\n\t}\r\n\tfor(i = 1; i <= (ptntp-orntp)>>1; i++) {\r\n\t\tp += 2; j3 = X.U16(p);\r\n\t\tif(j3-t != 0x22) return false;\r\n\t\tt = j3;\r\n\t}\r\n\r\n\treturn true;\r\n}\r\nif(!bDetected && isSQTracker()) {\r\n\tsName = \"Jiří 'George' Koudelka's Scalex Qjeta Tracker module (.SQT)\"; sVersion = \"compiled\"; bDetected = 1;\r\n\tsOption('ord:'+ord+' ptn:'+ptn+' sz:'+outSz(sz))\r\n}\r\n\r\n\r\nfunction isSTC() {\r\n\t//ref https://ay.strangled.net/Ay_Emul30.src.7z/Players.pas -> FoundST\r\n\tif(X.Sz() < 6) return false;\r\n\ttempo = X.U8(0); if(tempo == 0 || tempo > 0x20) return false; //delay\r\n\tpostp = X.U16(1,_LE); if(postp<0x7E || postp>X.Sz()) return false; //positions ptr\r\n\torntp = X.U16(3,_LE); if(orntp<0x7E || orntp>X.Sz()) return false; //ornaments ptr\r\n\tptntp = X.U16(5,_LE); if(ptntp<0x7E || ptntp>X.Sz()) return false; //patterns ptr\r\n\tord = X.U8(postp)+1;\r\n\tj2 = ptntp - orntp; if(j2 == 0) return false; //j2<0: ST, >0: S_SONIC\r\n\tfID = false;\r\n\tif(j2 > 0) { if((j2%0x21) > 0) return false; }\r\n\telse if((j2%0x21) > 0) {\r\n\t\tif((j1<55) || (((j1-55)%0x21) > 0)) return false;\r\n\t\tfID = true; //we'll check for a preset ID at the end\r\n\t}\r\n\tj = X.U8(postp)*2+3;\r\n\tif(j2 < 0) { if(j+j2 != 0) return false; }\r\n\telse if(j+postp-orntp != 0) {\r\n\t\tif((ptntp < 82) || (j+postp-ptntp+55 != 0)) return false;\r\n\t\tfID = true;\r\n\t}\r\n\tj = orntp+0x21;\r\n\tif(j > 65535 || j > X.Sz()) return false;\r\n\twhile(j) { j--; if(X.U8(j) > 0) return false; if(j == orntp) break }\r\n\tj = ptntp; j1 = 0; j2 = 0; ptn = 0;\r\n\twhile((j+6 <= X.Sz()) && (j+6 < 65536) && (X.U8(j) < 0xFF)) {\r\n\t\t//find the highest channel data pointer\r\n\t\tj++; //ptn #\r\n\t\tj2 = X.U16(j,_LE); if(j1 < j2) j1 = j2; j += 2; //channel A data ofs\r\n\t\tj2 = X.U16(j,_LE); if(j1 < j2) j1 = j2; j += 2; //ditto B\r\n\t\tj2 = X.U16(j,_LE); if(j1 < j2) j1 = j2; j += 2; //ditto C\r\n\t\tptn++\r\n\t}\r\n\tif((X.U8(j) < 0xFF) ) return false;\r\n\tif(j1 > X.Sz()) return false;\r\n\tif(X.U8(j1-1) < 0xFF) return false;\r\n\tbad = 0; //some modules are a bit more broken! Like \"- unknown/ay5.stc\" which lost some of its final bytes\r\n\twhile(1) { //scan through the channel data at the end of file\r\n\t\tif(0x83 <= X.U8(j1) <= 0x8E) j1++; //I don't get what this does, no docs either\r\n\t\tj1++;\r\n\t\tif(j1 > 65535) return false;\r\n\t\tif(j1 > X.Sz())\r\n\t\t\tif(X.isHeuristicScan()) { bad = 1; break }\r\n\t\t\telse return false;\r\n\t\tif((X.U8(j1) == 0xFF) || (j1 == X.Sz())) break\r\n\t}\r\n\tif(X.U8(j1) == 0xFF) len = j1+1; else len = X.Sz();\r\n\t// len = X.U16(0x19,_LE); // because ~somebody~ used it for names\r\n\tif(fID)\r\n\t if( (X.SA(ptntp-55,29) != 'SOUND TRACKER COMPILATION OF ') &&\r\n\t\t(X.SA(ptntp-55,28) != 'KSA SOFTWARE COMPILATION OF ') ) return false;\r\n\r\n\treturn true;\r\n}\r\nif(!bDetected && X.isDeepScan() && isSTC()) {\r\n\tsName = \"Jarosław 'BZYK' Burczyński's Sound Tracker module (.STC,.ZXS)\"; sVersion = \"v1.x\"; bDetected = 1;\r\n\tif(bad) sVersion += \"/malformed\"+bad;\r\n\tsz = X.U16(0x19,_LE); i_d = X.SA(7,18);\r\n\tif(['SONG BY ST COMPILE','SONG BY MB COMPILE','SONG BY ST-COMPILE',\r\n\t 'SOUND TRACKER v1.1','S.T.FULL EDITION ','SOUND TRACKER v1.3'].indexOf(i_d) >= 0)\r\n\t\tmsg = '';\r\n\telse\r\n\t\tmsg = i_d;\r\n\tif(sz != X.Sz()) { //the message must've hit the size field, HAPPENS\r\n\t\tsz = len;\r\n\t\tif(X.isVerbose()) sOption(\"ord:\"+ord+\" ptn:\"+ptn);\r\n\t\tif(32 <= (sz&0xFF) <= 0x7F) {\r\n\t\t\tmsg += String.fromCharCode(sz&0xFF);\r\n\t\t\tif(32 <= (sz>>8) <= 0x7F) msg += String.fromCharCode(sz>>8)\r\n\t\t}\r\n\t}\r\n\tif(X.isVerbose()) { sOptionT(msg,\"msg: \"); sOption('ord:'+ord+' ptn:'+ptn+' sz:'+outSz(sz)) }\r\n}\r\n\r\n\r\nfunction isST3() {\r\n\t//ref https://ay.strangled.net/Ay_Emul30.src.7z/Players.pas -> FoundST3\r\n\tif(X.Sz() < 8) return;\r\n\torntp = X.U16(5); if(orntp > X.Sz()-6) return; //ST3 ornaments/STC patterns table ptr\r\n\tptntp = X.U16(7); //ST3 patterns table ptr\r\n\tj1 = ptntp-orntp; if(j1 <= 0) return;\r\n\tsmptp = X.U16(3); //samples table ptr\r\n\tj2 = orntp-smptp; if(j2 <= 0) return;\r\n\tordp = X.U16(1); //orderlist ptr\r\n\tj3 = smptp-ordp; if(j3 > X.Sz()) return;\r\n\tj4 = ordp-9; if(j4 <= 0) return;\r\n\tif(j4 % 130) {\r\n\t\tif(j4 < 55 || (j4-55) % 130) return;\r\n\t\tfID = true\r\n\t} else fID = false;\r\n\tsmp = X.U8(smptp); if(!isWithin(smp, 1,16)) return; // smp # , j5\r\n\tp = smp*130 + 9 + (fID? 55: 0);\r\n\tif(ordp != p) return;\r\n\tord = X.U8(p); if(!ord) return; //pos # , j6\r\n\r\n\tfor(i=0,ptn=0; i < ord; i++) ptn = Math.max(ptn+1,X.U8(p+1+i*2))\r\n\tp += ord*2+1; if(smptp != p && smptp != p+2) return;\r\n\torn = X.U8(orntp); if(!orn || orn > 16) return; // orn # , j7\r\n\tp = smptp+smp*2+1+orn*32; if(orntp != p) return;\r\n\tp += orn*2+1; if(X.U16(ptntp) != p) return;\r\n\tbase = X.U16(smptp+1)-9;\r\n\tif(fID) base -= 55; if(base < 0) return;\r\n\tp = X.U16(orntp+1)-base;\r\n\tif(p != smptp+smp*2+1) return;\r\n\tfor(i=p; i < p+32; i++) if(X.U8(i)) return;\r\n\tj8 = -1; p = ordp+2;\r\n\tfor(i=0; i < ord; i++) {\r\n\t\tb = X.U8(p); if(b % 6) return;\r\n\t\tif(j8 < b) j8 = b; p += 2\r\n\t}\r\n\tbad = '';\r\n\tsz = ptntp+j8+6; if(sz-1 > X.Sz()) bad = bad.addIfNone('!short');\r\n\tif(base+p > 65536) return;\r\n\treturn true;\r\n}\r\nif(!bDetected && X.isDeepScan() && isST3()) {\r\n\tsName = \"S.T. Music's Recompiler v2 rebuilt STC module (.ST3)\"; sVersion = \"v3.0\"; bDetected = 1;\r\n\tif(bad && !X.isVerbose()) sVersion += \"/malformed\"+bad;\r\n\tif(X.isVerbose()) {\r\n\t\tif(fID) {\r\n\t\t\tsOptionT(decAnsi(9,55,CPSpeccy,false,Chars0to1FSpeccy));\r\n\t\t\tif(!X.c(\"'KSA SOFTWARE COMPILATION OF '\",9)) sOption(X.SA(9,28),'in: ');\r\n\t\t}\r\n\t\tsOption('ord:'+ord+' ptn:'+ptn+' smp:'+smp+' delay:'+X.U8(0)+\" @\"+Hex(base)+\" sz:\"+outSz(sz));\r\n\t}\r\n}\r\n\r\n\r\nfunction isSidMon1() {\r\n\t//ref http://asle.free.fr/prowiz/prowiz.src.zip / r/sidmon1.c\r\n\t// & https://gitlab.com/uade-music-player/uade/-/raw/master/amigasrc/players/sidmon1/SIDMon1.0.s\r\n\t//I'm just used to calling the base ofs \"a0\" at this point\r\n\ta0 = X.fSig(0,0xFFFF,\"41FA.... ....FFD4 43FA.... 228841FA ....D1E8 FFD843FA\");\r\n\tif(a0 < 0 || (a0&1) || a0 > X.Sz()) return false;\r\n\tbad = \"\";\r\n\tp = X.U16(a0+2,_BE); msgp = a0+p+2; if(msgp < a0+16 || msgp > X.Sz()) return false;\r\n//if(debug&&a0)_log(\"init @\"+Hex(a0)+\", p=\"+Hex(p));\r\n\tplayp = X.fSig(a0+0x10,a0+msgp-6,\"4E7548E7FFFE\"); if(playp < 0 || (playp&1)) return false;\r\n\tsmpd = X.U16(a0+2+p-2,_BE); ordp = X.U16(a0+2+p-6,_BE);\r\n\tptnp = X.U16(a0+2+p-10,_BE); if(!smpd || !ordp || !ptnp) return false;\r\n//_log(\"smpd:\"+Hex(a0+2+p+smpd)+\" ordp:\"+Hex(a0+2+p+ordp)+\" ptnp:\"+Hex(a0+2+p+ptnp));\r\n\tif(a0+2+p+smpd > X.Sz() || a0+2+p+ordp > X.Sz()) return false;\r\n\tif(smpd <= ordp && smpd != 1) return false;\r\n\tptn = (ordp-ptnp) >> 6; ord = 0; smps = [];\r\n\tif(smpd == 1) { //no samples, traversing orderlist\r\n\t\tord++; pt = a0+2+p+ordp;\r\n\t\tif(pt+4 > X.Sz()) { sz = pt; return true; } // 1 position\r\n\t\tpt += 4; t = 1; sz = ordp-ptnp;\r\n\t\twhile(t < sz) { t = X.U32(sz,_BE); if(sz+4 > X.Sz() || !t) return true; sz += 4 }\r\n\t\tsz -= 4; ord--\r\n\t}\r\n\telse { //samples present\r\n\t\tord = (smpd-ordp) >> 2;\r\n\t\tsmpd += a0+2+p; //now an absolute offset\r\n\t\tsdsz = X.U16(smpd+2,_BE); smp = sdsz >> 5;\r\n\t\tif(smpd+sdsz > X.Sz() || sdsz%32) return false;\r\n//_log(\"smpinfo: [\"+Hex(sdsz)+\"/\"+Hex(smp)+\"]\")\r\n\t\tif(!sdsz) for(;; sdsz += 0x20) { //guess manually\r\n\t\t\tif(sdsz+0x24 > X.Sz()) return false;\r\n\t\t\tstp = X.U32(smpd+sdsz+4,_BE); //smp start ofs\r\n\t\t\tk = X.U32(smpd+sdsz+8,_BE); //loop start ofs?\r\n\t\t\tendp = X.U32(smpd+sdsz+0xC,_BE); //loop end ofs or smp end ofs\r\n\t\t\tif(stp > k || k >= endp) break; smp++;\r\n//_log(\" smp found @\"+Hex(sdsz))\r\n\t\t\tt = decAnsi(smpd+sdsz+0x10,0x10,CPAmiga).trim(); if(t != \"\") smps.push(t)\r\n\t\t}\r\n\t\tmendp = 0;\r\n\t\tfor(i=0; i < smp; i++) {\r\n\t\t\tendp = X.U32(smpd+i*0x20+0xC,_BE); if(endp > mendp) mendp = endp;\r\n\t\t\tt = decAnsi(smpd+i*0x20+0x10,0x10,CPAmiga); if(t != \"\") smps.push();\r\n\t\t}\r\n//_log(\"mendp:\"+Hex(mendp)+\" @\"+Hex(smpd+sdsz+4+mendp));\r\n\t\tsz = smpd+sdsz+4+mendp;\r\n\t\tif(sz > X.Sz()) bad = bad.addIfNone(\"!short\");\r\n\t}\r\n\treturn true;\r\n}\r\nif(!bDetected && X.isDeepScan() && isSidMon1()) {\r\n\tsName = \"SIDMon module (.SID1,.SMN,.SID)\"; sVersion = \"v1\"; bDetected = 1;\r\n\tif(bad != '') sVersion = sVersion.appendS(\"malformed\"+bad,'/');\r\n\tif(X.isVerbose()) {\r\n\t\tt = decAnsi(msgp,0x100,CPAmiga).trim();\r\n\t\tif(t != \"SID-MON BY R.v.VLIET (c) 1988\") sOptionT(t);\r\n\t\tsOptionT(addEllipsis(smps.join(','),200),'smps:');\r\n\t\tsOption(\"ord:\"+ord+\" ptn:\"+ptn+\" smp:\"+smp+\" sz:\"+outSz(sz));\r\n\t}\r\n}\r\n\r\n\r\nfunction isSidMon2() {\r\n//from https://github.com/neumatho/NostalgicPlayer/blob/main/Source/Agents/Players/SidMon20/SidMon20Worker.cs\r\n\tif(X.Sz() < 0x5A) return false;\r\n\tif(!X.c(\"'SIDMON II - THE MIDI VERSION'\", 0x3A)) return false;\r\n\tord = X.U8(2)+1; spd0 = X.U8(3); smp = X.U16(4,_BE);\r\n\tofs = 0x3A+X.U32(6,_BE); songlenlen = X.U32(0xA,_BE); ofs += songlenlen; //yes\r\n\tif(ofs != 0x5A) return false; \r\n\tp = 0x0E;\r\n\tfor(i = 0; i < 10; i++) {\r\n\t\tt = X.U32(p,_BE); if(t > 0x0FFFFF || !t) return false;\r\n\t\tswitch(i) {\r\n\t\tcase 0: var ordt = [ofs,t]; break;\r\n\t\tcase 1: if(t != ordt[1]) return false; var notexpost = [ofs,t]; break;\r\n\t\tcase 2: if(t != notexpost[1]) return false; break;\r\n\t\tcase 3: if(t % 32) return false; break;\r\n\t\tcase 7: if(t != smp) return false; var smpt = [ofs,t]; break;\r\n\t\tcase 8: trk = t >> 1; break;\r\n\t\tcase 9: var trkt = [ofs,t]; break;\r\n\t\t}\r\n\t\tp += 4; ofs += t; if(ofs > X.Sz()) return false\r\n\t}\r\n\tofs = trkt[0]+trkt[1]; if(ofs&1) ofs++;\r\n\tsmpsz = 0; smps = [];\r\n\tfor(p = smpt[0]; p < smpt[0]+smpt[1]; p += 0x40) {\r\n\t\tsmpsz += X.U16(p+4,_BE) << 1;\r\n\t\tt = decAnsi(p+0x20,0x20,CPAmiga).trim(); if(t != \"\") smps.push(t)\r\n\t}\r\n\tsz = ofs+smpsz; smp >>= 6;\r\n\treturn true\r\n}\r\nif(!bDetected && isSidMon2()) {\r\n\tsName = \"SIDMon II module (.SID2)\"; bDetected = 1;\r\n\tif(X.isVerbose()) {\r\n\t\tsOptionT(X.SA(7,0x20));\r\n\t\tsOptionT(X.SA(0x27,0x20),\"in: \");\r\n\t\tsOptionT(addEllipsis(smps.join(','),0x100),'smp/msg:\"','\"');\r\n\t\tsOption(\"trk:\"+trk+\" ord:\"+ord+\" smp:\"+smp+\" sz:\"+outSz(sz))\r\n\t}\r\n}\r\n\r\n\r\nfunction isDigiIllu() {\r\n\t//ref https://github.com/tonioni/WinUAE/blob/master/prowizard/rippers/DigitalIllusion.c\r\n\tif(X.Sz() < 17) return false;\r\n\tsmp = X.U16(0,_BE); if(smp > 31) return false;\r\n\tordp = X.U32(2,_BE); if(ordp < smp*8+2) return false; //orderlist ptr\r\n\tptndp = X.U32(6,_BE); if(ptndp-ordp > 0x80 || X.U8(ptndp-1) != 0xFF) return false; //pattern data ptr\r\n\tsmpdp = X.U32(10,_BE); if(smpdp > 0xFFFF) return false; //sample data ptr\r\n\tif(ptndp <= ordp+1 || smpdp <= ordp) return false;\r\n\tif(ordp > X.Sz() || ptndp > X.Sz()) return false;\r\n\tallsmpsz = 0;\r\n\tfor(j=0; j < smp; j++) {\r\n\t\tssz = X.U16(j*8+14,_BE)<<1; if(ssz > 0xFFFF) return false;\r\n\t\tlst = X.U16(j*8+18,_BE)<<1; if(lst > ssz) return false;\r\n\t\tlsz = X.U16(j*8+20,_BE)<<1;\r\n\t\tif(lsz > ssz+2 || lst+lsz > ssz+2 || (lst && lsz <= 2)) return false;\r\n\t\tif((lst || lsz > 2) && !ssz) return false;\r\n\t\tif(X.U8(16+j*8) > 0xF || X.U8(17+j*8) > 0x40) return false; //ft & vol checks\r\n\t\tallsmpsz += ssz\r\n\t}\r\n\tif(allsmpsz <= 2) return false;\r\n\tfor(i=ordp,ptn=0; i < ptndp-1; i++) if((t=X.U8(i)) > 0x80) return false; else if(t >= ptn) ptn = t+1;\r\n\tsz = allsmpsz+smpdp;\r\n\treturn true\r\n}\r\nif(!bDetected && isDigiIllu()) {\r\n\tsName = \"Digital Illusions Creative Entertainment packed module (.DI)\"; bDetected = 1;\r\n\tif(sz > X.Sz() && !X.isVerbose()) sVersion = \"malformed!short\";\r\n\tif(X.isVerbose()) {\r\n\t\tsOption('ord:'+(ptndp-ordp-1)+' ptn:'+ptn+' smp:'+smp+' sz:'+outSz(sz));\r\n\t}\r\n}\r\n\r\n\r\nfunction isImagoOrpheus() {\r\n\t//ref https://sourceforge.net/p/xmp/libxmp/ci/master/tree/src/loaders/imf_load.c\r\n\tif(!X.c(\"'IM10'\",0x3C)) return false;\r\n\tif(X.U16(0x20) > 0x100 || X.U16(0x22) > 0x100 || X.U16(0x24) > 0xFF\r\n\t || !X.U8(0x30) || X.U8(0x31) < 0x20 || X.U8(0x32) > 0x40 || X.I8(0x33) < 4) return false;\r\n\tord = X.U16(0x20); ptn = X.U16(0x22); ins = X.U16(0x24); spd = X.U8(0x30); bpm = X.U8(0x31);\r\n\tch = chon = 0; chns = [];\r\n\tvar t,rs,r,psz,b,nsmp;\r\n\tfor(p=0x40; p < 0x240; i++,p+=0x10) { // name[12]+chorus+rev+pan+status\r\n\t\tif(X.isVerbose()) { t = X.SC(p,12,'CP437').trim(); if(t.length) chns.push(t) }\r\n\t\tif(X.U8(p+15) <= 1) ch++; if(!X.U8(p+15)) chon++;\r\n\t}\r\n\tif(!ch) return false;\r\n\tfor(notes=i=0,p=0x340; i < ptn && p < X.Sz(); i++) {\r\n\t\tpsz = X.U16(p)-4; rs = X.U16(p+2); if(rs > 0x100) return false; p += 4;\r\n\t\tif(X.isDeepScan()) while(--psz >= 0 && p < X.Sz()) {\r\n\t\t\tb = X.U8(p++); if(b == 0) { r++; if(r >= rs) return false; continue }\r\n\t\t\tif(b&0x20) { if([0xA0,0xFF].indexOf(X.U8(p++)) < 0) notes++; p++; psz -= 2 }\r\n\t\t\tif(b&0x80) { p += 2; psz -= 2 } if(b&0x40) { p += 2; psz -= 2 }\r\n\t\t} else p += psz;\r\n\t}\r\n\tif(p > X.Sz()) return false;\r\n\tinss = []; smps = [];\r\n\tfor(smp=i=0; i < ins; i++) {\r\n\t\tif(X.isVerbose()) { t = X.SC(p,32,'CP437').trim(); if(t.length) inss.push(t) }\r\n\t\tp += 0x180; //skip name,map, reserved, all the envelopes, sample flags, fadeout\r\n\t\tif((nsmp=X.U16(p-6)) > 0xFF) return false;\r\n\t\tif(!X.c(\"'II10'\",p-4) && X.U32(p-4)) return false;\r\n\t\tfor(j=0; j < nsmp; j++,smp++) {\r\n\t\t\tif(X.isVerbose()) smps.push(X.SC(p,13,'CP437').trim());\r\n\t\t\tvar ssz = X.U32(p+0x10), lps = X.U32(p+0x14), lpe = X.U32(p+0x18), f = X.U8(0x30);\r\n\t\t\tif(ssz > 0x100000 || lps > 0x100000 || lpe > 0x100000) return false;\r\n\t\t\tif(X.U8(p+0x24) > 0x40/*vol*/) return false;\r\n\t\t\tp += 0x40;\r\n\t\t\tif(!X.c(\"'IS10'\",p-4) && !X.c(\"'IW10'\",p-4)) return false;\r\n\t\t\tp += ssz\r\n\t\t}\r\n\t}\r\n\treturn true\r\n}\r\nif(!bDetected && isImagoOrpheus()) {\r\n\tsName = \"Imago Orpheus module (.IMF)\"; bDetected = 1;\r\n\tif(X.isVerbose()) {\r\n\t\tsOptionT(X.SC(0,0x20,'CP437'));\r\n\t\tsOptionT(addEllipsis(inss.join(' ')),'insts/msg:\"','\"');\r\n\t\tsOptionT(addEllipsis(smps.filter(funSampleName).join(' ')),'smps/msg:\"','\"');\r\n\t\tsOption('spd0:'+spd+' bpm0:'+bpm+' ch:'+chon+(ch==chon?'':ch)\r\n\t\t\t+' ord:'+ord+' ptn:'+ptn+' ins:'+ins+' smp:'+smp+(notes?' notes:'+notes:'')+' sz:'+outSz(p));\r\n\t}\r\n}\r\n\r\n\r\n\r\nfunction isPMD() {\r\n\t// ref https://raw.githubusercontent.com/ValleyBell/MidiConverters/master/pmd_SeqFormat.txt\r\n\t// & https://web.archive.org/web/20220928062748/https://lithcore.cn/2318/\r\n\t// & https://github.com/mistydemeo/pmdmini/blob/master/src/pmdmini.c\r\n\t// & https://gitlab.com/bunnylin/supersakura/blob/dev/doc/mus/pmd.md\r\n\t// & https://github.com/stuerp/foo_input_pmd/blob/master/PMD/PMD.cpp\r\n\tif(X.Sz() < 37 || !isWithin(nV=X.I8(0), -1,2/*0xF*/)) return false;\r\n\tif(X.U16(1) == 0x1A) var nptr = 13; else if(X.U16(1) == 0x18) var nptr = 12; else return false;\r\n\tfunction re(p,t) { if(debug>1)_l2r('pmd',p,t); return false }\r\n\tfunction trktxt(n) {\r\n\t\tif(n < 0) return '??';\r\n\t\telse if(n < 6) return 'FM '+(n+1);\r\n\t\telse if(n < 9) return 'SSG '+(n-5);\r\n\t\telse if(n === 9) return 'OPNA ADPCM B';\r\n\t\telse if(n === 10) return 'OPNA Rhythm';\r\n\t\telse if(n === 11) return 'Rhythm Subs';\r\n\t\telse if(n === 12) return 'FM insts';\r\n\t\telse return '??'\r\n\t}\r\nvar trkpt = []; //debug\r\n\tfor(i=0,oldchn=X.U16(1); i < nptr; i++) { //ptrs to the 11 tracks, rhythm funcs, (maybe optionally?) FM insts\r\n\t\tp = X.U16(1+i*2); if(/*p &&*/ !isWithin(p, 0x1A,X.Sz()-1)) return re(p,'!badtrkp');\r\ntrkpt.push(Hex(p+1)+': '+trktxt(i)); //debug\r\n\t\tif(isWithin(i, 1,11) && X.U8(p) != 0x80) return re(p,'!badtrkend'+X.U8(p)); //data blocks end in 80h\r\n\t\tif(isWithin(i, 1,10) && p <= oldchn) return re(p,'!badtrkp'); // not sorted right\r\n\t\tif(!i && X.U8(p) == 0xC6) for(j=p+1; j < p+9; j+=2)\r\n\t\t\tif((t=X.U16(j)) && !isWithin(t, p,X.Sz()-1)) return re(p,'!badC6trkp');\r\n\t\toldchn = p;\r\n\t}\r\n//_l2r('pmd','',trkpt.join(' || ')); //debug\r\n\trhosz = (X.U16(0x17)-X.U16(0x15)-1); rhysz = (X.U16(0x19)-X.U16(0x17)-2) >> 1;\r\n\trho = rhy = 0;\r\n\tvar rhy1 = oldrhy = 0, rhy0 = 0xFFFFFF;\r\n\tif(rhosz > 0) for(q=X.U16(0x15)+1; q < X.U16(0x17)+1; q++) {\r\n\t\t//rhythm subroutine orderlist, most likely? the first byte seems to be the number of loops\r\n\t\tt = X.U8(q);\r\n//_l2r('rho',q,'#'+Hex(t))\r\n\t\tif(t == 0x80) break; if(t >= rhy && t < 0x80) rhy = t+1; //just sometimes, rhy-orderlist items like F6 happen\r\n\t\trho++\r\n\t}\r\n\tif(rhysz > 0 && rhosz > 0) for(q=X.U16(0x17)+1; q < rhy0 && q < X.U16(0x19)-1 && rhy1 < rhy; q+=2) {\r\n\t\t//rhythm subroutine pointers; the last 2 bytes are probably about the version\r\n\t\tt = X.U16(q)+1;\r\n//_l2r('rhy',q,'*'+Hex(t))\r\n\t\tif(!isWithin(t, q,X.Sz())) break;//_l2r('rhy',q,'OOBrhyptr '+Hex(t));\r\n\t\tif(!rhy1) rhy0 = t;\r\n\t\tif(t >= 0xFE00 || X.U16(0x19)-q < 2) break;\r\n\t\trhy1++; oldrhy = t;\r\n\t}\r\n\tbad = ''; ttype = ''; extra = -1; sV = '';\r\n\tif(rhysz >= 4) {\r\n\t\textrap = p-3; extra_type = X.U8(extrap+2);\r\n\t\tif(!isWithin(extra_type, 0x40,0x4F)) bad = bad.addIfNone('!badxtype'+Hex(extra_type));\r\n\t\tif(extra_type < 0x42) ttype = \"PCP/P86\";\r\n\t\telse if(extra_type < 0x48) ttype = \"PPS\";\r\n\t\telse if(nV == -1) ttype = \"FM Towns\"; else ttype = \"PPZ\";\r\n\t\textra = X.U16(extrap,_LE)+1;\r\n\t\tif(!isWithin(extra, 1,X.Sz()))\r\n\t\t\tbad = bad.addIfNone('!'+Hex(extra)+' out of '+Hex(extrap-1));\r\n\t\telse for(i=0; i < 4; i++) {\r\n\t\t\tp = X.U16(extra+i*2,_LE);\r\n\t\t\tif(p < 27 || p+1 > X.Sz()) bad = bad.addIfNone('!extrapOOB'+Hex(extra))\r\n\t\t}\r\n\t}\r\n//else _l2r('fe',p-1,'version?'+Hex(X.U8(p-1)));\r\n\treturn true\r\n}\r\nif(!bDetected && isPMD() ) {\r\n\tbDetected = 1;\r\n\tsName = \"Masahiro 'Kajapon' Kajihara's Professional Music Driver module (.M,.M2)\";\r\n\tsVersion = nV >= 0? 'v'+nV+'/'+['OPN/OPNA','OPM','OPL2',,,,,,,,,,,,,,][nV]: '';\r\n\tsVersion = sVersion.appendS(/*'t'+Hex(extra_type).substr(0,2)+\":\"+*/ttype/*+\" tagptrs:\"+Hex(extra)*/,' ');\r\n\tif(bad.length) sVersion = sVersion.appendS('malformed'+bad,'/');\r\n\tif(X.isVerbose()) {\r\n\t\tfnames = [];\r\n\t\tif(extra > 0) {\r\n\t\t\tif(extra_type >= 0x48) {\r\n\t\t\t\tn = X.SC(X.U16(extra,_LE)+1,0x100,\"Shift_JIS\"); extra+=2;\r\n\t\t\t\tif(n != \"\") fnames.push(\"PPZ:\"+n)\r\n\t\t\t}\r\n\t\t\tif(extra_type >= 0x42) {\r\n\t\t\t\tn = X.SC(X.U16(extra,_LE)+1,0x100,\"Shift_JIS\"); extra+=2;\r\n\t\t\t\tif(n != \"\") fnames.push(\"PPS:\"+n)\r\n\t\t\t}\r\n\t\t\tn = X.SC(X.U16(extra,_LE)+1,0x100,\"Shift_JIS\"); extra+=2;\r\n\t\t\tif(n != \"\") fnames.push(\"PPC/P86:\"+n);\r\n\t\t\ttitle = X.SC(X.U16(extra,_LE)+1,0x100,\"Shift_JIS\");\r\n\t\t\tif(title == \"\\x1A\") title = \"\";\r\n\t\t\tartist = X.SC(X.U16(extra+2,_LE)+1,0x100,\"Shift_JIS\");\r\n\t\t\tif(artist == \"\\x1A\") artist = \"\";\r\n\t\t\tarenji = X.SC(X.U16(extra+4,_LE)+1,0x100,\"Shift_JIS\");\r\n\t\t\tif(arenji == \"\\x1A\") arenji = \"\";\r\n\t\t\trem = X.SC(X.U16(extra+6,_LE)+1,0x100,\"Shift_JIS\");\r\n\t\t\tif(rem == \"\\x1A\") rem = \"\";\r\n\t\t\tsOption(title);\r\n\t\t\tsOption(artist,\"by: \");\r\n\t\t\tsOption(arenji,\"mixed by: \");\r\n\t\t\tsOption(rem);\r\n\t\t\tsOption(fnames.join(\", \"),\"fn: \");\r\n\t\t}\r\n\t\tt = X.U8(X.U16(0x15)+1);\r\n\t\tsOption('rhyord:'+rho+(rho?(t?'×'+t:'')+' rhy:'+rhy:''))\r\n\t}\r\n}\r\n\r\n\r\nfunction isMUAP98() {\r\n\t//ref http://ohta.music.coocan.jp/packen/data/muap641s.lzh / NAX.ASM & PLAY4.ASM\r\n\tfunction re(p,t) { if(debug>1)_l2r('muap',p,t); return false }\r\n\tif(X.Sz() < Math.max(X.U16(0x20),0x26) ) return false;\r\n\tch = notes = sz = sus = 0; msg = ''; var t;\r\n\tfor(i=oldp=0; i < 0x11; i++) {\r\n\t\tt = X.U16(i*2);\r\n\t\tif(!isWithin(t, Math.max(0x18,oldp),X.Sz()))\r\n\t\t\treturn re(i*2,'!ptr#'+i+'OOB '+outArray([t,oldp,X.Sz()],16));\r\n\t\tif(i && X.U8(t-1) != 0xFC) return re(t-1,'!FC@');\r\n\t\tif(X.U8(t) != 0xFC) {\r\n\t\t\tvar r = parseMUAP98(t, X.isDeepScan()?BCParseToEoF:BCParseToReasonable, i);\r\n\t\t\tif(r[0] == BCInvalidFormat) return false;\r\n\t\t\tnotes += r[0]; msg = msg.appendS(r[3],'\\n'); ch++; if(sz < r[4]) sz = r[4]; sus += r[5]\r\n\t\t} else if(sz < t+1) sz = t+1;\r\n\t\toldp = t\r\n\t}\r\n\tif(sus > ch*3) return false;\r\n\tbad = sus?'suspicious'+sus:'';\r\n\treturn true\r\n}\r\nif(!bDetected && isMUAP98()) {\r\n\tsName = \"Packen/ぱっくん Software MUAP98/みゅあっぷ Object chiptune (.O,.OX+TONES.DTA)\"; bDetected = 1;\r\n\tif(bad.length) sVersion = bad;\r\n\tif(X.isVerbose()) {\r\n\t\tsOptionT(msg); //actually meant to display lyrics\r\n\t\tsOption('ch:'+ch+(X.isDeepScan()?' notes:'+notes+' sz:'+outSz(sz):''));\r\n\t}\r\n}\r\n\r\n\r\nfunction isRobHubbardRH() {\r\n\t//from https://gitlab.com/uade-music-player/uade/-/raw/master/amigasrc/players/wanted_team/RobHubbard/src/RobHubbard_v7.asm\r\n\t//the FX files not included -- TODO\r\n\tif(!X.c(\"6000.... 6000.... 6000.... 6000.... 6000.... 41FA.... ........ 4E7541FA\"))\r\n\t\treturn false; //Check2\r\n\ta2 = 0x40; d4 = 8;\r\n\tdo { //loop2\r\n\t\tif(X.U16(a2,_BE) == 0x2418) break;\r\n\t\ta2 += 2; d4--\r\n\t} while(d4);\r\n\tif(!d4) return false; //found2\r\n\tsmp = d3 = X.U8(a2-1)+1;\r\n\ta2 = 0x36; d4 = 5;\r\n\tdo { //loop3\r\n\t\tif(X.U16(a2,_BE) == 0x41FA) break;\r\n\t\ta2 += 2; d4--\r\n\t} while(d4);\r\n\tif(!d4) return false; //found3\r\n\ta2 += 2;\r\n\ta4 = a2;\r\n\td4 = a2+X.U16(a2,_BE)+2; //minus a3 = moduleptr, 0 in our case\r\n\tif(X.U16(a4+2,_BE) == 0xD1FC) d4 += 0x40;\r\n\ta3 = d4-2; //again +moduleptr; then moduleptr[a6] = a3 (puts in sampleptr); a6 += 4;\r\n\td5 = 0; a2 = a3;\r\n\tdo { //loop4\r\n\t\td1 = X.U32(a3,_BE);\r\n\t\tif(d1 > 0x10000) return false;\r\n\t\td1 += 6;\r\n\t\td5 += d1;\r\n\t\ta3 += d1;\r\n\t\td3--\r\n\t} while(d3);\r\n\tif(X.U16(a3,_BE) != 0x4E71) return false; //at the EOF now\r\n\ta3 = 0; a0 = 130+a3;\r\n\td0 = 10;\r\n\tdo { //loop\r\n\t\tif(X.U16(a0,_BE) == 0x41EB) { a0 += 2; break }\r\n\t\ta0 += 2; d0--;\r\n\t} while(d0);\r\n\tif(!d0) return false; //else found\r\n\td1 = 0;\r\n\td2 = X.U16(a0,_BE);\r\n\ta3 += d2;\r\n\tdo { //hop\r\n\t\ta3 += 18; d1++;\r\n\t} while(X.U16(a3,_BE));\r\n\td2 = a2-a3;\r\n\tdo { //petla\r\n\t\tb = X.U8(a3);\r\n\t\tif(b != 0x84)\r\n\t\t\tif(b != 0x85)\r\n\t\t\t\t{ a3++; d2--; if(d2 < 0) break; else continue }\r\n\t\td0++; a3++; d2--\r\n\t} while(d2 >= 0);\r\n\tsongsz = d4;\r\n\tsz = d4+d5;\r\n\tsteps = d0;\r\n\tx = d1;\r\n\treturn true;\r\n}\r\nif(!bDetected && X.isDeepScan() && isRobHubbardRH()) {\r\n\tsName = \"Rob Hubbard's module (.RH)\"; sVersion = \"v1.4\"; bDetected = 1;\r\n\tif(X.isVerbose()) {\r\n\t\tif(x > 1) sOption(x,\"×\");\r\n\t\tsOption(\"smp:\"+smp+\" steps:\"+steps+\" songsz:\"+songsz+\" sz:\"+outSz(sz))\r\n\t}\r\n}\r\n\r\n\r\nfunction isPuma() {\r\n\t//from https://gitlab.com/uade-music-player/uade/-/raw/master/amigasrc/players/wanted_team/PumaTracker/src/PumaTracker_v2.asm\r\n\t//ref http://lclevy.free.fr/amiga/exotic/puma_str.txt\r\n\t// && https://github.com/OpenMPT/openmpt/blob/master/soundlib/Load_puma.cpp\r\n\tord = X.U16(12,_BE)+1; if(ord > 256) return false;\r\n\tptn = X.U16(0xE,_BE); if(!ptn || ptn > 128) return false;\r\n\tsynsmp = X.U16(0x10,_BE); if(!isWithin(synsmp,1,32)) return false; //\"number of sound data\"\r\n\tloop = X.U16(0x12,_BE); \tbad = ''; if(loop >= ord) bad = bad.addIfNone('!badloop');\r\n\tif(charStat(X.readBytes(0,12),1).indexOf('allxsc') < 0) return false;\r\n\tfor(p=0x50,i=mp=0; i < ord && p < X.Sz(); p+=14,i++) //verify orderlist integrity\r\n\t\tfor(c=0; c < 4; c++) {\r\n\t\t\tif((pt=X.U8(p+c*3)) >= 0x80 || !isWithin(X.I8(p+c*3+2),-0x30,0x30)) return false;\r\n\t\t\tif(pt > mp) mp = pt\r\n\t\t}\r\n\tif(i < ord) return false; mp++;\r\n\tminsz = p+ptn*8+4+synsmp*16+4; if(minsz >= X.Sz()) return false;\r\n\tfor(i=0; i < ptn; i++) { //test all patterns\r\n\t\tif(!X.c(\"'patt'\",p)) return false; p += 4; row = 0;\r\n\t\tfor(;row < 32; p += 4) {\r\n\t\t\tvar d = X.readBytes(p,4); if(d[0]%2 || !isWithin(d[3],1,32-row)) return false; row += d[3]\r\n\t\t} }\r\n\tif(!X.c(\"'patt'\",p)) return false; p += 4;\r\n\tsmp = msmpp = mssz = evc = 0; plim = Math.min(X.Sz(),0x100000);\r\n\tfor(i = 0; i < 10; i++) { //test waveform tables\r\n\t\tsmpp = X.U32(0x14+i*4,_BE); if(!smpp) continue;\r\n\t\tssz = X.U16(0x3C+i*2,_BE); if(ssz&1) ssz--; ssz <<= 1;\r\n\t\tif(smpp < minsz || smpp > 0x100000) return false;\r\n\t\tif(smpp > msmpp) { msmpp = smpp; mssz = ssz}\r\n\t\tsmp++;\r\n\t}\r\n\tfunction checkScript(isVol) {\r\n\t\tvar isFirst = true;\r\n\t\twhile(p+4 < X.Sz()) {\r\n\t\t\tvar d = X.readBytes(p,4); p += 4;\r\n\t\t\tif(isFirst && isVol && d[0] != 0xC0) return false;\r\n\t\t\tswitch(d[0]) {\r\n\t\t\tcase 0xA0: evc++; break;\r\n\t\t\tcase 0xB0: evc++; return !(d[1] & 3);\r\n\t\t\tcase 0xC0: if(!isVol) return false; evc++; break;\r\n\t\t\tcase 0xD0:\r\n\t\t\t\tif(isVol) return false; evc++;\r\n\t\t\t\tif(d[1]&1)/*freezes playback*/ bad = bad.addIfNone('!oddpitch'); break;\r\n\t\t\tcase 0xE0: evc++; return true;\r\n\t\t\tdefault:\r\n\t\t\t\tif(!isVol && decEncoding(d,CPAmiga) === 'inst') { p -= 4; return evc > 0 }\r\n\t\t\t\treturn false;\r\n\t\t\t}\r\n\t\t\tisFirst = false;\r\n\t\t}\r\n\t\treturn evc > 0\r\n\t}\r\n\tfor(i=0; i < synsmp && p < X.Sz(); i++) {\r\n\t\tif(!X.c(\"'inst'\",p)) return false; p += 4;\r\n\t\tif(!checkScript(true)) return false;\r\n\t\tif(!X.c(\"'insf'\",p)) return false; p += 4;\r\n\t\tif(!checkScript(false)) return false;\r\n\t}\r\n\tif(!X.c(\"'inst'\",p)) return false; p += 4\r\n\tif(p > X.Sz()) { sz = -1; bad = bad.addIfNone('!short'); return true }\r\n\tsz = Math.max(msmpp+mssz, p);\r\n\treturn true;\r\n}\r\nif(!bDetected && isPuma()) {\r\n\tsName = \"PumaTracker module (.PUMA)\"; sVersion = \"v1.1\"; bDetected = 1;\r\n\tif(bad != '') sVersion = sVersion.appendS('/malformed'+bad,'/');\r\n\tif(X.isVerbose()) {\r\n\t\tsOption(decAnsi(0,0x0C,CPAmiga).trim());\r\n\t\tsOption('ord:'+ord+' ptn:'+mp+(mp!=ptn?'/'+ptn:'')+(smp?' wf.smp:'+smp:'')\r\n\t\t\t+' syn.smp:'+synsmp+(loop?' lp:'+loop:'')+' events:'+evc+' sz:'+outSz(sz))\r\n\t}\r\n}\r\n\r\n\r\nfunction isSeanConran() {\r\n\t//from https://gitlab.com/uade-music-player/uade/-/raw/master/amigasrc/players/wanted_team/SeanConran/src/Sean Conran_v3.asm\r\n\t//Check2\r\n\tif(X.c(\"0FFF0FE2\") || X.c(\"10000FE2\")) {\r\n\t\tif(!X.c(\"0FC40FA7 0F8B0F6E\",4)) return false; //test1\r\n\t\tp = 0x124; //start searching for initp from here\r\n\t\ta0 = 8;\r\n\t}\r\n\telse\r\n\t\tif(X.c(\"0F1C0F0E 0F000EF2 0EE40ED6\")) {\r\n\t\t\tp = 0x1C4;\r\n\t\t\ta0 = 0xA8; //skip to LastCheck\r\n\t\t}\r\n\t\telse return false;\r\n\tdo { //InitPlayer.FindInit\r\n\t\tt = X.U32(p,_BE); if(!t) return false;\r\n\t\tp += 2; if(p > X.Sz()) return false\r\n\t} while([0x45FA,0x43F9,0x41F9].indexOf(t>>16) < 0);\r\n\tinitp = p-2;\r\n\t//LastCheck\r\n\ta0 += 0x11C;\r\n\tfor(d1 = 0; d1 < 0x80; d1++) { //CheckSFX\r\n\t\tif(X.c(\"7F7F7F7F\",a0) || X.c(\"FFFF\",a0)) return false;\r\n\t\ta0 += 2\r\n\t}\r\n\t// a0 = GetListData(0);\r\n\tx = IntAddress = 0; Twin = false;\r\n\tdo { //Next\r\n\t\tt = X.U16(p,_BE);\r\n\t\tp += 2; if(p > X.Sz()) return false\r\n\t} while([0x7000,0x7200].indexOf(t) < 0);\r\n\tif(t === 0x7000) { //OneSub\r\n\t\tx = 1;\r\n\t\t// do { //FindSongs\r\n\t\t// t = X.U16(p,_BE); p += 2; if(p > X.Sz()) return false\r\n\t\t// } while(t != 0x41FA);\r\n\t\t// FirstPos = p+X.I16(p,_BE);\r\n\t}\r\n\telse { //t=0x7200\r\n\t\twhile(!x && p < X.Sz()) {\r\n\t\t\tif(X.c(\"00000000\",p)) return false;\r\n\t\t\tif(X.c(\"21C80070\",p)) { //OK4\r\n\t\t\t\t// t = p-4; IntAddress = t+X.I16(t,_BE);\r\n\t\t\t\tp += 2;\r\n\t\t\t\tif(X.c(\"00003B76\",0x24C)) Twin = true;\r\n\t\t\t} else {\r\n\t\t\t\tif(X.c(\"43FA\",p)) {\r\n\t\t\t\t\tt = p+2+X.I16(p+2,_BE); //OK0\r\n\t\t\t\t\t// songsp = t;\r\n\t\t\t\t\tx = (X.I16(t,_BE)-t) >> 3;\r\n\t\t\t\t}\r\n\t\t\t\telse if(X.c(\"43EA\",p)) {\r\n\t\t\t\t\tt = X.I16(p+2,_BE); //OK2\r\n\t\t\t\t\t// songsp = t;\r\n\t\t\t\t\tx = (X.I16(t,_BE)-t) >> 3;\r\n\t\t\t\t}\r\n\t\t\t\telse p += 2\r\n\t\t\t}\r\n\t\t}\r\n\t\tif(!x || p >= X.Sz()) return false\r\n\t}\r\n\t// there are more checks... although they aren't really necessary here\r\n\treturn true\r\n}\r\nif(!bDetected && isSeanConran()) {\r\n\tsName = \"Sean Conran module (.SCR)\"; sVersion = \"v1.2\"; bDetected = 1;\r\n\tif(Twin) sVersion += \"/Megatwins\"\r\n\tif(X.isVerbose()) {\r\n\t\tif(x > 1) sOption(x,\"×\");\r\n\t}\r\n}\r\n\r\n\r\nfunction isBenDaglish() {\r\n\t//from https://gitlab.com/uade-music-player/uade/-/raw/master/amigasrc/players/wanted_team/BennDaglish/Benn Daglishv3.asm\r\n\tif(!X.c(\"6000....6000.... ....6000\")) return false; //Check2\r\n\td1 = X.I16(0x02,_BE); if(d1 <= 0 || (d1&1) || d1 > X.Sz()) return false;\r\n\ta0 = a1 = a3 = d1+2;\r\n\td1 = X.I16(0x06,_BE); if(d1 <= 0 || (d1&1) || d1 > X.Sz()) return false;\r\n\td1 = X.I16(0x0C,_BE); if(d1 <= 0 || (d1&1) || d1 > X.Sz()) return false;\r\n\tif(!X.c(\"3F006100\",a1) || !X.c(\"3D7C\",a1+6)\r\n\t || !X.c(\"41FA\",a1+12)) return false;\r\n\r\n\td0 = 0x7F;\r\n\twhile(d0) //.l6\r\n\t\tif(X.c(\"D040D040 D04041FA\",a0)) {\r\n\t\t\ta0 += 8;\r\n\t\t\ta1 = a0+X.I16(a0,_BE); //note the value's signed\r\n\t\t\tbreak;\r\n\t\t}\r\n\t\telse {\r\n\t\t\ta0 += 2; d0--; if(!d0 || a0 > X.Sz()) return false\r\n\t\t}\r\n\tx = 0;\r\n\tBD_L7: while(1) {\r\n\t\td2 = 4;\r\n\t\twhile(d2) {\r\n\t\t\td0 = X.U16(a1,_BE) & 0xFC00;\r\n\t\t\ta1 += 2; if(a1 > X.Sz()) return false;\r\n\t\t\tif(d0) { // .not_subsong\r\n\t\t\t\tx--; //last subsong\r\n\t\t\t\tif(x < 0) x == 0;\r\n\t\t\t\tbreak BD_L7\r\n\t\t\t}\r\n\t\t\telse d2--\r\n\t\t}\r\n\t\tx++\r\n\t}\r\n\tx++;\r\n\r\n\t//size calc\r\n\t// incorrect on some files like 3d galax.bd or super cars.bd\r\n\t// but that's what EaglePlayer has, UADE debugger-tested\r\n\td5 = d6 = 0;\r\n\td0 = 0x80;\r\n\twhile(d0) { //.l9\r\n\t\tt = X.U16(a0,_BE);\r\n\t\ta0 += 2; if(a0 > X.Sz()) return false;\r\n\t\tif(t === 0x41FA) break; else d0--\r\n\t} if(!d0) return false;\r\n\tsmpi1 = a0+X.U16(a0,_BE); //.ok6 .. SampleInfo1\r\n\ta0 = 12+X.I16(12,_BE);\r\n\td0 = 0x80; //.l10\r\n\twhile(d0) { d0--;\r\n\t\tif(X.c(\"D040D040 41FA\",a0)) break;\r\n\t\telse a0 += 2;\r\n\t\tif(a0 > X.Sz()) return false\r\n\t}\r\n\tif(d0) { //.ok7\r\n\t\ta0 += 6;\r\n\t\td0 = X.I16(a0,_BE);\r\n\t\tif(d0&1) a0 = 0;\r\n\t\telse {\r\n\t\t\ta0 += d0;\r\n\t\t\tif(X.I16(a0,_BE)) a0 = 0\r\n\t\t}\r\n\t} else a0 = 0;\r\n\tsmpi2 = a0; //.ok8\r\n\r\n\ta0 = smpi1;\r\n\twhile(1) { //.com1\r\n\t\td0 = X.U32(a0,_BE);\r\n\t\ta0 += 4; if(a0 > X.Sz()) return false;\r\n\t\t// Interestingly, the UAE emu sets flags on \"move\"!\r\n\t\t// So ↓ is a d0 check, would've probably been a0 on a real machine\r\n\t\tif(!d0) break;\r\n\t\tif(d0 >> 16) { a0 -= 4; break }\r\n\t}\r\n\ta0 -= 8; //.ok9\r\n\tsmp1 = (a0 - smpi1) >> 2;\r\n\td0 = smpi2;\r\n\tif(d0) {\r\n\t\ta0 = d0;\r\n\t\twhile(1) { //.com2\r\n\t\t\td0 = X.U32(a0,_BE);\r\n\t\t\ta0 += 4; if(a0 > X.Sz()) return false;\r\n\t\t\tif(!d0) break;\r\n\t\t\tif(d0 >> 16){ a0 += 4; break }\r\n\t\t}\r\n\t\ta0 -= 8; //.ok10\r\n\t\tsmp2 = (a0 - smpi2) >> 2;\r\n\t}\r\n\telse smp2 = 0;\r\n\t//.one_smp_info\r\n\r\n\t// calc size #1\r\n\td3 = smp1;\r\n\ta2 = smpi1+X.I32(smpi1,_BE); //rel.ptr to smpinfo1 table #0?\r\n\td1 = X.I32(a2,_BE);\r\n\td2 = X.U16(a2+8,_BE);\r\n\ti = d4 = 0;\r\n\tdo { //.l11\r\n\t\ti++; if(i === smp1) break;\r\n\t\ta2 = smpi1+X.I32(smpi1+(i<<2),_BE);\r\n\t\t if(a2 < 20 || a2 > X.Sz()) return false;\r\n\t\td4 = X.I32(a2,_BE);\r\n\t\tif(d1 > d4) continue;\r\n\t\tif(d1 != d4) {\r\n\t\t\tif(d4 != X.I32(a2+4,_BE))\r\n\t\t\t\td6 = X.U16(a2+10,_BE);\r\n\t\t\telse d6 = 0;\r\n\t\t\td5 = X.U16(a2+8,_BE);\r\n\t\t} else {\r\n\t\t\td5 = X.U16(a2+8,_BE);\r\n\t\t\tif(d2 > d5) continue;\r\n\t\t}\r\n\t\td1 = d4; d2 = d5\r\n\t} while(i < smp1);\r\n\r\n\t//.ok11\r\n\td2 += d6;\r\n\tsz = smpi1+d1+(d2<<1);\r\n\r\n\t// calc size #2\r\n\tif(smpi2) {\r\n\t\td3 = smp2 << 2;\r\n\t\ta2 = smpi2+X.I32(smpi2,_BE);\r\n\t\td1 = X.I32(a2,_BE);\r\n\t\td2 = X.U16(a2+8,_BE);\r\n\t\ti = d6 = 0;\r\n\t\tdo {\r\n\t\t\ti += 4; if(i === d3) break;\r\n\t\t\ta2 = smpi2+X.I32(smpi2+i,_BE);\r\n\t\t\tif(a2 < 20 || a2 > X.Sz()) return false;\r\n\t\t\td4 = X.I32(a2,_BE);\r\n\t\t\tif(d1 > d4) continue;\r\n\t\t\tif(d1 != d4) {\r\n\t\t\t\tif(d4 != X.I32(a2+4,_BE))\r\n\t\t\t\t\td6 = X.U16(a2+10,_BE);\r\n\t\t\t\telse d6 = 0;\r\n\t\t\t\td5 = X.U16(a2+8,_BE);\r\n\t\t\t} else {\r\n\t\t\t\td5 = X.U16(a2+8,_BE);\r\n\t\t\t\tif(d2 > d5) continue;\r\n\t\t\t}\r\n\t\t\td1 = d4; d2 = d5\r\n\t\t} while(i < d3);\r\n\r\n\t\td2 += d6;\r\n\t\ta1 = smpi1 + d1 + (d2<<1);\r\n\t\tif(sz < a1) sz = a1;\r\n\t}\r\n\treturn true\r\n}\r\nif(!bDetected && X.isDeepScan() && isBenDaglish()) {\r\n\tsName = \"Ben Daglish's module (.BD)\"; sVersion = \"v1.2\"; bDetected = 1;\r\n\tif(X.isVerbose()) {\r\n\t\tif(x > 1) sOption(x,\"×\");\r\n\t\t\tsOption(\"smp:\"+smp1+\"+\"+smp2+\" sz:\"+outSz(sz));\r\n\t}\r\n}\r\n\r\n\r\nfunction isAndrewParton() {\r\n\t//from https://gitlab.com/uade-music-player/uade/-/raw/master/amigasrc/players/wanted_team/Andrew Parton/SRC_AndrewParton/Andrew Parton_v2.asm\r\n\tif(!X.c(\"'BANK'\")) return false;\r\n\tfor(i=0; i < 20; i++)\r\n\t\tif(X.U32(4+(i<<2),_BE) >= 0x200000) return false;\r\n\tfor(i=0; i < 40; i++)\r\n\t\tif(X.U32(0x54+(i<<2),_BE) >= 0x10000) return false;\r\n\tp = 0x54; q = 4; smp = 0;\r\n\tsmpt = [];\r\n\ts = 0x1E4;\r\n\tfor(i=0; i < 20; i++) {\r\n\t\tt = X.U32(q,_BE); q += 4;\r\n\t\tif(t) {\r\n\t\t\tsmpt.push(X.SA(s,16).trim());\r\n\t\t\tsmp++; s += 16 + X.U32(p,_BE);\r\n\t\t}\r\n\t\tp += 4\r\n\t}\r\n\tsmpsz = s;\r\n\tbad = false;\r\n\twhile(s < X.Sz()) {\r\n\t\tt = X.U8(s); s += 1;\r\n\t\tif(t === 0xFF) break;\r\n\t}\r\n\tif(s > X.Sz())\r\n\t\tif(X.isHeuristicScan()) bad = true;\r\n\t\telse return false;\r\n\tif(X.U8(s) === 0x2F) { sz = s+1; songsz = sz-smpsz }\r\n\telse {sz = s; bad = true }\r\n\treturn true\r\n}\r\nif(!bDetected && X.isDeepScan() && isAndrewParton()) {\r\n\tsName = \"Andrew Parton's module (.BYE)\"; sVersion = \"v1.2\"; bDetected = 1;\r\n\tif(bad) sVersion += \"/malformed\";\r\n\tif(X.isVerbose())\r\n\t\tsOption(\"smp:\"+smp+\" songsz:\"+songsz+\" smpsz:\"+smpsz+\" sz:\"+outSz(sz))\r\n}\r\n\r\n\r\nfunction isAshleyHogg() {\r\n\t//from https://gitlab.com/uade-music-player/uade/-/raw/master/amigasrc/players/wanted_team/Ashley Hogg/SRC_AshleyHogg/Ashley Hogg_v1.asm\r\n\tp = 0;\r\n\tfor(i=0; i < 4; i++) {\r\n\t\tif(!X.c(\"6000\",p)) return false; p += 2;\r\n\t\td2 = X.I16(p,_BE); if(d2 <= 0 || (d2&1)) return false; p += 2\r\n\t}\r\n\tif(X.c(\"6000\",p)) { //new check\r\n\t\tp += 2;\r\n\t\td2 = X.I16(p,_BE); if(d2 <= 0 || (d2&1)) return false; p += 2;\r\n\t\tif(!X.c(\"6000\",p)) return false; p += 2;\r\n\t\td2 = X.I16(p,_BE); if(d2 <= 0 || (d2&1)) return false;\r\n\t\tp += d2;\r\n\t\tif(!X.c(\"48E7FFFE 6100\",p)) return false; p += 6;\r\n\t\tp += X.I16(p,_BE);\r\n\t\tif(!X.c(\"4DF9 00DFF000\",p)) return false;\r\n\t\tsV = \"new\";\r\n\t} else //old check\r\n\t\tif(X.c(\"303C0000 662233C0\",p))\r\n\t\t\tsV = \"old\";\r\n\t\telse return false;\r\n\r\n\tif(sV === \"new\") { //new format\r\n\t\ta2 = special = 0x1C;\r\n\t\ta0 = X.I16(2,_BE);\r\n\t\ttitle = X.SA(special,X.fStr(special,a0-a2,\" \")-a2).trim();\r\n\t\t//skipped a cycle that replaces twin spaces with enters in the info\r\n\t\tdo {\r\n\t\t\tt = X.U16(a0,_BE); a0 += 2;\r\n\t\t} while(t != 0x45FA || a0 > X.Sz());\r\n\t\ta2 = a0; a0 += X.I16(a0,_BE);\r\n\t\tif(a0 > X.Sz()-2)\r\n\t\t\tif(X.isHeuristicScan()) bad = true; else return false;\r\n\t\td0 = X.I16(a0,_BE);\r\n\t\tx = d0 >> 2;\r\n\t\ta0 += d0 + X.I16(a0-2,_BE);\r\n\t\tdo {\r\n\t\t\tif(a0 > X.Sz()-2)\r\n\t\t\t\tif(X.isHeuristicScan()) bad = true; else return false;\r\n\t\t\tt = X.I16(a0,_BE); a0 += 2;\r\n\t\t} while(t != 0x03F2);\r\n\t\tsz = a0;\r\n\t\tinfo = 'title: \"'+title+'\" sz:'+outSz(sz)\r\n\t}\r\n\telse { //old format\r\n\t\tspecial = 0;\r\n\t\ta2 = 16;\r\n\t\ta0 = 2; a0 += X.U16(a0,_BE);\r\n\t\tdo { t = X.I16(a0,_BE); a0 += 2; } while(t != 0x1970 || a0 > X.Sz());\r\n\t\ta1 = a0-4; a1 += X.I16(a1,_BE);\r\n\t\tdo { t = X.I16(a0,_BE); a0 += 2; } while(t != 0x41FA || a0 > X.Sz());\r\n\t\ta0 += X.I16(a0,_BE);\r\n\t\tx = (a1-a0) >> 4;\r\n\t\tdo { t = X.U16(a2,_BE); a2 += 2; } while(t != 0xC2FC || a0 > X.Sz());\r\n\t\ta2 += 4; smpip = a2+X.U16(a2,_BE);\r\n\t\tdo { t = X.U16(a2,_BE); a2 += 2; } while(t != 0x47FA || a0 > X.Sz());\r\n\t\ta0 = a2; a2 += X.U16(a2,_BE);\r\n\t\tsongsz = a2;\r\n\t\tdo { t = X.U16(a0,_BE); a0 += 2; } while(t != 0x49FA || a0 > X.Sz());\r\n\t\tdo { t = X.U16(a0,_BE); a0 += 2; } while(t != 0x49FA || a0 > X.Sz());\r\n\t\ta0 += X.U16(a0,_BE);\r\n\t\tsmp = (a0-smpip)/0x2C;\r\n\t\td1 = 0; a1 = smpip;\r\n\t\ta3 = 0x54F3; //value copied from a debugging session ¯\\(。⊿°)/¯\r\n\t\tdo { //NextInfo\r\n\t\t\td2 = X.I32(a1+0x20,_BE);\r\n\t\t\tif(d2 >= 0 && d1 <= d2) { d1 = d2; a3 = a1 }\r\n\t\t\ta1 += 0x2C\r\n\t\t} while(a0 > a1);\r\n\t\td0 = X.U16(a3+0x28,_BE);\r\n\t\td1 += d0+d0;\r\n\t\tsmpsz = d1;\r\n\t\tsz = songsz+smpsz;\r\n\t\tinfo = \"smp:\"+smp+\" songsz:\"+Hex(songsz)+\" smpsz:\"+Hex(smpsz)+\" sz:\"+outSz(sz)\r\n\t}\r\n\treturn true\r\n}\r\nif(!bDetected && X.isDeepScan() && isAshleyHogg()) {\r\n\tsName = \"Ashley Hogg's module (.ASH)\"; sVersion = sV; bDetected = 1;\r\n\tif(bad) sVersion += \"/malformed\";\r\n\tif(X.isVerbose()) {\r\n\t\tif(x > 1) sOption(x,\"×\");\r\n\t\tsOption(info)\r\n\t }\r\n}\r\n\r\n\r\nfunction isCinemaware() {\r\n\t//from https://gitlab.com/uade-music-player/uade/-/raw/master/amigasrc/players/wanted_team/Cinemaware/Cinemaware.asm\r\n\tif(!X.c(\"'IBLK'\")) return false;\r\n\td2 = X.U8(4);\r\n\tif(!d2 || d2 > 0x80) return false;\r\n\ta1 = 0x16+0x8A*d2;\r\n\taseq = X.fSig(a1,0x104,\"'ASEQ'\");\r\n\tif(aseq < 0 || (aseq&1)) return false;\r\n\tp = aseq+4; sz = 0; bad = false;\r\n\tdo {\r\n\t\tsz += 5;\r\n\t\tif(sz+p > X.Sz())\r\n\t\t\tif(X.isHeuristicScan()) { bad = true; break }\r\n\t\t\telse return false;\r\n\t} while(!X.c(\"102F00\",sz+p-3));\r\n\tsz += p; ord = Math.floor((sz-p)/100);\r\n\treturn true\r\n}\r\nif(!bDetected && X.isDeepScan() && isCinemaware()) {\r\n\tsName = \"Cinemaware module (.CIN)\"; bDetected = 1;\r\n\tif(bad) sVersion = \"malformed\";\r\n\tif(X.isVerbose()) {\r\n\t\tsOption(\"ord:\"+ord+\" sz:\"+outSz(sz)+ \" (sans ext.samples)\")\r\n\t}\r\n}\r\n\r\n\r\nfunction isCustomMade() {\r\n\t//ref https://gitlab.com/uade-music-player/uade/-/raw/master/amigasrc/players/wanted_team/CustomMade/CustomMade_v1.asm\r\n\tif(X.Sz() < 3000) return false;\r\n\tif(X.c(\"6000.... 6000\") || X.c(\"4EF9.... ....4EF9\")\r\n\t || X.c(\"4EB9.... ....4EF9\")) {\r\n\t\tp = 8; var found = false;\r\n\t\tdo {\r\n\t\t\tif(X.c(\"42280030 42280031 42280032\",p)) found = true;\r\n\t\t\tp += 2\r\n\t\t} while(!found && p < 0x198);\r\n\t}\r\n\tif(!found) return false;\r\n\telse if(!X.isVerbose()) return true;\r\n\t//otherwise let's dig in for smp, synthsmp, and subsongs!\r\n\tp = q = d0 = d5 = 0; d7 = 0x800; org = 0; smpi = 0; songst = 0;\r\n\tbad = false;\r\n\twhile(d7 && p < X.Sz()) {\r\n\t\tif((c=X.U32(p,_BE)) === 0xD04149FA) { /*lp @d366*/\r\n\t\t\td0 = X.I16(p+4,_BE); q = p+d0+4;\r\n\t\t\tTable = q;\r\n\t\t}\r\n\t\telse if([0x48E7F8FC, 0x48E7FFFE].includes(c)) { /*play/ptntab @d37e; 2.0 @d38e*/\r\n\t\t\td6 = a3;\r\n\t\t\tif(!d6 || org) d6 = 20; else { q = p-a3; /*play-oldplay*/ d5 -= q; /*nowadr-dx*/ org = d5 }\r\n\t\t\twhile(d6-- >= 0) { /* 2.lp */\r\n\t\t\t\tt = X.U16(p,_BE); p += 2; if(t === 0x41FA) { d0 = X.I16(p,_BE)/*2.2: @d3ae*/; songst = q = p+d0; break }\r\n\t\t\t}\r\n\t\t}\r\n\t\telse /*3 @d3bc*/ if(c === 0xE94847F0) /*ptoff*/ { d1 = X.I16(p+4,_BE) }\r\n\t\telse /*4 @d3cc*/ if(c === 0x00BFD500) { /*oldplay*/\r\n\t\t\ttmrval = (X.U8(p-1) << 8) + X.U8(p+7);\r\n//_log(\"tmrval:\"+Hex(tmrval));\r\n\t\t\t//tmrval = d0;\r\n\t\t\tif(!X.c(\"4E71\",p+20)) {\r\n\t\t\t\tif(X.c(\"21FC\",p+28)) a3 = X.U32(p+30,_BE);\r\n\t\t\t\telse if(X.c(\"C000\",p+32)) a3 = X.U32(p+32,_BE);\r\n\t\t\t\telse a3 = X.U32(p+22,_BE);\r\n\t\t\t}\r\n\t\t}\r\n\t\telse /*6 @d410*/ if(c === 0x42A8001C) /*smpinfo*/ { d0 = X.I16(p+6,_BE); smpi = q = p+d0+6; }\r\n\t\telse if([0xE44843FA, 0xE448207B].includes(c)) { /*oldvoc1 7.1 @d438*/\r\n\t\t\tif(a4) {\r\n\t\t\t\td0 = X.I16(p+4,_BE); // @d43c\r\n\t\t\t\ta4 -= X.I32(p+d0+4,_BE); //voc0-oldvoc0\r\n\t\t\t\tif(!org) { d5 -= a4; org = d5 }\r\n\t\t\t}\r\n\t\t}\r\n\t\telse /*8 @d44e*/ if(c === 0x48E700F0) /*voc0*/ { d0 = X.I16(p+6,_BE); /* @d456*/; a4 = p+d0+6; }\r\n\r\n\t\t/*lp_c @d45e*/\r\n\t\tp += 2; if(c === 0x1AC01940) break; /* -> @ex, because p is unused there */\r\n\t\td7--;\r\n\t}\r\n\tsongst += d1; // @ex @d46c\r\n\tfor(x=0,p=songst+1; p < X.Sz(); x++,p+=16) /*Find*/ if(X.c(\"DFF0A0\",p)) break;\r\n\tif(p > X.Sz()) { bad = true; return true }\r\n\r\n\tsmp = synsmp = 0;\r\n\tfor(p=smpi; !X.U32(p+28,_BE); p+=0x20) {\r\n\t\ta2 = X.U32(p,_BE)-org; a24 = X.U16(a2+4,_BE);\r\n\t\tif(a24 === 2 || a24 === 16) smp++; else synsmp++;\r\n\t}\r\n\treturn true\r\n}\r\n\r\nif(!bDetected && isCustomMade()) {\r\n\tsName = \"Ivo Zoer & Ron Klaren's CustomMade module (.CM)\"; bDetected = 1;\r\n\tif(X.isVerbose()) {\r\n\t\tif(x > 1) sOption(x,\"×\");\r\n\t\t//sOption(\"Origin:\"+Hex(org)+\" SongsTab:\"+Hex(songst)+\" SamplesInfo:\"+Hex(smpi)+\" Table:\"+Hex(Table))\r\n\t\tsOption(\"smp:\"+smp+\" syn:\"+synsmp+\" timer:\"+tmrval)\r\n\t}\r\n}\r\n\r\n\r\nfunction isDaveLoweNew() {\r\n\t//from https://gitlab.com/uade-music-player/uade/-/raw/master/amigasrc/players/wanted_team/DaveLoweNew/src/Dave Lowe New.s\r\n\t// ref Dave Lowe New_v2.asm\r\n\ta1 = 0; d1 = X.I16(0,_BE);\r\n\tif(d1 === 4) { if(!X.U32(0x18,_BE)) a1 += 4 }\r\n\telse if(d1 === 8) a1 += 4;\r\n\telse return false;\r\n\ta1 += 4; a2 = a1;\r\n\tfor(d2=0; d2 < 4; d2++) { //FirstCheck\r\n\t\tif(X.I16(a1,_BE)) return false; a1 += 2;\r\n\t\td1 = X.I16(a1,_BE); a1 += 2; if(d1 <= 0 || (d1&1)) return false;\r\n\t}\r\n\tfor(d0=0; d0 < 4; d0++) { //SecondCheck\r\n\t\ta1 = d1 = X.I32(a2,_BE); a2 += 4;\r\n\t\td2 = X.I32(a1,_BE);\r\n\t\tif(X.I16(a1,_BE)) return false; a1 += 2;\r\n\t\td1 = X.I16(a1,_BE); a1 += 2;\r\n\t\tif(d1 <= 0 || (d1&1)) return false;\r\n\t\ta1 = d2;\r\n\t\tt = X.I16(a1,_BE);\r\n\t\tif(t === 0x30) { a1 += 2; t = X.I16(a1,_BE); }\r\n\t\tif(t === 12) {\r\n\t\t\ta1 += 6;\r\n\t\t\tt = X.I16(a1,_BE); a1 += 2;\r\n\t\t\tif(t === 4) break;\r\n\t\t}\r\n\t}\r\n\td2 = X.I32(a1,_BE); if(X.I16(d2,_BE) != 1) return false;\r\n\ta1 = a2 = d2 >> 16; if(a1) return false;\r\n\tfmt = 1;\r\n\tif(!X.U32(0x18,_BE)) {\r\n\t\tfmt = 0;\r\n\t\tx = (X.I16(2,_BE)-8) >> 5\r\n\t}\r\n\telse {\r\n\t\tx = 0; p = X.U16(0,_BE);\r\n\t\twhile(p < X.Sz()) {\r\n\t\t\tt = X.I16(p,_BE); p += 2; if(t) break;\r\n\t\t\tt = X.I16(p,_BE); p += 2; if(!t || (t&1)) break;\r\n\t\t\tx++\r\n\t\t}\r\n\t\tx >>= 2\r\n\t}\r\n\tbad = ''; sz = 0; a1 = d2;\r\n\twhile(a1 < X.Sz()) {\r\n\t\ta2 = a1; a1 -= 14;\r\n\t\tif(X.I16(a1,_BE) != 1) break\r\n\t}\r\n\t//smpi = a2;\r\n\tt = X.I16(a2-2,_BE);\r\n\tif(t != 8 && t != 0) a2 += 14;\r\n\tsz = 0; smp = 0;\r\n\twhile(a2 < X.Sz()) { //CheckInfo\r\n\t\tt = X.I16(a2,_BE); if(t != 1) break; else smp++;\r\n\t\ta2 += 2;\r\n\t\td2 = X.I32(a2,_BE); a2 += 6; t = X.I32(a2,_BE);\r\n\t\tif(t > d2) d2 = t;\r\n\t\tif(d2 > sz) sz = d2;\r\n\t\ta2 += 6\r\n\t}\r\n\tif(sz > X.Sz()) bad = bad.addIfNone(\"!short\");\r\n\tif(a2 >= X.Sz()) { bad = bad.addIfNone(\"!badsmpinfo\"); return true }\r\n\tsz += 0xFE;\r\n\treturn true\r\n}\r\nif(!bDetected && X.isDeepScan() && isDaveLoweNew()) {\r\n\tsName = 'Dave \"Uncle Art\" Lowe New module (.DLN)'; bDetected = 1;\r\n\tsVersion = \"f.\"+fmt; if(bad != \"\") sVersion += \"/malformed\"+bad;\r\n\tif(X.isVerbose()) {\r\n\t\tif(x > 1) sOption(x,\"×\");\r\n\t\tsOption(\"smp:\"+smp+\" sz:\"+outSz(sz));\r\n\t}\r\n}\r\n\r\n\r\nfunction isDesire() {\r\n\t//from https://gitlab.com/uade-music-player/uade/-/raw/master/amigasrc/players/wanted_team/Desire/src/Desire_v1.asm\r\n\tif(X.Sz() <= 2500) return false;\r\n\ta2 = 0; a0 = 8;\r\n\tfor(d1=0; d1 < 4; d1++) { if(!X.c(\"00010101\",a0)) return false; a0 += 16 }\r\n\ta1 = 400+a0;\r\n\tdo {\r\n\t\tif(a0 === a1) return false;\r\n\t\tt = X.I16(a0,_BE); a0 += 2;\r\n\t} while(t != 0x49FA);\r\n\ta0 += 2;\r\n\tif(!X.c(\"45F900DF F000357C 00FF009E 41FA\",a0)) return false; a0 += 14;\r\n\ta0 += X.I16(a0,_BE);\r\n\tif(a0 != a2) return false;\r\n\ta1 = 0xF0;\r\n\tdo { t = X.U16(a1,_BE); a1 += 2\r\n\t} while(t != 0x49FA && a1 < X.Sz()); a1 -=2; //FindPlay\r\n\tdo { t = X.U16(a1,_BE); a1 += 2 //FindSongs\r\n\t} while(t != 0x47FA && a1 < X.Sz());\r\n\ta2 = a1+20; a1 += X.I16(a1,_BE); x = 0; a1++;\r\n\tdo { //CheckSongs\r\n\t\td1 = X.U8(a1); a1++; if(d1) x++; else break;\r\n\t} while(d1 != X.U8(a1) && a1 < X.Sz());\r\n\tdo { t = X.U16(a2,_BE); a2 += 2 //Find1\r\n\t} while(t != 0xE341 && a2 < X.Sz());\r\n\tdo { t = X.U16(a2,_BE); a2 += 2 //Find2\r\n\t} while(t != 0x47FA && a2 < X.Sz());\r\n\tsmptsz = a1 = a2+X.I16(a2,_BE);\r\n\tdo { t = X.U16(a2,_BE); a2 += 2 //Find3\r\n\t} while(t != 0x47FA && a2 < X.Sz());\r\n\ta3 = a2; a2 += X.I16(a2,_BE); smpp = a2;\r\n\ta0 = a2; d4 = a1-a2; a2 = a1+d4; smp = 0;\r\n\tdo { t = X.I16(a1,_BE); a1 += 2; if(t) smp++; } while(a1 < a2); //NextS,NoSamp\r\n\tdo { t = X.U16(a3,_BE); a3 += 2 //Find4\r\n\t} while(t != 0x47FA && a3 < X.Sz());\r\n\ta3 += 2;\r\n\td6 = X.U16(a3,_BE) & 0x0E00;\r\n\tif(d6) d6 >>= 9; else d6 = 8;\r\n\truch = d6; //Skip8\r\n\td1 = X.I16(a0,_BE); songsz = d2 = d1 << d6;\r\n\tt= d1;d1=d2;d2 =t; d5 = 0;\r\n\tdo { //NextOff\r\n\t\td0 = X.I16(a0,_BE); a0 += 2;\r\n\t\tif(d0 > d2) { d2 = d0; d5 = X.U16(a0+d4-2,_BE) }\r\n\t} while(a0 < smptsz);\r\n\td2 <<= d6; d5 <<= 1; d2 += d5;\r\n\tsz = d2; smpsz = sz-songsz\r\n\treturn true\r\n}\r\nif(!bDetected && X.isDeepScan() && isDesire()) {\r\n\tsName = \"Desire player module (.DSR)\"; bDetected = 1;\r\n\tsVersion = \"v1.0\";\r\n\tif(X.isVerbose()) {\r\n\t\tif(x > 1) sOption(x,\"×\");\r\n\t\tsOption(\"smp:\"+smp+\" songsz:\"+Hex(songsz)+\" smpsz:\"+Hex(smpsz)+\" sz:\"+outSz(sz))\r\n\t\tif(sz < X.Sz()) sVersion += \"/malformed!short\"\r\n\t}\r\n}\r\n\r\n\r\nfunction isDavidWhittaker() {\r\n\t// from https://github.com/neumatho/NostalgicPlayer/blob/main/Source/Agents/Players/DavidWhittaker/DavidWhittakerWorker.cs\r\n\t// sfx.dw not detected, -sfx.dw may be detected sometimes\r\n\tif(X.Sz() < 2048) return;\r\n\tconst sl = Math.min(X.Sz(), 0x4000); //search buffer length\r\n\t//and now for the NP routine ExtractInfoFromInitFunction\r\n\tsz = x = ch = smp = sqwfsmp = i = 0;\r\n\tfor(; i < sl; i += 2) if(X.U16(i,_BE) == 0x47FA && (X.U8(i+2) & 0xF0) == 0xF0) break;\r\n\tif(i >= sl-6) return;\r\n\tsofs = i+2+X.I16(i+2,_BE);\r\n\tfor(; i < sl && i < X.Sz(); i += 2) if(X.U16(i,_BE) ==0x6100) break; if(i >= sl-6) return;\r\n\tsinit = i; ssmpsinit = i;\r\n//_log(\"ssmpsinit:\"+Hex(ssmpsinit))\r\n\tif(X.U16(i+4,_BE) == 0x6100) ssmpsinit = i+6+X.I16(i+6,_BE);\r\n\tfor(i = ssmpsinit; i < sl; i += 2) if(X.U16(i,_BE) == 0x4A2B) break;\r\n\tif(i >= sl-36) return;\r\n\tif(X.U8(i+4) != 0x66) {\r\n\t\tfor(i = sinit; i < sl; i += 2) if(X.U16(i,_BE) == 0x41EB) break;\r\n\t\tif(i >= sl-36) return;\r\n\t\tsmpdp = sofs+X.I16(i+2,_BE);\r\n\t\ti += 4; if(X.U8(i+4) != 0x72) return;\r\n\t\tsmp = X.U8(i+5)+1;\r\n\t\tfor(; i < sl-4; i += 2) if(X.c(\"41EB....E34F\",i)) break;\r\n\t\tif(i >= sl-4) return false;\r\n\t\tchvolp = sofs+X.I16(i+2,_BE);\r\n//_log(\"@\"+Hex(i)+\" smpdatap:\"+Hex(smpdp))\r\n\t\t//extract subsong info:\r\n\t\tfor(i = sinit; i < sl; i += 2) if(X.c(\"41EB....17\",i)) break;\r\n\t\tif(i >= sl-4) return;\r\n\t\tsstp = sofs+X.I16(i+2,_BE);\r\n\t\tis32bp = true; old = true;\r\n\t}\r\n\telse {\r\n\t\told = false;\r\n\t\tif(!X.U8(i+5)) i += 2;\r\n\t\tif(X.U16(i+6,_BE) != 0x41FA) return;\r\n\t\tsmpdp = X.I16(i+8,_BE)+i+8;\r\n\t\ti += 10; if(X.c(\"2748....D0FC\",i)) {\r\n\t\t\tsmpdp += X.U16(i+6,_BE);\r\n\t\t\ti += 12; if(X.U16(i,_BE) != 0xD0FC) return;\r\n\t\t\tsmpdp += X.U16(i+2,_BE); i += 4\r\n\t\t}\r\n//_log(\"@\"+Hex(i)+\" smpdatap:\"+Hex(smpdp))\r\n\t\tif(!X.c(\"4BFA....72\",i)) return false;\r\n\t\tsmpip = X.I16(i+2,_BE)+i+2;\r\n\t\tsmp = X.U8(i+5)+1;\r\n\t\tfor(i = sinit; i < sl-4; i += 2) if(X.U16(i,_BE) == 0x41FA && X.U8(i+4) != 0x4B) break;\r\n\t\tif(i >= sl-4) return;\r\n\t\tif(X.U16(i+4,_BE) != 0x1230 && X.U16(i+4,_BE) != 0x3770) return;\r\n\t\tsstp = i+2+X.I16(i+2,_BE);\r\n\t\ti += 4; for(; i < sl-8; i += 2) if(X.U16(i,_BE) == 0x41FA && X.U8(i+4) != 0x23) break;\r\n\t\tif(i >= sl-8) return;\r\n\t\tif(X.U16(i+4,_BE) == 0x2070) is32bp = true;\r\n\t\telse if(X.U16(i+4,_BE) == 0x3070) is32bp = false;\r\n\t\telse return;\r\n\t}\r\n//_log(\"sstp:\"+Hex(sstp))\r\n\t//load sample info, get size:\r\n\tp = smpdp;\r\n\tfor(i = 0; i < smp; i++) {\r\n\t\tssz = X.U32(p,_BE); p += 6;\r\n//_log(\"smpd[\"+i+\"] @\"+Hex(p-6)+\" sz:\"+outSz(ssz));\r\n\t\tif(p+ssz > X.Sz()) { bad = bad.addIfNone(\"!short\"); return true }\r\n\t\tp += ssz; sz = p;\r\n\t}\r\n\tfor(i = 0; i < sl; i += 2) if(X.U16(i,_BE) == 0x47FA) {\r\n\t\tif(i >= sl-10) return;\r\n\t\tif (X.c(\"4A2B....67\",i+4)) {\r\n\t\t\tif([0x33FC, 0x177C, 0x08B9].includes(X.U16(i+10,_BE))) continue;\r\n\t\t\tbreak\r\n\t\t}\r\n\t}\r\n\tsplay = i;\r\n//_log(\"splay:\"+Hex(i))\r\n\tch = 0;\r\n\tfor(i = splay; i < splay + 200; i += 2) if(X.U8(i) == 0x7E) {\r\n\t\tch = X.U8(i+1);\r\n\t\tif(!ch) {\r\n\t\t\tfor(; i < splay + 500; i += 2)\r\n\t\t\t\tif([0xBE7C, 0xBE3C].includes(X.U16(i,_BE))) { ch = X.U8(i+3); break }\r\n\t\t} else ch++;\r\n\t\tbreak\r\n\t}\r\n\tif(!ch) return;\r\n//_log(\"ch:\"+ch)\r\n\t//square waveforms?\r\n\tfor(i = splay; i < splay+100; i += 2)\r\n\t\tif(X.c(\"207A.... 303A\",i)) {\r\n\t\t\tsqwfsmp = (X.I16(i+2,_BE)+i+2 - smpip)/12;\r\n\t\t\tif(![0x31BC, 0x11BC].includes(X.U16(i+14,_BE))) return;\r\n\t\t\tif((X.U8(i+20) & 0xF0) != 0x50 || X.U8(i+21) != 0x6B) return;\r\n\t\t\tif(X.U16(i+24,_BE) != 0x0C6B) return false;\r\n\t\t\tif(![0x31BC, 0x11BC].includes(X.U16(i+38,_BE))) return;\r\n\t\t\tif(X.U16(i+48,_BE) != 0x0C6B) return;\r\n\t\t}\r\n\t//find diff.player parts, just the sanity checks\r\n\tif(old) {\r\n\t\tfor(i = splay; i < sl; i += 2) if(X.U16(i,_BE) == 0x7000) break;\r\n\t\tif(X.U8(i+2) != 0x10) return;\r\n\t\tvar rdtrkcmdp = i\r\n\t} else {\r\n\t\tfor(i = splay; i < sl; i += 2) if(X.U16(i,_BE) == 0x5368) break;\r\n\t\tif(i >= sl-16 || X.U8(i+4) != 0x67) return;\r\n\t\tvar rdtrkcmdp = X.U8(i+5)+i+6;\r\n\t\tif(X.U8(i+12) != 0x66) return;\r\n\t\tfor(i = rdtrkcmdp; i < sl; i += 2) if(X.c(\"45FA.... 322D\",i)) break;\r\n\t\tif( i >= sl-6) return;\r\n\t\ti = X.U16(i+2,_BE)+i+2;\r\n\t\tif(i >= sl-72*2) return;\r\n\t\tif(![0x1000, 0x2000].includes(X.U16(i,_BE))) return;\r\n\t}\r\n\t//checks for transposes:\r\n\tfor(i = rdtrkcmdp; i < sl; i += 2) if(X.U16(i,_BE) == 0x6B00) break; if(i >= sl-6) return;\r\n\tvar endlyc = endlym = false; //:667\r\n\tfor(i = splay; i < splay + 100; i += 2) if(X.U16(i,_BE) == 0x103A) {\r\n\t\tendlyc = true; if(X.U16(i+6,_BE) == 0xC0FC) endlym = true; break }\r\n//_log(\"@\"+Hex(i)+\" dlyc?\"+endlyc+\" dlym?\"+endlym)\r\n\tx = 0; p = sstp; minpp = 0xFFFFFFFF; //:966\r\n\tsngspd = dlyspd = 0; bad = \"\";\r\n\twhile(p+8 < minpp) {\r\n\t\tif(endlyc) { sngspd = X.U8(p++); dlyspd = X.U8(p++) }\r\n\t\telse { sngspd = X.U16(p,_BE); p += 2; dlyspd = 0 }\r\n\t\tif(sngspd > 0xFF) break;\r\n\t\tfor(i = 0; i < ch; i++) {\r\n\t\t\tif(is32bp) { t = X.U32(p,_BE); p += 4 }\r\n\t\t\telse { t = X.U16(p,_BE); p += 2 }\r\n\t\t\tif(minpp > sofs+t) minpp = sofs+t;\r\n//_log(x+\" ordp:\"+Hex(t))\r\n\t\t}\r\n\t\tif(p > X.Sz()) { bad = bad.addIfNone(\"!short\"); break }\r\n\t\tx++\r\n\t}\r\n\treturn true\r\n}\r\nif(!bDetected && X.isDeepScan() && isDavidWhittaker()) {\r\n\tsName = \"David Whittaker's module (.DW)\";\r\n\tif(old) sVersion = \"old\"; else sVersion = \"new\"; bDetected = 1;\r\n\tif(bad != \"\") sVersion += \"/malformed\"+bad;\r\n\tif(X.isVerbose()) {\r\n\t\tif(x > 1) sOption(x,\"×\");\r\n\t\tsOption(\"ch:\"+ch+\" smp:\"+smp+(sqwfsmp ? \" sqwf.smp:\"+sqwfsmp : \"\")\r\n\t\t\t+\" spd:\"+sngspd+\" sz:\"+outSz(sz))\r\n\t}\r\n}\r\n\r\n\r\nfunction isFashionTracker() {\r\n\t//from https://gitlab.com/uade-music-player/uade/-/raw/master/amigasrc/players/wanted_team/FashionTracker-v1.0/FashionTracker.asm\r\n\tif(!X.c(\"13FC0040 ........ 4E710439 0001\") || !X.c(\"66F44E75 48E7FFFE\",18)) return;\r\n\ta2 = 0; bad = \"\";\r\n\twhile(X.U16(a2,_BE) != 0x2379 && a2 <= 1000) a2 += 2; //FindOri\r\n\tif(a2 > 1000) //corrupt module\r\n\t\tif(X.isHeuristicScan()) bad = \"!badorigin\"; else return;\r\n\torg = X.U32(a2-4,_BE);\r\n\ta2 = 0; d1 = 1;\r\n\tdo { //GetValues:\r\n\t\t// a3 = smplen a3+4 = smpp a3+8 = smplp\r\n\t\t// a3+12 = smpn+vol a3+16 = ptn a3+20 = songpositions\r\n\t\tif(X.U16(a2,_BE) == 0x23D1) { // L???\r\n\t\t\tsmplen = X.I32(a2+8,_BE)-org;\r\n\t\t\tsmpp = X.I32(a2-6,_BE)-org;\r\n\t\t\tsmplp = X.I32(a2+24,_BE)-org;\r\n\t\t\tsmpnvol = X.I32(a2-30,_BE)-org;\r\n\t\t\td1 -= 6;\r\n\t\t}\r\n\t\telse if(X.U32(a2,_BE) == 0xC0FC0400) { //NoL\r\n\t\t\tptn = X.I32(a2+6,_BE)-org;\r\n\t\t\td1 += 3;\r\n\t\t}\r\n\t\telse if(X.U32(a2,_BE) == 0x0C790400) { //NoPa\r\n\t\t\tsongpos = X.I32(a2+12,_BE)-org;\r\n\t\t\tlen = X.I32(a2+34,_BE);\r\n\t\t\td1 += 2;\r\n\t\t}\r\n\t\ta2 += 2 //NextW\r\n\t} while(a2 < 1000);\r\n\tif(d1)\r\n\t\tif(X.isHeuristicScan()) bad = bad.addIfNone(\"!badval\"); else return;\r\n\ta1 = smpp; songsz = X.I32(smpp,_BE)-org;\r\n\td0 = X.I32(a1-4,_BE) << 1;\r\n\ta2 = smplen; d1 = a1-a2; a1 += d1; d1 >>= 2; smp = d1;\r\n\td1 = X.I32(a1-4,_BE)-org;\r\n\tsz = d0+d1; smpsz = sz-songsz;\r\n\ta1 = songpos; a2 = a1+len; ptn = 0;\r\n\tdo { t = X.U8(a1); if(ptn < t) ptn = t; a1++ } while(a1 < a2); //GetPat\r\n\tptn++;\r\n\td1 = (d0-1)*6; d0 = d1; d1 *= 0x376B;\r\n\tdur = Math.floor(d1*64/(709379-3));\r\n\treturn true\r\n}\r\nif(!bDetected && X.isDeepScan() && isFashionTracker()) {\r\n\tsName = \"Fashion Tracker module (.EX)\"; bDetected = 1;\r\n\tsVersion = \"v1.0\"; if(bad) sVersion += \"/malformed.\"+bad;\r\n\tif(X.isVerbose()) {\r\n\t\tsOption(\"ord:\"+len+\" ptn:\"+ptn+\" smp:\"+smp+\" songsz:\"+songsz+\" sz:\"+outSz(sz))\r\n\t}\r\n}\r\n\r\n\r\nfunction isSMUS() {\r\n\t//from https://gitlab.com/uade-music-player/uade/-/raw/master/amigasrc/players/wanted_team/SonixMusicDriver/Sonix Music Driver_v1.asm\r\n\ta0 = a1 = 0; title = inst = ''; format = \"Aegis Sonix Music Driver\";\r\n\tif(X.c(\"'FORM'\")) {\r\n\t\tif(!X.c(\"'SMUSSHDR'\",8) || !X.U8(0x17) || !X.c(\"'NAME'\",0x18)) return;\r\n\t\td1 = X.U32(0x1C,_BE); if(d1 >> 31) return; t_ = d1;\r\n\t\td1 = (d1+1) & 0xFFFFFFFE; a1 = 0x20+d1;\r\n\t\tif(X.c(\"'SNX1'\",a1)) {\r\n\t\t\ta1 += 4;\r\n\t\t\td1 = X.U32(a1,_BE); if(d1 >> 31) return; a1 += 4;\r\n\t\t\td1 = (d1+1) & 0xFFFFFFFE; a1 += d1;\r\n\t\t} else format = \"Electronic Arts' Simple Musical Score\";\r\n\t\tinsinfp = a1;\r\n\t\trealsmp = []; ins = 0;\r\n\t\tdo { //MoreIns\r\n\t\t\tif(!X.c(\"'INS1'\",a1)) return; a1 += 4;\r\n\t\t\td1 = X.U32(a1,_BE); if(d1 >> 31) return; a1 += 4;\r\n\t\t\td1 = (d1+1) & 0xFFFFFFFE; if((d1 >> 24) > 0x3F) return;\r\n\t\t\tif(X.U8(a1+1)) return;\r\n\t\t\trealsmp.push(X.U8(a1));\r\n\t\t\ta1 += d1; ins++\r\n\t\t} while(!X.c(\"'TRAK'\",a1));\r\n\t\tsz = a1; trk = 0; while(sz < X.Sz()) {\r\n\t\t\thkhd = X.SA(sz,4); hksz = X.U32(sz+4,_BE);\r\n\t\t\tif(hkhd != \"TRAK\") break; trk++; sz += 8+hksz }\r\n//_log(\"trk:\"+trk+\" sz:\"+outSz(sz))\r\n\t\ttitle = X.SA(0x20,t_);\r\n\t\tfmt = 2; ext = \"smus\"\r\n\t}\r\n\telse {\r\n\t\tif(!(X.U16(0,_BE) & 0xF0)) {\r\n\t\t\td3 = 20; d1 = 4;\r\n\t\t\twhile(d1) {\r\n\t\t\t\td2 = X.I32(a0,_BE); if(d2 <= 0 || (d2&1)) return;\r\n\t\t\t\ta0 += 4; d3 += d2; d1--\r\n\t\t\t}\r\n\t\t\tif(d3 >= X.Sz()) return;\r\n\t\t\ta0 += 4; d1 = 4;\r\n\t\t\twhile(d1) {\r\n\t\t\t\tt = X.U16(a0,_BE); if(!(t & 0x8000)) return;\r\n\t\t\t\tif(t != 0xFFFF) if((t >> 16) > 0x84) return;\r\n\t\t\t\ta0 += X.I32(a1,_BE); a1 += 4; d1--\r\n\t\t\t}\r\n\t\t\tif(!X.U8(a0)) return;\r\n\t\t\tsz = X.fSig(a0,0x200,\"0000\");\r\n\t\t\tif(sz > 0) {\r\n\t\t\t\twhile(a0 < sz) {\r\n\t\t\t\t\tinst = inst.appendS(X.SA(a0,t=X.fSig(a0,0x200,\"00\")-a0),'; '); a0 += t+1; }; sz += 2; }\r\n\t\t\tfmt = 0; ext = \"snx\"\r\n\t\t}\r\n\t\telse { //TinyCheck\r\n\t\t\tif(X.Sz() < 333) return;\r\n\t\t\ta1 = 0x30; if(X.I32(a1,_BE) != 0x140) return;\r\n\t\t\ta1 += 4; d1 = 3;\r\n\t\t\twhile(d1) { //NextPos2\r\n\t\t\t\td2 = X.I32(a1,_BE); a1 += 4;\r\n\t\t\t\tif(d2 <= 0 || (d2&1) || d2 > X.Sz()) return;\r\n\t\t\t\tif(X.I16(d2,_BE) != -1) {\r\n\t\t\t\t\tif(X.I32(d2,_BE) || X.I16(d2+4,_BE)) return;\r\n\t\t\t\t\tt = X.U8(d2+6); if(!isWithin(t,0x80,0x82)) return;\r\n\t\t\t\t}\r\n\t\t\t\td1--\r\n\t\t\t} sz = X.fSig(d2,0x200,\"FFFF\"); if(sz > 0) sz += 2;\r\n\t\t\tfmt = 1; ext = \"tiny\"\r\n\t\t}\r\n\t}\r\n\treturn true\r\n}\r\nif(!bDetected && isSMUS()) {\r\n\tsName = format+\" module (.\"+ext+\")\"; sVersion = \"f.\"+fmt; bDetected = 1;\r\n\tif(X.isVerbose()) {\r\n\t\tif(title.length) sOption(title);\r\n\t\tif(inst.length) sOption(inst,'+instr.:\"','\"');\r\n\t\tsOption('sz:'+outSz(sz))\r\n\t}\r\n}\r\n\r\n\r\nfunction isAMBK() {\r\n\t//from https://gitlab.com/uade-music-player/uade/-/raw/master/amigasrc/players/ambk/AMOS.s\r\n\tif(X.c(\"'AmBk'\")) a0 = p = 4; else if(X.c(\"C0\")) a0 = p = 0; else return false;\r\n\t//if(!X.c(\"80\",p+4)) return false;\r\n//_log('AmBk: '+Hex(X.U32(p+4,_BE)&((1<<28)-1)));\r\n\tif(!X.c(\"'Music '\",p+8)) return false;\r\n\tp += 0x14; p += X.I32(p,_BE);\r\n\tif(X.I16(p,_BE) != 6) return false; p += 2; r = p;\r\n\tp += X.I16(p+2,_BE)-2;\r\n\tp = X.I16(p,_BE); if(p != -2) if(p) return false;\r\n\r\n\ttitle = X.SA(r+0x0C,0x20);\r\n\tp = r+0x1E+X.I16(r+0x1E,_BE); ord = -1;\r\n\tdo { ord++; d1 = X.I16(p,_BE); p += 2; } while(p < X.Sz() && d1 >= 0);\r\n\tif(a0) d3 = 4+(X.I32(a0+4,_BE) & 0xFFFFFF);\r\n\telse d3 = X.I32(a0,_BE) & 0xFFFFFF; sz = d3+8;\r\n\tbad = \"\"; if(sz > X.Sz()) bad = bad.addIfNone(\"!short\");\r\n\tp = r+X.I16(r+6,_BE);\r\n\tptn = 0;\r\n\twhile(p < X.Sz()) { //.such\r\n\t\td1 = X.I16(p,_BE); p += 2; if(d1 < 0) break;\r\n\t\tif(d1 > ptn) ptn = d1\r\n\t}\r\n\tptn++;\r\n\tif(!X.I16(p,_BE)) p += 2;\r\n\tif(X.I16(p,_BE) != ptn) bad = bad.addIfNone(\"!badptn\");\r\n\tq = a0+0x20; smp = d1 = X.I16(q,_BE); q += 0x10;\r\n\td7 = 0;\r\n\twhile(d1 && q < X.Sz()) {\r\n\t\td2 = X.I16(q,_BE);\r\n\t\tif(!d2) d2 = X.I16(q-6,_BE);\r\n\t\td7 += d2 << 1; q += 0x20; d1--\r\n\t}\r\n\tsmpsz = d7;\r\n\tsongsz = sz-d7;\r\n\treturn true\r\n}\r\nif(!bDetected && X.isDeepScan() && isAMBK()) {\r\n\tsName = \"François Lionet's AMOS Music Bank module (.ABK)\"; bDetected = 1;\r\n\tif(bad != \"\") sVersion = \"malformed\"+bad;\r\n\tif(X.isVerbose()) {\r\n\t\tsOption(title);\r\n\t\tsOption(\"ord:\"+ord+\" ptn:\"+ptn+\" smp:\"+smp+/*\" smpsz:\"+Hex(smpsz)+\" songsz:\"+Hex(songsz)+*/\" sz:\"+outSz(sz))\r\n\t}\r\n}\r\n\r\n\r\nfunction isTuneFish4() {\r\n\t// taken from tunefish src\\tunefish4player\\tf4player.cpp\r\n\tins = X.I16(0,_LE); if(ins > 32) return false;\r\n\tif(!X.c(\"'INST'\",4+ins*2)) return false; t = 8+ins*114;\r\n\tif(!X.c(\"'SONG'\",t)) return false;\r\n\tt += 4; songsz = 0; for(i=0; i1) sOption(x,\"×\");\r\n\t\tsOption(\"ptn:\"+ptn+\" smp:\"+smp+/*\" songsz:\"+Hex(songsz)+\" smpsz:\"+Hex(smpsz)+*/\" sz:\"+outSz(sz))\r\n\t}\r\n}\r\n\r\n\r\nfunction isJH7V() {\r\n\t//from https://gitlab.com/uade-music-player/uade/-/raw/master/amigasrc/players/wanted_team/Jochen_Hippel_7V/Jochen Hippel 7V_v2.asm\r\n\tp = 0;\r\n\tif(X.c(\"6000\")) { p = 2;\r\n\t\td1 = X.I16(p,_BE); if(d1 <= 0 || (d1&1)) return false; p = d1+2;\r\n\t\tp = 4+X.fSig(p,20,\"308141FA\"); if(p < 4) return false;\r\n\t\td1 = X.I16(p,_BE); if(d1 <= 0 || (d1&1)) return false;\r\n\t\tp += d1;\r\n\t}\r\n\tif(!X.c(\"'TFMX'00\",p)) return false;\r\n\td0 = d1 = ( 2+X.I16(p+4,_BE) + X.I16(p+6,_BE) ) << 6;\r\n\td0 += 0x20;\r\n\tptn = d2 = X.I16(p+8,_BE)+1;\r\n\td3 = (X.I16(p+0x0A,_BE)+1)*0x1C;\r\n\td2 *= X.I16(p+0x0C,_BE);\r\n\td0 += d2;\r\n\td1 += d2 + d3;\r\n\tif(X.U8(p+4+d0)) txt = X.SA(p+4+d0,24);\r\n\telse txt = \"\";\r\n\tx = X.I16(p+0x10,_BE);\r\n\td2 = (x+1) << 3;\r\n\tins = X.I16(p+0x12,_BE);\r\n\tinsip = p+d1+d2+0x20;\r\n\tif(X.I32(insip+0x12,_BE)) return false; //1st smp ofs\r\n\td2 = 2*X.I16(insip+0x16,_BE);\r\n\tif(!d2) return false;\r\n\tif(d2 != X.I32(insip+0x16+0x1E-4,_BE)) return false;\r\n\tvar mofs = 0; var msz = 0; //find max ofs instead of one just from last smp, just in case\r\n\tfor(i=0;i < ins;i++) {\r\n\t\tvar sofs = X.I32(insip+i*0x1E+0x12,_BE);\r\n\t\tvar ssz = X.U16(insip+i*0x1E+0x16,_BE);\r\n\t\tif(sofs >= mofs) { mofs = sofs; msz = ssz } }\r\n\tsmpp = insip+ins*0x1E;\r\n\tsz = smpp+mofs+msz*2;\r\n//_log(\"insip:\"+Hex(insip)+\" smpp:\"+Hex(smpp)+\" sz:\"+outSz(sz));\r\n\treturn true;\r\n}\r\nif(!bDetected && X.isDeepScan() && isJH7V()) {\r\n\tsName = \"Jochen 'Mad Max' Hippel's module (.HIP7,.S7G)\"; sVersion = \"7V\"; bDetected = 1;\r\n\tif(!X.c(\"'TFMX'\")) sVersion += \"+replayer\";\r\n\tif(X.Sz() < sz) sVersion += \"!short\";\r\n\tif(X.isVerbose()) {\r\n\t\tif(txt != \"\") sOptionT(txt);\r\n\t\tif(x>1) sOption(x,\"×\");\r\n\t\tsOption(\"ptn:\"+ptn+\" ins:\"+ins+\" sz:\"+outSz(sz))\r\n\t}\r\n}\r\n\r\n\r\nfunction isJHCoSo() {\r\n\t//from uade Jochen_Hippel_COSO player, check routine @ e476t\r\n\t//initplayer disassembly: d e5c0 500\r\n\tif(!X.c(\"'COSO'\")) return false;\r\n\tif(!X.c(\"'TFMX'\",0x20)) return false;\r\n\tif(!X.I16(0x30,_BE) || !X.I16(0x40,_BE)) return false;\r\n\tvar songsz = X.I32(0x1C,_BE); if(songsz > X.Sz()) return false;\r\n\t//@e4ac:\r\n\ta2 = X.I32(4,_BE); d6 = d7 = 0;\r\n\td0 = X.I16(0x24,_BE); //ord?\r\n\tdo { if(a1 > X.Sz()) return false;\r\n\t\ta1 = X.I16(a2,_BE); a2 += 2;\r\n\t\tif(X.U8(a1) === 0xE2)\r\n\t\t\tif(X.U8(a1+1)&0x80) d7++; else d6++;\r\n\td0--} while(d0 >= 0);\r\n\tif(d7 >= d6) return false;\r\n\tptn = X.I16(0x28,_BE)+1; smp = X.I16(0x32,_BE);\r\n\ta0 = X.I32(0x18,_BE)+smp*10; //_log(\"a0:\"+Hex(a0));\r\n\tsmpsz = X.I32(a0-10,_BE) + X.I16(a0-6,_BE)*2;\r\n\tsz = songsz+smpsz;\r\n\tx = X.I16(0x30,_BE);\r\n\treturn true\r\n}\r\nif(!bDetected && X.isDeepScan() && isJHCoSo()) {\r\n\tsName = \"Jochen 'Mad Max' Hippel's module (.HIPC)\"; sVersion = \"packed\"; bDetected = 1;\r\n\tif(X.isVerbose()) {\r\n\t\tif(x > 1) sOption(x,\"×\");\r\n\t\tsOption(\"ptn:\"+ptn+\" smp:\"+smp+\" sz:\"+outSz(sz));\r\n\t}\r\n}\r\n\r\n\r\nfunction isJHST() {\r\n\t//from http://wt.exotica.org.uk/files/sources/SRC_JochenHippelST.lzx\r\n\t//Test routine @e3fc, init @e57e\r\n\ta0 = a1 = a4 = d4 = 0; d1 = 0x80; d0 = X.Sz(); bad = msg = \"\";\r\n\t//func @e84e, returns d0 = 2 if this:\r\n\twhile(d1) {\r\n\t\tif(a0 > X.Sz() || a1 > X.Sz()) return false;\r\n\t\tif(d1 != 0x80) { //detect the files that start with MMME,TFMX,COSO\r\n\t\t\tt = X.I16(a1,_BE); a1 += 2;\r\n\t\t\tif(t === 0x41FA) { d2 = X.I16(a1,_BE); if(d2 >= 0 && !(d2&1)) a0 = a1+d2 }\r\n\t\t}\r\n\t\tif(X.c(\"'MMME'\",a0)) { d0 = 2; break; }\r\n\t\telse if(X.c(\"'TFMX'\",a0)) {\r\n\t\t\tif(X.I16(a0+4,_BE) >= 0x200) d0 = 0;\r\n\t\t\telse if(!X.I16(a0+0x10,_BE)) d0 = 0;\r\n\t\t\telse { // function @e8b0\r\n\t\t\t\t//func.@e8b0~e8c8\r\n\t\t\t\td0 = X.I16(a0+4,_BE); a1 = a0+0x20; d6 = d7 = 0;\r\n\t\t\t\tdo { if(X.U8(a1) === 0xE2) // in func.e928\r\n\t\t\t\t\t\tif(X.U8(a1+1)&0x80) d6++; else d7++;\r\n\t\t\t\t\ta1 += 0x40;\r\n\t\t\t\td0--} while(d0 >= 0);\r\n\t\t\t\tif(d6 > d7) d0 = 2; else d0 = 5; //@e8a8\r\n\t\t\t}\r\n\t\t\tbreak;\r\n\t\t}\r\n\t\telse if(X.c(\"'COSO'\",a0)) {\r\n\t\t\tif(!X.I16(a0+0x30)) return false; //FX check\r\n\t\t\tif(!X.I32(a0+0x18)) return false;\r\n\t\t\tif(X.c(\"'TFMX'\",a0+0x20)) { //@e984\r\n\t\t\t\ta2 = a0+X.I32(a0+4,_BE); d6 = d7 = 0;\r\n\t\t\t\td0 = X.I16(a0+0x24,_BE);\r\n\t\t\t\tdo {\r\n\t\t\t\t\tif(X.I16(a0+0x40,_BE)) { a1 = a0+X.I16(a2,_BE); a2 += 2 }\r\n\t\t\t\t\telse { a1 = a0+X.I32(a2,_BE); a2 += 4 }\r\n\t\t\t\t\tif(a1 > X.Sz()) return false;\r\n\t\t\t\t\tif(X.U8(a1) === 0xE2) {\r\n\t\t\t\t\t\tif(X.U8(a1+1)&0x80) d7++; else d6++;\r\n\t\t\t\t\t}\r\n\t\t\t\td0--} while(d0 >= 0);\r\n\t\t\t\tif(d7 < d6) d0 = 4; else d0 = 2\r\n\t\t\t}\r\n\t\t\telse if(X.c(\"'MMME'\",a0+0x20)) d0 = 2; else d0 = 0;\r\n\t\t\tbreak;\r\n\t\t}\r\n\t\td0 -= 2;\r\n\t\td1--\r\n\t}\r\n\tif(d0 != 2) return false;\r\n\tif(X.c(\"'LSMP'\",a0+0x1C)) lsmp = 1; else lsmp = 0;\r\n\t//a0 -= a4; if(a0 && debug)_log(\"pc+@e170 (mod ofs?): \"+a0);\r\n\r\n\t//size calc\r\n\td0 = X.Sz()-a0; d4 = a0; songsz = smpsz = 0; sz = sz1 = -1;\r\n\tif(!X.c(\"'COSO'\",a0) && !X.c(\"'MMME'\",a0+0x20)) { sV = \"unpacked\";\r\n\t\td6 = a0; d1 = 2; a2 = a0;\r\n\t\td1 = (2+X.I16(a0+4,_BE)+X.I16(a0+6,_BE)) << 6;\r\n\t\td2 = (1+X.I16(a0+8,_BE)) * X.I16(a0+0xC,_BE);\r\n\t\td3 = (1+X.I16(a0+0xA,_BE))*12; //e5f8\r\n\t\td1 += d2+d3; d2 = 2+X.I16(a0+0x10,_BE);\r\n\t\td1 += (d2+X.I16(a0+0x12,_BE))*6+0x20;\r\n\t\td2 = 0x20; d3 = d7 = 0; //e612\r\n\t\td0 -= d1;\r\n\t\tif(d0 < 0) /*@e814*/ { d0 = 0x1C; bad = bad.addIfNone(\"!short\") }\r\n\t\telse if(d0 > 0) { //e618\r\n\t\t\ta1 = d1+a2;\r\n\t\t\tt = X.I16(a1,_BE);\r\n\t\t\tif(t === 0x80 || t === 0x100) {\r\n\t\t\t\td7 = a1;\r\n\t\t\t\tdo { d3 = X.I16(a1,_BE); a1 += 8;\r\n\t\t\t\t} while(X.I16(a1,_BE) && a1 < X.Sz()); //e63e\r\n\t\t\t\td0 -= d3; if(d0 < 0)\r\n\t\t\t\t\td0 = 0x1C;\r\n\t\t\t}\r\n\t\t\telse { t >>= 8; p = a1+1; msg = [];\r\n\t\t\t\twhile(t && p < X.Sz()) { msg.push(t); t = X.U8(p++); }\r\n\t\t\t\tmsg = decEncoding(msg,CPAmiga,1,Chars0to1FLF)\r\n\t\t\t}\r\n\t\t}\r\n\t\td0 = d1; smpsz = d3;\r\n\t\tsongsz = d1; sz = a0+songsz+smpsz; sz1 = (msg != \"\" ? sz+msg.length+1 : sz);\r\n\t\tx = X.U16(a0+0x10,_BE); if(x > 100) return false\r\n\t} else { sV = \"packed\"; a1 = a0; d3 = 0;\r\n\t\td3 = (1+X.I16(a0+0x32,_BE))*6; d2 = d3+X.I32(a0+0x18,_BE);\r\n\t\td3 = 0; d0 -= d2;\r\n\t\tif(d0 < 0) /*@e814*/ d0 = 0x1C;\r\n\t\tif(d0 > 0) {\r\n\t\t\ta1 += d2; t = X.I16(a1,_BE);\r\n\t\t\tif(t == 0x80 && t == 0x100) {\r\n\t\t\t\tdo { d3 = X.I16(a1,_BE); a1 += 8;\r\n\t\t\t\t} while(X.I16(a1,_BE) && a1 < X.Sz());\r\n\t\t\td0 -= d2;\r\n\t\t\t if(d0 < 0)\r\n\t\t\t\td0 = 0x1C\r\n\t\t} else { t >>= 8; p = a1+1; msg = [];\r\n\t\t\t\twhile(t && p < X.Sz()) { msg.push(t); t = X.U8(p++); }\r\n\t\t\t\tmsg = decEncoding(msg,CPAmiga,1,Chars0to1FLF)\r\n\t\t\t}\r\n\t\t}\r\n\t\t/*d2 += d4;*/ songsz = d2; smpsz = d3; sz = a0+d3+d2;\r\n\t\tif(msg.length < 3) msg = \"\";\r\n\t\tsz1 = (msg.length ? sz+msg.length+1 : sz);\r\n\t\tx = X.U16(a0+0x30,_BE); if(x > 100) return false;\r\n\t}\r\n\treturn true;\r\n}\r\nif(!bDetected && isJHST()) {\r\n\tsName = \"Jochen 'Mad Max' Hippel's Atari ST module (.HST,.SOC,.SOG)\"; bDetected = 1\r\n\tsVersion = sV; if(bad != \"\") sVersion = sVersion.appendS(\"malformed\"+bad,\"/\");\r\n\tif(X.isVerbose()) {\r\n\t\tsOptionT(msg,'msg:\"','\"');\r\n\t\tinfo = \"\";\r\n\t\tif(lsmp) info = info.appendS(\"ext.samples\",\" \")\r\n\t\tif(sz > 0) info = info.appendS(\"sz:\"+outSz(sz, sz1),\" \");\r\n\t\tif(smpsz) info = (/*\"songsz:\"+Hex(songsz)+\" \"+*/\"smpsz:\"+Hex(smpsz)).appendS(info,\" \");\r\n\t\tif(x > 1) info = (\"×\"+x).appendS(info,\" \");\r\n\t\tsOption(info)\r\n\t}\r\n}\r\n\r\n\r\nfunction isEMS() {\r\n\t//ref UADE's EMS player disassembly: run with -d then \"f d3c2\"\r\n\tif(X.Sz() <= 0x53A) return false; // fault is @d432\r\n\tif(X.U8(0) != 1) return false;\r\n\tif(X.U8(1) > 0x25) return false;\r\n\tt = X.I16(2,_BE); if(!t || t > 0x80) return false;\r\n\td1 = X.U16(4,_BE); if(d1 > 0x3F) return false; d = d1 & 0xFF;\r\n\tp = 6;\r\n\twhile(p < 0x86) { t = X.U8(p); p++; if(d < t) return false; }\r\n\tc = 0;\r\n\tfor(p = 0x13A; p < 0x53A; p += 4) { //@d40c\r\n\t\tt = X.I16(p,_BE); if(t < 0) return false;\r\n\t\tif(t)\r\n\t\t\tif([\r\n\t\t\t 0x6B0, 0x650, 0x5F4, 0x5A0, 0x54C, 0x500, 0x4B8, 0x474,\r\n\t\t\t 0x434, 0x3F8, 0x3C0, 0x38A, 0x358, 0x328, 0x2FA, 0x2D0,\r\n\t\t\t 0x2A6, 0x280, 0x25C, 0x23A, 0x21A, 0x1FC, 0x1E0, 0x1C5,\r\n\t\t\t 0x1AC, 0x194, 0x17D, 0x168, 0x153, 0x140, 0x12E, 0x11D,\r\n\t\t\t 0x10D, 0xFE, 0xF0, 0xE2, 0xD6, 0xCA, 0xBE, 0xB4,\r\n\t\t\t 0xAA, 0xA0, 0x97, 0x8F, 0x97, 0x7F, 0x78, 0x71\r\n\t\t\t ].indexOf(t) < 0)\r\n\t\t\t\treturn false;\r\n\t\t\telse c++;\r\n\t}\r\n\tif(!c) return false;\r\n\treturn true\r\n}\r\nif(!bDetected && X.isDeepScan() && isEMS()) {\r\n\tsName = \"Editeur Musical Sequentiel module (.EMS)\"; bDetected = 1;\r\n}\r\n\r\n\r\nfunction isDZ() {\r\n\t//from https://zakalwe.fi/uade/uade3/uade-3.03.tar.bz2 / uade/amigasrc/playes/dz/DariusZendeh_mod.s\r\n\tif(X.Sz() < 0x500 || !X.c(\"48E7..F0 41FA.... 4CD80600\")) return false;\r\n\tif(X.c(\"78\",2) && X.c(\"0C0000FF\",0xC)) sversion = \"strange\";\r\n\telse\r\n\t\tif(!X.c(\"00\",2) || !X.fSig(0xC,0x240,\"700033FC 000F00DF F09641FA\"))\r\n\t\t\treturn false;\r\n\tsoptions = \"\";\r\n\tif(X.c(\"4A44\",0xC)) {\r\n\t\tsversion = \"type 1\";\r\n\t\tif(X.isVerbose()) {\r\n\t\t\tp = X.fSig(0,0x80,\"0C04.... 66..41FA\");\r\n\t\t\tif(p >= 0) soption = \"×\"+(X.U16(p+2,_BE)+3)\r\n\t\t}\r\n\t}\r\n\telse if(X.c(\"4A00\",0xC)) sversion = \"type 2\";\r\n\telse if(X.c(\"0C00\",0xC)) sversion = \"type 3\";\r\n\treturn true\r\n}\r\nif(!bDetected && isDZ()) {\r\n\tsName = 'Darius \"Mark II\" Zendeh module (.DZ)'; sVersion = sversion; sOptions = soptions; bDetected = 1\r\n}\r\n\r\n\r\nfunction isMkII() {\r\n\t//ref reversing of the eagleplayer\r\n\t// & http://old.exotica.org.uk/tunes/formats/mk2/mk2_v1.zip\r\n\tif(!X.c(\"41FA\",4) || X.Sz() < 0x500) return false;\r\n\t//if(X.fSig(0x200,0x200,\"'.ZADS89.'\")>=0) ← Some zero-fill it--not used by the replayer\r\n\tp = 8; i = 0x120;\r\n\tdo { t = X.c(\"E742\",p); p += 2; if(t) break; i-- } while(i); if(!i) return false;\r\n\tdo { t = X.c(\"41FA\",p); p += 2; if(t) break; i-- } while(i); if(!i) return false;\r\n//_log(\"mkII 41FA search: i=\"+i+\" @\"+p)\r\n\ta3 = p; p += X.I16(p,_BE); //p goes to sampleinfo\r\n\td5 = X.I16(a3+2,_BE); //d5 is maybe (or not) \"move.w (a0+d2+?), (a3+?)\"\r\n\ti = 0x18; do { t = X.c(\"D1FA\",a3); a3 += 2; if(t) break; i-- } while(i);\r\n//_log(\"mkII D1FA search: i=\"+i+\" @\"+a3)\r\n\tif(!i) {\r\n\t\tif(d5 == 0x3770) return false; d5 = 0; a5 = a3-0x1C; i = 0x10;\r\n\t} else { a5 = a3; a3 += X.I16(a3,_BE) }\r\n//_log(\"mkII: 3770 and a5 + a3skip\")\r\n\tdo { t = X.c(\"41FA\",a5); a5 -= 2; if(t) break; i-- } while(i);\r\n//_log(\"mkII: 5, i=\"+i+\" @\"+Hex(a5))\r\n\treturn i\r\n}\r\nif(isMkII()) {\r\n\t//DZ and MkII may detect some modules together, meaning a player of either format will play them\r\n\t_setResult(\"audio\",\"Darius Zendeh's Mark II Sound System module (.MK2)\",\"\",\"\"); bDetected = 1 //bDetected is for counting\r\n}\r\n\r\n\r\nfunction isJamCracker() {\r\n\t//ref https://github.com/tonioni/WinUAE/blob/master/prowizard/rippers/JamCracker.c\r\n\tif(!X.isHeuristicScan() && !X.c(\"'BeEp'\")) return false;\r\n\tsmp = X.U8(5);\r\n\tif(!smp || (smp > 0x1F)) return false;\r\n\tif(X.U8(6+smp*40) > 0) return false;\r\n\tallsmpsz = 0;\r\n\tfor(k=0; k < smp; k++) {\r\n\t\tl = X.U32(38+k*40,_BE);\r\n\t\tif(!l || (l > X.Sz())) return false;\r\n\t\tallsmpsz += l;\r\n\t}\r\n\tord = X.U16(6+smp*40,_BE);\r\n\tif(ord > 0xFF) return false;\r\n\tptns = 6+smp*40+2;\r\n\tptn = X.U16(ptns+ord*6,_BE);\r\n\tif(ptn > 0xFF) return false;\r\n\r\n\tptn0 = X.U32(ptns+2,_BE);\r\n\tptns += ord*6;\r\n\ttrkdtsz = X.U32(ptns-4,_BE)-ptn0;\r\n\taddlns = X.U8(ptns-5)*4*8;\r\n\tsz = ptns + 2 + ptn*2 + allsmpsz + trkdtsz + addlns; //doesn't include the Xag tags\r\n\treturn true\r\n}\r\nif(!bDetected && isJamCracker()) {\r\n\tsName = \"JamCracker/Pro module (.JAM,.JC)\"; bDetected = 1; bad = \"\";\r\n\tif(X.isHeuristicScan()) {\r\n\t\tif(sz+19 == X.Sz()) { //obviously not for rippers\r\n\t\t\tsVersion = \"v1.0a (Xag)\";\r\n\t\t\tif(X.isVerbose()) sOptionT(X.SA(sz,19)); //this version adds these\r\n\t\t\tsz += 19;\r\n\t\t}\r\n\t\tif(!X.c(\"'BeEp'\")) bad = bad.addIfNone(\"!badsig\");\r\n\t}\r\n\tif(sz > X.Sz()) bad = bad.addIfNone(\"!short\");\r\n\tif(bad != \"\") sVersion = sVersion.appendS(\"malformed\"+bad,\"/\");\r\n\tif(X.isVerbose())\r\n\t\tsOption(\"ord:\"+ord+\" ptn:\"+ptn+\" smp:\"+smp+\" sz:\"+outSz(sz));\r\n}\r\n\r\n\r\nfunction isJBM() {\r\n\t//ref https://github.com/adplug/adplug/blob/master/src/jbm.cpp\r\n\t//TODO for ex. demo3.jbm has a pointer to outside of the file,\r\n\t// and it seems to work in a player but these are sanity checks ffs... Dunno this format\r\n\tif(X.U16(0,_LE) != 2) return false;\r\n\tif(!X.c(\"00FF01FF02FF03FF04FF05FF06FF07FF08FF09FF0AFFFD00\", 0x36\r\n)) return false; //just from the files modland has, 'cause the detection's' wonky\r\n\tseqt = X.U16(4,_LE); if(!seqt || seqt < 30 || seqt >= X.Sz()) return false;\r\n\tinst = X.U16(6,_LE); if(!inst || inst <= seqt || inst >= X.Sz()) return false;\r\n\tins = (X.Sz()-inst) >> 4;\r\n//_log(\"fs=\"+Hex(X.Sz())+\", inst=\"+Hex(inst)+\", ins=\"+ins);\r\n\tmptn = 0xFFFF; ch = 0; trk=[];\r\n\tfor(i=0; i < 11; i++) {\r\n\t\tp = X.U16(10+i*2,_LE); trk[i] = p;\r\n\t\tif(p) { ch++;\r\n\t\t\tif(p <= seqt || p >= inst) return false;\r\n\t\t\tif(p < mptn) mptn = p\r\n\t\t}\r\n\t}\r\n//_log(\"trk:\"+trk);\r\n\tptn = (mptn-seqt) >> 1;\r\n//_log(\"(\"+mptn+\"-\"+seqt+\")/2=\"+ptn);\r\n\tfor(i=0; i < 5/*ptn*/; i++) { //TODO make a full check when the format is more clear!\r\n\t\tif(trk[i]) {\r\n\t\t\tp = X.U16(seqt+i*2,_LE);\r\n//_log(seqt+\"[\"+i+\"*2]=\"+Hex(p));\r\n\t\t\tif(X.U16(p-1,_LE) != 0xFDFF) return false;\r\n\t\t\tif(p <= seqt || p >= inst) return false;\r\n\t\t}\r\n\t}\r\n\ti = X.U16(2,_LE); tmr = (1193810.0 / (i ? i : 0xFFFF)).toFixed(2);\r\n\treturn true\r\n}\r\nif(!bDetected && X.isHeuristicScan() && isJBM()) {\r\n\tsName = \"Johannes Bjerregaard Adlib module (.JBM)\"; bDetected = 1;\r\n\tif(X.isVerbose())\r\n\t\tsOption(\"tmr:\"+tmr+\" ch:\"+ch+\" ptn:\"+ptn+\" ins:\"+ins)\r\n}\r\n\r\n\r\nfunction isSoundFX() {\r\n\t//from https://github.com/OpenMPT/openmpt/blob/master/soundlib/Load_sfx.cpp\r\n\t// & https://gitlab.com/uade-music-player/uade/-/raw/master/amigasrc/players/wanted_team/SoundFX/src/SoundFX_V2.asm\r\n\tif(X.c(\"'SONG'\",0x3C) && X.Sz() > 0x294) msmp = 15;\r\n\telse if(X.c(\"'SO31'\",0x7C) && X.Sz() > 0x4B4) msmp = 31;\r\n\telse return false;\r\n\thdrp = 4*msmp; smptp = hdrp+0x14; ordp = smptp+msmp*30;\r\n\tord = X.U8(ordp); if(ord > 128) return false;\r\n\tt = X.U16(hdrp+4,_BE); if(t < 178 /*== 0*/) return false;\r\n\ttmp0 = (14565*122/t).toFixed(0); spd0 = 6;\r\n\tsmp = smpsz = ic = 0; smps = [];\r\n\tfor(i=0; i < msmp; i++) {\r\n\t\tssz = X.U32(i*4,_BE); if(ssz > 0x20000) return false; smpsz += ssz; if(ssz) smp++;\r\n\t\tt = X.readBytes(smptp+i*30,20);\r\n\t\tfor(c=0; c < 20; c++) if(t[c] && t[c] < 0x20) ic++; if(ic >= 128) return false;\r\n\t\tt = decEncoding(t,CPAmiga);\r\n\t\tif(t.trim() != \"\") smps.push(t.trim())\r\n\t\tsmth = X.U16(smptp+i*30+2,_BE);\r\n\t}\r\n\treturn true\r\n}\r\nif(!bDetected && isSoundFX()) {\r\n\tsName = msmp == 15 ? \"SoundFX module (.SFX)\" : \"SoundFX 2 / MultiMedia Sound module (.MMS)\";\r\n\tif(msmp == 15) sVersion = 'v1.0-8'; bDetected = 1;\r\n\tif(X.isVerbose()) {\r\n\t\tp += 2; ptn = 0;\r\n\t\tfor(i=ordp+2; i < ordp+2+ord; i++) { t = X.U8(i); if(t > ptn) ptn = t } ptn++;\r\n\t\tsz = ordp + 0x82 + ptn*0x400 + smpsz; if(msmp == 31) sz += 6;\r\n\t\tlp = X.U8(ordp+1); if(lp > ord) sVersion = sVersion.appendS('malformed!badloop','/');\r\n\t\t//unk = X.readBytes(hdrp+6,14); unksum = 0; for(i=0;i 0) sOption('unk.bytes:'+unk);\r\n\t\tsOption('tmp0:'+tmp0+' ord:'+ord+' ptn:'+ptn+' smp:'+smp+(lp?' loop:'+lp:'')+' sz:'+outSz(sz))\r\n\t}\r\n}\r\n\r\n\r\nfunction isJesperOlsen() {\r\n\t//ref https://gitlab.com/uade-music-player/uade/-/raw/master/amigasrc/players/wanted_team/Jesper_Olsen/Jesper Olsen_v1.asm\r\n\tfmt = ''; smp = smpp = 0; sz = -1; x = 1;\r\n\tif(X.c(\"6000\")) {//old\r\n\t\tp = 0; d1 = 3;\r\n\t\tdo {\r\n\t\t\tif(!X.c(\"6000\",p)) return false;\r\n\t\t\tif((t = X.I16(p+2,_BE)) <= 0 || t % 2) return false; p += 4\r\n\t\t} while(d1--);\r\n\t\tp = p0 = 6+X.I16(6,_BE);\r\n\t\tif(!X.c(\"4A406B00\",p)) { //even older\r\n\t\t\tp -= 4;\r\n\t\t\tif(X.c(\"C0FC\",p)) p += 2;\r\n\t\t\telse\r\n\t\t\t\tfor(i=0; i < 16 && p < X.Sz(); i++,p+=2)\r\n\t\t\t\t\tif(X.c(\"02800000\",p)) { if(!X.c(\"00FFC0FC\",p+4)) return false; p += 8; break }\r\n\t\t\tif(p > X.Sz()) return false;\r\n\t\t\tmulu = X.I16(p,_BE); p += 800; q = p+900;\r\n\t\t\twhile(p < X.Sz()) {\r\n\t\t\t\tif(X.c(\"6AE064E0\",p)) break;\r\n\t\t\t\tp += 2; if(p === q) return false\r\n\t\t\t}\r\n\t\t\tif(p > X.Sz()) return false;\r\n\t\t\tfmt = 'old'; p = p0;\r\n\t\t\twhile(p < X.Sz()) { t = X.I16(p,_BE); p += 2;\r\n\t\t\t\tif(t >= 0 && (t & 0x40FA) == 0x40FA) { t = X.I16(p,_BE); p += 2; if(t >= 0) break } }\r\n\t\t\tp += t-2; var songp_in_explayp = p;\r\n\t\t\tx = X.I16(p,_BE)-p;\r\n\t\t\tif(x < mulu) x = 1; else x = Util.divu64(x,mulu);\r\n\t\t\t//p is now in a2 and a1 is the filesize\r\n\t\t\twhile(p < X.Sz()) {\r\n\t\t\t\tif(X.c(\"'FORM' 0000???? '8SVXVHDR'\",p)) { if(!smpp) smpp = p; smp++; p += 4+X.I32(p+4,_BE)+2 }\r\n\t\t\t\tp += 2; if(p >= X.Sz()) break\r\n\t\t\t}\r\n\t\t\tif(p > X.Sz()) return false; sz = p;\r\n\t\t\tp = 0xA+X.I16(0xA,_BE);\r\n\t\t\twhile(p < X.Sz()) { t = X.c(\"43FA\",p); p += 2; if(t) break }\r\n\t\t\tvar Lea = p, VoiceTmp = p+X.I16(p,_BE); p += 2; //skipping the part about a flag\r\n\t\t\td1 = X.c(\"6000\",12) ? \"7FFE\" : \"7FFF\";\r\n\t\t\twhile(p < X.Sz()) { t = X.c(d1,p); p += 2; if(t) break }\r\n\t\t\twhile(p < X.Sz()) { t = X.c(\"336C\",p); p += 2; if(t) break }\r\n\t\t\tvar Value = X.I16(p+2,_BE)\r\n\t\t\t//now, I'm not very sure if we _need_ Lea, VoiceTmp, Value for our purposes, but we have'em!\r\n\t\t} else {\r\n\t\t\tif(!X.c(\"000641FA\",p+4)) return false; p += 8;\r\n\t\t\tp += X.I16(p,_BE)+4; if(!X.c(\"00017FFF\",p)) return false;\r\n\t\t\tfmt = 'second';\r\n\t\t\tp = p0+8+X.I16(p0+8,_BE); var SongPtr = p;\r\n\t\t\tp += 8; x = 0; d2 = X.I32(p+0xA,_BE);\r\n\t\t\twhile(p < X.Sz()) { if(d2 != X.I32(p+0xA,_BE)) break; x++; p += 0x1A }\r\n\t\t\tp = smpp = SongPtr+X.I32(SongPtr,_BE); //smpinfo\r\n\t\t\twhile(p < X.Sz()) {\r\n\t\t\t\tif(X.c(\"'FORM' 00?????? '8SVXVHDR'\",p)) { smp++; p += 4+X.I32(p+4,_BE)+2 }\r\n\t\t\t\tp += 2; if(p >= X.Sz()) break\r\n\t\t\t}\r\n\t\t\tif(p > X.Sz()) return false; sz = p;\r\n\t\t\tp = SongPtr; d1 = X.U32(p,_BE); d2 = X.U32(p+0x12,_BE);\r\n\t\t\tif(d2 <= d1) p += d1; //that'll be our song size\r\n\t\t\telse {\r\n\t\t\t\td3 = d2-X.I32(p+0x16,_BE);\r\n\t\t\t\tsz = d2+d3+p; if(sz == 35944) x -= 1; //I don't have this file to test\r\n\t\t\t\tif(sz > X.Sz()) return false;\r\n\t\t\t\t//d3 <<= 2; p += X.I32(p,_BE); d3 += p; songsz = d3; smpsz = sz-songsz\r\n\t\t\t}\r\n\t\t}\r\n\t} else if(X.c(\"0000 ???? 00017FFF\")) { //the Harald Hårdtand game is once again different\r\n\t\tvar z = 0; for(p = 8; p < 0x10; p += 2) {\r\n\t\t\tt = X.I16(p,_BE); if(!t) { z++; continue }\r\n\t\t\tif(t < 0 || t%2 || !(X.c(\"7FFF\",t-2) || X.c(\"7FFE\",t-4))) return false;\r\n\t\t} if(z > 1) return false;\r\n\t\tp = 2+X.I16(2,_BE);\r\n\t\tif(p > X.Sz() || !X.c(\"'FORM' 00?????? '8SVXVHDR'\",p)) return false;\r\n\t\twhile(p < X.Sz()) {\r\n\t\t\tif(X.c(\"'FORM' 00?????? '8SVXVHDR'\",p)) { smp++; p += 4+X.I32(p+4,_BE)+2 }\r\n\t\t\tp += 2; if(p >= X.Sz()) break\r\n\t\t}\r\n\t\tif(p > X.Sz()) return false;\r\n\t\tsz = p; fmt = 'harald'\r\n\t} else { //this detection is a tad broken in the eagleplayer\r\n\t\tif((p = X.U16(0,_BE)) > 0x200 || p < 4 || p % 2) return false; p += 2;\r\n\t\tfor(i=2; i < p; i += 2) if((t = X.I16(i,_BE)) <= 0 || t % 2 || !X.c(\"7FFF\",t-2)) return false;\r\n\t\tfmt = 'latest';\r\n\t\tx = X.U16(0,_BE); p = smptp = X.U16(x+2,_BE); d3 = X.U16(x,_BE); x >>= 1; x--;\r\n\t\tif(x != 1) if(X.c(\"0000\",d3-6) || !X.c(\"7F00\",d3-4)) x--;\r\n\t\tsmp0p = X.U16(p,_BE); var lo = hi = X.U24(smp0p+0xF,_BE);\r\n\t\tsmp = ssz = 0;\r\n\t\twhile(p < smp0p && smp < 128) { if(p > X.Sz()) return false;\r\n\t\t\tsmp++; pp = X.U16(p,_BE);\r\n\t\t\tsofs = X.U24(pp+0xF,_BE);\r\n\t\t\tif(lo > sofs) lo = sofs;\r\n\t\t\tif(hi <= sofs) {\r\n\t\t\t\thi = sofs; ssz = X.I16(pp+0x12,_BE);\r\n\t\t\t\tif(!X.c(\"'BODY'\",sofs-8)) { //a raw sample\r\n\t\t\t\t\t//the original test was if(!X.U8(pp+0xE)) - this fails with, say, georgglaxo ingame.jo\r\n\t\t\t\t\tsofs = X.U32(pp+0x14,_BE);\r\n\t\t\t\t\tif(sofs > hi) { hi = sofs; ssz = 2*X.U16(pp+0x18,_BE) }\r\n\t\t\t\t}\r\n\t\t\t}\r\n\t\t\tif(hi > X.Sz()) return false;\r\n\t\t\tif(pp < smp0p) smp0p = pp;\r\n//_log('smp '+smp+'. @'+Hex(pp)+' maxofs:'+Hex(hi)+' ssz0E:'+Hex(X.U24(pp+0xF,_BE))+' ssz18:'+Hex(X.U16(pp+0x18,_BE))\r\n//+(X.c(\"'BODY'\",sofs-8)?' IFF ['+Hex(X.U32(sofs-4,_BE))+'-'+Hex(sofs+X.U32(sofs-4,_BE))+']':' raw'))\r\n\t\t\tp += 2;\r\n\t\t}\r\n\t\tif(X.c(\"'BODY'00'\",lo-8)) lo = X.fSig(\"'FORM'00??????\",lo-150,lo-20); songsz = lo;\r\n\t\tif(X.c(\"'BODY'00'\",hi-8)) hi += X.U32(hi-4,_BE); //BODY tag skip\r\n\t\telse hi += ssz<<1;\r\n\t\tsz = hi;\r\n\t}\r\n\r\n\treturn true;\r\n}\r\nif(!bDetected && isJesperOlsen()) {\r\n\tsName = \"Jesper Olsen's module (.JO)\"; sVersion = fmt; bDetected = 1;\r\n\tif(X.isVerbose()) {\r\n\t\tif(x > 1) sOption(x,'×'); sOption('smp:'+smp+' sz:'+outSz(sz))\r\n\t}\r\n}\r\n\r\n\r\nfunction isJasonBrooke() {\r\n\t//from reversing the eagleplayer\r\n\t// SubSongs at +04; SongSize at +14; Samples at +1C; CalcSize at +24;\r\n\t// SamplesSize at +2C; ord at +34; SynthSamples at +3C\r\n\t// LoadSize at +0C; SynthSamples at +3C; Steps at +44; AuthorName at +4C => F2;\r\n\t// Prefix at +54 => 139\r\n\tfmt = ''; p = 0;\r\n\tfunction findPlus(s) { while(p < X.Sz()) { t = X.c(s,p); p += 2; if(t) break } }\r\n\tfunction findOrPlus(s) { while(p < X.Sz()) { if(X.c(s,p)) break; p += 2 } }\r\n\tfunction minusFind(s) { while(p > 0) { p -= 2; if(X.c(s,p)) break } }\r\n\tif(X.c(\"48E7F0F0\")) { if(!X.c(\"424047FA FFF84A2B\",4)) return false; fmt = 'old'; // -1\r\n\t\tif(!X.isVerbose()) return true;\r\n\t\ta0 = p = 12; findPlus(\"43FA\"); d7 = p+X.U16(p,_BE)+1;\r\n\t\tfindPlus(\"228A\"); p += 2; d2 = p-8+X.U16(p-8,_BE); //the first synsmp ptr?\r\n\t\tfindPlus(\"137B\"); d6 = a4 = p+X.U16(p,_BE)-1; x = 1;\r\n\t\twhile(d6 < X.Sz()) { d6 += 10; if(!X.U16(d6,_BE)) break; if(X.U8(d6)) break; x++ }\r\n\t\tminusFind(\"48E7\"); var hi, lo = X.U16(a4+2,_BE); //p & a4 -> stack\r\n\t\tfor(d0 = x; d0--;) { //d852~62\r\n\t\t\ta4 += 2; for(d3=4; d3--;) { t = X.U16(a4,_BE); a4 += 2; if(lo > t) lo = t }\r\n\t\t}\r\n\t\tp = lo; lo = hi = X.U16(p,_BE); p += 2;\r\n\t\tdo { //d870~84\r\n\t\t\tt = X.U16(p,_BE); p += 2; if(t) { if(t < lo) lo = t; if(t > hi) hi = t; }\r\n\t\t} while(p < d7);\r\n\t\ta3 = lo; synsmp = (lo-d2)>>7;\r\n\t\tp = hi;\r\n\t\twhile(p < X.Sz()) if([0x85,0x87].indexOf(X.U8(p)) >= 0) break; else p++; //d89a~ac\r\n\t\td0 = 0; do { //d8ae~c6\r\n\t\t\twhile(a3 < X.Sz()) if([0x85,0x87].indexOf(X.U8(a3)) >= 0) break; else a3++;\r\n\t\t\ta3++; d0++\r\n\t\t} while(a3 < p);\r\n\t\tp++; a3 = d6; if(a3) { //d8c8~f6\r\n\t\t\tfor(d1=0x80,found=false; d1-- && !found;) { t = X.c(\"41FA\",a3); a3 += 2; if(t) found = true }\r\n\t\t\tif(found) { //d8de\r\n\t\t\t\ta3 += X.U16(a3,_BE);\r\n\t\t\t\twhile(a3 < X.Sz()) { if(X.c(\"FF\",a3+4) || X.c(\"FF\",a3+6)) a3 += 0x12; else break }\r\n\t\t\t\tp = a3;\r\n\t\t\t}\r\n\t\t\tsz = p; steps = d0 //d8fa\r\n\t\t}\r\n\t}\r\n\telse {\r\n\t\tp = 0xAC; while(p < 0xE0) { t = X.c(\"48E7\",p); p += 2; if(t) break } if(p > 0xE0) return false; \r\n\t\tif(!X.c(\"F8FC\",p) && !X.c(\"F8F8\",p)) return false;\r\n\t\tif(!X.c(\"08F90001 00BFE001 33FC0780 00DFF09A 47FA\",p+2)) return false;\r\n\t\tp += 0x14; if(0x10000-p-X.U16(p,_BE)) return false;\r\n\t\tfmt = 'new'; if(!X.isVerbose()) return true; p = 0;\r\n\t\tfindPlus(\"48E7\"); findPlus(\"49F9\"); p += 6; findPlus(\"7600\"); d0 = X.U16(p-10,_BE);\r\n\t\tfindOrPlus(\"10320000\"); a4 = p-2+X.U16(p-2,_BE);\r\n\t\tfindPlus(\"48E7\"); p = a3 = p-6; findPlus(\"43FA\"); p += X.U16(p,_BE)-1;\r\n\t\ta4 -= p; d3 = Util.divu64(a4,0x12); x = 1; d2 = 0;\r\n\t\tfor(; p < X.Sz(); x++) { //d74e~5c\r\n\t\t\tp += 0x12; d2 = X.U16(p,_BE); if(X.U8(p,_BE)) break; d2--; if(d2 <= 0) break; }\r\n\t\tif(d3 < x) x = d3; //d75e~64\r\n\t\tp = a3; minusFind(\"45FA\"); d0 = p = p-2+X.U16(p-2,_BE);\r\n\t\tp += 4; synsmp = smp = d5 = 0; smpp = p;\r\n\t\twhile(p < X.Sz()) {\r\n\t\t\tif((t = X.U32(p,_BE)) > d0) { //d784~a8\r\n\t\t\t\tif(!smp) d5 = t; if(t <= d5) d5 = a4 = t; smp++; p += 10; if(p > a4) break;\r\n\t\t\t} else { synsmp++; p += 10 }\r\n\t\t}\r\n\t\ti = smp+synsmp; sz = 0; p = smpp;\r\n\t\twhile(i-- && p < X.Sz()) { t = X.U32(p,_BE)+X.U16(p+4,_BE); if(sz < t) sz = t; p += 10 } //~d7cc\r\n\t}\r\n\treturn true\r\n}\r\nif(!bDetected && isJasonBrooke()) {\r\n\tsName = \"Jason C. Brooke's module (.JB,.JCB)\"; sVersion = fmt; bDetected = 1;\r\n\tif(X.isVerbose()) {\r\n\t\tif(x > 1) sOption(x,'×');\r\n\t\tsOption((fmt=='new'?'wf.smp:'+smp:'steps:'+steps)+' syn.smp:'+synsmp+' sz:'+outSz(sz))\r\n\t}\r\n}\r\n\r\n\r\nfunction isKrisHatlelid() {\r\n\t// SubSongs at +04; SamplesSize at +0C; Length at +14; Samples at +1C\r\n\tif(!X.c(\"000003F3 00000000 00000003 00000000 00000002 ???????? 40?????? 00000001 000003E9\"))\r\n\t\treturn false;\r\n\ttwofiles = false; p = 0x30;\r\n\td1 = X.U32(0x14,_BE) & ~(1<<30); if(X.U32(0x24,_BE) != d1) return false;\r\n\tif(X.c(\"60000016\",0x28)) { if(!X.c(\"0000ABCD\",0x2C)) return false } else p = 0x18;\r\n\tif((p == 0x30 && !X.c(\"B07C0000\",0x40)) || p == 0x18) {\r\n\t\tif(!X.c(\"41F90000 00004E75\",p+0x10)) return false; twofiles = true\r\n\t}\r\n\tp = 0x40; smpp = 0;\r\n\twhile(!smpp && p < X.Sz()) { t = X.fSig(p,TOEOF,\"'FORM'\"); if(!t%2) smpp = t; else p = Math.max(t+1,p+1) }\r\n\tif(smpp < 0) return false;\r\n\tsmp = 0;\r\n\twhile(p < X.Sz()) { if(!X.c(\"'FORM' ???????? '8SVXVHDR'\",p)) break; smp++; p += 4+X.U32(p+4,_BE) }\r\n// var psz = X.fSig(0x24,0x40,\"000003EA\")+4; if(psz < 4) return false; sz = psz+4+(X.U32(psz,_BE)<<2);\r\n// if((t = (X.U32(sz,_BE)>>3)<<3) != 0x3EC) _log(\" the chunk at sz is not 3EC but \"+Hex(t));\r\n// else t = X.U32(sz+4,_BE);\r\n// if(p != sz) _log(\"sz differs! \"+Hex(sz)+\" vs \"+Hex(p))\r\n// TODO parse hunks↑ tooб AND detect/debug SubSongs!\r\n\tsz = p;\r\n\treturn true;\r\n}\r\nif(!bDetected && isKrisHatlelid()) {\r\n\tsName = \"Kris Hatlelid's module (.KH\"+(twofiles?'+SONGPLAY':'')+\")\"; bDetected = 1;\r\n\tif(X.isVerbose()) {\r\n\t\tsOption('sz:'+outSz(sz))\r\n\t}\r\n}\r\n\r\n\r\nfunction isKefrensSoundMachine() {\r\n\t//ref https://github.com/tonioni/WinUAE/blob/master/prowizard/rippers/KefrensSoundMachine.c\r\n\tif(X.Sz() < 1537) return false;\r\n\tif(X.U8(15) != 0x61) return false;\r\n\tfor(k=0; k < 15; k++)\r\n\t\tif(X.U8(54+k*32) > 0x40) return false;\r\n\ttrks = 0;\r\n\tfor(k=0; k < 1024; k++) {\r\n\t\tk_ = X.U8(k+512);\r\n\t\tif(k_ == 0xFF) break;\r\n\t\tif(k_ > trks) trks = k_;\r\n\t}\r\n\tif(k == 1024) return false;\r\n\tif(trks == 0) return false;\r\n\tif(1536 + trks*192 + 64*3 > X.Sz()) return false;\r\n\tfor(k=0; k <= trks; k++)\r\n\t\tfor(l=0; l < 64; l++)\r\n\t\t\tif(X.U8(1536 + k*192 + l*3) > 0x24) return false;\r\n\r\n\tallsmpsz = smp = 0;\r\n\tfor(k=0; k<15; k++) { t = X.U16(52+k*32,_BE); if(t) smp++; allsmpsz += t }\r\n\tsz = (trks+1)*192 + allsmpsz + 1536;\r\n\treturn true\r\n}\r\nif(!bDetected && isKefrensSoundMachine()) {\r\n\tsName = \"Jess D. 'Razmo' Skov-Nielsen's Kefrens Sound Machine module (.KSM)\"; bDetected = 1;\r\n\tif(X.isVerbose()) {\r\n\t\tsOptionT(X.SA(2,13));\r\n\t\tsOption(\"trk:\"+trks+(smp?\" smp:\"+smp:'')+\" sz:\"+outSz(sz));\r\n\t\tif(sz > X.Sz()) sVersion = \"malformed!short\"\r\n\t}\r\n}\r\n\r\n\r\nfunction isPaulRobotham() {\r\n\t//from https://gitlab.com/uade-music-player/uade/-/raw/master/amigasrc/players/wanted_teamPaulRobotham/src/Paul%20Robotham_v1.asm\r\n\ttrk = X.U16(0,_BE); d2 = X.U16(2,_BE); d3 = X.U16(4,_BE); smp = X.U16(6,_BE); p = 8;\r\n\tif(!trk || trk > 4 || !d2 || !d3 || !smp) return false;\r\n\tmp = 0; trks = [];\r\n\tfor(d1=trk;d1;d1--) { t = X.U32(p,_BE); p += 4; if((t>>16) || !t) return false; trks.push(t); if(mp < t) mp = t } //stpos\r\n//_log('PaulRobotham: StartPos -> '+Hex(p));\r\n\tfor(;d2;d2--) { t = X.I32(p,_BE); p += 4; if(t <= 0 || t%2) return false; if(mp < t) mp = t } //Next1\r\n\td2 = X.I32(p,_BE);\r\n//_log('PaulRobotham: Next1 -> '+Hex(p))\r\n\tfor(;d3;d3--) { t = X.I32(p,_BE); p += 4; if(t <= 0 || t%2) return false; if(mp < t) mp = t } //Next2\r\n//_log('PaulRobotham: Next2 -> '+Hex(p))\r\n\tp += smp*12; if(p != d2) return false;\r\n\tfor(d2=15;d2;d2--,p+=16) if(!X.c(\"3F3F3F3F 3F3F3F3F 3F3F3F3F 3F3F3F3F\",p)) return false;\r\n\treturn true\r\n}\r\nif(!bDetected && isPaulRobotham()) {\r\n\tsName = \"Paul Robotham's module (.DAT+.SSD)\"; bDetected = 1;\r\n\tif(X.isVerbose()) sOption('trk:'+trk+' smp:'+smp)\r\n}\r\n\r\n\r\nfunction isDMM() {\r\n\t// ref https://bitbucket.org/zxtune/zxtune/src/develop/src/formats/chiptune/digital/digitalmusicmaker.cpp\r\n\tfor(i=0; i < 6; i++) if(!(0xC0 <= X.U8(i*2+1) <= 0xFF)) return false;\r\n\tptnsz = X.U8(0x0C); if(ptnsz & 0x87) return false;\r\n\tptn = -1; for(i=0; i < 0x32; i++) {\r\n\t\tj = X.U8(0x0E+i); if(j > 0x17) return false;\r\n\t\tif(j > ptn) ptn = j;\r\n\t} ptn++;\r\n\ttempo = X.U8(0x40); if(tempo < 3 || tempo > 30) return false;\r\n\tloop = X.U8(0x41); if(loop > 0x32) return false;\r\n\tord = X.U8(0x43); if(!ord || ord > 0x32) return false;\r\n\thss = X.U8(0x44); if(hss < 2 || hss > 0x38) return false;\r\n\tbad = false; smp = 0;\r\n\tfor(i=0; i < 16; i++) {\r\n\t\tsmpst = X.U16(0x5A+i*16+9,_LE);\r\n\t\tsmplm = X.U16(0x5A+i*16+12,_LE);\r\n\t\tsmplp = X.U16(0x5A+i*16+14,_LE);\r\n\t\tif(smpst > smplm || smpst < 49152 || smplm < 49152) return false;\r\n\t\tif(smplp < 49152 || smplp > smplm || smpst > smplp\r\n\t\t || (smplm > 49152 && smplm-smplp < 6)) {\r\n\t\t\tbad = true;\r\n\t\t\tif(!X.isHeuristicScan()) return false\r\n\t\t}\r\n\t\tif(smpst < smplm) smp++;\r\n\t}\r\n\treturn true\r\n}\r\nif(!bDetected && X.isDeepScan() && isDMM()) {\r\n\tbDetected = 1; sVersion = \"v1.x\"; if(bad) sVersion += \"/malformed\";\r\n\tsName = \"Vasilii 'BACA' Pakhomov/LAVE's Digital Music Maker module (.DMM)\";\r\n\tif(X.isVerbose())\r\n\t\tsOption(\"tempo:\"+tempo+\" ord:\"+ord+\" ptn:\"+ptn+\" smp:\"+smp+\" loop:\"+loop)\r\n}\r\n\r\n\r\nfunction isComposerC67() {\r\n\t// from https://github.com/OpenMPT/openmpt/blob/master/soundlib/Load_c67.cpp\r\n\tif(X.Sz() < 0xBA2) return false; //7A2+400\r\n\tspd = X.U8(0); if(!isWithin(spd,1,15)) return false; ord = 0; ptn = [];\r\n\tfor (i=0; i < 256; i++) if((o=X.U8(0x6A2+i)) != 0xFF) { // check orders\r\n\t\tif(o >= 128) return false; if(i > ord) ord = i; if(ptn.indexOf(o) < 0) ptn.push(o) }\r\n\tord++; ptn = ptn.length; nonz = false; lp = X.U8(1); if(lp > ord) return false; smp = opl = smpsz = 0;\r\n\tfor (i=0; i < 32; i++) { // checking sample records\r\n\t\tif(X.U8(2+i*13+12) || X.U32(0x1A2+i*16) || X.U8(0x3A2+i*13+12)) return false;\r\n\t\tvar _l = X.U32(0x1A2+i*16+4), _ls = X.U32(0x1A2+i*16+8), _le = X.U32(0x1A2+i*16+12);\r\n\t\tif(_l > 0xFFFFF) return false; if(_l && _le < 0xFFFFF && (_le > _l || _ls > _le)) return false;\r\n\t\t_opl = !X.c(\"00000000 00000000 000000\",0x542+i*11);\r\n\t\tif(X.U8(0x542+i*11) & 0xF0) return false;\r\n\t\tif(X.U8(0x542+i*11+5) & 0xFC) return false;\r\n\t\tif(X.U8(0x542+i*11+10) & 0xFC) return false;\r\n\t\tif(_l) { smp++; smpsz += _l } if(_opl) opl++;\r\n\t}\r\n\tbad = false; ptnend = notes = 0;\r\n\tfor (i=0; i < 128; i++) { // checking patterns\r\n\t\tp = 0xBA2+X.U32(0x7A2+i*4,_LE); ptnlen = X.U32(0x9A2+i*4,_LE);\r\n\t\tif(!bad) bad = (ptnlen < 3 || ptnlen > 0x1000);\r\n\t\tif(p > 0xFFFFFF || (X.Sz() < p+ptnlen)) return false;\r\n\t\tif(p+ptnlen > ptnend) ptnend = p+ptnlen;\r\n\t\tfor(r = 0; p < ptnend;) {\r\n\t\t\tvar cmd = X.U8(p++);\r\n\t\t\tif(cmd <= 0xC) { p += 2; notes++ }\r\n\t\t\telse if(cmd >= 0x20 && cmd <= 0x2C) p++;\r\n\t\t\telse if(cmd == 0x40) r += X.U8(p++);\r\n\t\t\telse if(cmd == 0x60) break;\r\n\t\t\telse return false\r\n\t\t}\r\n\t\tif(r > 64) return false;\r\n\t}\r\n\tsz = ptnend+smpsz;\r\n\treturn smp+opl > 0\r\n}\r\nif(!bDetected && isComposerC67()) {\r\n\tsName = \"Thomas 'Tran' Pytel's CDFM/Composer 670 module (.C67)\"; bDetected = 1;\r\n\tif(bad) sVersion = \"malformed!badptn\";\r\n\tif(X.isVerbose()) sOption('spd:'+spd+' ord:'+ord+(lp?' lp:'+lp:'')+' ptn:'+ptn+' smp:'+smp+' fm:'+opl+' notes:'+notes+' sz:'+outSz(sz))\r\n}\r\n\r\n\r\nfunction isSeanConnolly() {\r\n\t//from UADE player check RE\r\n\tif(!X.c(\"6000.... 6000.... 6000\")) return false;\r\n\ta0 = 2+X.I16(2,_BE);\r\n\tif(X.c(\"48E77FFE E98841FA\",a0)) v = 2;\r\n\telse if(X.c(\"48E740F0 4A006B0A\",a0)) v = 3;\r\n\telse return false;\r\n\treturn true\r\n}\r\nif(!bDetected && isSeanConnolly()) {\r\n\tsName = \"Sean 'Odie' Connolly\\'s module (.SCN)\"; sVersion = \"v\"+v; bDetected = 1\r\n}\r\n\r\n\r\nfunction isAVP() {\r\n\t//from reversing the eagleplayer\r\n\td1 = \"48E7FCFE\"; a0 = 0;\r\n\tif(X.c(d1)) { // @d440 -> d47c\r\n\t\tif(X.c(\"45FA\",0xDC)) return false;\r\n\t\tif(!X.c(\"E9417000 41FA\",4)) return false;\r\n\t\tif(X.c(d1,0x94) || X.c(d1,0xA4) || X.c(d1,0xA8)) {\r\n\t\t\tfmt = 0; base = 8; return true }\r\n\t\telse return false\r\n\t} else if(X.c(\"2F0841FA\")) { //@d444 -> d4ac\r\n\t\ta0 += 4; a0 += X.I16(a0,_BE) + 0x1C;\r\n\t\tif(!X.c(\"45FA\",a0+0xDC)) return false;\r\n\t\ta0 += 4; if(!X.c(\"E9417000 41FA\",a0)) return false; a0 += 4;\r\n\t\tif(X.c(d1,a0+0x8C) || X.c(d1,a0+0x9C) || X.c(d1,a0+0xA0)) {\r\n\t\t\tfmt = 0; base = a0; return true }\r\n\t} else if(X.c(d1,0x1C)) { //@d44c -> d4b0\r\n\t\ta0 += 0x1C; if(!X.c(\"45FA\",a0+0xDC)) return false;\r\n\t\ta0 += 4; if(!X.c(\"E9417000 41FA\",a0)) return false; a0 += 4;\r\n\t\tif(X.c(d1,a0+0x8C) || X.c(d1,a0+0x9C) || X.c(d1,a0+0xA0)) {\r\n\t\t\tfmt = 0; base = a0; return true }\r\n\t} else if(X.c(\"6000\")) { //@d452 -> d4d0\r\n\t\tif(!X.c(\"6000.... 6000.... 6000.... 6000.... 6000.... 6000.... 6000\",4)) return false;\r\n\t\tif(X.c(\"6000\",0x20) && !X.c(\"6000\",0x24)) return false;\r\n\t\ta0 = 0xE; a0 += X.I16(a0,_BE);\r\n\t\tif(X.c(d1,a0)) { //@d50e -> d4be\r\n\t\t\tif(!X.c(\"45FA\",a0+0x10C) && !X.c(\"E942\",a0+0x112)) return false;\r\n\t\t\ta0 += 4; if(!X.c(\"E9417000 41FA\",a0)) return false; a0 += 4;\r\n\t\t\tif(X.c(d1,a0+0x8C) || X.c(d1,a0+0x9C) || X.c(d1,a0+0xA0)) {\r\n\t\t\t\tfmt = 0; base = a0; return true }\r\n\t\t}\r\n\t\ta0 = 0x1A+X.I16(0x1A,_BE); if(!X.c(d1+\"43FA\",a0)) return false;\r\n\t\tfmt = 1; base = a0; return true\r\n\t} else { //@d45a\r\n\t\tdo { if(X.c(\"2F0841FA\",a0+0x1C)) break; a0 += 2 } while(a0 < 0xA);\r\n\t\tif(a0 == 0xA) return false; //else -> d46e\r\n\t\ti = 0x4C; do { if(X.c(d1,a0)) break; a0 += 2; i-- } while(i);\r\n\t\tif(!i) return false; //else -> d4be\r\n\t\tif(!X.c(\"45FA\",a0+0x10C) && !X.c(\"E942\",a0+0x112)) return false;\r\n\t\ta0 += 4; if(!X.c(\"E9417000 41FA\",a0)) return false; a0 += 4;\r\n\t\tif(X.c(d1,a0+0x8C) || X.c(d1,a0+0x9C) || X.c(d1,a0+0xA0)) {\r\n\t\t\tfmt = 0; base = a0; return true }\r\n\t}\r\n\treturn false\r\n}\r\nif(!bDetected && isAVP()) {\r\n\tsName = \"Martin Walker's Activision Pro module (.AVP)\"; sVersion = \"f.\"+fmt; bDetected = 1;\r\n\tif(X.isVerbose()) {\r\n\t\tsOption(Hex(base),\"base:\");\r\n\t\t//TODO: derive some info using NP\r\n\t}\r\n}\r\n\r\n\r\nfunction isJP() {\r\n\t//from https://gitlab.com/uade-music-player/uade/-/raw/master/amigasrc/players/wanted_team/JasonPage/src/Jason%20Page_v5.s\r\n\tfmt = 0;\r\n\tif(X.c(\"0002\") && !(X.U8(3)&1)) for(;;) {\r\n\t\tt = X.I16(4,_BE); if(t&1) break; if(X.I16(t)&1) break;\r\n\t\td0 = X.I16(0x30,_BE); if(d0 > X.Sz()) break;\r\n\t\tfor(a1 = 2; a1 <= 0x2E; a1 += 2) {\r\n\t\t\tt = X.U16(a1,_BE); if(!t || (t&1) || t > X.Sz() || d0 <= t) break;\r\n\t\t}\r\n\t\tif(a1 < 0x30) break;\r\n\t\tif((X.U16(t,_BE)&0xF00) == 0xF00) fmt = 2; else fmt = 1; break\r\n\t}\r\n\tif(!fmt)\r\n\t\tif(X.I16(0,_BE) || X.I16(0x80,_BE) || !X.c(\"00000CBE\",0x84)\r\n\t\t || !X.c(\"000308BE\",0xCB6) || !X.c(\"000309BE\",0xCBA)) return false;\r\n\t\telse fmt = 3;\r\n\tsmpsz = smp = 0; x = 1;\r\n\tif(fmt == 3) {\r\n\t\tsz = X.U32(0x8BA,_BE)+2; if(sz < 0x8BC || sz > X.Sz()) return false;\r\n\t\tt0 = X.U32(0,_BE);\r\n\t\tfor(i = 4; i < 0x80; i += 4) {\r\n\t\t\tt1 = X.U32(i,_BE); t = t1-t0; if(t < 0) return false;\r\n\t\t\tsmpsz += t; if(t) smp++; t0 = t1 }\r\n\t\tsmpsz += 0x80;\r\n\t\tif(sz == 7382 && smpsz == 19290) x = 16 /*realms ingame*/;\r\n\t\telse { x = 0; a1 = 0x6BE; do {\r\n\t\t\t\td0 = X.U32(a1,_BE); a1 += 4; if(X.U16(d0,_BE) == 0xFF00) break; x++\r\n\t\t\t} while(a1 < sz) }\r\n\t} else {\r\n\t\tsz = X.U16(0x30,_BE); a0 = X.U16(0xC,_BE)+2; a1 = X.U16(0x1C,_BE); x = (a1-a0)>>1;\r\n\t\tfor(i = X.U16(2,_BE); i < sz-4; i += 4) { slen = X.U32(i,_BE); smpsz += slen; if(slen) smp++ }\r\n\t}\r\n\treturn true;\r\n}\r\nif(!bDetected && isJP()) {\r\n\tswitch(fmt) {\r\n\tcase 1: sName = \"Jason Page's module (.JP)\"; break; case 2: sName = \"Jason Page's module (.JPN)\"; break;\r\n\tcase 3: sName = \"Jason Page's old module (.JP)\"; } sVersion = \"f.\"+fmt; bDetected = 1;\r\n\tif(X.isVerbose()) {\r\n\t\tif(x > 1) sOption(x,'×');\r\n\t\tsOption(\"smp:\"+smp+\" smp.sz:\"+smpsz+\" song sz:\"+outSz(sz))\r\n\t}\r\n}\r\n\r\n\r\nfunction isMikeDavies() {\r\n\t//ref reversing the eagleplayer\r\n\ta2 = 0xF2;\r\n\tif(!X.c(\"0C40\",a2)) { a2 -= 6; if(!X.c(\"33C0\",a2)) return false }\r\n\tif(!X.c(\"48E7FFFE 61064CDF 7FFF4E75\",a2-12)) return false;\r\n\ta2 = X.fSig(a2,0xFFFF,\"6000\")+2; if(a2 < 2) return false;\r\n\tt = X.I16(a2,_BE); if(!t || t < 0 || (t&1)) return false;\r\n\ta2 += t; if(!X.c(\"2D58\",a2)) return false;\r\n\ta2 = 0;\r\n\tfunction findOrPlus(s) { while(a2 < X.Sz()) { if(X.c(s,a2)) break; a2 += 2 } } // couple helper functions\r\n\tfunction plusAndFind(s) { while(a2 < X.Sz()) { a2 += 2; if(X.c(s,a2-2)) break } }\r\n\tfunction errorP(s) { if(debug>1)_log('MikeDavies: '+s); patchClear(); return false }\r\n\tvar a4 = []; // the \"wach get out!!!\" memory part. Local vars\r\n\t//we skip a4.push(0) *2 unlike the original code, so analogously, a4[] points @d138 instead of d134\r\n\tfindOrPlus(\"48E7FFFE\"); a4.push(a2>>16); a4.push(a2&0xFFFF); //d3a2~d3ae\r\n\tfindOrPlus(\"33FC0001\"); //d3b0~d3ba\r\n\ta2 += 4; rel = X.U32(a2,_BE);\r\n\tplusAndFind(\"41F9\"); a4.push(a2>>16); a4.push(a2&0xFFFF);\r\n\td1 = X.I32(a2,_BE); //d3c0~d3c8\r\n\tplusAndFind(\"B1FC\"); d0 = X.U32(a2,_BE); //d3ca-d3d0\r\n\tx = d0 = (d0-d1) >> 4;\r\n\r\n\tplusAndFind(\"41F9\"); a4.push(a2>>16); a4.push(a2&0xFFFF); //d3da~d3e0\r\n\tplusAndFind(\"B1FC\"); a4.push(a2>>16); a4.push(a2&0xFFFF); //d3e2~d3e8\r\n\tplusAndFind(\"303C\"); //d3ea~d3ee\r\n\tfindOrPlus(\"48E7FFFE ........ 6100\"); a4.push(a2>>16); a4.push(a2&0xFFFF); //d3f6~d40a\r\n\tplusAndFind(\"41F9\"); a4.push(a2>>16); a4.push(a2&0xFFFF);\r\n\td2 = X.U32(a2,_BE); //d40c~d414\r\n\tplusAndFind(\"B1FC\"); d3 = X.U32(a2,_BE); //d416~d41c\r\n\td3 = d4 = d3-d2; var mo = d3%0x18; d3 = Util.divu64(d3,0x18); //d41e~d42e\r\n\tif(mo) {\r\n\t\td4 += 4; mo = d4%0x18; d4 = Util.divu64(d4,0x18);\r\n\t\tif(mo) return errorP('@d436 error 5'); //originally, error code 5\r\n\t\td3 = d4;\r\n\t\tif(X.c(\"4654443C\",0x7D8)) { //d44c~44; patch #1 adjusting 3 positions\r\n\t\t\ta3 = 0x770;\r\n\t\t\tfor(d4=2; d4 >= 0; d4--) {\r\n\t\t\t\ta3 -= 4; wpU32be(a3+4,rpU32be(a3));\r\n\t\t\t}\r\n\t\t}\r\n\t}\r\n\ta4.push(d3>>16); a4.push(d3&0xFFFF); //d45a\r\n\tplusAndFind(\"4BF9\"); d5 = rpU32be(a2)-rel; //d45c~64\r\n\tif(a2 > X.Sz()) return errorP('@d464 a2 too high');\r\n\tif(!X.isDeepScan()) { patchClear(); return true }\r\n\r\n\ta4.push(d5>>16); a4.push(d5&0xFFFF); //d466\r\n\ta4.push(0); //d468\r\n\ta5 = 0x4ED2; a4.push(a5>>16); a4.push(a5&0xFFFF); //d46a; delitrackerglobals\r\n\r\n\t//d472~d4fa: patch #2 (changes certain offsets in the player code to relative)\r\n\ta3 = (a4[0]<<16)+a4[1];\r\n\tp2cycle: while(a3 < X.Sz()) { //from d472...\r\n\t\tswitch(rpU16be(a3)) {\r\n\t\tcase 0x33EE: case 0x33FC: a3 += 2; //d4ce & ↓\r\n\t\tcase 0x3039: case 0x33C0: case 0x33C1: case 0x3C39: case 0x41F9:\r\n\t\tcase 0x4279: case 0x4A79: case 0x4BF9: case 0x4DF9: case 0x5379: case 0xB1FC: //d4d0\r\n\t\t\ta3 += 2; a3_ = rpU32be(a3); if((a3_>>16) == 0x00DF) break;\r\n\t\t\twpU32be(a3,a3_-rel); a3 += 4; break;\r\n\t\tcase 0x33F9: //d4de\r\n\t\t\ta3 += 2; a3_ = rpU32be(a3);\r\n\t\t\tif((a3_>>16) == 0x00DF) a3 += 4; else { wpU32be(a3,a3_-rel); a3 += 4 }\r\n\t\t\ta3_ = rpU32be(a3); if((a3_>>16) != 0x00DF) { wpU32be(a3,a3_-rel); a3 += 4 } break;\r\n\t\tdefault: a3 += 2; if(a3 >= d5) break p2cycle;\r\n\t\t}\r\n\t}\r\n\td4 = d3; //d4fe\r\n\ta2 = (a4[10]<<16)+a4[11]; //d500\r\n\ta2 = rpU32be(a2); //d504\r\n\ta2_ = rpU32be(a2)-rel; wpU32be(a2,a2_); //d506~8\r\n\td2 = a2_; //d50a~c\r\n\td5 = a2_+2*rpU32be(a2+4); a2 += 0x18; a2_ = rpU32be(a2); d3 -= 2; //patch1; d50e~1a\r\n\tif(d3 > 0x80) return errorP('@d51a badsmp:'+Hex(d3));\r\n\twhile(d3 >= 0) { //d51c & d53a\r\n\t\ta2_ -= rel; wpU32be(a2,a2_); //d51e~d520\r\n\t\tif(d5 <= a2_) d5 = a2_+2*rpU32be(a2+4);\r\n\t\tif(d2 > a2_) d2 = a2_; //d530~d534\r\n\t\ta2 += 0x18; a2_ = rpU32be(a2); //patch1\r\n\td3--}\r\n\ta4.push(a2>>16); a4.push(a2&0xFFFF); //d53e. a2+4 = start of samples\r\n\ta2 = rpU32be((a4[4]<<16)+a4[5]); //d540~4\r\n\ta3 = (a4[6]<<16)+a4[7]; a3_ = rpU32be(a3); //d546\r\n\td3 = Util.divu64(a3_-a2, 0x18); //d54c~50\r\n\ta4.push(d3); //d554\r\n\tsmp = d3+d4; //d556~8\r\n\td4 = d3; a2_ = rpU32be(a2); //d55c\r\n\tif(d4 > 0x80) return errorP('@d55e d4='+Hex(d4)+' > 80h');\r\n\twhile(d4 > 0) { //d55e~60 & d57e\r\n\t\ta2_ -= rel; wpU32be(a2,a2_); //d562~4\r\n\t\tif(d5 <= a2_) d5 = a2_+2*rpU32be(a2+4);\r\n\t\tif(d2 > a2_) d2 = a2_; //d574~8\r\n\t\ta2 += 0x18; a2_ = rpU32be(a2);\r\n\td4--}\r\n\tif(a2 > (a4[19]<<16)+a4[20]) { a4[19] = a2>>16; a4[20] = a2&0xFFFF } //d582~8\r\n\td0 <<= 2; //d58e\r\n \ta2 = rpU32be((a4[2]<<16)+a4[3]); a2_ = rpU32be(a2); //d592~6\r\n\td3 = 0;\r\n\tdo {\r\n\t\tif(a2_ != 0xFFFFFFFF && d3 < a2_-rel) d3 = a2_-rel; //d59c~a8\r\n\t\ta2 += 4; a2_ = rpU32be(a2); //d5aa\r\n\td0--} while(a2 < X.Sz() && d0 > 0);\r\n\ta3 = (a4[8]<<16)+a4[9]; //d5b0\r\n\twhile(a3 < X.Sz()) { a3 += 2; if(X.c(\"0C40\",a3-2)) break } //d5b4~8\r\n\td0 = rpU16be(a3+0x16); a4.push(d0); //d5ba~e\r\n\tif(d5 > d3) { //d5c8~a\r\n\t\tif(d5 > X.Sz()) return errorP('@d5ce error 1C'); //d5cc~e; return errorcode 1C\r\n\t\ta2 = d2; a1 = (a4[19]<<16)+a4[20];\r\n\t\tdo { //from d5d8...\r\n\t\t\tif(rpU16be(a1) == d0) { a1 += 6; wpU32be(a1,rpU32be(a1)-rel) } //d5d8~e0; patching #3?...\r\n\t\t\ta1 += 2; // d5e2\r\n\t\t} while(a1 != a2 && a1 < X.Sz())\r\n\t\ta2 = d5;\r\n\t} else { //from d5ee\r\n\t\tif(d3 > X.Sz()) return errorP('@d5ee error 1C'); //d5ee~f0; return errorcode 1C\r\n\t\ta2 = d3; //d5f4; d4 and a3 = filesize\r\n\t\twhile(a2 < X.Sz()) { //d5fc -> sub_d65c\r\n\t\t\ta2 += 2; if([0x94,0xFE,0xFF,0x1FE,0x1FF].indexOf(rpU16be(a2-2)) >= 0) break }\r\n\t\ta1 = d5; a1_ = rpU32be(a1); //d5f8\r\n\t\tdo { // from d5fa...\r\n\t\t\tif(d0 == (a1_>>16)) {\r\n\t\t\t\ta1 += 6; a1_ = rpU32be(a1)-rel; wpU32be(a1,a1_);\r\n\t\t\t\tif(d3 < a1_) d3 = a1_;\r\n\t\t\t}\r\n\t\t\ta1 += 2; a1_ = rpU32be(a1); //d60a\r\n\t\t} while(a2 != a1); //d60c~e to d5fa\r\n\t\tif(a2 <= d3) { //d610~2\r\n\t\t\ta2 = d3;\r\n\t\t\twhile(a2 < X.Sz()) {\r\n\t\t\t\ta2 += 2; if([0x94,0xFE,0xFF,0x1FE,0x1FF].indexOf(rpU16be(a2-2)) >= 0) break; }\r\n\t\t}\r\n\t}\r\n\tpatchClear();\r\n\tsz = a2; //d618~a\r\n\tsmpsz = d5-d2;\r\n\tsongsz = a2-smpsz;\r\n\treturn true\r\n}\r\nif(!bDetected && isMikeDavies()) {\r\n\tsName = \"Mike Davies module (.MD)\"; bDetected = 1;\r\n\tif(X.isVerbose()) {\r\n\t\tif(x > 1) sOption(x,'×');\r\n\t\tif(X.isDeepScan()) sOption('smp:'+smp+' songsz:'+Hex(songsz)+' smpsz:'+Hex(smpsz)+' sz:'+outSz(sz))\r\n\t}\r\n}\r\n\r\n\r\nfunction isSilmarils() {\r\n\t//from UADE player RE\r\n\ta0 = 0; if(!X.c(\"0016\",a0+4)) { a0 += 6; if(!X.c(\"0016\",a0+4)) return }\r\n\tif(!X.c(\"0000 00000000 00000000 ....0020 ....0020\",a0+6)) return;\r\n\td1 = X.U32(a0+0xE,_BE); if(d1&1) return;\r\n\tif(!X.c(\"00000058\",a0+d1)) return;\r\n\ta2 = a0+0x58; a3 = 0; if(X.c(\"0016\",0xA)) a3 += 6;\r\n\ta3 += X.U32(a3+0xE,_BE); a3 += X.U32(a3,_BE);\r\n\ta2 = a3; x = smp = sz = d0 = d3 = 0;\r\n\twhile(a3 < X.Sz()) {\r\n\t\ta3 = a2; a2 += 4;\r\n\t\tif(!X.U32(a3,_BE) || X.U8(a3)) { //→e684\r\n\t\t\ta3 = sz; sz += X.U32(a3+2,_BE); break;\r\n\t\t} else {\r\n\t\t\ta3 += X.I32(a3,_BE); if(a3 > sz) sz = a3; if(a3 > X.Sz()) return;\r\n\t\t\tif(X.c(\"FF02\",a3+6)) x++;\r\n\t\t\telse {\r\n\t\t\t\tt = X.U32(a3+2,_BE); if(t > X.Sz()) return;\r\n\t\t\t\tsmp++; d3 += t; if(d0 < t) d0 = t\r\n\t\t\t}\r\n\t\t}\r\n\t}\r\n\tif(a3 > X.Sz() || sz > X.Sz()) return;\r\n\tsmpsz = d3;\r\n\treturn true\r\n}\r\nif(!bDetected && isSilmarils()) {\r\n\tsName = \"Michel Pernot's Silmarils module (.MOK)\"; bDetected = 1;\r\n\tbad = \"\";\r\n\tif(x > 3) bad = bad.addIfNone(\"!subsongs>3\");\r\n\tif(smp > 0x20) bad = bad.addIfNone(\"!smp>32\");\r\n\tif(bad != \"\") sVersion = sVersion.appendS(\"malformed\"+bad,'/');\r\n\tif(X.isVerbose()) {\r\n\t\tif(x > 1) sOption(x,'×');\r\n\t\tsOption(\"smp:\"+smp+\" smpsz:\"+Hex(smpsz)+\" sz:\"+outSz(sz))\r\n\t}\r\n}\r\n\r\n\r\nfunction isDUX() {\r\n\t//from the UADE player's RE\r\n\tt = X.U32(0,_BE); if(t < 0x70 || (t&1) || !X.c(\"FFFF FFFFFFFF\",t-6)) return; sz = t;\r\n\tfor(smp=0,p=4; p < 0x64; p+=12) { //8 samples\r\n\t\tt = X.U32(p,_BE); if((t&1) || t && t < 0x70 || t > sz) return; if(t) smp++\r\n\t} if(!smp) return;\r\n\tfor(; p < 0x70; p += 4) { t = X.U32(p,_BE); if(t < 0x70 || (t&1) || t > sz) return }\r\n\tif(!X.c(\"FFFF FFFFFFFF\",p+t-6)) return;\r\n\tsmpsz = X.U32(0x64,_BE); p = 0x74+smpsz; //p points to patterns? orderlist?\r\n\t// what does this do?..\r\n\t//for(q = 0; p < sz; p += 4) if((t = X.I16(p,_BE)) >= 0) q += t; else break;\r\n\t//q >>= 4; unpsz = Util.div64(q*14187, 44336);\r\n\treturn true\r\n}\r\nif(!bDetected && isDUX()) {\r\n\tsName = \"GT Game Systems module (.DUX)\"; bDetected = 1;\r\n\tif(X.isVerbose()) {\r\n\t\tord = 1+Util.div64(X.U32(0x68,_BE)-smpsz, 0x3C); smpsz -= 0x70;\r\n\t\tsOption('ord:'+ord+' smp:'+smp+' smpsz:'+Hex(smpsz)+' sz:'+outSz(sz))\r\n\t}\r\n}\r\n\r\n\r\nfunction isBuzzic2() {\r\n\t//from the app sources\r\n\tif(!X.c(\"'buz2'0200\")) return;\r\n\tgvol = X.F32(8); if(!isWithin(gvol,0,2)) return;\r\n\tbpm = X.U32(0xC); if(!isWithin(bpm,10,200)) return;\r\n\tstartpos = X.U32(0x10); ord = X.U32(0x14)+1; if(startpos >= ord) return;\r\n\tlooping = X.U8(0x18); if(looping > 1) return;\r\n\tnV = X.U16(6); p = 0x9C; sz = -1; bad = \"\";\r\n\tmaxptn = maxtrk = 64; maxtml /*max template melody length*/ = 128;\r\n\tptn = X.U32(p); trk = X.U32(p+4); p += 8;\r\n\tif(nV >= 1) { maxptn = X.I32(p); maxtrk = X.I32(p+4); maxtml = X.I32(p+8); p += 12 }\r\n\tp += maxptn*16+maxtrk*maxtml;\r\n\ttrks = [];\r\n\tfor(i=0; i < 64; i++) { t = X.SA(p,0x40).trim(); if(t != \"\") trks.push(t); p += 0x40 }\r\n\tptns = [];\r\n\tfor(i=0; i < 64; i++) { t = X.SA(p,0x40).trim(); if(t != \"\") ptns.push(t); p += 0x40 }\r\n\tins = X.U32(p); p += 4;\r\n\tif(p > X.Sz()) return;\r\n\tinss = []; totalops = 0;\r\n\tfor(i=0; i < ins; i++) {\r\n\t\tt = X.SA(p,0x80).trim(); if(t != \"\") inss.push(t);\r\n\t\tvar opcnt = X.U32(p+0x184); totalops += opcnt; p += 0x2410+opcnt*0x228;\r\n\t}\r\n\tsz = p; if(sz > X.Sz()) bad = bad.addIfNone('!short');\r\n\treturn true;\r\n}\r\nif(!bDetected && isBuzzic2()) {\r\n\tsName = \"Buzzic module (.buz2)\"; bDetected = 1; sVersion = 'v2.'+nV.padStart(2,'0');\r\n\tif(X.isVerbose()) {\r\n\t\t//sOptionT(addEllipsis(trks.join(','),0xA0,0x80),'trks:\"','\"');\r\n\t\t//sOptionT(addEllipsis(ptns.join(','),0xA0,0x80),'ptns:\"','\"');\r\n\t\t//sOptionT(addEllipsis(inss.join(','),0xA0,0x80),'insts:\"','\"');\r\n\t\tsOption('bpm:'+bpm+' trk:'+trk+' ptn:'+ptn+' ins:'+ins+' g.vol:'+Math.round(gvol*100)+'% ops:'+totalops+' sz:'+outSz(sz))\r\n\t}\r\n}\r\n\r\n\r\nfunction isInfogramesRH2() {\r\n\tif(!X.c(\"000200\")) return; //+04: speed? version? I saw 1 through 7\r\n\tif(!X.c(\"FF000F\",X.U16(4,_BE)+1)) return;\r\n\tsz = X.U16(0x10,_BE)+2;\r\n\tfor(i=10,oldp = X.U16(8,_BE); i < 0x20; i += 2) { if(i == 0x10) continue;\r\n\t\tp = X.U16(i,_BE); if(p <= oldp || p+1 > X.Sz()) return; if(!X.c(\"FF\",p+1)) return;\r\n\t\toldp = p\r\n\t}\r\n\treturn true;\r\n}\r\nif(!bDetected && isInfogramesRH2()) {\r\n\tsName = \"Infogrames (RobHubbard2) module (.DUM&.INS)\"; bDetected = 1;\r\n\tif(X.isVerbose()) sOption(outSz(sz),'sz:')\r\n\t//TODO get info\r\n}\r\n\r\n\r\nfunction isSpecialFX() {\r\n\t//from https://gitlab.com/uade-music-player/uade/-/raw/master/amigasrc/players/wanted_team/SpecialFX/Special%20FX_v2.asm\r\n\tif(!X.c(\"6000\")) return;\r\n\td2 = X.U16(2,_BE); if(d2 <= 0 || d2%2) return; a1 = 2; a0 = 4;\r\n\tfor(i = 0; i < 3; i++) { if(!X.c(\"6000\",a0)) return; t = X.U16(a0+2,_BE); a0 += 4; if(t <= 0 || t%2) return }\r\n\ta1 += d2;\r\n\tif(X.c(\"6000\",a0)) {\r\n\t\tfor(i = 0; i < 3; i++) { if(!X.c(\"6000\",a0)) return; t = X.U16(a0+2,_BE); a0 += 4; if(t <= 0 || t%2) return }\r\n\t\tif(X.c(\"6000\",a0)) return;\r\n\t} else { //OldFor\r\n\t\tif(!X.c(\"6100\",a1)) return; a1 += 4\r\n\t}\r\n\tif(!X.c(\"41F9\",a1)) return; a1 += 6; if(!X.c(\"43F9\",a1)) return;\r\n\t//TODO subsongs\r\n\treturn true;\r\n}\r\nif(!bDetected && isSpecialFX()) {\r\n\tsName = \"M.Cannon & J.Dunn's Special FX module (.JD)\"; bDetected = 1\r\n}\r\n\r\n\r\nfunction isSpecialFXST() {\r\n\t//from https://gitlab.com/uade-music-player/uade/-/raw/master/amigasrc/players/wanted_team/SpecialFX_ST/src/Special%20FX%20ST_v3.asm\r\n\tif(X.Sz() < 2300) return;\r\n\tif(!X.c(\"00000000\") && !X.c(\"0101\") && !X.c(\"00000101\") && !X.c(\"6000\")) return;\r\n\tvar a0 = 0, a1 = 140, a2 = X.Sz()-4;\r\n\twhile(a0 < X.Sz()) { if(X.c(\"00090800\",a0)) break; a0 += 2; if(a1 == a0) return }\r\n\tif(!X.c(\"01120900\", a0+74) && !X.c(\"02240A00\", a0+74*2) && !X.c(\"00090800\", a0+74*3)\r\n\t && !X.c(\"01120900\", a0+74*4) && !X.c(\"02240A00\", a0+74*5)) return;\r\n\ta0 = a1+1860;\r\n\twhile(a0 < X.Sz()) { if(X.c(\"0EF80E10\",a0)) break; a0 += 2; if(a0 >= a2) return }\r\n\t//init\r\n\tsz = -1; a1 = 0; var d1 = 10, d7 = 0, p1 = 0, p2 = 0;\r\n\twhile(a1 < X.Sz()) { d0 -= 2; a1 += 2; if(X.c(\"E740\",a1-2)) break } //Find1\r\n\tx = X.U16(a1-12,_BE);\r\n\tp1 = a1-4+X.U16(a1-4,_BE);\r\n\twhile(a1 < X.Sz()) { //Find2\r\n\t\tif(X.c(\"101A234A\",a1)) {\r\n\t\t\ta1 += d1 }\r\n\t\telse if(X.c(\"4880D040\",a1)) break; //noSpec, break to OK2\r\n\t\ta1 += 2\r\n\t}\r\n\tp2 = a1-2+X.U16(a1-2,_BE); //useful\r\n\twhile(a1 < X.Sz()) { if(X.c(\"08C70007\",a1)) break; a1 += 2 } //Find3\r\n\ta2 = a1; if(a1 >= X.Sz()) return false;\r\n\twhile(a2 > 0) { a2 -=2; if(X.c(\"41FA\",a2)) break } //Find4\r\n\twhile(a1 < X.Sz()) //Find5\r\n\t\tif(X.c(\"41F9\",a1)) { a2 = X.U16(a1+2,_BE); break }\r\n\t\telse { t = X.c(\"41FA\",a1); a1 += 2; if(t) { a2 = a1+X.U16(a1,_BE); break }\r\n\t}\r\n\twhile(a1 < X.Sz()) { if(X.c(\"08870002\",a1)) break; a1 += 2 } //Find6\r\n\ta2 = a1+6; //OK6\r\n\tif(X.c(\"41F9\",a2-2)) { a2 = X.U16(a2,_BE); d7 = a2 }\r\n\telse a2 += X.U16(a2,_BE);\r\n\twhile(a1 < X.Sz()) { if(X.c(\"08C70002\",a1)) break; a1 += 2 } //Find7\r\n\ta1 += d1; a2 = a1;\r\n\tif(X.c(\"41F9\",a2-2)) a2 = X.U16(a2,_BE); else a2 += X.U16(a2,_BE);\r\n\twhile(a1 < X.Sz()) { t = X.c(\"41FA\",a1); a1 += 2; if(t) break } //Find8\r\n\ta2 = a1+X.U16(a1,_BE);\r\n\tvar skip = 0; bad = '';\r\n\twhile(a1 < X.Sz()) { if(X.c(\"0EF80E10\",a1)) { skip = 1; break } if(X.c(\"7000101A\",a1)) break; a1 += 2 } //Find9\r\n\tif(!skip) {\r\n\t\ta2 = a1-2+X.U16(a1-2,_BE);\r\n\t\twhile(a1 < X.Sz()) //FindA\r\n\t\t\tif(X.c(\"0EF80E10\",a1)) { skip = 1; break }\r\n\t\t\telse { t = X.c(\"41FA\",a1); a1 += 2; if(t) break }\r\n\t\ta2 = a1; a1 += X.U16(a1,_BE);\r\n\t}\r\n\tif(!skip) if(a1 > X.Sz()) { bad = bad.addIfNone('!short'); skip = 2 }\r\n\tif(!skip) { sz = a1; if(!d7) skip = 1 }\r\n\tif(!skip) while(a2 < X.Sz()) { //FindEnd\r\n\t\tif(X.c(\"41FA\",a2)) sz = a1 = a2+2+X.U16(a2+2,_BE)+14;\r\n\t\tif(!X.c(\"110010\",a2)) break; else a2 += 2;\r\n\t}\r\n\t//EndTable skipped -> Skip2\r\n\tif(skip != 2) {\r\n\t\td0 = p2-p1;\r\n\t\tif(d0 > 0) d0 >>= 3;\r\n\t\tif(d0 > 0) x = d0\r\n\t}\r\n\treturn true\r\n}\r\nif(!bDetected && isSpecialFXST()) {\r\n\tsName = \"Special FX ST module (.DODA)\"; bDetected = 1;\r\n\tif(bad != '') sVersion = sVersion.appendS('malformed'+bad,'/');\r\n\tif(X.isVerbose()) {\r\n\t\tif(x > 1) sOption(x,'×');\r\n\t\tif(sz != -1) sOption(outSz(sz),'sz:')\r\n\t}\r\n}\r\n\r\n\r\nfunction isTronicDP() {\r\n\ta0 = d1 = 0x10+X.U16(2,_BE)+X.U16(6,_BE)+X.U16(10,_BE)+X.U16(14,_BE);\r\n\tif(a0 > X.Sz() || a0 % 2) return;\r\n\ta0 += X.U16(a0,_BE); if(a0 % 2) return;\r\n\tif(!X.c(\"005800B0\",a0+4)) return;\r\n\treturn true\r\n}\r\nif(!bDetected && isTronicDP()) {\r\n\tsName = \"Tronic Delta Packer module (.DP)\"; bDetected = 1; sOption('in:TronicTracker(?)')\r\n}\r\n\r\n\r\nfunction isDigitalSonixChrome() {\r\n\t//ref UADE player RE\r\n\tif(!X.U16(0)) return; if(!(smp=X.U8(2))) return; if((ord=X.U8(3)) < 2) return;\r\n\td2 = smpsz = X.U32(4,_BE); if(!d2 || d2%2 || d2 > X.Sz() || d2 > 0x80000) return;\r\n\td3 = X.U32(8,_BE); if(d3 > 0x20000) return;\r\n\ta0 = 0xC; x = 0;\r\n\tfor(i=ord-1; i; i--) {\r\n\t\td4 = X.I32(a0,_BE); if(d4 < 0 || d4 > 0x20000 || d4%2) return false; if(!X.U8(a0+4)) x++; a0 += 6\r\n\t}\r\n\tif(!X.c(\"00000000 0000\",a0)) return; a0 += 6; //@d2de~e4\r\n\td3 <<= 2; a0 += d3; //d2e6~8\r\n\ta2 = a0+smp*0x12; //d2ea~f4\r\n\ts = 0;\r\n\twhile(a0 < X.Sz() && a0 < a2) {\r\n\t\td1 = X.I32(a0+2,_BE); if(!isWithin(d1, 0,d2)) return;\r\n\t\td0 = X.U32(a0+0xC,_BE); if(d0 > d2) return;\r\n\t\tif(X.U8(a0+0x10) > 0x40 || X.U8(a0+0x11)) return; //this check's not in the player\r\n\t\ta0 += 0x12;\r\n\t}\r\n\tif(a0 > X.Sz() || d2 != d0+X.I32(a0-0x10,_BE)) return;\r\n\tsz = a0+smpsz;\r\n\treturn true\r\n}\r\nif(!bDetected && isDigitalSonixChrome()) {\r\n\tsName = \"Andrew Bailey & David Hanlon's Digital Sonix & Chrome module (.DSC)\"; bDetected = 1;\r\n\tif(X.isVerbose()) {\r\n\t\tif(x > 1) sOption(x,'×');\r\n\t\tsOption('ord:'+ord+' smp:'+smp+' sz:'+outSz(sz))\r\n\t}\r\n}\r\n\r\n\r\nfunction isPaulShields() {\r\n\t//ref https://gitlab.com/uade-music-player/uade/-/raw/master/amigasrc/players/wanted_team/PaulShields/src/Paul%20Shields_v3.asm\r\n\tif(!X.c(\"00000000 0000000 0000\")) return;\r\n\tif((t = X.U16(0xA4)) === X.U16(0xA8) && t === X.U16(0xAC) && t === X.U16(0xB0)\r\n\t && (t = X.I16(0xA0,_BE)) > 0 && !(t%2) && X.c(\"00B400B6\",t)) { fmt = 1; p = 0xA6 }\r\n\telse if((t = X.U16(0x204)) === X.U16(0x208) && t === X.U16(0x20C) && t === X.U16(0x210)\r\n\t && (t = X.I16(0x200,_BE)) > 0 && !(t%2) && X.c(\"02140216\",t)) { fmt = -1; p = 0x206 }\r\n\telse if((t = X.U16(0x202)) === X.U16(0x206) && t === X.U16(0x20A) && t === X.U16(0x20E)\r\n\t && (t = X.I16(0x204,_BE)) > 0 && !(t%2) && (X.c(\"FFEC\",t-2) || X.c(\"FFE8\",t-2))) { fmt = 0; p = 0x204 }\r\n\telse return;\r\n\tmp = 0; a3 = 0;\r\n\tfor(i=0; i < 4; i++) { t = X.U16(p,_BE); if(mp < t) mp = t; p += 4 }\r\n\ta3 += mp; mp = X.U16(a3-2,_BE); while(a3 < X.Sz()) { t = X.U16(a3,_BE); a3 += 2; if(t == mp) break }\r\n\tsmpp = a3; if(!isWithin(smpp,0x400,0x4000)) return;\r\n\tif(fmt == 1) a3 = X.I16(0xAA,_BE); else if(fmt == 0) a3 = X.I16(0x204,_BE); else a3 = X.I16(0x20A,_BE);\r\n\tord = 0; while(a3 < X.Sz()) { t = X.U16(a3,_BE); a3 += 2; if(t == mp) break; ord++ }\r\n\tif(!isWithin(ord,1,0x80)) return;\r\n\tfor(i=p=smp=smpsz=0; i < 0x10; i++) {\r\n\t\tp += 2; if(fmt != 1) p += 20; if(t = X.U16(p,_BE)) { smpsz += t; smp++ } p += 8; if(fmt != 1) p += 2;\r\n\t}\r\n\tsmpsz <<= 1; if(!smp || !isWithin(smpsz,0x2000,0x20000)) return;\r\n\tsz = smpp+smpsz;\r\n\treturn true;\r\n}\r\nif(!bDetected && isPaulShields()) {\r\n\tsName = \"Paul Shields' module (.PS)\"; sVersion = 'f.'+fmt; bDetected = 1;\t\r\n\tif(X.isVerbose()) {\r\n\t\tsOption('ord:'+ord+' smp:'+smp+' smpsz:'+Hex(smpsz)+' sz:'+outSz(sz))\r\n\t}\r\n}\r\n\r\n\r\nfunction isROL() {\r\n\t// ref https://moddingwiki.shikadi.net/wiki/ROL_Format\r\n\t// the \"signature\" can contain filenames and (cut off) software names\r\n\tif(X.Sz() < 0xB6+(45*15+4+2) || !isWithin(X.U32(0), 0x30000,0x40000) || !X.c(\"'Tempo'00\", 0xB6)) return;\r\n\tif(!isWithin(X.U16(0x2C), 1,0x30) || !isWithin(X.U16(0x2E), 1,0x10)) return;\r\n\tif(!isWithin(X.U16(0x30), 0x10,0x50) || !isWithin(X.U16(0x32), 0x20,0x50)) return;\r\n\tif(!isWithin(X.U8(0x34), 0,1) || (mode=X.U8(0x35)) > 1) return;\r\n\tbpm0 = X.F16(0xC5);\r\n\tq = true;\r\n\tch = voices = X.U8(0x35)? 9: 11; ev = X.U16(0xC7);\r\n\tfor(i=mclk=0,p=0x36; i < 45; i++,p+=2) {\r\n\t\tif(i < 11) { if(!X.U16(p)) ch--; mclk = Math.max(mclk, X.U16(p)) }\r\n\t}\r\n\tfor(i=0x36; i < 0x4C && q; i += 2) if(X.U16(i) > 0x10FF) q = false;\r\n\tfor(; i < 0x90 && q; i += 2) if(X.U16(i) > 0x1FF) q = false;\r\n\tif(!q) return;\r\n\tp = 0xCB+X.U16(0xC9)*6; //skip tempo events\r\n\tmtln = mdur = notev = insev = volev = pitev = 0;\r\n\tfor(i=0; i < voices; i++) {\r\n\t\tp += 0xF; dur = 0;\r\n\t\ttln = X.U16(p); p += 2;\r\n\t\tif(tln) do { dur += X.U16(p+2); p += 4; notev++ } while (dur < tln && p < X.Sz()); //load note events\r\n\t\tif(tln > mtln) mtln = tln; if(dur > mdur) mdur = dur;\r\n\t\tp += 0xF;\r\n\t\tinsev += (t=X.U16(p)); p += 2+14*t+0xF; //skip ins.events\r\n\t\tvolev += (t=X.U16(p)); p += 2+6*t+0xF; //skip vol.events\r\n\t\tpitev += (t=X.U16(p)); p += 2+6*t; //skip pitch events\r\n\t}\r\n\tsz = p;\r\n\treturn true;\r\n}\r\nif(!bDetected && isROL()) {\r\n\tsName = \"Ad Lib's AdLib Visual Composer pianoroll (.ROL)\"; bDetected = 1;\r\n\tif(X.isVerbose()) {\r\n\t\tc = X.SA(4,40); if(c != '\\\\roll\\\\default') sOption(c);\r\n\t\tsOption('ch:'+(ch!=voices?ch+'/':'')+voices+' rhythm:'+X.U16(0x2C)+'/'+X.U16(0x2E)\r\n\t\t\t+' bpm0:'+bpm0.toFixed(1)+' len:'+mdur+' notes:'+notev+' ins.ev:'+insev\r\n\t\t\t+' ins.ev:'+insev+' vol.ev:'+volev+' pitchev:'+pitev+' sz:'+outSz(sz))\r\n\t}\r\n}\r\n\r\n\r\nfunction isGYMX() {\r\n\tif(X.Sz() < 0x1AC || !X.c(\"'GYMX'\")) return;\r\n\tfor(i=4; i < 0x1A8; i++) if(isWithin(X.U8(i), 1,0xA) || isWithin(X.U8(i),0xE,0x1F)) return;\r\n\tunpsz = X.U32(0x1A8);\r\n\tif(unpsz <= 2) if(parseMDGYM(0x1AC, X.isDeepScan() ? BCParseToEoF : BCParseToReasonable) <= 0)\r\n\t\treturn;\r\n\treturn true\r\n}\r\nif(!bDetected && isGYMX()) {\r\n\tsName = \"Sega Genesis/Mega Drive YM2612 chiptune (.GYM)\"; bDetected = 1;\r\n\tif(unpsz <= 2) sVersion = sVersion.append('unpacked');\r\n\tif(X.isVerbose()) {\r\n\t\tsOptionT(X.SC(0x4,0x20,'CP1252'));\r\n\t\tsOptionT(X.SC(0x24,0x20,'CP1252'),'for: ');\r\n\t\tsOptionT(X.SC(0x44,0x20,'CP1252'),'at: ');\r\n\t\tsOptionT(X.SC(0x64,0x20,'CP1252'),'emu: ')\r\n\t\tsOptionT(X.SC(0x84,0x20,'CP1252'),'by: ');\r\n\t\tsOptionT(X.SC(0xA4,0x100,'CP1252'));\r\n\t\tif(unpsz > 2) sOptionT(X.U32(0x1A8),'unp.sz:')\r\n\t}\r\n}\r\n\r\n\r\nfunction isSoundMaster() {\r\n\t//from https://gitlab.com/uade-music-player/uade/-/raw/master/amigasrc/players/wanted_team/SoundMaster/Sound%20Master_v1.asm\r\n\tif(!X.c(\"6000.... 6000.... 6000\") || (p=base=a6=X.I16(2,_BE)+2) <= 0 || p%2\r\n\t\t|| (playp=X.I16(6,_BE)+6) <= 0 || playp%2) return;\r\n\tfor(p1 = p+30; p < p1; p += 2) if(X.c(\"47FA\",p-2)) break; if(p >= p1) return;\r\n\tvar lea1 = p; t = Math.min(X.Sz(),0x20000);\r\n\tfor(; p < t; p += 2) if(X.c(\"4E75\",p-2)) break; if(p >= X.Sz() || p >= t) return;\r\n\tfmt = 'old'; if(X.c(\"177C0000\",p-8)) { fmt = 'new'; p -= 6 }\r\n\tif(!X.c(\"00BFE001\",p-6)) return;\r\n\r\n\tp = base; x = 1; d0 = 0;\r\n\tif(X.c(\"1740\",p+6) || X.c(\"1740\",p+4)) {\r\n\t\tfor(; p < X.Sz(); p += 2) if(X.c(\"47FA\",p-2)) break; p += X.I16(p,_BE); a6 = p;\r\n\t} else skipold: do { //a one-time \"loop\" to have a way to break off\r\n\t\tif(X.c(\"3C00\",p)) {\r\n\t\t\tp = lea1; a3 = a6 = p+X.I16(p,_BE);\r\n\t\t\tfor(; p < X.Sz(); p += 2) if(X.c(\"7600\",p-2)) break; a3 += X.I16(p-4,_BE)+3; d0 = 7;\r\n\t\t\tfor(; d0; a3+=3,x++,d0--) {\r\n\t\t\t\tif(!X.U16(a3,_BE) && X.U8(a3+2) == 1) break;\r\n\t\t\t}\r\n\t\t\td0 = X.U8(a3-1);\r\n\t\t\tbreak skipold;\r\n\t\t} else\r\n\t\t\tif(X.c(\"4A00\",p+0x28)) { x++; d0 = X.I16(p+0x34,_BE) }\r\n\t\tfor(; p < X.Sz(); p += 2) if(X.c(\"47FA\",p-2)) break; p += X.I16(p,_BE); a6 = p;\r\n\t} while(0);\r\n\tord = d0;\r\n\r\n\tfor(p = 0xC; p < X.Sz(); p += 2) if(X.c(\"1743\",p-2)) break; a3 = a6; pos = a6+X.I16(p,_BE);\r\n\tfor(p = 0xC; p < X.Sz(); p += 2) if(X.c(\"5203\",p-2)) break;\r\n\tsz = -1; patchable = X.c(\"177C\", p+10);\r\n\tif(patchable) {\r\n\t\ta2 = base; a3 += X.I16(p+2,_BE);\r\n\t\tif(!ord) ord = X.U8(a3);\r\n\t\tif(fmt == 'new') {\r\n\t\t\tfor(p = base+2; p < X.Sz(); p += 2) if(X.c(\"41EB\",p-2)) break;\r\n\t\t\ta3 = a6; a6 += X.I16(p,_BE); a3 += X.I16(p+4,_BE); a6 += X.I32(a3,_BE); smpip = a6;\r\n\t\t\tsongsz = a6+X.I16(a3-2,_BE);\r\n\t\t\tsmp = smpsz = 0;\r\n\t\t\tfor(;a6 < X.Sz();) {\r\n\t\t\t\td3 = X.I32(a6,_BE); a6 += 4;\r\n\t\t\t\tif(d3 > 0 && (ssz = X.U16(a6,_BE)<<1)) {\r\n\t\t\t\t\tsmp++; d3 += ssz;\r\n\t\t\t\t\tif(smpsz < d3) smpsz = d3;\r\n\t\t\t\t}\r\n\t\t\t\ta6 += 6; if(a6 >= songsz) break\r\n\t\t\t}\r\n\t\t} else { // old format\r\n\t\t\tfor(p = base+2; p < X.Sz(); p += 2) if(X.c(\"3D70\",p-2)) break;\r\n\t\t\tfor(; p < X.Sz(); p += 2) if(X.c(\"D5F0\",p-2)) break;\r\n\t\t\ta3 = a6+X.I16(p-4,_BE); a6 += X.I32(a3,_BE); t = a6; a6 += X.U16(p-0x12,_BE);\r\n\t\t\tsmpip = a6; smp = smpsz = 0; a3 = a6+0x80;\r\n\t\t\tfor(d1 = 32; d1; d1--) {\r\n\t\t\t\tif(X.U16(a3,_BE) > 1) {\r\n\t\t\t\t\tsmp++; ssz = X.U16(a3,_BE)<<1; d3 = ssz+X.I32(a6,_BE); if(smpsz < d3) smpsz = d3;\r\n\t\t\t\t}\r\n\t\t\t\ta6 += 4; a3 += 2\r\n\t\t\t}\r\n\t\t\tsongsz = t+X.U16(p-8,_BE);\r\n\t\t}\r\n\t\tsz = songsz+smpsz\r\n\t}\r\n\treturn true\r\n}\r\nif(!bDetected && isSoundMaster()) {\r\n\tsName = \"Sound Master module (.SM,.SMPRO,.SM3)\"; sVersion = fmt; bDetected = 1;\r\n\tif(X.isVerbose()) {\r\n\t\tif(x > 1) sOption(x,'×');\r\n\t\tif(patchable) sOption('ord:'+ord+' sz:'+outSz(sz));\r\n\t\t//else sOption('unpatchable or precooked');\r\n\t}\r\n}\r\n\r\n\r\nfunction isTomyTracker() {\r\n\t//from https://gitlab.com/uade-music-player/uade/-/raw/master/amigasrc/players/wanted_team/TomyTracker/src/Tomy%20Tracker_v2.asm\r\n\tif(X.Sz() < 0x6C0) return;\r\n\tif((sz=X.U32(0,_BE)) > 0x200000 || sz%2) return;\r\n\tif((d2=X.U32(4,_BE)) > sz || d2%2) return;\r\n\td2 -= 0x2C0; if(d2 & 0x3FF) return;\r\n\tptn = d2 >>= 10; d2--; p = 0x1BC; if(X.U8(p)) return;\r\n\tord = d1 = X.I8(p+1); if(ord < 0) return; p += 4; d2 <<= 10; d3 = 0;\r\n\tfor(; d1; p+=2,d1--) { if((t=X.I16(p,_BE)) & 0x3FF) return; if(d3 < t) d3 = t }\r\n\tif(d2 != d3) return;\r\n\tfor(smp = 0, p = 14; p < 0x1C0; p += 0xE) if(X.U16(p,_BE)) smp++;\r\n\treturn true\r\n}\r\nif(!bDetected && isTomyTracker()) {\r\n\tsName = \"Tom Pakarinen's Tomy Tracker module (.SG)\"; bDetected = 1;\r\n\tif(X.isVerbose()) {\r\n\t\tsOption('ord:'+ord+' ptn:'+ptn+' smp:'+smp+' sz:'+outSz(sz))\r\n\t}\r\n}\r\n\r\n\r\nfunction isSoundcontrol() {\r\n\t//from https://gitlab.com/uade-music-player/uade/-/raw/master/amigasrc/players/wanted_team/Soundcontrol/src/Soundcontrol_v3.asm\r\n\tif(!X.c(\"0003\",0x20))\r\n\t\tif(!X.c(\"0002\",0x20) || X.U32(0x1C,_BE)) return;\r\n\tif(X.U16(0x10,_BE)) return;\r\n\tif((p = X.I16(0x12,_BE)) < 0 || p % 2) return;\r\n\tif(!X.c(\"FFFF0000 0400\",p+0x3E)) return;\r\n\ttitle = X.readBytes(0,0x10); if(charStat(title,1).indexOf('allasc') < 0) return;\r\n\ttitle = decEncoding(title,\"CP437\");\r\n\ta2 = 0; a3 = sz = 0x40+X.U32(0x10,_BE);\r\n\td2 = X.U32(0x14,_BE); sz += d2; a4 = sz;\r\n\td1 = X.U32(0x18,_BE); sz += d1+X.U32(0x1C,_BE); d2 -= 0x400;\r\n\tif (X.Sz() < sz) return;\r\n\tord = d1 = Util.divu64(d1,12); d1--;\r\n\tvoc = 0;\r\n\tfor(d3 = 6; d3; d3--,a4 += 2) for(p = a4,d4 = ord; d4; d4--,p += 12) if(X.U16(p,_BE)) { voc++; break }\r\n\ta3 += 0x43C; smp = d3 = 0;\r\n\twhile(d2 > d3) { d4 = X.U32(a3,_BE); a3 += d4; d3 += d4; smp++ }\r\n\tx = 1; nv = 0; sv = '';\r\n\tif(X.U32(0x1C,_BE)) //crude fixes, go\r\n\t\tswitch(sz) {\r\n\t\tcase 95960: x = 2; //hndongame2; fallthrough\r\n\t\tcase 54544: sv = 'v4.0'; break; //hndtitle\r\n\t\tcase 81906: sv = 'v5.0'; break //hndintro\r\n\t\t}\r\n\telse\r\n\t\tswitch(sz) {\r\n\t\tcase 126446: x = 3; sv = 'v3.0'; break; //number9\r\n\t\tcase 136612: x = 2; sv = 'v3.0'; break; //domination 1\r\n\t\tcase 154704: x = 2; //dynatsong; fallthrough\r\n\t\tcase 103808: sv = 'v3.2'; break; //eleven6\r\n\t\t}\r\n\tfor(p = 0x40, ptn = 0; p < 0x240; p += 2) if(X.U16(p,_BE)) ptn++;\r\n\treturn true\r\n}\r\nif(!bDetected && isSoundcontrol()) {\r\n\tsName = \"Holger Gehrmann's Soundcontrol module (.SCT)\"; sVersion = sv; bDetected = 1;\r\n\tif(X.isVerbose()) {\r\n\t\tsOptionT(title); if(x > 1) sOption(x,'×');\r\n\t\tsOption('ch:'+voc+' ord:'+ord+' ptn:'+ptn+' smp:'+smp+' sz:'+outSz(sz))\r\n\t}\r\n}\r\n\r\n\r\nfunction isSoundfactory() {\r\n\t//from https://gitlab.com/uade-music-player/uade/-/raw/master/amigasrc/players/wanted_team/Soundfactory/src/Soundfactory_v2.asm\r\n\tif((sz=X.U32(0,_BE)) > 0x200000 || sz > X.Sz()) return;\r\n\tx = 16; lastfound = false;\r\n\tfor(p=0x13; p >= 4; p--) { if((t=X.U8(p)) > 0xF) return; if(!lastfound && t) {x = p-4; lastfound = true } }\r\n\tm = X.U32(0x14,_BE);\r\n\tfor(p = 0x18; p < 0x114; p+=4) { if((t=X.U32(p,_BE)) > 0x200000 || t > sz) return false; if(m > t) m = t }\r\n\tif(m != 0x114) return;\r\n\tif(X.isDeepScan()) {\r\n\t\tp = 0x114; smp = smpsz = 0;\r\n\t\tfor(;p < sz-8;) {\r\n\t\t\t//seek 84h at an even offset\r\n\t\t\tdo { q = X.fSig(p,sz-8-p,\"84\"); if(q < 0) { p = sz; continue} else p = q+(q%2) } while(p < sz && !q%2);\r\n//_log(\"found \"+Hex(q))\r\n\t\t\tif(p < sz && (d1=X.U8(p+1)) <= 0x1F) {\r\n\t\t\t\td1 >>= 2; smpp[d1] = p;\r\n\t\t\t\td4 = X.U16(p+2,_BE)<<1; smpsz += d4-38; smp++; p += d4\r\n\t\t\t} else p += 2;\r\n\t\t}\r\n\t\tif(!smp || smp > 32) return;\r\n\t}\r\n\treturn true\r\n}\r\nif(!bDetected && isSoundfactory()) {\r\n\tsName = \"Soundfactory module (.PSF)\"; bDetected = 1;\r\n\tif(X.isVerbose()) {\r\n\t\tif(x > 1) sOption(x,'×');\r\n\t\tsOption((X.isDeepScan()?'smp:'+smp+' smpsz:'+Hex(smpsz)+' ':'')+'sz:'+outSz(sz))\r\n\t}\r\n}\r\n\r\n\r\nfunction isBeniTracker() {\r\n\t//from https://modland.com/pub/software/trackers/DOS/Beni%20Tracker/Beni%20Tracker%20v1.8.rar / BT18.BAS -> SUB loadmod\r\n\t//ref BT18.DOC & https://modland.com/pub/software/trackers/DOS/Beni%20Tracker/Beni%20Tracker%20v1.3.rar / BeniTrk.doc\r\n\tord = X.U8(0); ptn = X.U8(1); ins = X.U8(2);\r\n\tif(!ptn || ptn > 0xCC || ins > 0x1F) return;\r\n\tvar ptnmap = [], insmap = [];\r\n\tp = 3; mptn = mins = 0;\r\n\tfor(i=0; i < ptn; i++) {\r\n\t\tif((t = X.U8(p++)) > 0xCB) return; if(mptn < t) mptn = t;\r\n\t\tif(ptnmap.indexOf(t) < 0) ptnmap.push(t) }\r\n\tif(ins) {\r\n\t\tfor(i=0; i < ins; i++) {\r\n\t\t\tif(!isWithin(t = X.U8(p++),1,0x1F)) return; if(mins < t) mins = t;\r\n\t\t\tif(insmap.indexOf(t) < 0) insmap.push(t) }\r\n\t}\r\n\trptn = ptnmap.length; rins = insmap.length; mptn++;\r\n\tif(rptn != ptn || (ins && rins != ins)) return;\r\n\tfor(o = 0; o < ord; o++)\r\n\t\tfor(i=0; i < 9; i++)\r\n\t\t\tif(ptnmap.indexOf(X.U8(p++)) < 0) return;\r\n\tnotes = 0;\r\n\tfor(i=0; i < ptn*0x40; i++,p+=3) {\r\n\t\tvar nt = X.U8(p) >> 4, ns = (X.U8(p) & 1) << 4 | X.U8(p+1) >> 4;\r\n\t\tif(nt > 12 || ns && insmap.indexOf(ns) < 0) return;\r\n\t\tif(nt != 12) notes++;\r\n\t}\r\n\tp += ins*0xB;\r\n\tif(X.c(\"'B.J.'\",p)) { p += 4; sv = 'v1.8' } else sv = 'v1.3';\r\n\tif(sv == 'v1.3' && ptn > 100) return;\r\n\tsz = p; return true;\r\n}\r\nif(!bDetected && isBeniTracker()) {\r\n\tsName = \"SPP's Beni Tracker (Adlib) module (.PIS)\"; sVersion = sv; bDetected = 1;\r\n\tif(X.isVerbose()) {\r\n\t\tsOption('ord:'+ord+' ptn:'+ptn+(ptn!=mptn?'/'+mptn:'')+' ins:'+ins+(ins!=mins?'/'+mins:'')\r\n\t\t\t+' notes:'+notes+' sz:'+outSz(sz))\r\n\t}\r\n}\r\n\r\n\r\nfunction isSteveBarrett() {\r\n\t//ref reversing the eagleplayer and the module's player code\r\n\tfor(p=0; p < 0x10; p += 4) if(!X.c(\"6000\",p) || (t=X.U16(p+2,_BE)) > X.Sz() || t%2) return false;\r\n\t\r\n\tt = X.I16(6,_BE)+6; if(!X.c(\"49FA....1940....4E75 43FA.... 49FA.... 41FA.... 45FA\",t)\r\n\t\t|| !X.c(\"'FORM'66\",t+0x1C)) return false;\r\n\tt = X.I16(10,_BE)+10;\r\n\tif(!X.c(\"49FA....4CFA00FF\",t) || !X.c(\"103A.... 660C 1940.... 6100... .6000\",t+10)\r\n\t\t|| !X.c(\"2A4C DAD8 22CD 2A4C DAD8 22CD 2A4C DAD8 22CD\",t+0x34)) return false;\r\n\tt = X.I16(0xE,_BE)+0xE;\r\n\tif(!X.c(\"70002A7C 00DFF0A8 3A803B40\",t) || !X.c(\"1A801B40 00011B40 00021B40\",t+0x1A)) return false; \r\n\tinitp = X.I16(2,_BE)+2; if(!X.c(\"43FA....49FA....41FA....45FA\",initp) || !X.c(\"'FORM'66\",initp+0x12)) return false;\r\n\ta0 = 0;\r\n\tfor(p = initp; p < initp+0x10; p += 2) //find the sample ptr\r\n\t\tif(X.c(\"41FA\",p-2)) { a0 = p+X.I16(p,_BE); break }\r\n\tif((p=6+X.fSig(initp,0x1000,\"E7404281\")) < 6) return false; t = p+X.I16(p,_BE); //possibly orderlist ptr\r\n\tfor(; p < X.Sz(); p += 2) if(X.c(\"41FA\",p-2)) break;\r\n\tfor(; p < X.Sz(); p += 2) if(X.c(\"D08043FA\",p)) break; p += 4; p += X.I16(p,_BE);\r\n\tx = (p-t)>>3;\r\n\tfor(p = a0,smp=0; p < X.Sz(); smp++) {\r\n\t\tif(!X.c(\"'FORM'........'8SVXVHDR'\",p)) { if(!X.U32(p)) p += 4; break }\r\n\t\tp += 8+X.U32(p+4,_BE);\r\n\t}\r\n\tsz = p; if(!smp) return false;\r\n\treturn true;\r\n}\r\nif(!bDetected && isSteveBarrett()) {\r\n\tsName = \"Steve Barrett's module (.SB)\"; bDetected = 1;\r\n\tif(X.isVerbose()) {\r\n\t\tif(x > 1) sOption(x,'×');\r\n\t\tsOption('smp:'+smp+' sz:'+outSz(sz))\r\n\t}\r\n}\r\n\r\n\r\nfunction isQuartetPSG() {\r\n\t// ref the eagleplayer RE\r\n\tif(X.Sz() < 0x400 || !X.c(\"49FA\",0x10)) return false;\r\n\tfor(p=0; p < 0x10; p += 4)\r\n\t\tif(!X.c(\"6000\",p) || (t=X.I16(p+2,_BE)) <= 0 || t%2) return false;\r\n\tif(!X.c(\"48E7FFFE 4DFA.... 51EE.... 41FA\",p=2+X.I16(2,_BE))) return false; \r\n\tif(!X.c(\"48E7FFFE 4DFA.... 4A2E.... 6700.... 70033F00 49FA\",p=6+X.I16(6,_BE))) return false; \r\n\tif(!X.c(\"48E7FFFE 4DFA.... 51EE.... 6100\",p=10+X.I16(10,_BE))) return false; \r\n\r\n\tfor(p = 0x10; p < X.Sz(); p += 2) if(X.c(\"40C2\",p)) break;\r\n\tfor(; p < X.Sz(); p += 2) if(X.c(\"41FA\",p)) break;\r\n\tp += 6; sz = p+X.I16(p,_BE); p += 2;\r\n\tfor(; p < X.Sz(); p += 2) if(X.c(\"43E9\",p-2)) break;\r\n\tsz += X.I16(p,_BE) << 1; a3 = sz; if(sz > X.Sz()) return false;\r\n\tfor(a0 = 0; p < X.Sz(); p += 2) {\r\n\t\tif(X.c(\"206C0032\",p)) { a0 += 8; p += 4 } if(X.c(\"08380007\",p) || X.c(\"08390007\",p)) break\r\n\t}\r\n\tfor(; p < sz; p += 2) if(X.c(\"40C1\",p)) break;\r\n\tfor(p += 4; p < X.Sz(); p += 2) if(X.c(\"4CDF\",p)) break;\r\n\tfor(; p < sz; p += 2) if(X.I32(p,_BE) == 0x56) break;\r\n\tfor(x = 0; p < a3; p += 2) if(X.I16(p,_BE) == 0x46) x++;\r\n\tx >>= 2;\r\n\treturn true\r\n}\r\nif(!bDetected && isQuartetPSG()) {\r\n\tsName = \"Illusions/Microdeal Quartet module (SQT.)\";\r\n\tsVersion = \"PSG synth\"; bDetected = 1;\r\n\tif(X.isVerbose()) {\r\n\t\tif(x > 1) sOption(x,'×');\r\n\t\tsOption(outSz(sz),'sz:')\r\n\t}\r\n}\r\n\r\n\r\nfunction isSonicArranger() {\r\n\t//from https://gitlab.com/uade-music-player/uade/-/raw/master/amigasrc/players/wanted_team/Sonic_Arranger/Sonic Arranger_v1.asm\r\n\tp = modp = smp = synsmp = ord = ptn = 0; x = 1; sv = bad = ''; owner = [];\r\n\tif(X.c(\"'SOARV1.0STBL'\")) {\r\n\t\tx = X.I32(0xC,_BE); spd0 = X.U8(0x11); ptnlen0 = X.U8(0x13); pst0 = X.U16(0x14,_BE);\r\n\t\tped0 = X.U16(0x16,_BE); lp0 = X.U16(0x18,_BE); irqps0 = X.U16(0x1A,_BE);\r\n\t\tif(!isWithin(spd0,2,16) || !isWithin(irqps0,16,120) || pst0 > ped0 || lp0 > ped0) return false;\r\n\t\tp = 0x10+x*12; if(!X.c(\"'OVTB'\",p)) return false; //\"OverTable\"\r\n\t\tord = X.I32(p+4,_BE); if(ped0 > ord) return false;\r\n\t\tp += 0x18+(ord << 4); if(!X.c(\"'NTBL'\",p-0x10)) return false;\r\n\t\tntbl = X.I32(p-0xC,_BE); p += ntbl << 2; if(!X.c(\"'INST'\",p-8)) return false;\r\n\t\tptn = Util.divu64(ntbl,0x10); ins = X.I32(p-4,_BE); inss = [];\r\n\t\tfor(i=0; i < ins; i++,p+=0x98) {\r\n\t\t\tif(X.U16(p,_BE)) synsmp++; else smp++;\r\n\t\t\tt = X.readBytes(p+0x7A,0x1E,true);\r\n\t\t\tt = decEncoding(t,CPAmiga).trim(); if(t != '') inss.push(t)\r\n\t\t}\r\n\t\tvar sc;\r\n\t\tif(!X.c(\"'SD8B'\",p)) return false; smp = X.I32(p+4,_BE); sc = smp; p += 8+smp*0x26;\r\n\t\tpp = p; p += smp << 2; for(; sc-- && p < X.Sz(); pp += 4) p += X.U32(pp,_BE);\r\n\t\tif(!X.c(\"'SYWT'\",p)) return false; synsmp = X.I32(p+4,_BE); p += 8+(synsmp << 7);\r\n\t\tif(!X.c(\"'SYAR'\",p)) return false; t = X.I32(p+4,_BE); p += 8+(t << 7);\r\n\t\tif(!X.c(\"'SYAF'\",p)) return false; t = X.I32(p+4,_BE); p += 8+(t << 7);\r\n\t\tif(!X.c(\"'EDAT'\",p)) return false; sz = p+24; sv = 'song';\r\n\t\t} else {\r\n\t\tif(X.c(\"4EFA\")) { //detect & skip replay\r\n\t\t\tif((t=X.I16(2,_BE)) <= 0 || t%2) return false;\r\n\t\t\tif(!X.c(\"48E7FFFE 41FA\",t+2) || !X.c(\"201045F0 0800228A 43FA\",t+0xE)\r\n\t\t\t\t|| !X.c(\"20280004 45F00800 228A 43FA\",t+0x1A)) return false;\r\n\t\t\tif((p=X.I16(t+8,_BE)) <= 0 || p%2) return false;\r\n\t\t\tp += t+8; modp = p; sv = '+replayer';\r\n\t\t} else sv = 'pure';\r\n\t\tif(p+0x28 > X.Sz() || !X.c(\"00000028\",p)) return false;\r\n\t\tspd0 = X.U16(p+0x28,_BE); irqps0 = X.U16(p+0x32,_BE); lp0 = X.U16(p+0x30,_BE);\r\n\t\tif(!isWithin(spd0,2,16) || !isWithin(irqps0,16,120)) return false;\r\n\t\tx = (X.I32(p+4,_BE)-0x28)/12; if(x == 1 || X.I16(p+0x3C,_BE) < 0) x = 1;\r\n\t\tvar ptrs = [0];\r\n\t\tfor(i=0; i < 8; i++) {\r\n\t\t\tt = X.I32(p,_BE); p += 4; if(t <= 0 || t%2 || t < ptrs[ptrs.length-1]) return false; ptrs.push(t)\r\n\t\t}\r\n\t\tvar ordp = ptrs[2], ptnp = ptrs[3], insp = ptrs[4], a = ptrs[5];\r\n\t\tsc = X.I32(modp+t,_BE);\r\n\t\t//ord recs contain u16 references and a couple control bytes ST and NT\r\n\t\tord = Util.div64(ptnp-ordp,0x10); ptn = Util.div64(insp-ptnp,0x40); ins = Util.div64(a-insp,0x98);\r\n\t\tp = modp+t; if(p > X.Sz()) return false;\r\n\t\tfor(i=0; i < ins; i++) if(X.U16(modp+insp+i*0x98,_BE)) synsmp++; else smp++;\r\n\t\tif(smp != sc) bad = bad.addIfNone('!inconsistentsmpcnt'+sc); //be cool to understand how that happens...\r\n\t\tp += 4;\r\n\t\tif(smp) for(pp=p, p+=sc<<2; sc-- && p < X.Sz(); pp += 4) p += X.U32(pp,_BE);\r\n\t\tif(!X.c(\"'deadbeef'\",p)) if(X.isHeuristicScan()) bad = bad.addIfNone('!badeof'); else return false;\r\n\t\tp += 12; sc = p; //skip 'deadbeef '; sc is now for counting the string length\r\n\t\t// There's no real need to include the \"programowner\" info into calcsize but let's;\r\n\t\t// otherwise the eagleplayer thinks the file is \"too short\", although nobody really cares...\r\n\t\tfor(lim = Math.min(p+0x400,X.Sz()); p < lim;) {\r\n\t\t\tc = X.U8(p++)^0xFF; if(c == 0xFF || isWithin(c,0,8) || isWithin(c,11,12) || isWithin(c,14,0x1F)) break;\r\n\t\t\tif(c == 0xA) { c = 0x20; if(owner[owner.length-1] == 0x20) continue }\r\n\t\t\towner.push(c)\r\n\t\t}\r\n\t\tif(owner[owner.length-1] == 0x20) owner.pop();\r\n\t\tsz = p;\r\n\t\tif(c != 0xFF && p-sc != 0x50) bad = bad.addIfNone('!badinfo');\r\n\t}\r\n\tbpm0 = (15*irqps0/spd0).toFixed(1); owner = decEncoding(owner,CPAmiga).trim();\r\n\treturn true\r\n}\r\nif(!bDetected && isSonicArranger()) {\r\n\tsName = \"BrainTrace Design's Sonic Arranger module (.SA\"+(sv == 'pure'?',.LION':'')+\")\"; bDetected = 1;\r\n\tsVersion = sv; if(bad != '') sVersion = sVersion.appendS('malformed:'+bad,'/');\r\n\tif(X.isVerbose()) {\r\n\t\tif(x > 1) sOption(x,'×');\r\n\t\tif(owner != '') sOption(addEllipsis(owner,0xA0,0x80),'info:\"','\"');\r\n\t\tsOption('bpm0:'+bpm0+(ord?' ord:'+ord:'')+(lp0?' lp0:'+lp0:'')+(ptn?' ptn:'+ptn:'')+(ins?' ins:'+ins:'')\r\n\t\t\t+(smp?' wf.smp:'+smp:'')+(synsmp?' syn.smp:'+synsmp:'')+' sz:'+outSz(sz))\r\n\t}\r\n}\r\nif(!bDetected && X.c(\"'SASI'00000000000100\")) {\r\n\tsName = \"BrainTrace Design/MEDIA Verlags Sonic Arranger synth instrument\"; bDetected = 1\r\n}\r\n\r\n\r\nfunction isJT() {\r\n\tif(X.Sz() < 1700) return;\r\n\tfor(p = 0; p < 40; p += 2) if(X.c(\"02390001\",p)) break; if(p == 40) return;\r\n\tp += 8; if(!X.c(\"66..4E75\",p++)) return; if((t = X.I8(p++)) <= 0) return;\r\n\tp += t; if(X.c(\"4A39\",p)) for(j=4; j--; p += 0x12) if(!X.c(\"4A39\",p)) return;\r\n\tif(!X.c(\"78001839\",p)) return;\r\n\tfor(j = p;;) { p = X.fSig(j,0x40000,\"1400E302\"); if(p < 0) return; else if(i % 2) { j = p+1; continue } else break }\r\n\tvar org = X.U32(p+6,_BE);\r\n\tfor(;;) { p = X.fSig(j,0x40000,\"03580328\"); if(p < 0) return; else if(i % 2) { j = p+1; continue } else break }\r\n\torg -= p;\r\n\tfor(p=0; p < 0x40000; p += 2) if(X.c(\"B23C00FF\",p) || X.c(\"0C0100FF\",p)) break; if(p >= 0x40000) return;\r\n\tfor(; p < 0x40000; p += 2) if(X.c(\"267C\",p-2)) break; if(p >= 0x40000) return; p += 4; //?\r\n\tfor(; p < 0x40000; p += 2) if(X.c(\"49F9\",p-2)) break; if(p >= 0x40000) return; smpip = X.U32(p,_BE)-org; p += 4;\r\n\tfor(; p < 0x40000; p += 2) if(X.c(\"0026267C\",p-4)) break; if(p >= 0x40000) return; p += 4; //?\r\n\tfor(; p < 0x40000; p += 2) if(X.c(\"23F4\",p)) break; if(p >= 0x40000) return;\r\n\tsubsongp = X.U32(p-4,_BE)-org; p += 6; x = 0;\r\n\tfor(p=subsongp; p < 0x40000; p += 0x12) {\r\n\t\tif(X.U8(p+16) != 12) break; t = X.U32(p,_BE);\r\n\t\tif(X.U32(p+4,_BE) != t || X.U32(p+8,_BE) != t || X.U32(p+12,_BE) != t) x++; else break\r\n\t}\r\n\tj = X.U32(smpip,_BE)-org; i = smpip+4; info = (j-i) >> 2;\r\n\td0 = X.I32(j+4,_BE); d1 = X.I16(j+2,_BE)*2 + d0;\r\n\tfor(smp = 1; i < j; i += 4) {\r\n\t\tt = X.U32(i,_BE)-org; d3 = X.U32(t+4,_BE); if(!d3) continue;\r\n\t\td4 = X.I16(t+2,_BE)*2+d3; if(d3 < d0) d0 = d3; if(d4 > d1) d1 = d4; smp++\r\n\t}\r\n\tsongsz = d0-org; sz = d1-org;\r\n\tfor(i=0; i < 0x40000; i+=2) if(X.c(\"4E75\",i-2)) break;\r\n\tspecialmsg = ''; //I've no modules to test this on\r\n\tif((d1=X.U8(i-3)) != 2) specialmsg = X.SC(i,0x100,CPAmiga);\r\n\treturn true;\r\n}\r\nif(!bDetected && isJT()) {\r\n\tsName = \"Jeroen 'WAVE' Tel's module (.JT)\"; bDetected = 1;\r\n\tif(X.isVerbose()) {\r\n\t\tif(specialmsg != '') sOption(specialmsg); if(x > 1) sOption(x,'×');\r\n\t\tsOption('smp:'+smp+' songsz:'+Hex(songsz)+' sz:'+outSz(sz))\r\n\t}\r\n}\r\n\r\n\r\nfunction isTCBTracker() {\r\n\t//ref ftp://ftp.scene.org/pub/resources/gotpapers/manuals/tcb_tracker_1.0_manual_1990.pdf\r\n\tif(X.Sz() <= 0x132 || !X.c(\"'AN COOL'\") || (ptn = X.U32(8,_BE)) > 127 || (tmp0 = X.U8(0xC)) > 15\r\n\t\t|| X.U8(0xD) || (ord = X.I8(0x8E)) <= 0) return;\r\n\tif(X.SA(7,1) == '!') fmt = 0; else if(X.SA(7,1) == '.') fmt = 1; else return;\r\n\tif(!fmt) ptnp = 0x110; else ptnp = 0x132; smpp = ptnp+ptn*0x200; if(smpp+0xD4 > X.Sz()) return;\r\n\tif(!X.c(\"FFFFFFFF00000000\",smpp+0xCC) || X.U32(smpp+0x44,_BE) != 0xD4) return;\r\n\tsmp = 0; p = smpp+0x48;\r\n\tfor(i=0; i < 16 && p < X.Sz(); i++) if(X.U32(p,_BE) != 1) smp++;\r\n\tsz = smpp+X.U32(smpp,_BE);\r\n\treturn true\r\n}\r\nif(!bDetected && isTCBTracker()) {\r\n\t\tsName = \"Anders 'AN Cool' Nilsson's TCB Tracker module (.TCB)\"; sVersion = 'f.'+fmt; bDetected = 1;\r\n\t\tif(X.isVerbose())\r\n\t\t\tsOption('tempo:'+tmp0+' ord:'+ord+' ptn:'+ptn+' smp:'+smp+' sz:'+outSz(sz));\r\n\t}\r\n\r\n\r\nfunction is669() {\r\n\t//from https://modland.com/pub/documents/format_documentation/Composer%20669,%20Unis%20669%20(.669).txt\r\n\tif(!X.c(\"'if'\") && !X.c(\"'JN'\") || X.Sz() < 0x1F1+0x600) return; //not easy to make the signature more deficient than this one!\r\n\tif((smp=X.U8(0x6E)) > 0x40 || (ptn=X.U8(0x6F)) > 0x80 || (lp=X.U8(0x70)) >= 0x80) return;\r\n\tfor(ic=0,i=2; i < 0x6D; i++) if(isWithin(X.U8(i),1,31) && ++ic > 40) return;\r\n\tfor(i=ord=0; i < 0x80; i++) { //from 71h: order list; from F1h: ptn tempos; from 171h: ptn breaks\r\n\t\tif((o=X.U8(0x71+i)) >= ptn && o < 0xFE) return; if(o < 0x80 && !(t=X.U8(0xF1+i))) return;\r\n\t\tif(t > 15 || X.U8(0x171+i) >= 0x40) return; if(o < 0xFE) ord++;\r\n\t}\r\n\tsz = 0x1F1+smp*0x19+ptn*0x600;\r\n\tif(X.Sz() < sz) return;\r\n\tfor(i = rsmp = 0; i < smp; i++) { //smp filename may have custom messages (the lunar forest), but too rarely\r\n\t\tssz = X.U32(0x1FE+i*0x19); slps = X.U32(0x202+i*0x19); slpe = X.U32(0x206+i*0x19);\r\n\t\tif(ssz) rsmp++; else continue;\r\n\t\tif(ssz > 0x4000000) return; //a sanity check from openmpt\r\n\t\tif([0xFFFFF,0xF0FFFF,0xFFFFFFFF].indexOf(slps) < 0 && slps > ssz) return;\r\n\t\tif([0xFFFFF,0xF0FFFF,0xFFFFFFFF].indexOf(slpe) < 0 && (slpe > ssz || slpe < slps)) return;\r\n\t\tsz += ssz;\r\n\t}\r\n\treturn true\r\n}\r\nif(!bDetected && is669()) {\r\n\tsName = ( X.c(\"'if'\") ? \"Renaissance's Composer 669\"\r\n\t\t: \"Jason 'JsNO BAR----' Nunn's UNIS 669 Composer\" ) + \" module (.669)\"; bDetected = 1;\r\n\tif(X.isVerbose()) {\r\n\t\tt = X.SC(0x02,36,'CP850').trim(); //the seemingly most-used encoding for'em\r\n\t\tt = t.appendS(X.SC(0x26,36,'CP850').trim(),' '); t = t.appendS(X.SC(0x4A,36,'CP850').trim(),' ');\r\n\t\tsOption(t); sOption('ord:'+ord+(lp?' loop:'+lp:'')+' ptn:'+ptn+' smp:'+smp+' sz:'+outSz(sz))\r\n\t}\r\n}\r\n\r\n\r\nfunction isBuzzic10() { // doesn't detect empty modules with no sound, as the format's already too sparse\r\n\tif(X.Sz() < 0xAEA8) return;\r\n\tsusv = 0; // suspicious values like zero volume\r\n\tins = X.U32(0x4A00); if(!ins || ins > 128) return;\r\n\ttrk = X.U32(0x8E8C); if(!trk || trk > 64) return;\r\n\t//not that many tracks even fit on screen tho', and there's no horizontal scrolling, so it'd be much fewer\r\n\t//however, technically, it does have the format space even to fit 128 tracks. But only 64 names for them.\r\n\tptn = X.U32(0x8E84); if(!ptn || ptn > 128) return;\r\n\tgvol = X.F32(0x8E94); if(gvol < 0 || gvol > 2) return; gvol = Math.round(gvol*100)+'%';\r\n\tbpm = X.U8(0x8E98); if(bpm < 10) susv++;\r\n\tstart = X.U32(0x8E9C); ord = X.U32(0x8EA0);\r\n\tif(!ord) susv++; if(ord > 127 || start > ord) return; ord++;\r\n\tfloop = X.U32(0x8EA4); if(floop > 1) return;\r\n\tfor(i = 0; i < ins; i++) { //test instruments\r\n\t\tp = i*0x94; if(p+0x93 > Math.min(X.Sz(), 0x4A00)) return;\r\n\t\tvar mute = X.U8(p+0x80); if(mute > 1) return;\r\n\t\tvar note = X.I8(p+0x81); if(!note) susv++;\r\n\t\tif(note < 0 && -note > trk) return; //track link has to call a track\r\n\t\tvar nend = X.I8(p+0x82); if(nend < 0 && -nend > trk) return;\r\n\t\tvar len = X.U8(p+0x83); if(len > 127) return;\r\n\t\tvar vol = X.I8(p+0x84); if(vol < 0 && -vol > trk) return;\r\n\t\tif(!len) susv++; if(!vol) susv++;\r\n\t\tvar osc = X.U8(p+0x85); if(osc > 3) return; if(osc < 3 && !note) susv++; //only noise doesn't need the note\r\n\t\tvar dtn = X.I8(p+0x86); if(note > 0 && note+dtn <= 0) return; if(dtn < -32 || dtn > 64) susv++;\r\n\t\tvar atk = X.U8(p+0x87), dcy = X.U8(p+0x88), sus = X.U8(p+0x89);\r\n\t\tif(dcy < atk || sus < dcy || sus > 127 || atk > 127 || sus > 127) return;\r\n\t\tif(!atk && !dcy && !sus) susv++;\r\n\t\tvar cut = X.I8(p+0x8A); if(cut < 0 && -cut > trk) return; //cutoff mod @ +0x8B\r\n\t\tvar res = X.I8(p+0x8C); if(res < 0 && -res > trk) return;\r\n\t\tvar dly = X.U8(p+0x8D), rep = X.U8(p+0x8E), damp = X.U8(p+0x8F);\r\n\t\tif(dly > 127 || rep > 127 || damp > 127) return;\r\n\t\tvar lvwrap = X.I8(p+0x90);\r\n\t\tif(lvwrap < 0 && lvwrap > trk) return;\r\n\t\tvar lvhard = X.I8(p+0x91);\r\n\t\tif(lvhard < 0 && lvhard > trk) return;\r\n\t\tvar comprlo = X.U8(p+0x92), comprhi = X.U8(p+0x93);\r\n\t\tif((comprlo > 127 || comprhi > 127) || (!comprhi && comprlo)\r\n\t\t\t|| (comprhi && comprhi <= comprlo)) return; // they CAN both be 0...\r\n\t}\r\n\tif(susv > ins*3) { if(debug>0)_logIt(\"data too suspicious\"); return }\r\n\tfor(i = 0x4A04; i < 0x4E84; i++) if(X.U8(i) > 127) return; // testing patterns\r\n\tfor(i = 0x4E84; i < 0x4E84+64*128; i++) //testing tracks... all 64 of'em\r\n\t\tif(X.U8(i) > ptn) { if(debug>0)_logIt(\"@\"+Hex(i)+\": bad ptn\"); return }\r\n\tif(!isAllZeroes(0x4E84+64*128,64*128))\r\n\t\treturn false; // the uneditable tracks would stay as 0, fair enough\r\n\t// there are absolutely no checks made on the text values so there's no meaning in checking those\r\n\treturn true\r\n}\r\nif(!bDetected && X.isDeepScan() && isBuzzic10()) {\r\n\tsName = \"Buzzic module (.BUZ)\"; sVersion = 'v1.0'; bDetected = 1;\r\n\tsOption('trk:'+trk+' ord:'+ord+(start?' (from '+start+')':'')+' ptn:'+ptn+' ins:'+ins\r\n\t\t+' bpm:'+bpm+' gvol:'+gvol+' sz:44712')\r\n}\r\n\r\n\r\nfunction isBuzzic11() { //detection only slightly different from the above\r\n\tif(X.Sz() < 0xB0A8) return false;\r\n\tsusv = 0;\r\n\tins = X.U32(0x4C00); if(!ins || ins > 128) return;\r\n\ttrk = X.U32(0x908C); if(!trk || trk > 64) return; // this editor has better limits on max tracks\r\n\tptn = X.U32(0x9084); if(!ptn || ptn > 128) return;\r\n\tgvol = X.F32(0x9094); if(gvol < 0 | gvol > 1.91) return; gvol = Math.round(gvol*100)+'%';\r\n\tbpm = X.U8(0x9098); if(bpm < 10) susv++;\r\n\tstart = X.U32(0x909C); ord = X.U32(0x90A0);\r\n\tif(!ord) susv++; if(ord > 127 || start > ord) return; ord++;\r\n\tfloop = X.U32(0x90A4); if(floop > 1) return;\r\n\tfor(i = 0; i < ins; i++) {\r\n\t\tp = i*0x98; if(p+0x97 > Math.min(X.Sz(), 0x4A00)) return;\r\n\t\tvar mute = X.U8(p+0x80); if(mute > 1) return;\r\n\t\tvar note = X.I8(p+0x81); if(!note) susv++;\r\n\t\tif(note < 0 && -note > trk) return;\r\n\t\tvar nend = X.I8(p+0x82); if(nend < 0 && -nend > trk) return;\r\n\t\tvar len = X.U8(p+0x83); if(len > 127) return;\r\n\t\tvar vol = X.I8(p+0x84); if(vol < 0 && -vol > trk) return;\r\n\t\tif(!len) susv++; if(!vol) susv++;\r\n\t\tvar osc = X.U8(p+0x85); if(osc > 3) return; if(osc < 3 && !note) susv++;\r\n\t\tvar dtn = X.I8(p+0x86); if(note > 0 && note+dtn <= 0) return; if(dtn < -32 || dtn > 64) susv++;\r\n\t\tvar atk = X.U8(p+0x87), dcy = X.U8(p+0x88), sus = X.U8(p+0x89);\r\n\t\tif(dcy < atk || sus < dcy || sus > 127 || atk > 127 || sus > 127) return;\r\n\t\tif(!atk && !dcy && !sus) susv++;\r\n\t\tvar cut = X.I8(p+0x8A); if(cut < 0 && -cut > trk) return;\r\n\t\tvar res = X.I8(p+0x8C); if(res < 0 && -res > trk) return;\r\n\t\tvar dly = X.U8(p+0x8D), rep = X.U8(p+0x8E), damp = X.U8(p+0x8F);\r\n\t\tif(dly > 127 || rep > 127 || damp > 127) return;\r\n\t\tvar lvwrap = X.I8(p+0x90);\r\n\t\tif(lvwrap < 0 && lvwrap > trk) return;\r\n\t\tvar lvhard = X.I8(p+0x91);\r\n\t\tif(lvhard < 0 && lvhard > trk) return;\r\n\t\tvar comprlo = X.U8(p+0x92), comprhi = X.U8(p+0x93);\r\n\t\tif((comprlo > 127 || comprhi > 127) || (!comprhi && comprlo)\r\n\t\t\t|| (comprhi && comprhi <= comprlo)) return;\r\n\t\tvar pan = X.I8(p+0x94); if(pan > 118) return; // funny—looks like an input filter typo, ah well\r\n\t\tvar fltfreq = X.I8(p+0x95), fltres = X.I8(p+0x97); //frqmod @ +0x96\r\n\t\tif((fltfreq < 0 && -fltfreq > trk) || (fltres < 0 && -fltres > trk)) return;\r\n\t}\r\n\tif(susv > ins*3) { if(debug>0)_logIt(\"too suspicious\"); return }\r\n\tfor(i = 0x4C04; i < 0x5084; i++) if(X.U8(i) > 127) return; // testing patterns\r\n\tfor(i = 0x5084; i < 0x7084; i++) //testing tracks... orderlists? all 64 of'em\r\n\t\tif(X.U8(i) > ptn) { if(debug>0)_logIt(\"@\"+Hex(i)); return }\r\n\tif(!isAllZeroes(0x7084,0x2000)) return;\r\n\treturn true\r\n}\r\nif(!bDetected && X.isDeepScan() && isBuzzic11()) {\r\n\tsName = \"Buzzic module (.BUZ)\"; sVersion = 'v1.1'; bDetected = 1;\r\n\tsOption('trk:'+trk+' ord:'+ord+(start?' (from '+start+')':'')+' ptn:'+ptn+' ins:'+ins\r\n\t\t+' bpm:'+bpm+' gvol:'+gvol+' sz:45224')\r\n}\r\n\r\n\r\nfunction isMXDRV() {\r\n\t// fmt https://www.vector.co.jp/download/file/dos/art/fh003454.html / DOC/MDXFORM.DOC\r\n\t// ref ditto / SRC/MDX2MUS.ASM\r\n\t// useful links: https://gorry.haun.org/mx/index_e.html\r\nfunction re(p,t) { if(debug>-1)_l2r('mdx',p,t); return false }\r\n//detection starts from here\r\n\tif(X.Sz() < 4+2+9*2+9*2) return false; //0d0a1a+00, vd ptr, chn ptrs, f100 f100....\r\n\tda1 = X.fSig(0,Math.min(0x400,X.Sz()),\"0D0A1A\"); //the longest title I saw was that long\r\n\tif(da1 < 0) return false;\r\n\tcrypt = X.c(\"00'crypt'\",da1-6);\r\n\tsus = crypt? -10: 0;\r\n\tfor(i = 0; i < da1; i++) if(X.U8(i) < 0x20 && [0,9,0x1B,0xA,0x1A].indexOf(X.U8(i)) < 0) return false;\r\n\ttitle = X.SC(0,da1,'SJIS');\r\n\tp = X.fSig(da1+3,Math.min(15,X.Sz()-da1),\"00\"); if(p < 0) return false;\r\n\tif(da1+3 != p)\r\n\t\tpdxfn = X.SC(da1+3,p,'SJIS');\r\n\telse pdxfn = \"\";\r\n\tp++; ofs = p; bad = '';\r\n\r\n\tcomp = false; ch = 9;\r\n\tif(X.SA(ofs+4,4) == \"LZX \"&& (lzxsz = X.U32(ofs+0x12,_BE))) {\r\n\t\tcomp = true;\r\n\t\tsz = X.fSig(ofs+0x16,TOEOF,\"'[ LZX.X ]'0D0A0000\")+13;\r\n\t\tif(sz < 13) bad = bad.addIfNone('!short'); usedch = ch; bpm0 = notes = vdn = 0;\r\n//re(ofs,\"←ofs, lzxsz = \"+lzxsz+\" sz=\"+Hex(sz));\r\n\t\treturn true; // stop right there because omg no\r\n\t}\r\n\r\n\tif(crypt) vd = -1;\r\n\telse {\r\n\t\tvd = X.U16(ofs,_BE)+ofs;\r\n\t\tif(vd > X.Sz()) { vd = -1; sus++ }\r\n\t\t//the bytes before voicedata (OPM voices, instruments) will be the F1 command (stop playback),\r\n\t\t//UNLESS, for example, you're Dig Dug2/dd2-10.mdx which is 84k long and the ins ptr just can't reach there\r\n\t\t//It still plays, so we have to accept this mockery, but we're holding a grudge...\r\n\t\tif(X.U8(vd-2) != 0xF1 && X.U8(vd-3) != 0xF1) { vd = -1; sus++ }\r\n//re(vd,'vd')\r\n\t\tp += 2;\r\n\t}\r\n\tif(!X.c(\"0014\",p) && !X.c(\"0022\",p)) return false;\r\n\tm = Math.min(0xFFFFF,X.Sz()-2); //dd2-10.mdx is larger than it'd be allowed but still plays\r\n\tif(crypt) {\r\n\t\tsz = X.fSig(ofs+20,m,\"'protected by cryptmdx v1.00 (c)1995 H.Yano'00\")+0x2B;\r\n\t\tusedch = ch; bpm0 = 0; return true\r\n\t}\r\n\tvar chn0 = chn = oldchn = X.U16(p,_BE)+ofs; //we begin with mml data 0 ptr, stored as offset from post-info point \r\n\tif(!isWithin(chn,p,m)) return re(chn,'!chn'+Hex(p)+'-'+Hex(m)); // it shouldn't point at EoF-ish nor to 0 or 1\r\n\tch = (chn-ofs-2)/2; //0x14 or 0x22, ie. either 9 or 16\r\n\tusedch = [0,0,0,0,0,0,0,0,0, 0,0,0,0,0,0,0]; notes = vdn = mp = 0; vds = []; bpm0 = -1;\r\n\tvar q = -1, lp = [], v = [0,1]; // v is for registering the presence of expected commands across the file; all must be 1\r\n\tif(X.isDeepScan()) { visited = []; for(i=0; i < m; i++) visited[i] = 0 } // to keep looping in check\r\n\r\n\tfor(k=1; k <= ch; k++) { //check the rest of channels\r\n\t\tp += 2;\r\n//re(p,'--= Parsing ch'+k+'/'+ch+' =--');\r\n\t\tif(p > mp) mp = p;\r\n\t\tif(k == ch) if(isWithin(vd, oldchn+2,X.Sz())) chn = vd; else chn = m;\r\n\t\telse {\r\n\t\t\tchn = X.U16(p,_BE)+ofs;\r\n\t\t\tif(!isWithin(chn,oldchn+2,m) || (X.U8(chn-2) != 0xF1 && X.U8(chn-3) != 0xF1)) {\r\n//re(chn,'DEBUG2:'+Hex(X.U24(chn-3,_BE))+' ch'+ch);\r\n\t\t\t\tchn = oldchn; usedch[k-1] = false;\r\n\t\t\t}\r\n\t\t\tif(!isWithin(chn,oldchn+2,m)) { re(chn,'!p='+Hex(p)+',ch['+k+'] not between '+Hex(oldchn+2)+' and '+Hex(m)); sus += 2 }\r\n\t\t\tif(X.U8(chn-2) != 0xF1 && X.U8(chn-3) != 0xF1) {\r\n\t\t\t\tbad = bad.addIfNone('!badchnend@'+Hex(chn-2)+'='+Hex(X.U24(chn-3,_BE))); if(!X.isDeepScan()) sus++\r\n\t\t\t}\r\n\t\t}\r\n\t\tclk = 0; var cnotes = 0;\r\n\r\n\t\tif(X.isDeepScan()) for(q=oldchn,stop=false; !stop && q != chn && q < m; ) {\r\n\r\n//_log(''+Hex(q)+' >> '+MDXCmdStr(k-1,q)); // !! the heavy logger of music data here. Much fun, much debug info\r\n\r\n\t\t\tvisited[q] = 1; if(q > mp) mp = q;\r\n\t\t\tvar c = X.U8(q++);\r\n\t\t\tif(c < 0x80) clk += c+1; //rest\r\n\t\t\telse if(c <= 0xDF) { cnotes++; notes++; usedch[k-1] = true; clk += X.U8(q++)+1 } //note or sample\r\n\t\t\telse switch(c) { //MMLscript\r\n\t\t\tcase 0xFF: if(bpm0 < 0) bpm0 = X.U8(q); q++; break; //tempo0 (t)\r\n\t\t\tcase 0xFE: a = X.U8(q); b = X.U8(q+1);//OPM reg set: reg and data\r\n\t\t\t\tif(!isYM2151Reg()) { sus++; bad = bad.addIfNone('!OPMreg@'+Hex(q-2)) }\r\n\t\t\t\telse if(a == 8 && (b&0xC8)) { cnotes++; notes++; usedch[b&7] = true }\r\n\t\t\t\telse if(isWithin(a, 0x60,0x7F)) v[0] = true;\r\n\t\t\t\tq += 2; break;\r\n\t\t\tcase 0xFD: t = X.U8(q++); if(vds.indexOf(t) < 0) vds.push(t); break; //vd selection (@)\r\n\t\t\tcase 0xFC: q++; break; //pan\r\n\t\t\tcase 0xFB: t = X.U8(q++); if(isWithin(t,0x16,0x7F)) { bad = bad.addIfNone('!FB@'+Hex(q-2)+'='+Hex(t)); sus++ } v[0] = 1;\r\n\t\t\tbreak; //volume (v or @v)\r\n\t\t\tcase 0xFA: case 0xF9: case 0xF7: case 0xEE: case 0xE8: break; //vmin, vmax, let ring, PCM8wide, syncwait, useful4Ach-head\r\n\t\t\tcase 0xF8: t = X.U8(q++);\r\n\t\t\t\tif(!t/* || isWithin(t,9,0x7f)*/) { bad = bad.addIfNone('!F8@'+Hex(q-1)); sus++ } break; //snd len (q or @q)\r\n\t\t\tcase 0xF6: if(X.U8(q+1)) q++; else q += 2; break; //repeat start: num, 00 (apparently not always present)\r\n\t\t\tcase 0xF5:\r\n\t\t\t\tif(X.U8(q+X.I16(q,_BE)-1) != 0xF6) { bad = bad.addIfNone('!F5→F6@'+Hex(q)); sus++ }\r\n\t\t\t\tq += 2; break; //repeat end: ofs to repstart+2\r\n\t\t\tcase 0xF4:\r\n\t\t\t\tif(X.U8(q+X.I16(q,_BE)+1) != 0xF5) { bad = bad.addIfNone('!F4→F5@'+Hex(q)); sus++ }\r\n\t\t\t\tq += 2; break; //repeat stop: ofs to repend+1\r\n\t\t\tcase 0xF3: q += 2; break; //detune (D)\r\n\t\t\tcase 0xF2: q += 2; break; //portamento (_)\r\n\t\t\tcase 0xF1: //endplay (optionally loopptr)\r\n\t\t\t\t//we'll stop here, ignoring possible unused music data that may follow past it,\r\n\t\t\t\t//because some files, like dd2-00.mdx, use the space BETWEEN channels to store unrelated data... \r\n\t\t\t\tif(X.U8(q)) {\r\n\t\t\t\t\tlp[k] = q+2+X.I16(q,_BE);\r\n\t\t\t\t\t//normally, the loop is the channel's end but dd1-*.mdx are using F1 like jmp $+...\r\n\t\t\t\t\t//if(!isWithin(lp[k],oldchn,chn)) {\r\n\t\t\t\t\tif(!isWithin(lp[k],chn0,m)) { bad = bad.addIfNone('!loopOOB@'+Hex(q-1)); sus++ }\r\n\t\t\t\t\tif(visited[lp[k]]) { stop = true; q += 2 } else q = lp[k];\r\n\t\t\t\t} else q++;\r\n\t\t\t\tif(vd > 0 && vd < q) vd = q;\r\n\t\t\t\t break;\r\n\t\t\tcase 0xF0: q++; break; // key-on delay (k)\r\n\t\t\tcase 0xEF: q++; break; //send sync to channel #\r\n\t\t\tcase 0xED: q++; break; //ADPCM/noisewave#, H or P(f command)\r\n\t\t\tcase 0xEC: case 0xEB: case 0xEA: t = X.U8(q++); //LFO ctl for 音程, 音量. OPMLFO ctl\r\n\t\t\t\tif(t != 0x80 && t != 0x81) q += 4; break;\r\n\t\t\tcase 0xE9: q++; break; //LFO delay (MD)\r\n\t\t\tcase 0xE7: if(X.U8(q) != 1) { bad = bad.addIfNone('!E7@'+Hex(q-1)); sus++ } q += 2; break //fadeout: 01, spd ($FO)\r\n\t\t\tdefault: stop = true; bad = bad.addIfNone('!unk'+Hex(c)); sus++ //unknown commands do stop-play\r\n\t\t\t}\r\n\t\t\tif(q > mp) mp = q;\r\n\t\t} // /if isDeepScan scan the channel\r\n\t\tif(cnotes) usedch[k-1] = true;\r\n//re(oldchn,'ch'+(k-1)+' stopped @'+Hex(q)+', has '+Hex(chn-oldchn)+' data ...'+Hex(X.U24(chn-3,_BE))+']')\r\n//re(q,'ch'+(k-1)+' v:'+v.join('')+' clk:'+clk+' ... cmd:'+Hex(c))\r\n\t\toldchn = chn;\r\n\t\tif(sus > 8) return re(mp,sus+' '+bad);\r\n\t} // /for k=1; k<=ch\r\n\tif(X.isDeepScan() && v[0] != '1') { bad = bad.addIfNone('!novol'); sus++ }\r\n\tif(sus > 8) return re(mp,sus+' '+bad);\r\n\tif(vd > 0 && vd < chn) { bad = bad.addIfNone('!ins@'+Hex(vd)+' 0 && vd < chn)?chn:(vd > 0)?vd:p; vds.length && p < m; p+=0x1B) {\r\n\t\t\tif(!vds.length) break; //found all the instruments we used\r\n\t\t\tif(!(X.U8(p+1)&0xC0) && !(X.U8(p+2)&0xF0) //test for empty bytes at FL&CON and slot mask\r\n\t\t\t && vdsavl.indexOf(t=X.U8(p)) < 0) //a new instrument found\r\n\t\t\t\tvdsavl.push(t);\r\n\t\t\telse break; //test for dupes\r\n\t\t\tvds = vds.filter(function(a,b,c){return a!=X.U8(p)}); //remove the matching element from the used vd list\r\n\t\t\tif(p > mp) mp = p;\r\n\t\t}\r\n\t\tvdsavl.sort(function(a,b){return a-b});\r\n//re(p,'vdfound:'+outArray(vdsavl,16))\r\n\t\tif(vds.length) bad += '!missingInst'+outArray(vds,16);\r\n\t\tsz = mp+27;\r\n\t}\r\n\tsz = X.isDeepScan()? mp: -1; if(vd == X.Sz()) sz = vd;\r\n\treturn true;\r\n}\r\nif(!bDetected && isMXDRV()) {\r\n\tsName = \"Konami's X68k Music Data eXtended module (.MDX)\"; bDetected = 1;\r\n\tif(pdxfn != \"\") sVersion = sVersion.appendS('+ '+pdxfn,' ');\r\n\tif(ch > 9) sVersion += \"#EX-PCM\";\r\n\tif(comp) sVersion = sVersion.appendS('compressed','/');\r\n\tif(crypt) sVersion = sVersion.appendS('cryptmdx','/');\r\n\tif(bad.length) sVersion = sVersion.appendS('malformed'+bad+(sus?'/sus'+sus:''),'/');\r\n\tif(X.isVerbose()) {\r\n\t\tsOption(addEllipsis(title),'\"','\"');\r\n\t\tfor(ch=0,i=0; i < 16; i++) if(usedch[i]) ch++;\r\n\t\tif(!crypt) sOption('ch:'+ch+' bpm0:'+(bpm0 < 0?'default':bpm0)\r\n\t\t\t+(notes? ' notes:'+notes: '')+(vdn? ' ins:'+vdn: '')+(sz > 0? ' sz:'+outSz(sz): ''));\r\n\t\telse sOption('sz:'+outSz(sz))\r\n\t}\r\n}\r\n\r\n\r\nfunction isFredF() {\r\n\t//ref https://github.com/neumatho/NostalgicPlayer/blob/main/Source/Agents/Players/Fred/FredWorker.cs\r\n\tvar p = modp = ofsdiff = 0; bad = '';\r\n\tfunction _check0() {\r\n\t\tif(X.Sz() < 0xB0E) return false; if(!X.c(\"4EFA....4EFA....4EFA....4EFA\")) return false;\r\n\t\tp = X.I16(2,_BE)+2; if(p <= 0x10 || p%2) return false;\r\n\t\t// The init routine just has 2 variants it seems, the second I only found in furball*.fred.\r\n\t\t// Maybe out in the wild there are more but:\r\n\t\tif(!X.c(\"123A.... B0016200 007E47FA 08761680 45FA0873 49FA086E D5C01892 E7887E03 7C0041FA 08D8\",p)\r\n\t\t && !X.c(\"42380001 123A.... B0016200 007E47FA 08B61680 45FA08B3 49FA08AE D5C01892 E7887E03 7C0041FA 0918\",p))\r\n\t\t\treturn false;\r\n\t\t// and this is as-is from NP. Not sure why this specific way of looking for it\r\n\t\tfor(i=0; i < 4; i++) if(X.c(\"123A....B001\",p+i*2)) { modp = p+i*2+1+X.I16(p+i*2+2,_BE); break }\r\n\t\tif(i == 4 || modp > X.Sz()) return false;\r\n\t\tfor(; i < 60; i++) if(X.c(\"47FA....D7FA\",p+i*2)) { ofsdiff = p+(i+1)*2+X.I16(p+i*2+2,_BE); return true }\r\n\t\treturn false\r\n\t}\r\n\tif(!_check0()) return false; p = modp+1; x = X.U8(p++)+1; if(x > 10) return false; spd0 = X.U8(p++);\r\n\tspds = []; for(i=0; i < 10; i++) { t = X.U8(p++); if(spds.indexOf(t) < 0) spds.push(t) } p++;\r\n\tvar insp = ofsdiff+X.U32(p,_BE), trkp = ofsdiff+X.U32(p+4,_BE), ptnsz = Math.abs(insp-trkp);\r\n\t// subsong start pos per voice init and read\r\n\tvar stpt = [], ordt = [], trkt = [], trks = []; for(i=0,ord=[],p+=0x26C/*replay data*/; i < x; i++) { stpt[i] = [0,0,0,0]; ord[i] = 0 }\r\n//_l2r('frf',p,'starts')\r\n\tfor(i=0; i < x; i++) for(j=0; j < 4 && p < X.Sz(); j++,p+=2) stpt[i][j] = (X.U16(p,_BE) - x*8) >> 1;\r\n//_l2r('frf',p,' -> '+outArray(stpt,16))\r\n\tif(p > X.Sz()) return false; ordp = p;\r\n\tfor(otsz=(Math.min(insp,trkp)-p)>>1,i=0; i < otsz; i++,p+=2) ordt.push(X.I16(p,_BE));\r\n\ttrksz = Math.abs(insp-trkp);\r\n\tfor(i=tr=0; i < trksz; tr++) { // for checking ofs in the orderlist\r\n\t\tfor(si=i; X.U8(p+(i++)) != 0x80 && i != trksz && p+i < X.Sz();){}\r\n\t\tif(i == trksz && X.U8(p+i-1) != 0x80) break;\r\n\t\ttrkt[si] = tr\r\n\t}\r\n\tfor(i=0; i < x && p < X.Sz(); i++) {\r\n\t\tfor(j=0; j < 4 && p < X.Sz(); j++) {\r\n\t\t\tfor(on=true,c=stpt[i][j]; c - stpt[i][j] < 0xFF && ordt[c] >= 0; c++)\r\n\t\t\t\tif(typeof trkt[ordt[c]] == 'undefined') return false;\r\n\t\t}\r\n\t} \r\n\tfor(syn=smp=0,msmpp=0x7fffffff,Msmpp=smpe=0,p=insp;;) {\r\n\t\tvar smpp = X.U32(p,_BE), tsyn = X.I16(p+4,_BE), ssz = X.U16(p+6,_BE) << 1;\r\n\t\tvar tins = X.U8(p+0x27); if(p+0x28 >= X.Sz() || p+0x3F >= msmpp) break;\r\n\t\tif(tins != 0xFF)\r\n\t\t\tif(smpp) {\r\n\t\t\t\tsmpp += ofsdiff; if(smpp > X.Sz()) break;\r\n\t\t\t\tif(smpp < msmpp) msmpp = smpp;\r\n\t\t\t\tif(smpp > Msmpp && smpp < X.Sz()) { Msmpp = smpp; smpe = smpp+ssz } smp++\r\n\t\t\t} else {\r\n\t\t\t\tif(tsyn === -779) /* giants-1.fred fix*/ break; if(tsyn != -1 && tins != 0) return false; syn++\r\n\t\t\t}\r\n\t\tp += 0x40;\r\n\t}\r\n\tif(smp) sz = smpe; else sz = p;\r\n\treturn true\r\n}\r\nif(!bDetected && isFredF()) {\r\n\tsName = \"Fred & Julien Clermonte's Fred Editor module (.FRED,.FRD)\"; sVersion = 'final'; bDetected = 1;\r\n\tif(bad != '') sVersion = sVersion.appendS('malformed'+bad,'/');\r\n\tif(X.isVerbose()) {\r\n\t\tif(x > 1) sOption(x,'×');\r\n\t\tsOption('tempo:'+spds.sort().join('-')+(smp?' smp:'+smp:'')+(syn?' syn:'+syn:'')+' sz:'+outSz(sz))\r\n\t}\r\n}\r\n\r\n\r\nfunction isDSMIAMF() {\r\n\t// ref https://github.com/OpenMPT/openmpt/blob/master/soundlib/Load_amf.cpp\r\n\tif(!X.c(\"'AMF'\")) return false; var v = X.U8(3);\r\n\tif(v != 1 && !isWithin(v, 8, 0xE)) return false;\r\n\tif(v < 9) p = 4; else p = 0x24;\r\n\tsmp = X.U8(p); ord = X.U8(p+1); trk = X.U16(p+2); ch = v >= 9? X.U8(p+4): 16;\r\n\tif(!smp || !ord || !trk) return false; if(v >= 9) p += 5; else p += 4;\r\n\tif(v < 12 && !isWithin(ch,1,16)) return false; if(!isWithin(ch,1,32)) return false;\r\n\tvar rc = v >= 11? (v >= 12? 32: 16): v >= 9? 16: 0;\r\n\tp += rc;\r\n\tif(v >= 13) { tmp0 = X.U8(p++); if(tmp0 < 32) tmp0 = 125; spd0 = X.U8(p++) } else { tmp0 = 125; spd0 = 6 }\r\n\tvar ptnsz = 0, psz = [], trkp = p; if(v >= 14) trkp += 2;\r\n\tfor(i=0; i < ord; i++) { if(v >= 14) { psz[ord] = X.U16(p); ptnsz += X.U16(p); p += 2 } p += ch*2 }\r\n\tvar truncshd = false;\r\n\tif(v == 10) {\r\n\t\tvar s = p; for(i=0; i < smp; i++) {\r\n\t\t\tif(s+65 < X.Sz()) if(X.U8(s) > 1 || X.U32(s+46) > smp || (ssz=X.U32(s+50)) > 0x100000\r\n\t\t\t || X.U8(s+56) > 0x40 || X.U32(s+57) > ssz || X.U32(s+61) > ssz)\r\n\t\t\t\t{ truncshd = true; break } else s += 65;\r\n\t\t}\r\n\t}\r\n\tsmps = []; var smpsz = 0; rsmp = 0;\r\n\tfor(i=0; i < smp; i++) {\r\n\t\tt = X.SC(p+1,0x20,'CP437').trim(); if(t.length) smps.push(t);\r\n\t\tif(v < 10) { smpsz += (t=X.U16(p+50)); if(t) rsmp++; p += 59 }\r\n\t\telse { smpsz += (t=X.U32(p+50)); if(t) rsmp++; p += (truncshd? 59: 65) }\r\n\t}\r\n\ttrkc = 0; for(i=0; i < trk; i++) { t = X.U16(p); p += 2; if(t > trkc) trkc = t }\r\n\tfor(i=0; i < trkc; i++) { t = X.U16(p); p += 3; if(t) p += t*3+ (v==1? 3: 0) }\r\n\tsz = p+smpsz;\r\n\treturn true\r\n}\r\nif(!bDetected && isDSMIAMF()) {\r\n\tsName = \"Digital Sound and Music Interface Advanced Music Format module (.AMF)\";\r\n\tsVersion = \"v\"+X.U8(3); bDetected = 1;\r\n\tif(X.isVerbose()) {\r\n\t\tsOptionT(X.SC(4,32,'CP437'));\r\n\t\tsOption(addEllipsis(smps.join(' '),0xA0),'smp/msg:\"','\"');\r\n\t\tsOption('ch:'+ch+' spd0:'+spd0+' tmp0:'+tmp0+' ord:'+ord+' trk:'+(trkc != trk?trkc+'/':'')+trk\r\n\t\t\t+' smp:'+(rsmp==smp?'':rsmp+'/')+smp+' sz:'+outSz(sz))\r\n\t}\r\n}\r\n\r\n\r\nfunction isSAdT() {\r\n\t//the signature's good enough but there also are sanity checks\r\n\t//ref https://github.com/adplug/adplug/blob/master/src/sa2.cpp\r\n\tif(!X.c(\"'SAdT'\") || !isWithin(nV=X.U8(4),1,9)) return false;\r\n\tconst hasArpList = 0x80, hasV7Ptn = 0x40, hasActCh = 0x20, hasTrkOrd = 0x10,\r\n\t\thasArp = 8, hasOldBPM = 4, hasOldPtn = 2, hasUnk127 = 1; var notedis=0, fl;\r\n\tswitch(nV) {\r\n\tcase 1: notedis = 0x18; fl = hasUnk127 | hasOldPtn | hasOldBPM; break;\r\n\tcase 2: notedis = 0x18; fl = hasOldPtn | hasOldBPM; break;\r\n\tcase 3: notedis = 0xC; fl = hasOldPtn | hasOldBPM; break;\r\n\tcase 4: notedis = 0xC; fl = hasArp | hasOldPtn | hasOldBPM; break;\r\n\tcase 5: notedis = 0xC; //fallthru\r\n\tcase 6: fl = hasArp | hasArpList | hasOldPtn | hasOldBPM; break;\r\n\tcase 7: fl = hasArp | hasArpList | hasV7Ptn; break;\r\n\tcase 8: fl = hasArp | hasArpList | hasTrkOrd; break;\r\n\tcase 9: fl = hasArp | hasArpList | hasTrkOrd | hasActCh\r\n\t}\r\n\tp = 5 + 31*(fl & hasArp? 15: 11);\r\n\tfor(i=0,inst=[]; i < 29; i++) { if((t=X.SC(p+1,X.U8(p),'CP437').trim()) != '') inst.push(t); p += 0x11 }\r\n\tp += 3; var orderlist = X.readBytes(p,128); p += 128;\r\n\tif(fl & hasUnk127) p += 0x7F;\r\n\tif(!isWithin(ptn=X.U16(p),1,64)) return false; p += 2;\r\n\tif(!isWithin(ord=X.U8(p++),1,0x80)) return false;\r\n\tfor(i=rptn=0; i < ord; i++) if((orderlist[i]+1) > rptn) rptn = orderlist[i]+1; delete orderlist;\r\n\tif(rptn > ptn || (lp=X.U8(p++)) >= ord) return false;\r\n\tbpm = X.U16(p); p += 2; if(fl & hasOldBPM) bpm = bpm*5/2;\r\n\tif(fl & hasArpList) p += 0x200; if(fl & hasTrkOrd) p += 9*0x40;\r\n\tif(fl & hasActCh) { actch = X.U16(p) << 16; p += 2 } else actch = -1;\r\n\ttrk = 0;\r\n\tif(fl & hasOldPtn) while(trk < ptn && p < X.Sz()) { p += 64*9*5; trk++ }\r\n\telse if(fl & hasV7Ptn) while(trk < ptn && p < X.Sz()) { p += 64*9*3; trk++ }\r\n\telse while(trk < 64*9 && p < X.Sz()) { p += 64*3; trk++ }\r\n\tsz = p;\r\n\treturn true\r\n}\r\nif(!bDetected && isSAdT()) {\r\n\tif(nV < 8) sName = \"Surprise! AdLib Tracker module (.SAT)\";\r\n\telse sName = \"Surprise! AdLib Tracker 2 module (.SA2)\";\r\n\tsVersion = \"v\"+nV; bDetected = 1;\r\n\tif(X.isVerbose()) {\r\n\t\tsOptionT(addEllipsis(inst.join(\" \"),0xA0),'ins/msg:\"','\"');\r\n\t\tsOption('bpm:'+bpm+(actch>=0?'ch:'+actch:'')\r\n\t\t\t+' ord:'+(lp?lp+'-':'')+ord+' ptn:'+(rptn!=ptn?rptn+'/':'')+ptn+(trk!=ptn?' trk:'+trk:'')+' sz:'+outSz(sz))\r\n\t}\r\n}\r\n\r\n\r\n/*function isTFMX() {\r\n\t//from https://gitlab.com/uade-music-player/uade/-/raw/master/amigasrc/players/wanted_team/TFMX/src/TFMX_v4.asm\r\n\tif(!X.c(\"'TFMX'\")) return false;\r\n\tif(X.U8(4) !== 0x20) {\r\n\t\tif(!X.c(\"'-SONG '\",4)) return false;\r\n\t\tif(!X.c(\"'by'\",10))\r\n\t\t\tif(!X.c(\"'(Empty) '\",0x10) && X.U8(0x10) !== 0x20 && !X.c(\"'0='\",0x10)) return false;\r\n\t}\r\n\tif(X.U32(0x1D0)) { _l2r('tfmx',0x1d0,'dw non-zero'); return false }\r\n\tif(X.c(\"0E60\",14)) return false;\r\n\tif(X.c(\"0860\",14) && !X.c(\"090C\",0x1224)) return false;\r\n\tif(X.c(\"0920\",14) && !X.c(\"9305\",0xF24)) return false;\r\n\tif((a0=X.I32(0x600,_BE)) <= 0 || (a0&1)) return false;\r\n\tif((a1=X.I32(0x7FC,_BE)) <= 0 || (a1&1)) return false; if(a1 > X.Sz()) a1 = X.Sz();\r\n\tfor(; a0 < a1; a0 += 4) if(X.U8(a0) > 0x24) return false;\r\n\r\n\tfor(i=0, x=1, d5=0x1F; 0x148+i <= X.Sz();) {\r\n\t\td2 = X.U16(0x142+i,_BE); d3 = X.U16(0x144+i,_BE); if(d2 == d3 && d3 == X.U16(0x146+i,_BE)) break;\r\n\t\td5--; i += 2; x++; if(x == 0x20) break;\r\n\t}\r\n\tif(x != 0x20) for(;d5; i += 2,d5--) if(X.U16(0x142+i,_BE)-X.U16(0x102+i,_BE)) x++;\r\n\tsz = 0x7FC;\r\n\twhile(!X.c(\"07000000\",sz) && sz < X.Sz()) sz += 4;\r\n\tbad = ''; if(sz >= X.Sz()) bad = bad.addIfNone('!short'); sz += 4;\r\n\treturn true\r\n}\r\nif(!bDetected && isTFMX()) {\r\n\tsName = \"Chris Hülsbeck's The Final Musicsystem eXtended module (MDAT.+SMPL.)\";\r\n\t// sVersion = 'v1.5';\r\n\tif(bad.length) sVersion = sVersion.appendS('malformed'+bad,'/');\r\n\tif(X.isVerbose()) {\r\n\t\tif(x > 1) sOption(x,'×')\r\n\t\tsOption('sz:'+outSz(sz))\r\n\t}\r\n}\r\n\r\nfunction isTFMX_7V() {\r\n\t//from reversing the eagleplayer\r\n\tif(!X.c(\"'TFMX-SONG '\")) return false;\r\n\tif(!(d1=X.U32(0x1D0,_BE))) d1 = 0x800; var found = false;\r\n\tif(X.c(\"08B0\",14)) if(X.c(\"01F4FF00\",0x204)) found = true;\r\n\tif(!found) for(i=0,a1=0x100; !found && i < 0x20; i++) {\r\n\t\tt = X.U16(a1,_BE); a1 += 2; if(t == 0x1FF) continue;\r\n\t\tt <<= 4; t += d1; a2 = t; if(t > X.Sz()) return false;\r\n\t\tfor(; !found && a2 < X.Sz(); ) {\r\n\t\t\tvar effe = X.c(\"EFFE\",a2); a2 += 2;\r\n\t\t\tif(effe) {\r\n\t\t\t\tvar is3 = X.c(\"0003\",a2); a2 += 2;\r\n\t\t\t\tif(is3)\r\n\t\t\t\t\tif(X.U16(a2,_BE))\r\n\t\t\t\t\t\tif(X.U8(a2) || !X.U8(a2+3)) { found = true; break }\r\n\t\t\t\ta2 += 12\r\n\t\t\t}\r\n\t\t}\r\n\t}\r\n\tif(!found) return false\r\n\treturn true\r\n}\r\nif(!bDetected && isTFMX_7V()) {\r\n\tsName = \"Chris Hülsbeck's The Final Musicsystem eXtended module (MDAT.,+SMPL.)\";\r\n\tsVersion = '7V'\r\n}\r\n\r\nfunction isTFMX_ST() {\r\n\t//from https://gitlab.com/uade-music-player/uade/-/raw/master/amigasrc/players/wanted_team/TFMX_ST/TFMX%20ST_v1.asm\r\n\tif(!X.c(\"'TFMX-SONG '\")) return false;\r\n\tif(d1=X.U32(0x1D0,_BE)) if(X.U16(12,_BE)) return false;\r\n\tif(d2=X.U32(0x1D4,_BE)) d1 = X.U32(0x1D8,_BE);\r\n\telse {\r\n\t\tif((d1=X.I32(0x600,_BE)) <= 0 || (d1&1)) return false;\r\n\t\tif((d2=X.I32(0x7FC,_BE)) <= 0 || (d2&1)) return false;\r\n\t}\r\n\td2 = Math.min(d2,X.Sz()); smp = st = 0;\r\n\tfor(; d1 < d2; d1 += 4)\r\n\t\tif(X.U8(d1) == 0x48) smp++; else if(X.U8(d1) > 0x3F) st++;\r\n\tif(!st) return false;\r\nsz=-5;\r\n\t// for(i=0, x=1, d5=0x1F; 0x148+i <= X.Sz();) {\r\n\t// \td2 = X.U16(0x142+i,_BE); d3 = X.U16(0x144+i,_BE); if(d2 == d3 && d3 == X.U16(0x146+i,_BE)) break;\r\n\t// \td5--; i += 2; x++; if(x == 0x20) break;\r\n\t// }\r\n\t// if(x != 0x20) for(;d5; i += 2,d5--) if(X.U16(0x142+i,_BE)-X.U16(0x102+i,_BE)) x++;\r\n\r\n\tbad = ''; if(sz >= X.Sz()) bad = bad.addIfNone('!short'); sz += 4;\r\n\treturn true\r\n}\r\nif(!bDetected && isTFMX_ST()) {\r\n\tsName = \"Chris Hülsbeck's The Final Musicsystem eXtended module ST module (MDST.+SMPL.)\";\r\n\tif(X.isVerbose()) {\r\n\t\tsOption('smp:'+smp)\r\n\t}\r\n}\r\n*/\r\n\r\nfunction isTFMX() {\r\n\t//from https://github.com/neumatho/NostalgicPlayer/blob/main/Source/Agents/Players/Tfmx/TfmxWorker.cs / TestModule, Load\r\n\tif(X.Sz() < 0x200) return false;\r\n\tvar hdrsz = tp = mdatsz = smplsz = -1, p0 = 0, maxlen = 0x30000;\r\n\ttitle = album = by = ''; flag5 = -1; tfmxst = false;\r\n\tfunction isStFile(p0) {\r\n\t\tvar stidx, edidx = X.U32(p0+0x1D4,_BE);\r\n\t\tif(!edidx) { stidx = X.U32(p0+0x600,_BE); edidx = X.U32(p0+0x7FC,_BE) }\r\n\t\telse { stidx = X.U32(p0+0x1D8,_BE); stidx = X.U32(p0+stidx,_BE) }\r\n\t\tvar i, buf = X.readBytes(p0+stidx, edidx-stidx); for(i=0; i < buf.length; i+=4) if(isWithin(buf[i],0x40,0x7F)) return true;\r\n\t\treturn false\r\n\t}\r\n\tif(X.c(\"'TFMX-MOD'\")) { // a PC-originating module wrapper format???\r\n\t\thdrsz = p0 = 0x14; sz = X.U32(12,_LE); smplsz = sz-X.U32(8,_LE); mdatsz = X.U32(8,_LE)-8;\r\n\t\tif(!mdatsz || !isWithin(sz, 0x212, X.Sz())) return false;\r\n\t\tfor(; sz < X.Sz();) {\r\n\t\t\tt = X.U8(sz); var tagsz = X.U16(sz+1,_LE);\r\n//_l2r('tfmx',sz,'MOD: tag#'+t+' sz:'+tagsz)\r\n\t\t\tsz += 3; if(!t && !tagsz) break;\r\n\t\t\tswitch(t) {\r\n\t\t\tcase 1: by = X.SC(sz,tagsz,\"CP1252\"); break;\r\n\t\t\tcase 2: album = X.SC(sz,tagsz,\"CP1252\"); break;\r\n\t\t\tcase 5: flag5 = X.U8(sz); break;\r\n\t\t\tcase 6: title = X.SC(sz,tagsz,\"CP1252\"); break;\r\n\t\t\t}\r\n\t\t\tif(!t) { sz += 17; break } else sz += tagsz\r\n\t\t}\r\n\t}\r\n\tif(X.c(\"'TFHD'\")) {\r\n\t\thdrsz = X.U32(4,_BE); tp = X.U8(8); v = X.U8(9); mdatsz = X.U32(10,_BE); smplsz = X.U32(14,_BE);\r\n\t\tsz = hdrsz+mdatsz+smplsz; if(hdrsz < 18 || !mdatsz || !isWithin(sz, 0x212, X.Sz())) return false;\r\n\t\tif((tp&0x80) || !(tp&0x7F)) p0 = p = hdrsz; else\r\n\t\tswitch(tp&0x7F) { case 1: tp = '1.5'; break; case 2: tp = 'pro'; break; case 3: tp = '7v'; break; default: return false }\r\n\t} else if(X.c(\"'TFMX '\",p0) && !X.c(\"'SONG'\",p0+5)) tp = '1.5';\r\n\t\telse if(X.c(\"'TFMX-SONG'\",p0) || X.c(\"'TFMX_SONG'\",p0) || X.c(\"'tfmxsong'\",p0)) { //pro or 7v?\r\n\t\t\t//check the trackstep (info for sequencing and mastering)\r\n\t\t\tvar tm = 0, gottms = false, stp = X.readBytes(p0+0x100,31), trksp = X.U32(p0+0x1D0,_BE); if(!trksp) trksp = 0x800;\r\n\t\t\tfor(i=0; i < 31; i++) {\r\n\t\t\t\tvar getNext = true, pos = stp[i]; if(pos == 0x1FF) break;\r\n\t\t\t\twhile(getNext && p < X.Sz()) {\r\n\t\t\t\t\tp = p0+trksp+pos*16; t = X.U16(p,_BE); cmd = X.U16(p+2,_BE); p += 4;\r\n\t\t\t\t\tif(t != 0xEFFE) getNext = false; else switch(cmd) {\r\n\t\t\t\t\tcase 1: //loop a section\r\n\t\t\t\t\t\tif(!tm) { tm = -1; pos++ } else\r\n\t\t\t\t\t\t\tif(tm < 0) { pos = X.U16(p,_BE); tm = X.I16(p+2,_BE)-1; p += 4 }\r\n\t\t\t\t\t\t\telse { tm--; pos = X.U16(p,_BE); p += 2 }\r\n\t\t\t\t\t\tbreak;\r\n\t\t\t\t\tcase 2: case 4: pos++; break; //set tempo + start master vol slide\r\n\t\t\t\t\tcase 3: gottms = true; pos++; break; //start master vol slide too\r\n\t\t\t\t\tdefault: getNext = gottms = false\r\n\t\t\t\t\t}\r\n\t\t\t\t}\r\n\t\t\t\tif(gottms) break\r\n\t\t\t}\r\n\t\t\tif(isStFile()) return false;\r\n\t\t\telse { tfmxst = true; if(gottms) tp = '7v'; else tp = 'pro' }\r\n\t\t} else return false;\r\n\tfor(i=0,p=p0+0x10,cmt=''; i < 6; i++,p += 40) cmt = cmt.appendS(decAnsi(p,40,CPAmiga).trim(),' '); //F0 bytes cmt\r\n\tcmt = cmt.trim();\r\n_l2r('tfmxcmt',p0+0x10,decAnsi(p,40*6,CPAmiga).trim())\r\n\tvar sst = [], sed = [], tmp = [];\r\n\tfor(i=0; i < 0x20; i++) { sst.push(X.I16(p,_BE)); p += 2 }\r\n\tfor(i=0; i < 0x20; i++) { sed.push(X.I16(p,_BE)); p += 2 }\r\n\tfor(i=0; i < 0x20; i++) { tmp.push(X.I16(p,_BE)); p += 2 }\r\n\tp += 0x10; // after the st/ed/tmp reads + 20 it's gonna be +60+80 = +E0 post-cmt\r\n\tvar trkp = X.I32(p,_BE), ptnp = X.I32(p+4,_BE), insp = X.I32(p+8,_BE);\r\n\tif(!ptnp) ptnp = 0x200; else ptnp -= 0x200;\r\n\tif(!insp) insp = 0x400; else insp -= 0x200;\r\n\tif(!trkp) trkp = 0x600; else trkp -= 0x200;\r\n\tp += 0x30; if(p > X.Sz()) return false; var datap = p, maxlen = Math.min(maxlen+datap,X.Sz());\r\n\tptnp += datap; insp += datap; trkp += datap;\r\n\tif(hdrsz > 0) len = mdatsz; else len = Math.min(maxlen,X.Sz())-p;\r\n\tfor(ins=mip=0,p=insp,ino=X.I32(p,_BE); ins < 0x100 && p+4 <= X.Sz(); ins++,p+=4) {\r\n\t\tt = X.I32(p,_BE)-0x200+datap;\r\n\t\tif((t & 3) || !isWithin(t,trkp,maxlen)\r\n\t\t\t|| (t & !X.c(\"F0000000\",t-4) && !X.c(\"07000000\",t-4)) || (ins && Math.abs(t-ino) > 0x2000)) break;\r\n\t\t// 07000000 is the end-of-data command,\r\n\t\t// F0000000 is the end pattern command (may happen because data may be mixed.\r\n\t\t// 2000h is an empirically appropriate max size of a record, should be good enough to deter FPs either way\r\n\t\tif(mip < t) mip = t; if(ins) ino = t }\r\n\tptn = Math.min((insp-ptnp)>>2, 128); var lg = X.U32(ptnp,_BE)-0x200+datap;\r\n\tpt = ptn; trkst = (lg - trkp) >> 4; if(trkst < 0) trkst = 0;\r\n\tif(hdrsz < 0)\r\n\t\tswitch(Math.max(insp,ptnp,mip)) { //what's the file ending with? inst.ptr table, ptn.ptr table, instruments?\r\n\t\tcase insp: sz = insp+ins*4; break;\r\n\t\tcase mip:\r\n//_l2r('tfmx',mip,'tracing last instrument rec')\r\n\t\t\tfor(p=mip; p < maxlen; p += 4) if(X.c(\"07000000\",p)) break; sz = p; if(sz < maxlen) sz += 4;\r\n\t\t\tbreak;\r\n\t\tcase ptnp: //need to parse the pattern table to find out where it should end\r\n_l2r('tfmx',datap,'p:'+Hex(p)+' ptnp:'+Hex(ptnp)+' insp:'+Hex(insp)+' trkp:'+Hex(trkp)+' trkst['+Hex(ptnp)+'='+Hex(lg)+']:'+Hex(trkst)+' len:'+Hex(len)+'/'+Hex(maxlen))\r\n\t \t\tfor(p=ptnp+4,po=X.I32(ptnp,_BE),pt=1; pt < 0x100; p += 4,pt++) {\r\n\t\t\t\tt = X.I32(p,_BE)-0x200+datap;\r\n//_l2r('tfmx',p,'ptn['+Hex(pt)+'] ptr:'+Hex(t)+'; '+((t&3)?'X':'O')+(!X.c(\"F0000000\",t-4) && !X.c(\"07000000\",t-4)? 'X':'O')+Hex(Math.abs(t-po)) )\r\n \t\t\t\tif((t & 3) || !isWithin(t,trkp,maxlen)\r\n \t\t\t\t\t|| (!X.c(\"F0000000\",t-4) && !X.c(\"07000000\",t-4)) || Math.abs(t-po) > 0x2000) break;\r\n\t\t\t\tpo = t\r\n \t\t\t}\r\n\t\t\tsz = p; break\r\n\t}\r\n\tx = -1; var max0s = 2; ord = [0];// there should be at least one, we all hope (empty files exist but who needs those)\r\n\tfor(i=0; i < 32 && max0s > 0; i++) {\r\n\t\tx++; if(!sst[i]) max0s--; if(sst[i] == 0x1FF || sed[i] == 0x1FF) break;if(sst[i] <= trkst) ord[x] = sed[i]-sst[i]+1;\r\n\t\tif(sst[i] >= trkst) break; if(sst[i] == sed[i] && !sst[i] && !sst[i+1]) break;\r\n\t}\r\n\tif(!x) x = 1;\r\n\treturn true\r\n}\r\nif(!bDetected && isTFMX()) {\r\n\tsName = \"Chris Hülsbeck's The Final Musicsystem eXtended module (TFX.,.TFM,MDAT.+SMPL.,MDST.+SMPL.)\";\r\n\tbDetected = 1;\r\n\tswitch(tp) {\r\n\tcase '1.5': sVersion = 'v1.5'; break; case 'pro': sVersion = 'Professional'; break; case '7v': sVersion = '7 voices'\r\n\t}\r\n\tif(tfmxst) sVersion = 'ST '+sVersion;\r\n\tif(pt < ptn) sVersion += '/malformed!badptn';\r\n\tif(X.isVerbose()) {\r\n\t\tsOptionT(title); if(x > 1) sOption(x,'×'); sOption(album,'in: '); sOptionT(by,'by: '); if(flag5 >= 0) sOption(flag5,'flag5:')\r\n\t\tif(cmt == '(Empty)') cmt = ''; sOption(addEllipsis(cmt,0xA0),'msg:\"','\"');\r\n\t\tsOption('ord:'+ord.join('+')+' ptn:'+ptn+(ptn!=pt? '/'+pt: '')+' ins:'+(ins>0x80? '128/': '')+ins+' sz:'+outSz(sz))\r\n\t}\r\n}\r\n\r\n\r\nfunction isThePlayer22to41() {\r\n\t//ref prowiz /r/TP22a.c & TP30a.c & TP40.c & TP41a.c\r\n\tif(!X.c(\"'P22A'\") && !X.c(\"'P30A'\") && !X.c(\"'P40A'\") && !X.c(\"'P40B'\") && !X.c(\"'P41A'\")) return false;\r\n\tptn = X.U8(4); smp = X.U8(6); volofs = (X.SA(1,3) == '41A')? 0x20: 0x22;\r\n\tif(ptn > 0x7F || !smp || smp > 0x1F) return false;\r\n\tfor(i=0; i < smp; i++) {\r\n\t\tif(!isWithin(X.U16(volofs+i*16,_BE),1,0x40)) return false;\r\n\t\tif(volofs == 0x20 && X.U16(volofs+2+i*16,_BE) % 74) return false; //incorrect finetune in 4.1a\r\n\t}\r\n\tfor(i=smpsz=0; i < smp; i++) {\r\n\t\tssz = X.U16(24+i*16,_BE) << 1;\r\n//_l2r('p2~4',24+i*16,'ssz['+i+'] = '+ssz);\r\n\t\tif(!ssz || ssz > 0xFFFE || (X.U16(30+i*16,_BE) << 1) > ssz+2) return false;\r\n\t\tsmpsz += ssz\r\n\t}\r\n\tif(smpsz <= 4) return false;\r\n\tif(X.SA(1,1) < '4') ord = (X.U8(5)>>1)-1; else ord = X.U8(5);\r\n\tp = 0x10+smp*0x10;\r\n\tvar trkp = X.U32(8,_BE), trktp = X.U32(0xC,_BE), smpp = X.U32(0x10,_BE), memofs = 0;\r\n\tif(p != trktp) { memofs = trktp-p; trkp -= memofs; trktp -= memofs; smpp -= memofs }\r\n\tif(!isWithin(trkp,p,X.Sz()) || !isWithin(trktp,p,X.Sz()) || !isWithin(smpp,p,X.Sz())) return false;\r\n\tfor(i=p=0; i < smp; i++)\r\n\t\tif(volofs == 0x20 && X.U16(volofs+2+i*16,_BE) > 0x456) continue;\r\n\t\telse if((sp=X.U32(20+i*16,_BE)) > p) { p = sp-memofs; ssz = X.U16(24+i*16,_BE) }\r\n\tsz = 4+smpp+p+(ssz<<1);\r\n\treturn true\r\n}\r\nif(!bDetected && isThePlayer22to41()) {\r\n\tsName = \"Jarno 'Guru' Paananen's The Player module (.\"+X.SA(0,2)+'X,.'+X.SA(0,4)+')';\r\n\tsVersion = 'v'+X.SA(1,1)+'.'+X.SA(2,2); bDetected = 1;\r\n\tif(X.isVerbose()) {\r\n\t\tsOption('ord:'+ord+' ptn:'+ptn+' smp:'+smp+' sz:'+outSz(sz))\r\n\t}\r\n}\r\n\r\n\r\nfunction isThePlayer56X() {\r\n\t//from prowiz /r/TP50a.c & TP60a.c & TP61a.c\r\n\tif(X.Sz() < 7) return false;\r\n\tz = sig = X.c(\"'P50A'\") || X.c(\"'P60A'\") || X.c(\"'P61A'\")? 4: 0;\r\n\tsmpp = X.U16(z,_BE)+z; ptn = X.U8(z+2); if(!ptn || ptn > 0x7F) return false;\r\n\tsmp = X.U8(z+3); if(smp & 0x20) return false; pksmp = smp & 0x40; dtsmp = smp & 0x80; smp &= 0x3F;\r\n\tif(!smp || 7+smp*6 > X.Sz()) return false;\r\n\tif(pksmp) z += 4;\r\n\tif(smpp < z+4+smp*6+ptn*8 || smpp > X.Sz()) return false;\r\n\tsmpsz = notes = 0; var unpsmpsz = vols = 0;\r\n\tfor(i=0,p=z+4; i < smp; i++,p+=6) {\r\n\t\tif(isWithin(ssz=X.U16(p,_BE),0x8000,0xFFDF) || !ssz) return false;\r\n\t\tif(ssz > 0xFFDF && 0xFFFF-ssz > smp) return false;\r\n\t\tvar spk = X.U8(p+2)&0x80, ft = X.U8(p+2)&0x7F;\r\n\t\tif(ft > 0xF || X.U8(p+3) > 0x40) return false; vols |= X.U8(p+3);\r\n\t\tif(isWithin(X.U16(p+4,_BE),ssz,0xFFFE)) return false; //lp\r\n\t\tif(ssz < 0xFF00) { smpsz += ssz << (spk? 0: 1); unpsmpsz += ssz << 1 }\r\n\t}\r\n\tif(!vols || (pksmp && X.U32(z,_BE) != unpsmpsz)) return false;\r\n\tfor(i=0; i < ptn*4; i++) if(X.U16(z+4+smp*6,_BE)+4+z+smp*6+ptn*8 > smpp) return false;\r\n\ti = mptn = 0;\r\n\tfunction _5() {\r\n\t\tfor(; (t=X.U8(z+4+smp*6+ptn*8+i)) != 0xFF && i < 0x80; i++) {\r\n\t\t\tif(t%2 || t > ptn*2) return false; if(t > mptn) mptn = t\r\n\t\t} mptn >>=1; return true\r\n\t}\r\n\tfunction _6() {\r\n\t\tfor(; (t=X.U8(z+4+smp*6+ptn*8+i)) != 0xFF && i < 0x80; i++) {\r\n\t\t\tif(t > ptn-1) return false; if(t > mptn) mptn = t\r\n\t\t} return true\r\n\t}\r\n\tif(_6()) v = 6; else if(_5()) v = 5; else return false;\r\n\tif(/*z+4+smp*6+ptn*8+i > smpp ||*/ !i || i == 0x80) return false; ord = i; mptn++;\r\n\tfunction _is5060() {\r\n\t\tfor(i=ord+z+5+smp*6+ptn*8; i < smpp; i++) {\r\n\t\t\tif((t=X.U8(i)) & 0x80) i += 3;\r\n\t\t\telse {\r\n\t\t\t\tif(t > 0x49 || (((t<<4)&0x10) | (X.U8(i+1)>>4)) > smp) return false;\r\n\t\t\t\tif(t >= 2) notes++; i += 2\r\n\t\t\t}\r\n\t\t}\r\n\t\treturn (notes > 0)\r\n\t}\r\n\tfunction _is61() {\r\n\t\tfor(i=ord+z+5+smp*6+ptn*8; i < smpp; i++) {\r\n\t\t\tif((t=X.U8(i)) == 0x7F) continue;\r\n\t\t\telse if(t == 0xFF)\r\n\t\t\t\tswitch(X.U8(i+1) & 0xC0) {\r\n\t\t\t\tcase 0: i++; continue; case 0x40: i += 2; continue;\r\n\t\t\t\tcase 0xC0: if(i < X.U16(i+2,_BE)-1) return false; i += 3; continue\r\n\t\t\t\t}\r\n\t\t\tswitch(t & 0xF0) {\r\n\t\t\tcase 0xF0: if((X.U8(i+1)&0x1F) > smp) return false; i += 2; continue;\r\n\t\t\tcase 0x70: if((X.U8(i+1)&0x1F) > smp) return false; i += 1; continue;\r\n\t\t\tcase 0xE0: i += 2; continue; case 0x60: i += 1; continue\r\n\t\t\t}\r\n\t\t\tif((t & 0x80) == 0x80) { if((((t<<4)&0x10) | (X.U8(i+1)>>4)) > smp) return false; i += 3; continue }\r\n\t\t\tif((((t<<4)&0x10) | (X.U8(i+1)>>4)) > smp) return false;\r\n\t\t\ti += 2\r\n\t\t}\r\n\t\treturn true\r\n\t}\r\n\tif(v == 6) if(_is5060()) sv = '6.0'; else if(_is61()) sv = '6.1'; else return false;\r\n\telse if(_is5060()) sv = '5.0';\r\n\treturn true\r\n}\r\nif(!bDetected && isThePlayer56X()) {\r\n\tsName = \"Jarno 'Guru' Paananen's The Player module (.P\"+sv[0]+'X,.P'+sv[0]+sv[2]+'A)';\r\n\tsVersion = 'v'+sv+'A'; bDetected = 1;\r\n\tif(dtsmp) sVersion = sVersion.appendS('deltasmp','/');\r\n\tif(pksmp) sVersion = sVersion.appendS('packedsmp','/');\r\n\tif(X.isVerbose()) {\r\n\t\tsOption('ord:'+ord+' ptn:'+(mptn!=ptn?mptn+'/':'')+ptn+' smp:'+smp\r\n\t\t\t+(notes>0?' notes:'+notes:'')+' sz:'+outSz(smpp+smpsz))\r\n\t}\r\n}\r\n\r\n\r\nfunction isThomasHermann() {\r\n\t//ref the eagleplayer RE\r\n\tif(X.Sz() < 0x1A90) return false;\r\n\tvar ofs = X.I32(0x2E,_BE); if(!isWithin(ofs,2,0x4000000) || ofs % 2) return false;\r\n\tif(X.I32(0,_BE)-ofs != 0x40) return false; p = 4;\r\n\tfor(i=0,d4=0x40; i < 4; i++,p+=4) { d4 += 0x400; if(X.I32(p,_BE)-ofs != d4) return false }\r\n\tfor(i=0; i < 3; i++,p+=4) { d4 += 0x100; if(X.I32(p,_BE)-ofs != d4) return false }\r\n\tsmp = X.U8(0x23); sz = smp-1; smpsz = -1;\r\n\tfor(p = 0x44; p < 0x1040; p += 4) if((t=X.U32(p-4,_BE)-ofs) > sz) sz = t;\r\n\tsz += 0x40; if((sz-0x1A90)%3) return false;\r\n\tif(sz == 0x2E10) x = 5; else if(sz == 0x2780) x = 3; else x = 1;\r\n\tptn = Util.divu64(Util.divu64(sz-0x1A90,3), X.U8(0x29)+1);\r\n\tbad = ''; if(ptn > 0x400) bad = bad.addIfNone('!badptn');\r\n\tif(smp > 0x1F) bad = bad.addIfNone('!badsmp');\r\n\telse for(i=0,p=0x14F0; i < smp; i++,p+=0x30) smpsz += X.U16(p,_BE);\r\n\td1 = 0x100+X.U8(0x21)-X.U8(0x22)+1; d1 *= 2+X.U8(0x2C); d2 = d1;\r\n\td1 *= X.U16(0x2A,_BE); d3 = Util.divu64(sz == 0x37EE ? 0xAEC80: 0xAD300, X.U8(0x29)+1);\r\n\td1 = Util.divu64(d1, d3); dur = secondsToTimeStr(d1)\r\n\treturn true\r\n}\r\nif(!bDetected && isThomasHermann()) {\r\n\tsName = \"Thomas Hermann's module (.THM+.SMP)\"; bDetected = 1;\r\n\tif(bad.length) sVersion = sVersion.appendS('malformed'+bad,'/');\r\n\tif(X.isVerbose()) {\r\n\t\tif(x > 1) sOption(x,'×');\r\n\t\tsOption('len.'+dur+' ptn:'+ptn+' smp:'+smp+' smpsz:'+smpsz+' sz:'+outSz(sz))\r\n\t}\r\n}\r\n\r\n\r\nfunction isJaytrax() {\r\n\t//ref https://github.com/pachuco/jaytrax/raw/refs/heads/master/lib_oldjaytrax/jxs.c etc.\r\n//ch/ss = 16, ord/ss = 256, rows/ptn = 64, eff/inst = 4, wf/inst = 16, smp/wf = 256, arps/song = steps/arp = 16,\r\n//se_ch = _FTsteps = 16, _FX = 18\r\n\tif(X.Sz() < 26243 || !isWithin(X.U32(0),0xD80,0xD81)) return false;\r\n\tif(!(ptn=X.U32(4)) || !(x=X.U32(8)) || !(ins=X.U32(0xC))) return false;\r\n\tif(!isAllZeroes(0x10,0x24)) return false; //reserved\r\n\tmbpm = 400; Mbpm = ch = smp = 0; ord = []; titles = [];\r\n\tfor(s=0,p=0x34; s < x && p < X.Sz(); s++,p+=0x40B4) {\r\n\t\t// 0x40 bytes padding, 0x10 channel muting\r\n\t\tfor(i=p+0x40; i < p+0x50; i++) if(X.U8(i) > 1) return false;\r\n\t\tif(!isWithin(bpm=X.U32(p+0x50),10,300)) return false;\r\n\t\tif(mbpm > bpm) mbpm = bpm; if(Mbpm < bpm) Mbpm = bpm;\r\n\t\tif(!isWithin(X.U8(p+0x54),0,3)) return false; //groove type\r\n\t\tif((startpos=X.U32(p+0x58)) > (endpos=X.U32(p+0x60))) return false;\r\n\t\tif((looppos=X.U32(p+0x68)) > endpos) return false;\r\n//_l2r('jxs',X.U32(p+0x6C),' - loopstep, '+Hex(X.U16(p+0x70))+' - songloop')\r\n\t\tif(!isWithin(t=X.U16(p+0x92),1,16)) return false; if(ch < t) ch = t;\r\n\t\tif(!isWithin(delay=X.U16(p+0x94),2000,60000)) return false; // delay amts follow, until...\r\n\t\tif(!isWithin(amp=X.U16(p+0xA6),20,999)) return false;\r\n\t\tif(X.isDeepScan()) for(o=p+0xB4; o < p+0x40B4; o += 4) // not so necessary but we can do it so...\r\n\t\t\tif(X.U16(o) >= ptn || !X.U16(o+2) || (X.U16(o+2) & ~0x78)) return false; //ptnlen constraints\r\n\t\tt = X.SC(p+0x72,0x20,\"CP1250\"); if(t !== 'Empty' && t.trim() !== '') titles.push(t.trim());\r\n\t\tord.push(endpos)\r\n\t}\r\n\tp += ptn*64*5; //patterns\r\n\tfor(i=0; i < ptn && p < X.Sz(); i++) p += 4+X.U32(p); //pattern names\r\n\tfor(i=0; i < ins && p < X.Sz(); i++,p+=0x2208) { //inst recs\r\n\t\tif([1234,1235].indexOf(X.U16(p)) < 0) return false; //mugi ver\r\n\t\t// sOption(X.SA(p+2,32)) //inst.name; nobody leaves any messages in them though\r\n\t\tif(X.U16(p+0x22) > 16 || !isWithin(X.U16(p+0x24),1,0x100)) return false; //wf, wlen. Should be 1~16 and 10~256, but faulty files still play!\r\n\t\tif(X.U16(p+0x26) > 0xFF || X.U16(p+0x28) > 16 || X.U16(p+0x2A) > 32) return false; //mastervol, am wave/spd\r\n\t\tif(X.U16(p+0x2E) > 15 || X.U16(p+0x30) > 16 || X.U16(p+0x32) > 64) return false; //ft, fm wave/spd; spd should be <= 32 but kingtut.jxs has 57!\r\n\t\tif(X.U32(p+0x200)) smp++; if(t=X.U32(p+0x204)) p += t; //smp len\r\n\t}\r\n\tif(p > X.Sz()) return false;\r\n\tp += 0x100; //arp table\r\n\treturn true\r\n}\r\nif(!bDetected && isJaytrax()) {\r\n\tsName = \"Reinier 'Rhino' van Vliet's Jaytrax/Syntrax module (.JXS)\"; sVersion = 'v.'+X.U32(0); bDetected = 1;\r\n\tif(X.isVerbose()) {\r\n\t\tif(titles.length > 1) sOption(addEllipsis(titles.join('/'),0xC0),'×'+x+' subsongs:');\r\n\t\telse { if(titles.length) sOption(titles[0]); if(x > 1) sOption(x,'×') }\r\n\t\tif(x > 1) ord = ord.join('+');\r\n\t\telse ord = (startpos? startpos+'~': '')+(looppos > startpos? '('+looppos+'-)': '')+endpos;\r\n\t\tsOption('ch:'+ch+' bpm:'+mbpm+(mbpm!=Mbpm? '-'+Mbpm: '')\r\n\t\t\t+' ord:'+ord+' ptn:'+ptn+' ins:'+ins+' smp:'+smp+' sz:'+outSz(p));\r\n\t}\r\n}\r\n\r\n\r\nfunction isiXalanceUnp() {\r\n//ref https://github.com/arnaud-neny/rePlayer/blob/646aeb86f4c0c2e57b38292e88f525680c207004/source/Replays/IXalance/webixs/Module.cpp#L481\r\n\tif(X.U8(0) != 0x21 || X.U8(9) != 0x80) return false;\r\n\tif(!(ord=X.U16(1)) || !(ins=X.U16(3)) || !(smp=X.U16(5)) || smp > ins || !(ptn=X.U16(7))) return false;\r\n\tif(!isWithin(mvol=X.U8(0xA),1,0x20) || !isWithin(spd=X.U8(0xB),1,0x20) || !isWithin(tmp=X.U8(0xC),0x20,0xA0)) return false;\r\n\tif(charStat(X.readBytes(0xD,0x1A),1).indexOf('allxsc') < 0) return false;\r\n\tfor(p=0x27; p < 0x67; p++) if(X.U8(p) > 0x40) return false;\r\n\tfor(p=0xA7; p < 0xA7+ord; p++) if(X.U8(p) != 0xFF && X.U8(p) >= ptn) return false;\r\n\tif(X.U8(p-1) != 0xFF) return false;\r\n\tvar id; rins = 0; rsmp = 0; bad = '';\r\n//_l2r('ixu',p,'insts')\r\n\tfor(i=0; i < ins && p < X.Sz(); i++)\r\n\t\tif(['I','i'].indexOf(id=X.SA(p++,1)) < 0) return false // the small 'i' is the kb reset?\r\n\t\telse if(id === 'I') {\r\n\t\t\tif(X.U8(p+2) > 0x80) return false; // normally all volumes are up to 40h, but SOME files...\r\n\t\t\tp += X.I8(p+5) >= 0? 244: 6; //vol, kb setup\r\n\t\t\tfor(j=3; j; j--) if(X.U8(p++)) {\r\n\t\t\t\tif(X.U8(p+1) > X.U8(p+2) || X.U8(p+3) > X.U8(p+4)) return false; //lp/sustainlp beginning/end tests\r\n\t\t\t\tp += 5 + X.U8(p)*3; //env node points\r\n\t\t\t} rins++\r\n\t\t}\r\n//_l2r('ixu',p,'smps')\r\n\tfor(i=smpsz=0; i < smp && p < X.Sz(); i++) {\r\n\t\tid = X.SA(p++,1);\r\n\t\tif(['S','s'].indexOf(id) < 0) return false; // the small 's' is the flags reset\r\n\t\tif(id == 'S') {\r\n\t\t\tif(X.U8(p) > 0x40 || X.U8(p+2) > 0x40) return false; //gvl, volume\r\n\t\t\tvar fl = X.U8(p+1), ssz = X.I32(p+3), lpb = X.U32(p+7), lpe = X.U32(p+0xB),\r\n\t\t\t\tslpb = X.U32(p+0xE), slpe = X.U32(p+0x13), fn = X.readBytes(p+0x20,13);\r\n\t\t\tif(charStat(fn,1).indexOf('allxsc') < 0) return false; fn = decEncoding(fn,CP437);\r\n//_l2r('ixu',p,'smp'+i+': ['+ssz+'] ('+lpb+'~'+lpe+') s('+slpb+'~'+slpe+')'+fn)\r\n\t\t\tswitch(fn) { // broken(?) samples (I guess IT214 compression played a part)\r\n\t\t\tcase '909OH.WAV': ssz = 3424; break;\r\n\t\t\tcase '909SD.WAV': ssz = 3413; break;\r\n\t\t\tcase 'CRASH.WAV': ssz = 16098\r\n\t\t\t}\r\n\t\t\tif(lpb > ssz || lpe > ssz || slpb > ssz || slpe > ssz || lpb > lpe || slpb > slpe) return false;\r\n\t\t\tsmpsz += ssz; p += 0x2D; rsmp++\r\n\t\t}\r\n\t}\r\n//_l2r('ixu',p,'ptns')\r\n\tfor(i=0; i < ptn && p < X.Sz(); i++) {\r\n\t\tid = X.SA(p++,1);\r\n\t\tif(['P','p'].indexOf(id) < 0) return false; // the small 'p' is the flags reset\r\n\t\tif(id == 'P') {\r\n\t\t\tvar psz = X.U16(p), rows = X.U16(p+2);\r\n\t\t\tif(!psz || !rows) return false;\r\n\t\t\tp += 4+psz\r\n\t\t}\r\n\t}\r\n\tj = X.U32(p); p += 4;\r\n\t// In principle, this marks the end of replayable part, but there's more info about SFXI to potentially account for.\r\n\t// In practice, maybe it can be copied from .IT files\r\n//_l2r('ixu',p,'input for wfsmp x'+j)\r\n\tfor(i=0; i < j && p < X.Sz(); i++,p+=0x10C) {\r\n\t\tif(charStat(X.readBytes(p,8),1).indexOf('allxsc') < 0) break\r\n//_l2r('ixu',p,i+': '+X.SA(p+4,8))\r\n\t}\r\n\tj = X.U8(p++);\r\n//_l2r('ixu',p,'input for synsmp x'+j)\r\n\treturn true\r\n}\r\nif(!bDetected && isiXalanceUnp()) {\r\n\tsName = \"Sahara Surfers' iXalance module (.IXS)\"; sVersion = 'unpacked'; bDetected = 1;\r\n\tif(bad.length) sVersion = sVersion.appendS('malformed'+bad,'/');\r\n\tif(X.isVerbose()) {\r\n\t\tsOptionT(X.SA(0xD,0x1A,'CP1250'));\r\n\t\tsOption('ord:'+ord+' ptn:'+ptn+' ins:'+(rins!=ins?rins+'/':'')+ins\r\n\t\t\t+' smp:'+(rsmp!=smp?rsmp+'/':'')+smp+' smpsz:'+smpsz+'s sz:'+outSz(p))\r\n\t}\r\n}\r\n\r\n\r\nfunction isOPX() {\r\n\tvar p = 0x7E;\r\n\tif(X.c(\"200D0A1A\",0x7A)) {\r\n\t\tif(!X.c(\"0D0A\",0x35) || !X.c(\"0D0A\",0x6C)) return; //obligatory line breaks?\r\n\t} else if(!X.c(\"20202020\",0x7A)) //wiped out with spaces!\r\n\t\t// 2 fringe cases:\r\n\t\tif(X.c(\"04C50964c504641A2609810F9919008C82100C830382100CC464C464C464C4641A\"))\r\n\t\t\tp = 0; // no header\r\n\t\telse if(X.c(\"'msx2'00469E2A4E8A22626C2D'bl-demo.bas'00\",0xA2F) && X.c(\"'OPXPLAY SYS'00\",0xB2C))\r\n\t\t\tp = 0xC7E; //a bit too much of a header :o\r\n\t\telse return;\r\n\tif(X.U8(0) != 4) for(i=0; i < 0x35; i++) if(X.U8(i) < 0x20) return;\r\n\tif(X.U8(p+1) > 2 || X.U8(p+3) > 0x3F || X.U8(p+4) > 6 || X.U8(p+6) > 5 || X.U8(p+7) > 0x21 || X.U8(p+8) > 1\r\n\t\t|| X.U8(p+9) > 0x4F || X.U8(p+10) || X.U8(p+12) > 1 || X.U8(p+14) > 3 || X.U8(p+16) > 3 || X.U8(p+18) > 3) return;\r\n\treturn true\r\n}\r\nif(!bDetected && isOPX()) {\r\n\tsName = \"MSX Performer OPX chiptune (.OPX)\"; bDetected = 1;\r\n\tif(X.isVerbose()) {\r\n\t\tsOption(addEllipsis(X.SC(0,0x7B,'SJIS')))\r\n\t}\r\n}\r\n\r\n\r\n// new stable detections :go here ↑\r\n// BELOW THIS POINT ARE THE DETECTIONS THAT ARE IFFIER THAN THE REST\r\n\r\n// There are sanity-checked formats that nevertheless have some signature in a known place;\r\n// those that have some signatures that aren't just \"0000\" in calculated places;\r\n// those that are checked for pure mathematical dependencies and possible byte ranges;\r\n// those that are very heavy to that, and those less so.\r\n//\r\n// Some are in dire need of amending, and they're set to go after the other detections,\r\n// so you won't miss the good matches because of these and will hopefully spend less time waiting for detects\r\n\r\n\r\nfunction isImagesMusicSystem() { //goes before Soundtracker .STK for speed\r\n\t//from https://gitlab.com/uade-music-player/uade/-/raw/master/amigasrc/players/wanted_team/ImagesMusicSystem/src/Images Music System_v3.asm\r\n\t//is this a hack of Soundtracker? Vice versa?\r\n\tif(X.Sz() < 0x73C) return false;\r\n\tsmpp = X.U32(0x438,_BE); if(smpp <= 0x43C) return false;\r\n\td1h = (smpp-0x43C) % 0x300; if(d1h) return false;\r\n\tptn = d2 = Util.div64(smpp-0x43C,0x300); ord = X.U8(0x3B6); if(ord > 127) return false;\r\n\tmptn = 0;\r\n\tfor(i = 0; i <= ord; i++) { t = X.U8(0x3B8+i); if(t > 127) return false; if (mptn < t) mptn = t }\r\n\tif(ptn != mptn+1) return false;\r\n\tsmp = smpsz = 0; smps = []; bad = \"\"; smpns = [];\r\n\tfor(i = 0; i < 31; i++) {\r\n\t\tif(X.isVerbose()) smpns.push(X.SC(0x14+i*30,0x16,'CP437').trim());\r\n\t\tt = X.U16(0x14+i*30+0x16,_BE);\r\n\t\tif(t) { smp++; smpsz += t<<1 }\r\n\t}\r\n\tmsmp = smpns[smpns.length-1];\r\n\tsz = smpp+smpsz;\r\n\tif(sz < X.Sz()) bad = bad.addIfNone(\"!short\");\r\n\r\n\ta1 = 0x3B8; d1 = ord; x = a0 = notes = 0;\r\n\tif(X.isVerbose()) {\r\n\t do { //NextPos\r\n\t\ta0 = 0x43C+X.U8(a1)*0x300; a3 = a0+0x300;\r\n\t\ta1++;\r\n\t\tdo { //NextPatPos\r\n\t\t\tvar z = X.readBytes(a0,2), nsmp = ((z[0] & 0xC0) >> 2) | (z[1] >> 4);\r\n\t\t\tif(z[0] & 0x3F) { notes++; if(debug && nsmp > msmp) bad = bad.addIfNone(\"!missingsmp#\"+nsmp) }\r\n\t\t\tif(z[1] & 0x0F === 0x0B) { x++; break }\r\n\t\t\telse a0 += 3\r\n\t\t} while(a0 < a3 && a0 < X.Sz()); d1--\r\n\t } while(d1);\r\n\t if(!x) x = 1;\r\n\t} else x = 1;\r\n\tif(smpp === 28732 && smpsz === 12898 && X.c(\"'beast-busters1.st'\") )\r\n\t\tx = 11;\r\n\treturn true\r\n}\r\nif(!bDetected && isImagesMusicSystem()) {\r\n\t//https://www.exotica.org.uk/wiki/Images_(format)\r\n\tsName = \"Neil Crossley's Images Music System module (.IMS)\"; bDetected = 1;\r\n\tsVersion = \"v1.0\"; if(bad != \"\") sVersion = sVersion.appendS(\"malformed\"+bad,\"/\");\r\n\tif(X.isVerbose()) {\r\n\t\tsOption(X.SC(0,20,'CP437')); if(x > 1) sOption(x,\"×\");\r\n\t\tsOption(addEllipsis(smpns.filter(funSampleName).join(\",\"),0x100,0xA0),'smp/msg:\"','\"');\r\n\t\tsOption(\"ord:\"+ord+\" ptn:\"+ptn+\" smp:\"+smp+\" sz:\"+outSz(sz))\r\n\t}\r\n}\r\n\r\n\r\nfunction isSoundtrackerMOD() { //goes after IMS for speed\r\n\t//ref http://asle.free.fr/prowiz/prowiz.src.zip / r/SoundTracker.c\r\n\t// & https://github.com/OpenMPT/openmpt/blob/master/soundlib/Load_mod.cpp\r\n\tif(X.Sz() < 555) return false;\r\n\tfunction invalidChars(buf) {\r\n\t\tvar c = 0; for(var i = 0; i < buf.length; i++) {\r\n\t\t\tif(buf[i] && (buf[i] < 0x20 || isWithin(0x80,0xFE)) && [0xA,0xD,0xE].indexOf(buf[i]) < 0) c++;\r\n\t\t} return c\r\n\t}\r\n\tfunction re(p,t) { if(debug>1)_l2r('stk',p,t); return false }\r\n\tfunction npTest(n) { const valid = [0, 856,808,762,720,678,640,604,570,538,508,480,453,\r\n\t\t 428,404,381,360,339,320,302,285,269,254,240,226,\r\n\t\t 214,202,190,180,170,160,151,143,135,127,120,113];\r\n\t\treturn valid.indexOf(n) >= 0 || valid.indexOf(n-1) >= 0 || valid.indexOf(n+1) >= 0\r\n\t}\r\n\tconst UST1_00=0,UST1_80=1,ST2_00_Exterminator=2,ST_III=3,ST_IX=4,MST1_00=5,ST2_00=6;\r\n\tvar ic = 0, hasDiskNames = true, minV = UST1_00;\r\n\tic = invalidChars(X.readBytes(0,20));\r\n\tbad = \"\"; allsmpsz = allvols = smp = minV = 0; snames = [];\r\n\tfor(k=0; k < 15; k++) {\r\n\t\tvar sn = X.readBytes(20+k*30,22,true), sname = decEncoding(sn,CPAmiga).trim();\r\n\t\tif(/ST-[0-9A-F]+:/i.test(sname)) ic -= 4; else snames.push(sname);\r\n\t\tic += invalidChars(sn);\r\n\t\tre(20+k*30,\"STKsmp[\"+k+'] \"'+sname.trim()+'\" invalid chars:'+ic+\" (\"+charStat(sn,1)+\")\")\r\n\t\tif(ic > 10) return re(20+k*30,\"!title or sample names too broken\");\r\n\t\tif(X.U8(20+k*30) && !/^st-[0-9a-f]\\d:/i.test(sname))\r\n\t\t\thasDiskNames = false;\r\n\t\tslen = X.U16(42+k*30,_BE)*2;\r\n\t\tif(slen > 0x12000) return re(42+k*30,\"!smp #\"+k+\" too large:\"+Hex(slen));\r\n\t\tif(X.U8(44+k*30) > 15) { bad = bad.addIfNone(\"!finetune\"); ic+=16 } //finetune\r\n\t\tsvol = X.U8(45+k*30); if(svol > 0x40) return false;\r\n\t\tsls = X.U16(46+k*30,_BE), sll = X.U16(48+k*30,_BE);\r\n\t\tif(slen > 9998 || sls > 4999) minV = Math.max(minV,MST1_00);\r\n\t\tif(slen) smp++;\r\n\t\tallsmpsz += slen; allvols += svol;\r\n//_log(\"smp[\"+k+\"] <\"+X.SA(20+k*30,22)+\"> [\"+slen+\"] @\"+Hex(20+k*30)+\" -> vol:\"+svol+\" loopstart:\"+sls+\" looplen:\"+sll);\r\n\t\tif(sll > slen+2) {\r\n\t\t\tre(42+k*30,\"!smp \"+k+\" LpLen \"+sll+\" > sSz \"+slen); bad = bad.addIfNone(\"!sLpLen>sSz\") }\r\n\t\tif(slen && sls >= slen) {\r\n\t\t\tre(46+k*30,\"!smp \"+k+\" LpStart \"+sls+\" >= sSz \"+slen); bad = bad.addIfNone(\"!sLpStart>=sSz\") }\r\n\t\tif(sls && !sll) {\r\n\t\t\tre(42+k*30,\"!smp \"+k+\" LpStart \"+sls+\" LpSz 0\"); bad = bad.addIfNone(\"!sLpStart0LpSz\") }\r\n\t\tif(sls && !slen) {\r\n\t\t\tre(46+k*30,\"!smp \"+k+\" LpStart \"+sls+\" sSz 0\"); bad = bad.addIfNone(\"!sLpStart0SSz\") }\r\n\t}\r\n//_log(\"5:allsmpsz=\"+allsmpsz+\" allvols=\"+allvols);\r\n\tif(allsmpsz < 8 || !allvols) return re(20,\"!smps too small or no smpvols\");\r\n\tord = X.U8(0x1D6); if(ord > 128) return false;\r\n\trestartp = X.U8(0x1D7); if(restartp > 220) return false;\r\n\tif(!restartp || /jjk55/.test(X.SA(0,6))) restartp = 0x78;\r\n\tbpm0 = 125;\r\n\tif(restartp != 0x78) {\r\n\t\tbpm0 = (709379*125 / (50*122*(240-restartp))).toFixed(2); //between ≈60 and ≈976\r\n\t\tif(minV > UST1_80) minV = Math.max(minV, hasDiskNames?ST_IX:MST1_00);\r\n\t\telse minV = Math.max(minV, hasDiskNames?UST1_80:ST2_00_Exterminator);\r\n\t}\r\n\tptn = offptn = badptn = ord_ = 0; usedptns = []; usedsmps = [];\r\n\tfor(o=0; o < 128; o++) {\r\n\t\tx = X.U8(0x1D8+o); if(x > 63) return re(0x1D8+o,\"!impossible ptn #\"+x);\r\n\t\tif(ptn <= x) {\r\n\t\t\tptn = x+1;\r\n\t\t\tif(o < ord) { offptn = ptn; if(usedptns.indexOf(x) < 0) usedptns.push(x) }\r\n\t\t}\r\n\t\tif(x >= badptn) badptn = ptn+1;\r\n\t\tif(x) ord_++; //a heuristic to count out suspiciously many zeroes\r\n\t} ord_++;\r\n//_log(\"ptn:\"+ptn+\" off.ptn:\"+offptn+\" badptn:\"+badptn+\" used ptns:\"+usedptns)\r\n\tsongszoffptn = 0x258+0x400*offptn;\r\n\tif(songszoffptn > X.Sz()) return re(songszoffptn,\"!patterns cut off\");\r\n\tic = tnDxx = notes = 0;\r\n\tfor(i=0; i < ptn; i++) {\r\n\t\temptycmd = nDxx = badnote = ptnic = ptnotes = 0;\r\n\t\tfor(row=0; row < 64; row++) for (chn=0; chn < 4; chn++) {\r\n\t\t\tvar ofs = 0x258+(i<<10)+(row<<4)+(chn<<2);\r\n\t\t\tx = X.readBytes(ofs, 4);\r\n\t\t\tif(X.isDeepScan()) {\r\n\t\t\t\tif(!emptycmd && !x[0] && !x[1] && !x[2] && !x[3]) {\r\n\t\t\t\t\temptycmd++; if(emptycmd > 32) minV = ST2_00\r\n\t\t\t\t} else emptycmd = 0 }\r\n\t\t\tvar smpn = (x[0]&0xF0) | ((x[2]&0xF0) >> 4), np = ((x[0]&0xF) << 8) + x[1], fx = x[2]&0xF;\r\n//if(debug>2)_log(\"@\"+Hex(ofs)+\" ptn \"+i+\": \"+Hex(x[0])+\" \"+Hex(x[1])+\" \"+Hex(x[2])+\" \"+Hex(x[3])+\": smp#\"+smpn+\" np:\"+Hex(np)+\" fx:\"+Hex(fx));\r\n\t\t\tif(usedptns.indexOf(i) >= 0)\r\n\t\t\t\tif(smpn > 15) { ptnic++;\r\n//if(debug>2)_log(\" bad smp \"+np+\" @\"+Hex(ofs)+\" ptn\"+i+\" row\"+row+\" chn\"+chn)\r\n\t\t\t\t}\r\n\t\t\t\telse if(usedsmps.indexOf(smpn) < 0) usedsmps.push(smpn);\r\n\t\t\tif((X.isDeepScan() || notes < 100) && !npTest(np)) { ptnic += 2; badnote++;\r\n//if(debug>2)_log(\" bad note \"+np+\" @\"+Hex(ofs)+\" ptn\"+i+\" row\"+row+\" chn\"+chn)\r\n\t\t\t} else if(np) ptnotes++;\r\n\t\t\tif(X.isDeepScan()) switch(fx) {\r\n\t\t\tcase 1: case 2:\r\n\t\t\t\tif(x[3] > 0x1F && minV == UST1_80) minV = hasDiskNames ? UST1_80 : UST1_00;\r\n\t\t\t\telse if(fx == 1 && x[3] > 0 && x[3] < 3) minV = Math.max(minV,ST2_00_Exterminator);\r\n\t\t\t\telse if(fx == 1 && (x[3] == 0x37 || x[3] == 0x47) && minV <= ST2_00_Exterminator)\r\n\t\t\t\t\tminV = hasDiskNames ? UST1_80 : UST1_00;\r\n\t\t\t\tbreak;\r\n\t\t\tcase 0xB: minV = ST2_00; break;\r\n\t\t\tcase 0xC: case 0xD: case 0xE: minV = Math.max(minV,ST2_00_Exterminator);\r\n\t\t\t\tif(fx == 0xD) { emptycmd = 1; if(!x[3] && !row) break; nDxx++ } break;\r\n\t\t\tcase 0xF: if(minV < ST_III) minV = ST_III; break;\r\n\t\t\t}\r\n\t\t}\r\n\t\tif(ptn >= offptn && ptnic > 64) ptn = offptn;\r\n\t\telse { ic += ptnic; notes += ptnotes; if(badnote) bad = bad.addIfNone('!badnotes') }\r\n\t\tif(ic > Math.max(512,ptn*128)) return re('!badbytes:'+ic);\r\n\t\tif(nDxx && nDxx < 3) minV = ST2_00; tnDxx += nDxx;\r\n\t}\r\n\tif(tnDxx > ptn+32 && minV == ST2_00) minV = MST1_00;\r\n\tif(X.isDeepScan()) switch(minV) {\r\n\tcase UST1_00: tracker = \"Karsten Obarski's Ultimate ST 1.0~21\"; break;\r\n\tcase UST1_80: tracker = \"Karsten Obarski's Ultimate ST 1.8~2.0\"; break;\r\n\tcase ST2_00_Exterminator: tracker = \"The Exterminator's ST 2.0 / D.O.C.'s ST II\"; break;\r\n\tcase ST_III: tracker = \"Il Scuro/Defjam's ST III / Alpha Flight ST IV / D.O.C.'s' ST IV / VI\"; break;\r\n\tcase ST_IX: tracker = \"D.O.C.'s' ST IX\"; break;\r\n\tcase MST1_00: tracker = \"Tip/The New Masters' Master ST 1.0\"; break;\r\n\tcase ST2_00: tracker = \"D.O.C.'s ST 2.0~2\"; break;\r\n\tdefault: tracker = \"???\"\r\n\t}\r\n\tsz = 0x258+0x400*ptn+allsmpsz;\r\n\tvar sizediff = Math.abs(sz-X.Sz()), orddiff = Math.abs(ord-ord_);\r\n\tvar nzord = ord?ord:0.0001, sus = 0;\r\n\tif(ic > 20) sus++; if(!isWithin(smp,3,15)) sus++; if(sizediff > 2048) sus++; if(sz > X.Sz()) sus++;\r\n\tif(!restartp) sus++; if(!ord || !ord_ || badptn > ptn+2) sus++; if(orddiff/nzord > 0.8) sus++;\r\n\tif(!ptn) sus++; if(notes < 2) sus++; if(allvols < smp) sus++;\r\n\tif(!isWithin(bpm0,20,300)) sus++;\r\n//_log(\"ic=\"+ic+\" smp=\"+smp+\" sizediff=\"+sizediff+\" ord||ptn=\"+(ord||ord_||ptn)+\" maxptn=\"+(badptn>ptn+2)+\" od%=\"+(orddiff/nzord).toFixed(1)+\" notes:\"+notes+\" bpm0:\"+bpm0+\" how sus:\"+sus)\r\n\tif(sus >= 4) // free strikes\r\n\t\t// If there are enough bad notes, the samples are kinda few or kinda many,\r\n\t\t//the size is more than two patterns' lengths different (especially smaller),\r\n\t\t//either no length or no \"official\" patterns are there, the orderlist is mostly zeroes,\r\n\t\t//it's just a couple notes or they're strange periods, the avg volume's too low, and the bpm0's weird...\r\n\t\treturn re(sus,'!too suspicious');\r\n\tif(ic) bad = bad.addIfNone('!baddata='+ic);\r\n\tif(sz > X.Sz()) bad = bad.addIfNone('!short');\r\n\tif(sus) bad = bad.addIfNone('!sus+'+sus)\r\n\treturn true;\r\n}\r\nif(!bDetected && isSoundtrackerMOD()) {\r\n\tsName = \"Karsten Obarski's SoundTracker module (.STK,.MOD)\"; bDetected = 1;\r\n\tif(bad != \"\") sVersion = 'malformed'+bad;\r\n\tif(X.isVerbose()) {\r\n\t\tsOptionT(X.SA(0,0x14));\r\n\t\tif(X.isDeepScan()) sOption(tracker,\"in:\");\r\n\t\tsOption(snames.filter(funSampleName).join(\" \"),'smps/msg:\"','\"');\r\n\t\tsOption('bpm0:'+bpm0+' ord:'+ord+(ord_!=ord? '/'+ord_: '')+' ptn:'+(offptn!=ptn? offptn+'/': '')+ptn\r\n\t\t\t+' smp:'+smp+(X.isDeepScan()? ' notes:'+notes: '')+' sz:'+outSz(sz))\r\n\t}\r\n}\r\n\r\n\r\nfunction isComposer670() {\r\n\tspd = X.U8(0); if(!isWithin(spd,1,15)) return false;\r\n\tord = X.U8(1); if(!ord || ord >= 128) return false;\r\n\tptn = X.U8(2); if(!ptn) return false; //while 0 is possible, there's no way we'll reliably detect the file then\r\n\tsmp = X.U8(3); if(smp > 0x20) return false;\r\n\topl = X.U8(4); lp = X.U8(5); if(lp > ord) return false;\r\n\tsmpp = X.U32(6); if(smpp > X.Sz()) return false;\r\n\tp = 0xA; for(i=0; i < ord; i++) if(X.U8(p++) >= ptn) return false;\r\n\tptnpt = p; p += ptn*4;\r\n\tfor(i=smpsz=0; i < smp; i++,p+=16) {\r\n\t\tif(X.U32(p)) return false;\r\n\t\tvar _l = X.U32(p+4), _ls = X.U32(p+8), _le = X.U32(p+12);\r\n\t\tif(!_l || _l > 0xFFFFF) return false; smpsz += _l;\r\n\t\tif(_le < 0xFFFFF && (_le > _l || _ls > _le)) return false\r\n\t}\r\n\tfor(i=0; i < opl; i++,p+=11) {\r\n\t\tif(X.U8(p) & 0xF0) return false;\r\n\t\tif(X.U8(p+5) & 0xFC) return false;\r\n\t\tif(X.U8(p+10) & 0xFC) return false;\r\n\t}\r\n\tfor(i=notes=0,ptnp=p,bad=false; i < ptn; i++) {\r\n\t\tp = ptnp+X.U32(ptnpt+i*4); if(p > smpp-3) return false;\r\n\t\tif(i >= ptn-1) ptnend = smpp; else ptnend = ptnp+X.U32(ptnpt+i*4+4);\r\n\t\tif(!isWithin(ptnend - p, 3,0x1000)) return false;\r\n\t\tfor(r = 0; p < ptnend;) {\r\n\t\t\tvar cmd = X.U8(p++);\r\n\t\t\tif(cmd <= 0xC) { p += 2; notes++ }\r\n\t\t\telse if(cmd >= 0x20 && cmd <= 0x2C) p++;\r\n\t\t\telse if(cmd == 0x40) r += X.U8(p++);\r\n\t\t\telse if(cmd == 0x60) break;\r\n\t\t\telse return false\r\n\t\t}\r\n\t\tif(r > 64) return false\r\n\t}\r\n\tsz = smpsz+smpp;\r\n\treturn opl+smp > 0\r\n}\r\nif(!bDetected && isComposer670()) {\r\n\tsName = \"CDFM/Composer 670 module (.670)\"; sVersion = 'compact'; bDetected = 1;\r\n\tif(bad) sVersion = \"malformed!badptn\";\r\n\tif(X.isVerbose()) sOption('spd:'+spd+' ord:'+ord+(lp?' lp:'+lp:'')+' ptn:'+ptn+' smp:'+smp+' fm:'+opl+' notes:'+notes+' sz:'+outSz(sz))\r\n}\r\n\r\n\r\nfunction isLDS() {\r\n\t//ref https://github.com/adplug/adplug/blob/master/src/lds.cpp\r\n\tif(X.Sz() < 136) return false; if((mode = X.U8(0)) > 2) return false;\r\n\tif(X.U8(1) > 0x1F && X.U8(1) != 0xD0) return false; //speed, byte1\r\n\tif(X.U8(2) < 0x42 || X.U8(2) > 0x43) return false; //speed, byte2\r\n\tif((tempo = X.U8(3)) < 3 || tempo > 0x1F || ((ptnsz = X.U8(4)) & 0x87)) return false;\r\n\tfor(i=5; i < 14; i++) if(X.U8(i) > 4) return false; if((regbd = X.U8(0xE)) > 2) return false;\r\n\tif(!(ins = X.U16(0xF)) || ins > 0x3F) return false;\r\n\tfor(p = 0x11; p < 0x11+0x2E*ins; p += 0x2E) {\r\n\t\tif(X.U8(p+4) > 3 && X.U8(p+4) != 0xE1 || X.U8(p+9) > 4) return false;\r\n\t\tif(X.U8(p+0xA) > 0x7F || (X.U8(p+0xC) & 0xC0)) return false;\r\n\t\tif(!isWithin(X.I8(p+0x15), -0x30, 0x30) || !isWithin(X.I8(p+0x17), -0x30, 0x30)) return false;\r\n\t\tif(!isWithin(X.I8(p+0x1B), -0x30, 0x30) || !isWithin(X.I8(p+0x20), -0x30, 0x30)) return false;\r\n\t\tif((X.U8(p+0x24) > 0x30) || X.U8(p+0x25) > 1 || !isWithin(X.I8(p+0x27), -4, 0)) return false;\r\n\t\tif(isInside(X.U8(p+0x2B), 0x30, 0xE8) || X.U16(p+0x2C)) return false;\r\n\t}\r\n\tord = X.U16(p); if(!ord || ord > 0x60) return false; p += 2; mp = -1; ptnp = p+ord*9*3+2;\r\n\tfor(i=0; i < ord; i++) for(j=0; j < 9; j++) {\r\n\t\t\tpt = X.U16(p); if(pt%2 || pt+ptnp > X.Sz() || pt > 0x4000) return false; if(mp < pt) mp = pt; p += 3;\r\n\t\t}\r\n\tdigisnd = X.U16(p); p += 2; sz = ptnp+digisnd; //digital sounds value seems to point just beyond the patterns!\r\n\tif(X.Sz() < sz) return false; ptn = Util.divu64(digisnd,2);\r\n\treturn true\r\n}\r\nif(!bDetected && isLDS()) {\r\n\tsName = 'Loudness Sound System Ad Lib module (.LDS)'; bDetected = 1;\r\n\tif(X.isVerbose()) sOption('ch:9 mode:'+mode+' spd:'+X.U16(1)+' tempo:'+tempo\r\n\t\t+' ord:'+ord+' ptn:'+ptn+' ins:'+ins+' sz:'+outSz(sz))\r\n}\r\n\r\n\r\nfunction isKSM() {\r\n\tfor(i=0; i < 4; i++) if(!isWithin(X.U8(i),0,0x57)) return false;\r\n\tfor(; i < 0xB; i++) if(X.U8(i)) return false; for(; i < 0x10; i++) if(X.U8(i) < 0xFB) return false;\r\n\tfor(; i < 0x20; i++) if([0xF0,4,6,8,0xC].indexOf(X.U8(i)) < 0) return false;\r\n\tfor(c=0; i < 0x25; i++) if(X.U8(i) > 5) return false; else if(!X.U8(i)) c++; if(c > 3) return false;\r\n\tfor(; i < 0x2A; i++) if(X.U8(i)) return false; for(; i < 0x30; i++) if(X.U8(i) > 1) return false;\r\n\tfor(i=0x40; i < 0x50; i++) if(!isWithin(X.U8(i),0x20,0x3F)) return false;\r\n\tif(!X.c(\"32323232 323232\",0x44)) return false;\r\n\treturn true\r\n}\r\nif(!bDetected && isKSM()) {\r\n\tsName = \"Ken Silverman's Adlib module (.KSM)\"; bDetected = 1;\r\n\tif(X.isVerbose()) sOption('notes:'+(notes=X.U16(0x50))+' sz:'+outSz(0x52+notes*4))\r\n}\r\n\r\n\r\nfunction isTMC() {\r\n\tfunction rt(p,m) { if(debug>1)_l2r('tmc',p,m); return false }\r\n\t//ref http://atariki.krap.pl/index.php/TMC\r\n\tif(X.Sz() < 0x1D0 || X.U8(0x23) != 0x20) return false; //data starts from 1A0+instr.+ptns., obligatory space\r\n\tif((bin = parseAtariBinary())[0] < 0x1D6) return rt('!binsz'); // an Atari binary, of this size\r\n\tif(X.U8(bin[1][0][1]+5) != 0xFF) return rt(0,'!ptnend'+outArray(bin,16)); // last ptn ends with FF\r\n\tif(!isWithin(spd0=X.U8(0x24),1,0x10) || !isWithin(ticks=X.U8(0x25),1,4)) return rt(0x25,'!spd'+spd0+'/'+ticks);\r\n\tfor(ins=t0=0,p0=0x10000,p=0x26; p < 0x66; p++) {\r\n\t\tif(!X.U8(p) && !X.U8(p+0x40)) continue; if([0,9].indexOf(X.U8(p)&0xF) < 0) return rt('!susins');\r\n\t\tt = (X.U8(p+0x40) << 8)+X.U8(p)+6-X.U16(2); if(t < 0 || t <= t0) return rt(t,'!-insptr');\r\n\t\tt0 = t; if(t > 0) { if(!isWithin(t,0x1A0,bin[1][0][1]+6)) return rt(t,'!insptr'); else ins++; if(p0 > t) p0 = t }\r\n\t}\r\n\tif(!ins) return rt(p0,'!0inst'); if([0,9].indexOf(X.U8(0xA6) & 0xF) < 0) return rt(p0,'!0ptnptr'); //still depends on instrument record length\r\n\tfor(ptn=t0=0,p=0xA6; p < 0x126; p++) {\r\n\t\tt = (X.U8(p+0x80) << 8)+X.U8(p)-X.U16(2)+6; if(p0 > t) p0 = t; if(t < 0 || t <= t0) return rt(t,'!-ptnptr'); t0 = t;\r\n\t\tif(t && !isWithin(t,0x1A0,bin[1][0][1]+6)) return rt(t,'!ptnptr'); if(t && X.U8(t) != 0xFF) ptn++\r\n\t}\r\n\tord = (p0-0x1A6) >> 4;\r\n\tfor(p=0x1A7,pt=-1,ic=0; p < p0; p += 2)\r\n\t\tif(!X.c(\"FF\",p) && !X.c(\"7F\",p))\r\n\t\t\tif(X.U8(p) > 0x7F) ic++; else if(X.U8(p) >= pt) pt = X.U8(p)+1;\r\n\treturn true\r\n}\r\nif(!bDetected && isTMC()) {\r\n\tsName = \"Marcin 'Jaskier' Lewandowski's Theta Music Composer module (.TMC,.TM4,.TM8)\"; sVersion = 'v1.x'; bDetected = 1;\r\n\tif(ic) sVersion = sVersion.appendS('malformed!'+ic+'ptns','/');\r\n\tif(X.isVerbose()) {\r\n\t\tsOption(decAnsi(6,0x1E,CPATASCII,Chars0to1FATASCII_PL)); //Polish is prevalent, so...\r\n\t\tsOption('spd0:'+spd0+' ticks:'+ticks+' ord:'+ord+' ptn:'+(pt!=ptn?pt+'/':'')+ptn+' ins:'+ins+' sz:'+outSz(bin[0]))\r\n\t}\r\n}\r\n\r\n\r\nfunction isRMT() {\r\n\tfunction rt(p,m) { if(debug>1)_l2r('rmt',p,m); return false }\r\n\t//ref http://atariki.krap.pl/index.php/RMT_%28format_pliku%29 & http://atariki.krap.pl/index.php/Rmt\r\n\tif((bin = parseAtariBinary(0))[0] < 0x100) return rt('!binsz');\r\n\tbase = X.U16(2);\r\n\tp = bin[1][0][0]; ch = X.U8(p+3)-0x30;\r\n\tif(!X.c(\"'RMT'\",p) || ![4,8].includes(ch)) return;\r\n\tvar trklen = X.U8(p+4); if(!trklen) trklen = 256;\r\n\tspd0 = X.U8(p+5); if(!spd) return; ticks = X.U8(p+6); if(!ticks) return; v = X.U8(p+7);\r\n\tvar instp = p+X.U16(p+8)-base, trktlp = p+X.U16(p+0xA)-base, trkthp = p+X.U16(p+0xC)-base,\r\n\ttrklstp = p+X.U16(p+0xE)-base;\r\n//_l2r('rmt',p,'instp='+Hex(instp)+' trktlp='+Hex(trktlp)+' trkthp='+Hex(trkthp)+' trklstp='+Hex(trklstp));\r\n\tif(instp > X.Sz() || trktlp < instp || trkthp < trktlp || trklstp < trkthp\r\n\t\t|| trktlp > X.Sz() || trkthp > X.Sz() || trklstp > X.Sz()) return;\r\n\t//TODO extract more data\r\n\treturn true\r\n}\r\nif(!bDetected && isRMT()) {\r\n\tsName = \"Radik 'Raster' Štěrba's Raster Music Tracker module (.RMT)\"; sVersion = 'v'+v; bDetected = 1;\r\n\tif(X.isVerbose()) {\r\n\t\tif(bin[1].length > 1) sOption('metadata present'); //TODO; don't have sample files\r\n\t\tsOption('ch:'+ch+' spd0:'+spd0+' ticks:'+ticks+' sz:'+outSz(bin[0]));\r\n\t}\r\n}\r\n\r\n\r\nfunction isPollyTracker() {\r\n\t//A trivial RLE compression with AE as the special command and a few glitches.\r\n\t//Underneath that, a trivial format that also messes up the lowercase letters for no reason.\r\n\t//Everything's space-padded, even the samples.\r\n\tif(!X.c(\"AE\") || X.Sz() < 121) return false;\r\n\tp = 1; sz = unpsz = -1; var o = end = lc = 0; var u = Array(0x10000); var last = [-1,-2,-3,-4];\r\n\tfunction rB(q) { //this exists just to check for the unpacked sequences, we actually have better checks\r\n\t\tlast[lc++] = X.U8(q); if(lc > 3) lc = 0;\r\n\t\t//PT packs sequences over 3 ch long so any we encounter in the file is cause enough to break off\r\n\t\tif(last[0] === last[1] === last[2] === last[3]) { end = 1; return -1 }\r\n\t\telse return X.U8(q)\r\n\t}\r\n\tfunction ret(s) { delete u; if(debug)_log(s); return false }\r\n\twhile(!end && o < (X.isDeepScan() ? 65536 : 0x100) && p < Math.min(X.isDeepScan() ? 65535: 0x100,X.Sz())) {\r\n\t\tt = rB(p++);\r\n\t\tif(t == 0xAE) {\r\n\t\t\tc = rB(p++); if(c < 0) return ret(\"PTFault: bad count\");\r\n\t\t\tif(!c) { end = true; break }\r\n\t\t\telse if(c === 1) { u[o++] = 0xAE; continue }\r\n\t\t\tb = rB(p++); if(b < 0) return ret(\"PTFault: bad byte\");\r\n\t\t\tfor(;c; c--) u[o++] = b\r\n\t\t}\r\n\t\telse u[o++] = t\r\n\t}\r\n\tif((tempo = u[0x1FC1]) < 0x10) return ret(\"PTFault: tempo < 10h\");\r\n\tif(u[0x1F80] || u[0x1F90]) return ret('PTFault: nonzero smp#0');\r\n\tif(o%0x100) //fixing what seems like the packer's glitch. The lil bud always picks up some extra bytes\r\n\t\twhile(o%0x100 && u[o-1] === 0x20) o--;\r\n\tif(o%0x100 || (X.isDeepScan() && o < 8192) || o > 65535 || p > 65535)\r\n\t\treturn ret('PTFault: bad range! o='+Hex(o)+' p='+Hex(p));\r\n\tif((modsz = ((u[0x1FC3]+0x10) << 8)) != o)\r\n\t\treturn ret('PTFault: allsmpsz mismatch: '+Hex(modsz)+' != '+Hex(o));\r\n\tvar msmp = [4,12]; smp = 0;\r\n\tfor(i=0x1F81; i < 0x1F90; i++) { // find max sample, count samples included\r\n\t\tif(u[i] >= 0x10) smp++; if(u[i] > msmp[0]) { msmp[0] = u[i]; msmp[1] = u[i+0x10] }\r\n\t}\r\n\tif((lastsmpend = ((msmp[0]+0x10)<<8) + (msmp[1]<<8)) != o)\r\n\t\treturn ret('PTFault: last smp end '+Hex(lastsmpend)+' != '+Hex(o));\r\n\tnotes = ic = 0;\r\n\tfor(i=0; i < Math.min(0x1F00,o); i++) //test all the patterns, it's still fast\r\n\t\t//Notes aren't allowed to have smp#0 or note#0 but be a non-zero byte.\r\n\t\t//But PT v1.2 is glitchy, and earlier versions clearly allowed smp#0, so it does sometimes happen.\r\n\t\tif(u[i] && u[i] != 0xF0) { notes++; if((u[i]&0xF0) == u[i]) ic++ }\r\n\tif(X.isDeepScan()) for(i=0x2000; i < o; i++) //test all the samples\r\n\t\tif(u[i] > 0x3F) return ret('PTFault: bad sample @'+Hex(i));\r\n\tunpsz = o; sz = p; ord = ptn = 0;\r\n\tfor(i = 0x1F00; i < 0x1F80; i++) { if(!u[i]) break; ord++; if((pt = u[i]-0xDF) > ptn) ptn = pt }\r\n\tif(ic > ptn<<2) return ret('PTFault: '+ic+' bad notes');\r\n\t// Let's adapt the text info too.\r\n\tfor(i = 0x1FA0; i < 0x1FC0; i++) { if(u[i] && u[i] < 0x1A) u[i] += 0x60 }\r\n\tinfo = decEncoding(u.slice(0x1FA0,0x1FB0),CPAmiga);\r\n\tcomposer = decEncoding(u.slice(0x1FB0,0x1FC0),CPAmiga);\r\n\tdelete u;\r\n\r\n\treturn true;\r\n}\r\nif(!bDetected && isPollyTracker()) {\r\n\tsName = \"Polly Tracker module (.MOD)\"; bDetected = 1;\r\n\tif(X.isVerbose() && X.isDeepScan()) {\r\n\t\tsOptionT(info); sOptionT(composer,'by:');\r\n\t\tsOption('tempo:'+Hex(tempo)+' ord:'+ord+' ptn:'+ptn+' smp:'+smp+' notes:'+notes+' unpsz:'+unpsz+' sz:'+outSz(sz))\r\n\t}\r\n}\r\n\r\n\r\nfunction isSidMUS() {\r\n\t//ref NostalgicPlayer Source/Ports/LibSidPlayFp/SidTune/Mus.cs :: Detect, TryLoad\r\n\t// & https://github.com/MyDeveloperThoughts/ComputeSidPlayerC64Source/blob/main/notes/musFileFormat.md\r\n\tif(X.Sz() < 27) return;\r\n\tconst HLT = 0x014F;\r\n\tvar loadaddr = X.U16(0), len1 = X.U16(2), len2 = X.U16(4), len3 = X.U16(6);\r\n\tvar v1p = 8+len1, v2p = v1p+len2, v3p = v2p+len3;\r\n\tif(v3p > X.Sz() || (v1p & 1) || (v2p & 1) || (v3p & 1)) return;\r\n\tif(!X.c(\"014F\",v1p-2) || !X.c(\"014F\",v2p-2) || !X.c(\"014F\",v3p-2)) return; // voices must HLT at the end\r\n\tsz = v3p; t = \"\";\r\n\tif(X.Sz() > v3p && (p=X.fSig(v3p,0x1000,\"00\")-v3p+1) > 0) {\r\n\t\tt = decAnsi(v3p,p,CPFullCPETshifted,true).trim(); sz += p\r\n\t}\r\n\treturn true\r\n}\r\nif(!bDetected && isSidMUS()) {\r\n\tsName = \"COMPUTE!'s Enhanced SidPlayer tune (.MUS+.STR+.WDS)\"; bDetected = 1;\r\n\tif(X.isVerbose()) {\r\n\t\tsOption((t.length?'\"'+addEllipsis(t,0x100,0xA0)+'\"':'').append('sz:'+outSz(sz)));\r\n\t}\r\n}\r\n\r\n\r\nfunction isUltima6M() {\r\n\t//ref https://github.com/adplug/adplug/blob/master/src/u6m.cpp\r\n\tif(X.Sz() < 421 || !isWithin(unpsz=X.U16(0),0x30E,0xB21) || !X.c('00000007',2)) return false; //a rough filter\r\n\t// a finer filter: actually unpacking LZW and double-checking there\r\n\tvar C, cW, o = 0, lim = Math.min(X.Sz(),unpsz), br = new BitReader(4), end = false,\r\n\t\tpW = 0, cwsz = 9, nextcw = 0x102, stk = [],\r\n\t\tdictsz = defdictsz = 0x1000, dict = [], contains = 0x102;\r\n\tfor(i=0; i < dictsz-0x100; i++) dict.push({'rt':0, 'cw':0}) //new dictionary\r\n\tvar dest = []; for(i=0; i < unpsz; i++) dest.push(0); //unpacked module\r\n\tfunction getstring(codeword) { //puts the string into a stack\r\n\t\tvar c = codeword; while(c > 0xFF) { stk.push(dict[c-0x100]['rt']); c = dict[c-0x100]['cw'] } stk.push(c & 0xFF)\r\n\t}\r\n\twhile(!end && br.offset <= lim && o <= unpsz) { //lzw decomp\r\n\t\tif(cwsz < 9 || cwsz > 12) return false; cW = br.read(cwsz);\r\n\t\tswitch(cW) {\r\n\t\t\tcase 0x100: cwsz = 9; nextcw = 0x102; dictsz = 0x200; contains = 0x102; //re-init the dictionary\r\n\t\t\t\tif(cwsz < 9 || cwsz > 12) return false; cW = br.read(cwsz); if(o >= unpsz) return false;\r\n\t\t\t\tdest[o++] = cW & 0xFF; break;\r\n\t\t\tcase 0x101: end = true; break; //end of data\r\n\t\t\tdefault:\r\n\t\t\t\tgetstring(cW < nextcw ? cW : pW); //codeword is already in the dictionary? get cW; else, pW\r\n\t\t\t\tC = stk[stk.length-1] & 0xFF;\r\n\t\t\t\tif(cW < nextcw)\r\n\t\t\t\t\twhile(stk.length) { if(o >= unpsz) return false; dest[o++] = stk.pop() & 0xFF\r\n\t\t\t\t\t}\r\n\t\t\t\telse { //codeword not yet defined\r\n\t\t\t\t\twhile(stk.length) { if(o >= unpsz) return false; dest[o++] = C; stk.pop() }\r\n\t\t\t\t\tif(cW != nextcw) return false;\r\n\t\t\t\t}\r\n\t\t\t\tif(contains < dictsz) { dict[contains-0x100] = { 'rt':C, 'cw':pW }; contains++ }\r\n\t\t\t\tnextcw++; if(nextcw >= dictsz) if(cwsz < 12) { cwsz++; dictsz <<= 1 }\t\t\t\t\t\r\n\t\t}\r\n\t\tpW = cW\r\n\t}\r\n\tif(!end) return false;\r\n\tsz = br.offset;\r\n\tif(dest[0] != 0x83 || dest[1] || (dest[2]&8) || (dest[3]&0x20) || (dest[5]&0x80) || dest[6] > 1) return false;\r\n//_logBase64(toBase64(dest)); //outputs the unpacked module for further saving\r\n\treturn true\r\n}\r\nif(!bDetected && isUltima6M()) {\r\n\tsName = 'Ultima 6 Adlib module (.M)'; sOption('unpsz:'+unpsz+' sz:'+outSz(sz)); bDetected = 1\r\n}\r\n\r\n\r\nfunction isQuartetST() {\r\n\tif(!isWithin(X.U16(0,_BE),4,0x10)) return false;\r\n\tif(!isWithin(X.U16(2,_BE),8,0x20)) return false;\r\n\tif(!isWithin(X.U16(4,_BE),4,0x30)) return false;\r\n\tif(!isWithin(X.U8(6),1,4) || !X.c(\"0400000000\",7)) return false;\r\n\tif(!X.c(\"'WT'\",0xC) && X.U32(0xC,_BE)) return false;\r\n\tif(!isWithin(X.U8(0x17),3,0x77)) return false;\r\n\tif((t=X.U32(0x18,_BE)) > 0x4C || (t&3)) return false;\r\n\tsz = 0x10; var szlim = Math.min(X.Sz(),0xFFFF); x = 0;\r\n\tfor(p=0x1C; p < Math.min(X.Sz()-1,0x400); p+=12) if(!isWithin(X.U16(p,_BE),0x46,0x6C)) return false;\r\n\twhile(sz < szlim) {\r\n\t\tif(!X.c(\"0056\",sz)) break; x++;\r\n\t\tfor(i=0; i < 4; i++) for(sz += 2; sz < szlim; sz+=2) if(X.c(\"0046\",sz)) break;\r\n\t\tsz += 0xC;\r\n\t\tbreak //TODO? Fugue.4v or Sweet Dreams.4v have more info after the 4 iterations, but it looks funny there\r\n//_log(Hex(sz))\r\n\t}\r\n\tspd0 = X.U16(0xE,_BE);\r\n\treturn !x || sz <= szlim\r\n}\r\nif(!bDetected && isQuartetST()) {\r\n\tsName = \"Illusions/Microdeal Quartet module (QTS.+SMP., .4V+.SET)\";\r\n\tsVersion = \"samples\"; bDetected = 1;\r\n\tif(X.isVerbose()) {\r\n\t\t//if(x > 1) sOption(x,'voices?'); //TODO for the same reason\r\n\t\tsOption((spd0?'spd0:'+spd0+' ':'')+'sz:'+outSz(sz))\r\n\t}\r\n}\r\n\r\n\r\nfunction isSQDigitalTracker() {\r\n\t//ref https://bitbucket.org/zxtune/zxtune/src/develop/src/formats/chiptune/digital/sqdigitaltracker.cpp\r\n\tif(X.Sz() < 0x4400) return false;\r\n\tif(X.U8(0x100) != 0x7C && X.U8(0x11F) != 0x7C) return false; //title surrounded by | |\r\n\tif(charStat(X.readBytes(0x100,0x20),1).indexOf('allasc') < 0) return false;\r\n\tif(X.U8(0x204) != 0xFF) return false;\r\n\ttempo = X.U8(0x210); if(!isWithin(tempo,2,10)) return false;\r\n\tord = X.U8(0x212)+1; if(!isWithin(ord,1,0x65)) return false;\r\n\tloop = X.U8(0x211); if(loop >= ord) return false;\r\n\tif(charStat(X.readBytes(0x300,0x80),1).indexOf('allasc') < 0) return false;\r\n\tsz = 0x4000; //var regions = [];\r\n\tfor(i=0; i < 8; i++) { // check layouts, calc size\r\n\t\tif(X.U8(0xC0+i*4)) return false; //address, lower byte\r\n\t\tif(!isWithin(X.U8(0xC0+i*4+1),0x80,0xC0)) return false; //address, higher byte\r\n\t\tif(!isWithin((bnk=X.U8(0xC0+i*4+2)),0x58, 0x5F)) return false; //bank\r\n\t\tif(!isWithin((sec=X.U8(0xC0+i*4+3)),1,0x80)) return false; //sectors\r\n\t\tvar lst = X.U16(0xC0+i*4), lsz = sec << 8; bnk &= 7;\r\n\t\t//if(lst >= 0xC000 && lst+lsz <= 0x10000) regions[bnk] = [sz, lsz];\r\n\t\tsz += lsz\r\n\t}\r\n\tif(sz > X.Sz()) return false;\r\n\tsz += 0x400; // data at the end; tracker settings? nobody'll miss it, but...\r\n//_l2r('sqd',0x4400,'regions:'+outArray(regions,16))\r\n\ttitle = X.SC(0x101,0x1E,\"CP1251\").trim();\r\n\tfor(i=smp=0; i < 0x10; i++) { //sample info parser\r\n\t\tif(X.U8(0x120+i*8+4) > 1) return false;\r\n// \t\t\tvar rst = X.U16(0x120+i*8), rlp = X.U16(0x120+i*8+2);\r\n// \t\t\tif(rst < 0x8000 || rst < rlp) continue;\r\n// \t\t\tbnk = X.U8(0x120+i*8+5) & 7; var smpbase = rst < 0xC000? 0x8000: 0xC000;\r\n// //_l2r('sqd',0x120+i*4,'used bank #'+bnk+' at '+Hex(rst)+'..'+Hex(rlp))\r\n// \t\t\tif(typeof regions[bnk] != \"undefined\") {\r\n// \t\t\t\tsmp++;\r\n// \t\t\t\tvar ssz = Math.min(0x10000-rst,regions[bnk][1]), sp = regions[bnk][0] + rst - smpbase;\r\n// \t\t\t}\r\n\t}\r\n\tfor(i=ptn=0; i < 100; i++) if((t = X.U8(0x1A0+i)) > 0x1F) return false; else if(ptn < t) ptn = t;\r\n\tptn++;\r\n\treturn true\r\n}\r\nif(isSQDigitalTracker()) {\r\n\tsName = \"SQ Digital Tracker module (.SQD,.M)\"; bDetected = 1;\r\n\tif(X.isVerbose()) {\r\n\t\tsOptionT(title); sOption('tempo:'+tempo+' ord:'+ord+(loop?' loop:'+loop:'')+' ptn:'+ptn+' sz:'+outSz(sz));\r\n\t}\r\n}\r\n\r\n\r\nfunction isSAS() {\r\n\t//from the eagleplayer RE\r\n\tif(X.U8(0) || !X.c(\"00000200\",0xC)) return false;\r\n\tfor(p=0x10,ptn=0; p < 0x1010; p += 2) { //orderlist?\r\n\t\tif(X.I32(p) == -1) break; if(X.U8(p)) return false; if(X.U8(p+1) > ptn) ptn = X.U8(p+1)\r\n\t}\r\n\tptn++; ord = (p-0x10) >> 3; d2 = p; p = 0x1010 + ptn*0x30;\r\n\twhile(p < Math.min(X.Sz(),0x30000)) { if(X.U32(p,_BE)) break; p += 4 }\r\n\tif(!X.c(\"'FORM'........'8SVXVHDR'\",p+0x280)) return false;\r\n\tsmptp = p; smp = 0; smps = '';\r\n\tfor(i=0x20,sz=0; i--; p+=4) { //q for smpstart, p for smpsz?\r\n\t\tif(!X.U8(p)) {\r\n\t\t\tvar sp = smptp+X.I32(p,_BE), ssz = X.I32(p+0x80,_BE);\r\n\t\t\tif(sp < 0x280 || !X.c(\"'FORM'........'8SVXVHDR'\",sp)) return false;\r\n\t\t\tsmp++; if(sp+ssz > sz) sz = sp+ssz;\r\n\t\t\t//if((t=X.fSig(sp,0x30,\"'NAME'00\")) > -1) smps = smps.appendS(X.SA(t+8,X.U32(t+4,_BE)),' ') //not much to show\r\n\t\t}\r\n\t}\r\n\treturn true\r\n}\r\nif(!bDetected && isSAS()) {\r\n\tsName = \"Michael Winterberg's Speedy A1 System module (.SAS)\"; bDetected = 1;\r\n\tif(X.isVerbose()) {\r\n\t\t//sOption(smps,'smps:\"','\"');\r\n\t\tsOption('ord:'+ord+' ptn:'+ptn+' smp:'+smp+' sz:'+outSz(sz))\r\n\t}\r\n}\r\n\r\n\r\nfunction isMFP() {\r\n\t// from the binary eagleplayer REing (it's actually different for some reason)\r\n\t// ref https://gitlab.com/uade-music-player/uade/-/raw/master/amigasrc/players/wanted_team/MagneticFieldsPacker/src/Magnetic Fields Packer_v3.asm\r\n\tif(X.Sz() < 0x17E || !isWithin(ord=X.U8(0xF8), 1, 0x7F) || X.U8(0xF9) != 0x7F) return false;\r\n\tvar x17a = X.U16(0x17A,_BE); p = 0x179; allsmpsz = 0;\r\n\tif(x17a != X.U16(0x17C,_BE) || x17a != ord) return false;\r\n\tord_ = -1; ptn = 0;\r\n\tfor(; p > 0xF9; p--) { if((o=X.U8(p)) > 100) return false; if(o && ord_ < 0) ord_ = p-0xF9; if(o >= ptn) ptn = o+1 }\r\n\tif(ord_ < 0) ord_ = 1;\r\n\tfor(p=smp=i=0; i < 31; i++, p += 8) if(ssz=X.U16(p,_BE)) { smp++; allsmpsz += ssz } allsmpsz <<= 1;\r\n\tfor(p=0x17E,i=m=0; i < x17a*4; i++,p+=2) m = Math.max(m,X.U16(p,_BE)); p += m;\r\n\t//the source and player diverge from here, I mix them together\r\n\tif(ptn == 1) for(t=X.U16(p-2,_BE),p+=2; p < X.Sz(); p += 2) if(X.U16(p-2,_BE) == t) return true; //from src\r\n\t//from bin:\r\n\tfor(q=p,m=0; q < p+4; q++) m = Math.max(m,X.U8(q)); //@e4b2, ofs 4ca+\r\n\tfor(a3=p+m+4,m=0; q < a3; q++) m = Math.max(m,X.U8(q)); //@e4c4 ofs 4e2+\r\n\tfor(a3=p+m+4,m=0; q < a3; q++) m = Math.max(m,X.U8(q)); //@e4d6 ofs 4e2+\r\n\tp += m*2+4; songsz = p;\r\n\t// back to src which continues where the bin left off:\r\n\twhile(X.c(\"04040404 08080808\",p) && p < 0xFFFF) p += 0x10;\r\n\treturn true\r\n}\r\nif(!bDetected && isMFP()) {\r\n\tsName = \"Shaun Southern's Magnetic Fields Packer module (.MFP+.SMP)\"; bDetected = 1;\r\n\t//without the smp file, the smp.*.set will be used\r\n\tif(X.isVerbose()) {\r\n\t\tsOption('ord:'+ord+(ord != ord_? '/'+ord_: '')+' ptn:'+ptn+' smp:'+smp\r\n\t\t\t+' smpsz:'+allsmpsz+' songsz:'+songsz+' sz:'+outSz(p))\r\n\t}\r\n}\r\n\r\n\r\nfunction isADL() {\r\n\t//ref https://github.com/adplug/adplug/blob/master/src/adl.cpp -> CadlPlayer::load\r\n\t// & https://www.vgmpf.com/Wiki/index.php?title=ADL_(Westwood)\r\n\tif(X.Sz() < 720) return; //v1 min. size\r\n\t// Active Pointers, Zeroes and Invalid Chars are heuristics to filter out random sparse files in the obscurity that is ADL\r\n\t// There must be at least some active pointers, and too many zeroes at prog start is suspicious. IC is when a prog doesn't start on a well-expected byte\r\n\tp = ap = z = ic = 0;\r\n\tnV = 4;\r\n\tofs = 500; //track entries\r\n\tfor(; p < ofs; p+=2) { //500=1F4h is the trackentries buffer\r\n\t\tif(nV == 4 && isWithin(w = X.U16(p), 0x1F4,0xFFFE)) { //in v4, all entries are either within 500 or FFFF\r\nif(debug>1)_logIt('@'+Hex(p)+': '+Hex(w))\r\n\t\t\tnV = 3 /*or less*/; ofs = X.c(\"6C776DFFFFFF6E6F\",0x78) ? 250 : 120 // 78h, or FAh just for loresfx.adl\r\n\t\t}\r\n\t}\r\n\tconst M = Math.min(0xFFFF+ofs,X.Sz());\r\n\tp = ofs;\r\n// v1: EoB; v2: EoB2, Kyr1, Dune2; v3: LandsOfLore, Kyr2\r\n// _trackEntries[] _soundData[] -- program/instrument offsets are ofs-relative\r\n// | pt ids (ord?) | Program pt: sound/music tracks | Instrument pt: adlib ins | Trk data | Ins data |\r\n// v1: 120 bytes | 150 words | 150 words | @2D0h\r\n// v2: 120 bytes | 250 words | 250 words | @460h\r\n// loresfx.adl: 250 bytes | 250 words | 250 words | @4E2h\r\n// v3: 250 words | 500 words | 500 words | @9C4h\r\n\r\n//if(debug>0)_logIt(' v'+nV+' ofs:'+ofs+'/'+Hex(ofs))\r\n\t// test prog offsets: start with the first 150\r\n\tif(nV < 4) {\r\n\t\tnprog = 150; //for v1\r\n\t\tfor(i=0; i < nprog; i++) {\r\n\t\t\tw = X.U16(p); p += 2;\r\n\t\t\tif(w && w != 0xFFFF) { ap++;\r\n\t\t\t\tif(w < 1000) { nV = 1; if(X.U16(0x78) != 0x258 /*in v1, the 0th prog always starts at 2D0*/) return }\r\n\t\t\t\tif(!isWithin(w, 600,M)) { if(debug>0)_logIt('!w='+w+'<600 or > sz'); return }\r\n\t\t\t\tw += ofs; y = X.U8(w);\r\n\t\t\t\tif(y != 0x8E && y > 9) { // progs always start with 1~9 or, seldom, 0 or 8E\r\n//if(debug>1)_logIt('!v'+nV+'@'+Hex(p-2)+': ['+Hex(w)+'] = '+Hex(y))\r\n\t\t\t\t\tz++\r\n\t\t\t\t}\r\n\t\t\t}\r\n\t\t}\r\n//if(debug>0)_logIt(' v'+nV+'@'+Hex(p))\r\n\t\t// check the rest of the program offsets:\r\n\t\tif(nV > 1) {\r\n\t\t\tif(X.Sz() < 1120) return; //v2/3 min. size\r\n\t\t\tnprog = 250; p = ofs+300;\r\n\t\t\tfor(i=150; i < nprog; i++,p+=2) {\r\n\t\t\t\tw = X.U16(p);\r\n\t\t\t\tif(w && w != 0xFFFF) { ap++;\r\n\t\t\t\t\tif(!isWithin(w, 1000,M)) { if(debug>0)_logIt('!w='+w+'<1000 or > sz'); return }\r\n\t\t\t\t\tw += ofs; y = X.U8(w);\r\n\t\t\t\t\tif(!y) z++;\r\n\t\t\t\t\tif(y != 0x8E && y > 9) {\r\n//if(debug>1)_logIt('!v'+nV+'@'+Hex(p)+': ['+Hex(w)+'] = '+Hex(y))\r\n\t\t\t\t\t\tic++\r\n\t\t\t\t\t}\r\n\t\t\t\t}\r\n\t\t\t}\r\n\t\t}\r\n//if(debug>0)_logIt('v'+nV+'@'+Hex(p)+' ')\r\n\t} else { //v4\r\n\t\tif(X.Sz() < 2500) return;\r\n\t\tnprog = 500; p = ofs;\r\n\t\tfor(i=0; i < nprog; i++,p+=2) {\r\n\t\t\tw = X.U16(p);\r\n\t\t\tif(w && w != 0xFFFF) { ap++;\r\n\t\t\t\tif(!isWithin(w, 2000,M)) { if(debug>0)_logIt('!w='+w+'< 2000 or > sz'); return }\r\n\t\t\t\tw += ofs; y = X.U8(w);\r\n\t\t\t\tif(!y) z++;\r\n\t\t\t\tif(y != 0x8E && y > 9) {\r\n//if(debug>1)_logIt('!v'+nV+'@'+Hex(p)+': ['+Hex(w)+'] = '+Hex(y))\r\n\t\t\t\t\tic++;\r\n\t\t\t\t}\r\n\t\t\t}\r\n\t\t}\r\n\t}\r\n\t// also test ins offsets and find the max one+11 = filesize:\r\n\tfor(mw=i=0,mo=(nprog<<1)+ofs; i < nprog; i++,p+=2) {\r\n\t\tw = X.U16(p);\r\n\t\tif(w && w != 0xFFFF) { ap++;\r\n\t\t\tw += ofs;\r\n//if(debug>1)_logIt('@'+Hex(p)+': ['+Hex(w)+'] = '+Hex(X.U8(w)))\r\n\t\t\tif (!isWithin(w, mo,X.Sz())) { if(debug>0)_logIt(!'@'+Hex(p)); return; }\r\n\t\t\tmw = Math.max(mw,w)\r\n\t\t}\r\n\t}\r\n\tsz = mw+11; if(sz < 6900) return;\r\n\tptn = [];\r\n\tif(nV == 4) { for(p=0; p < 500; p+=2) if(isWithin(y=X.U16(p),1,0xFFFE)) if(!ptn.includes(y)) ptn.push(y); }\r\n\telse for(p=ofs; p < 250; p+=2) if(isWithin(y=X.U16(p),1,0xFFFE)) if(!ptn.includes(y)) ptn.push(y);\r\n\tptn = ptn.length;\r\nif(debug>0)_log('@'+Hex(p)+' v:'+nV+' ic:'+ic+' zeros:'+z+' ap:'+ap+' ptn:'+ptn)\r\n\treturn ic < 5 && z < 50 && ap > 1 // heuristics\r\n}\r\nif(!bDetected && isADL()) {\r\n\tsType = 'audio'; sName = \"Westwood ADL module (.ADL)\"; bDetected = 1;\r\n\tif(ofs == 250) sVersion = 'v.sfx'; else sVersion = 'v'+[,'1','2','2','3'][nV];\r\n\t\r\n\tif(X.isVerbose()) sOption('ptn:'+ptn+' sz:'+outSz(sz))\r\n}\r\n\r\n\r\nfunction isFLS() {\r\n\t//from https://ay.strangled.net/Ay_Emul30.src.7z/Players.pas -> FoundFLS\r\n\tif(X.Sz() < 0x34) return;\r\n\tvar orda, ptna, smpa, p, cura, mp, maxd, dif, i, j;\r\n\tfunction re(m) { if(debug>0)_log('[isFLS]@'+Hex(p)+': '+m); return }\r\n\tfunction ValidSmpP() { return p >= 12 + orn*2 && !((p - orn*2) % 6) }\r\n\tfunction ValidSmpParams(o) {\r\n\t\tvar lp = X.U8(o), lpsz = X.U8(o+1); if(lp > 0x20) return;\r\n\t\tif(!lp) { if(!isWithin(lpsz, 1,0x20)) return; } else if(!isWithin(lpsz, 1,0x21-lp)) return;\r\n\t\treturn true\r\n\t}\r\n\tordp = X.U16(0); ornp = X.U16(2); smpp = X.U16(4);\r\n\torn = smpp-ornp; if(!isWithin(orn, 0,30) || orn % 2) return;\r\n\torn >>= 1; orda = ordp; smp = ordp-smpp;\r\n\tif(smp <= 0 || smp > 16*4 || smp % 4) return;\r\n\tsmp >>= 2; ptna = X.U16(6); ord = ptna-orda-1; if(!isWithin(ord, 1,256)) return;\r\n\tif(X.Sz() < 12+ord+1+36*smp+34*orn+3-1) return;\r\n\tp = 6; mp = 6+orn*2+smp*4;\r\n\tmaxd = X.Sz()+1-mp; mp += 31*6;\r\n\tif(mp > X.Sz()+1-ord-1-3) { mp = X.Sz()+1-ord-1-3; if(mp % 2) --mp; }\r\n\twhile(p < mp) {\r\n\t\tcura = X.U16(p); dif = cura-orda;\r\n\t\tif(!isWithin(dif, 1,maxd)) break;\r\n\t\tif(ValidSmpP() && p+6 < mp && ValidSmpParams(p)) {\r\n\t\t\tsmpa = X.U16(p+2);\r\n\t\t\tif((!orn || smpa-X.I16(p-2) == 32) &&\r\n\t\t\t\t( smp == 1 && orda-smpa == 32*3 || \r\n\t\t\t\t smp > 1 && ValidSmpParams(p+4) && X.I16(p+6)-smpa == 32*3\r\n\t\t\t\t)\r\n\t\t\t) break;\r\n\t\t}\r\n\t\tif(cura < ptna) return re('!cura < ptna: '+Hex(cura)+' < '+Hex(ptna));\r\n\t\tp += 2;\r\n\t}\r\n\tif(!ValidSmpP()) return re('!post-cycle invalid smp ofs');\r\n\tmp = p+smp*4; if(mp > X.Sz()+1-ord-1-3) return;\r\n\tmaxd = X.Sz()+1-mp;\r\n\tvar ic = 0; //heuristic time\r\n\tfor(i=0; i < smp; i++,p+=4) {\r\n\t\tif(!ValidSmpParams(p)) ic++; if(ic > 1) return re('!badsmpparams');\r\n\t\tcura = X.U16(p+2); dif = cura-orda; if(!isWithin(dif, 1, maxd)) return re('!bad cura-orda');\r\n\t}\r\n\tfor(i=0; i < ord; i++,p++) if(!isWithin(X.U8(p), 1,31)) return re('!badpos');\r\n\tif(X.U8(p)) return re('!badordendmarker');\r\n\tj = ptna-p-1;\r\n\tif((ornp-j) % 2 || (smpp-j) % 2) return re('!odd orna or smpa');\r\n\torda -= j; if(orda % 2) return re('!odd orda');\r\n\tsz = X.U16(orda-2)+0x60-j;\r\n\tif(sz <= orda) return re('!size<=orda');\r\n\treturn true;\r\n}\r\nif(!bDetected && isFLS()) {\r\n\tsName = \"Amadeus Voxon/Flash Inc.'s Flash Tracker module (.FLS)\"; bDetected = 1;\r\n\tif(X.isVerbose()) {\r\n\t\tsOption('ord:'+ord+' ptn:'+ptn+' smp:'+smp+' orn:'+orn+' sz:'+outSz(sz))\r\n\t}\r\n}\r\n\r\n\r\n\r\n//the following signature detectors seem shaky to me [Kae] so they're heuristic and in parallel\r\n//use _setResult(TYPE, NAME, VERSION, OPTIONS)\r\n\r\nif(X.isHeuristicScan()) { //parallel block\r\n\r\n\t// Let's start with just judging by the extensions:\r\n\tif(extIs(\"imf\") || extIs(\"wlf\")) { //a detector is quite impossible to produce...\r\n\t\tif(extIs(\"imf\"))\r\n\t\t\tfreq = \"560Hz (or 280Hz if Duke Nukem II)\";\r\n\t\telse\r\n\t\t\tfreq = \"700Hz\";\r\n\t\t_setResult(\"~audio\",\"id/Apogee Music Format chiptune (.IMF)\",\"\",\"freq: \"+freq);\r\n\t}\r\n\telse if(extIs(\"svar\") && X.c(\"'PK'\")) { //TODO detect in-zip\r\n\t\t_setResult(\"~audio\",\"SVArTracker module (.SVAR)\",\"\",\"\");\r\n\t}\r\n\r\n\t//these are compares at 0, so they can be non-parallel, to optimise it all\r\n\tif(X.c(\"8400\")) {\r\n\t\tif(X.U8(2) == 0xF0) sversion = \"adv.\"; else sversion = \"\";\r\n\t\t_setResult(\"~audio\",\"Sierra Adlib chiptune (.SCI)\",sversion,\"\")\r\n\t}\r\n\telse if(X.c(\"1C52\")) {\r\n\t\t_setResult(\"~audio\",\"Sound Interface System module (.LEM)\",\"\",\"\")\r\n\t}\r\n\telse if(X.c(\"'NED'\")) {\r\n\t\t_setResult(\"~audio\",\"Nerd Tracker ][ module (.NED)\",\"\",\"\")\r\n\t}\r\n\telse if(X.c(\"'MODU'\"))\r\n\t\t_setResult(\"~audio\",\"NovoTrade Packer module (.NTP)\",\"\",X.isVerbose()?X.SA(4,16):'');\r\n\telse if((X.c(\"'Ice!'\") || X.c(\"'ICE!'\"))) {\r\n\t//TODO find a sanity check to narrow it down, then move it to the other sanities\r\n\t\tdsize = X.U32(8,_BE);\r\n\t\t_setResult(\"~audio\",\"Atari ST module (.SND,.SNDH)\",\"compressed\",X.isVerbose()? \"orig.sz:\"+dsize+\" sz:\"+outSz(X.U32(4,_BE)): '')\r\n\t}\r\n\r\n\tfunction isVortex1() {\r\n\t\t//ref https://ay.strangled.net/Ay_Emul30alpha11.src.7z / Formats.pas\r\n\t\t// & https://f.rdw.se/AY-3-8910-datasheet.pdf\r\n\t\thdr = X.SA(0,2);\r\n\t\tif(['AY','YM','ay','ym'].indexOf(hdr) < 0 || X.U8(2) > 6) return false;\r\n\t\thasyear = ['AY','YM'].indexOf(hdr) < 0; yr = 0;\r\n\t\tif(hasyear) {\r\n\t\t\tyr = X.U16(0xA,_LE);\r\n\t\t\tif(yr && (yr < 1980 || yr > 2050)) return false;\r\n\t\t}\r\n\t\tunpsz = X.U32(hasyear?0xC:0xA,_LE);\r\n\t\tif(unpsz < 2 || unpsz > 0xA00000) return false; // maxsize set a bit up from enlight '97 megamix.vtx\r\n\t\tchipfrq = X.U32(5,_LE); if(chipfrq < 800000 || chipfrq > 4000000) return false; //2M would be ok\r\n\t\tintfrq = X.U8(9);\r\n\t\treturn true\r\n\t}\r\n\tif(isVortex1()) {\r\n\t\tif(!X.U8(2)) sversion = \"1ch\"; else sversion = \"2ch\";\r\n\t\tswitch (hdr) {\r\n\t\t\tcase 'AY': case 'ay': sversion += \" AY-3-8910/12\"; break;\r\n\t\t\tcase 'YM': case 'ym': sversion += \" YM2149\"; break;\r\n\t\t\tdefault: sversion += \" unk.chip\" // never reached\r\n\t\t}\r\n\t\tif(X.isVerbose()) {\r\n\t\t\tp=hasyear?0x10:0x0E; t = X.SC(p,Math.min(256,X.Sz()-p),'CP1251'); sOptionT(t);\r\n\t\t\tp+=t.length+1; a = X.SC(p,Math.min(256,X.Sz()-p),'CP1251'); sOptionT(a,\"by:\");\r\n\t\t\tp+=a.length+1; if(hasyear) {\r\n\t\t\t\tif(yr) sOption(yr,\"'\");\r\n\t\t\t\tpr = X.SC(p,Math.min(256,X.Sz()-p),'CP1251'); p+=pr.length+1;\r\n\t\t\t\tsOptionT(pr,\"for:\");\r\n\t\t\t\ttn = X.SA(p,Math.min(256,X.Sz()-p)); sOptionT(tn,\"in:\"); p+=tn.length+1;\r\n\t\t\t\tc = X.SA(p,Math.min(256,X.Sz()-p)); sOptionT(c); //p+=c.length+1;\r\n\t\t\t}\r\n\t\t\tsOption((X.U8(2)&7).toString(2).padStart(3,'0'),\"mode:\");\r\n\t\t\tsOption(chipfrq,\"chip freq:\",\"Hz\"); sOption(intfrq,\"int.freq:\",\"kHz\")\r\n\t\t\tt = Util.div64(unpsz,intfrq*14); sOption(\"time:\"+secondsToTimeStr(t));\r\n\t\t\tloop = X.U16(3,_LE); if(loop) sOption(loop,\"loop:\");\r\n\t\t}\r\n\t\t_setResult(\"~audio\",\"Vortex Project chiptune (.VTX)\",sversion,sOptions); sOptions = \"\"\r\n\t}\r\n\r\n\r\n\tfunction isMXDRVPDX() {\r\n\t\t// the format is very very very basic so FPs happen\r\n\t\t//and it's not possible to test more\r\n\t\t//the first bytes until the first sample starts are a table of addresses and sizes of the samples\r\n\t\t// (if the address is 0 just skip it),\r\n\t\t// then the samples go. That's all.\r\n\t\t// the table can be tons of bytes long, much longer than the max reasonable 800h\r\n\t\tif(X.Sz() < 0x300 || X.Sz() > 0x4000+0xFFFFFF) return false;\r\n\t\tsz = en = 0; var oldendp = nonzeroaddr = -1, smpst = 0xFFFFFFFF, ptrs = []; sus = 0; bad = '';\r\n\t\tfor(i=0; i*8 < (smpst == 0xFFFFFFFF? 0x300: Math.min(smpst,X.Sz())); i++) {\r\n\t\t\tvar p = X.U32(i*8,_BE), s = X.U32(i*8+4,_BE);\r\n\t\t\tif(!p) continue;\r\n//if(p < i*8) _l2r('pdx',p,i+'*8 is higher?!');\r\n\t\t\tif(p < i*8 || s > 0xFFFFF) return false;\r\n\t\t\tif(nonzeroaddr < 0) nonzeroaddr = i;\r\n\t\t\tif(smpst > p && p >= 0x300) smpst = p;\r\n\t\t\toldendp = p+s; ptrs.push([p,s]);\r\n\t\t\ten++;\r\n\t\t\tif(p+s > sz) sz = p+s\r\n\t\t}\r\n\t\tif(!en || findGaps(ptrs,2).length > 4) return false;\r\n\t\tptrs = ptrs.sort(function (a, b) { if(a[0] != b[0]) return a[0]-b[0]; else return a[1]-b[1] });\r\n//if(ptrs[0][0] % 8 || !isWithin(ptrs[0][0],0x300,0x4000)) _l2r('pdx',i*8,'!smpst='+Hex(ptrs[0][0]));\r\n\t\tif(ptrs[0][0] % 8 || !isWithin(ptrs[0][0],0x300,0x4000)) return false;\r\n\r\n//_l2r('pdx',sz,outArray(findGaps(ptrs,2),16))\r\n\t\treturn true\r\n\t}\r\n\tif(isMXDRVPDX()) {\r\n\t\tsversion = ''; if(sz > X.Sz() && !X.isVerbose()) bad += '!short';\r\n\t\tif(bad.length) sversion = sversion.appendS('malformed'+bad+(sus?'sus'+sus:''),'/');\r\n\t\t_setResult(\"~audio\",\"Konami's MXDRV PCM resource (.PDX)\", sversion,\r\n\t\t\tX.isVerbose()? 'entries:'+en+' sz:'+outSz(sz): '')\r\n\t}\r\n\r\n\r\n\tfunction isKDM() {\r\n\t\t// ref http://advsys.net/ken/kdmsongs.zip/KDMSRC.ZIP/kdmwin/KDMENG.C\r\n\t\tif(X.Sz() < 12) return false;\r\n\t\tif(X.U32(0,_LE)) return false; //kdmversionum\r\n\t\tnumnotes = X.U32(4,_LE); if(!numnotes || numnotes > 8192) return false;\r\n\t\tnumtracks = X.U32(8,_LE); if(!numtracks || numtracks > 256) return false;\r\n\t\tsz = 12+numtracks*4+numnotes*11;\r\n\t\tif((sz != X.Sz()) && (sz != X.Sz()+numnotes)) return false;\r\n\t\treturn true\r\n\t}\r\n\tif(isKDM()) {\r\n\t\tif(sz > X.Sz()) sversion = \"no panning effects\"; else sversion = \"\";\r\n\t\t_setResult(\"~audio\",\"Ken Silverman's Digital Music module (.KDM)\",sversion,X.isVerbose()? \"trk:\"+numtracks+\" notes:\"+numnotes: '');\r\n\t}\r\n\r\n\r\n\tfunction isDigitalStudio() {\r\n\t\t//ref https://bitbucket.org/zxtune/zxtune/src/develop/src/formats/chiptune/digital/digitalstudio.cpp\r\n\t\tif(X.Sz() < 111104) return false;\r\n\t\tlp = X.U8(0); if(lp > 63) return false;\r\n\t\tptn = 0;\r\n\t\tfor(i = 1; i < 100; i++) { pt = X.U8(i); if(pt > 0x1F) return false; if(pt > ptn) ptn = pt } ptn++;\r\n\t\ttmp = X.U8(0x64); ord = X.U8(0x65); if(!ord || ord > 100) return false; if(lp > ord) return false;\r\n\t\ttitle = X.readBytes(0x66,28); for(i=0; i < 28; i++) if(title[i] < 0x20 || title[i] > 0x7F) return false;\r\n\t\ttitle = decEncoding(title,CPSpeccy);\r\n\t\tcompiled = !isAllZeroes(0xC8,0x38); allsmp = smp4bit = 0;\r\n\t\tsmps = [];\r\n\t\tfor(p=0x100; p < 0x200; p += 0x10) {\r\n\t\t\tvar sst = X.U16(p), stlp = X.U16(p+2), spage = X.U8(p+4), sninbank = X.U8(p+5), ssz = X.U16(p+6);\r\n\t\t\tfor(i=8; i < 16; i++) if(X.I8(p+i) < 0x20) return false;\r\n\t\t\tt = decAnsi(p+8,8,CPSpeccy,false).trim(); if(t != '') smps.push(t)\r\n\t\t}\r\n\r\n\t\treturn true;\r\n\t}\r\n\tif(isDigitalStudio()) {\r\n\t\tsname = \"Underground Systems Digital Studio module (.DST)\";\r\n\t\tsversion = compiled?'compiled':'';\r\n\t\tif(X.isVerbose()) {\r\n\t\t\tsOptionT(title); sOptionT(smps.filter(funSampleName).join(' '),'smp/msg:\"','\"');\r\n\t\t\tsOption('ord:'+ord+' ptn:'+ptn+(lp?' loop:'+lp:'')+' page0:'+X.U8(0x200)+' sz:'+outSz(compiled?0x1C200:0x1B200))\r\n\t\t\tsoption = sOptions; sOptions = ''\r\n\t\t} else soption = '';\r\n\t\t_setResult(\"~audio\",sname,sversion,soption)\r\n\t}\r\n\r\n\r\n\tfunction isExtremeTrackerZX() {\r\n\t\t//from https://bitbucket.org/zxtune/zxtune/src/develop/src/formats/chiptune/digital/extremetracker1.cpp\r\n\t\tif(X.Sz() < 112640) return false;\r\n\t\tif((lp = X.U8(0)) > 63) return false;\r\n\t\tif((tmp = X.U8(1)) < 3 || tmp > 0xF) return false;\r\n\t\tif((ord = X.U8(2)) > 64) return false;\r\n\t\ttitle = X.readBytes(3,30); for(i=0; i < 30; i++) if(title[i] < 0x20 || title[i] > 0x7F) return false;\r\n\t\ttitle = decEncoding(title,CPSpeccy);\r\n\t\tptn = 0;\r\n\t\tfor(p = 0x22; p < 0x86; p++) { if((pt = X.U8(p)) > 0x1F) return false; if(pt > ptn) ptn = pt } ptn++;\r\n\t\tfor(; p < 0xA6; p++) { var ps = X.U8(p); if(ps < 4 || ps > 0x40) return false }\r\n\t\tvar qstvw = [0x51,0x53,0x54,0x56,0x57];\r\n\t\tfor(i=0; p < 0xBA; i++, p += 4) {\r\n\t\t\tif(X.U8(p) > 0x7C) return false; if(X.U8(p+1) != qstvw[i]) return false;\r\n\t\t\tif(X.U8(p+2) && X.U8(p+2) < 0x84) return false; if(X.U8(p+3) > 0x10) return false\r\n\t\t}\r\n\t\tvar sus = 0; for(p=0xBC; p < 0xCB; p++) if(X.U8(p)) sus++; if(sus > 3) return false;\r\n\t\tvar sig = X.readBytes(0xCB,0x35,true); if(charStat(sig,true).indexOf('allasc') <= 0) return false;\r\n\t\tif(X.U8(0xFF)) return false;\r\n\t\tsmps = [];\r\n\t\tfor(p = 0x100; p < 0x200; p+= 0x10) {\r\n\t\t\tif(qstvw.indexOf(X.U8(p+4)) < 0) return false;\r\n\t\t\tif(X.U8(p+5) > 0x10) return false; if(X.U8(p+6) > 0x7C) return false;\r\n\t\t\tt = X.readBytes(p+8,8); for(i=0; i < 8; i++) if(t[i] < 0x20 || t[i] > 0x7F) return false;\r\n\t\t\tt = decEncoding(title,CPSpeccy).trim(); if(t != '') smps.push(t)\r\n\t\t}\r\n\t}\r\n\tif(isExtremeTrackerZX()) {\r\n\t\tsname = \"Red Limited's Extreme Tracker module (.ET1)\";\r\n\t\tif(X.isVerbose()) {\r\n\t\t\tsOptionT(title); sOptionT(smps.filter(funSampleName).join(' '),'smp/msg:\"','\"');\r\n\t\t\tsOption('tmp0:'+tmp+' ord:'+ord+' ptn:'+ptn+(lp?' loop:'+lp:'')+' sz:'+outSz(112640))\r\n\t\t\tsoption = sOptions; sOptions = ''\r\n\t\t} else soption = '';\r\n\t\t_setResult(\"~audio\",sname,sversion,soption)\r\n\t}\r\n\r\n\r\n\tfunction isMON() {\r\n\t\tif(!X.c(\"4EFA....4EFA....4EFA\")) return false;\r\n\t\tvar t = X.U16(2,_BE); if (t > X.Sz() - 10) return false;\r\n\t\treturn X.c(\"4BFA.... 08AD 0000\",t+2)\r\n\t}\r\n\tif(isMON())\r\n\t\t_setResult(\"~audio\",\"Jeroen 'WAVE' Tel & Charles Deenen's Maniacs of Noise module (.MON)\",\"\",\"\")\r\n\r\n\r\n\tfunction isJHSTSMP() {\r\n\t\tif(X.Sz() < 0x80) return false;\r\n\t\toldp = smp = 0;\r\n\t\tfor(i = 0; i < 0x80; i += 8) {\r\n\t\t\tp = X.U16(i,_BE); if(p > X.Sz()) return false;\r\n\t\t\tif(p) { if(p < oldp) return false; oldp = p; smp++ }\r\n\t\t\tif(!X.c(\"0010 01000000\",i+2) && !X.c(\"0000 00000000\",i+2)) return false;\r\n\t\t}\r\n\t\tif(smp < 8) return false; // I only saw files with at least 10\r\n\t\treturn true\r\n\t}\r\n\tif(isJHSTSMP()) _setResult(\"~audio\",\"Jochen 'Mad Max' Hippel's Atari ST sample set (SMP.set)\",\"\",\r\n\t\t\tX.isVerbose()? \"smp:\"+smp+\" sz:\"+outSz(oldp): '')\r\n\r\n\r\n\tfunction isV2M() {\r\n\t\t//ref https://github.com/farbrausch/fr_public/blob/master/v2/v2mplayer.cpp ::InitBase\r\n\t\t//with kind commentary from Tammo \"kb\" Hinrichs\r\n\t\tnotes = chs = 0;\r\n\t\tif(X.Sz() < 480) return false;\r\n\t\ttimediv = X.U32(0,_LE); if(!timediv || [0x60,0x80,480].indexOf(timediv) < 0) return false; //empirical\r\n\t\tmaxtime = X.U32(4); if(!maxtime) return false;\r\n\t\tgdnum = X.U32(8); if(!gdnum) return false;\r\n\t\tp = 12+10*gdnum; var pcs = pbs = ccs = 0;\r\n\t\tfor(ch=0; ch < 16; ch++) {\r\n\t\t\tnotenum = X.U32(p); p += 4; notes += notenum;\r\n\t\t\tif(notenum > 1000000) return false; // nobody'll write a million-note synth epic, will they @_@\r\n\t\t\tif(notenum) { chs++;\r\n\t\t\t\tp += 5*notenum; if(p > X.Sz()) return false;\r\n\t\t\t\tpcnum = X.U32(p); pcs += pcnum; p += 4+4*pcnum; //pgm change events\r\n\t\t\t\tpbnum = X.U32(p); pbs += pbnum; p += 4+5*pbnum; //pitch bends\r\n\t\t\t\tfor(cn=0; cn < 7; cn++) {\r\n\t\t\t\t\tccnum = X.U32(p); ccs += ccnum; p += 4+4*ccnum; //control changes\r\n\t\t\t\t}\r\n\t\t\t}\r\n\t\t\tif(p > X.Sz()) return false;\r\n\t\t}\r\n\t\tif(!notes || ccs > notes*50 || pbs > notes*3 || pcs > notes*3 || maxtime < notes) { //*50 & 3 are arbitrary\r\n//_l2r('V2M',p,'notes:'+notes+' pcs:'+pcs+' pbs:'+pbs+' ccs:'+ccs)\r\n\t\t\treturn false }\r\n\t\tsize = X.U32(p); if(size > 0x4000) return false; //globals\r\n\t\tp += 4+size; if(p > X.Sz()) return false;\r\n\t\tsize = X.U32(p); if(size > 0x100000) return false; //patchmap\r\n\t\tp += 4+size; if(p > X.Sz()) return false;\r\n//_l2r('V2M',p,'speech -> '+Hex(p+4+X.U32(p)))\r\n\t\tspsize = X.U32(p); p += 4; if(spsize < 0x2000) {\r\n\t\t\tfor(i=p+4,q=X.U32(p)*4,t=Math.min(X.Sz,p+4+q); i < t; i+=4) if(!isWithin(X.U32(i), q, p-4+spsize)) return false;\r\n\t\t\tp += spsize //speech size -- except tons of files are shorter than that, so we'll read the pointers!\r\n\t\t}\r\n\t\tsz = p; return true;\r\n\t}\r\n\tif(!bDetected && X.isDeepScan() && isV2M()) {\r\n\t\tsName = \"farbrausch V2 Synthesizer module (.V2M)\"; bDetected = 1;\r\n\t\tif(X.isVerbose())\r\n\t\t\tsOptions = 'ch:'+chs+' notes:'+notes+' timediv:'+timediv+' maxtime:'+maxtime\r\n\t\t\t\t+(spsize?' syn.speech':'')+' sz:'+outSz(sz);\r\n\t}\r\n\r\n\r\n\tfunction isTwinTeam() {\r\n\t\tif(!X.c(\"01000000\", 0x06) || X.Sz() < 1500 || X.Sz() > 9000 || X.calculateEntropy(12,1200) < 7.8)\r\n\t\t\treturn false; //a quick check because that's a lot of algo\r\n\t\t//ideally, get the checks from https://github.com/adplug/adplug/blob/master/src/dmo.cpp\r\n\t\treturn true\r\n\t}\r\n\tif(isTwinTeam()) {\r\n\t\t_setResult(\"~audio\",\"TwinTeam's Twin Trackplayer module (.DMO)\",\"\",X.isVerbose()?'unp.sz:'+X.U16(0xC):'')\r\n\t}\r\n\r\n\r\n\tfunction isVoices_8() { //this is a WIP until someone manages to test the tracker without it freezing up on I/O\r\n\t\tsoption = ''; smp = ptn = smpsz = 0;\r\n\t\tfor(i=0; i < 0x20; i++) {\r\n\t\t\tif(charStat(t=X.readBytes(i*0x20,0x10),1).indexOf('allxsc') < 0) return false;\r\n\t\t\tvar c = t.indexOf(0); if(!c) continue; if(c < 0) return false;\r\n\t\t\tfor(j=15; j > c && !t[j];) j--; if(j > c) return false;\r\n\t\t\tvar ssz = X.U32(i*0x20+0x14,_BE); if(ssz) { smpsz += ssz; smp++ }\r\n\t\t\t}\r\n\t\ttmp0 = X.U8(0x480); ord = X.U8(0x481); if(!smpsz || !tmp0 || tmp0 > 0xF || !ord || ord > 0x80) return false;\r\n\t\tfor(i=0; i < ord; i++) if((t=X.U8(0x482+i)+1) > ptn) ptn = t; if(ptn > 32) return false;\r\n\t\tfor(; i < 128; i++) if(X.U8(0x482+i)) return false; sz = 0x502+ptn*0x800+smpsz;\r\n\t\tif(X.Sz() < sz) return false;\r\n\t\tsoption = 'tmp0:'+tmp0+' ord:'+ord+' ptn:'+ptn+' smp:'+smp+' sz:'+outSz(sz);\r\n\t\treturn true\r\n\t}\r\n\tif(isVoices_8())\r\n\t\t_setResult(\"~audio\",\"SHINING 8's Voices_8/8CHNL Soundtracker module\",'',X.isVerbose()?soption:'')\r\n\r\n\r\n\tfunction isHSC() {\r\n\t\t//ref https://github.com/libxmp/libxmp/blob/master/src/bitrot/loaders/hsc_load.c\r\n\t\t// & https://github.com/libxmp/libxmp/raw/refs/heads/master/docs/formats/hsc.txt\r\n\t\tif(X.Sz() < 1587+1152 || X.Sz() > 59187+1) return;\r\n\t\tif(isAllZeroes(0,127*12)) return;\r\n\t\tp = t = ic = 0;\r\n\t\t//a heuristic run on lots of HSCs dictates these things:\r\n\t\tconst\r\n\t\t rangesb01 = [[0x0A,0x0D], [0x17,0x0E], [0x23,0x26], [0x29,0x2D], [0x3A,0x3F], [0x45,0x50],\r\n\t\t\t[0x5A,0x5E], [0x69,0x6B], [0x75,0x77], [0x7A,0x7D], [0x83,0x85], [0x89,0x8A], [0xB3,0xBF], [0xD3,0xDF], [0xFA,0xFE]],\r\n\t\t rangesb2 = [[0x1B,0x1C], [0x21,0x2F], [0x34,0x3E], [0x41,0x47], [0x49,0x54], [0x5A,0x5E], [0x66,0x72],\r\n\t\t\t[0x75,0x7F], [0x81,0x87], [0x89,0xBF], [0xC9,0xCF], [0xD1,0xDF]],\r\n\t\t rangesb3 = [[0x2B,0x2E],, [0x36,0x3E], [0x45,0x4C], [0x51,0x57], [0x59,0x67], [0x69,0x6C], [0x6E,0x71], [0x76,0x80],\r\n\t\t\t[0x88,0x8F], [0x9D,0xAF], [0xB1,0xBF], [0xC1,0xC9], [0xCB,0xCF]],\r\n\t\t rangesb4 = [[1,5], [7,0x10], [0x15,0x1E], [0x27,0x2C], [0x39,0x3E], [0x45,0x4F], [0x57,0x5F], [0x69,0x6D], [0x8A,0x8E],\r\n\t\t\t[0x9A,0x9F], [0xAC,0xB0], [0xB9,0xBF], [0xC7,0xD1], [0xD7,0xDF], [0xE8,0xEF], [0xFA,0xFD]],\r\n\t\t rangesb5 =[[1,0xF], [0x19,0x1E], [0x27,0x2E], [0x37,0x3F], [0x49,0x4F], [0x58,0x5F], [0x6A,0x6E], [0x78,0x7F], [0x89,0x8F],\r\n\t\t\t[0x9A,0x9F], [0xAC,0xAE], [0xBA,0xC6], [0xC9,0xD2], [0xD5,0xE3], [0xEA,0xEE], [0xFA,0xFC]],\r\n\t\t rangesb6 = [[0xA,0xE], [0x1B,0x1E], [0x24,0x26], [0x37,0x3A], [0x3C,0x3F], [0x49,0x4E], [0x5A,0x60], [0x6B,0x6E],\r\n\t\t\t[0x7C,0x7E], [0x80,0x83], [0x8A,0x90], [0x9A,0xA1], [0xA7,0xAF], [0xB1,0xC6], [0xC8,0xCD], [0xCF,0xDC], [0xDE,0xE0],\r\n\t\t\t[0xE2,0xE6], [0xE8,0xED]],\r\n\t\t rangesb7 = [[0xC,0xE], [0x19,0x1E], [0x27,0x2E], [0x39,0x41], [0x59,0x5E], [0x6A,0x6E], [0x79,0x7F], [0x8A,0x95],\r\n\t\t\t[0x9A,0xA5], [0xAB,0xC6], [0xCA,0xCD], [0xD1,0xDE], [0xE0,0xED]],\r\n\t\t rangesb8 = [[0x12,0x15], [0x17,0x1F], [0x23,0x36], [0x38,0x3F], [0x41,0x4D], [0x4F,0x51], [0x5A,0x60], [0x62,0x68],\r\n\t\t\t[0x6A,0x6D], [0x6F,0x7E], [0x80,0x93], [0x95,0xF5]],\r\n\t\t rangesb9 = [[0x10,0x17], [0x19,0x40], [0x42,0x60], [0x65,0x68], [0x6A,0x76], [0x7A,0x90], [0x92,0xB1]],\r\n\t\t rangesbA = [[0x10,0x1C], [0x21,0x2F], [0x31,0x42], [0x49,0x54], [0x56,0x5D], [0x60,0x6D], [0x6F,0x72],\r\n\t\t\t[0x74,0x88], [0x78A,0x98]],\r\n\t\t rangesbB = [[0xA,0xF], [0x12,0x1F], [0x21,0x2F], [0x31,0x36], [0x38,0x3F], [0x45,0x56], [0x58,0x5F], [0x61,0x66],\r\n\t\t\t[0x68,0x6F], [0x78,0x7F], [0x81,0x96], [0x9A,0xEF], [0xF1,0xFE]];\r\n\r\n\t\tfor(i=0,m=X.isDeepScan()?127:16; i < m; i++,p+=12) {\r\n\t\t\tt = X.U8(p); if(isWithinRanges(t, rangesb01) || isWithin(t, 0xA5,0xB1)) ic++;\r\n\t\t\tt = X.U8(p+1); if(isWithinRanges(t, rangesb01) || isWithin(t, 0x92,0xA7)) ic++;\r\n\t\t\tt = X.U8(p+2); if(t >= 0xE1 || isWithinRanges(t, rangesb2)) ic++;\r\n\t\t\tt = X.U8(p+3); if(t >= 0xD1 || isWithinRanges(t, rangesb3)) ic++;\r\n\t\t\tt = X.U8(p+4); if(isWithinRanges(t, rangesb4)) ic++;\r\n\t\t\tt = X.U8(p+5); if(isWithinRanges(t, rangesb5)) ic++;\r\n\t\t\tt = X.U8(p+6); if(isWithinRanges(t, rangesb6)) ic++;\r\n\t\t\tt = X.U8(p+7); if(isWithinRanges(t, rangesb7)) ic++;\r\n\t\t\tt = X.U8(p+8); if(t >= 0xF7 || isWithinRanges(t, rangesb8)) ic++;\r\n\t\t\tt = X.U8(p+9); if(t >= 0xB3 || isWithinRanges(t, rangesb9)) ic++;\r\n\t\t\tt = X.U8(p+0xA); if(t >= 0x9A || isWithinRanges(t, rangesbA)) ic++;\r\n\t\t\tt = X.U8(p+0xB); if(isWithinRanges(t, rangesbB)) ic++;\r\n\t\t\tif(ic > 2) return\r\n\t\t}\r\n\t\t//test the orderlist:\r\n\t\tptn = ord = x = 0;\r\n//_logIt('@'+Hex(p)+' testing ords='+outArray(X.readBytes(0x600,0x33), 16))\r\n\t\tif(X.U8(0x600) > 0xB1) return;\r\n\t\tvisited = []; for(i=0; i < 0x32; i++) visited[i] = false; // prep for the loops\r\n\t\tfor(p=0x600; p < 0x633; p++) {\r\n\t\t\tif(visited[p-0x600]) break; visited[p-0x600] = true;\r\n\t\t\tif(isInside(t, 0x31,0x80)) t = 0xFF; //pattern out of range = end song\r\n\t\t\tif((t = X.U8(p)) > 0xB1) break; //rainyday.hsc doesn't have FF\r\n\t\t\telse if((t & 0x80) && t <= 0xB1) { //løøps\r\n\t\t\t\tt &= 0x3F; t += 0x600;\r\n//_logIt('@'+Hex(p)+' -=loop=-')\r\n\t\t\t\tif(t > 0x632 || X.U8(t) > 0xB1 || t == p) { if(debug>0)_logIt('@'+Hex(p)+', t:'+Hex(t)+' :: '+Hex(X.U8(t))); return; }\r\n\t\t\t\telse p = 0x600+t-1;\r\n\t\t\t}\r\n\t\t\telse if(t & 0x80) ic++; else { if(ptn < t) ptn = t; ord++ }\r\n\t\t}\r\n\t\tfor(q=0x632; q > 0x600; q--) if(X.U8(q) == 0xFF) break;\r\n//_logIt('ord:'+ord+' ptn:'+ptn+' last:'+Hex(X.U8(p)))\r\n\t\tif(!ord || !ptn && X.U8(p) != 0xFF) return; if(!x) x++;\r\n\t\tptn++; if(ptn > 50) return; //test number of patterns\r\n\t\tp = 0x633; sz = p + ptn*0x480;\r\n\t\tvar safeptns = 0;\r\n\t\tfor(i=0; i < ptn*0x240 && safeptns < 100; i++) { // just test a hundred patterns to be safe and sure it's a HSC\r\n\t\t\tn = X.U8(p++); m = X.U8(p++);\r\n\t\t\tif(n || m) {\r\n\t\t\t\t//the same heuristic run on lots of HSCs says these things too:\r\n\t\t\t\tif(n >= 0xCA || isWithinRanges(n, [[0x62,0x7E], [0x81,0x8F], [0x91,0xC8]])) return;\r\n//_logIt('@'+Hex(p-2)+' n is within range')\r\n\t\t\t\tif(isWithinRanges(m, [[0x38,0x43], [0x45,0x51], [0x56,0x5F], [0x69,0x80], [0x82,0x88], [0x8A,0x9B],\r\n\t\t\t\t [0x9D,0x9F], [0xAA,0xAE], [0xD7,0xDD], [0xDF,0xE6], [0xE8,0xEF], [0xF9,0xFE]])) return;\r\n//_logIt('@'+Hex(p-1)+' m is within range')\r\n\t\t\t\tif(isWithin(m, 7,0xF)) if(n != 0x80 /*fmtrk2.hsc should be valid*/) {\r\n\t\t\t\t\tif(n != 0) /*return;*/ ic++; //2.hsc starts with a single broken n = 14h\r\n\t\t\t\t\t} //test effects 07..0F\r\n//_logIt('@'+Hex(p-2)+' test1 passed')\r\n\t\t\t\tif(isWithin(m, 0x70,0x9F)) { //test effects 7x..9x\r\n\t\t\t\t\tif(m != 0x81 && m != 0x89) return; //rainyday.hsc should be valid\r\n\t\t\t\t\tic++;\r\n//_logIt('@'+Hex(p-2)+\" test2 IC'ed -> \"+ic)\r\n\t\t\t\t}\r\n\t\t\t\tif(ic > 20) return;\r\n\t\t\t\tsafeptns++;\r\n\t\t\t}\r\n\t\t}\r\n//\t\tif(sz > X.Sz()) return;\r\n\t\t//if(sz%2) sz++; // all HSC files are word-aligned like it were Amiga, but it aint. Not sure whether to include\r\n\t\tif(ic) bad = '!ic'+ic;\r\n\t\treturn true\r\n\t}\r\n\tif(isHSC()) {\r\n\t\t\tvar soption = ''; if(X.isVerbose()) {\r\n\t\t\tif(x > 1) soption = '×'+x;\r\n\t\t\tsoption = soption.appendS('ord:'+ord+' ptn:'+ptn+' sz:'+outSz(sz),', ')\r\n\t\t}\r\n\t\t_setResult(\"~audio\",\"Hannes Seifert's HSC Adlib Composer/ECR HSC-Tracker module (.HSC)\",(bad.length?'malformed'+bad:''),soption)\r\n\t}\r\n\r\n\r\n\tfunction isFMX() {\r\n\t\tif(X.Sz() < Math.max(X.U16(0x1E),0x30)) return false;\r\n\t\tch = 0; var t;\r\n\t\tfor(i=oldp=0; i < 0x10; i++) {\r\n\t\t\tif(!isWithin(t = X.U16(i*2), Math.max(0x30,oldp),X.Sz())) return false;\r\n\t\t\tif(i && X.U8(t-1) != 0x80) return false;\r\n\t\t\tif(X.U8(t) != 0x80) ch++;\r\n\t\t\toldp = t\r\n\t\t}\r\n\t\treturn true\r\n\t}\r\n\tif(isFMX()) _setResult(\"~audio\",\"K.Ohshima's FMX chiptune (.FMX)\",'',X.isVerbose()?'ch:'+ch:'');\r\n\r\n\r\n\r\n// these are HEAVY as well as heuristic, so they must come last\r\n\tfunction isGYM() {\r\n\t\tif(X.Sz() < 0x160) return;\r\n\t\t_gyminfo = parseMDGYM(0, X.isDeepScan()? BCParseToEoF: BCParseToReasonable);\r\nif(debug>0)_logIt('gym?'+outArray(_gyminfo,16))\r\n\t\tif(_gyminfo[0] < 0) return;\r\n\t\treturn true\r\n\t}\r\n\tif(isGYM()) _setResult(\"~audio\", \"Sega Genesis/Mega Drive YM2612 chiptune (.GYM)\", \"headerless\",\r\n\t\tX.isDeepScan() ? \"notes:\" + _gyminfo[0] + \" sz:\"+outSz(_gyminfo[1]) : \"\");\r\n\r\n\tfunction isOPMLog() { // the headerless one's nooooot easy to check\r\n\t\tif(X.Sz() < 0x160) return;\r\n\t\tvar tmr;\r\nif(debug>0){ tmr = new CheckpointTimer(); tmr.init(300); }\r\n\t\t_cyminfo = parseYM2151RegLog(0, X.isDeepScan()? BCParseToEoF: BCParseToReasonable);\r\nif(debug>0)tmr.next('OPM (.cym) parsed');\r\nif(debug>0)_logIt('cym?'+outArray(_cyminfo,16));\r\n\t\tif(_cyminfo[0] < 0) return;\r\n\t\treturn true\r\n\t}\r\n\tif(!X.isOverlay() && isOPMLog()) _setResult(\"~audio\",\"YM2151 OPM/Callus chiptune (.CYM)\",\"headerless\",\r\n\t\tX.isDeepScan() ? \"notes:\" + _cyminfo[0] + \" sz:\"+outSz(_cyminfo[1]) : \"\");\r\n\r\n\tfunction isAdlibLog() {\r\n\t\tif(X.Sz() < 0x160) return;\r\n\t\tvar tmr;\r\nif(debug>0){ tmr = new CheckpointTimer(); tmr.init(300); }\r\n\t\t_opl2info = parseYM3812RegLog(0, X.isDeepScan()? BCParseToEoF: BCParseToReasonable);\r\nif(debug>0)tmr.next('OPM (.cym) parsed');\r\nif(debug>0)_logIt('cym?'+outArray(_cyminfo,16));\r\n\t\tif(_opl2info[0] < 0) return;\r\n\t\treturn true\r\n\t}\r\n\tif(!X.isOverlay() && isAdlibLog()) _setResult(\"~audio\",\"YM3812/OPL2/Ad Lib chiptune\",\"headerless\",\r\n\t\tX.isDeepScan() ? \"notes:\" + _opl2info[0] + \" sz:\"+outSz(_opl2info[1]) : \"\")\r\n\r\n} //isHeuristicScan parallel block\r\n\r\n\treturn result();\r\n}\r\n/* beautify ignore:end */\r\n" }, { "path": "db/Binary/audio_8svx.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: KDSS-Research\n\nmeta(\"audio\", \"8SVX\");\n\nfunction detect() {\n if (Binary.compare(\"'FORM'\")) {\n if (Binary.findString(0, Binary.getSize(), \"BODY\") != -1 && Binary.findString(0, Binary.getSize(), \"FORM\") != -1 && Binary.findString(0, Binary.getSize(), \"ANNO\") != -1) {\n bDetected = true;\n }\n }\n\n return result();\n}" }, { "path": "db/Binary/audio_ACM.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: Kaens TG@kaens\n\nmeta(\"audio\", \"Interplay ACM waveform audio (.ACM)\");\n\nfunction detect() {\n //from https://github.com/dtiefling/snd2acm-portable/blob/master/src/general.h\n if (!File.compare(\"97280301\") || File.getSize() < 0x10) return false;\n var smp = File.read_uint32(4),\n ch = File.read_uint16(8),\n r = File.read_uint16(0xA);\n\n if (!smp || !isWithin(ch, 1, 2) || !isWithin(r, 6000, 49716)) return false;\n bDetected = true;\n if (Binary.isVerbose()) {\n var sr = (r / 1000).toFixed(1);\n sOption('ch: ' + ch + ' s/r: ' + sr + 'kHz len: ' + secondsToTimeStr(Util.divu64(smp + (r >> 1), r * ch)));\n }\n\n return result();\n}" }, { "path": "db/Binary/audio_ADX.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: Kaens (TG@kaens)\n\nmeta(\"audio\", \"CRI Middleware's ADX 4-bit ADPCM stream (.ADX,.ADP)\");\n\nfunction detect() {\n //from https://wiki.multimedia.cx/index.php/CRI_ADX_file\n // & https://github.com/vgmstream/vgmstream/blob/master/src/meta/adx.c\n if (!X.c(\"8000\")) return false;\n if (!isWithin(p=X.U16(2,_BE)+4, 0x14, X.Sz())) return false;\n if (!X.c(\"'(c)CRI'\",p-6)) return false;\n fmt = X.U8(4);\n if ([2,3,4].indexOf(fmt) < 0) return false;\n if (X.U8(5)%0x12 || X.U8(6) != 4) return false; //frame size 12h (rarely a multiple thereof), 4 bit per sample only\n if ((ch=X.U8(7)) > 8) return false;\n nV = X.U8(0x12);\n// if ([3,4,5].indexOf(nV) < 0) return false;\n bDetected = 1;\n sVersion = \"\";\n switch(nV) {\n case 3: sVersion = \"v3\"; break;\n case 4: sVersion = \"v4\"; break;\n case 5: sVersion = \"v4NL\"\n }\n switch(fmt) {\n case 2: sVersion += \" fixed-coefficient\"; break;\n case 4: sVersion += \" exponential-scale\";\n }\n if(X.U8(0x13) > 0) sVersion += \" encrypted\";\n if(X.isVerbose()) {\n sOption(X.U8(7)+'ch '+(sr=X.U32(8,_BE))+'Hz len '\n +secondsToTimeStr(((smp=X.U32(0x0C,_BE))/sr/ch).toFixed(0)));\n }\n\n return result();\n}" }, { "path": "db/Binary/audio_AHX.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: Kaens (TG@kaens)\n\nmeta(\"audio\", \"CRI Middleware's AHX ADPCM stream (.AHX)\");\n\nfunction detect() {\n //from https://github.com/vgmstream/vgmstream/blob/master/src/meta/ahx.c\n if (!X.c(\"8000\")) return false;\n if (!isWithin(p=X.U16(2,_BE)+4, 0x14, X.Sz())) return false;\n if (!X.c(\"'(c)CRI'\",p-6)) return false;\n fmt = X.U8(4);\n if ([0x10,0x11].indexOf(fmt) < 0) return false;\n if (X.U8(5) || X.U8(6)) return false; //frames and bit per sample are 0 in AHX\n if (X.U8(7) != 1) return false; //1 ch only\n if (X.U8(0x12) != 6) return false;\n bDetected = 1;\n sVersion = \"\";\n switch(fmt) {\n case 0x10: sVersion += \"+bigger frames\";\n }\n if(X.U8(0x13) > 0) sVersion += \" encrypted\";\n if(X.isVerbose()) {\n sz = X.fSig(p,TOEOF,\"'AHXE(c)CRI'\"); if(sz > 0) sz += 10;\n sOption('1ch '+(sr=X.U32(8,_BE))+'Hz len '\n +secondsToTimeStr(((smp=X.U32(0x0C,_BE))/sr).toFixed(0))+' sz:'+outSz(sz))\n }\n\n return result();\n}" }, { "path": "db/Binary/audio_AIF.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: BJNFNE \n\n// https://en.wikipedia.org/wiki/Audio_Interchange_File_Format\nmeta(\"audio\", \"AIF\");\n\nfunction detect() {\n if (Binary.compare(\"464f524d00......'AIFFCOMM'\")) {\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/Binary/audio_AU.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: Kaens TG@kaens\n\nmeta(\"audio\", \"NeXT/Sun Au waveform audio (.AU,.SND)\");\n\n/* beautify ignore:start */\nfunction detect() {\n\t//ref https://en.wikipedia.org/wiki/Au_file_format\n\t// & https://sox.sourceforge.net/AudioFormats-11.html#ss11.2\n\t// & http://soundfile.sapp.org/doc/NextFormat/soundstruct.h\n\tif (X.c(\"'.snd'\")) { tp = 'BE'; en = _BE }\n\t// all these options, but only .snd is truly still found out there so I didn't test the rest\n\telse if (X.c(\"'dns.'\")) { tp = 'LE'; en = _LE }\n\telse if (X.c(\"00'ds.'\")) { tp = 'LE-ds.DEC'; en = _LE }\n\telse if (X.c(\"'.sd'00\")) { tp = 'BE-ds.'; en = _BE }\n\telse return false;\n\tif (!isWithin(dataofs = X.U32(4, en), 0x18, X.Sz())) return false;\n\tbad = '';\n\tif (dataofs < 0x1C) bad = bad.addIfNone('!badofs'+Hex(dataofs));\n\tdatasz = X.I32(8, en);\n\tch = X.U32(0x14, en); if(!ch || ch > 0x100) return false;\n\tsr = X.U32(0x10, en); if(!sr) return false;\n\tbDetected = true;\n\tsVersion = tp; fmt = X.U32(0xC, en);\n\tif (fmt > 0x1D) sVersion = sVersion.appendS('unknown format ('+Hex(fmt)+')', '/');\n\telse sVersion = sVersion.appendS(\n\t\t[\"unspecified format\", \"8-bit G.711 μ-law\", \"8-bit linear PCM\", \"16-bit linear PCM\", \"24-bit linear PCM\",\n\t\t\"32-bit linear PCM\", \"32-bit IEEE floating point\", \"64-bit IEEE floating point\", \"Fragmented sample data\",\n\t\t\"nested format\", \"DSP program\", \"DSP 8-bit fixed-point data\", \"DSP 16-bit fixed-point data\",\n\t\t\"DSP 24-bit fixed-point data\", \"DSP 32-bit fixed-point data\", \"unknown format (0Fh)\",\n\t\t/*10*/\"Sound Kit's visual data\", \"μ-law squelch\", \"16-bit linear w/emphasis\", \"16-bit linear compressed\",\n\t\t\"16-bit linear w/emphasis compressed\", \"Music Kit DSP commands\", \"Music Kit DSP commands: samples\",\n\t\t\"ITU-T G.721 4-bit ADPCM\", \"ITU-T G.722 4-bit SB-ADPCM\", \"ITU-T G.723 3-bit SB-ADPCM\",\n\t\t\"ITU-T G.723 5-bit SB-ADPCM\", \"8-bit G.711 A-law\",\"AES\",/*1D*/\"8-bit Delta μ-law\"][fmt], '/');\n\tif (bad.length) sVersion = sVersion.appendS('malformed'+bad,'/');\n\tif (X.isVerbose()) {\n\t\tinfo = []; t = 0x18;\n\t\twhile(t < dataofs && t < X.Sz()) {\n\t\t\tif ((z = X.fSig(t, Math.min(X.Sz(),0x100,dataofs-t), \"00\")) < 0) z = dataofs;\n\t\t\ti = X.SC(t,z-t,'CP437').trim(); if(i.length) info.push(i); t = z+1\n\t\t}\n\t\tsOption(addEllipsis(info.join('; '), 0xC0), 'info:\"', '\"');\n\t\tsOption('ch:' + ch + ' s/r:' + (sr / 1000).toFixed(1) + 'kHz'+(datasz > 0? ' sz:'+outSz(dataofs+datasz): ''));\n\t}\n\n\treturn result();\n}\n/* beautify ignore:end */\n" }, { "path": "db/Binary/audio_BCSTM.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: Kae \n\nmeta(\"audio\", \"Nintendo CTR Stream (.BCSTM)\");\n\nfunction detect() {\n // ref https://www.3dbrew.org/wiki/BCSTM\n if (!X.c(\"'CSTM'FF\") && !X.c(\"'CSTM'FE\") || X.U8(5) < 0xFE) return false;\n var e = X.U8(5) == 0xFE ? _LE : _BE;\n if (!X.c(\"'INFO'\", ip = X.U32(0x18, e))) return false; ip += 0x20; // stream info ofs\n if (!X.c(\"'SEEK'\", t = 0x40 + X.U32(0x44, e)) || t != X.U32(0x24, e)) return false;\n if (!X.c(\"'DATA'\", t = t + X.U32(t + 4, e)) || t != X.U32(0x30, e)) return false;\n bDetected = true;\n sVersion = 'v' + X.U32(8, e).toString(16) + '_' + (e == 0xFE ? 'le' : 'be');\n if (X.isVerbose()) {\n var enc = X.U8(ip), senc = ['PCM8', 'PCM16', 'DSP ADPCM', 'IMA ADPCM'][enc],\n lp = X.U8(ip + 1), ch = X.U8(ip + 2), sr = X.U32(ip + 4, e);\n sOption(senc + ' ' + ch + 'ch ' + sr + 'Hz' + (lp ? ' looped' : '') + ' sz:' + outSz(X.U32(0xC, e)));\n }\n\n return result();\n}\n" }, { "path": "db/Binary/audio_BCWAV.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: Kae \n\nmeta(\"audio\", \"Nintendo Binary CTR Wave (.BCWAV)\");\n\nfunction detect() {\n //ref https://www.3dbrew.org/wiki/BCWAV\n if (!X.c(\"'CWAV'FF\") && !X.c(\"'CWAV'FE\") || X.U8(5) < 0xFE) return false;\n var e = X.U8(5) == 0xFE? _LE: _BE;\n if(!X.c(\"'INFO'\", ip=X.U32(0x18,e)) || !X.c(\"'DATA'\", X.U32(0x24,e)) || ip+X.U32(ip+4,e) != X.U32(0x24,e)) return false;\n bDetected = true;\n sVersion = 'v'+X.U32(8,e).toString(16)+'_'+(e==0xFE?'le':'be');\n if(X.isVerbose()) {\n var enc = X.U8(ip+8), senc = ['PCM8', 'PCM16', 'DSP ADPCM', 'IMA ADPCM'][enc],\n lp = X.U8(ip+9), sr = X.U32(ip+0xC,e), ch = X.U8(ip+0x1C);\n var dsz = X.U32(X.U32(0x24,e)+4,e)-8, len = '';\n switch(enc) {\n case 0: len = (dsz/sr/ch).toFixed(1).toString(); break;\n case 1: len = (dsz/sr/2/ch).toFixed(1).toString(); break;\n case 3: len = (dsz*2/sr/ch).toFixed(1).toString();\n }\n sOption(senc+' '+ch+'ch '+sr+'Hz'+(lp?' looped':'')\n +(len.length?' len '+secondsToTimeStr(len):'')+' sz:'+outSz(X.U32(0xC,e)));\n }\n\n return result();\n}\n" }, { "path": "db/Binary/audio_CXT.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: Kaens (TG @kaens)\n\nmeta(\"audio\", \"Adobe Director Protected Cast file (.CXT)\");\n\n/* beautify ignore:start */\nfunction detect() {\n\n\tconst debug = 0;\n\n\tvar\n\t\tp = 0xC, e = _BE,\n\t\tlabl = [], txts = [],\n\t\tsz = -1,\n\t\tsnds = 0, sndh = 0, snd = 0,\n\t\thksz = 4,\n\t\tend = false, checklist = [false, false, false];\n\tif (X.Sz() < 0x10) return;\n\tif(X.c(\"'RIFX'\") && [\"MV93\",\"FGDM\", \"MC95\", \"FGDC\"].includes(X.SA(8,4))) e = _BE;\n\telse if(X.c(\"'XFIR'\") && [\"39VM\",\"MDGF\", \"59CM\", \"CDGF\"].includes(X.SA(8,4))) e = _LE;\n\telse return;\n\tif((sz = 8+X.U32(4, e)) < 12) return;\n\tif(debug) var chunks = \"\";\n\twhile (p < X.Sz() && p < sz) {\n\t\thkhd = X.SA(p, 4);\n\t\thksz = X.U32(p + 4, e);\n//_l2r('cxt',p,hkhd+' ['+Hex(hksz)+']')\n\t\tif(debug) chunks += \" \" + hkhd + \" [\" + Hex(hksz) + \"] @\" + Hex(p);\n\t\tp += 8;\n\t\tif(hkhd.slice(0,3) === \"CAS\") checklist[0] = 1;\n\t\telse if(hkhd === \"KEY*\") checklist[1] = 1;\n\t\telse if(hkhd.slice(0,3) === \"snd\") checklist[2] = 1;\n\t\tswitch (hkhd) {\n\t\tcase \"sndH\": sndh++; break;\n\t\tcase \"sndS\": snds++; break;\n\t\tcase \"snd \": snd++; break;\n\t\t}\n\t\thksz += hksz & 1; //align\n\t\tp += hksz\n\t} // end of chunks\n\n\tif(!checklist[0] || !checklist[1] || !checklist[2]) return; bDetected = true;\n\tsVersion = e == _LE? \"le\": \"be\";\n\n\tif (debug) if (chunks != \"\") _l2r('rifx',0,'chunks: ['+chunks+']');\n\n\tif(X.isVerbose()) {\n\t\tsOption('snd:'+snd+' sndH:'+sndh+' sndS:'+snds+' sz:'+outSz(sz))\n\t}\n\n\treturn result();\n}\n/* beautify ignore:end */" }, { "path": "db/Binary/audio_DSS.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: Kaens (TG@kaens)\n\nmeta(\"audio\",\"\");\n\n/* beautify ignore:start */\nfunction detect() {\n\t//ref https://ffmpeg.org/doxygen/trunk/dss_8c_source.html - but the ds2 files are different with no code in sight\n\tif(X.c(\"02'dss'\") || X.c(\"03'dss'\"))\n\t\tsName = \"Digital Speech Standard audio (.DSS)\";\n\telse if(X.c(\"02'ds2'\") || X.c(\"03'ds2'\") || X.c(\"02'enc'\") || X.c(\"03'enc'\")) {\n\t\tsName = \"Digital Speech Standard Pro audio (.DS2)\";\n\t}\n\telse return false;\n\tnv = X.U8(0); v1 = X.c(\"'dss'\",1);\n\thdrsz = nv * 0x200; if(X.Sz() < hdrsz) return false;\n\ttm = X.SA(0x26,12);\n\tif(charStat(tm,1).indexOf('allnum') < 0 || !isWithin(tm.slice(2,4),'01','12') || !isWithin(tm.slice(4,6),'01','31')\n\t || !isWithin(tm.slice(6,8),'00','23') || !isWithin(tm.slice(8,10),'00','59') || !isWithin(tm.slice(10,12),'00','59'))\n\t\treturn false; // I'm not checking the year, what if this script (and indeed civilisation) survives until the 2100s!\n\ttm = '20'+tm.slice(0,2)+'-' + tm.slice(2,4)+'-' + tm.slice(4,6)\n\t\t+ ' ' + tm.slice(6,8)+':' + tm.slice(8,10)+':' + tm.slice(10,12);\n\tdur = X.SA(0x3E,6);\n\tif(charStat(dur,1).indexOf('allnum') < 0 || !isWithin(dur.slice(2,4),'00','59') || !isWithin(dur.slice(4,6),'00','59'))\n\t\treturn false;\n\tdur = dur.slice(0,2)+'h'+dur.slice(2,4)+'m'+dur.slice(4,6)+'s';\n\tauth = X.readBytes(0xC,0x10);\n\tif(charStat(auth,1).indexOf('allxsc') < 0) return false;\n\telse auth = decEncoding(auth,CP437);\n\tif(v1) switch(cn = X.U8(0x2A4)) {\n\tcase 0: co = 'DSS standard-play mode 11025Hz b/r '+(8*41*11025*512/(506*264)/1000).toFixed(3)+'k'; break;\n\tcase 2: co = 'g723.1 long-play mode 8000Hz'; break;\n\tdefault: co = 'unknown ('+Hex(cn)+')'\n\t} else {\n\t\tcn = 0; co = 'DSS standard-play mode';\n\t}\n\tif(cn == 0) asz = hdrsz+3750*(dur.slice(0,2) * 3600 + dur.slice(3,5) * 60 + dur.slice(6,8)); else asz = -1\n\tcmt = \"\";\n\tif(v1) {\n\t\tcmt = X.readBytes(0x31E,0x40);\n\t\tif(charStat(cmt,1).indexOf('allxsc') < 0) return false;\n\t\telse cmt = decEncoding(cmt,CP437)\n\t} else for(i = 0x240; i < 0x3A6; i += 60) {\n\t\tif((t = X.SC(i, 30, 'CP437').trim() + ': ' + X.SC(i+30, 30, 'CP437').trim()) != ': ') cmt = cmt.appendS(t,', ')\n\t}\n\t// TODO traverse the blocks to check the filesize\n\tbDetected = 1; sVersion = 'v'+nv; if(X.c(\"'enc'\",1)) sVersion += ' encrypted';\n\tif(X.isVerbose()) {\n \t\tsOptionT(auth,'by: '); sOption(tm,'on: '); sOption(cmt); sOption(co,'codec: '); sOption(dur,'duration: ');\n \t\tif(asz > 0) sOption('approx.filesize: '+(asz/0x100000).toFixed(2)+'M')\n \t}\n\n\treturn result()\n}\n/* beautify ignore:end */" }, { "path": "db/Binary/audio_EXA.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: Kaens (TG@kaens)\n\nmeta(\"audio\",\"Electronic Arts' EA-XA stream (.EXA)\");\n\nfunction detect() {\n // This one is built with sx.exe -sndstream %s.wav -=%s.exa\n //ref https://github.com/vgmstream/vgmstream/blob/master/src/meta/ea_schl.c\n if (X.Sz() < 0x20 || !X.c(\"'SC'\")) return false;\n var cfg = X.U16(2,_BE) << 16, sc = sr = ch = nv = pf = cd1 = cd2 = -1, bps = 16, blke = _LE, e = X.U16(4)? _LE: _BE;\n var p = 0, hksz = 0, c = 0, eof = 0;\n for (; p < X.Sz() && !eof; ) {\n var hkhd = X.SA(p,4), hksz = X.U32(p+4, e);\n if(X.c(\"'SC'\",p)) c++;\n switch (hkhd) {\n case 'SCHl':\n c++; q = p+8; pfid = X.SA(q,4);\n if (pfid !== 'GSTR' && pfid.slice(0,2) !== 'PT') { q += 4; pfid = X.SA(q,4) } //patching \"nbapsstream\"\n if(pfid === 'GSTR') { pf = 8/*generic*/; q += 4 }\n else if(pfid.slice(0,2) === 'PT') pf = X.U16(q+2,_LE);\n else return false;\n q += 4;\n function rd() { // bytecount being FF means custom data, > 4 we just skip here\n var r = 0, c = X.U8(q++); if (c == 0xFF) { q += 4+X.U32(q,_BE); return 0 } \n if (c > 4) { q += c; return 0 }\n for(; c > 0; c--) r = Util.shlu64(r,8) + X.U8(q++);\n return r\n }\n hdend = 0;\n while(!hdend && q < p+hksz && q < X.Sz()) {\n var tp = X.U8(q++);\n/* beautify ignore:start */\n switch (tp) {\n case 0: if(!hdend) rd(); break;\n case 3: case 4: case 5: case 6: case 7: case 8: case 9: case 0xA: case 0xB: case 0xC: case 0xD: case 0xE: case 0xF:\n case 0x10: case 0x11: case 0x12: case 0x13: case 0x14: case 0x15: case 0x19: case 0x1B: case 0x1C: case 0x1D:\n case 0x1E: case 0x1F: case 0x20: case 0x21: case 0x22: case 0x23: case 0x24: case 0x25: rd(); break;\n case 0xFC: case 0xFD: break; case 0x83: cd1 = rd(); break; case 0xA0: cd2 = rd(); break;\n case 0x80: nv = rd(); break; case 0x81: bps = rd(); break; case 0x82: ch = rd(); if (ch > 6) return false; break;\n case 0x84: sr = rd(); break; case 0x85: sc = rd(); break;\n case 0x86: case 0x87: /*lpst, lped(add 1)*/\n case 0x88: case 0x89: case 0x94: case 0x95: case 0xA2: case 0xA3: /*ch ofs*/\n case 0x8F: case 0x90: case 0x91: case 0xAB: case 0xAC: case 0xAD: /*dsp/n64blk coefs */\n case 0x1A: case 0x26: case 0x27: case 0x28: case 0x29: case 0x2A: /* rel lp ofs */\n case 0x8C: /* play flags */ case 0x8A: case 0x8B: case 0x8D: case 0x8E: case 0x92: case 0x93: case 0x98:\n case 0x99: case 0x9C: case 0x9D: case 0x9E: case 0x9F: case 0xA6: case 0xA7: case 0xA1:\n rd(); break;\n case 0xFF: case 0xFE:\n hdend = 1; break;\n default: return false\n }\n }\n break;\n case 'SCCl': c++; break;\n case 'SCDl': c++; break;\n case 'SCEl': c++; /*→*/ case '': case '\\xFF\\xFF\\xFF\\xFF': eof = true; break;\n }\n p += hksz || 1; //avoids accidental ∞loops\n }\n//_l2r('exa',c,' ')\n if (eof || c > 3) {\n bDetected = true;\n if ([2,3,4,6,8,9,0xE,0x10].indexOf(pf) >= 0) blke = _BE;\n if (ch <= 0) ch = 1;\n if (nv == -1)\n if (pf <= 4) nv = 0; else if (pf <= 5) nv = 1; else if (pf <= 8) nv = 2; else if (pf <= 0x14) nv = 3;\n sVersion = 'v'+nv; \n if (cd1 < 0 && nv == 0) switch (pf) { // checks from Ctrl+F \"codec1 defaults\"\n case 0: case 3: case 4: cd1 = 0; break; // PC, MAC, SAT? PCM\n case 1: cd1 = 6; break; // PSX? VAG\n case 2: cd1 = 5; break; // N64? N64 :)\n default: bad = bad.addIfNone('!badcodec1');\n }\n if (cd1 >= 0 && cd2 < 0) switch (cd1) { //converts from Ctrl+F \"codec1 to codec2\"\n case 0:\n if(pf == 0) cd2 = bps == 8? 2: (blke == _BE? 1: 0);\n else cd2 = bps == 8? 9: (blke == _BE? 7: 8);\n break;\n case 5: cd2 = 6; break; case 6: cd2 = 5; break;\n case 7: if(pf == 0 || pf == 3) cd2 = 3; else cd2 = 0xA; break;\n case 9: cd2 = 4; break;\n default: bad = bad.addIfNone('!badcodec1');\n }\n if(cd2 < 0) switch(pf) { //plaform-wise codec defaults\n case 0: case 3: case 8: case 9: case 0xA: case 0xE: cd2 = 0xA; break;\n case 1: case 5: cd2 = 5; break; case 6: cd2 = 7; break; case 7: cd2 = 8; break;\n case 0x10: case 0x14: cd2 = 0x12; break;\n default: bad = bad.addIfNone('!badcodec2');\n }\n if(sr < 0) switch(pf) {//platform-wise sample rate defaults\n case 0: case 1: case 2: case 3: case 4: case 5: case 0xA: sr = 22050; break;\n case 6: case 7: sr = 24000; break;\n case 0x10: case 0x14: sr = 32000; break;\n case 9: case 0xE: sr = 44100; break;\n case 8: sr = 48000; break;\n default: bad = bad.addIfNone('!badsmprate');\n }\n/* beautify ignore:end */\n if(!isWithin(pf,0,0x14)) sVersion += '#unk.platform';\n else sVersion += '#'+['PC', 'Sony Playstation', 'Nintendo 64', 'MAC', 'Sega Saturn', 'Sony Playstation 2',\n 'Nintendo Gamecube/Wii', 'Microsoft Xbox', 'Generic', 'Microsoft X360', 'Sony PSP',\n 'pc-eaac', 'x360-eaac', 'psp-eaac', 'Sony Playstation 3', 'ps3-eaac', 'Nintendo Wii', 'wii-eaac', 'pc64-eaac',\n 'mobile-eaac', 'Nintendo 3DS'][pf];\n // small letters mean unused, you don't expect to see those\n sVersion += blke == _LE? '/le': '/be'; if(blke != e) sVersion += '/file'+(e == _LE? '_le': '_be');\n var codecs2 = ['S16LE_INT','S16BE_INT','S8_INT','EA-XA_INT','MT10','VAG','N64','S16BE','S16LE','S8','EA-XA',\n 'u8_int','cdxa','ima_int','layer1','Layer2','Layer3',,'GCADPCM','s24le_int','XboxADPCM','s24be_int','MT5',\n 'EALayer3','xas0_int','ealayer3_int','ATRAC3','ATRAC3+'],\n senc = isWithin(cd2,0,0x1B)? codecs2[cd2]: cd2<0? '': 'SND10';\n if (X.isVerbose()) {\n sOption((senc.length?'codec:'+senc+' ':'')+ch+'ch '+sr+'Hz'+(bps>0?' '+bps+'bit':'')\n +' len '+secondsToTimeStr((sc/sr).toFixed(0))+' sz:'+outSz(p));\n }\n }\n\n return result();\n}" }, { "path": "db/Binary/audio_FLAC.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: Kaens \n\nmeta(\"audio\", \"FLAC waveform audio (.FLAC)\");\n\nfunction detect() {\n //ref https://xiph.org/flac/format.html#format_overview\n if (!File.compare(\"'fLaC'\")) return;\n end = 0; p = 4; hk = hks = malformed = \"\";\n ch = rate = bps = smp = smplen = sz = xa = xna = 0; seekt = -1;\n while (!end && p < File.getSize()) {\n t = File.read_uint8(p); if (p == 5 && (t & 0xFF)) return;\n last = t & 0x80; mdbt = t & 0x7F; mdsz = File.read_uint24(p + 1, _BE);\n p += 4;\n switch (mdbt) {\n case 0: hk = \"STREAMINFO\";\n minb = File.read_uint16(p, _BE), maxb = File.read_uint16(p + 2, _BE),\n minf = File.read_uint24(p + 4, _BE), maxf = File.read_uint24(p + 7, _BE);\n if (minb < 16 || maxb > 65535 || minb > maxb) malformed += \"!badblksz\";\n br = new BitReader(p + 10, _BE);\n rate = br.read(20); ch = 1 + br.read(3); bps = 1 + br.read(5);\n smp = br.read(36); smplen = smp / rate;\n break;\n case 1: hk = \"PADDING\"; break;\n case 2: hk = \"APP\"; s = File.read_ansiString(p, 4);\n switch (s) { //from https://xiph.org/flac/id.html on 2024-02-20\n case \"ATCH\": hk += \":Flacfile\"; break;\n case \"BSOL\": hk += \":beSolo\"; break;\n case \"BUGS\": hk += \":Bugs Player\"; break;\n case \"Cues\": hk += \":GoldWave\"; break;\n case \"Fica\": hk += \":CUE Splitter\"; break;\n case \"Ftol\": hk += \":flac-tools\"; break;\n case \"MOTB\": hk += \":MOTB MetaCzar\"; break;\n case \"MPSE\": hk += \":MP3 Stream Editor\"; break;\n case \"MuML\": hk += \":MusicML\"; break;\n case \"RIFF\": hk += \":Sound Devices RIFF c.s\"; break;\n case \"SFFL\": hk += \":Sound Font FLAC\"; break;\n case \"SONY\": hk += \":Sony Creative Software\"; break;\n case \"SQEZ\": hk += \":flacsqueeze\"; break;\n case \"TtWv\": hk += \":TwistedWave\"; break;\n case \"UITS\": hk += \":UITS Embedding tools\"; break;\n case \"aiff\": hk += \":FLAC AIFF c.s\"; break;\n case \"imag\": hk += \":flac-image file\"; break;\n case \"peem\": hk += \":Parseable Embedded Extensible Metadata\"; break;\n case \"qfst\": hk += \":QFLAC Studio\"; break;\n case \"riff\": hk += \":FLAC RIFF c.s (OpenMPT?)\"; break;\n case \"tune\": hk += \":TagTuner\"; break;\n case \"w64 \": hk += \":FLAC Wave64 chunks\"; break;\n case \"xbat\": hk += \":XBAT\"; break;\n case \"xbat\": hk += \":xmcd\"; break;\n default: hk += \":<\" + s + \">\"\n }\n break;\n case 3: hk = \"SEEKTABLE\"; seekt = p; hk += \"#\" + Math.floor(mdsz, 18); break;\n case 4: hk = \"VORBIS_COMMENT\";\n break;\n case 5: hk = \"CUESHEET\";\n xa = xna = 0; trkn = File.read_uint8(p + 0x18B); u = p + 0x18C;\n for (i = 0; i < trkn; i++) {\n u += 0x15; if (File.read_uint8(u++) & 0x80) xna++; else xa++;\n u += 0x0D; u += 12 * File.read_uint8(u++);\n }\n break;\n case 6: hk = \"PICTURE\"; break;\n case 0x7F: end = 1; hk = \"frames\"; break;\n default: hk = \"unknown\" + Hex(mdbt)\n }\n if (hk != \"frames\") hks = hks.append(\"[\" + hk + \"]\");\n p += mdsz; if (last) end = 1;\n }\n if (sz < p) sz = p;\n t = p + (smp * bps * ch >> 3); if (sz < t) sz = t; _log(\"t:\" + t)\n if (seekt >= 0) for (i = 0; i < mdsz / 18; i++) {\n smpn = File.read_uint64(seekt + i * 18, _BE);\n seek = p + File.read_uint64(seekt + 8 + i * 18, _BE);\n st = seek + (File.read_uint16(seekt + 16 + i * 18, _BE) * bps * ch >> 3);\n if (sz < st) sz = st\n }\n end = 0;\n if (!smp && File.isDeepScan())\n while (!end && p < File.getSize()) {\n end = 1\n // TODO. Or not to do, this is the question >__> But prolly do; no other way to always find filesize\n }\n if (malformed) sVersion += malformed;\n bDetected = 1;\n if (Binary.isVerbose()) {\n sOption(Math.floor(smplen / 60) + \":\" + (Math.floor(smplen) % 60).padStart(2, '0'));\n if (xa > 1 || xna) sOption(\"x\" + xa + \"+\" + xna); //audio and non-audio tracks\n sOption(hks);\n sOption(rate + \"Hz ch:\" + ch + \" bps:\" + bps);//+\" sz:\"+sz);\n if (minb === maxb) sOption(\"fixed-size stream\");\n }\n\n return result();\n}\n" }, { "path": "db/Binary/audio_FSB.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: LinXP\n// Status: WIP\n\nmeta(\"audio\", \"FMOD Sample Bank (.FSB)\");\n\nfunction detect() {\n if (Binary.getSize() >= 0x24) {\n if (Binary.compare(\"'FSB'..\")) {\n var nSamples, nExtVer, nMode;\n var sID = Binary.getString(0, 4);\n sVersion = sID;\n bDetected = true;\n switch (sID) {\n case \"FSB1\":\n nSamples = Binary.read_int32(0x04);\n break;\n\n case \"FSB2\":\n nSamples = Binary.read_int32(0x04);\n break;\n\n case \"FSB3\":\n nSamples = Binary.read_int32(0x04);\n nExtVer = Binary.read_int32(0x10);\n nMode = Binary.read_int32(0x14);\n break;\n\n case \"FSB4\":\n nSamples = Binary.read_int32(0x04);\n nExtVer = Binary.read_int32(0x10);\n nMode = Binary.read_int32(0x14);\n break;\n\n case \"FSB5\":\n nSamples = Binary.read_int32(0x08);\n nExtVer = Binary.read_int32(0x10);\n nMode = Binary.read_int32(0x18);\n switch (nMode) {\n case 0x01:\n sOption(\"PCM8\");\n break; // 8bit integer PCM data.\n case 0x02:\n sOption(\"PCM16\");\n break; // 16bit integer PCM data.\n case 0x03:\n sOption(\"PCM24\");\n break; // 24bit integer PCM data.\n case 0x04:\n sOption(\"PCM32\");\n break; // 32bit integer PCM data.\n case 0x05:\n sOption(\"PCMFLOAT\");\n break; // 32bit floating point PCM data.\n case 0x06:\n sOption(\"GCADPCM\");\n break; // Compressed Nintendo 3DS/Wii DSP data.\n case 0x07:\n sOption(\"IMA ADPCM\");\n break; // Compressed IMA ADPCM data.\n case 0x08:\n sOption(\"VAG\");\n break; // Compressed PlayStation Portable ADPCM data.\n case 0x09:\n sOption(\"HEVAG\");\n break; // Compressed PSVita ADPCM data.\n case 0x0A:\n sOption(\"XMA\");\n break; // Compressed Xbox360 XMA data.\n case 0x0B:\n sOption(\"MP3\");\n break; // Compressed MPEG layer 2 or 3 data.\n case 0x0C:\n sOption(\"CELT\");\n break; // Compressed CELT data.\n case 0x0D:\n sOption(\"AT9\");\n break; // Compressed PSVita ATRAC9 data.\n case 0x0E:\n sOption(\"XWMA\");\n break; // Compressed Xbox360 xWMA data.\n case 0x0F:\n sOption(\"VORBIS\");\n break; // Compressed Vorbis data.\n case 0x10:\n sOption(\"FADPCM\");\n break;\n case 0x11:\n sOption(\"OPUS\");\n break;\n default:\n bDetected = false;\n }\n break;\n\n default:\n bDetected = false;\n }\n sOption(\"Samples:\" + nSamples);\n }\n\n }\n\n return result();\n}\n" }, { "path": "db/Binary/audio_HMI.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: BJNFNE \n\n// https://moddingwiki.shikadi.net/wiki/Human_Machine_Interfaces_MIDI_Format\nmeta(\"audio\", \"Human Machine Interfaces\");\n\nfunction detect() {\n if (Binary.compare(\"'HMI-MIDISONG061595'0000000000000000000000000000000000000000ff00ffffffffff01\")) {\n sVersion = \"2.0\";\n sOptions = \"MIDI\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/Binary/audio_OGG.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: BJNFNE \n\n// https://file-recovery.com/ogg-signature-format.htm\nmeta(\"audio\", \"Vorbis\");\n\nfunction detect() {\n if (Binary.compare(\"'OggS'00020000000000000000\")) {\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/Binary/audio_PAF.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: BJNFNE \n// Created with Audiacity\n\n// https://www.filetypeadvisor.com/extension/paf\nmeta(\"audio\", \"Ensoniq PARIS (.PAF)\");\n\nfunction detect() {\n if (Binary.compare(\"20'paf'00000000000000000000AC44\")) {\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/Binary/audio_PVF.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: BJNFNE \n// Created with Audiacity\n\n// https://fileinfo.com/extension/pvf\nmeta(\"audio\", \"Portable Voice Format (.PVF)\");\n\nfunction detect() {\n if (Binary.compare(\"'PVF'\")) {\n var freq = Binary.getString(7, 5).trim();\n\n if (/^[0-9]{5}/.test(freq)) {\n if (X.isVerbose()) sVersion = freq;\n bDetected = true;\n }\n\n }\n\n return result();\n}" }, { "path": "db/Binary/audio_RIFF-IMA.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: Kae \n\n// https://github.com/vgmstream/vgmstream/blob/master/src/meta/riff_ima.c\nmeta(\"audio\", \"Nintendo DS RIFF IMA-ADPCM stream (.STRM,.BIN,.LBIN)\");\n\nfunction detect() {\n if (X.c(\"'RIFF'\") && X.c(\"'IMA '\", 8) && X.U32(0xC) && X.U32(4) >= 0x2D) {\n bDetected = true;\n\n if (X.isVerbose()) {\n var ch = X.U32(0x24), len = Util.divu64((X.U32(4) - 0x2C) << 8, X.U16(0xC)) >> 8;\n\n sOption(\n 'ch:' + ch + ' len ' + secondsToTimeStr(len) + ' s/r:' + X.U32(0xC) + 'Hz ' +\n ['not looped', 'looped'][+(X.U32(0x20) != 0)] + ' sz:' + outSz(X.U32(4))\n );\n }\n }\n\n return result();\n}\n" }, { "path": "db/Binary/audio_SOU.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: BJNFNE \n\n// https://wiki.scummvm.org/index.php/SCUMM/Technical_Reference/Sound_resources#v5-v6_-_MONSTER.SOU\nmeta(\"audio\", \"SOU\");\n\nfunction detect() {\n if (Binary.compare(\"'SOU'2000000000\")) {\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/Binary/audio_STRM.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: Kae \n\n// https://github.com/Gota7/NitroStudio2/blob/master/docs/specs/stream.md\nmeta(\"audio\", \"Nintendo DS multi-channel stream (.STRM)\");\n\nfunction detect() {\n if ((!X.c(\"'STRM'FE\") && !X.c(\"'STRM'FF\")) || X.U8(4) == X.U8(5) || X.U8(5) < 0xFE || !X.c(\"'HEAD'\", 0x10)) return;\n var e = X.U8(4) == 0xFF ? _LE : _BE, dp = 0x10 + X.U32(0x14, e);\n if (X.U8(0x19) > 1 || dp > X.Sz()) return;\n if (!X.c(\"'DATA'\", dp) || X.U32(0x28, e) != dp + 8 || X.U32(8, e) != dp + X.U32(dp + 4, e)) return;\n\n bDetected = true;\n\n sVersion = ['PCM8s', 'PCM16', 'IMA-ADPCM'][X.U8(0x18)] + '/' + (e == _LE ? 'le' : 'be');\n if (X.isVerbose()) {\n var ch = X.U8(0x1A), len = (X.U32(0x24, e) / X.U16(0x1C, e)).toFixed(0);\n sOption(\n 'ch:' + ch + ' len ' + secondsToTimeStr(len) +\n ' s/r:' + X.U16(0x1C, e) + 'Hz ' + ['not looped', 'looped'][X.U8(0x19)] + ' sz:' + outSz(X.U32(dp + 4, e) + dp)\n );\n }\n\n return result();\n}\n" }, { "path": "db/Binary/audio_STRM.2.sg", "content": "// Detect It Easy: detection rule file\n// Author: Kae \n\nmeta(\"audio\", \"José Ramón 'Gryzor87' García/Abylight's Nintendo 3DS stream (.STRM)\");\n\nfunction detect() {\n //ref https://github.com/Gota7/NitroStudio2/blob/master/docs/specs/stream.md\n if (!X.c(\"'STRM'E8030000\") || !X.U32(0x10) || X.U32(0x18) < 0x1F || (sz=X.U32(0x10)) != X.U32(0x18)) return;\n bDetected = true;\n if (X.isVerbose()) {\n const m = Math.min(sz, X.Sz());\n var sr = X.U32(8), len = 0;\n if (X.isDeepScan()) for(p=0x1E; p < m; len++) { // parse AAC to count samples\n var fsy = (X.U16(p,_BE) >> 4) & 0xFFF,\n fsz = (X.U32(p+2,_BE) >> 5) & 0x1FFF;\n if(fsy != 0xFFF || fsz <= 8) break;\n p += fsz\n }\n if(p < m) sVersion = 'malformed!badAAC';\n len = (len * 1024 / sr).toFixed(0);\n sOption((len?'len '+secondsToTimeStr(len)+' ':'')+'s/r:'+sr+'Hz'+' sz:'+outSz(0x1E+sz))\n }\n\n return result();\n}\n" }, { "path": "db/Binary/audio_ShockwaveAudio.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: BJNFNE \n\n// https://preservation.tylerthorsted.com/2023/08/04/shockwave-audio/\nmeta(\"audio\", \"Shockwave Audio\");\n\nfunction detect() {\n if (Binary.compare(\"000001..00000003\")) {\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/Binary/audio_TUN.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: BJNFNE \n// Used by Lego Racers\n\n// https://fileinfo.com/extension/tun\nmeta(\"audio\", \"TUN\");\n\nfunction detect() {\n if (Binary.compare(\"'ALP'\")) {\n var soundOption = Binary.getString(8, 5).trim();\n\n if (/^[A-Z]{5}$/.test(soundOption)) {\n if (X.isVerbose()) sOptions = soundOption;\n bDetected = true;\n }\n }\n\n return result();\n}" }, { "path": "db/Binary/audio_VOC.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: Kaens TG@kaens\n\nmeta(\"audio\", \"Creative (Sound Blaster) Voice waveform (.VOC)\");\n\n/* beautify ignore:start */\nfunction detect() {\n\t//from https://sourceforge.net/p/sox/code/ci/master/tree/src/voc.c\n\tbad = '';\n\tif (!X.c(\"'Creative Voice File'1A\"))\n\t\tif (X.c(\"'Creative Voice File'..1A\")) bad = bad.addIfNone('!bad1Asig');\n\t\telse return false;\n\tnV = X.U16(0x16); if ((((~nV) + 0x1234) & 0xFFFF) != X.U16(0x18)) return false; //version validation\n\tcodec = '';\n\tfunction getCodec(bCodec) {\n\t\tswitch (bCodec) {\n\t\t\tcase 0: codec = '8-bit uPCM'; break;\n\t\t\tcase 1: codec = 'Creative 8 to 4-bit ADPCM'; break;\n\t\t\tcase 2: codec = 'Creative 8 to 3-bit ADPCM'; break;\n\t\t\tcase 3: codec = 'Creative 8 to 2-bit ADPCM'; break;\n\t\t\tcase 4: codec = '16-bit sPCM'; break;\n\t\t\tcase 5: codec = 'CCITT a-Law'; break;\n\t\t\tcase 6: codec = 'CCITT u-Law'; break;\n\t\t\tcase 0x2000: codec = 'Creative 16 to 4-bit ADPCM'; break;\n\t\t\tdefault: codec = \"invalid codec \" + Hex(bCodec)\n\t\t}\n\t\treturn codec\n\t}\n\tsV = nV.toString(16).padStart(4, '0'); sVersion = 'v' + sV[1] + '.' + sV.slice(2, 4);\n\tbn = sz = -1; // block counter, expected filesize\n\textended = z = false; // \"extended info overrides\" flag, 0 (terminator) flag \n\tp = 0x1A; rate = Hz = bps = bCodec = 0; info = [];\n\twhile (p < (X.isDeepScan() ? X.Sz() : 0xFFFF) && !z) { //scan blocks\n\t\tbst = p; bhd = X.U8(p++); bn++; // block start, header byte, number\n\t\tbsz = X.U24(p); p += 3;\n\t\tat = '';// '@'+Hex(bst)+'['+bn+']: ';\n\t\tswitch (bhd) {\n\t\t\tcase 0: info.push(at + 'EoF'); p -= 3; z = true; break;\n\t\t\tcase 1: // sound data\n\t\t\t\tif (!extended) {\n\t\t\t\t\trate = 1000000 / (256 - X.U8(p));\n\t\t\t\t\tHz = rate < 100000 ? Math.round(rate) + \"Hz\" : (rate / 1000).toFixed(1) + 'kHz';\n\t\t\t\t\tbCodec = X.U8(p + 1);\n\t\t\t\t}\n\t\t\t\tinfo.push(at + 'audio data in ' + codec + ' at ' + Hz/*+' ->'+Hex(p+bsz)*/); //if extended, treat as case 2\n\t\t\t\tp += bsz;\n\t\t\t\tbreak;\n\t\t\tcase 2: // sound data continues\n\t\t\t\tp += bsz;\n\t\t\t\tbreak;\n\t\t\tcase 3: // silence\n\t\t\t\tlen = X.U16(p) + 1; rate = 1000000 / (256 - X.U8(p + 2));\n\t\t\t\tHz = rate < 100000 ? Math.round(rate) + \"Hz\" : (rate / 1000).toFixed(1) + 'kHz';\n\t\t\t\tinfo.push(at + 'silence (' + (len / rate).toFixed(2) + ' sec at ' + Hz + ')'); p += bsz; break;\n\t\t\tcase 4: // marker\n\t\t\t\tinfo.push(at + 'marker #' + X.U16(p)); p += bsz; break;\n\t\t\tcase 5: // asciiz string\n\t\t\t\ts = X.SA(p, bsz); p += bsz;\n\t\t\t\tinfo.push(at + '\"' + s + '\"'); break;\n\t\t\tcase 6:\n\t\t\t\tn = X.U16(p); p += bsz;\n\t\t\t\tinfo.push(at + (n == 0xFFFF ? 'infinite' : n) + ' repeats { '); break;\n\t\t\tcase 7: info.push(at + 'end repeat }'); break;\n\t\t\tcase 8: //extended info\n\t\t\t\tif (!extended) {\n\t\t\t\t\tchn = X.U8(p + 3) + 1;\n\t\t\t\t\trate = 256000000 / (chn * (65536 - X.U16(p)));\n\t\t\t\t\tHz = rate < 100000 ? Math.round(rate) + \"Hz\" : (rate / 1000).toFixed(1) + 'kHz';\n\t\t\t\t\tbCodec = X.U8(p + 2);\n\t\t\t\t}\n\t\t\t\textended = true; p += bsz;\n\t\t\t\tinfo.push(at + 'set to ' + getCodec(bCodec) + ' at ' + Hz + ', ' + chn + 'chn'); break;\n\t\t\tcase 9: // new-format audio data\n\t\t\t\tif (nV < 0x112) bad = bad.addIfNone('!badver');\n\t\t\t\trate = X.U32(p); if (!rate) bad = bad.addIfNone('!badrate@' + Hex(bst)); z = true; break;\n\t\t\t\tHz = rate < 100000 ? rate + \"Hz\" : (rate / 1000).toFixed(1) + 'kHz';\n\t\t\t\tbps = X.U8(p + 4);\n\t\t\t\tchn = X.U8(p + 5); bCodec = X.U16(p + 6);\n\t\t\t\tinfo.push(at + 'audio in ' + bps + 'bps ' + getCodec(bCodec) + ' at ' + Hz + ', ' + chn + 'chn '/*+'->'+Hex(bsz)*/);\n\t\t\t\tp += bsz; break;\n\t\t\tdefault: bad = bad.addIfNone('!invalidblock@' + Hex(bst)); z = true;\n\t\t}\n\t\tif (p == X.Sz()) z = true;\n\t\tif (X.isDeepScan())\n\t\t\tif (p > X.Sz()) bad = bad.addIfNone('!short'); // for ripping, we should test this in each audiodata block\n\t\t\telse sz = p\n\t}\n\tbDetected = true;\n\tif (bad != '') sVersion = sVersion.appendS('malformed' + addEllipsis(bad, 0x80, 0x40), '/')\n\tif (X.isVerbose()) {\n\t\tsOption(addEllipsis(info.join('; '), 0x200, 0x100));\n\t\tsOption(outSz(sz), 'sz:')\n\t}\n\treturn result();\n}\n/* beautify ignore:end */" }, { "path": "db/Binary/audio_WAV.1.sg", "content": "// Detect It Easy: detection rule file\r\n// Authors: Levis \r\n// Jason Hood \r\n// Kaens (TG @kaens)\r\n// ref. official RIFF WAVE format doc; vgmstream > riff.c, msadpcm_decoder.c\r\n\r\nmeta(\"audio\", \"RIFF container/WAVE file (.WAV)\");\r\n\r\n/* beautify ignore:start */\r\nfunction detect() {\r\n\r\n\tconst debug = 0;\r\n\r\n\tvar\r\n\t\tp = 0xC, e = _BE,\r\n\t\tlabl = [], txts = [],\r\n\t\tdcsamples = cue = 0,\r\n\t\tnFormat = nRate = nChannels = nBPS = 0,\r\n\t\tdur = -1, sz = -1,\r\n\t\tlp = 0,\r\n\t\tfmtsz = 0, datasz = 0,\r\n\t\thksz = 4,\r\n\t\thkhd = \"\", title = \"\", dt = \"\", by = \"\", genre = \"\", cms = \"\", cmt = \"\", cop = \"\", sft = \"\",\r\n\t\tend = false, checklist = [false, false, false];\r\n\tif (X.Sz() < 36) return;\r\n\tif(X.c(\"'RIFF'........'WAVE'\")) e = _LE;\r\n\telse if(X.c(\"'RIFX'........'WAVE'\")) e = _BE;\r\n\telse return;\r\n\tif((sz = 8+X.U32(4, e)) < 12) return;\r\n\tfunction msadpcm_check_coefs(o) { //returns new offset or -1 for a failed check\r\n\t\tconst coefs = [ [256,0], [512,-256], [0,0], [ 192,64], [240, 0], [460,-208], [392,-232] ];\r\n\t\tvar c = X.U16(o, e); if(c != 7) return -1; o += 2;\r\n\t\tfor(var i=0; i < 7; i++,o+=4) {\r\n\t\t\tvar c1 = X.I16(o, e), c2 = X.I16(o + 2, e);\r\n\t\t\tif (c1 != coefs[i][0] || c2 != coefs[i][1]) return -1;\r\n\t\t}\r\n\t\treturn o\r\n\t}\r\n\tif(sz-8 >= X.Sz() && X.c(\"'NXBF'\",0x24)) sz = X.Sz();\r\n\tif(debug) var chunks = \"\";\r\n\twhile (p < X.Sz() && p < sz) {\r\n\t\thkhd = X.SA(p, 4);\r\n\t\thksz = X.U32(p + 4, e);\r\n\t\tif(debug) chunks += \" \" + hkhd + \" [\" + Hex(hksz) + \"] @\" + Hex(p);\r\n\t\tp += 8;\r\n\t\tswitch (hkhd) {\r\n\t\t\tcase \"fmt \": checklist[0] = true; fmtsz = hksz;\r\n\t\t\t\tnFormat = X.U16(p, e);\r\n\t\t\t\tnChannels = X.U16(p + 2, e);\r\n\t\t\t\tnRate = X.U32(p + 4, e);\r\n\t\t\t\tnBlockSize = X.U16(p + 0xC, e);\r\n\t\t\t\tnBPS = X.U16(p + 0x0E, e);\r\n\t\t\t\tswitch (nFormat) {\r\n\t\t\t\tcase 0x0000: sVersion = \"Yamaha AICA ADPCM (unofficial)\";\r\n\t\t\t\t\tif(sz-4 == X.Sz()) sz -= 4; else if(sz-8 == X.Sz()) sz -= 8; else if(sz+2 == X.Sz()) sz -= 2;\r\n\t\t\t\t\tif(hksz == 0x12) hksz += 2;\r\n\t\t\t\t\tbreak;\r\n\t\t\t\tcase 0x0001: if((nBPS & 7) || !isWithin(nBPS, 8,32)) return; sVersion = \"Microsoft PCM\"\r\n\t\t\t\t\t+ (nBPS == 32? \"32_le\": nBPS == 24? \"24_le\": nBPS == 16? \"16\":\"8U\") +\" (uncompressed)\";\r\n\t\t\t\t\tbreak;\r\n\t\t\t\tcase 0x0002:\r\n\t\t\t\t\tif(nBPS == 4) { if(msadpcm_check_coefs(p+0x14) < 0) { if(debug)_l2r('wav',2,'coefs are off'); return } }\r\n\t\t\t\t\telse if(nBPS == 16 && nBlockSize == 2*nChannels && sz >= 0x14-8) sVersion = \"MS-IMA ADPCM\";\r\n\t\t\t\t\telse sVersion = \"Microsoft ADPCM\";\r\n\t\t\t\t\tbreak;\r\n\t\t\t\tcase 0x0003: if(nBPS != 32) return; sVersion = \"Microsoft IEEE float\"; break;\r\n\t\t\t\tcase 0x0004: sVersion = \"Compaq VSELP\"; break;\r\n\t\t\t\tcase 0x0005: sVersion = \"IBM CVSD\"; break;\r\n\t\t\t\tcase 0x0006: sVersion = \"ITU G.711 a-law\"; break;\r\n\t\t\t\tcase 0x0007: sVersion = \"ITU G.711 u-law\"; break;\r\n\t\t\t\tcase 0x0008: sVersion = \"Microsoft DTS\"; break;\r\n\t\t\t\tcase 0x0009: sVersion = \"DRM\"; break;\r\n\t\t\t\tcase 0x000A: sVersion = \"WMA 9 Speech\"; break;\r\n\t\t\t\tcase 0x000B: sVersion = \"Microsoft Windows Media RT Voice\"; break;\r\n\t\t\t\tcase 0x0010: sVersion = \"OKI-ADPCM\"; break;\r\n\t\t\t\tcase 0x0011: if(nBPS == 4) sVersion = \"MS-IMA ADPCM\"; else sVersion = \"Intel IMA/DVI-ADPCM\";\r\n\t\t\t\t\tif((sz-8) >> 2 == X.U32(0x30, e)) sz = X.Sz();\r\n\t\t\t\t\telse if(X.Sz()-sz-0x10 <= 0x900 && X.c(\"'cont'\",sz)) sz += 8+X.U32(sz+4, e);\r\n\t\t\t\t\tbreak;\r\n\t\t\t\tcase 0x0012: sVersion = \"Videologic Mediaspace ADPCM\"; break;\r\n\t\t\t\tcase 0x0013: sVersion = \"Sierra ADPCM\"; break;\r\n\t\t\t\tcase 0x0014: sVersion = \"Antex G.723 ADPCM\"; break;\r\n\t\t\t\tcase 0x0015: sVersion = \"DSP Solutions DIGISTD\"; break;\r\n\t\t\t\tcase 0x0016: sVersion = \"DSP Solutions DIGIFIX\"; break;\r\n\t\t\t\tcase 0x0017: sVersion = \"Dialogic OKI ADPCM\"; break;\r\n\t\t\t\tcase 0x0018: sVersion = \"Media Vision ADPCM\"; break;\r\n\t\t\t\tcase 0x0019: sVersion = \"HP CU\"; break;\r\n\t\t\t\tcase 0x001A: sVersion = \"HP Dynamic Voice\"; break;\r\n\t\t\t\tcase 0x0020: if(nBPS == 4) sVersion = \"Yamaha AICA ADPCM\"; else sVersion = \"Yamaha ADPCM\"; break;\r\n\t\t\t\tcase 0x0021: sVersion = \"SONARC Speech Compression\"; break;\r\n\t\t\t\tcase 0x0022: sVersion = \"DSP Group True Speech\"; break;\r\n\t\t\t\tcase 0x0023: sVersion = \"Echo Speech Corp.\"; break;\r\n\t\t\t\tcase 0x0024: sVersion = \"Virtual Music Audiofile AF36\"; break;\r\n\t\t\t\tcase 0x0025: sVersion = \"Audio Processing Tech.\"; break;\r\n\t\t\t\tcase 0x0026: sVersion = \"Virtual Music Audiofile AF10\"; break;\r\n\t\t\t\tcase 0x0027: sVersion = \"Aculab Prosody 1612\"; break;\r\n\t\t\t\tcase 0x0028: sVersion = \"Merging Tech. LRC\"; break;\r\n\t\t\t\tcase 0x0030: sVersion = \"Dolby AC2\"; break;\r\n\t\t\t\tcase 0x0031: sVersion = \"Microsoft GSM610\"; break;\r\n\t\t\t\tcase 0x0032: sVersion = \"MSN Audio\"; break;\r\n\t\t\t\tcase 0x0033: sVersion = \"Antex ADPCM\"; break;\r\n\t\t\t\tcase 0x0034: sVersion = \"Control Resources VQLPC\"; break;\r\n\t\t\t\tcase 0x0035: sVersion = \"DSP Solutions DIGIREAL\"; break;\r\n\t\t\t\tcase 0x0036: sVersion = \"DSP Solutions DIGIADPCM\"; break;\r\n\t\t\t\tcase 0x0037: sVersion = \"Control Resources CR10\"; break;\r\n\t\t\t\tcase 0x0038: sVersion = \"Natural MicroSystems VBX ADPCM\"; break;\r\n\t\t\t\tcase 0x0039: sVersion = \"Crystal Semiconductors IMA ADPCM\"; break;\r\n\t\t\t\tcase 0x003A: sVersion = \"Echo Speech ECHOSC3\"; break;\r\n\t\t\t\tcase 0x003B: sVersion = \"Rockwell ADPCM\"; break;\r\n\t\t\t\tcase 0x003C: sVersion = \"Rockwell DIGITALK\"; break;\r\n\t\t\t\tcase 0x003D: sVersion = \"Xebec Multimedia\"; break;\r\n\t\t\t\tcase 0x0040: sVersion = \"Antex G.721 ADPCM\"; break;\r\n\t\t\t\tcase 0x0041: sVersion = \"Antex G.728 CELP\"; break;\r\n\t\t\t\tcase 0x0042: sVersion = \"Microsoft MSG723\"; break;\r\n\t\t\t\tcase 0x0043: sVersion = \"IBM AVC ADPCM\"; break;\r\n\t\t\t\tcase 0x0045: sVersion = \"ITU-T G.726\"; break;\r\n\t\t\t\tcase 0x0050: sVersion = \"Microsoft MPEG\"; break;\r\n\t\t\t\tcase 0x0051: sVersion = \"RT23 or PAC\"; break;\r\n\t\t\t\tcase 0x0052: sVersion = \"InSoft RT24\"; break;\r\n\t\t\t\tcase 0x0053: sVersion = \"InSoft PAC\"; break;\r\n\t\t\t\tcase 0x0055: sVersion = \"MP3\"; break;\r\n\t\t\t\tcase 0x0059: sVersion = \"Cirrus\"; break;\r\n\t\t\t\tcase 0x0060: sVersion = \"Cirrus Logic\"; break;\r\n\t\t\t\tcase 0x0061: sVersion = \"ESS Tech. PCM\"; break;\r\n\t\t\t\tcase 0x0062: sVersion = \"Voxware Inc.\"; break;\r\n\t\t\t\tcase 0x0063: sVersion = \"Canopus ATRAC\"; break;\r\n\t\t\t\tcase 0x0064: sVersion = \"APICOM G.726 ADPCM\"; break;\r\n\t\t\t\tcase 0x0065: sVersion = \"APICOM G.722 ADPCM\"; break;\r\n\t\t\t\tcase 0x0066: sVersion = \"Microsoft DSAT\"; break;\r\n\t\t\t\tcase 0x0067: sVersion = \"Microsoft DSAT-DISPLAY\"; break;\r\n\t\t\t\tcase 0x0069: if(nBPS == 4) sVersion = \"XBOX IMA ADPCM\"; else sVersion = \"Voxware Byte Aligned\";\r\n\t\t\t\t\tif(sz-8 == X.Sz()) sz -= 8; else if(sz-4 == X.Sz()) sz -= 4; else if(sz+8 == X.Sz()) sz += 8;\r\n\t\t\t\t\tbreak;\r\n\t\t\t\tcase 0x0070: sVersion = \"Voxware ACB\"; break;\r\n\t\t\t\tcase 0x0071: sVersion = \"Voxware AC10\"; break;\r\n\t\t\t\tcase 0x0072: sVersion = \"Voxware AC16\"; break;\r\n\t\t\t\tcase 0x0073: sVersion = \"Voxware AC20\"; break;\r\n\t\t\t\tcase 0x0074: sVersion = \"Voxware MetaVoice\"; break;\r\n\t\t\t\tcase 0x0075: sVersion = \"Voxware MetaSound\"; break;\r\n\t\t\t\tcase 0x0076: sVersion = \"Voxware RT29HW\"; break;\r\n\t\t\t\tcase 0x0077: sVersion = \"Voxware VR12\"; break;\r\n\t\t\t\tcase 0x0078: sVersion = \"Voxware VR18\"; break;\r\n\t\t\t\tcase 0x0079: sVersion = \"Voxware TQ40\"; break;\r\n\t\t\t\tcase 0x007A:\r\n\t\t\t\t\tif(extIs('med')) {\r\n\t\t\t\t\t\tif(nBPS == 4) sVersion = \"4-bit MS-IMA ADPCM\";\r\n\t\t\t\t\t\telse if(nBPS == 3) sVersion = \"3-bit MS-IMA ADPCM\";\r\n\t\t\t\t\t\telse sVersion = \"Voxware SC3/med\"\r\n\t\t\t\t\t} else sVersion = \"Voxware SC3\"; break;\r\n\t\t\t\tcase 0x007B: sVersion = \"Voxware SC3\"; break;\r\n\t\t\t\tcase 0x0080: sVersion = \"Soundsoft\"; break;\r\n\t\t\t\tcase 0x0081: sVersion = \"Voxware TQ60\"; break;\r\n\t\t\t\tcase 0x0082: sVersion = \"Microsoft MSRT24\"; break;\r\n\t\t\t\tcase 0x0083: sVersion = \"AT&T G.729A\"; break;\r\n\t\t\t\tcase 0x0084: sVersion = \"Motion Pixels MVI-MV12\"; break;\r\n\t\t\t\tcase 0x0085: sVersion = \"DataFusion G.726\"; break;\r\n\t\t\t\tcase 0x0086: sVersion = \"DataFusion GSM610\"; break;\r\n\t\t\t\tcase 0x0088: sVersion = \"Iterated Systems Audio\"; break;\r\n\t\t\t\tcase 0x0089: sVersion = \"Onlive\"; break;\r\n\t\t\t\tcase 0x008A: sVersion = \"Multitude, Inc. FT SX20\"; break;\r\n\t\t\t\tcase 0x008B: sVersion = \"Infocom IT’S A/S G.721 ADPCM\"; break;\r\n\t\t\t\tcase 0x008C: sVersion = \"Convedia G729\"; break;\r\n\t\t\t\tcase 0x008D: sVersion = \"Congruency, Inc. (not specified)\"; break;\r\n\t\t\t\tcase 0x0091: sVersion = \"Siemens SBC24\"; break;\r\n\t\t\t\tcase 0x0092: sVersion = \"Sonic Foundry Dolby AC3 APDIF\"; break;\r\n\t\t\t\tcase 0x0093: sVersion = \"MediaSonic G.723\"; break;\r\n\t\t\t\tcase 0x0094: sVersion = \"Aculab Prosody 8kbps\"; break;\r\n\t\t\t\tcase 0x0097: sVersion = \"ZyXEL ADPCM\"; break;\r\n\t\t\t\tcase 0x0098: sVersion = \"Philips LPCBB\"; break;\r\n\t\t\t\tcase 0x0099: sVersion = \"Studer Professional Audio Packed\"; break;\r\n\t\t\t\tcase 0x00A0: sVersion = \"Maiden PhonyTalk\"; break;\r\n\t\t\t\tcase 0x00A1: sVersion = \"Racal Recorder GSM\"; break;\r\n\t\t\t\tcase 0x00A2: sVersion = \"Racal Recorder G720.a\"; break;\r\n\t\t\t\tcase 0x00A3: sVersion = \"Racal G723.1\"; break;\r\n\t\t\t\tcase 0x00A4: sVersion = \"Racal Tetra ACELP\"; break;\r\n\t\t\t\tcase 0x00B0: sVersion = \"NEC AAC NEC Corporation\"; break;\r\n\t\t\t\tcase 0x00FF: sVersion = \"AAC\"; break;\r\n\t\t\t\tcase 0x0100: sVersion = \"Rhetorex ADPCM\"; break;\r\n\t\t\t\tcase 0x0101: sVersion = \"IBM u-Law\"; break;\r\n\t\t\t\tcase 0x0102: sVersion = \"IBM a-Law\"; break;\r\n\t\t\t\tcase 0x0103: sVersion = \"IBM ADPCM\"; break;\r\n\t\t\t\tcase 0x0111: sVersion = \"Vivo G.723\"; break;\r\n\t\t\t\tcase 0x0112: sVersion = \"Vivo Siren\"; break;\r\n\t\t\t\tcase 0x0120: sVersion = \"Philips Speech Processing CELP\"; break;\r\n\t\t\t\tcase 0x0121: sVersion = \"Philips Speech Processing GRUNDIG\"; break;\r\n\t\t\t\tcase 0x0123: sVersion = \"Digital G.723\"; break;\r\n\t\t\t\tcase 0x0125: sVersion = \"Sanyo LD ADPCM\"; break;\r\n\t\t\t\tcase 0x0130: sVersion = \"Sipro Lab ACEPLNET\"; break;\r\n\t\t\t\tcase 0x0131: sVersion = \"Sipro Lab ACELP4800\"; break;\r\n\t\t\t\tcase 0x0132: sVersion = \"Sipro Lab ACELP8V3\"; break;\r\n\t\t\t\tcase 0x0133: sVersion = \"Sipro Lab G.729\"; break;\r\n\t\t\t\tcase 0x0134: sVersion = \"Sipro Lab G.729A\"; break;\r\n\t\t\t\tcase 0x0135: sVersion = \"Sipro Lab Kelvin\"; break;\r\n\t\t\t\tcase 0x0136: sVersion = \"VoiceAge AMR\"; break;\r\n\t\t\t\tcase 0x0140: sVersion = \"Dictaphone G.726 ADPCM\"; break;\r\n\t\t\t\tcase 0x0150: sVersion = \"Qualcomm PureVoice\"; break;\r\n\t\t\t\tcase 0x0151: sVersion = \"Qualcomm HalfRate\"; break;\r\n\t\t\t\tcase 0x0155: sVersion = \"Ring Zero Systems TUBGSM\"; break;\r\n\t\t\t\tcase 0x0160: sVersion = \"Microsoft Audio1\"; break;\r\n\t\t\t\tcase 0x0161: sVersion = \"Windows Media Audio V2 V7 V8 V9 / DivX audio (WMA) / Alex AC3 Audio\"; break;\r\n\t\t\t\tcase 0x0162: sVersion = \"Windows Media Audio Professional V9\"; break;\r\n\t\t\t\tcase 0x0163: sVersion = \"Windows Media Audio Lossless V9\"; break;\r\n\t\t\t\tcase 0x0164: sVersion = \"WMA Pro over S/PDIF\"; break;\r\n\t\t\t\tcase 0x0170: sVersion = \"UNISYS NAP ADPCM\"; break;\r\n\t\t\t\tcase 0x0171: sVersion = \"UNISYS NAP ULAW\"; break;\r\n\t\t\t\tcase 0x0172: sVersion = \"UNISYS NAP ALAW\"; break;\r\n\t\t\t\tcase 0x0173: sVersion = \"UNISYS NAP 16K\"; break;\r\n\t\t\t\tcase 0x0174: sVersion = \"MM SYCOM ACM SYC008 SyCom Technologies\"; break;\r\n\t\t\t\tcase 0x0175: sVersion = \"MM SYCOM ACM SYC701 G726L SyCom Technologies\"; break;\r\n\t\t\t\tcase 0x0176: sVersion = \"MM SYCOM ACM SYC701 CELP54 SyCom Technologies\"; break;\r\n\t\t\t\tcase 0x0177: sVersion = \"MM SYCOM ACM SYC701 CELP68 SyCom Technologies\"; break;\r\n\t\t\t\tcase 0x0178: sVersion = \"Knowledge Adventure ADPCM\"; break;\r\n\t\t\t\tcase 0x0180: sVersion = \"Fraunhofer IIS MPEG2AAC\"; break;\r\n\t\t\t\tcase 0x0190: sVersion = \"Digital Theater Systems DTS DS\"; break;\r\n\t\t\t\tcase 0x0200: sVersion = \"Creative Labs ADPCM\"; break;\r\n\t\t\t\tcase 0x0202: sVersion = \"Creative Labs FASTSPEECH8\"; break;\r\n\t\t\t\tcase 0x0203: sVersion = \"Creative Labs FASTSPEECH10\"; break;\r\n\t\t\t\tcase 0x0210: sVersion = \"UHER ADPCM\"; break;\r\n\t\t\t\tcase 0x0215: sVersion = \"Ulead DV ACM\"; break;\r\n\t\t\t\tcase 0x0216: sVersion = \"Ulead DV ACM\"; break;\r\n\t\t\t\tcase 0x0220: sVersion = \"Quarterdeck Corp.\"; break;\r\n\t\t\t\tcase 0x0230: sVersion = \"I-Link VC\"; break;\r\n\t\t\t\tcase 0x0240: sVersion = \"Aureal Semiconductor Raw Sport\"; break;\r\n\t\t\t\tcase 0x0241: sVersion = \"ESST AC3\"; break;\r\n\t\t\t\tcase 0x0250: sVersion = \"Interactive Products HSX\"; break;\r\n\t\t\t\tcase 0x0251: sVersion = \"Interactive Products RPELP\"; break;\r\n\t\t\t\tcase 0x0260: sVersion = \"Consistent CS2\"; break;\r\n\t\t\t\tcase 0x0270: sVersion = \"ATRAC3/Sony SCX\"; break;\r\n\t\t\t\tcase 0x0271: sVersion = \"Sony SCY\"; break;\r\n\t\t\t\tcase 0x0272: sVersion = \"Sony ATRAC3\"; break;\r\n\t\t\t\tcase 0x0273: sVersion = \"Sony SPC\"; break;\r\n\t\t\t\tcase 0x0280: sVersion = \"TELUM Telum Inc.\"; break;\r\n\t\t\t\tcase 0x0281: sVersion = \"TELUMIA Telum Inc.\"; break;\r\n\t\t\t\tcase 0x0285: sVersion = \"Norcom Voice Systems ADPCM\"; break;\r\n\t\t\t\tcase 0x0300:\r\n\t\t\t\t\tif(sz-8 == X.Sz()) sz -= 8;\r\n\t\t\t\t\tif(nBPS == 4 && nBlockSize == 0x400*nChannels && sz == 0x14-8 && nChannels == 1) sVersion = \"DVI IMA\";\r\n\t\t\t\t\telse sVersion = \"Fujitsu FM TOWNS SND\";\r\n\t\t\t\t\tbreak;\r\n\t\t\t\tcase 0x0301: sVersion = \"Fujitsu (not specified)\"; break;\r\n\t\t\t\tcase 0x0302: sVersion = \"Fujitsu (not specified)\"; break;\r\n\t\t\t\tcase 0x0303: sVersion = \"Fujitsu (not specified)\"; break;\r\n\t\t\t\tcase 0x0304: sVersion = \"Fujitsu (not specified)\"; break;\r\n\t\t\t\tcase 0x0305: sVersion = \"Fujitsu (not specified)\"; break;\r\n\t\t\t\tcase 0x0306: sVersion = \"Fujitsu (not specified)\"; break;\r\n\t\t\t\tcase 0x0307: sVersion = \"Fujitsu (not specified)\"; break;\r\n\t\t\t\tcase 0x0308: sVersion = \"Fujitsu (not specified)\"; break;\r\n\t\t\t\tcase 0x0350: sVersion = \"Micronas Semiconductors, Inc. Development\"; break;\r\n\t\t\t\tcase 0x0351: sVersion = \"Micronas Semiconductors, Inc. CELP833\"; break;\r\n\t\t\t\tcase 0x0400: sVersion = \"Brooktree Digital\"; break;\r\n\t\t\t\tcase 0x0401: sVersion = \"Intel Music Coder (IMC)\"; break;\r\n\t\t\t\tcase 0x0402: sVersion = \"Ligos Indeo Audio\"; break;\r\n\t\t\t\tcase 0x0450: sVersion = \"QDesign Music\"; break;\r\n\t\t\t\tcase 0x0500: sVersion = \"On2 VP7 On2 Technologies\"; break;\r\n\t\t\t\tcase 0x0501: sVersion = \"On2 VP6 On2 Technologies\"; break;\r\n\t\t\t\tcase 0x0555: sVersion = \"Level-5 4-bit ADPCM\"; //unofficial\r\n\t\t\t\t\tvar fsz = sz+4*(X.U16(0x16, e)-1); if (fsz < X.Sz() && X.Sz() - fsz < 0x10) sz = fsz;\r\n\t\t\t\t\tbreak;\r\n\t\t\t\tcase 0x0680: sVersion = \"AT&T VME VMPCM\"; break;\r\n\t\t\t\tcase 0x0681: sVersion = \"AT&T TCP\"; break;\r\n\t\t\t\tcase 0x0700: sVersion = \"YMPEG Alpha (dummy for MPEG-2 compressor)\"; break;\r\n\t\t\t\tcase 0x08AE: sVersion = \"ClearJump LiteWave (lossless)\"; break;\r\n\t\t\t\tcase 0x1000: sVersion = \"Olivetti GSM\"; break;\r\n\t\t\t\tcase 0x1001: sVersion = \"Olivetti ADPCM\"; break;\r\n\t\t\t\tcase 0x1002: sVersion = \"Olivetti CELP\"; break;\r\n\t\t\t\tcase 0x1003: sVersion = \"Olivetti SBC\"; break;\r\n\t\t\t\tcase 0x1004: sVersion = \"Olivetti OPR\"; break;\r\n\t\t\t\tcase 0x1100: sVersion = \"Lernout & Hauspie\"; break;\r\n\t\t\t\tcase 0x1101: sVersion = \"Lernout & Hauspie CELP\"; break;\r\n\t\t\t\tcase 0x1102: sVersion = \"Lernout & Hauspie SBC\"; break;\r\n\t\t\t\tcase 0x1103: sVersion = \"Lernout & Hauspie SBC\"; break;\r\n\t\t\t\tcase 0x1104: sVersion = \"Lernout & Hauspie SBC\"; break;\r\n\t\t\t\tcase 0x1400: sVersion = \"Norris Comm. Inc.\"; break;\r\n\t\t\t\tcase 0x1401: sVersion = \"ISIAudio\"; break;\r\n\t\t\t\tcase 0x1500: sVersion = \"AT&T Soundspace Music Compression\"; break;\r\n\t\t\t\tcase 0x181C: sVersion = \"VoxWare RT24 speech\"; break;\r\n\t\t\t\tcase 0x181E: sVersion = \"Lucent elemedia AX24000P Music\"; break;\r\n\t\t\t\tcase 0x1971: sVersion = \"Sonic Foundry LOSSLESS\"; break;\r\n\t\t\t\tcase 0x1979: sVersion = \"Innings Telecom Inc. ADPCM\"; break;\r\n\t\t\t\tcase 0x1C07: sVersion = \"Lucent SX8300P speech\"; break;\r\n\t\t\t\tcase 0x1C0C: sVersion = \"Lucent SX5363S G.723 compliant\"; break;\r\n\t\t\t\tcase 0x1F03: sVersion = \"CUseeMe DigiTalk (ex-Rocwell)\"; break;\r\n\t\t\t\tcase 0x1FC4: sVersion = \"NCT Soft ALF2CD ACM\"; break;\r\n\t\t\t\tcase 0x2000: sVersion = \"FAST Multimedia DVM\"; break;\r\n\t\t\t\tcase 0x2001: sVersion = \"Dolby DTS\"; break;\r\n\t\t\t\tcase 0x2002: sVersion = \"RealAudio 1 / 2 14.4\"; break;\r\n\t\t\t\tcase 0x2003: sVersion = \"RealAudio 1 / 2 28.8\"; break;\r\n\t\t\t\tcase 0x2004: sVersion = \"RealAudio G2 / 8 Cook (low bitrate)\"; break;\r\n\t\t\t\tcase 0x2005: sVersion = \"RealAudio 3 / 4 / 5 Music (DNET)\"; break;\r\n\t\t\t\tcase 0x2006: sVersion = \"RealAudio 10 AAC (RAAC)\"; break;\r\n\t\t\t\tcase 0x2007: sVersion = \"RealAudio 10 AAC+ (RACP)\"; break;\r\n\t\t\t\tcase 0x2500: sVersion = \"Reserved range to 0x2600 Microsoft\"; break;\r\n\t\t\t\tcase 0x3313: sVersion = \"makeAVIS (ffvfw fake AVI sound from AviSynth scripts)\"; break;\r\n\t\t\t\tcase 0x4143: sVersion = \"Divio MPEG-4 AAC audio\"; break;\r\n\t\t\t\tcase 0x4201: sVersion = \"Nokia adaptive multirate\"; break;\r\n\t\t\t\tcase 0x4243: sVersion = \"Divio G726 Divio, Inc.\"; break;\r\n\t\t\t\tcase 0x434C: sVersion = \"LEAD Speech\"; break;\r\n\t\t\t\tcase 0x564C: sVersion = \"LEAD Vorbis\"; break;\r\n\t\t\t\tcase 0x5756: sVersion = \"WavPack Audio\"; break;\r\n\t\t\t\tcase 0x674F: sVersion = \"Ogg Vorbis (mode 1)\"; break;\r\n\t\t\t\tcase 0x6750: sVersion = \"Ogg Vorbis (mode 2)\"; break;\r\n\t\t\t\tcase 0x6751: sVersion = \"Ogg Vorbis (mode 3)\"; break;\r\n\t\t\t\tcase 0x676F: sVersion = \"Ogg Vorbis (mode 1+)\"; break;\r\n\t\t\t\tcase 0x6770: sVersion = \"Ogg Vorbis (mode 2+)\"; break;\r\n\t\t\t\tcase 0x6771: sVersion = \"Ogg Vorbis (mode 3+)\"; break;\r\n\t\t\t\tcase 0x7000: sVersion = \"3COM NBX 3Com Corporation\"; break;\r\n\t\t\t\tcase 0x706D: sVersion = \"FAAD AAC\"; break;\r\n\t\t\t\tcase 0x7A21: sVersion = \"GSM-AMR (CBR, no SID)\"; break;\r\n\t\t\t\tcase 0x7A22: sVersion = \"GSM-AMR (VBR, including SID)\"; break;\r\n\t\t\t\tcase 0xA100: sVersion = \"Comverse Infosys Ltd. G723 1\"; break;\r\n\t\t\t\tcase 0xA101: sVersion = \"Comverse Infosys Ltd. AVQSBC\"; break;\r\n\t\t\t\tcase 0xA102: sVersion = \"Comverse Infosys Ltd. OLDSBC\"; break;\r\n\t\t\t\tcase 0xA103: sVersion = \"Symbol Technologies G729A\"; break;\r\n\t\t\t\tcase 0xA104: sVersion = \"VoiceAge AMR WB VoiceAge Corporation\"; break;\r\n\t\t\t\tcase 0xA105: sVersion = \"Ingenient Technologies Inc. G726\"; break;\r\n\t\t\t\tcase 0xA106: sVersion = \"ISO/MPEG-4 advanced audio Coding\"; break;\r\n\t\t\t\tcase 0xA107: sVersion = \"Encore Software Ltd G726\"; break;\r\n\t\t\t\tcase 0xA109: sVersion = \"Speex ACM Codec xiph.org\"; break;\r\n\t\t\t\tcase 0xDFAC: sVersion = \"DebugMode SonicFoundry Vegas FrameServer ACM\"; break;\r\n\t\t\t\tcase 0xF1AC: sVersion = \"Free Lossless Audio Codec FLAC\"; break;\r\n\t\t\t\tcase 0xFFFE: sVersion = \"Extensible\";\r\n\t\t\t\t\tvar guid1 = X.U32(0x20, _LE), guid2 = (X.U16(0x24, _LE) << 16) | X.U16(0x26, _LE),\r\n\t\t\t\t\t\tguid3 = X.U32(0x28,_BE), guid4 = X.U32(0x2C,_BE);\r\n\t\t\t\t\tif(guid1 == 1 && guid2 == 0x10 && guid3 == 0x800000AA && guid4 == 0x00389B71)\r\n\t\t\t\t\t\tif(nBPS == 16) sVersion += \":PCM16\";\r\n\t\t\t\t\tif(guid1 == 0xE923AABF && guid2 == 0xCB584471 && guid3 == 0xA119FFFA && guid4 == 0x01E4CE62)\r\n\t\t\t\t\t\tsVersion += \":ATRAC3+\";\r\n\t\t\t\t\tif(guid1 == 0x47E142D2 && guid2 == 0x36BA4D8D && guid3 == 0x88FC6165 && guid4 == 0x4F8C836C)\r\n\t\t\t\t\t\tsVersion += \":ATRAC9\";\r\n\t\t\t\t\tif(sz +0x18 == X.Sz()) sz += 0x18;\r\n\t\t\t\t\telse if(sz+0x38 == X.Sz()) sz += 0x38;\r\n\t\t\t\t\telse if(sz+0x40 == X.Sz()) sz -= 0x40;\r\n\t\t\t\t\tbreak;\r\n\t\t\t\tcase 0xFFFF: sVersion = \"Development\"; break;\r\n\t\t\t\tdefault: sVersion = \"Unknown:\"+Hex(nFormat,4)\r\n\t\t\t\t}\r\n\t\t\t\tbreak;\r\n\r\n\t\t\tcase \"fact\": dcsamples = X.U32(p, _LE); break; //the uncompressed (factual?) file size?\r\n\r\n\t\t\tcase \"data\": checklist[1] = true; datasz = hksz;\r\n\t\t\t\tif (nBPS && nFormat == 1 && !(nBPS % 8)) {\r\n\t\t\t\t\tvar nmSeconds = Math.round(X.U32(p - 4, e) / (nBPS >> 3) / nRate / nChannels * 10000) / 10;\r\n\t\t\t\t\tdur = new Date(nmSeconds).toISOString().substr(11, 8);\r\n\t\t\t\t}\r\n\t\t\t\tbreak;\r\n\r\n\t\t\tcase \"cue\":\r\n\t\t\t\tvar q = p + 4,\r\n\t\t\t\t\thhd = \"\", hsz = 0;\r\n\t\t\t\twhile (q < p + hksz && q < X.Sz()) {\r\n\t\t\t\t\thhd = X.SA(q, 4);\r\n\t\t\t\t\thsz = X.U32(q+4, _LE);\r\n\t\t\t\t\tq += 8;\r\n\t\t\t\t\tif(hhd == 'data') cue++;\r\n\t\t\t\t\tq += hsz + hsz & 1;\r\n\t\t\t\t}\r\n\t\t\t\tbreak;\r\n\r\n\t\t\tcase \"cmnt\":\r\n\t\t\t\tcmt = cmt.appendS(X.SC(p+2,hksz-8,'SJIS'),'\\n'); //gamerip stuff, so Japanese\r\n\t\t\t\tbreak;\r\n\r\n\t\t\tcase \"LIST\": case \"list\": // lowercase non-standard but there are such files...\r\n\t\t\t\tif([\"INFO\",\"ADTL\"].includes(X.SA(p,4).toUpperCase())) {\r\n\t\t\t\t\tvar q = p + 4,\r\n\t\t\t\t\t\thhd = \"\", hsz = 0;\r\n\t\t\t\t\twhile (q < p + hksz && q < X.Sz()) {\r\n\t\t\t\t\t\thhd = X.SA(q, 4);\r\n\t\t\t\t\t\thsz = X.U32(q+4, _LE);\r\n\t\t\t\t\t\tq += 8;\r\n\t\t\t\t\t\tswitch (hhd) {\r\n\t\t\t\t\t\t\tcase \"INAM\": title = X.SC(q,hsz,'CP1252'); break;\r\n\t\t\t\t\t\t\tcase \"IART\": by = X.SC(q,hsz,'CP1252'); break;\r\n\t\t\t\t\t\t\tcase \"ICMS\": cms = X.SC(q,hsz,'CP1252'); break;\r\n\t\t\t\t\t\t\tcase \"ICOP\": cop = X.SC(q,hsz,'CP1252'); break;\r\n\t\t\t\t\t\t\tcase \"ICRD\": dt = X.SC(q,hsz,'CP1252'); break;\r\n\t\t\t\t\t\t\tcase \"ISFT\": sft = X.SC(q,hsz,'CP1252'); break;\r\n\t\t\t\t\t\t\tcase \"IGNR\": genre = X.SC(q,hsz,'CP1252'); break;\r\n\t\t\t\t\t\t\tcase \"ICMT\": cmt = cmt.appendS(X.SC(q,hsz,'CP1252'),'\\n'); break;\r\n\t\t\t\t\t\t\tcase \"labl\": labl.push(X.SC(q+4,hsz-4,'CP1252').trim()); break;\r\n\t\t\t\t\t\t\tcase \"ltxt\": txts.push(X.SC(q+0x14,hsz-0x14, X.SA(q+0x12,2)).trim()); break;\r\n\t\t\t\t\t\t}\r\n\t\t\t\t\t\thsz += hsz & 1;\r\n\t\t\t\t\t\tq += hsz\r\n\t\t\t\t\t}\r\n\t\t\t\t}\r\n\t\t\t\tbreak;\r\n\t\t\tcase \"smpl\": lp = X.U32(p+0x1C, e); break;\r\n\t\t\tcase \"wsmp\": lp = X.U32(p+0x10, e); break;\r\n\t\t\tcase \"ctrl\": lp = (X.I32(p, e) ? 1 : 0); break;\r\n\t\t\tcase \"NXBF\": hksz = X.U32(p, e); p += 4; ch += '/'+X.U32(p+0xC, e); lp = X.I32(0x10, e) >= 0 ? 1 : 0; break;\r\n\t\t\tcase \"JUNK\": checklist[2] = true; break\r\n\t\t}\r\n\t\thksz += hksz & 1; //align\r\n\t\tp += hksz\r\n\t} // end of chunks\r\n\r\n\tif(!checklist[0] || !checklist[1]) return; bDetected = true;\r\n\tsVersion += e == _LE? \"/le\": \"/be\";\r\n\tfact = Math.round(dcsamples / 0x100000);\r\n\r\n\tfunction is_ue4_msadpcm() {\r\n\t\tif(!extIs('adpcm')) return; //TODO tighten it enough that it can tell em apart\r\n\t\tfunction is_ue4_blocks() {\r\n\t\t\tvar maxj = Math.min(10*nBlockSize, datasz);\r\n\t\t\tfor(j=0; j < maxj; j += nBlockSize) {\r\n\t\t\t\tvar coefs = X.U8(j), scale = X.U16(j+1, _LE);\r\n\t\t\t\tif(coefs > 7) return; \r\n\t\t\t\tif(nBlockSize == 0x200) { if(scale == 0x00E6 && coefs != 0) return }\r\n\t\t\t\telse if(scale > 0x4000) return\r\n\t\t\t}\r\n\t\t\treturn true\r\n\t\t}\r\n\t\tif(nChannels < 2 || fact > 0) return;\r\n\t\tif(fmtsz == 0x36 && nBlockSize != 0x200) return;\r\n\t\tif(fmtsz == 0x32 && ![0x200,0x9B,0x69].includes(nBlockSize)) return;\r\n\t\treturn true\r\n\t}\r\n\tif(nFormat == 2 && nBPS == 4 && is_ue4_msadpcm()) sVersion = sVersion.appendS('UE4','/');\r\n\r\n\tif((nFormat & 0xFF00) == 0x6700 && sz+1 == X.Sz()) sz += 1;\r\n\r\n\tif (debug) if (chunks != \"\") _l2r('riff-wave',0,'chunks: ['+chunks+']');\r\n\r\n\tif(X.isVerbose()) {\r\n\t\tsOptionT(addEllipsis(title)); sOptionT(dt, 'created: '); sOptionT(addEllipsis(by),'by: ');\r\n\t\tsOptionT(genre, 'genre: '); sOptionT(addEllipsis(sft), 's/w: '); sOptionT(addEllipsis(cms), 'cms.by: ');\r\n\t\tsOptionT(cop, '©'); sOption(addEllipsis(cmt.trim()),'cmt: \"', '\"');\r\n\t\tif(labl.length) sOptionT(addEllipsis(labl.filter(function(x){return x.length>0}).join('; ')),'labels: \"', '\"');\r\n\t\tif(txts.length) sOptionT(addEllipsis(txts.filter(function(x){return x.length>0}).join('; ')),'captions: \"', '\"');\r\n\t\tsOption('ch:' + nChannels + (nBPS ? ' ' + nBPS + '-bit' : '') + ' s/r:' + nRate + 'Hz'\r\n\t\t\t+ (dcsamples ? ' fact:' + fact + 'M' : '') //for compressed things only\r\n\t\t\t+ (dur !== -1 ? ' len: '+dur : '')\r\n\t\t\t+ (lp > 0 ? ' looped'+(lp>1?'×'+lp:'') : '')\r\n\t\t\t+' sz:'+outSz(sz));\r\n\t}\r\n\r\n\treturn result();\r\n}\r\n/* beautify ignore:end */\r\n" }, { "path": "db/Binary/audio_WEM.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: Kaens (TG @kaens)\n// ref. vgmstream > wwise.c , coding_utils.c\n\ninit(\"audio\", \"Audiokinetic Wwise RIFF (.WEM,.BNK)\");\nincludeScript(\"vgmcodingutils\");\n\n/* beautify ignore:start */\nfunction detect() {\n\n const debug = 0;\n\n var\n p = 0xC, e = _BE,\n fmtsz = fmtp = 0, xma2sz = xma2p = 0, datasz = datap = 0, vorbsz = vorbp = 0,\n wiihsz = wiihp = 0, seeksz = seekp = 0, smplsz = smplp = 0, metasz = metap = 0,\n hksz = 4,\n hkhd = \"\", title = \"\", dt = \"\", by = \"\", genre = \"\", cms = \"\", cmt = \"\", cop = \"\", sft = \"\";\n if (X.Sz() < 36) return;\n if(!X.c(\"'WAVE'\",8) && !X.c(\"'XWMA'\",8)) return;\n if(X.c(\"'RIFF'\")) e = _LE;\n else if(X.c(\"'RIFX'\")) e = _BE;\n else return;\nif(debug) var chunks = \"\";\n while (p < X.Sz()) {\n hkhd = X.SA(p, 4);\n hksz = X.U32(p + 4, e);\n p += 8;\n if(debug) chunks += \" \" + hkhd + \" [\" + Hex(hksz) + \"] @\" + Hex(p);\n switch (hkhd) {\n case \"fact\": return; //shouldn't have any\n case \"fmt \": fmtp = p; fmtsz = hksz; break;\n case \"XMA2\": xma2p = p; xma2sz = hksz; break;\n case \"data\": datap = p; datasz = hksz; break;\n case \"vorb\": vorbp = p; vorbsz = hksz; break;\n case \"WiiH\": wiihp = p; wiihsz = hksz; break;\n case \"seek\": seekp = p; seeksz = hksz; break;\n case \"smpl\": smplp = p; smplsz = hksz; break;\n case \"meta\": metap = p; metasz = hksz; break;\n default: if (p + hksz > X.Sz()) return\n }\n p += hksz\n } // end of chunks\n\n if(!datap) return;\n\n var nFormat = nRate = nChannels = nBPS = 0,\n dur = -1, sz = 8+X.U32(4, e),\n smp = xsz = chlo = chtp = 0;\n iswem = extIs('wem') || extIs('bnk'),\n info = [],\n lp = prefetch = false;\n if(xma2p) {\n nFormat = 0x165;\n info = xma2_pase_xma2_chunk(xma2p);\n nChannels = info[0]; nRate = info[1]; lp = info[2]; smp = info[3]\n }\n else {\n if(fmtsz < 0x10) return;\n nFormat = X.U16(fmtp, _LE);\n nChannels = X.U16(fmtp + 2, _LE);\n nRate = X.U32(fmtp + 4, _LE);\n nBlockSize = X.U16(fmtp + 0xC, _LE);\n nBPS = X.U16(fmtp + 0x0E, _LE);\n if (fmtsz > 0x10 && nFormat != 0x165 && nFormat != 0x166) xsz = X.U16(fmtp+0x14,_BE);\n if(xsz == 6)\n if((chlo=X.U32(p+0x14,_BE)) == nChannels) { chtp = (chlo >> 8) & 0xF; chlo >>= 12 }\n }\n if(nFormat == 0x166) {\n info = xma2_parse_fmt_chunk_extra(p, _BE);\n lp = info[0]; smp = info[1]\n }\n if(smplp && smplsz >= 34 && X.U32(p+0x1C) == 1 && X.U32(p+0x28) == 0) lp = true;\n\n switch(nFormat) {\n case 0x0001: sVersion = 'older Wwise, PCM'; prefetch = 1; break;\n case 0x0002: sVersion = 'newer Wwise IMA:platform ADPCM'; prefetch = 1;\n if(xsz == 0xC+nChannels*0x2E) sVersion += ':DSP+coefs';\n else if(xsz == 0xA && wiihp) sVersion += ':WiiH_DSP';\n else if(nBlockSize == 0x104*nChannels) sVersion += ':PTADPCM';\n break;\n case 0x0069: sVersion = 'older Wwise IMA'; prefetch = 1; break;\n case 0x0161: sVersion = 'Microsoft WMAv2'; prefetch = 1; break;\n case 0x0162: sVersion = 'Microsoft WMAPro'; prefetch = 1; break;\n case 0x0165: sVersion = 'Microsoft XMA2'; prefetch = 1; break;\n case 0x0166: sVersion = 'fmt-chunk Microsoft XMA2'; prefetch = 1; break;\n case 0x3039: sVersion = 'Opus NX'; prefetch = 1; break;\n case 0x3040: sVersion = 'Opus'; prefetch = 1; break;\n case 0x3041: sVersion = 'Wwise 2019.2.3 Opus_WEM/WW'; prefetch = 1; break;\n case 0x8311: sVersion = 'Wwise 2019.1 PTADPCM'; prefetch = 1; break;\n case 0xAAC0: sVersion = 'AAC'; break;\n case 0xFFF0: sVersion = 'DSP'; prefetch = 1; break;\n case 0xFFFB: sVersion = 'HEVAG'; break;\n case 0xFFFC: sVersion = 'ATRAC9'; prefetch = 1; break;\n case 0xFFFE: sVersion = 'PCM for Wwise Authoring'; prefetch = 1; break;\n case 0xFFFF: sVersion = 'Vorbis'; prefetch = 1; break;\n default:\n if(iswem) _setResult('audio', 'Wwise: unknown format ', Hex(nFormat, 4), ''); return\n }\n\n if(datap+datasz > X.Sz()) {\n if(datap+datasz < 0x5000 && X.Sz() > 0x10000) {\n _setResult('audio', 'Wwise: bad rip?', '' , 'datasz:'+Hex(datasz)); return;\n }\n if(prefetch) prefetch = 2; else return\n }\n\n if(nFormat == 0xFFFE && prefetch == 2 && X.c(\"'OggS'\",datap)) sVersion = 'CP2077 Opus';\n\n bDetected = true;\n sVersion += e == _LE? \"/le\": \"/be\";\n\n if(smp) {\n var nmSeconds = Math.round(smp / nRate / nChannels * 10000) / 10;\n dur = new Date(nmSeconds).toISOString().substr(11, 8);\n }\n\n if(X.isVerbose()) {\n sOption('ch:' + nChannels + (nBPS ? ' ' + nBPS + '-bit' : '') + ' s/r:' + nRate + 'Hz'\n + (dur !== -1 ? ' len: '+dur : '')\n + (lp ? ' looped': '')\n +' sz:'+outSz(sz));\n }\n\n return result();\n}\n/* beautify ignore:end */" }, { "path": "db/Binary/audio_mp3.2.sg", "content": "// Detect It Easy: detection rule file\n// Author: Jason Hood \n/*\n Ref: http://mpgedit.org/mpgedit/mpeg_format/mpeghdr.htm\n http://www.codeproject.com/Articles/8295/MPEG-Audio-Frame-Header\n*/\n\nmeta(\"audio\", \"MP3 Audio File\");\n\nincludeScript(\"duration\");\n\nvar MP3 = {\n aVersion: [\"2.5\", \"2\", \"1\"],\n aLayer: [\"III\", \"II\", \"I\"],\n aRatev1: [32, 40, 48, 56, 64, 80, 96, 112, 128, 160, 192, 224, 256, 320, // Layer III\n 32, 48, 56, 64, 80, 96, 112, 128, 160, 192, 224, 256, 320, 384, // Layer II\n 32, 64, 96, 128, 160, 192, 224, 256, 288, 320, 352, 384, 416, 448\n ], // Layer I\n aRatev2: [8, 16, 24, 32, 40, 48, 56, 64, 80, 96, 112, 128, 144, 160, // Layers III & II\n 32, 48, 56, 64, 80, 96, 112, 128, 144, 160, 176, 192, 224, 256\n ], // Layer I\n aFreq: [11025, 12000, 8000, // v2.5\n 22050, 24000, 16000, // v2\n 44100, 48000, 32000\n ], // v1\n aCh: [\"Stereo\", \"Joint stereo\", \"Dual mono\", \"Mono\"],\n\n header: function (nOffset) {\n // AAAAAAAA AAABBCCD EEEEFFGH IIJJKLMM\n var nHeader = X.U32(nOffset, _BE);\n if ((nHeader & 0xFFE00000) != ~~0xFFE00000) // AAAAAAAAAAA\n {\n return null;\n }\n var nVer = (nHeader >>> 19) & 3; // BB\n if (nVer == 1) // reserved\n {\n return null;\n }\n if (nVer > 1) {\n --nVer;\n }\n var nLayer = (nHeader >>> 17) & 3; // CC\n if (nLayer == 0) // reserved\n {\n return null;\n }\n --nLayer;\n var nBitrateIndex = (nHeader >>> 12) & 15; // EEEE\n if (nBitrateIndex == 0 || nBitrateIndex == 15) // free/bad\n {\n return null;\n }\n --nBitrateIndex;\n var nSamplingIndex = (nHeader >>> 10) & 3; // FF\n if (nSamplingIndex == 3) // reserved\n {\n return null;\n }\n var nPadding = (nHeader >>> 9) & 1; // G\n var nChannelMode = (nHeader >>> 6) & 3; // II\n\n var nBitrate = nVer == 2 ? this.aRatev1[nLayer * 14 + nBitrateIndex] :\n this.aRatev2[(nLayer == 2) * 14 + nBitrateIndex];\n var nFreq = this.aFreq[nVer * 3 + nSamplingIndex];\n var nTime;\n if (nLayer == 2) // Layer I\n {\n nTime = 384 / nFreq;\n } else if (nLayer == 1 || nVer == 2) // Layer II or v1,Layer III\n {\n nTime = 1152 / nFreq;\n } else // v2/2.5,Layer III\n {\n nTime = 576 / nFreq;\n }\n var bVBR = 1;\n var nVBR = Binary.findString(nOffset, 40, \"Xing\");\n if (nVBR == -1) {\n nVBR = Binary.findString(nOffset, 40, \"Info\");\n bVBR = 0;\n }\n if (nVBR != -1 && (X.U8(nVBR + 7) & 1)) {\n nTime *= X.U32(nVBR + 8, _BE);\n nOffset = bVBR ? -1 : -2;\n } else if (X.c(\"'VBRI'\", nOffset + 32)) {\n nTime *= X.U32(nVBR + 46, _BE);\n nOffset = -1;\n } else {\n if (nLayer == 2) // Layer I\n {\n nOffset += Math.floor(12000 * nBitrate / nFreq + nPadding) * 4;\n } else {\n // 125 = 1000/8 = kilobits to bytes\n nOffset += Math.floor(125 * nBitrate * nTime + nPadding);\n }\n }\n return [this.aVersion[nVer],\n this.aLayer[nLayer],\n nBitrate,\n nFreq,\n this.aCh[nChannelMode],\n nTime,\n nOffset\n ];\n }\n}\n\nfunction detect() {\n if (X.Sz() >= 128) {\n if (X.c(\"'TAG'\", X.Sz() - 128)) {\n sOptions = \"ID3v1\";\n }\n var nOffset = 0,\n bID3v2 = 0;\n if (X.c(\"'ID3'\")) {\n nOffset = (X.U8(6) << 21) | (X.U8(7) << 14) | (X.U8(8) << 7) | (X.U8(9));\n nOffset += 10;\n if (sOptions == \"\") {\n sOptions = \"ID3v2\";\n } else {\n sOptions += \"&2\";\n }\n bID3v2 = 1;\n } else if (X.c(\"'WAVEfmt '........55\", 8)) {\n nOffset = Binary.findString(50, 50, \"data\") + 8;\n }\n\n var aResult1, aResult = null;\n aResult1 = MP3.header(nOffset);\n\n if (aResult1 == null) {\n if (bID3v2) {\n // There may be some junk between the ID3 tag & the data (Win7\n // sample music files - C:\\Users\\Public\\Music\\Sample Music).\n // Since the ID3 tag is a fair indicator of an MP3, do a search\n // for v1,Layer III header.\n nOffset = Binary.findSignature(nOffset, 768, \"FFFB\");\n aResult1 = MP3.header(nOffset);\n }\n if (aResult1 == null) {\n return \"\";\n }\n }\n\n if (aResult1[6] > 0) {\n aResult = MP3.header(aResult1[6]);\n if (aResult == null) {\n return \"\";\n }\n }\n bDetected = true;\n // Assume version, layer & channels don't change.\n sVersion = aResult1[0] + \",Layer \" + aResult1[1];\n\n if (File.isVerbose()) {\n var nFrames = 1,\n nRateSum = aResult1[2],\n nFreqSum = aResult1[3],\n nSeconds = aResult1[5];\n\n var bVBR = 0,\n bVF = 0;\n\n while (aResult != null) {\n nFrames++;\n nRateSum += aResult[2];\n nFreqSum += aResult[3];\n nSeconds += aResult[5];\n if (aResult[2] != aResult1[2]) {\n bVBR = 1;\n }\n if (aResult[3] != aResult1[3]) {\n bVF = 1;\n }\n aResult = MP3.header(aResult[6]);\n }\n sOptions = sOptions.append(Math.round(nRateSum / nFrames) + \"kbps\");\n if (bVBR) {\n sOptions += \"(avg)\";\n }\n sOptions = sOptions.append(Math.round(nFreqSum / nFrames) + \"Hz\");\n if (bVF) {\n sOptions += \"(avg)\";\n }\n sOptions = sOptions.append(aResult1[4], duration(nSeconds));\n }\n }\n\n return result();\n}" }, { "path": "db/Binary/backup_images.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"format\", \"\");\n\nfunction detect() {\n if (Binary.compare(\"7ca0932f\")) {\n bDetected = true;\n sName = \"R-Studio image\";\n if (Binary.compare(\"78da\", 0x38) != -1) {\n sOptions = \"compressed (zlib)\";\n }\n } else if (Binary.compare(\"'$CAN'\")) {\n switch (Binary.readByte(4)) {\n case 0xe4:\n sOptions = \"First or single file\";\n break;\n case 0x60:\n sOptions = \"next file\";\n break;\n }\n bDetected = true;\n sName = \"Norton Ghost image\";\n }\n\n return result();\n}" }, { "path": "db/Binary/bin.Atari_ST.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"format\", \"Atari ST TOS executable\");\n\nfunction detect() {\n if (Binary.compare(\"601a0000....................0000\")) {\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/Binary/bin.IDA.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: LinXP\n// Status: WIP\n\nmeta(\"format\");\n\nincludeScript(\"zlib\");\n\nfunction detect() {\n if (Binary.getSize() >= 0x20) {\n if (Binary.compare(\"'IDA'..0000\") && Binary.compare(\"DDCCBBAA\", 0x1A)) {\n var nVer = Binary.read_uint16(0x1E);\n sVersion = nVer + \".0\";\n switch (Binary.getString(0, 4)) {\n case \"IDA0\": bDetected = true; sName = \"IDA Database (.IDB)\"; break;\n case \"IDA1\": bDetected = true; sName = \"IDA Database for 32-bit binary (.IDB)\"; break;\n case \"IDA2\": bDetected = true; sName = \"IDA Database for 64-bit binary (.I64)\"; break;\n }\n\n if (bDetected) {\n switch (nVer) {\n case 2: detect_zlib(Binary, Binary.read_uint32(0x06) + 0x05); break;\n case 3: detect_zlib(Binary, Binary.read_uint32(0x06) + 0x05); break;\n case 4: detect_zlib(Binary, Binary.read_uint32(0x06) + 0x05); break;\n case 5: detect_zlib(Binary, Binary.read_uint32(0x06) + 0x09); break;\n case 6: detect_zlib(Binary, Binary.read_uint32(0x06) + 0x09); break;\n }\n }\n } else if (Binary.compare(\"'IDASGN'\")) {\n sName = \"IDA FLIRT Signature Database (.SIG)\";\n bDetected = true;\n\n const\n nVer = Binary.read_uint8(0x06),\n nModules = Binary.read_uint16(0x12),\n nFlags = Binary.read_uint8(0x10),\n nLibNameSz = Binary.read_uint8(0x22),\n nLibNameOf = 0x25;\n\n sVersion = nVer;\n\n if (!nModules) {\n nModules = Binary.read_uint32(0x25);\n nLibNameOf += 4;\n if (nVer >= 10) nLibNameOf += 4;\n }\n\n sOptions = \"\\\"\" + Binary.getString(nLibNameOf, nLibNameSz) + \"\\\"\";\n\n if (Binary.isVerbose()) {\n detect_zlib(Binary, nLibNameOf + nLibNameSz);\n sOption(\"modules:\" + nModules); // count modules\n sOption(\"p:\" + Binary.read_uint8(0x7)); // processor id\n sOption(\"a:\" + Binary.read_uint16(0xE)); // application type\n sOption(\"o:\" + Binary.read_uint16(0xC)); // os type\n sOption(\"f:\" + Binary.read_uint32(0x8)); // file format type\n }\n } else if (Binary.compare(\"'IDATIL'\")) {\n sName = \"IDA Type Information List (.TIL)\";\n sOptions = \"\\\"\" + Binary.getString(0xF, Binary.read_uint8(0xE)) + \"\\\"\";\n bDetected = true;\n }\n }\n\n return result();\n}" }, { "path": "db/Binary/bin.ISO_9660.1.sg", "content": "// Detect It Easy: detection rule file\r\n// Author: horsicq \r\n\r\nmeta(\"format\", \"ISO 9660\");\r\n\r\nfunction detect() {\r\n if (Binary.getSize() > 0x8010) {\r\n if (Binary.compare(\"01'CD001'01\", 0x8000) || Binary.compare(\"01'CD001'01\", 0x9318) || Binary.compare(\"01'CD001'01\", 0x9310)) {\r\n bDetected = true;\r\n }\r\n }\r\n\r\n return result();\r\n}\r\n" }, { "path": "db/Binary/bin.RPGMaker2Kdata.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: Kaens TG@kaens\n\nmeta('game');\n\nfunction detect() {\n /* beautify ignore:start */\n\n function isLCF() { //internal\n if (!X.isHeuristicScan() && (!X.c(\"'Lcf'\", 1) || charStat(X.readBytes(1, X.U8(0)), 1).indexOf('allasc' < 0))) return false;\n return true\n }\n\n\n function isXYZ() {\n if (!X.c(\"'XYZ1'\")) return false;\n w = X.U16(4); h = X.U16(6); var max = X.isHeuristicScan() ? 0x8000 : 0xA00;\n // 99.9999% images are within 800×800, but the official limit's 32000\n if (!isWithin(w, 1, max) || !isWithin(h, 1, max)) return false;\n return true\n }\n if (!bDetected && isXYZ()) {\n sName = 'RPGMaker 2000/2003 bitmap (.XYZ)'; bDetected = true; if (X.isVerbose()) sOption(w + '×' + h);\n }\n\n\n function isLSD() {\n //ref https://github.com/EasyRPG/liblcf/blob/master/src/generated/lcf/lsd/chunks.h etc.\n if (!isLCF()) return false; if (!X.c(\"0B\") || !X.c(\"64\", 12)) return false; bad = '';\n if (!X.c(\"'LcfSaveData'\", 1))\n if (!X.isHeuristicScan()) return false;\n else bad = bad.addIfNone('!badsig'); // easyRPG won't quit just because the sig is wrong!\n if (!isWithin(dt = X.F64(0x10), 365 * 100, 365 * 200)) return false; // date test, days since 1900. I'll test 2000~2100, let's be real here\n var delphiEpoch = new Date(Date.UTC(1899, 11, 30));\n dt = new Date(delphiEpoch.getTime() + dt * 86400000); dt = dt.toISOString(); // Convert days to milliseconds, then to string\n ch0nm = ch1fs = ch2fs = ch3fs = ch4fs = ''; ch0lv = ch0hp = ch1fsi = ch2fsi = ch3fsi = ch4fsi = -1; info = '';\n for (idx = 0, p = 0x18; p < X.Sz();) {\n idx = readVarUInt(p); if (!isWithin(idx[0], 1, 3)) return false; p += idx[0]; idx = idx[1]; if (!idx) break;\n sz = readVarUInt(p); if (!isWithin(sz[0], 1, 5)) return false; p += sz[0]; sz = sz[1];\n switch (idx) {\n case 0x0B: heronm = X.SC(p, sz, 'SJIS'); break;\n case 0x0C: herolv = readVarUInt(p, sz)[1]; break;\n case 0x0D: herohp = readVarUInt(p, sz)[1]; break;\n case 0x15: ch1fs = X.SC(p, sz, 'SJIS'); break;\n case 0x16: ch1fsi = readVarUInt(p, sz)[1]; break;\n case 0x17: ch2fs = X.SC(p, sz, 'SJIS'); break;\n case 0x18: ch2fsi = readVarUInt(p, sz)[1]; break;\n case 0x19: ch3fs = X.SC(p, sz, 'SJIS'); break;\n case 0x1A: ch3fsi = readVarUInt(p, sz)[1]; break;\n case 0x1B: ch4fs = X.SC(p, sz, 'SJIS'); break;\n case 0x1C: ch4fsi = readVarUInt(p, sz)[1]; break;\n }\n p += sz\n }\n bad = ''; v = ''; sz = p;\n for (calcidx = 0x65; p < X.Sz(); calcidx = (calcidx < 0x72 ? calcidx + 1 : 0xC8)) {\n idx = readVarUInt(p); if (!isWithin(idx[0], 1, 3)) return false; p += idx[0]; idx = idx[1]; if (!idx) break;\n if (calcidx != idx) if (calcidx != 0xC8) { bad = bad.addIfNone('!brokenchunk'); break }\n sz = readVarUInt(p); if (!isWithin(sz[0], 1, 5) || !sz[1]) return false;\n p += sz[0]; sz = sz[1];\n switch (idx) {\n case 0xC8: tag = 'easyRPG_data';\n if (readVarUInt(p)[1] == 1) { t = readVarUInt(p + 1)[1]; v = readVarUInt(p + 2)[1]; v = (((v >> 8) & 0xFF) | (v & 0xFF) << 8).toString(16) }\n break;\n case 0x6C: tag = 'actors';\n for (q = p + 2/*2D array idx? skip 2 bytes, test more*/; q < p + sz;) {\n idx2 = readVarUInt(q); if (!isWithin(idx2[0], 1, 3)) { _l2r('lsd', q, 'idx2=' + Hex(idx2[0]) + ' is weird'); q = p + sz; continue }\n q += idx2[0]; idx2 = idx2[1]; if (!idx2) break;\n sz2 = readVarUInt(q); if (!isWithin(sz2[0], 1, 5)) return false;\n q += sz2[0]; sz2 = sz2[1];\n switch (idx2) {\n case 1: t = X.SA(q, sz2); info = info.append('actor:' + (t == '\\x01' ? '*' : X.SC(q, sz2, 'SJIS'))); break\n case 2: t = X.SA(q, sz2); info = info.append('title:' + (t == '\\x01' ? '*' : X.SC(q, sz2, 'SJIS'))); break\n case 0x0B: t = X.SC(q, sz2, 'SJIS'); if (t.length) info = info.append('char:' + t); break\n case 0x15: t = X.SC(q, sz2, 'SJIS'); if (t.length) info = info.append('sprite:' + t); break\n case 0x1F: info = info.append('level:' + readVarUInt(q)[1]); break\n case 0x21: t = readVarUInt(q)[1]; if (t) info = info.append('hpmod:' + t); break\n case 0x22: t = readVarUInt(q)[1]; if (t) info = info.append('spmod:' + t); break\n case 0x47: info = info.append('curhp:' + readVarUInt(q)[1]); break\n case 0x48: info = info.append('cursp:' + readVarUInt(q)[1]); break\n }\n q += sz2\n }\n break;\n case 0x65: tag = 'system'; break; case 0x66: tag = 'screen'; break; case 0x67: tag = 'pictures'; break;\n case 0x68: tag = 'party_loc'; break; case 0x69: tag = 'boat_loc'; break; case 0x6A: tag = 'ship_loc'; break;\n case 0x6B: tag = 'airship_loc'; break; case 0x6D: tag = 'inventory'; break;\n case 0x6E: tag = 'teleport_targets'; break; case 0x6F: tag = 'map_info'; break; case 0x70: tag = 'panorama'; break;\n case 0x71: tag = 'fg_ev_execstate'; break; case 0x72: tag = 'common_events'; break;\n default: tag = 'ERROR!' + Hex(idx)\n }\n p += sz; if (idx == 0xC8) break\n }\n if (p > X.Sz()) return false; sz = p;\n if (idx == 0xC8) sVersion = 'easyRPG' + (v.length ? ' v' + v.slice(0, 4) : ''); else sVersion = 'RPG_RT';\n return true\n }\n if (!bDetected && isLSD()) {\n sName = \"RPGMaker 2000/2003 save data (.LSD)\"; bDetected = true;\n if (bad.length) sVersion = sVersion.appendS('malformed' + bad, '/')\n if (X.isVerbose()) {\n sOption('on: ' + dt.slice(0, 19)); sOption(heronm + ' lv.' + herolv + ' ' + herohp + 'HP', 'preview: ');\n if (ch1fsi >= 0) sOption(ch1fs); if (ch2fsi >= 0) sOption(ch2fs); if (ch3fsi >= 0) sOption(ch3fs); if (ch4fsi >= 0) sOption(ch4fs);\n sOption(info, 'info: ')\n sOption(outSz(sz), 'sz:')\n }\n }\n\n\n function isLMT() {\n //ref https://github.com/EasyRPG/liblcf/blob/master/src/generated/lcf/lmt/chunks.h etc.\n if (!isLCF()) return false; if (!X.c(\"0A\")) return false; bad = '';\n if (!X.c(\"'LcfMapTree'\", 1))\n // if(!X.isHeuristicScan())\n return false;\n // else\n // \tbad = bad.addIfNone('!badsig'); // easyRPG won't quit just because the sig is wrong! But we will, because there's not much more to detect it by\n i = readVarUInt(0xB); if (!isWithin(i[0], 1, 5)) return false; p = 0xB + i[0] + 1; len = i[1];\n title = ''; maps = [];\n for (idx = i = 0; p < X.Sz() && i < len;) {\n if (idx == 0x33) {\n p += readVarUInt(p)[0]; aid = readVarUInt(p); p += aid[0]; aid = aid[1]; //array idx\n if (aid < ++i) { bad = bad.addIfNone('!badidx'); break }\n }\n if (i >= len) break;\n idx = readVarUInt(p); if (!isWithin(idx[0], 1, 3)) return false; p += idx[0]; idx = idx[1];\n sz = readVarUInt(p); if (!isWithin(sz[0], 1, 5) || !sz[1]) return false; p += sz[0]; sz = sz[1];\n switch (idx) {\n case 1: t = X.SC(p, sz, 'SJIS');\n if (!title.length) title = t; else maps.push(aid + '.' + t);\n break;\n }\n p += sz;\n }\n //tree_order length is in aid\n for (i = 0; i < aid + 1; i++) p += readVarUInt(p)[0]; // tree_order + active_node\n //_l2r('lmt',p,'Start')\n for (i = 0; p < X.Sz();) {\n idx = readVarUInt(p); if (!isWithin(idx[0], 1, 3)) return false; p += idx[0]; idx = idx[1];\n if (!idx) break;\n sz = readVarUInt(p); if (!isWithin(sz[0], 1, 5) || !sz[1]) return false; p += sz[0]; sz = sz[1];\n p += sz\n }\n sz = p;\n if (sz > X.Sz()) return false;\n return true\n }\n if (!bDetected && isLMT()) {\n sName = \"RPGMaker 2000/2003 map tree data (.LMT)\"; bDetected = true;\n if (bad.length) sVersion = sVersion.appendS('malformed' + bad, '/')\n if (X.isVerbose()) {\n sOption('for: ' + title); sOption(addEllipsis(maps.join('\\r'), 0xC000), len + ' maps:'); sOption(outSz(sz), 'sz:')\n }\n }\n\n\n function isLDB() {\n //ref https://github.com/EasyRPG/liblcf/blob/master/src/generated/lcf/ldb/chunks.h etc.\n if (!isLCF()) return false; if (!X.c(\"0B\") || !X.c(\"0B\", 0xC)) return false; bad = '';\n if (!X.c(\"'LcfDataBase'\", 1))\n // if(!X.isHeuristicScan())\n return false;\n // else\n // \tbad = bad.addIfNone('!badsig'); // easyRPG won't quit just because the sig is wrong! But we will, because there's not much more to detect it by\n var debug = -1, char = []; chars = [];\n function ret(p, t) { if (debug >= 1) _l2r('ldb', p, t); return false }\n for (idx = i = 0, p = 0xC; p < X.Sz(); i++) { // go over all chunks found\n idx = readVarUInt(p); if (!isWithin(idx[0], 1, 3)) return ret(p, 'bad idx'); p += idx[0]; idx = idx[1];\n if (!isWithin(idx, 0xB, 0x1F)) if (i < 14) return ret(p, 'bad tag ' + idx);\n else { p--; break } //to tell the expected file length. idx = 00 is the last byte\n sz = readVarUInt(p); if (!isWithin(sz[0], 1, 6) || !sz[1]) return ret(p, 'bad size ' + sz[1]); p += sz[0]; sz = sz[1];\n if (idx == 0xB) { // an array; let's analyse the Characters one\n for (q = p; q < p + sz && q < X.Sz();) {\n for (len = j = 0; q < p + sz && q < X.Sz(); j++) {\n t = readVarUInt(q); if (!isWithin(t[0], 1, 3)) return false; q += t[0]; t = t[1];\n if (!len) { len = t; j = 0 }\n t = readVarUInt(q); if (!isWithin(t[0], 1, 3)) return false; q += t[0]; t = t[1];\n for (; q < p + sz && q < X.Sz();) {\n idx1 = readVarUInt(q); if (!isWithin(idx1[0], 1, 3)) return false; q += idx1[0]; idx1 = idx1[1];\n if (!idx1) { q--; break }\n sz1 = readVarUInt(q); if (!isWithin(sz1[0], 1, 5)) return ret(q, 'sz off at idx1=' + Hex(idx1)); q += sz1[0]; sz1 = sz1[1];\n switch (idx1) {\n case 1: char.push(X.SC(q, sz1, 'SJIS')); break; //name\n case 2: char.push(X.SC(q, sz1, 'SJIS')); break; //title\n default: if (char.length) chars.push(char.join(': '));\n char = []\n }\n q += sz1\n }\n }\n i++\n }\n }\n p += sz\n }\n sz = p;\n return true\n }\n if (!bDetected && isLDB()) {\n sName = \"RPGMaker 2000/2003 database (.LDB)\"; bDetected = true;\n if (bad.length) sVersion = sVersion.appendS('malformed' + bad, '/')\n if (X.isVerbose()) {\n sOption(addEllipsis(chars.join(', ')), 'chars:')\n sOption(outSz(sz), 'sz:')\n }\n }\n\n\n function isLMU() {\n //ref https://github.com/EasyRPG/liblcf/blob/master/src/generated/lcf/ldb/chunks.h etc.\n if (!isLCF()) return false; if (!X.c(\"0A\")) return false; bad = '';\n if (!X.c(\"'LcfMapUnit'\", 1)) return false;\n id = -1; bg = ''; bgf = false;\n for (idx = i = 0, p = 0xB; p < X.Sz(); i++) { // go over all chunks found\n idx = readVarUInt(p); if (!isWithin(idx[0], 1, 3)) return false; p += idx[0]; idx = idx[1];\n if (!isWithin(idx, 1, 91)) if (i < 3) return false\n else break //to tell the expected file length. idx = 00 is the last byte\n sz = readVarUInt(p); if (!isWithin(sz[0], 1, 6) || !sz[1]) return false; p += sz[0]; sz = sz[1];\n switch (idx) {\n case 1: id = readVarUInt(p)[1]; break;\n case 31: bgf = true; break;\n case 32: bg = X.SC(p, sz, 'SJIS'); break\n }\n p += sz\n }\n sz = p;\n if (sz > X.Sz()) return false;\n return true\n }\n if (!bDetected && isLMU()) {\n sName = \"RPGMaker 2000/2003 map unit (.LMU)\"; bDetected = true;\n if (bad.length) sVersion = sVersion.appendS('malformed' + bad, '/')\n if (X.isVerbose()) {\n if (id >= 0) sOption(id, 'id:'); if (bgf) sOption(bg, 'bg:\"', '\"'); sOption(outSz(sz), 'sz:')\n }\n }\n\n\n return result()\n /* beautify ignore:end */\n}" }, { "path": "db/Binary/data_overlay_null_padding.1.sg", "content": "// Detect It Easy: detection rule file\r\n// Author: horsicq \r\n// Detects zero-byte overlay padding added by linkers to align the output file\r\n// to sector (0x200) or page (0x1000) boundaries.\r\n// Example: TLINK32 pads PE files with null bytes up to the next 0x1000 boundary.\r\n\r\nfunction detect() {\r\n if (!Binary.isOverlay()) {\r\n return result();\r\n }\r\n\r\n var nSize = Binary.getSize();\r\n\r\n if (Binary.isZeroFilled(0, nSize)) {\r\n _setResult(\"overlay\", \"null padding\", \"\", \"\");\r\n }\r\n}\r\n" }, { "path": "db/Binary/data_overlays.6.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"data\", \"\");\n\nfunction detect() {\n if (Binary.isOverlay()) {\n if (Binary.compare(\"'aWAW'\")) {\n sName = \"CreateInstall data\";\n bDetected = true;\n } else if (Binary.compare(\"';!@Install@!UTF-8!'\")) {\n sName = \"7-zip Installer data\";\n bDetected = true;\n } else if (Binary.compare(\"00'TMSAMVOH'\")) {\n sName = \"ActiveMark protector data\";\n bDetected = true;\n } else if (Binary.compare(\"....................'MSCF'00\")) {\n sName = \"Actual Installer data\";\n bDetected = true;\n } else if (Binary.compare(\"'10JP'\")) {\n sName = \"Adveractive Installer data\";\n bDetected = true;\n } else if (Binary.compare(\"'EWETAR DATA FILE!! VER 1.00 <<<>>>'\")) {\n sName = \"Aeco Systems installer data\";\n bDetected = true;\n } else if (Binary.compare(\"c0ab........60ea\")) {\n sName = \"ARJSFX32 data\";\n bDetected = true;\n } else if (Binary.compare(\"67570402\")) {\n sName = \"ARQ archive\";\n bDetected = true;\n } else if (Binary.compare(\"0b0bafaf0b0ba4\")) {\n sName = \"AutoPlay Media Studio installer data\";\n bDetected = true;\n } else if (Binary.compare(\"'wwgT)'\") || Binary.compare(\"..120100....0000\")) {\n sName = \"ClickTeam installer data\";\n bDetected = true;\n } else if (Binary.compare(\"'CK16'\")) {\n sName = \"CrypKey Installer archive\";\n bDetected = true;\n } else if (Binary.compare(\"........'DIMDMSCF'\")) {\n sName = \"Dimd SFX data\";\n sOptions = \"CAB\";\n bDetected = true;\n } else if (Binary.compare(\"'[metadata]'\")) {\n sName = \"distutils installer data\";\n bDetected = true;\n } else if (Binary.compare(\"b297e169\")) {\n sName = \"Envoy Packager data\";\n bDetected = true;\n } else if (Binary.compare(\"'EPSF'\")) {\n sName = \"Eschalon Installer archive\";\n bDetected = true;\n } else if (Binary.compare(\"........'SPIS'1a'LH5'\")) {\n sName = \"GPInstall data\";\n sOptions = \"SPIS LH5\";\n bDetected = true;\n } else if (Binary.compare(\"'zlb'1A\") || Binary.compare(\"'idska32'1A\")) {\n sName = \"Inno Setup Installer data\";\n bDetected = true;\n } else if (Binary.compare(\"'Inno Setup Messages'\")) {\n sName = \"Inno Setup uninstall data\";\n bDetected = true;\n } else if (Binary.compare(\"'1CNT'\")) {\n sName = \"LucasArts Update Installer data\";\n bDetected = true;\n } else if (Binary.compare(\"'MPU'0d\")) {\n sName = \"MP-ZipTool SFX32 data\";\n bDetected = true;\n } else if (Binary.compare(\"'MPQ'1a20\")) {\n sName = \"MPQ archive\";\n bDetected = true;\n } else if (Binary.compare(\"'PK??NOS_PO'\") || Binary.compare(\"'NOS_PO'\")) {\n sName = \"NOS Installer data\";\n bDetected = true;\n } else if (Binary.compare(\"970300000201\")) {\n sName = \"Pantaray QSetup data\";\n sVersion = \"10.X\";\n bDetected = true;\n } else if (Binary.compare(\"370700000201\")) {\n sName = \"Pantaray QSetup data\";\n sVersion = \"11.X\";\n bDetected = true;\n } else if (Binary.compare(\"04'PBG'\")) {\n sName = \"Paquet archive\";\n bDetected = true;\n } else if (Binary.compare(\"'PB'................................'7z'\")) {\n sName = \"Paquet Builder\";\n sOptions = \"7zip\";\n bDetected = true;\n } else if (Binary.compare(\"'qres'\")) {\n sName = \"QT installer data\";\n bDetected = true;\n } else if (Binary.compare(\"4B2A9A\") || Binary.compare(\"4B2A84\")) {\n sName = \"RTPatch archive\";\n bDetected = true;\n } else if (Binary.compare(\"e0e0e1e1e2e2e3e3e4e4e5e5e6e6e7e7\")) {\n sName = \"Setup Factory installer data\";\n sVersion = \"8.X, 9.X\";\n bDetected = true;\n } else if (Binary.compare(\"e0e1e2e3e4e5e6\")) {\n sName = \"Setup Factory installer data\";\n sVersion = \"4.X, 5.X\";\n bDetected = true;\n } else if (Binary.compare(\"67155234ff4d3642\")) {\n sName = \"STATICSUP installer data\";\n bDetected = true;\n } else if (Binary.compare(\"'ESIV'\") || Binary.compare(\"'SIVM'\", 0xf000)) {\n sName = \"Vise Installer data\";\n bDetected = true;\n } else if (Binary.compare(\"'RsDl'\")) {\n sName = \"WinImage SFX data\";\n bDetected = true;\n } else if (Binary.compare(\"'IMP'0a\")) {\n sName = \"IMP archive\";\n bDetected = true;\n } else if (Binary.compare(\"'@Daisy@Lucy@xyzzy@'................1f8b08\")) {\n sName = \"WinPatch Apply Program data\";\n sOptions = \"gzip\";\n bDetected = true;\n } else if (Binary.compare(\"'@Daisy@Lucy@xyzzy@'1f8b08\")) {\n sName = \"WinPatch Apply Program data\";\n sOptions = \"gzip\";\n bDetected = true;\n } else if (Binary.compare(\"'***messages***'\")) {\n sName = \"WinRAR Installer data\";\n bDetected = true;\n } else if (Binary.compare(\"fffe2a002a002a006d0065007300730061006700650073002a002a002a00\")) {\n sName = \"WinRAR Installer data\";\n sVersion = \"5.X\";\n bDetected = true;\n }\n /* else if(Binary.compare(\"'Rar!'\"))\n {\n sName=\"RAR archive\";\n bDetected=1;\n } */\n else if (Binary.compare(\"'MPV*'\")) {\n sName = \"ZipCentral SFX-32 data\";\n bDetected = true;\n } else if (Binary.compare(\"'[20/20]'\")) {\n sName = \"PCInstall data\";\n bDetected = true;\n } else if (Binary.compare(\"'ISSetupStream'\")) {\n sName = \"InstallShield data\";\n sVersion = \"18.X\";\n bDetected = true;\n } else if (Binary.compare(\"'FWS'\") || Binary.compare(\"'CWS'\")) {\n sName = \"Adobe Flash\";\n bDetected = true;\n } else if (Binary.compare(\"'Smart Install Maker v'\")) {\n sName = \"Smart Install Maker data\";\n sVersion = Binary.getString(Binary.getOverlayOffset() + 0x17);\n bDetected = true;\n } else if (Binary.compare(\"....0000dcedbd\")) {\n sName = \"PackageForTheWeb data\";\n sOptions = \"InstallShield\";\n bDetected = true;\n } else if (Binary.compare(\"'00000000000000BD00000000000000010000000000000001'\", 0x19a0)) {\n sName = \"Autodesk Self-Extract data\";\n bDetected = true;\n } else if (Binary.compare(\"c0dececb8d8d8d8d\")) {\n sName = \"Ghost Installer archive\";\n sOptions = \"xored MSCF, mask: 8D\";\n bDetected = true;\n } else if (Binary.compare(\"02060a0405fd59\")) {\n sName = \"CreateInstall data\";\n sVersion = \"2003.3.5\";\n bDetected = true;\n } else if (Binary.compare(\"'RWMV'\")) {\n sName = \"VMWare Installation Launcher data\";\n bDetected = true;\n } else if (Binary.compare(\"........'GRCSETUPINFORMATION'\")) {\n sName = \"Codegear Installer data\";\n bDetected = true;\n } else if (Binary.compare(\"'xvm'0003\")) {\n sName = \"Spoon Studio data\";\n bDetected = true;\n } else if (Binary.compare(\"2f30ee1f5e4ee51e\")) {\n sName = \"Advanced Installer data\";\n sOptions = \"MS Compound-like format\";\n bDetected = true;\n } else if (Binary.compare(\"'^OPT'\")) {\n var ArcOffset = Binary.findString(Binary.getOverlayOffset(), 0x50, \"^ARC\");\n if (ArcOffset != -1) {\n if (Binary.compare(\"1f8b08\", ArcOffset + 4)) {\n sName = \"Adobe SVG Installer\";\n sOptions = \"gzip\";\n bDetected = true;\n }\n }\n } else if (Binary.compare(\"07d26cbf2159abaa0100000000\")) {\n sName = \"Chilkat ZIP Self-Extractor data\";\n bDetected = true;\n } else if (Binary.compare(\"'IST'00\")) {\n sName = \"Dolphin Virtual Machine data\";\n sVersion = \"5.0\";\n bDetected = true;\n } else if (Binary.compare(\"'@._P-DATA_.@'\")) {\n sName = \"CodeFusion Wizard data\";\n bDetected = true;\n } else if (Binary.compare(\"'ASWsetupFPkgFil3'\")) {\n sName = \"avast! Antivirus installer data\";\n bDetected = true;\n } else if (Binary.compare(\"5b3e\")) {\n var ArcOffset = Binary.findSignature(Binary.getOverlayOffset(), 0x500, \"'PK'0304\");\n if (ArcOffset != -1) {\n sName = \"InstallAnywhere data\";\n sOptions = \"zip\";\n bDetected = true;\n }\n } else if (Binary.compare(\"........efbeadde'NullsoftInst'\")) {\n sName = \"NSIS data\";\n bDetected = true;\n } else if (Binary.compare(\"................fec1cd666ebccf01fec1cd666ebccf0100..............78da\")) {\n sName = \"Internet Download Manager installer data\";\n sOptions = \"zlib\";\n bDetected = true;\n } else if (Binary.compare(\"d513e4e801000000\")) {\n sName = \"Install4j installer data\";\n bDetected = true;\n } else if (Binary.compare(\"efbbbf';!@Install@!UTF-8!'\")) {\n sName = \"7-zip Installer data\";\n bDetected = true;\n } else if (Binary.compare(\"'UM'030a00\")) {\n sName = \"Sony Windows installer data\";\n bDetected = true;\n } else if (Binary.compare(\"7b00320030003700320036003300370037002d00\")) {\n sName = \"ADS Self Extractor data\";\n bDetected = true;\n } else if (Binary.findSignature(Binary.getOverlayOffset(), Math.min(0x100, Binary.getOverlaySize()), \"7b00320030003700320036003300370037002d00\") != -1) {\n sName = \"ADS Self Extractor data\";\n bDetected = true;\n } else if (Binary.compare(\"276327631226097513180178\")) {\n sName = \"Chaos Software installer data\";\n bDetected = true;\n } else if (Binary.compare(\"'OWS9G1'\", 0xb)) {\n sName = \"Gentee installer data\";\n bDetected = true;\n } else if (Binary.compare(\"'SQ5SFX'\")) {\n sName = \"Squeez SFX data\";\n bDetected = true;\n } else if (Binary.compare(\"'Inno Setup Setup Data'\")) {\n sName = \"Inno Setup data\";\n bDetected = true;\n } else if (Binary.findSignature(Binary.getOverlayOffset(), Math.min(0x100, Binary.getOverlaySize()), \"'MSCF00000000'\") != -1) {\n sName = \"CAB archive\";\n bDetected = true;\n } else if (Binary.findSignature(Binary.getOverlayOffset(), Math.min(0x100, Binary.getOverlaySize()), \"'ISc('\") != -1) {\n sName = \"InstallShield archive\";\n bDetected = true;\n } else if (Binary.compare(\"'ExcelsiorII1'\")) {\n sName = \"Excelsior installer data\";\n bDetected = true;\n } else if (Binary.compare(\"'InstallShield'00\")) {\n sName = \"InstallShield data\";\n sOptions = \"2.X-3.X\";\n bDetected = true;\n } else if (Binary.compare(\"'wwwwI'874712\")) {\n sName = \"Multimedia Fusion installer data\";\n bDetected = true;\n } else if (Binary.compare(\"'PIMPFILE'00\")) {\n sName = \"PIMP installer data\";\n bDetected = true;\n } else if (Binary.compare(\"'tiz1'........78da\")) {\n sName = \"Tarma installer data\";\n sOptions = \"zlib\";\n bDetected = true;\n } else if (Binary.compare(\"'XXataDfOnigeB'\")) {\n sName = \"I-D Media installer data\";\n bDetected = true;\n } else if (Binary.compare(\"'This is the end of the executable'\")) {\n sName = \"SwiftView installer data\";\n bDetected = true;\n } else if (Binary.compare(\"1f8b08\", 0x3000)) {\n sName = \"BulletProofSoft installer data\";\n sOptions = \"gzip\";\n bDetected = true;\n } else if (Binary.compare(\"'AddD'03\")) {\n sName = \"SecuROM data\";\n var nOffset = Binary.getOverlayOffset();\n sVersion = Binary.getString(nOffset + 8);\n bDetected = true;\n } else if (Binary.compare(\"'NB02'\")) {\n sName = \"CodeView 3.14 debug information\";\n bDetected = true;\n } else if (Binary.compare(\"'NB09'\")) {\n sName = \"CodeView 4.10 debug information\";\n bDetected = true;\n } else if (Binary.compare(\"'NB11'\")) {\n sName = \"CodeView 5.0 debug information\";\n bDetected = true;\n } else if (Binary.compare(\"'NB10'\")) {\n sName = \"PDB 2.0 file link\";\n bDetected = true;\n } else if (Binary.compare(\"'RSDS'\")) {\n sName = \"PDB 7.0 file link\";\n bDetected = true;\n } else if (Binary.compare(\"'[(*|*)]MZ'\")) {\n sName = \"Mioplanet installer executable+data\"\n bDetected = true;\n } else if (Binary.compare(\"'MPV'\")) {\n sName = \"DelZip SFX data\";\n bDetected = true;\n } else if (Binary.compare(\"'MPU'00\")) {\n sName = \"CoffeeCup SFX data\";\n bDetected = true;\n } else if (Binary.compare(\"''\")) {\n sName = \"KRZIP archive\";\n bDetected = true;\n } else if (Binary.compare(\"..........87000001........5d0000800000\")) {\n sName = \"Smart Install Maker data\";\n bDetected = true;\n } else if (Binary.compare(\"'RS'\")) {\n sName = \"AOLSetup data\";\n bDetected = true;\n } else if (Binary.compare(\"'TGCF'\")) {\n sName = \"Setup-Specialist archive\";\n bDetected = true;\n } else if (Binary.compare(\"a3484bbe986c4aa9\")) {\n sName = \"AutoIt compiled script\";\n sVersion = \"2.XX-3.XX\";\n bDetected = true;\n } else if (Binary.compare(\"'MSCF'00000000\")) {\n sName = \"CAB archive\";\n bDetected = true;\n } else if (Binary.compare(\"'PK'0304\")) {\n sName = \"ZIP archive\";\n bDetected = true;\n } else if (Binary.compare(\"'$_BIM_CONFIG_START_$\")) {\n sName = \"Bytessence Install Maker data\";\n bDetected = true;\n } else if (Binary.compare(\"........'.eh_frame'00\")) {\n sName = \"BitRock installer data\";\n bDetected = true;\n } else if (Binary.compare(\"09050000\")) {\n sName = \"ThinApp data\";\n bDetected = true;\n } else if (Binary.compare(\"BDA6EEE9F9EDEFEDE5ED\")) {\n sName = \"Hamrick Software XOR-ed ZIP\";\n bDetected = true;\n } else if (Binary.compare(\"000000000000000038e8020000000000\")) {\n sName = \"Box Stub installer data\";\n bDetected = true;\n } else if (Binary.compare(\"a7870800\")) {\n sName = \"Install Factory data\";\n bDetected = true;\n } else if (Binary.compare(\"a7870800\")) {\n sName = \"Install Factory data\";\n bDetected = true;\n } else if (Binary.compare(\"a6d6b210\")) {\n sName = \"Sax Software archive\";\n bDetected = true;\n } else if (Binary.compare(\"'Win_Sfx_For_Windows_'\")) {\n sName = \"XZIP-SFX data\";\n sOptions = \"by Netzip\";\n bDetected = true;\n } else if (X.SU16(2, 16) == \"[GeneralOptions]\") {\n sName = \"Advanced Installer data\";\n bDetected = true;\n } else if (Binary.compare(\"d90e0100889f\")) {\n sName = \"Winlicense xored EXE (0xC5 xor mask)\";\n bDetected = true;\n }\n\n /* var ArcOffset=Binary.findSignature(Binary.getOverlayOffset(),0x400, \"'|http:'\");\n if(ArcOffset!=-1)\n {\n sName=\"Pantaray QSetup data\";\n sVersion=\"6.X\";\n bDetected=1;\n }\n var ArcOffset=Binary.findSignature(Binary.getOverlayOffset(),0x400, \"'|www.'\");\n if(ArcOffset!=-1)\n {\n sName=\"Pantaray QSetup data\";\n sVersion=\"8.X\";\n bDetected=1;\n } */\n }\n\n return result();\n}" }, { "path": "db/Binary/debug_data_debugData.1.sg", "content": "// Detect It Easy: detection rule file\n\n// Author: DosX\n// E-Mail: collab@kay-software.ru\n// GitHub: https://github.com/DosX-dev\n// Telegram: @DosX_dev\n\nmeta(\"debug data\", \"\");\n\nfunction detect() {\n var size = Binary.getSize();\n\n // Borland debug info\n if (Binary.readWord(0) === 0x52FB) {\n var minor = Binary.readByte(2),\n major = Binary.readByte(3),\n minorStr = ((minor >> 4) * 10 + (minor & 0x0F)).toString(),\n majorStr = ((major >> 4) * 10 + (major & 0x0F)).toString(),\n sVer = majorStr + \".\" + minorStr;\n\n _setResult(sType, \"Borland\", sVer, \"TDS\" + (Binary.readWord(0xE) ? \" \" + Binary.readWord(0xE) + \" symbols\" : \"\"));\n return true;\n } else if (Binary.compare(\"'FB09'\")) {\n _setResult(sType, \"Borland\", \"\", \"Delphi TDS\");\n return true;\n } else if (Binary.compare(\"'FB0A'\")) {\n _setResult(sType, \"Borland\", \"\", \"C++ TDS\");\n return true;\n }\n\n var debugSize = Binary.readDword(size - 4);\n\n // Watcom debug info\n if (size > 16 && Binary.readWord(size - 14) === 0x8386) {\n if (size - debugSize >= 0) {\n _setResult(sType, \"Watcom\", Binary.readByte(size - 12) + \".\" + Binary.readByte(size - 11), \"0x\" + debugSize.toString(16) + \" bytes\");\n }\n return true;\n }\n\n // CodeView debug info\n if (size > 16 && Binary.readWord(size - 8) === 0x424E) {\n if (/^NB0[5789]|NB1[01]$/.test(Binary.read_ansiString(size - 8, 4))) {\n if (size - debugSize >= 0) {\n _setResult(sType, \"CodeView\", \"4.0\", \"0x\" + debugSize.toString(16) + \" bytes\");\n }\n return true;\n }\n }\n\n // DWARF debug info\n if (size > 16 && Binary.readDword(size - 16) === 0x534954) {\n if (Binary.readDword(size - 12) === 0 && Binary.readDword(size - 8) === 0) {\n\n var debugOffset = size - debugSize;\n\n if (debugOffset >= 0) {\n var viStruct = get_DWRAF_vi(debugOffset, size - debugOffset);\n if (viStruct.bIsValid) {\n _setResult(sType, \"DWARF\", viStruct.sVersion, \"0x\" + debugSize.toString(16) + \" bytes, Watcom\");\n }\n return true;\n }\n }\n }\n\n if (Binary.isDebugData()) {\n if (Binary.compare(\"'RSDS'\")) {\n sName = \"PDB file link\";\n _setResult(sType, sName, \"7.0\", \"\");\n return true;\n }\n }\n\n return result();\n}\n" }, { "path": "db/Binary/font.ADOBE.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: LinXP\n// Info : Adobe Type I Font (AFM, PFB, PFM)\n// Status: WIP\n\nmeta(\"font\");\n\nfunction detect() {\n if (Binary.getSize() >= 0x0F) {\n if (Binary.compare(\"'StartFontMetrics '\") && Binary.compare(\"'.'\", 0x12)) {\n sName = \"Adobe Font Metrics (.AFM)\";\n sVersion = \"v\" + Binary.getString(0x11, 0x03);\n bDetected = true;\n } else if (Binary.read_uint16(0) == 384 && Binary.read_uint16(Binary.getSize() - 2) == 896) {\n sName = \"Adobe Printer Font Binary (.PFB)\";\n bDetected = true;\n if (Binary.isVerbose()) {\n var sFontText = Binary.getString(0x06, 0x0200);\n var aFontName = sFontText.match(/%!PS-AdobeFont-1.0: (.*?)[\\r\\n]/);\n if (aFontName) {\n sOption(aFontName[1]);\n }\n }\n } else if (Binary.compare(\"0001\") && Binary.getSize() == Binary.read_uint32(0x02)) {\n sName = \"Adobe Printer Font Metrics (.PFM)\";\n bDetected = true;\n if (Binary.isVerbose()) {\n sOptions = Binary.getString(0x06, 0x3C);\n }\n\n }\n }\n\n return result();\n}" }, { "path": "db/Binary/font_BMF.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: LinXP\n// doc-ref: https://www.angelcode.com/products/bmfont/doc/file_format.html\n\nmeta(\"font\", \"AngelCode Bitmap Font (.FNT)\");\n\nfunction detect() {\n if (Binary.getSize() >= 0x30) {\n if (Binary.compare(\"'BMF'\")) {\n bDetected = true;\n switch (Binary.read_uint8(0x03)) {\n case 1:\n sVersion = \"v1\";\n sOptionT(\"Binary\");\n break;\n case 2:\n sVersion = \"v2\";\n sOptionT(\"Binary\");\n break;\n case 3:\n sVersion = \"v3\";\n sOptionT(\"Binary\");\n break;\n default:\n bDetected = false;\n }\n if (bDetected && Binary.isVerbose()) {\n var nOffset = 0x04;\n\n while (nOffset < Binary.getSize()) {\n var nBlockTypeIdentifier = Binary.read_uint8(nOffset);\n nOffset += 1;\n var nBlockSize = Binary.read_uint32(nOffset);\n nOffset += 4;\n switch (nBlockTypeIdentifier) {\n case 1:\n sOptionT('\"' + Binary.getString(nOffset + 0xE) + '\"');\n sOptionT(\"Size:\" + Binary.read_int16(nOffset)); // fontSize\n break;\n case 2:\n sOptionT(\"pages:\" + Binary.read_int16(nOffset + 4) + \"x\" + Binary.read_int16(nOffset + 6) + \"x\" + Binary.read_int16(nOffset + 8)); // scaleW, scaleH, pages\n break;\n case 3:\n break;\n case 4:\n sOptionT(\"chars:\" + nBlockSize / 20);\n break;\n case 5:\n sOptionT(\"kerning_pairs:\" + nBlockSize / 10);\n break;\n }\n nOffset += nBlockSize;\n }\n }\n } else if (Binary.isPlainText() && Binary.find_utf8String(0, 200, \"info face\") >= 0 && Binary.find_utf8String(0, 200, \"stretchH\") >= 0) {\n bDetected = true;\n if (Binary.find_utf8String(0, 200, \"= 0) { sOptionT(\"XML\") } else\n (sOptionT(\"Text\"))\n }\n }\n\n return result();\n}" }, { "path": "db/Binary/font_FFN.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: BJNFNE \n\n// https://fifam.miraheze.org/wiki/FFN\nmeta(\"font\", \"FFN\");\n\nfunction detect() {\n if (Binary.compare(\"'FNTF'......00\")) {\n sOptions = \"Windows\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/Binary/font_TFM.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: BJNFNE \n\n// https://ctan.org/tex-archive/obsolete/graphics/metapost/base/texmf/fonts/tfm/\nmeta(\"font\", \"TFM\");\n\nfunction detect() {\n if (Binary.compare(\"....0012000000\")) {\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/Binary/font_VTF.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: BJNFNE \n\nmeta(\"font\", \"VTF\");\n\nfunction detect() {\n bDetected = Binary.compare(\"'TNFV'\");\n\n return result();\n}\n" }, { "path": "db/Binary/font_XTT.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: BJNFNE \n\n// https://file.org/extension/xtt#xbox360systemfontfile\nmeta(\"font\", \"Xbox 360 System Font (.XTT)\");\n\nfunction detect() {\n if (Binary.compare(\"78 74 74 66\")) {\n var font = Binary.getString(1, 3).trim();\n\n if (/^[a-z]{3}$/.test(font)) {\n if (X.isVerbose()) sOptions = font;\n bDetected = true;\n }\n }\n\n return result();\n}" }, { "path": "db/Binary/format_AS.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: BJNFNE \n\nmeta(\"format\", \"AS\");\n\nfunction detect() {\n if (Binary.compare(\"'Act;'\")) {\n var actor = Binary.getString(4, 5).trim();\n\n if (/^[a-zA-Z/]{5}/.test(actor)) {\n if (X.isVerbose()) sOptions = actor;\n bDetected = true;\n }\n }\n\n return result();\n}" }, { "path": "db/Binary/format_AmigaIcon.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: Kaens TG@kaens\n\nmeta(\"format\", \"Amiga Icon Format (.INFO)\");\n\nfunction detect() {\n\n if (Binary.compare(\"E310 0001\")) {\n //http://www.evillabs.net/index.php/Amiga_Icon_Formats\n bDetected = true;\n ic_Type = File.read_uint8(0x30);\n switch (ic_Type) {\n case 1: sVersion = \"DISK\"; break;\n case 2: sVersion = \"DRAWER\"; break;\n case 3: sVersion = \"TOOL\"; break;\n case 4: sVersion = \"PROJECT\"; break;\n case 5: sVersion = \"GARBAGE\"; break;\n case 6: sVersion = \"malformed:DEVICE\"; break;\n case 7: sVersion = \"KICK\"; break;\n case 8: sVersion = \"malformed:APPICON\"; break;\n default: sVersion = \"malformed\"\n }\n if (Binary.isVerbose()) {\n ic_DefaultTool = File.read_uint8(0x32) != 0;\n ic_ToolTypes = File.read_uint8(0x36) != 0;\n ic_CurrentX = File.read_int32(0x3A, _BE);\n ic_CurrentY = File.read_int32(0x3E, _BE);\n ic_DrawerData = File.read_uint8(0x42) != 0;\n ic_ToolWindow = File.read_uint8(0x46) != 0;\n p = 4; //struct Gadget\n ga_Width = File.read_int16(p + 0x08, _BE);\n ga_Height = File.read_int16(p + 0x0A, _BE);\n ga_SelectRender = File.read_uint8(p + 0x16) != 0;\n p = 0x4E;\n if (ic_DrawerData) { p += 0x38; sOption(\"Drawer data present\") }\n //struct Image #1\n im_Width = File.read_int16(p + 4, _BE);\n if (im_Width % 2 == 1) im_Width++;\n im_Height = File.read_uint16(p + 6, _BE);\n im_Depth = File.read_uint16(p + 8, _BE);\n icoinfo = \"icon: \" + im_Width + \"×\" + im_Height + \"@\" + im_Depth + \" at [\" + Hex(p + 0x14) + \"..\";\n p += 0x14 + im_Width * im_Height * im_Depth / 8;\n icoinfo += Hex(p) + \")\"; //round par intended!\n sOption(icoinfo);\n if (ga_SelectRender) { //struct Image #1\n im_Width = File.read_int16(p + 4, _BE);\n if (im_Width % 2 == 1) im1_Width++;\n im_Height = File.read_int16(p + 6, _BE);\n im_Depth = File.read_int16(p + 8, _BE);\n info = \"sel.icon: \" + im_Width + \"×\" + im_Height + \"@\" + im_Depth + \" at [\" + Hex(p + 0x14) + \"..\";\n p += 0x14 + im_Width * im_Height * im_Depth / 8;\n icoinfo += Hex(p) + \")\"; //round par intended!\n sOption(icoinfo);\n }\n //_log(\"p=\"+Hex(p));\n if (File.getFileBaseName().toLowerCase() == \"pn\") {//POKEYNoise info\n p = File.findSignature(6, File.getSize() - 20, \"'SONGS='\") - 1; //TODO do it actually smart\n if (p > 0) {\n tp = \"\"; x = \"\"; t = \"\"; c = \"\"; cp = \"\"; pn = false;\n tagsz = File.getSize() - p; tagl = []; tagr = [];\n while (p < File.getSize()) {\n lr = File.read_ucsdString(p);\n tagl.push(lr.split(\"=\")[0]); tagr.push(lr.split(\"=\")[1]);\n p += lr.length + 5\n }\n for (i = 0; i < tagl.length; i++)\n switch (tagl[i]) {\n case \"SONGS\": x = tagr[i]; break;\n case \"TYPE\": if (tagr[i] == \"POKEY\") pn = true; break;\n case \"NAME\": t = tagr[i]; break;\n case \"CREATOR\": c = tagr[i]; break;\n case \"COPYRIGHT\": cp = tagr[i]; break;\n }\n if (pn) {\n sOption(\"POKEYNoise info found\");\n sOption(t); if (x > \"1\") sOption(x, \"x\"); sOption(c, \"by \"); sOption(cp, \"(c) \")\n }\n }\n }\n }\n }\n\n return result();\n}" }, { "path": "db/Binary/format_BCD1.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: BJNFNE \n\n// https://github.com/BJNFNE/DEV7/blob/master/tools/BCD1Creator/BCD1Creator.cpp\n// https://wiki.scummvm.org/index.php?title=Gob/DEV7_Information#BCD1_Format\nmeta(\"format\", \"BCD1\");\n\nfunction detect() {\n if (Binary.compare(\"'[ENVIINFO]'\")) {\n var name = Binary.getString(11, 4).trim();\n\n if (/^[A-Za-z0]{4}$/.test(name)) {\n if (X.isVerbose()) sOptions = name;\n bDetected = true;\n }\n } else if (Binary.compare(\"'[AppliInfo]'\")) {\n var name = Binary.getString(13, 4).trim();\n\n if (/^[A-Za-z]{4}$/.test(name)) {\n if (X.isVerbose()) sOptions = name;\n bDetected = true;\n }\n }\n\n return result();\n}" }, { "path": "db/Binary/format_BOU.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: BJNFNE \n// Used by Coktel Vision games\n\n// https://github.com/scummvm/scummvm/blob/master/engines/gob/inter_adibou1.cpp\nmeta(\"format\", \"BOU\");\n\nfunction detect() {\n var appli = Binary.getString(0, 20).trim();\n\n if (/^[CLcl]\\d{2}([Cc]alcul|[Ll]ecture) \\d ans/.test(appli)) {\n if (X.isVerbose()) sOptions = appli;\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/Binary/format_BSP.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: BJNFNE \n\n// https://developer.valvesoftware.com/wiki/BSP_(Source)\nmeta(\"format\", \"BSP\");\n\nfunction detect() {\n if (Binary.compare(\"'VBSP'15000000\")) {\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/Binary/format_BTF.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: BJNFNE \n\n// https://docs.ebpf.io/concepts/btf/\nmeta(\"format\", \"BTF\");\n\nfunction detect() {\n bDetected = Binary.compare(\"9feb01001800000000000000\");\n\n return result();\n}\n" }, { "path": "db/Binary/format_BackupMii.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: BJNFNE \n// Used by Nintendo Wii - BackupMii/BootMii\n\n// https://github.com/DarkMatterCore/xyzzy-mod/blob/a5139f246c4d2602c07abc0301e5917106fa4183/source/xyzzy.c#L275\n// https://wiibrew.org/wiki/BackupMii\nmeta(\"format\", \"BackupMii\");\n\nfunction detect() {\n if (Binary.compare(\"'BackupMii v1'\")) {\n var consoleId = Binary.getString(25, 8).trim();\n\n if (/^[a-z0-9]{8}$/.test(consoleId)) {\n if (X.isVerbose()) sOptions = \"ConsoleID: \" + consoleId;\n sVersion = \"1.0\";\n bDetected = true;\n }\n }\n\n return result();\n}" }, { "path": "db/Binary/format_CCD.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: BJNFNE \n\n// https://www.elby.ch/\nmeta(\"format\", \"CloneCD Control\");\n\nfunction detect() {\n if (Binary.compare(\"'[CloneCD]'\")) {\n var versionNumber = Binary.getString(19, 1).trim();\n\n if (/^[0-9]{1}/.test(versionNumber)) {\n if (X.isVerbose()) sVersion = versionNumber;\n bDetected = true;\n }\n\n }\n\n return result();\n}" }, { "path": "db/Binary/format_CSO.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: BJNFNE \n\n// https://github.com/jamie/ciso\nmeta(\"format\", \"Compressed ISO file (.CISO)\");\n\nfunction detect() {\n if (Binary.compare(\"'CISO'0000000000......000000000008\")) {\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/Binary/format_CTRK.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: BJNFNE \n\n// https://wiki.scummvm.org/index.php?title=Gob/DEV7_Information#File_Formats\nmeta(\"format\", \"CTRK\");\n\nfunction detect() {\n if (Binary.compare(\"01000800000000000000\")) {\n sOptions = File.cleanString(Binary.getString(0x0000001a));\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/Binary/format_CURE.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: BJNFNE \n\n// https://wiki.scummvm.org/index.php?title=Gob/DEV7_Information#File_Formats\nmeta(\"format\", \"Mesh configuration (.CURE)\");\n\nfunction detect() {\n if (Binary.compare(\"'[Global]'\")) {\n var name = Binary.getString(10, 4).trim();\n\n if (/^[a-zA-Z]{4}/.test(name)) {\n if (X.isVerbose()) sOptions = name;\n bDetected = true;\n }\n }\n\n return result();\n}" }, { "path": "db/Binary/format_CVM.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: Kae \n\n// https://amicitia.miraheze.org/wiki/CVM ← found by BJNFNE\n// https://github.com/JayFoxRox/cvm_tool/blob/master/cvm_parser.h\nmeta(\"format\", \"CRI Middleware's PS2 CVM/ROFS image (.CVM)\");\n\nfunction detect() {\n if (X.Sz() < 0x800 || !X.c(\"'CVMH'\") || !isAllZeroes(0x0C, 0x10) || !X.c(\"'ROFS'\", 0x34)) return;\n var versionNumber = X.SA(0x44, 4);\n if (!/^[0-9\\.]{4}/.test(versionNumber)) return;\n var sz = X.U64(0x1C,_BE), sec = X.U32(0x80,_BE), p = 0, hkhd, hksz, end = false;\n if(sz < 0xC+X.U64(4,_BE)) return;\n if (!isWithin(sec, 1, (0xC+X.U64(4,_BE)-0x100)>>2)) return;\n while (p < sz && p < X.Sz()) {\n hkhd = X.SA(p, 4); hksz = X.U64(p+4,_BE); p += 0xC;\n if (!hksz || !charStat(hkhd, true).includes('allasc')) return;\n switch(hkhd) {\n case 'CVMH': break; //already got all info...\n case 'ZONE': break; //nothing to see here...\n default: end = true; break; //time to stop, we found unexpected characters\n }\n if(end) break; p += hksz\n }\n\n sVersion = 'v'+versionNumber;\n bDetected = true;\n\n if (X.isVerbose()) sOption(outSz(sz),'sz:');\n else if (sz < X.Sz()) sVersion += '/malformed!short';\n\n return result();\n}" }, { "path": "db/Binary/format_DESKTOP.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: BJNFNE \n// Used by Linux based dists for the desktop shortcuts\n\n// Rewritten by DosX\n\nmeta(\"format\", \"Desktop Entry (.desktop)\");\n\nfunction detect() {\n if (Binary.isText() && (Binary.compare(\"'#'\") || Binary.compare(\"'\\n'\") || Binary.compare(\"'['\")) && Binary.isSignaturePresent(0, 512, \"'[Desktop Entry]'\")) {\n bDetected = true;\n }\n\n return result();\n}\n" }, { "path": "db/Binary/format_DSW.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: BJNFNE \n\n// https://www.ibm.com/docs/en/informix-servers/15.0.0?topic=bladesmith-microsoft-visual-c-files\nmeta(\"format\", \"Microsoft Developer Studio Workspace\");\n\nfunction detect() {\n if (Binary.compare(\"'Microsoft Developer Studio Workspace File'\")) {\n var versionNumber = Binary.getString(57, 5).trim();\n\n if (/^\\d+\\.\\d{2}$/.test(versionNumber)) {\n sVersion = versionNumber;\n bDetected = true;\n }\n }\n\n return result();\n}" }, { "path": "db/Binary/format_DTA.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: BJNFNE \n\n// https://zenhax.com/viewtopic.php@t=1382.html\nmeta(\"format\", \"DTA\");\n\nfunction detect() {\n if (Binary.compare(\"03000000....08\")) {\n var model = Binary.getString(7, 8).trim();\n\n if (/^[a-z0-9]{8}/.test(model)) {\n if (X.isVerbose()) sOptions = model;\n bDetected = true;\n }\n }\n\n return result();\n}" }, { "path": "db/Binary/format_Director.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: BJNFNE \n\n// Director File Format Info:\n// XFIR = 58464952 (Big endian)\n// RIFX = 52494658 (Little endian)\n// Platform type:\n// BE = Mac based Director game\n// LE = Windows based Director game\n\n// https://github.com/rvanlaar/director-extrator/blob/master/extract.py\n// https://github.com/einstein95/py_scripts/blob/main/shock.py\n// https://wiki.scummvm.org/index.php?title=Director\nmeta(\"format\", \"Director (.DXR/.DIR/.DCR/.DRX/.CXT/.CST/.CCT)\");\n\nfunction detect() {\n if (Binary.compare(\"5249465800\")) {\n sOptions = Binary.getString(0x00000008, 8);\n sVersion = \"Win\";\n bDetected = true;\n } else if (Binary.compare(\"58464952......00\")) {\n sOptions = Binary.getString(0x00000008, 8);\n sVersion = \"Mac\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/Binary/format_DunkleSchattenConfig.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: BJNFNE \n\n// https://werbespiel.blogspot.com/2010/07/dunkle-schatten.html\nmeta(\"format\", \"Dunkle Schatten Config\");\n\nfunction detect() {\n if (Binary.compare(\"'DSchCFG'000001\")) {\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/Binary/format_DunkleSchattenSave.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: BJNFNE \n\n// https://werbespiel.blogspot.com/2010/07/dunkle-schatten.html\nmeta(\"format\", \"Dunkle Schatten Save\");\n\nfunction detect() {\n if (Binary.compare(\"'DSchSAV'000001\")) {\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/Binary/format_Empty.1.sg", "content": "// Detect It Easy: detection rule file\r\n// Author: horsicq \r\n\r\nmeta(\"format\", \"Empty file\");\r\n\r\nfunction detect() {\r\n if (Binary.getSize() == 0) {\r\n bDetected = true;\r\n }\r\n\r\n return result();\r\n}\r\n" }, { "path": "db/Binary/format_FAS.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: BJNFNE \n\n// https://www.autodesk.com/support/technical/article/caas/sfdcarticles/sfdcarticles/FAS-and-VLX-files.html\nmeta(\"format\", \"FAS\");\n\nfunction detect() {\n if (Binary.compare(\"0d0a20'FAS4-FILE'\")) {\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/Binary/format_FLDB.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: BJNFNE \n\nmeta(\"format\", \"Becker file location databases\");\n\nfunction detect() {\n if (Binary.compare(\"'FLDB'\", 0x00000014)) {\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/Binary/format_FNX.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: BJNFNE \n// Used by Iron Willy\n\nmeta(\"format\", \"FNX\");\n\nfunction detect() {\n if (Binary.compare(\"'adgames'\")) {\n var copyrightYear = Binary.getString(17, 4).trim();\n\n if (/^[12]\\d{3}$/.test(copyrightYear)) {\n sVersion = copyrightYear;\n bDetected = true;\n }\n }\n\n return result();\n}" }, { "path": "db/Binary/format_FST.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: BJNFNE \n\nmeta(\"format\", \"FST\");\n\nfunction detect() {\n if (Binary.compare(\"';Ligne de commentaires'0d0a\")) {\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/Binary/format_GAL.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: BJNFNE \n\n// https://graphicsgale.com/\nmeta(\"format\", \"Gale (.GAL)\");\n\nfunction detect() {\n if (Binary.compare(\"'Gale102'..00000001\")) {\n var frame = Binary.getString(20, 6).trim();\n\n if (/^[A-Za-z0-9]{6}/.test(frame)) {\n sVersion = \"1.0.2\";\n sOptions = frame;\n bDetected = true;\n }\n }\n\n return result();\n}" }, { "path": "db/Binary/format_GBI.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: BJNFNE \n\n// https://www.gburner.com/\nmeta(\"format\", \"gBurner Image (.GBI)\");\n\nfunction detect() {\n if (Binary.compare(\"'GBI'000000000000000000000000004C\")) {\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/Binary/format_GME.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: BJNFNE \n\n// https://github.com/entropia/tip-toi-reveng/blob/master/GME-Format.md\nmeta(\"format\", \"GME\");\n\nfunction detect() {\n if (Binary.compare(\"'1CHOMPTECH DATA FORMAT CopyRight 2009'\", 0x0020)) {\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/Binary/format_GameMaps.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: BJNFNE \n// Author of original rule: Arjan Onwezen\n// Info: https://moddingwiki.shikadi.net/wiki/GameMaps_Format\n\nmeta(\"format\", \"GameMaps (TED editor)\");\n\nfunction detect() {\n if (Binary.compare(\"'TED5v1.0'..ff\")) {\n sVersion = \"1.0\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/Binary/format_GamingRoot.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: BJNFNE \n\n// https://learn.microsoft.com/en-us/answers/questions/4116358/gamingroot-and-xboxgames-keeps-generating-even-if\nmeta(\"format\", \"GamingRoot\");\n\nfunction detect() {\n if (Binary.compare(\"52 47 42 58 01 00 00 00 58 00 62 00 6F 00 78 00 47 00 61 00 6D 00 65 00 73 00 00 00\")) {\n sVersion = \"Xbox Games\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/Binary/format_HIV.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: BJNFNE \n\n// https://learn.microsoft.com/en-us/windows/win32/sysinfo/registry-hives\nmeta(\"format\", \"Windows Registry Hive (.HIV)\");\n\nfunction detect() {\n if (Binary.compare(\"'regf'..0000000..00000\")) {\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/Binary/format_HNM.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: BJNFNE \n\n// https://en.wikipedia.org/wiki/Woody_Woodpecker:_Escape_from_Buzz_Buzzard_Park\nmeta(\"format\", \"HNM\");\n\nfunction detect() {\n if (Binary.compare(\"'HNM6'0000..108002\")) {\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/Binary/format_HSM.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: BJNFNE \n// Used by Woody Woodpecker: Escape from Buzz Buzzard Park\n\n// https://en.wikipedia.org/wiki/Woody_Woodpecker:_Escape_from_Buzz_Buzzard_Park\nmeta(\"format\", \"HSM\");\n\nfunction detect() {\n if (Binary.compare(\"'1LMB'000000108002\")) {\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/Binary/format_ILK.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: BJNFNE \n\n// https://learn.microsoft.com/en-us/cpp/build/reference/ilk-name-incremental-database-file\nmeta(\"format\", \"Name incremental database file (.ILK)\");\n\nfunction detect() {\n if (Binary.compare(\"'Microsoft Linker Database'0a0a071a000000\")) {\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/Binary/format_IPCH.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: BJNFNE \n// Rewritten by DosX\n\n// https://fileinfo.com/extension/ipch\nmeta(\"format\", \"Intellisense Precompiled Header File (.IPCH)\");\n\nfunction detect() {\n if (Binary.compare(\"'EDG C/C++ version '\")) {\n var versionInfo = Binary.getString(18, 3).trim();\n\n if (versionInfo) {\n sVersion = versionInfo;\n bDetected = true;\n }\n }\n\n return result();\n}\n" }, { "path": "db/Binary/format_ITL.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: BJNFNE \n\n// https://home.vollink.com/gary/playlister/ituneslib.html\nmeta(\"format\", \"iTunes Library\");\n\nfunction detect() {\n if (Binary.compare(\"'hdfm'00000090\")) {\n var versionNumber = Binary.getString(17, 8).trim();\n\n if (/^[0-9/.]{8}$/.test(versionNumber)) {\n if (X.isVerbose()) sVersion = versionNumber;\n bDetected = true;\n }\n }\n\n return result();\n}" }, { "path": "db/Binary/format_IVF.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: BJNFNE \n\n// https://wiki.multimedia.cx/index.php/Duck_IVF\nmeta(\"format\", \"Duck IVF\");\n\nfunction detect() {\n if (Binary.compare(\"'DKIF'00002000\")) {\n var codecInfo = Binary.getString(8, 4).trim();\n\n if (/^[A-Z0-9]{4}$/.test(codecInfo)) {\n if (X.isVerbose()) sOptions = \"Codec: \" + codecInfo;\n bDetected = true;\n }\n }\n return result();\n}" }, { "path": "db/Binary/format_Img.UDIF.1.sg", "content": "// Detect It Easy: detection rule file\r\n// Author: horsicq \r\n\r\nmeta(\"format\", \"Universal Disk Image Format\");\r\n\r\nfunction detect() {\r\n if (Binary.compare(\"7801730d62626060\")) {\r\n sOptions = \"read-only zlib-compressed\";\r\n bDetected = true;\r\n } else if (Binary.compare(\"45520200\") && Binary.compare(\"'disk image'\", 0x410)) {\r\n sOptions = \"read/write\";\r\n bDetected = true;\r\n }\r\n\r\n return result();\r\n}\r\n" }, { "path": "db/Binary/format_InnoSetupUninstall.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: BJNFNE \n\n// https://jrsoftware.org/isinfo.php\nmeta(\"format\", \"Inno Setup Uninstall Log\");\n\nfunction detect() {\n if (Binary.compare(\"'Inno Setup Uninstall Log (b) 64-bit'\")) {\n sVersion = \"64-bit\";\n\n var uuid = Binary.getString(64, 39).trim();\n\n if (/^[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[1-5][0-9a-fA-F]{3}-[89abAB][0-9a-fA-F]{3}-[0-9a-fA-F]{12}$/.test(uuid)) {\n if (X.isVerbose()) sOptions = \"UUID: \" + uuid;\n bDetected = true;\n }\n }\n\n return result();\n}\n" }, { "path": "db/Binary/format_InterleafFile.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: BJNFNE \n\n// https://www.legoisland.org/wiki/Interleaf_File\nmeta(\"format\", \"Interleaf File\");\n\nfunction detect() {\n if (Binary.compare(\"52494646........'OMNI'\")) {\n var metadata = Binary.getString(12, 4).trim();\n\n if (/^[A-Za-z]{4}/.test(metadata)) {\n if (X.isVerbose()) sOptions = metadata;\n bDetected = true;\n }\n\n }\n\n return result();\n}" }, { "path": "db/Binary/format_LCA.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: BJNFNE \n\n// http://zenhax.com/viewtopic.php@t=17622.html\nmeta(\"format\", \"LCA\");\n\nfunction detect() {\n if (Binary.compare(\"4c45474f\")) {\n var vcaFile = Binary.getString(85, 12).trim();\n\n if (/^[A-Z0-9/.]{12}$/.test(vcaFile)) {\n if (X.isVerbose()) sOptions = vcaFile;\n bDetected = true;\n }\n }\n\n return result();\n}" }, { "path": "db/Binary/format_LGX.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: BJNFNE \n// Used by Lernwerkstatt 7\n\n// http://www.binblind.de/software/Logox/index.html\nmeta(\"format\", \"Logox4 Speechengine\");\n\nfunction detect() {\n if (Binary.compare(\"'LGX'\")) {\n var versionNumber = Binary.getString(7, 5).trim();\n\n if (/^[0-9]{5}/.test(versionNumber)) {\n if (X.isVerbose()) sVersion = versionNumber;\n bDetected = true;\n }\n }\n\n return result();\n}\n" }, { "path": "db/Binary/format_LIXS.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: BJNFNE \n\n// https://en.wikipedia.org/wiki/Island_Xtreme_Stunts\nmeta(\"format\", \"LIXS\");\n\nfunction detect() {\n if (Binary.compare(\"'Island Xtreme Stunts - Silicon Dreams'\")) {\n var copyrightYear = Binary.getString(40, 5).trim();\n\n if (/^[12]\\d{3}$/.test(copyrightYear)) {\n sVersion = copyrightYear;\n bDetected = true;\n }\n }\n\n return result();\n}" }, { "path": "db/Binary/format_LVL.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: BJNFNE \n\n// https://www.mobygames.com/game/138556/the-energy-thieves/ Used by Adiboo & The Energy Thieves (2004)\nmeta(\"format\", \"LVL\");\n\nfunction detect() {\n if (Binary.compare(\"1C070000....0000\")) {\n var worldrender = Binary.getString(16, 13).trim();\n\n if (/^[A-Za-z]{13}/.test(worldrender)) {\n sOptions = worldrender;\n bDetected = true;\n }\n }\n\n return result();\n}" }, { "path": "db/Binary/format_MAT.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: BJNFNE \n\n// https://en.wikipedia.org/wiki/MATLAB\nmeta(\"format\", \"MatLab\");\n\nfunction detect() {\n if (Binary.compare(\"'MATLAB'\")) {\n var versionNumber = Binary.getString(7, 3).trim();\n\n if (/^[0-9/.]{3}$/.test(versionNumber)) {\n if (X.isVerbose()) sVersion = versionNumber;\n bDetected = true;\n }\n }\n\n return result();\n}" }, { "path": "db/Binary/format_MDL.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: BJNFNE \n\n// https://developer.valvesoftware.com/wiki/MDL\nmeta(\"format\", \"MDL\");\n\nfunction detect() {\n if (Binary.compare(\"'IDST'\")) {\n var idstVersion = Binary.getString(4, 1).trim();\n\n if (/^[0-9]{1}/.test(idstVersion)) {\n if (X.isVerbose()) sVersion = idstVersion;\n bDetected = true;\n }\n }\n\n return result();\n}" }, { "path": "db/Binary/format_MDS.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: BJNFNE \n\nmeta(\"format\", \"Alcohol 120% Media Descriptor Sidecar file (.MDS)\");\n\nfunction detect() {\n if (X.c(\"'MEDIA DESCRIPTOR'01\")) { //always v1.xx, as per libMirage parser.c\n var cdt = '';\n switch (X.U16(0x12, _LE)) { //an additional test, too\n case 0: cdt = 'CD'; break;\n case 1: cdt = 'CD-R'; break;\n case 2: cdt = 'CD-RW'; break;\n case 0x10: cdt = 'DVD'; break;\n case 0x12: cdt = 'DVD-R'; break;\n default: return;\n }\n\n sVersion = 'v1-' + X.U8(0x11) + '/' + cdt; // not '.' until this is zero-padded\n bDetected = true;\n }\n\n return result();\n}\n" }, { "path": "db/Binary/format_MS-DBG.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: LinXP\n// Status: WIP\n\n// https://github.com/libyal/libmdmp/blob/main/documentation/Minidump%20(MDMP)%20format.asciidoc\nmeta(\"format\", \"Windows Minidump (.DMP)\");\n\nfunction detect() {\n if (Binary.getSize() >= 9) {\n if (Binary.compare(\"'MDMP'93A7\")) {\n bDetected = true;\n }\n }\n\n return result();\n}" }, { "path": "db/Binary/format_MS-PST.sg", "content": "// Detect It Easy: detection rule file\n// Author: Arjan Onwezen\n// Info: https://msopenspecs.azureedge.net/files/MS-PST/%5bMS-PST%5d.pdf\n\nmeta(\"format\", \"Microsoft Outlook Personal Storage Table (PST)\");\n\nfunction detect() {\n if (Binary.getSize() > 1024) {\n if (Binary.compare(\"21 42 44 4E\") && Binary.compare(\"53 4D\", 8)) {\n bDetected = true;\n }\n }\n\n return result();\n}" }, { "path": "db/Binary/format_MS-VHD.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: LinXP\n// Status: WIP\n\nmeta(\"format\", \"Microsoft Virtual Hard Disk (.VHD)\");\n\nfunction detect() {\n if (Binary.getSize() >= 0x200) {\n if (Binary.compare(\"'conectix'\", Binary.getSize() - 0x200)) {\n bDetected = true;\n nOffset = Binary.getSize() - 0x200\n sVersion = \"v\" + Binary.read_uint16(nOffset + 0xC, _BE) + \".\" + Binary.read_uint16(nOffset + 0xE, _BE);\n switch (Binary.read_uint32(nOffset + 0x3C, _BE)) {\n // case 1: sOption(\"deprecate\"); break;\n case 2:\n sOption(\"Fixed\");\n break;\n case 3:\n sOption(\"Dynamically\");\n break;\n case 4:\n sOption(\"Differencings\");\n break;\n default: return;\n }\n\n sOption(\"OrginalSize:\" + Binary.bytesCountToString(Binary.read_uint64(nOffset + 0x28, _BE)));\n sOption(\"CurrentSize:\" + Binary.bytesCountToString(Binary.read_uint64(nOffset + 0x30, _BE)));\n if (Binary.isVerbose()) {\n sOption(\"CreaterApp:\" + Binary.getString(nOffset + 0x1C, 4));\n sOption(\"v\" + Binary.read_uint16(nOffset + 0x20, _BE) + \".\" + Binary.read_uint16(nOffset + 0x22, _BE));\n switch (Binary.read_uint32(nOffset + 0x24, _BE)) {\n case 0x57693272:\n sOption(\"WI2R\");\n break;\n case 0x5769326B:\n sOption(\"WINDOWS\");\n break;\n case 0x57327275:\n sOption(\"W2RU\");\n break;\n case 0x57326B75:\n sOption(\"W2KU\");\n break;\n case 0x4D616320:\n sOption(\"MACINTOSH\");\n break;\n case 0x4D163258:\n sOption(\"MACX\");\n break;\n default: return;\n }\n }\n }\n }\n\n return result();\n}" }, { "path": "db/Binary/format_MS-VHDX.sg", "content": "// Detect It Easy: detection rule file\n// Author: Arjan Onwezen\n// Info: https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-vhdx/83e061f8-f6e2-4de1-91bd-5d518a43d477\n\nmeta(\"format\", \"Virtual Hard Disk v2 (VHDX)\");\n\nfunction detect() {\n if (Binary.getSize() > 0x100000) {\n if (Binary.compare(\"76 68 64 78 66 69 6C 65\")) {\n bDetected = true;\n sOption(\"CreaterApp:\" + Binary.read_unicodeString(8, 50));\n }\n }\n\n return result();\n}" }, { "path": "db/Binary/format_MS-XNA.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: LinXP\n// Status: WIP\n\nmeta(\"format\", \"\");\n\nfunction detect() {\n if (Binary.getSize() >= 9) {\n\n if (Binary.compare(\"'XNB'\")) {\n bDetected = true;\n sName = \"Microsoft XNA Game Studio Binary Package (.XNB)\"\n var nXNA_Ver = Binary.read_uint8(0x4);\n var fFlag = Binary.read_uint8(0x5);\n switch (nXNA_Ver) {\n case 3:\n sVersion = \"v3.0\";\n break;\n case 4:\n sVersion = \"v3.1\";\n break;\n case 5:\n sVersion = \"v4.0\";\n break;\n default:\n bDetected = false;\n }\n\n\n /* XNA Studio platforms: 'w' = Windows, 'm' = Windows Phone 7, 'x' = X360\n * MonoGame extensions: 'i' = iOS, 'a' = Android, 'X' = MacOSX, 'P' = PS4, 'S' = Switch, etc */\n switch (Binary.read_uint8(0x3)) {\n case 0x77:\n sOption(\"Windows\");\n break;\n case 0x78:\n sOption(\"Xbox 360\");\n break;\n case 0x6D:\n sOption(\"Windows Phone 7\");\n break;\n case 0x69:\n sOption(\"iOS\");\n break;\n case 0x61:\n sOption(\"Android\");\n break;\n case 0x58:\n sOption(\"MacOSX\");\n break;\n case 0x50:\n sOption(\"PS4\");\n break;\n case 0x53:\n sOption(\"Switch\");\n break;\n default:\n sOption(\"UNKNOWN\");\n // bDetected=false;\n }\n\n if (Binary.isVerbose()) {\n if ((fFlag & 0x01) >> 0) { sOption(\"hiDef\") };\n if ((fFlag & 0x80) >> 2) { sOption(\"compressed\") };\n if (!Binary.getSize() == Binary.read_uint32(0x5)) { sOption(\"wrong size!\") };\n }\n } else if (Binary.compare(\"'WBND'\")) {\n bDetected = true;\n sName = \"Microsoft XACT Wave Bank (.XWB)\"\n } else if (Binary.compare(\"'SDBK'\")) {\n bDetected = true;\n sName = \"Microsoft XACT Sound Bank (.XSB)\"\n } else if (Binary.compare(\"'XGSF'\")) {\n bDetected = true;\n sName = \"Microsoft XACT Global Settings File (.XGS)\"\n }\n }\n\n return result();\n}\n" }, { "path": "db/Binary/format_OBC.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: BJNFNE \n// Original location to look at is \"'OBC Copyright MDO 1999\"' since OBCEditor (https://github.com/BJNFNE/DEV7/blob/master/tools/OBCEditor/OBCEditor.py)\n// updates the copyright year from the systemtime it wouldn't match with the old 1999 hardcoded variant.\n// OBC is an compiled scripting language which get compiled to their OBC script.\n\n// https://wiki.scummvm.org/index.php?title=Gob/DEV7_Information#STK21/OBC\nmeta(\"format\", \"Compiled DEV7 object (.OBC)\");\n\nfunction detect() {\n if (Binary.compare(\"'OBC Copyright MDO'20\")) {\n var copyrightYear = Binary.getString(18, 5).trim();\n\n if (/^[12]\\d{3}$/.test(copyrightYear)) {\n sVersion = copyrightYear;\n sOptions = File.cleanString(Binary.getString(0x0054, 14));\n bDetected = true;\n }\n }\n\n return result();\n}" }, { "path": "db/Binary/format_OpenSSH.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: BJNFNE \n\n// https://www.openssh.com/\nmeta(\"format\", \"OpenSSH Private Key\");\n\nfunction detect() {\n if (Binary.compare(\"2d2d2d2d2d424547494e20'OPENSSH PRIVATE KEY'2d2d2d2d2d\")) {\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/Binary/format_P7X.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: BJNFNE \n\n// https://stackoverflow.com/questions/38634052/what-is-the-structure-of-appxsignature-p7x\nmeta(\"format\", \"P7X\");\n\nfunction detect() {\n if (Binary.compare(\"'PKCX0'82\")) {\n sOptions = \"PKCX0\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/Binary/format_PAT.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: BJNFNE \n\n// https://www.gimp.org/\nmeta(\"format\", \"Gimp Pattern\");\n\nfunction detect() {\n if (Binary.compare(\"000000..00000..10000\")) {\n bDetected = true;\n }\n\n return result();\n}\n" }, { "path": "db/Binary/format_PDB.1.sg", "content": "// Detect It Easy: detection rule file\n\n// Author: DosX\n// E-Mail: collab@kay-software.ru\n// GitHub: https://github.com/DosX-dev\n// Telegram: @DosX_dev\n// ---------------------------------\n// Author of original rule: BJNFNE\n\n// https://en.wikipedia.org/wiki/Program_database\nmeta(\"format\", \"Microsoft Program Database (.PDB)\");\n\nfunction detect() {\n if (Binary.compare(\"'BSJB'0100\")) {\n sVersion = \"1.0\";\n bDetected = true;\n } else if (Binary.compare(\"'Microsoft C/C++ program database 2.00\\r\\n\\'1A4A470000\")) {\n sVersion = \"2.0\";\n bDetected = true;\n } else if (Binary.compare(\"'Microsoft C/C++ MSF 7.00\\r\\n'1A4453000000\")) {\n sVersion = \"7.0\";\n bDetected = true;\n }\n\n if (bDetected) {\n var refs = {\n \"'$'11'@P:Microsoft.VisualBasic'00\": \"VB.NET\",\n \"%%%%%%%%%%'.cs'00\": \"C#\",\n \"'$'11'@P:FSharp.Core'00\": \"F#\",\n \"'std::'%%%%%%\": \"C++\"\n // todo\n };\n\n for (var key in refs) {\n if (Binary.isSignaturePresent(0, 0x900000, key)) {\n sLang = refs[key];\n break;\n }\n }\n }\n\n return result();\n}" }, { "path": "db/Binary/format_PEM.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: BJNFNE \n\n// https://en.wikipedia.org/wiki/Privacy-Enhanced_Mail\nmeta(\"format\", \"Privacy-Enhanced Mail (.PEM)\");\n\nfunction detect() {\n if (Binary.compare(\"2d2d2d2d2d424547494e20'CERTIFICATE'2d2d2d2d2d\")) {\n sVersion = \"Certificate\";\n bDetected = true;\n } else if (Binary.compare(\"2d2d2d2d2d424547494e20'PRIVATE KEY'2d2d2d2d2d\")) {\n sVersion = \"Private Key\";\n bDetected = true;\n } else if (Binary.compare(\"2d2d2d2d2d424547494e20'RSA PRIVATE KEY'2d2d2d2d2d\")) {\n sVersion = \"RSA Private Key\";\n bDetected = true;\n } else if (Binary.compare(\"2d2d2d2d2d424547494e20'ENCRYPTED PRIVATE KEY'2d2d2d2d2d\")) {\n sVersion = \"Encrypted Private Key\";\n bDetected = true;\n } else if (Binary.compare(\"2d2d2d2d2d424547494e20'PUBLIC KEY'2d2d2d2d2d\")) {\n sVersion = \"Public Key\";\n bDetected = true;\n } else if (Binary.compare(\"2d2d2d2d2d424547494e20'CERTIFICATE REQUEST'2d2d2d2d2d\")) {\n sVersion = \"Certificate Signing Request (CSR)\";\n bDetected = true;\n } else if (Binary.compare(\"2d2d2d2d2d424547494e20'PKCS7'2d2d2d2d2d\")) {\n sVersion = \"PKCS7/CMS Message\";\n bDetected = true;\n } else if (Binary.compare(\"2d2d2d2d2d424547494e20'X509 CRL'2d2d2d2d2d\")) {\n sVersion = \"Certificate Revocation List (CRL)\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/Binary/format_PGP.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: BJNFNE \n\n// https://www.gnupg.org/\nmeta(\"format\", \"GPG\");\n\nfunction detect() {\n if (Binary.compare(\"2d2d2d2d2d424547494e20'PGP'205349474e41545552452d2d2d2d2d\")) {\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/Binary/format_POL.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: BJNFNE \n\n// https://learn.microsoft.com/en-us/previous-versions/windows/desktop/policy/registry-policy-file-format\nmeta(\"format\", \"Registry Policy File\");\n\nfunction detect() {\n if (Binary.compare(\"5052656701000000\")) {\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/Binary/format_PRI.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: BJNFNE \n\n// https://learn.microsoft.com/en-us/windows/win32/menurc/pri-indexing-reference\nmeta(\"format\", \"PRI\");\n\nfunction detect() {\n if (Binary.compare(\"'mrm_pri2'00000100\")) {\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/Binary/format_PS-X.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: BJNFNE \n\n// https://problemkaputt.de/psxspx-cdrom-file-playstation-exe-and-system-cnf.htm\nmeta(\"format\", \"PlayStation executable (PS1)\");\n\nfunction detect() {\n if (Binary.compare(\"'PS-X EXE'\")) {\n var regionString = Binary.getString(76, 48).trim();\n\n if (regionString) {\n if (X.isVerbose()) sOptions = \"Region: \" + regionString;\n bDetected = true;\n }\n }\n\n return result();\n}" }, { "path": "db/Binary/format_PSM2CFG.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: BJNFNE \n// Used by Dunkle Schatten\n\n// https://wiki.multimedia.cx/index.php/Engines/PSM\nmeta(\"format\", \"PSM2CFG\");\n\nfunction detect() {\n if (Binary.compare(\"'PSM2CFG'\")) {\n var versionNumber = Binary.getString(17, 4).trim();\n\n if (/^[0-9\\.]{4}$/.test(versionNumber)) {\n sVersion = versionNumber;\n bDetected = true;\n }\n }\n\n return result();\n}" }, { "path": "db/Binary/format_RARREG.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: BJNFNE \n\n// https://www.win-rar.com/products-winrar.html\nmeta(\"format\", \"RAR registration data (.RARREG)\");\n\nfunction detect() {\n if (Binary.compare(\"'RAR registration data'0d0a\")) {\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/Binary/format_RCK.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: BJNFNE \n\n// https://en.wikipedia.org/wiki/Woody_Woodpecker:_Escape_from_Buzz_Buzzard_Park\nmeta(\"format\", \"RCK\");\n\nfunction detect() {\n if (Binary.compare(\"'RKET'00000000\")) {\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/Binary/format_RCO.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: BJNFNE \n\nmeta(\"format\", \"Resource Container (.RCO)\");\n\nfunction detect() {\n if (Binary.compare(\"0050524600010000\")) {\n bDetected = true;\n }\n\n return result();\n}\n" }, { "path": "db/Binary/format_RGS.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: BJNFNE \n// Used by InstallShield Professional\n\n// https://file.org/extension/rgs\nmeta(\"format\", \"InstallShield\");\n\nfunction detect() {\n if (Binary.compare(\"'HKCR'0d0a7b0d0a09\")) {\n sVersion = \"Windows Registry Script\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/Binary/format_RedShirt.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: BJNFNE \n\n// https://en.wikipedia.org/wiki/Uplink_(video_game)\nmeta(\"format\", \"RedShirt\");\n\nfunction detect() {\n if (Binary.compare(\"'REDSHIRT'00\")) {\n sVersion = \"v1.0\";\n bDetected = true;\n } else if (Binary.compare(\"'REDSHRT2'00\")) {\n sVersion = \"v2.0\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/Binary/format_SDI.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: BJNFNE \n\n// https://en.wikipedia.org/wiki/System_Deployment_Image\nmeta(\"format\", \"System Deployment Image (.SDI)\");\n\nfunction detect() {\n if (Binary.compare(\"'$SDI0001'0000000000000000\")) {\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/Binary/format_SFK.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: BJNFNE \n\n// https://www.reddit.com/r/audioengineering/comments/4208al/does_anyone_know_the_actual_format_of_sony_sfk/\nmeta(\"format\", \"SFK\");\n\nfunction detect() {\n if (Binary.compare(\"'SFPK'0100000040\")) {\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/Binary/format_SHBIN.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: BJNFNE \n\n// https://www.3dbrew.org/wiki/SHBIN\nmeta(\"format\", \"Shader Binary\");\n\nfunction detect() {\n if (Binary.compare(\"'DVLB'\")) {\n var dvlp = Binary.getString(12, 4).trim();\n\n if (/^[A-Z]{4}/.test(dvlp)) {\n if (X.isVerbose()) sOptions = dvlp;\n bDetected = true;\n }\n }\n\n return result();\n}" }, { "path": "db/Binary/format_SLN.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: BJNFNE \n\n// https://learn.microsoft.com/en-us/cpp/build/reference/project-and-solution-files?view=msvc-170\nmeta(\"format\", \"Visual Studio solution file\");\n\nfunction detect() {\n if (Binary.compare(\"efbbbf0d0a'Microsoft Visual Studio Solution File'\")) {\n var versionNumber = Binary.getString(59, 5).trim();\n\n if (/^\\d+\\.\\d{2}$/.test(versionNumber)) {\n sVersion = versionNumber;\n bDetected = true;\n }\n }\n\n return result();\n}" }, { "path": "db/Binary/format_SLNX.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: BJNFNE \n\n// https://devblogs.microsoft.com/dotnet/introducing-slnx-support-dotnet-cli/\nmeta(\"format\", \"SLNX\");\n\nfunction detect() {\n if (Binary.compare(\"''0d0a2020\")) {\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/Binary/format_SSHPublicKey.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: BJNFNE \n\n// https://en.wikipedia.org/wiki/Public-key_cryptography\nmeta(\"format\", \"SSH Public Key\");\n\nfunction detect() {\n if (Binary.compare(\"'ssh-ed25519'20\")) {\n sOptions = \"ed25519\";\n bDetected = true;\n } else if (Binary.compare(\"'ssh-rsa'20\")) {\n sOptions = \"RSA\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/Binary/format_SystemErr.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: BJNFNE \n\n// https://wiki.scummvm.org/index.php?title=Gob/DEV6_Information#Error_Messages (Used in Coktel Vision games)\nmeta(\"format\", \"System_Err\");\n\nfunction detect() {\n if (Binary.compare(\"'System_Err'\")) {\n var errorLine = Binary.getString(11, 32).trim();\n\n if (/^[ A-Za-z0-9\\-\\:\\\\\\.]{1,}$/.test(errorLine)) {\n if (X.isVerbose()) sOptions = errorLine;\n bDetected = true;\n }\n }\n\n return result();\n}" }, { "path": "db/Binary/format_TLB.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: BJNFNE \n\n// http://justsolve.archiveteam.org/wiki/Microsoft_Type_Library\nmeta(\"format\", \"Microsoft Type Library\");\n\nfunction detect() {\n if (Binary.compare(\"'MSFT'020001000000000009040000\")) {\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/Binary/format_TOT.1.sg", "content": "// Detect It Easy: detection rule file\n\n// Author: DosX\n// E-Mail: collab@kay-software.ru\n// GitHub: https://github.com/DosX-dev\n// Telegram: @DosX_dev\n// ---\n// Samples by: BJNFNE \n\n// https://github.com/scummvm/scummvm-tools/blob/77daf9269a65c428a8445653c2b59196dfd52021/engines/gob/degob_script_v1.cpp\nmeta(\"format\", \"TOT\");\n\nfunction detect() {\n if (Binary.compare(\"?? ** 00'\") && Binary.isSignaturePresent(0, 32, \"00 00 '(c)'\")) {\n bDetected = true;\n\n var versionInfo = Binary.findSignature(0, 64, \"'Version ' %% 2E %%\");\n\n if (versionInfo !== -1) {\n sVersion = Binary.getString(versionInfo + 8, 4);\n }\n\n var copyrightYear = Binary.findSignature(0, 64, \"'19' %% %%\");\n\n if (copyrightYear !== -1) {\n sVersion += (sVersion ? \", \" : String()) + Binary.getString(copyrightYear, 4);\n }\n }\n\n return result();\n}" }, { "path": "db/Binary/format_TPU.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: BJNFNE \n\n// https://en.wikipedia.org/wiki/Turbo_Pascal#Units\nmeta(\"format\", \"Turbo Pascal Unit (.TPU)\");\n\nfunction detect() {\n if (Binary.compare(\"'TPUQ'00000000\")) {\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/Binary/format_UCM.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: BJNFNE \n\n// https://tcrf.net/Crazy_Machines\nmeta(\"format\", \"UCM\");\n\nfunction detect() {\n if (Binary.compare(\"'UCM1'02000000\")) {\n sVersion = \"1.0\";\n sOptions = Binary.getString(0x0008);\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/Binary/format_UPC.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: BJNFNE \n\n// https://abandonware-magazines.github.io/magazines/magazine.html?m=Wiz&n=057&pagenumbers=1,12 (Used in My Fearless Friend made by Makh Shevet)\nmeta(\"format\", \"UPC\");\n\nfunction detect() {\n if (Binary.compare(\"'UPC'\")) {\n var frc = Binary.getString(13, 3).trim();\n\n if (/^[A-Z]{3}$/.test(frc)) {\n if (X.isVerbose()) sOptions = frc;\n bDetected = true;\n }\n }\n\n return result();\n}" }, { "path": "db/Binary/format_UPF.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: BJNFNE \n\n// https://abandonware-magazines.github.io/magazines/magazine.html?m=Wiz&n=057&pagenumbers=1,12 (Used in My Fearless Friend made by Makh Shevet)\nmeta(\"format\", \"UPF\");\n\nfunction detect() {\n if (Binary.compare(\"'UPF'\")) {\n var frf = Binary.getString(13, 3).trim();\n\n if (/^[A-Z]{3}$/.test(frf)) {\n if (X.isVerbose()) sOptions = frf;\n bDetected = true;\n }\n }\n\n return result();\n}" }, { "path": "db/Binary/format_UPI.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: BJNFNE \n\n// https://abandonware-magazines.github.io/magazines/magazine.html?m=Wiz&n=057&pagenumbers=1,12 (Used in My Fearless Friend made by Makh Shevet)\nmeta(\"format\", \"UPI\");\n\nfunction detect() {\n if (Binary.compare(\"'UPI'\")) {\n var fri = Binary.getString(13, 3).trim();\n\n if (/^[A-Z]{3}$/.test(fri)) {\n if (X.isVerbose()) sOptions = fri;\n bDetected = true;\n }\n }\n\n return result();\n}" }, { "path": "db/Binary/format_VDI.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: LinXP\n// doc-ref: https://www.virtualbox.org/browser/vbox/trunk/src/VBox/Storage/VDICore.h\n\nmeta(\"format\", \"Virtual Disk Image (.VDI)\");\n\nfunction detect() {\n if (Binary.getSize() >= 0x200) {\n if (Binary.compare(\"7F10DABE\", 0x40)) {\n sVersion = \"v\" + Binary.read_uint16(0x44) + \".\" + Binary.read_uint16(0x46);\n var sImgText = Binary.getString(0);\n var aImgName = sImgText.match(/<<< (.*?)\\ >>>/);\n if (aImgName) {\n sOptions = \"\\\"\" + sOptions.append(aImgName[1]) + \"\\\"\";\n bDetected = true;\n }\n if (bDetected && Binary.isVerbose()) {\n switch (Binary.read_uint16(0x4C)) {\n case 1: sOption(\"Normal dynamically\"); break;\n case 2: sOption(\"Preallocated fixed size\"); break;\n case 3: sOption(\"Dynamically growing for undo/commit changes\"); break;\n case 4: sOption(\"Dynamically growing for differencings\"); break;\n }\n sOption(\"Size:\" + Binary.bytesCountToString(Binary.read_uint64(0x0170)));\n }\n }\n }\n\n return result();\n}" }, { "path": "db/Binary/format_VM2.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: BJNFNE \n\n// https://www.psdevwiki.com/ps3/PS2_Savedata\nmeta(\"format\", \"PS2 Memory Card\");\n\nfunction detect() {\n if (Binary.compare(\"'Sony PS2 Memory Card Format 1.2.0.0'000000000000020200100000\")) {\n sVersion = \"1.2.0.0\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/Binary/format_VTF.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: BJNFNE \n\n// https://github.com/Wanty5883/Titanfall2/blob/master/documentation/textures/valve-texture-format-vtf/README.md\nmeta(\"format\", \"Valve Texture\");\n\nfunction detect() {\n if (Binary.compare(\"'VTF'0007000000\")) {\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/Binary/format_VVD.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: BJNFNE \n\n// https://developer.valvesoftware.com/wiki/VVD\nmeta(\"format\", \"VVD\");\n\nfunction detect() {\n if (Binary.compare(\"'IDSV'04000000\")) {\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/Binary/format_W3D.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: BJNFNE \n\n// https://director-online.dasdeck.com/buildArticle.php?id=1121\nmeta(\"format\", \"Shockwave 3D\");\n\nfunction detect() {\n if (Binary.compare(\"'IFX'000800000011000000\")) {\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/Binary/format_WASM.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: BJNFNE \n\n// https://en.wikipedia.org/wiki/WebAssembly\nmeta(\"format\", \"WebAssembly (.WASM)\");\n\nfunction detect() {\n if (Binary.compare(\"00'asm'010000000\")) {\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/Binary/format_WBFS.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: BJNFNE \n\n// https://file-extensions.com/docs/wbfs\nmeta(\"format\", \"Wii Backup File System\");\n\nfunction detect() {\n if (Binary.compare(\"'WBFS'00....000915000001000000\")) {\n sOptions = File.cleanString(Binary.getString(0x00000200, 6));\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/Binary/format_XBE.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: BJNFNE \n\n// https://xboxdevwiki.net/Xbe\nmeta(\"format\", \"Xbox Executable (.XBE)\");\n\nfunction detect() {\n if (Binary.compare(\"'XBEH'000000000000000000000000\")) {\n sOptions = \"unsigned\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/Binary/format_XBF.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: BJNFNE \n\n// https://learn.microsoft.com/en-us/uwp/api/windows.ui.xaml.markup.xamlbinarywriter?view=winrt-26100\nmeta(\"format\", \"XBF\");\n\nfunction detect() {\n if (Binary.compare(\"'XBF'\")) {\n var id = Binary.getString(68, 32).trim();\n\n if (/^[A-Z0-9]{32}/.test(id)) {\n if (X.isVerbose()) sOptions = id;\n bDetected = true;\n }\n }\n\n return result();\n}" }, { "path": "db/Binary/format_XCG.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: BJNFNE \n// Used by Battlecry 3\n\n// https://en.wikipedia.org/wiki/Warlords_Battlecry_III\nmeta(\"format\", \"XCG (Graphics)\");\n\nfunction detect() {\n if (Binary.compare(\"'xcg File'\")) {\n var versionNumber = Binary.getString(9, 4).trim();\n\n if (/^[0-9/.]{4}$/.test(versionNumber)) {\n sVersion = versionNumber;\n bDetected = true;\n }\n }\n\n return result();\n}" }, { "path": "db/Binary/format_XCI.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: BJNFNE \n// Used by Battlecry 3\n\n// https://en.wikipedia.org/wiki/Warlords_Battlecry_III\nmeta(\"format\", \"XCI\");\n\nfunction detect() {\n if (Binary.compare(\"'xci File'\")) {\n var versionNumber = Binary.getString(9, 4).trim();\n\n if (/^[0-9/.]{4}$/.test(versionNumber)) {\n sVersion = versionNumber;\n bDetected = true;\n }\n }\n\n return result();\n}" }, { "path": "db/Binary/format_XCR.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: BJNFNE \n// Used by Battlecry 3\n\n// https://en.wikipedia.org/wiki/Warlords_Battlecry_III\nmeta(\"format\", \"XCR\");\n\nfunction detect() {\n if (Binary.compare(\"'xcr File'\")) {\n var versionNumber = Binary.getString(9, 4).trim();\n\n if (/^[0-9/.]{4}$/.test(versionNumber)) {\n sVersion = versionNumber;\n bDetected = true;\n }\n }\n\n return result();\n}" }, { "path": "db/Binary/format_XCS.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: BJNFNE \n\n// https://wiki.multimedia.cx/index.php/Engines/XPAT#XCS\nmeta(\"format\", \"XPAT Compiled Script (.XCS)\");\n\nfunction detect() {\n if (Binary.compare(\"58 43 53\")) {\n var platform = Binary.getString(4, 2).trim();\n\n if (/^[A-Z]{2}$/.test(platform)) {\n sVersion = platform;\n bDetected = true;\n }\n }\n\n return result();\n}" }, { "path": "db/Binary/format_XDelta.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: BJNFNE \n\n// https://en.wikipedia.org/wiki/Xdelta\nmeta(\"format\", \"XDelta\");\n\nfunction detect() {\n if (Binary.compare(\"d6c3c4000502\")) {\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/Binary/format_XEX.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: BJNFNE \n\n// https://free60.org/System-Software/Formats/XEX/\nmeta(\"format\", \"Xbox Executable File (.XEX)\");\n\nfunction detect() {\n if (Binary.compare(\"'XEX2'000000..00\")) {\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/Binary/format_ZZDATA.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: BJNFNE \n\n// http://www.cdinteractive.co.uk/forums/cdinteractive/viewtopic.php?t=2115\nmeta(\"format\", \"ZZDATA\");\n\nfunction detect() {\n if (Binary.compare(\"'DIRINFO'000000000000000000\")) {\n sVersion = \"CD-I\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/Binary/format_ZinsSAV.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: BJNFNE \n\n// https://www.mobygames.com/game/9264/captain-zins/\nmeta(\"format\", \"Captain Zins Save\");\n\nfunction detect() {\n if (Binary.compare(\"'ZinsSAV'000001\")) {\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/Binary/format_bin.AAALogo.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: Tembo (http://tembolab.pl/products/executable-image-viewer.html)\n\nmeta(\"format\", \"AAA Logo\");\n\nfunction detect() {\n if (Binary.getSize() >= 90) {\n if (Binary.compare(\"2CA46774\")) {\n bDetected = true;\n }\n }\n\n return result();\n}" }, { "path": "db/Binary/format_bin.COL.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: Kae \n\nmeta(\"format\", \"RenderWare collision data (.COL)\"); // Criterion Software/Rockstar Games\n\nfunction detect() {\n var hksz = 0, lst = [], c = 0, bad = '';\n for (p = 0; p < X.Sz(); c++, p += hksz) {\n if (!X.c(\"'COLL'\", p) || X.U8(p - 1) || p + 8 > X.Sz())\n if (!X.c(\"'COLL'\", --p)) break; else bad = bad.addIfNone('!badchunk'/*+'@'+Hex(p+1-hksz)*/);\n // In GTA:SA, peds.col has 3 chunks that are 1 byte shorter than declared!\n // They seem to be linked to the unusual entity name length.\n hksz = 8 + X.U32(p + 4, _LE);\n if (p + hksz > X.Sz()) return;\n var entity = X.SA(p + 8, 8); if (!entity.length) break;\n //_l2r('col',p,entity+':'+charStat(X.readBytes(p+8,8,true)));\n if (charStat(entity, 1).indexOf('allasc') < 0) return;\n lst.push(X.SA(p + 8, 8))\n }\n\n if (!c) return;\n if (bad.length) sVersion = sVersion.appendS('malformed' + bad, '/');\n if (X.isVerbose()) {\n sOption(addEllipsis(lst.join(',')));\n sOption(outSz(p), 'sz:');\n }\n\n bDetected = true;\n\n return result();\n}\n" }, { "path": "db/Binary/format_bin.GuitarPro.1.sg", "content": "// Detect It Easy: detection rule file\r\n// Author: horsicq \r\n// WIP\r\n// Authors:\r\n// Tembo (http://tembolab.pl/products/executable-image-viewer.html)\r\n// Kaens TG@kaens\r\n\r\nmeta(\"format\", \"Arobas Music Guitar Pro\");\r\n\r\n/* beautify ignore:start */\r\nfunction detect() {\r\n\tif (Binary.getSize() > 31) {\r\n\t\tif (Binary.compare(\"'BCFZ'\") || Binary.compare(\"'BCFS'\")) {\r\n\t\t\tsVersion = \"6.X\";\r\n\t\t\tsName += \" Tablature\";\r\n\t\t\tbDetected = true;\r\n\t\t} else if (Binary.compare(\"'GPAR'\")) {\r\n\t\t\tsVersion = \"6.X\";\r\n\t\t\tsName += \" Soundbank\";\r\n\t\t\tbDetected = true;\r\n\t\t} else if ((X.c(\"18\") || X.c(\"19\")) && X.c(\"'FICHIER GUITAR PRO'20\",1)) { //\r\n\t\t\tsV = /v(\\d*)\\.(\\d*)/.exec(X.SA(X.U8(0)-4,6));\r\n\t\t\tif (sV[0]) {\r\n\t\t\t\tsName += \" Tablature\"; bDetected = true; sVersion = sV[0]; nV = Number(sV[1]+sV[2]);\r\n\t\t\t\tenc = 'CP1251'; tempo = ''; p = 0x1F;\r\n\t\t\t\t// ref https://github.com/CoderLine/alphaTab/blob/develop/src/importer/Gp3To5Importer.ts → readScore()\r\n\t\t\t\ttitle = X.SC(p+5,X.U8(p+4),enc); p += 4+X.U32(p);\r\n\t\t\t\tsubtitle = X.SC(p+5,X.U8(p+4),enc); p += 4+X.U32(p);\r\n\t\t\t\tartist = X.SC(p+5,X.U8(p+4),enc); p += 4+X.U32(p);\r\n\t\t\t\talbum = X.SC(p+5,X.U8(p+4),enc); p += 4+X.U32(p);\r\n\t\t\t\twords = X.SC(p+5,X.U8(p+4),enc); p += 4+X.U32(p);\r\n\t\t\t\tif(nV >= 500) { music = X.SC(p+5,X.U8(p+4),enc); p += 4+X.U32(p) } else music = words;\r\n\t\t\t\tcr = X.SC(p+5,X.U8(p+4),enc); p += 4+X.U32(p);\r\n\t\t\t\ttab = X.SC(p+5,X.U8(p+4),enc); p += 4+X.U32(p);\r\n\t\t\t\tinstructions = X.SC(p+5,X.U8(p+4),enc); p += 4+X.U32(p);\r\n\t\t\t\tvar notice = '', noticeLines = X.U32(p); p += 4;\r\n\t\t\t\tfor (i = 0; i < noticeLines && p < X.Sz(); i++) {\r\n\t\t\t\t\tif (i > 0) notice += '\\r\\n';\r\n\t\t\t\t\tnotice += X.SC(p+5,X.U8(p+4),enc); p += 4+X.U32(p);\r\n\t\t\t\t}\r\n\t\t\t\tif(nV < 500) p++; //triplet feel before gp5\r\n\t\t\t\tif(nV >= 400) for(p+=4,i=0; i < 5 && p < X.Sz(); i++) p += 8+X.U32(p+4); // beat lyrics\r\n\t\t\t\tif(nV >= 510) p += 19; //rse master settings\r\n\t\t\t\tif(nV >= 500) {\r\n\t\t\t\t\tfor(p+=30,i=0; i < 10 && p < X.Sz(); i++) p += 4+X.U32(p); //page setup and text field stencils\r\n\t\t\t\t\ttempo = X.SC(p+5,X.U8(p+4),enc).trim(); p += 4+X.U32(p)\r\n\t\t\t\t}\r\n\t\t\t\tif(t=X.U32(p)) tempo = tempo.appendS(t+'bpm',':');\r\n\t\t\t\tp += 4; if(nV >= 510) p++; //hide tempo?\r\n\t\t\t\tp += 4; if(nV >= 400) p++; //key & octave\r\n\t\t\t\tp += 64*12; //playback info\r\n\t\t\t\tif(nV >= 500) p += 2*19+4; //direction signs & ...4 bytes\r\n\t\t\t\tbars = X.U32(p); trk = X.U32(p+4); p += 8;\r\n\t\t\t\tfor(i=0; i < bars && p < X.Sz(); i++) { //read master bars\r\n\t\t\t\t\tvar f = X.U8(p++);\r\n\t\t\t\t\tif(f&1) p++; if(f&2) p++; if(f&8) p++; if((f&0x10) && nV < 500) p++;\r\n\t\t\t\t\tif(f&0x20) p += 8+X.U32(p); //annotated bar\r\n\t\t\t\t\tif(f&0x40) p += 2;\r\n\t\t\t\t\tif(nV >= 500) { p += 3; if(f&3) p += 4 }\r\n\t\t\t\t}\r\n\t\t\t\tfor(i=0,trks=[]; i < trk && p < X.Sz(); i++) { //read track data\r\n//_l2r('gpx',p,'track '+i+' data')\r\n\t\t\t\t\tvar f = X.U8(p++); if((t=X.SC(p+1,X.U8(p),enc).trim()) != '') trks.push(t); p += 41;\r\n\t\t\t\t\tvar strings = X.U32(p); p += 32; //strings & tunings\r\n\t\t\t\t\tvar frets = X.U32(p+12), capo = X.U32(p+16); p += 24; //port,index,fxch,frets,capo,colour\r\n//_l2r('gpx',p,j+': strings:'+strings+' frets:'+frets+' capo|'+capo)\r\n\t\t\t\t\tif(nV >= 500) p += 45;\r\n\t\t\t\t\tif(nV >= 510) { p += 8+X.U32(p); p += 4+X.U32(p) }\r\n\t\t\t\t}\r\n/*// This block has bugs to find (there's just a couple at most; add checkpoints to alphaTab, compare)\r\n// AND it's gonna be rather sluggish even if all is right. TODO\r\n\t\t\t\tfor(i=0; i < bars && p < X.Sz(); i++) for(j=0; j < trk && p < X.Sz(); j++) { //read bars → voices → beats\r\n\t\t\t\t\tif(nV >= 500) { p++; voc = 2 } else voc = 1;\r\n\t\t\t\t\tfor(v=0; v < voc; v++) {\r\n\t\t\t\t\t\tvar beatnum = X.U32(p); p += 4;\r\n\t\t\t\t\t\tfor(k=0; k < beatnum && p < X.Sz(); k++) {\r\n//_l2r('gpx',p,'bar:'+i+' voc:'+v+' beat:'+k)\r\n\t\t\t\t\t\t\tf = X.U8(p++); if(f&0x40) p++; p++; if(f&0x20) p += 4;\r\n\t\t\t\t\t\t\tif(f&2) { //read chord info\r\n\t\t\t\t\t\t\t\tif(nV >= 500) { p += 17+22+4+4+28; p += 1+X.U8(p); p += 26 }\r\n\t\t\t\t\t\t\t\telse\r\n\t\t\t\t\t\t\t\t\tif(X.U8(p++))\r\n\t\t\t\t\t\t\t\t\t\tif(nV >= 400) { p += 16+22+4+4+28; p += 1+X.U8(p); p += 26 }\r\n\t\t\t\t\t\t\t\t\t\telse { p += 25+35+4+24+36 }\r\n\t\t\t\t\t\t\t\t\telse\r\n\t\t\t\t\t\t\t\t\t\tp += 4+X.U32(p)+4+4*(nV >= 406? 7: 6);\r\n\t\t\t\t\t\t\t}\r\n\t\t\t\t\t\t\tif(f&4) { text = X.SC(p+5,X.U8(p+4),enc); p += X.U32(p) } // could be more lyrics inside beat text\r\n\t\t\t\t\t\t\tif(f&8) { //read beat fx\r\n\t\t\t\t\t\t\t\tfs = X.U8(p++); f2 = 0; if(nV >= 400) f2 = X.U8(p++);\r\n\t\t\t\t\t\t\t\tif((fs&0x20)) { p++; if(nV < 400) p += 4 } //slapPop\r\n\t\t\t\t\t\t\t\tif(f2&4) { //read tremolo bar effect (beat)\r\n\t\t\t\t\t\t\t\t\tp += 5; var pts = X.U32(p); p += 4+pts*9\r\n\t\t\t\t\t\t\t\t}\r\n\t\t\t\t\t\t\t\tif(fs&0x40) p += 2; //stroke\r\n\t\t\t\t\t\t\t\tif(f2&2) p++; //pickstroke\r\n\t\t\t\t\t\t\t}\r\n\t\t\t\t\t\t\tif(f&0x10) { //read mix table change\r\n\t\t\t\t\t\t\t\tp++; if(nV >= 500) p += 16;\r\n\t\t\t\t\t\t\t\tvar a = []; for(z=0; z < 6 && p < X.Sz(); z++) a.push(X.U8(p++));\r\n\t\t\t\t\t\t\t\tif(nV >= 500) p += 4+X.U32(p);\r\n\t\t\t\t\t\t\t\ta.push(X.U32(p)); p += 4;\r\n\t\t\t\t\t\t\t\tfor(z=0; z < 6 && p < X.Sz(); z++) if(a[z]) p++; if(a[7]) { p++; if(nV >= 510) p++ }\r\n\t\t\t\t\t\t\t\tif(nV >= 400) p++; //mixtableflags\r\n\t\t\t\t\t\t\t\tif(nV >= 500) p++; //wahtype\r\n\t\t\t\t\t\t\t\tif(nV >= 510) { p += 4+X.U32(p); p += 4+X.U32(p) }\r\n\t\t\t\t\t\t\t}\r\n\t\t\t\t\t\t\tf = X.U8(p++); //stringflags???\r\n\t\t\t\t\t\t\tfor(l=6; l >= 0 && p < X.Sz(); l--) if((f&(1<= 500) { if(f2&1) p += 8; p++ }\r\n\t\t\t\t\t\t\t\tif(f2&8) {\r\n\t\t\t\t\t\t\t\t\tvar xf = X.U8(p++), xf2 = nV >= 400? X.U8(p++): 0;\r\n\t\t\t\t\t\t\t\t\tif(xf&1) { p += 5; pts = X.U32(p); p += 4+pts*9 } //read bend\r\n\t\t\t\t\t\t\t\t\tif(xf&0x10) p += 4+(nV >= 500? 1: 0); //read grace\r\n\t\t\t\t\t\t\t\t\tif(xf2&4) p++; if(xf2&8) p++;\r\n\t\t\t\t\t\t\t\t\tif(xf2&0x10) { t = X.U8(p++); if(nV >= 500) if(t == 2) p += 3; else if(t == 3) p++ } //read AH\r\n\t\t\t\t\t\t\t\t\tif(f&0x20) p += 2;\r\n\t\t\t\t\t\t\t\t} \r\n\t\t\t\t\t\t\t}\r\n\t\t\t\t\t\t\tif(nV >= 500) {\r\n\t\t\t\t\t\t\t\tf = X.U16(p); p += 2; if(f&0x800) p++;\r\n\t\t\t\t\t\t\t}\r\n\t\t\t\t\t\t}\r\n\t\t\t\t\t}\r\n\t\t\t\t}\r\n\t\t\t\tsz = p;*/\r\n//_l2r('gpx',p,outArray(trks))\r\n\t\t\t\tif(X.isVerbose()) {\r\n\t\t\t\t\tsOptionT(title,' title:\"','\"'); sOptionT(subtitle,'~','~');\r\n\t\t\t\t\tsOptionT(artist,'artist:\"','\"'); sOptionT(album,'album:\"','\"'); sOptionT(cr,'©'); sOptionT(tab,'tab:');\r\n\t\t\t\t\tsOptionT(instructions,'instructions:'); sOptionT(notice,'notice:');\r\n\t\t\t\t\tsOption(tempo,'tempo:'); sOption(trk,'tracks:'); sOption(bars,'bars:');\r\n\t\t\t\t}\r\n\t\t\t}\r\n\t\t}\r\n\t}\r\n\r\n\treturn result()\r\n}\r\n/* beautify ignore:end */\r\n" }, { "path": "db/Binary/format_bin.Hermes.1.sg", "content": "// Detect It Easy: detection rule file\r\n// Author: horsicq \r\n\r\nmeta(\"format\", \"Hermes JavaScript bytecode\");\r\n\r\nfunction detect() {\r\n if (Binary.getSize() >= 0xC) {\r\n if (Binary.compare(\"C61FBC03C103191F\", Binary.read_uint64(0, _BE))) {\r\n sVersion = Binary.read_uint32(8);\r\n bDetected = true;\r\n }\r\n }\r\n\r\n sLang = \"JavaScript\";\r\n\r\n return result();\r\n}\r\n" }, { "path": "db/Binary/format_bin.JMDL.1.sg", "content": "// Detect It Easy: detection rule file\r\n// Author: horsicq \r\n\r\nmeta(\"format\", \"Microstation Java (JMDL) Compiled Class\");\r\n\r\nfunction detect() {\r\n if (Binary.getSize() >= 8 && Binary.compare(\"CAFEBEEF\")) {\r\n // var nMinor = X.U16(4,_BE);\r\n var nMajor = X.U16(6, _BE);\r\n if (nMajor) {\r\n sVersion = \"JDK \";\r\n switch (nMajor) {\r\n case 0x2D:\r\n sVersion += \"1.1\";\r\n break;\r\n case 0x2E:\r\n sVersion += \"1.2\";\r\n break;\r\n case 0x2F:\r\n sVersion += \"1.3\";\r\n break;\r\n case 0x30:\r\n sVersion += \"1.4\";\r\n break;\r\n }\r\n\r\n bDetected = nMajor >= 0x2D && nMajor <= 0x42;\r\n }\r\n }\r\n\r\n\r\n sLang = \"Java\";\r\n\r\n return result();\r\n}\r\n" }, { "path": "db/Binary/format_bin.JSC.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: LinXP\n\nmeta(\"format\", \"JavaScript Compiled/Bytenode (.JSC)\");\n\nvar VersionHash = [\n [\"11.8.172.17\", \"4aaade2a\", \"6e55fcb4\"],\n [\"11.3.244.8\", \"88b331c0\", \"bc2e4000\"],\n [\"10.8.168.25\", \"22162e5c\", \"866ceba8\"],\n [\"10.2.154.26\", \"353c3291\", \"82a06935\"],\n [\"9.6.180.15\", \"96a2e9d1\", \"77a0eea2\"],\n [\"9.6.180.14\", \"efecf234\", \"15e726e8\"],\n [\"9.5.172.25\", \"87f3c490\", \"7845cebc\"],\n [\"9.5.172.21\", \"22b0877a\", \"d54c6bc9\"],\n [\"9.4.146.26\", \"4f3466a4\", \"ee64ddac\"],\n [\"9.4.146.24\", \"34bdcb66\", \"251899cd\"],\n [\"9.4.146.19\", \"1c8f8b6a\", \"15375929\"],\n [\"8.6.395.17\", \"4e4909d8\", \"a8d671f0\"],\n [\"8.6.395.16\", \"2e933797\", \"42ff7bd2\"],\n [\"8.4.371.23\", \"422a9510\", \"305d5cb4\"],\n [\"8.4.371.19\", \"9ee57fe0\", \"8b279ced\"],\n [\"8.3.110.9\", \"98545131\", \"878c72a5\"],\n [\"8.1.307.31\", \"2cb9ba58\", \"8912ed09\"],\n [\"8.1.307.30\", \"22d2f67c\", \"f8e02587\"],\n [\"7.9.317.25\", \"e46e0ba2\", \"affe52ff\"],\n [\"7.9.317.23\", \"327e22f1\", \"a5ef90cb\"],\n [\"7.8.279.23\", \"f4ca7648\", \"2453843a\"],\n [\"7.8.279.17\", \"533dd511\", \"2e4f9afd\"],\n [\"7.7.299.13\", \"7ee98716\", \"8f1d647f\"],\n [\"7.7.299.11\", \"f4bd9236\", \"defcacc7\"],\n [\"7.6.303.29\", \"62a5311c\", \"905e664f\"],\n [\"7.4.288.27\", \"8d2f9651\", \"84fec91f\"],\n [\"7.5.288.22\", \"8176065f\", \"8b9ea960\"],\n [\"7.4.288.21\", \"4e79ebb1\", \"27f6dd21\"],\n [\"7.0.276.38\", \"5aa2a8c8\", \"261396d3\"],\n [\"7.0.276.32\", \"302bcaf2\", \"1c3c201f\"],\n [\"6.8.275.32\", \"4914c00b\", \"8af4d4f4\"],\n [\"6.8.275.30\", \"34fd59c5\", \"91d1cc59\"],\n [\"6.8.275.24\", \"70ff0c52\", \"74a2eeac\"],\n [\"6.7.288.49\", \"f5e4a619\", \"aa47d109\"],\n [\"6.7.288.46\", \"555f09bb\", \"6070752b\"],\n [\"6.7.288.45\", \"3f06ef23\", \"ca0b678f\"],\n [\"6.7.288.43\", \"bc67142f\", \"884dad18\"],\n [\"6.6.346.32\", \"9ac1441d\", \"600024b1\"],\n [\"6.6.346.27\", \"741c5f3b\", \"91b8852b\"],\n [\"6.6.346.24\", \"cbb74c67\", \"3e6b9b38\"],\n [\"6.2.414.78\", \"4d9d4c8d\", \"c2f91993\"],\n [\"6.2.414.77\", \"2e12ba35\", \"818125c8\"],\n [\"6.2.414.72\", \"90a269a0\", \"96890b15\"],\n [\"6.2.414.66\", \"a8f60b85\", \"36eba645\"],\n [\"6.2.414.54\", \"6ed53280\", \"82f11b7d\"],\n [\"6.2.414.50\", \"ae6544a8\", \"bd692ce0\"],\n [\"6.2.414.46\", \"4e617339\", \"81adf054\"],\n [\"6.2.414.44\", \"c60a7c87\", \"7e207921\"],\n [\"6.2.414.32\", \"42110b24\", \"84d039aa\"],\n [\"6.1.534.50\", \"a0f6f0f4\", \"9e10b69f\"],\n [\"6.1.534.48\", \"f14f22a0\", \"82467775\"],\n [\"6.1.534.47\", \"79276eb0\", \"221a8fc5\"],\n [\"6.1.534.46\", \"babe69a4\", \"64318412\"],\n [\"6.1.534.42\", \"166f25d9\", \"9892d1c2\"],\n [\"6.0.287.53\", \"a1bc32d4\", \"6fcdcd18\"],\n [\"6.0.286.52\", \"2cf4293d\", \"a030b731\"],\n [\"5.5.372.43\", \"b96063d0\", \"c10a0c40\"],\n [\"5.1.281.111\", \"bb23baab\", \"78f44bee\"],\n [\"4.6.85.32\", \"35a37732\", \"ca4b83fd\"],\n [\"4.5.103.53\", \"15953e0e\", \"b217e70b\"],\n [\"3.28.71.20\", \"26145e77\", \"fec9a40d\"],\n];\n\nfunction detect() {\n if (Binary.getSize() >= 0x20) {\n if (Binary.compare(\"DEC0\", 0x02)) {\n bDetected = true;\n for (i = 0; i < VersionHash.length; i++) {\n if (Binary.compare(VersionHash[i][1], 0x04)) {\n sVersion = \"v\" + VersionHash[i][0] + \" x86\"\n } else if (Binary.compare(VersionHash[i][2], 0x04)) {\n sVersion = \"v\" + VersionHash[i][0] + \" x64\"\n };\n }\n }\n }\n\n\n sLang = \"JavaScript\";\n\n return result();\n}" }, { "path": "db/Binary/format_bin.Java.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: Levis , LinXP\n// doc-ref: https://docs.oracle.com/javase/specs/jvms/se18/html/jvms-4.html\n\nmeta(\"format\", \"Java Class File (.CLASS)\");\n\nfunction detect() {\n if (Binary.getSize() >= 8) {\n if (Binary.compare(\"CAFEBABE\")) {\n bDetected = true;\n\n var nMinor = Binary.read_uint16(0x04, _BE),\n nMajor = Binary.read_uint16(0x06, _BE);\n\n switch (nMajor) { // https://en.wikipedia.org/wiki/Java_version_history\n case 45: sVersion = \"JDK 1.1\"; break; // February 1997\n case 46: sVersion = \"JDK 1.2\"; break; // December 1998\n case 47: sVersion = \"JDK 1.3\"; break; // May 2000\n case 48: sVersion = \"JDK 1.4\"; break; // February 2002\n case 49: sVersion = \"Java SE 5.0\"; break; // September 2004\n case 50: sVersion = \"Java SE 6\"; break; // December 2006\n case 51: sVersion = \"Java SE 7\"; break; // July 2011\n case 52: sVersion = \"Java SE 8\"; break; // March 2014\n case 53: sVersion = \"Java SE 9\"; break; // September 2017\n case 54: sVersion = \"Java SE 10\"; break; // March 2018\n case 55: sVersion = \"Java SE 11\"; break; // September 2018\n case 56: sVersion = \"Java SE 12\"; break; // March 2019\n case 57: sVersion = \"Java SE 13\"; break; // September 2019\n case 58: sVersion = \"Java SE 14\"; break; // March 2020\n case 59: sVersion = \"Java SE 15\"; break; // September 2020\n case 60: sVersion = \"Java SE 16\"; break; // March 2021\n case 61: sVersion = \"Java SE 17\"; break; // September 2021\n case 62: sVersion = \"Java SE 18\"; break; // March 2022\n case 63: sVersion = \"Java SE 19\"; break; // September 2022\n case 64: sVersion = \"Java SE 20\"; break; // March 2023\n case 65: sVersion = \"Java SE 21\"; break; // September 2023\n case 66: sVersion = \"Java SE 22\"; break; // March 2024\n case 67: sVersion = \"Java SE 23\"; break; // September 2024\n case 68: sVersion = \"Java SE 24\"; break; // March 2025\n case 69: sVersion = \"Java SE 25\"; break; // September 2025\n }\n\n if (sVersion && nMinor) {\n sVersion += \".\" + nMinor;\n }\n\n if (bDetected && Binary.isVerbose()) {\n var nOffset = 0x08;\n var constantPoolCount = Binary.read_uint16(nOffset, _BE);\n\n nOffset += 2;\n for (pool = 1; pool < constantPoolCount; pool++) {\n switch (Binary.read_uint8(nOffset)) { // Tag\n case 1: // CONSTANT_Utf8\n nOffset += 1 + 2 + Binary.read_uint16(nOffset + 1, _BE);\n break;\n case 3: // CONSTANT_Integer\n case 4: // CONSTANT_Float\n nOffset += 1 + 4;\n break;\n case 5: // CONSTANT_Long\n case 6: // CONSTANT_Double\n nOffset += 1 + 4 + 4;\n break;\n case 7: // CONSTANT_Class\n case 8: // CONSTANT_String\n case 16: // CONSTANT_MethodType\n nOffset += 1 + 2;\n break;\n case 9: // CONSTANT_Fieldref\n case 10: // CONSTANT_Methodref\n case 11: // CONSTANT_InterfaceMethodref\n case 12: // CONSTANT_NameAndType\n case 18: // CONSTANT_InvokeDynamic\n nOffset += 1 + 2 + 2;\n break;\n case 15: // CONSTANT_MethodHandle_info\n nOffset += 1 + 1 + 2;\n break;\n default:\n sOption(\"err unk tag:\" + nOffset);\n }\n }\n var nAccessFlagss = Binary.read_uint16(nOffset, _BE);\n if (nAccessFlagss & 0x0001) { sOption(\"ACC_PUBLIC\"); }\n if (nAccessFlagss & 0x0002) { sOption(\"ACC_PRIVATE\"); }\n if (nAccessFlagss & 0x0004) { sOption(\"ACC_PROTECTED\"); }\n if (nAccessFlagss & 0x0008) { sOption(\"ACC_STATIC\"); }\n if (nAccessFlagss & 0x0010) { sOption(\"ACC_FINAL\"); }\n if (nAccessFlagss & 0x0020) { sOption(\"ACC_SUPER\"); }\n if (nAccessFlagss & 0x0040) { sOption(\"ACC_VOLATILE\"); }\n if (nAccessFlagss & 0x0080) { sOption(\"ACC_TRANSIENT\"); }\n if (nAccessFlagss & 0x0100) { sOption(\"ACC_NATIVE\"); }\n if (nAccessFlagss & 0x0200) { sOption(\"ACC_INTERFACE\"); }\n if (nAccessFlagss & 0x0400) { sOption(\"ACC_ABSTRACT\"); }\n if (nAccessFlagss & 0x0800) { sOption(\"ACC_STRICT\"); }\n }\n }\n }\n\n\n sLang = \"Java\";\n\n return result();\n}" }, { "path": "db/Binary/format_bin.KeePass.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: Arjan Onwezen\n// Info: https://gist.github.com/lgg/e6ccc6e212d18dd2ecd8a8c116fb1e45\n// Rewritten by BJNFNE\n\nmeta(\"format\", \"KeePass\");\n\nfunction detect() {\n if (Binary.compare(\"03 D9 A2 9A\")) {\n bDetected = true;\n if (Binary.compare(\"65 FB 4B B5\", 4)) {\n sVersion = \"1.X\";\n sOptions = \".KBD\";\n bDetected = true;\n }\n if (Binary.compare(\"66 FB 4B B5\", 4)) {\n sVersion = \"2.X, pre-release (alpha/beta)\";\n sOptions = \".KBDX\";\n bDetected = true;\n }\n if (Binary.compare(\"67 FB 4B B5\", 4)) {\n sVersion = \"2.X\";\n sOptions = \".KBDX\";\n bDetected = true;\n }\n }\n\n return result();\n}" }, { "path": "db/Binary/format_bin.LUA.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: LinXP\n\nmeta(\"format\", \"Lua Bytecode (.LUAC)\");\n\nfunction detect() {\n if (Binary.getSize() >= 8) {\n if (Binary.compare(\"1B'Lua'..00\")) {\n bDetected = true;\n switch (Binary.read_uint8(0x04)) {\n case 0x50: sVersion = \"v5.0\"; break;\n case 0x51: sVersion = \"v5.1\"; break;\n case 0x52: sVersion = \"v5.2\"; break;\n case 0x53: sVersion = \"v5.3\"; break;\n case 0x54: sVersion = \"v5.4\"; break;\n default: return;\n }\n if (Binary.isVerbose()) {\n switch (Binary.read_uint8(0x06)) {\n case 0: sOption(\"BigEndian\"); break;\n case 1: sOption(\"LittleEndian\"); break;\n default: return;\n }\n }\n }\n }\n\n sLang = \"Lua\";\n\n return result();\n}" }, { "path": "db/Binary/format_bin.NVA.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: Tembo (http://tembolab.pl/products/executable-image-viewer.html)\n\nmeta(\"format\", \"NVA\");\n\nfunction detect() {\n if (Binary.getSize() >= 8) {\n if (Binary.compare(\"'%NVA'\")) {\n sVersion = Binary.getString(5, 3);\n bDetected = true;\n }\n }\n\n return result();\n}" }, { "path": "db/Binary/format_bin.Nintendo-certified-file.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: Kae \n\n// from https://www.psdevwiki.com/ps3/Certified_File\n// & https://www.psdevwiki.com/ps3/SELF_-_SPRX#ELF_Header\nmeta(\"format\", \"Unknown Certified File\");\n\nfunction detect() {\n if (X.c(\"'SCE'00\")) {\n var tp, e;\n if (X.c('0000 0002', 4)) e = _BE; //PS3\n else if (X.c('0300 0000', 4)) e = _LE; //Vita\n else return;\n // PS3/Vita Certified File\n const attr = X.U16(8, e), tp = X.U16(0xA, e), exhdsz = X.U32(0xC, e), fofs = X.U64(0x10, e),\n fsz = X.U64(0x18, e), CFfsz = (e == _BE) ? 0 : X.U64(0x20, e), padding = (e == _BE) ? 0 : X.U64(0x28, e);\n var p = e == _BE? 0x20 : 0x30;\n switch (tp) {\n case 1:\n const eexhdsz = X.U64(p, e);\n if(!(e == _BE && eexhdsz == 3 || e == _LE && eexhdsz == 4)) return;\n const progidhdp = X.U64(p+8, e), ehdrp = X.U64(p+0x10, e),\n phdrp = X.U64(p+0x18, e), shdrp = X.U64(p+0x20, e);\n if (progidhdp+0x20 != ehdrp || ehdrp+0x40 != phdrp) return;\n if(X.c(\"7F 'ELF' .. .. 01\", ehdrp)) sName = \"Nintendō signed ELF/PRX (.SELF,.SPRX)\";\n else sName = \"Nintendō signed ELF/PRX, headerless (.SELF,.SPRX)\";\n break;\n case 2: sName = \"Nintendō signed revoke list (.SRVK)\"; break;\n case 3: sName = \"Nintendō signed package (.SPKG)\"; break;\n case 4: sName = \"Nintendō signed security policy profile (.SSPP)\"; break;\n case 5: sName = \"Nintendō signed diff (.SDIFF)\"; break;\n case 6: sName = \"Nintendō signed param.sfo\"; break;\n default: if (X.isHeuristicScan()) { sType = '~'+sType; sName += ' type '+Hex(tp); } else return;\n }\n\n if (!isWithin(fofs, p,X.Sz()) || fsz < fofs) return;\n\n bDetected = true; sVersion = e == _BE ? 'PS3' : 'PSVita';\n if(attr == 0x8000) sOption('fSELF');\n if(X.isVerbose()) sOption(outSz(fofs+fsz),'sz:')\n }\n\n return result();\n}\n" }, { "path": "db/Binary/format_bin.PEFF.1.sg", "content": "// Detect It Easy: detection rule file\r\n// Author: horsicq \r\n\r\n// https://en.wikipedia.org/wiki/Preferred_Executable_Format\r\n// Rewritten by BJNFNE\r\n\r\nmeta(\"format\", \"Preferred Executable Format\");\r\n\r\nfunction detect() {\r\n if (Binary.compare(\"'Joy!peff'00000001\")) {\r\n sVersion = \"1.0\";\r\n bDetected = true;\r\n } else if (Binary.compare(\"'Joy!peffpwpc'00000001\")) {\r\n sOptions = \"PowerPC\";\r\n sVersion = \"1.0\";\r\n bDetected = true;\r\n }\r\n\r\n return result();\r\n}\r\n" }, { "path": "db/Binary/format_bin.PalmFile.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: Kaens (TG @kaens)\n// TODO parse PQA too, why not\n/* beautify ignore:start */\n\nmeta(\"format\", \"Palm OS file \");\n\nfunction detect() {\n //ref https://jichu4n.github.io/palm-pdb/assets/Palm%20File%20Format%20Specification.pdf\n // & https://github.com/jichu4n/palm-os-sdk/blob/master/sdk-3.1/include/Core/System/DataPrv.h\n if (/S98[0-3]/.test(X.SA(0, 4)) && X.U32(4) <= 0x20 && !X.U32(0xC)\n && (!X.U32(0x10) || isWithin(X.U32(0x10), 0x20, 0x800000))\n && X.U32(0x14) < 0x20000\n && (!X.U32(0x18) || isWithin(X.U32(0x18), X.U32(0x14), 0x800000))\n && X.U32(0x1C) <= 0x40) return //too many FPs with the S98 chiptunes\n var bad = '', sus = 0;\n\n function palmDateToStr(dt, desc) {\n // Palm OS date starts from Jan 1, 1904......\n if (typeof desc != 'string') desc = '';\n var msecs = new Date(1904, 0, 1).getTime() + dt * 1000;\n var date = new Date(msecs);\n if (!isWithin(date.getFullYear(), 1996, 2040) //...but not many file makers seem to have actually known that lol\n && date.getFullYear() != 1907) { // 1907 is courtesy Graffiti Sniper - Golgo 13 xmas cards. The game's from 2001\n msecs = new Date(0).getTime() + (dt * 1000); date = new Date(msecs)\n }\n if (!isWithin(date.getFullYear(), 1996, 2040) && date.getFullYear() != 1907)\n if (isWithin(dt, 1996, 2040))\n return 'y' + dt // some don't even realise it has a format and think it's just the year. (ZioGolf's zgrsc.pdb :D)\n else return ''; //thankfully even with the special snowflakes it's tight enough for detection\n var r = date.toISOString().slice(0, 19);\n return r.slice(0, 4) == '1907' ? '2001' + r.slice(4, 19) : r\n }\n\n const dmHdrAttrBackup = 1, dmHdrAttrLaunchableData = 2;\n var name = X.SA(0, 0x20), nc = charStat(name, true);\n if (nc.indexOf('asc') < 0) return;\n var attr = X.U16(0x20, _BE), v = X.U16(0x22, _BE), dtCre = X.U32(0x24, _BE), dtMod = X.U32(0x28, _BE),\n dtBak = X.U32(0x2C, _BE), modnum = X.U32(0x30, _BE), appinfo = X.U32(0x34, _BE),\n sortinfo = X.U32(0x38, _BE), tp = 'PDB', tp_ = X.SA(0x3C, 4), by = X.SA(0x40, 4);\n var idseed = X.U32(0x44, _BE), nextrec = X.U16(0x48, _BE), numrec = X.U16(0x4C, _BE),\n p = numrec ? 0x4E : 0x50;\n if (!numrec) sus += 3; //useless pdb, or, more realistically, a FP\n if (numrec > 0x7FFF) sus += 2; //haven't seen this many yet...\n if (modnum > 0xFFF) sus += 2; //can't be that many versions, right?\n if (nextrec) { sus++; bad = bad.addIfNone('!baddbdir') } //Palm specs say reject this db (artefacts of pre-v4 OSes)\n if (idseed > 0xFFFFFF) sus++;\n if (!/\\w{3,}/.test(by)) return;\n switch (tp_) {\n case 'appl': tp = 'PRC'; break;\n case 'pqa ': if (by == 'clpr') tp = 'PQA'; else return;\n default:\n if (charStat(X.readBytes(p, 4), true).indexOf('allasc') >= 0) {\n tp = 'PRC'; bad = bad.addIfNone('!badtype' + X.SA(p, 4))\n }\n }\n var dt = palmDateToStr(dtMod, 'mod'), endp, reclen = 8, m = i = 0, mhk = '', uniq = [];\n if (dtMod && dt === '') { sus += 2; bad = bad.addIfNone('!nodate') }\n if (dtCre && palmDateToStr(dtCre, 'cre') === '') sus++;\n if (dtBak && palmDateToStr(dtBak, 'bak') === '') sus++;\n\n if (tp === 'PRC') for (reclen = 10, endp = p + reclen * numrec; p < endp; p += reclen) { // PRC RsrcEntryType\n if (p + 10 > X.Sz()) { /*debug('lookahead shorted out');*/ return }\n var hkhd = X.SA(p, 4), hkid = X.U16(p + 4, _BE), hkofs = X.U32(p + 6, _BE);\n if (!isWithin(hkofs, p, X.Sz()) || !/\\w{3,}/.test(hkhd) || uniq.indexOf(hkofs) >= 0) return;\n uniq.push(hkofs); if (m < hkofs) { m = hkofs; mhk = hkhd }\n if (hkhd === 'tver') sVersion = 'v' + X.SA(m, 0x100).trim()\n }\n else if (tp === 'PDB') for (reclen = 8, endp = p + reclen * numrec; p < endp; p += reclen) { // PDB RecordEntryType\n if (p + 8 > X.Sz()) return;\n var hkofs = X.U32(p, _BE), hkattr = X.U8(p + 4), hkid = X.U24(p + 5, _BE); //the ID is unique. Not in reality though\n if (!isWithin(hkofs, p, X.Sz()) || uniq.indexOf(hkofs) >= 0) return;\n uniq.push(hkofs); if (m < hkofs) m = hkofs\n }\n //else TODO parse PQA reclist\n if (appinfo && !isWithin(appinfo, 0x4E + reclen * numrec, X.Sz())\n || sortinfo && !isWithin(sortinfo, 0x4C + reclen * numrec, X.Sz())\n || appinfo && sortinfo && sortinfo < appinfo) {\n\t\t/*debug('appinfo/sortinfo bad address');*/ return\n }\n\n if (sVersion != '') sVersion = tp_.appendS(sVersion, ' '); else sVersion = tp_;\n if (appinfo && Math.abs(appinfo - p) > 0x10) {\n //_l2r('Palm OS file',p,'appinfo should be '+Hex(appinfo));\n return\n }\n if (sus > 3) return;\n if (tp == 'PRC')\n if (['taic', 'tAIN', 'tver', 'tSTR'].indexOf(mhk) >= 0)\n sz = outSz(X.fSig(m, -1, '00') + 1); //text fields, most end with 0. Some do have 0 padding...\n else if (mhk == 'tSTL') {\n var ll = X.U8(m + 2, _BE), z; m += 4;\n for (i = 0; i < ll && m <= X.Sz(); i++) {\n z = X.fSig(m, TOEOF, \"00\");\n if (z < 0) { bad = bad.addIfNone('!short'); break }\n m = z + 1\n }\n sz = outSz(m)\n }\n else if (['pref'].indexOf(mhk) >= 0) sz = outSz(m + 10);\n else if (X.c(\"'RIFF'........'WAVE'\", m)) sz = outSz(m + X.U32(m + 4) + 8);\n else {\n sz = Hex(Math.max(m, p, appinfo, sortinfo)) + '+' + mhk;\n if (mhk === 'code' && !X.c(\"4E75\", X.Sz() - 2)) bad = bad.addIfNone(\"!noRTSatEoF\")\n }\n else // PDB? PQA?\n sz = Math.max(m, p) + '+' + mhk;\n\n sName = \"Palm OS file (.\" + tp + \")\"; bDetected = true;\n if (sus) bad += '!sus×' + sus;\n if (bad != '') sVersion = sVersion.appendS('malformed' + bad, '/');\n if (X.isVerbose()) {\n sOption(name); sOption(by, 'by:'); sOption(dt, 'lastmod' + (modnum > 1 ? ' (×' + modnum + ')' : '') + ':');\n sOption(Hex(idseed), \"idseed:\")\n if (appinfo) sOption('appinfo'); if (sortinfo) sOption('sortinfo'); sOption(numrec, 'res:'); sOption(sz, 'sz:')\n }\n\n return result()\n}\n/* beautify ignore:end */\n" }, { "path": "db/Binary/format_bin.Python.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: Levis \n// History:\n// Update sign to detect version of Python from 1.0 to 3.4\n// Update sign to detect version of Python from 3.4 to 3.13a1 (by LinXP)\n// Update sign to detect forks of Python and Some other versions (by northkatz)\n// Full info: https://github.com/python/cpython/blob/main/Lib/importlib/_bootstrap_external.py#L463\n// Version history: https://github.com/python/cpython/blob/main/Include/internal/pycore_magic_number.h\n\nmeta(\"format\", \"Python Compiled Module\");\n\nfunction detect() {\n if (Binary.getSize() >= 64) {\n if (Binary.read_uint16(0x02) == 0x0099) {\n bDetected = true;\n switch (Binary.read_uint32(0)) {\n case 0x00999902: sVersion = \"1.0\"; break;\n case 0x00999903: sVersion = \"1.1-1.2\"; break;\n default: return;\n }\n } else if (Binary.read_uint16(0x02) == 0x0A0D && Binary.isSignaturePresent(0x10, 0x100, \"00 00 00 00\")) {\n bDetected = true;\n var magicValue = Binary.read_uint16(0);\n switch (magicValue) {\n case 11913: sVersion = \"1.3\"; break;\n case 5892: sVersion = \"1.4\"; break;\n case 20121: sVersion = \"1.5-1.5.2\"; break;\n case 50428: sVersion = \"1.6\"; break;\n case 50823: sVersion = \"2.0-2.0.1\"; break;\n case 60202: sVersion = \"2.1-2.1.2\"; break;\n case 60717: sVersion = \"2.2\"; break;\n case 62011: sVersion = \"2.3a0\"; break;\n case 62021: sVersion = \"2.3a0\"; break;\n case 62041: sVersion = \"2.4a0\"; break;\n case 62051: sVersion = \"2.4a3\"; break;\n case 62061: sVersion = \"2.4b1\"; break;\n case 62071: sVersion = \"2.5a0\"; break;\n case 62081: sVersion = \"2.5a0\"; break;\n case 62091: sVersion = \"2.5a0\"; break;\n case 62092: sVersion = \"2.5a0\"; break;\n case 62101: sVersion = \"2.5b3\"; break;\n case 62111: sVersion = \"2.5b3\"; break;\n case 62121: sVersion = \"2.5c1\"; break;\n case 62131: sVersion = \"2.5c2\"; break;\n case 62135: sVersion = \"2.5 (Dropbox)\"; break;\n case 62151: sVersion = \"2.6a0\"; break;\n case 62161: sVersion = \"2.6a1\"; break;\n case 62171: sVersion = \"2.7a0\"; break;\n case 62181: sVersion = \"2.7a0\"; break;\n case 62191: sVersion = \"2.7a0\"; break;\n case 62201: sVersion = \"2.7a0\"; break;\n case 62211: sVersion = \"2.7a0\"; break;\n case 62218: sVersion = \"2.7 (PyPy)\"; break;\n case 22138: sVersion = \"2.7 (Pyston)\"; break;\n case 2657: sVersion = \"2.7 (Pyston-0.6.1)\"; break;\n case 3000: sVersion = \"3.0\"; break;\n case 3010: sVersion = \"3.0\"; break;\n case 3020: sVersion = \"3.0\"; break;\n case 3030: sVersion = \"3.0\"; break;\n case 3040: sVersion = \"3.0\"; break;\n case 3050: sVersion = \"3.0\"; break;\n case 3060: sVersion = \"3.0\"; break;\n case 3061: sVersion = \"3.0\"; break;\n case 3071: sVersion = \"3.0\"; break;\n case 3081: sVersion = \"3.0\"; break;\n case 3091: sVersion = \"3.0\"; break;\n case 3101: sVersion = \"3.0\"; break;\n case 3103: sVersion = \"3.0\"; break;\n case 3111: sVersion = \"3.0a4\"; break;\n case 3131: sVersion = \"3.0b1\"; break;\n case 3141: sVersion = \"3.1a1\"; break;\n case 3151: sVersion = \"3.1a1\"; break;\n case 3160: sVersion = \"3.2a1\"; break;\n case 3170: sVersion = \"3.2a2\"; break;\n case 3180: sVersion = \"3.2a3\"; break;\n case 48: sVersion = \"3.2 or 3.2 (PyPy)\"; break;\n case 3187: sVersion = \"3.2 (PyPy)\"; break;\n case 3190: sVersion = \"3.3a1\"; break;\n case 3200: sVersion = \"3.3a1\"; break;\n case 3210: sVersion = \"3.3a1\"; break;\n case 3220: sVersion = \"3.3a2\"; break;\n case 3230: sVersion = \"3.3a4\"; break;\n case 64: sVersion = \"3.3 (PyPy)\"; break;\n case 3250: sVersion = \"3.4a1\"; break;\n case 3260: sVersion = \"3.4a1\"; break;\n case 3270: sVersion = \"3.4a1\"; break;\n case 3280: sVersion = \"3.4a1\"; break;\n case 3290: sVersion = \"3.4a4\"; break;\n case 3300: sVersion = \"3.4a4\"; break;\n case 3310: sVersion = \"3.4rc2\"; break;\n case 3320: sVersion = \"3.5a1\"; break;\n case 3330: sVersion = \"3.5b1\"; break;\n case 3340: sVersion = \"3.5b2\"; break;\n case 3350: sVersion = \"3.5b3\"; break;\n case 3351: sVersion = \"3.5.2\"; break;\n case 112: sVersion = \"3.5 (PyPy)\"; break;\n case 3360: sVersion = \"3.6a0\"; break;\n case 3361: sVersion = \"3.6a1\"; break;\n case 3370: sVersion = \"3.6a2\"; break;\n case 3371: sVersion = \"3.6a2\"; break;\n case 3372: sVersion = \"3.6a2\"; break;\n case 3373: sVersion = \"3.6b1\"; break;\n case 3375: sVersion = \"3.6b1\"; break;\n case 3376: sVersion = \"3.6b1\"; break;\n case 3377: sVersion = \"3.6b1\"; break;\n case 3378: sVersion = \"3.6b2\"; break;\n case 3379: sVersion = \"3.6rc1\"; break;\n case 192: sVersion = \"3.6 (PyPy)\"; break;\n case 160: sVersion = \"3.6.1 (PyPy)\"; break;\n case 3390: sVersion = \"3.7a1\"; break;\n case 3391: sVersion = \"3.7a2\"; break;\n case 3392: sVersion = \"3.7a4\"; break;\n case 3393: sVersion = \"3.7b1\"; break;\n case 3394: sVersion = \"3.7b5\"; break;\n case 240: sVersion = \"3.7 (PyPy)\"; break;\n case 3400: sVersion = \"3.8a1\"; break;\n case 3401: sVersion = \"3.8a1\"; break;\n case 3410: sVersion = \"3.8a1\"; break;\n case 3411: sVersion = \"3.8b2\"; break;\n case 3412: sVersion = \"3.8b2\"; break;\n case 3413: sVersion = \"3.8b4 or 3.8.10 (Graal) or 3.8.12-3.8.16 (PyPy)\"; break;\n case 256: sVersion = \"3.8 (PyPy)\"; break;\n case 21150: sVersion = \"3.8.5 (Graal)\"; break;\n case 3420: sVersion = \"3.9a0\"; break;\n case 3421: sVersion = \"3.9a0\"; break;\n case 3422: sVersion = \"3.9a0\"; break;\n case 3423: sVersion = \"3.9a2\"; break;\n case 3424: sVersion = \"3.9a2\"; break;\n case 3425: sVersion = \"3.9a2 or 3.9.10-3.9.16 (PyPy)\"; break;\n case 336: sVersion = \"3.9 (PyPy)\"; break;\n case 3430: sVersion = \"3.10a1\"; break;\n case 3431: sVersion = \"3.10a1\"; break;\n case 3432: sVersion = \"3.10a2\"; break;\n case 3433: sVersion = \"3.10a2\"; break;\n case 3434: sVersion = \"3.10a6\"; break;\n case 3435: sVersion = \"3.10a7\"; break;\n case 3436: sVersion = \"3.10b1\"; break;\n case 3437: sVersion = \"3.10b1\"; break;\n case 3438: sVersion = \"3.10b1\"; break;\n case 3439: sVersion = \"3.10b1\"; break;\n case 384: sVersion = \"3.10 (PyPy)\"; break;\n case 21280: sVersion = \"3.10 (Graal)\"; break;\n case 3450: sVersion = \"3.11a1\"; break;\n case 3451: sVersion = \"3.11a1\"; break;\n case 3452: sVersion = \"3.11a1\"; break;\n case 3453: sVersion = \"3.11a1\"; break;\n case 3454: sVersion = \"3.11a1\"; break;\n case 3455: sVersion = \"3.11a1\"; break;\n case 3456: sVersion = \"3.11a1\"; break;\n case 3457: sVersion = \"3.11a1\"; break;\n case 3458: sVersion = \"3.11a1\"; break;\n case 3459: sVersion = \"3.11a1\"; break;\n case 3460: sVersion = \"3.11a1\"; break;\n case 3461: sVersion = \"3.11a1\"; break;\n case 3462: sVersion = \"3.11a2\"; break;\n case 3463: sVersion = \"3.11a3\"; break;\n case 3464: sVersion = \"3.11a3\"; break;\n case 3465: sVersion = \"3.11a3\"; break;\n case 3466: sVersion = \"3.11a4\"; break;\n case 3467: sVersion = \"3.11a4\"; break;\n case 3468: sVersion = \"3.11a4\"; break;\n case 3469: sVersion = \"3.11a4\"; break;\n case 3470: sVersion = \"3.11a4\"; break;\n case 3471: sVersion = \"3.11a4\"; break;\n case 3472: sVersion = \"3.11a4\"; break;\n case 3473: sVersion = \"3.11a4\"; break;\n case 3474: sVersion = \"3.11a4\"; break;\n case 3475: sVersion = \"3.11a5\"; break;\n case 3476: sVersion = \"3.11a5\"; break;\n case 3477: sVersion = \"3.11a5\"; break;\n case 3478: sVersion = \"3.11a5\"; break;\n case 3479: sVersion = \"3.11a5\"; break;\n case 3480: sVersion = \"3.11a5\"; break;\n case 3481: sVersion = \"3.11a5\"; break;\n case 3482: sVersion = \"3.11a5\"; break;\n case 3483: sVersion = \"3.11a5\"; break;\n case 3484: sVersion = \"3.11a5\"; break;\n case 3485: sVersion = \"3.11a5\"; break;\n case 3486: sVersion = \"3.11a6\"; break;\n case 3487: sVersion = \"3.11a6\"; break;\n case 3488: sVersion = \"3.11a6\"; break;\n case 3489: sVersion = \"3.11a6\"; break;\n case 3490: sVersion = \"3.11a6\"; break;\n case 3491: sVersion = \"3.11a6\"; break;\n case 3492: sVersion = \"3.11a7\"; break;\n case 3493: sVersion = \"3.11a7\"; break;\n case 3494: sVersion = \"3.11a7\"; break;\n case 3495: sVersion = \"3.11a7\"; break;\n case 416: sVersion = \"3.11 (PyPy)\"; break;\n case 21290: sVersion = \"3.11 (Graal)\"; break;\n case 3500: sVersion = \"3.12a1\"; break;\n case 3501: sVersion = \"3.12a1\"; break;\n case 3502: sVersion = \"3.12a1\"; break;\n case 3503: sVersion = \"3.12a1\"; break;\n case 3504: sVersion = \"3.12a1\"; break;\n case 3505: sVersion = \"3.12a1\"; break;\n case 3506: sVersion = \"3.12a1\"; break;\n case 3507: sVersion = \"3.12a1\"; break;\n case 3508: sVersion = \"3.12a1\"; break;\n case 3509: sVersion = \"3.12a1\"; break;\n case 3510: sVersion = \"3.12a2\"; break;\n case 3511: sVersion = \"3.12a2\"; break;\n case 3512: sVersion = \"3.12a2\"; break;\n case 3513: sVersion = \"3.12a4\"; break;\n case 3514: sVersion = \"3.12a4\"; break;\n case 3515: sVersion = \"3.12a5\"; break;\n case 3516: sVersion = \"3.12a5\"; break;\n case 3517: sVersion = \"3.12a5\"; break;\n case 3518: sVersion = \"3.12a6\"; break;\n case 3519: sVersion = \"3.12a6\"; break;\n case 3520: sVersion = \"3.12a6\"; break;\n case 3521: sVersion = \"3.12a7\"; break;\n case 3522: sVersion = \"3.12a7\"; break;\n case 3523: sVersion = \"3.12a7\"; break;\n case 3524: sVersion = \"3.12a7\"; break;\n case 3525: sVersion = \"3.12b1\"; break;\n case 3526: sVersion = \"3.12b1\"; break;\n case 3527: sVersion = \"3.12b1\"; break;\n case 3528: sVersion = \"3.12b1\"; break;\n case 3529: sVersion = \"3.12b1\"; break;\n case 3530: sVersion = \"3.12b1\"; break;\n case 3531: sVersion = \"3.12b1\"; break;\n case 12897: sVersion = \"3.12 (Rust)\"; break;\n case 3550: sVersion = \"3.13a1\"; break;\n case 3551: sVersion = \"3.13a1\"; break;\n case 3552: sVersion = \"3.13a1\"; break;\n case 3553: sVersion = \"3.13a1\"; break;\n case 3554: sVersion = \"3.13a1\"; break;\n case 3555: sVersion = \"3.13a1\"; break;\n case 3556: sVersion = \"3.13a1\"; break;\n case 3557: sVersion = \"3.13a1\"; break;\n case 3558: sVersion = \"3.13a1\"; break;\n case 3559: sVersion = \"3.13a1\"; break;\n case 3560: sVersion = \"3.13a1\"; break;\n case 3561: sVersion = \"3.13a1\"; break;\n case 3562: sVersion = \"3.13a1\"; break;\n case 3563: sVersion = \"3.13a1\"; break;\n case 3564: sVersion = \"3.13a1\"; break;\n case 3565: sVersion = \"3.13a1\"; break;\n case 3571: sVersion = \"3.13\"; break;\n case 12641: sVersion = \"3.13.0 (Rust)\"; break;\n case 3600: sVersion = \"3.14\"; break;\n case 3627: sVersion = \"3.14rc3\"; break;\n default: sVersion = \"Unknown\";\n }\n\n if (X.isVerbose()) sVersion = sVersion.append(\"magic: \" + magicValue);\n }\n }\n\n sLang = \"Python\";\n\n return result();\n}" }, { "path": "db/Binary/format_bin.SWF.1.sg", "content": "// Detect It Easy: detection rule file\r\n// Author: horsicq \r\n\r\nmeta(\"format\", \"Small Web Format (.SWF)\");\r\n\r\nincludeScript(\"zlib\");\r\n\r\nfunction detect() {\r\n if (Binary.getSize() >= 32 && Binary.compare(\"%% %% %% ?? ?? ?? ?? 00\")) {\r\n switch (Binary.getString(0, 3)) {\r\n case \"FWS\":\r\n sOptions = \"uncompressed\";\r\n bDetected = true;\r\n break;\r\n case \"CWS\":\r\n if (detect_zlib(Binary, 0x08))\r\n bDetected = true;\r\n break;\r\n case \"ZWS\":\r\n sOptions = \"LZMA\";\r\n bDetected = true;\r\n }\r\n\r\n if (bDetected) {\r\n sVersion = Binary.read_uint8(0x03);\r\n }\r\n }\r\n\r\n return result();\r\n}\r\n" }, { "path": "db/Binary/format_bin.VCF.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: Kaens \n\n// https://en.wikipedia.org/wiki/vCard\n// https://www.rfc-editor.org/rfc/rfc6350, 6868, 9554, 9555\nmeta(\"format\", \"vCard/Virtual Contact File (.VCF,.vcard)\");\n\nfunction detect() {\n var ep, vp, sV;\n if ( !X.c(\"'BEGIN:VCARD'0d0a\")\n || (ep=X.fSig(20,0x2000,\"0d0a'END:VCARD'\")) < 20\n || (vp=X.fSig(10,ep,\"0d0a'VERSION:'\")) < 10\n || !/\\d(\\.\\d)?/.test(sV=X.SA(vp+10,3).trim())\n ) return;\n bDetected = true;\n var nV = 2.1;\n const sz = ep+13, st = 11;\n sVersion = 'v'+sV;\n if (X.isVerbose()) {\n if ( X.fSig(st, ep, \"0d0a'GEO:geo:'\") > st || X.fSig(st, ep, \"0d0a'ANNIVERSARY'\") > st\n || X.fSig(st, ep, \"0d0a'CALADRURI'\") > st || X.fSig(st, ep, \"0d0a'CALURI'\") > st\n || X.fSig(st, ep, \"0d0a'CLIENTPIDMAP'\") > st || X.fSig(st, ep, \"0d0a'FBURL'\") > st\n || X.fSig(st, ep, \"0d0a'GENDER'\") > st || X.fSig(st, ep, \"0d0a'PRONOUNS'\") > st\n || X.fSig(st, ep, \"0d0a'KIND'\") > st || X.fSig(st, ep, \"0d0a'MEMBER'\") > st\n || X.fSig(st, ep, \"0d0a'RELATED'\") > st || X.fSig(st, ep, \"0d0a'XML'\") > st)\n nV = 4.0;\n\n if ( X.fSig(st, ep, \"0d0a'CATEGORIES:'\") > st || X.fSig(st, ep, \"0d0a'CLASS:'\") > st\n || X.fSig(st, ep, \"0d0a'IMPP'\") > st || X.fSig(st, ep, \"0d0a'NAME'\") > st\n || X.fSig(st, ep, \"0d0a'NICKNAME'\") > st || X.fSig(st, ep, \"0d0a'PRODID'\") > st\n || X.fSig(st, ep, \"0d0a'PROFILE'\") > st || X.fSig(st, ep, \"0d0a'SORT-STRING'\") > st)\n nV = Math.max(nV, 3.0);\n\n if ( (+sV) < nV || (nV == 4.0 && sV == \"4.0\" && ( X.fSig(st, ep, \"0d0a'LABEL'\") > st\n || X.fSig(st, ep, \"0d0a'SORT-STRING'\") > st )) )\n sOption('version-incompatible fields');\n\n sOption(outSz(sz),'sz:')\n }\n return result();\n}" }, { "path": "db/Binary/format_bin.WindowsIconCacheDB.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: Arjan Onwezen\n\nmeta(\"format\", \"Windows IconCacheDB\");\n\nfunction detect() {\n if (Binary.getSize() >= 20) {\n if (Binary.compare(\"..000000'Win4'\")) {\n bDetected = true;\n switch (Binary.read_uint16(12)) {\n case 6000: sOption(\"Vista (Build 6000)\"); break;\n case 6001: sOption(\"Vista (Build 6001)\"); break;\n case 7600: sOption(\"Windows 7 (Build 7600)\"); break;\n case 7601: sOption(\"Windows 7 (Build 6701)\"); break;\n case 10586: sOption(\"Windows 10 (Build 10586)\"); break;\n default: sOption(\"Unknown version\");\n }\n }\n }\n\n return result();\n}" }, { "path": "db/Binary/format_database.SQLite.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: LinXP\n// doc-ref: https://www.sqlite.org/fileformat.html\n\nmeta(\"format\", \"SQLite 3 database (.SQLITE)\");\n\nfunction detect() {\n if (Binary.compare(\"'SQLite format 3'00\")) {\n bDetected = true;\n\n var nAppID = Binary.read_uint32(0x44, _BE),\n nSQLiteVersionNumber = Binary.read_uint32(0x60, _BE),\n nChangeCount = Binary.read_uint32(0x18, _BE);\n\n var nMajor = nSQLiteVersionNumber / 1000000 >> 0,\n nMinor = (nSQLiteVersionNumber - nMajor * 1000000) / 1000 >> 0,\n nRelease = nSQLiteVersionNumber - (nMajor * 1000000) - (nMinor * 1000) >> 0;\n\n sVersion = nMajor + \".\" + nMinor + \".\" + nRelease;\n\n switch (Binary.read_uint32(0x38, _BE)) {\n case 1: sOption(\"UTF-8\"); break;\n case 2: sOption(\"UTF-16LE\"); break;\n case 3: sOption(\"UTF-16BE\"); break;\n default: return;\n }\n\n if (nAppID && Binary.isVerbose()) {\n sOption(\"AppID: \" + nAppID);\n }\n\n if (nChangeCount && Binary.isVerbose()) {\n sOption(\"Changes: \" + nChangeCount);\n }\n }\n\n return result();\n}" }, { "path": "db/Binary/format_databases.1.sg", "content": "// Detect It Easy: detection rule file\r\n// Authors: hypn0 , Kaens (TG@kaens)\r\n\r\nmeta(\"format\", \"\");\r\n\r\n/* beautify ignore:start */\r\nfunction detect() {\r\n if (Binary.compare(\"00010000'Standard Jet DB'00\")) {\r\n sName = \"Microsoft Access database (.MDB)\";\r\n bDetected = true;\r\n }\r\n\r\n function isDBF() {\r\n // from https://independent-software.com/dbase-dbf-dbt-file-format.html\r\n // & https://www.clicketyclick.dk/databases/xbase/format/dbf.html\r\n // & https://learn.microsoft.com/en-us/windows/win32/intl/code-page-identifiers\r\n nv = X.U8(0); v5 = false;\r\n switch (nv) {\r\n case 0x02: sv = 'FoxBase 1.0'; break;\r\n case 0x03: sv = 'FoxBase 2.x / dBASE III, no memo file'; break;\r\n case 0x04: sv = 'dBASE IV, no memo file'; break;\r\n case 0x05: sv = 'dBASE V, no memo file'; break;\r\n case 0x07: sv = \"VISUAL OBJECTS v1.x for dBase III, no memo file\"; break;\r\n case 0x30: sv = 'Visual FoxPro (possibly with DBC)'; break;\r\n case 0x31: sv = 'Visual FoxPro with auto increment'; break;\r\n case 0x32: sv = 'Visual FoxPro with varchar/varbinary'; break;\r\n case 0x43: sv = 'dBASE IV SQL Table, no memo file / Flagship .dbv memo var size'; break;\r\n case 0x64: sv = 'dBASE IV SQL System, no memo file'; break;\r\n case 0x83: sv = 'FoxBase 2.x / dBASE III+ with memo file'; break;\r\n case 0x87: sv = 'VisualObjects 1.x with memo file'; break;\r\n case 0x8B: sv = 'dBASE IV with memo file'; break;\r\n case 0x8C: sv = 'dBASE V with memo file'; break;\r\n case 0x8E: sv = 'dBASE IV with SQL table'; break;\r\n case 0xB3: sv = '.dbv with memo table'; break;\r\n case 0xCB: sv = 'dBASE IV SQL Table with memo file'; break;\r\n case 0xE5: sv = 'Clipper SIX with memo file'; break;\r\n case 0xF5: sv = 'FoxPro 2 with memo file'; break;\r\n case 0xFB: sv = 'FoxPro 2, no memo file'; break;\r\n default: return false;\r\n }\r\n if (nv == 2) {\r\n recc = X.U16(1); if (!recc) return false; recsz = X.U16(6); if (!recsz) return false;\r\n hdrsz = 0x209; rectp = 8; enc = 'IBM437';\r\n } else {\r\n y = X.U8(1); if (y < 80) y += 2000; else y += 1900; m = X.U8(2); d = X.U8(3);\r\n if (X.c('000000', 1)) { upd = 'never' } else {\r\n if (!isWithin(y, 1970, 2100) || !isWithin(m, 1, 12) || !isWithin(d, 1, 31)) return false;\r\n upd = y + '-' + m.padStart(2, '0') + d.padStart(2, '0')\r\n }\r\n recc = X.U32(4); if (!recc) return false;\r\n hdrsz = X.U16(8); recsz = X.U16(0xA); if (hdrsz < 0x20 || !recsz) return false;\r\n res0 = X.U24(0xC); res1 = X.readBytes(0xF, 13); res2 = X.U32(0x1C);\r\n if ([4, 0x8C].indexOf(nv) >= 0) {\r\n rectp = 0x44; enc = 'CP' + X.SA(0x22, 3); if (isWithin((t = X.SA(0x25, 1)), '0', '9')) enc += t;\r\n if (enc == 'CPKOI8') enc += X.SA(0x26, 1); v5 = true\r\n } else {\r\n rectp = 0x20;\r\n switch (X.U8(0x1D)) {\r\n case 0x02: enc = 'CP850'; break; //DOS Multilingual\r\n case 0x03: enc = 'CP1252'; break; //Windows ANSI\r\n case 0x04: enc = 'CP10000'; break; //aka. 'macintosh', MAC Roman/W.European Mac\r\n case 0x64: enc = 'CP852'; break; //Eastern-European MS-DOS\r\n case 0x65: enc = 'CP865'; break; //Nordic MS-DOS\r\n case 0x66: enc = 'CP866'; break; //Russian MS-DOS\r\n case 0x67: enc = 'IBM861'; break; //Icelandic MS-DOS\r\n //case 0x68: enc = 'Kamenicky (Czech) MS-DOS'; break;\r\n //case 0x69: enc = 'Mazovia (Polish) MS-DOS'; break;\r\n case 0x6A: enc = 'IBM737'; break; //Greek MS-DOS (aka. 437G)\r\n case 0x6B: enc = 'IBM857'; break; //Turkish MS-DOS\r\n case 0x96: enc = 'CP10007'; break; // aka. 'x-mac-cyrillic', Russian Mac\r\n case 0x97: enc = 'CP10029'; break; // aka. 'x-mac-ce', MAC Latin 2/C.European Mac\r\n case 0x98: enc = 'CP10006'; break; //aka. 'x-mac-greek', Greek Mac\r\n case 0xC8: enc = 'CP1250'; break; //C.European Windows\r\n case 0xC9: enc = 'CP1251'; break; //Russian Windows\r\n case 0xCA: enc = 'CP1254'; break; //Turkish Windows\r\n case 0xCB: enc = 'CP1253'; break; //Greek Windows\r\n case 0x01: default: enc = 'IBM437' //OEM US\r\n }\r\n }\r\n //TODO check res* depending on version\r\n }\r\n validC = ['C', 'N', 'L', 'D', 'M', 'F', 'B', 'G', 'P', 'Y', 'T', 'I', 'V', 'X', '@', 'O', '+', '0'];\r\n fldc = 0; totalfldsz = 1 /* we begin with a deletion flag */; p = rectp; old = [0, 1];\r\n while (X.U8(p) != 0xD && p < hdrsz) {\r\n var name = X.readBytes(p, v5 ? 0x1F : 11); ns = charStat(name, 1);\r\n // _log('fld#'+fldc+' @'+Hex(p)+': '+decEncoding(name,CP866)+' (ns=['+ns+'])')\r\n if (!name[0] || (ns.indexOf('allxsc') < 0 && ns.indexOf('allforeign') < 0)) return false;\r\n tp = X.SA(v5 ? p + 0x20 : p + 0xB, 1); if (validC.indexOf(tp) < 0) return false;\r\n if (nv == 2) fldst = X.U16(p + 0xD); else if (v5) fldst = 0; else fldst = X.U32(p + 0xC);\r\n fldsz = X.U8(nv == 2 ? p + 0xC : v5 ? p + 0x21 : p + 0x10); if (!fldsz) return false;\r\n // _log(' sz:'+fldsz+', old: '+old+'; '+old[0]+'+'+Hex(old[1])+' = '+Hex(old[0]+old[1])+' ?? '+Hex(fldst))\r\n if (old[0] && fldst && old[0] + old[1] != fldst) return false; old = [fldsz, fldst];\r\n totalfldsz += fldsz;\r\n decn = X.U8(nv == 2 ? p + 0xF : p + 0x11);\r\n if (tp === 'N' && decn > fldsz) return false;\r\n fldc++; p += nv == 2 ? 0x10 : v5 ? 0x30 : 0x20;\r\n if (charStat(name.slice(0, name.indexOf(0)), 1).indexOf('foreign') >= 0\r\n && enc == \"IBM437\") enc = \"CP1251\"; // pesky Russians?\r\n }\r\n // _log('@'+Hex(p)+': '+fldc+' fields total size '+totalfldsz+' vs. '+recsz)\r\n if (totalfldsz - recsz != 0) return false;\r\n del = 0; if (X.isDeepScan()) {\r\n p = hdrsz; for (i = 0; i < recc; i++, p += recc) if (X.U8(p) == 0x2A) del++\r\n }\r\n sz = hdrsz + recc * recsz; if (X.U8(sz) == 0x1A) sz++;\r\n return sz <= X.Sz() || X.isHeuristicScan()\r\n }\r\n if (!bDetected && isDBF()) {\r\n sName = \"dBase Database (.DBF)\"; sVersion = sv; bDetected = true;\r\n if (X.isVerbose()) {\r\n sOption('fld:' + fldc + ' rec: ' + recc + (del ? '(* ' + del + ')' : '') + ' enc: ' + enc + ' sz: ' + outSz(sz))\r\n }\r\n }\r\n\r\n return result();\r\n}\r\n/* beautify ignore:end */\r\n" }, { "path": "db/Binary/format_doc.CHM.1.sg", "content": "// Detect It Easy: detection rule file\r\n// Author: horsicq \r\n// Authors:\r\n// sendersu (sendersu on exelab.ru),\r\n// Kaens (TG @kaens)\r\n\r\nmeta(\"format\", \"Microsoft Compiled HTML Help\");\r\n\r\nfunction detect() {\r\n if (Binary.compare(\"'ITSF'..000000\")) {\r\n bDetected = true;\r\n sVersion = Binary.read_int32(4, _LE);\r\n sOption(Binary.read_uint32(0x14, _LE), \"LangID: \");\r\n }\r\n\r\n return result();\r\n}\r\n" }, { "path": "db/Binary/format_doc.DJVU.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: Kaens TG@kaens\n\nmeta(\"format\", \"DjVu document (.DJVU)\");\n\nfunction detect() {\n var sdjv = false;\n if (X.c(\"'AT&TFORM'\"))\n if (X.c(\"'DJVM'........00\", 12)) sVersion = 'multi-page';\n else if (X.c(\"'DJVU'........00\", 12)) sVersion = 'single-page';\n else if (X.c(\"'DJVI'........00\", 12)) sVersion = 'multi-file';\n else if (X.c(\"'THUMTH44'\", 12)) sVersion = 'thumbnails';\n else return false;\n else if (X.c(\"'SDJVFORM'\")) {\n sName = \"Secure \" + sName;\n sdjv = true\n } else return false;\n bad = \"\";\n sz = X.U32(8, _BE) + 12;\n if (X.Sz() < sz) bad = bad.addIfNone('!short');\n if (X.isDeepScan() && !sdjv) { //can't say I've ever seen an sdjv so nothing to test on\n var compfiles = minw = minh = mindpi = mingm = 0xFFFFFFFF,\n maxw = maxh = maxdpi = maxgm = 0;\n p = 0x10;\n while (p < sz) {\n hkhd = X.SA(p, 4);\n hksz = X.U32(p + 4, _BE);\n p += 8;\n //_log('@'+Hex(p-8)+':'+hkhd);\n switch (hkhd) {\n case 'INFO':\n sVersion = sVersion.appendS('image', '/');\n break;\n case 'NAVM':\n if (X.isVerbose()) sOptions = sOptions.addIfNone(' bookmarks,');\n break;\n case 'ANTa':\n case 'ANTz':\n if (X.isVerbose()) sOptions = sOptions.addIfNone('annotated,');\n break;\n case 'DIRM':\n compfiles = X.U16(p + 1);\n break;\n case 'FORM':\n if (!X.c(\"'DJV'\", p) && !X.c(\"'THUM'\", p)) { _log('bad subchunk ' + X.SA(p, 8)); return false }\n q = p + 4;\n while (q < p + hksz) {\n shd = X.SA(q, 4);\n ssz = X.U32(q + 4, _BE);\n q += 8;\n if (q + ssz > p + hksz) { bad = bad.addIfNone('!short'); break }\n switch (shd) {\n case 'INFO':\n var w = X.U16(q, _BE),\n h = X.U16(q + 2, _BE),\n dpi = X.U16(q + 6, _LE /*yes*/),\n gm = X.U8(q + 8);\n if (w < minw) minw = w;\n if (w > maxw) maxw = w;\n if (h < minh) minh = h;\n if (h > maxh) maxh = h;\n if (dpi < mindpi) mindpi = dpi;\n if (dpi > maxdpi) maxdpi = dpi;\n if (gm < mingm) mingm = gm;\n if (gm > maxgm) maxgm = gm;\n break;\n case 'INCL':\n //if(X.isVerbose()) sOptionT(X.SA(q,ssz),'includes '); //included filenames, normally too many\n break;\n case 'TXTa':\n case 'TXTz':\n if (X.isVerbose()) sOptions = sOptions.addIfNone('text&layoutinfo,');\n break;\n case 'Djbz':\n case 'Sjbz':\n case 'FG44':\n case 'BG44':\n case 'TH44':\n case 'WMRM':\n case 'FGbz':\n case 'BGjp':\n case 'FGjp':\n case 'Smmr':\n break;\n }\n q += ssz;\n if (q % 2) q++\n }\n break;\n default:\n bad = bad.addIfNone('!badchunk<' + hkhd + '>@' + Hex(p - 8));\n }\n p += hksz;\n if (p % 2) p++\n }\n }\n if (sOptions.length && sOptions[sOptions.length - 1] == ',') sOptions = sOptions.slice(0, sOptions.length - 1);\n bDetected = true;\n if (bad != '') sVersion = sVersion.appendS('malformed' + addEllipsis(bad, 0x80, 0x40), '/')\n if (X.isVerbose()) {\n if (X.isDeepScan()) {\n sOption((minw != maxw ? '[' + minw + '~' + maxw + ']' : minw) + '×' +\n (minh != maxh ? '[' + minh + '~' + maxh + ']' : minh));\n sOption((mindpi != maxdpi ? '[' + mindpi + '~' + maxdpi : mindpi), '', 'dpi');\n sOption('gamma ' + (mingm != maxgm ? '[' + (mingm / 10).toFixed(1) + '~' + (maxgm / 10).toFixed(1) + ']' :\n (mingm / 10).toFixed(1)));\n }\n sOption(outSz(sz), 'sz:')\n }\n\n return result();\n}" }, { "path": "db/Binary/format_doc.HLP.1.sg", "content": "// Detect It Easy: detection rule file\r\n// Author: horsicq \r\n\r\nmeta(\"format\", \"MS Help\");\r\n\r\nfunction detect() {\r\n if (Binary.compare(\"3f5f0300\")) {\r\n bDetected = true;\r\n }\r\n\r\n return result();\r\n}\r\n" }, { "path": "db/Binary/format_doc.PDF.1.sg", "content": "// Detect It Easy: detection rule file\r\n// Author: horsicq \r\n\r\nmeta(\"format\", \"PDF\");\r\n\r\nfunction detect() {\r\n if (/^\\%PDF-\\d+\\.\\d+/.test(File.read_ansiString(0, 10))) {\r\n sVersion = File.getString(5, 3);\r\n bDetected = true;\r\n\r\n var c = 0;\r\n for (i = 8; i < 15; i++)\r\n if (File.read_uint8(i) & 0x80) c++;\r\n\r\n if (c) sOptions = \"binary data\";\r\n }\r\n\r\n return result();\r\n}\r\n" }, { "path": "db/Binary/format_doc.RTF.1.sg", "content": "// Detect It Easy: detection rule file\r\n// Author: horsicq \r\n\r\nmeta(\"format\", \"RTF\");\r\n\r\nfunction detect() {\r\n if (/^{\\\\rtf1?/.test(File.read_ansiString(0, 6))) {\r\n bDetected = true;\r\n for (var i = 4; i < Math.min(File.getSize(), 0x100); i++)\r\n if (File.read_uint8(i) & 0x80) { return; }\r\n }\r\n\r\n return result();\r\n}\r\n" }, { "path": "db/Binary/format_iCalender.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: BJNFNE \n\n// https://icalendar.org/\nmeta(\"format\", \"iCalendar (.ICS)\");\n\nfunction detect() {\n if (Binary.compare(\"42 45 47 49 4E 3A 56 43 41 4C 45 4E 44 41 52\")) {\n var utf = Binary.getString(33, 5).trim();\n\n if (/^[A-Z0-9/-]{5}$/.test(utf)) {\n if (X.isVerbose()) sOptions = utf;\n bDetected = true;\n }\n }\n\n return result();\n}" }, { "path": "db/Binary/format_img.VM.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 & Arjan Onwezen\n\nmeta(\"format\", \"VMWare Virtual Disk (VMDK)\");\n\nfunction detect() {\n if (Binary.compare(\"'KDMV'01\") || Binary.compare(\"'KDMV'02\") || Binary.compare(\"'KDMV'03\")) {\n sVersion = File.read_uint8(4);\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/Binary/format_text.RegistryFile.sg", "content": "// Detect It Easy: detection rule file\n// Author: Arjan Onwezen\n\nmeta(\"format\", \"Registry file\");\n\nfunction detect() {\n if (Binary.compare(\"'REGEDIT4'0D 0A 0D 0A\")) {\n bDetected = true;\n sVersion = \"4.0\";\n } else if (Binary.compare(\"'Windows Registry Editor Version 5.00'0D 0A 0D 0A\")) {\n bDetected = true;\n sVersion = \"5.0\";\n } else if (Binary.compare(\"FF FE 57 00 69 00 6E 00 64 00 6F 00 77 00 73 00 20 00 52 00 65 00 67 00 69 00 73 00 74 00 72 00 79 00 20 00 45 00 64 00 69 00 74 00 6F 00 72 00 20 00 56 00 65 00 72 00 73 00 69 00 6F 00 6E 00 20 00 35 00 2E 00 30 00 30 00 0D 00 0A 00 0D 00 0A 00\")) {\n bDetected = true;\n sVersion = \"5.0\";\n sOption(\"UTF-16LE\");\n }\n\n return result();\n}" }, { "path": "db/Binary/format_text.pdb.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: Kaens (TG @kaens)\n\nmeta(\"format\", \"Protein Data Bank file\");\n\nfunction detect() {\n if (Binary.compare(\"'HEADER'\") && (Binary.isHeuristicScan() || extIs(\"pdb\"))) {\n //ref http://www.wwpdb.org/documentation/file-format-content/format33/sect1.html\n L = ['', '', '', '', ''];\n ttl = '';\n L[0] = Binary.read_ansiString(0, Binary.findSignature(0, 81, \"0A\"));\n if (/[\\x20-\\x7F]{65,}/.test(L[0])) {\n bDetected = true;\n if (Binary.isVerbose()) {\n p = L[0].length + 1;\n for (i = 1; i < L.length; i++) {\n L[i] = Binary.read_ansiString(p, Binary.findSignature(p, 81, \"0A\") - p);\n p += L[i].length + 1;\n }\n for (i = 0; i < L.length; i++) {\n switch (L[i].substr(0, 6)) {\n case \"HEADER\":\n sOptionT(L[i].substr(10, 40), \"Classification: \");\n sOptionT(L[i].substr(62, 10), \"ID: \"); //4 is the format, but 10 for future-proofing\n sOptionT(L[i].substr(50, 9), \"dep. \");\n break;\n case \"TITLE \":\n ttl += ' ' + L[i].substr(10, 70).trim();\n break;\n }\n }\n sOptionT(ttl, \"Title: \")\n }\n }\n }\n\n return result();\n}" }, { "path": "db/Binary/format_text.plaintext.3.sg", "content": "// Detect It Easy: detection rule file\r\n// Author: horsicq \r\n\r\nmeta(\"format\", \"Plain text\");\r\n\r\nfunction detect() {\r\n if (Binary.isPlainText()) {\r\n var sText = Binary.getString(0, Math.min(Binary.getSize(), 3));\r\n // UTF-8 BOM.\r\n if (/^\\xef\\xbb\\xbf/.test(sText)) {\r\n sName = \"UTF-8 text\";\r\n }\r\n\r\n var size = Binary.getSize() < 4096 ? Binary.getSize() : 4096,\r\n pos = Binary.findByte(0, size, 10);\r\n\r\n if (pos !== -1) {\r\n sOptions = (pos != 0 && Binary.readByte(pos - 1) == 13) || (pos + 1 < Binary.getSize() && Binary.readByte(pos + 1) == 13) ? \"CRLF\" : \"LF\";\r\n } else if (Binary.findByte(0, size, 13) != -1) {\r\n sOptions = \"CR\";\r\n }\r\n\r\n bDetected = true;\r\n }\r\n\r\n return result();\r\n}\r\n" }, { "path": "db/Binary/format_video.BIK.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: BJNFNE \n\n// https://wiki.multimedia.cx/index.php/Bink_Video\nmeta(\"format\", \"Bink Video\");\n\nfunction detect() {\n if (Binary.compare(\"'BIK'........00....0000....0000\")) {\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/Binary/format_video.BK2.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: BJNFNE \n\n// https://www.radgametools.com/bnkmain.htm\n// https://filext.com/file-extension/BK2\nmeta(\"format\", \"BinkMovie\");\n\nfunction detect() {\n if (Binary.compare(\"'KB2'00\")) {\n sVersion = \"2.0\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/Binary/format_video.FLV.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: Tembo (http://tembolab.pl/products/executable-image-viewer.html)\n\nmeta(\"format\", \"Flash Video\");\n\nfunction detect() {\n if (Binary.getSize() > 37) {\n if (Binary.compare(\"'FLV'\") && Binary.compare(\"'onMetaData'\", 27)) {\n bDetected = true;\n }\n }\n\n return result();\n}" }, { "path": "db/Binary/format_video.MOV.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: BJNFNE \n\n// https://en.wikipedia.org/wiki/QuickTime_File_Format\n// https://developer.apple.com/documentation/quicktime-file-format/movie_data_atom\nmeta(\"format\", \"QuickTime Movie\");\n\nfunction detect() {\n if (Binary.compare(\"........'moov'\")) {\n var codec = Binary.getString(11, 5).trim();\n\n if (/^[a-z]{5}$/.test(codec)) {\n sOptions = codec;\n bDetected = true;\n }\n\n } else if (Binary.compare(\"........6d646174\")) {\n sOptions = \"Movie data atom\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/Binary/format_video.MP4.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: A.S.L - 2019\n\nmeta(\"format\", \"MP4 Video\");\n\nfunction detect() {\n if (Binary.getSize() > 100) {\n if (Binary.compare(\"000000..'ftyp'\")) {\n sOptions = Binary.getString(16); // example : isomiso2avc1mp41 / isomavc1 / isom\n bDetected = true;\n }\n }\n\n return result();\n}" }, { "path": "db/Binary/format_video.Matroska.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: BJNFNE \n\n// https://wiki.multimedia.cx/index.php/Matroska\nmeta(\"format\", \"Matroska Video (.MKV)\");\n\nfunction detect() {\n if (Binary.compare(\"1a45dfa3a34286810142f7810142f2810442f38108428288'matroska'\")) {\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/Binary/format_video.RobotAnimation.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: BJNFNE \n\n// https://wiki.multimedia.cx/index.php/Robot_Animation\nmeta(\"format\", \"Robot Animation\");\n\nfunction detect() {\n if (Binary.compare(\"1600534f4c00\")) {\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/Binary/format_video.Smacker.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: BJNFNE \n\n// https://wiki.multimedia.cx/index.php/Smacker\nmeta(\"format\", \"Smacker Video\");\n\nfunction detect() {\n if (Binary.compare(\"'SMK2'....0000\")) {\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/Binary/format_video.VMD.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: BJNFNE \n\n// https://wiki.multimedia.cx/index.php/VMD\nmeta(\"format\", \"Video and Media Data (.VMD)\");\n\nfunction detect() {\n if (Binary.compare(\"2e03000001\")) {\n sVersion = \"Adi2/Adibou1/Playtoons/Woodruff\";\n sOptions = \"Video+Sound\";\n bDetected = true;\n } else if (Binary.compare(\"2e0300000700a4030000000040018800011002003003000069763332\")) { // 69763332 = iv32\n sOptions = \"Indeo 3 (compressed)\";\n sVersion = \"3.24.01.01\";\n bDetected = true;\n } else if (Binary.compare(\"2e0302000700........00004001f000000001003003000049563332\")) { // 49563332 = IV32\n sOptions = \"Indeo 3 (compressed)\";\n sVersion = \"3.24.15.03\";\n bDetected = true;\n } else if (Binary.compare(\"2e030105000200000000008007e001\")) {\n bDetected = true;\n } else if (Binary.compare(\"2e03..000100....000000008002\")) {\n sOptions = \"Video+Sound\";\n sVersion = \"Adi4/Adibou2\";\n bDetected = true;\n } else if (Binary.compare(\"2e030200000015\")) {\n sOptions = \"Adibou2 (Sciences)\";\n bDetected = true;\n } else if (Binary.compare(\"2e0302000000..000000000000000000001101004403\")) {\n sOptions = \"Sound only\";\n sVersion = \"Adiboud'chou\";\n bDetected = true;\n } else if (Binary.compare(\"2e0302000d00\")) {\n sOptions = \"Video+Sound\";\n sVersion = \"Adibou2 (Sciences)/Adi4\";\n bDetected = true;\n } else if (Binary.compare(\"3200..000000\")) {\n sOptions = \"Sound only\";\n sVersion = \"Adi5/Adibou3\";\n bDetected = true;\n } else if (Binary.compare(\"2e0302001d00..00..00..00\")) {\n sOptions = \"Video+Sound\";\n bDetected = true;\n } else if (Binary.compare(\"2e0302..........00000000000000000010..003003\")) {\n sOptions = \"Sound only\";\n bDetected = true;\n } else if (Binary.compare(\"32000200..00..0000000000..00..00......0034\")) {\n sOptions = \"Animation only\";\n sVersion = \"Adibou3\";\n bDetected = true;\n } else if (Binary.compare(\"2e0301000100........................02003003\")) {\n sOptions = \"Animation+Sound\";\n sVersion = \"Adibou2\";\n bDetected = true;\n } else if (Binary.compare(\"2e0301000100......................1001003003\")) {\n sOptions = \"Sound only\";\n sVersion = \"Adibou2\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/Binary/formats.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 , LinXP\n\nmeta(\"format\");\n\nincludeScript(\"zlib\");\n\nfunction detect() {\n var TrueTypeTags = [];\n TrueTypeTags['BASE'] =\n TrueTypeTags['cmap'] =\n TrueTypeTags['DSIG'] =\n TrueTypeTags['EBDT'] =\n TrueTypeTags['Feat'] =\n TrueTypeTags['FFTM'] =\n TrueTypeTags['GDEF'] =\n TrueTypeTags['GPOS'] =\n TrueTypeTags['GSUB'] =\n TrueTypeTags['LTSH'] =\n TrueTypeTags['OS/2'] = 1;\n\n if (Binary.compare(\"950412de00000000\") || Binary.compare(\"de12049500000000\")) {\n sName = \"GNU Gettext Machine Object (.MO)\";\n } else if (TrueTypeTags[Binary.getString(0xC, 4)]) {\n sName = \"TrueType font (.TTF)\";\n } else if (Binary.compare(\"f702018392c01c3b\")) {\n sName = \"Device Independent Document (.DVI)\";\n } else if (Binary.compare(\"31be000000ab0000\") || Binary.compare(\"32be000000ab0000\")) {\n sName = \"Windows Write document (.WRI)\";\n } else if (Binary.compare(\"'MICROSOFT PIFEX'0087010000\", 0x171)) {\n sName = \"Microsoft Program Information (.PIF)\";\n } else if (Binary.compare(\"4c0000000114020000000000c000000000000046\")) {\n sName = \"Windows Shortcut (.LNK)\";\n } else if (Binary.compare(\"'Zinc Data File Version'\")) {\n sName = \"Zinc Data (.DAT)\";\n } else if (Binary.compare(\"00010000'Jet System DB '00\")) {\n sName = \"Microsoft Access Workgroup Information (.MDW)\";\n } else if (Binary.compare(\"dca5..00..................00000000\") || Binary.compare(\"eca5c100..................00000000\")) {\n sName = \"Microsoft Word 2 document\";\n } else if (Binary.compare(\"'OTTO'................'CFF '\")) {\n sName = \"OpenType - CFF compact font (.OTF)\";\n } else if (Binary.compare(\"3cb86418caef9c95\")) {\n sName = \"Qt Message (.QM)\";\n } else if (Binary.compare(\"'SIB file: TsiLang binary translation data'\")) {\n sName = \"TsiLang binary translation data (.SIB)\";\n } else if (Binary.compare(\"......00..........000200\") && Binary.compare(\"00'LP'\", 0x21)) {\n sName = \"Embedded OpenType font (.EOT)\";\n } else if (Binary.compare(\"d4c3b2a1020004\")) {\n sName = \"TCPDUMP's style capture (.ACP/PCAP)\";\n } else if (Binary.compare(\"'HSP'\")) {\n sName = \"OS/2 help file\";\n } else if (Binary.compare(\"'LN'0200\")) {\n sName = \"Quick Help\";\n } else if (Binary.compare(\"'MZIP'\")) {\n sName = \"MZIP archive\";\n } else if (Binary.compare(\"'Kaydara FBX Binary '00\")) {\n sName = \"Kaydara FBX Binary (.FBX)\";\n sVersion = Binary.read_uint16(0x17);\n } else if (Binary.compare(\"89'FCP'0D0A1A0A\")) {\n sName = \"High-Logic FontCreator Project (.FCP)\";\n sVersion = Binary.read_uint16(0x08) + \".\" + Binary.read_uint16(0x0A);\n detect_zlib(Binary, 0x14 + Binary.read_uint32(0x10) * 0x11 + 0x0C);\n } else if (Binary.compare(\"'XALZ'\")) {\n sName = \"Xamarin Compressed DLL\";\n sOptions = sOptions.append(\"LZ4 compression\", \"Index:\" + Binary.read_uint32(0x4), \"Original size:\" + Binary.read_uint32(0x8))\n }\n\n bDetected = bDetected || Boolean(sName);\n\n return result();\n}" }, { "path": "db/Binary/graphics.1.sg", "content": "// Detect It Easy: detection rule file\r\n// Authors: hypn0 , Kaens (TG@kaens)\r\n\r\nmeta(\"image\");\r\n\r\nfunction detect() {\r\n if (Binary.compare(\"d7cdc69a0000\")) {\r\n sName = \"Windows MetaFile (.WMF)\";\r\n } else if (Binary.compare(\"ff4fff51002f0000\")) {\r\n sName = \"JPEG-2000 Code Stream (.JP2)\";\r\n } else if (Binary.compare(\"0000000C6A50....................'ftypjp2'..........'jp2'20\")) {\r\n sName = \"LuraWave JPEG-2000 (.JP2)\";\r\n } else if (Binary.compare(\"'P4'0a\")) {\r\n sName = \"Unix Portable BitMap (.PBM)\";\r\n } else if (Binary.compare(\"'P5'0a\") || Binary.compare(\"'P6'0a\")) {\r\n sName = \"Portable BitMap Package (.PPM)\";\r\n } else if (Binary.compare(\"01da010100\")) {\r\n sName = \"Silicon Graphics bitmap (.SGI)\";\r\n } else if (Binary.compare(\"010009000003............................................'WMFC'\")) {\r\n sName = \"Windows Metafile (old Win 3.x format) (.WMF)\";\r\n } else if (Binary.compare(\"01000000640000000000000000000000\") && Binary.compare(\"'EMF'000001\", 0x29)) {\r\n sName = \"Windows Enhanced Metafile (.EMF)\";\r\n } else if (Binary.compare(\"'WGq'\")) {\r\n sName = \"Liar-soft Windows Computer Graphics image (.WCG)\";\r\n }\r\n\r\n bDetected = bDetected || Boolean(sName);\r\n\r\n return result();\r\n}\r\n" }, { "path": "db/Binary/image.PNG.1.sg", "content": "// Detect It Easy: detection rule file\r\n// Authors: LinXP, Kae (TG@kaens)\r\n// doc-ref: http://www.libpng.org/pub/png/spec/1.2/PNG-Contents.html\r\n\r\nmeta(\"image\");\r\n\r\nfunction detect() {\r\n if (File.compare(\"89'PNG'0D0A1A0A........'IHDR'\")) {\r\n bDetected = true;\r\n sName = \"Portable Network Graphics (.PNG)\";\r\n ct = File.read_uint8(0x19);\r\n switch (ct) {\r\n case 0: sOption(\"grey\"); break;\r\n case 2: sOption(\"RGB\"); break;\r\n case 3: sOption(\"indexed\"); break;\r\n case 4: sOption(\"grey+alpha\"); break;\r\n case 6: sOption(\"RGBA\"); break;\r\n default: sOption(\"unk.colour type\");\r\n }\r\n if (File.read_uint8(0x1C)) sOption(\"interlaced\");\r\n if (File.compare(\"00000008'acTL'\", 0x21)) { }\r\n if (File.isVerbose()) {\r\n var p = 8,\r\n col = 0,\r\n end = simplea = musthaveplte = false,\r\n w = h = \"?\",\r\n af = icc = title = auth = desc = timestamp = sw = warn = cmt = sd = \"\";\r\n mainloop: while (!end && p < File.getSize()) {\r\n hksz = File.read_uint32(p, _BE);\r\n hkhd = File.read_ansiString(p + 4, 4);\r\n if (p + 12 + hksz > File.getSize()) { sVersion += \"!short\"; break }\r\n // the CRC algo in DiE seems to be different for this:\r\n // crc = File.calculateCRC32(p,8+hksz); ccrc = File.read_uint32(p+8+hksz,_BE);\r\n // if(crc != ccrc) sVersion += \"!badchunk \"//+hkhd+\"@\"+Hex(p);\r\n p += 8;\r\n switch (hkhd) {\r\n case \"IEND\":\r\n end = true;\r\n break;\r\n case \"IHDR\":\r\n w = File.read_uint32(p, _BE);\r\n h = File.read_uint32(p + 4, _BE);\r\n col = 1 << File.read_uint8(p + 8);\r\n musthaveplte = File.read_uint8(p + 9) == 3;\r\n break;\r\n case \"PLTE\":\r\n musthaveplte = false;\r\n break;\r\n case \"tRNS\":\r\n simplea = true;\r\n break;\r\n case \"iCCP\":\r\n icc = File.read_codePageString(p, 79, \"CP850\");\r\n break;\r\n case \"iTXt\":\r\n case \"tEXt\":\r\n var i = p;\r\n if (hkhd === \"iTXt\") {\r\n t1 = File.read_codePageString(i, 79, \"CP850\").toLowerCase();\r\n i += t1.length + 1;\r\n if (!File.read_uint8(i += 2)) break; //not messing with compressed tags\r\n t = File.read_codePageString(i, 0x100, \"CP850\");\r\n i += t.length + 1; //language tag\r\n t = File.read_codePageString(i, 0x100, \"CP850\");\r\n i += t.length + 1; //translated keyword\r\n t2 = File.read_utf8String(i, hksz - i);\r\n } else {\r\n t1 = File.read_codePageString(p, 79, \"CP850\").toLowerCase();\r\n i += t1.length + 1;\r\n t2 = File.read_codePageString(i, hksz - i, \"CP850\")\r\n }\r\n _log(\"t1:\" + t1.slice(0, 4));\r\n switch (t1) {\r\n case \"title\":\r\n title = t2;\r\n break;\r\n case \"author\":\r\n auth = t2;\r\n break;\r\n case \"description\":\r\n desc = t2;\r\n break;\r\n case \"creation time\":\r\n timestamp = t2;\r\n break;\r\n case \"software\":\r\n sw = t2;\r\n break;\r\n case \"warning\":\r\n warn = t2;\r\n break;\r\n case \"comment\":\r\n cmt = t2;\r\n break;\r\n default:\r\n if (t1.slice(0, 4) == \"xml:\") desc = desc.append(\"XML info found\")\r\n }\r\n break;\r\n case \"sBIT\":\r\n switch (ct) {\r\n case 0:\r\n sd = File.read_uint8(p);\r\n break;\r\n case 2:\r\n case 3:\r\n sd = \"R\" + File.read_uint8(p) + \"G\" + File.read_uint8(p + 1) +\r\n \"B\" + File.read_uint8(p + 2);\r\n break;\r\n case 4:\r\n sd = \"g\" + File.read_uint8(p) + \"a\" + File.read_uint8(p + 1);\r\n break;\r\n case 6:\r\n sd = \"R\" + File.read_uint8(p) + \"G\" + File.read_uint8(p + 1) +\r\n \"B\" + File.read_uint8(p + 2) + \"a\" + File.read_uint8(p + 3);\r\n break;\r\n }\r\n case \"tIME\":\r\n timestamp = \"UTC\" + File.read_uint16(p, _BE) + \"-\" +\r\n File.read_uint8(p + 2) + \"-\" + File.read_uint8(p + 3) + \"T\" +\r\n File.read_uint8(p + 4) + \":\" + File.read_uint8(p + 5) + \":\" + File.read_uint8(p + 6);\r\n break;\r\n case \"acTL\":\r\n sName = \"Animated Portable Network Graphics (.PNG)\";\r\n af = Binary.read_uint32(p, _BE);\r\n break;\r\n default:\r\n for (i = 0; i < 4; i++) {\r\n var c = hkhd[i];\r\n if (c < 'A' || (c > 'Z' && c < 'a') || c > 'z') { sVersion += \"!badchunkheader\"; break }\r\n }\r\n }\r\n p += 4 + hksz;\r\n }\r\n if (musthaveplte) sVersion += \"!badpalette\";\r\n if (!end) sVersion += \"!noIEND\";\r\n sOption(w + \"x\" + h);\r\n sOption(col, \"colours:\");\r\n sOption(af, \"frames:\");\r\n sOption(sd, \"src.depth:\");\r\n if (simplea) sOption(\"simple alpha\");\r\n sOptionT(icc);\r\n sOption(title);\r\n sOption(auth, \"by:\");\r\n sOption(timestamp, \"on:\");\r\n sOption(sw, \"in:\");\r\n sOption(warn, \"/!\\\\:\");\r\n sOption(addEllipsis(desc, 70, 0x200));\r\n sOption(cmt);\r\n sOption(p, \"sz:\")\r\n }\r\n }\r\n\r\n return result();\r\n}\r\n" }, { "path": "db/Binary/image_ANI.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: Jason Hood \n\nmeta(\"image\", \"Windows Animated Cursor\");\n\nfunction detect() {\n if (Binary.getSize() >= 48) {\n if (Binary.compare(\"'RIFF'........'ACON'\")) {\n var nOffset = Binary.findString(12, Binary.getSize() - 12, \"framicon\");\n if (nOffset != -1) {\n sOptions = Binary.readByte(nOffset + 18) + \"x\" + Binary.readByte(nOffset + 19);\n // Read the BPP from the first icon, as the header is unreliable.\n nOffset += 12 + Binary.readDword(nOffset + 30);\n sOptions = sOptions.append(Binary.readWord(nOffset + 14) + \"bpp\");\n }\n nOffset = Binary.findSignature(12, Binary.getSize() - 12, \"'anih'24000000\");\n if (nOffset != -1) {\n var nCount = Binary.readDword(nOffset + 12);\n sOptions = sOptions.append(nCount + (nCount == 1 ? \" icon\" : \" icons\"));\n }\n bDetected = true;\n }\n }\n\n return result();\n}" }, { "path": "db/Binary/image_BMP.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: Jason Hood \n\nmeta(\"image\", \"Windows Bitmap\");\n\nfunction detect() {\n if (Binary.getSize() >= 40) {\n if (Binary.compare(\"'BM'\")) {\n if (Binary.getSize() >= Binary.readDword(2)) {\n switch (Binary.readDword(14)) {\n case 40: sVersion = \"3\"; break;\n case 108: sVersion = \"4\"; break;\n case 124: sVersion = \"5\"; break;\n }\n if (sVersion) {\n switch (Binary.readDword(0x1e)) {\n case /*BI_RLE8*/ 1:\n case /*BI_RLE4*/ 2:\n sOptions = \"RLE\";\n break;\n case /*BI_JPEG*/ 4:\n sOptions = \"JPEG\";\n break;\n case /*BI_PNG*/ 5:\n sOptions = \"PNG\";\n break;\n }\n nHeight = ~~Binary.readDword(0x16);\n if (nHeight < 0) {\n nHeight = -nHeight;\n sOptions = sOptions.append(\"top-down\");\n }\n sOptions = sOptions.append(Binary.readDword(0x12) + \"x\" + nHeight,\n Binary.readWord(0x1c) + \"bpp\");\n }\n bDetected = true;\n }\n }\n }\n\n return result();\n}" }, { "path": "db/Binary/image_CUR.1.sg", "content": "// Detect It Easy: detection rule file\r\n// Authors: Jason Hood , Kae \r\n\r\nmeta(\"image\", \"Windows Cursor\");\r\n\r\nincludeScript(\"CurIcoBPP\");\r\n\r\nfunction detect() {\r\n if (X.Sz() >= 40) {\r\n if (X.c(\"00000200\")) {\r\n // Find the biggest, assuming square.\r\n var nCount = X.U16(4);\r\n var nWidth = 0,\r\n nHeight = 0,\r\n nBPP = 0,\r\n sz = 6 + nCount * 16;\r\n if (sz === 6 || sz > X.Sz()) return false;\r\n var nHotX, nHotY;\r\n for (var i = 0; i < nCount; i++) {\r\n if (Binary.read_uint8(9 + i * 16)) return false;\r\n sz_ = Binary.read_uint32(14 + i * 16, _LE);\r\n if (!sz_ || sz_ > X.Sz() - 22)\r\n return false;\r\n sz += sz_;\r\n var w = X.U8(6 + i * 16);\r\n if (w > nWidth) {\r\n nWidth = w;\r\n nHeight = X.U8(7 + i * 16);\r\n nBPP = getCurIcoBPP(6 + i * 16);\r\n nHotX = X.I16(10 + i * 16);\r\n nHotY = X.I16(12 + i * 16);\r\n } else if (w == nWidth) {\r\n var b = getCurIcoBPP(6 + i * 16);\r\n if (b > nBPP) {\r\n nBPP = b;\r\n nHotX = X.I16(10 + i * 16);\r\n nHotY = X.I16(12 + i * 16);\r\n }\r\n }\r\n }\r\n sOptions = nWidth + \"x\" + nHeight;\r\n if (nBPP != 0) {\r\n sOptions = sOptions.append(nBPP + \"bpp\");\r\n }\r\n sOptions = sOptions.append(\"(\" + nHotX + \",\" + nHotY + \")\");\r\n if (nCount > 1) {\r\n sOptions = sOptions.append(nCount + \" cursors\");\r\n }\r\n sOptions = sOptions.append(\"sz:\" + sz);\r\n bDetected = true;\r\n }\r\n }\r\n\r\n return result();\r\n}\r\n" }, { "path": "db/Binary/image_DDS.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: LinXP\n\nmeta(\"image\", \"DirectDraw Surface (.DDS)\");\n\nfunction detect() {\n if (Binary.getSize() >= 0x40) {\n if (Binary.compare(\"'DDS '7C000000\")) {\n bDetected = true;\n if (Binary.isVerbose()) {\n sOption(Binary.read_uint32(0x0C) + \"x\" + Binary.read_uint32(0x10));\n var sFourCC = Binary.getString(0x54, 0x04);\n if (sFourCC) {\n sOption(\"compressed: \" + sFourCC);\n } else {\n sOption(\"uncompressed\");\n }\n if (Binary.read_uint32(0x1C)) {\n sOption(\"MipMap\");\n }\n }\n }\n }\n\n return result();\n}" }, { "path": "db/Binary/image_EPS.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: LinXP\n\nmeta(\"image\", \"Encapsulated PostScript (.EPS)\");\n\nfunction detect() {\n if (Binary.getSize() >= 0x40) {\n if (Binary.compare(\"'%!PS-Adobe-'\", 0x00) && Binary.compare(\"' EPSF-'\", 0x0E)) {\n sVersion = sVersion.append(Binary.getString(0x0B, 0x03), Binary.getString(0x14, 0x03));\n var sText = Binary.getString(0x00, 0x0400)\n bDetected = true;\n if (Binary.isVerbose()) {\n var aCreator = sText.match(/%%Creator: (.*?)[\\r\\n]/);\n if (aCreator) {\n sOptions = sOptions.append(\"Creator:\" + aCreator[1]);\n }\n var aPages = sText.match(/%%Pages: (.*?)[\\r\\n]/);\n if (aPages) {\n sOptions = sOptions.append(\"Pages:\" + aPages[1]);\n }\n }\n }\n }\n\n return result();\n}" }, { "path": "db/Binary/image_FSH.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: BJNFNE \n\n// https://www.wiki.sc4devotion.com/index.php?title=FSH_Format\n// https://rewiki.miraheze.org/wiki/EA_SSH_FSH_Image_(Type_1)\nmeta(\"image\", \"FSH\");\n\nfunction detect() {\n if (Binary.compare(\"'SHPI'......00..000000\")) {\n sOptions = \"PC\";\n bDetected = true;\n }\n\n return result();\n}\n" }, { "path": "db/Binary/image_GIF.1.sg", "content": "// Detect It Easy: detection rule file\r\n// Authors: Kae (TG@kaens)\r\n\r\nmeta(\"image\", \"Graphics Interchange Format file (.GIF)\");\r\n\r\nfunction detect() {\r\n //ref https://www.w3.org/Graphics/GIF/spec-gif89a.txt\r\n if (!File.compare(\"'GIF87'\") && !File.compare(\"'GIF89'\") || File.getSize() < 11) return;\r\n sVersion = Binary.getString(4, 2);\r\n if (/\\d[a-z]/.test(sVersion) < 0) return;\r\n sVersion = \"v198\" + sVersion;\r\n bDetected = true;\r\n if (!File.isDeepScan() && !File.compare(\"3B\", File.getSize() - 1)) sVersion += \"/malformed\";\r\n if (!File.isVerbose()) return result();\r\n\r\n var fl = File.read_uint8(0x0A),\r\n ar = File.read_uint8(0x0C),\r\n malformed = \"\";\r\n sOption(File.read_uint16(6) + \"x\" + File.read_uint16(8));\r\n var col = 1 << ((fl & 7) + 1);\r\n sOption(col, \"col:\");\r\n var bgc = File.read_uint8(0x0B);\r\n if (bgc) sOption(bgc, \"bgc:\");\r\n if (ar) sOption((ar + 15) / 64, \"a/r:\");\r\n if (File.isDeepScan()) {\r\n p = 0x0D;\r\n imgs = 0;\r\n cmt = \"\";\r\n if (fl & 0x80) {\r\n p += 3 * col;\r\n }\r\n blocksp = p; //skip global palette\r\n mainloop: for (; ;) {\r\n var ch = File.read_uint8(p++);\r\n if (ch === 0x3B) break;\r\n else if (ch === 0x21) {\r\n var c = File.read_uint8(p++);\r\n switch (c) {\r\n case 0xF9:\r\n p += File.read_uint8(p++);\r\n break; //graphics control extension\r\n case 0xFE: //comments\r\n c = File.read_uint8(p++);\r\n if (c) {\r\n cmt += File.read_ansiString(p, c);\r\n p += c\r\n }\r\n case 0xFF: //application data extension\r\n c = File.read_uint8(p++);\r\n if (c === 11) {\r\n t = File.read_ansiString(p, c);\r\n sOption(t, \"appdata:\");\r\n p += c;\r\n c = File.read_uint8(p++);\r\n while (c && p < File.getSize()) {\r\n p += c;\r\n c = File.read_uint8(p++)\r\n }\r\n } else { malformed += \"!badappext\"; break mainloop }\r\n break;\r\n default:\r\n c = File.read_uint8(p++);\r\n while (c) {\r\n p += c;\r\n c = File.read_uint8(p++)\r\n }\r\n }\r\n }\r\n if (p >= File.getSize()) { malformed += \"!short\"; break }\r\n if (ch != 0x2C) continue;\r\n imgs++;\r\n if (!File.read_uint16(p + 4) || !File.read_uint16(p + 6)) { malformed += \"!badimg\"; break }\r\n p += 8 /*skip coords,w,h*/;\r\n fl = File.read_uint8(p++);\r\n p++ /*skip the min.lzw code size*/\r\n if (fl & 0x80) {\r\n col = 1 << ((fl & 7) + 1);\r\n p += 3 * col;\r\n _log(\" local palettes skipped @\" + Hex(p))\r\n }\r\n c = File.read_uint8(p++);\r\n while (c && p < File.getSize()) {\r\n p += c;\r\n c = File.read_uint8(p++)\r\n }\r\n if (p >= File.getSize()) { malformed += \"!short\"; break }\r\n }\r\n if (ch != 0x3B) malformed += \"!badEoS\";\r\n if (!imgs) { bDetected = false; return } else if (imgs > 1) sOption(imgs, \"frames:\");\r\n if (malformed) sVersion += \"/malformed\" + malformed;\r\n else sOption(p, \"sz:\");\r\n }\r\n}\r\n" }, { "path": "db/Binary/image_ICNS.sg", "content": "// Detect It Easy: detection rule file\n// Author: BJNFNE \n\n// https://en.wikipedia.org/wiki/Apple_Icon_Image_format\nmeta(\"image\", \"Apple Icon Image\");\n\nfunction detect() {\n if (Binary.compare(\"'icns'00\")) {\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/Binary/image_ICO.1.sg", "content": "// Detect It Easy: detection rule file\r\n// Authors: Jason Hood , Kae \r\n\r\nmeta(\"image\", \"Windows Icon\");\r\n\r\nincludeScript(\"CurIcoBPP\");\r\n\r\nfunction detect() {\r\n if (X.c(\"00000100\")) {\r\n // Find the biggest, assuming square.\r\n var nCount = X.U16(4, _LE),\r\n sz = 6 + nCount * 16;\r\n if (!nCount || sz > X.Sz()) return false;\r\n var nWMax = 0,\r\n nHMax = 0,\r\n nBPPM = 0,\r\n nWMin = 0xFFFFFFFFF,\r\n nHMin = 0xFFFFFFFFF,\r\n nBPPm = 0xFFFFFFFFF,\r\n w,\r\n h,\r\n b;\r\n for (var i = 0; i < nCount; i++) {\r\n if (X.U8(9 + i * 16) || X.U16(10 + i * 16, _LE) > 8 || !isWithin(X.U16(12 + i * 16, _LE), 1, 32)) return false;\r\n w = X.U8(6 + i * 16);\r\n b = getCurIcoBPP(6 + i * 16);\r\n sz_ = X.U32(14 + i * 16, _LE);\r\n if (!sz_ || sz_ > X.Sz() - 22) return false;\r\n sz += sz_;\r\n if (w === 0) {\r\n var nOffset = X.U32(18 + i * 16, _LE);\r\n if (X.c(\"89'PNG\\r\\n'1A0A........'IHDR'\", nOffset)) {\r\n w = X.I32(nOffset + 16, _BE);\r\n h = X.I32(nOffset + 20, _BE);\r\n } else if (X.c(\"28000000\", nOffset)) {\r\n w = Math.abs(X.I32(nOffset + 4, _LE));\r\n h = Math.abs(X.I32(nOffset + 8, _LE)); // abs for top-down and otherwise weird BMPs\r\n } else return false // unknown format after all\r\n } else {\r\n // _log(\"bmp, ht @ \" + Hex(i * 16 + 7));\r\n h = X.U8(7 + i * 16);\r\n }\r\n nWMin = Math.min(w, nWMin);\r\n nHMin = Math.min(h, nHMin);\r\n nBPPm = Math.min(b, nBPPm);\r\n nWMax = Math.max(w, nWMax);\r\n nHMax = Math.max(h, nHMax);\r\n nBPPM = Math.max(b, nBPPM);\r\n }\r\n if (!nWMax || !nHMax) return false;\r\n sOption((nWMin != nWMax || nHMin != nHMax ? nWMin + 'x' + nHMin + ' ~ ' : '') + nWMax + \"x\" + nHMax);\r\n sOption((nBPPm != nBPPM ? nBPPm + '~' : '') + nBPPM + \"bpp\");\r\n if (nCount > 1) sOption(nCount + \" icons\");\r\n sOption(\"sz: \" + sz)\r\n bDetected = true;\r\n }\r\n\r\n return result();\r\n}\r\n" }, { "path": "db/Binary/image_IMG.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: BJNFNE \n\n// https://wiki.scummvm.org/index.php?title=Gob/DEV7_Information#Images\nmeta(\"image\", \"Image (DEV7)\");\n\nfunction detect() {\n if (Binary.compare(\"'IMG10'\")) {\n var img10 = Binary.getString(3, 2).trim();\n\n if (/^[0-9]{2}$/.test(img10)) {\n if (X.isVerbose()) sVersion = img10;\n bDetected = true;\n }\n } else if (Binary.compare(\"'IMG1.0.1'\")) {\n var img101 = Binary.getString(3, 5).trim();\n\n if (/^\\d+\\.\\d+\\.\\d+$/.test(img101)) {\n if (X.isVerbose()) sVersion = img101;\n bDetected = true;\n }\n }\n\n return result();\n}" }, { "path": "db/Binary/image_JNG.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: LinXP\n// doc-ref: http://www.libpng.org/pub/mng/spec/jng.html\n\nmeta(\"image\", \"JPEG Network Graphics (.JNG)\");\n\nfunction detect() {\n if (Binary.getSize() >= 0x40) {\n if (Binary.compare(\"8B'JNG\\r\\n'1A0A........'JHDR'\")) {\n bDetected = true;\n\n if (Binary.isVerbose()) {\n sOption(Binary.read_uint32(0x10, _BE) + \"x\" + Binary.read_uint32(0x14, _BE));\n switch (File.read_uint8(0x18)) {\n case 8: sOption(\"Gray\"); break;\n case 10: sOption(\"Color\"); break;\n case 12: sOption(\"Gray Alpha\"); break;\n case 14: sOption(\"Color Alpha\"); break;\n default: return;\n }\n }\n }\n }\n\n return result();\n}" }, { "path": "db/Binary/image_JPEG.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: Jason Hood \n\nmeta(\"image\", \"JPEG\");\n\nfunction detect() {\n if (X.Sz() >= 22) {\n if (X.c(\"FFD8FFE0....'JFIF'00\")) {\n bDetected = true;\n sVersion = X.U8(11) + \".\";\n if (X.U8(12) < 10) {\n sVersion = sVersion + \"0\";\n }\n\n sVersion = sVersion + X.U8(12);\n // Search for a Start Of Frame to get dimensions.\n var nOffset = 2;\n while (nOffset < X.Sz()) {\n var wTag = X.U16(nOffset, _BE);\n if (wTag >= 0xFFC0 && wTag <= 0xFFC3) {\n sOptions = X.U16(nOffset + 7, _BE) + \"x\" +\n X.U16(nOffset + 5, _BE);\n switch (X.U8(nOffset + 9)) {\n case 1:\n sOptions = sOptions.append(\"grey\");\n break;\n case 3:\n sOptions = sOptions.append(\"YCbCr\");\n break;\n case 4:\n sOptions = sOptions.append(\"CMYK\");\n break;\n }\n break;\n }\n nOffset += 2 + X.U16(nOffset + 2, _BE);\n }\n } else if (X.c(\"FFD8FFE1....'Exif'00\")) {\n bDetected = true;\n sVersion = X.U8(11) + \".\";\n if (X.U8(12) < 10) sVersion = sVersion + \"0\";\n sVersion = sVersion + X.U8(12);\n sOptions = \"EXIF\";\n } else if (X.c(\"FFD8FFDB\")) {\n bDetected = true;\n sOptions = \"OLD\";\n }\n }\n\n return result();\n}" }, { "path": "db/Binary/image_JPEGXL.1.sg", "content": "// Detect It Easy: detection rule file\r\n// Author: horsicq \r\nmeta(\"image\", \"JPEG XL\");\r\n\r\nfunction detect() {\r\n if (Binary.getSize() >= 20) {\r\n if (Binary.compare(\"FF0A\")) {\r\n sOptions = \"codestream\";\r\n bDetected = true;\r\n } else if (Binary.compare(\"0000000C4A584C200D0A870A\")) {\r\n sOptions = \"ISOBMFF-based container\";\r\n bDetected = true;\r\n }\r\n }\r\n\r\n return result();\r\n}\r\n" }, { "path": "db/Binary/image_KTX.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: LinXP\n\nmeta(\"image\", \"\");\n\nfunction detect() {\n if (Binary.getSize() >= 0x40) {\n if (Binary.compare(\"AB'KTX 11'BB0D0A1A0A\")) {\n bDetected = true;\n sName = \"Khronos Texture (.KTX)\";\n if (Binary.isVerbose()) {\n sOption(Binary.read_uint32(0x24) + \"x\" + Binary.read_uint32(0x28));\n //TODO derive size ref https://registry.khronos.org/KTX/specs/1.0/ktxspec.v1.html\n }\n } else if (Binary.compare(\"AB'KTX 20'BB0D0A1A0A\")) {\n bDetected = true;\n sName = \"Khronos Texture (.KTX2)\";\n if (Binary.isVerbose()) {\n sOption(Binary.read_uint32(0x14) + \"x\" + Binary.read_uint32(0x18));\n //ref https://registry.khronos.org/KTX/specs/2.0/ktxspec.v2.html\n p = 0x50; sz = 0; //max ofs among the levels' ends\n for(i = 0; i < Math.max(1,Binary.read_uint32(0x28)); i++, p += 0x18)\n if((t = Binary.read_uint64(p)) > sz) { sz = t + Binary.read_uint64(p+8) }\n sOption('sz:'+outSz(sz))\n }\n }\n\n // https://github.com/BinomialLLC/basis_universal/wiki/.basis-File-Format-and-ETC1S-Texture-Video-Specification\n else if (Binary.compare(\"734213004D00\")) {\n bDetected = true;\n sName = \"Basis Universal GPU Texture (.BASIS)\";\n if (Binary.isVerbose()) {\n //sOption(Binary.read_uint32(0x14)+\"x\"+Binary.read_uint32(0x18));\n }\n }\n\n\n\n }\n\n return result();\n}" }, { "path": "db/Binary/image_LBM.1.sg", "content": "// Detect It Easy: detection rule file\r\n// Authors: Kaens TG@kaens\r\n\r\nmeta(\"image\", \"IFF InterLeaved BitMap (.IFF,.LBM)\");\r\n\r\nfunction detect() {\r\n if (File.compare(\"'FORM'\") && (File.compare(\"'ILBM'\", 8) || File.compare(\"'PBM '\", 8))) {\r\n sz = File.read_uint32(4, _BE) + 8;\r\n if (File.getSize() < sz) sVersion = \"malformed!short\";\r\n p = 0x0C;\r\n end = Math.min(File.getSize(), sz);\r\n w = viewportMode = hsx = -1;\r\n while (p < end) {\r\n hkhd = File.read_ansiString(p, 4);\r\n hksz = File.read_uint32(p + 4, _BE);\r\n p += 8;\r\n switch (hkhd) {\r\n case \"BMHD\":\r\n w = File.read_uint16(p, _BE);\r\n h = File.read_uint16(p + 2, _BE);\r\n x0 = File.read_int16(p + 4, _BE);\r\n y0 = File.read_int16(p + 6, _BE);\r\n numPlanes = File.read_uint8(p + 8);\r\n mask = File.read_uint8(p + 9);\r\n co = File.read_uint8(p + 0xA);\r\n tcol = File.read_uint16(p + 0xC);\r\n xa = File.read_uint8(p + 0xE);\r\n ya = File.read_uint8(p + 0xF);\r\n pw = File.read_int16(p + 0x10, _BE);\r\n ph = File.read_int16(p + 0x12, _BE);\r\n break;\r\n case \"CAMG\":\r\n viewportMode = File.read_uint32(p, _BE);\r\n break;\r\n case \"GRAB\":\r\n hsx = File.read_int16(p, _BE);\r\n hsy = File.read_int16(p + 2, _BE);\r\n break;\r\n }\r\n p += hksz;\r\n if (hksz % 2) p++;\r\n }\r\n if (w < 0) return;\r\n if (File.isVerbose()) {\r\n sOption(w + \"x\" + h + \" (\" + x0 + \",\" + y0 + \") [\" + pw + \"x\" + ph + \"] AR\" + xa + \":\" + ya);\r\n sOption(\"planes:\" + numPlanes);\r\n switch (co) {\r\n case 0:\r\n sOption(\"uncompressed\");\r\n break;\r\n case 1:\r\n sOption(\"RLE\");\r\n break;\r\n case 2:\r\n sOption(\"vertical RLE\");\r\n break;\r\n default:\r\n sOption(\"unk.compression\")\r\n }\r\n if (mask >= 2) sOption(\"t.col:\" + Hex(tcol));\r\n if (viewportMode >= 0) sOption(Hex(viewportMode), \"view_port_mode:\");\r\n if (hsx >= 0) sOption(\"hotspot: (\" + hsx + \",\" + hsy + \")\")\r\n }\r\n bDetected = true;\r\n }\r\n\r\n return result();\r\n}\r\n" }, { "path": "db/Binary/image_MNG.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: LinXP\n// doc-ref: http://www.libpng.org/pub/mng/spec/\n\nmeta(\"image\", \"Multiple-image Network Graphics (.MNG)\");\n\nfunction detect() {\n if (Binary.getSize() >= 0x40) {\n if (Binary.compare(\"8A'MNG\\r\\n'1A0A........'MHDR'\")) {\n bDetected = true;\n if (Binary.isVerbose()) {\n sOption(Binary.read_uint32(0x10, _BE) + \"x\" + Binary.read_uint32(0x14, _BE));\n sOption(\"frames:\" + Binary.read_uint32(0x18, _BE));\n }\n }\n }\n\n return result();\n}" }, { "path": "db/Binary/image_PCX.1.sg", "content": "// Detect It Easy: detection rule file\r\n// Authors: LinXP, Kae (TG@kaens)\r\n\r\nmeta(\"image\", \"ZSoft PiCture eXchange file (.PCX)\");\r\n\r\nfunction detect() {\r\n //ref https://www.fileformat.info/format/pcx/spec/a10e75307b3a4cc49c3bbe6db4c41fa2/view.htm\r\n if (X.Sz() >= 0x50) {\r\n if (X.U8(0) === 10) {\r\n switch (nv = X.U8(0x01)) {\r\n case 0:\r\n sVersion = \"v2.5 using a fixed EGA palette\";\r\n break;\r\n case 2:\r\n sVersion = \"v2.8 using a modifiable EGA palette\";\r\n break;\r\n case 3:\r\n sVersion = \"v2.8 using no palette\";\r\n break;\r\n case 4:\r\n sVersion = \"Windows\";\r\n break;\r\n case 5:\r\n sVersion = \"v3.0+ or 24-bit\";\r\n break;\r\n default:\r\n return;\r\n }\r\n var sus = '', inv = 0; // strictly-speaking-invalid or highly unlikely parameter counter\r\n var rle = X.U8(0x02);\r\n if (rle > 1) return;\r\n if (!rle) { inv++; sus += '!uncompressed' }\r\n var w = X.U16(0x08) - X.U16(0x04) + 1,\r\n h = X.U16(0x0A) - X.U16(0x06) + 1;\r\n if (w <= 0 || h <= 0) return;\r\n var xdpi = X.U16(0xC),\r\n ydpi = X.U16(0xE);\r\n if(xdpi && !isWithin(xdpi,32,600)) { inv++; sus += '!susXdpi' };\r\n if(ydpi && !isWithin(ydpi,32,600)) { inv++; sus += '!susYdpi' };\r\n var bpplane = X.U8(0x03),\r\n nplanes = X.U8(0x41),\r\n bpx = bpplane * nplanes,\r\n pal = ext = false;\r\n if ([1, 2, 4, 8, 24].indexOf(bpplane) < 0) return;\r\n if (!nplanes || nplanes > 4) return;\r\n if (X.U8(0x40)) { inv += 2; sus += '!resnon0' }\r\n if (!isAllZeroes(0x4A, 0x36)) ext = true;\r\n if (pal && ([0, 3].indexOf(nv) < 0 || bpx > 4)) { inv++; sus += '!badpalette' }\r\n var bpline = X.U16(0x42); if (bpline % 2) return;\r\n if (bpline < w*bpx >> 3) { inv++; sus += '!bpline'+bpline+' 3) return;\r\n if (inv && sus != \"!uncompressed\") sVersion = sVersion.appendS('sus'+sus,'/')\r\n if (X.isVerbose()) {\r\n sOption(w + \"x\" + h);\r\n if (rle) sOption(\"RLE\");\r\n if (ext) sOption(\"extra_block\");\r\n sOption(bpx, \"bit/pixel:\");\r\n sOption(bpplane, \"bit/plane:\");\r\n if(bpline < w*bpx >> 3) sOption(bpline, \"scanline:\");\r\n sOption(xdpi + \"x\" + ydpi, \"res:\", \" dpi\");\r\n if (X.U16(0x46) * X.U16(0x48)) sOption(X.U16(0x46) + \"x\" + X.U16(0x48), \"screen:\");\r\n if (!rle) sOption(0x80 + (w * h * bpx >> 3), \"sz:\")\r\n }\r\n bDetected = true\r\n }\r\n }\r\n\r\n return result()\r\n}\r\n" }, { "path": "db/Binary/image_PSD.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: LinXP\n// doc-ref: https://www.adobe.com/devnet-apps/photoshop/fileformatashtml/\n\nmeta(\"image\", \"Adobe Photoshop\");\n\nfunction detect() {\n if (Binary.getSize() >= 0x20) {\n if (Binary.compare(\"'8BPS'\")) {\n bDetected = true;\n switch (File.read_uint16(0x04, _BE)) { // Version check\n case 1:\n sName += \" (.PSD)\";\n sVersion = \"v1.0\";\n break;\n case 2:\n sName += \" BIG (.PSB)\";\n sVersion = \"v2.0\";\n break;\n default:\n bDetected = false;\n }\n\n const\n channelCount = Binary.read_uint16(0x0C, _BE),\n imageHeight = Binary.read_uint32(0x0E, _BE),\n imageWidth = Binary.read_uint32(0x12, _BE),\n bitsPerChannel = Binary.read_uint16(0x16, _BE),\n colorMode = Binary.read_uint16(0x18, _BE);\n\n sOption(imageWidth + \"x\" + imageHeight);\n switch (colorMode) {\n case 0: sOption(\"Bitmap\"); break;\n case 1: sOption(\"Gray-scale\"); break;\n case 2: sOption(\"Indexed\"); break;\n case 3: sOption(\"RGB\"); break;\n case 4: sOption(\"CMYK\"); break;\n case 7: sOption(\"Multichannel\"); break;\n case 8: sOption(\"Duotone\"); break;\n case 9: sOption(\"Lab\"); break;\n default:\n bDetected = false;\n }\n sOption((channelCount * bitsPerChannel) + \"-bit\");\n }\n }\n\n return result();\n}" }, { "path": "db/Binary/image_PVR.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: LinXP\n// doc-ref: http://powervr-graphics.github.io/WebGL_SDK/WebGL_SDK/Documentation/Specifications/PVR%20File%20Format.Specification.pdf\nmeta(\"image\", \"\");\n\nfunction detect() {\n var PixelFormat = ['PVRTC 2bpp RGB', 'PVRTC 2bpp RGBA', 'PVRTC 4bpp RGB', 'PVRTC 4bpp RGBA', 'PVRTC-II 2bpp', 'PVRTC-II 4bpp',\n 'ETC1', 'BC1\\\\DXT1', 'DXT2', 'BC2\\\\DXT3', 'DXT4', 'BC3\\\\DXT5', 'BC4', 'BC5', 'BC6', 'BC7', 'UYVY', 'YUY2', 'BW1bpp', 'R9G9B9E5 Shared Exponent', 'RGBG8888', 'GRGB8888',\n 'ETC2 RGB', 'ETC2 RGBA', 'ETC2 RGB A1', 'EAC R11', 'EAC RG11',\n 'ASTC_4x4', 'ASTC_5x4', 'ASTC_5x5', 'ASTC_6x5', 'ASTC_6x6', 'ASTC_8x5', 'ASTC_8x6', 'ASTC_8x8', 'ASTC_10x5', 'ASTC_10x6', 'ASTC_10x8', 'ASTC_10x10',\n 'ASTC_12x10', 'ASTC_12x12', 'ASTC_3x3x3', 'ASTC_4x3x3', 'ASTC_4x4x3', 'ASTC_4x4x4', 'ASTC_5x4x4', 'ASTC_5x5x4', 'ASTC_5x5x5', 'ASTC_6x5x5', 'ASTC_6x6x5', 'ASTC_6x6x6'\n ];\n\n if (Binary.getSize() >= 0x34) {\n if (Binary.compare(\"'PVR'03\")) {\n bDetected = true;\n sName = \"PowerVR PVR texture (.PVR)\";\n if (Binary.isVerbose()) {\n sOption(Binary.read_uint32(0x18) + \"x\" + Binary.read_uint32(0x1c));\n sOption(PixelFormat[Binary.read_uint64(0x08)]);\n if (Binary.read_uint32(0x10)) { sOption(\"Linear RGB\"); } else { sOption(\"Standard RGB\"); }\n }\n }\n\n\n }\n\n return result();\n}" }, { "path": "db/Binary/image_QOI.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: LinXP\n// doc-ref: https://qoiformat.org/qoi-specification.pdf\n\nmeta(\"image\", \"Quite OK Image (.QOI)\");\n\nfunction detect() {\n if (Binary.getSize() >= 0x0E) {\n if (Binary.compare(\"'qoif'\")) {\n bDetected = true;\n\n sOptions = sOptions.append(Binary.read_uint32(0x04, _BE) + \"x\" + Binary.read_uint32(0x08, _BE));\n switch (File.read_uint8(0x0C)) {\n case 3: sOption(\"RGB\"); break;\n case 4: sOption(\"RGBA\"); break;\n default: return;\n }\n switch (File.read_uint8(0x0D)) {\n case 0: sOption(\"sRGB with linear alpha\"); break;\n case 1: sOption(\"all channels linear\"); break;\n default: return;\n }\n }\n }\n\n return result();\n}" }, { "path": "db/Binary/image_SMDH.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: BJNFNE \n\n// https://www.3dbrew.org/wiki/SMDH\nmeta(\"image\", \"SMDH\");\n\nfunction detect() {\n if (Binary.compare(\"'SMDH'00000000\")) {\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/Binary/image_TGA.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: Kaens (TG@kaens)\n\nmeta(\"image\", \"Truevision Advanced Raster Graphics Adapter bitmap (.TGA,.ICB,.VDA,.VST)\");\n\nfunction detect() {\n //ref https://github.com/ImageMagick/ImageMagick/blob/main/coders/tga.c\n // & https://www.dca.fee.unicamp.br/~martino/disciplinas/ea978/tgaffs.pdf\n if (X.Sz() < 0x12) return false;\n var msg = bad = \"\", idlen = X.U8(0), cmt = X.U8(1), col = 0, depth = 0,\n it = X.U8(2), bpp = X.U8(0x10), strcls = \"\", co = \"none\";\n if ((bpp < 1 || bpp >= 17) && bpp != 24 && bpp != 32) return false;\n switch (it) {\n case 1: if (!cmt) return; strcls = \"pseudo\";\n if (X.isVerbose()) sOption(\"colormap\"); break;\n case 2: if (X.isVerbose()) sOption(\"RGB\"); col = \"24bit\"; break;\n case 3: if (X.isVerbose()) sOption(\"monochrome\"); break;\n case 9: if (!cmt) return; co = \"rle\"; strcls = \"pseudo\";\n if (X.isVerbose()) sOption(\"RLE colormap\"); break;\n case 10: co = \"rle\"; if (X.isVerbose()) sOption(\"RLE RGB\"); col = \"24bit\"; break;\n case 11: co = \"rle\"; if (X.isVerbose()) sOption(\"RLE monochrome\"); break;\n case 32: if (!cmt) return; co = \"hdr\"; strcls = \"pseudo\";\n if (X.isVerbose()) sOption(\"H/d/RLE colormap\"); break;\n case 33: if (!cmt) return; co = \"hdrq\"; strcls = \"pseudo\";\n if (X.isVerbose()) sOption(\"H/d/RLE 4-pass colormap\"); break;\n default: return;\n }\n var sus = 0, cmin = X.U16(3), cmlen = X.U16(5), cmsz = X.U8(7),\n x0 = X.U16(8), y0 = X.U16(0xA),\n w = X.U16(0xC), h = X.U16(0xE), attr = X.U8(0x11);\n if (!w || !h || w > 4096 || h > 2048 || x0 > 1600 || y0 > 1200 || cmsz > 32 || (attr & 0xC0)) return false;\n // suspiciousness is probably the only way to filter out all the FPs, so let's measure that\n if (x0) sus++; if (y0) sus++; if (w < 4) sus++; if (h < 4) sus++; if (w > 1600) sus++; if (h > 1200) sus++;\n if (attr & 0x10) sus++; // that's right-to-left\n if (!cmsz && cmlen) return false;\n if (cmt == 1 && (it == 2 || it == 10)) sus++; //shouldn't have colour maps with True-color\n if (cmsz < 15 || isWithin(cmsz, 17, 23) || isWithin(cmsz, 25, 31)) sus++; if (cmlen > 256) sus++; if (cmin) sus++;\n if (it == 2 || it == 10) { if (cmin) sus++; if (cmlen) sus++; if (cmsz) sus++ }\n if (it != 1 && it != 9 && it != 32 && it != 33) depth = bpp <= 8 ? 8 : (bpp <= 16 ? 5 : 8);\n else depth = cmsz <= 8 ? 8 : (cmsz <= 16 ? 5 : 8);\n var col = 1 << depth;\n if (strcls == \"pseudo\")\n if (cmt) col = cmin + cmlen;\n else { col = 1 << bpp; if (col > X.Sz()) return }\n p = 0x12;\n if (idlen) msg = X.SC(p, idlen, 'CP437'); p += idlen;\n //_log(\"colormap? @\"+Hex(p)+\" type:\"+cmt+\" index:\"+cmin+\" len:\"+cmlen+\" size:\"+cmsz);\n if (cmt) {\n if (col < cmin) col = cmin;\n switch (cmsz) {\n case 8: default: p += col; break;\n case 15: case 16: p += col * 2; break;\n case 24: p += col * 3; break;\n case 32: p += col * 4; break;\n }\n }\n if (cmlen > col) sus++;\n if (sus > 3) {\n //_log('TGAFault: '+sus+'-fold suspicious!');\n return;\n }\n\n //unpack!\n var pix = base = flag = skip = index = runlen = ofs = 0, ofsss = 1;\n if (((attr & 0xC0) >> 6) == 2) ofsss = 2;\n if (co != \"hdr\" && co != \"hdrq\")\n for (var y = 0; y < h && p < X.Sz(); y++) {\n for (var x = 0; x < w && p < X.Sz(); x++) {\n if (co == \"rle\")\n if (runlen) { runlen--; skip = flag != 0 }\n else {\n runlen = X.U8(p++);\n skip = 0; flag = runlen & 0x80; if (flag) runlen -= 0x80;\n }\n if (!skip) switch (bpp) {\n case 1: if (!(x & 7)) p++; break;\n case 8: default: p++; break;\n case 15: case 16: p += 2; break;\n case 24: p += 3; break;\n case 32: p += 4; break;\n }\n }\n }\n else p = 0; //giving up on reading huffman/delta etc. (not even Imagemagick can do that)\n ofs += ofsss; if (ofs > w) { base++; ofs = base }\n if (p > X.Sz())\n if (X.isHeuristicScan())\n bad = bad.addIfNone(\"!short\");\n else return; //because the format is shaky and FPs are more than possible\n\n ea = 0;\n if (X.isHeuristicScan()) {\n function isNewTGA(ext) {\n if (ext <= p) return false;\n //let's see if it's not us accidentally catching the next resource.\n ea = X.U32(ext - 8); esz = X.U16(ea); var dd = X.U32(ext - 4);\n //_l2r('tga',p,'ext='+Hex(ext)+' dd='+Hex(dd)+' ea='+Hex(ea)+' ['+Hex(esz)+']'+' ext/esz check:'+(ea && ea+esz > ext));\n if (p > ext - 8 || (ea && p > ea) || (dd && p > dd) || ((dd || ea) && ea == dd) ||\n (ea && ea + esz > ext) ||\n (dd && ea && ea < dd && ea + esz > dd))\n return false; //false alarm\n if (ea) {\n if (esz == 495) sV = \"v2.0\"; else sV = \"v2.X\";\n auth = X.SC(ea + 2, 41, 'CP437');\n xmsg = X.SC(ea + 43, 324, 'CP437');\n timestamp = X.U16(ea + 371) + \"-\" + X.U16(ea + 369) + \"-\" +\n X.U16(ea + 367) + \" \" +\n X.U16(ea + 373) + \":\" + X.U16(ea + 375) + \":\" + X.U16(ea + 377);\n sw = X.SC(ea + 426, 41, 'CP437').trim() + \" v\" +\n Math.floor(X.U16(ea + 467) / 100).toString() + '.' +\n (X.U16(ea + 467) % 100).toString() + X.SC(ea + 469, 1, 'CP437'),\n gamma = (X.U16(ea + 478) / X.U16(ea + 480)).toFixed(1);\n }\n else sV = \"v2.X\";\n if (dd) {\n var ddtn = X.U16(dd); var dsz = ddtn * 10 + 2;\n if (dd + dsz > ext || (ea && dd + dsz > ea)) return false;\n for (i = 0; i < ddtn; i++) {\n var dtp = X.U32(dd + 4 + i * 10), dtsz = X.U32(dd + 8 + i * 10);\n if (dtp + dtsz > ext || dtp + dtsz < p) return false;\n }\n }\n return true\n }\n sigsz = 15; found = false;\n //first, check for the strange signature sometime soon after the end of data\n ext = X.fSig(p, 0x1000, \"'TRUEVISION-XX.'00\"); if (isNewTGA(ext)) found = true;\n //then, check for the _proper_ signature sometime soon after the end of data\n if (!found) { sigsz = 18; ext = X.fSig(p, 0x1000, \"'TRUEVISION-XFILE.'00\"); if (isNewTGA(ext)) found = true }\n //if broken (hello H2_Hero_01a.tga with two broken v2-sigs), just give up and try our luck with the eof-sig:\n if (!found) { ext = X.fSig(X.Sz() - 20, 21, \"'TRUEVISION-XFILE.'00\"); if (isNewTGA(ext)) found = true }\n if (found) { sVersion = sV; p = ext + sigsz } else sVersion = \"v1.X\";\n }\n else sVersion = \"v1.X\";\n if (X.isVerbose()) {\n sOption(w + \"x\" + h + \" (\" + x0 + \",\" + y0 + \")\");\n sOption(bpp, \"bpp:\");\n if (bpp < 24) sOption(col, \"colours:\");\n if (ea) {\n sOption(gamma, \"gamma:\");\n sOptionT(auth, \"by:\"); sOption(timestamp, \"on:\"); sOption(sw, \"in:\"); sOption(xmsg, 'msg:\"', '\"')\n }\n if (co != \"rle\" || X.isDeepScan()) sOption(outSz(p), \"sz:\")\n }\n if (bad) sVersion += \"/malformed\" + bad;\n bDetected = true;\n\n return result();\n}\n" }, { "path": "db/Binary/image_TIFF.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: LinXP\n// Status: WIP\n// doc-ref:\n\nmeta(\"image\", \"Tagged Image File Format (.TIFF)\");\n\nfunction detect() {\n if (Binary.getSize() >= 0x0E) {\n bDetected = true;\n switch (Binary.read_uint32(0x00, _BE)) {\n case 0x4D4D002A: var bEndian = _BE; sOption(\"BE\"); break;\n case 0x49492A00: var bEndian = _LE; sOption(\"LE\"); break;\n default: return;\n }\n\n var nOffset = Binary.read_uint32(0x04, bEndian),\n nTagCount = Binary.read_uint16(nOffset, bEndian);\n\n nOffset += 2;\n\n var nWidth, nHeight, nBPS, nCol, nComp;\n\n while (nTagCount--) {\n var nTag = Binary.read_uint16(nOffset, bEndian),\n nType = Binary.read_uint16(nOffset + 2, bEndian),\n nCount = Binary.read_uint32(nOffset + 4, bEndian);\n\n switch (nTag) {\n case 0x100: nWidth = ReadTagValue(nType); break; // ImageWidth (256)\n case 0x101: nHeight = ReadTagValue(nType); break; // ImageLength (257)\n case 0x102: nBPS = nCount * ReadTagValue(nType); break; // BitsPerSample (258)\n case 0x103: nComp = ReadTagValue(nType); break; // Compression (259)\n case 0x106: nCol = ReadTagValue(nType); break; // PhotometricInterpretation (262)\n case 271: sOption(\"Make:\" + ReadTagValue(nType)); break; // Make (271)\n case 50706: sName = \"Digital Negative (.DNG)\"; break; // DNGVersion (50706)\n default: break;\n }\n nOffset += 0x0C;\n }\n\n switch (nComp) {\n case 1: sOption(\"Uncompressed\"); break;\n case 2: sOption(\"Huffman\"); break;\n case 3: sOption(\"Group 3\"); break;\n case 4: sOption(\"Group 4\"); break;\n case 5: sOption(\"LZW\"); break;\n case 6: sOption(\"embedded JPEG (602Photo software)\"); break;\n case 7: sOption(\"JPEG\"); break;\n case 32771: sOption(\"Alchemy software type 6 unknown compression\"); break;\n case 32773: sOption(\"PackBits\"); break;\n case 32946: sOption(\"Deflate\"); break;\n case 34690: sOption(\"LDF bitonal\"); break;\n case 65000: sOption(\"Kodak DCR\"); sName = \"Kodak DCS Pro SLR (.DCR)\"; break;\n }\n if (nWidth != 0 && nHeight != 0) {\n sOption(nWidth + \"x\" + nHeight);\n }\n sOption(nBPS + \"-bit \");\n switch (nCol) {\n case 0: sOption(\"W/B\"); break;\n case 1: sOption(\"B/W\"); break;\n case 2: sOption(\"RGB\"); break;\n case 3: sOption(\"index\"); break;\n }\n }\n\n function ReadTagValue(nType) {\n var nTempValue = 0,\n nTempOffset = 0;\n switch (nType) {\n case 1: break; // eBYTE\n case 2:\n nTempOffset = Binary.read_uint32(nOffset + 8, bEndian);\n nTempValue = Binary.getString(nTempOffset, nCount);\n return nTempValue; // eASCII\n case 3: // eSHORT\n if (nCount == 1) {\n nTempValue = Binary.read_uint16(nOffset + 8, bEndian);\n return nTempValue;\n } else {\n nTempOffset = Binary.read_uint32(nOffset + 8, bEndian);\n while (nCount--) {\n nTempValue = Binary.read_uint16(nTempOffset, bEndian); nTempOffset += 2;\n }\n return nTempValue;\n }\n case 4: // eLONG\n if (nCount == 1) {\n nTempValue = Binary.read_uint32(nOffset + 8, bEndian);\n return nTempValue;\n } else {\n nTempOffset = Binary.read_uint32(nOffset + 8, bEndian);\n while (nCount--) {\n nTempValue = Binary.read_uint32(nTempOffset, bEndian); nTempOffset += 4;\n }\n return nTempValue;\n }\n case 5: break; // eRATIONAL\n case 6: break; // eSBYTE\n case 7: break; // eUNDEF\n case 8: break; // eSSHORT\n case 9: break; // eSLONG\n case 10: break; // eSRATIONAL\n case 11: break; // eFLOAT\n case 12: break; // eDOUBLE\n }\n }\n\n return result();\n}\n" }, { "path": "db/Binary/image_XAR.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: LinXP\n// doc-ref: http://site.xara.com/support/docs/webformat/spec/XARFormatDocument.pdf\nmeta(\"image\", \"Xar Vector graphic file (.XAR)\");\n\nfunction detect() {\n if (Binary.getSize() >= 0x40) {\n if (Binary.compare(\"'XARA'A3A30D0A\")) {\n bDetected = true;\n var sProducer = Binary.getString(0x1F),\n sProducerVersion = Binary.getString(0x1F + sProducer.length + 1),\n sProducerBuild = Binary.getString(0x1F + sProducer.length + 1 + sProducerVersion.length + 1);\n\n sName = sProducer + \" Document (.XAR)\";\n sVersion = sProducerVersion;\n\n if (Binary.isVerbose()) {\n sOption(\"build: \" + sProducerBuild);\n\n switch (Binary.getString(0x10, 3)) {\n case 'CXW': sOption(\"Web file\"); break;\n case 'CXN': sOption(\"Paper-publishable file\"); break;\n }\n }\n }\n }\n\n return result();\n}" }, { "path": "db/Binary/image_XCF.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: BJNFNE \n\n// https://www.gimp.org/\nmeta(\"image\", \"eXperimental Computing Facility (GIMP Image)\");\n\nfunction detect() {\n if (Binary.compare(\"67 69 6D 70 20 78 63 66\")) {\n var versionNumber = Binary.getString(9, 4).trim();\n\n if (/^[a-z-0-9]{4}/.test(versionNumber)) {\n if (X.isVerbose()) sVersion = versionNumber;\n bDetected = true;\n }\n }\n\n return result();\n}" }, { "path": "db/Binary/image_bin.ZBMP.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: Kaens (TG @kaens)\n\nmeta(\"image\", \"Zlib-packed BMP file (.ZBM)\");\n\nfunction detect() {\n\n // found in ex. Snails for Palm OS, .zbm are simply zlib archives at offset 0x10 of uncompressed bitmap images\n if (X.c(\"'ZBMP'\") && X.c(\"78DA\", 0x10) && (w = X.U32(4)) && w < 0x10000 && (h = X.U32(8)) && h < 0x10000) {\n bDetected = true;\n sOptions = w + 'x' + h; //if(n=X.U32(0xC) sOption(n,'x'))\n }\n\n return result();\n}\n" }, { "path": "db/Binary/image_heuristic.image.HDR.1.sg", "content": "// Detect It Easy: detection rule file\r\n// Authors: Kaens TG@kaens\r\n\r\nmeta(\"~image\", \"Greg Ward's RGBE / Radiance HDR (.hdr, .pic, .rgbe, .xyze)\");\r\n\r\nfunction detect() {\r\n if (X.isHeuristicScan()) {\r\n bDetected = (\r\n X.fSig(0, 0x80, \"'#?RADIANCE'0A\") >= 0 ||\r\n X.fSig(0, 0x80, \"'#?RGBE'0A\") >= 0\r\n ) && X.fSig(0x0A, 0x400, \"0A'FORMAT='\") >= 0;\r\n }\r\n\r\n return result();\r\n}\r\n" }, { "path": "db/Binary/protector_javascript-obfuscator.2.sg", "content": "// Detect It Easy: detection rule file\n\n// Author: DosX\n// E-Mail: collab@kay-software.ru\n// GitHub: https://github.com/DosX-dev\n// Telegram: @DosX_dev\n\n// https://github.com/javascript-obfuscator/javascript-obfuscator\nmeta(\"protector\", \"javascript-obfuscator\");\n\nfunction detect() {\n // Is JS file?\n if (isSignatureInBeginAndEndPresent(\"'function'\") &&\n (\n isSignatureInBeginAndEndPresent(\"'var '\") ||\n isSignatureInBeginAndEndPresent(\"'const '\") ||\n isSignatureInBeginAndEndPresent(\"')();'\")\n )) {\n\n if (isSignatureInBeginAndEndPresent(\"'_0x'\")) {\n if (isSignatureInBeginAndEndPresent(\"'_0x' .. .. .. .. '('\") ||\n isSignatureInBeginAndEndPresent(\"'_0x' .. .. .. .. .. '('\") ||\n isSignatureInBeginAndEndPresent(\"'_0x' .. .. .. .. .. .. '('\")) {\n bDetected = true;\n }\n }\n\n if (isSignatureInBeginAndEndPresent(\"'parseInt(' .. '('\")) {\n sOptions = \"mangled\";\n bDetected = true;\n }\n\n if (isSignatureInBeginAndEndPresent(\"'=[\\\"'\") && isSignatureInBeginAndEndPresent(\"'\\\",\\\"'\") ||\n isSignatureInBeginAndEndPresent(\"'=[' 27\") && isSignatureInBeginAndEndPresent(\"27 ',' 27\")) {\n sOptions += (sOptions.length !== 0 ? \" + \" : String()) + \"strings array\";\n }\n }\n\n return result();\n}\n\nfunction isSignatureInBeginAndEndPresent(signature) {\n var chunkToAnalyze = 1024 * 10;\n\n if (chunkToAnalyze > Binary.getSize())\n chunkToAnalyze = Binary.getSize();\n\n if (Binary.isSignaturePresent(0, chunkToAnalyze, signature) || chunkToAnalyze != Binary.getSize()) {\n return Binary.isSignaturePresent(Binary.getSize() - chunkToAnalyze, chunkToAnalyze, signature);\n }\n}" }, { "path": "db/Binary/rom_32X.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: BJNFNE \n\n// https://plutiedev.com/rom-header\nmeta(\"rom\", \"Mega Drive (Mega Everdrive extensions)\");\n\nfunction detect() {\n if (Binary.compare(\"'SEGA SSF '\", 0x100)) {\n bDetected = true;\n }\n\n return result();\n}\n" }, { "path": "db/Binary/script_text.Shell.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: Jason Hood \n\nmeta(\"script\", \"Shell\");\n\nincludeScript(\"shell-script\");\n\nfunction detect() {\n if (isInterpreter(\"sh\")) {\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/Binary/shellcode.pe_to_shellcode.1.sg", "content": "// Detect It Easy: detection rule file\r\n// Author: nicholasmckinney\r\n\r\n\r\n// Detects hashezerade's reflective pe_to_shellcode generator\r\n// https://github.com/hasherezade/pe_to_shellcode\r\n\r\nmeta(\"shellcode\", \"pe_to_shellcode\");\r\n\r\n\r\nfunction detect() {\r\n bDetected = false;\r\n\r\n // https://github.com/hasherezade/pe_to_shellcode/blob/master/pe2shc/stub2/stub32.bin\r\n var stub32 = \"558BEC51518D45F85350E8AA0100005984C0750883C8FFE9A4000000\" +\r\n \"56578B7D08B84D5A00006639070F858C0000008B773C03F7813E50450000757F8D86A0\" +\r\n \"00000033DB391875046AFDEB71FF76345750E8FB00000083C40C84C075046AFCEB5C39\" +\r\n \"9E80000000742357FFB684000000FFB680000000FF75FCFF75F8E86F00000083C41484\" +\r\n \"C075046AFBEB318D86C0000000391874095750E82800000059598B4628B90020000003\" +\r\n \"C766854E167408536A0157FFD0EB07FFD0EB036AFE585F5E5BC9C204008B4424045657\" +\r\n \"8B7C24108B008B74380C85F674128B0E85C9740C6A006A0157FFD183C60475EE5FB001\" +\r\n \"5EC3538B5C241855568B7424185703F3EB3C03C350FF5424188BE885ED74408B7E1003\" +\r\n \"FBEB1F79050FB7C1EB058D430203C185C074295055FF54242085C0741F890783C7048B\" +\r\n \"0F85C975DB83C6148B460C85C075BD85F60F95C05F5E5D5BC332C0EBF78B4424045355\" +\r\n \"568B08034C241457EB478B410483F808723F8D68F8D1ED6A005B74320FB7545908668B\" +\r\n \"C266C1E80C6685C074216683F803752B8B44241881E2FF0F00002B44241C03D6035424\" +\r\n \"180102433BDD72CE0349048B3185F675B3B0015F5E5D5BC332C0EBF7565768029FE66A\" +\r\n \"E88B0100008BF05985F67431688DBDC13F56E87C0000008BF8595985FF741E68FF1F7C\" +\r\n \"C956E869000000595985C0740D8B4C240C894104B0018939EB0232C05F5EC353568B74\" +\r\n \"240C83CAFF8A1E84DB743B8A7C24105784FF750A8D43BF3C19770380C3206A085F8BCA\" +\r\n \"0FBEC3D1E933C28BD181F22083B8ED24010F44D1D0FB83EF0175E3468A1E84DB75CB5F\" +\r\n \"F7D25E8BC25BC351515355568B742418B84D5A00005766390675618B463C8B44307885\" +\r\n \"C074568B54301C33FF8B4C30188954241C8B5430208B443024894C241085C974388D1C\" +\r\n \"328D2C308B4C241C0FB745006A018D048103C6894424188B0303C650E84FFFFFFF5959\" +\r\n \"3B44242074164783C50283C3043B7C241072CE33C05F5E5D5B5959C38B4424148B0003\" +\r\n \"C6EBEF56578B7C240C83CAFF33F60FB7076685C0745B5355807C2418000FB7C8894C24\" +\r\n \"1475108D41BF6683F819770783C120894C2414668B5C24146A085D8BC233CAD1E88BD0\" +\r\n \"81F22083B8ED80E1010F44D066D1EB66895C241483ED0174068B4C2414EBD9460FB704\" +\r\n \"776685C075A95D5BF7D25F8BC25EC364A1300000005356578B780C83C7148B37EB288D\" +\r\n \"46F885C074258B581885DB741E8378300074126A00FF7030E85AFFFFFF59593B442410\" +\r\n \"740C8B363BF775D433C05F5E5BC38BC3EBF800000000000000\";\r\n\r\n // https://github.com/hasherezade/pe_to_shellcode/blob/master/pe2shc/stub2/stub64.bin\r\n var stub64 = \"56488BF44883E4F04883EC20E805000000488BE65EC348895C240857\" +\r\n \"4883EC30488BF9488D4C2420E83702000084C0750883C8FFE9BD000000B84D5A000066\" +\r\n \"39070F85AA00000048635F3C4803DF813B504500000F8597000000488D8BB000000083\" +\r\n \"3900750AB8FDFFFFFFE9860000004C8B4330488BD7E86201000084C07507B8FCFFFFFF\" +\r\n \"EB6F83BB9000000000742A0F28442420488D4C2420488B93900000004C8BC7660F7F44\" +\r\n \"2420E89300000084C07507B8FBFFFFFFEB3C488D8BD00000008339007408488BD7E833\" +\r\n \"0000008B4328B9002000004803C766854B16740E4533C0488BCF418D5001FFD0EB09FF\" +\r\n \"D0EB05B8FEFFFFFF488B5C24404883C4305FC348895C2408574883EC208B01488BFA48\" +\r\n \"8B5C10184885DB741B4C8B0B4D85C974134533C0488BCF418D500141FFD14883C30875\" +\r\n \"E5488B5C2430B0014883C4205FC3488BC4488958084889681048897018488978204156\" +\r\n \"4883EC208BDA498BF04903D84C8BF1EB4A8BC84803CE41FF16488BE84885C074628B7B\" +\r\n \"104803FEEB2679050FB7D1EB07488D56024803D14885D27447488BCD41FF56084885C0\" +\r\n \"743B4889074883C708488B0F4885C975D24883C3148B430C85C075AF4885DB0F95C048\" +\r\n \"8B5C2430488B6C2438488B742440488B7C24484883C420415EC332C0EBE148895C2408\" +\r\n \"48897C2410448B09498BD84C03CA4C8BDA33FF458B114585D27459418379040872F141\" +\r\n \"8B51044C8BC74883EA0848D1EA7435430FB74C41080FB7C166C1E80C6685C074236683\" +\r\n \"F80A752681E1FF0F0000498BC34103CA482BC34903CB49FFC04801014C3BC272CB418B\" +\r\n \"41044C03C8EBA332C0EB02B001488B5C2408488B7C2410C348895C2408488974241057\" +\r\n \"4883EC20488BD9B9029FE66AE8FD010000488BF84885C07432BA8DBDC13F488BC8E893\" +\r\n \"000000488BF04885C0741DBAFF1F7CC9488BCFE87E0000004885C0740B48894308B001\" +\r\n \"488933EB0232C0488B5C2430488B7424384883C4205FC3448A09448ADA4C8BD14183C8\" +\r\n \"FFEB414584DB750C418D41BF3C1977044180C120BA08000000418BC8410FBEC14133C0\" +\r\n \"D1E9448BC14181F02083B8ED2401440F44C141D0F94883EA0175DB49FFC2458A0A4584\" +\r\n \"C975BA41F7D0418BC0C3488BC448895808488968104889701848897820415441564157\" +\r\n \"B84D5A0000448BFA4C8BC16639010F85870000004863413C8B8C088800000085C97478\" +\r\n \"498D040833FF8B68184885ED746A448B4820448B50244D03C8448B601C4D03D0410FB7\" +\r\n \"02458B194D03D883CAFF498D3484EB2741BE080000008BCA0FBEC333C2D1E98BD181F2\" +\r\n \"2083B8ED24010F44D1D0FB4983EE0175E249FFC3418A1B84DB75D2F7D2413BD7742D48\" +\r\n \"FFC74983C2024983C104483BFD72A833C0488B5C2420488B6C2428488B742430488B7C\" +\r\n \"2438415F415E415CC3428B04064903C0EBDC48895C240848897C2410440FB7094183C8\" +\r\n \"FF33FF8ADA448BD74C8BD9EB4684DB750F418D41BF6683F8197705664183C120BA0800\" +\r\n \"0000418BC8410FB7C14133C0D1E9448BC14181F02083B8ED2401440F44C16641D1E948\" +\r\n \"83EA0175DA49FFC2470FB70C53664585C975B4488B5C240841F7D0488B7C2410418BC0\" +\r\n \"C348895C240848896C24104889742418574883EC2065488B0425600000008BE9488B78\" +\r\n \"184883C720488B1F483BDF7430488D43F04885C07427488B70304885F6741E488B4860\" +\r\n \"4885C9740B33D2E834FFFFFF3BC57405488B1BEBD0488BC6EB0233C0488B5C2430488B\" +\r\n \"6C2438488B7424404883C4205FC300000000000000000000000000\";\r\n\r\n var redir32_64_Start = \"4D5A4552E8000000005B4883EB09534881C3\",\r\n redir32_Start = \"4D5A4552E8000000005883E8095005\",\r\n redir64_Start = \"4D5A4552E800000000594883E909488BC14805\";\r\n\r\n var signatures = [redir32_64_Start, redir32_Start, stub32, redir64_Start, stub64];\r\n\r\n var nSize = Binary.getSize();\r\n\r\n if (nSize > 0x4000) {\r\n nSize = 0x4000;\r\n }\r\n\r\n for (var i = 0; i < signatures.length; i++) {\r\n if (Binary.isSignaturePresent(0, nSize, signatures[i])) {\r\n bDetected = true;\r\n\r\n if (i <= 2) {\r\n sOptions = \"x86\";\r\n } else {\r\n sOptions = \"AMD64\";\r\n }\r\n }\r\n }\r\n\r\n return result();\r\n}" }, { "path": "db/Binary/shellcode_donut.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: nicholasmckinney\n\nmeta(\"shellcode\", \"Donut\");\n\n\nfunction detect() {\n bDetected = false;\n\n // https://github.com/TheWover/donut/blob/dafea1702ce2e71d5139c4d583627f7ee740f3ae/donut.c#L1235\n var bInstCall = Binary.readByte(0);\n if (bInstCall != 0xE8) {\n return result();\n }\n\n if (Binary.readWord(1) != Binary.readWord(5)) {\n return result();\n }\n\n var callDest = Binary.readDword(1)\n\n // https://github.com/TheWover/donut/blob/dafea1702ce2e71d5139c4d583627f7ee740f3ae/donut.c#L1239\n var popECXOffset = callDest + 5; // 1 byte for E8 (call opcode) and 4 bytes for destination offset\n\n if (Binary.readByte(popECXOffset) != 0x59) {\n return result();\n }\n\n bDetected = true;\n\n var archDetectionOffset = popECXOffset + 1;\n var archDetectBytes = Binary.readDword(archDetectionOffset) & 0x00ffffff;\n\n switch (archDetectBytes) {\n // https://github.com/TheWover/donut/blob/dafea1702ce2e71d5139c4d583627f7ee740f3ae/donut.c#L1242-L1248\n case 0x52515a:\n sOptions = \"x86\";\n break;\n\n // https://github.com/TheWover/donut/blob/dafea1702ce2e71d5139c4d583627f7ee740f3ae/donut.c#L1270-L1273\n case 0x48c031:\n sOptions = \"x86 + AMD64\";\n break;\n default:\n sOptions = \"AMD64\";\n }\n\n return result();\n}" }, { "path": "db/Binary/shellcode_srdi-monoxgas.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: nicholasmckinney\n\n// https://github.com/monoxgas/sRDI/blob/9fdd5c44383039519accd1e6bac4acd5a046a92c/Python/ShellcodeRDI.py\nmeta(\"shellcode\", \"Monoxgas sRDI\");\n\nfunction detect() {\n if (Binary.isDeepScan()) {\n // 32-bit and 64-bit start out with the same first 5 bytes (relative jump)\n var jumpStartOffset = Binary.findSignature(0, Binary.getSize(), \"E800000000\");\n\n var currentOffset = jumpStartOffset + 5;\n\n // Possible 64-bit sRDI\n // https://github.com/monoxgas/sRDI/blob/9fdd5c44383039519accd1e6bac4acd5a046a92c/Python/ShellcodeRDI.py#L76-L80\n if (Binary.readDword(currentOffset) == 0xC8894959) {\n sOptions = \"AMD64\";\n bDetected = true;\n } else if (Binary.readDword(currentOffset) == 0xE5895558) { // Possible 32-bit sRDI\n sOptions = \"x86\";\n bDetected = true;\n }\n }\n return result();\n}\n" }, { "path": "db/Binary/source_text.HTML.1.sg", "content": "// Detect It Easy: detection rule file\r\n// Author: horsicq \r\n\r\nmeta(\"source\", \"HTML\");\r\n\r\nfunction detect() {\r\n var sText = Binary.getHeaderString();\r\n if (/^<\\s*(!DOCTYPE\\s+)?html\\b[^>]*>/im.test(sText)) {\r\n bDetected = true;\r\n }\r\n\r\n sLang = \"HTM\";\r\n\r\n return result();\r\n}\r\n" }, { "path": "db/Binary/source_text.Pascal.1.sg", "content": "// Detect It Easy: detection rule file\r\n// Author: horsicq \r\n\r\nmeta(\"source\", \"Pascal\");\r\n\r\nfunction detect() {\r\n var sText = Binary.getHeaderString();\r\n /* if(/^unit/im.test(sText)) {\r\n bDetected = true;\r\n } */\r\n if (/^\\s*program\\s.*\\s*uses\\s/im.test(sText)) {\r\n bDetected = true;\r\n }\r\n\r\n sLang = \"Pascal\";\r\n\r\n return result();\r\n}\r\n" }, { "path": "db/Binary/source_text.XML.1.sg", "content": "// Detect It Easy: detection rule file\r\n// Author: horsicq \r\n\r\nmeta(\"source\", \"XML\");\r\n\r\nfunction detect() {\r\n var sText = Binary.getHeaderString();\r\n // Ignore the UTF-8 BOM.\r\n if (/^(?:\\xef\\xbb\\xbf)?<\\?xml/.test(sText)) {\r\n var aVersion = sText.match(/version=\"(.*?)\"/);\r\n if (aVersion) {\r\n sVersion = aVersion[1];\r\n }\r\n\r\n bDetected = true;\r\n }\r\n\r\n return result();\r\n}\r\n" }, { "path": "db/Binary/source_text.c.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: Jason Hood \n\nmeta(\"source\", \"C/C++\");\n\nfunction detect() {\n var sText = Binary.getHeaderString();\n if (/^#ifndef (\\w+).*\\s+^#define \\1/m.test(sText) ||\n /#\\s*pragma (?:once|hdrstop)/.test(sText)) {\n sOptions = \"header\";\n bDetected = true;\n }\n if (/^(?:class\\b|virtual\\b|public:|private:|template\\b)/m.test(sText)) {\n if (!(/\\sdef\\s/.test(sText))) // to avoid false positives on python\n {\n sName = \"C++\";\n bDetected = true;\n }\n } else {\n var aInclude = sText.match(/^#include [\"<].*?[>\"]/mg);\n if (aInclude) {\n bDetected = true;\n for (var i = 0; i < aInclude.length; i++) {\n if (aInclude[i].indexOf(\".\") < 0) {\n sName = \"C++\";\n break;\n }\n }\n } else if (/^#define/m.test(sText)) {\n bDetected = true;\n }\n }\n\n return result();\n}" }, { "path": "db/Binary/source_text.python.1.sg", "content": "// Detect It Easy: detection rule file\r\n// Author: horsicq \r\nmeta(\"source\", \"Python\");\r\n\r\nfunction detect() {\r\n var sText = Binary.getHeaderString();\r\n\r\n if ((/import\\s/.test(sText)) && (/class\\s/.test(sText)) && (/self/.test(sText))) {\r\n if (/\\sdef\\s/.test(sText)) {\r\n bDetected = true;\r\n }\r\n }\r\n\r\n sLang = \"Python\";\r\n\r\n return result();\r\n}\r\n" }, { "path": "db/Binary/text.script.2.sg", "content": "// Detect It Easy: detection rule file\r\n// Author: Jason Hood \r\n\r\nmeta(\"script\");\r\n\r\nincludeScript(\"shell-script\");\r\n\r\nfunction detect() {\r\n if (sInterpreter) {\r\n // Capitalize the first letter, lowercase the rest.\r\n sName = sInterpreter.substr(0, 1).toUpperCase() + sInterpreter.substr(1).toLowerCase();\r\n bDetected = true;\r\n }\n\n return result();\n}" }, { "path": "db/Binary/win_resources.1.sg", "content": "// Detect It Easy: detection rule file\r\n// Author: horsicq \r\n\r\nmeta(\"format\");\r\n\r\nfunction detect() {\r\n if (Binary.isResource()) {\r\n var mapNames = {\r\n \"1\": \"Resource Cursor\",\r\n \"2\": \"Windows Bitmap\",\r\n \"3\": \"Resource Icon\",\r\n \"4\": \"Resource Menu\",\r\n \"5\": \"Resource Dialog\",\r\n \"6\": \"Resource String Table\",\r\n \"7\": \"Font Directory\",\r\n \"8\": \"Font\",\r\n \"9\": \"Accelerators\",\r\n \"10\": \"RC Data\",\r\n \"11\": \"Message Table\",\r\n \"12\": \"Windows Cursor\",\r\n \"14\": \"Windows Icon\",\r\n \"15\": \"Name Table\",\r\n \"16\": \"Resource Version Info\",\r\n \"17\": \"DlgInclude\",\r\n \"23\": \"HTML\",\r\n \"24\": \"Manifest\"\r\n };\r\n\r\n var sResName = mapNames[Binary.getScanID()];\r\n\r\n if (sResName) {\r\n sName = sResName;\r\n sOptions = \"Resources\";\r\n bDetected = true;\r\n }\r\n }\r\n\r\n return result();\r\n}\r\n" }, { "path": "db/Borland", "content": "// Detect It Easy: DiE-JS framework file\r\n// Don't change anything unless you're sure about what you're doing\r\n\r\n// Borland Delphi tests for Borland C++ first, so ensure we only do it once.\r\n\r\nvar bBorlandC;\r\nif (typeof bBorlandC === \"undefined\") {\r\n bBorlandC = 0;\r\n if (PE.compare(\"'MZ'50000200000004000F00FFFF0000B80000000000000040001A00000000000000000000000000000000000000000000000000000000000000000000020000BA10000E1FB409CD21B8014CCD219090'This program must be run under Win32\\r\\n$'370000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000'PE'0000\")) {\r\n bBorlandC = 1;\r\n } else if (PE.compareEP(\"A1........C1E002A3\")) {\r\n bBorlandC = 1;\r\n } else if (PE.compareEP(\"EB10'fb:C++HOOK'90\")) {\r\n bBorlandC = 2;\r\n } else if (PE.section.length > 1) {\r\n var nOffset = PE.section[1].FileOffset;\r\n var nSize = Math.min(1024, PE.section[1].FileSize);\r\n if (PE.isSignaturePresent(nOffset, nSize, \"'Borland C++ - Copyright'\")) {\r\n bBorlandC = 1;\r\n }\r\n }\r\n}" }, { "path": "db/CFBF/Microsoft_Installer.1.sg", "content": "// Detect It Easy: detection rule file\r\n// Author: horsicq \r\n\r\nmeta(\"Installer\", \"Microsoft Installer\");\r\n\r\nfunction detect() {\r\n if (CFBF.getFileFormatVersion() == 4.62) {\r\n sVersion = \"1.X-5.X\";\r\n bDetected = true;\r\n }\r\n\r\n return result();\r\n}\r\n" }, { "path": "db/CFBF/Microsoft_Office.1.sg", "content": "// Detect It Easy: detection rule file\r\n// Author: horsicq \r\n\r\nmeta(\"format\", \"Microsoft Office\");\r\n\r\nfunction detect() {\r\n if (CFBF.getFileFormatVersion() == 3.62) {\r\n sVersion = \"1997-2003\";\r\n bDetected = true;\r\n }\r\n\r\n return result();\r\n}\r\n" }, { "path": "db/CFBF/_CFBF.0.sg", "content": "// Detect It Easy: detection rule file\r\n// Author: horsicq \r\n\r\nmeta(\"format\", \"Compound File Binary Format\");\r\n\r\nfunction detect() {\r\n sName = CFBF.getFileFormatName();\r\n sVersion = CFBF.getFileFormatVersion();\r\n sOptions = CFBF.getFileFormatOptions();\r\n\r\n bDetected = true;\r\n\r\n return result();\r\n}\r\n" }, { "path": "db/CFBF/_init", "content": "// Detect It Easy: DiE-JS framework file\r\n// Don't change anything unless you're sure about what you're doing\r\n\r\nvar File = CFBF;\r\nvar X = CFBF;" }, { "path": "db/COM/32-bit_crypt.2.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"protector\", \"32-bit crypt\");\n\nfunction detect() {\n if (Binary.compare(\"6633c9678a81........34..2c..34..678881........6683c1..6681f9........75\")) {\n sOptions = \"by SWW //DiGiTAl FaCToRY\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/COM/COM_Sccrambler.2.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"protector\", \"COM Sccrambler\");\n\nfunction detect() {\n if (Binary.compare(\"e9$$$$fcbe....8bfeb9....515657b4..04..ac90902ac432c4aae2..5f5e5903f183ee..a5a4b8....5083eb..33c9\")) {\n sVersion = \"0.1\";\n sOptions = \"1995 by Moshe\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/COM/Character_Intro_Engine.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"self-displayer\", \"Character Intro Engine\");\n\nfunction detect() {\n if (Binary.compare(\"e9$$$$2e8b26....81c4....2ea1....2ea3....0e588ec08ed88bdc83c3..b1..d3eb43b4..cd21fc\")) {\n sOptions = \"by //UCF\";\n bDetected = true;\n } else if (Binary.compare(\"e9$$$$2e8b26....81c4....0e588ec08ed88bdc83c3..b1..d3eb43b4..cd21fc\")) {\n sOptions = \"by //UCF\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/COM/Crypt_(CyPoxl).2.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"protector\", \"Crypt by CyPoxl\");\n\nfunction detect() {\n if (Binary.compare(\"e9$$$$e8$$$$8bfc368b2d8bcd81ed....c3\")) {\n sVersion = \"1.1\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/COM/Crypt_(Dismember).2.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"protector\", \"Crypt by Dismember\");\n\nfunction detect() {\n if (Binary.compare(\"0E179C58F6C4..74..EB..90B4..BE....BF....B9....68....68....68....57F3A4C3\")) {\n sVersion = \"1.7\";\n bDetected = true;\n } else if (Binary.compare(\"e9$$$$bf....8bf7acad918ae157ac32c4f6d0d0c412e1aae2\")) {\n sVersion = \"2.0\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/COM/Deep_Crypter.2.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"cryptor\", \"Deep Crypter\");\n\nfunction detect() {\n if (Binary.compare(\"90e9$$$$e80000598be981ed....81e9....be....8dbe....668b056689048dbe....8bd78bdf83c3..8a043205f6d0\")) {\n sVersion = \"0.1b\";\n sOptions = \"by PLasMoiD\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/COM/Dn.COM_Cruncher.2.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"packer\", \"Dn.COM Cruncher\");\n\nfunction detect() {\n if (Binary.compare(\"33dbb5..8bf98be9be....57f3a4bf....c3\")) {\n sVersion = \"1.2\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/COM/Inbuild_Encryption.2.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"protector\", \"Inbuild Encryption\");\n\nfunction detect() {\n if (Binary.compare(\"b9....bb....2ed2072e281f43e2\")) {\n sVersion = \"1.0\";\n sOptions = \"by Christoph Gabler\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/COM/LHarc_SFX.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"sfx\", \"LHarc SFX\");\n\nfunction detect() {\n if (Binary.compare(\"eb$$fcbc....bb....e8....8cc82e0306....8ed88ec005....2e3b06....76..bb....e9....bf....33d28bc2b9....d1e873..35....e2..abfec275..be....bf....b8....ba....2e3a24\")) {\n sVersion = \"1.13S, 1.13L\";\n bDetected = true;\n } else if (Binary.compare(\"e9$$$$fcbc....bb....e8....8cc805....8ec0b8....cd21be....268816....26c706........ace8....74..263a06\")) {\n sVersion = \"1.14c\";\n bDetected = true;\n } else if (Binary.compare(\"e9$$$$fcbc....e8....9090908cc805....8ec0b8....cd21be....268816....26c706........ace8....74..263a06\")) {\n bDetected = true;\n }\n return result();\n}" }, { "path": "db/COM/Maveriks_C0der.2.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"protector\", \"Mavericks C0der\");\n\nfunction detect() {\n if (Binary.compare(\"e9$$$$2e8b0e....49bb....fcbe....8a26....ac32c488074388c4e2..b9....ffe1\")) {\n sVersion = \"1.XX\";\n bDetected = true;\n } else if (Binary.compare(\"e9$$$$2e8b3e....81c7....2e8b058ac82ea3....2e8a45..2ea2....be....462e8a0432c12e88048ac83bf775..e9\")) {\n sVersion = \"1.00a\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/COM/Microsoft_C.4.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"compiler\", \"Microsoft C\");\n\nfunction detect() {\n if (Binary.compare(\"fab8....05....b1..d3e88ccb03c38ed88cd0a3....8bc4a3....8cd88ed0bb....8be3fb891e....b8....a3....0633c0\")) {\n sVersion = \"1.04\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/COM/Microsoft_RTL.3.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"library\", \"Microsoft RTL\");\n\nfunction detect() {\n if (Binary.compare(\"b430cd213c..73..c38cdf8b36....2e893e....2bf781fe....72..be....b8....05....73..e8....33c050e8....b8ff4ccd218be0\")) {\n sVersion = \"1990\";\n bDetected = true;\n } else if (Binary.compare(\"b430cd213c..73..c38cdf8b36....2e893e....2bf781fe....72..be....bb....81c3....73..e8....33c050e8....b8....cd21\")) {\n sVersion = \"1992\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/COM/MrHDKiller_Protection.2.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"protector\", \"Mr.HDKiLLeR PriotectioN\");\n\nfunction detect() {\n if (Binary.compare(\"e9$$$$4851442ea1....2d....8bd805....8bf0bf....b9....90f3a48bcb\")) {\n sVersion = \"1.1p\";\n sOptions = \"//eMX!\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/COM/PC_FORTH.4.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"compiler\", \"PC/FORTH\");\n\nfunction detect() {\n if (Binary.compare(\"90e9$$$$29c08ed8bb....8a072ea2....80c8..80e0..8807a1....2ea3....a1....2ea3....a1....2ea3....a1....2ea3....8cc88ed08ec08ed8a3....8b26\")) {\n sOptions = \"1983 by Laboratory Microsystems Inc.\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/COM/RDT_ENC_3.2.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"protector\", \"RDT_ENC 3\");\n\nfunction detect() {\n if (COM.compare(\"e9$$$$be....8bfe8bce33c08ed8c706........c606......26acba....52fe0e....74..e8....d0c8fec83206....c3\")) {\n sOptions = \"by mr. Wicked\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/COM/RTD_Compressor.2.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"packer\", \"RTD_compressor\");\n\nfunction detect() {\n if (Binary.compare(\"bf....be....b5..57f3a5c3\")) {\n sOptions = \"by Mr.Wicked\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/COM/RTD_Compressor2.2.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"packer\", \"RTD_Compressor 2\");\n\nfunction detect() {\n if (Binary.compare(\"fcbf....be....b5..57f3a5c3\")) {\n sOptions = \"1997 by mr. Wicked\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/COM/SHOW_IT.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"self-displayer\", \"SHOW IT\");\n\nfunction detect() {\n if (Binary.compare(\"bf....32db2e8a150ad274..b4..cd214780fa..75..fec380fb..75..32db53b4..cd16b4..cd165b75\")) {\n sVersion = \"1.2\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/COM/SPHINX_C--.4.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"compiler\", \"SPHINX C--\");\n\nfunction detect() {\n if (Binary.compare(\"58bc....50b44abb....cd2173..b409ba....cd21c38cc88ec0bf....be....31d2bb....ac3c..74\")) {\n sVersion = \"1993\";\n bDetected = true;\n } else if (Binary.compare(\"58bc....50b44abb....cd2173..c3\")) {\n sVersion = \"0.203 (1994)\";\n bDetected = true;\n } else if (Binary.compare(\"58bc....50b44abb....cd2173..b409ba....cd21c3\")) {\n bDetected = true;\n } else if (Binary.compare(\"eb$$31c08ec026c706........268c0e....e9$$$$c8......b8....e8\")) {\n bDetected = true;\n } else if (Binary.compare(\"e9....'SPHINXC--'\")) {\n bDetected = true;\n } else if (Binary.compare(\"0e07bf....be....31d2bb....ac3c..74..3c..74..3c..74..aaac\")) {\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/COM/Shade's_COM_Encryptor.2.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"cryptor\", \"ShadE's COM encRYPTOR\");\n\nfunction detect() {\n if (Binary.compare(\"e9$$$$33c033db33c933d233edbf....be....b9....ac83c3..d3c38d9f....8dae....03dd\")) {\n sVersion = \"1.0\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/COM/Shadow_COM_encryptor.2.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"cryptor\", \"Shadow COM encryptor\");\n\nfunction detect() {\n if (Binary.compare(\"e9$$$$b9....bb....be....bf....ad33c3ab86dff7d3e2..68\")) {\n sVersion = \"1.0\";\n sOptions = \"by Tailgunner\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/COM/TPC_Scramble.2.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"protector\", \"TPC Scramble\");\n\nfunction detect() {\n if (Binary.compare(\"e9$$$$b0..bb....5351b9....2e3007fec043e2..bb....c707....c647....33c033db59c3\")) {\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/COM/Text_Header.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"other\", \"Text Header\");\n\nfunction detect() {\n if (Binary.compare(\"e9$$$$b9....be....bf....f3a468....c3\")) {\n sVersion = \"1.0\";\n sOptions = \"from EXE2COM 9.50 by B. Vorontsov\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/COM/The_DRAW.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"self-displayer\", \"The DRAW\");\n\nfunction detect() {\n if (Binary.compare(\"eb$$b40fcd10bb....3c..74..3c..74..c606......bb....3c..74..ba....b409cd21c3\")) {\n sVersion = \"4.6\";\n bDetected = true;\n } else if (Binary.compare(\"eb$$b40fcd108ccb8edbbb....b4..3c..74..3c..73..bb....8a26....3c..73..8d16\")) {\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/COM/Tiny_Xor.2.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"protector\", \"Tiny Xor [tDCE]\");\n\nfunction detect() {\n if (Binary.compare(\"e9$$$$fcb8....bb....b9....be....300402c386c486df46e2..be....c704....c644....33c033db33c9ffe6\")) {\n sVersion = \"0.52b\";\n sOptions = \"by ThE DOCTOr //DiPG\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/COM/Unknown_cryptors.2.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"cryptor\", \"Unknown cryptor\");\n\nfunction detect() {\n if (Binary.compare(\"fa8cde8ccf8edf8ec783c7..bb....8b1f83c3..b1..d3eb2bfbe8\")) {\n sVersion = \"#01\";\n bDetected = true;\n } else if (Binary.compare(\"e9$$$$b9....b3..be....bf....acfec332c3aae2\")) {\n sVersion = \"#02\";\n sOptions = \"exe 0-relocs crypt\";\n bDetected = true;\n } else if (Binary.compare(\"'GENERATED'00'FILE'bc....bf....8bf7b9....b3..ac34..d2c02ac3d2c832c3fec3aae2\")) {\n sVersion = \"#03\";\n sOptions = \"GENERATED FILE\";\n bDetected = true;\n } else if (Binary.compare(\"3ec606......90eb$$2e8a36....8ec08cd8be....bf....2e033e....26a3....26893e....26a3....26c706........0e07\")) {\n sVersion = \"#04\";\n bDetected = true;\n } else if (Binary.compare(\"e8$$$$fc8bec8b4e..2bc08bf9f2aebb....03d9875e..fec58bf1ac8ad0ad8bc88bfeac32c2aae2\")) {\n sVersion = \"#05\";\n bDetected = true;\n } else if (Binary.compare(\"fc525756ba....b9....be....bf....52f3a52ec606......c3\")) {\n sVersion = \"#06\";\n bDetected = true;\n } else if (Binary.compare(\"b4..be....bf....b9....68....68....68....57f3a4c3\")) {\n sVersion = \"#07\";\n bDetected = true;\n } else if (Binary.compare(\"b8....05....50c3\")) {\n var nOffset = Binary.readWord(1) + Binary.readWord(4) - 256;\n if (Binary.compare(\"90902ea1....8bc85005....9083e9..bf....2e8035..47495083f9..74..c3\", nOffset)) {\n sVersion = \"#08\";\n sOptions = \"xorer\";\n bDetected = true;\n }\n } else if (Binary.compare(\"e9$$$$e8$$$$5e83ee..2e8984....06562e8c9c....0e070e1fb430cd213c..7d..bb....03dee8....b0..b44ccd21\")) {\n sVersion = \"#11\";\n bDetected = true;\n } else if (Binary.compare(\"e9$$$$b9....be....bf....bb....5357ad3d....74..c1c8..bb....03d933c3abe2\")) {\n sVersion = \"#15\";\n sOptions = \"xorer\";\n bDetected = true;\n } else if (Binary.compare(\"e9$$$$e8$$$$5d83ed..0e1f0e07be....03f5bf....b9....f3a460be....0204463b\")) {\n sVersion = \"#16\";\n sOptions = \"1995 by A.V.Lemenkov\";\n bDetected = true;\n } else if (Binary.compare(\"e9$$$$be....56b9....c704....c644....8134....4646cce2\")) {\n sVersion = \"#17\";\n sOptions = \"xorer\";\n bDetected = true;\n } else if (Binary.compare(\"60bb....be....bf....8bcf03fb5781e9....f3a4c3\")) {\n sName = \"Com-crypt\";\n sVersion = \"#18\";\n bDetected = true;\n } else if (Binary.compare(\"e9$$$$8b1e....81eb....b8....5053b430cd215beb\")) {\n sVersion = \"#19\";\n sOptions = \"by WICKED!\";\n bDetected = true;\n } else if (Binary.compare(\"e9$$$$bf....8bf43bf776..8be7e8$$$$5f53518bdf43b9....2bcb300f43e2\")) {\n sVersion = \"#20\";\n sOptions = \"(xorer) 1988 by Executive Systems, Inc.\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/COM/VGA_font_loader.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"other\", \"VGA font loader\");\n\nfunction detect() {\n if (Binary.compare(\"e9$$$$b8....8ed8fafcbf....8b36....8e1e....b9....f3a5b8....8ed8c706........8c0e....8cc88ed8\")) {\n sOptions = \"by Pete I. Kvitek\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/COM/VSF&K_protection.2.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"protector\", \"VSF&K protection\");\n\nfunction detect() {\n if (Binary.compare(\"e9$$$$eb$$8cdb8cca8edafa8becbe....bc....bf....313c312446474c75\")) {\n sOptions = \"1992\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/COM/WSP_self_update.2.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"sfx\", \"WSP self update\");\n\nfunction detect() {\n if (Binary.compare(\"bb....b4..ba....cd212e891e....b4..bb....cd2173..ba....e9\")) {\n sVersion = \"1.50\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/COM/WiZ_Cryptor.2.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"cryptor\", \"WiZ Cryptor\");\n\nfunction detect() {\n if (Binary.compare(\"e9$$$$fa60561e8ed8be....bf....b8....8706....ab8cc88706....ab1f68....9c5880cc..509dfc\")) {\n sVersion = \"1.00a\";\n sOptions = \"by SP0T //UCL\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/COM/_COM.0.sg", "content": "// Detect It Easy: detection rule file\r\n// Author: horsicq \r\n\r\nmeta(\"operation system\", \"MS-DOS\");\r\n\r\nfunction detect() {\r\n if (COM.isVerbose()) {\r\n sName = COM.getOperationSystemName();\r\n sVersion = COM.getOperationSystemVersion();\r\n sOptions = COM.getOperationSystemOptions();\r\n\r\n bDetected = true;\r\n }\r\n\r\n return result();\r\n}\r\n" }, { "path": "db/COM/_init", "content": "// Detect It Easy: DiE-JS framework file\r\n// Don't change anything unless you're sure about what you're doing\r\n\r\nvar File = COM;\r\nvar X = COM;" }, { "path": "db/COM/compiler_8086_Forth_83.4.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"compiler\", \"8086 Forth 83\");\n\nfunction detect() {\n if (Binary.compare(\"e9$$$$8cc88ed88ed08ec0a1....b0..a3....2d....a3....2d....8be8bb....031e....892f2d....a3....bb....031e....89078be0be....e9\")) {\n sVersion = \"2.1.0\";\n sOptions = \"1985\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/COM/compiler_ASIC-Basic.4.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"compiler\", \"ASIC-Basic\");\n\nfunction detect() {\n if (Binary.compare(\"e9$$$$33dbb4..cd108916....cc90b0..ba....33c9b7..b4..cd1031d28916....b4..30ffcd1090\")) {\n sVersion = \"5.0\";\n sOptions = \"1994 by David Visti of 80/20 Software\";\n bDetected = true;\n } else if (Binary.compare(\"e9$$$$33dbb4..cd108916....cc90b0..a2....ba....a0....3c..75..b4..b0..cd2172..a3\")) {\n sOptions = \"by David Visti of 80/20 Software\";\n bDetected = true;\n } else if (Binary.compare(\"e9$$$$33dbb4..cd108916....cc90fcb9....be....bf....f3a490fcb9....be....bf....f3a4\")) {\n sVersion = \"3.0\";\n sOptions = \"by David Visti of 80/20 Software\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/COM/compiler_BAT2EXEC.2.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"compiler\", \"BAT2EXEC\");\n\nfunction detect() {\n if (COM.compare(\"eb$$fcbd....8b....8b......8b......b44acd21a1....8986\")) {\n sOptions = \"by Douglas Boling\";\n sVersion = \"1.5\";\n bDetected = true;\n } else if (COM.compare(\"fcbd....8b....8b......8b......b44acd21a1....8986\")) {\n sOptions = \"by Douglas Boling\";\n sVersion = \"1.2\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/COM/compiler_BatLite.4.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"compiler\", \"BatLite\");\n\nfunction detect() {\n if (Binary.compare(\"eb$$e8....bb....8bf3031e....891e....81fb....73..bb....8bfb891e....031e....81c3....8be3b1..d3eb43\")) {\n sOptions = \"1991-95 by Pieter A. Hintjens\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/COM/compiler_Borland_C++.4.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"compiler\", \"Borland C++\");\n\nfunction detect() {\n if (Binary.compare(\"8cca2e8916....b430cd218b2e....8b1e....8edaa3....8c06....891e....892e....e8....a1....8ec033c08bd88bf8b9....fcf2aee3\")) {\n sOptions = \"1991\";\n bDetected = true;\n } else if (Binary.compare(\"8cca2e8916....b430cd218b2e....1e2c..daa3....8c06....891e....892e....e8....a1....8ec033c08bd88bf8b9....fcf2aee3\")) {\n sOptions = \"1991\";\n bDetected = true;\n }\n\n sLang = \"C++\";\n\n return result();\n}" }, { "path": "db/COM/compiler_Datalight_C.4.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"compiler\", \"Datalight/Northwest C\");\n\nfunction detect() {\n if (Binary.compare(\"eb$$fab8....b9....d3e88cc903c18ed88c06....8bd82b1e....891e....268b1e....2bd881fb....72..bb....8bd003d342b1..d3e38ed08be381eb....81fb....77\")) {\n sVersion = \"3.10 S\";\n sOptions = \"by Walter Bright\";\n bDetected = 1;\n }\n\n sLang = \"C\";\n\n return result();\n}" }, { "path": "db/COM/compiler_Easy!-C.4.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"compiler\", \"Easy!-C\");\n\nfunction detect() {\n if (Binary.compare(\"9c55568ccd83c5..8db6....56be....56cb\")) {\n sOptions = \"1993 by Flight Technologys\"; //spelling taken from file\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/COM/compiler_Fig-FORTH.4.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"compiler\", \"Fig-FORTH\");\n\nfunction detect() {\n if (Binary.compare(\"90e9$$$$be....8cc88ed88b26....8ed08ec0fc8b2e....e8$$$$b0..ba....b4..cd21c3\")) {\n sVersion = \"1.0\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/COM/compiler_ForthCMP.2.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"compiler\", \"ForthCMP\");\n\nfunction detect() {\n if (Binary.compare(\"90e9$$$$8cc88ed08ec08ed8bc....b430cd2180f8..73..ba....b409cd2131c0cd218cc881c0....8b1e....81eb....39d8\")) {\n sOptions = \"1995 by Thomas Almy\";\n bDetected = true;\n }\n if (Binary.compare(\"e9$$$$bc....c706........bd....892e....fce8....b8....cd21\")) {\n sVersion = \"2.1\";\n sOptions = \"by Thomas Almy\";\n bDetected = true;\n }\n if (Binary.compare(\"e9$$$$bc....c706........bd....892e....b4..bb....cd21fce8\")) {\n sVersion = \"2.1\";\n sOptions = \"by Thomas Almy\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/COM/compiler_ForthCMP.4.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"compiler\", \"ForthCMP\");\n\nfunction detect() {\n if (Binary.compare(\"90e9$$$$8cc88ed08ec08ed8bc....b430cd2180f8..73..ba....b409cd2131c0cd218cc881c0....8b1e....81eb....39d8\")) {\n sOptions = \"1995 by Thomas Almy\";\n bDetected = true;\n }\n if (Binary.compare(\"e9$$$$bc....c706........bd....892e....fce8....b8....cd21\")) {\n sVersion = \"2.1\";\n sOptions = \"by Thomas Almy\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/COM/compiler_GP-FORTH.4.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"compiler\", \"GP-FORTH\");\n\nfunction detect() {\n if (Binary.compare(\"e9$$$$8cc88ed8a1....a3....a1....a3....e8$$$$a1....3d....74..0306....72..a3....b1..d3e8408ccb8ec35003d8\")) {\n sVersion = \"93.9-94.7\";\n sOptions = \"1990-94 by Golden Porcupine Software\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/COM/compiler_Lattice_C.4.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"compiler\", \"Lattice C\");\n\nfunction detect() {\n if (Binary.compare(\"fab8....05....b1..d3e88ccb03c38ed88ed0\")) {\n if (Binary.compare(\"a3....bc....fbfc8cd88cc92bc1b1..d3c0a3....8126\", 19)) {\n sVersion = \"3.0\";\n } else if (Binary.compare(\"bc....fb8cd88cc92bc1b1..d3c0a3....8126\", 19)) {\n sVersion = \"3.0\";\n } else if (Binary.compare(\"bc....fbb430cd210ac075\", 19)) {\n sVersion = \"2.1\";\n } else if (Binary.compare(\"268b1e....2bd8f7c3....75..b1..d3e3eb..bb\", 19)) {\n sVersion = \"1.01\";\n } else if (Binary.compare(\"bb....2bd8f7c3....75..b1..d3e3eb..bb\", 19)) {\n sVersion = \"1.0\";\n }\n bDetected = true;\n } else if (Binary.compare(\"eb$$fab8....05....b1..d3e88ccb03c32ea3....8ed88ed0bc....fbb430cd21\")) {\n sVersion = \"2.1\";\n bDetected = true;\n } else if (Binary.compare(\"b8....05....b1..d3e88ccb03c38ed88ed0268b1e....2bd8f7c3....75..b1..d3e3eb\")) {\n sVersion = \"1.01\";\n bDetected = true;\n } else if (Binary.compare(\"e9$$$$e8....8cc88ec0eb$$fab8....05....b1..d3e88ccb03c38ed88ed0bc....fbb430cd21\")) {\n sVersion = \"2.1\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/COM/compiler_MICRO-C.4.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"compiler\", \"MICRO-C\");\n\nfunction detect() {\n if (Binary.compare(\"bb....b44acd21bc....be....bf....bb....b9....8a043c..74..3c..75..46eb\")) {\n sOptions = \"by Dave Dunfield\";\n bDetected = true;\n } else if (Binary.compare(\"bb....b44acd2133c08be0bf....b9....2bcff3aabe....bf....bb....b9....8a043c..74..46\")) {\n sOptions = \"by Dave Dunfield\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/COM/compiler_MINIFORTH.4.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"compiler\", \"MINIFORTH\");\n\nfunction detect() {\n if (Binary.compare(\"e9$$$$fc33c08bd8a3....89c52d....a3....89c4b8....a3....891e....be....adffe0\")) {\n sVersion = \"1.0\";\n sOptions = \"1988 by Ted Beach\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/COM/compiler_MoonRock.2.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"compiler\", \"MoonRock\");\n\nfunction detect() {\n if (Binary.compare(\"bc....bb....b1..d3eb81c3....b4..cd2172..b8....cd212e891e....2e8c06....b8....ba....cd21\")) {\n sVersion = \"0.52.b01\";\n sOptions = \"1994-2000 by Rowan Crowe\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/COM/compiler_OUTFORTH.4.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"compiler\", \"OUTFORTH\");\n\nfunction detect() {\n if (Binary.compare(\"90e9$$$$29c08ed8bb....8a0780c8..80e0..88078cc88ed08ec08ed8a3....ba....b4..b0..cd21ba....b4..b0..cd21be....8b26....8b2e....fce9\")) {\n sOptions = \"1989 by Norman L. Hills\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/COM/compiler_PBFC.2.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"compiler\", \"Personal Batch File Compiler\");\n\nfunction detect() {\n if (Binary.compare(\"eb$$90fcbd....8b....8b......8b......b44acd21a1....8986\")) {\n sOptions = \"1993, 2003 by Kinglion Software Workroom\";\n sVersion = \"1.6c\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/COM/compiler_RMCOBOL.4.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"compiler\", \"RM/COBOL\");\n\nfunction detect() {\n if (Binary.compare(\"e9$$$$e8$$$$e8$$$$5a2e8c1e....b1..bb....81c3....f6c3..74..83c3..81e3....58fa8be3fb50d3eb52062e8e06....8bd3\")) {\n sVersion = \"2.2\";\n sOptions = \"1985 by Ryan-McFarland Corp.\";\n bDetected = true;\n }\n\n sLang = \"Cobol\";\n\n return result();\n}" }, { "path": "db/COM/compiler_SP-FORTH.4.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"compiler\", \"SP-FORTH\");\n\nfunction detect() {\n if (Binary.compare(\"8b26....8bec83ed..e9$$$$e8$$$$83ed..8976..5eadffe0\")) {\n sVersion = \"1.01\";\n sOptions = \"1992 by Stroyprogress Ltd.\";\n bDetected = true;\n } else if (Binary.compare(\"8b26....8bec83ed..e9$$$$e8$$$$87ec5687ec5eadffe0\")) {\n sVersion = \"1.5\";\n sOptions = \"1993\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/COM/compiler_Surpas-86.4.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"compiler\", \"Surpas-86 (Pascal compiler)\");\n\nfunction detect() {\n if (Binary.compare(\"e9$$$$e9$$$$b8....05....25....b1..d3e88cca03d08eda2ea1....2bc2a3....33db2d....73..8b1e....b1..d3e333c0\")) {\n sVersion = \"1.0\";\n sOptions = \"1987 by Tixaku Pty Ltd\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/COM/compiler_TCOM.4.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"compiler\", \"Forth Target COMpiler\");\n\nfunction detect() {\n if (Binary.compare(\"8cc805....8ed88ed0b8....8be0a3....b8....8bf0a3....c704....2d....a3....bb....8bebe8\")) {\n sOptions = \"by Tom Zimmer\";\n bDetected = true;\n } else if (Binary.compare(\"8cc805....8ed88ed08ec08b1e....81c3....8bf3891e....83c3..891e....c707....81c3....8be3891e....83c3..891e....c706\")) {\n sOptions = \"by Tom Zimmer\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/COM/compiler_Turbo_C++.4.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"compiler\", \"Turbo C++\");\n\nfunction detect() {\n if (Binary.compare(\"8cca2e8916....b430cd218b2e....8b1e....8edaa3....8c06....891e....892e....e8....c43e....8bc78bd8b9....fcf2ae\")) {\n sVersion = \"1990\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/COM/compiler_Turbo_C.4.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"compiler\", \"Turbo C\");\n\nfunction detect() {\n if (Binary.compare(\"8cca2e8916....8b2e....8b1e....8eda8c06....892e....e8....8cda2bea8b3e....81ff....73..bf....893e\")) {\n sVersion = \"1988\";\n bDetected = true;\n } else if (Binary.compare(\"8cca2e8916....b430cd218b2e....8b1e....8edaa3....8c06....891e....892e....c706\")) {\n sVersion = Binary.compare(\"8e\", 42) ? \"1987\" : \"1988\";\n bDetected = true;\n } else if (Binary.compare(\"8cca2e8916....b430cd218b2e....8b1e....8edaa3....8c06....891e....892e....8cda\")) {\n sOptions = \"1990\";\n bDetected = true;\n } else if (Binary.compare(\"e9$$$$8cca2e8916....b430cd218b2e....8b1e....8edaa3....8c06....891e....892e....e8....c43e\")) {\n sVersion = \"1990\";\n bDetected = true;\n } else if (Binary.compare(\"fb8cca2e8916....b430cd218b2e....8b1e....8edaa3....8c06....891e....892e....c706........e8\")) {\n sVersion = \"1987\";\n bDetected = true;\n } else if (Binary.compare(\"8cca2e8916....e8....8cda2bea8b3e....81c7....72..b1..d3ef473bef72..833e......75..bf....3bef\")) {\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/COM/compiler_Turbo_Pascal.4.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"compiler\", \"Turbo Pascal\");\n\nfunction detect() {\n if (Binary.compare(\"e9$$$$e8$$$$e8$$$$b430e8$$$$80fc..74..80fc..74..80fc..74..80fc..74..55\")) {\n sVersion = \"3.0\";\n sOptions = \"1985\";\n bDetected = true;\n } else if (Binary.compare(\"e9$$$$e8$$$$..8cc82e03....2e03....2e03....2e3b06....76\")) {\n sVersion = \"3.0\";\n sOptions = \"1985\";\n bDetected = true;\n } else if (Binary.compare(\"e9$$$$eb$$e8....b8....b1..d3e88cca03d08eda2ea1....2bc2a3\")) {\n sVersion = \"3.0\";\n sOptions = \"1985\";\n bDetected = true;\n } else if (Binary.compare(\"e9$$$$e9$$$$b8....b1..d3e88cca03d08eda2ea1....2bc2a3\")) {\n sVersion = \"3.0\";\n sOptions = \"1985\";\n bDetected = true;\n } else if (Binary.compare(\"e9$$$$c706............................8b0c39c174..4e4ef3a5\")) {\n sVersion = \"3.0\";\n sOptions = \"1985\";\n bDetected = true;\n } else if (Binary.compare(\"e9$$$$e8$$$$1ee8$$$$5051b8....b1..d3e88cc903c18ed85958c3\")) {\n sVersion = \"3.0\";\n sOptions = \"1985\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/COM/compiler_UNIFORTH.4.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"compiler\", \"UNIFORTH\");\n\nfunction detect() {\n if (Binary.compare(\"90e9$$$$8cc88ed88ed08ec0fc8b26....8b2e....8b3e....893e....ba....b8....cd21ba....b8....cd218b1e....8d4f..894d..8b0e....8bc1\")) {\n sOptions = \"1985 by Unified Software Systems\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/COM/compiler_Vienna-C.4.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"compiler\", \"Vienna-C\");\n\nfunction detect() {\n if (Binary.compare(\"90e9$$$$8cc88ed8e8....803e......75..8a3e....883e....8b1e....891e....a3....8ec00306....8ed0a3....8b26....8b2e....be....c706\")) {\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/COM/compiler_Watcom_C.4.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"compiler\", \"Watcom C\");\n\nfunction detect() {\n if (Binary.compare(\"e9$$$$fb8cc98ec126bb....83c3..80e3..26891e....268c1e....26a1....3d....73..b8....01c383c3..80e3..8ed189dc26891e....89dad1\")) {\n sName += \"/C++16\";\n sVersion = \"1994\";\n bDetected = true;\n } else if (Binary.compare(\"e9$$$$fb8cc98ec1bb....83c3..80e3..26891e....268c1e....26a1....3d....73..b8....03d883c3..80e3..8ed18be326891e....8bd3d1ea\")) {\n sName += \"/C++16\";\n sVersion = \"1993\";\n bDetected = true;\n } else if (Binary.compare(\"e9$$$$fb8cc9bb....8ec1268c1e....26a1....3d....73..b8....03d88ed18be326891e....83c3\")) {\n sName += \"/C++16\";\n sVersion = \"1988\";\n bDetected = true;\n } else if (Binary.compare(\"e9$$$$fb8cc98ec1bb....83c3..83e3..26891e....268c1e....26a1....3d....73..b8....03d88ed18be326891e....83c3..83e3..8bd3d1ea\")) {\n sVersion = \"1991\";\n bDetected = true;\n } else if (Binary.compare(\"e9$$$$0e0e1f07b4..ba....cd21ba....cd21e8....803e......74..b4..ba....cd21e9\")) {\n sName += \"/C++32\";\n sVersion = \"1995\";\n bDetected = true;\n } else if (Binary.compare(\"eb$$fb8cc98ec1bb....83c3..80e3..26891e....268c1e....26a1....3d....73..b8........83c3..80e3..8ed1\")) {\n sName = \"Open Watcom C/C++16\";\n sVersion = \"2002 by Sybase, Inc.\";\n sOptions = \"type 1\";\n bDetected = true;\n } else if (Binary.compare(\"eb$$fb8cc98ec1bb....83c3..80e3..891e....8c1e....a1....3d....73..b8....03d883c3..80e3..8ed1\")) {\n sName = \"Open Watcom C/C++16\";\n sVersion = \"2002 by Sybase, Inc.\";\n sOptions = \"type 2\";\n bDetected = true;\n } else if (Binary.compare(\"eb$$fb8cc98ec126bb....83c3..80e3..26891e....268c1e....26a1....3d....73..b8........83c3..80e3..8ed1\")) {\n sName = \"Open Watcom C/C++16\";\n sVersion = \"2002 by Sybase, Inc.\";\n sOptions = \"type 3\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/COM/compiler_Zbikowski_C.4.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"compiler\", \"Zbikowski C\");\n\nfunction detect() {\n if (Binary.compare(\"8975..8a0430e48946..408bf88a85....30e425....74..8b46..2d....eb..8b76..8a0430e42d....8346\")) {\n sOptions = \"1983 by Mark Zbikowski (Microsoft Corp.)\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/COM/compiler_Zortech_C.4.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"compiler\", \"Zortech C\");\n\nfunction detect() {\n if (Binary.compare(\"eb$$fab8....05....b9....d3e88cc903c18ed88c06....268b1e....891e....8bd82b1e....891e....268b1e....2bd881fb....72\")) {\n sVersion = \"2.10\";\n sOptions = \"1990 by Walter Bright\";\n bDetected = true;\n } else if (Binary.compare(\"eb$$fcbe....b9....8b3e....5703f981c7....57f3a45f81c7....ffe7\")) {\n sVersion = \"2.00\";\n sOptions = \"1990 by Walter Bright\";\n bDetected = true;\n } else if (Binary.compare(\"eb$$8cc883c0..50b8....50cbfc8e06....b0..b9....33fff2aeae75..4747be....e8\")) {\n sVersion = \"2.00\";\n sOptions = \"1990 by Walter Bright\";\n bDetected = true;\n } else if (Binary.compare(\"eb$$fab8....05....b9....d3e88cc903c1dbe38ed88c06....8bd82b1e....891e....268b1e....2bd8\")) {\n sVersion = \"4.00\";\n sOptions = \"by Walter Bright\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/COM/compiler_muSIMP-83.4.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"compiler\", \"muSIMP-83\");\n\nfunction detect() {\n if (Binary.compare(\"e9$$$$8cc88ed88ed0bc....a3....ba....e8....c606......e8....803e......75..0e17bc....e8....e8....eb\")) {\n sVersion = \"4.12\";\n sOptions = \"1985 by The SOFT WAREHOUSE\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/COM/converter_A3E.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"converter\", \"A3E (text2com)\");\n\nfunction detect() {\n if (Binary.compare(\"1e33c050be....81c6....b8....8ec0bf....b9....f3a5cb\")) {\n sOptions = \"1992 by JHSoft\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/COM/converter_AutoCracker.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"converter\", \"AutoCracker\");\n\nfunction detect() {\n if (Binary.compare(\"e9$$$$e8$$$$be....e8$$$$5133c9ac3c..74..32c8d1e1b4..8ad03c..74..cd21eb\")) {\n sVersion = \"1.X\";\n sOptions = \"1997 Dmitry Gorshkov\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/COM/converter_COM2TXT.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"converter\", \"COM2TXT\");\n\nfunction detect() {\n if (Binary.compare(\"'XP5~~-~}P]XP-@?->@1Fq1Fx0F6,00F7,b(F8ZRu(XP2FzE,@r42fzWBxG!='\")) {\n sOptions = \"1997 by GyikSoft\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/COM/converter_COMT.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"converter\", \"COMT\");\n\nfunction detect() {\n if (Binary.compare(\"'ENC.COM.B&F='\")) {\n sVersion = \"0.1d\";\n sOptions = \"(com2text) by Alex Pruss\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/COM/converter_CRX2COM.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"converter\", \"CRX2COM\");\n\nfunction detect() {\n if (Binary.compare(\"e9$$$$8b1e....c1....81c3....e8....b4..ba....cd21bb....e8....b4..ba....cd21b8....ba....cd2173\")) {\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/COM/converter_E2C.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"converter\", \"E2C (EXE2COM) by The DoP\");\n\nfunction detect() {\n if (Binary.compare(\"be....bf....b9....57f3a5c3\")) {\n sVersion = \"1.00-1.02\";\n bDetected = true;\n } else if (Binary.compare(\"be....bf....b9....fc57f3a5c3\")) {\n sVersion = \"1.02a\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/COM/converter_EXE2COM.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"converter\", \"EXE2COM\");\n\nfunction detect() {\n if (Binary.compare(\"e9$$$$bf....be....a5a48cda83c2..50b9....ad970115e2\")) {\n sVersion = \"1.0\";\n sOptions = \"by D'B\";\n bDetected = true;\n } else if (Binary.compare(\"e9$$$$e800005b508cc005....8b0e....03c889....8b0e\")) {\n sVersion = \"1.0\";\n sOptions = \"by Microsoft\";\n bDetected = true;\n } else if (Binary.compare(\"b3..b9....33d2be....8bfeac32c3aa434932e403d0e3..eb..3b16....75..be....8bc6b1..d3e88cdb03c30344..a3....8cc805\")) {\n sOptions = \"CRC check\";\n bDetected = true;\n } else if (Binary.compare(\"e8$$$$bf....be....a5a48cda83c2..0116....81c2....8ed2bc....eb\")) {\n sOptions = \"by //ViP\";\n bDetected = true;\n } else if (Binary.compare(\"e9$$$$bf....be....a5a48cda83c2..50b4..bb....cd21580116....81c2....8ed2\")) {\n sOptions = \"0-Relocs by dR.No //ViP\";\n bDetected = true;\n } else if (Binary.compare(\"e9$$$$bf....be....a5a48cda83c2..0116....81c2....8ed2bc....eb..ea\")) {\n sOptions = \"0-Relocs by Sage //UCF\";\n bDetected = true;\n } else if (Binary.compare(\"e9$$$$e800005b81eb....8db7....bf....b9....f3a58db7....538ccf83c7..ad\")) {\n sVersion = \"2.0\";\n sOptions = \"by Paul Shpilsher\";\n bDetected = true;\n } else if (Binary.compare(\"e9$$$$8cca81c2....3b16....76..ba....b409cd21cd20\")) {\n sOptions = \"generic, type 1\";\n bDetected = true;\n } else if (Binary.compare(\"be....8b043d....74..ba....b409cd21cd208bc6b1..d3e88cdb03c303....a3....8cc805....a3....8b44\")) {\n sOptions = \"by RaskY\";\n bDetected = true;\n } else if (Binary.compare(\"bf....be....b9....fcf3a4068ccb83c3..011e....011e....b9....8b54..03d381c2....8ec28b3c\")) {\n sVersion = \"1.0\";\n sOptions = \"by Milkov\";\n bDetected = true;\n } else if (Binary.compare(\"bf....be....b9....fcf3a48ccb011e....011e....eb00bf....be....b9....bb....bd....fa\")) {\n sVersion = \"1.0\";\n sOptions = \"by Milkov\";\n bDetected = true;\n } else if (Binary.compare(\"eb$$be....8bc6b1..d3e88cdb03c30344..89048cc805....8be88b44..b1..d3e803c50344..bb....8b1f\")) {\n sOptions = \"by JauMing Tseng\";\n bDetected = true;\n } else if (Binary.compare(\"e8$$$$bf....be....a5a48cda83c2..50b4..bb....cd21b9....ad970115e2\")) {\n sVersion = \"1.0d\";\n sOptions = \"1994 by D'B\";\n bDetected = true;\n } else if (Binary.compare(\"e9$$$$92be....bf....fca5a48ccb83c3..b9....ad97011de2\")) {\n sOptions = \"1996 by EM-Phaser\";\n bDetected = true;\n } else if (Binary.compare(\"b430cd213c..73..33c00650cb\")) {\n sOptions = \"by JVP\";\n bDetected = true;\n } else if (Binary.compare(\"bf....be....b9....f3a48cd805....0344..8ccb9305....8be60364..8b4c..e3..5f5a\")) {\n sName = \"CC\";\n sVersion = \"2.61 beta\";\n sOptions = \"EXE2COM\";\n bDetected = true;\n } else if (Binary.compare(\"e8$$$$bf....be....a5a48cda83c2..50b4..bb....cd21580116....81c2....8ed2bc....eb\")) {\n sOptions = \"by unknown\";\n bDetected = true;\n } else if (Binary.compare(\"e9$$$$e9$$$$8cca81c2....3b16....76..ba....b409cd21cd20\")) {\n sOptions = \"generic, type 2\";\n bDetected = true;\n } else if (Binary.compare(\"be....8b043d4d5a74$$8bc6b1..d3e88cdb03c30344..a3....8cc8\")) {\n sOptions = \"by BuZZ Soft\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/COM/converter_EXETools_EXE2COM.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"converter\", \"EXETools EXE2COM\");\n\nfunction detect() {\n if (Binary.compare(\"e9$$$$e800005d8bcd83ed..bf....be....2bcff3a4b9....be....03f5e3..8cdb035e..ad8bf8011de2\")) {\n sVersion = \"2.0, 2.1\";\n bDetected = true;\n } else if (Binary.compare(\"68....68....68....68....68....68....5fbe....b9....f3a4c3\")) {\n sOptions = \"com header from EXETools 2.1\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/COM/converter_FIXCRK.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"converter\", \"FIXCRK\");\n\nfunction detect() {\n if (Binary.compare(\"'ROMANOID'32e4b0..cd104c5abf....c606......bd....e8....c606......bf....bd....e8....bd....c606......bf\")) {\n sOptions = \"by romanoid\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/COM/converter_FromBAT.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"converter\", \"FromBAT\");\n\nfunction detect() {\n if (Binary.compare(\"e9$$$$be....bf....bb....c604..b9....fe04803c..77..c644....b80629cd21be....3c..74..8a04880743e2\")) {\n sOptions = \"1991 by Clockwork Software\";\n bDetected = true;\n }\n if (Binary.compare(\"e9$$$$fcbe....bf....bb....c604..b9....fe04803c..77..c644....b80629cd21be....3c..74..8a04880743e2\")) {\n sName = \"BatchMaster\";\n sOptions = \"1993 by Clockwork Software\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/COM/converter_MAKEBOO.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"converter\", \"MAKEBOO\");\n\nfunction detect() {\n if (Binary.compare(\"'XPHPD[0GG0G,0G51G31GB'27'(G+(G:u'27'0g?(G>(GE1G@arwIV_F*=US@<1|_,5wXNg-7muTu(4'\")) {\n sOptions = \"executable2text\";\n bDetected = true;\n }\n\n return result();\n}\n" }, { "path": "db/COM/converter_NetCode.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"converter\", \"NetCode\");\n\nfunction detect() {\n if (Binary.compare(\"'T_OOWW3=XXWX5 2PY5w3P_-l.P-KD1Ep-OLPZ-pJP-pw40PQX5fsPu'\")) {\n sVersion = \"1.11\";\n sOptions = \"by JauMing Tseng //Nide\";\n bDetected = true;\n } else if (Binary.compare(\"':?7%00%CCPY-@=PZ5+\")) {\n sVersion = \"1.40\";\n sOptions = \"by JauMing Tseng //Nide\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/COM/converter_NetRun.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"converter\", \"NetRun\");\n\nfunction detect() {\n if (Binary.compare(\"'XPPPYZIQD[L-f6-g41GDSXu'17'@,~P^P_O,!(GU(GZ(Gnu5'\")) {\n sVersion = \"3.10\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/COM/converter_TurboBAT.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"converter\", \"TurboBAT\");\n\nfunction detect() {\n if (Binary.compare(\"ba....b4..909006b8....8ec0b9....268a26....80e4..26a0....24..3ac4\")) {\n sVersion = \"3.10\";\n bDetected = true;\n } else if (Binary.compare(\"e9$$$$fcbd....8b6e..8b66..8b5e..b4..cd21a1....8946..b8....50c646....8b5e..ffe3\")) {\n bDetected = true;\n } else if (Binary.compare(\"9090909090909006b8....8ec0b9....268a26....80e4..26a0....24..3ac474..26a0....24\")) {\n sOptions = \"unregistered\";\n bDetected = true;\n } else if (Binary.compare(\"ba....b4..cd2106b8....8ec0b9....268a26....80e4..26a0....24..3ac474..26a0....24\")) {\n sVersion = \"3.16-9u\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/COM/converter_Vacsina.4.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"converter\", \"Vacsina EXE2COM\");\n\nfunction detect() {\n if (Binary.compare(\"e9$$$$e8....5b508cc005....8b0e....894f..8b0e....03c8894f..8b0e....894f..8b0e....03c8894f..8b3e....8b16\")) {\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/COM/converter_XCK2COM.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"converter\", \"XCK2COM\");\n\nfunction detect() {\n if (Binary.compare(\"e9$$$$be....e8....ad89c15156e8....be....e8\")) {\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/COM/cryptor_Anti-Lamer_Cryptor.2.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"cryptor\", \"Anti-Lamer Cryptor\");\n\nfunction detect() {\n if (Binary.compare(\"e9$$$$fa8cd3ba....8ed233d28ed38bdafb33c08ec026f716....eb\")) {\n sVersion = \"1.0\";\n sOptions = \"1999 by Ozzman //iHC\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/COM/cryptor_CSCRYPT.2.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"cryptor\", \"CSCRYPT\");\n\nfunction detect() {\n if (Binary.compare(\"e9$$$$e8000059eb$$cceb$$e4..bb....ba....eb$$81eb....0c..2bcb\")) {\n sVersion = \"3.30\";\n sOptions = \"by Christian Schwarz\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/COM/cryptor_EXINCT.2.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"cryptor\", \"EXINCT\");\n\nfunction detect() {\n if (Binary.compare(\"e8$$$$ba....b8....cd218bd8b8....33c933d2cd2191b4..cd218bdc8b072d....89078bf05603f183ee..8904\")) {\n sOptions = \"by Razor 1911\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/COM/cryptor_J0B_cryptor.2.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"cryptor\", \"J0B cryptor\");\n\nfunction detect() {\n if (Binary.compare(\"e9$$$$fabe....8d0e....2bcee8$$$$5051ba....8bda301cac32c35183c4..b9\")) {\n sOptions = \"1996\";\n bDetected = true;\n } else if (Binary.compare(\"e9$$$$be....e8$$$$5052ac8a26....28e00ac0\")) {\n sOptions = \"1996\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/COM/cryptor_PU-Cryptor.2.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"cryptor\", \"PU-Cryptor\");\n\nfunction detect() {\n if (Binary.compare(\"e9$$$$fce8$$$$068cc8a3....b0..bf....b9....263005fec047e2\")) {\n sOptions = \"1994\";\n bDetected = true;\n } else if (Binary.compare(\"e9$$$$fcb0..bf....b9....300547e2\")) {\n sOptions = \"1992\";\n bDetected = true;\n } else if (Binary.compare(\"e9$$$$fcb0..bf....b9....263005fec047e2\")) {\n sOptions = \"1994\";\n bDetected = true;\n } else if (Binary.compare(\"e9$$$$fcbc....e8$$$$068cc8a3....b0..bf....b9....263005fec047e2\")) {\n sOptions = \"1994\";\n bDetected = true;\n } else if (Binary.compare(\"e9$$$$bc....fce8$$$$068cc8a3....b0..bf....b9....263005fec047e2\")) {\n sOptions = \"1994\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/COM/cryptor_Phrozen_Crew_cryptor.2.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"cryptor\", \"Phrozen Crew cryptor\");\n\nfunction detect() {\n if (Binary.compare(\"e9$$$$eb$$be....8b3c83ef..578bf781c6....83c6..bf....a5a55f83ef..5733f6bd....33c9300a414f8bf175..5f83ff..74\")) {\n sOptions = \"1998\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/COM/cryptor_SDW.2.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"cryptor\", \"Shadow Com Cryptor (SDW)\");\n\nfunction detect() {\n if (Binary.compare(\"e9$$$$545b3bdc75..eb$$9c5b81cb....539d9c5825....75..e8\")) {\n sVersion = \"1.7X\";\n sOptions = \"by MANtiC0RE\";\n bDetected = true;\n } else if (Binary.compare(\"e9$$$$545b3bdc75..eb$$9c5b81cb....539d9c5825....74..50584c4c5b33c3\")) {\n sVersion = \"1.78\";\n sOptions = \"by MANtiC0RE\";\n bDetected = true;\n } else if (Binary.compare(\"e9$$$$ac2d....04..89c5e8....f514..f9362633f6\")) {\n sVersion = \"1.79\";\n sOptions = \"by MANtiC0RE\";\n bDetected = true;\n } else if (Binary.compare(\"e9$$$$e9$$$$e4..e8....e4..e9$$$$26fb78\")) {\n sVersion = \"1.7\";\n sOptions = \"by MANtiC0RE\";\n bDetected = true;\n } else if (Binary.compare(\"b8....bd....2e8a76..80f6..80ee..2e8876..83c5..4874..eb\")) {\n sVersion = \"1.80\";\n sOptions = \"by MANtiC0RE\";\n bDetected = true;\n } else if (Binary.compare(\"be....31d281c2....2e8034..83ee..83c2..74..31c005....50c3\")) {\n sVersion = \"1.80\";\n sOptions = \"by MANtiC0RE\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/COM/cryptor_Sydex.2.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"cryptor\", \"Sydex cryptor\");\n\nfunction detect() {\n if (Binary.compare(\"eb$$ba....b8....bb....33ed8bf8434f505952494748542053..4445582c..414c4c\")) {\n sOptions = \"1987 by Sydex and C.P.Guzis\";\n bDetected = true;\n } else if (Binary.compare(\"e9$$$$ba....b8....bb....33ed8bf8434f505952494748542053..4445582c..414c4c\")) {\n sOptions = \"1987 by Sydex and C.P.Guzis\";\n bDetected = true;\n } else if (Binary.compare(\"e9$$$$33c09e8bd88bc88bd08be88bf08bf88cc88ed88ec08ed08d26....8d36\")) {\n sOptions = \"1986,1987 by Sydex and C.P.Guzis\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/COM/cryptor_UComCry.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"cryptor\", \"UComCry\");\n\nfunction detect() {\n if (Binary.compare(\"e9$$$$6006fae4640c40e664b8....8ec026c706\")) {\n sOptions = \"by UniquE\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/COM/cryptor_USCC.2.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"cryptor\", \"Shitty COM Cryptor\");\n\nfunction detect() {\n if (Binary.compare(\"e9$$$$60bb....b9....300f43e2\")) {\n sVersion = \"1.4\";\n sOptions = \"by UniquE\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/COM/cryptor_cryptors.2.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"cryptor\", \"Cryptor\");\n\nfunction detect() {\n if (Binary.compare(\"e9$$$$60c704....c644....b9....bf....ac32018bd64a\")) {\n sVersion = \"0.04\";\n sOptions = \"by SkullC0DEr\";\n bDetected = true;\n } else if (Binary.compare(\"e9$$$$60c704....c644....e8$$$$5f83c7..33dbb9....8a043201\")) {\n sName = \"crypt 95-97\";\n sOptions = \"type 2 by SkullC0DEr\";\n bDetected = true;\n } else if (Binary.compare(\"e800005dbf....e8$$$$fa065733ff57078d76..b9....8004..46e2\")) {\n sOptions = \"by Synopsis\";\n bDetected = true;\n } else if (Binary.compare(\"eb$$fdbf....ba....33c01e8ed8a3....1fb1..525e3bfa74..ac3205aae2..eb\")) {\n sOptions = \"by Min-Jei-Chen\";\n bDetected = true;\n } else if (Binary.compare(\"e8$$$$eb$$8cca8eda8ec2be....bf....b9....eb$$ad2ea3....2e3136....8bc18bdef7e3eb$$2e3106....2e3116....2ea1....abe2\")) {\n sOptions = \"by PHOENiX\";\n bDetected = true;\n } else if (Binary.compare(\"5053515756b8....508bf0b9....b0..8bfe0004f71404..46e2\")) {\n sOptions = \"by FalCoN'AleX\";\n bDetected = true;\n } else if (Binary.compare(\"40429c58f6c4..74..eb....b4..be....bf....b9....68....68....68....57f3a4c3\")) {\n sOptions = \"by Terrible BloodSucker //FDs Group\";\n bDetected = true;\n } else if (Binary.compare(\"e9$$$$e80000fa9cfc505393584c4c3bc35b74..9de8....32e480c4..3065..47e2\")) {\n sName += ' N1';\n sOptions = \"by ZeroCoder //XG\";\n bDetected = true;\n } else if (Binary.compare(\"be....b9....ac03d8e2..81fb....74..cd19be....8bfeb9....8a26....ac32c1aae2\")) {\n sOptions = \"by Kai\";\n bDetected = true;\n } else if (Binary.compare(\"eb$$c606......f873..e9$$$$be....bf....0633c08ec0bb....fa268b07268917a3\")) {\n sName += ' N2';\n sOptions = \"by ZeroCoder //XG\";\n bDetected = true;\n } else if (Binary.compare(\"e9$$$$e800002e9c589e72..fa9cfc505393584c4c3bc35b74..9de8....32e480c4\")) {\n sOptions = \"by Digital Information Pirates Group (DiPG)\";\n bDetected = true;\n } else if (Binary.compare(\"'PHROZEN'fa'CREW'0d....fbfdbe....ac300481fe....77..94\")) {\n sOptions = \"by Phrozen Crew\";\n bDetected = true;\n } else if (Binary.compare(\"0e1fb9....be....80....301c46e2..eb\")) {\n sOptions = \"by Dwolf //ROK\";\n bDetected = true;\n } else if (Binary.compare(\"2e8036....28eb00c3\")) {\n sName += \" #2\";\n sOptions = \"by Misha\";\n bDetected = true;\n } else if (Binary.compare(\"be....e8$$$$5d8bce8d72..bf....fd5747acaa86c4ac32c4aae2..8d75..fcf98d7e..c3\")) {\n sOptions = \"by TGT\";\n bDetected = true;\n } else if (Binary.compare(\"e9$$$$33dbb9....d1e941b8....8b97....33c28987....924343e2..68....c3\")) {\n sOptions = \"by hijaq\";\n bDetected = true;\n } else if (Binary.compare(\"e9$$$$0e179c58f6c4..75..b9....b8....2bc8bf....be....8a0551b9....8ae0862432c44ee2..88054759e2..e9\")) {\n sOptions = \"1996 by WildRover\";\n bDetected = true;\n } else if (Binary.compare(\"668d3e....66b9........678137....6683c7..e2..e9\")) {\n sOptions = \"by PCY group\";\n bDetected = true;\n } else if (Binary.compare(\"e9$$$$66b8........66a3....be....8bfeb9....fcad35....f7d0abe2..68....c3\")) {\n sOptions = \"by Evil Genius //rPG\";\n bDetected = true;\n } else if (Binary.compare(\"e9$$$$9cfafc1e06bb....b44acd21b448bb....cd218ec0be....b9....51bf....57f3a5061fb9....5e8bfe\")) {\n sOptions = \"by AliS S0fT //VCrT\";\n bDetected = true;\n } else if (Binary.compare(\"eb$$e8$$$$eb$$e4210c..e62133c08ed80e50558becc746......5dfa8f06....8f06....fb9c580d....509d\")) {\n sVersion = \"#2\";\n sOptions = \"by RAZOR 1911\";\n bDetected = true;\n } else if (Binary.compare(\"'SNOWPANTHER'e9$$$$................8db7....bf....b9....f3a58db7....538ccf83c7..ad09c074..91ad\")) {\n sName += \" #1\";\n sOptions = \"by Snow Panther //DTG\";\n bDetected = true;\n } else if (Binary.compare(\"fcbe....bf....b9....90ba....c606......90ac0fb61e....03da8a2732c4aafe06....803e......75..c606\")) {\n sOptions = \"by pASkuda\";\n bDetected = true;\n } else if (Binary.compare(\"e9$$$$50538bdc8cd0bc....8ed49090909090909090909090909090909033e48ed4bc....909090909090909090909090909090908ed08be35b58c606\")) {\n sOptions = \"by Crack Soft\";\n bDetected = true;\n } else if (Binary.compare(\"e9$$$$16179c58f6c4..74..faeb..e8$$$$58\")) {\n sVersion = \"1.0\";\n sOptions = \"1999 by Alex\";\n bDetected = true;\n } else if (Binary.compare(\"e8$$$$33ed83ed..2ed0....5e0e8bfe81e7....f7df03fe2e893526a1....8ec0263b06....74..f92eff35\")) {\n sOptions = \"by DREAMMASTER\";\n bDetected = true;\n } else if (Binary.compare(\"b8....ffe0\")) {\n var nOffset = Binary.readWord(1) - 256;\n if (Binary.compare(\"be....8be88bd88bf883c5..908bd04a5287d687fe5981e9....52\", nOffset)) {\n sOptions = \"by BlackLight, MANtiCORE\";\n bDetected = true;\n }\n } else if (Binary.compare(\"'FALCON//TULACREW'0d....e9$$$$be....b9....33c0f7d03004eb..04..32e046e2\")) {\n sOptions = \"by FALCON //UCL\";\n bDetected = true;\n } else if (Binary.compare(\"bb....b9....be....301c02df86df46e2\")) {\n sName += \" #1\";\n sOptions = \"by dR.No\";\n bDetected = true;\n } else if (Binary.compare(\"be....b9....b8....bb....33c34086c44b86fb93300446e2\")) {\n sName += \" #2\";\n sOptions = \"by dR.No\";\n bDetected = true;\n } else if (Binary.compare(\"a3....eb$$5351525756b9....fa8bdc8cd2bc....03e1d1e94c4c5886e9d3c033c186e9f7d050e2\")) {\n sOptions = \"by venus soft.\";\n bDetected = true;\n } else if (Binary.compare(\"e9$$$$3aac....3a29fc1aa8....80cd..1e0e0e1f0726fe06....ba....be....81f6....80f9\")) {\n sName += \" #1\";\n sOptions = \"by LiGHt DRUiD //SOS\";\n bDetected = true;\n } else if (Binary.compare(\"e9$$$$fd1e0e81de....89f63bf23aaf....03f423f61bf40a2d80f9..18dd0e071f03f433f081e6\")) {\n sName += \" #2\";\n sOptions = \"by LiGHt DRUiD //SOS\";\n bDetected = true;\n } else if (Binary.compare(\"fcbe....8bfeac3206....8006......84c0aa75..be....e8\")) {\n sOptions = \"by Sludge Vohaul //DAT\";\n bDetected = true;\n } else if (Binary.compare(\"'[HPA]'b5..8bf98be9be....57f3a4c3\")) {\n sOptions = \"by Hungarian Pirates Alliance [HPA]\";\n bDetected = true;\n } else if (Binary.compare(\"bc....bb....b4..cd21bb....b9....8037..43e2..b409ba....cd21b8....cd21891e\")) {\n sOptions = \"by .EXEcutor //SOS\";\n bDetected = true;\n } else if (Binary.compare(\"e9$$$$e800005b8bcc8cd2fa33c08ec08ed0bc....588947..90588947..900e8bc305....508ed28be1fb\")) {\n sOptions = \"1998 by Demon Magister Protection\";\n bDetected = true;\n } else if (Binary.compare(\"eb$$2ea3....8cc82e0306....502eff36....cb\")) {\n sOptions = \"1991 by YMI\";\n bDetected = true;\n } else if (Binary.compare(\"53515256570633c08ec0fa26a1....268b16....fb075052b8....06508cca33c08ec058fa26a3....268916....fb07\")) {\n sOptions = \"1991 by Elisoft\";\n bDetected = true;\n } else if (Binary.compare(\"b8....5650c3\")) {\n var nOffset = Binary.readWord(1) - 256;\n if (Binary.compare(\"bf....8bdeb9....8b0533c689074747434346e2..c3\", nOffset)) {\n sOptions = \"by PC0R$AiR //UCL\";\n bDetected = true;\n }\n } else if (Binary.compare(\"908cc8515a54e9$$$$36c0e0..eb$$eb$$6a..e8$$$$58eb$$e8$$$$58eb$$e8$$$$eb$$2eeb$$eb$$665eeb$$eb$$7c\")) {\n sName = \"Rowdy's Strong Protection {MtE}\";\n bDetected = true;\n } else if (Binary.compare(\"0f011e....fbe9$$$$e90000c0c3..f8eb$$6a..c0e9..e800000f23dae8000059665e36e8\")) {\n sName = \"Rowdy's Strong Protection {MtE}\";\n bDetected = true;\n } else if (Binary.compare(\"fa499033c0fbe9$$$$e800005eeb\")) {\n sName = \"Rowdy's Strong Protection\";\n bDetected = true;\n } else if (Binary.compare(\"e9$$$$5060bf....c706........c605..e8....5e5681c6....b9....5756ffe7\")) {\n sOptions = \"1998 by StrangeLion\";\n bDetected = true;\n } else if (Binary.compare(\"e8$$$$5f87f757b9....ac34..aae2..c3\")) {\n sName = \"Wumpus soft lab cryptor\";\n bDetected = true;\n } else if (Binary.compare(\"e8$$$$5eb9....ac32c12e8844..e2..e9\")) {\n sOptions = \"by MXL //RIP\";\n bDetected = true;\n } else if (Binary.compare(\"e9$$$$8d36....fd8d0e....81e9....d1e9add1c835....8944..e2..ff26\")) {\n sOptions = \"1989 by Sydex\";\n bDetected = true;\n } else if (Binary.compare(\"e9$$$$bb....b4..b0..8b0e....8a1728c230e28857..43fec0e2\")) {\n sOptions = \"1999 by SLine\";\n bDetected = true;\n } else if (Binary.compare(\"'(C)1997'00'by'00'PSH'0d0a..005b..3139287a..2850..81c6....33db8bfeb9....ad35\")) {\n sOptions = \"1997 by PSH\";\n bDetected = true;\n } else if (Binary.compare(\"e9$$$$bf....be....b9....b0..2e8a1c32c132d82e881d4647e2..e9\")) {\n sName = \"SAGE-crypt\";\n bDetected = true;\n } else if (Binary.compare(\"e9$$$$fcb0..bf....b9....263005fec047e2..b9....be....e8\")) {\n sName = \"PU-Disk encryption\";\n sOptions = \"1992\";\n bDetected = true;\n } else if (Binary.compare(\"e9$$$$bb....8a073c..74..e8$$$$50515234..3c..74..b4..8ad0cd21e9\")) {\n sOptions = \"1999 by Leon\";\n bDetected = true;\n } else if (Binary.compare(\"fa'SNOW'fa'PANTHER'fabc....bf....8bf7b9....b3..ac34..d2c02ac3d2c832c3fec3aae2\")) {\n sName += \" #2\";\n sOptions = \"by Snow Panther //DTG\";\n bDetected = true;\n } else if (Binary.compare(\"e9$$$$c704....c644....b9....5683c6..8bfeb2..b6..ac32c202d6aae2..c3\")) {\n sOptions = \"1997 by Ment0R //UCL\";\n bDetected = true;\n } else if (Binary.compare(\"eb$$bb....8b0f03d981c3....8be38cc88ed88ec08ed0b8....ba....cd21b3..ccb3..cc\")) {\n sOptions = \"1993 by The Shadow Lord\";\n bDetected = true;\n } else if (Binary.compare(\"eb$$ccbe....bb....b2..bf....cc8b0d8bc103c7cc05....83c7..8be0cc\")) {\n sOptions = \"by The Shadow Lord\";\n bDetected = true;\n } else if (Binary.compare(\"eb$$bb....001f4beb$$001f4beb\")) {\n sName = \"Crypt.Trivial.173\";\n sOptions = \"1998 by SMT\";\n bDetected = true;\n } else if (Binary.compare(\"'SFINKS_SOFT___'fafcb430cd21fb33c0502ec606......0783e9..3be175..26c706........b9\")) {\n sOptions = \"by SFINKS SOFT\";\n bDetected = true;\n } else if (Binary.compare(\"e8$$$$1e33c08ed8f716....eb$$f716....1f5ebf....57b9....ac34..aae2\")) {\n sOptions = \"by R!SC\";\n bDetected = true;\n } else if (Binary.compare(\"e9$$$$6033edbe....b4..bd....bf....ac32c4aa80c4..fec43bf575..33c0b9....f3ab61bf....ffe7\")) {\n sOptions = \"by DarkGrey //DSA\";\n bDetected = true;\n } else if (Binary.compare(\"'(C)1997'00'by'00'PSH'............................bc....6081c6....33db8bfeb9....ad35....c1c0..03d8abe2\")) {\n sOptions = \"1997 by PSH\";\n bDetected = true;\n } else if (Binary.compare(\"eb$$bf....33dbba....fcbe....8bcfccad\")) {\n sName += \" #3\";\n sOptions = \"by Misha /ACE\";\n bDetected = true;\n } else if (Binary.compare(\"e9$$$$061e33c08ed8be....8904be....89041e071fb8....bf....268905be....b9....8a04263205\")) {\n sOptions = \"by SafeSoft\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/COM/driver_DIGPAK.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"driver\", \"DIGPAK\");\n\nfunction detect() {\n if (Binary.compare(\"e9$$$$8cc88ed88ec0e8$$$$1e56be....33c08ed8c5340bf674\")) {\n sOptions = \"1992 by The Audio Solutions\";\n bDetected = true;\n } else if (Binary.compare(\"e9$$$$8cc88ed88ec0c706........c706........c706........b8....50e8$$$$558bec061e5657fc\")) {\n sOptions = \"1991 by The Audio Solutions\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/COM/driver_MIDPAK.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"driver\", \"MIDPAK\");\n\nfunction detect() {\n if (Binary.compare(\"e9$$$$bb....d1ebd1ebd1ebd1eb43b8....cd21fa8cc88ed0bc....fb8ed88ec0c706\")) {\n sOptions = \"1992 by The Audio Solutions\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/COM/immunizer_ARF_AV_Inject.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"immunizer\", \"ARF/AV Inject\");\n\nfunction detect() {\n if (Binary.compare(\"e9$$$$b8....50558bec83c4..061e90c746......c746......c646....c746......c746......8b5e..8dbf....b9\")) {\n sVersion = \"2.4\";\n sOptions = \"1995 by ARF Enterprises\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/COM/immunizer_CPAV.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"immunizer\", \"Central Point Anti-Virus immunizer\");\n\nfunction detect() {\n if (Binary.compare(\"e9$$$$e9$$$$e8$$$$5b81eb....5051525657558beb2ec686......268e06....061fb9....bf....8bc7fcf2ae26803d..75\")) {\n sVersion = \"1993\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/COM/immunizer_F-XLOCK.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"immunizer\", \"F-XLOCK\");\n\nfunction detect() {\n if (Binary.compare(\"e8$$$$505351521e8e1e....33db8b07433d....74..75..43833f..75..4343\")) {\n sVersion = \"1.16\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/COM/immunizer_IMMUN.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"immunizer\", \"IMMUN\");\n\nfunction detect() {\n if (Binary.compare(\"e9$$$$5053515256571e06e8....5e81ee....2e8936....8bfe81c7....2e8b1d2bfb83c7..81ef....8befb430cd21\")) {\n sVersion = \"1.2r\";\n sOptions = \"1993 by J.Bleuel\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/COM/immunizer_TAV.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"immunizer\", \"Turbo Anti-Virus\");\n\nfunction detect() {\n if (Binary.compare(\"e9$$$$e9$$$$e800005b81eb....5051525657558beb2ec686......268e06....061f\")) {\n sOptions = \"by CARMEL Software Engineering\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/COM/immunizer_VSS.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"immunizer\", \"Viren Schutz Schild\");\n\nfunction detect() {\n if (Binary.compare(\"e9$$$$e8$$$$5b81eb....1e065051525354555657061e8bebb430cd2186e03d....73..e9\")) {\n sVersion = \"1993 by Ralph Roth\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/COM/other_XLOADER.2.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"other\", \"XLOADER\");\n\nfunction detect() {\n if (Binary.compare(\"fc8cdb33c08ec0b8....26a3....268c0e....5052faba....b0..ee42ec\")) {\n sVersion = \"2.00\";\n sOptions = \"by CyberMan + ST!LLS0N\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/COM/other_integrity_checker.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"other\", \"integrity checker\");\n\nfunction detect() {\n if (Binary.compare(\"e9$$$$505351521ea1....8ed829db43833f..75..434389dab8....cd211fb9....ba....72..89c3b4..cd21\")) {\n sOptions = \"1990-92 by D.A. Martynoff\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/COM/packer_4kZIP.2.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"packer\", \"4kZIP\");\n\nfunction detect() {\n if (Binary.compare(\"fcb1..e8$$$$8736....b8....d3e0482306....66d32e....280e....77..506633c0ac8a0e....80c1..66d3e0\")) {\n sOptions = \"by pascal //Digital Nightmare\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/COM/packer_AVPACK.2.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"packer\", \"AVPACK\");\n\nfunction detect() {\n if (Binary.compare(\"eb$$8cda0316....3916....73..b409ba....cd21c3\")) {\n sVersion = \"1.22\";\n sOptions = \"Andrei Volkov\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/COM/packer_COMPACK.2.sg", "content": "// Detect It Easy: detection rule file\r\n// Author: horsicq \r\n\r\nmeta(\"packer\", \"COMPACK\");\r\n\r\nfunction detect() {\r\n if (Binary.compare(\"BE....E8....5D83C5..55505351520E070E1F8BCE8D72..BF....D1E9FD57F3A5\")) {\r\n sVersion = \"4.5\";\r\n bDetected = true;\r\n } else if (Binary.compare(\"BE....E8....5D83C5..55505351520E070E1F8D72..bf....b9....90fd57f3a58d75..fcf98bfdc3\")) {\r\n sVersion = \"4.5?\";\r\n bDetected = true;\r\n } else if (Binary.compare(\"BE....E8....5D83C5..555053510E070E1F8BCE8D72..BF....D1E9FD57F3A5\")) {\r\n sVersion = \"5.1\";\r\n bDetected = true;\r\n } else if (Binary.compare(\"BE....E8....5D83C5..550e1f0e07505351528bce8d72..bf....d1e9fd57f3a58d75..fcf98bfdc3\")) {\r\n sVersion = \"4.5\";\r\n bDetected = true;\r\n } else if (Binary.compare(\"be....0e530e520e070e1fe800005d8bce8d72..bf....d1e9fd57f3a58d75..fcf98d7e..c3\")) {\r\n sVersion = \"4.4\";\r\n sOptions = \"1990\";\r\n bDetected = true;\r\n } else if (Binary.compare(\"be....505351520e070e1fe800005d8bce8d72..bf....d1e9fd57f3a58d75..fcf98d7e..c3\")) {\r\n sVersion = \"4.4\";\r\n sOptions = \"1990\";\r\n bDetected = true;\r\n } else if (Binary.compare(\"BE....E8....5D83C5..558bce8d72..bf....d1e9fd57f3a58d75..fcf98bfdc3\")) {\r\n sVersion = \"4.5?\";\r\n bDetected = true;\r\n }\r\n\r\n return result();\r\n}\r\n" }, { "path": "db/COM/packer_Cheat_packer.2.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"packer\", \"Cheat packer\");\n\nfunction detect() {\n if (Binary.compare(\"eb$$b9....ba....bf....bb....b8....be....83ec..8becfc8866..32e48976..8bf703c18bf83bfe76..fd574e4f\")) {\n sOptions = \"1993 by TWIN of TRSi\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/COM/packer_Compressor.2.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"packer\", \"Compressor\");\n\nfunction detect() {\n if (Binary.compare(\"eb$$8cc8488ec026813e........72..05....8ec0be....ba....33ffb9....b0..f3aa\")) {\n sVersion = \"1.0\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/COM/packer_CyberWare_Packer.2.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"packer\", \"CyberWare Packer\");\n\nfunction detect() {\n if (Binary.compare(\"565056fd8bfc83ef..b9....be....fea447ffe7\")) {\n sOptions = \"1997\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/COM/packer_Diet.2.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"packer\", \"Diet\");\n\nfunction detect() {\n if (Binary.compare(\"bf....3bfc72$$fdbe....b9....f3a5fc8bf7bf....adad8be8b2..e9\")) {\n sVersion = \"1.00\";\n sOptions = \"modified\";\n bDetected = true;\n } else if (Binary.compare(\"bf....3bfc72$$be....b9....fdf3a5fc8bf7bf....adad8be8b2..e9\")) {\n sVersion = \"1.00, 1.00d\";\n bDetected = true;\n } else if (Binary.compare(\"......bf....b9....3bfc72$$fdf3a5fc8bf7bf....adad8be8b2..e9\")) {\n sVersion = \"1.02b, 1.10a\";\n bDetected = true;\n } else if (Binary.compare(\"......bf....b9....3bfc72$$31dbeb$$fdf3a5fc8bf7bf....adad8be8b2..e9\")) {\n sVersion = \"1.20\";\n bDetected = true;\n } else if (Binary.compare(\"f99ceb$$55061e575652515350e8$$$$59b1..d3e98cc803c18ed88ec0\")) {\n sVersion = \"1.44/1.45\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/COM/packer_EXC.2.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"packer\", \"EXC\");\n\nfunction detect() {\n if (Binary.compare(\"e9$$$$e8$$$$5f81fc....72..8745..a3....8a45..a2....fc8db5....bd....8cca\")) {\n sVersion = \"1.0.0\";\n sOptions = \"by Kris Heidenstrom\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/COM/packer_ICE.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"packer\", \"ICE\");\n\nfunction detect() {\n if (Binary.compare(\"eb$$be....8bfe8b0e....8b16....b8....50fcad33c2ab8bd0e2\")) {\n sVersion = \"1.0\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/COM/packer_LGLZ.2.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"packer\", \"LGLZ\");\n\nfunction detect() {\n if (Binary.compare(\"bf....3bfc72$$be....b9....fdf3a4fc8bf746bf....e8\")) {\n sVersion = \"1.03/04\";\n sOptions = \"1996\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/COM/packer_PKLITE.2.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"packer\", \"PKLITE\");\n\nfunction detect() {\n if (Binary.compare(\"B8....BA....3bc473..8bc42d....25....8bf8b9....be....fcf3a58bd8b1..d3eb8cd903d95333db53cb\")) {\n sVersion = \"1.12, 1.20\";\n bDetected = true;\n } else if (Binary.compare(\"B8....BA....3bc473..8bc42d....9025....8bf8b9....90be....fcf3a58bd8b1..d3eb8cd903d95333db53cb\")) {\n sVersion = \"1.15\";\n bDetected = true;\n } else if (Binary.compare(\"50B8....BA....3bc473..8bc42d....25....8bf8b9....be....fcf3a58bd8b1..d3eb8cd903d95333db53cb\")) {\n sVersion = \"1.50\";\n bDetected = true;\n } else if (Binary.compare(\"B8....BA....8cdb03d83b1e....73..83eb..fa8ed3bc....fb83eb..8ec353b9....33ff57be....fcf3a5cb\")) {\n sVersion = \"1.00, 1.03\";\n sOptions = \"exe2com\";\n bDetected = true;\n } else if (Binary.compare(\"ba....a1....2d....8ccb81c3....3bc377..05....3bc377..b4..ba....cd21cd20\")) {\n sVersion = \"1.00c\";\n bDetected = true;\n } else if (Binary.compare(\"ba....b8....05....3b06....73..2d....fa8ed0fb2d....8ec050b9....33ff57be....fcf3a5cb\")) {\n sVersion = \"1.1X\";\n bDetected = true;\n } else if (Binary.compare(\"B8....BA....3bc473..8bc42d....25....8bf8b9....be....fcf3a58bd8b1\")) {\n sVersion = \"1.12, 1.15, 1.20\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/COM/packer_PRO-PACK.2.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"packer\", \"PRO-PACK\");\n\nfunction detect() {\n if (Binary.compare(\"83ec..8becbe....fce8....05....8bc8e8....8bd003c605....8bf8e8....ad88....32e489....8bf703c18bf83bfe76\")) {\n sVersion = \"2.08-2.19\";\n bDetected = true;\n } else if (Binary.compare(\"83ec..8becbe....fce8....05....8bc8e8....8bd003c605....8bf8e8....8946..895e..ad8866..32e48976..8bf703c18bf83bfe76\")) {\n sVersion = \"2.08-2.19\";\n sOptions = \"-m1, locked\";\n bDetected = true;\n } else if (Binary.compare(\"be....fce8....05....8bc8e8....8bd003c605....8bf883c6..ad32e48bee8bf703c18bf83bfe76\")) {\n sVersion = \"2.14\";\n sOptions = \"-m2\";\n bDetected = true;\n } else if (Binary.compare(\"be....fce8....05....8bc8e8....8bd003c605....8bf8e8....5350ad32e48bee8bf703c18bf83bfe76\")) {\n sVersion = \"2.08-2.19\";\n sOptions = \"-m2\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/COM/packer_SCRE2B.2.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"packer\", \"SCRE2B\");\n\nfunction detect() {\n if (Binary.compare(\"8cda0116....ff2e....00\")) {\n sVersion = \"1.02\";\n sOptions = \"by Graeme W. McRae\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/COM/packer_SCRNCH.2.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"packer\", \"SCRNCH\");\n\nfunction detect() {\n if (Binary.compare(\"eb$$bb....b44acd2181eb....73..ba....b9....e9\")) {\n sVersion = \"1.02\";\n sOptions = \"1988 by Graeme W. McRae\";\n bDetected = true;\n } else if (Binary.compare(\"bb....b44acd2181eb....73..ba....b9....e9$$$$0e1fb440bb....cd21b8....cd21\")) {\n sVersion = \"1.00\";\n sOptions = \"1988 by Graeme W. McRae\";\n bDetected = true;\n } else if (Binary.compare(\"bb....b44acd2181eb....73..ba....b9....e9$$$$b440bb....cd21b8....cd21\")) {\n sVersion = \"1.01\";\n sOptions = \"1988 by Graeme W. McRae\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/COM/packer_SHRINK.2.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"packer\", \"SHRINK\");\n\nfunction detect() {\n if (Binary.compare(\"509cfcbe....bf....57b9....f3a48b0e....be....bf....f3a4c3\")) {\n sVersion = \"1.0\";\n sOptions = \"by Thomas G. Hanlin\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/COM/packer_Scramb.2.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"packer\", \"Scramb\");\n\nfunction detect() {\n if (Binary.compare(\"e9$$$$e8$$$$5b0e1f81eb....8bc305....508bc803d12bfac3\")) {\n sVersion = \"1.20\";\n sOptions = \"by B.U.G.\";\n bDetected = true;\n } else if (Binary.compare(\"e9$$$$e8....5b0e1f81eb....8bc305....508bc803d12bfac3\")) {\n sVersion = \"1.20\";\n sOptions = \"by B.U.G.\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/COM/packer_Six-2-Four.2.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"packer\", \"Six-2-Four\");\n\nfunction detect() {\n if (Binary.compare(\"'[ESP]'b5..8bf98be9be....57f3a4c3\")) {\n sVersion = \"1.1\";\n sOptions = \"Boogie //ESP\";\n bDetected = true;\n } else if (Binary.compare(\"'PULP'83c4..fcbf....be....b5..57f3a5c3\")) {\n sVersion = \"1.0\";\n sOptions = \"Kimmy //Pulp\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/COM/packer_TPACK.2.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"packer\", \"TPACK\");\n\nfunction detect() {\n if (Binary.compare(\"03'TUSCON'030d0a005868....60e9\")) {\n sVersion = \"0.5c\";\n sOptions = \"1996 by Max //TUSCON\";\n bDetected = true;\n } else if (Binary.compare(\"68....fd60be....bf....b9....f3a48bf7bf....fc46e9\")) {\n sVersion = \"0.55c\";\n sOptions = \"1996 by Max //TUSCON\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/COM/packer_Triplex.2.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"packer\", \"Triplex\");\n\nfunction detect() {\n if (Binary.compare(\"bd....be....5553525a5b505351520e1f0e078bce8d72..bf....d1e9fd57f3a5\")) {\n sOptions = \"1994\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/COM/packer_UPX.2.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"packer\", \"UPX\");\n\nfunction detect() {\n if (Binary.compare(\"b9....be....bf....fdf3a4fcf7e19387f783ee..19ed57\")) {\n sVersion = \"0.50\";\n sOptions = \"dos/com\";\n bDetected = true;\n } else if (Binary.compare(\"81fc....77..cd20b9....be....bf....bb....fdf3a4fc87f783ee\")) {\n sVersion = \"0.81-1.20\";\n sOptions = \"dos/com\";\n bDetected = true;\n } else if (Binary.compare(\"b9....be....bf....bd....fdf3a4fcf7e19387f783c6..57e9\")) {\n sVersion = \"0.30-0.40\";\n sOptions = \"dos/com\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/COM/packer_X-PACK.2.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"packer\", \"X-PACK\");\n\nfunction detect() {\n if (Binary.compare(\"bd....be....bf....b8....99fcfa33c9e9$$$$8bd9ffd5\")) {\n sOptions = \"by Jari Kytojoki\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/COM/packer_XE.2.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"packer\", \"XE\");\n\nfunction detect() {\n if (Binary.compare(\"be....56bf....b9....fc56f3a55fe9\")) {\n sVersion = \"1.42\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/COM/packer_XPACK.2.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"packer\", \"XPACK/LZCOM\");\n\nfunction detect() {\n if (Binary.compare(\"e9$$$$fa8bece8....06bf....57e8....06b8....50be....bf....cb\")) {\n sVersion = \"1.67\";\n bDetected = true;\n } else if (Binary.compare(\"e9$$$$fa8bece8....fb06bf....57e8....06b8....50be....bf....cb\")) {\n sVersion = \"1.67.1\";\n bDetected = true;\n } else if (Binary.compare(\"e9$$$$8cc805....8ec0bf....8bf7fcb9....f3a506b8....50cb\")) {\n sVersion = \"1.65\";\n bDetected = true;\n } else if (Binary.compare(\"e9$$$$8cc8a3....05....8ec0bf....8bf7fcb9....f3a506b8....50cb\")) {\n sVersion = \"1.4\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/COM/packer_aPACK.2.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"packer\", \"aPACK\");\n\nfunction detect() {\n if (Binary.compare(\"be....bf....8bcffc57f3a4c3\")) {\n sVersion = \"0.98-0.99 small\";\n bDetected = true;\n } else if (Binary.compare(\"8cc880c4..8ec0fcb9....be....8bfe57f3a55fbe....0668....1e078ed8cb\")) {\n sVersion = \"0.82b-0.94b\";\n bDetected = true;\n } else if (Binary.compare(\"8cc805....8ec0598ed051be....bf....5057fcb2..bd....50a4ffd5\")) {\n sVersion = \"0.61\";\n bDetected = true;\n } else if (Binary.compare(\"8cc805....8ec0598ed051be....bf....5057fcb6..bd....ffd5\")) {\n sVersion = \"0.58-0.74\";\n bDetected = true;\n } else if (Binary.compare(\"8cc880c4..8ec0fcb9....be....8bfe57f3a55fbe....06ba....521e078ed8cb\")) {\n sVersion = \"0.82-0.94\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/COM/packer_com_RLE_packer.2.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"packer\", \"com RLE packer\");\n\nfunction detect() {\n if (Binary.compare(\"60be....bf....8b0e....f3a4be....bf....57b9....f3a4c3\")) {\n sOptions = \"by NOP/PC\";\n bDetected = true;\n } else if (Binary.compare(\"fc8cc833ff05....8ec006be....b9....57f3a40e07cb\")) {\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/COM/packer_envelope.2.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"packer\", \"envelope\");\n\nfunction detect() {\n if (Binary.compare(\"60ba....3bd472$$be....8bfeb9....bb....fcad33c343abe2\")) {\n sOptions = \"by ROWDY, St.Petersburg\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/COM/protector_ABK-Scrambler.2.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"protector\", \"ABK-Scrambler\");\n\nfunction detect() {\n if (Binary.compare(\"b430cd2186e03d....73..cd209c06b8....50cf\")) {\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/COM/protector_ACE_Scrambler.2.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"protector\", \"A.C.E. Scrambler\");\n\nfunction detect() {\n if (Binary.compare(\"2c..fec024..34..fec824..34..bb....0c..eb$$24..0c..81eb....f6d8eb$$2c..fec0ffe3\")) {\n sOptions = \"1996\";\n bDetected = true;\n } else if (Binary.compare(\"24..0c..f6d8eb$$fec8bb....04..0c..f6d804..fec0f6d881eb....24..f6d8fec034..0c..04..2c..ffe3\")) {\n sOptions = \"1996\";\n bDetected = true;\n } else if (Binary.compare(\"34..fec834..0c..24..04..fec0bb....0c..2c..0c..81eb....eb$$fec0f6d82c..fec0f6d80c..ffe3\")) {\n sOptions = \"1996\";\n bDetected = true;\n } else if (Binary.compare(\"24..fec82c..bb....fec8f6d8eb$$04..81eb....0c..fec0fec80c..34..ffe3\")) {\n sOptions = \"1996\";\n bDetected = true;\n } else if (Binary.compare(\"24..eb$$04..bb....f6d834..fec8fec0eb$$0c..81eb....34..24..34..eb$$ffe3\")) {\n sOptions = \"1996\";\n bDetected = true;\n } else if (Binary.compare(\"34..fec804..24..0c..04..bb....0c..04..f6d881eb....0c..fec8f6d824..0c..ffe3\")) {\n sOptions = \"1996\";\n bDetected = true;\n } else if (Binary.compare(\"f6d834..2c..bb....0c..34..fec004..34..fec004..81eb....2c..34..24..eb$$04..2c..04..ffe3\")) {\n sOptions = \"1996\";\n bDetected = true;\n } else if (Binary.compare(\"fec0eb$$24..34..bb....f6d834..fec024..fec0f6d834..81eb....f6d80c..eb$$04..ffe3\")) {\n sOptions = \"1996\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/COM/protector_AVAST-Protect.2.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"protector\", \"AVAST-Protect\");\n\nfunction detect() {\n if (Binary.compare(\"eb$$8cc82e0306....502eff36....cb\")) {\n sOptions = \"1999 by P.Baudis\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/COM/protector_AdFlt.2.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"protector\", \"AdFlt\");\n\nfunction detect() {\n if (Binary.compare(\"68....9c0fa00fa860fd6a..0fa1be....ad6664ff36....648b16....643106....6664ff36....648916....adff36\")) {\n sVersion = \"2.0\";\n sOptions = \"by EliCZ\";\n bDetected = true;\n } else if (Binary.compare(\"9c0fa06660fd6a..0fa1be....ad6664ff36....648b16....668f06....643106....6664ff36....648916....668f06....adff36\")) {\n sOptions = \"by EliCZ\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/COM/protector_Adys_COM-Scrambler.2.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"protector\", \"Ady`s COM-Scrambler\");\n\nfunction detect() {\n if (Binary.compare(\"33c08ed88ec0fcfabe....8bfead2ea3....ad2ea3....b8....ab8cc8ab\")) {\n sOptions = \"1993\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/COM/protector_Anti-hack_encryption_system.2.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"protector\", \"Anti-hack encryption system\");\n\nfunction detect() {\n if (Binary.compare(\"eb$$bd....33c08ec026c706........268c0e....8b46..26a3....268c0e....0e07\")) {\n sOptions = \"by Rezaul Kabir //Shuvro\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/COM/protector_BIN-Lock.2.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"protector\", \"BIN-Lock\");\n\nfunction detect() {\n if (Binary.compare(\"eb$$31c08ec026c706........268c0e....26c706........268c0e....2ec706........2e8c0e....cccd01eb\")) {\n sVersion = \"1.00\";\n sOptions = \"by Hit-BBS Programmers crew\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/COM/protector_Best_Protection_Kit-B.2.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"protector\", \"Best Protection Kit-B\");\n\nfunction detect() {\n if (Binary.compare(\"eb$$fc8c06....e421a2....b0..e621fb33c08ed08be0be....8d3e....b9\")) {\n sOptions = \"1993 by Eric Zmiro\";\n bDetected = true;\n } else if (Binary.compare(\"eb$$fc8c06....e421a2....b0..e621fbf433c08ed08be0be....8d3e....b9\")) {\n sOptions = \"1992 by Eric Zmiro\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/COM/protector_BinCOD.2.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"protector\", \"BinCOD\");\n\nfunction detect() {\n if (Binary.compare(\"e9$$$$60fa6a000726ff36....26ff36....26c706........26c706........fbb9....bf....03f9ac\")) {\n sVersion = \"1.1\";\n sOptions = \"by SierraMan\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/COM/protector_Budokan.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"protector\", \"Budokan\");\n\nfunction detect() {\n if (Binary.compare(\"bf....b9....8bc1fd3305abe2..e9\")) {\n sOptions = \"by Electronic Arts, Inc.\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/COM/protector_C-crypt.2.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"protector\", \"C-crypt\");\n\nfunction detect() {\n if (Binary.compare(\"e9$$$$e800005d83ed..55d9d09c5825....509d5057bf....b0..aa5f58665166b9........cc\")) {\n sVersion = \"1.02\";\n sOptions = \"by De'FeinD //uCT\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/COM/protector_CC#3.2.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"protector\", \"CC#3\");\n\nfunction detect() {\n if (Binary.compare(\"e9$$$$e800005d33db8bc3bf....893f81c3....532eff36....1f1e568d76..8bfbb9....f2a4c6\")) {\n sOptions = \"by ZeroCoder //XG\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/COM/protector_CC.2.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"protector\", \"CC\");\n\nfunction detect() {\n if (Binary.compare(\"b8....ba....3be073..b409ba....cd21b8....cd218bdc81eb....83e3..fcbe....8bfbb9....f3a48bc3b1..d3e88cc903c15033c050cb\")) {\n sVersion = \"1.0\";\n sOptions = \"1991 by B.Vorontsov\";\n bDetected = true;\n } else if (Binary.compare(\"ba....b430cd213c..73..33c00650cbb9....b8....eb$$05....fc80c4..eb\")) {\n sVersion = \"2.61 Beta\";\n sOptions = \"by UniHackers\";\n bDetected = true;\n } else if (Binary.compare(\"e9$$$$b9....be....8bfe5156b4..ac32c4c0c4..02e1aae2..bf....5e59f3a4be....56c3\")) {\n sVersion = \"1.01\";\n sOptions = \"by B.Vorontsov\";\n bDetected = true;\n } else if (Binary.compare(\"bf....be....b9....fdf3a5fc8bf7bf....adad8be8b2..e9\")) {\n sVersion = \"1998\";\n sOptions = \"by B.Vorontsov\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/COM/protector_CC286.2.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"protector\", \"CC286x2\");\n\nfunction detect() {\n if (Binary.compare(\"e9$$$$eb$$e800005d81ed....eb$$bf....eb$$b0..eb$$e664eb$$b0..eb$$aaeb$$4f8d9e....eb$$538bdf\")) {\n sVersion = \"2.1\";\n sOptions = \"by Dark Stalker //UCF\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/COM/protector_CCC.2.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"protector\", \"CCC\");\n\nfunction detect() {\n if (Binary.compare(\"e9$$$$e800005b8b4c..501736890e....8b47..1347..3347..2b47..36a3....83c6..b9....8b7f..037f..ac363006\")) {\n sOptions = \"by ZeroCoder //XG\";\n bDetected = true;\n } else if (Binary.compare(\"e9$$$$e800005b8b4c..501736890e....8b47..3347..36a3....83c6..b9....8b7f..037f..ac363006\")) {\n sOptions = \"by ZeroCoder //XG\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/COM/protector_CHECKPRG.2.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"protector\", \"CHECKPRG\");\n\nfunction detect() {\n if (Binary.compare(\"33c0be....8bd8b9....bf....ba....474a74..ac320503d8e2\")) {\n sOptions = \"1992 by Jordi Mas Hernandez\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/COM/protector_CNT.2.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"protector\", \"CNT\");\n\nfunction detect() {\n if (Binary.compare(\"'CNT'58e8$$$$5e8b4c..bf....ac3306....3306\")) {\n sOptions = \"by C0NTRiVER\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/COM/protector_COM-Protect.2.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"protector\", \"COM-Protect\");\n\nfunction detect() {\n if (Binary.compare(\"e9$$$$8b1e....83eb..b8....5053b430cd215b9ceb\")) {\n sOptions = \"1995 by Mr.Wicked\";\n bDetected = true;\n } else if (Binary.compare(\"e9$$$$565699521fe8....5d8d86....0e508f06....8f06....83c6..565f0e1fb9....b8....a3\")) {\n sOptions = \"1994 by SiAC\";\n bDetected = true;\n } else if (Binary.compare(\"2e8006......eb00c3\")) {\n sOptions = \"1994 by Misha //UCF\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/COM/protector_COM-Protection.2.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"protector\", \"COM-Protection\");\n\nfunction detect() {\n if (Binary.compare(\"e9$$$$eb$$86c08ec086dbeb$$05....87db8b2e....97eb$$aaaaeb$$aaaaeb$$bb....03ddb9....03cd87cbb8\")) {\n sOptions = \"by JAM //UCF\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/COM/protector_COMCRYPT.2.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"protector\", \"ComCrypt\");\n\nfunction detect() {\n if (Binary.compare(\"e9$$$$b9....be....89f70e1f0e07bb....fcad31d8abe2\")) {\n sOptions = \"1997 by HPA\"\n bDetected = true;\n } else if (Binary.compare(\"e9$$$$eb$$5053575152061e572e8b36....81c6....8a5c..2e881e....8a5c\")) {\n sVersion = \"1.0b\";\n bDetected = true;\n } else if (Binary.compare(\"e9$$$$b9....be....89f7fcac04..aae2..b8....bf....abb0..aab8....5033c0c3\")) {\n sOptions = \"1997 by HPA\"\n bDetected = true;\n } else if (Binary.compare(\"b8....ffe0\")) {\n if (Binary.compare(\"bb....b9....33c02e802f..43e2\", Binary.readWord(1) - 0x100)) {\n sOptions = \"by Stone\"\n bDetected = true;\n }\n }\n\n return result();\n}" }, { "path": "db/COM/protector_COMPROTECT.2.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"protector\", \"COMPROTECT (RCP)\");\n\nfunction detect() {\n if (Binary.compare(\"b8....15....72..8ac4bb....50515253555657061e50b8....58eb\")) {\n sVersion = \"2.10\";\n sOptions = \"1988-95 by Ralph Roth\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/COM/protector_COP.2.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"protector\", \"COP\");\n\nfunction detect() {\n if (Binary.compare(\"bf....be....b9....ac3206....aae2\")) {\n sVersion = \"1.0\";\n sOptions = \"by Jack A. Orman\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/COM/protector_CodeLock.2.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"protector\", \"CodeLock\");\n\nfunction detect() {\n if (Binary.compare(\"e9$$$$bb....535856535981e9....31ff575a5dbe....e9\")) {\n sVersion = \"4.0\";\n sOptions = \"1993 by Dr. Detergent\";\n bDetected = true;\n } else if (Binary.compare(\"e9$$$$b430cd213c037d$$068e06....061f31c0505e565fae\")) {\n sVersion = \"3.0\";\n sOptions = \"1993 by Dr. Detergent\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/COM/protector_Codesafe.2.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"protector\", \"Codesafe\");\n\nfunction detect() {\n if (Binary.compare(\"e9$$$$5033c08ec02ef606......74..26ff36....061e07e8....07268f06....fb2e8c1e....26ff36....268f06\")) {\n sOptions = \"by EliaShim Ltd\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/COM/protector_ComProt.2.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"protector\", \"ComProt\");\n\nfunction detect() {\n if (Binary.compare(\"e9$$$$e800005e8bee81ed....8db6....b9....f61446e2\")) {\n sVersion = \"1.0b\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/COM/protector_ComProtector.2.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"protector\", \"ComProtector\");\n\nfunction detect() {\n if (Binary.compare(\"e9$$$$b9....bb....bf....2e8a0734..fec8c0c0..2e88052e000d2e002d4743e2\")) {\n sVersion = \"1.0\";\n sOptions = \"1998 by Marco Ruhmann\";\n bDetected = true;\n } else if (Binary.compare(\"e9$$$$b9....e800005b83c3..90fa8bd48be133c02e030e....2ec007..0f23f82e2b0e....2e300f0f23d8\")) {\n sVersion = \"1.1\";\n sOptions = \"1998 by Marco Ruhmann\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/COM/protector_Comlock.2.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"protector\", \"Comlock by Trouble Makers\");\n\nfunction detect() {\n if (Binary.compare(\"e9$$$$eb$$bb....be....81c6....03f3bf....b9....f3a42e8a87....be....8bc82e300446ffc0e2\")) {\n sVersion = \"0.10\";\n bDetected = true;\n } else if (Binary.compare(\"e9$$$$eb$$bb....be....81c6....03f3bf....b9....f3a42e8a87....be....8bcb2e300446fec0e2\")) {\n sVersion = \"0.10\";\n bDetected = true;\n } else if (Binary.compare(\"e9$$$$eb$$bb....be....81c6....03f3bf....b9....f3a42e8a87....8bcbbe....2e3004fec046e2\")) {\n sVersion = \"0.1X\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/COM/protector_CrAcKeR.2.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"protector\", \"CrAcKeR\");\n\nfunction detect() {\n if (Binary.compare(\"eb$$be....8bfe5633c0be....ac02e081fe....72..5eac34..aa81fe....72\")) {\n sVersion = \"0.2a\";\n sOptions = \"by Deu$\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/COM/protector_Crack2EXE.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"protector\", \"Crack2exe\");\n\nfunction detect() {\n if (Binary.compare(\"b9....bf....8035..47e2..be....8034..46803c..75..be....e8....be....e8....be....e8....bd\")) {\n sName += \"/486\";\n sVersion = \"0.02 Alfa\";\n sOptions = \"1996 by Professor Nimnul\";\n bDetected = true;\n } else if (Binary.compare(\"b9....bf....8035..47e2..d7aa6de9\")) {\n sVersion = \"0.02\";\n sOptions = \"(crypted) 1996 by Professor Nimnul\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/COM/protector_CryptCom.2.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"protector\", \"CryptCom\");\n\nfunction detect() {\n if (Binary.compare(\"e9$$$$be....56b9....c704....c644....8134....4646e2..31f631c9c3\")) {\n sVersion = \"2.0\";\n sOptions = \"by Nowhere Man\";\n bDetected = true;\n } else if (Binary.compare(\"bf....57be....90b9....f3a4c3\")) {\n sVersion = \"1.1\";\n sOptions = \"by Frank Baumgartner\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/COM/protector_Crypto-King.2.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"protector\", \"Crypto-King\");\n\nfunction detect() {\n if (Binary.compare(\"bf....be....57b9....f3a4c3\")) {\n sVersion = \"1.08\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/COM/protector_DCFR.2.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"protector\", \"DCFR\");\n\nfunction detect() {\n if (Binary.compare(\"b8....ba....3bc4eb$$72$$5250b9....bb....8b0733c140890743e2\")) {\n sVersion = \"0.0.4\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/COM/protector_DS-CRP.2.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"protector\", \"DS-CRP\");\n\nfunction detect() {\n if (Binary.compare(\"b8....50c3\")) {\n var nOffset = Binary.readWord(1) - 256 + 8;\n if (Binary.compare(\"e800005d81ed....9c32e4509d9c5880e4..80fc..74..b4..509d9c5880e4..74..9deb\", nOffset))\n sVersion = \"1.30\";\n sOptions = \"by Dark Stalker //UCF\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/COM/protector_Deeper.2.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"protector\", \"Deeper\");\n\nfunction detect() {\n if (Binary.compare(\"90e9$$$$e8000059fa8bdc36c747......36837f....75..fb66fafb8be981ed....81e9....be....8dbe....668b05668904\")) {\n sVersion = \"1.0c\";\n bDetected = true;\n }\n if (Binary.compare(\"90e9$$$$e80000fa8bdc36c747......36837f....75..fb598be981ed....81e9....be....8dbe....668b05668904\")) {\n sVersion = \"1.0a\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/COM/protector_E2C-Scrambler.2.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"protector\", \"E2C-Scrambler\");\n\nfunction detect() {\n if (Binary.compare(\"e9$$$$fabc....c1ea..8ccd03ea8ec5bf....be....b9....bb....fdac320702c1d2c002c5aa4381fb....75..bb....e2\")) {\n sOptions = \"1999 by Amokk //FTW\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/COM/protector_E2C1.2.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"protector\", \"E2C protection\");\n\nfunction detect() {\n if (Binary.compare(\"bc....33c050b8....50ba....b8....cd21b8....cd21bf....be....b9....9081ff....74..8a050204aa46e2..eb\")) {\n sOptions = \"1990 by Erik Labs\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/COM/protector_EPW.2.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"protector\", \"EPW\");\n\nfunction detect() {\n if (Binary.compare(\"e9$$$$06571e565552515350bb....81c3....2e8b078ccb03c305....50b8....50cb\")) {\n sVersion = \"1.2\";\n sOptions = \"by Aland D. Jones\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/COM/protector_EXETools.2.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"protector\", \"EXETools by Dismember\");\n\nfunction detect() {\n if (Binary.compare(\"68....68....68....be....bf....57b9....f3a4c3\")) {\n sVersion = \"2.1 /E\";\n bDetected = true;\n } else if (Binary.compare(\"e9$$$$e800005d8bcd83ed..bf....be....2bcff3a4b9....be....03f5\")) {\n sVersion = \"2.1\";\n bDetected = true;\n } else if (Binary.compare(\"68....bf....8bf757b9....51b4..ac32c4c0c4..02e102f0aae2..33c0595e5f57eb\")) {\n sVersion = \"2.0\";\n bDetected = true;\n } else if (Binary.compare(\"68....68....68....be....bf....57b9....f3a4c3\")) {\n sVersion = \"2.1 /E\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/COM/protector_Encriptor.2.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"protector\", \"Encriptor\");\n\nfunction detect() {\n if (Binary.compare(\"eb$$b9....be....bf....acd0c8aae2..be....bf....acaa\")) {\n sVersion = \"1.00c\";\n sOptions = \"by Dark Stalker //UCF\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/COM/protector_Entropy_Coder.2.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"protector\", \"Entropy Coder\");\n\nfunction detect() {\n if (Binary.compare(\"be....bf....b9....fdf3a447fcffe7\")) {\n sOptions = \"by Sergey Lukashev\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/COM/protector_ExOM.2.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"protector\", \"ExOM\");\n\nfunction detect() {\n if (Binary.compare(\"'EXOM'fabd....ffe5\")) {\n sVersion = \"0.0X\";\n sOptions = \"by Abdelaziz BELBACHiR\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/COM/protector_FCRYPT.2.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"protector\", \"FCRYPT\");\n\nfunction detect() {\n if (Binary.compare(\"e9$$$$505351be....bf....8befb9....fcacd0c032c1d0c032c1aae2..595b58ffe5\")) {\n sVersion = \"2.10b\";\n sOptions = \"1992-93 by Chip & Dale SoftGroup\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/COM/protector_GOAT.2.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"protector\", \"GOAT\");\n\nfunction detect() {\n if (Binary.compare(\"5156505253813c....75$$424a81c3....8bdb595e585a5bb4..ba....cd21b8....cd21474f\")) {\n sOptions = \"1996 by Martin Overton\";\n bDetected = true;\n } else if (Binary.compare(\"50565351b8....807c....74$$8bc0585e5b59b4..ba....cd21b8....cd21474f4154\")) {\n sOptions = \"1996 by Martin Overton\";\n bDetected = true;\n } else if (Binary.compare(\"56515052807c....75$$81c2....8bc05e59585ab4..ba....cd21b8....cd21474f4154\")) {\n sOptions = \"1996 by Martin Overton\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/COM/protector_Guardian_Angel.2.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"protector\", \"Guardian Angel\");\n\nfunction detect() {\n if (Binary.compare(\"e9$$$$06fcbe....eb$$ba....eb$$eb$$eb$$8a04eb$$eb$$eb$$d0c8eb$$2ad0eb$$32c6eb$$d1c2eb$$8804eb$$eb$$eb$$4681fe....74\")) {\n sVersion = \"1.0\";\n bDetected = true;\n } else if (Binary.compare(\"e9$$$$06fcbe....8be8e4210c..eb$$e6218bc5ba....8be8e4210c..eb$$e6218bc58a0ceb\")) {\n sVersion = \"1.0\";\n bDetected = true;\n } else if (Binary.compare(\"e9$$$$06fcbb....eb$$eb$$eb$$b9....8be8e42102..eb$$e6218bc58a17eb\")) {\n sVersion = \"1.0\";\n bDetected = true;\n } else if (Binary.compare(\"e9$$$$06fcbb....8be8e4210c..eb$$e6218bc5ba....eb$$eb$$eb$$8a0f\")) {\n sVersion = \"1.0\";\n bDetected = true;\n } else if (Binary.compare(\"e9$$$$06fcbe....eb$$......eb$$8a..8be8e4210c..eb$$e6218bc5fe\")) {\n sVersion = \"1.0\";\n bDetected = true;\n } else if (Binary.compare(\"e9$$$$06fcbf....8be8e4210c..eb$$e6218bc5bb....eb$$8a05eb$$eb$$eb$$fe\")) {\n sVersion = \"1.0\";\n sOptions = \"registered\";\n bDetected = true;\n } else if (Binary.compare(\"e9$$$$e800005d81ed....9c588bc825....509d9c5825....3d....75..eb\")) {\n sVersion = \"1.0b\";\n bDetected = true;\n } else if (Binary.compare(\"e9$$$$06fcbb....eb$$ba....eb$$eb\")) {\n sVersion = \"1.0\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/COM/protector_HDKPROTC.2.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"protector\", \"HDKPROTC\");\n\nfunction detect() {\n if (Binary.compare(\"e9$$$$4851442ea1....2d....8bd805....8bf0bf....b9....f3a48bcbd1e9b8....8bf08bf8066a..07268b2e\")) {\n sVersion = \"1.1\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/COM/protector_HackStop.2.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"protector\", \"HackStop\");\n\nfunction detect() {\n if (Binary.compare(\"fabe....ffe6\")) {\n sVersion = \"1.17cr\";\n bDetected = true;\n } else if (Binary.compare(\"fabd....ffe5\")) {\n sVersion = \"1.13cs\";\n bDetected = true;\n } else if (Binary.compare(\"fabb....ffe3\")) {\n sVersion = \"1.14s\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/COM/protector_IntroC0der.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"protector\", \"IntroC0der\");\n\nfunction detect() {\n if (Binary.compare(\"be....b9....8bfeac32c1d2c032c5aae2\")) {\n sOptions = \"1995 by SkullC0der\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/COM/protector_Keygen_crypt.2.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"protector\", \"KeyGen Crypt\");\n\nfunction detect() {\n if (Binary.compare(\"e9$$$$e800005d8d7e..575eb9....ad35....abe2\")) {\n sVersion = \"1.00\";\n sOptions = \"by Majestic\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/COM/protector_Khrome_Crypt.2.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"protector\", \"Khrome Crypt\");\n\nfunction detect() {\n if (Binary.compare(\"b9....b8....eb$$05....fc80c4..eb$$eb$$f4\")) {\n sVersion = \"0.3\";\n sOptions = \"1997 by Teraphy\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/COM/protector_LAME_GG.2.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"protector\", \"LAME GG (PROPHECY protection)\");\n\nfunction detect() {\n if (Binary.compare(\"e9$$$$e8$$$$5eb9....314c..33c08ee003c605....faeb$$648b1e....899c....648b1e....899c....64a3....648c0e\")) {\n sOptions = \"1999\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/COM/protector_LAMPROT.2.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"protector\", \"LAMPROT\");\n\nfunction detect() {\n if (Binary.compare(\"e9$$$$8b0e....be....bf....f3a4b9....bb....8a0734..880743e2..33c033c933db33d233ff33f668....c3\")) {\n sOptions = \"by gds //FH\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/COM/protector_Lock-Master.2.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"protector\", \"Lock-Master\");\n\nfunction detect() {\n if (Binary.compare(\"e9$$$$eb$$31c0061e502d....501f0726ff77..26ff77..8f87....8f87....ffb7....ffb7....585b29c353bb....5a1f07\")) {\n sVersion = \"9.0\";\n sOptions = \"by Andrew Kacy\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/COM/protector_MASK.2.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"protector\", \"MASK\");\n\nfunction detect() {\n if (Binary.compare(\"e8$$$$5557cd03fc4d41534bfa8bec836e....8b6e..fb49e8....5b81eb....50d6515256\")) {\n sVersion = \"2.0\";\n sOptions = \"1995 by JosB M. L. Lopes.\";\n bDetected = true;\n } else if (Binary.compare(\"e8$$$$5557cd03fc4d41534bfa8bec8346....ff76..5d49e8....5b81eb....50d6515256\")) {\n sVersion = \"2.4\";\n sOptions = \"1995 by JosB M. L. Lopes.\";\n bDetected = true;\n } else if (Binary.compare(\"e8$$$$5557cd03fc4d41534bfd50fa8bc4f7dcbc....9449fbd651521f5256\")) {\n sVersion = \"2.5\";\n sOptions = \"1995 by JosB M. L. Lopes.\";\n bDetected = true;\n } else if (Binary.compare(\"e8$$$$5557cd03fc4d41534bfa8bec836e....ff76..5d49e800005b81eb\")) {\n sVersion = \"2.3\";\n sOptions = \"1995 by JosB M. L. Lopes.\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/COM/protector_MCLock.2.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"protector\", \"MCLock\");\n\nfunction detect() {\n if (Binary.compare(\"e9$$$$909090fa29c08ec026c606......26c606......268c0e....26c606......26c606......268c0e....fbcd01\")) {\n sVersion = \"1.2, 1.3\";\n bDetected = true;\n } else if (Binary.compare(\"e9$$$$eb00e9$$$$909090fa29c08ec026c606......26c606......268c0e....26c606......26c606......268c0e....fbcd01\")) {\n sVersion = \"1.2, 1.3\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/COM/protector_MESS.2.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"protector\", \"MESS\");\n\nfunction detect() {\n if (Binary.compare(\"....................b9....f326ace3..eb$$ba....b409cd21cd20\")) {\n sVersion = \"1.07\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/COM/protector_MSCC.2.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"protector\", \"MSCC\");\n\nfunction detect() {\n if (Binary.compare(\"e9$$$$0e07be....bf....b9....f3a4b9....be....accc9803d8e2\")) {\n sVersion = \"1.0a\";\n sOptions = \"1997 by Mad $cientist\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/COM/protector_MegaShield.2.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"protector\", \"MegaShield\");\n\nfunction detect() {\n if (Binary.compare(\"90b8....e72133d252be....bd....b9....ad03d0d3c233c2d3ca2bd0e2\")) {\n sVersion = \"1.01a\";\n sOptions = \"by t-REX //PSA\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/COM/protector_Microxor.2.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"protector\", \"MiCRoXoR\");\n\nfunction detect() {\n if (Binary.compare(\"e8$$$$bf....5e57b9....300ca4e2..c3\")) {\n sOptions = \"2000 by Jibz\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/COM/protector_NH.2.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"protector\", \"NH\");\n\nfunction detect() {\n if (Binary.compare(\"be....bf....57b9....f3a4c3\")) {\n bDetected = true;\n sOptions = \"by MANtiC0RE\";\n }\n\n return result();\n}" }, { "path": "db/COM/protector_NoAV.2.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"protector\", \"NoAV\");\n\nfunction detect() {\n if (Binary.compare(\"e9$$$$68....60be....66b8........668706....b9....51c1e9..41be....5156bf....e8\")) {\n sOptions = \"by VAG\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/COM/protector_Nodebug.2.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"protector\", \"Nodebug\");\n\nfunction detect() {\n if (Binary.compare(\"e8$$$$b430cd21b4..03f897d6405e50978b4d..ac32c1aae2\")) {\n sVersion = \"1.0 part 1\";\n sOptions = \"by JVP\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/COM/protector_PCOM.2.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"protector\", \"PCOM\");\n\nfunction detect() {\n if (Binary.compare(\"be....b9....2e8a0434..2e880446e2\")) {\n sVersion = \"2.8b2, 2.8b3 -e -i\";\n sOptions = \"1999\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/COM/protector_PCRYPT.2.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"protector\", \"PCRYPT\");\n\nfunction detect() {\n if (Binary.compare(\"'PCRYPT'ff'v3.51'00e9\")) {\n sVersion = \"3.51\";\n sOptions = \"1997 by MERLiN //DTG\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/COM/protector_PCVault-Protect.2.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"protector\", \"PCVault-Protect\");\n\nfunction detect() {\n if (Binary.compare(\"be....fcac3c..75..e9....ac3c..74..e9....eb\")) {\n sOptions = \"1993 by E. Johnson\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/COM/protector_PROTECT.2.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"protector\", \"PROTECT! COM\");\n\nfunction detect() {\n var nLimit = Math.min(65536, Binary.getSize());\n if (Binary.findSignature(0, nLimit, \"0c02e9......e421e9......88e0..........eb....e621e9......88c4........e9......e621eb\") != -1) {\n sVersion = \"5.5\";\n bDetected = true;\n } else if (Binary.findSignature(0, nLimit, \"e42150e9......e621e9......58e621e9......b0ffeb\") != -1) {\n sVersion = \"5.0\";\n bDetected = true;\n } else if (Binary.compare(\"e9$$$$ba....81f2\")) {\n sVersion = \"5.0\";\n bDetected = true;\n } else if (Binary.compare(\"e9$$$$bb....81c3....eb\")) {\n sVersion = \"5.0\";\n bDetected = true;\n } else if (Binary.compare(\"e9$$$$be....81ee....bb....d1cb8b04\")) {\n sVersion = \"5.0\";\n bDetected = true;\n } else if (Binary.compare(\"e9$$$$bf....81ef....eb\")) {\n sVersion = \"5.0\";\n bDetected = true;\n } else if (Binary.compare(\"e9$$$$be....81ee....bb....d1cb8b04\")) {\n sVersion = \"5.0\";\n bDetected = true;\n } else if (Binary.compare(\"e9$$$$bf....81f7\")) {\n sVersion = \"5.0\";\n bDetected = true;\n } else if (Binary.compare(\"e9$$$$ba....81c2....eb\")) {\n sVersion = \"5.0\";\n bDetected = true;\n } else if (Binary.compare(\"e9$$$$bd....81f5....eb\")) {\n sVersion = \"5.0\";\n bDetected = true;\n } else if (Binary.compare(\"e9$$$$bd....d1cd\")) {\n sVersion = \"5.0\";\n bDetected = true;\n } else if (Binary.compare(\"e9$$$$bb....81f3\")) {\n sVersion = \"5.0\";\n bDetected = true;\n } else if (Binary.compare(\"e9$$$$1efd2efe\")) {\n sVersion = \"5.5\";\n bDetected = true;\n } else if (Binary.compare(\"e9$$$$e800005d81ed....33c08ed88bf0bf....b9....fcf3a5fd87fe8cc08ed833c08ec04f4f\")) {\n sVersion = \"4.0\";\n bDetected = true;\n } else if (Binary.compare(\"e9$$$$1eb430cd213c..73..cd20be....e8....e8....1f8cd88ec0\")) {\n sVersion = \"6.0\";\n bDetected = true;\n } else if (Binary.compare(\"e8$$$$501e060e550e1f33c08ec0fafc26a1....5026a1....50\")) {\n sVersion = \"3.0/3.1\";\n bDetected = true;\n } else if (Binary.compare(\"b8....50b8....50e9$$$$c606......eb$$8cc6060b01c3\")) {\n sVersion = \"2.0\";\n sOptions = \"1993\";\n bDetected = true;\n } else if (Binary.compare(\"b8....50e9$$$$c606......eb$$8cc6060701c3eb\")) {\n sVersion = \"1.0\";\n sOptions = \"1993\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/COM/protector_PTP.2.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"protector\", \"PTP\");\n\nfunction detect() {\n if (Binary.compare(\"'PTP50'fafafcb430cd21fb585c582bc05257502ec606\")) {\n sVersion = \"5.0\";\n bDetected = true;\n } else if (Binary.compare(\"'PTP40'fafafcb430cd21fb585c582bc05257502ec606\")) {\n sVersion = \"4.0\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/COM/protector_PassCOM.2.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"protector\", \"PassCOM\");\n\nfunction detect() {\n if (Binary.compare(\"e9$$$$be....bf....b9....8ae1ac32c402e1aae2..68....c3\")) {\n sVersion = \"2.0\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/COM/protector_Propellerhead_encryption.2.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"protector\", \"Propellerhead encryption\");\n\nfunction detect() {\n if (Binary.compare(\"e9$$$$b430cd2180fc..72..90e9....90bb....81c3....53b0..04..51b9....e9\")) {\n sOptions = \"1997\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/COM/protector_ProtEXE.2.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"protector\", \"ProtEXE (com)\");\n\nfunction detect() {\n if (Binary.compare(\"e9$$$$9c5053515256571e0655fabe....8a64..8b54..8bda81c3....8c4f..908b0f894c..8a4f..884c..8bfe8bca83e9..fcac\")) {\n sVersion = \"3.0\";\n sOptions = \"1996\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/COM/protector_R-Crypt.2.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"protector\", \"R-Crypt\");\n\nfunction detect() {\n if (Binary.compare(\"e9$$$$68....60bf....b9....b0..2e3005fec047e2..61c706........c606\")) {\n sVersion = \"0.91\";\n bDetected = true;\n } else if (Binary.compare(\"e9$$$$68....60bf....b9....b0..2e300547fec0e2..61c706........c606\")) {\n sVersion = \"0.93\";\n bDetected = true;\n } else if (Binary.compare(\"e9$$$$bf....57b9....c705....c645....8135....4747e2..33ffc3\")) {\n sVersion = \"0.92\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/COM/protector_RCC.2.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"protector\", \"RCC II\");\n\nfunction detect() {\n if (Binary.compare(\"fabc....ffe4\")) {\n var nOffset = Binary.readWord(2) - 256;\n if (Binary.compare(\"83c4..bc....60e8$$$$e8$$$$50b8....58eb\", nOffset)) {\n sVersion = \"0.51/386\";\n bDetected = true;\n }\n } else if (Binary.compare(\"90bd....ffe5\")) {\n var nOffset = Binary.readWord(2) - 256;\n if (Binary.compare(\"faf7dc87ec83c4..81c4....f7dc83ec..87ecbc....50535251061eb9....b0..e6\", nOffset)) {\n sVersion = \"1.08h\";\n bDetected = true;\n }\n } else if (Binary.compare(\"fcbe....bf....5657b9....f3a55e5f33db33d2\")) {\n sVersion = \"1.08h\";\n bDetected = true;\n } else if (Binary.compare(\"e9$$$$9c505351525657551e06fcb8....cd21\")) {\n sName = \"RCC/286\";\n sVersion = \"1.10\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/COM/protector_RSCC.2.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"protector\", \"RSCC\");\n\nfunction detect() {\n if (Binary.compare(\"b1..32ff82c7..b2..b5..b3..81c2....d0c203d133d1f7d232d13097\")) {\n sVersion = \"1.03\";\n bDetected = true;\n } else if (Binary.compare(\"....82........81......32..80....2b..81\")) {\n sVersion = \"1.04\";\n bDetected = true;\n } else if (Binary.compare(\"....80........81......30..80....30..80\")) {\n sVersion = \"1.04\";\n bDetected = true;\n } else if (Binary.compare(\"32ed80c5..b2..b6..29ff81cf....32c980\")) {\n sVersion = \"1.04\";\n bDetected = true;\n } else if (Binary.compare(\"29ff81f7....33d281f2....31c981c9....f81015a64975..fa53f889ea8944\")) {\n sVersion = \"1.04\";\n bDetected = true;\n } else if (Binary.compare(\"2aed80cd..28c982c1..2ad282ca..bb....81c2....f7da03d102d128174383\")) {\n sVersion = \"1.04\";\n bDetected = true;\n } else if (Binary.compare(\"28ed82cd..2aff82cf..32db80f3..b1..33c081c0....05....d0c033c1f7d002c1f83187\")) {\n sVersion = \"1.04\";\n bDetected = true;\n } else if (Binary.compare(\"30c982f1..29d281ca....be....32ed82f5..81c2....d0c2f7da33d1\")) {\n sVersion = \"1.03\";\n bDetected = true;\n } else if (Binary.compare(\"32ff82c7..b3..30ed80c5..b1..f88197........4343e2\")) {\n sVersion = \"1.03\";\n bDetected = true;\n } else if (Binary.compare(\"f5bb....b8....bf....2e8037..81ff....4374..4875..90b5..1f9b\")) {\n sVersion = \"1.20\";\n bDetected = true;\n } else if (Binary.compare(\"33d281f2....2bdb81f3....b9....3197....83c3..497f..2a142cca3aca\")) {\n sVersion = \"1.04\";\n bDetected = true;\n } else if (Binary.compare(\"2bc981c1....29d281f2....33db81c3....81c2....291783c3..497f..ab\")) {\n sVersion = \"1.03\";\n bDetected = true;\n } else if (Binary.compare(\"b9....2bdb81cb....f880b7......434975..55fc532245..ef57f9\")) {\n sVersion = \"1.03\";\n bDetected = true;\n } else if (Binary.compare(\"bf....8bf7b9....b4..8a0532c480c4..aae2\")) {\n sVersion = \"1.0X\";\n sOptions = \"mutated COM like RSCC\";\n bDetected = true;\n } else if (Binary.compare(\"b9....be....8bfeadd1c034..86c42ae003c7abe2\")) {\n sVersion = \"1.0X\";\n sOptions = \"mutated COM like RSCC\";\n bDetected = true;\n } else if (Binary.compare(\"fc50be....bf....57b9....f3a4c3\")) {\n sVersion = \"1.0X\";\n sOptions = \"mutated COM like RSCC\";\n bDetected = true;\n } else if (Binary.compare(\"eb$$fcbe....bf....57b9....f3a4bf....be....b9....c3\")) {\n sVersion = \"1.0X\";\n sOptions = \"mutated COM like RSCC\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/COM/protector_SCC.2.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"protector\", \"SCC\");\n\nfunction detect() {\n if (Binary.compare(\"fd53565b0fa1be....ad648b16....643106....648916....adff36....643306\")) {\n sOptions = \"by The Cleric //LZ0\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/COM/protector_SCRAM.2.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"protector\", \"SCRAM!\");\n\nfunction detect() {\n if (Binary.compare(\"'SCRAM'b430cd213c..77..cd20bc....b9....8bfcb2..584cf6d82ac2d2c8feca32d181ff....73..eb\")) {\n sVersion = \"0.8a1\";\n sOptions = \"1997 by bushwoelie & ACP\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/COM/protector_Scrambler.2.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"protector\", \"Scrambler\");\n\nfunction detect() {\n if (Binary.compare(\"eb$$fafc31ff8ec726ff36....26ff36....8d36....b9....f3a4b9....cd00\")) {\n sVersion = \"1.00\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/COM/protector_Scrypt!.2.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"protector\", \"Scrypt!\");\n\nfunction detect() {\n if (Binary.compare(\"e9$$$$e8$$$$e800005a5f578bf78bce33dbb7..acfec0f6d032c7aa86fb43c1c3..331e....331e....331e....331e\")) {\n sVersion = \"0.4\";\n sOptions = \"by DarkGrey //DTG\";\n bDetected = true;\n } else if (Binary.compare(\"e9$$$$e8$$$$5d81ed....b9....be....03f58bfeb4..ac32c4f6d4aae2\")) {\n sVersion = \"0.4\";\n sOptions = \"1998 by DarkGrey //DTG\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/COM/protector_Scrypt.2.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"protector\", \"SCRYPT\");\n\nfunction detect() {\n if (Binary.compare(\"e9$$$$e800005d8d5e..eb$$53eb$$66bd........e9$$$$b8....eb$$cc\")) {\n sVersion = \"1.0\";\n sOptions = \"1998 by hijaq //BAC\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/COM/protector_SelfCrypt.2.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"protector\", \"SelfCrypt\");\n\nfunction detect() {\n if (Binary.compare(\"8cc88ed833ffbe....bb....8a048a1132c288043c..74..4683ff..7d..47eb\")) {\n sOptions = \"1999 by MCS\";\n bDetected = true;\n } else if (Binary.compare(\"e8$$$$eb$$8cca8eda8ec2be....bf....b9....2ec706........31c0ada3....3136....8bc18bdef7e33106....3116....a1....abe2\")) {\n sVersion = \"1994 by PHOENiX\";\n bDetected = true;\n } else if (Binary.compare(\"e8$$$$eb$$8cca8eda8ec2be....bf....b9....ad2ea3....2e3136....8bc18bdef7e32e3106....2e3116....2ea1....abe2\")) {\n sVersion = \"1994 by PHOENiX\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/COM/protector_SelfProtect386.2.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"protector\", \"SelfProtect386\");\n\nfunction detect() {\n if (Binary.compare(\"'=SYRIUS=DIRE=SERVICE='071a\")) {\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/COM/protector_SnoopStop.2.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"protector\", \"SnoopStop\");\n\nfunction detect() {\n if (Binary.compare(\"90e9$$$$eb$$55e80000598be981ed....66608d9e....8d8e....2bcb2e8a0734..34..34..fec0f6d0\")) {\n sVersion = \"1.15\";\n sOptions = \"1998 by Trills and Technologies\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/COM/protector_SoftGuard.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"protector\", \"Softguard\");\n\nfunction detect() {\n if (Binary.compare(\"e9$$$$8cc88ed88c06....8cc73bc774..8bfc368b052ea3....368b45..2ea3....a1....a3....a1....a3....a1....b1\")) {\n sOptions = \"1984-86\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/COM/protector_Steplock.2.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"protector\", \"Steplock\");\n\nfunction detect() {\n if (Binary.compare(\"e9$$$$0e1fb9....030e....be....d204282c46e2\")) {\n sVersion = \"1.00A\";\n sOptions = \"by Morten Pedersens\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/COM/protector_TCEC.2.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"protector\", \"TCEC\");\n\nfunction detect() {\n if (Binary.compare(\"1aff5fb9....f326ace3..eb\")) {\n sVersion = \"3.60\";\n sOptions = \"by ThE CLERiC! //LZ0, EVD\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/COM/protector_UnPackStop.2.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"protector\", \"UnPackStop\");\n\nfunction detect() {\n if (Binary.compare(\"68....c3\")) {\n var nOffset = Binary.readWord(1) - 256;\n if (Binary.compare(\"8bc450be....bf....eb$$b8....501f58eb\", nOffset)) {\n sVersion = \"0.95\";\n sOptions = \"by Szaszi (Szabo Laszlo)\";\n bDetected = true;\n }\n }\n\n return result();\n}" }, { "path": "db/COM/protector_UniCrypt.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"protector\", \"UniCrypt\");\n\nfunction detect() {\n if (Binary.compare(\"8cc805....50b8....50cb\")) {\n sVersion = \"1.01\";\n sOptions = \"1998 by V.Slinchuk\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/COM/protector_Venus.2.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"protector\", \"Venus crypt\");\n\nfunction detect() {\n if (Binary.compare(\"b9....fa8bdc8cd2bc....03e1d1e94c4c5886e9d3c033c186e9f7d050e2\")) {\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/COM/protector_XORCOPY.2.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"protector\", \"XORCOPY\");\n\nfunction detect() {\n if (Binary.compare(\"e9$$$$b8....bb....ba....3107434039d375..c606......c606......c606......31c031db31d2e9\")) {\n sVersion = \"1.0\";\n sOptions = \"1995 by DeiMoS\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/COM/protector_XcomOR.2.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"protector\", \"XcomOR by madmax\");\n\nfunction detect() {\n if (Binary.compare(\"'MMX'e8$$$$83c5..8306......b8....5050ffe0\")) {\n sVersion = \"0.XX\";\n bDetected = true;\n } else if (Binary.compare(\"'MMX'668136............eb$$668136............eb\")) {\n sVersion = \"0.99i, 0.99h\";\n bDetected = true;\n } else if (Binary.compare(\"'MMX'b409ba....cd21e8$$$$1e6a..1f8136........8136........8b1e....a1....501f813f....75\")) {\n bDetected = true;\n } else if (Binary.compare(\"'MMX'b8....ba....87ecbc....eb$$50b409cd2187e533edeb$$4f030de8\")) {\n sName = \"XcomOR/486 by madmax\";\n bDetected = true;\n } else if (Binary.compare(\"'MMX'b8....ba....87ecbc....eb$$50b409cd2187e533ede8$$$$1e6a..1f\")) {\n sVersion = \"0.99f\";\n bDetected = true;\n } else if (Binary.compare(\"e8$$$$8006......b4..5050c3bf....57bb....8b4d..81\")) {\n sVersion = \"0.99a\";\n bDetected = true;\n } else if (Binary.compare(\"'MMX'eb$$4feb$$8b0dba....83c2..90eb\")) {\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/COM/protector_XoReR.2.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"protector\", \"XoReR\");\n\nfunction detect() {\n if (Binary.compare(\"e9$$$$ba....b9....51b0..e660fab430cd213c..73..33c00650cbbf....8b36....59e2\")) {\n sVersion = \"2.l\";\n sOptions = \"by dR.No //ViP\";\n bDetected = true;\n } else if (Binary.compare(\"e9$$$$be....8bfeb9....33db80c3..ac32c3aae2\")) {\n sVersion = \"1.0\";\n sOptions = \"by dR.No //ViP\";\n bDetected = true;\n } else if (Binary.compare(\"e9$$$$b8....e721b8....cd21b430cd218b2e....8b1e....bf....b9....b430cd2132..73..be....bf....b9....fcac300547e2\")) {\n sVersion = \"1.0 [2nd pass]\";\n sOptions = \"by dR.No //ViP\";\n bDetected = true;\n } else if (Binary.compare(\"e9$$$$ba....b9....51b8....e721b430cd213c..73..33c00650cb\")) {\n sVersion = \"2.0\";\n sOptions = \"1998 by dR.No //ViP\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/COM/protector_XorCom.2.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"protector\", \"XorCom\");\n\nfunction detect() {\n if (Binary.compare(\"e9$$$$fcbe....bf....57b9....ac34..aae2..c3\")) {\n sVersion = \"1.0\";\n sOptions = \"by tFF\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/COM/protector_aPatch.2.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"protector\", \"aPatch\");\n\nfunction detect() {\n if (Binary.compare(\"e8$$$$fde8$$$$ffc75e83ee..e8$$$$5d8176......c646....eb\")) {\n sVersion = \"0.05-0.33\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/COM/protector_acBBS_protection.2.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"protector\", \"acBBS protection p1\");\n\nfunction detect() {\n if (Binary.compare(\"e9$$$$bf....b9....870581f0....86e0faeb$$e8$$$$501e33c08ed8eb$$8706....eb$$8706....8706....1f58c3\")) {\n sOptions = \"1994 by p.q.\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/COM/protector_com-crypt.2.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"protector\", \"com-crypt\");\n\nfunction detect() {\n if (Binary.compare(\"b8....ffe0\")) {\n sOffset = Binary.readWord(1);\n if (Binary.compare(\"5756bf....b8....abb8....abb0..aa89feb9....31dbad01c329cb89d8abe2\", sOffset - 0x100)) {\n sOptions = \"by BlackLight, MANtiCORE\";\n bDetected = true;\n } else if (Binary.compare(\"be....562ec704....2ec744......2ec644....b9....8a0434..880446\", sOffset - 0x100)) {\n sName = \"com-crypt on BASIC\";\n sOptions = \"by BlackLight, MANtiCORE\";\n bDetected = true;\n }\n } else if (Binary.compare(\"e8$$$$b7..538b4f..8a47..c0c8..880743e2\")) {\n sOptions = \"by Frenzy\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/COM/protector_fds-cp.2.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"protector\", \"fds-cp\");\n\nfunction detect() {\n if (Binary.compare(\"8cca2e8916....b4..8b2e....8b1e....8edaa3....8c06....891e....892e....eb\")) {\n sVersion = \"0.04a\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/COM/protector_mCrypt.2.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"protector\", \"mCrypt\");\n\nfunction detect() {\n if (Binary.compare(\"e9$$$$1e06be....bf....b9....0e1f0e07e8$$$$33c0fa5083c4..83ec..58fb0bc075..c3\")) {\n sVersion = \"0.1a\";\n sOptions = \"1998 by //UFO CREW\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/COM/protector_protection.2.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"protector\", \"protection\");\n\nfunction detect() {\n if (Binary.compare(\"33db9090b9....fcad03d8e2..b9....be....8bfefcad33c3ab43e2\")) {\n sOptions = \"by ROWDY, St.Petersburg\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/COM/protector_spirit.2.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"protector\", \"$pirit\");\n\nfunction detect() {\n if (Binary.compare(\"e9$$$$b430cd21f6d12ea6e8....b462cd21e8....3636fb969034..c3\")) {\n sVersion = \"1.X\";\n bDetected = true;\n } else if (Binary.compare(\"e9$$$$aee8$$$$e4210c..fbe62190b8....fb5026509087c1\")) {\n sVersion = \"1.5\";\n bDetected = true;\n } else if (Binary.compare(\"e9$$$$369f9f1c..e9$$$$e8$$$$e421f80c..e6218d06....fc505089c1fb\")) {\n sVersion = \"1.5\";\n bDetected = true;\n } else if (Binary.compare(\"e9$$$$f8d72606b435cd2107e8$$$$1c..1c..33d226f6da12ddfcf905....f8f5f6ea\")) {\n sVersion = \"1.5\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/COM/protector_sticker.2.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"protector\", \"sticker\");\n\nfunction detect() {\n if (Binary.compare(\"be....8bc6b1..d3e88cdb03c30344..a3....8cc805....a3....8b44..b1..d3e8\")) {\n sOptions = \"1994 by TigraSoft\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/COM/protector_x3.2.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"protector\", \"x3\");\n\nfunction detect() {\n if (Binary.compare(\"e8$$$$5ebf....57b9....ac34..aae2..c3\")) {\n sVersion = \"1.4\";\n sOptions = \"by MANtiC0RE\";\n bDetected = true;\n } else if (Binary.compare(\"ba....2e408b142633f6402681c6....2e1ad3\")) {\n sVersion = \"1.4\";\n sOptions = \"by MANtiC0RE\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/COM/self-displayer_ACiDDRAW.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"self-displayer\", \"ACiDDRAW\");\n\nfunction detect() {\n if (Binary.compare(\"e9$$$$b8....cd10b4..b9....cd10e8....ba....90e8....3d....75..e9....3d....75..e9....3d....75..e9....3d....75..eb\")) {\n sVersion = \"1.2\";\n bDetected = true;\n } else if (Binary.compare(\"eb$$b8....cd10b4..b9....cd10e8....ba....90e8....3d....75..e9....3d....75..e9....3d....75..e9....3d....75..eb\")) {\n sVersion = \"1.2\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/COM/self-displayer_ANS2ALL.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"self-displayer\", \"ANS2ALL\");\n\nfunction detect() {\n if (Binary.compare(\"e9$$$$e8$$$$b8....cd103c..75..80fb..73..58b8....cd21fcb8....8ec0be....bf....b9....f3a4fa\")) {\n sVersion = \"1.3\";\n sOptions = \"by ZeroCoder //XG\";\n bDetected = true;\n }\n if (Binary.compare(\"e9$$$$2bc9b6..b2..b7..b4..cd212ad22af6b7..b4..cd10b6..32d2b7..b4..cd101e33c050\")) {\n sOptions = \"by ZeroCoder //XG\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/COM/self-displayer_ASC2COM.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"self-displayer\", \"ASC2COM\");\n\nfunction detect() {\n if (Binary.compare(\"e9$$$$e8$$$$33c0cd333d....75..c606......b8....cd338916....c3\")) {\n sVersion = \"2.02\";\n sOptions = \"1992 by MorganSoft\";\n bDetected = true;\n } else if (Binary.compare(\"e8$$$$e8$$$$b401b7..b9....cd10c3f8bb....8b073d....75..c3\")) {\n sVersion = \"1.10B\";\n sOptions = \"1989 by MorganSoft\";\n bDetected = true;\n } else if (Binary.compare(\"e9$$$$e8$$$$50535157bb....803f..74..33c98a0f438bfbb8....e3\")) {\n sVersion = \"2.01 Compressed\";\n sOptions = \"1992 by MorganSoft\";\n bDetected = true;\n } else if (Binary.compare(\"e9$$$$e8$$$$e8$$$$b4..b7..b9....cd10c3\")) {\n sOptions = \"1989 by MorganSoft\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/COM/self-displayer_DOC2COM.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"self-displayer\", \"DOC2COM\");\n\nfunction detect() {\n if (Binary.compare(\"fc8b0e....498b36....8bfeac3204aae2\")) {\n sOptions = \"by Jerry DePyper\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/COM/self-displayer_DOC2PAGE.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"self-displayer\", \"DOC2PAGE\");\n\nfunction detect() {\n if (Binary.compare(\"e9$$$$fc8a0e....32ede3..bf....b0..f3ae74..e8....ba....cd21ba....cd21e9\")) {\n sOptions = \"by Th. Edel\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/COM/self-displayer_GTXT.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"self-displayer\", \"GTXT\");\n\nfunction detect() {\n if (Binary.compare(\"bb....b4..b1..8a070ac074..247f3c..75..438a070ac0\")) {\n sVersion = \"1.1\";\n sOptions = \"by EGans 05/08/86\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/COM/self-displayer_HYPDOC.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"self-displayer\", \"HYPDOC\");\n\nfunction detect() {\n if (Binary.compare(\"e9$$$$e8....e8....e8....2ec606......2ec606......b9....2e8a26....b0..e8....2ec606......2ec606......2e8b3e....0e07\")) {\n sVersion = \"1.0\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/COM/self-displayer_List.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"self-displayer\", \"List\");\n\nfunction detect() {\n if (Binary.compare(\"bc....1e2bc0508926....b430cd213c\")) {\n sOptions = \"by Vernon D. Buerg\";\n bDetected = true;\n } else if (Binary.compare(\"bc....1e2bc0508926....e8$$$$b430cd213c\")) {\n sVersion = \"6.00\";\n sOptions = \"1985 by Vernon D. Buerg\";\n bDetected = true;\n } else if (Binary.compare(\"bc....1e2bc0508926....b430cd21a2\")) {\n sVersion = \"6.2a\";\n sOptions = \"1987 by Vernon D. Buerg\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/COM/self-displayer_MakeRead.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"self-displayer\", \"MakeRead\");\n\nfunction detect() {\n if (Binary.compare(\"e9$$$$c706........c606......c606......e8....bf....893e....bf....893e....b4..b0..0106....578bc78b3e....fcab\")) {\n sVersion = \"1.8\";\n sOptions = \"1987\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/COM/self-displayer_ONLINE-HELP.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"self-displayer\", \"ONLINE-HELP\");\n\nfunction detect() {\n if (Binary.compare(\"e9$$$$8cc805....2ea3....be....ac3c..74..72..3c..72..3c..77..4e33c033dbba....8a1c80eb..80fb..77\")) {\n sOptions = \"1990 by Clockwork Software\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/COM/self-displayer_PFL2COM.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"self-displayer\", \"PFL2COM\");\n\nfunction detect() {\n if (Binary.compare(\"eb$$be....bf....53bb....8a1780fa..74..80fa..75..c706\")) {\n sOptions = \"by C.P.White 1987-90\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/COM/self-displayer_RELETTER.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"self-displayer\", \"RELETTER\");\n\nfunction detect() {\n if (Binary.compare(\"e9$$$$bc....bf....bb....8a0784c075..e9....438a073c..74..3c..74..89da438a073c..74\")) {\n sVersion = \"1.0\";\n sOptions = \"1993 by Hans J. Baer\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/COM/self-displayer_SHOWV20.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"self-displayer\", \"SHOW\");\n\nfunction detect() {\n if (Binary.compare(\"e9$$$$b8....2b06....a3....e8$$$$bf....cd1125....3d....74..bf....893e....c3\")) {\n sName += \"V20\";\n sOptions = \"1992-93 by Simple Software Co.\";\n bDetected = true;\n }\n if (Binary.compare(\"e9$$$$b8....2b06....a3....e8$$$$50a0....a2....58c3\")) {\n sOptions = \"1992-93 by Simple Software Co.\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/COM/self-displayer_TXT2COM.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"self-displayer\", \"TXT2COM\");\n\nfunction detect() {\n if (Binary.compare(\"e8$$$$c706........803e......75..8d36....e8....e8....e8....e8....e8....ffa7\")) {\n sVersion = \"1.1\";\n sOptions = \"1987 by Keith P. Graham\";\n bDetected = true;\n } else if (Binary.compare(\"e9$$$$c706........803e......75..8d36....e8....e8....e8....e8....e8....ffa7\")) {\n sVersion = \"1.1\";\n sOptions = \"1987 by Keith P. Graham\";\n bDetected = true;\n } else if (Binary.compare(\"8d26....e8$$$$b4..cd103c..74..c706........c706........3c..74..3c..74..8d16....b409cd21cd20c706\")) {\n sVersion = \"2.06\";\n sOptions = \"1989 by Keith P. Graham\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/COM/self-displayer_TXTmaker.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"self-displayer\", \"TXTmaker\");\n\nfunction detect() {\n if (Binary.compare(\"eb$$b4..33dbcd1080fc..74..b0..eb$$b44ccd21\")) {\n sVersion = \"1.22\";\n sOptions = \"1991 by Jack A. Orman\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/COM/self-displayer_Txt2Exe.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"self-displayer\", \"Txt2Exe\");\n\nfunction detect() {\n if (Binary.compare(\"bf....033e....b9....2b0e....d1e9b8....f3abb4..cd1030e4a3....b8....cd10b8....8a1e....cd10\")) {\n sVersion = \"3.1b\";\n sOptions = \"2001 by BlackLight\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/COM/self-displayer_readme.com.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"self-displayer\", \"README.COM\");\n\nfunction detect() {\n if (Binary.compare(\"bb....b8....cd21be....fcbf....f6c2..74..f6c2..74..bf....ac3c..74..b4\")) {\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/COM/sfx_LHA.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"sfx\", \"LHA SFX\");\n\nfunction detect() {\n if (Binary.compare(\"eb$$fcbc....8cc805....8ec0eb$$bb....e8....061fb430cd218bd81e3c..72..368e06....33c08bf8b9....f2aeae\")) {\n sVersion = \"2.05L, 2.10-2.13, 2.55\";\n bDetected = true;\n } else if (Binary.compare(\"eb$$00fcbc....8cc805....8ec0eb$$bb....e8....061fb430cd218bd81e3c..72..368e06....33c08bf8b9....f2aeae\")) {\n sVersion = \"2.13S\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/COM/sfx_PKZip.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"sfx\", \"PKZip mini-sfx\");\n\nfunction detect() {\n if (Binary.compare(\"b9....bf....2bcf32c0f3aab430cd21a3....8da5....8926....b8....e8\")) {\n sVersion = \"2.04g\";\n bDetected = true;\n }\n if (Binary.compare(\"b9....bf....2bcf32c0f3aa8da5....83e4..8926....b430cd21a3....8cd8\")) {\n sVersion = \"2.50\";\n sOptions = \"1999 by PKWARE Inc.\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/COM/simple_ansi_viewer.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"self-displayer\", \"simple ANSI viewer\");\n\nfunction detect() {\n if (Binary.compare(\"b8....bb....b9....0e1fba....cd21b8004ccd21\")) {\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/COM/simple_self-displayer.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"self-displayer\", \"simple self-displayer\");\n\nfunction detect() {\n if (Binary.compare(\"b8....8ec0b4..b9....cd102bc92bffb8....51b9....f3ab59be....2bdb2bed2bd28bfdac\")) {\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/COM/virus.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"virus\", \"\");\n\nfunction detect() {\n if (Binary.compare(\"e9$$$$fa8bece800005b81eb....2ef687......74..8db7....bc....31343124464c75\")) {\n sName = \"Cascade.1701\";\n bDetected = true;\n } else if (Binary.compare(\"e9$$$$89e5fae800005b81eb....2ef687......74..8db7....bc....31343124464c75\")) {\n sName = \"Cascade.1704\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/CurIcoBPP", "content": "// Detect It Easy: DiE-JS framework file\r\n// Don't change anything unless you're sure about what you're doing\r\n\r\n// Read the bits per pixel of Windows cursors & icons from the image.\r\n\r\n// nOffset: position of the header.\r\nfunction getCurIcoBPP(nOffset) {\r\n var nBPP = 0;\r\n nOffset = Binary.readDword(nOffset + 12);\r\n if (Binary.readDword(nOffset) == 0x28) {\r\n nBPP = Binary.readWord(nOffset + 14);\r\n } else if (Binary.compare(\"89'PNG\\r\\n'1A0A\", nOffset)) {\r\n // Just assume a PNG is going to be 8-bit RGBA.\r\n nBPP = 32;\r\n }\r\n return nBPP;\r\n}" }, { "path": "db/DEX/_DEX.0.sg", "content": "// Detect It Easy: detection rule file\r\n// Author: horsicq \r\n\r\nmeta(\"operation system\", \"Android\");\r\n\r\nfunction detect() {\r\n if (DEX.isVerbose()) {\r\n sName = DEX.getOperationSystemName();\r\n sVersion = DEX.getOperationSystemVersion();\r\n sOptions = DEX.getOperationSystemOptions();\r\n\r\n bDetected = true;\r\n }\r\n\r\n return result();\r\n}\r\n" }, { "path": "db/DEX/_DEX2.0.sg", "content": "// Detect It Easy: detection rule file\r\n// Author: horsicq \r\n\r\nmeta(\"format\", \"DEX\");\r\n\r\nfunction detect() {\r\n sName = DEX.getFileFormatName();\r\n sVersion = DEX.getFileFormatVersion();\r\n sOptions = DEX.getFileFormatOptions();\r\n\r\n bDetected = true;\r\n\r\n return result(); \r\n}\r\n" }, { "path": "db/DEX/_init", "content": "// Detect It Easy: DiE-JS framework file\r\n// Don't change anything unless you're sure about what you're doing\r\n\r\nvar File = DEX;\r\nvar X = DEX;" }, { "path": "db/DEX/compiler_dexlib2.4.sg", "content": "// Detect It Easy: detection rule file\r\n// Author: horsicq \r\n\r\nmeta(\"compiler\", \"dexlib2\");\r\n\r\nfunction detect() {\r\n if (DEX.getMapItemsHash() == 0x0e27e776) {\r\n bDetected = true;\r\n }\r\n\r\n return result();\r\n}\r\n" }, { "path": "db/DEX/library_UnicomSDK.4.sg", "content": "// Detect It Easy: detection rule file\n\n// Author: DosX\n// E-Mail: collab@kay-software.ru\n// GitHub: https://github.com/DosX-dev\n// Telegram: @DosX_dev\n\nmeta(\"library\", \"UnicomSDK\");\n\nfunction detect() {\n bDetected = DEX.isDexItemStringPresent(\"Lcom/unicom/dcLoader/Utils;\");\n\n return result();\n}" }, { "path": "db/DEX/obfuscator_ProGuard.2.sg", "content": "// Detect It Easy: detection rule file\n\n// Author: DosX\n// E-Mail: collab@kay-software.ru\n// GitHub: https://github.com/DosX-dev\n// Telegram: @DosX_dev\n\nmeta(\"obfuscator\", \"ProGuard\");\n\nfunction detect() {\n bDetected = DEX.isDexItemStringPresent(\"Lcom/google/android/gms/common/ProGuardCanary;\");\n\n return result();\n}" }, { "path": "db/DEX/protector_AESObfuscator.2.sg", "content": "// Detect It Easy: detection rule file\n\n// Author: DosX\n// E-Mail: collab@kay-software.ru\n// GitHub: https://github.com/DosX-dev\n// Telegram: @DosX_dev\n\nmeta(\"protector\", \"AESObfuscator\");\n\nfunction detect() {\n bDetected = DEX.isDexStringPresent(\"AESObfuscator.java\");\n\n sLang = \"Java\";\n\n return result();\n}" }, { "path": "db/DEX/protector_APKProtect.2.sg", "content": "// Detect It Easy: detection rule file\n\n// Author: DosX\n// E-Mail: collab@kay-software.ru\n// GitHub: https://github.com/DosX-dev\n// Telegram: @DosX_dev\n\nmeta(\"protector\", \"APKProtect\");\n\nfunction detect() {\n bDetected = DEX.isDexStringPresent(\"APKProtect\");\n\n return result();\n}" }, { "path": "db/DEX/protector_AlibabaProtection.2.sg", "content": "// Detect It Easy: detection rule file\n\n// Author: DosX\n// E-Mail: collab@kay-software.ru\n// GitHub: https://github.com/DosX-dev\n// Telegram: @DosX_dev\n\nmeta(\"protector\", \"AlibabaProtection\");\n\nfunction detect() {\n bDetected = DEX.isDexItemStringPresent(\"Lcom/ali/mobisecenhance/StubApplication;\");\n\n return result();\n}" }, { "path": "db/DEX/protector_AllatoriObfuscator.2.sg", "content": "// Detect It Easy: detection rule file\n\n// Author: DosX\n// E-Mail: collab@kay-software.ru\n// GitHub: https://github.com/DosX-dev\n// Telegram: @DosX_dev\n\nmeta(\"protector\", \"Allatori\");\n\nfunction detect() {\n bDetected = DEX.isDexStringPresent(\"ALLATORIxDEMO\");\n\n sVersion = bDetected ? \"Demo\" : String();\n\n return result();\n}" }, { "path": "db/DEX/protector_ApkEncryptor.2.sg", "content": "// Detect It Easy: detection rule file\n\n// Author: DosX\n// E-Mail: collab@kay-software.ru\n// GitHub: https://github.com/DosX-dev\n// Telegram: @DosX_dev\n\nmeta(\"protector\", \"ApkEncryptor\");\n\nfunction detect() {\n bDetected = DEX.isDexItemStringPresent(\"Lcn/beingyi/sub/utils/Native;\");\n\n return result();\n}" }, { "path": "db/DEX/protector_AppSolid.2.sg", "content": "// Detect It Easy: detection rule file\n\n// Author: DosX\n// E-Mail: collab@kay-software.ru\n// GitHub: https://github.com/DosX-dev\n// Telegram: @DosX_dev\n\nmeta(\"protector\", \"AppSolid\");\n\nfunction detect() {\n bDetected = DEX.isDexItemStringPresent(\"Lweb/apache/sax/app;\");\n\n return result();\n}" }, { "path": "db/DEX/protector_BaiduProtection.2.sg", "content": "// Detect It Easy: detection rule file\n\n// Author: DosX\n// E-Mail: collab@kay-software.ru\n// GitHub: https://github.com/DosX-dev\n// Telegram: @DosX_dev\n\nmeta(\"protector\", \"BaiduProtection\");\n\nfunction detect() {\n bDetected = DEX.isDexItemStringPresent(\"Lcom/baidu/protect/StubApplication;\");\n\n return result();\n}" }, { "path": "db/DEX/protector_BangcleProtection.2.sg", "content": "// Detect It Easy: detection rule file\n\n// Author: DosX\n// E-Mail: collab@kay-software.ru\n// GitHub: https://github.com/DosX-dev\n// Telegram: @DosX_dev\n\nmeta(\"protector\", \"BangcleProtection\");\n\nfunction detect() {\n bDetected = DEX.isDexStringPresent(\"apkFilePath\");\n\n return result();\n}" }, { "path": "db/DEX/protector_EasyProtector.2.sg", "content": "// Detect It Easy: detection rule file\n\n// Author: DosX\n// E-Mail: collab@kay-software.ru\n// GitHub: https://github.com/DosX-dev\n// Telegram: @DosX_dev\n\nmeta(\"protector\", \"EasyProtector\");\n\nfunction detect() {\n bDetected = DEX.isDexStringPresent(\"com.easyprotector.android\");\n\n return result();\n}" }, { "path": "db/DEX/protector_Jiagu.2.sg", "content": "// Detect It Easy: detection rule file\n\n// Author: DosX\n// E-Mail: collab@kay-software.ru\n// GitHub: https://github.com/DosX-dev\n// Telegram: @DosX_dev\n\nmeta(\"protector\", \"Jiagu\");\n\nfunction detect() {\n bDetected = DEX.isDexStringPresent(\"/.jiagu\");\n\n return result();\n}" }, { "path": "db/DEX/protector_Kiwi.2.sg", "content": "// Detect It Easy: detection rule file\n\n// Author: DosX\n// E-Mail: collab@kay-software.ru\n// GitHub: https://github.com/DosX-dev\n// Telegram: @DosX_dev\n\nmeta(\"protector\", \"Allatori\");\n\nfunction detect() {\n bDetected = DEX.isDexStringPresent(\"Kiwi__Version__Obfuscator\");\n\n return result();\n}" }, { "path": "db/DEX/protector_LIAPP.2.sg", "content": "// Detect It Easy: detection rule file\n\n// Author: DosX\n// E-Mail: collab@kay-software.ru\n// GitHub: https://github.com/DosX-dev\n// Telegram: @DosX_dev\n\nmeta(\"protector\", \"LIAPP\");\n\nfunction detect() {\n bDetected = DEX.isDexItemStringPresent(\"Lcom/lockincomp/liapp/LiappClassLoader;\");\n\n return result();\n}" }, { "path": "db/DEX/protector_MedusaH.2.sg", "content": "// Detect It Easy: detection rule file\n\n// Author: DosX\n// E-Mail: collab@kay-software.ru\n// GitHub: https://github.com/DosX-dev\n// Telegram: @DosX_dev\n\nmeta(\"protector\", \"Medusah\");\n\nfunction detect() {\n bDetected = DEX.isDexItemStringPresent(\"Lcom/seworks/medusah/MedusahDex;\");\n\n return result();\n}" }, { "path": "db/DEX/protector_ModGuard.2.sg", "content": "// Detect It Easy: detection rule file\n\n// Author: DosX\n// E-Mail: collab@kay-software.ru\n// GitHub: https://github.com/DosX-dev\n// Telegram: @DosX_dev\n\nmeta(\"protector\", \"ModGuard\");\n\nfunction detect() {\n if (DEX.isDexStringPresent(\"ModGuard - Protect Your Piracy v1.2 by ill420smoker\")) {\n sVersion = \"v1.2\";\n } else if (DEX.isDexStringPresent(\"ModGuard - Protect Your Piracy v1.3 by ill420smoker\")) {\n sVersion = \"v1.3\";\n }\n\n return result();\n}" }, { "path": "db/DEX/protector_NQShield.2.sg", "content": "// Detect It Easy: detection rule file\n\n// Author: DosX\n// E-Mail: collab@kay-software.ru\n// GitHub: https://github.com/DosX-dev\n// Telegram: @DosX_dev\n\nmeta(\"protector\", \"NQShield\");\n\nfunction detect() {\n bDetected = DEX.isDexItemStringPresent(\"Lcom/nqshield/Common;\");\n\n return result();\n}" }, { "path": "db/DEX/protector_NagaPTProtection.2.sg", "content": "// Detect It Easy: detection rule file\n\n// Author: DosX\n// E-Mail: collab@kay-software.ru\n// GitHub: https://github.com/DosX-dev\n// Telegram: @DosX_dev\n\nmeta(\"protector\", \"NagaPTProtection\");\n\nfunction detect() {\n bDetected = DEX.isDexStringPresent(\"LIBRARY_DDOG\") || DEX.isDexStringPresent(\"LIBRARY_FDOG\");\n\n return result();\n}" }, { "path": "db/DEX/protector_PangXie.2.sg", "content": "// Detect It Easy: detection rule file\n\n// Author: DosX\n// E-Mail: collab@kay-software.ru\n// GitHub: https://github.com/DosX-dev\n// Telegram: @DosX_dev\n\nmeta(\"protector\", \"Jiagu\");\n\nfunction detect() {\n bDetected = DEX.isDexStringPresent(\"PangXie\") || DEX.isDexStringPresent(\"nsecure\");\n\n return result();\n}" }, { "path": "db/DEX/protector_QDBH.2.sg", "content": "// Detect It Easy: detection rule file\n\n// Author: DosX\n// E-Mail: collab@kay-software.ru\n// GitHub: https://github.com/DosX-dev\n// Telegram: @DosX_dev\n\nmeta(\"protector\", \"QDBH\");\n\nfunction detect() {\n bDetected = DEX.isDexStringPresent(\"/qdbh\");\n\n return result();\n}" }, { "path": "db/DEX/protector_SecNeo.2.sg", "content": "// Detect It Easy: detection rule file\n\n// Author: DosX\n// E-Mail: collab@kay-software.ru\n// GitHub: https://github.com/DosX-dev\n// Telegram: @DosX_dev\n\nmeta(\"protector\", \"SecNeo\");\n\nfunction detect() {\n bDetected = DEX.isDexItemStringPresent(\"Lcom/secneo/apkwrapper/ApplicationWrapper;\");\n\n return result();\n}" }, { "path": "db/DEX/protector_TencentProtection.2.sg", "content": "// Detect It Easy: detection rule file\n\n// Author: DosX\n// E-Mail: collab@kay-software.ru\n// GitHub: https://github.com/DosX-dev\n// Telegram: @DosX_dev\n\nmeta(\"protector\", \"TencentProtection\");\n\nfunction detect() {\n bDetected = DEX.isDexItemStringPresent(\"Lcom/tencent/StubShell/TxAppEntry;\");\n\n return result();\n}" }, { "path": "db/DEX/protector_VDog.2.sg", "content": "// Detect It Easy: detection rule file\n\n// Author: DosX\n// E-Mail: collab@kay-software.ru\n// GitHub: https://github.com/DosX-dev\n// Telegram: @DosX_dev\n\nmeta(\"protector\", \"Vdog\");\n\nfunction detect() {\n bDetected = DEX.isDexItemStringPresent(\"Lcom/vdog/Common;\");\n\n return result();\n}" }, { "path": "db/DEX/protector_Yidun.2.sg", "content": "// Detect It Easy: detection rule file\n\n// Author: DosX\n// E-Mail: collab@kay-software.ru\n// GitHub: https://github.com/DosX-dev\n// Telegram: @DosX_dev\n\nmeta(\"protector\", \"Yidun\");\n\nfunction detect() {\n bDetected = DEX.isDexItemStringPresent(\"La/_;\");\n\n return result();\n}" }, { "path": "db/DEX/tool_ApkToolPlus.6.sg", "content": "// Detect It Easy: detection rule file\n\n// Author: DosX\n// E-Mail: collab@kay-software.ru\n// GitHub: https://github.com/DosX-dev\n// Telegram: @DosX_dev\n\nmeta(\"tool\", \"ApkToolPlus\");\n\nfunction detect() {\n bDetected = DEX.isDexItemStringPresent(\"Lcom/linchaolong/apktoolplus/jiagu/utils/ApkToolPlus;\");\n\n return result();\n}" }, { "path": "db/DOS16M/_DOS16M.0.sg", "content": "// Detect It Easy: detection rule file\r\n// Author: horsicq \r\n\r\nmeta(\"operation system\", \"DOS16M\");\r\n\r\nfunction detect() {\r\n if (DOS16M.isVerbose()) {\r\n sName = DOS16M.getOperationSystemName();\r\n sVersion = DOS16M.getOperationSystemVersion();\r\n sOptions = DOS16M.getOperationSystemOptions();\r\n\r\n bDetected = true;\r\n }\r\n\r\n return result();\r\n}\r\n" }, { "path": "db/DOS16M/_init", "content": "// Detect It Easy: DiE-JS framework file\r\n// Don't change anything unless you're sure about what you're doing\r\n\r\nvar File = DOS16M;\r\nvar X = DOS16M;" }, { "path": "db/DOS16M/compiler_Watcom.2.sg", "content": "// Detect It Easy: detection rule file\r\n// Author: horsicq \r\n\r\nmeta(\"compiler\", \"Watcom C\");\r\n\r\nfunction detect() {\r\n bDetected = true; // Always true\r\n\r\n return result();\r\n}\r\n" }, { "path": "db/DOS4G/_DOS4G.0.sg", "content": "// Detect It Easy: detection rule file\r\n// Author: horsicq \r\n\r\nmeta(\"operation system\", \"DOS4G\");\r\n\r\nfunction detect() {\r\n if (DOS4G.isVerbose()) {\r\n sName = DOS4G.getOperationSystemName();\r\n sVersion = DOS4G.getOperationSystemVersion();\r\n sOptions = DOS4G.getOperationSystemOptions();\r\n\r\n bDetected = true;\r\n }\r\n\r\n return result();\r\n}\r\n" }, { "path": "db/DOS4G/_init", "content": "// Detect It Easy: DiE-JS framework file\r\n// Don't change anything unless you're sure about what you're doing\r\n\r\nvar File = DOS4G;\r\nvar X = DOS4G;" }, { "path": "db/DOS4G/compiler_Watcom.2.sg", "content": "// Detect It Easy: detection rule file\r\n// Author: horsicq \r\n\r\nmeta(\"compiler\", \"Watcom C\");\r\n\r\nfunction detect() {\r\n bDetected = true; // Always true\r\n\r\n return result();\r\n}\r\n" }, { "path": "db/ELF/Borland_Kylix.4.sg", "content": "// Detect It Easy: detection rule file\r\n// Author: horsicq \r\n\r\nmeta(\"compiler\", \"Borland Kylix\");\r\n\r\nfunction detect() {\r\n if (ELF.isSectionNamePresent(\"borland.ressym\")) {\r\n bDetected = true;\r\n } else if (ELF.isSectionNamePresent(\"borland.reshash\")) {\r\n bDetected = true;\r\n } else if (ELF.isSectionNamePresent(\"borland.resdata\")) {\r\n bDetected = true;\r\n } else if (ELF.isSectionNamePresent(\"borland.resspare\")) {\r\n bDetected = true;\r\n }\r\n\r\n sLang = \"Pascal/C/C++\";\r\n\r\n return result();\r\n}\r\n" }, { "path": "db/ELF/Free_Pascal.4.sg", "content": "// Detect It Easy: detection rule file\n// Author: Levis \n// EP sigs by hypn0 \n// Lazarus Free Pascal\n\nmeta(\"compiler\", \"Free Pascal\");\n\nfunction detect() {\n if (ELF.compareEP(\"5989e38d44....83e4..8915........a3........890d........891d........e8........8925........31ede8........c3\")) {\n sVersion = \"2.6.0\";\n bDetected = true;\n } else if (ELF.compareEP(\"31ED5989E3\")) {\n bDetected = true;\n } else if (ELF.isSectionNamePresent(\".fpc.resources\")) {\n bDetected = true;\n } else if (ELF.isSectionNamePresent(\".fpcdata\")) {\n bDetected = true;\n\n var nSection = ELF.getSectionNumber(\".fpcdata\"),\n nOffset = ELF.getSectionFileOffset(nSection),\n nSize = ELF.getSectionFileSize(nSection);\n\n if (nSize > 0) {\n var nStringOffset = ELF.findString(nOffset, 4, \"FPC \");\n if (nStringOffset != -1) {\n sVersion = ELF.getString(nStringOffset + 4);\n }\n }\n } else if (ELF.isSectionNamePresent(\".data\")) {\n var nSection = ELF.getSectionNumber(\".data\"),\n nOffset = ELF.getSectionFileOffset(nSection),\n nSize = ELF.getSectionFileSize(nSection);\n\n if (nSize >= 0x100) {\n var nStringOffset = ELF.findString(nOffset + nSize - 0x100, 0x100, \"FPC \");\n if (nStringOffset != -1) {\n sVersion = ELF.getString(nStringOffset + 4);\n bDetected = true;\n }\n }\n }\n\n sLang = \"Pascal\";\n\n return result();\n}" }, { "path": "db/ELF/HP_C++.4.sg", "content": "// Detect It Easy: detection rule file\r\n// Author: horsicq \r\nmeta(\"compiler\", \"HP C++\");\r\n\r\nfunction detect() {\r\n if (ELF.isSectionNamePresent(\".HP.init\")) {\r\n bDetected = true;\r\n }\r\n\r\n sLang = \"C++\";\r\n\r\n return result();\r\n}\r\n" }, { "path": "db/ELF/IBM_AIX_kernel_loader.4.sg", "content": "// Detect It Easy: detection rule file\r\n// Author: horsicq \r\n\r\nmeta(\"boot\", \"IBM AIX kernel loader\");\r\n\r\nfunction detect() {\r\n if (ELF.getNumberOfPrograms() >= 4) {\r\n if (ELF.getProgramFileSize(1) <= 0x100) {\r\n if (ELF.findString(ELF.getProgramFileOffset(1), Math.min(0x100, ELF.getProgramFileSize(1)), \"IBM,RPA-Client-Config\") != -1) {\r\n bDetected = true;\r\n }\r\n }\r\n }\r\n if (ELF.findString(ELF.getProgramFileOffset(0), Math.min(0x100, ELF.getProgramFileSize(0)), \"PowerPC\") != -1) {\r\n sVersion = \"PowerPC\";\r\n }\r\n\r\n return result();\r\n}\r\n" }, { "path": "db/ELF/Oracle_Solaris_Studio.4.sg", "content": "// Detect It Easy: detection rule file\n// Author: anonymous\n\nmeta(\"compiler\", \"Oracle Solaris Studio\");\n\nfunction getOSSVersion() {\n var sResult = \"\";\n var nSection = ELF.getSectionNumber(\".comment\");\n\n if (nSection != -1) {\n var nSectionOffset = ELF.getSectionFileOffset(nSection);\n var nSectionSize = ELF.getSectionFileSize(nSection);\n var nOffset = ELF.findString(nSectionOffset, nSectionSize, \"Sun WorkShop\");\n if (nOffset != -1) {\n return ELF.getString(nOffset + 13, 100);\n }\n nOffset = ELF.findString(nSectionOffset, nSectionSize, \"acomp: Sun C\");\n if (nOffset != -1) {\n return ELF.getString(nOffset + 13, 100);\n }\n nOffset = ELF.findString(nSectionOffset, nSectionSize, \"SUNWCC.h\");\n if (nOffset != -1) {\n return \"5.X\";\n }\n }\n\n return sResult;\n}\n\nfunction detect() {\n if (ELF.compareEP(\"bc1020..e003....1300....e022....a203a0..1300....e222....1300....e222....a52c20..a404a0..a40440122700....e804....80a520\"))\n // SPARC instruction set\n {\n if (ELF.isSectionNamePresent(\".SUNW_version\")) {\n bDetected = true;\n }\n var sOSSVersion = getOSSVersion();\n if (sOSSVersion) {\n bDetected = true;\n sVersion = sOSSVersion;\n }\n }\n\n sLang = \"C/C++\";\n\n return result();\n}" }, { "path": "db/ELF/_ELF.0.sg", "content": "// Detect It Easy: detection rule file\r\n// Author: horsicq \r\n\r\nmeta(\"operation system\", \"Unix\");\r\n\r\nfunction detect() {\r\n if (ELF.isVerbose()) {\r\n sName = ELF.getOperationSystemName();\r\n sVersion = ELF.getOperationSystemVersion();\r\n sOptions = ELF.getOperationSystemOptions();\r\n\r\n bDetected = true;\r\n }\r\n\r\n return result();\r\n}\r\n" }, { "path": "db/ELF/_init", "content": "// Detect It Easy: DiE-JS framework file\r\n// Don't change anything unless you're sure about what you're doing\r\n\r\nvar File = ELF;\r\nvar X = ELF;" }, { "path": "db/ELF/compiler_DMD.4.sg", "content": "// Detect It Easy: detection rule file\r\n// Author: horsicq \r\n\r\nmeta(\"compiler\", \"DMD\");\r\n\r\nfunction getVersion() {\r\n var nSection = ELF.getSectionNumber(\".comment\");\r\n\r\n if (nSection != -1) {\r\n var nOffset = ELF.findString(\r\n ELF.getSectionFileOffset(nSection),\r\n ELF.getSectionFileSize(nSection),\r\n \"DMD v\");\r\n\r\n if (nOffset != -1) {\r\n return ELF.getString(nOffset + 5, 20);\r\n }\r\n }\r\n\r\n return String();\r\n}\r\n\r\nfunction detect() {\r\n var versionString = getVersion();\r\n if (versionString) {\r\n bDetected = true;\r\n sVersion = versionString;\r\n }\r\n\r\n sLang = \"D\";\r\n\r\n return result();\r\n}\r\n" }, { "path": "db/ELF/compiler_FASM.4.sg", "content": "// Detect It Easy: detection rule file\r\n// Author: horsicq \r\n\r\nmeta(\"compiler\", \"FASM\");\r\n\r\nfunction detect() {\r\n if (ELF.getElfHeader_shstrndx() == 0 && ELF.getElfHeader_shnum() == 0 && ELF.getElfHeader_shentsize()) {\r\n sVersion = \"1.X\";\r\n bDetected = true;\r\n\r\n for (var i = 0; i < ELF.getNumberOfPrograms() - 1 && bDetected; i++) {\r\n if (ELF.getProgramFileOffset(i) == 0) {\r\n bDetected = false;\r\n }\r\n }\r\n }\r\n\r\n sLang = \"ASMx\" + (ELF.is64() ? \"64\" : \"86\");\r\n\r\n return result();\r\n}\r\n" }, { "path": "db/ELF/compiler_Go.4.sg", "content": "// Detect It Easy: detection rule file\n// Author: fernandom - menteb.in\n\nmeta(\"compiler\", \"Go\");\n\nfunction detect() {\n\n if (ELF.isSectionNamePresent(\".gosymtab\") ||\n ELF.isSectionNamePresent(\".gopclntab\") ||\n ELF.isSectionNamePresent(\".go.buildinfo\") ||\n ELF.isSectionNamePresent(\".note.go.buildid\")) {\n bDetected = true;\n }\n\n //x86-64\n if (ELF.compareEP(\"488d742408488b3c24b810174200ffe0b870f94100ffe0000000000000000000\")) {\n bDetected = true;\n sVersion = \"1.2.2\";\n } else if (ELF.compareEP(\"488d742408488b3c24b8907f4200ffe0b800564200ffe0000000000000000000\")) {\n bDetected = true;\n sVersion = \"1.3 or 1.3.1\";\n } else if (ELF.compareEP(\"488d742408488b3c24b8c07f4200ffe0b830564200ffe0000000000000000000\")) {\n bDetected = true;\n sVersion = \"1.3.2\";\n } else if (ELF.compareEP(\"488d742408488b3c24b8e07f4200ffe0b850564200ffe0000000000000000000\")) {\n bDetected = true;\n sVersion = \"1.3.3\";\n } else if (ELF.compareEP(\"488d742408488b3c24488d0510000000ffe00000000000000000000000000000\")) {\n bDetected = true;\n sVersion = \"1.4.x or 1.5.X\";\n } else if (ELF.compareEP(\"488d742408488b3c24488d0510000000ffe0cccccccccccccccccccccccccccc\")) {\n bDetected = true;\n sVersion = \"1.6.X-1.9.X\";\n } else if (ELF.compareEP(\"e92bc9ffffcccccccccccccccccccccc8b7c2408b8e70000000f05c3cccccccc\")) {\n bDetected = true;\n sVersion = \"1.10.X\";\n } else if (ELF.compareEP(\"e9cbc6ffffcccccccccccccccccccccc8b7c2408b8e70000000f05c3cccccccc\")) {\n bDetected = true;\n sVersion = \"1.11.X\";\n } else if (ELF.compareEP(\"e9dbc6ffffcccccccccccccccccccccc8b7c2408b8e70000000f05c3cccccccc\")) {\n bDetected = true;\n sVersion = \"1.12.X\";\n } else if (ELF.compareEP(\"e92bc6ffffcccccccccccccccccccccc8b7c2408b8e70000000f05c3cccccccc\")) {\n bDetected = true;\n sVersion = \"1.13.X\";\n } else if (ELF.compareEP(\"e92bc4ffffcccccccccccccccccccccc8b7c2408b8e70000000f05c3cccccccc\")) {\n bDetected = true;\n sVersion = \"1.14.X\";\n } else if (ELF.compareEP(\"e91bcbffffcccccccccccccccccccccccccccccccccccccccccccccccccccccc\")) {\n bDetected = true;\n sVersion = \"1.15.X\";\n } else if (ELF.compareEP(\"e95bcaffffcccccccccccccccccccccccccccccccccccccccccccccccccccccc\")) {\n bDetected = true;\n sVersion = \"1.16.X\";\n } else if (ELF.compareEP(\"e93bc6ffffcccccccccccccccccccccccccccccccccccccccccccccccccccccc\")) {\n bDetected = true;\n sVersion = \"1.17.X\";\n } else if (ELF.compareEP(\"e9fbc5ffffcccccccccccccccccccccccccccccccccccccccccccccccccccccc\")) {\n bDetected = true;\n sVersion = \"1.18.X\";\n } else if (ELF.compareEP(\"e99bc8ffffcccccccccccccccccccccccccccccccccccccccccccccccccccccc\")) {\n bDetected = true;\n sVersion = \"1.22.X-1.23.X\";\n } else if (ELF.compareEP(\"e95bc5ffffcccccccccccccccccccccccccccccccccccccccccccccccccccccc\")) {\n bDetected = true;\n sVersion = \"1.20.X\";\n } else if (ELF.compareEP(\"e9bbc8ffffcccccccccccccccccccccccccccccccccccccccccccccccccccccc\")) {\n bDetected = true;\n sVersion = \"1.23.X\";\n } else if (ELF.compareEP(\"e9dbc8ffffcccccccccccccccccccccccccccccccccccccccccccccccccccccc\")) {\n bDetected = true;\n sVersion = \"1.23.2\";\n } else if (ELF.compareEP(\"e91bc7ffffcccccccccccccccccccccccccccccccccccccccccccccccccccccc\")) {\n bDetected = true;\n sVersion = \"1.23.5\";\n } else if (ELF.compareEP(\"e95bc8ffffcccccccccccccccccccccccccccccccccccccccccccccccccccccc\")) {\n bDetected = true;\n sVersion = \"1.24.X\";\n } else if (ELF.compareEP(\"e97bc8ffffcccccccccccccccccccccccccccccccccccccccccccccccccccccc\")) {\n bDetected = true;\n sVersion = \"1.24.X\";\n } else if (ELF.compareEP(\"4831ed4889e7488d35........4883e4..e8........8b37488d57..49c7c0\")) {\n bDetected = true;\n sVersion = \"1.24.0\";\n } else if (ELF.compareEP(\"31ed4989d15e4889e24883e4..505449c7c0........48c7c1........48c7c7\")) {\n bDetected = true;\n sVersion = \"1.24.1\";\n }\n\n //x86\n else if (ELF.compareEP(\"83ec088b4424088d5c240c890424895c2404e87902ffffe804000000cd030000\")) {\n bDetected = true;\n sVersion = \"1.2.2\";\n } else if (ELF.compareEP(\"83ec088b4424088d5c240c890424895c2404e8f977feffe804000000cd030000\")) {\n bDetected = true;\n sVersion = \"1.3 or 1.3.1\";\n } else if (ELF.compareEP(\"83ec088b4424088d5c240c890424895c2404e8e977feffe804000000cd030000\")) {\n bDetected = true;\n sVersion = \"1.3.2\";\n } else if (ELF.compareEP(\"83ec088b4424088d5c240c890424895c2404e8c977feffe804000000cd030000\")) {\n bDetected = true;\n sVersion = \"1.3.3\";\n } else if (ELF.compareEP(\"83ec088b4424088d5c240c890424895c2404e89932ffffe804000000cd030000\")) {\n bDetected = true;\n sVersion = \"1.4.X\";\n } else if (ELF.compareEP(\"83ec088b4424088d5c240c890424895c2404e809000000cd0300000000000000\")) {\n bDetected = true;\n sVersion = \"1.5.X\";\n } else if (ELF.compareEP(\"83ec088b4424088d5c240c890424895c2404e809000000cd03cccccccccccccc\")) {\n bDetected = true;\n sVersion = \"1.6.X-1.9.X\";\n }\n else if (ELF.compareEP(\"e9....ffffccccccccccccccccccccccb8fc0000008b5c2404cd80cd03c3cccc\")) {\n bDetected = true;\n sVersion = \"1.10\";\n } else if (ELF.compareEP(\"e9ebd8ffffccccccccccccccccccccccb8fc0000008b5c2404cd80cd03c3cccc\")) {\n bDetected = true;\n sVersion = \"1.10.X\";\n } else if (ELF.compareEP(\"e96bdbffffccccccccccccccccccccccb8fc0000008b5c2404cd80cd03c3cccc\")) {\n bDetected = true;\n sVersion = \"1.11.X\";\n } else if (ELF.compareEP(\"e97b..ffffccccccccccccccccccccccb8fc0000008b5c2404cd80cd03c3cccc\")) {\n bDetected = true;\n sVersion = \"1.12.X\";\n } else if (ELF.compareEP(\"e99bffffccccccccccccccccccccccb8fc0000008b5c2404cd80cd03c3cccc\")) {\n bDetected = true;\n sVersion = \"1.13.X\";\n } else if (ELF.compareEP(\"e99bd9ffffccccccccccccccccccccccb8fc0000008b5c2404cd80cd03c3cccc\")) {\n bDetected = true;\n sVersion = \"1.14.X\";\n } else if (ELF.compareEP(\"e9abdcffffccccccccccccccccccccccb8010000008b5c2404cd80cd03c3cccc\")) {\n bDetected = true;\n sVersion = \"1.15.X\";\n } else if (ELF.compareEP(\"e9dbdcffffccccccccccccccccccccccb8010000008b5c2404cd80cd03c3cccc\")) {\n bDetected = true;\n sVersion = \"1.16.X\";\n } else if (ELF.compareEP(\"e92bdeffffccccccccccccccccccccccb8010000008b5c2404cd80cd03c3cccc\")) {\n bDetected = true;\n sVersion = \"1.17.X\";\n } else if (ELF.compareEP(\"e9..ddffffccccccccccccccccccccccb8010000008b5c2404cd80cd03c3cccc\")) {\n bDetected = true;\n sVersion = \"1.23.X-1.24.X\";\n }\n/*\n // generic rule for amd64 and 386\n else if (ELF.compareEP(\"e9....ffff..................................................cccc\")) {\n bDetected = true;\n sVersion = \"1.10.X-1.17.X\";\n }\n*/\n // arm\n else if (ELF.compareEP(\"00009de504108de204409fe500f084e2feffffea\")) {\n bDetected = true;\n }\n\n sLang = \"Go\";\n\n return result();\n}" }, { "path": "db/ELF/compiler_MWCC.4.sg", "content": "// Detect It Easy: detection rule file\n// Author: BJNFNE \n\n// https://decomp.wiki/compilers/MWCC\nmeta(\"compiler\", \"MW MIPS C\");\n\nfunction detect() {\n if (ELF.compareOverlay(\"4d57204d495053204320436f6d70696c65722028322e342e312e303129\")) {\n sVersion = \"2.4.1.01\";\n sOptions = \"PlayStation 2\";\n bDetected = true;\n }\n\n sLang = \"C\";\n\n return result();\n}" }, { "path": "db/ELF/compiler_Rust.4.sg", "content": "// Detect It Easy: detection rule file\n// Author: fernandom - menteb.in\n\nmeta(\"compiler\", \"Rust\");\n\nfunction detect() {\n\n //x86\n if (ELF.compareEP(\"f30f1efb31ed5e89e183e4..505452e8........81c3\")) {\n bDetected = true;\n } else if (ELF.compareEP(\"31ed5e89e183e4..505452e8........81c3\")) {\n bDetected = true;\n } else if (ELF.compareEP(\"31ed89e083e4..5050e8........8104\")) {\n bDetected = true;\n }\n\n //x86-64\n if (ELF.compareEP(\"4831ed4889e7488d35........4883e4..e8$$$$$$$$488b37488d57..4531c94c8d05........488d0d........488d3d$$$$$$$$5541574156\")) {\n bDetected = true;\n } else if (ELF.compareEP(\"f30f1efa31ed4989d15e4889e24883e4..50544531c031c9488d3d$$$$$$$$504889f14863d7488d05$$$$$$$$5541574156\")) {\n bDetected = true;\n } else if (ELF.compareEP(\"f30f1efa31ed4989d15e4889e24883e4..50544c8d05........488d0d........488d3d$$$$$$$$504889f14863d7488d05$$$$$$$$4156\")) {\n bDetected = true;\n } else if (ELF.compareEP(\"f30f1efa31ed4989d15e4889e24883e4..50544c8d05........488d0d........488d3d$$$$$$$$504889f14863d7488d05$$$$$$$$5541574156\")) {\n bDetected = true;\n } else if (ELF.compareEP(\"f30f1efa31ed4989d15e4889e24883e4..50544531c031c9488d3d$$$$$$$$5541574156\")) {\n bDetected = true;\n } else if (ELF.compareEP(\"f30f1efa31ed4989d15e4889e24883e4..50544531c031c9488d3d$$$$$$$$41574156\")) {\n bDetected = true;\n } else if (ELF.compareEP(\"f30f1efa31ed4989d15e4889e24883e4..50544531c031c9488d3d$$$$$$$$504889f14863d7488d05$$$$$$$$53\")) {\n bDetected = true;\n } else if (ELF.compareEP(\"f30f1efa31ed4989d15e4889e24883e4..50544531c031c9488d3d$$$$$$$$554889e541574156\")) {\n bDetected = true;\n } else if (ELF.compareEP(\"31ed4989d15e4889e24883e4..50544531c031c9488d3d$$$$$$$$41574156\")) {\n bDetected = true;\n } else if (ELF.compareEP(\"31ed4989d15e4889e24883e4..50544c8d05........488d0d........488d3d$$$$$$$$504889f14863d7488d05$$$$$$$$5541574156\")) {\n bDetected = true;\n } else if (ELF.compareEP(\"31ed4989d15e4889e24883e4..50544c8d05........488d0d........488d3d$$$$$$$$41574156\")) {\n bDetected = true;\n } else if (ELF.compareEP(\"4831ed4889e7488d35........4883e4..e8$$$$$$$$4881ec........8b074989f8ffc04898\")) {\n bDetected = true;\n } else if (ELF.compareEP(\"4831ed4889e7488d35........4883e4..e8$$$$$$$$4881ec........8b0783c0..4898\")) {\n bDetected = true;\n } else if (ELF.compareEP(\"4831ed4889e7488d35........4883e4..e8$$$$$$$$8b37488d57..488d3d$$$$$$$$41574156\")) {\n bDetected = true;\n }\n\n //ARM64\n if (ELF.compareEP(\"1d0080d21e0080d2e0030091........210000911fec7c92\")) {\n bDetected = true;\n } else if (ELF.compareEP(\"1f2003d51d0080d21e0080d2e50300aae10340f9e2230091e6030091\")) {\n bDetected = true;\n } else if (ELF.compareEP(\"1d0080d21e0080d2e50300aae10340f9e2230091e6030091\")) {\n bDetected = true;\n } else if (ELF.compareEP(\"1d0080d21e0080d2fd030091e50300aae10340f9e2230091e6030091\")) {\n bDetected = true;\n }\n\n //ARM32\n if (ELF.compareEP(\"00b0a0e300e0a0e304109de40d20a0e104202de504002de5\")) {\n bDetected = true;\n } else if (ELF.compareEP(\"00b0a0e300e0a0e310109fe501108fe00d00a0e10fc0c0e3\")) {\n bDetected = true;\n }\n\n //ARMv7\n if (ELF.compareEP(\"f0000b4ff0000e03497944684620f00f0ce54600f002f8..\")) {\n bDetected = true;\n } else if (ELF.compareEP(\"f0000b4ff0000e02bc6a4604b401b4dff824a008a39a44df\")) {\n bDetected = true;\n } else if (ELF.compareEP(\"f0000b4ff0000e5df8041b6a464df8042d4df8040ddff828\")) {\n bDetected = true;\n }\n\n if (ELF.isStringInTablePresent(\".strtab\", \"rust_panic\")) {\n bDetected = true;\n\n var nSection = ELF.getSectionNumber(\".debug_str\"),\n nOffset = ELF.getSectionFileOffset(nSection),\n nSize = ELF.getSectionFileSize(nSection);\n\n if (nSize > 0) {\n var nStringOffset = ELF.findString(nOffset, 6, \"rustc \");\n if (nStringOffset != -1) {\n sVersion = ELF.getString(nStringOffset);\n }\n }\n }\n\n sLang = \"Rust\";\n\n return result();\n}" }, { "path": "db/ELF/compiler_VBCC.4.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"compiler\", \"VBCC\");\n\nfunction detect() {\n if (ELF.getElfHeader_entry() == 0) { // EP == 0\n if (ELF.compare(\"6000000048......................7c08....9001....9421....bdc1....3d......902b....3d......39ad....3960....800b....3d......90\", ELF.getSectionFileOffset(1))) { // PPC instruction set\n sVersion = \"0.7\";\n bDetected = true;\n }\n }\n\n sLang = \"C\";\n\n return result();\n}" }, { "path": "db/ELF/compiler_Watcom.4.sg", "content": "// Detect It Easy: detection rule file\r\n// Author: horsicq \r\nmeta(\"compiler\", \"Watcom\");\r\n\r\nfunction detect() {\r\n var nData = ELF.getSectionNumber(\".data\");\r\n\r\n var nOffset = ELF.getSectionFileOffset(nData);\r\n var nSize = ELF.getSectionFileSize(nData);\r\n if (ELF.findString(nOffset, nSize, \"WATCOM\") != -1) {\r\n bDetected = true;\r\n } else if (ELF.compareEP(\"33ed8925........598bf48d44....505651e8\")) {\r\n sName = \"Open Watcom C/C++32\";\r\n sOptions = \"2002\";\r\n bDetected = true;\r\n }\r\n\r\n sLang = \"C/C++\";\r\n\r\n return result();\r\n}\r\n" }, { "path": "db/ELF/compiler_Zig.4.sg", "content": "// Detect It Easy: detection rule file\r\n// Author: horsicq \r\n\r\nmeta(\"compiler\", \"Zig\");\r\n\r\nfunction detect() {\r\n if ((ELF.isSectionNamePresent(\".rodata\")) && (ELF.isDeepScan())) {\r\n var nIndex = ELF.getSectionNumber(\".rodata\");\r\n\r\n var nOffset = ELF.getSectionFileOffset(nIndex);\r\n var nSize = ELF.getSectionFileSize(nIndex);\r\n\r\n var nVersionOffset = ELF.findSignature(nOffset, nSize, \"5a49475f44454255475f434f4c4f52\"); // ANSI ZIG_DEBUG_COLOR\r\n\r\n if (nVersionOffset != -1) {\r\n bDetected = true;\r\n }\r\n }\r\n\r\n sLang = \"Zig\";\r\n\r\n return result();\r\n}\r\n" }, { "path": "db/ELF/compiler_gcc.4.sg", "content": "// Detect It Easy: detection rule file\r\n// Author: horsicq \r\n\r\nmeta(\"compiler\", \"GCC\");\r\n\r\nfunction getVersion(nOffset, nSize) {\r\n var versionString = ELF.findString(nOffset, nSize, \"GCC:\");\r\n if (versionString != -1) {\r\n return ELF.getString(versionString + 5, 100);\r\n }\r\n\r\n return String();\r\n}\r\n\r\nfunction detect() {\r\n if (ELF.compareEP(\"31ed5e89e183e4..50545268........68........515668........e8\")) {\r\n if (ELF.compareEP(\"$$$$$$$$57565383ec..8b7424..8b7c24..8b5c24..b8........85c00f84........8b0d........85c90f94c025........a3........8b5424..8b4c24..8d44....a3........8b5424..8915........90\", 29)) {\r\n sVersion = \"4.7.2, exe\";\r\n bDetected = true;\r\n } else if (ELF.compareEP(\"$$$$$$$$55b8........57565383ec..85c08b7c24..8bb424........8b9c24........0f84........8b15........31c085d20f94c08b5424..8b4c24..a3........8d44....8b9424........a3........8915........6690\", 29)) {\r\n sVersion = \"4.6.1, exe\";\r\n bDetected = true;\r\n } else if (ELF.compareEP(\"$$$$$$$$5589e557565383ec..8b7d..8b75..8b5d..b8........85c00f84........a1........85c00f94c025........a3\", 29)) {\r\n sVersion = \"4.5.3, exe\";\r\n bDetected = true;\r\n } else if (ELF.compareEP(\"$$$$$$$$55b8........89e557565383ec..85c08b7d..8b75..8b5d..74..31c0833d..........0f94c0\", 29)) {\r\n sVersion = \"4.4.6, exe\";\r\n bDetected = true;\r\n } else if (ELF.compareEP(\"$$$$$$$$55b8........89e557565383ec..85c08b7d..8b5d..74..31c08b15........85d20f94c0\", 29)) {\r\n sVersion = \"4.4.5, exe\";\r\n bDetected = true;\r\n } else if (ELF.compareEP(\"$$$$$$$$55b8........89e557565383ec..85c08b....8b5d..74..31c0833d..........0f94c0\", 29)) {\r\n sVersion = \"4.3.3, exe\";\r\n bDetected = true;\r\n } else if (ELF.compareEP(\"$$$$$$$$55ba........89e557565381ec........85d20f85........8b45..8b4d..8915........8d54\", 29)) {\r\n sVersion = \"4.1.2, exe\";\r\n bDetected = true;\r\n }\r\n } else if (ELF.compareEP(\"31ed5589e583e4..8d45..83ec..50ff75..52e8$$$$$$$$5589e557565383ec..8b5d..8b7d..8d74....8935........85db7e..8b0785c074..a3........0fb610\")) {\r\n sVersion = \"4.4.7, exe\"; // BSD\r\n bDetected = true;\r\n } else if (ELF.compareEP(\"5589e5565383ec..83e4..8b5d..89d18d74....85db8935........7e..8b45..85c074..a3........0fb610\")) {\r\n sVersion = \"4.2.1, exe\"; // BSD\r\n bDetected = true;\r\n } else if (ELF.compareEP(\"55575653e8........81c3........83ec..8b93........8b8b........8b83........8b2a8b93........890c24895424..8b93........895424..eb\")) {\r\n sVersion = \"4.7.2, so\";\r\n bDetected = true;\r\n } else if (ELF.compareEP(\"5589e557565383ec..83e4..8b5d..89d78d74....85db8935........7e..8b45..85c074..a3........89c10fb601\")) {\r\n sVersion = \"3.4.6, exe\"; // BSD\r\n bDetected = true;\r\n } else if (ELF.compareEP(\"5589e557565383ec..89d18d7d..8b5f..8d74....8935........85db7e..837d....74..8b45..a3........89c28038..74..8db6........8dbf........803a..75..8d42..a3\")) {\r\n sVersion = \"3.2.1, exe\"; // BSD\r\n bDetected = true;\r\n } else if (ELF.compareEP(\"5557565383ec..8b7424..8b6c24..8b3ec745..........c74424..........c74424..........8b078904248d4424..894424..ff57\")) {\r\n sVersion = \"3.2, so\"; // BSD\r\n bDetected = true;\r\n } else if (ELF.compareEP(\"7c290b785421....38......9421ff..7c0803a690......3d......85......48\")) { // PowerPC instruction set\r\n sVersion = \"3.2.X\";\r\n bDetected = true;\r\n } else if (ELF.compareEP(\"6a..6a..8bec52b8........85c074\")) {\r\n sVersion = \"2.95.2\";\r\n bDetected = true;\r\n } else if (ELF.isStringInTablePresent(\".strtab\", \"gcc2_compiled.\")) {\r\n sVersion = \"2.X\";\r\n bDetected = true;\r\n } else if (ELF.isStringInTablePresent(\".dynstr\", \"GCC_3.0\")) {\r\n sVersion = \"3.X\";\r\n bDetected = true;\r\n } else if (ELF.isSectionNamePresent(\".gcc_except_table\")) {\r\n bDetected = true;\r\n }\r\n var nSection = ELF.getSectionNumber(\".comment\");\r\n if (nSection != -1 && !sVersion) {\r\n var versionString = getVersion(ELF.getSectionFileOffset(nSection), ELF.getSectionFileSize(nSection));\r\n if (versionString) {\r\n sVersion = versionString;\r\n bDetected = true;\r\n }\r\n }\r\n\r\n if (!sVersion) {\r\n if (ELF.isOverlayPresent()) { // TODO Check!!!\r\n var versionString = getVersion(ELF.getOverlayOffset(), Math.min(8192, ELF.getOverlaySize()));\r\n if (versionString) {\r\n sVersion = versionString; // Version mb corrupted!\r\n bDetected = true;\r\n }\r\n }\r\n }\r\n\r\n sLang = \"C\";\r\n\r\n return result();\r\n}\r\n" }, { "path": "db/ELF/compiler_gdc.4.sg", "content": "// Detect It Easy: detection rule file\r\n// Author: horsicq \r\n\r\nmeta(\"compiler\", \"gdc\");\r\n\r\nfunction detect() {\r\n if (ELF.isLibraryPresent(\"libgphobos.so.2\")) {\r\n bDetected = true;\r\n }\r\n\r\n sLang = \"C/C++\";\r\n\r\n return result();\r\n}\r\n" }, { "path": "db/ELF/compiler_ldc.4.sg", "content": "// Detect It Easy: detection rule file\r\n// Author: horsicq \r\n\r\nmeta(\"compiler\", \"ldc\");\r\n\r\nfunction getLDCVersion() {\r\n var sResult = \"\";\r\n var nSection = ELF.getSectionNumber(\".comment\");\r\n if (nSection != -1) {\r\n var nSectionOffset = ELF.getSectionFileOffset(nSection);\r\n var nSectionSize = ELF.getSectionFileSize(nSection);\r\n var nOffset = ELF.findString(nSectionOffset, nSectionSize, \"ldc version \");\r\n if (nOffset != -1) {\r\n sResult = ELF.getString(nOffset + 12, 20);\r\n }\r\n }\r\n\r\n return sResult;\r\n}\r\n\r\nfunction detect() {\r\n if (ELF.isLibraryPresent(\"libphobos2-ldc-shared.so.98\") || ELF.isLibraryPresent(\"libdruntime-ldc-shared.so.98\")) {\r\n bDetected = true;\r\n }\r\n\r\n var sLDCVersion = getLDCVersion();\r\n if (sLDCVersion) {\r\n bDetected = true;\r\n sVersion = sLDCVersion;\r\n }\r\n\r\n sLang = \"D\";\r\n\r\n return result();\r\n}\r\n" }, { "path": "db/ELF/compiler_movfuscator.4.sg", "content": "// Detect It Easy: detection rule file\n\n// Author: DosX\n// E-Mail: collab@kay-software.ru\n// GitHub: https://github.com/DosX-dev\n// Telegram: @DosX_dev\n\nmeta(\"compiler\", \"movfuscator\");\n\nfunction detect() {\n if (ELF.compareEP(\"A1........8B98........8B03BA........668B9400........8913A1........8B98........\")) {\n bDetected = true;\n sVersion = \"v2\";\n\n _setResult(\"protection\", \"M/o/Vfuscator\", \"\", \"\");\n }\n\n sLang = \"C\";\n\n return result();\n}" }, { "path": "db/ELF/library_Curl.4.sg", "content": "// Detect It Easy: detection rule file\n// Author: BJNFNE \n\n// https://curl.se/libcurl/\nmeta(\"library\", \"Curl\");\n\nfunction detect() {\n if (ELF.isLibraryPresent(\"libcurl.so.4\")) {\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/ELF/library_FFmpeg.4.sg", "content": "// Detect It Easy: detection rule file\n// Author: BJNFNE \n\n// https://ffmpeg.com/\nmeta(\"library\", \"FFmpeg\");\n\nfunction detect() {\n if (ELF.isLibraryPresent(\"libffmpeg.so\")) {\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/ELF/library_FLAC.4.sg", "content": "// Detect It Easy: detection rule file\n// Author: BJNFNE \n\n// https://github.com/xiph/flac\nmeta(\"library\", \"FLAC\");\n\nfunction detect() {\n if (ELF.isLibraryPresent(\"libFLAC.so.14\")) {\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/ELF/library_Flexlm.4.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"library\", \"\");\n\nfunction detect() {\n var nOffset = ELF.findSignature(0, ELF.getSize(), \"'@(#) F'\");\n if (nOffset != -1) {\n sName = ELF.getString(nOffset, 200).match(/\\w\\S*/i);\n sVersion = ELF.getString(nOffset, 200).match(/\\d\\S*/i);\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/ELF/library_FluidSynth.4.sg", "content": "// Detect It Easy: detection rule file\n// Author: BJNFNE \n\n// https://www.fluidsynth.org/\nmeta(\"library\", \"FluidSynth\");\n\nfunction detect() {\n if (ELF.isLibraryPresent(\"libfluidsynth.so.3\")) {\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/ELF/library_FreeType.4.sg", "content": "// Detect It Easy: detection rule file\n// Author: BJNFNE \n\n// https://freetype.org/\nmeta(\"library\", \"FreeType\");\n\nfunction detect() {\n if (ELF.isLibraryPresent(\"libfreetype.so.6\")) {\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/ELF/library_GLEW.4.sg", "content": "// Detect It Easy: detection rule file\n// Author: BJNFNE \n\n// https://glew.sourceforge.net/\nmeta(\"library\", \"GLEW\");\n\nfunction detect() {\n if (ELF.isLibraryPresent(\"libGLEW.so.2.2\")) {\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/ELF/library_GLIBC.3.sg", "content": "// Detect It Easy: detection rule file\r\n// Author: horsicq \r\n\r\nmeta(\"library\", \"GLIBC\");\r\n\r\nfunction getMaxVersion(sValue1, sValue2) {\r\n var aString1 = sValue1.toString().split('.');\r\n var aString2 = sValue2.toString().split('.');\r\n\r\n for (var i = 0; i < 3; i++) {\r\n if (aString1[i] > aString2[i]) {\r\n return sValue1;\r\n } else if (aString1[i] < aString2[i]) {\r\n return sValue2;\r\n }\r\n }\r\n\r\n return sValue2;\r\n}\r\n\r\nfunction detect() {\r\n if (ELF.isSectionNamePresent(\".dynstr\")) {\r\n var nSection = ELF.getSectionNumber(\".dynstr\");\r\n\r\n var nOffset = ELF.getSectionFileOffset(nSection);\r\n var nSize = ELF.getSectionFileSize(nSection);\r\n\r\n var nCurrentOffset = nOffset;\r\n var nCurrentSize = nSize;\r\n var sLIBCVersion;\r\n while (nCurrentSize > 0) {\r\n nCurrentOffset = ELF.findString(nCurrentOffset, nSize, \"GLIBC_\");\r\n if (nCurrentOffset == -1) {\r\n break;\r\n }\r\n bDetected = true;\r\n sLIBCVersion = ELF.getString(nCurrentOffset + 6);\r\n\r\n sVersion = getMaxVersion(sVersion, sLIBCVersion);\r\n\r\n nCurrentSize = nSize - (nCurrentOffset - nOffset + 1);\r\n nCurrentOffset++;\r\n }\r\n\r\n sOptions = ELF.getGeneralOptions();\r\n\r\n }\r\n\r\n return result();\r\n}\r\n" }, { "path": "db/ELF/library_LZMA.4.sg", "content": "// Detect It Easy: detection rule file\n// Author: BJNFNE \n\n// https://tukaani.org/xz/liblzma-api/\nmeta(\"library\", \"LZMA\");\n\nfunction detect() {\n if (ELF.isLibraryPresent(\"liblzma.so.5\")) {\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/ELF/library_Lego1.4.sg", "content": "// Detect It Easy: detection rule file\n// Author: BJNFNE \n\n// https://github.com/isledecomp/isle-portable\nmeta(\"library\", \"Lego1\");\n\nfunction detect() {\n if (ELF.isLibraryPresent(\"liblego1.so\")) {\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/ELF/library_MPEG2.4.sg", "content": "// Detect It Easy: detection rule file\n// Author: BJNFNE \n\n// https://libmpeg2.sourceforge.io/\nmeta(\"library\", \"MPEG2\");\n\nfunction detect() {\n if (ELF.isLibraryPresent(\"libmpeg2.so.0\")) {\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/ELF/library_Mikmod.4.sg", "content": "// Detect It Easy: detection rule file\n// Author: BJNFNE \n\n// https://sourceforge.net/projects/mikmod/\nmeta(\"library\", \"Mikmod\");\n\nfunction detect() {\n if (ELF.isLibraryPresent(\"libmikmod.so.3\")) {\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/ELF/library_OGG.4.sg", "content": "// Detect It Easy: detection rule file\n// Author: BJNFNE \n\n// https://www.xiph.org/ogg/\nmeta(\"library\", \"OGG\");\n\nfunction detect() {\n if (ELF.isLibraryPresent(\"libogg.so.0\")) {\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/ELF/library_OpenAL.4.sg", "content": "// Detect It Easy: detection rule file\n// Author: BJNFNE \n\n// https://www.openal.org/\nmeta(\"library\", \"OpenAL\");\n\nfunction detect() {\n if (ELF.isLibraryPresent(\"libopenal.so.1\")) {\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/ELF/library_PulseAudio.4.sg", "content": "// Detect It Easy: detection rule file\n// Author: BJNFNE \n\n// https://www.freedesktop.org/wiki/Software/PulseAudio/\nmeta(\"library\", \"PulseAudio\");\n\nfunction detect() {\n if (ELF.isLibraryPresent(\"libpulse.so.0\")) {\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/ELF/library_QT.3.sg", "content": "// Detect It Easy: detection rule file\r\n// Author: horsicq \r\n\r\nmeta(\"library\", \"Qt\");\r\n\r\nfunction getQTVersion() {\r\n var sResult = \"\";\r\n var nSize = ELF.getSize();\r\n var nOffset = ELF.findString(0, nSize, \"/usr/local/Trolltech/Qt-\");\r\n if (nOffset != -1) {\r\n sResult = ELF.getString(nOffset + 24);\r\n var aVersion = sResult.match(/(.*)\\//);\r\n if (aVersion) {\r\n sResult = aVersion[1];\r\n }\r\n }\r\n\r\n return sResult;\r\n}\r\n\r\nfunction detect() {\r\n\r\n if (ELF.isStringInTablePresent(\".dynstr\", \"libQtCore.so.4\")) {\r\n sVersion = \"4.X\";\r\n bDetected = true;\r\n } else if (ELF.isStringInTablePresent(\".dynstr\", \"libQt5Core.so.5\")) {\r\n sVersion = \"5.X\";\r\n bDetected = true;\r\n } else if (ELF.isStringInTablePresent(\".dynstr\", \"libQt6Core_x86.so\")) {\r\n sVersion = \"6.X\";\r\n bDetected = true;\r\n } else if (ELF.isStringInTablePresent(\".dynstr\", \"libQt6Core.so.6\")) {\r\n sVersion = \"6.X\";\r\n bDetected = true;\r\n }\r\n\r\n if (bDetected) {\r\n var sQTVersion = getQTVersion();\r\n if (sQTVersion) {\r\n sVersion = sQTVersion;\r\n }\r\n }\r\n\r\n return result();\r\n}\r\n" }, { "path": "db/ELF/library_SDL.3.sg", "content": "// Detect It Easy: detection rule file\r\n// Author: horsicq \r\n\r\nmeta(\"library\", \"SDL\");\r\n\r\nfunction getSDLVersion() {\r\n var sResult = \"\";\r\n var nSection = ELF.getSectionNumber(\".dynstr\");\r\n if (nSection != -1) {\r\n var nOffset = ELF.getSectionFileOffset(nSection);\r\n var nSize = ELF.getSectionFileSize(nSection);\r\n\r\n var nVersionOffset = ELF.findString(nOffset, nSize, \"libSDL-\");\r\n if (nVersionOffset != -1) {\r\n var sSDLVersion = ELF.getString(nVersionOffset);\r\n var aVersion = sSDLVersion.match(/libSDL-(.*).so/);\r\n if (aVersion) {\r\n sResult = aVersion[1];\r\n }\r\n }\r\n }\r\n\r\n return sResult;\r\n}\r\n\r\nfunction detect() {\r\n if (ELF.isStringInTablePresent(\".dynstr\", \"SDL_Init\")) {\r\n bDetected = true;\r\n }\r\n\r\n if (bDetected) {\r\n sVersion = getSDLVersion();\r\n }\r\n\r\n return result();\r\n}\r\n" }, { "path": "db/ELF/packer_Ezuri.1.sg", "content": "// Detect It Easy: detection rule file\r\n// Author: horsicq \r\n// Rewritten from yara (YARA-Rule by f0wl) by KDSS-Research\r\n// Optimized and rewritten (again) by DosX\r\n\r\nmeta(\"packer\", \"Ezuri\");\r\n\r\nfunction detect() {\r\n if (ELF.isSectionNamePresent(\".strtab\") && ELF.isSectionNamePresent(\".gopclntab\") && ELF.isSectionNamePresent(\".noptrdata\") && ELF.isSectionNamePresent(\".rodata\")) {\r\n var strtab = ELF.getSectionNumber(\".strtab\"),\r\n gopclntab = ELF.getSectionNumber(\".gopclntab\"),\r\n noptrdata = ELF.getSectionNumber(\".noptrdata\"),\r\n rodata = ELF.getSectionNumber(\".rodata\");\r\n\r\n\r\n var nOffset = ELF.findString(ELF.getSectionFileOffset(strtab), ELF.getSectionFileSize(strtab), \"main.runFromMemory\");\r\n\r\n\r\n if (nOffset != -1 &&\r\n ELF.findString(ELF.getSectionFileOffset(strtab), ELF.getSectionFileSize(strtab), \"main.aesDec\") != -1 &&\r\n ELF.findString(ELF.getSectionFileOffset(gopclntab), ELF.getSectionFileSize(gopclntab), \"crypto/cipher.NewCFBDecrypter\") != -1 &&\r\n ELF.findString(ELF.getSectionFileOffset(rodata), ELF.getSectionFileSize(rodata), \"/proc/self/fd/%d\") != -1 &&\r\n ELF.findString(ELF.getSectionFileOffset(rodata), ELF.getSectionFileSize(rodata), \"/dev/null\") != -1 &&\r\n ELF.findSignature(ELF.getSectionFileOffset(noptrdata), ELF.getSectionFileSize(noptrdata), \"A5 63 63 C6 84 7C 7C F8\") != -1 &&\r\n ELF.findSignature(ELF.getSectionFileOffset(noptrdata), ELF.getSectionFileSize(noptrdata), \"63 7C 77 7B F2 6B 6F C5 30 01 67 2B FE D7 AB 76\") != -1) {\r\n bDetected = true;\r\n }\r\n\r\n }\r\n\r\n return result();\r\n}\r\n" }, { "path": "db/ELF/packer_PyInstaller.2.sg", "content": "// Detect It Easy: detection rule file\n\n// Author: DosX\n// E-Mail: collab@kay-software.ru\n// GitHub: https://github.com/DosX-dev\n// Telegram: @DosX_dev\n\nmeta(\"packer\", \"PyInstaller\"); // python = 💩\n\nfunction detect() {\n\n // they insert pkgs into the section named \"pydata\"\n const pydata = ELF.getSectionNumber(\"pydata\")\n\n // we can find the magic number in the section\n if (pydata != -1 && ELF.findSignature(\n ELF.getSectionFileOffset(pydata),\n ELF.getSectionFileSize(pydata),\n \"4d45490c0b0a0b0e\"\n ) != -1)\n bDetected = true;\n\n sLang = \"Python\";\n\n return result();\n}" }, { "path": "db/ELF/packer_UPX.2.sg", "content": "// Detect It Easy: detection rule file\r\n// Author: horsicq \r\n\r\nmeta(\"packer\", \"UPX\");\r\n\r\nfunction getUPXOptions(nOffset) {\r\n var nMethod = ELF.readByte(nOffset + 2);\r\n var nLevel = ELF.readByte(nOffset + 3);\r\n var sCompression = \"\";\r\n switch (nMethod) // From http://sourceforge.net/p/upx/code/ci/default/tree/src/conf.h\r\n {\r\n case 2:\r\n case 3:\r\n case 4:\r\n case 5:\r\n case 6:\r\n case 7:\r\n case 8:\r\n case 9:\r\n case 10:\r\n sCompression = \"NRV\";\r\n break;\r\n case 14:\r\n sCompression = \"LZMA\";\r\n break;\r\n case 15:\r\n sCompression = \"zlib\";\r\n break;\r\n }\r\n\r\n if (sCompression) {\r\n sOptions = sOptions.append(sCompression);\r\n if (nLevel == 8) {\r\n sOptions = sOptions.append(\"best\");\r\n } else {\r\n sOptions = sOptions.append(\"brute\");\r\n }\r\n }\r\n}\r\n\r\nfunction detect() {\r\n var nSize = ELF.getSize();\r\n if (ELF.compare(\"'UPX!'\", nSize - 0x24)) {\r\n getUPXOptions(nSize - 0x20);\r\n bDetected = true;\r\n } else if (ELF.compareEP(\"E8........EB0E5A585997608A542420E9........60\")) {\r\n sVersion = \"3.X\";\r\n bDetected = true;\r\n }\r\n\r\n var nOffset = ELF.findString(0, nSize, \"$Id: UPX\");\r\n if (nOffset != -1) {\r\n sVersion = ELF.getString(nOffset + 9, 4);\r\n bDetected = true;\r\n }\r\n\r\n return result();\r\n}\r\n" }, { "path": "db/ELF/packer_Virbox.2.sg", "content": "// Detect It Easy: detection rule file\n// Author: Vito <@ScalletaZ>\n\nmeta(\"packer\", \"Virbox\");\n\nfunction detect() {\n for (var i = 0; i < ELF.getNumberOfPrograms(); i++) {\n var nOffset = ELF.getProgramFileOffset(i);\n if (ELF.findString(nOffset, 32, \"Virbox Protector\") != -1) {\n sVersion = \"Virbox Protector\";\n bDetected = true;\n break;\n }\n }\n\n return result();\n}" }, { "path": "db/ELF/packer_exepak.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"packer\", \"exepak\");\n\nfunction detect() {\n if (ELF.compareEP(\"b9........81e9........89cb83e9..be........89f7033d........f3a48b15........b8\")) {\n sVersion = \"1.1\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/ELF/protector_Burneye.2.sg", "content": "// Detect It Easy: detection rule file\r\n// Author: horsicq \r\n\r\nmeta(\"protector\", \"Burneye\");\r\n\r\nfunction detect() {\r\n if (ELF.compareEP(\"FF35........9C608B0D........E9\")) {\r\n sVersion = \"1.0\";\r\n bDetected = true;\r\n }\r\n\r\n return result();\r\n}\r\n" }, { "path": "db/ELF/protector_HASP.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: Hand Mill\n/*\nIf errors pls contact HandMill on exelab.ru\n*/\n\nmeta(\"protector\", \"HASP\");\n\nfunction detect() {\n if (ELF.getNumberOfSections() == 2) {\n if (ELF.isSectionNamePresent(\"protect\") && (ELF.getSectionFileSize(0) == 0)) {\n var nOffset = ELF.getProgramFileOffset(3);\n var nSize = ELF.getProgramFileSize(3);\n if (ELF.findString(nOffset, nSize, \"hasp\") != -1) {\n bDetected = true;\n } else {\n var nOffset = ELF.getProgramFileOffset(1);\n var nSize = ELF.getProgramFileSize(1);\n if (ELF.findString(nOffset, nSize, \"hasp\") != -1) {\n bDetected = true;\n }\n }\n\n }\n }\n\n return result();\n}" }, { "path": "db/FASM", "content": "// Detect It Easy: DiE-JS framework file\r\n// Don't change anything unless you're sure about what you're doing\r\n\r\n// FASM's PE DOS stub is tested twice - once to detect FASM as a compiler and\r\n// again to prevent being detected as a linker (FASM has no linker). Detect it\r\n// once here.\r\n\r\nvar bFASM;\r\n\r\nif (!bFASM && PE) {\r\n bFASM = PE.compare(\"'MZ'80000100000004001000FFFF00004001000000000000400000000000000000000000000000000000000000000000000000000000000000000000800000000E1FBA0E00B409CD21B8014CCD21'This program cannot be run in DOS mode.\\r\\n$'0000000000000000'PE'0000\");\r\n}" }, { "path": "db/FPC", "content": "// Detect It Easy: DiE-JS framework file\r\n// Don't change anything unless you're sure about what you're doing\r\n\r\n// Free Pascal\r\n// Author: Rinat Aminow \r\n\r\nvar bFPC;\r\nif (typeof bFPC === \"undefined\" && typeof PE !== \"undefined\") {\r\n if (PE.section[\".data\"]) {\r\n var nOffset = PE.section[\".data\"].FileOffset + PE.section[\".data\"].FileSize - 0x1024;\r\n\r\n bFPC = PE.findString(nOffset, 0x1024, \"FPC \") != -1;\r\n }\r\n}" }, { "path": "db/IPA/_init", "content": "// Detect It Easy: DiE-JS framework file\r\n// Don't change anything unless you're sure about what you're doing\r\n\r\nvar File = IPA;\r\nvar X = IPA;" }, { "path": "db/ISO9660/_ISO9660.0.sg", "content": "// Detect It Easy: detection rule file\r\n// Author: horsicq \r\n\r\nmeta(\"format\", \"ISO9660\");\r\n\r\nfunction detect() {\r\n if (ISO9660.isVerbose()) {\r\n sName = ISO9660.getFileFormatName();\r\n sVersion = ISO9660.getFileFormatVersion();\r\n sOptions = ISO9660.getFileFormatOptions();\r\n\r\n if (sName) {\r\n bDetected = true;\r\n }\r\n }\r\n\r\n return result();\r\n}\r\n" }, { "path": "db/ISO9660/_init", "content": "// Detect It Easy: DiE-JS framework file\n// Don't change anything unless you're sure about what you're doing\n\nvar File = ISO9660;\nvar X = ISO9660;" }, { "path": "db/ISO9660/bootloader_Grub.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: BJNFNE \n\n// https://en.wikipedia.org/wiki/GNU_GRUB\nmeta(\"bootloader\", \"Grub\");\n\nfunction detect() {\n if (ISO9660.compare(\"'GRUB'\", 0x00000180)) {\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/ISO9660/filesystem_AppleHFS.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: BJNFNE \n\n// https://en.wikipedia.org/wiki/Hierarchical_File_System_(Apple)\nmeta(\"filesystem\", \"Apple HFS\");\n\nfunction detect() {\n if (ISO9660.compare(\"'Apple_HFS'\", 0x430) || ISO9660.compare(\"'Apple_map_partiton'\", 0x230)) {\n sOptions = \"ISO\";\n bDetected = true;\n } else if (ISO9660.compare(\"'Apple_HFS'\", 0x440) || ISO9660.compare(\"'Apple_map_partiton'\", 0x240)) {\n sOptions = \"BIN\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/ISO9660/iso_Rimage.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: BJNFNE \n\n// https://rimage.incom.de/en/\nmeta(\"iso\", \"Rimage Image Server\");\n\nfunction detect() {\n if (Binary.compare(\"'Rimage Image Server Version: 8.6.604.1'\", 0x00008373)) {\n sVersion = \"8.6.604.1\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/ISO9660/library_IMAPI.1.sg", "content": "// Detect It Easy: detection rule file\r\n// Author: horsicq \r\n\r\n// https://learn.microsoft.com/en-us/windows/win32/imapi/imapi-interfaces\r\nmeta(\"library\", \"IMAPI\");\r\n\r\nfunction detect() {\r\n var sDataPreparer = ISO9660.getDataPreparerIdentifier();\r\n\r\n if (sDataPreparer.indexOf(\"IMAPI ISO-9660 Formatter\") !== -1) {\r\n sVersion = \"1.0\";\r\n bDetected = true;\r\n\r\n // Check if it's Microsoft & Roxio version\r\n if (sDataPreparer.indexOf(\"Microsoft & Roxio\") !== -1) {\r\n sOptions = \"Microsoft & Roxio\";\r\n }\r\n }\r\n\r\n return result();\r\n}\r\n" }, { "path": "db/ISO9660/library_IMAPI2.1.sg", "content": "// Detect It Easy: detection rule file\r\n// Author: horsicq \r\n\r\n// https://learn.microsoft.com/en-us/windows/win32/imapi/imapi-interfaces\r\nmeta(\"library\", \"IMAPI2\");\r\n\r\nfunction detect() {\r\n var sDataPreparer = ISO9660.getDataPreparerIdentifier();\r\n\r\n if (sDataPreparer.indexOf(\"IMAPI2\") !== -1) {\r\n bDetected = true;\r\n\r\n // Try to extract version if present\r\n // Format: \"IMAPI2 (1.0) ISO9660 FORMATTER COPYRIGHT (C) 2004-2007 MICROSOFT\"\r\n var nVerPos = sDataPreparer.indexOf(\"IMAPI2\");\r\n if (nVerPos !== -1) {\r\n var sVersionPart = sDataPreparer.substring(nVerPos + 6).trim();\r\n if (sVersionPart.charAt(0) === '(') {\r\n var nClosePos = sVersionPart.indexOf(\")\");\r\n\r\n if (nClosePos !== -1) {\r\n sVersion = sVersionPart.substring(1, nClosePos);\r\n }\r\n }\r\n }\r\n }\r\n\r\n return result();\r\n}\r\n" }, { "path": "db/ISO9660/library_libburn.1.sg", "content": "// Detect It Easy: detection rule file\r\n// Author: horsicq \r\n\r\n// https://dev.lovelyhq.com/libburnia/libburn\r\nmeta(\"library\", \"libburn\");\r\n\r\nfunction detect() {\r\n var sDataPreparer = ISO9660.getDataPreparerIdentifier();\r\n\r\n if (sDataPreparer.indexOf(\"LIBBURN\") !== -1) {\r\n bDetected = true;\r\n\r\n // Try to extract version if present\r\n // Format: \"XORRISO-1.5.4 2021.01.30.150001, LIBISOBURN-1.5.4, LIBISOFS-1.5.4, LIBBURN-1.5.4\"\r\n var nVerPos = sDataPreparer.indexOf(\"LIBBURN-\");\r\n if (nVerPos !== -1) {\r\n var sVersionPart = sDataPreparer.substring(nVerPos + 8),\r\n nCommaPos = sVersionPart.indexOf(\",\");\r\n\r\n if (nCommaPos !== -1) {\r\n sVersion = sVersionPart.substring(0, nCommaPos);\r\n } else {\r\n // No comma, might be at end of string\r\n sVersion = sVersionPart.trim();\r\n }\r\n }\r\n }\r\n\r\n return result();\r\n}\r\n" }, { "path": "db/ISO9660/library_libisoburn.1.sg", "content": "// Detect It Easy: detection rule file\r\n// Author: horsicq \r\n\r\n// https://dev.lovelyhq.com/libburnia/libisoburn\r\nmeta(\"library\", \"libisoburn\");\r\n\r\nfunction detect() {\r\n var sDataPreparer = ISO9660.getDataPreparerIdentifier();\r\n\r\n if (sDataPreparer.indexOf(\"LIBISOBURN\") !== -1) {\r\n bDetected = true;\r\n\r\n // Try to extract version if present\r\n // Format: \"XORRISO-1.5.4 2021.01.30.150001, LIBISOBURN-1.5.4, LIBISOFS-1.5.4, LIBBURN-1.5.4\"\r\n var nVerPos = sDataPreparer.indexOf(\"LIBISOBURN-\");\r\n if (nVerPos !== -1) {\r\n var sVersionPart = sDataPreparer.substring(nVerPos + 11),\r\n nCommaPos = sVersionPart.indexOf(\",\");\r\n\r\n if (nCommaPos !== -1) {\r\n sVersion = sVersionPart.substring(0, nCommaPos);\r\n } else {\r\n var nSpacePos = sVersionPart.indexOf(\" \");\r\n if (nSpacePos !== -1) {\r\n sVersion = sVersionPart.substring(0, nSpacePos);\r\n }\r\n }\r\n }\r\n }\r\n\r\n return result();\r\n}\r\n" }, { "path": "db/ISO9660/library_libisofs.1.sg", "content": "// Detect It Easy: detection rule file\r\n// Author: horsicq \r\n\r\n// https://dev.lovelyhq.com/libburnia/libisofs\r\nmeta(\"library\", \"libisofs\");\r\n\r\nfunction detect() {\r\n var sDataPreparer = ISO9660.getDataPreparerIdentifier();\r\n\r\n if (sDataPreparer.indexOf(\"LIBISOFS\") !== -1) {\r\n bDetected = true;\r\n\r\n // Try to extract version if present\r\n // Format: \"XORRISO-1.5.4 2021.01.30.150001, LIBISOBURN-1.5.4, LIBISOFS-1.5.4, LIBBURN-1.5.4\"\r\n var nVerPos = sDataPreparer.indexOf(\"LIBISOFS-\");\r\n if (nVerPos !== -1) {\r\n var sVersionPart = sDataPreparer.substring(nVerPos + 9),\r\n nCommaPos = sVersionPart.indexOf(\",\");\r\n\r\n if (nCommaPos !== -1) {\r\n sVersion = sVersionPart.substring(0, nCommaPos);\r\n } else {\r\n var nSpacePos = sVersionPart.indexOf(\" \");\r\n if (nSpacePos !== -1) {\r\n sVersion = sVersionPart.substring(0, nSpacePos);\r\n }\r\n }\r\n }\r\n }\r\n\r\n return result();\r\n}\r\n" }, { "path": "db/ISO9660/partition_EFI_PART.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: BJNFNE \n\n// https://en.wikipedia.org/wiki/EFI_system_partition\nmeta(\"partition\", \"EFI PART\");\n\nfunction detect() {\n if (ISO9660.compare(\"'EFI PART'\", 0x00000200)) {\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/ISO9660/tool_CDBurnerXP.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: BJNFNE \n\n// https://cdburnerxp.se/\nmeta(\"tool\", \"CDBurnerXP\");\n\nfunction detect() {\n if (ISO9660.compare(\"'CDBURNERXP PRO 3'\", 0x0000823e)) {\n sVersion = \"Pro 3\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/ISO9660/tool_CDIMAGE.1.sg", "content": "// Detect It Easy: detection rule file\r\n// Author: horsicq \r\n\r\n// https://learn.microsoft.com/en-us/windows-hardware/manufacture/desktop/oscdimg-command-line-options\r\nmeta(\"tool\", \"CDIMAGE\");\r\n\r\nfunction detect() {\r\n var sAppId = ISO9660.getApplicationIdentifier();\r\n\r\n if (sAppId.indexOf(\"CDIMAGE\") !== -1) {\r\n bDetected = true;\r\n\r\n // Try to extract version if present\r\n // Format: \"CDIMAGE 2.54 (01/01/2005 TM)\"\r\n var nVerPos = sAppId.indexOf(\"CDIMAGE\");\r\n if (nVerPos !== -1) {\r\n var sVersionPart = sAppId.substring(nVerPos + 8).trim(),\r\n nSpacePos = sVersionPart.indexOf(\" \");\r\n\r\n if (nSpacePos !== -1) {\r\n sVersion = sVersionPart.substring(0, nSpacePos);\r\n }\r\n }\r\n }\r\n\r\n return result();\r\n}\r\n" }, { "path": "db/ISO9660/tool_CeQuadrat.1.sg", "content": "// Detect It Easy: detection rule file\r\n// Author: horsicq \r\n\r\nmeta(\"tool\", \"CeQuadrat\");\r\n\r\nfunction detect() {\r\n var sDataPreparer = ISO9660.getDataPreparerIdentifier().toUpperCase();\r\n\r\n if (sDataPreparer.indexOf(\"CEQUADRAT\") !== -1 && sDataPreparer.indexOf(\"ISO-9660 FORMATTER\") !== -1) {\r\n bDetected = true;\r\n\r\n // Try to extract year/version from copyright notice\r\n // Format: \"COPYRIGHT (C) 1995\" or \"COPYRIGHT (C) 1995-1998\"\r\n var nIndex = sDataPreparer.indexOf(\"COPYRIGHT (C)\");\r\n if (nIndex !== -1) {\r\n var sYearPart = sDataPreparer.substring(nIndex + 14, nIndex + 30).trim(),\r\n nYearEnd = sYearPart.indexOf(\" \");\r\n\r\n if (nYearEnd !== -1) {\r\n sVersion = sYearPart.substring(0, nYearEnd).trim();\r\n }\r\n }\r\n }\r\n\r\n return result();\r\n}\r\n" }, { "path": "db/ISO9660/tool_ImgBurn.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: BJNFNE \n\n// https://www.imgburn.com/\nmeta(\"tool\", \"ImgBurn\");\n\nfunction detect() {\n if (ISO9660.compare(\"'ImgBurn'\", 0x00008373)) {\n sVersion = ISO9660.getString(0x0000837C, 7);\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/ISO9660/tool_MKARCHISO.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: BJNFNE \n\n// https://github.com/archlinux/archiso/blob/master/archiso/mkarchiso\nmeta(\"tool\", \"MKARCHISO\");\n\nfunction detect() {\n if (ISO9660.compare(\"'REPARED BY MKARCHISO'\", 0x000081bf)) {\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/ISO9660/tool_NeroBurningROM.1.sg", "content": "// Detect It Easy: detection rule file\r\n// Author: horsicq \r\n\r\n// https://www.nero.com/\r\nmeta(\"tool\", \"Nero Burning ROM\");\r\n\r\nfunction detect() {\r\n var sAppId = ISO9660.getApplicationIdentifier();\r\n\r\n if (sAppId.indexOf(\"NERO___BURNING_ROM\") !== -1) {\r\n bDetected = true;\r\n } else if (sAppId.indexOf(\"NERO BURNING ROM\") !== -1) {\r\n bDetected = true;\r\n\r\n // Try to extract version if present\r\n var nVerPos = sAppId.indexOf(\"VER \");\r\n if (nVerPos !== -1) {\r\n var sVersionRaw = sAppId.substring(nVerPos + 4, nVerPos + 13).trim();\r\n // Convert version \"12,0,20,0\" -> \"12.0.20000\"\r\n var versionParts = sVersionRaw.split(\",\");\r\n if (versionParts.length >= 3) {\r\n var major = versionParts[0],\r\n minor = versionParts[1],\r\n build = parseInt(versionParts[2], 10) * 1000;\r\n\r\n sVersion = major + \".\" + minor + \".\" + build.toString();\r\n }\r\n }\r\n }\r\n\r\n return result();\r\n}\r\n" }, { "path": "db/ISO9660/tool_PersonalRomMaker.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: BJNFNE \n\nmeta(\"tool\", \"The Personal RomMaker\");\n\nfunction detect() {\n if (ISO9660.compare(\"'The Personal RomMaker (32-bit Windows 95 V4.10)'\", 0x00000800)) {\n sVersion = \"4.10\";\n sOptions = \"Windows 95 32-bit\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/ISO9660/tool_QuickToPix.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: BJNFNE \n\n// https://phantom.sannata.org/viewtopic.php?t=40730\nmeta(\"tool\", \"QuickToPix\");\n\nfunction detect() {\n if (ISO9660.compare(\"'MI_QUICKTOPIX'\", 0x000081bf)) {\n bDetected = true;\n } else if (ISO9660.compare(\"'MI QUICKTOPIX 2.00 BUILD 209_PHB_MPO'\", 0x000081bf)) {\n sVersion = \"2.00\";\n sOptions = \"Build: 209_PHB_MPO\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/ISO9660/tool_RoxioToast.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: BJNFNE \n\n// https://en.wikipedia.org/wiki/Roxio_Toast\nmeta(\"tool\", \"Roxio Toast\");\n\nfunction detect() {\n if (ISO9660.compare(\"'TOAST 2.5 Partition'\", 0x00000410)) {\n sVersion = \"2.5\";\n bDetected = true;\n } else if (ISO9660.compare(\"..'Toast 3.0 PPC HFS Optimizer'\", 0x0000040f)) {\n sVersion = \"3.0\";\n sOptions = \"PowerPC HFS Optimizer\";\n bDetected = true;\n } else if (ISO9660.compare(\"'Toast 3.0.2 PPC HFS Optimizer'\", 0x00000410)) {\n sVersion = \"3.0.2\";\n sOptions = \"PowerPC HFS Optimizer\";\n bDetected = true;\n } else if (ISO9660.compare(\"'Toast 3.0.5 PPC HFS Optimizer'\", 0x00000410)) {\n sVersion = \"3.0.5\";\n sOptions = \"PowerPC HFS Optimizer\";\n bDetected = true;\n } else if (ISO9660.compare(\"....'Toast 3.5 PPC HFS Optimizer'\", 0x0000040e)) {\n sVersion = \"3.5\";\n sOptions = \"PowerPC HFS Optimizer\";\n bDetected = true;\n } else if (ISO9660.compare(\"'Toast 3.5.3 PPC Partition'\", 0x00000410)) {\n sVersion = \"3.5.3\";\n bDetected = true;\n } else if (ISO9660.compare(\"'Toast 3.5.4 PPC HFS Optimizer'\", 0x00000410)) {\n sVersion = \"3.5.4\";\n sOptions = \"PowerPC HFS Optimizer\";\n bDetected = true;\n } else if (ISO9660.compare(\"'Toast 3.5.5 PPC HFS Optimizer'\", 0x00000410)) {\n sVersion = \"3.5.5\";\n sOptions = \"PowerPC HFS Optimizer\";\n bDetected = true;\n } else if (ISO9660.compare(\"....'Toast 3.5.6 PPC Partition'\", 0x0000040e)) {\n sVersion = \"3.5.6\";\n sOptions = \"PowerPC\";\n bDetected = true;\n } else if (ISO9660.compare(\"'Toast 3.5.6 PPC HFS Optimizer'\", 0x00000410)) {\n sVersion = \"3.5.6\";\n sOptions = \"PowerPC HFS Optimizer\";\n bDetected = true;\n } else if (ISO9660.compare(\"'Toast 3.5.7 PPC HFS Optimizer'\", 0x00000410)) {\n sVersion = \"3.5.7\";\n sOptions = \"PowerPC HFS Optimizer\";\n bDetected = true;\n } else if (ISO9660.compare(\"'Toast 3.5.7 PPC Partition'\", 0x00000410)) {\n sVersion = \"3.5.7\";\n sOptions = \"PowerPC\";\n bDetected = true;\n } else if (ISO9660.compare(\"'Toast 4.0 PPC HFS Optimizer'\", 0x00000410)) {\n sVersion = \"4.0\";\n sOptions = \"HFS Optimizer\";\n bDetected = true;\n } else if (ISO9660.compare(\"....'Toast 4.1 Partition'\", 0x0000040e)) {\n sVersion = \"4.1\";\n bDetected = true;\n } else if (ISO9660.compare(\"....'Toast 4.1.3 Partition'\", 0x0000040e)) {\n sVersion = \"4.1.3\";\n bDetected = true;\n } else if (ISO9660.compare(\"'Toast F-4.1.3 Partition'\", 0x00000410)) {\n sVersion = \"F-4.1.3\";\n bDetected = true;\n } else if (ISO9660.compare(\"'Toast 5.0 HFS Optimizer'\", 0x00000410)) {\n sVersion = \"5.0\";\n sOptions = \"HFS Optimizer\";\n bDetected = true;\n } else if (ISO9660.compare(\"'Toast 5.0.2 HFS/Joliet Builder'\", 0x00000410)) {\n sVersion = \"5.0.2\";\n sOptions = \"HFS/Joliet Builder\";\n bDetected = true;\n } else if (ISO9660.compare(\"'Toast 5.0.2 HFS Optimizer'\", 0x00000410)) {\n sVersion = \"5.0.2\";\n sOptions = \"HFS Optimizer\";\n bDetected = true;\n } else if (ISO9660.compare(\"'Toast 5.1.1 HFS Optimizer'\", 0x00000410)) {\n sVersion = \"5.1.1\";\n sOptions = \"HFS Optimizer\";\n bDetected = true;\n } else if (ISO9660.compare(\"'Toast 5.2.3 HFS Optimizer'\", 0x00000410)) {\n sVersion = \"5.2.3\";\n sOptions = \"HFS Optimizer\";\n bDetected = true;\n } else if (ISO9660.compare(\"'Toast 6.0 HFS Optimizer'\", 0x00000410)) {\n sVersion = \"6.0\";\n sOptions = \"HFS Optimizer\";\n bDetected = true;\n } else if (ISO9660.compare(\"..'Toast 6.0.7 HFS Optimizer'\", 0x0000040f)) {\n sVersion = \"6.0.7\";\n sOptions = \"HFS Optimizer\";\n bDetected = true;\n } else if (ISO9660.compare(\"'Toast 9.0.2 HFS Optimizer'\", 0x00000410)) {\n sVersion = \"9.0.2\";\n sOptions = \"HFS Optimizer\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/ISO9660/tool_UltraISO.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: BJNFNE \n\n// https://www.ultraiso.com/\nmeta(\"tool\", \"UltraISO\");\n\nfunction detect() {\n if (ISO9660.getString(0x8373) == \"ULTRAISO\") {\n sVersion = ISO9660.getString(0x837c);\n bDetected = true;\n }\n\n if (!bDetected) {\n var sAppId = ISO9660.getApplicationIdentifier();\n\n if (sAppId.indexOf(\"UltraISO\") !== -1) {\n bDetected = true;\n\n // Try to extract version if present\n // Format: \"UltraISO V7.2 CD & DVD Image Creator, Copyright (c)2002-2004 EZB Systems, Inc.\"\n var nVerPos = sAppId.indexOf(\"UltraISO\");\n if (nVerPos !== -1) {\n var sVersionPart = sAppId.substring(nVerPos + 9).trim();\n if (sVersionPart.charAt(0) === 'V') {\n var nSpacePos = sVersionPart.indexOf(\" \");\n if (nSpacePos !== -1) {\n sVersion = sVersionPart.substring(1, nSpacePos);\n }\n }\n }\n }\n }\n\n return result();\n}" }, { "path": "db/ISO9660/tool_WinISO.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: BJNFNE \n\n// https://winiso.com/\nmeta(\"tool\", \"WinISO\");\n\nfunction detect() {\n if (ISO9660.compare(\"'WinISO software'\", 0x0000813e)) {\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/ISO9660/tool_genisoimage.1.sg", "content": "// Detect It Easy: detection rule file\r\n// Author: horsicq \r\n\r\n// Part of cdrkit project\r\nmeta(\"tool\", \"genisoimage\");\r\n\r\nfunction detect() {\r\n var sAppId = ISO9660.getApplicationIdentifier().toUpperCase();\r\n\r\n if (sAppId.indexOf(\"GENISOIMAGE\") !== -1) {\r\n bDetected = true;\r\n\r\n // Try to extract version from copyright years\r\n // Format: \"GENISOIMAGE ISO 9660/HFS FILESYSTEM CREATOR (C) 1993 E.YOUNGDALE (C) 1997-2006 J.PEARSON/J.SCHILLING (C) 2006-2007 CDRKIT TEAM\"\r\n var nCdrkitPos = sAppId.indexOf(\"CDRKIT TEAM\");\r\n if (nCdrkitPos !== -1) {\r\n // Look for the year range before \"CDRKIT TEAM\"\r\n var sPart = sAppId.substring(0, nCdrkitPos),\r\n nLastCPos = sPart.lastIndexOf(\"(C)\");\r\n\r\n if (nLastCPos !== -1) {\r\n var sYearPart = sPart.substring(nLastCPos + 4).trim(),\r\n nSpacePos = sYearPart.indexOf(\" \");\r\n\r\n if (nSpacePos !== -1) {\r\n sVersion = sYearPart.substring(0, nSpacePos).trim();\r\n }\r\n }\r\n }\r\n }\r\n\r\n return result();\r\n}\r\n" }, { "path": "db/ISO9660/tool_xorriso.1.sg", "content": "// Detect It Easy: detection rule file\r\n// Author: horsicq \r\n\r\n// https://www.gnu.org/software/xorriso/\r\nmeta(\"tool\", \"xorriso\");\r\n\r\nfunction detect() {\r\n var sDataPreparer = ISO9660.getDataPreparerIdentifier();\r\n\r\n if (sDataPreparer.indexOf(\"XORRISO\") !== -1) {\r\n bDetected = true;\r\n\r\n // Try to extract version if present\r\n // Format: \"XORRISO-1.5.4 2021.01.30.150001, LIBISOBURN-1.5.4, LIBISOFS-1.5.4, LIBBURN-1.5.4\"\r\n var nVerPos = sDataPreparer.indexOf(\"XORRISO-\");\r\n if (nVerPos !== -1) {\r\n var sVersionPart = sDataPreparer.substring(nVerPos + 8),\r\n nSpacePos = sVersionPart.indexOf(\" \");\r\n\r\n if (nSpacePos !== -1) {\r\n sVersion = sVersionPart.substring(0, nSpacePos);\r\n }\r\n }\r\n }\r\n\r\n return result();\r\n}\r\n" }, { "path": "db/Image/_Image.0.sg", "content": "// Detect It Easy: detection rule file\r\n// Author: horsicq \r\n\r\nmeta(\"format\", \"Image\");\r\n\r\nfunction detect() {\r\n if (Image.isVerbose()) {\r\n sName = Image.getFileFormatName();\r\n sVersion = Image.getFileFormatVersion();\r\n sOptions = Image.getFileFormatOptions();\r\n \r\n if (sName) {\r\n bDetected = true;\r\n }\r\n }\r\n\r\n return result();\r\n}\r\n" }, { "path": "db/Image/_init", "content": "// Detect It Easy: DiE-JS framework file\r\n// Don't change anything unless you're sure about what you're doing\r\n\r\nvar File = Image;\r\nvar X = Image;" }, { "path": "db/JAR/_JAR.0.sg", "content": "// Detect It Easy: detection rule file\r\n// Author: horsicq \r\n\r\nmeta(\"virtual machine\", \"JVM\");\r\n\r\nfunction detect() {\r\n if (JAR.isVerbose()) {\r\n sName = JAR.getOperationSystemName();\r\n sVersion = JAR.getOperationSystemVersion();\r\n sOptions = JAR.getOperationSystemOptions();\r\n\r\n bDetected = true;\r\n }\r\n\r\n return result();\r\n}\r\n" }, { "path": "db/JAR/_init", "content": "// Detect It Easy: DiE-JS framework file\r\n// Don't change anything unless you're sure about what you're doing\r\n\r\nvar File = JAR;\r\nvar X = JAR;" }, { "path": "db/JAR/tool_SingleJar.3.sg", "content": "// Detect It Easy: detection rule file\r\n// Author: horsicq \r\n\r\nmeta(\"tool\", \"SingleJar\");\r\n\r\nfunction detect() {\r\n if (JAR.getManifestRecord(\"Created-By\") == \"singlejar\") {\r\n bDetected = true;\r\n }\r\n\r\n return result();\r\n}\r\n" }, { "path": "db/JPEG/_Jpeg.0.sg", "content": "// Detect It Easy: detection rule file\r\n// Author: horsicq \r\n\r\nmeta(\"format\", \"JPEG\");\r\n\r\nfunction detect() {\r\n sName = Jpeg.getFileFormatName();\r\n sVersion = Jpeg.getFileFormatVersion();\r\n sOptions = Jpeg.getFileFormatOptions();\r\n \r\n if (sName) {\r\n bDetected = true;\r\n }\r\n\r\n return result();\r\n}\r\n" }, { "path": "db/JPEG/_init", "content": "// Detect It Easy: DiE-JS framework file\r\n// Don't change anything unless you're sure about what you're doing\r\n\r\nvar File = Jpeg;\r\nvar X = Jpeg;" }, { "path": "db/JPEG/camera_camera.2.sg", "content": "// Detect It Easy: detection rule file\n// Author: Jason Hood \n\nmeta(\"camera\", \"\");\n\nfunction detect() {\n sName = Jpeg.getExifCameraName().replace(/\\s{2,}/g, \" \").trim();\n\n if (sName) {\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/JPEG/image_DQT.4.sg", "content": "// Detect It Easy: detection rule file\n// Author: Jason Hood \n\nmeta(\"image\", \"DQT\");\n\nfunction detect() {\n bDetected = true;\n sOptions = Jpeg.getDqtMD5();\n\n return result();\n}" }, { "path": "db/JPEG/image_comment.4.sg", "content": "// Detect It Easy: detection rule file\n// Author: Jason Hood \n\nmeta(\"image\", \"comment\");\n\nfunction detect() {\n sOptions = Jpeg.getComment();\n\n if (sOptions) {\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/JPEG/tool_Tools.3.sg", "content": "// Detect It Easy: detection rule file\n// Author: Jason Hood \n\nmeta(\"tool\", \"\");\n\nfunction detect() {\n if (Jpeg.isChunkPresent(0xE2)) {\n _setResult(\"tool\", \"FlashPix/ICC\", \"\", \"\");\n }\n if (Jpeg.isChunkPresent(0xE3)) {\n _setResult(\"tool\", \"Kodak\", \"\", \"\");\n }\n if (Jpeg.isChunkPresent(0xE4)) {\n _setResult(\"tool\", \"FlashPix\", \"\", \"\");\n }\n if (Jpeg.isChunkPresent(0xE5)) {\n _setResult(\"tool\", \"Ricoh\", \"\", \"\");\n }\n if (Jpeg.isChunkPresent(0xE6)) {\n _setResult(\"tool\", \"GoPro\", \"\", \"\");\n }\n if (Jpeg.isChunkPresent(0xE7)) {\n _setResult(\"tool\", \"Pentax/Qualcomm\", \"\", \"\");\n }\n if (Jpeg.isChunkPresent(0xE8)) {\n _setResult(\"tool\", \"Spiff\", \"\", \"\");\n }\n if (Jpeg.isChunkPresent(0xE9)) {\n _setResult(\"tool\", \"MediaJukebox\", \"\", \"\");\n }\n if (Jpeg.isChunkPresent(0xEA)) {\n _setResult(\"tool\", \"PhotoStudio\", \"\", \"\");\n }\n if (Jpeg.isChunkPresent(0xEB)) {\n _setResult(\"tool\", \"HDR\", \"\", \"\");\n }\n if (Jpeg.isChunkPresent(0xEC)) {\n _setResult(\"tool\", \"Photoshop\", \"\", \"Web\");\n }\n if (Jpeg.isChunkPresent(0xED)) {\n _setResult(\"tool\", \"Photoshop\", \"\", \"\");\n }\n if (Jpeg.isChunkPresent(0xEE)) {\n _setResult(\"tool\", \"Adobe\", \"\", \"\");\n }\n if (Jpeg.isChunkPresent(0xEF)) {\n _setResult(\"tool\", \"GraphicConverter\", \"\", \"\");\n }\n\n return result();\n}" }, { "path": "db/JavaClass/_JavaClass.0.sg", "content": "// Detect It Easy: detection rule file\r\n// Author: horsicq \r\n\r\nmeta(\"format\", \"JavaClass\");\r\n\r\nfunction detect() {\r\n sName = JavaClass.getFileFormatName();\r\n sVersion = JavaClass.getFileFormatVersion();\r\n sOptions = JavaClass.getFileFormatOptions();\r\n\r\n bDetected = true;\r\n\r\n return result();\r\n}\r\n" }, { "path": "db/JavaClass/_init", "content": "// Detect It Easy: DiE-JS framework file\r\n// Don't change anything unless you're sure about what you're doing\r\n\r\nvar File = JavaClass;\r\nvar X = JavaClass;" }, { "path": "db/LE/_LE.0.sg", "content": "// Detect It Easy: detection rule file\r\n// Author: horsicq \r\n\r\nmeta(\"operation system\", \"Windows\");\r\n\r\nfunction detect() {\r\n if (LE.isVerbose()) {\r\n sName = LE.getOperationSystemName();\r\n sVersion = LE.getOperationSystemVersion();\r\n sOptions = LE.getOperationSystemOptions();\r\n\r\n bDetected = true;\r\n }\r\n\r\n return result();\r\n}\r\n" }, { "path": "db/LE/_init", "content": "// Detect It Easy: DiE-JS framework file\r\n// Don't change anything unless you're sure about what you're doing\r\n\r\nvar File = LE;\r\nvar X = LE;" }, { "path": "db/LE/compiler_Watcom_C.4.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"compiler\", \"Watcom C\");\n\nfunction detect() {\n if (LE.compareEP(\"eb$$fb83e4..8bdc891d........891d........66b8....66a3........bb........2bc0b430cd21a2\")) {\n sName = \"Watcom C/C++\";\n sOptions = \"1988-93\";\n bDetected = true;\n } else if (LE.compareEP(\"eb$$fb83e4..89e3891d........891d........66b8....66a3........bb........29c0b430cd21a2\")) {\n sName = \"Open Watcom C/C++\";\n sOptions = \"1988-2002\";\n bDetected = true;\n } else if (LE.compareEP(\"eb$$fb83e4..89e3891d........891d........55575666b8....cd21668cc00f00e875..0f00eb75\")) {\n sName = \"Open Watcom C/C++\";\n sOptions = \"1988-1995\";\n bDetected = true;\n }\n\n sLang = \"C/C++\";\n\n return result();\n}\n" }, { "path": "db/LE/packer_UPX.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"packer\", \"UPX\");\n\nfunction getUPXOptions(nOffset) {\n var nMethod = LE.readByte(nOffset + 2);\n var nLevel = LE.readByte(nOffset + 3);\n\n var sCompression = \"\";\n switch (nMethod) // From http://sourceforge.net/p/upx/code/ci/default/tree/src/conf.h\n {\n case 2:\n sCompression = \"NRV2B_LE32\";\n break;\n case 3:\n sCompression = \"NRV2B_8\";\n break;\n case 4:\n sCompression = \"NRV2B_LE16\";\n break;\n case 5:\n sCompression = \"NRV2D_LE32\";\n break;\n case 6:\n sCompression = \"NRV2D_8\";\n break;\n case 7:\n sCompression = \"NRV2D_LE16\";\n break;\n case 8:\n sCompression = \"NRV2E_LE32\";\n break;\n case 9:\n sCompression = \"NRV2E_8\";\n break;\n case 10:\n sCompression = \"NRV\";\n break;\n case 14:\n sCompression = \"LZMA\";\n break;\n case 15:\n sCompression = \"zlib\";\n break;\n }\n\n if (sCompression) {\n sOptions = sOptions.append(sCompression);\n if (nLevel == 8) {\n sOptions = sOptions.append(\"best\");\n } else {\n sOptions = sOptions.append(\"brute\");\n }\n }\n}\n\nfunction getUPXVersion() {\n var nEP = LE.getEntryPointOffset();\n var nOffset1 = LE.findString(nEP - 1024, 1024, \"$Id: UPX \");\n var nOffset2 = LE.findString(nEP, 1024, \"UPX!\");\n if (nOffset2 != -1) {\n getUPXOptions(nOffset2 + 4);\n }\n\n if (nOffset1 != -1) {\n sVersion = LE.getString(nOffset1 + 9, 4);\n }\n if ((sVersion == \"\") && (nOffset2 != -1)) {\n sVersion = LE.getString(nOffset2 - 5, 4);\n }\n}\n\nfunction detect() {\n if (LE.compareEP(\"bf........6957..........061e07578db7........8dbf........b9........fdf3a5fc8d77..5f83cd..57e9\")) {\n sOptions = \"for Watcom C\";\n bDetected = true;\n } else if (LE.compareEP(\"bf........be........6957..........57fc31db83cd..909001db75\")) {\n sOptions = \"for Watcom C\";\n bDetected = true;\n }\n getUPXVersion();\n\n return result();\n}" }, { "path": "db/LX/_LX.0.sg", "content": "// Detect It Easy: detection rule file\r\n// Author: horsicq \r\n\r\nmeta(\"operation system\", \"OS/2\");\r\n\r\nfunction detect() {\r\n if (LX.isVerbose()) {\r\n sName = LX.getOperationSystemName();\r\n sVersion = LX.getOperationSystemVersion();\r\n sOptions = LX.getOperationSystemOptions();\r\n\r\n bDetected = true;\r\n }\r\n\r\n return result();\r\n}\r\n" }, { "path": "db/LX/_init", "content": "// Detect It Easy: DiE-JS framework file\r\n// Don't change anything unless you're sure about what you're doing\r\n\r\nvar File = LX;\r\nvar X = LX;" }, { "path": "db/LX/compiler_Borland_C.4.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"compiler\", \"Borland C++\");\n\nfunction detect() {\n if (LX.compareEP(\"8b4424..a3........5868........50e8........e9$$$$$$$$558bec83ec..535756e8........68\")) {\n sVersion = \"1992\";\n } else if (LX.compareEP(\"8b4424..a3........5868........50e9$$$$$$$$558bec83ec..53575668........ff35\")) {\n sVersion = \"1992\";\n }\n\n bDetected = bDetected || Boolean(sVersion) || Boolean(sOptions);\n\n sLang = \"C/C++\";\n\n return result();\n}" }, { "path": "db/LX/compiler_Watcom_C.4.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"compiler\", \"Watcom C/C++\");\n\nfunction detect() {\n if (LX.compareEP(\"e9$$$$$$$$535152565783ec..e8........8b5c24..a3........894424..eb\")) {\n sOptions = \"1988-95\";\n } else if (LX.compareEP(\"e9$$$$$$$$535152565783ec..8b7424..83c724....74..e8\")) {\n sOptions = \"1988-95\";\n } else if (LX.compareEP(\"e9$$$$$$$$53515283ec..b8........8b4c24..8b5c24..8b5424..e8........89e0\")) {\n sOptions = \"1988-95\";\n } else if (LX.compareEP(\"e9$$$$$$$$535152565783ec..8b7424..837c24....74..e8\")) {\n sOptions = \"1988-95\";\n } else if (LX.compareEP(\"e9$$$$$$$$535152565781ec........8bb424........83bc24..........74..e8\")) {\n sOptions = \"1988-95\";\n } else if (LX.compareEP(\"e9$$$$$$$$5351525657558b5c24..8b7424..85f674..5653e8........8b15\")) {\n sOptions = \"1988-94\";\n } else if (LX.compareEP(\"e9$$$$$$$$53515283ec..837c24....74..e8........ba........89c3\")) {\n sOptions = \"1988-94\";\n } else if (LX.compareEP(\"e9$$$$$$$$53575581ec........8b9c24........8b9424........85d274..5253\")) {\n sOptions = \"1988-94\";\n } else if (LX.compareEP(\"e9$$$$$$$$535657558b5c24..8b7424..85f674..5653e8........8b15\")) {\n sOptions = \"1988-94\";\n } else if (LX.compareEP(\"e9$$$$$$$$535152575581ec........8b9c24........8b9424........85d274..5253\")) {\n sOptions = \"1988-94\";\n } else if (LX.compareEP(\"e9$$$$$$$$5351525657558b5c24..8b7424..85f674..8b15........83fa..7e..8d5a..31c0891d\")) {\n sOptions = \"1988-2002\";\n } else if (LX.compareEP(\"eb$$e9$$$$$$$$51525589e550508b45..eb..89d08d50..8038..75..8b45..a3........8915\")) {\n sName = \"Watcom C 386\";\n sOptions = \"1989, 1992\";\n } else if (LX.compareEP(\"eb$$e9$$$$$$$$51525589e5837d....74..e8........89c2e8........89d0\")) {\n sName = \"Watcom C 386\";\n sOptions = \"1989, 1992\";\n } else if (LX.compareEP(\"e9$$$$$$$$535657558b5c24..8b7424..85f674..8b15........83fa..7e..8d5a..31c0\")) {\n sName = \"Open Watcom C/C++\";\n sOptions = \"1988-2002\";\n } else if (LX.compareEP(\"e9$$$$$$$$535152565589e583ec..b8........e8........a1........83c0..24..31d2\")) {\n sName = \"Open Watcom C/C++\";\n sOptions = \"1988-2002\";\n } else if (LX.compareEP(\"e9$$$$$$$$53515257c8......8b5d..837d....0f84........833d..........7e..ff\")) {\n sName = \"Open Watcom C/C++\";\n sOptions = \"1988-2002\";\n }\n\n bDetected = bDetected || Boolean(sVersion) || Boolean(sOptions);\n\n sLang = \"C/C++\";\n\n return result();\n}" }, { "path": "db/MACH/_MACH.0.sg", "content": "// Detect It Easy: detection rule file\r\n// Author: horsicq \r\n\r\nmeta(\"operation system\", \"macOS\");\r\n\r\nfunction detect() {\r\n if (MACH.isVerbose()) {\r\n sName = MACH.getOperationSystemName();\r\n sVersion = MACH.getOperationSystemVersion();\r\n sOptions = MACH.getOperationSystemOptions();\r\n\r\n bDetected = true;\r\n }\r\n\r\n return result();\r\n}\r\n" }, { "path": "db/MACH/_init", "content": "// Detect It Easy: DiE-JS framework file\r\n// Don't change anything unless you're sure about what you're doing\r\n\r\nvar File = MACH;\r\nvar X = MACH;" }, { "path": "db/MACH/compiler_Delphi.4.sg", "content": "// Detect It Easy: detection rule file\r\n// Author: horsicq \r\n\r\nmeta(\"compiler\", \"Delphi\");\r\n\r\nfunction detect() {\r\n var nSection = MACH.getSectionNumber(\"__rodata\");\r\n if (nSection != -1) {\r\n var nOffset = MACH.findSignature(ACH.getSectionFileOffset(nSection), MACH.getSectionFileSize(nSection), \"'TObject'\");\r\n if (nOffset != -1) {\r\n sName = \"Embarcadero Delphi\";\r\n sVersion = \"XE2-XE6\"\r\n bDetected = true;\r\n }\r\n }\r\n\r\n sLang = \"Delphi\";\r\n\r\n return result();\r\n}\r\n" }, { "path": "db/MACH/compiler_Rust.4.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"compiler\", \"Rust\");\n\nfunction detect() {\n\n //x86-64\n if (MACH.compareEP(\"554889e5415741564154534883ec..31ffbe........31c0e8........83f8\")) {\n bDetected = true;\n } else if (MACH.compareEP(\"554889e54883ec..4889f14863d7488d05........488945..488d35........488d7df84531c0\")) {\n bDetected = true;\n } else if (MACH.compareEP(\"554889e5415741564154534881ec........31ffbe........31c0e8........83f8\")) {\n bDetected = true;\n } else if (MACH.compareEP(\"554889e541574156534881ec........31ffbe........31c0e8........83f8\")) {\n bDetected = true;\n } else if (MACH.compareEP(\"554889e541574156534883ec..31ffbe........31c0e8........83f8\")) {\n bDetected = true;\n }\n\n //ARM64\n if (MACH.compareEP(\"ff8300d1fd7b01a9fd430091e30301aa027c4093\")) {\n bDetected = true;\n } else if (MACH.compareEP(\"ff....d1fc6f..a9fa67..a9f85f..a9f657..a9f44f..a9\")) {\n bDetected = true;\n } else if (MACH.compareEP(\"ffc303d1fa670aa9f85f0ba9f6570ca9f44f0da9fd7b0ea9\")) {\n bDetected = true;\n } else if (MACH.compareEP(\"ff8302d1f85f06a9f65707a9f44f08a9fd7b09a9fd430291\")) {\n bDetected = true;\n }\n\n sLang = \"Rust\";\n\n return result();\n}" }, { "path": "db/MACH/compiler_Zig.4.sg", "content": "// Detect It Easy: detection rule file\r\n// Author: horsicq \r\n\r\nmeta(\"compiler\", \"Zig\");\r\n\r\nfunction detect() {\r\n if ((MACH.isSectionNamePresent(\"__cstring\")) && (MACH.isDeepScan())) {\r\n var nIndex = MACH.getSectionNumber(\"__cstring\");\r\n\r\n bDetected = MACH.findSignature(\r\n MACH.getSectionFileOffset(nIndex),\r\n MACH.getSectionFileSize(nIndex),\r\n \"5a49475f44454255475f434f4c4f52\"); // ANSI ZIG_DEBUG_COLOR\r\n }\r\n\r\n sLang = \"Zig\";\r\n\r\n return result();\r\n}\r\n" }, { "path": "db/MACH/compiler_gcc.4.sg", "content": "// Detect It Easy: detection rule file\r\n// Author: horsicq \r\n\r\nmeta(\"compiler\", \"gcc\");\r\n\r\nfunction detect() {\r\n /* if(MACH.isLibraryPresent(\"libstdc++.6.dylib\"))\r\n {\r\n sOptions=\"libstdc++\";\r\n bDetected=1;\r\n }\r\n else if(MACH.isLibraryPresent(\"libc++.1.dylib\"))\r\n {\r\n sOptions=\"C++\";\r\n bDetected=1;\r\n }\r\n else if(MACH.isLibraryPresent(\"libgcc_s.1.dylib\"))\r\n {\r\n sOptions=\"C/C++\";\r\n bDetected=1;\r\n }\r\n else if(MACH.isLibraryPresent(\"libobjc.A.dylib\"))\r\n {\r\n sOptions=\"Objective-C\";\r\n bDetected=1;\r\n } */\r\n\r\n if (MACH.isLibraryPresent(\"libgcc_s.1.dylib\")) {\r\n sOptions = \"C/C++\";\r\n bDetected = true;\r\n }\r\n\r\n sLang = \"C/C++\";\r\n\r\n return result();\r\n}\r\n" }, { "path": "db/MACH/library_Carbon.3.sg", "content": "// Detect It Easy: detection rule file\r\n// Author: horsicq \r\n\r\nmeta(\"library\", \"Carbon\");\r\n\r\nfunction detect() {\r\n if (MACH.isLibraryPresent(\"Carbon\")) {\r\n bDetected = true;\r\n } else if (MACH.isLibraryPresent(\"CarbonCore\")) {\r\n bDetected = true;\r\n }\r\n\r\n return result();\r\n}\r\n" }, { "path": "db/MACH/library_Cocoa.3.sg", "content": "// Detect It Easy: detection rule file\r\n// Author: horsicq \r\n\r\nmeta(\"library\", \"Cocoa\");\r\n\r\nfunction detect() {\r\n if (MACH.isLibraryPresent(\"Cocoa\")) {\r\n bDetected = true;\r\n }\r\n\r\n return result();\r\n}\r\n" }, { "path": "db/MACH/library_QT.3.sg", "content": "// Detect It Easy: detection rule file\r\n// Author: horsicq \r\n\r\nmeta(\"library\", \"QT\");\r\n\r\nfunction getVersion() {\r\n var current = MACH.getLibraryCurrentVersion(\"QtCore\");\r\n\r\n return ((current >> 16) & 0xFF) + \".\" + ((current >> 8) & 0xFF) + \".\" + (current & 0xFF);\r\n}\r\n\r\nfunction detect() {\r\n if (MACH.isLibraryPresent(\"QtCore\")) {\r\n sVersion = getVersion();\r\n bDetected = true;\r\n }\r\n\r\n return result();\r\n}\r\n" }, { "path": "db/MACH/library_WebKit.3.sg", "content": "// Detect It Easy: detection rule file\r\n// Author: horsicq \r\n\r\nmeta(\"library\", \"WebKit\");\r\n\r\nfunction detect() {\r\n if (MACH.isLibraryPresent(\"WebKit\")) {\r\n bDetected = true;\r\n }\r\n\r\n return result();\r\n}\r\n" }, { "path": "db/MACH/library_java.3.sg", "content": "// Detect It Easy: detection rule file\r\n// Author: horsicq \r\n\r\nmeta(\"library\", \"Java Runtime\");\r\n\r\nfunction detect() {\r\n if (MACH.isLibraryPresent(\"libjava.dylib\")) {\r\n bDetected = true;\r\n } else if (MACH.isLibraryPresent(\"libjvm.dylib\")) {\r\n bDetected = true;\r\n }\r\n\r\n sLang = \"Java\";\r\n\r\n return result();\r\n}\r\n" }, { "path": "db/MACH/packer_UPX.2.sg", "content": "// Detect It Easy: detection rule file\r\n// Author: horsicq \r\n\r\nmeta(\"packer\", \"UPX\");\r\n\r\nfunction detect() {\r\n if (MACH.getNumberOfSections() == 2) {\r\n var nOffset = MACH.findString(0, MACH.getSize(), \"$Id: UPX\");\r\n if (nOffset != -1) {\r\n sVersion = MACH.getString(nOffset + 9, 4);\r\n bDetected = true;\r\n }\r\n }\r\n\r\n return result();\r\n}\r\n" }, { "path": "db/MACH/packer_Virbox.2.sg", "content": "// Detect It Easy: detection rule file\n// Author: Vito <@ScalletaZ>\n\nmeta(\"packer\", \"Virbox\");\n\nfunction detect() {\n if (MACH.getSectionNumber(\"__vdata\") != -1) {\n sVersion = \"Virbox Protector\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/MACHOFAT/_MACHOFAT.0.sg", "content": "// Detect It Easy: detection rule file\r\n// Author: horsicq \r\n\r\nmeta(\"operation system\", \"macOS\");\r\n\r\nfunction detect() {\r\n if (MACHOFAT.isVerbose()) {\r\n sName = MACHOFAT.getOperationSystemName();\r\n sVersion = MACHOFAT.getOperationSystemVersion();\r\n sOptions = MACHOFAT.getOperationSystemOptions();\r\n\r\n bDetected = true;\r\n }\r\n\r\n return result();\r\n}\r\n" }, { "path": "db/MACHOFAT/_init", "content": "// Detect It Easy: DiE-JS framework file\r\n// Don't change anything unless you're sure about what you're doing\r\n\r\nvar File = MACHOFAT;\r\nvar X = MACHOFAT;" }, { "path": "db/MACHOFAT/converter_lipo.2.sg", "content": "// Detect It Easy: detection rule file\r\n// Author: horsicq \r\n\r\nmeta(\"converter\", \"lipo\");\r\n\r\nfunction detect() {\r\n bDetected = true; // Always true\r\n\r\n return result();\r\n}\r\n" }, { "path": "db/MFC", "content": "// Detect It Easy: DiE-JS framework file\r\n// Don't change anything unless you're sure about what you're doing\r\n\r\n// MFC is tested twice - as a library and as a compiler (to distinguish C from\r\n// C++). Detect it once here.\r\n\r\nvar aMFC;\r\n\r\nif (!aMFC && PE) {\r\n aMFC = PE.isLibraryPresentExp(/^MFC(\\d+?)(u?)(d?)\\.dll/i);\r\n if (!aMFC) {\r\n if (PE.section[\".data\"] &&\r\n PE.isSignatureInSectionPresent(PE.section[\".data\"].Number, \"'CMFCComObject'\")) {\r\n aMFC = 1;\r\n }\r\n }\r\n}" }, { "path": "db/MSDOS/ACE.6.sg", "content": "// Detect It Easy: detection rule file\r\n// Author: Jason Hood \r\n\r\nincludeScript(\"ACE\");\r\n\r\nfunction detect() {\r\n detect_ACE(0);\r\n\r\n return result();\r\n}" }, { "path": "db/MSDOS/Adys_COM2EXE.1.sg", "content": "// Detect It Easy: detection rule file\r\n// Author: horsicq \r\n\r\nmeta(\"converter\", \"Ady`s COM2EXE\");\r\n\r\nfunction detect() {\r\n if (MSDOS.compare(\"'Ady'27\", 28)) {\r\n bDetected = true;\r\n }\r\n\r\n return result();\r\n}\r\n" }, { "path": "db/MSDOS/Adys_Glue.2.sg", "content": "// Detect It Easy: detection rule file\r\n// Author: horsicq \r\n\r\nmeta(\"protector\", \"Ady`s Glue\");\r\n\r\nfunction detect() {\r\n if (MSDOS.compareEP(\"2E........0E1FBF....33DB33C0AC\")) {\r\n sVersion = \"1.10\";\r\n bDetected = true;\r\n } else if (MSDOS.compareEP(\"2E8C06....0E0733C08ED8BE....BF....FCB9....56F3A51E075F\")) {\r\n sVersion = \"0.10\";\r\n bDetected = true;\r\n }\r\n\r\n return result();\r\n}\r\n" }, { "path": "db/MSDOS/Anti-hack_encryption_system.2.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"protector\", \"Anti-hack encryption system\");\n\nfunction detect() {\n if (MSDOS.compareEP(\"eb$$bd....33c08ec026c706........268c0e....8b46..26a3....268c0e....0e07\")) {\n sOptions = \"by Rezaul Kabir //Shuvro\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/MSDOS/Aztec_C-86.4.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"compiler\", \"Aztec C-86\");\n\nfunction detect() {\n if (MSDOS.compareEP(\"bd....85ed75..8cdd2e8c1e....8b1e....2bdd81fb....76..8d9e....8cc02bd8b4..cd21bb....8ec5\")) {\n sVersion = \"3.40\";\n sOptions = \"1988\";\n bDetected = true;\n } else if (MSDOS.compareEP(\"bd....85ed75..b8....e9....2e8c1e....8ec5268c1e....bd....83c5..d1ddb1..d3ed81e5....8cc2\")) {\n sVersion = \"3.40b\";\n sOptions = \"1986\";\n bDetected = true;\n } else if (MSDOS.compareEP(\"bd....85ed75..8cdd8b1e....2bdd81fb....76..8d9e....8cc02bd8b4..cd21bb....8ec5268c1e....b1..d3e3\")) {\n sVersion = \"5.2a\";\n sOptions = \"1992\";\n bDetected = true;\n } else if (MSDOS.compareEP(\"bd....85ed75..b8....50e8....8ec5268c1e....bd....83c5..d1ddb1..d3ed81e5....8cc203ea268b1e....d3eb\")) {\n sVersion = \"5.2a\";\n sOptions = \"1992\";\n bDetected = true;\n } else if (MSDOS.compareEP(\"bd....85ed75..b8....509a........8ec5268c1e....bd....83c5..d1ddb1..d3ed81e5....8cc203ea268b1e....d3eb\")) {\n sVersion = \"5.2a\";\n sOptions = \"1992\";\n bDetected = true;\n } else if (MSDOS.compareEP(\"bd....85ed75..b0..e9....2e8c1e....8ec5268c1e....bd....83c5..d1ddb1..d3ed81e5....8cc203ea268b1e....d3eb\")) {\n sVersion = \"5.2a\";\n sOptions = \"1992\";\n bDetected = true;\n } else if (MSDOS.compareEP(\"b8....8ed82e80........ba....75..e8....3d....75..e9$$$$8cc38edb2e891e....be....8a0c80f9..74..80f9..7e\")) {\n sVersion = \"3.20X\";\n bDetected = true;\n } else if (MSDOS.compareEP(\"eb$$3d....74..eb$$2ec606......502e891e....2e890e....2e8916....8cd82ea3....8cc02ea3....2e8936\")) {\n sVersion = \"3.20X\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/MSDOS/BlackWolf_Protection.2.sg", "content": "// Detect It Easy: detection rule file\r\n// Author: horsicq \r\n\r\nmeta(\"protector\", \"BlackWolf Protection\");\r\n\r\nfunction detect() {\r\n if (MSDOS.compareEP(\"061e0e0e071fbe....b9....871481c2....53e8\")) {\r\n sOptions = \"1996 by p.q.\";\r\n bDetected = true;\r\n }\r\n\r\n return result();\r\n}\r\n" }, { "path": "db/MSDOS/Black_fist.2.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"packer\", \"BlacK FiST\");\n\nfunction detect() {\n if (MSDOS.compareEP(\"eb$$061ee8....1f072ea1....2e8b1e....8cd12e2b0e....fa8ed1fb5053cb\")) {\n sOptions = \"1993\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/MSDOS/Borland_C.4.sg", "content": "// Detect It Easy: detection rule file\n// Author: Jason Hood \n\nmeta(\"compiler\", \"Borland C/C++\");\n\nfunction detect() {\n var nOffset = 0;\n if (MSDOS.compareEP(\"FB\")) {\n nOffset = 1;\n }\n if (MSDOS.compareEP(\"BA....2E8916....B430CD218B2E02008B1E2C008EDA\", nOffset)) {\n var nDataSeg = MSDOS.readWord(MSDOS.getEntryPointOffset(nOffset + 1));\n nOffset = MSDOS.addressToOffset(nDataSeg);\n bDetected = true;\n } else if (MSDOS.compareEP(\"8CCA2E8916....B430CD218B2E02008B1E2C008EDAA3\")) {\n var nDataOfs = MSDOS.readWord(MSDOS.getEntryPointOffset(22));\n nOffset = MSDOS.addressToOffset(0, nDataOfs - 120);\n bDetected = true;\n }\n nOffset = MSDOS.findString(nOffset, 64, \" - Copyright \");\n if (nOffset != -1) {\n sVersion = MSDOS.getString(nOffset + 13, 4);\n if (MSDOS.compare(\"43\", nOffset - 1)) {\n sName = \"Turbo C\";\n if (sVersion == \"(c) \") {\n sVersion = MSDOS.getString(nOffset + 17, 4);\n }\n } else if (MSDOS.compare(\"'Turbo'\", nOffset - 9)) {\n sName = \"Turbo C/C++\";\n } else if (sVersion == \"1991\") {\n sVersion = \"3.1\";\n } else if (sVersion == \"1994\") {\n sVersion = \"4.X\";\n }\n bDetected = true;\n }\n if (MSDOS.compareEP(\"b4..cd103c..74..b8....cd10ba....2e8916....8b2e....8b1e....8eda8c06....891e....892e....a1\")) {\n sVersion = \"1991\";\n bDetected = true;\n } else if (MSDOS.compareEP(\"ba....2e8916....b430cd218b2e....8b1e....8edaa3....8c06....891e....892e....e8\")) {\n sVersion = \"1991\";\n bDetected = true;\n } else if (MSDOS.compareEP(\"ba....2e8916....b430cd218b2e....8b1e....8edaa3....8c06....891e....892e....c43e....8bc78bd8\")) {\n sVersion = \"1988\";\n bDetected = true;\n } else if (MSDOS.compareEP(\"BA....2E89......B4..CD218B......8B......8EDAA3....8C......89......89......C7..........E8....C4......8bc78bd8b9....26........75\")) {\n sName = \"Turbo C\";\n sVersion = \"1988\";\n bDetected = true;\n } else if (MSDOS.compareEP(\"BA....2E89......B4..CD218B......8B......8EDAA3....8C......89......89......8cd22bea8b3e....81ff....73..bf....893e....b1\")) {\n sName = \"Turbo C\";\n sVersion = \"1988\";\n bDetected = true;\n } else if (MSDOS.compareEP(\"BA....2E89......B4..CD218B......8B......8EDAA3....8C......89......53E8....0733FF2BDB8BC3B9....FCF2AEE3..4326......75..80\")) {\n sName = \"Turbo C\";\n sVersion = \"1990\";\n bDetected = true;\n } else if (MSDOS.compareEP(\"FBBA....2E89......B430CD218B......8B......8EDAA3....8C......89......89......C706........E8....C4......8BC78BD8B9....2681\")) {\n sName = \"Turbo C\";\n sVersion = \"1987\";\n bDetected = true;\n } else if (MSDOS.compareEP(\"FB8cca2E89......B430CD218B......8B......8EDAA3....8C......89......89......C706........E8....C4......8BC78BD8B9....2681\")) {\n sName = \"Turbo C\";\n sVersion = \"1987\";\n bDetected = true;\n } else if (MSDOS.compareEP(\"BA....2E89......B430CD218B......8B......8EDAA3....8C......89......89......C706........8ec333c0b9....8bf88bd82681......75\")) {\n sName = \"Turbo C\";\n sVersion = \"1987\";\n bDetected = true;\n } else if (MSDOS.compareEP(\"8cca2E89......B430CD218B......8B......8EDAA3....8C......89......89......C706\")) {\n sName = \"Turbo C\";\n sVersion = \"1988\";\n bDetected = true;\n } else if (MSDOS.compareEP(\"8cca2E89......B430CD218B......8B......8EDAA3....8C......89......89......E8\")) {\n sName = \"Turbo C\";\n sVersion = \"1990\";\n bDetected = true;\n } else if (MSDOS.compareEP(\"8cd8bb....8edb8cd38bccfa8e16....bc....fbe8....fa8ed38be1fbea\")) {\n sName = \"Turbo C\";\n sVersion = \"1988\";\n bDetected = true;\n }\n\n sLang = sName.indexOf(\"C++\") !== -1 ? \"C\" : \"C++\";\n\n return result();\n}" }, { "path": "db/MSDOS/Borland_Pascal.4.sg", "content": "// Detect It Easy: detection rule file\r\n// Author: horsicq \r\n\r\nmeta(\"compiler\", \"Borland Pascal\");\r\n\r\nfunction detect() {\r\n if (MSDOS.compareEP(\"9AFFFF00009AFFFF00005589E531C09AFFFF0000\")) {\r\n sVersion = \"7.0*\";\r\n bDetected = true;\r\n } else if (MSDOS.compareEP(\"B8....BB....8ED08BE38CD88EC00E1FA1....25....A3....E8....833E......75\")) {\r\n sVersion = \"7.0*\";\r\n sOptions = \"Protected Mode\";\r\n bDetected = true;\r\n } else if (MSDOS.compareEP(\"B8....8ED88C......8CD38CC02BD88BC405....C1....03D8B4..CD210E\")) {\r\n sVersion = \"7.0*\";\r\n bDetected = true;\r\n } else if (MSDOS.compareEP(\"9a########ba....8eda8c06....33ed8bc405....b1..d3e88cd203c2a3....a3\")) {\r\n sVersion = \"7.0\";\r\n bDetected = true;\r\n } else if (MSDOS.compareEP(\"9a########ba....8eda8c06....33ede8....e8....8bc405....b1..d3e88cd203c2a3....a3....0306....a3....a3....a3....a3....8e06....26a1....a3....c706\")) {\r\n sVersion = \"6.0\";\r\n bDetected = true;\r\n } else if (MSDOS.compareEP(\"9a########06ba....8eda268b3e....8ec25b8bef83ed..1eb8....8ed8b9....2bc8d1e1\")) {\r\n sVersion = \"6.0-7.0\";\r\n bDetected = true;\r\n } else if (MSDOS.compareEP(\"9a########ba....8eda8c06....8bc405....a3....8c16....05....b1..d3e88cd203c2a3....a3\")) {\r\n sVersion = \"6.0-7.0\";\r\n bDetected = true;\r\n } else if (MSDOS.compareEP(\"9a########ba....8edae8....8c06....33ed8bc405....b1..d3e88cd203c2c706\")) {\r\n sVersion = \"6.0-7.0\";\r\n bDetected = true;\r\n } else if (MSDOS.compareEP(\"9a########5589e50ee8$$$$5589e583ec..31c0\")) {\r\n sVersion = \"6.0-7.0\";\r\n bDetected = true;\r\n } else if (MSDOS.compareEP(\"9a########ba....8eda8c06....8bc405....b1..d3e88cd203c2a3....a3....26a1....2d....a3....c706\")) {\r\n sVersion = \"4.0-6.0\";\r\n sOptions = \"1987\";\r\n bDetected = true;\r\n } else if (MSDOS.compareEP(\"9a########54583bc475..9c585080cc..509d9c589d80e4..75..bb....e8....b8....cd21ba....8eda\")) {\r\n sVersion = \"6.0-7.0\";\r\n sOptions = \"1992 by Borland & Eagle Performance Software\";\r\n bDetected = true;\r\n } else if (MSDOS.compareEP(\"9a........5589e5bf....0e57e8$$$$f9\")) {\r\n sName = \"Turbo Pascal\";\r\n sVersion = \"6.0-7.0\";\r\n bDetected = true;\r\n } else if (MSDOS.compareEP(\"9a########b8....8ed88c06....cb\")) {\r\n sName = \"Turbo Pascal\";\r\n sVersion = \"6.0-7.0\";\r\n bDetected = true;\r\n } else if (MSDOS.compareEP(\"9a########ba....8eda8c06....b430cd2186c43d....73..0e1f\")) {\r\n sName = \"Turbo Pascal\";\r\n sVersion = \"6.0-7.0\";\r\n bDetected = true;\r\n } else if (MSDOS.compareEP(\"31ed9a########2e8e1e....b451cd21891e....803e......74..f706........74..e8\")) {\r\n sName = \"Turbo Pascal\";\r\n sVersion = \"6.0-7.0\";\r\n bDetected = true;\r\n }\r\n if (MSDOS.compareEP(\"9a########f860f972..8bdc36c51f83c3..807f....74..807f\")) {\r\n sName = \"Turbo Pascal\";\r\n sVersion = \"6.0-7.0\";\r\n bDetected = true;\r\n } else if (MSDOS.compareEP(\"9A0000\")) {\r\n var nDataSeg = MSDOS.readWord(MSDOS.getEntryPointOffset(3));\r\n var nOffset = MSDOS.addressToOffset(nDataSeg);\r\n nOffset = MSDOS.findSignature(nOffset, Math.min(1024, MSDOS.getSize() - nOffset),\r\n \"'Portions Copyr ight (c) 1983,9'..' Borland'\");\r\n if (nOffset != -1) {\r\n switch (MSDOS.getString(nOffset + 29, 1)) {\r\n case \"0\":\r\n sVersion = \"5.0\";\r\n sName = \"Turbo Pascal\";\r\n break; // guess\r\n case \"1\":\r\n sVersion = \"6.0\";\r\n sName = \"Turbo Pascal\";\r\n break; // guess\r\n case \"2\":\r\n sVersion = \"7.0\";\r\n break;\r\n }\r\n bDetected = true;\r\n }\r\n }\r\n\r\n sLang = \"Pascal\";\r\n\r\n return result();\r\n}\r\n" }, { "path": "db/MSDOS/Borland_RTM.0a.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"extender\", \"Borland RTM DPMI loader\");\n\nfunction getBLVersion() {\n var sResult = \"\";\n\n var nOffset = MSDOS.findString(0, MSDOS.getSize(), \"RTM loader version\")\n\n if (nOffset != -1) {\n sResult = MSDOS.getString(nOffset + 19);\n sResult = sResult.substr(0, sResult.indexOf(' '));\n }\n\n return sResult;\n}\n\nfunction detect() {\n if (MSDOS.compareEP(\"b8....8ed8b8....bb....8ed08be38926....0626......8ec0263b......74..e9\")) {\n sVersion = \"1.0-1.5\";\n bDetected = true;\n }\n\n if (bDetected) {\n var sBL = getBLVersion();\n if (sBL) {\n sVersion = sBL;\n }\n }\n\n return result();\n}" }, { "path": "db/MSDOS/Borland_TDS.5.sg", "content": "// Detect It Easy: detection rule file\r\n// Author: horsicq \r\n\r\nmeta(\"debug\", \"Borland TLINK Symbol Table Present\");\r\n\r\nfunction detect() {\r\n if (MSDOS.compareOverlay(\"FB52\")) {\r\n var offset = MSDOS.getOverlayOffset();\r\n var minor = MSDOS.readByte(offset + 0x2);\r\n var major = MSDOS.readByte(offset + 0x3);\r\n var minorStr = ((minor >> 4) * 10 + (minor & 0x0F)).toString();\r\n var majorStr = ((major >> 4) * 10 + (major & 0x0F)).toString();\r\n sVersion = majorStr + \".\" + minorStr;\r\n\r\n sOptions = \"TDS\";\r\n bDetected = true;\r\n }\r\n\r\n return result();\r\n}\r\n" }, { "path": "db/MSDOS/Borland_TLINK.5.sg", "content": "// Detect It Easy: detection rule file\r\n// Author: horsicq \r\n\r\nmeta(\"linker\", \"Borland TLINK\");\r\n\r\nfunction detect() {\r\n var nVer = MSDOS.readWord(0x1E);\r\n if ((nVer & 0xFF) == 0xFB) {\r\n sVersion = ((nVer >> 8) / 16).toFixed(1);\r\n bDetected = true;\r\n }\r\n\r\n return result();\r\n}\r\n" }, { "path": "db/MSDOS/CSCRYPT_Pro.2.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"protector\", \"CSCRYPT Pro\");\n\nfunction detect() {\n if (MSDOS.compareEP(\"8d36....565f81ef....b8....81ef....81c0....81f7....2e2935474781c6....e9\")) {\n sVersion = \"3.30/386\";\n sOptions = \"1995-97 by Christian Schwarz\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/MSDOS/Concurrent_Small_C.4.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"compiler\", \"Concurrent Small C\");\n\nfunction detect() {\n if (MSDOS.compareEP(\"b8....8ed826a1....2d....80fc..72..9090b8....b1..d3e0fa8cdb8ed38be050fbb8....2d....d3e08bd8fec7fec73b..72..9090\")) {\n sVersion = \"1.0\";\n sOptions = \"1996 by Andy Yuen\";\n bDetected = true;\n }\n\n sLang = \"C\";\n\n return result();\n}" }, { "path": "db/MSDOS/CopyQM_SFX.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"sfx\", \"CopyQM SFX\");\n\nfunction detect() {\n if (MSDOS.compareEP(\"e9$$$$b8....8ec0a1....26a3....268c1e\")) {\n if (MSDOS.compareOverlay(\"'TX'\")) {\n sVersion = \"3.24\";\n sOptions = \"1996 by Sydex\";\n bDetected = true;\n }\n }\n\n return result();\n}" }, { "path": "db/MSDOS/Crypt_(Dismember).2.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"cryptor\", \"Cryptor by Dismember\");\n\nfunction detect() {\n if (MSDOS.compareEP(\"1E8CDA83....8EDA8EC2BB....BA....85D274..B4..33FF33F6B9....AC32C4C0....02..2E........AAE2\")) {\n sVersion = \"1.3\";\n bDetected = true;\n } else if (MSDOS.compareEP(\"0E179C58F6....74..E9....1EB0..E6..8CDA83....8EDA8EC2BB....BA....85D274..B4..33FF33F6B9\")) {\n sVersion = \"1.7\";\n bDetected = true;\n } else if (MSDOS.compareEP(\"0E179C58F6....74..EB$$b0..e6..33c9e2..b430cd213c..73..33c00650cb\")) {\n sVersion = \"1.7\";\n bDetected = true;\n } else if (MSDOS.compareEP(\"fa061e8cdd83c5..2e012e....2e012e....e8....e8....1f072e8e16....2e8b26....fb2eff2e\")) {\n sVersion = \"2.0\";\n bDetected = true;\n } else if (MSDOS.compareEP(\"e9$$$$bf....8bf7acad918ae157ac32c4f6d0d0c412e1aae2\")) {\n sVersion = \"2.0\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/MSDOS/Crypt_(LightShow).2.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"protector\", \"Crypt by LightShow //ECLIPSE\");\n\nfunction detect() {\n if (MSDOS.compareEP(\"e9$$$$eb$$8cc8fa8ed0bc....fb8cc0bb....83e8..8ed833f64b8ccd8cc02ea3....33c08ec026a1....2ea3....26a1\")) {\n sVersion = \"1.21\";\n bDetected = true;\n } else if (MSDOS.compareEP(\"eb$$8cc883e8..8ed833f68ccb8cc02ea3....2bc08ec08bf8b9....26ff36....26ff36....26894d..26895d..b9\")) {\n sVersion = \"1.15\";\n bDetected = true;\n } else if (MSDOS.compareEP(\"e9$$$$eb$$8cc8fa8ed0bc....8cc0bb....83e8..8ed833f64b8ccd8cc02ea3....5333c08ec0268c0e....26c706........1f\")) {\n sVersion = \"1.20\";\n bDetected = true;\n } else if (MSDOS.compareEP(\"eb$$8cc8fa8ed0bc....fb8cc0bb....83e8..8ed833f64b8ccd8cc02ea3....33c08ec026a1....2ea3....26a1\")) {\n bDetected = true;\n } else if (MSDOS.compareEP(\"eb$$2e8b36....2e8974..8ccb8cc02e8944..2bc08ec08ed88bf82e8b4c..81c1....6a..ff36....ff36....894d..895d\")) {\n sVersion = \"1.11\";\n sOptions = \"1994\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/MSDOS/DAEMON_Protect.2.sg", "content": "// Detect It Easy: detection rule file\r\n// Author: horsicq \r\n\r\nmeta(\"protector\", \"DAEMON Protect\");\r\n\r\nfunction detect() {\r\n if (MSDOS.compareEP(\"60609C8CC932C9E30C520F014C24FE5A83C20C8B1A9D61\")) {\r\n sVersion = \"0.6.7\";\r\n bDetected = true;\r\n }\r\n\r\n return result();\r\n}\r\n" }, { "path": "db/MSDOS/DOS32_loader.0a.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"loader\", \"DOS32 loader\");\n\nfunction detect() {\n if (MSDOS.compareEP(\"8cd88ccb2bd88bc4b1..d3e803d843b4..cd218e06....8cd80e1fa3....a3....a3....fc33c033ffeb\")) {\n sVersion = \"3.3\";\n sOptions = \"1995 by Adam Seychell\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/MSDOS/DOS_16M.0a.sg", "content": "// Detect It Easy: detection rule file\r\n// Author: hypn0 \r\n\r\nmeta(\"extender\", \"DOS/16M DOS Extender\");\r\n\r\nfunction detect() {\r\n if (MSDOS.compareEP(\"bf....8ed781c4....be....2bf73689......8bc6b1..d3e04836a3....be....468936....8cc32bdef7dbb44acd21368c......1607fcbf....b9....2bcf33c0\")) {\r\n sOptions = \"1991 by Rational Systems, Inc.\";\r\n bDetected = true;\r\n } else if (MSDOS.compareEP(\"bf....8ec78ed7bc....368c......ff36....268f......be....ac8ad8b7..88388b3e....4f8ec726a1....36f726....4836a3....8e06....33c08bc8f7d18bf8f2ae26\")) {\r\n sOptions = \"1994 by Tenberry Software Inc.\";\r\n bDetected = true;\r\n } else if (MSDOS.compareEP(\"bf....8ec78ed7bc....368c1e....ff36....368f06....be....ac8ad8b7..88388b3e....4f8ec726a1....36f726....4836a3....8e06....33c08bc8f7d18bf8f2ae26\")) {\r\n sOptions = \"1995 by Tenberry Software\";\r\n bDetected = true;\r\n } else if (MSDOS.compareEP(\"bf....8ec78ed7bc....368c1e....ff36....368f06....be....ac8ad8b7..883816078b3e....4f8ec726a1....36f726....4836a3....8e06....33c08bc8f7d18bf8f2ae26\")) {\r\n sOptions = \"1994 by Rational Systems, Inc.\";\r\n bDetected = true;\r\n } else if (MSDOS.compareEP(\"bf....8ec78ed7bc....368c1e....1607be....ac98508b3e....4f8ec726a1....c1e0..4836a3....8e06....33c08bc8f7d18bf8f2ae26\")) {\r\n sOptions = \"1993 by Rational Systems, Inc.\";\r\n bDetected = true;\r\n } else if (MSDOS.compareEP(\"bf....8ed781c4....be....2bf7368926....368926....8bc6b1..d3e04836a3....be....468936....8cc32bdef7dbb4..cd21\")) {\r\n sOptions = \"1989 by Rational Systems, Inc.\";\r\n bDetected = true;\r\n } else if (MSDOS.compareEP(\"BF....8ED781C4....BE....2BF78BC6B1..D3E04836A3....368926....BE....468936....8CC32BDEF7DBB4..CD21368C\")) {\r\n sOptions = \"1987-1992 by Rational Systems, Inc.\";\r\n bDetected = true;\r\n }\r\n\r\n return result();\r\n}" }, { "path": "db/MSDOS/DOS_32A.0a.sg", "content": "// Detect It Easy: detection rule file\r\n// Author: hypn0 \r\n\r\nmeta(\"extender\", \"DOS/32A DOS Extender\");\r\n\r\nfunction detect() {\r\n if (MSDOS.compareEP(\"fb0e1f8c1e....8c06....8c16....26a1....a3....fce8....e8....e8....8cd0268b36....05\")) {\r\n sVersion = \"R9-07.0101.2011\";\r\n sOptions = \"1996-98, 2002 by Narech Koumar (Supernar Systems, Ltd.)\";\r\n bDetected = true;\r\n } else if (MSDOS.compareEP(\"0e1f8cc08cd3a3....2bd88bc4d1e8d1e8\")) {\r\n sVersion = \"R8-07.0101.0076\";\r\n sOptions = \"1996-98, 2002 by Narech Koumar (Supernar Systems, Ltd.)\";\r\n bDetected = true;\r\n } else if (MSDOS.compareEP(\"0e1f8c1e....8c06....8c16....26a1....a3....fbfce8\")) {\r\n sVersion = \"04-20-06\";\r\n sOptions = \"1996-2006 by Narech Koumar (Supernar Systems, Ltd.)\";\r\n bDetected = true;\r\n }\n\n return result();\n}" }, { "path": "db/MSDOS/Digital_Research_C.4.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"compiler\", \"Digital Research C\");\n\nfunction detect() {\n if (MSDOS.compareEP(\"eb$$0e17bc....a1....8cdb0e1f891e....a3....8cc80306....a3....b9....2bdb8bf3bf....8cc803050306\")) {\n sVersion = \"1.1\";\n sOptions = \"1983\";\n bDetected = true;\n }\n\n sLang = \"C\";\n\n return result();\n}" }, { "path": "db/MSDOS/Disk_eXPress.1.sg", "content": "// Detect It Easy: detection rule file\r\n// Author: horsicq \r\n\r\nmeta(\"sfx\", \"Disk eXPress\");\r\n\r\nfunction detect() {\r\n if (MSDOS.compareOverlay(\"be9b8710415302\")) {\r\n if (MSDOS.compareEP(\"fca3....891e....49890e....bb....8c1f83e4..8967..b8....50\")) {\r\n sOptions = \"1991-93 by Albert J. Shan\";\r\n bDetected = true;\r\n }\r\n }\r\n\r\n return result();\r\n}\r\n" }, { "path": "db/MSDOS/EMMXXXX0_check.0a.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"extender\", \"EMMXXXX0 check by Symantec\");\n\nfunction detect() {\n if (MSDOS.compareEP(\"b8....cd213c..73..0e1fba....b409cd210633c050cb8cd88ccbfabc....8ed3fbfc8ec3bf....be....b9....fc\")) {\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/MSDOS/EXETools_COM2EXE.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"converter\", \"EXETools COM2EXE\");\n\nfunction detect() {\n if (MSDOS.compareEP(\"e800005d83ed..8cda2e8996....83c2..8eda8ec22e0196....60bb....ba....85d274..b4..33ff33f6b9....ac\")) {\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/MSDOS/EXE_Manager.2.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"protector\", \"EXE Manager\");\n\nfunction detect() {\n if (MSDOS.compareEP(\"b4301e06cd212ea3....bf....b9....33c02e....47e2..2e3b06....74..b8....cd1033c050cb\")) {\n sVersion = \"3.0\";\n sOptions = \"1994 by Solar Designer\";\n bDetected = true;\n } else if (MSDOS.compareEP(\"1e54583bc475..b43006cd212ea3....bf....8befb9....33c02e030547e2\")) {\n sVersion = \"4.0\";\n sOptions = \"1996 by Solar Designer\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/MSDOS/EXE_Packer.2.sg", "content": "// Detect It Easy: detection rule file\r\n// Author: horsicq \r\n\r\nmeta(\"packer\", \"EXE Packer\");\r\n\r\nfunction detect() {\r\n if (MSDOS.compareEP(\"1E068CC383....2E........B9....8CC88ED88BF14E8BFE\")) {\r\n sVersion = \"7.0\";\r\n bDetected = true;\r\n } else if (MSDOS.compareEP(\"EB$$1E068CC383....0E1F011E....011E....BE....B9....FCAD3BC174\")) {\r\n sVersion = \"7.0\";\r\n bDetected = true;\r\n }\r\n\r\n return result();\r\n}\r\n" }, { "path": "db/MSDOS/EXE_encryption.2.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"protector\", \"EXE encryption\");\n\nfunction detect() {\n if (MSDOS.compareEP(\"501e068cc88ed88ec0e8....5b81eb....2ae4be....03f3882446fec40ae475..8b87....ba....f7e28987\")) {\n sOptions = \"1992 by E.Akulow\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/MSDOS/Eliashim's_CodeTrack.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"protector\", \"Eliashim's CodeTrack\");\n\nfunction detect() {\n if (MSDOS.compareEP(\"e9$$$$502e8c06....33c08ec02ef606......74..26ff36\")) {\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/MSDOS/File_Shield.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"immunizer\", \"File Shield\");\n\nfunction detect() {\n if (MSDOS.compareEP(\"50b430cd213c..7d..e9....e8$$$$b8....bb....b9....ba....cd212ec706........81fb....75..2ec706........2e8916\")) {\n sVersion = \"1.2\";\n sOptions = \"by McAfee\";\n bDetected = true;\n }\n else if (MSDOS.compareEP(\"501eeb$$2ea1....2e8b1e....2e8b0e....ba....2e8916....e8$$$$535051cd12\")) {\n sVersion = \"1.5\";\n sOptions = \"by McAfee\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/MSDOS/Fitted_Modula-2.4.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"compiler\", \"Fitted Modula-2\");\n\nfunction detect() {\n if (MSDOS.compareEP(\"9a########558bec2e8e1e....a1....d1c873..8be55dca0000\")) {\n sVersion = \"2.0a\";\n sOptions = \"1988\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/MSDOS/GFX_to_EXE.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"converter\", \"GFX to EXE\");\n\nfunction detect() {\n if (MSDOS.compareEP(\"eb$$2ea1....3c..74..be....bd....8ccabf....83e7..bb....c1eb..03d32e8b1e....2e8b0e....8eda3c..75..30253c\")) {\n sVersion = \"2.0\";\n sOptions = \"by t-Rex\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/MSDOS/GamBit_Pro_Library.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"installer\", \"GamBit Pro Library\");\n\nfunction detect() {\n if (MSDOS.compareEP(\"ba....2e8916....b430cd218b2e....8b1e....8edaa3....8c06\") &&\n MSDOS.compareOverlay(\"'RS'000102\")) {\n sOptions = \"1994 by Nikita Ltd.\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/MSDOS/GameWizard_DOS_Extender.0a.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"extender\", \"GameWizard DOS Extender\");\n\nfunction detect() {\n if (MSDOS.compareEP(\"b430cd2186c43d....73..ba....e8....ba....b1..d3ea8cc803d08edafa8ed2bc....fb2e8916....2e8c06....368c0e....2e8c16....e8\")) {\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/MSDOS/Graphic_WorkShop.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"self-displayer\", \"Graphic WorkShop\");\n\nfunction detect() {\n if (MSDOS.compareEP(\"e9$$$$2ec706........b8....a9....74..25....bb....2bd8432e011e....e8\")) {\n sVersion = \"6.0-7.1\";\n sOptions = \"by Alchemy Mindworks Inc.\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/MSDOS/Guardian_Angel.2.sg", "content": "// Detect It Easy: detection rule file\r\n// Author: horsicq \r\n\r\nmeta(\"protector\", \"Guardian Angel\");\r\n\r\nfunction detect() {\r\n if (MSDOS.compareEP(\"068cc88ed88ec0fc......8be8e4210c..eb\")) {\r\n sVersion = \"1.0\";\r\n bDetected = true;\r\n } else if (MSDOS.compareEP(\"068CC88ED88EC0FCBF....EB\")) {\r\n sVersion = \"1.0\";\r\n bDetected = true;\r\n } else if (MSDOS.compareEP(\"068CC88ED88EC0FCBB....EB\")) {\r\n sVersion = \"1.0\";\r\n bDetected = true;\r\n } else if (MSDOS.compareEP(\"068CC88ED88EC0FCBE....EB\")) {\r\n sVersion = \"1.0\";\r\n bDetected = true;\r\n }\r\n\r\n return result();\r\n}\r\n" }, { "path": "db/MSDOS/H+BEDV_SelfCheck.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"immunizer\", \"H+BEDV SelfCheck\");\n\nfunction detect() {\n if (MSDOS.compareEP(\"1e0e1ffcbe....33d233dbb9....ac3287....3084....0294....80d6..fec3e2..3b16....75..b8....cd213d....8bc374..b430cd21ba\")) {\n sVersion = \"1.74-2.41\";\n sOptions = \"1993-94 by H+BEDV Datentechnik GmbH\";\n bDetected = true;\n } else if (MSDOS.compareEP(\"1e0e1fb8....cd213d....8bc374..b430cd21ba....3c..b8....72..fcbe....33d233dbb9....ac3287....3084....0294....80d6..fec3e2\")) {\n sVersion = \"1.10\";\n sOptions = \"1993 by H+BEDV Datentechnik GmbH\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/MSDOS/Header_Changer.2.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"other\", \"Header Changer\");\n\nfunction detect() {\n if (MSDOS.compareEP(\"8cdb81c3....53bb....53501e068cdb81c3....53bb\")) {\n sOptions = \"by Shay Lev Ary\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/MSDOS/Hi-Tech_C.4.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"compiler\", \"Hi-Tech C\");\n\nfunction detect() {\n if (MSDOS.compareEP(\"fcba....b1..d3ea8cc803c28ed88ed0268b1e....4b2bd8b8....f7c3....75..d3e38bc38be0be....b9....2bce32c0\")) {\n sVersion = \"3.06\";\n sOptions = \"1984-87 by HI-TECH Software\";\n bDetected = true;\n }\n\n sLang = \"C\";\n\n return result();\n}" }, { "path": "db/MSDOS/HyperLOCK_386.2.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"protector\", \"HyperLOCK 386\");\n\nfunction detect() {\n if (MSDOS.compareEP(\"e9$$$$fabf....b0..b9....2e8a2581ff....72..2e3005472ac4\")) {\n sVersion = \"1.00\";\n sOptions = \"1993 by Jayeson Lee-Steere\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/MSDOS/IBM_PC_Pascal.4.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n// http://www.edm2.com/index.php/IBM_PC_Pascal_Compiler\nmeta(\"compiler\", \"IBM PC Pascal\");\n\nfunction detect() {\n if (MSDOS.compareEP(\"b8....8ed88c06....fa8ed0268b1e....2bd881fb....7e..bb....d1e3\")) {\n sVersion = \"2.00\";\n sOptions = \"1984\";\n bDetected = true;\n } else if (MSDOS.compareEP(\"b8....8ed88bd08c06....268b1e....891e....2bd8f7c3....75..b1..d3e3\")) {\n sVersion = \"2.05\";\n sOptions = \"1987\";\n bDetected = true;\n } else if (MSDOS.compareEP(\"ba....b4..b0..8cc98ed9cd21\")) {\n sVersion = \"2.00\";\n sOptions = \"1984\";\n bDetected = true;\n } else if (MSDOS.compareEP(\"b8....8ed88c06....ba....d1eab9....2bcad1ea\")) {\n sVersion = \"1.00\";\n sOptions = \"1981\";\n bDetected = true;\n } else if (MSDOS.compareEP(\"2e8e1e....8cd08cdb2bc3d1e0\")) {\n sVersion = \"2.02\";\n sOptions = \"1987\";\n bDetected = true;\n }\n\n sLang = \"Pascal\";\n\n return result();\n}" }, { "path": "db/MSDOS/John_Socha_Library.3.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"library\", \"John Socha Library\");\n\nfunction detect() {\n if (MSDOS.compareEP(\"bb....8edb2e891e....8d06....25....fa8ed38be0fb26a1....a3....b430cd21a2....8826....3c..73..8d16....b409cd2133c05006cb\")) {\n sVersion = \"1986 Peter Norton Computing, Inc.\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/MSDOS/Khrome_Crypt.2.sg", "content": "// Detect It Easy: detection rule file\r\n// Author: horsicq \r\n\r\nmeta(\"protector\", \"Khrome Crypt\");\r\n\r\nfunction detect() {\r\n if (MSDOS.compareEP(\"B9....B8....EB..80....EB..EB..EB..66..........66\")) {\r\n sVersion = \"0.3\";\r\n bDetected = true;\r\n }\r\n\r\n return result();\r\n}\r\n" }, { "path": "db/MSDOS/LSI_C.4.sg", "content": "// Detect It Easy: detection rule file\r\n// Author: hypn0 \r\n\r\nmeta(\"compiler\", \"LSI C-86\");\r\n\r\nfunction detect() {\r\n if (MSDOS.compareEP(\"b8....8ed0bc....368c......b430cd2136......8a......32ff438e......161f33ffb9....32c0fceb\")) {\r\n bDetected = true;\r\n } else if (MSDOS.compareEP(\"b8....8ec00617bc....268c......b430cd2126a3....fcbe....8a0e....32edbf....f3a426......47\")) {\r\n bDetected = true;\r\n }\n\n return result();\n}" }, { "path": "db/MSDOS/L_O_V_E__FORTH.4.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"compiler\", \"L.O.V.E. FORTH\");\n\nfunction detect() {\n if (MSDOS.compareEP(\"e9$$$$fc2e8c1e....8cc88ec08ed8bb....e8....bb....e8....bb....e8....bb....e8....8bec2b2e\")) {\n sVersion = \"1.29\";\n sOptions = \"1988-92 by Homer Seywerd, Wolodymyr R. Elehew and Peter Cav\";\n bDetected = true;\n } else if (MSDOS.compareEP(\"fcbb....e8$$$$8b8f....09c974..8cd88cda0387....0397....1e068ed88ec28bf98bf14f4efdf3a4\")) {\n sVersion = \"1.20\";\n sOptions = \"1988-92 by Homer Seywerd, Wolodymyr R. Elehew and Peter Cav\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/MSDOS/Lahey_Fortran.4.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"compiler\", \"Lahey Fortran\");\n\nfunction detect() {\n if (MSDOS.compareEP(\"EA########dbe3fcb8....8ed88c06....54583bc474..c606......d92e....eb\")) {\n sOptions = \"1984-91 by Lahey Computer Systems Inc.\";\n bDetected = true;\n }\n\n sLang = \"Fortran\";\n\n return result();\n}" }, { "path": "db/MSDOS/Lattice_C.4.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"compiler\", \"Lattice C\");\n\nfunction detect() {\n if (MSDOS.compareEP(\"fab8....8ed8b8....8ed0bc....90fb\")) {\n sVersion = \"3.0\";\n bDetected = true;\n } else if (MSDOS.compareEP(\"fab8....8ed8b8....8ed02e8b26....fbb8....a3....8c06....26a1....a3....be\")) {\n sVersion = \"3.0\";\n bDetected = true;\n } else if (MSDOS.compareEP(\"fab8....8ed8b8....8ed0b8....8be02e8c06....fbbb....b4..cd2173..e9\")) {\n sVersion = \"3.00\";\n bDetected = true;\n } else if (MSDOS.compareEP(\"fab8....8ed8b8....8ed0bc....fb8cd88cc92bc1b1..d3c0a3....8126........25....a3....33c0\")) {\n sVersion = \"3.00\";\n bDetected = true;\n } else if (MSDOS.compareEP(\"fab8....8ed8b8....8ed0bc....fbb8....a3....8c06....26a1....a3\")) {\n sVersion = \"2.00\";\n bDetected = true;\n } else if (MSDOS.compareEP(\"fab8....8ed8b8....8ed0b8....8be0fbbb....b4..cd21ba....72\")) {\n sVersion = \"2.00\";\n bDetected = true;\n } else if (MSDOS.compareEP(\"fab8....8ed8b8....8ed0bc....fbb430cd210ac075..b8....a3....8c06\")) {\n sVersion = \"2.1\";\n bDetected = true;\n } else if (MSDOS.compareEP(\"fa8cc78cd68bccba....8ec2268e16....bc....fb8ec75651501e06\")) {\n sVersion = \"2.1\";\n bDetected = true;\n } else if (MSDOS.compareEP(\"fcb8....8ed88926....8306......06fa8ed081c4....fbc706........c606......33c0a2....a2....b8....2d....a3....03c4\")) {\n sVersion = \"6.0\";\n bDetected = true;\n } else if (MSDOS.compareEP(\"fcb8....8ed88926....8306......fa8ed081c4....fbc706........b8....a3....a3....bb....2bd8\")) {\n sVersion = \"6.0\";\n if (MSDOS.compareEP(\"891e....03dc\", 43)) {\n sOptions = \"overlay\";\n }\n bDetected = true;\n } else if (MSDOS.compareEP(\"8cc88ed8ba....b409cd21b8....8ed8ba....b409cd21bb....8b178b4f..8ed9b409cd21b8....cd21cb\")) {\n sVersion = \"3.30\";\n sOptions = \"driver\";\n bDetected = true;\n } else if (MSDOS.compareEP(\"fa8cdeb9....8ed98926....8c16....8936....8bec8b46..a3....8b46..a3....fbfca1....0bc075..40a3....8cd8\")) {\n sVersion = \"3.00\";\n sOptions = \"overlay\";\n bDetected = true;\n } else if (MSDOS.compareEP(\"8bec8b5e..8b46..2ea3....2e891e....c746......8b46..8b5e..8cc78cd68bccba....8ec2268e16....bc....8bd0\")) {\n sVersion = \"3.00\";\n sOptions = \"overlay\";\n bDetected = true;\n } else if (MSDOS.compareEP(\"b8....8ed88ed0268b1e....2bd8f7c3....75..b1..d3e3eb..bb....8be3891e....b8....a3....0633c0508bec\")) {\n sVersion = \"1.00\";\n bDetected = true;\n } else if (MSDOS.compareEP(\"fab8....8ed88ed08c06....268b1e....2bd8f7c3....75..b1..d3e3eb..bb....8be3fb891e....b8....a3....0633c0508bec\")) {\n sVersion = \"1.02\";\n bDetected = true;\n } else if (MSDOS.compareEP(\"fc508cc00bc05874..b8....8ed88cc0a3....2906....8b1e....b4..cd2126a1....a3....8cc0a3....c706........268a1e\")) {\n sVersion = \"3.30\";\n bDetected = true;\n } else if (MSDOS.compareEP(\"eb$$fafcb8....8ed88cc0a3....2906....a3....c706........8b1e....b4..cd2126a1....a3....268a1e....26c606\")) {\n sVersion = \"3.30\";\n bDetected = true;\n } else if (MSDOS.compareEP(\"e8$$$$fc268b36....bf....2e8c06....8ec732c0b430cd21fc8cd93c..73..b0..26a2....33ed33db8edb8b07d1e8\")) {\n sVersion = \"2.00\";\n bDetected = true;\n } else if (MSDOS.compareEP(\"e8$$$$8cc78cd68bcc83c1..2e8c06....ba....8ec2268e16....bc....5651501e57b8....8ed833ff26f685......75\")) {\n sVersion = \"2.00\";\n bDetected = true;\n } else if (MSDOS.compareEP(\"fabe....8b14b8....8ed8b8....8ed0bc....8916....fbb430cd210ac075..b8....a3....8c06....803e......7c\")) {\n sVersion = \"2.1\";\n bDetected = true;\n } else if (MSDOS.compareEP(\"fafcb8....8ed88f06....8f06....8becc446..a3....8c06....8b46..2b46..a3....8b46..a3....8e46..8b5e..b8....8ed0\")) {\n sVersion = \"2.1\";\n sOptions = \"overlay\";\n bDetected = true;\n } else if (MSDOS.compareEP(\"fab8....8ed8b8....8ed0b8....8be0fbbb....b44acd21ba....73..e9\")) {\n sVersion = \"2.1-3.0\";\n bDetected = true;\n } else if (MSDOS.compareEP(\"fab8....8ed8b8....8ed0bc....fb8c06....268e06....8c06....c706........b8....a3\")) {\n sVersion = \"2.1-3.0\";\n bDetected = true;\n }\n\n sLang = \"C\";\n\n return result();\n}" }, { "path": "db/MSDOS/Logitech_Modula-2.4.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"compiler\", \"Logitech Modula-2\");\n\nfunction detect() {\n if (MSDOS.compareEP(\"8cdb83c3..8cc88ec0bf....33c0268a05473c..74..3c..74..03f08b0c03cb890ceb..26c5358cd903cb8ed983c7..eb..b8....03c350b8....5033c0\")) {\n sVersion = \"3.00\";\n sOptions = \"Aug 1987\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/MSDOS/Meridian_Ada.4.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"compiler\", \"Meridian Adavantage ADA\");\n\nfunction detect() {\n if (MSDOS.compareEP(\"b8....8ed89a........558bec5583ec..168d46..509a........894e..895e..83fb..75..83f9..75\")) {\n if (MSDOS.compareEP(\"9a\", 43)) {\n sVersion = \"1993\";\n } else if (MSDOS.compareEP(\"33c050ba....521ebe....569a\", 43)) {\n sVersion = \"1991\";\n }\n bDetected = true;\n } else if (MSDOS.compareEP(\"b8....8ed89a########04..2bc0f3508a46..83e0\")) {\n sVersion = \"1988\";\n bDetected = true;\n } else if (MSDOS.compareEP(\"b8....8ed89a########515006b8....8ec0b9....b8....8bf8fcf3ab075859cb\")) {\n sVersion = \"1988\";\n bDetected = true;\n } else if (MSDOS.compareEP(\"b8....8ed89a########e8$$$$c8......57561eb8....8ed868....9a\")) {\n sVersion = \"1988\";\n bDetected = true;\n } else if (MSDOS.compareEP(\"b8....8ed89a########8c06....8c16....8926....a1....a3....8b16....8916....8c06....9a\")) {\n sVersion = \"1988\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/MSDOS/Meridian_Pascal.4.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"compiler\", \"Meridian Pascal\");\n\nfunction detect() {\n if (MSDOS.compareEP(\"b8....501f9a########8926....8926....8c16....8c16....8c06....8c06....9a........c706\")) {\n sOptions = \"1985-1988 by Meridian Software Systems, Inc.\";\n bDetected = true;\n }\n if (MSDOS.compareEP(\"b8....8ed89a########8c06....8c16....8926....a1....a3....a1....a3....a1....a3\")) {\n sOptions = \"1985-1988 by Meridian Software Systems, Inc.\";\n bDetected = true;\n } else if (MSDOS.compareEP(\"b8....8ed89a########558bec5583ec..8c06....8c16....8926....cd..8946..f646\")) {\n sOptions = \"1985 by Meridian Software Systems, Inc.\";\n bDetected = true;\n }\n\n sLang = \"Pascal\";\n\n return result();\n}" }, { "path": "db/MSDOS/MetaWare_High_C.4.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"compiler\", \"MetaWare High C\");\n\nfunction detect() {\n if (MSDOS.compareEP(\"b8....50b8....50cbeb$$bd....2e8e1e....26a1....a3....8cd805....268b1e....3bc376..2bd8b1..d3e3eb..26a3....938cc02bd8b44acd212bdb8cd8fa8ed08be3fbc706........c706\")) {\n sVersion = \"1983-1986\";\n bDetected = true;\n } else if (MSDOS.compareEP(\"eb$$33ed2e8e1e....26a1....a3....26a1....2d....bb....fa8ed08be3fbc706........c706........bb....3bc373..2bd8b1..d3e3011e....011e....2e8e1e....9c0654582bc4d1f8\")) {\n sVersion = \"1983-1988\";\n bDetected = true;\n } else if (MSDOS.compareEP(\"eb$$fa6633e42e8e16....bc....6633f66633ff6633c92e8e1e....be....2e8e06....bf....b9....e8\")) {\n sVersion = \"1983-1990\";\n bDetected = true;\n } else if (MSDOS.compareEP(\"eb$$bd....2e8e1e....26a1....a3....26a1....2d....bb....fa8ed08be3fbc706........c706........bb\")) {\n sVersion = \"1983-1986\";\n bDetected = true;\n } else if (MSDOS.compareEP(\"eb$$bd....2e8e1e....26a1....a3....268b......b1..4b891e....b8....05....3bc376..8bc3ba....2bc2d3e0\")) {\n sVersion = \"1983-1986\";\n bDetected = true;\n } else if (MSDOS.compareEP(\"eb$$bd....2e8e1e....268b1e....b1..4b891e....b8....05....3bc376..8bc350a3....a3....2bd8b1..d3c38cc12bc1\")) {\n sVersion = \"1983-1985\";\n bDetected = true;\n }\n\n sLang = \"C\";\n\n return result();\n}" }, { "path": "db/MSDOS/MetaWare_Professional_Pascal.4.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"compiler\", \"MetaWare Professional Pascal\");\n\nfunction detect() {\n if (MSDOS.compareEP(\"b8000050b8....50cbeb..e8....2bc050e8....c3....bd....2e8e\")) {\n sVersion = \"1983-1986\";\n bDetected = true;\n } else if (MSDOS.compareEP(\"eb$$bd....2e8e1e....26a1....a3....26a1....2d....bb....fa8ed08be3fb\")) {\n sVersion = \"1983-1986\";\n bDetected = true;\n } else if (MSDOS.compareEP(\"eb$$bd....2e8e1e....26a1....2d....bb....fa8ed08be3fb\")) {\n sVersion = \"1983-1986\";\n bDetected = true;\n } else if (MSDOS.compareEP(\"eb$$33ed2e8e1e....26a1....a3....8cd805....268b1e....3bc376..2bd8b1..d3e3eb\")) {\n sVersion = \"1983-1988\";\n bDetected = true;\n }\n\n sLang = \"Pascal\";\n\n return result();\n}" }, { "path": "db/MSDOS/Micro_Focus_Cobol.4.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"compiler\", \"Micro Focus Cobol\");\n\nfunction detect() {\n if (MSDOS.compareEP(\"e9$$$$e9$$$$e8....8edac606......b8....0306....8ed28be08c0e....4a8bc28706....2bd0e8\")) {\n sVersion = \"1981, 1985 by Micro Focus Ltd\";\n bDetected = true;\n }\n if (MSDOS.compareEP(\"e8....51e8$$$$8bf0e8$$$$061e5657558bece8....72..a1....8be55d5f5e1f07c3\")) {\n sVersion = \"4.5\";\n bDetected = true;\n }\n\n sLang = \"Cobol\";\n\n return result();\n}" }, { "path": "db/MSDOS/Micro_Focus_DOS_extender.0a.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"extender\", \"Micro Focus DOS Extender\");\n\nfunction detect() {\n if (MSDOS.compareEP(\"eb$$b8....8ed854583bc475..0f01e0a8..74..e8....75..2e800e......eb..c8......0f014e..80\")) {\n sVersion = \"1993 by Micro Focus Ltd\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/MSDOS/Microsoft_Basic.4.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"compiler\", \"Microsoft Basic\");\n\nfunction detect() {\n if (MSDOS.compareEP(\"eb$$0e1fb8....e8....8eda938a170ad274..b4..cd2143eb..b8....cd21\")) {\n sVersion = \"7.10\";\n bDetected = true;\n } else if (MSDOS.compareEP(\"9a########591fa1....1e510e1ffc3d....74..e9....b430cd213c..73..e9$$$$ba....0e1fb409cd21b8....cd21\")) {\n sVersion = \"5.60\";\n sOptions = \"1986\";\n bDetected = true;\n } else if (MSDOS.compareEP(\"e9$$$$8cc88ed8e8....8a170ad274..b4..cd2143eb..b2..b4..cd21\")) {\n sVersion = \"5.60\";\n sOptions = \"1986\";\n bDetected = true;\n }\n\n sLang = \"Basic\";\n\n return result();\n}" }, { "path": "db/MSDOS/Microsoft_C.4.sg", "content": "// Detect It Easy: detection rule file\n// Author: Jason Hood \n\nmeta(\"compiler\", \"Microsoft\");\n\nfunction detect() {\n if (MSDOS.compareEP(\"b430cd213c..73..33c00650cbbf....8b36....2bf781fe....72..be....fa8ed781c4....fb73..161f\")) {\n sName += \" Quick C\";\n sVersion = \"2.5X\";\n sOptions = \"1990\";\n bDetected = true;\n } else if (MSDOS.compareEP(\"fc8cc02ea3....8ed8a1....2ea3....2ea3....be....ac32e403f0c6....b8....8ec02680........75\")) {\n sName += \" Quick C\";\n sVersion = \"2.51a\";\n sOptions = \"1990\";\n bDetected = true;\n } else if (MSDOS.compareEP(\"b430cd213c..73..b8....50e8....92b409cd21cd20bf\")) {\n sName += \" C/C++\";\n sVersion = \"1986\";\n bDetected = true;\n } else if (MSDOS.compareEP(\"b430cd213c..73..b8....50900ee8....92b409cd21cd20bf\")) {\n sName += \" C/C++\";\n sVersion = \"1986\";\n bDetected = true;\n } else if (MSDOS.compareEP(\"b430cd213c..73..b8....509a........92b409cd21cd20bf....8b36....2bf781fe....72..be....fa8ed781c4....fb73..33c050\")) {\n sName += \" C/C++\";\n sVersion = \"1986\";\n bDetected = true;\n } else if (MSDOS.compareEP(\"b430cd213c..73..cd20bf....8b36....2bf776..8bc405....d1d8b1..d3e83bf072..8bf0fa8ed781c4....fb73\")) {\n sName += \" Quick C\";\n sVersion = \"1987-89\";\n bDetected = true;\n } else if (MSDOS.compareEP(\"bf....8b36....2bf781fe....72..be....fa8ed781c4....fb73..e9....81e4....3689......3689......8bc6b1\")) {\n sName += \" C/C++\";\n sVersion = \"1985\";\n bDetected = true;\n } else if (MSDOS.compareEP(\"fab8....8ed88ed0268b1e....2bd8f7c3....75..b1..d3e3eb..bb....8be3fb891e....b8....a3....0633c0508bec\")) {\n sName += \" C/C++\";\n sVersion = \"1.04\";\n bDetected = true;\n } else if (MSDOS.compareEP(\"b430cd213c..73..cd20bf....8b36....2bf781fe....72..be....fa8ed781c4....fb73\")) {\n sName += \" Quick C\";\n if (MSDOS.compareEP(\"81\", 54)) {\n sVersion = \"1.0\";\n sOptions = \"1987\";\n } else if (MSDOS.compareEP(\"83\", 54)) {\n sVersion = \"2.00\";\n sOptions = \"1989\";\n } else if (MSDOS.compareEP(\"8b\", 54)) {\n sVersion = \"2.X\";\n sOptions = \"1989\";\n }\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/MSDOS/Microsoft_C_Library.3.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"library\", \"Microsoft C Library\");\n\nfunction detect() {\n if (MSDOS.compareEP(\"fa8cc78cd68bccba....8ec2268e16....bc....fb8ec75651501e062e8c06....b8....8ed8e8....b8....8ec08cc8262b06....26a3....803e\")) {\n sVersion = \"1986\";\n bDetected = true;\n } else if (MSDOS.compareEP(\"bf....8b36....2bf781fe....72..be....fa8ed781c4....fb73..161f0ee8....33c0500ee8....b8....cd21\")) {\n sVersion = \"1985\";\n bDetected = true;\n } else if (MSDOS.compareEP(\"061e33c08ed88b1e....a1....8ec0268b47..3d....75..ba....1f07e9....1f07be....ac0ac074..e8....72\")) {\n sName += \" (possibly)\";\n sVersion = \"1986\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/MSDOS/Microsoft_Fortran.4.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"compiler\", \"Microsoft Fortran\");\n\nfunction detect() {\n if (MSDOS.compareEP(\"b430cd213c..73..9a########558becb8....501eb8....50b8....509a\")) {\n sVersion = \"1987\";\n bDetected = true;\n }\n\n sLang = \"Fortran\";\n\n return result();\n}" }, { "path": "db/MSDOS/Microsoft_Quick_Basic.4.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"compiler\", \"Microsoft Quick Basic\");\n\nfunction detect() {\n if (MSDOS.compareEP(\"1e071e2e8e1e....b430cd2150812e........8b36....ad91ade3..3d....72..3d....73..ba....eb..0bc075..c706........c706........33c99a\")) {\n bDetected = true;\n } else if (MSDOS.compareEP(\"e9$$$$8cda83c2..8edaa1....0e1ffc3d....74..e9....b430cd213c..73..e9$$$$ba....0e1fb409cd21b8....cd21\")) {\n sVersion = \"2.0\";\n bDetected = true;\n } else if (MSDOS.compareEP(\"9a########591fa1....1e510e1ffc\")) {\n sVersion = \"3.0\";\n bDetected = true;\n } else if (MSDOS.compareEP(\"eb$$0e1fb8....509a........8eda938a170ad274..b4..cd2143eb\")) {\n sVersion = \"4.5\";\n bDetected = true;\n } else if (MSDOS.compareEP(\"9a########591fa0....1e51063c..74\")) {\n sVersion = \"1.0\";\n bDetected = true;\n } else if (MSDOS.compareEP(\"bf....a1....2ea3....2bc73d....72..b8....fa8ed781c4....fb969f2e8826....9683e4\")) {\n sVersion = \"4.0\";\n bDetected = true;\n } else if (MSDOS.compareEP(\"9a########06ba....8eda268b3e....8ec257b9....be....bf....0e1ffcf3a4b1\")) {\n sVersion = \"1.0\";\n bDetected = true;\n } else if (MSDOS.compareEP(\"b8....8ed88c06....fa8ed0bc....fbb430cd21a3....3c..75..06b4..cd218c06....b9\")) {\n sVersion = \"4.X\";\n bDetected = true;\n }\n\n sLang = \"Basic\";\n\n return result();\n}" }, { "path": "db/MSDOS/Microsoft_Quick_Pascal.4.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"compiler\", \"Microsoft QuickPascal\");\n\nfunction detect() {\n if (MSDOS.compareEP(\"b0..9a########50b430cd213c..73..cd20b8....8ed88c06....c706........8c0e....58545b3bdc74..0ac074..be....e8....32c0e9\")) {\n sVersion = \"1.0-1.08\";\n sOptions = \"1989\";\n bDetected = true;\n }\n\n sLang = \"Pascal\";\n\n return result();\n}" }, { "path": "db/MSDOS/Microsoft_RTL.3.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"library\", \"Microsoft RTL\");\n\nfunction detect() {\n if (MSDOS.compareEP(\"b430cd213c..73..cd208cc18cd32bd981c3....b4..cd2172..8cd6bf....2bf7b1..d3e6fa8ed703e6fb\")) {\n bDetected = true;\n } else if (MSDOS.compareEP(\"1e068cc88ed88cc0a3....83c0..a3....b430cd213c..73..b8....8ed8b8....ea........e8....e8....e8....8e\")) {\n sVersion = \"1992\";\n bDetected = true;\n } else if (MSDOS.compareEP(\"b430cd213c..73..cd20bf....b8....03c405....b1..d3e88bf0fa8ed781c4....fb73..161f9a........33c0509a\")) {\n sVersion = \"1987\";\n bDetected = true;\n } else if (MSDOS.compareEP(\"2e8c06....2e8c1e....bb....8edb1ee8....1f8b1e....0bdb74..8cd18bd4fa8ed3bc....fb5351521ee8....1f5a\")) {\n sVersion = \"1990\";\n bDetected = true;\n } else if (MSDOS.compareEP(\"2e8c1e....bb....8edb1ee8....1f8b1e....0bdb74..8cd18bd4fa8ed3bc....fb5351521ee8....1f5a\")) {\n sVersion = \"1990\";\n bDetected = true;\n } else if (MSDOS.compareEP(\"1eb8....8ed8b430cd213c..73..ba....e8....0633c050cb\")) {\n sVersion = \"1990\";\n bDetected = true;\n } else if (MSDOS.compareEP(\"1e069a########502e8c06....2ea1....2e0b06....75..26a1....2ea3....26a1....2ea3....58cb\")) {\n sVersion = \"1990\";\n bDetected = true;\n } else if (MSDOS.compareEP(\"b8....cd212e8816....b2..b8....cd21b4..cd218edbb8....83e8..8ec033f633ffb9....fcf3a5bb\")) {\n sVersion = \"1992\";\n bDetected = true;\n } else if (MSDOS.compareEP(\"b4..cd218edbb8....83e8..8ec033f633ffb9....fcf3a5bb\")) {\n sVersion = \"1992\";\n bDetected = true;\n } else if (MSDOS.compareEP(\"8cd03d....75..8cd83d....75..8ccab8....e8....e9....8cdb8ccab8....e8....eb..908cd83d\")) {\n sVersion = \"1990\";\n bDetected = true;\n } else if (MSDOS.compareEP(\"b430cd213c..73..cd20bf....8b36....2bf781fe....72..be....fa8ed781c4....fb73..161f\")) {\n sVersion = \"1988\";\n bDetected = true;\n } else if (MSDOS.compareEP(\"b4..cd213c..73..33c00650cb86e03d....b0..72..bf....8b36....2bf781fe....72..be\")) {\n sVersion = \"1992\";\n bDetected = true;\n } else if (MSDOS.compareEP(\"bf....8edffa8ed781c4....fb33dbb8....cd210bdb74..881e....883e....8816....8836....b8\")) {\n sVersion = \"1992\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/MSDOS/Microsoft_RTL_(Clipper).3.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"library\", \"Microsoft RTL (CLIPPER 5.01)\");\n\nfunction detect() {\n if (MSDOS.compareEP(\"e8$$$$1e06fc8cc88ed88c06....b430cd2186e0a3....e8....891e....890e....b8....bb....e8....071fc3\")) {\n sVersion = \"1988\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/MSDOS/MultiLoop_Protection.2.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"protector\", \"MultiLoop Protection\");\n\nfunction detect() {\n if (MSDOS.compareEP(\"1e06b8....8ec0b0..b9....be....2e300404..46e2\")) {\n sOptions = \"1992 by J&A\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/MSDOS/Netware_loader.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"loader\", \"Netware loader\");\n\nfunction detect() {\n if (MSDOS.compareEP(\"e9$$$$b8....cd213c..72..a1....3d....75..a1....3d....75..e9$$$$1e8cc88ed833c08ec0268b1e....891e\")) {\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/MSDOS/PDC_Prolog.4.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"compiler\", \"PDC Prolog\");\n\nfunction detect() {\n if (MSDOS.compareEP(\"b8....8ed88cc6bb....8ec3bb....268b178ec6b9....8bdad3eb8cd003d88cc02bd843b44acd2173..b0..b44ccd21\")) {\n sOptions = \"1992 by Prolog Development Center\";\n bDetected = true;\n }\n\n sLang = \"Visual Prolog\";\n\n return result();\n}" }, { "path": "db/MSDOS/PK_sig.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"other\", \"PK signature\");\n\nfunction detect() {\n if (MSDOS.compareEP(\"c706....'PK'8cd805....50b8....50cb\")) {\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/MSDOS/PROPACK_SFX.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: Jason Hood \n\nmeta(\"sfx\", \"PROPACK SFX\");\n\nfunction detect() {\n if (MSDOS.compareEP(\"558bec83ec..8c5e..e8....be....e8....b80030cd21ba....0e3c..72..a1....8ec033ff33c0b9....f2aeae75..fec0af75..5a8bd7061f\")) {\n sVersion = \"2.18\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/MSDOS/Pacific_C.4.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"compiler\", \"Pacific C\");\n\nfunction detect() {\n if (MSDOS.compareEP(\"fcb8....8ed826a1....488bd881eb....ba....3bd372..8bda2bc3b9....d3e048488ed38be0\")) {\n sVersion = \"7.51\";\n sOptions = \"1984-91 by HI-TECH Software\";\n bDetected = true;\n } else if (MSDOS.compareEP(\"fcc516....b8....8ed88ed0268b1e....4b2bd8b8....f7c3\")) {\n sVersion = \"7.51\";\n sOptions = \"1984-91 by HI-TECH Software\";\n bDetected = true;\n } else if (MSDOS.compareEP(\"fc8d16....b8....8ed826a1....488bd881eb....ba....3bd372..8bda2bc3b9....d3e048488ed38be0\")) {\n sVersion = \"7.51\";\n sOptions = \"1984-91 by HI-TECH Software\";\n bDetected = true;\n }\n\n sLang = \"C\";\n\n return result();\n}" }, { "path": "db/MSDOS/Panda_immunizer.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"immunizer\", \"Artemis Professional\");\n\nfunction detect() {\n if (MSDOS.compareEP(\"e8$$$$5d81ed....2e8c8e....2e8c86....fc268e06....33ff32c0b9....f2ae26803d..75..83c7..2e89be\")) {\n sOptions = \"by Panda Software\";\n sVersion = \"2.10s\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/MSDOS/Pascal_MT+86.4.sg", "content": "// Detect It Easy: detection rule file\r\n// Author: hypn0 \r\n\r\nmeta(\"compiler\", \"Pascal/MT+86\");\r\n\r\nfunction detect() {\r\n if (MSDOS.compareEP(\"e8$$$$8cc82e0306....2e0306....2e0306....2e0306....3b06....76..2ea1....2d....2ea3....3d....7f..1ee8\")) {\r\n sVersion = \"3.1\";\r\n sOptions = \"1982 by Digital Research, Inc.\";\r\n bDetected = true;\r\n } else if (MSDOS.compareEP(\"e8$$$$8cc82e0306....2e0306....2e0306....2e0306....3b06....76..1ee8\")) {\r\n sVersion = \"3.01\";\r\n sOptions = \"1982 by Digital Research, Inc.\";\r\n bDetected = true;\r\n }\r\n\r\n sLang = \"Pascal\";\n\n return result();\n}" }, { "path": "db/MSDOS/Phar_Lap.0a.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"extender\", \"Phar Lap DOS Extender\");\n\nfunction detect() {\n if (MSDOS.compareEP(\"eb$$8cd88ec0b8....8ed8c706........b8....2d....3bc476..c706........8f06....8f06....58a3....a3....a3....8cd88d1e....8ed0\")) {\n sVersion = \"1986-93 (C5S2S2P6)\";\n bDetected = true;\n } else if (MSDOS.compareEP(\"eb$$8cd88ec0b8....8ed8bb....8cc02bd881c3....b44acd2173..e9....8d06....05....8cdb8ed38be0fcb8....8ec033c033db33c9\")) {\n sVersion = \"1986-91 (C5S2S2PJ)\";\n bDetected = true;\n } else if (MSDOS.compareEP(\"b8....50b8....50cb\")) {\n sVersion = \"1986-91 (C3S2S2P8)\";\n bDetected = true;\n } else if (MSDOS.compareEP(\"eb$$bd....2e8e1e....26a1....a3....268b1e....b1..8cdab8....05....3bc376..8bc32bc23d....76..b8....d3e0bb....891e....c706\")) {\n sVersion = \"1986-89 (C5S2S2P6)\";\n bDetected = true;\n } else if (MSDOS.compareEP(\"eb$$33ed2e8e1e....26a1....a3....8d06....a3....9d06....a3....8d06....a3....8cd88d1e....8ed08be3bb....26891e....8cc02bd8\")) {\n sVersion = \"1986-89 (C5S2S2P6)\";\n bDetected = true;\n } else if (MSDOS.compareEP(\"eb$$33ed2e8e1e....26a1....a3....268b1e....b1..4b891e....b8....05....3bc376..8bc3ba....2bc2d3e0c706........c706\")) {\n sVersion = \"1986-89 (C5S2S2P7)\";\n bDetected = true;\n } else if (MSDOS.compareEP(\"b8....8ed8b8....cd21a3....3c..7d..b4..ba....8edaba....cd2106b8....50cb\")) {\n sVersion = \"1986-89 (C5S2S2PN)\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/MSDOS/RAR.6.sg", "content": "// Detect It Easy: detection rule file\r\n// Author: Jason Hood \r\n\r\nincludeScript(\"rar-file\");\r\n\r\nfunction detect() {\r\n detect_RAR(0);\r\n}\r\n" }, { "path": "db/MSDOS/REC_small.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"protector\", \"REC.small\");\n\nfunction detect() {\n if (MSDOS.compareEP(\"8cd81ee8$$$$83c0..5fb9....81ef....87ef408ed82bdbb2..0017424383fb..75..e2\")) {\n sVersion = \"1.2\";\n sOptions = \"by Ralf Roth\";\n bDetected = true;\n } else if (MSDOS.compareEP(\"8cd81ee8$$$$5d83c0..81ed....b9....408ed82bdbb2..0017fec24383fb..75..e2\")) {\n sVersion = \"1.01\";\n sOptions = \"by Ralf Roth\";\n bDetected = true;\n } else if (MSDOS.compareEP(\"8cd81ee8000083c0..5db9....81ed....408ed82bdbb2..0017fec24383fb..75..e2\")) {\n sVersion = \"1.02\";\n sOptions = \"by Ralf Roth\";\n bDetected = true;\n } else if (MSDOS.compareEP(\"b9....8cd883c0..fa8bdc8cd7bc....44408ed02be4b2..8bec0056..424483fc..75..e2\")) {\n sVersion = \"1.05\";\n sOptions = \"by Ralf Roth\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/MSDOS/REC_small_AV.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"immunizer\", \"REC.small\");\n\nfunction detect() {\n if (MSDOS.compareEP(\"eb$$8cd81ee8$$$$83c0..5fb9....81ef....87ef408ed82bdbb2..0017424383fb..75..e2\")) {\n sVersion = \"1.03\";\n sOptions = \"by Ralf Roth\";\n bDetected = true;\n } else if (MSDOS.compareEP(\"eb$$8cd81ee8$$$$83c0..5fb9....81ef....87ef408ed82bdbb2..001702d34383fb..75..e2\")) {\n sVersion = \"4.01\";\n sOptions = \"by Ralf Roth\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/MSDOS/RLE_com-packer.2.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"packer\", \"RLE com-packer\");\n\nfunction detect() {\n if (MSDOS.compareEP(\"60be....bf....8b0e....f3a4be....bf....57b9....f3a4c3\")) {\n sOptions = \"by NOP/PC\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/MSDOS/RM_FORTRAN.4.sg", "content": "// Detect It Easy: detection rule file\r\n// Author: hypn0 \r\n\r\nmeta(\"compiler\", \"RM/FORTRAN\");\r\n\r\nfunction detect() {\r\n if (MSDOS.compareEP(\"fc1eb8....8ed89a........81ec....8becc706........c706........33ffbe....b8....8ec0b9....f3a5897e..b8....ab8cdb8ec3bb\")) {\r\n bDetected = true;\r\n }\r\n\r\n sLang = \"Fortran\";\n\n return result();\n}" }, { "path": "db/MSDOS/RTLink_VM_Manager.0a.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"extender\", \".RTLink VM Manager\");\n\nfunction detect() {\n if (MSDOS.compareEP(\"9a########1e069a........2e8c06....8cc88ed852ba....b0..9a........5afcb8....2b06....d1e0\")) {\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/MSDOS/RTPatch_SFX.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"sfx\", \"RTPatch SFX\");\n\nfunction detect() {\n if (MSDOS.compareEP(\"e8$$$$8ccb8edb8c06....a3....8cc00106....0106....fd26a1....bb....b1..d3eb2bc38ec0bf....83e7..8bf7b9....d1e9f3a5fc\")) {\n sVersion = \"3.20\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/MSDOS/Realia_Cobol.4.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"compiler\", \"Realia Cobol\");\n\nfunction detect() {\n if (MSDOS.compareEP(\"9a########9a########3c..75..8ed38be22bdb2bd2cb\")) {\n sVersion = \"4.X\";\n sOptions = \"1984-92 by Realia, Inc.\";\n bDetected = true;\n }\n\n sLang = \"Cobol\";\n\n return result();\n}" }, { "path": "db/MSDOS/Realia_SPITBOL.4.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"compiler\", \"Realia SPITBOL\");\n\nfunction detect() {\n if (MSDOS.compareEP(\"2e8c1e....fc8ccaa1....0e1ffe06....a3....0116....b9....be....ad0bc074..03c28944..e2..8e06....bf....b1..b0..f3ae\")) {\n sVersion = \"3.6\";\n sOptions = \"1983-84 by Realia, Inc.\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/MSDOS/SHOW_IT.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"self-displayer\", \"SHOW IT\");\n\nfunction detect() {\n if (MSDOS.compareEP(\"bf....32db2e8a150ad274..b4..cd214780fa..75..fec380fb..75..32db53b4..cd16b4..cd165b75\")) {\n sVersion = \"1.2\";\n sOptions = \"converted to exe\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/MSDOS/Self_UnStuffer.2.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"sfx\", \"Self UnStuffer\");\n\nfunction detect() {\n if (MSDOS.compareEP(\"86e303e9ace3$$1000e3$$00e40ec400e3\")) {\n if (MSDOS.compareOverlay(\"0101'Aladdin'\")) {\n sVersion = \"1.1\";\n sOptions = \"by Aladdin Systems, Inc.\";\n bDetected = true;\n }\n }\n\n return result();\n}" }, { "path": "db/MSDOS/Small_C.4.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"compiler\", \"Small C\");\n\nfunction detect() {\n if (MSDOS.compareEP(\"b8....8ed826a1....2d....80fc..72..b8....b1..d3e0fa8cdb8ed38be050fbb8....2d....d3e08bd8fec73bdc72..b8....50e8\")) {\n sVersion = \"2.2\";\n sOptions = \"1982-88 by J. E. Hendrix\";\n bDetected = true;\n } else if (MSDOS.compareEP(\"b8....8ed826a1....2d....3d....72..b8....b1..d3e0fa8cdb8ed38be050fbb8....2d....d3e08bd881c3....3bdc72..b8....cd21\")) {\n sVersion = \"2.1\";\n sOptions = \"1982-88 by J. E. Hendrix\";\n bDetected = true;\n }\n\n sLang = \"C\";\n\n return result();\n}" }, { "path": "db/MSDOS/StonyBrook_Pascal.4.sg", "content": "// Detect It Easy: detection rule file\r\n// Author: horsicq \r\n\r\nmeta(\"compiler\", \"StonyBrook Pascal+\");\r\n\r\nfunction detect() {\r\n if (MSDOS.compareEP(\"31ED9A........5589E581EC....B8....0E509A........BE....1E0EBF....1E071FFC\")) {\r\n sVersion = \"7.0\";\r\n bDetected = true;\r\n } else if (MSDOS.compareEP(\"31ed9a........5589e5b8....50ff1e\")) {\r\n sVersion = \"6.13\";\r\n bDetected = true;\r\n } else if (MSDOS.compareEP(\"31ed9a........5589e581ec....16078dbe....b9....31c0fcf3ab1e07\")) {\r\n sVersion = \"6.12\";\r\n bDetected = true;\r\n } else if (MSDOS.compareEP(\"31ed9a........5589e59a........c706........c706........e8\")) {\r\n sVersion = \"6.1G\";\r\n bDetected = true;\r\n } else if (MSDOS.compareEP(\"31ed9a........5589e583ec..9a........9a\")) {\r\n sVersion = \"6.14\";\r\n bDetected = true;\r\n }\r\n\r\n sLang = \"Pascal\";\r\n\r\n return result();\r\n}\r\n" }, { "path": "db/MSDOS/Sydex_SFX.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"sfx\", \"Sydex SFX\");\n\nfunction detect() {\n if (MSDOS.compareEP(\"b8....8ec0b430cd2186e0ba....3d....72..a1....26a3....bf....8a1d32ff47883926893e....268c1e....8cd88cc3\")) {\n sOptions = \"1994 by Sydex, Inc.\";\n bDetected = true;\n }\n if (MSDOS.compareEP(\"b8....8ec0e8....ba....3d....b8....72..e8....26a3....26890e....268916....8cd88cc381c3....2bd88ec0b4..cd21\")) {\n if (MSDOS.compareOverlay(\"'SXD'00\")) {\n sOptions = \"1997 by Sydex, Inc.\";\n bDetected = true;\n }\n }\n\n return result();\n}" }, { "path": "db/MSDOS/Topspeed_Modula.4.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"compiler\", \"Topspeed Modula\");\n\nfunction detect() {\n if (MSDOS.compareEP(\"e90000fc2bedbc....b8....8ed88c06....26a1....a3....54583bc4b8....75..b430cd213c..74..3c..77..b8....8cdbe8....86c4a3....8e06\")) {\n sVersion = \"2.0\";\n bDetected = true;\n } else if (MSDOS.compareEP(\"1eba....8eda8b0e....8b36....ff36....5053a1....48ba....8eda890e....8936....a3....c706........2ea1....a3\")) {\n sName += ' RTL';\n sOptions = \"1989 by JPI\";\n bDetected = true;\n } else if (MSDOS.compareEP(\"1eba....8eda8b0e....8b36....ff36....50a1....48ba....8eda890e....8936....a3....58c706........c706\")) {\n sName += ' RTL';\n sOptions = \"1989 by JPI\";\n bDetected = true;\n } else if (MSDOS.compareEP(\"1eba....8eda8b0e....8b36....ff36....50a1....48ba....8eda890e....8936....a3....c706........58c706\")) {\n sName += ' RTL';\n sOptions = \"1989 by JPI\";\n bDetected = true;\n } else if (MSDOS.compareEP(\"fc1eba....8eda8b0e....8b36....ff36....50a1....ba....8eda890e....8936....a3....58c706........c706\")) {\n sName += ' RTL';\n sOptions = \"1989 by JPI\";\n bDetected = true;\n } else if (MSDOS.compareEP(\"ea########2e8c1e....fc2ef706........74..e8....eb..b8....ba....0e1fcd212bc02ef706........74\")) {\n sVersion = \"2.0\";\n sOptions = \"by JPI\";\n bDetected = true;\n } else if (MSDOS.compareEP(\"ea########2e8c1e....fc2bc08cd3ba....8ec2bf....b9....f3ab423bd372..508becffe0\")) {\n sVersion = \"1.17\";\n sOptions = \"by JPI\";\n bDetected = true;\n } else if (MSDOS.compareEP(\"ea########8cdb2e8e1e....891e....fc2ef706........74..2bc02e8e1e....ff36....8cd3ba....8ec2bf....b9....f3ab423b..72\")) {\n sOptions = \"by JPI\";\n bDetected = true;\n }\n\n sLang = \"Modula\";\n\n return result();\n}" }, { "path": "db/MSDOS/UR_FORTH.4.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"compiler\", \"UR/FORTH\");\n\nfunction detect() {\n if (MSDOS.compareEP(\"fc2e8c06....2e8e1e....e8$$$$b430cd213c..73..e8\")) {\n sVersion = \"1.03\";\n sOptions = \"1986-88 by Laboratory Microsystems, Inc.\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/MSDOS/Unknown_cryptors.2.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"cryptor\", \"Unknown cryptor\");\n\nfunction detect() {\n if (MSDOS.compareEP(\"fa8cde8ccf8edf8ec783c7..bb....8b1f83c3..b1..d3eb2bfbe8\")) {\n sVersion = \"#01\";\n bDetected = true;\n } else if (MSDOS.compareEP(\"e9$$$$b9....b3..be....bf....acfec332c3aae2\")) {\n sVersion = \"#02\";\n sOptions = \"exe 0-relocs crypt\";\n bDetected = true;\n } else if (MSDOS.compareEP(\"3ec606......90eb$$2e8a36....8ec08cd8be....bf....2e033e....26a3....26893e....26a3....26c706........0e07\")) {\n sVersion = \"#03\";\n bDetected = true;\n } else if (MSDOS.compareEP(\"9090e9$$$$8cd88be8b8....8be08ccb8edb8ec3bf....892de8....8cc88ed88ec01e33db8edbbb....81eb....8b071f1ebb\")) {\n sVersion = \"#04\";\n bDetected = true;\n } else if (MSDOS.compareEP(\"eb$$be....bf....2e89352eff26\")) {\n sOptions = \"protector\";\n sVersion = \"#05\";\n bDetected = true;\n } else if (MSDOS.compareEP(\"bf....b8....fa8ed08be7fb1e1eb8....0e500e501efc8cd08ec0be....8cc806b9....578ed8f3a5cb\")) {\n sOptions = \"Russ\";\n sVersion = \"#06\";\n bDetected = true;\n } else if (MSDOS.compareEP(\"........0e1f8b0e....8bf14e89f78cdb031e....8ec3fdf3a453b8....50cb\")) {\n sOptions = \"Aidstest\";\n sVersion = \"#07\";\n bDetected = true;\n } else if (MSDOS.compareEP(\"e9$$$$e8$$$$bb....e8$$$$29c9e8$$$$e8$$$$e9$$$$8ed9e9$$$$870feb$$e8$$$$eb$$51eb$$eb$$29dbe8$$$$bf....e9$$$$e8$$$$871de8$$$$53eb$$b3..b7..bf....2e8a05\")) {\n sOptions = \"by Matrix Technologies\";\n sVersion = \"#08\";\n bDetected = true;\n } else if (MSDOS.compareEP(\"bd....50060ee8$$$$065733ff570e1f07be....b9....8004..46e2..b1..ac268a1d04..aa80eb..885c..e2\")) {\n sOptions = \"SYN!\";\n sVersion = \"#09\";\n bDetected = true;\n } else if (MSDOS.compareEP(\"e9$$$$eb$$bf....e9$$$$26f6e8$$$$e9$$$$8edee8$$$$8735e8$$$$56e9\")) {\n sOptions = \"by Matrix Technologies\";\n sVersion = \"#10\";\n bDetected = true;\n } else if (MSDOS.compareEP(\"b3..060e1f8b0e....8bf14e89f78cdb031e....8ec3fdf3a453b8....50cb\")) {\n sOptions = \"Aidstest\";\n sVersion = \"#11\";\n bDetected = true;\n } else if (MSDOS.compareEP(\"e8$$$$eb$$8cca8eda8ec2be....bf....b9....2ec706........31c0ada3....3136....8bc18bdef7e33106....3116....a1....abe2\")) {\n sVersion = \"#12\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/MSDOS/Upper_Deck_Forth.4.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"compiler\", \"Upper Deck Forth\");\n\nfunction detect() {\n if (MSDOS.compareEP(\"fc2e8c06....b8....cd213c..73..b4..2e8e1e....ba....cd212eff36....33c050cb\")) {\n sVersion = \"2.00\";\n sOptions = \"1990, 1991 by Upper Deck Systems\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/MSDOS/Visual_Cobol.4.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"compiler\", \"Visual COBOL (XO)\");\n\nfunction detect() {\n if (MSDOS.compareEP(\"9a########061fbe....b9....ac3cff75..e2..ad8ed88b0e....8ed08be1eb\")) {\n sVersion = \"3.3\";\n sOptions = \"1993 by mbp Software & Systems\";\n bDetected = true;\n }\n\n sLang = \"Cobol\";\n\n return result();\n}" }, { "path": "db/MSDOS/WWPACK_mutator.2.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"protector\", \"WWPACK mutation engine\");\n\nfunction detect() {\n if (MSDOS.compareEP(\"8cc981c1....51b9....510606b1..51b1..8cd383eb..5351fc8cd5b8....8cca03d0be....33ff4d8ec58edab1..f3a54a4879\")) {\n sVersion = \"1.0\";\n sOptions = \"by Barthazi Andras\";\n bDetected = true;\n } else if (MSDOS.compareEP(\"8cc981c1....51b9....5106068ccab8....03d0b1..518cd383eb..53b1..51fc8cd5be....33ff4d8ec58eda4ab9....50\")) {\n sOptions = \"by MR WiCKED\";\n bDetected = true;\n } else if (MSDOS.compareEP(\"81ce....1bf78a....80fa..2a95....fc03f633f281e6....1e10ea0e1f00d20e0732b4....21da2efe06\")) {\n sOptions = \"1996 by van Hauser\";\n bDetected = true;\n } else if (MSDOS.compareEP(\"8ccab8....03d08cc981c1....51b9....510606b1..518cd383eb..53b1..51fc8cd5be....33ff4d8ec58eda4ab9....50\")) {\n sVersion = \"3.04a\";\n sOptions = \"by Boogie\";\n bDetected = true;\n } else if (MSDOS.compareEP(\"8cd383eb..8cc981c1....51b9....510606b1..51fc8cd5b1..5351b8....8cca\")) {\n sVersion = \"3.04a\";\n sOptions = \"by Boogie\";\n bDetected = true;\n } else if (MSDOS.compareEP(\"8cc981c1....51b9....51b1..068cd30651b1..b8....8cca03d0fc\")) {\n sVersion = \"3.04a\";\n sOptions = \"by Boogie\";\n bDetected = true;\n } else if (MSDOS.compareEP(\"8cc981c1....51b9....510606fc8cd5b1..51b1..8cd383eb..5351\")) {\n sVersion = \"3.04a\";\n sOptions = \"by Boogie\";\n bDetected = true;\n } else if (MSDOS.compareEP(\"8cc981c1....51b9....fc8cd5510606b1..51b1..8cd383eb..5351\")) {\n sVersion = \"3.04a\";\n sOptions = \"by Boogie\";\n bDetected = true;\n } else if (MSDOS.compareEP(\"f9be....81ee....2e80b4......eb\")) {\n sVersion = \"1.1c\";\n bDetected = true;\n } else if (MSDOS.compareEP(\"061e0e0e071fb430cd2186e03d....73..cd20eb$$eb$$5055528cd2fa50b8....58eb\")) {\n sOptions = \"REC by R0SE\";\n bDetected = true;\n } else if (MSDOS.compareEP(\"8cc98cd383eb..81c1....51b9....510606b1..518ccafc8cd5b1..5351b8\")) {\n sVersion = \"1.0\";\n sOptions = \"by Barthazi Andras\";\n bDetected = true;\n } else if (MSDOS.compareEP(\"......81......2e80..\")) {\n sOptions = \"by unknown\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/MSDOS/Whitesmiths_C.4.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"compiler\", \"Whitesmiths C (dos86)\");\n\nfunction detect() {\n if (MSDOS.compareEP(\"be....8cd18cd83bc175..a3....e9....8bde8a0f81e1....03d9d1e941ff3783eb..e2..8bf48cd936890e....8cd18ed98c06....8c06\")) {\n sVersion = \"3.3\";\n sOptions = \"1988 by Whitesmiths, Ltd. and Cosmic, Sarl\";\n bDetected = true;\n } else if (MSDOS.compareEP(\"be....8cdb8cd03bc374..8a0c81e1....03f1d1e941ff3483ee..e2..8bf4b9....8ed9\")) {\n sVersion = \"3.2\";\n sOptions = \"1987 by Whitesmiths, Ltd\";\n bDetected = true;\n }\n\n\n sLang = \"C\";\n\n return result();\n}" }, { "path": "db/MSDOS/Window_book.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"other\", \"Window book\");\n\nfunction detect() {\n if (MSDOS.compareEP(\"e9$$$$e8$$$$fc5e8cda8b1e....bd....8edd8ec5b9....bf....2bcf33c02ea3....41d1e9f3ab891e....8916....8ec2bb....03dd\")) {\n if (MSDOS.findSignature(MSDOS.getOverlayOffset(), 2000, \"1a1a7bf7\") != -1) {\n sVersion = \"4.20\";\n bDetected = true;\n }\n } else if (MSDOS.compareEP(\"e9$$$$e8$$$$fc5e8cdaa1....bd....8edd8ec5a3....b9....bf....2bcf33c02ea3....d1e9f3ab8916....8ec2bb....a1....03c7\")) {\n if (MSDOS.findSignature(MSDOS.getOverlayOffset(), 2000, \"1a1a7bf7\") != -1) {\n bDetected = true;\n }\n }\n\n return result();\n}" }, { "path": "db/MSDOS/Wizardy_protection.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"protector\", \"Wizardy protection\");\n\nfunction detect() {\n if (MSDOS.compareEP(\"2eff16....e9\")) {\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/MSDOS/WordPerfect_EXEPack.2.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"packer\", \"WordPerfect EXEPack\");\n\nfunction detect() {\n if (MSDOS.compareEP(\"958cc005....0e1fa3....0306....8ec08b0e....8bf94f8bf7fdf3a48b16....50b8....50cb\")) {\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/MSDOS/XOPEN+_Protection.2.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"protector\", \"XOPEN+ Protection\");\n\nfunction detect() {\n if (MSDOS.compareEP(\"8cca8cdd8eda81ea....8916....ba....8eddea\")) {\n sOptions = \"1994\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/MSDOS/Zbikowski_C.4.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"compiler\", \"Zbikowski C\");\n\nfunction detect() {\n if (MSDOS.compareEP(\"ba....8cd32bdab1..d3e3fa8ed203e3fbfc8b1e....8bc32bc2a9....74..8bda80c7..33c0eb..b1..d3e02d....36a3\")) {\n sOptions = \"1983 by Mark Zbikowski (Microsoft Corp.)\";\n bDetected = true;\n } else if (MSDOS.compareEP(\"ba....8cd32bdab1..d3e3fa8ed203e3fbbe....8b1e....36891e....33ff8bc70bdb74..b9....8ec3f2ae\")) {\n sOptions = \"1983 by Mark Zbikowski (Microsoft Corp.)\";\n bDetected = true;\n }\n\n sLang = \"C\";\n\n return result();\n}" }, { "path": "db/MSDOS/Zip.6.sg", "content": "// Detect It Easy: detection rule file\r\n// Author: Jason Hood \r\n\r\nincludeScript(\"zip-file\");\r\n\r\nfunction detect() {\r\n detect_Zip(0);\r\n}" }, { "path": "db/MSDOS/Zortech(Symantec)_C.4.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"compiler\", \"Zortech/Symantec C\");\n\nfunction detect() {\n if (MSDOS.compareEP(\"fafcb8....8ed88c......268b......891e....8bd82b1e....891e....268b1e....2bd881fb....72..bb....8bd003d342b1..d3e38ed08be381eb....80ff..73..ba....e9....fbb430cd21a3\")) {\n sVersion = \"2.10 - 3.0r1*, 4.0\";\n bDetected = true;\n } else if (MSDOS.compareEP(\"fafcb8....8ed88ed08ec0bc....33c050e8....eb\")) {\n sVersion = \"2.10 - 3.0r1, 4.0\";\n bDetected = true;\n } else if (MSDOS.compareEP(\"fafcb8....8ed0bc....b8....8ed88c06....660fb7c066c1e0..ba\")) {\n sVersion = \"3.0\";\n sOptions = \"1991\";\n bDetected = true;\n } else if (MSDOS.compareEP(\"fafcb8....8ed88ed0bc....2e8c06....33d21e2e8e1e....be....8a0e....32ede3\")) {\n sVersion = \"3.0\";\n sOptions = \"1991\";\n bDetected = true;\n } else if (MSDOS.compareEP(\"fafcb8....8ed8bb....81c3....8ed08be3fb8becbe....268a0c4632ed8bd9\")) {\n sVersion = \"3.0\";\n sOptions = \"1991\";\n bDetected = true;\n } else if (MSDOS.compareEP(\"fafcb8....8ed88ed0bc....b4..cd214b891e....8cc0a3....b8....cd21\")) {\n sVersion = \"2.10 - 3.0r1, 4.0\";\n bDetected = true;\n } else if (MSDOS.compareEP(\"fafcb8....8ed833c08ed88bf8bb....b9....b8....8905\")) {\n sVersion = \"2.10 - 3.0r1, 4.0\";\n bDetected = true;\n } else if (MSDOS.compareEP(\"fab8....8ed8a3....8c06....268b......891e....8bd82b1e....891e....268b......891e....2bd881fb....72..bb....8bd003d34289\")) {\n sVersion = \"2.0\";\n bDetected = true;\n } else if (MSDOS.compareEP(\"fab8....8ed88c06....268b1e....891e....8bd82b1e....891e....268b1e....2bd881fb....72..bb....8bd0\")) {\n sVersion = \"2.00\";\n sOptions = \"1989 by Walter Bright\";\n bDetected = true;\n } else if (MSDOS.compareEP(\"fab8....dbe38ed88c06....8bd82b1e....891e....268b1e....2bd881fb....72..bb....8bd003d342b1..d3e38ed08be381eb....81fb....77\")) {\n sVersion = \"4.0\";\n bDetected = true;\n } else if (MSDOS.compareEP(\"eb$$fab8....05....b9....d3e88cc903c18ed88c06....268b1e....891e....8bd82b1e....891e....268b1e....2bd8\")) {\n sVersion = \"4.0\";\n bDetected = true;\n } else if (MSDOS.compareEP(\"e8$$$$fc06b8....cd21bf....8cc98ed9be....b9....f3\")) {\n bDetected = true;\n } else if (MSDOS.compareEP(\"fafcb8....8ed8bb....81c3....8ed08be38becfb8cc0a3....be....268b04a3....8b36\")) {\n bDetected = true;\n } else if (MSDOS.compareEP(\"fafcb8....8ed88c06....8ed0bc....fbba....e8....b8....cd2186c4\")) {\n bDetected = true;\n }\n\n\n sLang = \"C\";\n\n return result();\n}" }, { "path": "db/MSDOS/Zurenava_DOS_Extender.0a.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"extender\", \"Zurenava DOS Extender\");\n\nfunction detect() {\n if (MSDOS.compareEP(\"be....bf....b9....56fcf3a55fe9\")) {\n sVersion = \"0.45\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/MSDOS/_LE.0.sg", "content": "// Detect It Easy: detection rule file\r\n// Author: horsicq \r\n\r\nmeta(\"type\", \"LE\");\r\n\r\nfunction detect() {\r\n if (MSDOS.isLE()) {\r\n bDetected = true;\r\n }\r\n\r\n return result();\r\n}\r\n" }, { "path": "db/MSDOS/_LX.0.sg", "content": "// Detect It Easy: detection rule file\r\n// Author: horsicq \r\n\r\nmeta(\"type\", \"LX\");\r\n\r\nfunction detect() {\r\n if (MSDOS.isLX()) {\r\n bDetected = true;\r\n }\r\n\r\n return result();\r\n}\r\n" }, { "path": "db/MSDOS/_MSDOS.0.sg", "content": "// Detect It Easy: detection rule file\r\n// Author: horsicq \r\n\r\nmeta(\"operation system\", \"MS-DOS\");\r\n\r\nfunction detect() {\r\n if (MSDOS.isVerbose()) {\r\n sName = MSDOS.getOperationSystemName();\r\n sVersion = MSDOS.getOperationSystemVersion();\r\n sOptions = MSDOS.getOperationSystemOptions();\r\n\r\n if (sName === \"Unknown\") {\r\n sName = \"DOS-like\";\r\n }\r\n\r\n bDetected = true;\r\n }\r\n\r\n return result();\r\n}\r\n" }, { "path": "db/MSDOS/_NE.0.sg", "content": "// Detect It Easy: detection rule file\r\n// Author: horsicq \r\n\r\nmeta(\"type\", \"NE\");\r\n\r\nfunction detect() {\r\n if (MSDOS.isNE()) {\r\n bDetected = true;\r\n }\r\n\r\n return result();\r\n}\r\n" }, { "path": "db/MSDOS/_init", "content": "// Detect It Easy: DiE-JS framework file\r\n// Don't change anything unless you're sure about what you're doing\r\n\r\nvar File = MSDOS;\r\nvar X = MSDOS;\r\n\r\n/**\r\n * Get the “base” offset, after the header.\r\n * @param {Int} [nOffset=0] - The offset from the base offset.\r\n * @returns {Int}\r\n */\r\nMSDOS.getBaseOffset = function (nOffset) {\r\n if (arguments.length == 0) {\r\n nOffset = 0;\r\n }\r\n return (MSDOS.readWord(8) << 4) + nOffset;\r\n}\r\n\r\n/**\r\n * Translate segment/offset address pair to file offset.\r\n * @param {UShort} nSegment - Segment address.\r\n * @param {UShort} [nOffset=0] - Offset address.\r\n * @returns {Int}\r\n */\r\nMSDOS.addressToOffset = function (nSegment, nOffset) {\r\n if (arguments.length == 1) {\r\n nOffset = 0;\r\n }\r\n nOffset += nSegment << 4;\r\n return MSDOS.getBaseOffset(nOffset & 0xFFFFF);\r\n}\r\n\r\n// Backward compatibility alias\r\nMSDOS.AddressToOffset = function () { MSDOS.addressToOffset.apply(this, arguments); }\r\n\r\n/**\r\n * Get the entry point file offset.\r\n * @param {Int} [nOffset=0] - The offset from the entry point.\r\n * @returns {Int}\r\n */\r\nMSDOS.getEntryPointOffset = function (nOffset) {\r\n if (arguments.length == 0) {\r\n nOffset = 0;\r\n }\r\n return MSDOS.addressToOffset(MSDOS.readWord(0x16), MSDOS.readWord(0x14)) + nOffset;\r\n}\r\n\r\n/**\r\n * Get the NewExe (or LE/LX) file offset (assuming it's valid).\r\n * @param {Int} [nOffset=0] - The offset from the NewExe offset.\r\n * @returns {Int}\r\n */\r\nMSDOS.getNEOffset = function (nOffset) {\r\n if (arguments.length == 0) {\r\n nOffset = 0;\r\n }\r\n return MSDOS.readDword(0x3C) + nOffset;\r\n}" }, { "path": "db/MSDOS/anti-tracing_add-on.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"protector\", \"anti-tracing add-on\");\n\nfunction detect() {\n if (MSDOS.compareEP(\"fc33d28ec2bf....abab8ccb33ff81eb....53bb....531e0733dbcb\")) {\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/MSDOS/compiler_ASIC-Basic.4.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"compiler\", \"ASIC-Basic\");\n\nfunction detect() {\n if (MSDOS.compareEP(\"b8....8ed88ec033dbb4..cd108916....cc901ebf....8cc82d....8ed833c98a0e....83f9..72..b9....26be....fc\")) {\n sVersion = \"5.0\";\n sOptions = \"1994 by David Visti of 80_20 Software\";\n bDetected = true;\n } else if (MSDOS.compareEP(\"b8....8ed88ec033dbb4..cd108916....1ebf....8cc82d....8ed833c98a0e....83f9..72..b9....26be....fc\")) {\n sVersion = \"5.0\";\n sOptions = \"1994 by David Visti of 80_20 Software\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/MSDOS/compiler_Ada89.4.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"compiler\", \"Ada89\");\n\nfunction detect() {\n if (MSDOS.compareEP(\"e9$$$$8cda8cc939d173$$1e0e1fb4..b0..ba....cd21b4..b0..ba....cd211f8cd9b8....8b1e....8ed88ec0\")) {\n sOptions = \"1989 by RR Software, Inc.\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/MSDOS/compiler_ApBasic.4.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"compiler\", \"ApBasic\");\n\nfunction detect() {\n if (MSDOS.compareEP(\"eb$$8cc02ea3....268b36....8cc88ed88ec08cc82e0106....2e0106....2ea1....2e8b16....33db2e\")) {\n sVersion = \"1.2\";\n sOptions = \"1987-89 by Comptech Software, Inc.\";\n bDetected = true;\n } else if (MSDOS.compareEP(\"eb$$8cc02ea3....268b36....8cc88ed88ec08cc82e0106....2e0106....e8....2ea1....2e8b16....33db2e\")) {\n sOptions = \"1991 by Comptech Software, Inc.\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/MSDOS/compiler_BAT2EXEC.4.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"compiler\", \"BAT2EXEC\");\n\nfunction detect() {\n if (MSDOS.compareEP(\"eb$$fcbd....8b....8b......8b......b44acd21a1....8986....8b9e....ffe3\")) {\n sVersion = \"1.5\";\n bDetected = true;\n } else if (MSDOS.compareEP(\"fcbd....8b....8b......8b......b44acd21a1....8986....8b9e....ffe3\")) {\n sVersion = \"1.2\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/MSDOS/compiler_BSTAR_FORTH.4.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"compiler\", \"BSTAR_FORTH(16)\");\n\nfunction detect() {\n if (MSDOS.compareEP(\"e9$$$$8c0e....8c0e....a1....a3....e8....a3....a1....a3....e8....a3....a1....a3....e8....e8....8b0e....e3..1e8e06....a1\")) {\n sVersion = \"0.0\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/MSDOS/compiler_BatLite.4.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"compiler\", \"BatLite\");\n\nfunction detect() {\n if (MSDOS.compareEP(\"eb$$e8....bb....8bf3031e....891e....81fb....73..bb....8bfb891e....031e....81c3....8be3b1..d3eb43\")) {\n sOptions = \"1991-95 by Pieter A. Hintjens (COM2EXE converted)\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/MSDOS/compiler_BetterBASIC.4.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"compiler\", \"BetterBASIC\");\n\nfunction detect() {\n if (MSDOS.compareEP(\"e9$$$$fa2ec706........2e8c1e....b8....05....b1..d3e805....bb....83c3..d3eb8cc98ed1bc....2ec706........03c88ed903cb8ec1\")) {\n sOptions = \"1984-86 by Summit Software Technology Inc.\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/MSDOS/compiler_CII-C.4.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"compiler\", \"CII-C\");\n\nfunction detect() {\n if (MSDOS.compareEP(\"eb$$dbe3fcb8....8ed88c06....26a1....3b06....76..2b06....8cdf81c7....3bf873..8bc7be....3bf0\")) {\n bDetected = true;\n } else if (MSDOS.compareEP(\"dbe3fcb8....8ed88c06....26a1....3b06....76..2b06....be....3bf073..2bc63b06....72..3b06\")) {\n bDetected = true;\n } else if (MSDOS.compareEP(\"eb$$dbe3fcb8....8ed88c06....26a1....3b06....76..2b06....be....3bf073..2bc63b06....72..3b06\")) {\n bDetected = true;\n } else if (MSDOS.compareEP(\"eb$$dbe3fcb8....8ed88c06....9c58a9....75..26a1....3b06....76..2b06....8cdf81c7....3bf8\")) {\n bDetected = true;\n }\n\n sLang = \"C\";\n\n return result();\n}" }, { "path": "db/MSDOS/compiler_Easy!-C.4.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"compiler\", \"Easy!-C\");\n\nfunction detect() {\n if (MSDOS.compareEP(\"9c55568ccd83c5..8db6....56be....56cb\")) {\n sOptions = \"1993 by Flight Technologys\"; //spelling taken from file\n bDetected = true;\n }\n\n sLang = \"C\";\n\n return result();\n}\n" }, { "path": "db/MSDOS/compiler_GRASP.4.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\n// Note: GRaphic Animation System for Professionals\n\nmeta(\"compiler\", \"GRASP Interpreter\");\n\nfunction detect() {\n if (MSDOS.compareEP(\"8cd88ec0b8....8ed88c06....8c16....8926....26a1....3b06....77..e9....2b06....8cdf81c7....3bf873..8bc7\")) {\n sVersion = \"4.00e - 5.0\";\n sOptions = \"1993 by John Bridges\";\n bDetected = true;\n } else if (MSDOS.compareEP(\"8cd88ec0b8....8ed88c06....26a1....3b06....77..e9....2b06....8cdf81c7....3bf873..8bc7\")) {\n sVersion = \"4.0b\";\n sOptions = \"1991 by John Bridges\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/MSDOS/compiler_MegaBasic.4.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"compiler\", \"MegaBasic\");\n\nfunction detect() {\n if (MSDOS.compareEP(\"e9$$$$1eff36....ff36....8cc88ed88ec02e8f06....2e8f06....2e8f06....2e8c0e....b430cd213c..ba....73..e8....2eff36....33c050cb\")) {\n sVersion = \"4.00\";\n sOptions = \"1991-94 by Kristofer Sweger\";\n bDetected = true;\n }\n\n sLang = \"Basic\";\n\n return result();\n}" }, { "path": "db/MSDOS/compiler_MegaBasic1.4.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"compiler\", \"MegaBasic\");\n\nfunction detect() {\n if (MSDOS.compareEP(\"e9$$$$b9....33f633ff1607fcf3a5368c1e....a1....161fa3....e8....bc....b430cd21a2....0ac074..86e0\")) {\n sVersion = \"5.40\";\n sOptions = \"1985-87 by Christopher Cochran\";\n bDetected = true;\n } else if (MSDOS.compareEP(\"e8$$$$b8....cd21360806....84c074..8bf886e08bd0d40a86c4360906....86c48ac48ae6d50a\")) {\n sVersion = \"5.812\";\n sOptions = \"1994 by Christopher Cochran\";\n bDetected = true;\n } else if (MSDOS.compareEP(\"e8$$$$b430cd21360806....0ac074..86e08bd0d40a86c4360906....86c48ac48ae6d50a\")) {\n sVersion = \"5.73\";\n sOptions = \"1992 by Christopher Cochran\";\n bDetected = true;\n } else if (MSDOS.compareEP(\"e9$$$$b9....33f633ff1607fcf3a5368c1e....161fe8....bc....b430cd21a2....0ac074..86e0\")) {\n sOptions = \"1985 by Christopher Cochran\";\n bDetected = true;\n } else if (MSDOS.compareEP(\"e9$$$$b9....33f633ff1607fcf3a5268c1e....161fe8....bc....0e1fba....b8....cd21ba....b8\")) {\n sOptions = \"1985 by Christopher Cochran\";\n bDetected = true;\n }\n\n sLang = \"Basic\";\n\n return result();\n}" }, { "path": "db/MSDOS/compiler_PCC.4.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"compiler\", \"PCC (DeSmet C)\");\n\nfunction detect() {\n if (MSDOS.compareEP(\"e9$$$$368c1e....a1....8cd32bc377..e9....483d....72..b8....b1..d3e03bc473..e9....368b1e....36031e....83c3..3be375..8be0368926....b430cd213c..72..36c606......c606\")) {\n sVersion = \"1.2\";\n sOptions = \"by Mark DeSmet (C Ware Corporation)\";\n bDetected = true;\n } else if (MSDOS.compareEP(\"e9$$$$368c1e....a1....8cd32bc377..e9....483d....72..b8....b1..d3e03bc473..e9....368b1e....36031e....83c3..3be375..8be0368926....b430cd213c..72..36c606......36a2....c606\")) {\n sVersion = \"3.X\";\n sOptions = \"1984-86 by Mark DeSmet (C Ware Corporation)\";\n bDetected = true;\n } else if (MSDOS.compareEP(\"e9$$$$368c1e....a1....8cd32bc377..e9....483d....72..b8....b1..d3e03bc473..e9....8be0c606......c606......b9....be....468a84....3c..74..3c..75..b8....50\")) {\n sVersion = \"2.X\";\n sOptions = \"1984-86 by Mark DeSmet (C Ware Corporation)\";\n bDetected = true;\n } else if (MSDOS.compareEP(\"e9$$$$368c1e....a1....36a3....a1....8cd32bc377..e9....483d....72..b8....b1..d3e03bc473..e9....368b1e....36031e....83c3..3be375..8be0368926\")) {\n sVersion = \"3.1\";\n sOptions = \"1984-86 by Mark DeSmet (C Ware Corporation)\";\n bDetected = true;\n }\n\n sLang = \"C\";\n\n return result();\n}" }, { "path": "db/MSDOS/compiler_Power_C.4.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"compiler\", \"Power C\");\n\nfunction detect() {\n if (MSDOS.compareEP(\"b8....05....b1..d3e88cca03c28b0e....8cdb8ed8891e....890e....8ec0ba....1e8cc88ed8b8....cd21588ed8bf....33c0\")) {\n sVersion = \"2.0.X\";\n sOptions = \"1989-91 by Mix Software\";\n bDetected = true;\n }\n\n sLang = \"C\";\n\n return result();\n}" }, { "path": "db/MSDOS/compiler_SP-FORTH.4.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"compiler\", \"SP-FORTH\");\n\nfunction detect() {\n if (MSDOS.compareEP(\"b8....8ed88bec81c5....c746......e8$$$$8b46..25....0d....cd218b46..83ed..8946..c3\")) {\n sVersion = \"2.5.13\";\n bDetected = true;\n }\n if (MSDOS.compareEP(\"b8....8ed88bec81c5....c746......e8$$$$e8$$$$8bc583ed..8946..c3\")) {\n sVersion = \"2.5.X\";\n sOptions = \"1994\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/MSDOS/compiler_Symantec_BASIC.4.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"compiler\", \"Symantec BASIC\");\n\nfunction detect() {\n if (MSDOS.compareEP(\"e8$$$$1e060e1f9a........8c06....33c08ec026a1....a3....26a1....a3....ba....b0..9a........fa26c706........268c0e....fb071fc3\")) {\n sVersion = \"1.1a\";\n sOptions = \"1993\";\n bDetected = true;\n }\n\n sLang = \"Basic\";\n\n return result();\n}" }, { "path": "db/MSDOS/compiler_Topspeed_C.4.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"compiler\", \"Topspeed C\");\n\nfunction detect() {\n if (MSDOS.compareEP(\"8cc1e3$$1eba....8eda8b0e....8b36....ff36....50a1....ba....8eda890e....8936....a3....58\")) {\n sVersion = \"2.0\";\n sOptions = \"1989 by JPI\";\n bDetected = true;\n } else if (MSDOS.compareEP(\"8cc1e3$$1eba....8eda8b0e....8b36....ff36....50a1....48ba....8eda890e....8936....a3....c706........58\")) {\n sVersion = \"2.0\";\n sOptions = \"1989 by JPI\";\n bDetected = true;\n }\n\n sLang = \"C\";\n\n return result();\n}" }, { "path": "db/MSDOS/compiler_Turbo_Basic.4.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"compiler\", \"Turbo Basic\");\n\nfunction detect() {\n if (MSDOS.compareEP(\"2E8C......2EC706........E8....E8\")) {\n sVersion = \"1.0\";\n sOptions = \"1987\";\n bDetected = true;\n } else if (MSDOS.compareEP(\"faba....8ec28ed2bc....fb8bfc32edbe....8a0e....8bc12bf94f81e7....268c1e....8be78ec2fcf3a48eda8bf7bb....9150\")) {\n sVersion = \"1.0\";\n sOptions = \"1987\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/MSDOS/compiler_Turbo_Prolog.4.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"compiler\", \"Turbo Prolog\");\n\nfunction detect() {\n if (MSDOS.compareEP(\"fab8....8ed8b8....a3....8ed0bc....fb8c06....268e06....8c06....b8....a3....9a\")) {\n sVersion = \"2.0\";\n sOptions = \"1986-88\";\n bDetected = true;\n }\n\n sLang = \"Prolog\";\n\n return result();\n}" }, { "path": "db/MSDOS/compiler_WATCOM.4.sg", "content": "// Detect It Easy: detection rule file\n// Author: Jason Hood \n\nmeta(\"compiler\", \"WATCOM C\");\n\nfunction detect() {\n if (MSDOS.compareEP(\"E9....'WATCOM C'\")) {\n bDetected = true;\n } else if (MSDOS.isSignaturePresent(0, Math.min(2048, MSDOS.getSize()), \"'WATCOM C'\")) {\n bDetected = true;\n } else if (MSDOS.isLE()) {\n var nLE = MSDOS.getNEOffset();\n var nDataPage = MSDOS.readDword(nLE + 0x80);\n var nOffset = MSDOS.readDword(nLE + 0x1C);\n if (MSDOS.compare(\"EB..'WATCOM C'\", nDataPage + nOffset)) {\n bDetected = true;\n }\n } else if (MSDOS.compareEP(\"e9$$$$fbb9....8ec126bb....83c3..80e3..26891e....268c1e....01e383c3..80e3..8ed189dc26891e....89dad1ea\")) {\n sName = \"Open Watcom C/C++16\";\n sVersion = \"2002 by Sybase, Inc.\";\n bDetected = true;\n } else if (MSDOS.compareEP(\"e9$$$$fbb9....8ec1bb....83c3..80e3..26891e....268c1e\")) {\n sName = \"Open Watcom C/C++16\";\n sVersion = \"1988-2002 by Sybase, Inc.\";\n bDetected = true;\n } else if (MSDOS.compareEP(\"8cd8bb....8edb8b1e....0bdb74..8cd18bd4fa8ed3bc....fb50535152a3....e8....5a595b580bdb74..fa8ed18be2fb\")) {\n sName += \"/C++\";\n sVersion = \"1990 by WATCOM Systems Inc.\";\n bDetected = true;\n } else if (MSDOS.compareEP(\"eb$$2e8c06....2e8c16....2e8926....fa8cc88ed0bc....fb2ec706........b8....cd213c..72..2e830e......e8....8bd8\")) {\n sName += \"/C++\";\n sVersion = \"1991 by WATCOM Systems Inc.\";\n bDetected = true;\n } else if (MSDOS.compareEP(\"eb$$2e8c06....2e8c16....2e8926....2ea1....2e0306....fa8ed0bc....fbb8....b1..d3e874..33c054593bcc75..9cb9\")) {\n sVersion = \"1992 by WATCOM Systems Inc.\";\n bDetected = true;\n } else if (MSDOS.compareEP(\"eb$$33ed2e8e1e....26a1....a3....8d06....a3....8d06....a3....8d06....a3....8cd88d1e....8ed08be3bb....26891e\")) {\n sName += \" 386\";\n sVersion = \"1990 by WATCOM Systems Inc.\";\n bDetected = true;\n } else if (MSDOS.compareEP(\"eb$$2e8c06....2e8c16....2e8926....2ea3....2e8916....2e891e....fa8cc88ed0bc....fbe8....8bd8e8....2ea2....fa\")) {\n sVersion = \"1990 by WATCOM Systems Inc.\";\n bDetected = true;\n } else if (MSDOS.compareEP(\"faba....8eda8916....8c06....8c0e....b8....a3....b8....a3....8ed28be0fb0633c9518becbe....268b04a3....8ec28e1e\")) {\n sVersion = \"1988 by WATCOM Systems Inc.\";\n bDetected = true;\n } else if (MSDOS.compareEP(\"eb$$2e8c06....2e8c16....2e8926....2ea3....2e8916....2e891e....2e8c1e....fa8cc88ed0bc....fbe8....8bd8fa2e8e16\")) {\n sVersion = \"1992 by WATCOM Systems Inc.\";\n bDetected = true;\n } else if (MSDOS.compareEP(\"EB....00'*** NULL assignment detected'00'\")) {\n sName = \"Open Watcom C/C++16\";\n sVersion = \"2.0\";\n bDetected = true;\n }\n\n sLang = sName.indexOf(\"C++\") !== -1 ? \"C\" : \"C++\";\n\n return result();\n}" }, { "path": "db/MSDOS/compiler_WPFORTH.4.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"compiler\", \"WPFORTH\");\n\nfunction detect() {\n if (MSDOS.compareEP(\"bd....bc....b8....0e5b81c3....8ed3ffe0\")) {\n sVersion = \"1.0\";\n sOptions = \"1993 by Albert Chan\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/MSDOS/compiler_djgpp.4.sg", "content": "// Detect It Easy: detection rule file\n// Author: Jason Hood \n\nmeta(\"compiler\", \"djgpp\");\n\nfunction detect() {\n if (MSDOS.compare(\"'go32stub'\", 512)) {\n sVersion = \"2\";\n bDetected = true;\n } else if (MSDOS.isSignaturePresent(0, Math.min(8192, MSDOS.getSize()), \"'StubInfoMagic!!'\")) {\n sVersion = \"1\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/MSDOS/compiler_muLISP-87.4.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"compiler\", \"muLISP\");\n\nfunction detect() {\n if (MSDOS.compareEP(\"e9$$$$eb$$8cc88ed88ed0bc....a3....b8....cd21891e....8c06....a0....5084c075..b8....8ec026803e......75..26c416....8cc1\")) {\n sName += \"-87\";\n sOptions = \"1983-1989 by Soft Warehouse, Inc.\";\n bDetected = true;\n } else if (MSDOS.compareEP(\"e9$$$$eb$$8cc88ed88ed0bc....a3....b8....cd21891e....8c06....b8....cd21891e....8c06....ba....b8....cd21a0....5084c0\")) {\n sName += \"-90\";\n sOptions = \"1983-1990 by Soft Warehouse, Inc.\";\n bDetected = true;\n }\n\n sLang = \"LISP\";\n\n return result();\n}" }, { "path": "db/MSDOS/converter_EXE2COM.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"converter\", \"EXE2COM\");\n\nfunction detect() {\n if (MSDOS.compareEP(\"b3..b9....33d2be....8bfeac32c3aa494332e403d0e3..eb\")) {\n sVersion = \"9.50a\";\n bDetected = true;\n } else if (MSDOS.compareEP(\"e9$$$$92be....bf....fca5a48ccb83c3..b9....ad97011de2\")) {\n sOptions = \"1996 by EM-Phaser\";\n bDetected = true;\n } else if (MSDOS.compareEP(\"e9$$$$e9$$$$8cca81c2....3b16....76..ba....b409cd21cd20\")) {\n sOptions = \"generic, type 2\";\n bDetected = true;\n } else if (MSDOS.compareEP(\"e9$$$$bf....be....a5a48cda83c2..50b4..bb....cd21580116....81c2....8ed2\")) {\n sOptions = \"0-Relocs by dR.No //ViP\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/MSDOS/converter_FromBAT.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"converter\", \"FromBAT\");\n\nfunction detect() {\n if (MSDOS.compareEP(\"e9$$$$be....bf....bb....c604..b9....fe04803c..77..c644....b80629cd21be....3c..74..8a04880743e2\")) {\n sOptions = \"1991 by Clockwork Software\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/MSDOS/converter_GRABBER.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"converter\", \"GRABBER\");\n\nfunction detect() {\n if (MSDOS.compareEP(\"e9$$$$fc8cdb8cc88ed8a3....8ec3891e....8b1e....b1..d3e383c3..b44acd2173..eb\")) {\n sVersion = \"6.30-6.31\";\n sOptions = \"1991 by G. A. Monroe\";\n bDetected = true;\n } else if (MSDOS.compareEP(\"eb$$fc8cdbb8....8ed8a3....8ec3891e....8b1e....b1..d3e383c3..b44acd2172..b8\")) {\n sVersion = \"6.32\";\n sOptions = \"1991 by G. A. Monroe\";\n bDetected = true;\n } else if (MSDOS.compareEP(\"e9$$$$fc8cdb8cc88ed88ec0891e....e8\")) {\n sVersion = \"3.70-3.87\";\n sOptions = \"1991 by G. A. Monroe\";\n bDetected = true;\n } else if (MSDOS.compareEP(\"eb$$fc8cdbb8....8ed88ec3891e....a3....8b1e....b1..d3e383c3..b44acd2173..b4\")) {\n sVersion = \"3.91-3.94\";\n sOptions = \"1991-92 by G. A. Monroe\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/MSDOS/converter_com2exe.2.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"converter\", \"com2exe\");\n\nfunction detect() {\n if (MSDOS.compareEP(\"b8....50c3\")) {\n sVersion = \"9.50\";\n bDetected = true;\n } else if (MSDOS.compareEP(\"16179c58f6c4..74..faeb\")) {\n sName = \"COM -> EXE\";\n sOptions = \"1993 by R.Roth\";\n bDetected = true;\n } else if (MSDOS.compareEP(\"fcbe....bf....b9....f3a568....c3\")) {\n sVersion = \"2.1\";\n sOptions = \"1997 by X-HACKS Group\";\n bDetected = true;\n } else if (MSDOS.compare(\"02000000fffff0fffeff....0001f0ff1c00000000000000\", 0x8)) {\n sOptions = \"by Stefan Esser\";\n bDetected = true;\n } else if (MSDOS.compare(\"040000100010f0fffeff00000001f0ff..000000\", 0x8)) {\n sOptions = \"by MasterBall Systems\";\n bDetected = true;\n } else if (MSDOS.compare(\"02000000fffff0fffeff00000001f0ff1c0000000000924b\", 0x8)) {\n sOptions = \"by Tnarchistic KA0T\";\n bDetected = true;\n } else if (MSDOS.compare(\"0200....fffff0fffeff00000001f0ff1c00000000000000\", 0x8)) {\n sOptions = \"by Fabrice Bellard\";\n bDetected = true;\n } else if (MSDOS.compare(\"02000000fffff0fffeff00000001f0ff1c00000020202020\", 0x8)) {\n sOptions = \"by cINOgEN\";\n bDetected = true;\n } else if (MSDOS.compare(\"0500aaaafffff0fffeff00000001f0ff1c00000000000000\", 0x8)) {\n sOptions = \"by COMSEC\";\n bDetected = true;\n } else if (MSDOS.compare(\"0400aaaaffff0000feff00000001f0ff4000000053545542\", 0x8)) {\n sOptions = \"by DblStar Software\";\n bDetected = true;\n } else if (MSDOS.compare(\"0200aaaafffff0fffeff00000001f0ff0000454c49544500\", 0x8)) {\n sOptions = \"by Elite x\";\n bDetected = true;\n } else if (MSDOS.compare(\"02000010fffff0fffeff00000001f0ff1c00000000000000\", 0x8)) {\n sOptions = \"by HENDRX\";\n bDetected = true;\n } else if (MSDOS.compare(\"02000000fffff0fffeff00000001f0ff1c0000004d455353\", 0x8)) {\n sOptions = \"MESS /E\";\n bDetected = true;\n } else if (MSDOS.compare(\"0200aaaafffff0ff000000000001f0ff1c00000050484158\", 0x8)) {\n sOptions = \"by PHaX\";\n bDetected = true;\n } else if (MSDOS.compare(\"2000aa00ffffaaaa00aa00000001f0ff0000000000000000\", 0x8)) {\n sOptions = \"SCRb2e\";\n bDetected = true;\n } else if (MSDOS.compare(\"02008f0daaaaf0fffeff00000001f0ff1c0000000000524f\", 0x8)) {\n sOptions = \"by Rose\";\n bDetected = true;\n } else if (MSDOS.compare(\"0200d70dfffff0fffeff00000001f0ff1c00005472696c6c\", 0x8)) {\n sOptions = \"by Trills nT\";\n bDetected = true;\n } else if (MSDOS.compare(\"02000000fffff0ff000000000001f0ff1c00000000000000\", 0x8)) {\n sOptions = \"UNP x\";\n bDetected = true;\n } else if (MSDOS.compare(\"04000100fffff0fffeffaaaaaa0200001c000000aa020000\", 0x8)) {\n sVersion = \"1.0\";\n sOptions = \"Comvert\";\n bDetected = true;\n } else if (MSDOS.compare(\"18000000fffff0fffeff00000001f0ff1c00000020202020\", 0x8)) {\n sOptions = \"WWPACK\";\n bDetected = true;\n } else if (MSDOS.compare(\"0200....fffff0ff648400000001f0ff1c00000000000000\", 0x8)) {\n sOptions = \"by unknown\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/MSDOS/cryptor_EXE-Cryptor.2.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"cryptor\", \"EXE-Cryptor\");\n\nfunction detect() {\n if (MSDOS.compareEP(\"e9$$$$1e062e8c06....fc0e1fe8$$$$8cc9bb....83c5..5e2ead1e2e81\")) {\n sOptions = \"1993-1995 by Rolle&Schild\"\n bDetected = true;\n } else if (MSDOS.compareEP(\"e9$$$$1e062e8c06....fc0e1ffa8bec8c4e..c746......fe0e\")) {\n sOptions = \"1993 by Rolle&Schild\"\n bDetected = true;\n } else if (MSDOS.compareEP(\"e9$$$$1e062e8c06....fc0e1ffa8bec8c4e..c746......fe0e....f972..ba....0e1fbb....8b0e\")) {\n sOptions = \"1992 by RKT-LANDMARK\"\n bDetected = true;\n } else if (MSDOS.compareEP(\"e9$$$$1e062e8c06....fc0e1f8926....8306......fa8c0e....fe0e....f972..ba....0e1fbb\")) {\n sOptions = \"by RKT-LANDMARK\"\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/MSDOS/cryptor_TUCCRYP.2.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"cryptor\", \"TUCCRYP\");\n\nfunction detect() {\n if (MSDOS.compareEP(\"eb$$2e8c06....8cca8ec28edab4..ba....cd218cda2ea1....2bd08edabb....2e8b0e....b2..51b9....8a0732c28807fec280\")) {\n sVersion = \"2+\";\n sOptions = \"George Stark\";\n bDetected = true;\n } else if (MSDOS.compareEP(\"eb$$2e8c06....8cca8ec28edab4..ba....cd218cda2ea1....2bd08edabb....2ea1....ba....f7e28bc8\")) {\n sName = \"TUC cryPack\";\n sVersion = \"1.0\";\n sOptions = \"George Stark\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/MSDOS/cryptor_deep-CRyPTer.2.sg", "content": "// Detect It Easy: detection rule file\r\n// Author: horsicq \r\n\r\nmeta(\"cryptor\", \"deep-CRyPTer\");\r\n\r\nfunction detect() {\r\n if (MSDOS.compareEP(\"..E9....E8....598BE981......81......BE....8D......66....66....8D......8BD78BDF\")) {\r\n sVersion = \"0.1c\";\r\n bDetected = true;\r\n }\r\n\r\n return result();\r\n}\r\n" }, { "path": "db/MSDOS/dos_extender.0a.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"extender\", \"dos extender by Doug Huffman\");\n\nfunction detect() {\n if (MSDOS.compareEP(\"0e1f8cc6b4..50bb....cd2173..58cd2172..03de8bebb8....cd21065356b8....cd2f0bc075\")) {\n sVersion = \"1991\";\n bDetected = true;\n } else if (MSDOS.compareEP(\"0e1f06b4..50bb....cd2173..58cd2172..8cc003d88bebb8....cd210653b8....cd2f0bc075\")) {\n sVersion = \"1992\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/MSDOS/dos_extender1.0a.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"extender\", \"DOS protected mode extender\");\n\nfunction detect() {\n if (MSDOS.compareEP(\"fafc0e1fe8....8cc0660fb7c066c1e0..6667a3........66b8........66c1e0..6667a3........66670905........66670905\")) {\n sVersion = \"1994 by TRAN (Thomas Pytel)\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/MSDOS/dos_extender2.0a.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"extender\", \"DOS extender\");\n\nfunction detect() {\n if (MSDOS.compareEP(\"bc....bb....438cc02bd8b4..cd2173..9a........0e1feb\")) {\n sVersion = \"1986-90 by Ergo Computing, Inc.\";\n bDetected = true;\n } else if (MSDOS.compareEP(\"b8....8ed0bc....bb....8cc02bd843b4..cd21b8....8ed8c606......b8....8ed88cc0a3\")) {\n sVersion = \"1986-91 by Ergo Computing, Inc.\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/MSDOS/extender_Blinker.0a.sg", "content": "// Detect It Easy: detection rule file\n// Author: Jason Hood \n\nmeta(\"extender\", \"Blinker\");\n\nfunction detect() {\n if (MSDOS.isNE()) {\n if (MSDOS.compare(\"'BLINKER'\", MSDOS.getBaseOffset(0x18))) {\n bDetected = true;\n nOffset = MSDOS.getNEOffset(-0x1200);\n if (nOffset > 0) {\n nOffset = MSDOS.findString(nOffset, 0x1200, \"Blinker \");\n if (nOffset != -1) {\n sVersion = MSDOS.getString(nOffset + 8, 4);\n }\n }\n }\n } else if (MSDOS.compareEP(\"e8$$$$558bec5053515256571e06fc8cc88ed8e8....bf....8845..8c\")) {\n bDetected = true;\n } else if (MSDOS.compareEP(\"e8$$$$1e06fc8cc88ed8e8....bf....8845..8c1e....c41e....891d\")) {\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/MSDOS/extender_CWSDPMI.0a.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"extender\", \"CWSDPMI\");\n\nfunction detect() {\n if (MSDOS.compareEP(\"8b2e....ba....8eda8c06....2bea8b3e....81c7....b1..d3ef473bef72..bf....3bef77..8bfd8bdfd3e7\")) {\n sVersion = \"0.90+ (r4)\";\n sOptions = \"1997 by Charles W. Sandmann\";\n bDetected = true;\n } else if (MSDOS.compareEP(\"e8$$$$8b2e....ba....8eda8c06....2bea8b3e....81c7....b1..d3ef473bef72..bf....3bef77..8bfd8bdfd3e7\")) {\n sVersion = \"0.90+ (6b)\";\n sOptions = \"2001 by Charles W. Sandmann\";\n bDetected = true;\n } else if (MSDOS.compareEP(\"ba....8eda8cd32bdac1e3..8ed203e38c06....fcb430cd213c0373..b0..ba....e9\")) {\n sName += \" (ELFstub)\";\n sVersion = \"1.00\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/MSDOS/extender_CauseWay_DOS_Extender.6.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"extender\", \"CauseWay DOS Extender\");\n\nfunction detect() {\n if (MSDOS.compareEP(\"fa161f26a1....83e8..8ed0fb061607be....8bfeb9....f3a407368c......8bd88cca3603......368b......fd8bc53d....76\")) {\n sVersion = \"3.1X-3.4X\";\n bDetected = true;\n } else if (MSDOS.compareEP(\"eb$$8be88cc60e1f8cc005....0106....b8....cd213c..73..b8....cd21803e......74..8cc005....0306....268b16....3bc273..8ec0a1....33ff\")) {\n sVersion = \"2.64, 3.25\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/MSDOS/extender_DOS32.0a.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"extender\", \"DOS32\");\n\nfunction detect() {\n if (MSDOS.compareEP(\"0e1ffc9c5b8bc380f4..509d9c583ae775..ba....b409cd21b44ccd218c06....26a1....a3\")) {\n sVersion = \"3.3\";\n sOptions = \"1995 by Adam Seychell\";\n bDetected = true;\n } else if (MSDOS.compareEP(\"0e1f068c06....26a1....a3....8ec06633ff6633c96649fc32c0f2ae26380575..83c7\")) {\n sVersion = \"3.0\";\n sOptions = \"by Adam Seychell\";\n bDetected = true;\n } else if (MSDOS.compareEP(\"0e1ffc9c5b8bc380f4..509d9c5838fc75..ba....b409cd21b44ccd21\")) {\n sVersion = \"3.5c rev6\";\n sOptions = \"1995 by Adam Seychell\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/MSDOS/extender_DOS4G.0a.sg", "content": "// Detect It Easy: detection rule file\n// Author: Jason Hood \n\nmeta(\"extender\", \"DOS/4G\");\n\nfunction detect() {\n if (MSDOS.isSignaturePresent(0, Math.min(1024, MSDOS.getSize()), \"'DOS/4G'\")) {\n bDetected = true;\n } else if (MSDOS.isSignaturePresent(0, Math.min(1024, MSDOS.getSize()), \"'DOS4GW'\") ||\n MSDOS.isSignaturePresent(MSDOS.getNEOffset() - 1024, 1024, \"'dos4gw'\")) {\n sName += 'W';\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/MSDOS/extender_DOSX16.0a.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"extender\", \"DOSX16\");\n\nfunction detect() {\n if (MSDOS.compareEP(\"eb$$b430cd213c0372..b8....ba....2bc2268b1e....2bd8b1..d3e08bc881fb....72..1e068eda8ec333f6\")) {\n bDetected = true;\n } else if (MSDOS.compareEP(\"eb$$b430cd213c0372..b8....ba....2bc2268b1e....81eb....2bd8b1..d3e08bc881fb....72..1e068eda8ec333f6\")) {\n sVersion = \"type 1\";\n sOptions = \"CodeView\";\n bDetected = true;\n } else if (MSDOS.compareEP(\"eb$$b430cd213c0372..e8$$$$56571e060e1fb8....cd213c0372..77..80fc..72..b452cd2126a1....3d\")) {\n sVersion = \"type 2\";\n sOptions = \"CodeView\";\n bDetected = true;\n } else if (MSDOS.compareEP(\"eb$$8cc8fa8ed0bc....fb0e1f8c06....c406....a3....8c06....e8....b8....b1..d3e805....a3....e8\")) {\n sVersion = \"type 3\";\n sOptions = \"CodeView\";\n bDetected = true;\n } else if (MSDOS.compareEP(\"eb$$b8....8ed88c06....8ed0bc....50bb....b44acd21588ec0\")) {\n sVersion = \"type 4\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/MSDOS/extender_EMX.0a.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"extender\", \"EMX DOS Extender\");\n\nfunction detect() {\n if (MSDOS.compareEP(\"b8....8ed88c06....e8....e8....e8....e8\")) {\n sVersion = \"0.8f-0.9d\";\n bDetected = true;\n } else if (MSDOS.compareEP(\"b8....8ed88cd88ed0bc....e8....3c..72..26a1\")) {\n sVersion = \"0.8f\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/MSDOS/extender_Go32Stub.0a.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"extender\", \"Go32Stub DOS-Extender\");\n\nfunction detect() {\n if (MSDOS.compareEP(\"0e1f8c1e....8c06....fcb430cd21\")) {\n sVersion = \"2.0\";\n bDetected = true;\n } else if (MSDOS.compareEP(\"68....1fbd....9081ed....8c06....fcb430cd21\")) {\n sVersion = \"2.02T\";\n bDetected = true;\n } else if (MSDOS.compareEP(\"ba....8eda8cd32bdac1e3..8ed203e3bd....81ed....8c06....fcb430cd21\")) {\n sVersion = \"2.02T\";\n bDetected = true;\n } else if (MSDOS.compareEP(\"fc0e1fb4..bb....b9....ba....cd21061e07bf....b9....30c0f3aa07e9\")) {\n sVersion = \"2.02T\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/MSDOS/extender_PMODE.0a.sg", "content": "// Detect It Easy: detection rule file\n// Author: Jason Hood \n\nmeta(\"extender\", \"PMODE/W\");\n\nfunction detect() {\n if (MSDOS.compare(\"'PMODE/W v'\", 0x55)) {\n sVersion = MSDOS.getString(0x5e, 4);\n bDetected = true;\n } else if (MSDOS.compareEP(\"fc1607bf....8bf757b9....f3a5061e071f5fbe....060ea4ad8be8b2..1eb8....50cb\")) {\n sVersion = \"1.12-1.33\";\n sOptions = \"1994-1997 by Daredevil and Tran.\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/MSDOS/extender_PRO32.0a.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"extender\", \"PRO32 Protected Mode DOS Extender\");\n\nfunction detect() {\n if (MSDOS.compareEP(\"e8$$$$8cc82ea3....fa6633f68eeeb8....8ed8b9....66658b0466890483c6..e2..6633c0bb\")) {\n sVersion = \"1.7\";\n sOptions = \"1996-99 by Dieter Pawelczak\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/MSDOS/extender_RSX.0a.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"extender\", \"RSX DPMI DOS Extender\");\n\nfunction detect() {\n if (MSDOS.compareEP(\"8cc2b8....8ed88ec08ed0bc....8916....e8....b44ccd21\")) {\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/MSDOS/extender_Stub-386.0a.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"extender\", \"Stub-386 DPMI DOS Extender\");\n\nfunction detect() {\n if (MSDOS.compareEP(\"0e1f8c06....b430cd213c..73..b8....eb..c606......c606......c606......c606......9a\")) {\n sOptions = \"1997 by LADsoft\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/MSDOS/extender_TMTSTUB.0a.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"extender\", \"TMTSTUB DOS Extender\");\n\nfunction detect() {\n if (MSDOS.compareEP(\"b462cd218bc38ccb538edb8c0e....8c0e....8c0e....2bd8bd....03ddc1e5..b44acd2173..ba....e9\")) {\n sVersion = \"0.31\";\n sOptions = \"32bit WDOSX-based DOS-extender and loader by Rustam Gadeyev\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/MSDOS/extender_WDOSX.0a.sg", "content": "// Detect It Easy: detection rule file\n// Author: Jason Hood \n\nmeta(\"extender\", \"WDos/X\");\n\nfunction detect() {\n if (MSDOS.compare(\"'WDOSX'\", 52)) {\n sVersion = MSDOS.getString(58, 4);\n sOptions = \"1996-1999 by Michael Tippach\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/MSDOS/extender_WDOSX32.0a.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"extender\", \"WDOSX32\");\n\nfunction detect() {\n if (MSDOS.compareEP(\"bc....fcbf....ba....e8....b8....abe8....ba....e8....b0..aabe....bf....89faac3c..75..e8....57444f53584c45\")) {\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/MSDOS/extender_XMLOD.0a.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"extender\", \"XMLOD DOS-Extender\");\n\nfunction detect() {\n if (MSDOS.compareEP(\"8cd805....8ed88ed0bc....90908d06....ffd0\")) {\n sOptions = \"1991 by IGC, Inc.\";\n bDetected = true;\n } else if (MSDOS.compareEP(\"fa8cd805....8ed88ed0bc....90908d1e....c1eb..03c333f6268b5c\")) {\n sVersion = \"1992\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/MSDOS/extender_Xtender.0a.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"extender\", \"Xtender DOS Extender\");\n\nfunction detect() {\n if (MSDOS.compareEP(\"0e1fe8$$$$e8$$$$b8....9c5b80e7..539d9c5980e5..80fd..74..4080cf..539d9c5980e5..74..40668bdc66\")) {\n sVersion = \"1.04.36037\";\n sOptions = \"by vyc/sophtXS\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/MSDOS/immunizer_CPAV.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"immunizer\", \"Central Point Anti-Virus\");\n\nfunction detect() {\n if (MSDOS.compareEP(\"e8$$$$5b81eb....50515256578beb1e2ec6........268e......061fb9....bf....8bc7eb\")) {\n sVersion = \"1992-1993\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/MSDOS/immunizer_F-XLOCK.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"immunizer\", \"F-XLOCK\");\n\nfunction detect() {\n if (MSDOS.compareEP(\"505050535152561e8bdc8cd805....368947..36c747......8e1e....33db8b07433d....74..75..43833f..75..4343\")) {\n sVersion = \"1.16\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/MSDOS/immunizer_Oyster.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"immunizer\", \"Oyster\");\n\nfunction detect() {\n if (MSDOS.compareEP(\"061e55565752515350e8$$$$508cc805....8ed858c3\")) {\n sVersion = \"3.01 1991-95 by BEST\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/MSDOS/immunizer_PGPROT.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"immunizer\", \"PGPROT Antivirus Vaccine\");\n\nfunction detect() {\n if (MSDOS.compareEP(\"e9$$$$2ea3....2e8c1e....2e8c06....0e1f8cc00106....0106....26ff36....0732c033ffb9....f2ae26803d..75..47\")) {\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/MSDOS/immunizer_Palladix.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"immunizer\", \"Palladix Virus Protector\");\n\nfunction detect() {\n if (MSDOS.compareEP(\"2e8c1e....b8....cd2172..3c..72..b8....cd218cc08ed88bd3b8....cd218cc88ed8b8....ba....cc8cc88ed88ec0be....8bfe\")) {\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/MSDOS/immunizer_TTW.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"immunizer\", \"TTW\");\n\nfunction detect() {\n if (MSDOS.compareEP(\"ab33c08bd88bc889c28bf889c6db52..e9\")) {\n sOptions = \"1994-95 by TTW Inc.\";\n bDetected = true;\n }\n if (MSDOS.compareEP(\"d88b....c2....89c6071fcb\")) {\n sOptions = \"1994-95 by TTW Inc.\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/MSDOS/joiner_TurboChainer.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"joiner\", \"TurboChainer\");\n\nfunction detect() {\n if (MSDOS.compareEP(\"ba....8eda8cd32bdad1e3d1e3d1e3d1e3fa8ed203e3fbb8....8ed81efc8d06....83c0..501ebe....8cc08ed8075f8b0c32ed5146f3a4591f\")) {\n sVersion = \"1.03\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/MSDOS/joiner_V-Load.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"joiner\", \"V-Load\");\n\nfunction detect() {\n if (MSDOS.compareEP(\"33f62ef606......74..0e588bd881e3....75..b1..d3e02bf0d3ee065b0e582bc3b1..bb....8bd3d3eb81e2\")) {\n sVersion = \"0.9c1\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/MSDOS/library_ParsecCollection.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: BJNFNE \n\nmeta(\"library\", \"Parsec Collection\");\n\nfunction detect() {\n if (MSDOS.compareOverlay(\"0D0A41205041525345432050726F64756374696F6E\")) {\n sOptions = \"EOF\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/MSDOS/loader_32stub.0a.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"loader\", \"32stub for PE files\");\n\nfunction detect() {\n if (MSDOS.compareEP(\"8cc88ed88c1e....8c06....8c06....8c06....8bdc83c3..d1ebd1ebd1ebd1eb8cd003d82b1e....b8....cd21\")) {\n sOptions = \"by Borland\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/MSDOS/mbp_SHRINK.2.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"packer\", \"mbp SHRINK\");\n\nfunction detect() {\n if (MSDOS.compareEP(\"061e508cc005....2e0106....2e0106....8bd02e0306....2ea3....2e8b3e....8ed80355..8955..8b3d0bff74\")) {\n sOptions = \"by mbp Software & Systems\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/MSDOS/other_AutoHack.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"other\", \"AutoHack addition\");\n\nfunction detect() {\n if (MSDOS.compareEP(\"0e1fb409ba....cd21fa8e06....be....8b0e....83f9..74..fdd1e1\")) {\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/MSDOS/other_Coderunner.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\n// CodeRunneR is an effective tool for creating new TSRs and porting existing applications to a TSR environment.\n// http://www.drdobbs.com/msis-coderunner-makes-your-tsrs-run/184402267?pgno=5\n\nmeta(\"other\", \"CodeRunneR\");\n\nfunction detect() {\n if (MSDOS.compareEP(\"e9$$$$e8$$$$fc5e8cdaa1....bd....8edd8ec5a3....b9....bf....2bcf33c02ea3....41d1e9f3ab8916\")) {\n sOptions = \"1989 by Micro Systems Software, Inc.\";\n bDetected = true;\n } else if (MSDOS.compareEP(\"e9$$$$e8$$$$fc5e8cda8b1e....bd....8edd8ec5b9....bf....2bcf33c02ea3....41d1e9f3ab891e\")) {\n sOptions = \"1989 by Micro Systems Software, Inc.\";\n bDetected = true;\n } else if (MSDOS.compareEP(\"e9$$$$e8$$$$fc5e8cdaa1....bd....8edd8ec5a3....b9....bf....2bcf33c02ea3....d1e9f3ab8916\")) {\n sOptions = \"1992 by OP\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/MSDOS/other_DemoMaker.2.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"other\", \"DemoMaker\");\n\nfunction detect() {\n if (MSDOS.compareEP(\"be....ad8ed833f6b8....8ec0bf....b9....ac3c..75..3a0474..e2..b8....8ed8b409ba....cd21b8....cd21\")) {\n sVersion = \"1.55\";\n sOptions = \"1993-94 by R.Janorkar\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/MSDOS/overlay_overlays.6.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"overlay\", \"\");\n\nfunction detect() {\n if (MSDOS.compareOverlay(\"....'-lh'..2d\") || MSDOS.compareOverlay(\"....'-lz'..2d\")) {\n sName = \"LHA archive\";\n switch (MSDOS.readByte(MSDOS.getOverlayOffset() + 0x5)) {\n case 0x30: bDetected = true; break;\n case 0x31: bDetected = true; break;\n case 0x32: bDetected = true; break;\n case 0x33: bDetected = true; break;\n case 0x34: bDetected = true; break;\n case 0x35: bDetected = true; break;\n case 0x36: bDetected = true; break;\n case 0x64: bDetected = true; break;\n case 0x73: bDetected = true; break;\n }\n } else if (MSDOS.compareOverlay(\"60ea\")) {\n sName = \"ARJ archive\";\n bDetected = true;\n } else if (MSDOS.compareOverlay(\"'ZOO'............'Archive'\")) {\n bDetected = true;\n sName = \"ZOO archive\";\n } else if (MSDOS.compareOverlay(\"4c0103\")) {\n bDetected = true;\n sName = \"COFF executable\";\n } else if (MSDOS.compareOverlay(\"0101'Aladdin'\")) {\n sName = \"Self UnStuffit data\";\n sVersion = \"1.1\";\n sOptions = \"by Aladdin Systems, Inc.\";\n bDetected = true;\n } else if (MSDOS.compareOverlay(\"7f'ELF'010101\")) {\n sName = \"ELF executable\";\n bDetected = true;\n } else if (MSDOS.compareOverlay(\"................'BSA'\")) {\n sName = \"BSN archive\";\n bDetected = true;\n } else if (MSDOS.compareOverlay(\"'W4'\")) {\n sName = \"W4 executable\";\n bDetected = true;\n } else if (MSDOS.compareOverlay(\"fef2fc\")) {\n sName = \"FOXPRO archive\";\n bDetected = true;\n } else if (MSDOS.compareOverlay(\"'SXD'00\")) {\n sName = \"Sydex archive\";\n bDetected = true;\n } else if (MSDOS.compareOverlay(\"'RS'000102\")) {\n sName = \"GamBit Pro Library archive\";\n bDetected = true;\n } else if (MSDOS.compareOverlay(\"'PK'0304\")) {\n sName = \"ZIP archive\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/MSDOS/packer_32LiTe.2.sg", "content": "// Detect It Easy: detection rule file\n\n// Author: DosX\n// E-Mail: collab@kay-software.ru\n// GitHub: https://github.com/DosX-dev\n// Telegram: @DosX_dev\n\n// https://www.softpedia.com/get/Compression-tools/32LiTE.shtml\nmeta(\"packer\", \"32LiTe\");\n\nfunction detect() {\n if (MSDOS.compareEP(\"1E060E1F0E07BE....BF....8BCFFC57F3A48CC80106....C333FF\")) {\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/MSDOS/packer_AINEXE.2.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"packer\", \"AINEXE\");\n\nfunction detect() {\n if (MSDOS.compareEP(\"a1....2d....8ed0bc....8cd836a3....05....36a3....2ea1....8ad4b1..d2eafec9d3e08cd336\")) {\n sVersion = \"2.1\";\n bDetected = true;\n } else if (MSDOS.compareEP(\"0e07b9....be....33fffcf3a4a1....2d....8ed0bc....8cd836......05....36......2e\")) {\n sVersion = \"2.3\";\n bDetected = true;\n } else if (MSDOS.compareEP(\"a1....2d....8ed0bc....8cd836a3....05....36a3....2ea1....8ad4b1..d2ead3e08cd3368b2e....2e032e....fdfeca\")) {\n sVersion = \"2.22\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/MSDOS/packer_AVPACK.2.sg", "content": "// Detect It Easy: detection rule file\r\n// Author: horsicq \r\n\r\nmeta(\"packer\", \"AVPACK\");\r\n\r\nfunction detect() {\r\n if (MSDOS.compareEP(\"501E0E1F160733F68BFEB9....FCF3A506BB....53CB\")) {\r\n sVersion = \"1.20\";\r\n bDetected = true;\r\n } else if (MSDOS.compareEP(\"EB$$501E0E1F160733F68BFEB9....FCF3A506BB....53CB\")) {\r\n bDetected = true;\r\n } else if (MSDOS.compareEP(\"e9$$$$8cda0316....8bda0316....3b16....76..ba....b409cd21cd208cd28bccfa8ed3bc....fb5251501e53b8\")) {\r\n bDetected = true;\r\n }\r\n\r\n return result();\r\n}\r\n" }, { "path": "db/MSDOS/packer_Amisetup.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"packer\", \"Amisetup loader\");\n\nfunction detect() {\n if (MSDOS.compareEP(\"b8....50b8....501e8cc88ed8e8$$$$9c5b81e3....539d9c5b81e3....81fb....74..c3\")) {\n sOptions = \"by Robert Muchsel\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/MSDOS/packer_COMPACK.2.sg", "content": "// Detect It Easy: detection rule file\r\n// Author: horsicq \r\n\r\nmeta(\"packer\", \"COMPACK\");\r\n\r\nfunction detect() {\r\n if (MSDOS.compareEP(\"BE....E8....5D83....55505351520E070E1F8BCE\")) {\r\n sVersion = \"4.5\";\r\n bDetected = true;\r\n } else if (MSDOS.compareEP(\"BD....50068CCB03DD8CD24B8EDBBE....BF....8EC2B9....F3A54A4D75\")) {\r\n sVersion = \"5.1\";\r\n bDetected = true;\r\n }\r\n\r\n return result();\r\n}\r\n" }, { "path": "db/MSDOS/packer_CRYPACK.2.sg", "content": "// Detect It Easy: detection rule file\r\n// Author: horsicq \r\n\r\nmeta(\"packer\", \"CRYPACK\");\r\n\r\nfunction detect() {\r\n if (MSDOS.compareEP(\"EB..061E8CD805....8ED833DB0E0733FFBE....8A0726....32C48807473BFE\")) {\r\n sVersion = \"3.0\";\r\n bDetected = true;\r\n }\r\n\r\n return result();\r\n}\r\n" }, { "path": "db/MSDOS/packer_Compress-EXE.2.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"packer\", \"Compress-EXE\");\n\nfunction detect() {\n if (MSDOS.compareEP(\"9c508cdb53530e1f83c3..33ff8ec38bd3015d..015d..b9....be....fc32e4ac3c..77\")) {\n sVersion = \"1.0\";\n sOptions = \"1990 by W.ZhongHua\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/MSDOS/packer_DIET.2.sg", "content": "// Detect It Easy: detection rule file\r\n// Author: horsicq \r\n\r\nmeta(\"packer\", \"DIET\");\r\n\r\nfunction detect() {\r\n if (MSDOS.compareEP(\"BF....3BFC72..B44CCD21BE....B9....FDF3A5FC\")) {\r\n sVersion = \"1.00/1.00d\";\r\n bDetected = true;\r\n } else if (MSDOS.compareEP(\"FC061E0E8CC801......BA....03............................00000000\")) {\r\n sVersion = \"1.00d\";\r\n bDetected = true;\r\n } else if (MSDOS.compareEP(\"fc061e0e8cc80106....ba....03c28bd805....8edb8ec033f633ffb9....f3a54b484a79..8ec38ed8be....ad8be8b2..ea\")) {\r\n sVersion = MSDOS.compareEP(\"64\", 55) ? \"1.10a/1.20\" : \"1.00\";\r\n bDetected = true;\r\n } else if (MSDOS.compareEP(\"BE....BF....B9....3BFC72..B44CCD21FDF3A5FC\")) {\r\n sVersion = \"1.02b/1.10a/1.20\";\r\n bDetected = true;\r\n } else if (MSDOS.compareEP(\"F89C061E5756525153500EFC8CC8BA....03D052\")) {\r\n sVersion = \"1.44/1.45f\";\r\n bDetected = true;\r\n } else if (MSDOS.compareEP(\"F99CEB$$061e5756525153500efc8cc82e0106....ba....03c28bd805....8edb8ec033f633ff\")) {\r\n sVersion = \"1.43/1.44\";\r\n bDetected = true;\r\n } else if (MSDOS.compareEP(\"F99CEB$$061e5756525153500efc8cc8ba....03d052ba....52ba....03c28bd805....8edb\")) {\r\n sVersion = \"1.45f\";\r\n bDetected = true;\r\n } else if (MSDOS.compareEP(\"061e0efc8cc80106....ba....03c28bd805....8edb8ec033f633ffb9....f3a54b484a79\")) {\r\n sVersion = \"1.44b\";\r\n bDetected = true;\r\n } else if (MSDOS.compareEP(\"bd....1e068ccb03dd8cd24b8edbbe....bf....8ec2b9....f3a54a4d\")) {\r\n sVersion = \"1.45d\";\r\n bDetected = true;\r\n }\r\n\r\n return result();\r\n}\r\n" }, { "path": "db/MSDOS/packer_DSHIELD.2.sg", "content": "// Detect It Easy: detection rule file\r\n// Author: horsicq \r\n\r\nmeta(\"packer\", \"DSHIELD\");\r\n\r\nfunction detect() {\r\n if (MSDOS.compareEP(\"06E8....5E83EE..16179C58B9....25....2E\")) {\r\n bDetected = true;\r\n }\r\n\r\n return result();\r\n}\r\n" }, { "path": "db/MSDOS/packer_DexEXE.2.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"packer\", \"DexEXE\");\n\nfunction detect() {\n if (MSDOS.compareEP(\"8b2e....2e8c0e....2e8c0e....83ed..8ed5bc....501eba....f91bea8ec58cc805....8ed80e06fc33f68bfe8adeb1..d3e2d2ebb8....74..b9....f3a5\")) {\n sVersion = \"2.1\";\n sOptions = \"by Kaljevic Dejan\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/MSDOS/packer_EXECUTRIX.2.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"packer\", \"EXECUTRIX-COMPRESSOR\");\n\nfunction detect() {\n if (MSDOS.compareEP(\"e9$$$$0e1fa3....8c1e....8c1e....268b......89......8ccbb8....05....05....2bc3a3....8cd01e5b2bc3a3....b430cd21\")) {\n sOptions = \"by Knowledge Dynamics Corp\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/MSDOS/packer_EXEPACK.2.sg", "content": "// Detect It Easy: detection rule file\r\n// Author: horsicq \r\n\r\nmeta(\"packer\", \"EXEPACK\");\r\n\r\nfunction detect() {\r\n if (MSDOS.compareEP(\"8cc005....0e1fa3....0306....8ec08b0e....8bf94f8bf7fdf3a4\")) {\r\n switch ((MSDOS.readByte(18) << 8) | MSDOS.readByte(20)) {\r\n case 0x0010:\r\n sVersion = \"3.65\";\r\n break;\r\n case 0x9910:\r\n sVersion = \"4.00\";\r\n break;\r\n case 0x1510:\r\n sVersion = \"4.03\";\r\n break;\r\n case 0x0012:\r\n case 0x0112:\r\n sVersion = \"4.06\";\r\n break;\r\n case 0x0014:\r\n case 0x2d10:\r\n case 0x7c10:\r\n sVersion = \"4.00 - 4.06\";\r\n break;\r\n case 0x8410:\r\n sVersion = \"4.0x (possibly)\";\r\n break;\r\n }\r\n bDetected = true;\r\n } else if (MSDOS.compareEP(\"428cc005....0e1fa3....0306....8ec08b0e....8bf94f8bf7fdf3a4\")) {\r\n if (MSDOS.readByte(18) == 0x00 && MSDOS.readByte(20) == 0x10) {\r\n sVersion = \"3.65\";\r\n }\r\n bDetected = true;\r\n } else if (MSDOS.compareEP(\"..52428be88cc005....0e1fa3....0306....8ec0..0e....8bf94f8bf7fdf3a4\")) {\r\n if (MSDOS.readByte(18) == 0x00 && MSDOS.readByte(20) == 0x10) {\r\n sVersion = \"3.65\";\r\n }\r\n bDetected = true;\r\n } else if (MSDOS.compareEP(\"8be88cc0......0e1fa3....0306....8ec08b0e........4f8bf7fdf3a4\")) {\r\n if (MSDOS.readByte(20) == 0x10) {\r\n sVersion = \"3.69\";\r\n } else if (MSDOS.readByte(18) == 0x00 && MSDOS.readByte(20) == 0x12) {\r\n sVersion = \"5.31.009\";\r\n }\r\n bDetected = true;\r\n } else if (MSDOS.compareEP(\"8be88cc0......0e1fa3....0306....06b8....06008b....8bf7fdf3a450b8....50cb\")) {\r\n sVersion = \"5.31.009\";\r\n bDetected = true;\r\n } else if (MSDOS.compareEP(\"8bc6f7d0d3e88cda2bd073..8cd82bd2d3e003f08eda8bc7\")) {\r\n sVersion = \"3.65\";\r\n bDetected = true;\r\n }\r\n\r\n return result();\r\n}\r\n" }, { "path": "db/MSDOS/packer_ExeLITE.2.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"packer\", \"ExeLITE\");\n\nfunction detect() {\n if (MSDOS.compareEP(\"fc8cc80106....ba....03c28bd805....8edb8ec033ff33f6b9....f3a5484b4a75..8ec38ed8be\")) {\n sVersion = \"1.00\";\n bDetected = true;\n } else if (MSDOS.compareEP(\"b8....bb....0e5a03c20e5053cb\")) {\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/MSDOS/packer_LGLZ.2.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"packer\", \"LGLZ\");\n\nfunction detect() {\n if (MSDOS.compareEP(\"fc1e060e8cc80106....ba....03c28bd805....8edb8ec033f633ffb9....f3a54b484a79..8ec38ed8be....ad95b2..ea\")) {\n sVersion = \"1.04\";\n sOptions = \"by G.Lyapko\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/MSDOS/packer_LZEXE.2.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"packer\", \"LZEXE\");\n\nfunction detect() {\n if (MSDOS.compareEP(\"060e1f8b0e....8bf14e89f78cdb03......8ec3fdf3a453b8....50cb\")) {\n sVersion = \"0.91, 1.0\";\n bDetected = true;\n } else if (MSDOS.compareEP(\"060e1f8b0e....8bf14e89f78cdb03......8ec3b4..31edfdac01c5aae2\")) {\n sVersion = \"0.90\";\n bDetected = true;\n } else if (MSDOS.compareEP(\"50060e1f8b0e....8bf14e89f78cdb03......8ec3fdf3a453b8....50cb\")) {\n sVersion = \"0.91c\";\n bDetected = true;\n } else if (MSDOS.compareEP(\"50060e1f8b36....83e6..8bfe8bced1e9418cdb031e....8ec3fdf3a553b8....50cb\")) {\n sVersion = \"0.91c\";\n bDetected = true;\n } else if (MSDOS.compareEP(\"50060e1f8b0e....8bf14e8cdb89f703......8ec3fdf3a4b8....5350cb\")) {\n sVersion = \"0.91\";\n sOptions = \"1990\";\n bDetected = true;\n } else if (MSDOS.compareEP(\"0e1f068b0e....8bf14e89f78cdb031e....8ec3fdf3a453b8....50cb\")) {\n sVersion = \"1.0\";\n bDetected = true;\n } else if (MSDOS.compareEP(\"0e1f8b0e....89ce504e8cdb0689f7031e....fd8ec3f3a453b8....50cb\")) {\n sVersion = \"?.?\";\n bDetected = true;\n } else if (MSDOS.compareEP(\"060e1f8b0e....8bf14e8bfe8cdb031e....8ec3fdf3a453b8....50cb\")) {\n sVersion = \"1.0a\";\n bDetected = true;\n } else if (MSDOS.compareEP(\"060e1f8b0e....8bf14e89f78cdb031e....fd8ec3f3a453b8....50cb\")) {\n sVersion = \"1.0a\";\n bDetected = true;\n } else if (MSDOS.compareEP(\"8cd805....2e0106....2eff2e\")) {\n sVersion = \"1.00a\";\n sOptions = \"suspicious, look like a trick\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/MSDOS/packer_MSLite.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"packer\", \"MSLite\");\n\nfunction detect() {\n if (MSDOS.compareEP(\"538cd315....8beceb$$b8....ffe0\")) {\n sVersion = \"2.3\";\n sOptions = \"1998 by A.Cheng //Mercury Soft\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/MSDOS/packer_Optlink.2.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"packer\", \"Optlink\");\n\nfunction detect() {\n if (MSDOS.compareEP(\"87c0eb$$fc8c..83c2..5216070e1f0116....0116....33f633ffb9....f3a506b8....50cb\")) {\n sVersion = \"1.0\";\n bDetected = true;\n } else if (MSDOS.compareEP(\"87c006571e56525153509cfc8cc283c2..16070e1f0116....0116....33f633ffb9....f3a506b8....50bd....cb\")) {\n sVersion = \"1.0\";\n bDetected = true;\n } else if (MSDOS.compareEP(\"87c0eb$$8cda83c2..5216070e1f0116....0116....33f633ffb9....f3a506b8....50cb\")) {\n sVersion = \"1.0\";\n bDetected = true;\n } else if (MSDOS.compareEP(\"87c0fc8cda83c2..16070e1f0116....0116....33f633ffb9....f3a506b8....50bd....cb\")) {\n sVersion = \"1.0\";\n bDetected = true;\n } else if (MSDOS.compareEP(\"87c0555657525153509cfc8cda83c2..16070e1f0116....0116....33f633ffb9....f3a506b8....50bd....cb\")) {\n sOptions = \"prepacked\";\n sVersion = \"1.0\";\n bDetected = true;\n } else if (MSDOS.compareEP(\"bf....8edffa8ed781c4....fbb430cd21a2....8826....3c..73..8d16....b409cd2133c05006cb\")) {\n sVersion = \"1.0\";\n bDetected = true;\n } else if (MSDOS.compareEP(\"87c08cda83c2..16070e1f0116....0116....33f633ffb9....f3a506b8....50bd....cb\")) {\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/MSDOS/packer_PGMPAK.2.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"packer\", \"PGMPAK\");\n\nfunction detect() {\n if (MSDOS.compareEP(\"fa1e1750b430cd213c..73..b44ccd21fcbe....bf....e8....e8....bb....ba....8ac38bf3\")) {\n sVersion = \"0.13\";\n bDetected = true;\n }\n if (MSDOS.compareEP(\"1e1750b430cd213c..73..b44ccd21fcbe....bf....e8....e8....bb....ba....8ac38bf3\")) {\n sVersion = \"0.15\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/MSDOS/packer_PKEXE.2.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"packer\", \"PKEXE\");\n\nfunction detect() {\n if (MSDOS.compareEP(\"fa50535152565755061e8cc88bd88ed80106....0106....0306....33f68ec006e8\")) {\n sOptions = \"1994 by D.Usov\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/MSDOS/packer_PKLITE.2.sg", "content": "// Detect It Easy: detection rule file\r\n// Author: horsicq \r\n\r\nmeta(\"packer\", \"PKLITE\");\r\n\r\nfunction detect() {\r\n if (MSDOS.compare(\"'PKLITE'\", 0x1E) || MSDOS.compare(\"'PKlite'\", 0x1E)) {\r\n var bBit = MSDOS.readByte(0x1D);\r\n sVersion = (bBit & 0x7) + \".\" + (\"0\" + MSDOS.readByte(0x1C)).slice(-2);\r\n\r\n if (bBit & 0x8) {\r\n sOptions = \"Extra compression\";\r\n }\r\n if (bBit & 0x10) {\r\n sOptions = sOptions.append(\"Multi-segment file\");\r\n }\r\n\r\n bDetected = true;\r\n } else if (MSDOS.compareEP(\"1FB409BA....CD21B8....CD21\")) {\r\n sVersion = \"1.50\";\r\n sOptions = \"CRC check\";\r\n bDetected = true;\r\n } else if (MSDOS.compareEP(\"50B8....BA....05....3B060200\")) {\r\n sVersion = \"1.50\";\r\n bDetected = true;\r\n } else if (MSDOS.compareEP(\"B8....BA....05....3B060200\")) {\r\n sVersion = \"1.12-1.13\";\r\n bDetected = true;\r\n } else if (MSDOS.compareEP(\"b8....ba....05....2d....fa8ed0fb2d....8ec050b9....33ff57be....fc565706518cc88ec0\")) {\r\n sVersion = \"1.12\";\r\n sOptions = \"extra compression\";\r\n bDetected = true;\r\n } else if (MSDOS.compareEP(\"ba....b8....05....3B06....73..2d....fa8ed0fb2d....8ec050b9....33ff57be....fcf3a5cb\")) {\r\n sVersion = \"1.1X\";\r\n bDetected = true;\r\n } else if (MSDOS.compareEP(\"b8....05....3B06....72..cd20b9....2d....8ed02d....8ec006ba....be....33ff571e571feb\")) {\r\n sVersion = \"1.1X\";\r\n bDetected = true;\r\n } else if (MSDOS.compareEP(\"B8....BA....3bc473..8bc42d....25....8bf8b9....be....fcf3a58bd8b1..d3eb8cd903d95333db53cb\")) {\r\n sVersion = \"1.12, 1.20\";\r\n bDetected = true;\r\n } else if (MSDOS.compareEP(\"50532b06....0a06....8b1e....5b58b8....ba....8cdb03d83b1e....73..83eb..fa8ed3bc....fb\")) {\r\n sVersion = \"1.05\";\r\n bDetected = true;\r\n } else if (MSDOS.compareEP(\"8cd805....ba....903b06....72..b409ba....cd21cd20\")) {\r\n sVersion = \"1.15\";\r\n bDetected = true;\r\n } else if (MSDOS.compareEP(\"B8....BA....8cdb03d83b1e....73..83eb..fa8ed3bc....fb83eb..8ec353b9....33ff57be....fcf3a5cb\")) {\r\n sVersion = \"1.03-1.05\";\r\n bDetected = true;\r\n } else if (MSDOS.compareEP(\"B8....BA....8cdb03d83b1e....73..83eb..fa8ed3bc....fb83eb..908ec353b9....33ff57be....90fcf3a5cb\")) {\r\n sVersion = \"1.03\";\r\n sOptions = \"type 2\";\r\n bDetected = true;\r\n } else if (MSDOS.compareEP(\"2e8c1e....8b1e....8cda81c2....3bda72..81eb....83eb..fa8ed3bc....fbfdbe....8bfe8ccab9....03d1\")) {\r\n sVersion = \"1.00c\";\r\n bDetected = true;\r\n } else if (MSDOS.compareEP(\"b8....ba....3b06....73..2d....8ed02d....518ec050b9....33ff57be....fcf3a5\")) {\r\n sName += \" [hacked] by Shay Lev Ary\";\r\n bDetected = true;\r\n }\r\n\r\n return result();\r\n}\r\n" }, { "path": "db/MSDOS/packer_PKTINY.2.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"packer\", \"PKTINY\");\n\nfunction detect() {\n if (MSDOS.compareEP(\"2ec606......2ec606......2ec606......e9\")) {\n sVersion = \"1.0\"\n sOptions = \"by Thomas Monkemeier\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/MSDOS/packer_PMWLite.2.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"packer\", \"PMWLite\");\n\nfunction detect() {\n if (MSDOS.compareEP(\"e8$$$$fc1633c033db8ec026c406....26813e........75..26813e........74..26891e....26891e....07c3\")) {\n sVersion = \"1.33\";\n sOptions = \"by Daredevil & Tran\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/MSDOS/packer_PRO-PACK.2.sg", "content": "// Detect It Easy: detection rule file\n// Author: Jason Hood \n\nmeta(\"packer\", \"PRO-PACK\");\n\nfunction detect() {\n if (MSDOS.compareEP(\"0e8cd38ec38cca8eda8b......8bf183....8bfed1..fdf3a553b8....508b\")) {\n sVersion = \"2.13-2.14\";\n bDetected = true;\n } else if (MSDOS.compareEP(\"8cd38ec38cca8eda8b0e....8bf183ee..8bfed1..fdf3a553b8....508b......cb\")) {\n sVersion = \"2.08\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/MSDOS/packer_Pack.2.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"packer\", \"Pack\");\n\nfunction detect() {\n if (MSDOS.compareEP(\"eb$$2e8c1e....2e8c06....8cc383c3..2e891e....8cc88ed8505351525657061eb462cd212e891e....b4..33db4bcd21\")) {\n sVersion = \"1.0\";\n sOptions = \"1987 by K.Kokkonen\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/MSDOS/packer_Packers.2.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"packer\", \"Packer\");\n\nfunction detect() {\n if (MSDOS.compareEP(\"fd1e0e81de....89f63bf23ab0....03f433f003f333f781d6....0e28de1a72..00d62250..1250..81e6....07\")) {\n sOptions = \"by mARQUIS dE sOIRPE //mDS/uCF\";\n bDetected = true;\n } else if (MSDOS.compareEP(\"e800005e83c6..90b9....8cd805....2ec43c8cc303d88ec326010583c6..e2\")) {\n sName = \"relocation packer\";\n sOptions = \"by The DoP\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/MSDOS/packer_RERP.2.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"packer\", \"RERP\");\n\nfunction detect() {\n if (MSDOS.compareEP(\"fc1e068cc383c3..0e1fbe....b9....ad3bc175..ad3bc174..03c38ec0ad8bf826011deb\")) {\n sVersion = \"0.02\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/MSDOS/packer_RIXEPACK.2.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"packer\", \"RIXEPACK\");\n\nfunction detect() {\n if (MSDOS.compareEP(\"eb$$fc2e8c1e....8cc88ed8a3....8cc34b8ec326031e....81eb....0306....05....3bc3\")) {\n sOptions = \"1986, 1990 by RIX SoftWorks, Inc.\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/MSDOS/packer_RJcrush.2.sg", "content": "// Detect It Easy: detection rule file\r\n// Author: horsicq \r\n\r\nmeta(\"packer\", \"RJcrush\");\r\n\r\nfunction detect() {\r\n if (MSDOS.compareEP(\"06FC8CC8BA....03D052BA....52BA....03C28BD805....8EDB8EC033F633FFB9\")) {\r\n sVersion = \"1.00\";\r\n bDetected = true;\r\n }\r\n\r\n return result();\r\n}\r\n" }, { "path": "db/MSDOS/packer_Relpack.2.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"packer\", \"Relpack\");\n\nfunction detect() {\n if (MSDOS.compareEP(\"eb$$2e8c1e....2e8c06....8cc383c3..8cc88ed8be....fcad3d........ad3d........03c38ec0ad\")) {\n sVersion = \"1.0\";\n sOptions = \"by TurboPower Software\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/MSDOS/packer_SCRNCH.2.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"packer\", \"SCRNCH\");\n\nfunction detect() {\n if (MSDOS.compareEP(\"eb$$bb....b44acd2181eb....73..ba....b9....e9$$$$0e1fb440bb....cd21b8....cd21\")) {\n sVersion = \"1.02\";\n sOptions = \"by Graeme W. McRae\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/MSDOS/packer_SEA-AXE.2.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"packer\", \"SEA-AXE\");\n\nfunction detect() {\n if (MSDOS.compareEP(\"fcbc....0e1fe8....26a1....8b1e....2bc38ec0b1..d3e38bcbbf....8bf7f3a5bf....0657cb\")) {\n bDetected = true;\n } else if (MSDOS.compareEP(\"fcbc....0e1fa3....e8....a1....8b1e....2bc38ec0b1..d3e38bcbbf....8bf7f3a5bf....0657cb\")) {\n sVersion = \"2.0\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/MSDOS/packer_Scramb.2.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"packer\", \"Scramb\");\n\nfunction detect() {\n if (MSDOS.compareEP(\"e9$$$$e8$$$$5b0e1f81eb....8bc305....508bc803d12bfac3\")) {\n sVersion = \"1.20\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/MSDOS/packer_Shrinker.2.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"packer\", \"Shrinker\");\n\nfunction detect() {\n if (MSDOS.compareEP(\"bb....ba....81c3....b8....b1..d3e803c38cd9498ec12603......2bc872..fa8ed3bc....fb\")) {\n sVersion = \"3.0\";\n sOptions = \"1997 by A.S.M.\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/MSDOS/packer_TSCRUNCH.2.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"packer\", \"TSCRUNCH\");\n\nfunction detect() {\n if (MSDOS.compareEP(\"e9$$$$061e55575652515350161f0e078bf4bf....b9....fcf3a4b430cd213c0373..be....e9\")) {\n sOptions = \"by Clarion software\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/MSDOS/packer_Tenth_Planet.2.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"packer\", \"Tenth Planet Soft packer\");\n\nfunction detect() {\n if (MSDOS.compareEP(\"50068cca8edabe....fcad95ad9303da8ec38b0c8bf14e8bfefdf3a4b8....0650cb\")) {\n sOptions = \"1996\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/MSDOS/packer_TinyProg.2.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"packer\", \"TinyProg\");\n\nfunction detect() {\n if (MSDOS.compareEP(\"e9$$$$eb$$83ec..83e4..8bec50be....0336....8cd28cd803....33c275..fc8ec233ff\")) {\n sVersion = \"3.X\";\n bDetected = true;\n } else if (MSDOS.compareEP(\"e8$$$$eb$$83ec..83e4..8bec50be....0336....8cd28cd803....33c275..fc8ec233ff\")) {\n sVersion = \"3.X\";\n bDetected = true;\n } else if (MSDOS.compareEP(\"eb$$83ec..83e4..8bec50be....0336....8cd28cd803....33c275..fc8ec233ff\")) {\n sVersion = \"3.X\";\n sOptions = \"modified\";\n bDetected = true;\n } else if (MSDOS.compareEP(\"83ec..83e4..8bec50be....0336....8cd28cd803....33c275..fc8ec233ff\")) {\n sVersion = \"3.X\";\n bDetected = true;\n } else if (MSDOS.compareEP(\"e9$$$$2ec606......e9$$$$83ec..83e4..8bec50be............8cd28cd803....33c275..fc8ec233ff\")) {\n sVersion = \"3.X\";\n sOptions = \"modified\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/MSDOS/packer_Tinyprot.2.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"packer\", \"TinyProt\");\n\nfunction detect() {\n if (MSDOS.compareEP(\"061e575650535152bd....0e1f8cc005....8ec0be....8b44..8cc103c18944..06b8....cd21891e....8c06....b8....cd21891e....8c06....07ba....b8....45cd21cd01\")) {\n bDetected = true;\n } else if (MSDOS.compareEP(\"18..00..eb$$83ec..83e4..8bec50be....0336....8cd28cd80344..33c275..fc\")) {\n sVersion = \"1.0c-e\";\n sOptions = \"1996 by I.Hakszer\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/MSDOS/packer_UCEXE.2.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"packer\", \"UCEXE\");\n\nfunction detect() {\n if (MSDOS.compareEP(\"501e0e1ffc33f6e8....160733f633ffb9....f3a506b8....50cb\")) {\n sVersion = \"2.3\";\n sOptions = \"1996 by A.Cadach\";\n bDetected = true;\n } else if (MSDOS.compareEP(\"501e0e1ffc2bf6e8....16072bf68bfeb9....f3a406b8....50cb\")) {\n sVersion = \"2.4\";\n sOptions = \"1996 by A.Cadach\";\n bDetected = true;\n } else if (MSDOS.compareEP(\"501e0e1ffc160733f633ffb9....f3a506b8....50cb\")) {\n sVersion = \"3.0\";\n sOptions = \"1996 by A.Cadach\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/MSDOS/packer_UPX.2.sg", "content": "// Detect It Easy: detection rule file\r\n// Author: horsicq \r\n\r\nmeta(\"packer\", \"UPX\");\r\n\r\nfunction getUPXVersion(nSize) {\r\n var sResult = \"\",\r\n nOffset = MSDOS.findString(0, nSize, \"$Id: UPX\");\r\n\r\n if (nOffset !== -1) {\r\n sResult = MSDOS.getString(nOffset + 9, 4);\r\n }\r\n\r\n return sResult;\r\n}\r\n\r\nfunction detect() {\r\n sVersion = getUPXVersion(Math.min(8192, MSDOS.getSize()));\r\n if (sVersion) {\r\n bDetected = true;\r\n } else {\r\n if (MSDOS.compareEP(\"..............fcb430cd213c03\")) {\r\n sVersion = \"3.X\";\r\n bDetected = true;\r\n } else if (MSDOS.compareEP(\"B9....BE....89F71EA9....8CC805....8ED805....8EC0FDF3A5FC2E........73..92AFAD0E0E\")) {\r\n sVersion = \"0.82\";\r\n bDetected = true;\r\n } else if (MSDOS.compareEP(\"8CCBB9....BE....89F71EA9....8D......8ED805....8EC0FDF3A5FC\")) {\r\n sVersion = \"0.20-0.60\";\r\n bDetected = true;\r\n } else if (MSDOS.isSignaturePresent(0, Math.min(128, MSDOS.getSize()), \"'UPX!'\")) {\r\n bDetected = true;\r\n } else if (MSDOS.compareEP(\"f99cb9....be....89f71ea9....8cc805....8ed805....8ec0fdf3a5fc2e........73..92afad0e0e\")) {\r\n sVersion = \"?.??\";\r\n bDetected = true;\r\n } else if (MSDOS.compareEP(\"8ccb8dbf....57b9....ba....be....89f71e1ea9....8d87....8daf....8ed88ec5fdf3a5fc\")) {\r\n sVersion = \"0.05\";\r\n bDetected = true;\r\n }\r\n\r\n if (bDetected) {\r\n // Correct version for large files.\r\n sUPXVersion = getUPXVersion(MSDOS.getSize());\r\n if (sUPXVersion) {\r\n sVersion = sUPXVersion;\r\n }\r\n }\r\n }\r\n\r\n return result();\r\n}\r\n" }, { "path": "db/MSDOS/packer_WWPACK.2.sg", "content": "// Detect It Easy: detection rule file\r\n// Author: horsicq \r\n\r\nmeta(\"packer\", \"WWPACK\");\r\n\r\nfunction detect() {\r\n if (MSDOS.compare(\"'WWP'\", 0x1c)) {\r\n if (MSDOS.compareEP(\"B8....8CCA03D08CC981C1....51\")) {\r\n if (MSDOS.compareEP(\"6A..06068CD383....536A..FC\", 14)) {\r\n sVersion = \"3.00\";\r\n sOptions = \"Extractable\";\r\n } else if (MSDOS.compareEP(\"33C9B1..510606BB....538CD3\", 14)) {\r\n sVersion = \"3.02\";\r\n sOptions = \"Extractable\";\r\n } else if (MSDOS.compareEP(\"BB....53\", 20)) {\r\n sVersion = \"3.03\";\r\n } else if (MSDOS.compareEP(\"B1..518CD3\", 20)) {\r\n sVersion = \"3.05c4\";\r\n sOptions = \"Modified\";\r\n }\r\n } else if (MSDOS.compareEP(\"BE....BA....BF....B9....8CCD8EDD81ED....06068BDD2BDA8BD3FC\")) {\r\n sVersion = \"3.00\";\r\n sOptions = \"Relocations pack\";\r\n } else if (MSDOS.compareEP(\"BE....BF....B9....8CCD81ED....8BDD81EB....8BD3FCFA1E8EDB011533C02EAC\")) {\r\n sVersion = \"3.02\";\r\n sOptions = \"Relocations pack\";\r\n } else if (MSDOS.compareEP(\"0305....B8....8CCA03D08CC981C1....51B9....510606B1..518CD3\")) {\r\n sVersion = \"3.05c4\";\r\n if (MSDOS.compareEP(\"1A\", 3)) {\r\n sOptions = \"Extractable\";\r\n } else if (MSDOS.compareEP(\"1B\", 3)) {\r\n sOptions = \"Unextractable\";\r\n }\r\n if (MSDOS.compareEP(\"C0\", 2)) {\r\n sOptions = sOptions.append(\"Password check\", \"Virus shield\");\r\n } else if (MSDOS.compareEP(\"80\", 2)) {\r\n sOptions = sOptions.append(\"Password check\");\r\n } else if (MSDOS.compareEP(\"40\", 2)) {\r\n sOptions = sOptions.append(\"Virus shield\");\r\n }\r\n }\r\n bDetected = true;\r\n } else if (MSDOS.compareEP(\"BE....BF....B9....8CCD81ED....8BDD81EB....8BD3FCFA\")) {\r\n sVersion = \"3.04/3.05\";\r\n sOptions = \"Relocations pack\";\r\n bDetected = true;\r\n } else if (MSDOS.compareEP(\"b8....8cca03d08cc981c1....51b9....510606b1..518cd383eb..53b1\")) {\r\n sVersion = \"3.05beta P\";\r\n bDetected = true;\r\n } else if (MSDOS.compareEP(\"b8....8cca03d08cc981c1....51b9....510606fc8cd5b1..51b1..8cd3\")) {\r\n sVersion = \"3.0x P\";\r\n bDetected = true;\r\n } else if (MSDOS.compareEP(\"b8....8cca03d08cc981c1....51b9....510606b1..51fc8cd5b1..8cd3\")) {\r\n sVersion = \"3.0x P\";\r\n bDetected = true;\r\n } else if (MSDOS.compareEP(\"b8....8cca03d08cc981c1....51b9....510606bb....538cd383eb..53b1\")) {\r\n sVersion = \"3.03 PU\";\r\n bDetected = true;\r\n } else if (MSDOS.compareEP(\"b8....8cca03d08cc981c1....5133c9b1..510606bb....538cd383eb..53b1\")) {\r\n sVersion = \"3.02, 3.02a P\";\r\n bDetected = true;\r\n } else if (MSDOS.compareEP(\"b8....8cca03d0fc8cd58cc981c1....51b9....510606b1..51b1..8cd383eb..53514d\")) {\r\n sVersion = \"3.04 PR\";\r\n sOptions = \"Relocations pack\";\r\n bDetected = true;\r\n } else if (MSDOS.compareEP(\"fa1e8ed8b8....cd218ed98bd3b8....cd211fe800005a83c2..87d4ffe4\")) {\r\n sVersion = \"3.05 PU\";\r\n bDetected = true;\r\n } else if (MSDOS.compareEP(\"b8....8cca03d08cc981c1....516a..06068cd383eb..536a..fc8cd5be....33ff\")) {\r\n sVersion = \"3.0 P\";\r\n bDetected = true;\r\n } else if (MSDOS.compareEP(\"be....ba....bf....b9....8ccd8edd81ed....06068bdd2bda8bd3fc8ec3\")) {\r\n sVersion = \"3.0\";\r\n sOptions = \"Relocations pack\";\r\n bDetected = true;\r\n } else if (MSDOS.compareEP(\"ba....faf9............72..0633c98ec1bf....ab8bc6ab07e8....5a\")) {\r\n sVersion = \"3.03 PU\";\r\n sOptions = \"Relocations pack modified\";\r\n bDetected = true;\r\n } else if (MSDOS.compareEP(\"faba....f8bb....b9....73..0633c98ec1bf....ab8bc6ab07e8....5a\")) {\r\n sVersion = \"3.03 PU\";\r\n sOptions = \"Relocations pack\";\r\n bDetected = true;\r\n } else if (MSDOS.compareEP(\"b8....8cca03d08ccd81c5....55b9....510606b1..518cd383eb..53b1..51fc8cd5be....33ff\")) {\r\n sVersion = \"3.05c PU\";\r\n bDetected = true;\r\n }\r\n\r\n return result();\r\n}\r\n" }, { "path": "db/MSDOS/packer_XPACK.2.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"packer\", \"XPACK\");\n\nfunction detect() {\n if (MSDOS.compareEP(\"8becfa33c08ed0bc....2e8f06....2e8f06....eb$$0ebb....535feb$$178be5fb48d1e8eb\")) {\n sVersion = \"1.52\";\n bDetected = true;\n }\n if (MSDOS.compareEP(\"e90000e9$$$$2ec706........8beceb$$2ec606......eb009a\")) {\n sVersion = \"1.0j\";\n bDetected = true;\n }\n if (MSDOS.compareEP(\"b8....15....8beceb$$b8....ffe0\")) {\n sVersion = \"1.65, 1.66\";\n bDetected = true;\n }\n if (MSDOS.compareEP(\"b8....15....813e........e8$$$$e8$$$$eb$$1e0e1f8beceb\")) {\n sVersion = \"1.67.l\";\n bDetected = true;\n }\n if (MSDOS.compareEP(\"b8....15....eb$$b8....ffe0\")) {\n sVersion = \"1.67j\";\n bDetected = true;\n }\n if (MSDOS.compareEP(\"8beceb$$b8....ffe0\")) {\n sVersion = \"1.65b2\";\n bDetected = true;\n }\n if (MSDOS.compareEP(\"e9$$$$8beceb$$b8....ffe0\")) {\n sVersion = \"1.44\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/MSDOS/packer_ZIPSCRUB.2.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"packer\", \"ZIPSCRUB relocations compressor\");\n\nfunction detect() {\n if (MSDOS.compareEP(\"8cc88ed88cc381c3....891e....8bc30306....8ec08b0e....8bf14e8bfefdf3a450b8....50cb\")) {\n bDetected = true;\n } else if (MSDOS.compareEP(\"8cc88ed88cc381c3....8bc30306....8ec08b0e....8bf14e8bfefdf3a450b8....50cb\")) {\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/MSDOS/packer_aPACK.2.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"packer\", \"aPACK\");\n\nfunction detect() {\n if (MSDOS.compareEP(\"1E068CCBBA....03DAFC33F633FF4B8EDB8D......8EC0B9....F3A54A75..8EC38ED833FFBE....05....0E50\")) {\n sVersion = \"0.90-0.99,XE_1.3-1.4\";\n bDetected = true;\n } else if (MSDOS.compareEP(\"1E068CCBBA....03DA8D87....FC33F633FF484B8EC08EDBB9....F3A54A75..8EC38ED833FFBE....05....0E50\")) {\n sVersion = \"0.82\";\n bDetected = true;\n } else if (MSDOS.compareEP(\"8cc88ed805....8ec050be....33fffcb2..bd....33c950a4ffd5\")) {\n sVersion = \"0.94\";\n sOptions = \"-m -d\";\n bDetected = true;\n } else if (MSDOS.compareEP(\"8cc880c4..8ec0fcb9....be....8bfe57f3a55fbe....06ba....521e078ed8cb\")) {\n sVersion = \"0.82-0.94\";\n sOptions = \"converted to exe\";\n bDetected = true;\n } else if (MSDOS.compareEP(\"1e060e1f0e07be....bf....8bcffc57f3a4c3\")) {\n sVersion = \"0.98, 0.99\";\n sOptions = \"-t\";\n bDetected = true;\n } else if (MSDOS.compareEP(\"1e068cc88ed805....8ec050be....33fffcb6..bd....ffd5\")) {\n sVersion = \"0.69-0.74\";\n sOptions = \"-t\";\n bDetected = true;\n } else if (MSDOS.compareEP(\"be....bf....8bcffc57f3a4c3\")) {\n sVersion = \"0.98-0.99 small\";\n bDetected = true;\n } else if (MSDOS.compareEP(\"1e068cc88ed805....8ec050be....33fffcb6..bd....8bde83e6..c1eb..8cd803c38ed8\")) {\n sVersion = \"0.73-0.74 big\";\n bDetected = true;\n } else if (MSDOS.compareEP(\"0e1f0e07be....bf....8bcffc57f3a4c3\")) {\n sVersion = \"0.98\";\n bDetected = true;\n } else if (MSDOS.compareEP(\"1e068cc88ed805....8ec050be....33fffcb2..bd....33c950a4\")) {\n sVersion = \"0.96\";\n sOptions = \"-m\";\n bDetected = true;\n } else if (MSDOS.compareEP(\"1e06ba....8ccb03dafc33f633ff4b8edb8d87....8ec0b9....f3a54a75..8ec38ed833ffbe....05....0e506a..cb\")) {\n sVersion = \"0.90-0.99\";\n bDetected = true;\n } else if (MSDOS.compareEP(\"8cc88ed805....8ec050be....33fffcb6..bd....ffd5\")) {\n sVersion = \"0.73-0.82\";\n sOptions = \"-d\";\n bDetected = true;\n } else if (MSDOS.compareEP(\"1e068cc88ed805....8ec0be....33fffcb6..bd....ffd5\")) {\n sVersion = \"0.58\";\n sOptions = \"type 2\";\n bDetected = true;\n } else if (MSDOS.compareEP(\"1e068cc88ed805....8ec050be....33fffc8cc82e0106....b2..bd....33c9\")) {\n sVersion = \"0.98, 0.99\";\n sOptions = \"-m -h\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/MSDOS/patcher_Patchers.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"patcher\", \"Patcher\");\n\nfunction detect() {\n if (MSDOS.compareEP(\"b409ba....cd21ba....cd21b8....ba....cd2173..b409ba....cd21ba....cd21cd20a3....b409ba....cd21\")) {\n sName = \"CrAcKeR\";\n sVersion = \"0.2a\";\n sOptions = \"by Deu$\";\n bDetected = true;\n } else if (MSDOS.compareEP(\"b409ba....eb$$cd21b409ba....eb$$cd21b409ba....eb$$cd21b409ba....eb\")) {\n sOptions = \"by Mr. KIM\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/MSDOS/protector_$pirit.2.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"protector\", \"$pirit\");\n\nfunction detect() {\n if (MSDOS.compareEP(\"E8....F9E8....B4..CD212D....13F2E8....2A01F5E9\")) {\n sVersion = \"1.5\";\n bDetected = true;\n } else if (MSDOS.compareEP(\"ACB4..CD2106B4..CD21079FE8....FC90\")) {\n sVersion = \"1.5\";\n bDetected = true;\n } else if (MSDOS.compareEP(\"123fe8$$$$e4..900c..36e6..ba....f9525289d126b8....36b5..3ecd16fd5a\")) {\n sVersion = \"1.5\";\n bDetected = true;\n } else if (MSDOS.compareEP(\"ac03d9e8$$$$e4..fb0c..fbe6..90ba....5252fd89d1b8....30ed2ecd16905a87d190b8....fb86cdf530ed3ecd16f95ac3\")) {\n sOptions = \"$UPD 2.1 1996 by Night $pirit\";\n bDetected = true;\n } else if (MSDOS.compareEP(\"1c..3a1fe8....f5e8....fde8....04..9035....f8f6dff9d0d5fdfbfcc3\")) {\n bDetected = true;\n } else if (MSDOS.compareEP(\"e8$$$$e4210c1ae6212eb9....2e51f85189c9f8b8....b5..2ecd163659fdfd87c986cd3eb5..2eb8....f9cd1659c3\")) {\n bDetected = true;\n } else if (MSDOS.compareEP(\"e8$$$$ba....f8ec0c..36eef5b8....50f950269089c128edf9b8....cd165887c1b8....f886e93e30ed36cd1658fdc3\")) {\n sVersion = \"1.5\";\n bDetected = true;\n } else if (MSDOS.compareEP(\"e8$$$$ba....fbec0c..eeb9....51512efd89c9fdb8....b5..3ecd165987c9b8....86e9b5..f8cd1659f9c3\")) {\n sVersion = \"1.5\";\n bDetected = true;\n } else if (MSDOS.compareEP(\"e8$$$$e4212e0c..e6212eb9....5151fd89c93eb5..fcb8....fbcd162e5987c926b8....fd\")) {\n sVersion = \"1.5\";\n bDetected = true;\n } else if (MSDOS.compareEP(\"e8$$$$26e421f80c..e621f98d1e....53365389d93e30edb8....cd165b\")) {\n sVersion = \"1.5\";\n bDetected = true;\n } else if (MSDOS.compareEP(\"91221db4..cd21d2d1e9$$$$b4..cd21a6e8\")) {\n sVersion = \"1.5\";\n bDetected = true;\n } else if (MSDOS.compareEP(\"b4..cd21b4..cd21e8$$$$ba....ec900c..26ee8d0e....51fd51\")) {\n sVersion = \"1.5\";\n bDetected = true;\n } else if (MSDOS.compareEP(\"95e8$$$$fbba....3eecfc0c..3eeefb8d0e....51512687c9b8....28ed26cd162e59fdfb87c9b8....fd88e9f8b5..cd1626592ec3\")) {\n sVersion = \"1.5\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/MSDOS/protector_ABKprot.2.sg", "content": "// Detect It Easy: detection rule file\r\n// Author: horsicq \r\n\r\nmeta(\"protector\", \"ABKprot\");\r\n\r\nfunction detect() {\r\n if (MSDOS.compareEP(\"B430CD2186E03D....73..9C8CC0065B595153BA....87F256CF0E1F0E07\")) {\r\n sVersion = \"1.0\";\r\n bDetected = true;\r\n }\r\n\r\n return result();\r\n}\r\n" }, { "path": "db/MSDOS/protector_AEP.2.sg", "content": "// Detect It Easy: detection rule file\r\n// Author: horsicq \r\n\r\nmeta(\"protector\", \"AEP\");\r\n\r\nfunction detect() {\r\n if (MSDOS.compareEP(\"E8$$$$E4212EA3....33C08BD85DB9....50B8....E6210FA9E6..538BDFE42123D84B0FA14B66\")) {\r\n sVersion = \"1.00\";\r\n bDetected = true;\r\n }\r\n\r\n return result();\r\n}\r\n" }, { "path": "db/MSDOS/protector_ALEC.2.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"protector\", \"ALEC\");\n\nfunction detect() {\n if (MSDOS.compareEP(\"c1ed..1346..2e391cb9....f981c1....bb....81c3....2ec007..431346..4975..8e0000d518de3701e2c8......330ce8\")) {\n sVersion = \"1.3\";\n sOptions = \"1996 by rANDOM //UCF\";\n bDetected = true;\n } else if (MSDOS.compareEP(\"b9....81c1....bb....81c3....71..908a24402e802f..4372..90\")) {\n sVersion = \"1.3\";\n sOptions = \"1996 by rANDOM //UCF\";\n bDetected = true;\n } else if (MSDOS.compareEP(\"b9....81c1....84221a24bf....81c7....2e3856..408422\")) {\n sVersion = \"1.6\";\n sOptions = \"1996 by rANDOM //UCF\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/MSDOS/protector_ANTI-TRACE.2.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"protector\", \"ANTI-TRACE\");\n\nfunction detect() {\n if (MSDOS.compareEP(\"2ec606......eb$$e9$$$$8cd805....50b8....5033c0cb\")) {\n sVersion = \"1.0\";\n sOptions = \"by Oren Maurice\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/MSDOS/protector_AVAST_CRC-Check.2.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"protector\", \"AVAST CRC-CHECK\");\n\nfunction detect() {\n if (MSDOS.compareEP(\"eb$$8cc82e0306....502eff36....CB\")) {\n sVersion = \"7.70\";\n sOptions = \"1999\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/MSDOS/protector_Aluwain.2.sg", "content": "// Detect It Easy: detection rule file\r\n// Author: horsicq \r\n\r\nmeta(\"protector\", \"Aluwain\");\r\n\r\nfunction detect() {\r\n if (MSDOS.compareEP(\"8BEC1EE8....9D5E\")) {\r\n sVersion = \"8.09\";\r\n bDetected = true;\r\n }\r\n\r\n return result();\r\n}\r\n" }, { "path": "db/MSDOS/protector_Anti-LAME.2.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"protector\", \"Anti-LAME\");\n\nfunction detect() {\n if (MSDOS.compareEP(\"060e07bb....31c09090b9....268a0730e0268807fec443e2..078cc005....05....50b8....50b8....50c3\")) {\n sOptions = \"by [ptPower\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/MSDOS/protector_Antilame.2.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"protector\", \"Antilame\");\n\nfunction detect() {\n if (MSDOS.compareEP(\"fd2ad01e03fa33fe81d7....2efe06....12d30e0e0780f6..1f85fe33ff1216....b2..81d2....84e2ba....d1c232f7\")) {\n sVersion = \"1.0b\";\n sOptions = \"by Phantomlord\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/MSDOS/protector_Bitlok.2.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"protector\", \"BITLOK\");\n\nfunction detect() {\n if (MSDOS.compareEP(\"eb$$b430cd213c..72..2e8c1e....8cdb83c3..2e011e....0e1feb$$33c0eb$$bf....eb$$b9....eb$$51eb$$2bcf\")) {\n sVersion = \"3.1\";\n sOptions = \"by Yellow Rose Software Workgroup\";\n bDetected = true;\n } else if (MSDOS.compareEP(\"fa8ccc8ed4bc....9c51525657550e1f2e8c06....2ec606......0e07be....b9....b0..e3\")) {\n sName = \"BITLOK-7NT\";\n sVersion = \"11/13/93-04/22/95\";\n sOptions = \"by Mr. Lei (Yellow Rose Co.)\";\n bDetected = true;\n } else if (MSDOS.compareEP(\"fa8ccc8ed4bc....9c51525657550e1f2e8c06....0e07be....b9....b0..e3\")) {\n sName = \"BITLOK-7NT\";\n sVersion = \"05/21/93\";\n sOptions = \"by Mr. Lei (Yellow Rose Co.)\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/MSDOS/protector_Bunny.2.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"protector\", \"Bunny\");\n\nfunction detect() {\n if (MSDOS.compareEP(\"fae9$$$$8cc02ea3....8cd82ea3....8cd02ea3....8bc42ea3....8cc88ed88ec08ed0bc....e8\")) {\n sVersion = \"4.1\";\n sOptions = \"1993 by M.Bunjes\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/MSDOS/protector_CC.2.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"protector\", \"CC\");\n\nfunction detect() {\n if (MSDOS.compareEP(\"b8....ba....3be073..b409ba....cd21b8....cd218bdc81eb....83e3..fcbe....8bfbb9....f3a48bc3b1..d3e88cc903c15033c050cb\")) {\n sVersion = \"1.0\";\n sOptions = \"1991 by B.Vorontsov\";\n bDetected = true;\n } else if (MSDOS.compareEP(\"ba....b430cd213c..73..33c00650cbb9....b8....eb$$05....fc80c4..eb\")) {\n sVersion = \"2.61 Beta\";\n sOptions = \"by UniHackers\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/MSDOS/protector_CEPexe.2.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"protector\", \"CEPexe\");\n\nfunction detect() {\n if (MSDOS.compareEP(\"8cdd0e070e1fbf....be....b9....fcf3a41f5f8f..8f....8f....8c....8f....8f....595f5e8cc88ec08ed8ea\")) {\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/MSDOS/protector_CERBERUS.2.sg", "content": "// Detect It Easy: detection rule file\r\n// Author: horsicq \r\n\r\nmeta(\"protector\", \"CERBERUS\");\r\n\r\nfunction detect() {\r\n if (MSDOS.compareEP(\"9C2BED8C....8C....FAE4..88....1607BF....8EDD9BF5B9....FCF3A5\")) {\r\n sVersion = \"2.0\";\r\n bDetected = true;\r\n }\r\n\r\n return result();\r\n}\r\n" }, { "path": "db/MSDOS/protector_COMCRYPT.2.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"protector\", \"COMCRYPT\");\n\nfunction detect() {\n if (MSDOS.compareEP(\"e9$$$$b9....be....89f70e1f0e07bb....fcad31d8abe2\")) {\n bDetected = true;\n } else if (MSDOS.compareEP(\"e9$$$$eb$$5053575152061e572e8b36....81c6....8a5c..2e881e....8a5c\")) {\n sVersion = \"1.0b\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/MSDOS/protector_COMPROTECT.2.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"protector\", \"COMPROTECT\");\n\nfunction detect() {\n if (MSDOS.compareEP(\"b8....15....72..8ac4bb....50515253555657061e50b8....58eb\")) {\n sVersion = \"2.10\";\n sOptions = \"1988-95 by Ralph Roth (converted to exe)\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/MSDOS/protector_CONVOY.2.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"protector\", \"CONVOY++\");\n\nfunction detect() {\n if (MSDOS.compareEP(\"e9$$$$2e8c06....2ea3....b8....cd2f3c..75..b8....ba....0e1fcd21b8....cd21\")) {\n sOptions = \"1993 by ELIAS Copy-Protection System\";\n bDetected = true;\n } else if (MSDOS.compareEP(\"e9$$$$2e8c06....2ea3....e8$$$$5056571e062e8b3e....2e8106........2e893e....0e0733c08ed833f6b9\")) {\n sVersion = \"3.2\";\n sOptions = \"1993 by ELIAS Copy-Protection System\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/MSDOS/protector_CRYPTEXE.2.sg", "content": "// Detect It Easy: detection rule file\r\n// Author: horsicq \r\n\r\nmeta(\"protector\", \"CRYPTEXE\");\r\n\r\nfunction detect() {\r\n if (MSDOS.compareEP(\"EB..8BDCEB..EA........01EA83FC..74..EB\")) {\r\n sVersion = \"1.04\";\r\n bDetected = true;\r\n } else if (MSDOS.compareEP(\"eb$$8bdceb$$bc....eb$$83fc..74..eb$$cd20eb$$8be3\")) {\r\n sVersion = \"1.04\";\r\n bDetected = true;\r\n } else if (MSDOS.compareEP(\"2e8c1e....eb$$fa50b8....58eb$$eb$$8bdceb$$bc....eb$$83fc..eb$$74..fa\")) {\r\n sVersion = \"1.01b\";\r\n sOptions = \"1996 by DoP\";\r\n bDetected = true;\r\n }\r\n\r\n return result();\r\n}\r\n" }, { "path": "db/MSDOS/protector_China Locker.2.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"protector\", \"China Locker\");\n\nfunction detect() {\n if (MSDOS.compareEP(\"e9$$$$fc2e891e....2e890e....2e8916....2e8936....2e893e....2e8c16....2e8926....2e8c1e....90909090\")) {\n sVersion = \"1995.02.02\";\n sOptions = \"by China Locker Software\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/MSDOS/protector_Ciphator.2.sg", "content": "// Detect It Easy: detection rule file\r\n// Author: horsicq \r\n\r\nmeta(\"protector\", \"Ciphator\");\r\n\r\nfunction detect() {\r\n if (MSDOS.compareEP(\"9393E8$$$$586A..0E68....CF\")) {\r\n sVersion = \"4.6\";\r\n bDetected = true;\r\n }\r\n\r\n return result();\r\n}\r\n" }, { "path": "db/MSDOS/protector_Codesafe.2.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"protector\", \"Codesafe\");\n\nfunction detect() {\n if (MSDOS.compareEP(\"e9$$$$5033c08ec02ef606......74..26ff36....061e07e8....07268f06....fb2e8c1e....26ff36....268f06\")) {\n sOptions = \"by EliaShim Ltd\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/MSDOS/protector_ComProtector.2.sg", "content": "// Detect It Easy: detection rule file\r\n// Author: horsicq \r\n\r\nmeta(\"protector\", \"ComProtector\");\r\n\r\nfunction detect() {\r\n if (MSDOS.compareEP(\"E9....E8....5E8BEE81......8D......B9....F61446E2..4B\")) {\r\n sVersion = \"1.0b\";\r\n bDetected = true;\r\n } else if (MSDOS.compareEP(\"E9....B9....BB....BF....2E....34..FEC8C0....2E....2E....2E....4743E2\")) {\r\n sVersion = \"1.0\";\r\n bDetected = true;\r\n }\r\n\r\n return result();\r\n}\r\n" }, { "path": "db/MSDOS/protector_ComprEXE.2.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"protector\", \"ComprEXE\");\n\nfunction detect() {\n if (MSDOS.compareEP(\"fc1e068cdd83c5..89e8ba....8b1e....29d3538ed88ec331f631ffb9....f3a540434a75..b8....50cb\")) {\n sVersion = \"1.0\";\n sOptions = \"by Tom Torfs\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/MSDOS/protector_Copy_Protector.2.sg", "content": "// Detect It Easy: detection rule file\r\n// Author: horsicq \r\n\r\nmeta(\"protector\", \"Copy Protector\");\r\n\r\nfunction detect() {\r\n if (MSDOS.compareEP(\"2EA2....5351521E06B4..1E0E1FBA....CD211F\")) {\r\n sVersion = \"2.0\";\r\n bDetected = true;\r\n } else if (MSDOS.compareEP(\"E9....505351521E0657E8....5F83EF..B4..1E0E1F\")) {\r\n sVersion = \"2.0\";\r\n bDetected = true;\r\n }\r\n\r\n return result();\r\n}\r\n" }, { "path": "db/MSDOS/protector_Copylock_PC.2.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"protector\", \"Copylock PC\");\n\nfunction detect() {\n if (MSDOS.compareEP(\"0e1fb9....bf....8135....83c7..e2\")) {\n sOptions = \"1990 by Rob Northen Computing\";\n bDetected = true;\n } else if (MSDOS.compareEP(\"0e1f8c1e....8c06....1e07bf....33f6\")) {\n sOptions = \"1990 by Rob Northen Computing\";\n bDetected = true;\n } else if (MSDOS.compareEP(\"0e1fb9....bf........83c7..e2\")) {\n sOptions = \"1990 by Rob Northen Computing\";\n bDetected = true;\n } else if (MSDOS.compareEP(\"0e1fb9....bf............83c7..e2\")) {\n sOptions = \"1990 by Rob Northen Computing\";\n bDetected = true;\n } else if (MSDOS.compareEP(\"0e1f8cc0a3....90909090909090909090a1\")) {\n sOptions = \"1990 by Rob Northen Computing\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/MSDOS/protector_CrAcKeR.2.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"protector\", \"CrAcKeR\");\n\nfunction detect() {\n if (MSDOS.compareEP(\"eb$$be....8bfe5633c0be....ac02e081fe....72..5eac34..aa81fe....72\")) {\n sVersion = \"0.2a\";\n sOptions = \"by Deu$\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/MSDOS/protector_CrackStop.2.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"protector\", \"CrackStop\");\n\nfunction detect() {\n if (MSDOS.compareEP(\"B4..BB....B9....8BECCD21FAFC03....05....FFE0\")) {\n sVersion = \"1.X\";\n bDetected = true;\n } else if (MSDOS.compareEP(\"bd....be....ffe6\")) {\n sVersion = \"1.0b\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/MSDOS/protector_Cruncher.2.sg", "content": "// Detect It Easy: detection rule file\r\n// Author: horsicq \r\n\r\nmeta(\"protector\", \"Cruncher\");\r\n\r\nfunction detect() {\r\n if (MSDOS.compareEP(\"2E........2E......B430CD213C0373..BB....8EDB8D......B409CD210633C050CB\")) {\r\n sVersion = \"1.0\";\r\n bDetected = true;\r\n }\r\n\r\n return result();\r\n}\r\n" }, { "path": "db/MSDOS/protector_CryExe.2.sg", "content": "// Detect It Easy: detection rule file\r\n// Author: horsicq \r\n\r\nmeta(\"protector\", \"CryExe\");\r\n\r\nfunction detect() {\r\n if (MSDOS.compareEP(\"E9$$$$E9$$$$E9$$$$BB....E8$$$$31EDEB$$8EDDEB$$872FE8$$$$E8$$$$55E9$$$$E9$$$$31C0EB$$EB$$E8\")) {\r\n sVersion = \"4.0\";\r\n bDetected = true;\r\n }\r\n\r\n return result();\r\n}\r\n" }, { "path": "db/MSDOS/protector_CryptCom.2.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"protector\", \"CryptCom\");\n\nfunction detect() {\n if (MSDOS.compareEP(\"e9$$$$be....56b9....c704....c644....8134....4646e2..31f631c9c3\")) {\n sVersion = \"2.0\";\n sOptions = \"by Nowhere Man\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/MSDOS/protector_CrypteXeC.2.sg", "content": "// Detect It Easy: detection rule file\r\n// Author: horsicq \r\n\r\nmeta(\"protector\", \"CrypteXeC\");\r\n\r\nfunction detect() {\r\n if (MSDOS.compareEP(\"FD25....E8....3EBA....EC0C..26EE..B9....5151..87C9\")) {\r\n sVersion = \"1.01\";\r\n bDetected = true;\r\n } else if (MSDOS.compareEP(\"06b4..cd2107e8....acac3ee8....d7e9\")) {\r\n sVersion = \"1.01\";\r\n bDetected = true;\r\n }\r\n\r\n return result();\r\n}\r\n" }, { "path": "db/MSDOS/protector_Crypto-box.2.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"protector\", \"Crypto-box\");\n\nfunction detect() {\n if (MSDOS.compareEP(\"e9$$$$9c50520e538bec2e892e....1e06b8....8bf80e07b8....8ed82e8b1e....8b078bf0\")) {\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/MSDOS/protector_DCREXE.2.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"protector\", \"DCREXE\");\n\nfunction detect() {\n if (MSDOS.compareEP(\"e8$$$$52e8$$$$5a83c2..ffe2\")) {\n sVersion = \"2.0\";\n sOptions = \"by LuCe\"\n bDetected = true;\n } else if (MSDOS.compareEP(\"e8$$$$53e8$$$$5b83c3..ffe3\")) {\n sVersion = \"2.0\";\n sOptions = \"by LuCe\"\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/MSDOS/protector_DMC.2.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"protector\", \"DMC\");\n\nfunction detect() {\n if (MSDOS.compareEP(\"e9$$$$2e8c16....2e8926....2ea3....8cc88ed0bc....2ea1....505351525657551e060e1f8c06....a1\")) {\n sVersion = \"3.5\";\n sOptions = \"by Adlersparre & Associates\"\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/MSDOS/protector_Deeper.2.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"protector\", \"Deeper\");\n\nfunction detect() {\n if (MSDOS.compareEP(\"90e9$$$$e8000059fa8bdc36c747......36837f....75..fb66fafb8be981ed....81e9....be....8dbe....668b05668904\")) {\n sVersion = \"1.0c\";\n bDetected = true;\n }\n if (MSDOS.compareEP(\"90e9$$$$e80000fa8bdc36c747......36837f....75..fb598be981ed....81e9....be....8dbe....668b05668904\")) {\n sVersion = \"1.0a\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/MSDOS/protector_E-PROT.2.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"protector\", \"E-PROT 386+\");\n\nfunction detect() {\n if (MSDOS.compareEP(\"81f8....be....90bd....2e8076....454e75\")) {\n sVersion = \"1.0.3\";\n sOptions = \"2000 by MasterBall Systems, Inc.\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/MSDOS/protector_EEXE.2.sg", "content": "// Detect It Easy: detection rule file\r\n// Author: horsicq \r\n\r\nmeta(\"protector\", \"EEXE\");\r\n\r\nfunction detect() {\r\n if (MSDOS.compareEP(\"B430CD213C0373..BA1F000E1FB409CD21B8FF4CCD21\")) {\r\n sVersion = \"1.12\";\r\n sOptions = \"1994 by F.P.Budzyn\"\r\n bDetected = true;\r\n } else if (MSDOS.compareEP(\"b430cd213c..73..0e1fb409ba....cd21b8....cd21\")) {\r\n sOptions = \"1994 by F.P.Budzyn\"\r\n bDetected = true;\r\n } else if (MSDOS.compareEP(\"33c08ed806be....bf....b9....fcf3a5b4..cd21\")) {\r\n sVersion = \"1.11\";\r\n sOptions = \"1994 by F.P.Budzyn\"\r\n bDetected = true;\r\n }\r\n\r\n return result();\r\n}\r\n" }, { "path": "db/MSDOS/protector_EPW.2.sg", "content": "// Detect It Easy: detection rule file\r\n// Author: horsicq \r\n\r\nmeta(\"protector\", \"EPW\");\r\n\r\nfunction detect() {\r\n if (MSDOS.compareEP(\"06571e5655525153502e8c......8cc005....2ea3....8ed8a1\")) {\r\n sVersion = \"1.2\";\r\n bDetected = true;\r\n } else if (MSDOS.compareEP(\"06571E5655525153502E8C0608008CC083\")) {\r\n sVersion = \"1.30\";\r\n bDetected = true;\r\n } else if (MSDOS.compareEP(\"e9$$$$06571e565552515350bb....81c3....2e8b078ccb03c305....50b8....50cb\")) {\r\n sVersion = \"1.20\";\r\n bDetected = true;\r\n }\r\n\r\n return result();\r\n}\r\n" }, { "path": "db/MSDOS/protector_ETS.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"protector\", \"ETS (ENCRYPT THE SHiT)\");\n\nfunction detect() {\n if (MSDOS.compareEP(\"60061eeb$$bf....8cc82e8985....2e8b8d....8ec02e8bbd....e8\")) {\n sVersion = \"1.0\";\n sOptions = \"by Da BLoB / MAFiA\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/MSDOS/protector_EXE-Crypt.2.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"protector\", \"EXE-Crypt\");\n\nfunction detect() {\n if (MSDOS.compareEP(\"90eb$$2e8c......2e89......8cc88ed0bc....1e060e1f8cc005....8ec01ee8....1f8cc3be....2e8b......83....74\")) {\n sVersion = \"1.00\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/MSDOS/protector_EXE-Protect.2.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"protector\", \"EXE-Protect\");\n\nfunction detect() {\n if (MSDOS.compareEP(\"e800005d81ed....1e06..1fb4..8db6....b9....8a1446cd21909090\")) {\n sOptions = \"by Phrozen Crew\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/MSDOS/protector_EXEGUARD.2.sg", "content": "// Detect It Easy: detection rule file\r\n// Author: horsicq \r\n\r\nmeta(\"protector\", \"EXEGUARD\");\r\n\r\nfunction detect() {\r\n if (MSDOS.compareEP(\"BA....BF....EB$$E8$$$$53BB....EB$$EB$$5B0E075051535653BB....EB\")) {\r\n sVersion = \"1.3\";\r\n bDetected = true;\r\n }\r\n\r\n return result();\r\n}\r\n" }, { "path": "db/MSDOS/protector_EXEHigh.2.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"protector\", \"EXEHigh\");\n\nfunction detect() {\n if (MSDOS.compareEP(\"8cca8b2e....8eda8c06....8cda2bea8b3e....81ff....73..bf....893e....81c7....033e....b1..d3ef47d3e7fa\")) {\n sVersion = \"1.01\";\n sOptions = \"by NoddegamrA\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/MSDOS/protector_EXETools.2.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"protector\", \"EXETools\");\n\nfunction detect() {\n if (MSDOS.compareEP(\"e800005d83ed..1e8cda83c2..8eda8ec2bb....ba....85d274..b4..33ff33f6b9....ac32c4c0c4\")) {\n sVersion = \"2.1 /E\";\n bDetected = true;\n } else if (MSDOS.compareEP(\"68....68....68....be....bf....57b9....f3a4c3\")) {\n sVersion = \"2.1 /E\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/MSDOS/protector_Encriptor.2.sg", "content": "// Detect It Easy: detection rule file\r\n// Author: horsicq \r\n\r\nmeta(\"protector\", \"Encriptor\");\r\n\r\nfunction detect() {\r\n if (MSDOS.compareEP(\"EB..B9....BE....BF....ACD0C8AAE2..BE....BF....ACAA\")) {\r\n sVersion = \"1.00c\";\r\n bDetected = true;\r\n }\r\n\r\n return result();\r\n}\r\n" }, { "path": "db/MSDOS/protector_Enkryptonator.2.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"protector\", \"Enkryptonator\");\n\nfunction detect() {\n if (MSDOS.compareEP(\"1e1eb430cd21b4..3c..73..cd21be....e8....e8....e8....1f07e9\")) {\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/MSDOS/protector_ExeCode.2.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"protector\", \"ExeCode\");\n\nfunction detect() {\n if (MSDOS.compareEP(\"E9$$$$FA8CC302DF5033C02E8C16....2E8926....8ED0BC....BE....B9....33FF2EC706........32DBB0..E664AC\")) {\n sVersion = \"1.0\";\n sOptions = \"1995 by Balazs Scheidler\";\n bDetected = true;\n } else if (MSDOS.compareEP(\"E9$$$$8be8ba....b409cd212ea1....8cc303c3b1..2e8b1e....f7c3....74..83c3..d3eb2e891e....be....bf....b9....f3a5\")) {\n sVersion = \"1.0 unregistered\";\n sOptions = \"1995 by Balazs Scheidler\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/MSDOS/protector_ExeLock.2.sg", "content": "// Detect It Easy: detection rule file\r\n// Author: horsicq \r\n\r\nmeta(\"protector\", \"EXELock666\");\r\n\r\nfunction detect() {\r\n if (MSDOS.compareEP(\"068CC88EC0BE....26....34..26....4681......75..40B3..B3..F3\")) {\r\n sVersion = \"1.0\";\r\n bDetected = true;\r\n } else if (MSDOS.compareEP(\"ba....bf....eb$$e8$$$$53bb....eb$$eb$$5beb$$0633c08ec0b8....26a3....268c0e....075052faba....b0..ee\")) {\r\n sVersion = \"1.0X\";\r\n sOptions = \"by ST!LLS0N\";\r\n bDetected = true;\r\n }\r\n\r\n return result();\r\n}\r\n" }, { "path": "db/MSDOS/protector_FACRYPT.2.sg", "content": "// Detect It Easy: detection rule file\r\n// Author: horsicq \r\n\r\nmeta(\"protector\", \"FACRYPT\");\r\n\r\nfunction detect() {\r\n if (MSDOS.compareEP(\"B9....B3..33D2BE....8BFEAC32C3AA494332E403D0E3\")) {\r\n sVersion = \"1.0\";\r\n bDetected = true;\r\n }\r\n\r\n return result();\r\n}\r\n" }, { "path": "db/MSDOS/protector_FSE.2.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"protector\", \"FSE by ZeNiX Yang //pCE'98\");\n\nfunction detect() {\n if (MSDOS.compareEP(\"607d..7a..d1ce89f68bf601fb8bf731f781c7....f8f8\")) {\n sVersion = \"0.6\";\n bDetected = true;\n } else if (MSDOS.compareEP(\"60d1cef533de33c8c7c6....d1cee9$$$$fbf98bd029c131db\")) {\n sVersion = \"0.6+\";\n bDetected = true;\n } else if (MSDOS.compareEP(\"607d..7a..d1ce89f68bf601fb8bf731f781c7....f8e8\")) {\n sVersion = \"0.6+\";\n bDetected = true;\n } else if (MSDOS.compareEP(\"60b3..b7..7e..f5d1c2fb81e9....c7c0....bd....81c5....d1ce33c4fd79..e9\")) {\n sVersion = \"0.5\";\n bDetected = true;\n } else if (MSDOS.compareEP(\"eb$$6025....eb$$eb$$8cc0fa66c1cc..eb$$44bc....eb$$2ea3....66c1cc..e9\")) {\n sVersion = \"0.4+\";\n bDetected = true;\n } else if (MSDOS.compareEP(\"60fff08fc603f6b1..b5..fff18fc2f8e9\")) {\n sVersion = \"0.55\";\n bDetected = true;\n } else if (MSDOS.compareEP(\"60cefd33db81c3....81f3....81c3....fd45eb\")) {\n sVersion = \"0.5c\";\n bDetected = true;\n } else if (MSDOS.compareEP(\"607c..79..81ef....cc7f..8bc82bc103d431db81c3....fb81ea....e9\")) {\n sVersion = \"0.5c02\";\n bDetected = true;\n } else if (MSDOS.compareEP(\"6033f131c731f78bd9be....d1cf31c1c7c3....d1c3fd8bf8fb33c7bf....d1c7\")) {\n sVersion = \"0.5c04\";\n bDetected = true;\n } else if (MSDOS.compareEP(\"60be....c7c5....c7c3....c7c2....81f2....2e319a....33d62e8bba....31ef\")) {\n sVersion = \"0.5s\";\n bDetected = true;\n } else if (MSDOS.compareEP(\"6031fbce29f6c7c7....d1c333dfe8....76..c8......e8\")) {\n sVersion = \"0.6\";\n bDetected = true;\n } else if (MSDOS.compareEP(\"60fdd1c3f533ebc7c3....87d389d79705....7c..e9\")) {\n sVersion = \"0.61+\";\n bDetected = true;\n } else if (MSDOS.compareEP(\"6072..fbe9$$$$03cee9$$$$b9....d1c981f1....8bd9d1cf\")) {\n sVersion = \"0.61+\";\n bDetected = true;\n } else if (MSDOS.compareEP(\"6089f731fffbb8....03e9c7c1....47f9fceb\")) {\n sVersion = \"0.62\";\n bDetected = true;\n } else if (MSDOS.compareEP(\"60be....c7c3....2e3198....81c3....81c6....8bfe01df75..e9\")) {\n sVersion = \"0.62\";\n bDetected = true;\n } else if (MSDOS.compareEP(\"60fff08fc2f9bf....fb31da8bf42bdef5f971..03f0c7c3....87dd\")) {\n sVersion = \"0.63\";\n bDetected = true;\n } else if (MSDOS.compareEP(\"60c7c6....b8....bf....bb....2e81b1........81f6....81c3....81c7....05....75..543e51\")) {\n sVersion = \"0.63\";\n bDetected = true;\n } else if (MSDOS.compareEP(\"60fc81f3....f5be....fde9$$$$2be84a8bd129d9\")) {\n sVersion = \"0.5\";\n bDetected = true;\n } else if (MSDOS.compareEP(\"6033d9c7c1....7c..c7c6....75..76..bd....2bcd31c2\")) {\n sVersion = \"0.5\";\n bDetected = true;\n } else if (MSDOS.compareEP(\"60c7c5....c7c6....bf....31f62e31ab\")) {\n sVersion = \"0.5\";\n bDetected = true;\n } else if (MSDOS.compareEP(\"60c7c7....c7c3....c7c5....2e31ab....2e31bb....81c5\")) {\n sVersion = \"0.5\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/MSDOS/protector_GA-Header.2.sg", "content": "// Detect It Easy: detection rule file\r\n// Author: horsicq \r\n\r\nmeta(\"protector\", \"GA-Header\");\r\n\r\nfunction detect() {\r\n if (MSDOS.compareEP(\"8cd02ea3....2e8926....8cc88ed0bc....061e0e1fbe....b8....8ec0bf....b9\")) {\r\n sVersion = \"1.00\";\r\n bDetected = true;\r\n }\r\n\r\n return result();\r\n}\r\n" }, { "path": "db/MSDOS/protector_GOAT.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"protector\", \"GOAT\");\n\nfunction detect() {\n sOptions = \"1996 by Martin Overton //ChekWARE\";\n if (MSDOS.compareEP(\"5051568bc033c0904149813c....75..83f9..75..0bc033c058595eb8\")) {\n bDetected = true;\n } else if (MSDOS.compareEP(\"515056528bc233d2f7e04149813c....75..3d....73..0bc933d259585e5ab8\")) {\n bDetected = true;\n } else if (MSDOS.compareEP(\"1650525351564a33db74..434b813c....74..81f9....75..0bd2b8....8ed85e585a5b5917b8\")) {\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/MSDOS/protector_HACKSTOP.2.sg", "content": "// Detect It Easy: detection rule file\r\n// Author: horsicq \r\n\r\nmeta(\"protector\", \"HackStop\");\r\n\r\nfunction detect() {\r\n if (MSDOS.compareEP(\"FABD....FFE56A49480C..E4..3F983F\")) {\r\n sVersion = \"1.00\";\r\n bDetected = true;\r\n } else if (MSDOS.compareEP(\"B430CD2186E03D....73..B42FCD21B0..B44CCD2150B8....58EB\")) {\r\n sVersion = \"1.10/1.11\";\r\n bDetected = true;\r\n } else if (MSDOS.compareEP(\"B430CD2186E03D000373..B42FCD21B42ACD21B42CCD21B0FFB44CCD2150B8....58EB\")) {\r\n sVersion = \"1.10p1\";\r\n bDetected = true;\r\n } else if (MSDOS.compareEP(\"B430CD2186E03D....73..B4..CD21B0..B44CCD2153BB....5BEB\")) {\r\n sVersion = \"1.11c\";\r\n bDetected = true;\r\n } else if (MSDOS.compareEP(\"B430CD2186E03D....73..B0..B4..CD2150B8....58EB$$EB$$b8....CD2150B2..B8....CD21\")) {\r\n sVersion = \"1.00\";\r\n bDetected = true;\r\n } else if (MSDOS.compareEP(\"521eb430cd2186e03d....73..cd200e1fb4..e8\")) {\r\n sVersion = \"1.11f-1.12s\";\r\n bDetected = true;\r\n } else if (MSDOS.compareEP(\"FABD....D4854E32EBEB\")) {\r\n sVersion = \"1.13\";\r\n bDetected = true;\r\n } else if (MSDOS.compareEP(\"fabd....ffe5\")) {\r\n sVersion = \"1.13cs\";\r\n sOptions = \"converted to exe\";\r\n bDetected = true;\r\n } else if (MSDOS.compareEP(\"52B8....1ECD2186E03D....73..CD200E1FB409E8....24..EA\")) {\r\n sVersion = \"1.13\";\r\n bDetected = true;\r\n } else if (MSDOS.compareEP(\"FABE....050C00071D4A461E16FDAC44........F16D84D33D....CFAFFB34DB33..........D0D6....92B4249E\")) {\r\n sVersion = \"1.17\";\r\n bDetected = true;\r\n } else if (MSDOS.compareEP(\"52BA....5AEB..9A........30CD21......FD02....CD200E1F52BA....5AEB\")) {\r\n sVersion = \"1.18\";\r\n bDetected = true;\r\n } else if (MSDOS.compareEP(\"52BA....5AEB..9A........30CD21......D602....CD200E1F52BA....5AEB\")) {\r\n sVersion = \"1.19s\";\r\n bDetected = true;\r\n } else if (MSDOS.compareEP(\"52B430CD2152FA..FB3D....EB..CD200E1FB409E8\")) {\r\n sVersion = \"1.11f\";\r\n sOptions = \"modified\";\r\n bDetected = true;\r\n } else if (MSDOS.compareEP(\"53bb....5beb$$eb$$9c1e52b430cd2186c43d....73..cd200e1f53bb....5beb\")) {\r\n sVersion = \"1.20\";\r\n bDetected = true;\r\n } else if (MSDOS.compareEP(\"1e52B8....cd2186c43d....73..cd2052ba....5aeb\")) {\r\n sVersion = \"1.18s\";\r\n bDetected = true;\r\n } else if (MSDOS.compareEP(\"5d1eb430cd2186e03d....73..cd200e1fb409e8\")) {\r\n sVersion = \"1.11gs\";\r\n bDetected = true;\r\n } else if (MSDOS.compareEP(\"e8$$$$3adb74..b8014ccd21eb..b430cd21fa8bec8b46..05....ffe0\")) {\r\n sVersion = \"1.17 regged\";\r\n bDetected = true;\r\n } else if (MSDOS.compareEP(\"521ee9$$$$0e1fb409e8$$$$5acd211f5a53bb....5beb$$eb$$e8$$$$e8$$$$52ba....5aeb\")) {\r\n sVersion = \"1.11f\";\r\n bDetected = true;\r\n } else if (MSDOS.compareEP(\"b8....521ecd2186e03d....73..cd200e1fb4..e8$$$$5acd211f5a53bb....5beb\")) {\r\n sVersion = \"1.12cs\";\r\n bDetected = true;\r\n } else if (MSDOS.compareEP(\"50b8....58eb$$eb$$9c1e52b430cd2186c43d....73..cd200e1f50\")) {\r\n sVersion = \"1.19/386\";\r\n bDetected = true;\r\n } else if (MSDOS.compareEP(\"9c5751e8$$$$e8$$$$5fb9....b8....2e87052e3185....47d1c8e2\")) {\r\n sVersion = \"1.20/386\";\r\n bDetected = true;\r\n } else if (MSDOS.compareEP(\"b430cd2186e03d....73..b0..b44ccd2150b8....58eb\")) {\r\n sVersion = \"0.97.6-0.99b\";\r\n bDetected = true;\r\n }\r\n\r\n return result();\r\n}\r\n" }, { "path": "db/MSDOS/protector_HASP.2.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"protector\", \"HASP Key Envelope\");\n\nfunction detect() {\n if (MSDOS.compareEP(\"e9$$$$e800005d81ed....2ea3....8cd82ea3....05....2ea3....2e0306....2ea3....2e833e......75..e8\")) {\n bDetected = true;\n } else if (MSDOS.compareEP(\"e9$$$$e800005d81ed....2ea3....8cd82ea3....83c0..2ea3....2e0306....2ea3....2e833e......75..e8\")) {\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/MSDOS/protector_HEALTH.2.sg", "content": "// Detect It Easy: detection rule file\r\n// Author: horsicq \r\n\r\nmeta(\"protector\", \"HEALTH\");\r\n\r\nfunction detect() {\r\n if (MSDOS.compareEP(\"1EE8....2E8C06....2E893E....8BD7B8....CD218BD80E1FE8....0657A1....26\")) {\r\n sVersion = \"5.1\";\r\n bDetected = true;\r\n }\r\n\r\n return result();\r\n}\r\n" }, { "path": "db/MSDOS/protector_HaSPeX-Protect.2.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"protector\", \"HaSPeX-Protect\");\n\nfunction detect() {\n if (MSDOS.compareEP(\"fa8cc88ed88cd38bd48ed0bc....b9....8bf44444fdad35....50eb\")) {\n sOptions = \"1996\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/MSDOS/protector_Hardlock.2.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"protector\", \"Hardlock\");\n\nfunction detect() {\n if (MSDOS.compareEP(\"2ec6........be....bf....b9....2ea1....d1e92e8b1d2e31052e030402e12bc6d0c403c34683ef\")) {\n sOptions = \"dongle envelope by Aladdin\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/MSDOS/protector_Inertia.2.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"protector\", \"Inertia encryption\");\n\nfunction detect() {\n if (MSDOS.compareEP(\"505351525657551e060eb8....500e5805....5031c050cb\")) {\n bDetected = true;\n } else if (MSDOS.compareEP(\"505351525657551e8cc88ed8be....8cc3011e....8cc92bcb83e9..33db8cc005....8ed8\")) {\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/MSDOS/protector_Int01-Destroyer.2.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"protector\", \"Int01-Destroyer\");\n\nfunction detect() {\n if (MSDOS.compareEP(\"fc33d28ec2bf....abab8cca33ff81ea....52ba....521e0733d2cb\")) {\n sOptions = \"1994\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/MSDOS/protector_Ironthorn.2.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"protector\", \"Ironthorn\");\n\nfunction detect() {\n if (MSDOS.compareEP(\"9ce80000581e5704..bf....5feb$$ffd0\")) {\n sVersion = \"1.0:2000\";\n sOptions = \"modified HackStop 1.19 by ReDragon\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/MSDOS/protector_JAM.2.sg", "content": "// Detect It Easy: detection rule file\r\n// Author: horsicq \r\n\r\nmeta(\"protector\", \"JAM\");\r\n\r\nfunction detect() {\r\n if (MSDOS.compareEP(\"50061607BE....8BFEB9....FDFAF32EA5FB06BD....55CB\")) {\r\n sVersion = \"2.21\";\r\n bDetected = true;\r\n }\r\n\r\n return result();\r\n}\r\n" }, { "path": "db/MSDOS/protector_JmCryptExe.2.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"protector\", \"JmCryptExe\");\n\nfunction detect() {\n if (MSDOS.compareEP(\"e9$$$$e9$$$$1e068cd805....8ed88ec02e0106....2e0106....8be82ea1....2e8b0e\")) {\n sVersion = \"0.7i\";\n bDetected = true;\n } else if (MSDOS.compareEP(\"e9$$$$e9$$$$2e8c1e....e8$$$$530633db8ec3bb....268e47..bb....26813f....74..e9\")) {\n sVersion = \"0.7\";\n bDetected = true;\n } else if (MSDOS.compareEP(\"e9$$$$2e8c1e....8cc88ed806a1....8ec08b1e....b4..cd210773..e9\")) {\n sVersion = \"0.7?\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/MSDOS/protector_Joke.2.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"protector\", \"Joke fileheader\");\n\nfunction detect() {\n if (MSDOS.compareEP(\"bb....e8....bd....2863..53454ee8....9893928a80....52cb\")) {\n sOptions = \"by SEN\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/MSDOS/protector_KeyMaker.2.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"protector\", \"KeyMaker\");\n\nfunction detect() {\n if (MSDOS.compareEP(\"fc0e1f8706....871e....870e....8716....8736....873e....872e....268b07a3....8cc0a3....8cc88ec08edaf3a5\")) {\n sVersion = \"3.0\";\n sOptions = \"1998 by TIME Software\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/MSDOS/protector_Kvetch.2.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"protector\", \"Kvetch\");\n\nfunction detect() {\n if (MSDOS.compareEP(\"bb....ba....0e1f068cd005....8ec00efc8bcbd1e133ffd1e18bf7d1e1f3a5b8....0650cb\")) {\n sVersion = \"1.X\";\n sOptions = \"1992 by Tal Nevo\";\n bDetected = true;\n } else if (MSDOS.compareEP(\"ba....bb....060e0e1f8cd005....8ec08bcbd1e1d1e1d1e133ff8bf7fcf3a506b8....50cb\")) {\n sVersion = \"1.02c\";\n sOptions = \"1992 by Tal Nevo\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/MSDOS/protector_LOCK.2.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"protector\", \"LOCK\");\n\nfunction detect() {\n if (MSDOS.compareEP(\"b430cd21faba....2e8006......80ea..2e8816....e8$$$$2ec606......fbbf....b9....0e072e8a0534..aae2\")) {\n sVersion = \"1.1\";\n sOptions = \"by Psycho //ENiAC\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/MSDOS/protector_LOCK91.2.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"protector\", \"LOCK91\");\n\nfunction detect() {\n if (MSDOS.compareEP(\"eb$$8cc88ed88ec08cd8a3....a1....2906....e421500c..24..e621e8\")) {\n sOptions = \"dongle envelope\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/MSDOS/protector_LamerStop.2.sg", "content": "// Detect It Easy: detection rule file\r\n// Author: horsicq \r\n\r\nmeta(\"protector\", \"LamerStop\");\r\n\r\nfunction detect() {\r\n if (MSDOS.compareEP(\"E8....05....CD2133C08EC026......2E......26......2E......BA....FA\")) {\r\n sVersion = \"1.0c\";\r\n bDetected = true;\r\n }\r\n\r\n return result();\r\n}\r\n" }, { "path": "db/MSDOS/protector_LockTite+.2.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"protector\", \"LockTite+\");\n\nfunction detect() {\n if (MSDOS.compareEP(\"8cc88ed88cc381c3....8bc30306....8ec08b0e....8bf14e8bfefdf3a450b8....50cb\")) {\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/MSDOS/protector_MEGALITE.2.sg", "content": "// Detect It Easy: detection rule file\r\n// Author: horsicq \r\n\r\nmeta(\"protector\", \"MEGALITE\");\r\n\r\nfunction detect() {\r\n if (MSDOS.compareEP(\"B8....BA....05....3B2D73..72..B409BA....CD21CD90\")) {\r\n sVersion = \"1.20a\";\r\n bDetected = true;\r\n }\r\n\r\n return result();\r\n}\r\n" }, { "path": "db/MSDOS/protector_MESS.2.sg", "content": "// Detect It Easy: detection rule file\r\n// Author: horsicq \r\n\r\nmeta(\"protector\", \"MESS\");\r\n\r\nfunction detect() {\r\n if (MSDOS.compareEP(\"....................B9....F3..ACE3..EB..BA....B409CD21CD20..............................B430CD213C0277\")) {\r\n sVersion = \"1.07\";\r\n bDetected = true;\r\n } else if (MSDOS.compareEP(\"........FAB9....F326ACE3..EB$$1E0E1FBA....81EA....B409CD211FB44CCD21\")) {\r\n sVersion = \"1.20\";\r\n bDetected = true;\r\n } else if (MSDOS.compareEP(\"........FA545b3bdc75..eb$$9c5b81cb....5381e3....75..9d9c5825....75..1e0e1f\")) {\r\n sVersion = \"1.29\";\r\n bDetected = true;\r\n } else if (MSDOS.compareEP(\"........FAb9....f326ace3..eb$$1e0e1fba....b409cd211fb44ccd21\")) {\r\n sVersion = \"1.X\";\r\n bDetected = true;\r\n } else if (MSDOS.compareEP(\"'MESS'b9....83c4..f326ace3..eb$$ba....b409cd21cd20\")) {\r\n sVersion = \"1.07\";\r\n bDetected = true;\r\n } else if (MSDOS.compareEP(\"'MESS'fa545b3bdc75..eb$$9c5b81cb....539d9c5825....75..1e0e1fba....b409cd211f\")) {\r\n sVersion = \"1.25\";\r\n bDetected = true;\r\n } else if (MSDOS.compareEP(\"'MESS'b9....83c4..f326ace3..eb\")) {\r\n sVersion = \"1.14\";\r\n bDetected = true;\r\n }\r\n\r\n return result();\r\n}\r\n" }, { "path": "db/MSDOS/protector_Maker.2.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"protector\", \"Maker (CDAT)\");\n\nfunction detect() {\n if (MSDOS.compareEP(\"eb$$558bec9ceb$$505351525657061eb8....cd210653eb$$b8....cd2106531e1e0e1f8ccab1..eb\")) {\n sVersion = \"3.0\";\n sOptions = \"1992 by PST\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/MSDOS/protector_Mandrake.2.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"protector\", \"Mandrake\");\n\nfunction detect() {\n if (MSDOS.compareEP(\"b8....8ed8b8....8ec0e8$$$$bb....b9....b8....2bc1568bf0268a3488305ee2..b4..b7..cd10\")) {\n sOptions = \"by H.P.G. Soft\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/MSDOS/protector_MutaWWP.2.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"protector\", \"MutaWWP\");\n\nfunction detect() {\n if (MSDOS.compareEP(\"e8$$$$5e8bd683ea..83c6..060e1e0e1f33ff8cd383eb..8ec3b9....f3a45805....500e5333c951cb\")) {\n sVersion = \"1.0\";\n sOptions = \"by Stefan Esser\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/MSDOS/protector_Mutate.2.sg", "content": "// Detect It Easy: detection rule file\r\n// Author: horsicq \r\n\r\nmeta(\"protector\", \"Mutate\");\r\n\r\nfunction detect() {\r\n if (MSDOS.compareEP(\"e8$$$$58e9$$$$2ec606......eb$$1eeb$$50eb$$33c0f872..eb\")) {\r\n sVersion = \"1.1 (16,20.05.1996)\";\r\n sOptions = \"1996 by PReDaToR 666\";\r\n bDetected = true;\r\n } else if (MSDOS.compareEP(\"33c0eb$$83e8..e9$$$$2e802e......eb$$1eeb$$50eb$$33c0f872..eb\")) {\r\n sVersion = \"1.1 (18.05.1996)\";\r\n sOptions = \"1996 by PReDaToR 666\";\r\n bDetected = true;\r\n } else if (MSDOS.compareEP(\"e9$$$$f8e9$$$$2e8006......eb$$1eeb$$50e9$$$$33c0f873..e9\")) {\r\n sVersion = \"1.1 (20.05.1996)\";\r\n sOptions = \"1996 by PReDaToR 666\";\r\n bDetected = true;\r\n }\r\n\r\n return result();\r\n}\r\n" }, { "path": "db/MSDOS/protector_NOCLIP.2.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"protector\", \"NOCLIP\");\n\nfunction detect() {\n if (MSDOS.compareEP(\"e9$$$$ff26....9c5053518cd8a3\")) {\n sVersion = \"4.X\";\n sOptions = \"by TD Technologia Digital\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/MSDOS/protector_NOTA.2.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"protector\", \"NOTA\");\n\nfunction detect() {\n if (MSDOS.compareEP(\"eb$$061e33c08ed8be....0e07bf....b9....fcf3a41f8cd3be....8bd48ed6bc....8bf436c744......36c744......8ed38be2ba....e8\")) {\n sVersion = \"1.1\";\n sOptions = \"1990 by Novitex\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/MSDOS/protector_NTShell.2.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"protector\", \"NTShell\");\n\nfunction detect() {\n if (MSDOS.compareEP(\"2e8c1e....8cca8eda8ec2fa8ed2bc....fbe80000eb$$b9....5e8bfeeb\")) {\n sVersion = \"4.0\";\n sOptions = \"by Mr. ZhouHui\";\n bDetected = true;\n } else if (MSDOS.compareEP(\"2e8c06....8cc88ed8fa8ed0bc....fbff36....268b1e....8ec333ffb9\")) {\n sVersion = \"2.01\";\n sOptions = \"by Mr. ZhouHui\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/MSDOS/protector_Nodebug.2.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"protector\", \"Nodebug\");\n\nfunction detect() {\n if (MSDOS.compareEP(\"fcbe....b9....31d22ead01c2e2\")) {\n sVersion = \"1.0 part 2\";\n sOptions = \"by JVP\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/MSDOS/protector_Novex.2.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"protector\", \"Novex Key Envelope\");\n\nfunction detect() {\n if (MSDOS.compareEP(\"0e1f06b8....bb....0e07cd012ea1....263947..070675..2ec606......eb..06f8b8....cd212e891e....2e8c06....b8\")) {\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/MSDOS/protector_Overlay.2.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"protector\", \"Overlay\");\n\nfunction detect() {\n if (MSDOS.compareEP(\"fa8cc283c2..2e0116....8cc82bc22e8b0e....8bea8bf8be....8bc103c903c881c1....03c18ad983e3..2e0387\")) {\n sVersion = \"3.0\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/MSDOS/protector_PACKWIN.2.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"protector\", \"PACKWIN\");\n\nfunction detect() {\n if (MSDOS.compareEP(\"8cc0fa8ed0bc....fb060e1f2e8b0e....8bf14e8bfe8cdb2e031e....8ec3fdf3a453b8....50cb\")) {\n sVersion = \"1.0\";\n sOptions = \"by Yellow Rose\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/MSDOS/protector_PC-Guard.2.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"protector\", \"PC-Guard\");\n\nfunction detect() {\n if (MSDOS.compareEP(\"b8....fcfdb9....be....f82e180cf5fcfc74..fccc\")) {\n sVersion = \"3.05 PRO\";\n sOptions = \"1994/97 by Ceklic Blagoje //COMSEC\";\n bDetected = true;\n } else if (MSDOS.compareEP(\"2bdb81cb....f8fdbf....2bd281ca....f52e291dfcf7d3fdfccc\")) {\n sVersion = \"3.05\";\n sOptions = \"1994/97 by Ceklic Blagoje //COMSEC\";\n bDetected = true;\n } else if (MSDOS.compareEP(\"bb....f5b9....fcfdbe....fdfc2e190cfcfdf8f7d9d1d9f8f8\")) {\n sVersion = \"3.XX\";\n sOptions = \"by Ceklic Blagoje //COMSEC\";\n bDetected = true;\n } else if (MSDOS.compareEP(\"be....fcb9....fdf5f5ba....fc2e102cf8d1d1d1c9f7d9\")) {\n sVersion = \"3.XX\";\n sOptions = \"by Ceklic Blagoje //COMSEC\";\n bDetected = true;\n } else if (MSDOS.compareEP(\"33db81c3....f8fdbe....f8f5fcba....f52e111cfcfd72\")) {\n sVersion = \"3.XX\";\n sOptions = \"by Ceklic Blagoje //COMSEC\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/MSDOS/protector_PCOM.2.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"protector\", \"PCOM\");\n\nfunction detect() {\n if (MSDOS.compareEP(\"be....b9....2e8a0434..2e880446e2\")) {\n sVersion = \"2.8b2, 2.8b3 -e -i\";\n sOptions = \"1999\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/MSDOS/protector_PROTECT.2.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"protector\", \"PROTECT! EXE\");\n\nincludeScript(\"read\");\n\nfunction detect() {\n\n var bEnableNewEngine = true; // Need more researches\n\n if (bEnableNewEngine) {\n var a1 = [0xFD, 0x1E, 0x0E, 0x0E, 0x07, 0x1F], a2 = [0xFD, 0x1E, 0x0E, 0x07, 0x0E, 0x1F],\n a3 = [0xFC, 0x1E, 0x0E, 0x1F, 0x0E, 0x07], a4 = [0xFC, 0x1E, 0x0E, 0x0E, 0x1F, 0x07],\n a5 = [0x1E, 0xFD, 0x0E, 0x07, 0x0E, 0x1F], a6 = [0x1E, 0xFD, 0x0E, 0x0E, 0x07, 0x1F],\n a7 = [0x1E, 0xFC, 0x0E, 0x1F, 0x0E, 0x07], a8 = [0x1E, 0xFC, 0x0E, 0x0E, 0x1F, 0x07],\n bt = [0x00, 0x00, 0x00, 0x00, 0x00, 0x00],\n cnt_arr = 0,\n ep = MSDOS.OffsetToVA(MSDOS.getEntryPointOffset()),\n count = 0;\n while (count < 0x50) {\n count++;\n var byte = MSDOS.readByte(MSDOS.VAToOffset(ep));\n if (byte == 0xFD || byte == 0x1E || byte == 0x0E || byte == 0x07 || byte == 0x1F || byte == 0xFC) {\n bt[cnt_arr] = byte; cnt_arr++;\n }\n if (cnt_arr == 6) { break; }\n ep = MSDOS.getDisasmNextAddress(ep);\n }\n if (compareArrays(a1, bt) || compareArrays(a2, bt) || compareArrays(a3, bt) ||\n compareArrays(a4, bt) || compareArrays(a5, bt) || compareArrays(a6, bt) ||\n compareArrays(a7, bt) || compareArrays(a8, bt)) { sVersion = \"5.5\"; bDetected = true; }\n }\n\n if (MSDOS.compareEP(\"1e0e0e1f07\") || MSDOS.compareEP(\"1e0e0e071f\") || MSDOS.compareEP(\"1e0e1f0e07\")) {\n var b = MSDOS.readByte(MSDOS.getEntryPointOffset() + 5);\n if (b == 0xBA || b == 0xBB || b == 0xBD || b == 0xBE || b == 0xBF || b == 0xE8) {\n sVersion = \"5.0\"; sOptions = \"type 1\";\n bDetected = true;\n }\n } else if (MSDOS.compareEP(\"5053515657061e0e1f\")) {\n sVersion = \"5.0\"; sOptions = \"type 2\";\n bDetected = true;\n } else if (MSDOS.compareEP(\"0e071e0e1f\")) {\n var b = MSDOS.readByte(MSDOS.getEntryPointOffset() + 5);\n if (b == 0xBA || b == 0xBB || b == 0xBD || b == 0xBE || b == 0xBF) {\n sVersion = \"4.1\";\n bDetected = true;\n }\n } else if (MSDOS.compareEP(\"8cdb0e0e1f07b9....e800005e81c6....89f7ac34..aae2\")) {\n sVersion = \"4.0\";\n bDetected = true;\n } else if (MSDOS.compareEP(\"2ea3....8cd82ea3....8cc82ea3....2e892e....33c08ed8fafcbe....0e07\")) {\n sVersion = \"3.1\";\n bDetected = true;\n } else if (MSDOS.compareEP(\"2ea3....8cd82ea3....8cc82ea3....2e892e....33c08ec0fafc26a1....2ea3....26a1\")) {\n sVersion = \"3.0\";\n bDetected = true;\n } else if (MSDOS.compareEP(\"e8$$$$1e068cc88ed88ec0be....8bfeb9....ac\")) {\n sVersion = \"2.0\";\n bDetected = true;\n } else if (MSDOS.compareEP(\"e8$$$$1e068cc88ed88ec02ec606\")) {\n sVersion = \"1.0\";\n bDetected = true;\n } else if (MSDOS.compareEP(\"8cd805....50b8....501e068cda83c2..b9....be....0e1fad8bd8ad03c28ec0260117e2\")) {\n sOptions = \"relocpacker\";\n sVersion = \"1.0\";\n bDetected = true;\n } else if (MSDOS.compareEP(\"1eb430cd213c..73..cd20be....e8....e8\")) {\n sVersion = \"6.0\";\n bDetected = true;\n }\n return result();\n}" }, { "path": "db/MSDOS/protector_PVAC.2.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"protector\", \"PVAC\");\n\nfunction detect() {\n if (MSDOS.compareEP(\"33c08ed806be....bf....b9....fcf3a5bf....b2..fa8926....bc....8bf42e8a0402c2a3....a3....8cdb\")) {\n sVersion = \"1.04\";\n sOptions = \"(1993) by Fernando Papa Budzyn\"\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/MSDOS/protector_PassEXE.2.sg", "content": "// Detect It Easy: detection rule file\r\n// Author: horsicq \r\n\r\nmeta(\"protector\", \"PassEXE\");\r\n\r\nfunction detect() {\r\n if (MSDOS.compareEP(\"061E0E0E071FBE....B9....871481......EB..C7......840087......FB1F584A\")) {\r\n sVersion = \"2.0\";\r\n bDetected = true;\r\n }\r\n\r\n return result();\r\n}\r\n" }, { "path": "db/MSDOS/protector_Pksmart.2.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"protector\", \"Pksmart\");\n\nfunction detect() {\n if (MSDOS.compareEP(\"ba....8cc88bc803c281c1....51b9....511e8cd38d6f..55b1..51fc4bbe....33ff8ed88ec3b1..f3a5484a79..0e078edb33f633ffcb\")) {\n sVersion = \"1.0b\";\n sOptions = \"by Alex\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/MSDOS/protector_ProtEXE.2.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"protector\", \"ProtEXE\");\n\nfunction detect() {\n\n // new algo\n\n var ep_off = MSDOS.getEntryPointOffset();\n var i = 0;\n\n while (i < 20) {\n i++;\n switch (MSDOS.readByte(ep_off)) {\n case 0xE9:\n {\n var addr = MSDOS.readWord(ep_off + 1);\n if (addr > 0x7fff) { ep_off = ep_off - (0xffff - addr) + 2 } else { ep_off = ep_off + addr + 3 }\n break;\n }\n case 0xE8:\n {\n var addr = MSDOS.readWord(ep_off + 1);\n if (addr > 0x7fff) { ep_off = ep_off - (0xffff - addr) + 2 } else { ep_off = ep_off + addr + 3 }\n break;\n }\n case 0xEB:\n {\n var addr = MSDOS.readByte(ep_off + 1);\n if (addr > 0x7f) { ep_off = ep_off - (0xff - addr) + 1 } else { ep_off = ep_off + addr + 2 }\n break;\n }\n }\n var a = MSDOS.readByte(ep_off);\n if ((a == 0xbb || a == 0xbe || a == 0xbf) && MSDOS.compare(\"0600\", ep_off + 1)) {\n sVersion = \"3.10-3.11\";\n bDetected = true;\n break;\n }\n if (a != 0xbb && a != 0xbe && a != 0xbf && a != 0xe9 && a != 0xe8 && a != 0xeb) {\n break;\n }\n }\n\n // some old sigs\n\n if (MSDOS.compareEP(\"9c9c5825....509d9c5825....3d....74..9c5825....0d....509d9c5825....74..ba....b0..eb\")) {\n sVersion = \"2.11\";\n bDetected = true;\n } else if (MSDOS.compareEP(\"9c505351525657551e06fcb8....cd2184c075..cd20a8..04..eb$$eb$$ba....ec0c..eb\")) {\n sVersion = \"3.0\";\n sOptions = \"by T.Torfs\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/MSDOS/protector_Protector.2.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"protector\", \"Protector\");\n\nfunction detect() {\n if (MSDOS.compareEP(\"'FCP/IV'bc....c3\", -6)) {\n sOptions = \"by FCP/IV (Future Crew)\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/MSDOS/protector_Quadru-Lock.2.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"protector\", \"Quadru-Lock\");\n\nfunction detect() {\n if (MSDOS.compareEP(\"9c508cda5252bb....8cc8488ed805....8ec0b9....8bf12bf38bfefdf3a44050ffd1\")) {\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/MSDOS/protector_R-Crypt.2.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"protector\", \"R-Crypt\");\n\nfunction detect() {\n if (MSDOS.compareEP(\"e9$$$$68....60bf....b9....b0..2e3005fec047e2..61c706........c606\")) {\n sVersion = \"0.91, 0.93\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/MSDOS/protector_REC.2.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"protector\", \"REC\");\n\nfunction detect() {\n if (MSDOS.compareEP(\"061eb430cd213c..73..33c00650cbbf....8b36....2bf781fe....eb$$52ba....5aeb\")) {\n sVersion = \"0.33-0.35\";\n bDetected = true;\n } else if (MSDOS.compareEP(\"061e52b8....1ecd2186e03d....73..cd200e1fb4..e8$$$$5acd21\")) {\n sVersion = \"0.24-0.32\";\n bDetected = true;\n } else if (MSDOS.compareEP(\"061eb430cd213c..73..33c00650cb\")) {\n sVersion = \"0.40c2\";\n bDetected = true;\n } else if (MSDOS.compareEP(\"061e53bb....5beb$$eb$$eb$$2ec606\")) {\n sVersion = \"0.40.5, 0.40.6\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/MSDOS/protector_RHC.2.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"protector\", \"RHC\");\n\nfunction detect() {\n if (MSDOS.compareEP(\"8cd8ba....8eda8ec2a3....b8....cd10b8....8ec0be....bb....b9....518bfbb9....b4..acabe2\")) {\n sVersion = \"1.99.test\";\n sOptions = \"1999 by Rowdy\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/MSDOS/protector_ROSETINY.2.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"protector\", \"RoseTiny\");\n\nfunction detect() {\n if (MSDOS.compareEP(\"e8$$$$53bb....5beb$$eb$$582d....50061e5751e8$$$$e8$$$$5fb9....b8....2e87052e3145..47d1c8e2\")) {\n bDetected = true;\n } else if (MSDOS.compareEP(\"eb$$5053b430cd2186e03d....73..cd2006502bc08ec08506....b8....eb\")) {\n sVersion = \"0.95\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/MSDOS/protector_SSI-Lock.2.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"protector\", \"SSI-Lock\");\n\nfunction detect() {\n if (MSDOS.compareEP(\"1e0e1fba....b4..cd211f2bc00650cb\")) {\n sVersion = \"3.0 (overlay)\";\n sOptions = \"1991, 1992 by Software Security, Inc.\";\n bDetected = true;\n } else if (MSDOS.compareEP(\"2e8c06....2e8c1e....0e1f8c06....892e....893e....8936....8916....890e....891e....a3....9c5825....a3....fb0e1f\")) {\n sVersion = \"3.0\";\n sOptions = \"1991, 1992 by Software Security, Inc.\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/MSDOS/protector_Secure.2.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"protector\", \"Secure\");\n\nfunction detect() {\n if (MSDOS.compareEP(\"8CC805....50B8....50B0..068CD20683....50B0..52FC508CD28CCDBB....03EB4A8EDD8EC24DB9....33FFBE....AD35....ABE2\")) {\n sVersion = \"2.1b\";\n bDetected = true;\n } else if (MSDOS.compareEP(\"8CC805....50B8....50CB\")) {\n sVersion = \"2.1b\";\n bDetected = true;\n } else if (MSDOS.compareEP(\"e8$$$$fa4c904c81f3....56be....5eeb$$eb$$81f3....444490fb5bf7c2....eb$$53b9....eb\")) {\n sVersion = \"0.29\";\n bDetected = true;\n } else if (MSDOS.compareEP(\"e8\")) {\n var offset = MSDOS.readWord(MSDOS.getEntryPointOffset() + 1) + MSDOS.getEntryPointOffset() + 3;\n if (MSDOS.findSignature(offset, MSDOS.getSize() - offset, \"2e8037..43e2f9\") != -1) {\n sVersion = \"0.19\";\n bDetected = true;\n }\n }\n\n return result();\n}" }, { "path": "db/MSDOS/protector_SelfChk.2.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"protector\", \"SelfChk\");\n\nfunction detect() {\n if (MSDOS.compareEP(\"1e1eb430cd21b44c3c..73..cd21be....e8....e8....b8....1f07e9....0e0e1f07fcc3\")) {\n sVersion = \"1.21\";\n sOptions = \"1999 by Tsahi Chitin\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/MSDOS/protector_Shrink.2.sg", "content": "// Detect It Easy: detection rule file\r\n// Author: horsicq \r\n\r\nmeta(\"protector\", \"Shrink\");\r\n\r\nfunction detect() {\r\n if (MSDOS.compareEP(\"509CFCBE....BF....57B9....F3A48B......BE....BF....F3A4C3\")) {\r\n sVersion = \"1.0\";\r\n bDetected = true;\r\n } else if (MSDOS.compareEP(\"E9....509CFCBE....8BFE8CC805....8EC00657B9\")) {\r\n sVersion = \"2.0\";\r\n bDetected = true;\r\n }\r\n\r\n return result();\r\n}\r\n" }, { "path": "db/MSDOS/protector_SnoopStop.2.sg", "content": "// Detect It Easy: detection rule file\r\n// Author: horsicq \r\n\r\nmeta(\"protector\", \"SnoopStop\");\r\n\r\nfunction detect() {\r\n if (MSDOS.compareEP(\"..E9....EB..20......73..20....411A05\")) {\r\n sVersion = \"1.15\";\r\n bDetected = true;\r\n }\r\n\r\n return result();\r\n}\r\n" }, { "path": "db/MSDOS/protector_SuckStop.2.sg", "content": "// Detect It Easy: detection rule file\r\n// Author: horsicq \r\n\r\nmeta(\"protector\", \"SuckStop\");\r\n\r\nfunction detect() {\r\n if (MSDOS.compareEP(\"EB......BE....B430CD21EB..9B\")) {\r\n sVersion = \"1.11\";\r\n bDetected = true;\r\n } else if (MSDOS.compareEP(\"'KAOT'58eb$$be....b430cd21eb$$3c..77..cd204e75..6a..0e6a..fec3cf\")) {\r\n sVersion = \"1.11r\";\r\n sOptions = \"1997 by KA0T //N0Ps\";\r\n bDetected = true;\r\n } else if (MSDOS.compareEP(\"'KAOT'5ceb$$be....b430cd21eb$$3c..77..cd204e75..c706........1e6a..0fa1\")) {\r\n sVersion = \"1.10r\";\r\n sOptions = \"1997 by KA0T //N0Ps\";\r\n bDetected = true;\r\n } else if (MSDOS.compareEP(\"'KAOT'5ceb$$be....b430cd21eb$$3c..77..cd204e75..6a..0e6a..fec3cf\")) {\r\n sOptions = \"1997 by KA0T //N0Ps\";\r\n bDetected = true;\r\n } else if (MSDOS.compareEP(\"3a324a1d....fb37fb1d....1d....be....81ee....6a..593a32\")) {\r\n sVersion = \"1.0\";\r\n sOptions = \"1997 by KA0T //N0Ps\";\r\n bDetected = true;\r\n }\r\n\r\n return result();\r\n}\r\n" }, { "path": "db/MSDOS/protector_TCEC.2.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"protector\", \"TCEC\");\n\nfunction detect() {\n if (MSDOS.compareEP(\"e4640c..e66466fae800005d81ed....b8....8bd48da6....b9....8bdc2ec00f..2e30072e000f44e2\")) {\n sVersion = \"3.59r5\";\n sOptions = \"by ThE CLERiC! //LZ0, EVD\";\n bDetected = true;\n } else if (MSDOS.compareEP(\"54434543b9....83c4..33c0509df326ace3..eb\")) {\n sVersion = \"3.55\";\n sOptions = \"by ThE CLERiC! //LZ0, EVD\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/MSDOS/protector_TraceLock.2.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"protector\", \"TraceLock\");\n\nfunction detect() {\n if (MSDOS.compareEP(\"1e06e8$$$$0e0e1f07b4..b9....be....8bfefcac32c4d2c802e1aae2..b8....35....8706....c3\")) {\n sVersion = \"0.9\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/MSDOS/protector_Trap.2.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"protector\", \"Trap\");\n\nfunction detect() {\n if (MSDOS.compareEP(\"e800005b83c3..908bd3e8$$$$5b2e803f..74..90908bdab9....eb\")) {\n sVersion = \"1.21\";\n sOptions = \"by Christoph Gabler\";\n bDetected = true;\n } else if (MSDOS.compareEP(\"8cd0bb....8ed333c98ed0b9....eb$$e2..33d2\")) {\n sVersion = \"1.18\";\n sOptions = \"by Christoph Gabler\";\n bDetected = true;\n } else if (MSDOS.compareEP(\"8cd0bb....8ed333d28ed0b9....eb$$e2..33d2\")) {\n sVersion = \"1.X\";\n sOptions = \"by Christoph Gabler\";\n bDetected = true;\n } else if (MSDOS.compareEP(\"b9....eb$$e2$$eb..90cd20e2\")) {\n sVersion = \"1.15\";\n sOptions = \"by Christoph Gabler\";\n bDetected = true;\n } else if (MSDOS.compareEP(\"e800005b83c3..908bd3e8$$$$5b2e803f..74..90908bdab9....2ec0\")) {\n sVersion = \"1.20\";\n sOptions = \"1998 by Christoph Gabler\";\n bDetected = true;\n } else if (MSDOS.compareEP(\"05....eb$$bb....81ebfa..85f9eb$$eb$$39fbeb\")) {\n sVersion = \"1.22\";\n sOptions = \"by Christoph Gabler\";\n bDetected = true;\n } else if (MSDOS.compareEP(\"81ea....eb$$b9....81c1....39d0bb....85c3b9....f505....bb....ba....81c2\")) {\n sVersion = \"1.23\";\n sOptions = \"by Christoph Gabler\";\n bDetected = true;\n } else if (MSDOS.compareEP(\"eb$$39c281c3....eb$$81c3....39cc81ea....39e2b9....85da39e9eb\")) {\n sVersion = \"1.24\";\n sOptions = \"by Christoph Gabler\";\n bDetected = true;\n } else if (MSDOS.compareEP(\"8cd1ba....8ed233d28ed18bcaeb\")) {\n sVersion = \"1.13\";\n sOptions = \"by Christoph Gabler\";\n bDetected = true;\n } else if (MSDOS.compareEP(\"e8$$$$5d81ed....458cd68bfc0f23c70f23ceb0..e6..fa0e17\")) {\n sVersion = \"1.26b1\";\n sOptions = \"2000 by Christoph Gabler\";\n bDetected = true;\n } else if (MSDOS.compareEP(\"8cd1ba....8ed233d28ed18bcab9....eb\")) {\n sVersion = \"1.14\";\n sOptions = \"by Christoph Gabler\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/MSDOS/protector_Un2pack.2.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"protector\", \"Un2pack\");\n\nfunction detect() {\n if (MSDOS.compareEP(\"9cba....2d....81e1....81f3....b4..9db8....ba....8cdb03d83b1e....73..83eb..fa8ed3bc\")) {\n sVersion = \"2.0\";\n sOptions = \"1994 by The CCS-Productions\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/MSDOS/protector_UnPackStop.2.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"protector\", \"UnPackStop\");\n\nfunction detect() {\n if (MSDOS.compareEP(\"3670..b8....81c0....bb....43e8....5f83c7..0e570656cbbe....eb\")) {\n sVersion = \"0.9X\";\n sOptions = \"by Szaszi (Szabo Laszlo)\";\n bDetected = true;\n } else if (MSDOS.compareEP(\"68....c3\")) {\n var nOffset = MSDOS.readWord(MSDOS.getEntryPointOffset() + 1) - 32;\n if (MSDOS.compare(\"bf....e2..a541b9....2e31154747e2\", nOffset)) {\n sVersion = \"0.95\";\n sOptions = \"by Szaszi (Szabo Laszlo)\";\n bDetected = true;\n } else if (MSDOS.compare(\"b9....39fe2e31154747eb\", nOffset)) {\n sVersion = \"0.95 freeware\";\n sOptions = \"by Szaszi (Szabo Laszlo)\";\n bDetected = true;\n }\n } else if (MSDOS.compareEP(\"4e46555dbb....70..b8....81c0....4c44cd213efc268b2e....8ec5\")) {\n sVersion = \"0.94\";\n sOptions = \"by Szaszi (Szabo Laszlo)\";\n bDetected = true;\n } else if (MSDOS.compareEP(\"b8....40bb....4be8$$$$be....eb$$5f83c7..0e570656cb\")) {\n sVersion = \"0.94\";\n sOptions = \"by Szaszi (Szabo Laszlo)\";\n bDetected = true;\n } else if (MSDOS.compareEP(\"424a5159bb....4bb8....404a42cd2190fc\")) {\n sVersion = \"0.96\";\n sOptions = \"by Szaszi (Szabo Laszlo)\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/MSDOS/protector_XDOC.2.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"protector\", \"XDOC\");\n\nfunction detect() {\n if (MSDOS.compareEP(\"2e8c16....eb00ea....ffff\")) {\n sVersion = \"1.20\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/MSDOS/protector_aPatch.2.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"protector\", \"aPatch\");\n\nfunction detect() {\n if (MSDOS.compareEP(\"e8$$$$fde8$$$$ffc75e83ee..e8$$$$5d8176......c646....eb$$ffe5\")) {\n sVersion = \"0.05-0.33\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/MSDOS/protector_cramble.2.sg", "content": "// Detect It Easy: detection rule file\r\n// Author: horsicq \r\n\r\nmeta(\"protector\", \"cramble\");\r\n\r\nfunction detect() {\r\n if (MSDOS.compareEP(\"E9....609CFC..................01..012A..FF\")) {\r\n sVersion = \"0.2b3\";\r\n bDetected = true;\r\n }\r\n\r\n return result();\r\n}\r\n" }, { "path": "db/MSDOS/protector_iLUCRYPT.2.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"protector\", \"iLUCRYPT\");\n\nfunction detect() {\n if (MSDOS.compareEP(\"8becfac746......4c4cc3fbbf....b8....2e3105d1c84f\")) {\n sVersion = \"4.01X\";\n sOptions = \"by Christian Schwarz\";\n bDetected = true;\n } else if (MSDOS.compareEP(\"bf....b8....2e3105d1c84f81ff....73..b7..df53..961e\")) {\n sVersion = \"4.017\";\n sOptions = \"by Christian Schwarz\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/MSDOS/protector_nbuild.2.sg", "content": "// Detect It Easy: detection rule file\r\n// Author: horsicq \r\n\r\nmeta(\"protector\", \"nbuild\");\r\n\r\nfunction detect() {\r\n if (MSDOS.compareEP(\"B9....BB....C0....80....43E2\")) {\r\n sVersion = \"1.0\";\r\n bDetected = true;\r\n }\r\n\r\n return result();\r\n}\r\n" }, { "path": "db/MSDOS/runtime_VROOMM.4.sg", "content": "// Detect It Easy: detection rule file\n// Author: BJNFNE \n\nmeta(\"runtime\", \"VROOMM (Virtual Real-time Object-Oriented Memory)\");\n\nfunction detect() {\n if (MSDOS.compareOverlay(\"46424f56\")) { // FBOV\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/MSDOS/self-displayer_ANS2ALL.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"self-displayer\", \"ANS2ALL\");\n\nfunction detect() {\n if (MSDOS.compareEP(\"eb$$be....bf....b9....8ccd81ed....8bdd83eb..8bd3fcfa909090909090\")) {\n sVersion = \"0.9beta\";\n sOptions = \"by ZeroCoder //XG\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/MSDOS/self-displayer_GIFEXE.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"self-displayer\", \"GIFEXE\");\n\nfunction detect() {\n if (MSDOS.compareEP(\"ba....2e8916....b430cd218b2e....8b1e....8edaa3....8c06\") &&\n MSDOS.compareOverlay(\"'GIF87a'\") &&\n MSDOS.isSignaturePresent(MSDOS.getSize()-6, 6, \"'GIFEXE'\")) {\n sVersion = \"1.0\";\n sOptions = \"1990, 1991 by Steve Enns and Dan Magosse\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/MSDOS/self-displayer_RELETTER.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"self-displayer\", \"RELETTER\");\n\nfunction detect() {\n if (MSDOS.compareEP(\"e9$$$$bc....bf....bb....8a0784c075..e9....438a073c..74..3c..74..89da438a073c..74\")) {\n sVersion = \"1.0\";\n sOptions = \"1993 by Hans J. Baer (converted to exe)\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/MSDOS/self-displayer_SimplyWare.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"self-displayer\", \"\");\n\nfunction detect() {\n if (MSDOS.compareEP(\"b8....8ed88c06....fa8ed0bc....fbb430cd21a3....0650b434cd218c06....8bc3485b86df81fb\")) {\n var nOffset = MSDOS.getOverlayOffset();\n if (MSDOS.findSignature(nOffset - 0x1000, 0x1000, \"'Simply Docs Viewer'\") != -1) {\n sName = \"Simply Docs Viewer\";\n sVersion = \"3.0\";\n sOptions = \"1990-94 by SimpleWare\";\n bDetected = true;\n } else if (MSDOS.compareOverlay(\"'Simply Help!'\")) {\n sName = \"Simply Help! TSR Viewer\"\n sOptions = \"1990-94 by SimpleWare\";\n bDetected = true;\n }\n }\n\n return result();\n}" }, { "path": "db/MSDOS/self-displayer_TXT2COM.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"self-displayer\", \"TXT2COM + generic com2exe\");\n\nfunction detect() {\n if (MSDOS.compareEP(\"e8$$$$c706........803e......75..8d36....e8....e8....e8....e8....e8....ffa7\")) {\n sVersion = \"1.1\";\n sOptions = \"1987 by Keith P. Graham\";\n bDetected = true;\n } else if (MSDOS.compareEP(\"8d26....e8$$$$b4..cd103c..74..c706........c706........3c..74..3c..74..8d16....b409cd21cd20c706\")) {\n sVersion = \"2.06\";\n sOptions = \"1989 by Keith P. Graham\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/MSDOS/self-displayer_TXTmaker.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"self-displayer\", \"TXTmaker\");\n\nfunction detect() {\n if (MSDOS.compareEP(\"eb$$b4..33dbcd1080fc..74..b0..eb$$b44ccd21\")) {\n sVersion = \"1.22\";\n sOptions = \"1991 by Jack A. Orman\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/MSDOS/self-displayer_Txt2Exe.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"self-displayer\", \"Txt2Exe\");\n\nfunction detect() {\n if (MSDOS.compareEP(\"8cc88ed88cc08ed0bc....b4..cd10a2....3c..74..268a1e....0e07\")) {\n sVersion = \"4.01\";\n sOptions = \"1996 by Wang Lisan\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/MSDOS/self-displayer_self-displayer.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"self-displayer\", \"Unknown\");\n\nfunction detect() {\n if (MSDOS.compareEP(\"b8....cd10b409ba....eb$$cd21b409ba....eb$$cd21b409ba....eb\")) {\n sOptions = \"1997 //d4c\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/MSDOS/sfx_ARC.1.sg", "content": "// Detect It Easy: detection rule file\r\n// Author: horsicq \r\n\r\nmeta(\"sfx\", \"ARC SFX\");\r\n\r\nfunction detect() {\r\n if (MSDOS.compareEP(\"8CC88CDB8ED88EC089......2BC3A3....89......BE....B9....BF....BA....FCAC32C28AD8\")) {\r\n sVersion = \"1.10\";\r\n sOptions = \"1986-89 by Wayne Chin and Vernon D. Buerg\";\r\n bDetected = true;\r\n } else if (MSDOS.compareEP(\"558bec83ec..32c02ea2....2ea2....2ea2....8cd78ec78d7e..be....fcac3c..74..3c..76..3c..75..ac\")) {\r\n sOptions = \"1988-89 by NoGate Consulting\";\r\n bDetected = true;\r\n } else if (MSDOS.compareEP(\"558bec83ec..a1....2ea3....2ec606......8cd78ec78d7e..be....fcac3c..74..3c..76..3c..75..ac\")) {\r\n sOptions = \"1988-89 by NoGate Consulting\";\r\n bDetected = true;\r\n } else if (MSDOS.compareEP(\"bb....8edb8c06....c706........8cd02bc3b9....d3e003c4fa8ed38be0fb05....b9....d3e8408cd303c3a3\")) {\r\n sVersion = \"7.1\";\r\n sOptions = \"1990 by System Enhancement Associates (SEA), Inc.\";\r\n bDetected = true;\r\n }\r\n\r\n return result();\r\n}\r\n" }, { "path": "db/MSDOS/sfx_ARJ.1.sg", "content": "// Detect It Easy: detection rule file\r\n// Author: horsicq \r\n\r\nmeta(\"sfx\", \"ARJ\");\r\n\r\nfunction detect() {\r\n if (MSDOS.compare(\"'RJSX'\", 0x1c)) {\r\n sVersion = \"old\";\r\n bDetected = true;\r\n } else if (MSDOS.isSignaturePresent(0, Math.min(1000, MSDOS.getSize()), \"'aRJsfX'\")) {\r\n bDetected = true;\r\n }\r\n\r\n return result();\r\n}\r\n" }, { "path": "db/MSDOS/sfx_ChSFX.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"sfx\", \"CHZ SFX (ChSFX)\");\n\nfunction getChSFXVersion() {\n var sResult = \"\";\n var nStringOffset = MSDOS.findString(0, Math.min(0x100, MSDOS.getSize()), \"ChSFX\");\n if (nStringOffset != -1) {\n sResult = MSDOS.getString(nStringOffset + 6);\n sResult = sResult.replace(/\\s+$/, '');\n }\n\n return sResult;\n}\n\nfunction detect() {\n if (MSDOS.compareEP(\"ba....e8$$$$1e0e1fe8$$$$52568bf2fcb4..eb$$ac0ac075\")) {\n sVersion = getChSFXVersion();\n bDetected = true;\n } else if (MSDOS.compareEP(\"8d16....e8$$$$1e0e1fe8$$$$52568bf2fcb4..eb$$ac0ac075\")) {\n sVersion = getChSFXVersion();\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/MSDOS/sfx_EXARJ.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"sfx\", \"EXARJ small\");\n\nfunction detect() {\n if (MSDOS.compareEP(\"fcbb....e8....b430cd218bd8063c..72..8e06....33c08bf8b9....f2aeae75..40af061f8bd775..e8\")) {\n sOptions = \"1994 by Jakub Jelinek\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/MSDOS/sfx_ICE.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"sfx\", \"ICE SFX\");\n\nfunction detect() {\n if (MSDOS.compareEP(\"eb$$be....8bfe8b0e....8b16....b8....50fcad33c2ab8bd0e2\")) {\n sVersion = \"1.0\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/MSDOS/sfx_LH.1.sg", "content": "// Detect It Easy: detection rule file\r\n// Author: horsicq \r\n\r\nmeta(\"sfx\", \"LH\");\r\n\r\nfunction detect() {\r\n if (MSDOS.compare(\"'LH'27's SFX '\", 0x24)) {\r\n bDetected = true;\r\n }\r\n\r\n return result();\r\n}\r\n" }, { "path": "db/MSDOS/sfx_LHA.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"sfx\", \"LHA SFX\");\n\nfunction detect() {\n if (MSDOS.compareEP(\"eb$$fcbc....8cc805....8ec0eb$$bb....e8....061fb430cd218bd81e3c..72..368e06....33c08bf8b9....f2aeae\")) {\n sVersion = \"2.05L, 2.10-2.13, 2.55\";\n bDetected = true;\n } else if (MSDOS.compareEP(\"eb$$fcbc....8cc805....8ec0e8....bb....e8....061fb430cd218bd81e3c..72..368e06....33c08bf8\")) {\n sVersion = \"2.13\";\n bDetected = true;\n } else if (MSDOS.compareEP(\"eb$$00fcbc....8cc805....8ec0eb$$bb....e8....061fb430cd218bd81e3c..72..368e06....33c08bf8b9....f2aeae\")) {\n sVersion = \"2.13S\";\n sOptions = \"converted to exe\";\n bDetected = true;\n } else if (MSDOS.compareEP(\"e9$$$$fcbc....8cc805....8ec0b8....cd21be....268816....26c706........ac\")) {\n sVersion = \"1.13L\";\n sOptions = \"converted to exe\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/MSDOS/sfx_LHarc.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"sfx\", \"LHarc SFX\");\n\nfunction detect() {\n if (MSDOS.compareEP(\"eb$$fcbc....bb....e8....8cc82e0306....8ed88ec005....2e3b06....76..bb....e9....bf....33d28bc2b9....d1e873..35....e2..abfec275..be....bf....b8....ba....2e3a24\")) {\n sVersion = \"1.13S, 1.13L\";\n bDetected = true;\n } else if (MSDOS.compareEP(\"e9$$$$fcbc....bb....e8....8cc805....8ec0b8....cd21be....268816....26c706........ace8....74..263a06\")) {\n sVersion = \"1.14c\";\n bDetected = true;\n } else if (MSDOS.compareEP(\"e9$$$$fcbc....e8....9090908cc805....8ec0b8....cd21be....268816....26c706........ace8....74..263a06\")) {\n bDetected = true;\n } else if (MSDOS.compareEP(\"eb$$0d....fcbc....bb....e8....8cc82e0306....8ed88ec005....2e3b06....76..bb....e9\")) {\n sVersion = \"1.14c\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/MSDOS/sfx_PKSFX.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"sfx\", \"PKSFX\");\n\nfunction detect() {\n if (MSDOS.compareEP(\"b430cd213c..73..cd20bf....8b36....2bf776..8bc405....d1d8b1..d3e83bf0\")) {\n if (MSDOS.compareOverlay(\"1a\")) {\n sOptions = \"ARC\";\n bDetected = true;\n }\n }\n\n return result();\n}" }, { "path": "db/MSDOS/sfx_PKZIP-SFX.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"sfx\", \"PKZIP-SFX\");\n\nfunction detect() {\n if (MSDOS.compareEP(\"fc2e8c......a1....8ccb81c3....3bc372..2d....2d....fabc....8ed0fb2d....a3....8ec0e8....a1\")) {\n sVersion = \"1.1(1989-90)\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/MSDOS/sfx_PKZIP_mini-sfx.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"sfx\", \"PKZIP mini-sfx\");\n\nfunction detect() {\n if (MSDOS.compareEP(\"b9....bf....2bcf32c0f3aab430cd21a3....8926....e8....b8....e8....e8\")) {\n sVersion = \"2.04c(1992)\";\n bDetected = true;\n }\n if (MSDOS.compareEP(\"b8....a3....bf....b9....2bcf32c0f3aab430cd21a3....a1....a3....e8....b8\")) {\n sVersion = \"1.1(1990)\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/MSDOS/sfx_SFX.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"sfx\", \"SFX\");\n\nfunction detect() {\n if (MSDOS.compareEP(\"fc1e8a1e....16070e1f33d2e8....bd....885e..8f46..bf....33d28bc2b9....d1e873..35....e2..abfec275..be....e8\")) {\n sVersion = \"3.33\";\n sOptions = \"(LHA archive) by LARC\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/MSDOS/sfx_ZOO.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"sfx\", \"ZOO SFX\");\n\nfunction detect() {\n if (MSDOS.compareEP(\"ba....2e8916....8b2e....8eda8c06....b8....8cda05....83c3..8ed28be0e8\")) {\n if (MSDOS.compareOverlay(\"'ZOO'............'Archive'\")) {\n bDetected = true;\n }\n }\n\n return result();\n}" }, { "path": "db/MSDOS/unknown_immunizer.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"immunizer\", \"unknown immunizer\");\n\nfunction detect() {\n if (MSDOS.compareEP(\"be....e9$$$$501e06b8....cd21fc80fc..75..3c..75..b4..cd213c\")) {\n sOptions = \"type 1\";\n bDetected = true;\n } else if (MSDOS.compareEP(\"be....8e06....8cdd31ff8bc7b9....f2aeae75..af061f\")) {\n sOptions = \"type 2\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/MSDOS/virus.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"virus\", \"\");\n\nfunction detect() {\n if (MSDOS.compareEP(\"e8....5e83ee..b8....cd213d....75..0e1f81c6....bf....b9....fcf3a4061f06b8....50cb\")) {\n sName = \"TaiPan.438\";\n bDetected = true;\n } else if (MSDOS.compareEP(\"e9$$$$9090be....8bfee8$$$$5081c7....b9....b8....902e31054790e2\")) {\n sName = \"Burglar.1150\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/NE/_NE.0.sg", "content": "// Detect It Easy: detection rule file\r\n// Author: horsicq \r\n\r\nmeta(\"operation system\", \"Windows\");\r\n\r\nfunction detect() {\r\n if (NE.isVerbose()) {\r\n sName = NE.getOperationSystemName();\r\n sVersion = NE.getOperationSystemVersion();\r\n sOptions = NE.getOperationSystemOptions();\r\n\r\n bDetected = true;\r\n }\r\n\r\n return result();\r\n}\r\n" }, { "path": "db/NE/_init", "content": "// Detect It Easy: DiE-JS framework file\r\n// Don't change anything unless you're sure about what you're doing\r\n\r\nvar File = NE;\r\nvar X = NE;" }, { "path": "db/NE/compiler_Borland_C++.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"compiler\", \"Borland C++\");\n\nfunction detect() {\n if (NE.compareEP(\"53510633c0509a........5807595b9a........0bc075..e9\")) {\n sOptions = \"1994 type 1\";\n bDetected = true;\n } else if (NE.compareEP(\"893e....56571e510656e3..1e33c050519a........91e3\")) {\n sOptions = \"1994 type 2\";\n bDetected = true;\n } else if (NE.compareEP(\"53510633c050e8....5807595b9a........0bc075..e9\")) {\n sOptions = \"1993 type 1\";\n bDetected = true;\n } else if (NE.compareEP(\"b8....8ed853510633c0509a........5807595b9a........0bc075..e9\")) {\n sOptions = \"1993 type 2\";\n bDetected = true;\n } else if (NE.compareEP(\"893e....56571e510656e3..1e33c05051900ee8....91e3\")) {\n sOptions = \"1991\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/NE/compiler_Borland_Pascal.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"compiler\", \"Borland Pascal\");\n\nfunction detect() {\n if (NE.compareEP(\"9a........9a........9a........9a........9a........5589e56a..9a........ff36....bf....1e5768....9a\")) {\n sVersion = \"7.1\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/NE/compiler_Watcom_C.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"compiler\", \"Watcom C\");\n\nfunction detect() {\n if (NE.compareEP(\"e9$$$$9a........0bc074..8c06....5756065352891e....8c06....2bc0509a\")) {\n sOptions = \"1991\";\n bDetected = true;\n } else if (NE.compareEP(\"e9$$$$b9....51b9....51b9....51b9....5153508cd18bdc83c3..8cd2b8....ea\")) {\n sOptions = \"1991\";\n bDetected = true;\n } else if (NE.compareEP(\"e9$$$$535152565706558becb9....51b9....51b9....51b9....5153508cd18bdc83c3..8cd2b8....9a\")) {\n sOptions = \"1991\";\n bDetected = true;\n } else if (NE.compareEP(\"e9$$$$9a........0bc075..e9....8c06....575606535253be....8936....8c1e....268a078804\")) {\n sOptions = \"1993\";\n bDetected = true;\n } else if (NE.compareEP(\"eb$$9a........09c075..e9....8c06....5756065352891e....8c06....29c0509a\")) {\n sName = \"Watcom C/C++16\";\n sOptions = \"1995\";\n bDetected = true;\n } else if (NE.compareEP(\"eb$$5351525657065589e553508cd189e383c3..8cd23eb8....9a\")) {\n sName = \"Watcom C/C++16\";\n sOptions = \"1995\";\n bDetected = true;\n } else if (NE.compareEP(\"e9$$$$535152565706558bec53508cd18bdc83c3..8cd2b8\")) {\n sOptions = \"1992\";\n bDetected = true;\n } else if (NE.compareEP(\"eb$$535152565706558bec53508cd18bdc83c3..8cd2b8\")) {\n sName = \"Open Watcom C/C++16 for OS/2\";\n sOptions = \"2002\";\n bDetected = true;\n } else if (NE.compareEP(\"eb$$9a........0bc075$$8c06....575606535253be\")) {\n sName = \"Open Watcom C/C++16 for Windows\";\n sOptions = \"2002\";\n bDetected = true;\n }\n\n sLang = sName.indexOf(\"C++\") !== -1 ? \"C\" : \"C++\";\n\n return result();\n}" }, { "path": "db/NE/game_engine_DirectorPlayer.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: BJNFNE \n\n// https://wiki.scummvm.org/index.php?title=Director\nmeta(\"game engine\", \"Director Player\");\n\nfunction detect() {\n if (NE.compareOverlay(\"140002004d11650000000200c0252500\")) {\n sVersion = \"1.0-3.0\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/NE/installer_CoktelVisionInstaller.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: BJNFNE \n\n// https://wiki.scummvm.org/index.php?title=Coktel_Vision\nmeta(\"installer\", \"Coktel Vision\");\n\nfunction detect() {\n if (NE.compareOverlay(\"65000300ea010400fa0c0300e6010400\")) {\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/NE/installer_Setup-Specialist.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"installer\", \"Setup-Specialist\");\n\nfunction detect() {\n if (NE.compareEP(\"eb$$53510633c0509a........5807595b9a........0bc075..e9\")) {\n sOptions = \"1995-1998 by Thilo-Alexander Ginkel\";\n bDetected = true;\n } else if (NE.compareEP(\"eb$$53510633c050900ee8....5807595b9a........0bc075..e9\")) {\n sOptions = \"1995-1997 by Thilo-Alexander Ginkel\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/NE/library_MS_RTL.4.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"library\", \"MS RTL\");\n\nfunction detect() {\n if (NE.compareEP(\"fca3....891e....49890e....bb....8c1f83e4..8967..b8....508967..f7d0508967..8967..8926....1e68....1e68....9a\")) {\n sOptions = \"1990 type 1\";\n bDetected = true;\n } else if (NE.compareEP(\"558bec508bc416509a........5886e0a3....1e68....1e68....9a\")) {\n sOptions = \"1988 type 1\";\n bDetected = true;\n } else if (NE.compareEP(\"fc8926....8926....8c1e....49890e....a3....891e\")) {\n sOptions = \"1988 type 2\";\n bDetected = true;\n } else if (NE.compareEP(\"fc8926....49890e....a3....891e....1e68....1e68....9a\")) {\n sOptions = \"1988 type 3\";\n bDetected = true;\n } else if (NE.compareEP(\"c8......57561eb8....8ed89a\")) {\n sOptions = \"1990 type 2\";\n bDetected = true;\n } else if (NE.compareEP(\"c8......5756bb....8ec326a3....9a\")) {\n sOptions = \"1990 type 3\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/NE/sfx_ARC_SFX.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"sfx\", \"ARC SFX\");\n\nfunction detect() {\n if (NE.compareEP(\"a3....891e....890e....8b0e....bb....e8....72..8b0e....bb....e8....73..b9....890e....bb....e8\")) {\n sOptions = \"1991 by SEA, Inc.\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/NE/sfx_PKZIP-SFX.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"sfx\", \"PKZIP-SFX\");\n\nfunction detect() {\n if (NE.compareEP(\"fca3....891e....49890e....bb....8c1f83e4..8967..b8....508967..f7d0508967..8967..8926....508bc416509a\")) {\n sOptions = \"1989-91 by PKWARE Inc.\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/NE/sfx_Sydex_SFX.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"sfx\", \"Sydex SFX\");\n\nfunction detect() {\n if (NE.compareEP(\"b8....8ec0e8....ba....3d....72..e8....26a3....26890e....268916....68....1ee8....83c4..ba....85c074\")) {\n sOptions = \"1995 by Sydex, Inc.\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/NPM/_NPM.0.sg", "content": "// Detect It Easy: detection rule file\r\n// Author: horsicq \r\n\r\nmeta(\"format\", \"NodeJS package\");\r\n\r\nfunction detect() {\r\n if (NPM.isVerbose()) {\r\n sType = \"operation system\";\r\n sName = NPM.getOperationSystemName();\r\n sVersion = NPM.getOperationSystemVersion();\r\n sOptions = NPM.getOperationSystemOptions();\r\n\r\n bDetected = true;\r\n }\r\n\r\n return result();\r\n}\r\n" }, { "path": "db/NPM/_init", "content": "// Detect It Easy: DiE-JS framework file\r\n// Don't change anything unless you're sure about what you're doing\r\n\r\nvar File = NPM;\r\nvar X = NPM;" }, { "path": "db/NPM/language_JavaScript.5.sg", "content": "// Detect It Easy: detection rule file\r\n// Author: horsicq \r\n\r\nmeta(\"language\", \"JavaScript\");\r\n\r\nfunction detect() {\r\n if (NPM.isArchiveRecordPresentExp(\"(.*?).js\")) {\r\n bDetected = true;\r\n }\r\n\r\n return result();\r\n}\r\n" }, { "path": "db/NPM/language_TypeScript.5.sg", "content": "// Detect It Easy: detection rule file\r\n// Author: horsicq \r\n\r\nmeta(\"language\", \"TypeScript\");\r\n\r\nfunction detect() {\r\n if (NPM.isArchiveRecordPresentExp(\"(.*?).ts\")) {\r\n bDetected = true;\r\n }\r\n\r\n return result();\r\n}\r\n" }, { "path": "db/NPM/package_PackageName.1.sg", "content": "// Detect It Easy: detection rule file\r\n// Author: horsicq \r\n\r\nmeta(\"package\", \"\");\r\n\r\nfunction detect() {\r\n var _sName = NPM.getPackageJsonRecord(\"name\");\r\n\r\n if (_sName) {\r\n sName = _sName;\r\n sVersion = NPM.getPackageJsonRecord(\"version\");\r\n bDetected = true;\r\n }\r\n\r\n return result();\r\n}\r\n" }, { "path": "db/PDF/_PDF.0.sg", "content": "// Detect It Easy: detection rule file\r\n// Author: horsicq \r\n\r\nmeta(\"format\", \"PDF\");\r\n\r\nfunction detect() {\r\n sName = PDF.getFileFormatName();\r\n sVersion = PDF.getFileFormatVersion();\r\n sOptions = PDF.getFileFormatOptions();\r\n\r\n bDetected = true;\r\n\r\n return result();\r\n}\r\n" }, { "path": "db/PDF/_init", "content": "// Detect It Easy: DiE-JS framework file\r\n// Don't change anything unless you're sure about what you're doing\r\n\r\nvar File = PDF;\r\nvar X = PDF;" }, { "path": "db/PDF/converter_markdown-pdf.3.sg", "content": "// Detect It Easy: detection rule file\r\n// Author: horsicq \r\n\r\nmeta(\"converter\", \"markdown-pdf\");\r\n\r\nfunction detect() {\r\n if (PDF.compare(\"'%PDF-1.4'0A'1 0 obj'0A'<<'0A'/Title ('FEFF')'0A'/Creator ('FEFF')'0A'/Producer ('FEFF00'Q'00't'00' '00'5'00'.'00'5'00'.'00'1)'\")) {\r\n sVersion = \"11.0.0\";\r\n bDetected = true;\r\n }\r\n\r\n return result();\r\n}\r\n" }, { "path": "db/PDF/converter_mdpdf.3.sg", "content": "// Detect It Easy: detection rule file\r\n// Author: horsicq \r\n\r\nmeta(\"converter\", \"mdpdf\");\r\n\r\nfunction detect() {\r\n if (PDF.compare(\"'%PDF-1.4'0A'%'D3EBE9E10A'1 0 obj'0A'<\r\n\r\nmeta(\"format\", \"pdf\");\r\n\r\nfunction detect() {\r\n var sHeaderComment = PDF.getHeaderCommentAsHex();\r\n if (sHeaderComment) {\r\n _setResult(\"complier\", \"HeaderComment\", sHeaderComment, \"\");\r\n }\r\n}\r\n" }, { "path": "db/PDF/format_PersonalData.5.sg", "content": "// Detect It Easy: detection rule file\r\n// Author: horsicq \r\n\r\nmeta(\"format\", \"pdf\");\r\n\r\nfunction detect() {\r\n var list_autor = PDF.getStringValuesByKey(\"/Author\");\r\n\r\n for (var i = 0; i < list_autor.length; i++) {\r\n _setResult(\"personal data\", \"Author\", \"\", list_autor[i]);\r\n }\r\n}\r\n" }, { "path": "db/PDF/format_RTSN_secure.1.sg", "content": "// Detect It Easy: detection rule file\r\n// Author: horsicq \r\n\r\nmeta(\"format\", \"pdf\");\r\n\r\nfunction detect() {\r\n if (PDF.findSignature(0, PDF.getSize(), \"'obj'0D'<< '0D'/Filter /RTSN_secure '0D'/V 1 '0D'/pw (BLUEMOON)'0D'>> '0D'endobj'\") != -1) {\r\n _setResult(\"protector\", \"RTSN_secure\", \"1.0\", \"\");\r\n }\r\n}\r\n" }, { "path": "db/PDF/format_Tools.2.sg", "content": "// Detect It Easy: detection rule file\r\n// Author: horsicq \r\n\r\nmeta(\"format\", \"pdf\");\r\n\r\nfunction detect() {\r\n var list_creator = PDF.getStringValuesByKey(\"/Creator\");\r\n\r\n for (var i = 0; i < list_creator.length; i++) {\r\n _setResult(\"tool\", \"Creator\", PDF.getHeaderCommentAsHex(), list_creator[i]);\r\n }\r\n\r\n var list_producer = PDF.getStringValuesByKey(\"/Producer\");\r\n\r\n for (var i = 0; i < list_producer.length; i++) {\r\n _setResult(\"tool\", \"Producer\", PDF.getHeaderCommentAsHex(), list_producer[i]);\r\n }\r\n}\r\n" }, { "path": "db/PE/ACE.6.sg", "content": "// Detect It Easy: detection rule file\r\n// Author: Jason Hood \r\n\r\nincludeScript(\"ACE\");\r\n\r\nfunction detect() {\r\n detect_ACE(0);\n\n return result();\n}" }, { "path": "db/PE/Cab.6.sg", "content": "// Detect It Easy: detection rule file\r\n// Author: Jason Hood \r\n\r\nincludeScript(\"cab\");\r\n\r\nfunction cab_resource(bShowOptions) {\r\n for (var i = 0; i < PE.resource.length; i++) {\r\n if (detect_Cab(PE.resource[i].Offset, PE.resource[i].Size, bShowOptions)) {\r\n return true;\r\n }\r\n }\r\n\r\n return false;\r\n}\r\n\r\nfunction detect(bShowOptions) {\r\n if (!detect_Cab(PE.getOverlayOffset(), PE.getOverlaySize(), bShowOptions) &&\r\n !cab_resource(bShowOptions)) {\r\n var rsrcSection = PE.section[\".rsrc\"];\r\n\r\n if (rsrcSection) {\r\n if (rsrcSection.FileOffset > rsrcSection.VirtualSize) {\r\n var nOffset = rsrcSection.FileOffset + rsrcSection.VirtualSize;\r\n nOffset = (nOffset + 0x1ff) & -0x200;\r\n while (!detect_Cab(nOffset, rsrcSection.FileSize, bShowOptions) && nOffset > rsrcSection.FileOffset && !_isStop()) {\r\n nOffset -= 0x200;\r\n }\r\n }\r\n }\r\n }\r\n\r\n return result();\r\n}" }, { "path": "db/PE/Microsoft.6.sg", "content": "// Detect It Easy: detection rule file\r\n// Author: horsicq \r\n\r\n// This file has a lot of results\r\n// Microsoft linker\r\n// Microsoft Visual C/C++\r\n// Visual Basic\r\n// MASM\r\n// MFC\r\n\r\n// Rewritten by DosX: 2 jul 2025\r\n\r\nfunction detect() {\r\n var linkerName = String(),\r\n linkerVersion = String(),\r\n linkerOptions = String(),\r\n cppCompilerName = String(),\r\n cppCompilerVersion = String(),\r\n cppCompilerOptions = String(),\r\n masmCompilerName = String(),\r\n masmCompilerVersion = String(),\r\n masmCompilerOptions = String(),\r\n vbCompilerName = String(),\r\n vbCompilerVersion = String(),\r\n vbCompilerOptions = String(),\r\n dotNetLibraryName = String(),\r\n dotNetLibraryVersion = String(),\r\n dotNetLibraryOptions = String(),\r\n mfcLibraryName = String(),\r\n mfcLibraryVersion = String(),\r\n mfcLibraryOptions = String(),\r\n toolName = String(),\r\n toolVersion = String(),\r\n toolOptions = String();\r\n\r\n\r\n\r\n\r\n //\r\n // ==================================================\r\n // Advanced detection of .NET applications\r\n // ==================================================\r\n // Author: DosX\r\n // E-Mail: collab@kay-software.ru\r\n // GitHub: https://github.com/DosX-dev\r\n // Telegram: @DosX_dev\r\n // ==================================================\r\n //\r\n\r\n function findNetCoreConfigOffset() {\r\n return PE.findString(PE.section[0].FileOffset, PE.getSize(), \".NETCoreApp,Version=v\");\r\n }\r\n\r\n function findNetFrameworkConfigOffset() {\r\n return PE.findString(PE.section[0].FileOffset, PE.getSize() - PE.getOverlaySize(), \".NETFramework,Version=v\");\r\n }\r\n\r\n function getNetConfigStringByOffset(configOffset) {\r\n var result = PE.getString(configOffset).split(\"=\")[1];\r\n\r\n if (result && result[0] !== 'v' && result.length > 7)\r\n result = String();\r\n\r\n result = result.substr(1);\r\n\r\n return File.cleanString(result);\r\n }\r\n\r\n if (PE.isNet()) {\r\n\r\n const netFrameworkConfigPattern = findNetFrameworkConfigOffset();\r\n\r\n if (netFrameworkConfigPattern != -1) {\r\n\r\n dotNetLibraryName = \".NET Framework\"; // .NET Framework better than .NET Core\r\n dotNetLibraryVersion = String(getNetConfigStringByOffset(netFrameworkConfigPattern));\r\n\r\n if (dotNetLibraryVersion) {\r\n // antifake\r\n if (dotNetLibraryVersion.length >= 4 &&\r\n dotNetLibraryVersion[1] !== \"4\" &&\r\n dotNetLibraryVersion[1] !== \"3\" &&\r\n dotNetLibraryVersion[1] !== \"2\" &&\r\n dotNetLibraryVersion[2] !== \".\" &&\r\n isNaN(Number(dotNetLibraryVersion[3]))) {\r\n dotNetLibraryVersion = String();\r\n }\r\n }\r\n\r\n } else if (PE.isRichSignaturePresent() && PE.isTLSPresent()) {\r\n const netCoreConfigPattern = findNetCoreConfigOffset();\r\n\r\n if (netCoreConfigPattern != -1 && PE.compare(\"18\", netCoreConfigPattern - 1) && PE.getNETVersion().substr(0, 4) === \"v4.0\") { // Is .NET Core DLL\r\n dotNetLibraryName = \".NET Core\";\r\n dotNetLibraryVersion = getNetConfigStringByOffset(netCoreConfigPattern); // antifake\r\n if (dotNetLibraryVersion.length >= 2 && isNaN(Number(dotNetLibraryVersion[1]))) {\r\n dotNetLibraryVersion = String();\r\n }\r\n }\r\n\r\n }\r\n\r\n dotNetLibraryVersion = File.cleanString(dotNetLibraryVersion); // remove strange symbols\r\n\r\n if (PE.isSignaturePresent(0x00, PE.getSize(), \"'.NETCoreApp'\")) {\r\n dotNetLibraryName = \".NET Core\";\r\n } else if (!dotNetLibraryName) {\r\n dotNetLibraryName = \".NET Framework\";\r\n }\r\n\r\n var clrVersion = File.cleanString(PE.getNETVersion());\r\n\r\n clrVersion = clrVersion.substring(1, clrVersion.length);\r\n\r\n dotNetLibraryVersion += (dotNetLibraryVersion ? \", \" : String()) + \"CLR \" + clrVersion;\r\n\r\n // dotNetLibraryVersion = PE.getNETVersion();\r\n\r\n if (PE.compare(\"'MZ'90000300000004000000FFFF0000B800000000000000400000000000000000000000000000000000000000000000000000000000000000000000....00000E1FBA0E00B409CD21B8014CCD21'This program cannot be run in DOS mode.\\r\\r\\n$'00000000\")) {\r\n linkerName = \"Microsoft Linker\";\r\n }\r\n } else {\r\n var isNetNative = false;\r\n\r\n var rdataSection = PE.section[\".rdata\"];\r\n\r\n if (rdataSection &&\r\n PE.isFunctionPresent(\"LoadLibraryExW\") &&\r\n PE.isFunctionPresent(\"ShellExecuteW\") &&\r\n PE.findString(rdataSection.FileOffset, rdataSection.FileSize, \"__clrcall\") !== -1 && (\r\n PE.isSignatureInSectionPresent(rdataSection.Number, \"002E004E0045005400200043006F00720065\") ||\r\n PE.isSignatureInSectionPresent(rdataSection.Number, \"2E004E00450054002000520075006E00740069006D006500\")\r\n )\r\n ) {\r\n dotNetLibraryVersion = \"Loader\";\r\n }\r\n\r\n const dotNetDebugHeaderName = \"DotNetRuntimeDebugHeader\";\r\n\r\n var secondSection = PE.section[1]; // By index, can be \".rdata\" or \".managed\"\r\n\r\n // Checking for signs of .NET Native debug information\r\n var isDotNetRuntimeDebugBuild = (\r\n secondSection && (\r\n PE.isExportFunctionPresent(dotNetDebugHeaderName) || (\r\n PE.compare(\"48 8d 05\", secondSection.FileOffset) && ( // .managed, debug\r\n PE.section[\".managed\"] || // .NET ~8.X\r\n PE.section[\"hydrated\"]\r\n )\r\n )\r\n )\r\n );\r\n\r\n // General PE format check\r\n if (PE.compareEP(\"48\") &&\r\n PE.compare(\"90\", PE.getEntryPointOffset() - 1) && // NOP before OEP\r\n PE.isRichSignaturePresent() &&\r\n PE.getExportSection() !== -1 && // EAT always present\r\n PE.getNumberOfSections() >= 6) { // PE.isLibraryPresentExp(/^api-ms-win-crt-.*\\.dll$/)\r\n if (isDotNetRuntimeDebugBuild || (\r\n PE.isSignatureInSectionPresent(secondSection.Number, \"'System.' %% %% %% %% %% %%\") && (\r\n PE.isSignatureInSectionPresent(secondSection.Number, \"'DOTNET_' %%\") || // .rdata, release\r\n PE.isSignatureInSectionPresent(secondSection.Number, \"'D'00'O'00'T'00'N'00'E'00'T'00'_'\") // .rdata, release (.NET 10)\r\n )\r\n )) {\r\n isNetNative = true;\r\n\r\n if (isDotNetRuntimeDebugBuild) {\r\n dotNetLibraryOptions = \"debug\";\r\n } else {\r\n dotNetLibraryOptions = \"release\";\r\n }\r\n\r\n if (PE.section[0].Name !== \".text\" || (secondSection.Name !== \".rdata\" && secondSection.Name !== \".managed\") || (\r\n !PE.isDll() && // executable?\r\n PE.getNumberOfExports() === 1 && // only one export\r\n PE.getExportFunctionName(0) !== dotNetDebugHeaderName // and it's not DotNetRuntimeDebugHeader\r\n )) {\r\n dotNetLibraryOptions = dotNetLibraryOptions.append(\"modified\");\r\n }\r\n }\r\n\r\n // TODO: Improve & add .NET 10 support (!!!!!!)\r\n const netCoreConfigPattern = findNetCoreConfigOffset();\r\n\r\n if (netCoreConfigPattern != -1) dotNetLibraryVersion = getNetConfigStringByOffset(netCoreConfigPattern);\r\n }\r\n\r\n if (dotNetLibraryVersion !== String() || dotNetLibraryOptions !== String()) dotNetLibraryName = \".NET \" + (isNetNative ? \"Native\" : \"Core\");\r\n\r\n if (isNetNative) {\r\n _setLang(\"Native MSIL/C#\");\r\n }\r\n }\r\n\r\n //\r\n // ==================================================\r\n //\r\n\r\n\r\n\r\n\r\n var isCppDetected = false,\r\n hasWideMainFunction = 0;\r\n\r\n msvcRuntimeLibrary = PE.isLibraryPresentExp(/^MSVCR/i);\r\n\r\n if (msvcRuntimeLibrary) {\r\n hasWideMainFunction = PE.isLibraryFunctionPresent(msvcRuntimeLibrary[0], \"__wgetmainargs\");\r\n }\r\n\r\n if (!PE.is64()) {\r\n if (PE.compareEP(\"558BEC51C745FC01000000837D0C007510833D\")) {\r\n if (PE.compareEP(\"00\", -4)) {\r\n sOptions = mfcLibraryOptions.append(\"libcd\");\r\n } else if (PE.compareEP(\"00\", -8)) {\r\n sOptions = mfcLibraryOptions.append(\"libcmtd\");\r\n } else {\r\n sOptions = mfcLibraryOptions.append(\"msvcrtd\");\r\n }\r\n cppCompilerVersion = \"12.00\";\r\n isCppDetected = true;\r\n } else if (PE.compareEP(\"558BEC538B5D08568B750C578B7D1085F67509833D\")) {\r\n if (PE.compareEP(\"CA\", -1)) {\r\n cppCompilerOptions = cppCompilerOptions.append(\"libc\");\r\n } else if (PE.compareEP(\"59\", -7)) {\r\n cppCompilerOptions = cppCompilerOptions.append(\"libcmt\");\r\n } else {\r\n cppCompilerOptions = cppCompilerOptions.append(\"msvcrt\");\r\n }\r\n cppCompilerVersion = \"12.00\";\r\n isCppDetected = true;\r\n } else if (PE.compareEP(\"558BEC6AFF68........68........64A100000000506489250000000083\")) {\r\n var mainFunctionOffset;\r\n switch (PE.readByte(PE.getEntryPointOffset() + 31)) {\r\n case 0x10:\r\n if (PE.compareEP(\"83\", 107)) {\r\n cppCompilerOptions = cppCompilerOptions.append(\"libc\");\r\n mainFunctionOffset = 116;\r\n } else {\r\n cppCompilerOptions = cppCompilerOptions.append(\"libcmt\");\r\n mainFunctionOffset = 133;\r\n }\r\n if (PE.compareEP(\"E8\", mainFunctionOffset)) {\r\n cppCompilerOptions = cppCompilerOptions.append(\"wmain\");\r\n --mainFunctionOffset;\r\n }\r\n if (PE.compareEP(\"FF\", mainFunctionOffset + 25)) {\r\n cppCompilerOptions = cppCompilerOptions.append(\"glob\");\r\n }\r\n break;\r\n case 0x20:\r\n cppCompilerOptions = cppCompilerOptions.append(\"msvcrt\");\r\n if (hasWideMainFunction) {\r\n cppCompilerOptions = cppCompilerOptions.append(\"wmain\");\r\n }\r\n if (PE.compareEP(\"FF\", 109)) {\r\n cppCompilerOptions = cppCompilerOptions.append(\"glob\");\r\n }\r\n break;\r\n case 0x58:\r\n if (PE.compareEP(\"33\", 87)) {\r\n cppCompilerOptions = cppCompilerOptions.append(\"libc\");\r\n mainFunctionOffset = 116;\r\n } else {\r\n cppCompilerOptions = cppCompilerOptions.append(\"libcmt\");\r\n mainFunctionOffset = 134;\r\n }\r\n if (PE.compareEP(\"E8\", mainFunctionOffset)) {\r\n cppCompilerOptions = cppCompilerOptions.append(\"wWinMain\");\r\n }\r\n break;\r\n case 0x68:\r\n cppCompilerOptions = cppCompilerOptions.append(\"msvcrt\");\r\n if (PE.compareEP(\"5F\", 45)) {\r\n cppCompilerOptions = cppCompilerOptions.append(\"wWinMain\");\r\n }\r\n break;\r\n case 0x90:\r\n cppCompilerOptions = cppCompilerOptions.append(\"libcd\");\r\n if (PE.compareEP(\"E8\", 241)) {\r\n cppCompilerOptions = cppCompilerOptions.append(\"wWinMain\");\r\n }\r\n break;\r\n case 0x94:\r\n cppCompilerOptions = cppCompilerOptions.append(\"msvcrtd\");\r\n if (PE.compareEP(\"83\", 233)) {\r\n cppCompilerOptions = cppCompilerOptions.append(\"wWinMain\");\r\n }\r\n break;\r\n case 0xA4:\r\n if (PE.compareEP(\"00\", 125)) {\r\n cppCompilerOptions = cppCompilerOptions.append(\"libcd\");\r\n mainFunctionOffset = 160;\r\n } else {\r\n cppCompilerOptions = cppCompilerOptions.append(\"libcmtd\");\r\n mainFunctionOffset = 179;\r\n }\r\n if (PE.compareEP(\"E8\", mainFunctionOffset)) {\r\n cppCompilerOptions = cppCompilerOptions.append(\"wWinMain\");\r\n }\r\n break;\r\n case 0xE0:\r\n switch (PE.readByte(PE.getEntryPointOffset() + 38)) {\r\n case 0xB8:\r\n cppCompilerOptions = cppCompilerOptions.append(\"libcd\");\r\n if (PE.compareEP(\"E8\", 241)) {\r\n cppCompilerOptions = cppCompilerOptions.append(\"wmain\");\r\n }\r\n break;\r\n case 0xC7:\r\n cppCompilerOptions = cppCompilerOptions.append(\"msvcrtd\");\r\n if (hasWideMainFunction) {\r\n cppCompilerOptions = cppCompilerOptions.append(\"wmain\");\r\n }\r\n if (PE.compareEP(\"FF\", 121)) {\r\n cppCompilerOptions = cppCompilerOptions.append(\"glob\");\r\n }\r\n break;\r\n }\r\n break;\r\n case 0xE8:\r\n cppCompilerOptions = cppCompilerOptions.append(\"libcd\");\r\n break;\r\n case 0xF0:\r\n if (PE.compareEP(\"00\", 125)) {\r\n cppCompilerOptions = cppCompilerOptions.append(\"libcd\");\r\n mainFunctionOffset = 160;\r\n } else {\r\n cppCompilerOptions = cppCompilerOptions.append(\"libcmtd\");\r\n mainFunctionOffset = 179;\r\n }\r\n if (PE.compareEP(\"E8\", mainFunctionOffset)) {\r\n cppCompilerOptions = cppCompilerOptions.append(\"wmain\");\r\n --mainFunctionOffset;\r\n }\r\n if (PE.compareEP(\"FF\", mainFunctionOffset + 25)) {\r\n cppCompilerOptions = cppCompilerOptions.append(\"glob\");\r\n }\r\n break;\r\n }\r\n cppCompilerVersion = \"11.00-13.10\";\r\n isCppDetected = true;\r\n } else if (PE.compareEP(\"6A0C68........E8........33C0408945E48B750C33FF3BF7750C393D\")) {\r\n switch (PE.readByte(PE.getEntryPointOffset() - 1)) {\r\n case 0xC0:\r\n cppCompilerOptions = cppCompilerOptions.append(\"libc\");\r\n break;\r\n case 0x00:\r\n cppCompilerOptions = cppCompilerOptions.append(\"libcmt\");\r\n break;\r\n }\r\n cppCompilerVersion = \"13.10\";\r\n isCppDetected = true;\r\n } else if (PE.compareEP(\"6A..68........E8........66813D\")) {\r\n cppCompilerVersion = \"13.10\";\r\n isCppDetected = true;\r\n } else if (PE.compareEP(\"6A..68........E8........BF940000008BC7E8\")) {\r\n mainFunctionOffset = 0;\r\n var mainFunctionType;\r\n switch (PE.readByte(PE.getEntryPointOffset() + 1)) {\r\n case 0x18:\r\n mainFunctionType = \"wmain\";\r\n mainFunctionOffset = 197;\r\n break;\r\n case 0x60:\r\n mainFunctionType = \"wWinMain\";\r\n mainFunctionOffset = 199;\r\n break;\r\n }\r\n if (mainFunctionOffset) {\r\n if (PE.compareEP(\"6A\", mainFunctionOffset)) {\r\n cppCompilerOptions = cppCompilerOptions.append(\"libcmt\");\r\n mainFunctionOffset += 62;\r\n } else {\r\n cppCompilerOptions = cppCompilerOptions.append(\"libc\");\r\n mainFunctionOffset += 69;\r\n }\r\n if (PE.compareEP(\"E8\", mainFunctionOffset)) {\r\n cppCompilerOptions = cppCompilerOptions.append(mainFunctionType);\r\n }\r\n }\r\n cppCompilerVersion = \"13.10\";\r\n isCppDetected = true;\r\n } else if (PE.compareEP(\"8BFF558BEC837D0C017505E8\")) {\r\n if (PE.compareEP(\"8B\", 16)) {\r\n cppCompilerOptions = cppCompilerOptions.append(PE.compareEP(\"E8\", 74) ? \"libcmtd\" : \"msvcrtd\");\r\n } else {\r\n cppCompilerOptions = cppCompilerOptions.append(PE.compareEP(\"8B\", 35) ? \"libcmt\" : \"msvcrt\");\r\n }\r\n cppCompilerVersion = \"15.00-16.00\";\r\n isCppDetected = true;\r\n } else if (PE.compareEP(\"8BFF558BECE8......00E8......005DC3\")) {\r\n switch (PE.readByte(PE.getEntryPointOffset() + 58)) {\r\n case 0x88:\r\n cppCompilerOptions = cppCompilerOptions.append(\"msvcrtd\", \"wWinMain\");\r\n cppCompilerVersion = \"15.00\";\r\n break;\r\n case 0x8C:\r\n cppCompilerOptions = cppCompilerOptions.append(\"msvcrtd\");\r\n cppCompilerVersion = \"15.00\";\r\n break;\r\n case 0x90:\r\n cppCompilerOptions = cppCompilerOptions.append(\"msvcrtd\");\r\n if (hasWideMainFunction) {\r\n cppCompilerOptions = cppCompilerOptions.append(\"wWinMain\");\r\n }\r\n cppCompilerVersion = \"16.00\";\r\n break;\r\n case 0x94:\r\n cppCompilerOptions = cppCompilerOptions.append(\"libcmtd\");\r\n if (PE.compareEP(\"52\", 145)) {\r\n cppCompilerOptions = cppCompilerOptions.append(\"wWinMain\");\r\n }\r\n cppCompilerVersion = \"15.00\";\r\n break;\r\n case 0x98:\r\n cppCompilerOptions = cppCompilerOptions.append(\"libcmtd\");\r\n if (PE.compareEP(\"6A\", 645)) {\r\n cppCompilerOptions = cppCompilerOptions.append(\"wWinMain\");\r\n }\r\n cppCompilerVersion = \"16.00\";\r\n break;\r\n case 0xE4:\r\n cppCompilerOptions = cppCompilerOptions.append(\"msvcrtd\");\r\n if (hasWideMainFunction) {\r\n cppCompilerOptions = cppCompilerOptions.append(\"wmain\");\r\n }\r\n if (PE.compareEP(\"FF\", -0x9B)) {\r\n cppCompilerOptions = cppCompilerOptions.append(\"glob\");\r\n }\r\n cppCompilerVersion = \"15.00-16.00\";\r\n break;\r\n case 0xE8:\r\n cppCompilerOptions = cppCompilerOptions.append(\"libcmtd\");\r\n if (PE.compareEP(\"E8\", 92)) {\r\n if (PE.compareEP(\"E8\", 184)) {\r\n cppCompilerOptions = cppCompilerOptions.append(\"wmain\");\r\n hasWideMainFunction = 1;\r\n }\r\n cppCompilerVersion = \"15.00\";\r\n } else {\r\n if (PE.compareEP(\"E8$$$$$$$$8BFF558BEC83EC10\", 213)) {\r\n cppCompilerOptions = cppCompilerOptions.append(\"wmain\");\r\n hasWideMainFunction = 1;\r\n }\r\n cppCompilerVersion = \"16.00\";\r\n }\r\n if (hasWideMainFunction) {\r\n if (PE.compareEP(\"10\", -6)) {\r\n cppCompilerOptions = cppCompilerOptions.append(\"glob\");\r\n }\r\n } else {\r\n if (PE.compareEP(\"CC\", -2)) {\r\n cppCompilerOptions = cppCompilerOptions.append(\"glob\");\r\n }\r\n }\r\n break;\r\n }\r\n isCppDetected = true;\r\n } else if (PE.compareEP(\"E8......00E9$$$$$$$$6A..68........E8\")) {\r\n var nEP = PE.getEntryPointOffset();\r\n nEP += 10 + ~~PE.readDword(nEP + 6);\r\n if (PE.compare(\"10\", nEP + 1)) {\r\n cppCompilerOptions = cppCompilerOptions.append(\"msvcrt\");\r\n if (hasWideMainFunction) {\r\n cppCompilerOptions = cppCompilerOptions.append(\"wmain\");\r\n }\r\n if (PE.compareEP(\"FF\", -48)) {\r\n cppCompilerOptions = cppCompilerOptions.append(\"glob\");\r\n }\r\n } else if (PE.compare(\"33DB\", nEP + 12)) {\r\n cppCompilerOptions = cppCompilerOptions.append(\"msvcrt\");\r\n if (PE.compare(\"89\", nEP + 53) || PE.compare(\"E0\", nEP + 60)) {\r\n cppCompilerOptions = cppCompilerOptions.append(\"wWinMain\");\r\n }\r\n } else if (PE.compare(\"3935\", nEP + 14)) {\r\n cppCompilerOptions = cppCompilerOptions.append(\"libcmt\");\r\n if (PE.compareEP(\"E8$$$$$$$$8B\", -150)) {\r\n cppCompilerOptions = cppCompilerOptions.append(\"wmain\");\r\n }\r\n if (PE.compareEP(\"FF\", -0xA3)) {\r\n cppCompilerOptions = cppCompilerOptions.append(\"glob\");\r\n }\r\n } else if (PE.compare(\"8D4598\", nEP + 12)) {\r\n cppCompilerOptions = cppCompilerOptions.append(\"libcmt\");\r\n if (PE.compareEP(\"51\", 15)) {\r\n cppCompilerOptions = cppCompilerOptions.append(\"wWinMain\");\r\n }\r\n } else if (PE.compare(\"33F68975FC\", nEP + 12)) {\r\n cppCompilerOptions = cppCompilerOptions.append(\"libcmt\");\r\n if (PE.compare(\"E8\", nEP + 170)) {\r\n cppCompilerOptions = cppCompilerOptions.append(\"wWinMain\");\r\n }\r\n } else if (PE.compare(\"B8'MZ'\", nEP + 12)) {\r\n cppCompilerOptions = cppCompilerOptions.append(\"libcmt\");\r\n if (PE.compare(\"E8\", nEP + 149)) {\r\n cppCompilerOptions = cppCompilerOptions.append(\"wmain\");\r\n --nEP;\r\n }\r\n if (PE.compare(\"FF\", nEP + 174)) {\r\n cppCompilerOptions = cppCompilerOptions.append(\"glob\");\r\n }\r\n }\r\n cppCompilerVersion = \"15.00-16.00\";\r\n isCppDetected = true;\r\n } else if (PE.compareEP(\"64A100000000558BEC6AFF68\")) {\r\n isCppDetected = true;\r\n } else if (PE.compareEP(\"64A100000000506489250000000083C4A8535657\")) {\r\n cppCompilerVersion = \"11.00\";\r\n isCppDetected = true;\r\n } else if (PE.compareEP(\"535657BB........8B......553BFB75\")) {\r\n cppCompilerVersion = \"8.00\";\r\n isCppDetected = true;\r\n } else if (PE.compareEP(\"56E8........8BF0E8........68........68........E8........6A..68........56E8\")) {\r\n cppCompilerVersion = \"8.00\";\r\n isCppDetected = true;\r\n } else if (PE.compareEP(\"53B8........8B......565785DB5575\")) {\r\n cppCompilerVersion = \"10.20\";\r\n isCppDetected = true;\r\n } else if (PE.compareEP(\"558BEC83EC4456FF15........6A018BF0FF15\")) {\r\n cppCompilerVersion = \"12.00\";\r\n isCppDetected = true;\r\n } else if (PE.compareEP(\"558BEC83EC4456FF15........8BF08A063C22\")) {\r\n cppCompilerVersion = \"12.00\";\r\n isCppDetected = true;\r\n } else if (PE.compareEP(\"558D6C....81EC........8B45..83F801560F84........85C00F84\")) {\r\n cppCompilerVersion = \"12.00\";\r\n isCppDetected = true;\r\n }\r\n // else if(PE.compareEP(\"837C24080175098B442404A3....0010E88BFFFFFF\")) { // Pure Basic 4.0\r\n // cppCompilerVersion = \"12.00\";\r\n // isCppDetected = true;\r\n // }\r\n else if (PE.compareEP(\"558BEC538B5D08568B750C85F6578B7D10\")) {\r\n cppCompilerVersion = \"13.00\";\r\n isCppDetected = true;\r\n } else if (PE.compareEP(\"833D........00741A68........E8........85C059740BFF742404FF15........59E8........68........68........E8........85C059597554565768........E8........BE........8BC6BF\")) {\r\n cppCompilerVersion = \"14.00\";\r\n isCppDetected = true;\r\n } else if (PE.compareEP(\"6A1468........E8........BB94000000536A008B..........FFD750FF..........8BF085F6750A6A12E8........59EB18891E56FF..........5685C0751450FFD750FF..........B8\")) {\r\n cppCompilerVersion = \"14.00\";\r\n isCppDetected = true;\r\n } else if (PE.compareEP(\"8BFF558BEC538B5D08568B750C85F6578B7D100F84....000083FE01\")) {\r\n cppCompilerVersion = \"14.00\";\r\n isCppDetected = true;\r\n } else if (PE.compareEP(\"8BFF558BEC538B5D08568B750C85F6578B7D107509833D........00EB2683FE01740583FE027522A1........85C07409575653FFD085C0740C575653E8......FF85C0750433C0EB4E575653E8......FF83FE0189450C750C85C07537575053E8......FF85F6740583FE037526575653E8......FF85C0750321450C837D0C007411A1........85C07408575653FFD089450C8B450C5F5E5B5DC20C00\")) {\r\n cppCompilerVersion = \"14.00\";\r\n isCppDetected = true;\r\n } else if (PE.compareEP(\"558BEC83EC10A1........8365F8008365FC005357BF4EE640BB3BC7BB0000FFFF740D85C37409F7D0A3........EB60568D45F850FF15........8B75FC3375F8FF15........33F0FF15........33F0FF15........33F08D45F050FF15........8B45F43345F033F03BF77507BE4FE640BBEB0B85F375078BC6C1E0100BF08935........F7D68935........5E5F5BC9C3\")) {\r\n cppCompilerVersion = \"14.00\";\r\n isCppDetected = true;\r\n } else if (PE.compareEP(\"558BEC83EC245356578965F8\")) {\r\n isCppDetected = true;\r\n }\r\n } else {\r\n if (PE.compareEP(\"4883EC2885D248895C243048896C243848897424408BDA488BE9498BF0751E3915\")) {\r\n cppCompilerVersion = \"14.00\"; // DLL\r\n isCppDetected = true;\r\n } else if (PE.compareEP(\"4883EC5848895C247048897C247866813D\")) {\r\n cppCompilerVersion = \"14.00\"; // console, msvcrt\r\n isCppDetected = true;\r\n } else if (PE.compareEP(\"4883EC3848895C245048897C2458FF15\")) {\r\n cppCompilerVersion = \"14.00\"; // console, static\r\n isCppDetected = true;\r\n } else if (PE.compareEP(\"488BC44881EC........4889581848897820488D4888FF15\")) {\r\n cppCompilerVersion = \"14.00\"; // GUI\r\n isCppDetected = true;\r\n } else if (PE.compareEP(\"4883EC28E8........4883C428E9$$$$$$$$48895C24\")) {\r\n cppCompilerVersion = \"16.00\";\r\n isCppDetected = true;\r\n } else if (PE.compareEP(\"4883EC28E8........E8........4883C428C3\")) {\r\n cppCompilerVersion = \"16.00\"; // debug\r\n isCppDetected = true;\r\n } else if (PE.compareEP(\"48895C24084889742410574883EC20498BF88BDA488BF183FA017505E8\")) {\r\n cppCompilerVersion = \"16.00\"; // DLL\r\n isCppDetected = true;\r\n } else if (PE.compareEP(\"4C894424188954241048894C24084883EC28837C2438017505E8\")) {\r\n cppCompilerVersion = \"16.00\"; // DLL debug\r\n isCppDetected = true;\r\n }\r\n }\r\n\r\n if (isCppDetected) {\r\n cppCompilerName = \"Microsoft Visual C/C++\";\r\n }\r\n\r\n if (PE.isRichSignaturePresent()) {\r\n linkerName = \"Microsoft Linker\";\r\n }\r\n\r\n var mfcLibraryMatch = PE.isLibraryPresentExp(/^MFC(\\d+?)(u?)(d?)\\.dll/i);\r\n\r\n if (mfcLibraryMatch) {\r\n mfcLibraryVersion = (mfcLibraryMatch[1] / 10).toFixed(1);\r\n\r\n if (mfcLibraryMatch[2]) {\r\n mfcLibraryOptions = \"Unicode\";\r\n }\r\n\r\n if (mfcLibraryMatch[3]) {\r\n mfcLibraryOptions = mfcLibraryOptions.append(\"debug\");\r\n }\r\n\r\n mfcLibraryName = \"MFC\";\r\n }\r\n\r\n if (PE.isDeepScan() && (mfcLibraryName == String())) {\r\n var dataSection = PE.section[\".data\"];\r\n\r\n if (dataSection && PE.isSignatureInSectionPresent(dataSection.Number, \"'CMFCComObject'\")) {\r\n mfcLibraryName = \"MFC\";\r\n mfcLibraryOptions = \"static\";\r\n }\r\n }\r\n\r\n if (PE.isNet()) {\r\n if (PE.isNetObjectPresent(\"Microsoft.VisualBasic\")) {\r\n vbCompilerName = \"VB.NET\";\r\n vbDetected = true;\r\n }\r\n } else if (PE.isLibraryPresentExp(/^MSVBVM60(\\.DLL)?/i)) {\r\n vbCompilerName = \"Microsoft Visual Basic\";\r\n vbCompilerVersion = \"6.0\";\r\n vbCompilerOptions = getVbOptions();\r\n } else if (PE.isLibraryPresentExp(/^MSVBVM50(\\.DLL)?/i)) {\r\n vbCompilerName = \"Microsoft Visual Basic\";\r\n vbCompilerVersion = \"5.0\";\r\n vbCompilerOptions = getVbOptions();\r\n } else if (PE.isLibraryPresentExp(/^VB40032(\\.DLL)/i)) {\r\n vbCompilerName = \"Microsoft Visual Basic\";\r\n vbCompilerVersion = \"4.0\";\r\n }\r\n\r\n if (vbCompilerVersion && (\r\n PE.isLibraryPresentExp(/^(VB40032|MSVBVM[56]0)$/i) ||\r\n (vbCompilerVersion === \"6.0\" && !PE.isRichSignaturePresent())\r\n )) {\r\n vbCompilerOptions = vbCompilerOptions.append(\"modified/patched\");\r\n }\r\n\r\n // Rich\r\n var richLinkerName = String(),\r\n richLinkerVersion = String(),\r\n richLinkerOptions = String(),\r\n richCppCompilerName = String(),\r\n richCppCompilerVersion = String(),\r\n richCppCompilerOptions = String(),\r\n richMasmCompilerName = String(),\r\n richMasmCompilerVersion = String(),\r\n richMasmCompilerOptions = String(),\r\n richVbCompilerName = String(),\r\n richVbCompilerVersion = String(),\r\n richVbCompilerOptions = String();\r\n\r\n for (var i = PE.getNumberOfRichIDs() - 1; i >= 0; i--) {\r\n var richId = PE.getRichID(i);\r\n\r\n if (richId > 1) {\r\n var richVersion = String(),\r\n richOptions = String(),\r\n isLinker = 0,\r\n isCompiler = 0,\r\n isMasm = 0,\r\n isBasic = 0;\r\n\r\n var richIdMap = {\r\n 0x0002: { isLinker: 1, richVersion: \"5.10\" },\r\n 0x0004: { isLinker: 1, richVersion: \"6.00\" },\r\n 0x0007: { isBasic: 1, richVersion: \"5.00\", richOptions: \"Native\" },\r\n 0x0008: { isCompiler: 1, richVersion: \"11.00\", richOptions: \"C/C++\" },\r\n 0x0009: { isBasic: 1, richVersion: \"6.00\", richOptions: \"Native\" },\r\n 0x000a: { isCompiler: 1, richVersion: \"12.00\", richOptions: \"C\" },\r\n 0x000b: { isCompiler: 1, richVersion: \"12.00\", richOptions: \"C++\" },\r\n 0x000e: { isMasm: 1, richVersion: \"6.13\" },\r\n 0x000f: { isMasm: 1, richVersion: \"7.01\" },\r\n 0x0010: { isLinker: 1, richVersion: \"5.11\" },\r\n 0x0012: { isMasm: 1, richVersion: \"6.14\", richOptions: \"MMX2 support\" },\r\n 0x0013: { isLinker: 1, richVersion: \"5.12\" },\r\n 0x0015: { isCompiler: 1, richVersion: \"12.00\", richOptions: \"C/std\" },\r\n 0x0016: { isCompiler: 1, richVersion: \"12.00\", richOptions: \"C++/std\" },\r\n 0x0017: { isCompiler: 1, richVersion: \"12.00\", richOptions: \"C/book\" },\r\n 0x0018: { isCompiler: 1, richVersion: \"12.00\", richOptions: \"C++/book\" },\r\n 0x001b: { isBasic: 1, richVersion: \"7.00\", richOptions: \"Native\" },\r\n 0x001c: { isCompiler: 1, richVersion: \"13.00\", richOptions: \"C\" },\r\n 0x001d: { isCompiler: 1, richVersion: \"13.00\", richOptions: \"C++\" },\r\n 0x001e: { isLinker: 1, richVersion: \"6.10\" },\r\n 0x0020: { isLinker: 1, richVersion: \"6.01\" },\r\n 0x0022: { isBasic: 1, richVersion: \"6.10\", richOptions: \"Native\" },\r\n 0x0023: { isCompiler: 1, richVersion: \"12.10\", richOptions: \"C\" },\r\n 0x0024: { isCompiler: 1, richVersion: \"12.10\", richOptions: \"C++\" },\r\n 0x0025: { isLinker: 1, richVersion: \"6.20\" },\r\n 0x0028: { isLinker: 1, richVersion: \"6.21\" },\r\n 0x002a: { isMasm: 1, richVersion: \"6.15\" },\r\n 0x002b: { isCompiler: 1, richVersion: \"13.00\", richOptions: \"LTCG/C\" },\r\n 0x002c: { isCompiler: 1, richVersion: \"13.00\", richOptions: \"LTCG/C++\" },\r\n 0x002d: { isMasm: 1, richVersion: \"6.20\" },\r\n 0x002f: { isBasic: 1, richVersion: \"6.20\", richOptions: \"Native\" },\r\n 0x0030: { isCompiler: 1, richVersion: \"12.20\", richOptions: \"C\" },\r\n 0x0031: { isCompiler: 1, richVersion: \"12.20\", richOptions: \"C++\" },\r\n 0x0032: { isCompiler: 1, richVersion: \"12.20\", richOptions: \"C/std\" },\r\n 0x0033: { isCompiler: 1, richVersion: \"12.20\", richOptions: \"C++/std\" },\r\n 0x0034: { isCompiler: 1, richVersion: \"12.20\", richOptions: \"C/book\" },\r\n 0x0035: { isCompiler: 1, richVersion: \"12.20\", richOptions: \"C++/book\" },\r\n 0x0039: { isCompiler: 1, richVersion: \"13.00\", richOptions: \"C/std\" },\r\n 0x003a: { isCompiler: 1, richVersion: \"13.00\", richOptions: \"C++/std\" },\r\n 0x003c: { isLinker: 1, richVersion: \"6.22\" },\r\n 0x003d: { isLinker: 1, richVersion: \"7.00\" },\r\n 0x0040: { isMasm: 1, richVersion: \"7.00\" },\r\n 0x0041: { isCompiler: 1, richVersion: \"13.00\", richOptions: \"POGO_I_C\" },\r\n 0x0042: { isCompiler: 1, richVersion: \"13.00\", richOptions: \"POGO_I_CPP\" },\r\n 0x0043: { isCompiler: 1, richVersion: \"13.00\", richOptions: \"POGO_O_C\" },\r\n 0x0044: { isCompiler: 1, richVersion: \"13.00\", richOptions: \"POGO_O_CPP\" },\r\n 0x0047: { isLinker: 1, richVersion: \"7.10p\" },\r\n 0x004b: { isMasm: 1, richVersion: \"7.10p\" },\r\n 0x004c: { isCompiler: 1, richVersion: \"13.10p\", richOptions: \"C\" },\r\n 0x004d: { isCompiler: 1, richVersion: \"13.10p\", richOptions: \"C++/book\" },\r\n 0x004e: { isCompiler: 1, richVersion: \"13.10p\", richOptions: \"C/std\" },\r\n 0x004f: { isCompiler: 1, richVersion: \"13.10p\", richOptions: \"C++/std\" },\r\n 0x0050: { isCompiler: 1, richVersion: \"13.10p\", richOptions: \"LTCG/C\" },\r\n 0x0051: { isCompiler: 1, richVersion: \"13.10p\", richOptions: \"LTCG/C++\" },\r\n 0x0052: { isCompiler: 1, richVersion: \"13.10p\", richOptions: \"POGO_I_C\" },\r\n 0x0053: { isCompiler: 1, richVersion: \"13.10p\", richOptions: \"POGO_I_C\" },\r\n 0x0054: { isCompiler: 1, richVersion: \"13.10p\", richOptions: \"POGO_O_C\" },\r\n 0x0055: { isCompiler: 1, richVersion: \"13.10p\", richOptions: \"POGO_O_CPP\" },\r\n 0x0056: { isLinker: 1, richVersion: \"6.24\" },\r\n 0x005a: { isLinker: 1, richVersion: \"7.10\" },\r\n 0x005f: { isCompiler: 1, richVersion: \"13.10\", richOptions: \"C\" },\r\n 0x0060: { isCompiler: 1, richVersion: \"13.10\", richOptions: \"C++/book\" },\r\n 0x0061: { isCompiler: 1, richVersion: \"13.10\", richOptions: \"C/std\" },\r\n 0x0062: { isCompiler: 1, richVersion: \"13.10\", richOptions: \"C++/std\" },\r\n 0x0063: { isCompiler: 1, richVersion: \"13.10\", richOptions: \"LTCG/C\" },\r\n 0x0064: { isCompiler: 1, richVersion: \"13.10\", richOptions: \"LTCG/C++\" },\r\n 0x0065: { isCompiler: 1, richVersion: \"13.10\", richOptions: \"POGO_I_C\" },\r\n 0x0066: { isCompiler: 1, richVersion: \"13.10\", richOptions: \"POGO_I_C\" },\r\n 0x0067: { isCompiler: 1, richVersion: \"13.10\", richOptions: \"POGO_O_C\" },\r\n 0x0068: { isCompiler: 1, richVersion: \"13.10\", richOptions: \"POGO_O_CPP\" },\r\n 0x006d: { isCompiler: 1, richVersion: \"14.00\", richOptions: \"C\" },\r\n 0x006e: { isCompiler: 1, richVersion: \"14.00\", richOptions: \"C++/book\" },\r\n 0x006f: { isCompiler: 1, richVersion: \"14.00\", richOptions: \"C/std\" },\r\n 0x0070: { isCompiler: 1, richVersion: \"14.00\", richOptions: \"C++/std\" },\r\n 0x0071: { isCompiler: 1, richVersion: \"14.00\", richOptions: \"LTCG/C\" },\r\n 0x0072: { isCompiler: 1, richVersion: \"14.00\", richOptions: \"LTCG/C++\" },\r\n 0x0073: { isCompiler: 1, richVersion: \"14.00\", richOptions: \"POGO_I_C\" },\r\n 0x0074: { isCompiler: 1, richVersion: \"14.00\", richOptions: \"POGO_I_C\" },\r\n 0x0075: { isCompiler: 1, richVersion: \"14.00\", richOptions: \"POGO_O_C\" },\r\n 0x0076: { isCompiler: 1, richVersion: \"14.00\", richOptions: \"POGO_O_CPP\" },\r\n 0x0078: { isLinker: 1, richVersion: \"8.00\" },\r\n 0x007d: { isMasm: 1, richVersion: \"8.00\" },\r\n 0x0080: { isCompiler: 1, richVersion: \"14.00\", richOptions: \"CVTCIL/C\" },\r\n 0x0081: { isCompiler: 1, richVersion: \"14.00\", richOptions: \"CVTCIL/C++\" },\r\n 0x0082: { isCompiler: 1, richVersion: \"14.00\", richOptions: \"LTCG/MSIL\" },\r\n 0x0083: { isCompiler: 1, richVersion: \"15.00\", richOptions: \"C\" },\r\n 0x0084: { isCompiler: 1, richVersion: \"15.00\", richOptions: \"C++\" },\r\n 0x0085: { isCompiler: 1, richVersion: \"15.00\", richOptions: \"C/std\" },\r\n 0x0086: { isCompiler: 1, richVersion: \"15.00\", richOptions: \"C++/std\" },\r\n 0x0087: { isCompiler: 1, richVersion: \"15.00\", richOptions: \"CVTCIL/C\" },\r\n 0x0088: { isCompiler: 1, richVersion: \"15.00\", richOptions: \"CVTCIL/C++\" },\r\n 0x0089: { isCompiler: 1, richVersion: \"15.00\", richOptions: \"LTCG/C\" },\r\n 0x008a: { isCompiler: 1, richVersion: \"15.00\", richOptions: \"LTCG/C++\" },\r\n 0x008b: { isCompiler: 1, richVersion: \"15.00\", richOptions: \"LTCG/MSIL\" },\r\n 0x008c: { isCompiler: 1, richVersion: \"15.00\", richOptions: \"POGO_I_C\" },\r\n 0x008d: { isCompiler: 1, richVersion: \"15.00\", richOptions: \"POGO_I_C\" },\r\n 0x008e: { isCompiler: 1, richVersion: \"15.00\", richOptions: \"POGO_O_C\" },\r\n 0x008f: { isCompiler: 1, richVersion: \"15.00\", richOptions: \"POGO_O_CPP\" },\r\n 0x0091: { isLinker: 1, richVersion: \"9.00\" },\r\n 0x0095: { isMasm: 1, richVersion: \"9.00\" },\r\n 0x009d: { isLinker: 1, richVersion: \"10.00\" },\r\n 0x009e: { isMasm: 1, richVersion: \"10.00\" },\r\n 0x00aa: { isCompiler: 1, richVersion: \"16.00\", richOptions: \"C\" },\r\n 0x00ab: { isCompiler: 1, richVersion: \"16.00\", richOptions: \"C++\" },\r\n 0x00ac: { isCompiler: 1, richVersion: \"16.00\", richOptions: \"CVTCIL/C\" },\r\n 0x00ad: { isCompiler: 1, richVersion: \"16.00\", richOptions: \"CVTCIL/C++\" },\r\n 0x00ae: { isCompiler: 1, richVersion: \"16.00\", richOptions: \"LTCG/C\" },\r\n 0x00af: { isCompiler: 1, richVersion: \"16.00\", richOptions: \"LTCG/C++\" },\r\n 0x00b0: { isCompiler: 1, richVersion: \"16.00\", richOptions: \"LTCG/MSIL\" },\r\n 0x00b1: { isCompiler: 1, richVersion: \"16.00\", richOptions: \"POGO_I_C\" },\r\n 0x00b2: { isCompiler: 1, richVersion: \"16.00\", richOptions: \"POGO_I_C\" },\r\n 0x00b3: { isCompiler: 1, richVersion: \"16.00\", richOptions: \"POGO_O_C\" },\r\n 0x00b4: { isCompiler: 1, richVersion: \"16.00\", richOptions: \"POGO_O_CPP\" },\r\n 0x00ba: { isLinker: 1, richVersion: \"10.10\" },\r\n 0x00bb: { isMasm: 1, richVersion: \"10.10\" },\r\n 0x00bc: { isCompiler: 1, richVersion: \"16.10\", richOptions: \"C\" },\r\n 0x00bd: { isCompiler: 1, richVersion: \"16.10\", richOptions: \"C++\" },\r\n 0x00be: { isCompiler: 1, richVersion: \"16.10\", richOptions: \"CVTCIL/C\" },\r\n 0x00bf: { isCompiler: 1, richVersion: \"16.10\", richOptions: \"CVTCIL/C++\" },\r\n 0x00c0: { isCompiler: 1, richVersion: \"16.10\", richOptions: \"LTCG/C\" },\r\n 0x00c1: { isCompiler: 1, richVersion: \"16.10\", richOptions: \"LTCG/C++\" },\r\n 0x00c2: { isCompiler: 1, richVersion: \"16.10\", richOptions: \"LTCG/MSIL\" },\r\n 0x00c3: { isCompiler: 1, richVersion: \"16.10\", richOptions: \"POGO_I_C\" },\r\n 0x00c4: { isCompiler: 1, richVersion: \"16.10\", richOptions: \"POGO_I_C\" },\r\n 0x00c5: { isCompiler: 1, richVersion: \"16.10\", richOptions: \"POGO_O_C\" },\r\n 0x00c6: { isCompiler: 1, richVersion: \"16.10\", richOptions: \"POGO_O_CPP\" },\r\n 0x00cc: { isLinker: 1, richVersion: \"11.00\" },\r\n 0x00cd: { isMasm: 1, richVersion: \"11.00\" },\r\n 0x00ce: { isCompiler: 1, richVersion: \"17.00\", richOptions: \"C\" },\r\n 0x00cf: { isCompiler: 1, richVersion: \"17.00\", richOptions: \"C++\" },\r\n 0x00d0: { isCompiler: 1, richVersion: \"17.00\", richOptions: \"CVTCIL/C\" },\r\n 0x00d1: { isCompiler: 1, richVersion: \"17.00\", richOptions: \"CVTCIL/C++\" },\r\n 0x00d2: { isCompiler: 1, richVersion: \"17.00\", richOptions: \"LTCG/C\" },\r\n 0x00d3: { isCompiler: 1, richVersion: \"17.00\", richOptions: \"LTCG/C++\" },\r\n 0x00d4: { isCompiler: 1, richVersion: \"17.00\", richOptions: \"LTCG/MSIL\" },\r\n 0x00d5: { isCompiler: 1, richVersion: \"17.00\", richOptions: \"POGO_I_C\" },\r\n 0x00d6: { isCompiler: 1, richVersion: \"17.00\", richOptions: \"POGO_I_C\" },\r\n 0x00d7: { isCompiler: 1, richVersion: \"17.00\", richOptions: \"POGO_O_C\" },\r\n 0x00d8: { isCompiler: 1, richVersion: \"17.00\", richOptions: \"POGO_O_CPP\" },\r\n 0x00de: { isLinker: 1, richVersion: \"12.00\" },\r\n 0x00df: { isMasm: 1, richVersion: \"12.00\" },\r\n 0x00e0: { isCompiler: 1, richVersion: \"18.00\", richOptions: \"C\" },\r\n 0x00e1: { isCompiler: 1, richVersion: \"18.00\", richOptions: \"C++\" },\r\n 0x00e2: { isCompiler: 1, richVersion: \"18.00\", richOptions: \"CVTCIL/C\" },\r\n 0x00e3: { isCompiler: 1, richVersion: \"18.00\", richOptions: \"CVTCIL/C++\" },\r\n 0x00e4: { isCompiler: 1, richVersion: \"18.00\", richOptions: \"LTCG/C\" },\r\n 0x00e5: { isCompiler: 1, richVersion: \"18.00\", richOptions: \"LTCG/C++\" },\r\n 0x00e6: { isCompiler: 1, richVersion: \"18.00\", richOptions: \"LTCG/MSIL\" },\r\n 0x00e7: { isCompiler: 1, richVersion: \"18.00\", richOptions: \"POGO_I_C\" },\r\n 0x00e8: { isCompiler: 1, richVersion: \"18.00\", richOptions: \"POGO_I_C\" },\r\n 0x00e9: { isCompiler: 1, richVersion: \"18.00\", richOptions: \"POGO_O_C\" },\r\n 0x00ea: { isCompiler: 1, richVersion: \"18.00\", richOptions: \"POGO_O_CPP\" },\r\n 0x00f0: { isLinker: 1, richVersion: \"12.10\" },\r\n 0x00f1: { isMasm: 1, richVersion: \"12.10\" },\r\n 0x00f2: { isCompiler: 1, richVersion: \"18.10\", richOptions: \"C\" },\r\n 0x00f3: { isCompiler: 1, richVersion: \"18.10\", richOptions: \"C++\" },\r\n 0x00f4: { isCompiler: 1, richVersion: \"18.10\", richOptions: \"CVTCIL/C\" },\r\n 0x00f5: { isCompiler: 1, richVersion: \"18.10\", richOptions: \"CVTCIL/C++\" },\r\n 0x00f6: { isCompiler: 1, richVersion: \"18.10\", richOptions: \"LTCG/C\" },\r\n 0x00f7: { isCompiler: 1, richVersion: \"18.10\", richOptions: \"LTCG/C++\" },\r\n 0x00f8: { isCompiler: 1, richVersion: \"18.10\", richOptions: \"LTCG/MSIL\" },\r\n 0x00f9: { isCompiler: 1, richVersion: \"18.10\", richOptions: \"POGO_I_C\" },\r\n 0x00fa: { isCompiler: 1, richVersion: \"18.10\", richOptions: \"POGO_I_C\" },\r\n 0x00fb: { isCompiler: 1, richVersion: \"18.10\", richOptions: \"POGO_O_C\" },\r\n 0x00fc: { isCompiler: 1, richVersion: \"18.10\", richOptions: \"POGO_O_CPP\" },\r\n 0x0102: { isLinker: 1, richVersion: \"14.00\" },\r\n 0x0103: { isMasm: 1, richVersion: \"14.00\" },\r\n 0x0104: { isCompiler: 1, richVersion: \"19.00\", richOptions: \"C\" },\r\n 0x0105: { isCompiler: 1, richVersion: \"19.00\", richOptions: \"C++\" },\r\n 0x0106: { isCompiler: 1, richVersion: \"19.00\", richOptions: \"CVTCIL/C\" },\r\n 0x0107: { isCompiler: 1, richVersion: \"19.00\", richOptions: \"CVTCIL/C++\" },\r\n 0x0108: { isCompiler: 1, richVersion: \"19.00\", richOptions: \"LTCG/C\" },\r\n 0x0109: { isCompiler: 1, richVersion: \"19.00\", richOptions: \"LTCG/C++\" },\r\n 0x010a: { isCompiler: 1, richVersion: \"19.00\", richOptions: \"LTCG/MSIL\" },\r\n 0x010b: { isCompiler: 1, richVersion: \"19.00\", richOptions: \"POGO_I_C\" },\r\n 0x010c: { isCompiler: 1, richVersion: \"19.00\", richOptions: \"POGO_I_C\" },\r\n 0x010d: { isCompiler: 1, richVersion: \"19.00\", richOptions: \"POGO_O_C\" },\r\n 0x010e: { isCompiler: 1, richVersion: \"19.00\", richOptions: \"POGO_O_CPP\" }\r\n };\r\n\r\n var richInfo = richIdMap[richId];\r\n if (richInfo) {\r\n isLinker = richInfo.isLinker || 0;\r\n isCompiler = richInfo.isCompiler || 0;\r\n isMasm = richInfo.isMasm || 0;\r\n isBasic = richInfo.isBasic || 0;\r\n richVersion = richInfo.richVersion || String();\r\n richOptions = richInfo.richOptions || String();\r\n }\r\n\r\n var formattedVersion = richVersion + \".\" + PE.getRichVersion(i);\r\n\r\n if (isLinker && richVersion == \"14.00\" || isMasm && richVersion == \"14.00\" || isCompiler && richVersion == \"19.00\") {\r\n var buildNumber = PE.getRichVersion(i);\r\n var minorVersion = 0;\r\n\r\n if (buildNumber > 25000) {\r\n if (buildNumber < 25506) minorVersion = 10;\r\n else if (buildNumber < 25830) minorVersion = 11;\r\n else if (buildNumber < 26128) minorVersion = 12;\r\n else if (buildNumber < 26428) minorVersion = 13;\r\n else if (buildNumber < 26726) minorVersion = 14;\r\n else if (buildNumber < 26926) minorVersion = 15;\r\n else if (buildNumber < 27508) minorVersion = 16;\r\n else if (buildNumber < 27702) minorVersion = 20;\r\n else if (buildNumber < 27905) minorVersion = 21;\r\n else if (buildNumber < 28105) minorVersion = 22;\r\n else if (buildNumber < 28314) minorVersion = 23;\r\n else if (buildNumber < 28610) minorVersion = 24;\r\n else if (buildNumber < 28805) minorVersion = 25;\r\n else if (buildNumber < 29110) minorVersion = 26;\r\n else if (buildNumber < 29333) minorVersion = 27;\r\n else if (buildNumber < 30133) minorVersion = 28;\r\n else if (buildNumber < 30401) minorVersion = 29;\r\n else if (buildNumber < 30818) minorVersion = 30;\r\n else if (buildNumber < 31114) minorVersion = 31;\r\n else if (buildNumber < 31424) minorVersion = 32;\r\n else if (buildNumber < 31721) minorVersion = 33;\r\n else if (buildNumber < 32019) minorVersion = 34;\r\n else if (buildNumber < 32019) minorVersion = 34;\r\n else if (buildNumber < 32323) minorVersion = 35;\r\n else if (buildNumber < 32532) minorVersion = 36; // VS 2022 17.6.x\r\n else if (buildNumber < 32543) minorVersion = 36; // VS 2022 17.6.x (14.36.32532-14.36.32535)\r\n else if (buildNumber < 32822) minorVersion = 36; // VS 2022 17.7.0 (14.36.32543)\r\n else if (buildNumber < 33130) minorVersion = 37; // VS 2022 17.7.x\r\n else if (buildNumber < 33520) minorVersion = 38; // VS 2022 17.8.0 (14.38.33135)\r\n else if (buildNumber < 33811) minorVersion = 39; // VS 2022 17.9.x (14.39.33520-14.39.33523)\r\n else if (buildNumber < 34120) minorVersion = 40; // VS 2022 17.10.x (14.40.33811-14.40.33818)\r\n else if (buildNumber < 34436) minorVersion = 41; // VS 2022 17.11.0 (14.41.34120)\r\n else if (buildNumber < 34808) minorVersion = 42; // VS 2022 17.12.4 (14.42.34436)\r\n else if (buildNumber < 35000) minorVersion = 43; // VS 2022 17.13.x (14.43.34808-14.43.34810)\r\n else if (buildNumber < 35224) minorVersion = 44; // VS 2022 17.14.x (14.44.35207-14.44.35223)\r\n else if (buildNumber < 36000) minorVersion = 50; // VS 2026 18.0.x-18.3.x (14.50.35503-14.50.35724)\r\n else if (buildNumber < 37000) minorVersion = 51; // VS 2026 18.0.4 (14.51.36014)\r\n else minorVersion = 51; // Future versions\r\n }\r\n\r\n if (minorVersion) {\r\n if (isLinker || isMasm) {\r\n formattedVersion = \"14.\" + minorVersion + \".\" + buildNumber;\r\n } else if (isCompiler) {\r\n formattedVersion = \"19.\" + minorVersion + \".\" + buildNumber;\r\n }\r\n }\r\n }\r\n\r\n if (isLinker) {\r\n if (formattedVersion > richLinkerVersion) {\r\n richLinkerName = \"Microsoft Linker\";\r\n richLinkerVersion = formattedVersion;\r\n richLinkerOptions = richOptions;\r\n }\r\n } else if (isCompiler) {\r\n if (formattedVersion > richCppCompilerVersion) {\r\n richCppCompilerName = \"Microsoft Visual C/C++\";\r\n richCppCompilerVersion = formattedVersion;\r\n richCppCompilerOptions = richOptions;\r\n }\r\n } else if (isMasm) {\r\n if (formattedVersion > richMasmCompilerVersion) {\r\n richMasmCompilerName = \"MASM\";\r\n richMasmCompilerVersion = formattedVersion;\r\n richMasmCompilerOptions = richOptions;\r\n }\r\n } else if (isBasic) {\r\n if (formattedVersion > richVbCompilerVersion) {\r\n richVbCompilerName = \"Visual Basic\";\r\n richVbCompilerVersion = formattedVersion;\r\n richVbCompilerOptions = richOptions;\r\n }\r\n }\r\n }\r\n }\r\n\r\n if (richLinkerName) {\r\n linkerName = richLinkerName;\r\n linkerVersion = richLinkerVersion;\r\n linkerOptions = richLinkerOptions;\r\n }\r\n\r\n if (richVbCompilerName) {\r\n vbCompilerName = richVbCompilerName;\r\n vbCompilerVersion = richVbCompilerVersion;\r\n vbCompilerOptions = richVbCompilerOptions;\r\n } else if (richCppCompilerName) {\r\n cppCompilerName = richCppCompilerName;\r\n cppCompilerVersion = richCppCompilerVersion;\r\n cppCompilerOptions = richCppCompilerOptions;\r\n } else if (richMasmCompilerName) {\r\n masmCompilerName = richMasmCompilerName;\r\n masmCompilerVersion = richMasmCompilerVersion;\r\n masmCompilerOptions = richMasmCompilerOptions;\r\n }\r\n\r\n if (PE.isDeepScan()) {\r\n if (richCppCompilerName == String()) {\r\n if (PE.section.length >= 3) {\r\n var msVisualCrtPattern = \"'Microsoft Visual C++ Runtime Library'\"\r\n if (PE.isSignatureInSectionPresent(0, msVisualCrtPattern) ||\r\n PE.isSignatureInSectionPresent(1, msVisualCrtPattern) ||\r\n PE.isSignatureInSectionPresent(2, msVisualCrtPattern)) {\r\n cppCompilerName = \"Microsoft Visual C/C++\";\r\n }\r\n }\r\n }\r\n }\r\n\r\n if (PE.isVerbose()) {\r\n if (richCppCompilerName == String()) {\r\n if (PE.isLibraryPresent(\"msvcrt.dll\")) {\r\n var nMajorLinkerVersion = PE.getMajorLinkerVersion(),\r\n nMinorLinkerVersion = PE.getMinorLinkerVersion();\r\n\r\n if (nMajorLinkerVersion >= 3 && nMajorLinkerVersion <= 14 && nMinorLinkerVersion < 40) {\r\n cppCompilerName = \"Microsoft Visual C/C++\";\r\n }\r\n }\r\n }\r\n }\r\n\r\n if (PE.isVerbose()) {\r\n if (mfcLibraryName) {\r\n if (cppCompilerName == String()) {\r\n cppCompilerName = \"Microsoft Visual C/C++\";\r\n // TODO Version\r\n }\r\n if (linkerName == String()) {\r\n linkerName = \"Microsoft Linker\";\r\n // TODO Version\r\n }\r\n }\r\n\r\n if (cppCompilerName || richVbCompilerName || masmCompilerName) {\r\n if (linkerName == String()) {\r\n var nMajorLinkerVersion = PE.getMajorLinkerVersion(),\r\n nMinorLinkerVersion = PE.getMinorLinkerVersion();\r\n\r\n if (nMajorLinkerVersion >= 3 && nMajorLinkerVersion <= 14 && nMinorLinkerVersion < 40) {\r\n linkerName = \"Microsoft Linker\";\r\n }\r\n }\r\n }\r\n }\r\n\r\n if (linkerName) {\r\n if (linkerVersion == String()) {\r\n var nMajorLinkerVersion = PE.getMajorLinkerVersion(),\r\n nMinorLinkerVersion = PE.getMinorLinkerVersion();\r\n\r\n if (nMajorLinkerVersion >= 3 && nMajorLinkerVersion <= 14 && nMinorLinkerVersion < 40) {\r\n linkerVersion = PE.getCompilerVersion();\r\n }\r\n }\r\n }\r\n\r\n if (cppCompilerName && linkerName) {\r\n var linkerMajorVersion = linkerVersion.match(/\\d+\\.\\d+/gm);\r\n\r\n if (linkerMajorVersion) {\r\n toolName = \"Microsoft Visual Studio\";\r\n\r\n var vsVersionMap = {\r\n \"6.00\": \"6.0\",\r\n \"7.00\": \"2002\",\r\n \"7.10\": \"2003\",\r\n \"8.00\": \"2005\",\r\n \"9.00\": \"2008\",\r\n \"10.00\": \"2010\",\r\n \"11.00\": \"2012\",\r\n \"12.00\": \"2013\",\r\n \"14.00\": \"2015\",\r\n \"14.10\": \"2017, 15.0-15.2\",\r\n \"14.11\": \"2017, 15.3\",\r\n \"14.12\": \"2017, 15.5\",\r\n \"14.13\": \"2017, 15.6\",\r\n \"14.14\": \"2017, 15.7\",\r\n \"14.15\": \"2017, 15.8\",\r\n \"14.16\": \"2017, 15.9\",\r\n \"14.20\": \"2019, 16.0\",\r\n \"14.21\": \"2019, 16.1\",\r\n \"14.22\": \"2019, 16.2\",\r\n \"14.23\": \"2019, 16.3\",\r\n \"14.24\": \"2019, 16.4\",\r\n \"14.25\": \"2019, 16.5\",\r\n \"14.26\": \"2019, 16.6\",\r\n \"14.27\": \"2019, 16.7-16.8\",\r\n \"14.28\": \"2019, 16.9-16.10\",\r\n \"14.29\": \"2019, 16.11\",\r\n \"14.30\": \"2022, 17.0\",\r\n \"14.31\": \"2022, 17.1\",\r\n \"14.32\": \"2022, 17.2\",\r\n \"14.33\": \"2022, 17.3\",\r\n \"14.34\": \"2022, 17.4\",\r\n \"14.35\": \"2022, 17.5\",\r\n \"14.36\": \"2022, 17.6\",\r\n \"14.37\": \"2022, 17.7\",\r\n \"14.38\": \"2022, 17.8\",\r\n \"14.39\": \"2022, 17.9.1\",\r\n \"14.40\": \"2022, 17.10\",\r\n \"14.41\": \"2022, 17.11\",\r\n \"14.42\": \"2022, 17.12\",\r\n \"14.43\": \"2022, 17.13\",\r\n \"14.44\": \"2022, 17.14\",\r\n \"14.50\": \"2026, 18.0-18.3\",\r\n \"14.51\": \"2026, 18.4\"\r\n };\r\n\r\n toolVersion = vsVersionMap[linkerMajorVersion] || \"\";\r\n }\r\n }\r\n\r\n if (masmCompilerVersion == \"6.14.8444\" && linkerVersion == \"5.12.8078\") {\r\n toolName = \"MASM32\";\r\n toolVersion = \"8-11\";\r\n }\r\n\r\n if (vbCompilerName) {\r\n _setLang(\"VB\" + (vbCompilerName.indexOf(\".NET\") !== -1 ? \".NET\" : \"\"));\r\n _setResult(\"compiler\", vbCompilerName, vbCompilerVersion, vbCompilerOptions);\r\n } else if (cppCompilerName) {\r\n\r\n if (!_isResultPresent(\"compiler\", \"Rust\")) { // check is Rust detected\r\n\r\n if (cppCompilerOptions.indexOf(\"C++\") !== -1 || cppCompilerOptions.indexOf(\"CPP\") !== -1) {\r\n _setLang(\"C++\");\r\n } else if (cppCompilerOptions == \"C\" || cppCompilerOptions.indexOf(\"/C\") !== -1 || cppCompilerOptions.indexOf(\"_C\") !== -1) {\r\n _setLang(\"C\");\r\n } else {\r\n _setLang(\"C/C++\");\r\n }\r\n\r\n }\r\n\r\n // if not detected\r\n if (!_isResultPresent(\"compiler\", cppCompilerName)) _setResult(\"compiler\", cppCompilerName, cppCompilerVersion, cppCompilerOptions);\r\n } else if (masmCompilerName) {\r\n _setLang(\"ASMx\" + (PE.is64() ? \"64\" : \"86\"));\r\n _setResult(\"compiler\", masmCompilerName, masmCompilerVersion, masmCompilerOptions);\r\n }\r\n\r\n\r\n if (dotNetLibraryName) {\r\n\r\n if (PE.isNetObjectPresent(\"FSharp.Core\")) _setLang(\"F#\");\r\n if (!_isLangDetected()) _setLang(\"MSIL/C#\");\r\n\r\n _setResult(\"library\", dotNetLibraryName, dotNetLibraryVersion, dotNetLibraryOptions);\r\n }\r\n\r\n if (mfcLibraryName) {\r\n _setResult(\"library\", mfcLibraryName, mfcLibraryVersion, mfcLibraryOptions);\r\n }\r\n\r\n if (linkerName && _getNumberOfResults(\"linker\") < 1) {\r\n _setResult(\"linker\", linkerName, linkerVersion, linkerOptions);\r\n }\r\n\r\n if (toolName && toolVersion) {\r\n _setResult(\"tool\", toolName, toolVersion, toolOptions);\r\n }\r\n}\r\n\r\nfunction getVbOptions() {\r\n var result = String();\r\n\r\n // Check if sections exist before accessing section[0]\r\n if (PE.getNumberOfSections() === 0) {\r\n return result;\r\n }\r\n var firstSection = PE.section[0];\r\n\r\n var vbSignatureOffset = PE.findDword(firstSection.FileOffset, firstSection.FileSize, 0x21354256);\r\n\r\n if (vbSignatureOffset === -1) {\r\n vbSignatureOffset = PE.findDword(firstSection.FileOffset, firstSection.FileSize, 0x21364256);\r\n }\r\n\r\n if (vbSignatureOffset !== -1) {\r\n var virtualAddress = PE.readDword(vbSignatureOffset + 0x30),\r\n fileOffset = PE.VAToOffset(virtualAddress);\r\n\r\n if (fileOffset !== -1) {\r\n result = (PE.readDword(fileOffset + 0x20) === 0) ? \"P-Code\" : \"Native\";\r\n }\r\n }\r\n\r\n return result;\r\n}\r\n" }, { "path": "db/PE/Microsoft_Class_Installer.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"installer\", \"Microsoft Class Installer for Java\");\n\nfunction detect() {\n if (PE.compareEP(\"64A1........558BEC6A..68........68........50648925........83EC..5356578965..FF15\")) {\n for (var i = 0; i < PE.resource.length && !bDetected; i++) {\n if (PE.resource[i].Type == 280) { // ZIP\n if (PE.compare(\"'PK'0304\", PE.resource[i].Offset)) {\n sVersion = \"4.X\";\n sOptions = \"zip\";\n bDetected = true;\n }\n }\n }\n }\n\n return result();\n}" }, { "path": "db/PE/Microsoft_Compound-based_installer.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"installer\", \"Microsoft Compound-based installer (MSI)\");\n\nfunction detect() {\n if (PE.compareEP(\"558becb9........6a..6a..4975..51535657b8........e8........33c05568........64ff3064892033c05568\") &&\n PE.compareOverlay(\"d0cf11e0a1b11ae1\")) {\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/PE/Microsoft_Help.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"other\", \"Microsoft Help (compiled) (.hxs)\");\n\nfunction detect() {\n if (PE.isSectionNamePresent(\".its\")) {\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/PE/Microsoft_JScript.6.sg", "content": "// Detect It Easy: detection rule file\r\n// Author: horsicq \r\n\r\nmeta(\"compiler\", \"JScript\");\r\n\r\nfunction detect() {\r\n if (PE.isNetObjectPresent(\"Microsoft.JScript.Vsa\")) {\r\n bDetected = true;\r\n }\r\n\r\n sLang = \"JavaScript\";\r\n\r\n return result();\r\n}\r\n" }, { "path": "db/PE/_FixDetects.9.sg", "content": "// Author: DosX\n// E-Mail: collab@kay-software.ru\n// GitHub: https://github.com/DosX-dev\n// Telegram: @DosX_dev\n\nfunction detect() {\n removeFalsePositive({\n falsePositive: { packer: \"AHpacker\" },\n ifPresents: { packer: \"ExE Pack\" }\n });\n\n removeFalsePositive({\n falsePositive: { linker: \"Turbo Linker\" },\n ifPresents: { linker: \"Microsoft Linker\" }\n });\n\n removeFalsePositive({\n falsePositive: { tool: \"Borland Delphi\" },\n ifPresents: { tool: \"Microsoft Linker\" }\n });\n\n removeFalsePositive({\n falsePositive: { compiler: \"FASM\", language: \"ASMx86\" },\n ifPresents: { packer: \"Simple Pack\" }\n });\n\n // Number of \"compiler\" more than 1? Remove Visual C++.\n if (_isResultPresent(\"compiler\", \"Microsoft Visual C/C++\") && _getNumberOfResults(\"compiler\") > 1) {\n _removeResult(\"compiler\", \"Microsoft Visual C/C++\");\n\n if (_getNumberOfResults(\"language\") > 1 && _isLangPresent(\"C/C++\")) {\n _removeResult(\"language\", \"C/C++\");\n }\n }\n\n // Visual Studio? -> C#\n if (_isLangPresent(\"MSIL/C#\") && _isResultPresent(\"tool\", \"Microsoft Visual Studio\")) {\n _removeResult(\"language\", \"MSIL/C#\");\n _setLang(\"C#\");\n }\n}\n\nfunction removeFalsePositive(data) {\n\n var falsePositive = data.falsePositive,\n ifPresents = data.ifPresents;\n\n var falsePositiveKey = String(),\n falsePositiveValue = String();\n\n for (var key in falsePositive) {\n if (falsePositive.hasOwnProperty(key)) {\n falsePositiveKey = key;\n falsePositiveValue = falsePositive[key];\n break;\n }\n }\n\n var ifPresentsKey = String(),\n ifPresentsValue = String();\n\n for (var key in ifPresents) {\n if (ifPresents.hasOwnProperty(key)) {\n ifPresentsKey = key;\n ifPresentsValue = ifPresents[key];\n break;\n }\n }\n\n if (_isResultPresent(falsePositiveKey, falsePositiveValue) && _isResultPresent(ifPresentsKey, ifPresentsValue)) {\n _removeResult(falsePositiveKey, falsePositiveValue);\n }\n}" }, { "path": "db/PE/_NetCompilersLibs.4.sg", "content": "// Detect It Easy: detection rule file\n\n// Author: DosX\n// E-Mail: collab@kay-software.ru\n// GitHub: https://github.com/DosX-dev\n// Telegram: @DosX_dev\n\nfunction detect() {\n // https://github.com/0xd4d/dnlib\n if (PE.isNetObjectPresent(\"dnlib\") && PE.isNetObjectPresent(\"ModuleDef\"))\n _setResult(\"library\", \"dnlib\", \"\", \"\");\n\n // https://www.mono-project.com/docs/tools+libraries/libraries/Mono.Cecil/\n if (PE.isNetObjectPresent(\"Mono.Cecil\"))\n _setResult(\"library\", \"Mono.Cecil\", \"\", \"\");\n\n // https://github.com/Washi1337/AsmResolver\n if (PE.isNetObjectPresent(\"AsmResolver\"))\n _setResult(\"library\", \"AsmResolver\", \"\", \"\");\n\n // https://learn.microsoft.com/en-us/dotnet/framework/reflection-and-codedom/using-the-codedom\n if (PE.isNetObjectPresent(\"System.CodeDom.Compiler\")) { // Standard .NET library\n var languages = \"\";\n\n if (PE.isNetObjectPresent(\"CSharpCodeProvider\"))\n languages = \"C#\";\n\n if (PE.isNetObjectPresent(\"VBCodeProvider\"))\n languages += (languages ? \" + \" : \"\") + \"VB.NET\";\n\n if (PE.isNetObjectPresent(\"JScriptCodeProvider\")) // Should check the relation to System.CodeDom......\n languages += (languages ? \" + \" : \"\") + \"JScript\";\n\n if (languages) {\n _setResult(\"library\", \"CodeDom Compiler\", \"\", languages);\n }\n }\n}" }, { "path": "db/PE/_PE.0.sg", "content": "// Detect It Easy: detection rule file\r\n// Author: horsicq \r\n\r\nmeta(\"operation system\", \"Windows\");\r\n\r\nfunction detect() {\r\n if (PE.isVerbose()) {\r\n sName = PE.getOperationSystemName();\r\n sOptions = PE.getOperationSystemOptions();\r\n\r\n bDetected = true;\r\n\r\n var rossymSection = PE.section[\".rossym\"];\r\n\r\n if (rossymSection && rossymSection.Characteristics == 0x42000802) {\r\n sVersion = \"React OS, 0.3+\";\r\n } else {\r\n sVersion = PE.getOperationSystemVersion();\r\n }\r\n }\r\n\r\n return result();\r\n}\r\n" }, { "path": "db/PE/__GenericHeuristicAnalysis_By_DosX.7.sg", "content": "// Detect It Easy: detection rule file\r\n// Author: horsicq \r\n\r\n/*\r\n ██████╗ ███████╗███╗ ██╗███████╗██████╗ ██╗ ██████╗\r\n ██╔════╝ ██╔════╝████╗ ██║██╔════╝██╔══██╗██║██╔════╝\r\n ██║ ███╗█████╗ ██╔██╗ ██║█████╗ ██████╔╝██║██║\r\n ██║ ██║██╔══╝ ██║╚██╗██║██╔══╝ ██╔══██╗██║██║\r\n ╚██████╔╝███████╗██║ ╚████║███████╗██║ ██║██║╚██████╗\r\n ╚═════╝ ╚══════╝╚═╝ ╚═══╝╚══════╝╚═╝ ╚═╝╚═╝ ╚═════╝\r\n ██╗ ██╗ ██╗███████╗██╗ ██╗██████╗ ██╗███████╗████████╗██╗ ██████╗ ██╗\r\n ██╔╝ ██║ ██║██╔════╝██║ ██║██╔══██╗██║██╔════╝╚══██╔══╝██║██╔════╝ ╚██╗\r\n ██╔╝ ███████║█████╗ ██║ ██║██████╔╝██║███████╗ ██║ ██║██║ ╚██╗\r\n ╚██╗ ██╔══██║██╔══╝ ██║ ██║██╔══██╗██║╚════██║ ██║ ██║██║ ██╔╝\r\n ╚██╗ ██║ ██║███████╗╚██████╔╝██║ ██║██║███████║ ██║ ██║╚██████╗ ██╔╝\r\n ╚═╝ ╚═╝ ╚═╝╚══════╝ ╚═════╝ ╚═╝ ╚═╝╚═╝╚══════╝ ╚═╝ ╚═╝ ╚═════╝ ╚═╝\r\n █████╗ ███╗ ██╗ █████╗ ██╗ ██╗ ██╗███████╗██╗███████╗\r\n ██╔══██╗████╗ ██║██╔══██╗██║ ╚██╗ ██╔╝██╔════╝██║██╔════╝\r\n ███████║██╔██╗ ██║███████║██║ ╚████╔╝ ███████╗██║███████╗\r\n ██╔══██║██║╚██╗██║██╔══██║██║ ╚██╔╝ ╚════██║██║╚════██║\r\n ██║ ██║██║ ╚████║██║ ██║███████╗██║ ███████║██║███████║\r\n ╚═╝ ╚═╝╚═╝ ╚═══╝╚═╝ ╚═╝╚══════╝╚═╝ ╚══════╝╚═╝╚══════╝\r\n*/\r\n\r\n// ┌──────────────────────────┤ ABOUT ├──────────────────────────┐\r\n// │ This heuristic analysis helps detect the presence of │\r\n// │ obfuscation, packers, licensing systems, debugging │\r\n// │ information, file integrity issues, or even potential │\r\n// │ malicious code using advanced and complex checks. It │\r\n// │ includes pinpoint scanning, intelligent inspections, │\r\n// │ signature-based analysis, thorough file content │\r\n// │ evaluation, and much more! >:) │\r\n// │ │\r\n// │ Supported archictures: │\r\n// │ 1. I386 (x86_32) 2. AMD64 (x86_64) │\r\n// │ 3. ARM 4. ARM THUMB │\r\n// │ 5. ARMNT (ARMv7) │\r\n// │ │\r\n// └─────────────────────────────────────────────────────────────┘\r\n\r\n// ┌─────────────────────────┤ CONTACTS ├────────────────────────┐\r\n// │ ┌ Author is DosX │\r\n// │ └┬─ E-Mail: collab@kay-software.ru │\r\n// │ ├─ GitHub: https://github.com/DosX-dev │\r\n// │ └─ Telegram: @DosX_dev │\r\n// ├─────────────────────────────────────────────────────────────┤\r\n// │ If I don't respond to email, message to Telegram │\r\n// └─────────────────────────────────────────────────────────────┘\r\n\r\n// ┌──────────────────────────┤ DONATE ├─────────────────────────┐\r\n// │ ┌ Did you like my work? Thank you! What about donation? │\r\n// │ │ This will greatly help the development! │\r\n// │ └─┐ │\r\n// │ ├─ BTC: bc1qclzlujunh8zyyxaar8y8t0chwfardesq9uvphh │\r\n// │ │ │\r\n// │ ├─ SOL: 6693kpkspRU2fauVpMkVznnETGX7GdMsLFQED6QFfaWa │\r\n// │ │ │\r\n// │ ├─ TRX: TYezKdq5YkrSmmUy6d9e212KcHxQigtTqJ │\r\n// │ │ │\r\n// │ ├─ ETH: 0xd5f1e450a4A9325165ed6b5ed5E28Da882AB932a │\r\n// │ │ ERC-20 ─┘ │\r\n// │ │ │\r\n// │ └─ USDT: TYezKdq5YkrSmmUy6d9e212KcHxQigtTqJ │\r\n// │ TRC-20 ─┘ │\r\n// └─────────────────────────────────────────────────────────────┘\r\n\r\n// ┌───────────────────────────────────────────────┐\r\n// │ For the module to work correctly, official │\r\n// │ Detect It Easy components are recommended │\r\n// ├───────────────────────────────────────────────┘\r\n// └─┐\r\n// └── Please don't read the code out loud\r\n// unless you have exorcism skills\r\n\r\n\"use strict\";\r\n\r\nconst\r\n PE_Cached = {}, // PE-related cache-map\r\n logType = {\r\n warning: -2, // Service warnings\r\n about: -1, // Information about a module\r\n nothing: 0, // General information about the scanning process\r\n any: 1, // Native and .NET\r\n net: 2 // .NET only\r\n },\r\n heurLabel = \"HEUR\";\r\n\r\nvar lastOffsetDetected = \"0x00\";\r\n\r\n\r\n\r\nfunction detect() {\r\n if (stubForWrongEnvironment()) return null; // 'PE' is undefined\r\n if (stubForLegacyEngines()) return null; // old DIE version\r\n\r\n return main();\r\n}\r\n\r\n\r\n\r\nfunction main() {\r\n initializeCache();\r\n\r\n if (PE.isHeuristicScan()) {\r\n if (!PE.isVerbose()) {\r\n log(logType.warning, \"To get the full heuristic scan result use \\\"--verbose\\\"\");\r\n }\r\n\r\n log(logType.about, \"Generic Heuristic Analysis by DosX (@DosX_dev)\");\r\n\r\n log(logType.nothing, \"Scanning has begun!\");\r\n\r\n if (PE_Cached.isDotNet) {\r\n // Detection obfuscation and anti-analysis techniques specific to .NET\r\n scanForObfuscations_NET();\r\n scanForAntiAnalysis_NET();\r\n } else {\r\n // Detection of anomalies specific to Native\r\n scanForObfuscations_Native();\r\n }\r\n\r\n // Detection of anomalies most commonly found in packers, cryptors, protectors...\r\n scanForPackersAndCryptors_NET_and_Native();\r\n\r\n // Detection licensing information (detecting possible DRM systems or licensing strings)\r\n scanForLicensingSystems_NET_and_Native();\r\n\r\n // A cursory checks of the file format integrity\r\n scanForBadFileFormat_NET_and_Native();\r\n\r\n // Detection of debug information (headers, sections, strings...)\r\n scanForDebugData_NET_and_Native();\r\n\r\n // Detection for suspicious or potentially malicious patterns\r\n scanForMaliciousCode_NET_and_Native();\r\n\r\n if (PE.isVerbose()) {\r\n // Detection of programming language, compiler, linker\r\n scanForLanguagesAndCompilers_NET_and_Native();\r\n\r\n // Detection of specific markers and pointers that are read by the operating system\r\n scanForInterestingMarkers_NET_and_Native();\r\n }\r\n\r\n // >> Happy end <<\r\n log(logType.nothing, \"Scan completed.\");\r\n } else {\r\n log(logType.warning, \"Heuristic scan is disabled. Use '--heuristicscan' to enable\");\r\n }\r\n\r\n unloadCache();\r\n}\r\n\r\n\r\n\r\nfunction stubForLegacyEngines() {\r\n if (typeof PE.getNetAssemblyName === \"undefined\") {\r\n stdout(\">>> Update DIE Engine to 3.20 and higher for using Heuristic-analyzer by DosX <<<\");\r\n debugger;\r\n return true;\r\n }\r\n\r\n return false;\r\n}\r\n\r\n\r\n\r\nfunction stubForWrongEnvironment() {\r\n if (typeof PE === \"undefined\") {\r\n stdout(\">>> Wrong environment! 'PE' is undefined. Check DIE-engine for correct installation <<<\");\r\n debugger;\r\n return true;\r\n }\r\n\r\n if (PE.isHeuristicScan() && PE.isVerbose() && !_getNumberOfResults(\"operation system\")) {\r\n stdout(\">>> Script is running outside the environment! Are you in debug mode? <<<\");\r\n debugger;\r\n }\r\n\r\n return false;\r\n}\r\n\r\n\r\n\r\n/**\r\n * Outputs a warning message to the appropriate output stream.\r\n *\r\n * Depending on the environment, this function will:\r\n * - Use `console.warn` if `console` is available.\r\n * - Use `_setResult` if `File` is available.\r\n * - Use `_error` if it is defined as a function.\r\n * - Throw an error if none of the above conditions are met.\r\n *\r\n * @param {string} stringToOut - The warning message to output.\r\n * @returns {void} No return value;\r\n */\r\nfunction stdout(stringToOut) {\r\n if (typeof console === \"object\") {\r\n console.warn(stringToOut);\r\n } else if (typeof File === \"object\") {\r\n _setResult(\"~warning\", stringToOut, String(), String());\r\n } else {\r\n if (typeof _error === \"function\") {\r\n _error(stringToOut);\r\n } else {\r\n throw stringToOut;\r\n }\r\n }\r\n}\r\n\r\n\r\n\r\n/**\r\n * Initialize the PE-related cache by reading values from the PE API and storing them\r\n * into the global PE_Cached object.\r\n *\r\n * The function constructs a temporary map containing typed entries sourced from the PE\r\n * interface, then copies each entry into PE_Cached.\r\n *\r\n * Side effects:\r\n * - Mutates the global PE_Cached object by adding/updating the keys listed above.\r\n *\r\n * @function initializeCache\r\n * @returns {void} No return value; updates PE_Cached as a side effect.\r\n */\r\nfunction initializeCache() {\r\n var cacheMap = {\r\n /* Local functions */\r\n /* Boolean */ isArchX86: isArchX86,\r\n /* Boolean */ isCppClrLikeApp: isCppClrLikeApp,\r\n /* Boolean */ isVbNetStandardLibraryPresent: isVbNetStandardLibraryPresent,\r\n /* Boolean */ isJscriptNetStandardLibraryPresent: isJscriptNetStandardLibraryPresent,\r\n /* String */ firstEpAsmInstruction: getFirstEpAsmInstruction,\r\n /* Native functions */\r\n /* Boolean */ is64bit: PE[\"is64\"],\r\n /* Boolean */ isDotNet: PE[\"isNet\"],\r\n /* Boolean */ isDynamicLinkLibrary: PE[\"isDll\"],\r\n /* Boolean */ isNetGlobalCctorPresent: PE[\"isNetGlobalCctorPresent\"],\r\n /* Boolean */ isRichSignaturePresent: PE[\"isRichSignaturePresent\"],\r\n /* Number */ numberOfSections: PE[\"getNumberOfSections\"],\r\n /* Number */ numberOfRichIDs: PE[\"getNumberOfRichIDs\"],\r\n /* Number */ numberOfUnmanagedResources: PE[\"getNumberOfResources\"],\r\n /* Number */ numberOfUnmanagedImports: PE[\"getNumberOfImports\"],\r\n /* Number */ numberOfUnmanagedExports: PE[\"getNumberOfExports\"],\r\n /* Number */ indexOfImportsSection: PE[\"getImportSection\"],\r\n /* Number */ indexOfExportsSection: PE[\"getExportSection\"],\r\n /* String */ nameOfNetAssemblyName: PE[\"getNetAssemblyName\"],\r\n /* String */ nameOfNetModuleName: PE[\"getNetModuleName\"]\r\n };\r\n\r\n for (var key in cacheMap) {\r\n const functionBody = cacheMap[key];\r\n\r\n if (functionBody) {\r\n PE_Cached[key] = functionBody();\r\n } else {\r\n stdout(\">>> PE API function '\" + key + \"' is undefined! <<<\");\r\n debugger;\r\n }\r\n }\r\n}\r\n\r\n\r\n\r\n/**\r\n * Clears the PE cache by setting it to undefined.\r\n * \r\n * @function unloadCache\r\n * @returns {void} No return value; sets PE_Cached to undefined.\r\n */\r\nfunction unloadCache() {\r\n PE_Cached = undefined;\r\n}\r\n\r\n\r\n\r\n// #region \"obfuscations (.NET)\"\r\nfunction scanForObfuscations_NET() {\r\n log(logType.nothing, \"Scanning for obfuscation...\");\r\n\r\n var options = String();\r\n\r\n var isDetected = Boolean();\r\n\r\n\r\n\r\n\r\n // Is managed entry point modified? Let's check it using default .NET EP names\r\n\r\n var isEntryPointModified = false;\r\n\r\n const vbNetEntries = [\r\n \"Main\",\r\n \"main\",\r\n \"MAIN\",\r\n \"MyApplication\"\r\n ], defaultEntries = [ // like MSIL, C#, C++ NET etc\r\n \"Main\",\r\n \"main\", // F# entry\r\n \"main@\", // F# entry\r\n \"
$\", // For programs with top-level operators (C#)\r\n \"mainCRTStartup\", // C++ CLR .NET (CLI)\r\n \"wWinMainCRTStartup\", // C++ CLR .NET (GUI)\r\n \"_WinMainCRTStartup\"\r\n ]\r\n\r\n if (!PE_Cached.isDynamicLinkLibrary) {\r\n if (PE_Cached.isVbNetStandardLibraryPresent) {\r\n if (isAllNetReferencesMissing(vbNetEntries)) {\r\n isEntryPointModified = true;\r\n }\r\n } else if (isAllNetReferencesMissing(defaultEntries)) {\r\n isEntryPointModified = true;\r\n }\r\n\r\n if (isEntryPointModified) {\r\n log(logType.net, \"No \\\"Main\\\" method found\");\r\n }\r\n }\r\n\r\n if (isEntryPointModified) options = \"Modified managed EP\";\r\n\r\n\r\n\r\n\r\n // .cctor can execute code before the Main method is called \r\n\r\n var isNetCctorPresent = false;\r\n\r\n if (PE_Cached.isNetGlobalCctorPresent && !PE_Cached.isCppClrLikeApp && !isUnpackagedWindowsAppSdkLinked()) {\r\n log(logType.net, \"Global constructor detected!\");\r\n\r\n isNetCctorPresent = true;\r\n }\r\n\r\n if (isNetCctorPresent) options = addOption(options, \"CLR constructor\");\r\n\r\n\r\n\r\n\r\n // If .NET meta headers are not present in the default .NET section, then the file is mutant\r\n\r\n var isStrangeEpPosition = false;\r\n\r\n const netMetaHeaders = [\r\n \"~\",\r\n \"Strings\",\r\n \"US\",\r\n \"GUID\",\r\n \"Blob\"\r\n ];\r\n\r\n // Specify the default .NET section index\r\n const defaultNetSection = 0;\r\n\r\n // Check conditions for a strange entry point position (not for CLR apps)\r\n if (!PE_Cached.isDynamicLinkLibrary && PE_Cached.numberOfSections > 1 && !PE_Cached.isCppClrLikeApp) {\r\n // Iterate through .NET metadata headers\r\n for (var s = 0; s < netMetaHeaders.length; s++) {\r\n const headerName = netMetaHeaders[s];\r\n\r\n // Check if the signature is not present in the default .NET section\r\n if (!PE.isSignatureInSectionPresent(defaultNetSection, \"00'#\" + headerName + \"'00\")) {\r\n isStrangeEpPosition = true;\r\n break;\r\n }\r\n }\r\n }\r\n\r\n if (isStrangeEpPosition) options = addOption(options, \"Strange EP position\");\r\n\r\n\r\n\r\n\r\n // .NET files has a specific pattern of the entry point\r\n\r\n var isNativeEntryPointModified = false;\r\n\r\n if (!PE_Cached.isDynamicLinkLibrary && !PE_Cached.isCppClrLikeApp) { // not for CLR apps\r\n if (!PE_Cached.is64bit && PE_Cached.isArchX86) {\r\n // FF2500????00: jmp dword ptr [ ... ]\r\n const firstOpCode = getFirstEpAsmOpCode();\r\n\r\n if (firstOpCode !== \"JMP\") {\r\n if (PE.VAToOffset(PE.getAddressOfEntryPoint()) !== -1) {\r\n log(logType.net, \"Very strange EP pattern: \" + getEpAsmPattern(true, 4).split(\"|\").join(\" .. \"));\r\n } else {\r\n log(logType.net, \"No native entry point\");\r\n }\r\n\r\n isNativeEntryPointModified = true;\r\n }\r\n } else { // AMD64\r\n if (PE.VAToOffset(PE.getAddressOfEntryPoint()) !== 0x00) {\r\n isNativeEntryPointModified = true;\r\n }\r\n }\r\n }\r\n\r\n if (isNativeEntryPointModified) options = addOption(options, \"Modified native EP\");\r\n\r\n\r\n\r\n\r\n // Check if the specified DOS message is not found in the DOS stub\r\n\r\n var isDosMessageModified = false;\r\n\r\n if (PE.findSignature(PE.getDosStubOffset(), PE.getDosStubSize(), \"'This program cannot be run in DOS mode.'\") === -1) {\r\n log(logType.net, \"DOS-stub modified!\");\r\n\r\n isDosMessageModified = true;\r\n }\r\n\r\n if (isDosMessageModified) options = addOption(options, \"Modified DOS\");\r\n\r\n\r\n\r\n\r\n // PE file must contain at least two sections: one for code and one for resources.\r\n\r\n var isOneSectionFile = false;\r\n\r\n if (PE_Cached.numberOfSections === 1) {\r\n log(logType.net, \"Only one section found!\");\r\n\r\n isOneSectionFile = true;\r\n }\r\n\r\n if (isOneSectionFile) options = addOption(options, \"Only one section\");\r\n\r\n\r\n\r\n\r\n // Check for strange sections\r\n\r\n var isStrangeSectionsPresent = false;\r\n\r\n const badChars = '_-=+~!@#$%^&*()\"№;%:?*():;,/\\\\|\\'`<>.0123456789'; // Very very bad!\r\n\r\n if (PE_Cached.numberOfSections > (!PE_Cached.isCppClrLikeApp ? 6 : 10) || !PE.section[\".text\"]) { isStrangeSectionsPresent = true; } else {\r\n // Iterate through each section\r\n for (var i = 0; i < PE_Cached.numberOfSections && !isStrangeSectionsPresent; i++) {\r\n const sectionName = PE.getSectionName(i);\r\n\r\n // Check if the first character is not \".\" and the length of name is less than 3\r\n if (sectionName[0] !== \".\" && sectionName.length < 3) {\r\n isStrangeSectionsPresent = true;\r\n break;\r\n }\r\n\r\n // Iterate through characters after \".\"\r\n // Check if the character is in the badChars list\r\n for (var d = 0; d < badChars.length && !isStrangeSectionsPresent; d++) {\r\n if (sectionName.substr(1, sectionName.length).indexOf(badChars[d]) !== -1) {\r\n isStrangeSectionsPresent = true;\r\n }\r\n }\r\n\r\n if (!isAsciiString(sectionName) && !isStrangeSectionsPresent) {\r\n isStrangeSectionsPresent = true;\r\n }\r\n }\r\n }\r\n\r\n if (isStrangeSectionsPresent) options = addOption(options, \"Strange sections\");\r\n\r\n\r\n\r\n\r\n // Check for strange resources\r\n\r\n var isStrangeUnmanagedResourcesPresent = false;\r\n\r\n for (var i = 0; i < PE_Cached.numberOfUnmanagedResources && !isStrangeUnmanagedResourcesPresent; i++) {\r\n const unmanagedResourceName = PE.getResourceNameByNumber(i);\r\n\r\n if (unmanagedResourceName && (!isAsciiString(unmanagedResourceName) || isNameObfuscated(unmanagedResourceName))) {\r\n log(logType.net, \"Strange unmanaged resource name: \" + unmanagedResourceName);\r\n\r\n isStrangeUnmanagedResourcesPresent = true;\r\n }\r\n }\r\n\r\n if (isStrangeUnmanagedResourcesPresent) options = addOption(options, \"Strange unmanaged resources\");\r\n\r\n\r\n\r\n\r\n // Check for a lot of sections (more than 10 -> this is a lot for .NET)\r\n\r\n var tooManySectionsPresent = false;\r\n\r\n if (PE_Cached.numberOfSections > 10) {\r\n tooManySectionsPresent = true;\r\n }\r\n\r\n if (tooManySectionsPresent) options = addOption(options, \"Too many sections\");\r\n\r\n\r\n\r\n\r\n const opCodes = new NetOpCodes();\r\n\r\n\r\n\r\n\r\n // A popular way to obfuscate numbers/booleans\r\n\r\n var isIntConfusionPresent = false;\r\n\r\n const intConfusionXorPattern = opCodes.ldc_i4 + opCodes.ldc_i4 + opCodes.xor + opCodes.ldc_i4;\r\n\r\n if (validateNetByteCode(intConfusionXorPattern)) {\r\n if (validateNetByteCode( // samples by: Inx Obfuscator\r\n intConfusionXorPattern +\r\n (opCodes.setStrict(opCodes.bne_un_s, \"09\") + opCodes.ldc_i4_2 + opCodes.stloc_0 + opCodes.sizeof + opCodes.add)\r\n ) ||\r\n validateNetByteCode( // samples by: MindLated, NetShield\r\n intConfusionXorPattern +\r\n (opCodes.bne_un + opCodes.ldc_i4 + opCodes.stloc + opCodes.sizeof + opCodes.add)\r\n ) ||\r\n validateNetByteCode( // samples by: VavilonProtect\r\n intConfusionXorPattern +\r\n (opCodes.bne_un + opCodes.ldc_i4_2 + opCodes.stloc_s + opCodes.sizeof + opCodes.add)\r\n )\r\n ) {\r\n log(logType.net, \"Int confusion detected! Offset: \" + lastOffsetDetected);\r\n\r\n isIntConfusionPresent = true;\r\n }\r\n }\r\n\r\n if (isIntConfusionPresent) options = addOption(options, \"Int confusion\");\r\n\r\n\r\n\r\n\r\n // Virtualization is a method of protection in which some code segments are rewritten into instructions inherent in the built-in virtual machine and executed by it\r\n\r\n var isVirtualizationPresent = false;\r\n\r\n if (\r\n isAllNetReferencesPresent(\r\n [\r\n \"System.Reflection\", // System.Reflection.dll\r\n \"GetILGenerator\", // MSIL: 'System.Reflection.Emit.DynamicMethod::GetILGenerator()'\r\n \"BeginInvoke\",\r\n \"EndInvoke\",\r\n \"OpCode\" // MSIL: 'System.Reflection.Emit.OpCode'\r\n ]\r\n ) &&\r\n (\r\n validateNetObject(\"Ldarg_0\") || // MSIL: 'System.Reflection.Emit.OpCodes.Ldarg_0'\r\n validateNetObject(\"CreateDelegate\") // MSIL: 'System.Delegate.CreateDelegate'\r\n ) && !isFrameworkComponent()\r\n ) {\r\n log(logType.net, \"Virtualization-like behavior detected!\");\r\n\r\n isVirtualizationPresent = true;\r\n }\r\n\r\n if (isVirtualizationPresent) options = addOption(options, \"Virtualization\");\r\n\r\n\r\n\r\n\r\n // Hiding calls using delegate tricks\r\n\r\n var callsEncrypt = false;\r\n\r\n if (\r\n isAllNetReferencesPresent(\r\n [\r\n \"GetTypeFromHandle\", // MSIL: 'System.Type::GetTypeFromHandle( ... )'\r\n \"BinaryReader\", // MSIL: 'System.IO.BinaryReader'\r\n \"CreateDelegate\", // MSIL: '[Delegate].CreateDelegate'\r\n \"MakeByRefType\", // MSIL: 'System.Type::MakeByRefType()'\r\n \"DynamicMethod\" // MSIL: 'System.Reflection.Emit.DynamicMethod'\r\n ]\r\n ) && !isFrameworkComponent()\r\n ) {\r\n callsEncrypt = true;\r\n }\r\n\r\n if (callsEncrypt) options = addOption(options, \"Calls encrypt\");\r\n\r\n\r\n\r\n\r\n // https://learn.microsoft.com/en-us/dotnet/api/system.runtime.compilerservices.suppressildasmattribute\r\n\r\n var isAntiIldasmPresent = false;\r\n\r\n if (validateNetObject(\"SuppressIldasmAttribute\")) {\r\n isAntiIldasmPresent = true;\r\n }\r\n\r\n if (isAntiIldasmPresent) options = addOption(options, \"Anti-ILDASM\");\r\n\r\n\r\n\r\n\r\n // Anti de4dot via inheritance\r\n\r\n var isAntiDe4dotPresent = false;\r\n\r\n if (\r\n validateSignature(\"'Form'******00'Form'******00'Form'******00\") || // samples by: NetShield\r\n validateNetObject(\"Form0\") // samples by: MindLated\r\n ) {\r\n log(logType.net, \"File may be protected by de4dot!\");\r\n\r\n isAntiDe4dotPresent = true;\r\n }\r\n\r\n if (isAntiDe4dotPresent) options = addOption(options, \"Anti-de4dot\");\r\n\r\n\r\n\r\n\r\n // An obfuscation method in which calli is used instead of regular calls\r\n\r\n var isCalliInvokesPresent = false;\r\n\r\n if (validateNetByteCode( // samples by: MindLated\r\n opCodes.setStrict(opCodes.ldftn, \"** ?? 00 0A\") +\r\n opCodes.setStrict(opCodes.calli, \"** 00 00 11\")\r\n ) ||\r\n validateNetByteCode( // samples by: ArmDot, DarksProtector\r\n opCodes.ldelem_i +\r\n opCodes.setStrict(opCodes.calli, \"** 00 00 11\")\r\n )) {\r\n log(logType.net, \"Calli invokes detected! Offset: \" + lastOffsetDetected);\r\n\r\n isCalliInvokesPresent = true;\r\n }\r\n\r\n if (isCalliInvokesPresent) options = addOption(options, \"Calli invokes\");\r\n\r\n\r\n\r\n\r\n // An obfuscation method that uses ldftn to create pointers to methods, which are then used in the code\r\n\r\n var isLdftnPointersPresent = false;\r\n\r\n if (validateNetByteCode(\r\n opCodes.nop + opCodes.setStrict(opCodes.ldftn, \"** 00 00 06\") + opCodes.stelem_i\r\n ) ||\r\n validateNetByteCode(\r\n opCodes.nop + opCodes.setStrict(opCodes.ldftn, \"** 00 00 0A\") + opCodes.stelem_i\r\n ) ||\r\n validateNetByteCode( // samples by: Quantum (private)\r\n opCodes.setStrict(opCodes.ldftn, \"** 00 00 0A\") +\r\n opCodes.setStrict(opCodes.calli, \"** 00 00 11\")\r\n )) {\r\n log(logType.net, \"Ldftn pointers method-obfuscation detected! Offset: \" + lastOffsetDetected);\r\n\r\n isLdftnPointersPresent = true;\r\n }\r\n\r\n if (isLdftnPointersPresent) options = addOption(options, \"Ldftn pointers\");\r\n\r\n\r\n\r\n\r\n // Turns the code into spaghetti by splitting it into blocks that it executes depending on the situation\r\n\r\n var isCtrlFlowPresent = false;\r\n\r\n if (\r\n validateNetByteCode( // samples by: ConfuserEx\r\n opCodes.nop + opCodes.ldloc_0 + opCodes.ldc_i4 + opCodes.mul + opCodes.ldc_i4 + opCodes.xor + opCodes.br_s +\r\n opCodes.nop + opCodes.ldloc_0 + opCodes.ldc_i4 + opCodes.mul + opCodes.ldc_i4 + opCodes.xor + opCodes.br_s\r\n ) ||\r\n validateNetByteCode( // samples by: ConfuserEx (neo mod)\r\n opCodes.ldc_i4 + opCodes.ldc_i4 + opCodes.xor + opCodes.dup + opCodes.stloc_0 + opCodes.ldc_i4_3 + opCodes.rem_un + opCodes.switch__nobody\r\n ) ||\r\n validateNetByteCode( // samples by: .NET Reactor (v6.9.8)\r\n opCodes.setStrict(opCodes.ldc_i4, \"00 00 00 00\") + opCodes.br + opCodes.br + opCodes.ldloc\r\n ) ||\r\n validateNetByteCode( // samples by: .NET Reactor\r\n opCodes.ldsfld + opCodes.brfalse + opCodes.pop +\r\n opCodes.setStrict(opCodes.ldc_i4, \"01 00 00 00\") + // MSIL: 'ldc.4 1'\r\n opCodes.br + opCodes.nop\r\n ) ||\r\n validateNetByteCode( // samples by: .NET Reactor\r\n opCodes.setNullValue(opCodes.ldc_i4) +\r\n opCodes.ldsfld + opCodes.brtrue + opCodes.pop + opCodes.ldc_i4 +\r\n opCodes.br\r\n ) ||\r\n validateNetByteCode( // samples by: .NET Reactor (legacy~~)\r\n opCodes.stloc + opCodes.ldloc +\r\n opCodes.joinNoBodyAndValue(opCodes.switch__nobody, \"** ** ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 00 00\", \"switch__nobody\") +\r\n opCodes.ldc_i4 + opCodes.br\r\n ) ||\r\n validateNetByteCode( // Crypto Obfuscator\r\n opCodes.ldc_i4_3 + opCodes.joinNoBodyAndValue(opCodes.switch__nobody, \"01 00 00 00 F6 FF FF FF\") + opCodes.ldc_i4_1 + opCodes.brtrue_s + opCodes.ldtoken + opCodes.pop\r\n ) ||\r\n validateNetByteCode( // samples by: MindLated, NetShield\r\n opCodes.setNullValue(opCodes.ldc_i4) + // MSIL: 'ldc.i4 0'\r\n opCodes.stloc + opCodes.br + opCodes.nop + opCodes.ldloc +\r\n opCodes.setStrict(opCodes.ldc_i4, \"01 00 00 00\") + // MSIL: 'ldc.i4 1'\r\n opCodes.ceq + opCodes.brfalse\r\n ) ||\r\n validateNetByteCode( // samples by: Rose Obfuscator\r\n opCodes.setNullValue(opCodes.ldc_i4) + // MSIL: 'ldc.i4 0'\r\n opCodes.stloc + opCodes.br + opCodes.nop + opCodes.ldloc + opCodes.ldc_i4 + opCodes.ceq + opCodes.brfalse\r\n ) ||\r\n validateNetByteCode( // samples by: Smart Assembly\r\n opCodes.ldc_i4 + opCodes.br + opCodes.ldloc_s + opCodes.ldc_i4_s + opCodes.ldc_i4_0 + opCodes.stelem_i1 +\r\n opCodes.ldc_i4 + opCodes.br\r\n ) ||\r\n validateNetByteCode( // samples by: ConfuserEx (Beds mod)\r\n opCodes.ldc_i4 + opCodes.ldc_i4 + opCodes._unknown + opCodes.ldc_i4 + opCodes._unknown + opCodes.stloc_0 + opCodes.nop + opCodes.ldloc_0 +\r\n opCodes.ldc_i4 + opCodes.ldc_i4 + opCodes._unknown + opCodes.ldc_i4 + opCodes._unknown + opCodes.ceq + opCodes.brfalse_s\r\n ) ||\r\n validateNetByteCode( // samples by: DotNetPatcher\r\n opCodes.setStrict(opCodes.stloc_s, \"05\") + opCodes.nop + opCodes.ldloc_s + opCodes._unknown + opCodes.ceq + opCodes.brfalse_s + opCodes._unknown +\r\n opCodes.setStrict(opCodes.stloc_s, \"05\") + opCodes.nop + opCodes.ldloc_s + opCodes._unknown + opCodes.ceq + opCodes.brfalse_s\r\n ) ||\r\n validateNetByteCode( // samples by: VMProtect\r\n opCodes.ldloc_0 + opCodes.setStrict(opCodes.ldc_i4, \"?? ** ** **\") + opCodes._unknown + opCodes.stloc_0 +\r\n opCodes.ldloc_0 + opCodes.setStrict(opCodes.ldc_i4, \"?? ** ** **\") + opCodes.xor + opCodes.stloc_0\r\n ) ||\r\n validateNetByteCode( // samples by: VMProtect\r\n opCodes.setStrict(opCodes.ldc_i4, \"?? ** ** **\") + opCodes._unknown + opCodes.stloc_0 + opCodes.setStrict(opCodes.ldftn, \"** ?? ?? ??\")\r\n )\r\n ) {\r\n log(logType.net, \"Control flow obfuscation detected! Offset: \" + lastOffsetDetected);\r\n\r\n isCtrlFlowPresent = true;\r\n }\r\n\r\n if (isCtrlFlowPresent) options = addOption(options, \"Ctrl flow\");\r\n\r\n\r\n\r\n\r\n const afterCtorOffset = PE.findSignature(PE.getDosStubOffset() + PE.getDosStubSize(), PE.getSize() - PE.getOverlaySize(), \"''00**\") + 8;\r\n\r\n\r\n\r\n\r\n // Indicates that the file uses short object names. Typically this indicates the presence of an obfuscation\r\n // There are two ways to detect short names - find one-letter objects or just use signature mask at Ctor offset :D\r\n\r\n var isShortNamesPresent = false;\r\n\r\n if (PE.compare(\"00**00**00\", afterCtorOffset) ||\r\n PE.compare(\"00****00****00****00\", afterCtorOffset) ||\r\n PE.compare(\"00******00******00******00\", afterCtorOffset) ||\r\n PE.compare(\"00********00********00********00\", afterCtorOffset) ||\r\n PE.compare(\"00****00****00\", afterCtorOffset) ||\r\n PE.compare(\"00****00**00\", afterCtorOffset) ||\r\n PE.compare(\"00**00****00\", afterCtorOffset)) {\r\n log(logType.net, \"Short names detected! (mask)\");\r\n\r\n isShortNamesPresent = true;\r\n }\r\n\r\n if (!isShortNamesPresent && PE.compare(\"00**00\", afterCtorOffset)) { // the second way :D\r\n var shortNamesFound = 0;\r\n\r\n const chars = \"QWERTYUIOPASDFGHJKLZXCVBNMqwertyuiopasdfghjklzxcvbnm\";\r\n\r\n for (var i = 1; i < chars.length && !isShortNamesPresent; i++) {\r\n if (PE.isNetObjectPresent(chars[i])) {\r\n log(logType.net, \"Short name found: \\\"\" + chars[i] + \"\\\" (\" + shortNamesFound + \"/20)\");\r\n\r\n shortNamesFound++;\r\n }\r\n\r\n if (shortNamesFound === 20) {\r\n isShortNamesPresent = true;\r\n }\r\n }\r\n }\r\n\r\n if (isShortNamesPresent) options = addOption(options, \"Short names\");\r\n\r\n\r\n\r\n\r\n // Scan for strange patterns after .ctor (like \"a1b2c3d4e5f6g7h8i9j0\")\r\n\r\n var badNamings = false;\r\n\r\n var buffer = String();\r\n\r\n // get next 0x12c bytes after .ctor\r\n for (var i = 0; i < 0x12c; i++) {\r\n var currentByte = PE.readByte(afterCtorOffset + i).toString(16);\r\n\r\n if (currentByte === '0') currentByte += '0';\r\n\r\n buffer += currentByte;\r\n buffer += ' ';\r\n }\r\n\r\n var bufferString = String();\r\n\r\n // 0x00 to [0x20, 0x20, 0x20]\r\n const bufferArray = replaceAllInString(buffer, '00 ', '20 20 20 ').split(' ');\r\n\r\n // buffer to a string\r\n for (var i = 0; i < bufferArray.length; i++)\r\n bufferString += String.fromCharCode(parseInt(bufferArray[i], 16));\r\n\r\n\r\n const patternsToExplore = bufferString.split(\" \");\r\n\r\n var strangePatternsCounter = 0;\r\n\r\n // https://web.archive.org/web/20190719134346/http://bartdesmet.net/blogs/bart/archive/2008/08/21/how-c-array-initializers-work.aspx\r\n var isPrivateImplementationDetailsPresent = validateNetObject(\"\");\r\n\r\n for (var i = 0; i < patternsToExplore.length && !badNamings; i++) {\r\n\r\n const currentStringPattern = patternsToExplore[i];\r\n\r\n if (isPrivateImplementationDetailsPresent && currentStringPattern.length === 40) {\r\n break;\r\n }\r\n\r\n if (currentStringPattern.indexOf(\"<\") === -1 &&\r\n !/^([0-9A-F]{64})$/.test(currentStringPattern) && // These names may be generated by the compiler\r\n isNameObfuscated(currentStringPattern)) {\r\n strangePatternsCounter++;\r\n }\r\n\r\n if (strangePatternsCounter > 2)\r\n badNamings = true;\r\n\r\n }\r\n\r\n if (badNamings) options = addOption(options, \"Bad namings\");\r\n\r\n\r\n\r\n\r\n // AntiTamper protects the file from modification\r\n\r\n var isAntiTamperPresent = false;\r\n\r\n if (\r\n validateNetUnicodeString(\" is tampered.\") || // samples by: .NET Reactor\r\n validateNetUnicodeString(\"ping 127.0.0.1 > nul\") || // samples by: ConfuserEx (Trinity, SkiDzEx like)\r\n validateNetUnicodeString(\"/C ping 1.1.1.1 -n 1 -w 3000 > Nul & Del \\\"\") || // samples by: MindLated\r\n validateNetUnicodeString( // samples by: ConfuserEx\r\n opCodes.ldloc_s + opCodes.ldc_i4_0 + opCodes.ldloc_s + opCodes.ldc_i4_0 + opCodes.ldelem_u4 + opCodes.ldloc_s + opCodes.ldc_i4_0 + opCodes.ldelem_u4 + opCodes._unknown + opCodes.stelem_i4 +\r\n opCodes.ldloc_s + opCodes.ldc_i4_1 + opCodes.ldloc_s + opCodes.ldc_i4_1 + opCodes.ldelem_u4 + opCodes.ldloc_s + opCodes.ldc_i4_1 + opCodes.ldelem_u4 + opCodes._unknown + opCodes.stelem_i4 +\r\n opCodes.ldloc_s + opCodes.ldc_i4_2 + opCodes.ldloc_s + opCodes.ldc_i4_2 + opCodes.ldelem_u4 + opCodes.ldloc_s + opCodes.ldc_i4_2 + opCodes.ldelem_u4 + opCodes._unknown + opCodes.stelem_i4 +\r\n opCodes.ldloc_s + opCodes.ldc_i4_3 + opCodes.ldloc_s + opCodes.ldc_i4_3 + opCodes.ldelem_u4 + opCodes.ldloc_s + opCodes.ldc_i4_3 + opCodes.ldelem_u4 + opCodes._unknown + opCodes.stelem_i4 +\r\n opCodes.ldloc_s + opCodes.ldc_i4_4 + opCodes.ldloc_s + opCodes.ldc_i4_4 + opCodes.ldelem_u4 + opCodes.ldloc_s + opCodes.ldc_i4_4 + opCodes.ldelem_u4 + opCodes._unknown + opCodes.stelem_i4\r\n ) ||\r\n validateNetByteCode( // samples: ConfuserEx (Beds mod, private)\r\n opCodes.ldloc_s + opCodes._unknown + opCodes.shr_un + opCodes.ldloc_s + opCodes.ldc_i4_s + opCodes.shl + opCodes.or + opCodes.stloc_s +\r\n opCodes.ldloc_s + opCodes._unknown + opCodes.shr_un + opCodes.ldloc_s + opCodes.ldc_i4_s + opCodes.shl + opCodes.or + opCodes.stloc_s +\r\n opCodes.ldloc_s + opCodes._unknown + opCodes.shr_un + opCodes.ldloc_s + opCodes.ldc_i4_s + opCodes.shl + opCodes.or + opCodes.stloc_s\r\n )\r\n ) {\r\n log(logType.net, \"Anti-tamper detected!\");\r\n\r\n isAntiTamperPresent = true;\r\n }\r\n\r\n if (isAntiTamperPresent) options = addOption(options, \"Anti-tamper\");\r\n\r\n\r\n\r\n\r\n // If in the assembly you can find the second object starting with “”, then this is a fakeee!\r\n\r\n var isModuleCtorMultiple = false;\r\n\r\n var currentCtorOffset = PE.findSignature(PE.getDosStubOffset() + PE.getDosStubSize(), PE.getSize() - PE.getOverlaySize(), \"00''00\");\r\n\r\n if (currentCtorOffset !== -1) {\r\n var secondCtorNameOffset = PE.findSignature(currentCtorOffset + 10, PE.getSize() - PE.getOverlaySize(), \"''\");\r\n\r\n if (secondCtorNameOffset !== -1 && PE.readByte(secondCtorNameOffset + 8) !== 0x00) {\r\n log(logType.net, \"Fake detected! Offset: 0x\" + Number(secondCtorNameOffset).toString(16));\r\n\r\n isModuleCtorMultiple = true;\r\n }\r\n }\r\n\r\n if (isModuleCtorMultiple) options = addOption(options, \"Fake .cctor name\");\r\n\r\n\r\n\r\n\r\n var isBadCctor = false;\r\n\r\n if (currentCtorOffset === -1) {\r\n log(logType.net, \"It seems that the .cctor is missing. Bad PE format!\");\r\n\r\n isBadCctor = true;\r\n }\r\n\r\n if (isBadCctor) options = addOption(options, \"Bad .cctor format\");\r\n\r\n\r\n\r\n\r\n // Detects the use of unusual mathematical expressions that would be simplified by the compiler. \r\n // For example, an expression like \"912874 + 39188124^834\"\r\n\r\n var isMutationsPresent = false;\r\n\r\n const mathOpCodes = [\r\n opCodes.add, opCodes.sub,\r\n opCodes.mul, opCodes.div,\r\n opCodes.xor, opCodes.shr,\r\n opCodes.shl, opCodes.or,\r\n opCodes.not, opCodes.and\r\n ];\r\n\r\n const mathTemplates = [ // %s = math opcode\r\n opCodes.ldc_i4 + opCodes.ldc_i4 + \"%s\" + opCodes.stloc, // samples by: .NET Reactor\r\n opCodes.ldc_i4 + opCodes.ldc_i4 + \"%s\" + opCodes.ldsfld, // samples by: .NET Reactor\r\n opCodes.ldc_i4 + opCodes.ldc_i4 + \"%s\" + opCodes.ldc_i4 + opCodes.add, // samples by: ConfuserEx (Beds mod)\r\n opCodes.ldloc_1 + opCodes.ldc_i4 + opCodes.ldc_i4 + \"%s\" + opCodes.ldc_i4 + opCodes.ldc_i4, // samples by: SkiDzEX\r\n opCodes.ldloc + opCodes.ldc_i4 + opCodes.ldc_i4 + opCodes.ldc_i4 + \"%s\" + opCodes.stelem_i1, // samples by: .NET Reactor\r\n opCodes.ldc_i4 + opCodes.ldc_i4 + \"%s\" + opCodes.br_s // samples by: [Unknown protector, only samples]\r\n ];\r\n\r\n for (var y = 0; y < mathTemplates.length && !isMutationsPresent; y++) {\r\n const template = mathTemplates[y];\r\n\r\n for (var e = 0; e < mathOpCodes.length && !isMutationsPresent; e++) {\r\n if (e === 0 && !validateNetByteCode(replaceAllInString(template, \"%s\", opCodes._unknown))) break; // No math mutations\r\n\r\n const pattern = replaceAllInString(template, \"%s\", mathOpCodes[e]);\r\n\r\n if (validateNetByteCode(pattern)) {\r\n log(logType.net, \"Math mutations detected! Offset: \" + lastOffsetDetected);\r\n\r\n isMutationsPresent = true;\r\n }\r\n }\r\n }\r\n\r\n if (isMutationsPresent) options = addOption(options, \"Math mutations\");\r\n\r\n\r\n\r\n\r\n // VB NET apps with resources only\r\n\r\n var isStringsEncryptionPresent = false;\r\n\r\n if (PE_Cached.isVbNetStandardLibraryPresent && !isFrameworkComponent()) {\r\n if (validateNetObject(\"Resources\") && !validateGlobalUnicodeString(\".Resources\")) {\r\n log(logType.net, \"It appears that the strings are hidden/encrypted and can be loaded dynamically.\");\r\n\r\n isStringsEncryptionPresent = true;\r\n }\r\n }\r\n\r\n if (isStringsEncryptionPresent) options = addOption(options, \"Strings encryption\");\r\n\r\n\r\n\r\n\r\n // A type of obfuscation of numbers in which they are inverted several times from positive to negative and vice versa...\r\n\r\n var isMathInversionsPresent = false;\r\n\r\n if (validateNetByteCode(opCodes.ldc_i4 + opCodes.not) && (\r\n validateNetByteCode( // ~(-(~(-(~(-(~(-( num ))))))))\r\n opCodes.ldc_i4 +\r\n opCodes.not + opCodes.neg + opCodes.not + opCodes.neg +\r\n opCodes.not + opCodes.neg + opCodes.not + opCodes.neg\r\n ) ||\r\n validateNetByteCode( // ~(~(-(-(~(~( num ))))))\r\n opCodes.ldc_i4 +\r\n opCodes.not + opCodes.not + opCodes.neg + opCodes.neg +\r\n opCodes.not + opCodes.not\r\n ) ||\r\n validateNetByteCode( // ~(-(~(~(-(-( num ))))))\r\n opCodes.ldc_i4 +\r\n opCodes.not + opCodes.neg + opCodes.not + opCodes.not +\r\n opCodes.neg + opCodes.neg\r\n ) ||\r\n validateNetByteCode( // ~(-(~(-(~(~( num ))))))\r\n opCodes.ldc_i4 +\r\n opCodes.not + opCodes.neg + opCodes.not + opCodes.neg +\r\n opCodes.not + opCodes.not\r\n ) ||\r\n validateNetByteCode( // ~(-(~(-(~(-( num ))))))\r\n opCodes.ldc_i4 +\r\n opCodes.not + opCodes.neg + opCodes.not + opCodes.neg +\r\n opCodes.not + opCodes.neg\r\n )\r\n )) {\r\n log(logType.net, \"Math inversions detected, offset \" + lastOffsetDetected);\r\n\r\n isMathInversionsPresent = true;\r\n }\r\n\r\n if (isMathInversionsPresent) options = addOption(options, \"Math inversions\");\r\n\r\n\r\n\r\n\r\n // A technique that allows you to avoid code decompilation. dnSpy gives a parsing error when trying to open such a file\r\n\r\n var invalidOpCodes = false;\r\n\r\n if (\r\n /* validateNetByteCode( // samples by: SugarGuard\r\n opCodes.setStrict(opCodes.box, \"?? 00 00 01\") + opCodes.ret\r\n ) || */\r\n validateNetByteCode( // samples by: ConfuserEx (Beds mod)\r\n opCodes.setStrict(opCodes.calli, \"FF FF FF FF\") + opCodes.setStrict(opCodes.sizeof, \"FF FF FF FF\")\r\n )\r\n ) {\r\n log(logType.net, \"Invalid OpCodes detected, offset \" + lastOffsetDetected);\r\n\r\n invalidOpCodes = true;\r\n }\r\n\r\n if (invalidOpCodes) options = addOption(options, \"Invalid OpCodes\");\r\n\r\n\r\n\r\n\r\n // Some protections include their own dependencies in the form of runtime libraries\r\n\r\n var isProtectionRuntimePresent = false;\r\n\r\n var runtimeFound = String();\r\n\r\n const protectionsRuntime = [ // Need more\r\n { lib: \"haspdnert.dll\", name: \"SafeNet Sentinel LDK\" },\r\n { lib: \"AgileDotNet.VMRuntime.dll\", name: \"Agile\" },\r\n { lib: \"Xerin.Runtime.dll\", name: \"XerinFuscator\" },\r\n { lib: \"CliSecureRd64.dll\", name: \"CliSecure\" },\r\n { lib: \"CliSecureRd.dll\", name: \"CliSecure\" },\r\n { lib: \"Protect32.dll\", name: \"ILProtector\" },\r\n { lib: \"Protect64.dll\", name: \"ILProtector\" },\r\n { lib: \"OneVM.Runtime.dll\", name: \"OneVM\" },\r\n { lib: \"MRuntime3.dll\", name: \"Maxtocode\" },\r\n { lib: \"Attick.dll\", name: \"Maxtocode\" },\r\n { lib: \"HVMRuntm.dll\", name: \"DNGuard\" }\r\n ];\r\n\r\n for (var i = 0; i < protectionsRuntime.length; i++) {\r\n const\r\n runtimeInfo = protectionsRuntime[i],\r\n runtimeLibraryName = runtimeInfo.lib,\r\n protectorName = runtimeInfo.name;\r\n\r\n if (validateNetObject(runtimeLibraryName) || // \"runtime.dll\"\r\n validateNetObject(runtimeLibraryName.substring(0, runtimeLibraryName.length - 4))) { // \"runtime\"\r\n log(logType.net, protectorName + \" runtime detected!\");\r\n\r\n isProtectionRuntimePresent = true;\r\n runtimeFound = protectorName;\r\n break;\r\n }\r\n }\r\n\r\n // Clean up: release the dictionary\r\n protectionsRuntime = undefined;\r\n\r\n if (isProtectionRuntimePresent) options = addOption(options, runtimeFound + \" runtime\");\r\n\r\n\r\n\r\n\r\n const obfuscatorsAttributes = [\r\n \"Xenocode.Client.Attributes.AssemblyAttributes.ProcessedByXenocode\", // Xenocode\r\n \"CryptoObfuscator.ProtectedWithCryptoObfuscatorAttribute\", // Crypto Obfuscator\r\n \"SecureTeam.Attributes.ObfuscatedByAgileDotNetAttribute\", // Agile.NET\r\n \"Xenocode.Client.Attributes.AssemblyAttributes\", // Xenocode\r\n \"SmartAssembly.Attributes.PoweredByAttribute\", // Smart Assembly\r\n \"ObfuscatedByAgileDotNetAttribute\", // Agile.NET\r\n \"NineRays.Obfuscator.Evaluation\", // Spices.Net\r\n \"ObfuscatedByCliSecureAttribute\", // CliSecure\r\n \"BabelObfuscatorAttribute\", // Babel\r\n \"AsStrongAsFuckAttribute\", // AsStrongAsFuck\r\n \"ProtectedByDotnetsafer\", // DotNetSafer\r\n \"Macrobject.Obfuscator\", // Macrobject\r\n \"DotfuscatorAttribute\", // Dotfuscator\r\n \"CodeWallTrialVersion\", // CodeWall\r\n \"ConfusedByAttribute\", // ConfuserEx\r\n \"ObfuscatedByGoliath\", // Goliath\r\n \"NETSpider.Attribute\", // NETSpider\r\n \"NineRays.Obfuscator\", // Spices.Net\r\n \"PoweredByAttribute\", // Smart Assembly\r\n \"RustemSoft.Skater\", // Skater\r\n \"Beds-Protector\", // fake Beds Protector\r\n \"BabelAttribute\", // Babel\r\n \"MRuntime3.dll\", // Maxtocode\r\n \"YanoAttribute\", // Yano\r\n \"EMyPID_8234_\", // Eazfuscator.NET\r\n \"ZYXDNGuarder\", // DNGuard\r\n \"SkiDzEX\", // ConfuserEx based\r\n \"Sixxpack\", // Sixxpack\r\n \"____KILL\", // CodeVeil\r\n \"Reactor\", // Fake .NET Reactor\r\n ];\r\n\r\n var isFakeSignaturesPresent = false;\r\n\r\n var isWatermarkPresent = false;\r\n\r\n var signaturesCounter = 0;\r\n\r\n var obfuscatorAttributeFound = String();\r\n\r\n // Iterate through obfuscators attributes\r\n for (var t = 0; t < obfuscatorsAttributes.length; t++) {\r\n if (validateNetObject(obfuscatorsAttributes[t])) {\r\n obfuscatorAttributeFound = obfuscatorsAttributes[t];\r\n signaturesCounter++;\r\n\r\n if (signaturesCounter > 1) {\r\n isFakeSignaturesPresent = true;\r\n break;\r\n }\r\n }\r\n }\r\n\r\n if (isFakeSignaturesPresent) {\r\n options = addOption(options, \"Fake signatures\");\r\n } else {\r\n // \"Watermark\" is only possible in the absence of fake signatures\r\n\r\n if (signaturesCounter === 1) {\r\n log(logType.net, \"Watermark (Attribute) found: \\\"\" + obfuscatorAttributeFound + \"\\\"\");\r\n\r\n isWatermarkPresent = true;\r\n }\r\n\r\n if ((!isWatermarkPresent && (\r\n validateSignature(\"'Obfuscated'\") ||\r\n validateSignature(\"'obfuscated'\") ||\r\n validateSignature(\"'ByAttribute'\") ||\r\n validateSignature(\"'ObfuscatorAttribute'\") ||\r\n validateNetObject(\"ObfuscationAttribute\")\r\n )) && !isFrameworkComponent()) { // System.Reflection.ObfuscationAttribute\r\n isWatermarkPresent = true;\r\n }\r\n }\r\n\r\n if (isWatermarkPresent) options = addOption(options, \"Watermark\");\r\n\r\n\r\n\r\n\r\n // The module name must always contain the assembly name and the output file extension (Assembly \"App\", Module \"App.dll\").\r\n // If this standard is not followed, it means that the sample was modified after compilation.\r\n\r\n var isBuildInfoModified = false;\r\n\r\n var buildAssemblyName = PE_Cached.nameOfNetAssemblyName,\r\n buildModuleName = PE_Cached.nameOfNetModuleName;\r\n\r\n if (buildAssemblyName.indexOf(\"Interop.\") === 0) {\r\n buildAssemblyName = buildAssemblyName.substring(8, buildAssemblyName.length);\r\n }\r\n\r\n if (buildAssemblyName !== getFileNameWithoutExtension(buildModuleName) || buildAssemblyName === buildModuleName) {\r\n isBuildInfoModified = true;\r\n\r\n if (PE_Cached.isJscriptNetStandardLibraryPresent && buildModuleName === \"JScript Module\") {\r\n isBuildInfoModified = false;\r\n }\r\n }\r\n\r\n if (isBuildInfoModified) options = addOption(options, \"Modified build info\");\r\n\r\n\r\n\r\n\r\n const protectorsLabelsToRemove = [ // Protectors with these names will be removed from results\r\n \"SafeNet Sentinel LDK .NET\",\r\n \"Xenocode Postbuild\",\r\n \"Smart Assembly\",\r\n \"Dotfuscator\",\r\n \"Babel .NET\",\r\n \"Spices.Net\",\r\n \"Maxtocode\",\r\n \"FISH .NET\",\r\n \"CliSecure\",\r\n \"CodeWall\",\r\n \"CodeVeil\",\r\n \"Sixxpack\",\r\n \"DNGuard\",\r\n \"Goliath\",\r\n \"Agile\",\r\n \"Yano\"\r\n ], packersLabelsToRemove = [\r\n \"Quest PowerGUI\",\r\n \"DataAnubis\",\r\n \"NsPack\",\r\n \"ASPack\"\r\n ], protectionsLabelsToRemove = [\r\n \"Sentinel SuperPro dongle reference\",\r\n \"Unikey/Activator dongle reference\",\r\n \"Eutron SmartKey dongle reference\",\r\n \"SenseLock dongle reference\",\r\n \"Hardlock dongle reference\",\r\n \"WIBU Key dongle reference\",\r\n \"Wizzkey dongle reference\",\r\n \"SoftLok dongle reference\",\r\n \"NetHASP dongle reference\"\r\n ];\r\n\r\n // Волки делают АУФ 🐺☝️\r\n\r\n if (isFakeSignaturesPresent) {\r\n for (var i = 0; i < protectorsLabelsToRemove.length; i++) {\r\n _removeResult(\"protector\", protectorsLabelsToRemove[i]);\r\n }\r\n\r\n for (var i = 0; i < packersLabelsToRemove.length; i++) {\r\n _removeResult(\"cryptor\", packersLabelsToRemove[i]);\r\n _removeResult(\"packer\", packersLabelsToRemove[i]);\r\n }\r\n\r\n for (var i = 0; i < protectionsLabelsToRemove.length; i++) {\r\n _removeResult(\"protection\", protectionsLabelsToRemove[i]);\r\n }\r\n }\r\n\r\n\r\n\r\n\r\n if (options.length != 0) isDetected = true;\r\n\r\n\r\n if (isDetected) {\r\n _setResult(\"~protection\", \"Obfuscation\", String(), PE.isVerbose() ? options : String());\r\n }\r\n}\r\n// #endregion\r\n\r\n\r\n\r\n// #region \"anti-analysis (.NET)\"\r\nfunction scanForAntiAnalysis_NET() {\r\n log(logType.nothing, \"Scanning for anti-analysis tricks...\");\r\n\r\n var options = String();\r\n\r\n var isDetected = false;\r\n\r\n\r\n // Assumes the file can detect debugging protection\r\n\r\n var isAntiDebugPresent = false;\r\n\r\n const debuggerObject = \"Debugger\", // MSIL: 'System.Diagnostics.Debugger' from System.Diagnostics.dll\r\n isAttached = \"get_IsAttached\", // MSIL: '*.Debugger::get_IsAttached()'\r\n isLogging = \"IsLogging\" // MSIL: '*.Debugger::IsLogging()'\r\n\r\n if (\r\n (\r\n ( // .NET Functions\r\n validateNetObject(debuggerObject) || validateNetUnicodeString(debuggerObject) // Check for 'Debugger'\r\n ) && (\r\n (validateNetObject(isAttached) || validateNetUnicodeString(isAttached)) || // Check for 'get_IsAttached' property\r\n (validateNetObject(isLogging) || validateNetUnicodeString(isLogging)) // Check for 'IsLogging' function\r\n ) ||\r\n ( // Native (WinAPI) functions\r\n validateNetObject(\"CheckRemoteDebuggerPresent\") || validateNetObject(\"IsDebuggerPresent\") ||\r\n validateNetObject(\"NtRemoveProcessDebug\") || validateNetObject(\"NtQueryInformationProcess\")\r\n )\r\n ) && !isFrameworkComponent()\r\n ) {\r\n isAntiDebugPresent = true;\r\n }\r\n\r\n if (isAntiDebugPresent) options = addOption(options, \"Anti-debug\");\r\n\r\n\r\n\r\n\r\n // A type of protection in which, after launching an application, it erases the headers and/or PE signature behind itself\r\n\r\n var isAntiDumpPresent = false;\r\n\r\n if (\r\n !isFrameworkComponent() && validateNetObject(\"VirtualProtect\") && ( // from 'kernel32.dll', WinAPI\r\n // Need to check\r\n isAllNetReferencesPresent( // samples by: ConfuserEx, SkiDzEX\r\n [\r\n \"System.Runtime.InteropServices\", // System.Runtime.InteropServices.dll\r\n \"Marshal\", // MSIL: '*.Marshal::GetHINSTANCE( ... )'\r\n \"GetHINSTANCE\", // MSIL: '*.Marshal::GetHINSTANCE( ... )'\r\n \"IntPtr\", // MSIL: 'System.IntPtr'\r\n \"op_Explicit\" // MSIL: 'System.IntPtr::op_Explicit'\r\n ]\r\n ) ||\r\n isAllNetReferencesPresent( // samples by: Inx Obfuscator\r\n [\r\n \"System.Diagnostics\", // System.Diagnostics\r\n \"memcpy\", // from 'msvcrt.dll', WinAPI\r\n \"IntPtr\", // MSIL: 'System.IntPtr'\r\n \"get_MainModule\", // MSIL: '*.Process::get_MainModule()'\r\n \"get_BaseAddress\" // MSIL: '*.ProcessModule::get_BaseAddress()'\r\n ]\r\n ) ||\r\n isAllNetReferencesPresent( // samples by: MindLated\r\n [\r\n \"System.Runtime.InteropServices\", // System.Runtime.InteropServices.dll\r\n \"Marshal\", // MSIL: '*.Marshal::GetHINSTANCE( ... )'\r\n \"GetHINSTANCE\", // MSIL: '*.Marshal::GetHINSTANCE( ... )'\r\n \"IntPtr\", // MSIL: 'System.IntPtr'\r\n \"CopyBlock\",\r\n \"InitBlock\"\r\n ]\r\n )\r\n )\r\n ) {\r\n isAntiDumpPresent = true;\r\n }\r\n\r\n if (isAntiDumpPresent) options = addOption(options, \"Anti-dump\");\r\n\r\n\r\n\r\n\r\n // https://medium.com/@tarunrd77/dnspy-static-analysis-of-a-net-malware-012806424acf\r\n\r\n const antiDnSpyTriggers = [\r\n \"dnspy\",\r\n \"dnSpy\",\r\n \"DNSPY\"\r\n ];\r\n\r\n var isAntiDnSpyPresent = false;\r\n\r\n // Iterate through anti-DnSpy triggers\r\n for (var l = 0; l < antiDnSpyTriggers.length && !isAntiDnSpyPresent; l++) {\r\n const dnSpyName = antiDnSpyTriggers[l];\r\n\r\n // Check if the signature for anti-DnSpy trigger is valid using Unicode signature mask or the original signature\r\n if (\r\n validateGlobalUnicodeString(dnSpyName) ||\r\n validateSignature(\"'\" + dnSpyName + \"'\")\r\n ) {\r\n isAntiDnSpyPresent = true;\r\n }\r\n }\r\n\r\n if (isAntiDnSpyPresent) options = addOption(options, \"Anti-dnSpy\");\r\n\r\n\r\n\r\n\r\n // https://github.com/icsharpcode/ILSpy\r\n\r\n const antiIlSpyTriggers = [\r\n \"ilspy\",\r\n \"ilSpy\",\r\n \"ILSpy\",\r\n \"ILSPY\"\r\n ];\r\n\r\n var isAntiIlSpyPresent = false;\r\n\r\n for (var l = 0; l < antiIlSpyTriggers.length && !isAntiIlSpyPresent; l++) {\r\n const ilSpyName = antiIlSpyTriggers[l];\r\n\r\n // Check if the signature for anti-ILSpy trigger is valid using Unicode signature mask or the original signature\r\n if (\r\n validateGlobalUnicodeString(ilSpyName) ||\r\n validateSignature(\"'\" + ilSpyName + \"'\")\r\n ) {\r\n isAntiIlSpyPresent = true;\r\n }\r\n }\r\n\r\n if (isAntiIlSpyPresent) options = addOption(options, \"Anti-ILSpy\");\r\n\r\n\r\n\r\n\r\n const isGetModuleHandleDetected = validateSignature(\"'GetModuleHandle'\"); // from 'kernel32.dll'\r\n\r\n\r\n\r\n\r\n // https://en.wikipedia.org/wiki/Sandboxie\r\n\r\n const sbieVariants = [\r\n \"sbiedll.\",\r\n \"SbieDll.\",\r\n \"SBIEDLL.\"\r\n ];\r\n\r\n var isAntiSbiePresent = false;\r\n\r\n if (isGetModuleHandleDetected) {\r\n // Iterate through Sandboxie variants\r\n for (var l = 0; l < sbieVariants.length && !isAntiSbiePresent; l++) {\r\n const sbieLib = sbieVariants[l];\r\n\r\n // Check if the signature for Sandboxie variant is valid using Unicode signature mask or the original signature\r\n if (\r\n PE.isNetObjectPresent(\"IsSandboxiePresent\") || // https://github.com/AdvDebug/AntiCrack-DotNet/blob/f3cd8104e952580e0edf298101139d15befe008e/AntiCrack-DotNet/AntiVirtualization.cs#L53\r\n validateGlobalUnicodeString(sbieLib) ||\r\n validateSignature(\"'\" + sbieLib + \"'\")\r\n ) {\r\n isAntiSbiePresent = true;\r\n }\r\n }\r\n }\r\n\r\n if (isAntiSbiePresent) options = addOption(options, \"Anti-SandBoxie\");\r\n\r\n\r\n\r\n\r\n // https://help.comodo.com/topic-394-1-767-9229-the-sandbox.html\r\n\r\n const comodoVariants = [\r\n \"cmdvrt32.\",\r\n \"cmdvrt64.\",\r\n \"CMDVRT32.\",\r\n \"CMDVRT64.\"\r\n ];\r\n\r\n var isAntiComodoPresent = false;\r\n\r\n if (isGetModuleHandleDetected) {\r\n // Iterate through Comodo Sandbox variants\r\n for (var l = 0; l < comodoVariants.length && !isAntiComodoPresent; l++) {\r\n const comodoLib = comodoVariants[l];\r\n\r\n // Check if the signature for Comodo Sandbox variant is valid using Unicode signature mask or the original signature\r\n if (\r\n PE.isNetObjectPresent(\"IsComodoSandboxPresent\") || // https://github.com/AdvDebug/AntiCrack-DotNet/blob/f3cd8104e952580e0edf298101139d15befe008e/AntiCrack-DotNet/AntiVirtualization.cs#L64\r\n validateGlobalUnicodeString(comodoLib) ||\r\n validateSignature(\"'\" + comodoLib + \"'\")\r\n ) {\r\n isAntiComodoPresent = true;\r\n }\r\n }\r\n }\r\n\r\n if (isAntiComodoPresent) options = addOption(options, \"Anti-Comodo\");\r\n\r\n\r\n\r\n\r\n // https://blog.360totalsecurity.com/en/how-to-use-360-sandbox/\r\n\r\n const qihoo360Variants = [\r\n \"SxIn.\",\r\n \"SXIn.\"\r\n ];\r\n\r\n var isAntiQihoo360Present = false;\r\n\r\n if (isGetModuleHandleDetected) {\r\n // Iterate through Qihoo 360 Sandbox variants\r\n for (var l = 0; l < qihoo360Variants.length && !isAntiQihoo360Present; l++) {\r\n const qihoo360Lib = qihoo360Variants[l];\r\n\r\n // Check if the signature for Qihoo 360 Sandbox variant is valid using Unicode signature mask or the original signature\r\n if (\r\n PE.isNetObjectPresent(\"IsQihoo360SandboxPresent\") || // https://github.com/AdvDebug/AntiCrack-DotNet/blob/f3cd8104e952580e0edf298101139d15befe008e/AntiCrack-DotNet/AntiVirtualization.cs#L75\r\n validateGlobalUnicodeString(qihoo360Lib) ||\r\n validateSignature(\"'\" + qihoo360Lib + \"'\")\r\n ) {\r\n isAntiQihoo360Present = true;\r\n }\r\n }\r\n }\r\n\r\n if (isAntiQihoo360Present) options = addOption(options, \"Anti-Qihoo 360\");\r\n\r\n\r\n\r\n\r\n // https://www.networkintelligence.ai/blogs/cuckoo-sandbox/\r\n\r\n const cuckooVariants = [\r\n \"cuckoomon.\",\r\n \"CUCKOOMON.\"\r\n ];\r\n\r\n var isAntiCuckooPresent = false;\r\n\r\n if (isGetModuleHandleDetected) {\r\n // Iterate through Cuckoo Sandbox variants\r\n for (var l = 0; l < cuckooVariants.length && !isAntiCuckooPresent; l++) {\r\n const cuckooLib = cuckooVariants[l];\r\n\r\n // Check if the signature for Cuckoo Sandbox variant is valid using Unicode signature mask or the original signature\r\n if (\r\n PE.isNetObjectPresent(\"IsCuckooSandboxPresent\") || // https://github.com/AdvDebug/AntiCrack-DotNet/blob/f3cd8104e952580e0edf298101139d15befe008e/AntiCrack-DotNet/AntiVirtualization.cs#L86\r\n validateGlobalUnicodeString(cuckooLib) ||\r\n validateSignature(\"'\" + cuckooLib + \"'\")\r\n ) {\r\n isAntiCuckooPresent = true;\r\n }\r\n }\r\n }\r\n\r\n if (isAntiCuckooPresent) options = addOption(options, \"Anti-Cuckoo\");\r\n\r\n\r\n\r\n\r\n // https://www.winehq.org/\r\n\r\n var isAntiWinePresent = false;\r\n\r\n var wineGetUnixFileName = \"wine_get_unix_file_name\";\r\n\r\n if (isGetModuleHandleDetected && (\r\n validateGlobalUnicodeString(wineGetUnixFileName) ||\r\n validateSignature(\"'\" + wineGetUnixFileName + \"'\")\r\n )) {\r\n isAntiWinePresent = true;\r\n }\r\n\r\n if (isAntiWinePresent) options = addOption(options, \"Anti-Wine\");\r\n\r\n\r\n\r\n\r\n var isAntiVmPresent = false;\r\n\r\n if (validateNetUnicodeString(\"vmware\") ||\r\n validateNetUnicodeString(\"VirtualBox\") ||\r\n validateNetUnicodeString(\"VMBusHID\") ||\r\n validateGlobalUnicodeString(\"WDAGUtilityAccount\")) {\r\n isAntiVmPresent = true;\r\n }\r\n\r\n if (isAntiVmPresent) options = addOption(options, \"Anti-VM\");\r\n\r\n\r\n\r\n\r\n if (options.length != 0) isDetected = true;\r\n\r\n\r\n if (isDetected) {\r\n _setResult(\"~protection\", \"Anti analysis\", String(), PE.isVerbose() ? options : String());\r\n }\r\n}\r\n// #endregion\r\n\r\n\r\n\r\n\r\n/**\r\n * Determines if the current PE file is a C++/CLR .NET application.\r\n *\r\n * @returns {boolean} True if the PE file matches the C++/CLR .NET application heuristics, otherwise false.\r\n */\r\nfunction isCppClrLikeApp() {\r\n return PE_Cached.isDotNet && PE_Cached.isRichSignaturePresent && PE.isLibraryPresent(\"KERNEL32.DLL\") && PE_Cached.isNetGlobalCctorPresent;\r\n}\r\n\r\n\r\n\r\n/**\r\n * Checks if the PE file is linked with an unpackaged Windows App SDK.\r\n * \r\n * This function verifies the presence of specific .NET objects that indicate\r\n * the application uses the Windows App SDK in an unpackaged deployment scenario.\r\n * \r\n * @returns {boolean} True if both \"AutoInitialize\" and \"InitializeWindowsAppSDK\" \r\n * .NET objects are present in the PE file, false otherwise.\r\n */\r\nfunction isUnpackagedWindowsAppSdkLinked() {\r\n return PE.isNetObjectPresent(\"AutoInitialize\") && PE.isNetObjectPresent(\"InitializeWindowsAppSDK\");\r\n}\r\n\r\n\r\n\r\n/**\r\n * Microsoft Intermediate Language (MSIL) OpCodes class for .NET assembly analysis.\r\n * \r\n * This class provides a comprehensive collection of MSIL instruction opcodes with their\r\n * corresponding bytecode patterns for signature-based detection in .NET assemblies.\r\n * All opcode values are verified against the official Microsoft .NET Runtime source code\r\n * and ECMA-335 Common Language Infrastructure (CLI) specification.\r\n * \r\n * @class NetOpCodes\r\n * @description Represents MSIL opcodes as hexadecimal string patterns for bytecode matching.\r\n * \r\n * Features:\r\n * - Complete MSIL instruction set coverage (93 opcodes)\r\n * - Support for both single-byte (0x00-0xFF) and two-byte (0xFE00-0xFEFF) opcodes\r\n * - Wildcard pattern support using '?' for variable operands\r\n * - Prefix instruction handling (volatile, tail, readonly, etc.)\r\n * - Helper methods for strict value substitution and null value setting\r\n * \r\n * Pattern Format:\r\n * - Fixed bytes: \"58\" (add instruction)\r\n * - Variable operands: \"28????????\" (call with 4-byte method token)\r\n * - Short operands: \"2B??\" (br.s with 1-byte offset)\r\n * - Two-byte opcodes: \"FE01\" (ceq instruction)\r\n * \r\n * Helper Methods:\r\n * - setStrict(opcode, value): Sets specific operand values for opcodes\r\n * - setNullValue(opcode): Replaces wildcards with zero bytes\r\n * \r\n * @see {@link https://docs.microsoft.com/en-us/dotnet/api/system.reflection.emit.opcodes} Microsoft OpCodes Documentation\r\n * @see {@link https://www.ecma-international.org/publications-and-standards/standards/ecma-335/} ECMA-335 CLI Specification\r\n * @see {@link https://github.com/dotnet/runtime/blob/main/src/libraries/System.Private.CoreLib/src/System/Reflection/Emit/OpCodes.cs} .NET Runtime Source\r\n */\r\nfunction NetOpCodes() {\r\n // ========== BASIC STACK OPERATIONS ==========\r\n this.dup = \"25\"; // MSIL: 'dup' - Duplicate top stack value\r\n this.nop = \"00\"; // MSIL: 'nop' - No operation\r\n this.pop = \"26\"; // MSIL: 'pop' - Remove top stack value\r\n\r\n // ========== ARITHMETIC OPERATIONS ==========\r\n this.add = \"58\"; // MSIL: 'add' - Add two values\r\n this.add_ovf = \"D6\"; // MSIL: 'add.ovf' - Add signed integer values with overflow check\r\n this.add_ovf_un = \"D7\"; // MSIL: 'add.ovf.un' - Add unsigned integer values with overflow check\r\n this.div = \"5B\"; // MSIL: 'div' - Divide two values\r\n this.div_un = \"5C\"; // MSIL: 'div.un' - Divide unsigned values\r\n this.mul = \"5A\"; // MSIL: 'mul' - Multiply two values\r\n this.mul_ovf = \"D8\"; // MSIL: 'mul.ovf' - Multiply signed integer values with overflow check\r\n this.mul_ovf_un = \"D9\"; // MSIL: 'mul.ovf.un' - Multiply unsigned integer values with overflow check\r\n this.neg = \"65\"; // MSIL: 'neg' - Negate value\r\n this.rem = \"5D\"; // MSIL: 'rem' - Remainder when dividing two values\r\n this.rem_un = \"5E\"; // MSIL: 'rem.un' - Remainder (unsigned)\r\n this.sub = \"59\"; // MSIL: 'sub' - Subtract two values\r\n this.sub_ovf = \"DA\"; // MSIL: 'sub.ovf' - Subtract native int with overflow check\r\n this.sub_ovf_un = \"DB\"; // MSIL: 'sub.ovf.un' - Subtract unsigned int with overflow check\r\n\r\n // ========== LOGICAL OPERATIONS ==========\r\n this.and = \"5F\"; // MSIL: 'and' - Bitwise AND\r\n this.not = \"66\"; // MSIL: 'not' - Bitwise NOT\r\n this.or = \"60\"; // MSIL: 'or' - Bitwise OR\r\n this.shl = \"62\"; // MSIL: 'shl' - Shift left\r\n this.shr = \"63\"; // MSIL: 'shr' - Shift right\r\n this.shr_un = \"64\"; // MSIL: 'shr.un' - Shift right (unsigned)\r\n this.xor = \"61\"; // MSIL: 'xor' - Bitwise XOR\r\n\r\n // ========== COMPARISON OPERATIONS ==========\r\n this.ceq = \"FE01\"; // MSIL: 'ceq' - Compare equal\r\n this.cgt = \"FE02\"; // MSIL: 'cgt' - Compare greater than\r\n this.cgt_un = \"FE03\"; // MSIL: 'cgt.un' - Compare greater than (unsigned)\r\n this.clt = \"FE04\"; // MSIL: 'clt' - Compare less than\r\n this.clt_un = \"FE05\"; // MSIL: 'clt.un' - Compare less than (unsigned)\r\n\r\n // ========== CONSTANT LOADING ==========\r\n this.ldc_i4_m1 = \"15\"; // MSIL: 'ldc.i4.m1' - Load constant -1\r\n this.ldc_i4 = \"20????????\"; // MSIL: 'ldc.i4' - Load 32-bit integer constant\r\n this.ldc_i4_0 = \"16\"; // MSIL: 'ldc.i4.0' - Load constant 0\r\n this.ldc_i4_1 = \"17\"; // MSIL: 'ldc.i4.1' - Load constant 1\r\n this.ldc_i4_2 = \"18\"; // MSIL: 'ldc.i4.2' - Load constant 2\r\n this.ldc_i4_3 = \"19\"; // MSIL: 'ldc.i4.3' - Load constant 3\r\n this.ldc_i4_4 = \"1A\"; // MSIL: 'ldc.i4.4' - Load constant 4\r\n this.ldc_i4_5 = \"1B\"; // MSIL: 'ldc.i4.5' - Load constant 5\r\n this.ldc_i4_6 = \"1C\"; // MSIL: 'ldc.i4.6' - Load constant 6\r\n this.ldc_i4_7 = \"1D\"; // MSIL: 'ldc.i4.7' - Load constant 7\r\n this.ldc_i4_8 = \"1E\"; // MSIL: 'ldc.i4.8' - Load constant 8\r\n this.ldc_i4_s = \"1F??\"; // MSIL: 'ldc.i4.s' - Load small integer constant\r\n this.ldc_i8 = \"21????????????????\"; // MSIL: 'ldc.i8' - Load 64-bit integer constant\r\n this.ldc_r4 = \"22????????\"; // MSIL: 'ldc.r4' - Load 32-bit float constant\r\n this.ldc_r8 = \"23????????????????\"; // MSIL: 'ldc.r8' - Load 64-bit float constant\r\n this.ldnull = \"14\"; // MSIL: 'ldnull' - Load null reference\r\n\r\n // ========== ARGUMENT OPERATIONS ==========\r\n this.ldarg = \"FE09????\"; // MSIL: 'ldarg' - Load argument\r\n this.ldarg_0 = \"02\"; // MSIL: 'ldarg.0' - Load argument 0\r\n this.ldarg_1 = \"03\"; // MSIL: 'ldarg.1' - Load argument 1\r\n this.ldarg_2 = \"04\"; // MSIL: 'ldarg.2' - Load argument 2\r\n this.ldarg_3 = \"05\"; // MSIL: 'ldarg.3' - Load argument 3\r\n this.ldarg_s = \"0E??\"; // MSIL: 'ldarg.s' - Load argument (short form)\r\n this.starg_s = \"10??\"; // MSIL: 'starg.s' - Store to argument (short form)\r\n this.ldarga = \"FE0A????\"; // MSIL: 'ldarga' - Load argument address\r\n this.ldarga_s = \"0F??\"; // MSIL: 'ldarga.s' - Load argument address (short form)\r\n this.starg = \"FE0B????\"; // MSIL: 'starg' - Store to argument\r\n this.ldloca = \"FE09????\"; // MSIL: 'ldloca' - Load local variable address\r\n this.ldloca_s = \"12??\"; // MSIL: 'ldloca.s' - Load local variable address (short form)\r\n\r\n // ========== LOCAL VARIABLE OPERATIONS ==========\r\n this.ldloc = \"FE0C????\"; // MSIL: 'ldloc' - Load local variable\r\n this.ldloc_0 = \"06\"; // MSIL: 'ldloc.0' - Load local variable 0\r\n this.ldloc_1 = \"07\"; // MSIL: 'ldloc.1' - Load local variable 1\r\n this.ldloc_2 = \"08\"; // MSIL: 'ldloc.2' - Load local variable 2\r\n this.ldloc_3 = \"09\"; // MSIL: 'ldloc.3' - Load local variable 3\r\n this.ldloc_s = \"11??\"; // MSIL: 'ldloc.s' - Load local variable (short form)\r\n this.stloc = \"FE0E????\"; // MSIL: 'stloc' - Store to local variable\r\n this.stloc_0 = \"0A\"; // MSIL: 'stloc.0' - Store to local variable 0\r\n this.stloc_1 = \"0B\"; // MSIL: 'stloc.1' - Store to local variable 1\r\n this.stloc_2 = \"0C\"; // MSIL: 'stloc.2' - Store to local variable 2\r\n this.stloc_3 = \"0D\"; // MSIL: 'stloc.3' - Store to local variable 3\r\n this.stloc_s = \"13??\"; // MSIL: 'stloc.s' - Store to local variable (short form)\r\n\r\n // ========== FIELD OPERATIONS ==========\r\n this.ldfld = \"7B????????\"; // MSIL: 'ldfld' - Load instance field\r\n this.ldflda = \"7C????????\"; // MSIL: 'ldflda' - Load field address\r\n this.ldsfld = \"7E????????\"; // MSIL: 'ldsfld' - Load static field\r\n this.ldsflda = \"7F????????\"; // MSIL: 'ldsflda' - Load static field address\r\n this.stfld = \"7D????????\"; // MSIL: 'stfld' - Store to instance field\r\n this.stsfld = \"80????????\"; // MSIL: 'stsfld' - Store to static field\r\n\r\n // ========== ARRAY OPERATIONS ==========\r\n this.ldelem = \"A3????????\"; // MSIL: 'ldelem' - Load array element\r\n this.ldelem_i = \"97\"; // MSIL: 'ldelem.i' - Load array element (native int)\r\n this.ldelem_i1 = \"90\"; // MSIL: 'ldelem.i1' - Load array element (8-bit signed)\r\n this.ldelem_i2 = \"92\"; // MSIL: 'ldelem.i2' - Load array element (16-bit signed)\r\n this.ldelem_i4 = \"94\"; // MSIL: 'ldelem.i4' - Load array element (32-bit signed)\r\n this.ldelem_i8 = \"96\"; // MSIL: 'ldelem.i8' - Load array element (64-bit signed)\r\n this.ldelem_r4 = \"98\"; // MSIL: 'ldelem.r4' - Load array element (32-bit float)\r\n this.ldelem_r8 = \"99\"; // MSIL: 'ldelem.r8' - Load array element (64-bit float)\r\n this.ldelem_ref = \"9A\"; // MSIL: 'ldelem.ref' - Load array element (object reference)\r\n this.ldelem_u1 = \"91\"; // MSIL: 'ldelem.u1' - Load array element (unsigned 8-bit)\r\n this.ldelem_u2 = \"93\"; // MSIL: 'ldelem.u2' - Load array element (unsigned 16-bit)\r\n this.ldelem_u4 = \"95\"; // MSIL: 'ldelem.u4' - Load array element (unsigned 32-bit)\r\n this.ldelema = \"8F????????\"; // MSIL: 'ldelema' - Load array element address\r\n this.ldlen = \"8E\"; // MSIL: 'ldlen' - Load array length\r\n this.newarr = \"8D????????\"; // MSIL: 'newarr' - Create new array\r\n this.stelem = \"A4????????\"; // MSIL: 'stelem' - Store to array element\r\n this.stelem_i = \"9B\"; // MSIL: 'stelem.i' - Store to array element (native int)\r\n this.stelem_i1 = \"9C\"; // MSIL: 'stelem.i1' - Store to array element (8-bit)\r\n this.stelem_i2 = \"9D\"; // MSIL: 'stelem.i2' - Store to array element (16-bit)\r\n this.stelem_i4 = \"9E\"; // MSIL: 'stelem.i4' - Store to array element (32-bit)\r\n this.stelem_i8 = \"9F\"; // MSIL: 'stelem.i8' - Store to array element (64-bit)\r\n this.stelem_r4 = \"A0\"; // MSIL: 'stelem.r4' - Store to array element (32-bit float)\r\n this.stelem_r8 = \"A1\"; // MSIL: 'stelem.r8' - Store to array element (64-bit float)\r\n this.stelem_ref = \"A2\"; // MSIL: 'stelem.ref' - Store to array element (object reference)\r\n\r\n // ========== INDIRECT OPERATIONS ==========\r\n this.ldind_i = \"4D\"; // MSIL: 'ldind.i' - Load indirect native int\r\n this.ldind_i1 = \"46\"; // MSIL: 'ldind.i1' - Load indirect 8-bit value\r\n this.ldind_i2 = \"48\"; // MSIL: 'ldind.i2' - Load indirect 16-bit value\r\n this.ldind_i4 = \"4A\"; // MSIL: 'ldind.i4' - Load indirect 32-bit value\r\n this.ldind_i8 = \"4C\"; // MSIL: 'ldind.i8' - Load indirect 64-bit value\r\n this.ldind_r4 = \"4E\"; // MSIL: 'ldind.r4' - Load indirect 32-bit float\r\n this.ldind_r8 = \"4F\"; // MSIL: 'ldind.r8' - Load indirect 64-bit float\r\n this.ldind_ref = \"50\"; // MSIL: 'ldind.ref' - Load indirect object reference\r\n this.ldind_u1 = \"47\"; // MSIL: 'ldind.u1' - Load indirect unsigned 8-bit value\r\n this.ldind_u2 = \"49\"; // MSIL: 'ldind.u2' - Load indirect unsigned 16-bit value\r\n this.ldind_u4 = \"4B\"; // MSIL: 'ldind.u4' - Load indirect unsigned 32-bit value\r\n this.stind_i = \"DF\"; // MSIL: 'stind.i' - Store indirect native int\r\n this.stind_i1 = \"52\"; // MSIL: 'stind.i1' - Store indirect 8-bit value\r\n this.stind_i2 = \"53\"; // MSIL: 'stind.i2' - Store indirect 16-bit value\r\n this.stind_i4 = \"54\"; // MSIL: 'stind.i4' - Store indirect 32-bit value\r\n this.stind_i8 = \"55\"; // MSIL: 'stind.i8' - Store indirect 64-bit value\r\n this.stind_r4 = \"56\"; // MSIL: 'stind.r4' - Store indirect 32-bit float\r\n this.stind_r8 = \"57\"; // MSIL: 'stind.r8' - Store indirect 64-bit float\r\n this.stind_ref = \"51\"; // MSIL: 'stind.ref' - Store indirect object reference\r\n\r\n // ========== CONTROL FLOW ==========\r\n this.beq = \"3B????????\"; // MSIL: 'beq' - Branch if equal\r\n this.beq_s = \"2E??\"; // MSIL: 'beq.s' - Branch if equal (short form)\r\n this.bge = \"3C????????\"; // MSIL: 'bge' - Branch if greater or equal\r\n this.bge_s = \"2F??\"; // MSIL: 'bge.s' - Branch if greater or equal (short form)\r\n this.bge_un = \"41????????\"; // MSIL: 'bge.un' - Branch if greater or equal (unsigned/unordered)\r\n this.bge_un_s = \"34??\"; // MSIL: 'bge.un.s' - Branch if greater or equal (unsigned/unordered, short)\r\n this.bgt = \"3D????????\"; // MSIL: 'bgt' - Branch if greater than\r\n this.bgt_s = \"30??\"; // MSIL: 'bgt.s' - Branch if greater than (short form)\r\n this.bgt_un = \"42????????\"; // MSIL: 'bgt.un' - Branch if greater than (unsigned/unordered)\r\n this.bgt_un_s = \"35??\"; // MSIL: 'bgt.un.s' - Branch if greater than (unsigned/unordered, short)\r\n this.ble = \"3E????????\"; // MSIL: 'ble' - Branch if less or equal\r\n this.ble_s = \"31??\"; // MSIL: 'ble.s' - Branch if less or equal (short form)\r\n this.ble_un = \"43????????\"; // MSIL: 'ble.un' - Branch if less or equal (unsigned/unordered)\r\n this.ble_un_s = \"36??\"; // MSIL: 'ble.un.s' - Branch if less or equal (unsigned/unordered, short)\r\n this.blt = \"3F????????\"; // MSIL: 'blt' - Branch if less than\r\n this.blt_s = \"32??\"; // MSIL: 'blt.s' - Branch if less than (short form)\r\n this.blt_un = \"44????????\"; // MSIL: 'blt.un' - Branch if less than (unsigned/unordered)\r\n this.blt_un_s = \"37??\"; // MSIL: 'blt.un.s' - Branch if less than (unsigned/unordered, short)\r\n this.bne_un = \"40????????\"; // MSIL: 'bne.un' - Branch if not equal (unsigned)\r\n this.bne_un_s = \"33??\"; // MSIL: 'bne.un.s' - Branch if not equal (unsigned, short)\r\n this.br = \"38????????\"; // MSIL: 'br' - Unconditional branch\r\n this.br_s = \"2B??\"; // MSIL: 'br.s' - Unconditional branch (short form)\r\n this.break_ = \"01\"; // MSIL: 'break' - Breakpoint instruction\r\n this.brfalse = \"39????????\"; // MSIL: 'brfalse' - Branch if false/null/zero\r\n this.brfalse_s = \"2C??\"; // MSIL: 'brfalse.s' - Branch if false/null/zero (short)\r\n this.brtrue = \"3A????????\"; // MSIL: 'brtrue' - Branch if true/non-null/non-zero\r\n this.brtrue_s = \"2D??\"; // MSIL: 'brtrue.s' - Branch if true/non-null/non-zero (short)\r\n this.call = \"28????????\"; // MSIL: 'call' - Call method\r\n this.calli = \"29????????\"; // MSIL: 'calli' - Call indirect\r\n this.callvirt = \"6F????????\"; // MSIL: 'callvirt' - Call virtual method\r\n this.jmp = \"27????????\"; // MSIL: 'jmp' - Jump to method\r\n this.ldtoken = \"D0????????\"; // MSIL: 'ldtoken' - Load metadata token\r\n this.ldftn = \"FE06????????\"; // MSIL: 'ldftn' - Load function pointer\r\n this.ldvirtftn = \"FE07????????\"; // MSIL: 'ldvirtftn' - Load virtual function pointer\r\n this.leave = \"DD????????\"; // MSIL: 'leave' - Exit protected region\r\n this.leave_s = \"DE??\"; // MSIL: 'leave.s' - Exit protected region (short form)\r\n this.ret = \"2A\"; // MSIL: 'ret' - Return from method\r\n this.switch__nobody = \"45\"; // MSIL: 'switch' - Switch statement\r\n\r\n // ========== TYPE OPERATIONS ==========\r\n this.box = \"8C????????\"; // MSIL: 'box' - Convert value type to object reference\r\n this.castclass = \"74????????\"; // MSIL: 'castclass' - Cast object to class\r\n this.ckfinite = \"C3\"; // MSIL: 'ckfinite' - Check if value is finite number\r\n this.conv_i = \"D3\"; // MSIL: 'conv.i' - Convert to native int\r\n this.conv_i1 = \"67\"; // MSIL: 'conv.i1' - Convert to 8-bit integer\r\n this.conv_i2 = \"68\"; // MSIL: 'conv.i2' - Convert to 16-bit integer\r\n this.conv_i4 = \"69\"; // MSIL: 'conv.i4' - Convert to 32-bit integer\r\n this.conv_i8 = \"6A\"; // MSIL: 'conv.i8' - Convert to 64-bit integer\r\n this.conv_ovf_i = \"D4\"; // MSIL: 'conv.ovf.i' - Convert to native int with overflow check\r\n this.conv_ovf_i_un = \"8A\"; // MSIL: 'conv.ovf.i.un' - Convert unsigned to native int with overflow check\r\n this.conv_ovf_i1 = \"B3\"; // MSIL: 'conv.ovf.i1' - Convert to 8-bit integer with overflow check\r\n this.conv_ovf_i1_un = \"82\"; // MSIL: 'conv.ovf.i1.un' - Convert to unsigned 8-bit integer with overflow check\r\n this.conv_ovf_i2 = \"B5\"; // MSIL: 'conv.ovf.i2' - Convert to 16-bit integer with overflow check\r\n this.conv_ovf_i2_un = \"83\"; // MSIL: 'conv.ovf.i2.un' - Convert to unsigned 16-bit integer with overflow check\r\n this.conv_ovf_i4 = \"B7\"; // MSIL: 'conv.ovf.i4' - Convert to 32-bit integer with overflow check\r\n this.conv_ovf_i4_un = \"84\"; // MSIL: 'conv.ovf.i4.un' - Convert to unsigned 32-bit integer with overflow check\r\n this.conv_ovf_i8 = \"B9\"; // MSIL: 'conv.ovf.i8' - Convert to 64-bit integer with overflow check\r\n this.conv_ovf_i8_un = \"85\"; // MSIL: 'conv.ovf.i8.un' - Convert to unsigned 64-bit integer with overflow check\r\n this.conv_ovf_u = \"D5\"; // MSIL: 'conv.ovf.u' - Convert to native unsigned int with overflow check\r\n this.conv_ovf_u_un = \"8B\"; // MSIL: 'conv.ovf.u.un' - Convert unsigned to native unsigned int with overflow check\r\n this.conv_ovf_u1 = \"B4\"; // MSIL: 'conv.ovf.u1' - Convert to unsigned 8-bit integer with overflow check\r\n this.conv_ovf_u1_un = \"86\"; // MSIL: 'conv.ovf.u1.un' - Convert unsigned to unsigned 8-bit integer with overflow check\r\n this.conv_ovf_u2 = \"B6\"; // MSIL: 'conv.ovf.u2' - Convert to unsigned 16-bit integer with overflow check\r\n this.conv_ovf_u2_un = \"87\"; // MSIL: 'conv.ovf.u2.un' - Convert unsigned to unsigned 16-bit integer with overflow check\r\n this.conv_ovf_u4 = \"B8\"; // MSIL: 'conv.ovf.u4' - Convert to unsigned 32-bit integer with overflow check\r\n this.conv_ovf_u4_un = \"88\"; // MSIL: 'conv.ovf.u4.un' - Convert unsigned to unsigned 32-bit integer with overflow check\r\n this.conv_ovf_u8 = \"BA\"; // MSIL: 'conv.ovf.u8' - Convert to unsigned 64-bit integer with overflow check\r\n this.conv_ovf_u8_un = \"89\"; // MSIL: 'conv.ovf.u8.un' - Convert unsigned to unsigned 64-bit integer with overflow check\r\n this.conv_r_un = \"76\"; // MSIL: 'conv.r.un' - Convert unsigned integer to floating-point\r\n this.conv_r4 = \"6B\"; // MSIL: 'conv.r4' - Convert to 32-bit float\r\n this.conv_r8 = \"6C\"; // MSIL: 'conv.r8' - Convert to 64-bit float\r\n this.conv_u = \"E0\"; // MSIL: 'conv.u' - Convert to native unsigned int\r\n this.conv_u1 = \"D2\"; // MSIL: 'conv.u1' - Convert to unsigned 8-bit integer\r\n this.conv_u2 = \"D1\"; // MSIL: 'conv.u2' - Convert to unsigned 16-bit integer\r\n this.conv_u4 = \"6D\"; // MSIL: 'conv.u4' - Convert to unsigned 32-bit integer\r\n this.conv_u8 = \"6E\"; // MSIL: 'conv.u8' - Convert to unsigned 64-bit integer\r\n this.isinst = \"75????????\"; // MSIL: 'isinst' - Test if object is instance of class\r\n this.mkrefany = \"C6????????\"; // MSIL: 'mkrefany' - Push typed reference to value\r\n this.refanytype = \"FE1D\"; // MSIL: 'refanytype' - Push type token from typed reference\r\n this.refanyval = \"C2????????\"; // MSIL: 'refanyval' - Push address from typed reference\r\n this.sizeof = \"FE1C????????\"; // MSIL: 'sizeof' - Get size of value type\r\n this.unbox = \"79????????\"; // MSIL: 'unbox' - Convert object reference to value type\r\n this.unbox_any = \"A5????????\"; // MSIL: 'unbox.any' - Convert boxed type to value\r\n\r\n // ========== OBJECT OPERATIONS ==========\r\n this.cpblk = \"FE17\"; // MSIL: 'cpblk' - Copy block of memory\r\n this.cpobj = \"70????????\"; // MSIL: 'cpobj' - Copy value type\r\n this.initblk = \"FE18\"; // MSIL: 'initblk' - Initialize block of memory\r\n this.initobj = \"FE15????????\"; // MSIL: 'initobj' - Initialize value type\r\n this.ldobj = \"71????????\"; // MSIL: 'ldobj' - Load value type from address\r\n this.ldstr = \"72????????\"; // MSIL: 'ldstr' - Load string literal\r\n this.localloc = \"FE0F\"; // MSIL: 'localloc' - Allocate space from local memory pool\r\n this.newobj = \"73????????\"; // MSIL: 'newobj' - Create new object instance\r\n this.stobj = \"81????????\"; // MSIL: 'stobj' - Store value type to address\r\n\r\n // ========== EXCEPTION HANDLING ==========\r\n this.endfilter = \"FE11\"; // MSIL: 'endfilter' - End exception filter clause\r\n this.endfinally = \"DC\"; // MSIL: 'endfinally' - End finally clause\r\n this.rethrow = \"FE1A\"; // MSIL: 'rethrow' - Rethrow current exception\r\n this._throw = \"7A\"; // MSIL: 'throw' - Throw exception\r\n\r\n // ========== PREFIX INSTRUCTIONS ==========\r\n this.constrained = \"FE16????????\"; // MSIL: 'constrained' - Constrain type for virtual method call\r\n this.no_ = \"FE19??\"; // MSIL: 'no.' - Skip fault check (typecheck, rangecheck, nullcheck)\r\n this.readonly = \"FE1E\"; // MSIL: 'readonly' - Subsequent array address operation performs no type check\r\n this.unaligned = \"FE12??\"; // MSIL: 'unaligned.' - Subsequent pointer instruction might be unaligned (alignment: 1, 2, or 4)\r\n this.volatile = \"FE13\"; // MSIL: 'volatile' - Subsequent pointer reference is volatile\r\n\r\n // ========== UTILITY OPCODES ==========\r\n this._unknown = \"**\"; // MSIL: - - Unknown opcode pattern (any byte except 0x00)\r\n this._any = \"??\"; // MSIL: - - Any single byte pattern\r\n this.arglist = \"FE00\"; // MSIL: 'arglist' - Return argument list handle\r\n\r\n /**\r\n * Sets strict operand values for MSIL opcodes with variable operands.\r\n * \r\n * This method replaces wildcard patterns ('??') in opcode masks with specific \r\n * hexadecimal values, allowing for precise bytecode pattern matching.\r\n * \r\n * @method setStrict\r\n * @param {string} opCodeMask - The opcode pattern with wildcards (e.g., \"20????????\")\r\n * @param {string} value - The hexadecimal value to substitute (e.g., \"01 00 00 00\")\r\n * @returns {string} The opcode pattern with substituted values\r\n * \r\n * @example\r\n * // Set ldc.i4 instruction to load constant value 1\r\n * var pattern = opCodes.setStrict(opCodes.ldc_i4, \"01 00 00 00\");\r\n * // Result: \"2001000000\" (ldc.i4 1)\r\n * \r\n * @example\r\n * // Set specific method token for call instruction\r\n * var callPattern = opCodes.setStrict(opCodes.call, \"10 00 00 06\");\r\n * // Result: \"2810000006\" (call method token 0x06000010)\r\n * \r\n * @throws {Error} If operand size doesn't match the expected size\r\n */\r\n this.setStrict = function (opCodeMask, value) {\r\n // Remove spaces from opcode mask and value\r\n opCodeMask = removeWhitespaces(opCodeMask);\r\n value = removeWhitespaces(value);\r\n\r\n // Find the index of the special pattern \"??\" in the opcode mask\r\n var indexOfSpecialPattern = opCodeMask.indexOf(\"??\");\r\n\r\n // Check if the opcode mask has a body (contains the special pattern \"??\")\r\n var isOpCodeMaskHasBody = indexOfSpecialPattern !== -1; // -1 if not found\r\n\r\n // Extract the opcode in hexadecimal\r\n var opCodeInHex = isOpCodeMaskHasBody ? opCodeMask.substring(0x00, indexOfSpecialPattern) : opCodeMask;\r\n\r\n // Check if the opcode mask has a body and the length of the body matches the length of the value\r\n if (isOpCodeMaskHasBody && opCodeMask.substring(opCodeInHex.length).length != value.length) {\r\n _error(\"The size of the input values does not match.\");\r\n }\r\n\r\n // Combine the opcode in hexadecimal with the value\r\n return opCodeInHex + value;\r\n }\r\n\r\n /**\r\n * Sets all wildcard operands in an opcode pattern to zero bytes.\r\n * \r\n * This method replaces all wildcard patterns ('??') in the opcode mask with \r\n * zero bytes ('00'), useful for matching instructions with null/empty operands.\r\n * \r\n * @method setNullValue\r\n * @param {string} opCodeMask - The opcode pattern containing wildcards\r\n * @returns {string} The opcode pattern with all wildcards replaced by '00'\r\n * \r\n * @example\r\n * // Set ldc.i4 instruction to load zero value\r\n * var pattern = opCodes.setNullValue(opCodes.ldc_i4);\r\n * // Result: \"2000000000\" (ldc.i4 0)\r\n * \r\n * @example\r\n * // Create null branch instruction\r\n * var brPattern = opCodes.setNullValue(opCodes.br);\r\n * // Result: \"3800000000\" (br with zero offset)\r\n * \r\n * @throws {Error} If the opcode mask contains no wildcards to replace\r\n */\r\n this.setNullValue = function (opCodeMask) {\r\n\r\n if (opCodeMask.indexOf(\"??\") === -1) {\r\n _error(\"Instruction does not have a body to overwrite the value.\");\r\n }\r\n\r\n return replaceAllInString(opCodeMask, \"??\", \"00\");\r\n }\r\n\r\n /**\r\n * Joins an opcode without wildcards with additional bytes.\r\n * \r\n * This method concatenates opcodes that don't have wildcards (like switch) \r\n * with specific byte sequences, useful for instructions with variable-length operands.\r\n * \r\n * @method joinNoBodyAndValue\r\n * @param {string} opCode - The opcode without wildcards (e.g., \"45\" for switch)\r\n * @param {string} value - The hexadecimal bytes to append (e.g., \"02 00 00 00 XX XX XX XX\")\r\n * @param {string} [opCodeName] - Optional: name of the opcode variable for validation\r\n * @returns {string} The combined opcode pattern\r\n * \r\n * @example\r\n * // Create switch instruction with 2 targets\r\n * var switchPattern = opCodes.joinNoBodyAndValue(opCodes.switch__nobody, \"02 00 00 00 10 00 00 00 20 00 00 00\", \"switch__nobody\");\r\n * // Result: \"45020000001000000020000000\" (switch with 2 targets at offsets 0x10 and 0x20)\r\n * \r\n * @throws {Error} If the opcode contains wildcards (should use setStrict instead)\r\n * @throws {Error} If opCodeName is provided but doesn't contain '__nobody'\r\n */\r\n this.joinNoBodyAndValue = function (opCode, value, opCodeName) {\r\n // Type validation\r\n if (!opCode || typeof opCode !== \"string\") {\r\n _error(\"Invalid opcode provided.\");\r\n }\r\n if (!value || typeof value !== \"string\") {\r\n _error(\"Invalid value provided.\");\r\n }\r\n\r\n // Check that opcode doesn't contain wildcards\r\n if (opCode.indexOf(\"??\") !== -1) {\r\n _error(\"Opcode contains wildcards. Use setStrict() instead.\");\r\n }\r\n\r\n // Optional validation: check if opcode name contains '__nobody'\r\n if (opCodeName && typeof opCodeName === \"string\") {\r\n if (opCodeName.indexOf(\"__nobody\") === -1) {\r\n _error(\"joinNoBodyAndValue should only be used with '__nobody' opcodes (variable-length instructions).\");\r\n }\r\n }\r\n\r\n return opCode + removeWhitespaces(value);\r\n }\r\n}\r\n\r\n\r\n\r\n/**\r\n * Removes all whitespace characters from a string including spaces, tabs, newlines, and carriage returns.\r\n * \r\n * @param {string} inputString - The input string to remove whitespaces from\r\n * @returns {string} The string with all whitespace characters removed, or an empty string if input is invalid\r\n */\r\nfunction removeWhitespaces(inputString) {\r\n // Type validation to prevent runtime errors\r\n if (!inputString || typeof inputString !== \"string\") {\r\n return String();\r\n }\r\n\r\n // Regex removes all whitespace: spaces, tabs, newlines, carriage returns\r\n return inputString.replace(/\\s+/g, String());\r\n}\r\n\r\n\r\n\r\n/**\r\n * Replaces all occurrences of a specified substring within a given string with a new substring.\r\n * Uses split/join algorithm for single-pass replacement.\r\n *\r\n * @param {string} inputString - The original string in which to perform the replacements.\r\n * @param {string} search - The substring to search for within the input string.\r\n * @param {string} replacement - The substring to replace each occurrence of the search substring with.\r\n * @returns {string} - The modified string with all occurrences of the search substring replaced by the replacement substring.\r\n */\r\nfunction replaceAllInString(inputString, search, replacement) {\r\n // Type validation to prevent runtime errors\r\n if (!inputString || typeof inputString !== \"string\") {\r\n return String();\r\n }\r\n\r\n if (!search || typeof search !== \"string\") {\r\n return inputString;\r\n }\r\n\r\n if (typeof replacement !== \"string\") {\r\n replacement = String();\r\n }\r\n\r\n // Split on search string and join with replacement (single pass)\r\n return inputString.split(search).join(replacement);\r\n}\r\n\r\n\r\n\r\n/**\r\n * Sanitizes section names to prevent DiE output corruption from malformed PE files.\r\n * Removes control characters that could break console output or cause display issues.\r\n * \r\n * @param {string} sectionName - The section name to clean and sanitize.\r\n * @returns {string} - The sanitized section name safe for DiE output.\r\n */\r\nfunction clearSectionName(sectionName) {\r\n // Type validation to prevent runtime errors\r\n if (!sectionName || typeof sectionName !== \"string\") {\r\n return String();\r\n }\r\n\r\n // Remove control characters (0x00-0x1F) and extended control chars (0x7F-0x9F)\r\n // This prevents newlines, tabs, null bytes from breaking DiE output format\r\n var cleaned = sectionName.replace(/[\\x00-\\x1F\\x7F-\\x9F]/g, String());\r\n\r\n // Remove leading/trailing whitespace\r\n cleaned = cleaned.trim();\r\n\r\n return cleaned;\r\n}\r\n\r\n\r\n\r\n/**\r\n * Checks if a given string consists only of ASCII printable characters (ASCII range 0x20 to 0x7E).\r\n *\r\n * @param {string} inputString - The string to validate.\r\n * @returns {boolean} Returns true if the string contains only ASCII printable characters, otherwise false.\r\n */\r\nfunction isAsciiString(inputString) {\r\n // Type validation to prevent runtime errors\r\n if (!inputString || typeof inputString !== \"string\") {\r\n return false;\r\n }\r\n\r\n return /^[\\x20-\\x7E]+$/.test(inputString);\r\n}\r\n\r\n\r\n\r\n/**\r\n * Returns the file name without its extension.\r\n *\r\n * @param {string} fileName - The name of the file, possibly including an extension.\r\n * @returns {string} The file name without the extension. If no extension is found, returns the original file name.\r\n */\r\nfunction getFileNameWithoutExtension(fileName) {\r\n // Type validation to prevent runtime errors\r\n if (!fileName || typeof fileName !== \"string\") {\r\n return String();\r\n }\r\n\r\n // Remove the file extension by splitting on the last dot and returning the first part\r\n var lastDotIndex = fileName.lastIndexOf(\".\");\r\n if (lastDotIndex === -1) {\r\n return fileName; // No extension found, return original name\r\n }\r\n\r\n return fileName.substring(0, lastDotIndex);\r\n}\r\n\r\n\r\n\r\n// #region \"packers and cryptors (.NET and Native)\"\r\nfunction scanForPackersAndCryptors_NET_and_Native() { // For .NET and Native apps\r\n log(logType.nothing, \"Scanning for packers and cryptors...\");\r\n\r\n var options = String();\r\n\r\n var isDetected = Boolean(),\r\n isCryptor = Boolean();\r\n\r\n\r\n\r\n\r\n if (PE_Cached.isDotNet) {\r\n\r\n var isAssemblyInvokeFound = false;\r\n\r\n if (!isFrameworkComponent() && PE_Cached.nameOfNetModuleName !== \"System.dll\" && isAllNetReferencesPresent( // TODO: update [!!!]\r\n [\r\n \"System.Reflection\", // System.Reflection.dll\r\n \"get_EntryPoint\", // MSIL: '*.Assembly::get_EntryPoint()'\r\n \"Assembly\", // MSIL: 'System.Reflection.Assembly' from System.Reflection.dll\r\n \"Invoke\", // MSIL: '*.MethodBase::Invoke(object, object[])'\r\n \"Load\" // MSIL: '*.Assembly::Load(uint8[])'\r\n ]\r\n )) {\r\n isAssemblyInvokeFound = true;\r\n\r\n options = \"Assembly invoke\";\r\n }\r\n\r\n\r\n\r\n\r\n // Check if any class from System.Security.Cryptography namespace is used (non-full name) - for cryptors\r\n if (findAndMark(\"System.Security.Cryptography\", false) != String()) {\r\n\r\n // Specify cryptography classes to look for\r\n const cryptoClasses = [\r\n \"TripleDESCryptoServiceProvider\",\r\n \"RSACryptoServiceProvider\",\r\n \"DSACryptoServiceProvider\",\r\n \"DESCryptoServiceProvider\",\r\n \"AesCryptoServiceProvider\",\r\n \"Rfc2898DeriveBytes\",\r\n \"TripleDES\",\r\n \"Rijndael\",\r\n \"ECDsaCng\",\r\n \"AesAEAD\",\r\n \"Aes192Cbc\",\r\n \"Aes256Cbc\",\r\n \"Aes128Cbc\",\r\n \"AesManaged\",\r\n \"AesCng\",\r\n \"RC2CryptoServiceProvider\",\r\n \"RNGCryptoServiceProvider\"\r\n ];\r\n\r\n // Iterate through cryptography classes\r\n for (var i = 0; i < cryptoClasses.length; i++) {\r\n if (!isCryptor) {\r\n var cryptoClassSign = cryptoClasses[i],\r\n result = findAndMark(\r\n cryptoClassSign, true\r\n );\r\n\r\n // Check if assembly invoke is found and the cryptography class is present\r\n if (isAssemblyInvokeFound && result.length) {\r\n log(logType.net, \"Crypto class present: \" + cryptoClassSign);\r\n\r\n isCryptor = true;\r\n\r\n // Add the cryptography class to options\r\n options = addOption(options, cryptoClassSign);\r\n }\r\n }\r\n }\r\n }\r\n\r\n\r\n\r\n\r\n // Check if any class from System.IO.Compression namespace is used (non-full name)\r\n if (findAndMark(\"System.IO.Compression\", false).length) {\r\n\r\n // Specify compression classes to look for\r\n const compressionClasses = [\r\n \"DeflateStream\",\r\n \"GZipStream\"\r\n ];\r\n\r\n // Iterate through compression classes\r\n for (var i = 0; i < compressionClasses.length; i++) {\r\n var compressionClassSign = compressionClasses[i],\r\n result = findAndMark(compressionClassSign, true);\r\n\r\n // Check if assembly invoke is found and the compression class is present\r\n if (isAssemblyInvokeFound && result.length) {\r\n log(logType.net, \"Compression class present: \" + compressionClassSign);\r\n\r\n // If it's a cryptor, add the compression class to options\r\n if (isCryptor) options = addOption(options, compressionClassSign);\r\n\r\n // Break the loop if a match is found\r\n break;\r\n }\r\n }\r\n }\r\n\r\n\r\n\r\n\r\n // RunPE is a method for running payload from RAM, with minimal writing to disk.\r\n\r\n var isRunPePresent = false;\r\n\r\n if (validateNetObject(\"RunPE\") ||\r\n validateNetObject(\"PELoader\") || // https://github.com/nettitude/RunPE/blob/main/RunPE/Internals/PELoader.cs\r\n validateNetObject(\"CMemoryExecute\") || // https://github.com/wojciech-kulik/Sample-Projects/blob/master/Windows%20Desktop/WIN32_MemoryAppLoader/MemoryAppLoader/CMemoryExecute.cs\r\n (validateNetObject(\"GetProcAddress\") && validateNetUnicodeString(\"WriteProcessMemory\") && validateNetUnicodeString(\"VirtualAllocEx\") && validateNetUnicodeString(\"ZwUnmapViewOfSection\")) ||\r\n (\r\n (validateNetObject(\"WriteProcessMemory\") || validateNetObject(\"NtWriteVirtualMemory\")) &&\r\n (validateNetObject(\"ZwUnmapViewOfSection\") || validateNetObject(\"NtUnmapViewOfSection\")) &&\r\n (validateNetObject(\"CreateProcess\") || validateNetObject(\"NtCreateProcess\") || validateNetObject(\"CreateProcessA\") || validateNetObject(\"CreateProcessW\")) &&\r\n validateNetObject(\"VirtualAllocEx\"))\r\n ) {\r\n log(logType.net, \"RunPE-like behavior detected!\");\r\n\r\n isRunPePresent = true;\r\n }\r\n\r\n if (isRunPePresent) options = addOption(options, \"RunPE\");\r\n }\r\n\r\n\r\n\r\n\r\n // Self-Extracting archives\r\n // TODO: Upgrade\r\n\r\n var isSfx = false;\r\n\r\n if (!PE_Cached.isDynamicLinkLibrary && PE.isOverlayPresent()) {\r\n const overlayPatterns = [\r\n \"'Rar!'\", // samples by: WinRAR\r\n \"'PK'03\", // samples by: Zip SFX (by Intel)\r\n \"';!@Install@!UTF-8!'\", \"'7z'BCAF271C\", \"efbbbf';!@Install@!UTF-8!'\" // samples by: 7z\r\n ]\r\n\r\n for (var l = 0; l < overlayPatterns.length; l++) {\r\n if (PE.compareOverlay(overlayPatterns[l])) {\r\n log(logType.nothing, \"SFX overlay pattern: \" + overlayPatterns[l]);\r\n\r\n isSfx = true;\r\n }\r\n }\r\n\r\n\r\n if (!isSfx && !PE_Cached.isDotNet) {\r\n const sfxEntries = [\r\n // \"E8$$$$$$$$558BEC83EC..A1........8365....8365....5357BF........3BC7BB........74..85C374..F7D0\", // samples by: WinZip\r\n // \"558BEC6A..68........68........64A1........50648925........83....5356578965..FF15\", // samples by: Zip SFX\r\n // \"E8$$$$$$$$558BEC83EC..8365....8365....A1........5657BF........BE........3BC7\", // samples by: WinRAR Installer\r\n // \"E8$$$$$$$$8BFF558BEC83EC..A1........8365....8365....5357BF........BB\", // samples by: Zip SFX\r\n // \"558BEC83C4..B8........E8........33C05568........64FF30648920E8\", // samples by: Zip SFX\r\n // \"4883EC..E8$$$$$$$$48895C24..55488BEC4883EC..488365....48BB................488B05........483BC375\", // samples by: WinRAR Installer\r\n \"83EC..5657FF15........8BF08D4424..50C74424..........FF15........8A068B3D........3C..75..56FFD7\", // samples by: Zip SFX\r\n \"E9$$$$$$$$558BEC81EC........830D..........5356576A..33DBBF........68........895D..881D\", // samples by: Microsoft Cabinet\r\n \"558BEC83EC..56FF15........8BF08A003C..75..84C074..803E..74..46803E..75..803E..75..46EB\", // samples by: Zip SFX\r\n \"6A..33C0505050FF15........50E8$$$$$$$$55B8........8BECE8........53B9........5657BE\", // samples by: Zip SFX\r\n \"6A..68........E8........66813D............75..A1........81B8................75..\", // samples by: Microsoft Cabinet\r\n \"558BEC83EC..565733FFFF15........8BF0897D..8D45..50FF15........8A063C..75..56FF15\", // samples by: Zip SFX\r\n \"51526A..2EFF15........506A..6A..2EFF15........50E8........502EFF15........5A59C3\", // samples by: WinIMP\r\n \"558BEC81EC........535657FF15........A3........FF15........A1........6625....3D\", // samples by: Microsoft Cabinet\r\n \"558BECB8........E8........5356BE........578D45..5633DB5053FF15........85C00F84\", // samples by: Zip SFX\r\n \"A1........C1E0..A3........575133C0BF........B9........3BCF76..2BCFFCF3AA595F\", // samples by: WinRAR Installer\r\n \"558BEC83C4..5356E8$$$$$$$$E8........6A..E8........8905........E8........8905\", // samples by: Zip SFX\r\n \"FF15........B1..380874..B1..4080....74..380874..4080....75..80....74..4033\", // samples by: WinZip\r\n \"53FF15........B3..38..74..80C3..4033D28A083ACA74..3ACB74..408A083ACA75\", // samples by: WinZip\r\n \"558BEC83C4..535657E8........E8........33C05568........64FF30648920E8\", // samples by: WinRAR\r\n \"53FF15........B3..38..74..80C3..8A48..4033D23ACA74..3ACB74..8A48..40\", // samples by: WinZip\r\n \"E8$$$$$$$$53BB........E8........85C074..33D28A1083FA..75..40EB\", // samples by: WinRAR\r\n \"FFFE2A002A002A006D0065007300730061006700650073002A002A002A00\", // samples by: WinRAR Installer\r\n \"E8$$$$$$$$558BEC83C4..B8........53\", // samples by: WinRAR Installer\r\n \"8A48014033D23ACA740A3ACB74068A4801\" // samples by: WinZip\r\n ]\r\n\r\n if (PE.isSectionNamePresent(\"_winzip_\")) {\r\n isSfx = true;\r\n }\r\n\r\n if (PE_Cached.isArchX86) {\r\n for (var k = 0; k < sfxEntries.length; k++) {\r\n if (PE.compareEP(sfxEntries[k])) {\r\n log(logType.nothing, \"EP like SFX: \\\"\" + sfxEntries[k] + \"\\\"\");\r\n\r\n isSfx = true;\r\n }\r\n }\r\n }\r\n }\r\n }\r\n\r\n if (isSfx) options = addOption(options, \"SFX\");\r\n\r\n\r\n\r\n\r\n var entryLikePacker = false;\r\n\r\n const entries = [\r\n \"53565755488D35........488DBE\", // samples by: UPX (x64)\r\n \"B8........68........64\", // samples by: Petite (x32)\r\n \"60..................E8\", // samples by: Anticrack Software (x32)\r\n \"33C08BC068........68\", // samples by: ExE Pack (x32)\r\n \"74..E9........60E8\", // samples by: PE-PACK\r\n \"EB0668........C39C\", // samples by: PECompact (x32)\r\n \"93071F05....8ED0BC\", // samples by: aPack (x32)\r\n \"60BE........8DBE\", // samples by: UPX (x32)\r\n \"B8........6A..68\", // samples by: Petite (x32)\r\n \"BE........AD8BF8\", // samples by: WinUPack (x32)\r\n \"68........9C60E8\", // samples by: XComp, XPACK (x32)\r\n \"53558BE833DBEB60\", // samples by: WWPack (x32)\r\n \"E8000000005D81ED\", // samples by: ASPack (x32), TTP Pack (x32)\r\n \"BD........C745\", // samples by: kkrunchy (x32)\r\n \"57565351524150\", // samples by: mpress (x64)\r\n \"B8........5064\", // samples by: PECompact (x32)\r\n \"8CCBBA....03DA\", // // samples by: aPack (x32)\r\n \"B8........669C\", // samples by: Petite, Themida (x32)\r\n \"E8........53\", // samples by: Themida (x32), Safengine Shielden\r\n \"8CC0FA8ED0BC\", // samples by: PACKWIN (x32)\r\n \"B8........60\", // samples by: Petite, Themida (x32)\r\n \"8B44240456\", // samples by: ASDPack (x32)\r\n \"1E068CC88E\", // samples by: aPack (x32)\r\n \"1E068CCBBA\", // samples by: aPack (x32)\r\n \"EB..9C60E8\", // samples by: PECompact (x32)\r\n \"9C60E8CA\", // samples by: Petite (x??)\r\n \"60FCBED4\", // samples by: ANDPakk (x32)\r\n \"60EB..5D\", // samples by: ASPack (x32)\r\n \"60EB..E8\", // samples by: G!X Protector\r\n \"64FF35\", // samples by: Petite (x32)\r\n \"6033C0\", // samples by: yzPack (x32)\r\n \"669C60\", // samples by: Petite (x??)\r\n \"EB..60\", // samples by: kkryptor, dePACK (x32)\r\n \"60E8\", // samples by: mpress, Packman, Pack Master, Yodas Crypter, DxPack, ASPack, MSLRH, tElock (x32), WinUPack\r\n \"6068\", // samples by: BeRo, ExE Pack, AHPacker (x32)\r\n \"9C60\" // samples by: PEBundle (x32)\r\n ];\r\n\r\n // Iterate through the entries to check against the entry point\r\n for (var e = 0; e < entries.length && !entryLikePacker; e++) {\r\n if (PE_Cached.isArchX86) {\r\n const entryToCheck = entries[e];\r\n\r\n // If the entry point matches the current entry, set the flag to true and break the loop\r\n if (PE.compareEP(entryToCheck)) {\r\n log(logType.nothing, \"EP like a packer: \\\"\" + entryToCheck + \"\\\"\");\r\n\r\n entryLikePacker = true;\r\n }\r\n }\r\n }\r\n\r\n if (entryLikePacker) options = addOption(options, \"EntryPoint\");\r\n\r\n\r\n\r\n\r\n // Check if the first instruction at entry point starts with a stack operation\r\n\r\n var isStartsWithStackOperation = false,\r\n firstEpAsmOpCode;\r\n\r\n // Get the opcode of the first instruction at entry point and check for specific stack operations\r\n if (PE_Cached.isArchX86) {\r\n firstEpAsmOpCode = getFirstEpAsmOpCode();\r\n\r\n switch (firstEpAsmOpCode) {\r\n case \"PUSHAL\":\r\n case \"PUSHA\":\r\n case \"PUSHF\":\r\n case \"POPA\":\r\n log(logType.nothing, \"\\\"\" + firstEpAsmOpCode + \"\\\" at EP\");\r\n\r\n isStartsWithStackOperation = true;\r\n }\r\n } else {\r\n firstEpAsmOpCode = getFirstEpAsmOpCode();\r\n\r\n switch (firstEpAsmOpCode) {\r\n case \"POP\":\r\n case \"STMDB\":\r\n case \"LDMIA\":\r\n case \"STMFD\":\r\n case \"LDMFD\":\r\n log(logType.nothing, \"\\\"\" + firstEpAsmOpCode + \"\\\" at EP\");\r\n\r\n isStartsWithStackOperation = true;\r\n }\r\n }\r\n\r\n if (isStartsWithStackOperation) options = addOption(options, firstEpAsmOpCode[0].toUpperCase() + firstEpAsmOpCode.toLowerCase().substring(1, firstEpAsmOpCode.length) + \" at EP\");\r\n\r\n\r\n\r\n\r\n // Check if the entry point is in the last section\r\n\r\n var isLastSectionEP = false;\r\n\r\n if (!PE_Cached.isDynamicLinkLibrary) {\r\n if (PE_Cached.numberOfSections > 1) {\r\n // Get addresses of the last section and entry point\r\n\r\n var lastSectionAddress = -1,\r\n entryPointAddress = -1;\r\n\r\n\r\n // Get last section with non -1 address\r\n for (var i = 1; lastSectionAddress == -1; i++) {\r\n lastSectionAddress = PE.OffsetToVA(PE.getSectionFileOffset(PE_Cached.numberOfSections - i));\r\n }\r\n\r\n entryPointAddress = PE.getAddressOfEntryPoint();\r\n\r\n\r\n // Check if the entry point is greater than or equal to the last section address\r\n if (entryPointAddress >= lastSectionAddress) {\r\n log(logType.nothing, \"EP address (0x\" + entryPointAddress.toString(16) + \") more than last section address (0x\" + lastSectionAddress.toString(16) + \")\");\r\n\r\n isLastSectionEP = true;\r\n }\r\n }\r\n }\r\n\r\n if (isLastSectionEP) options = addOption(options, \"Last section EP\");\r\n\r\n\r\n\r\n\r\n // Check for strange calls if entry point is in the last section\r\n\r\n var isStrangeCallOrJmpPresent = false,\r\n firstOpCode;\r\n\r\n if (PE_Cached.isArchX86) {\r\n firstOpCode = getAsmOpCode(PE_Cached.firstEpAsmInstruction);\r\n\r\n if (!PE_Cached.isDynamicLinkLibrary) {\r\n if (isLastSectionEP && !PE.compareEP(\"E8 00 00 00 00\") && (firstOpCode === \"CALL\" || firstOpCode === \"JMP\")) {\r\n log(logType.nothing, \"Strange \" + firstOpCode.toLowerCase() + \" at EP to address: \" + PE_Cached.firstEpAsmInstruction.split(\" \")[1].toLowerCase());\r\n\r\n isStrangeCallOrJmpPresent = true;\r\n }\r\n }\r\n } else {\r\n // ARM: Check for strange branch instructions\r\n firstOpCode = getAsmOpCode(PE_Cached.firstEpAsmInstruction);\r\n\r\n if (!PE_Cached.isDynamicLinkLibrary) {\r\n // ARM uses B (branch) and BL (branch with link) for jumps and calls\r\n if (isLastSectionEP && (firstOpCode === \"B\" || firstOpCode === \"BL\" || firstOpCode === \"BX\" || firstOpCode === \"BLX\")) {\r\n log(logType.nothing, \"Strange \" + firstOpCode.toLowerCase() + \" at EP to address: \" + PE_Cached.firstEpAsmInstruction.split(\" \")[1].toLowerCase());\r\n\r\n isStrangeCallOrJmpPresent = true;\r\n }\r\n }\r\n }\r\n\r\n if (isStrangeCallOrJmpPresent) options = addOption(options, \"Strange \" + firstOpCode.toLowerCase() + \" at EP\");\r\n\r\n\r\n\r\n\r\n // Check for packers and protections by imports (hashes)\r\n\r\n var isImportsLikePacker = false;\r\n\r\n // [{Name}, {Version}, {ImportLibraryIndex}, {Hash/Hashes}, {Type (0 = packer, 1 = cryptor, 2 = protector, 3 = protection)}]\r\n // If {ImportLibraryIndex} is -1, it means the hash has no index\r\n\r\n var dbCollectionOfHashesDict = [\r\n // packers\r\n [\"UPX\", \"0.59-0.93\", 0, 0xd4fdcab1, 0], // https://github.com/upx/upx\r\n [\"UPX\", \"0.94-1.93\", 0, 0x1d51299a, 0],\r\n [\"UPX\", \"1.94-2.03\", 0, [0xb3318086, 0x3778aab9], 0],\r\n [\"UPX\", \"2.90-3.XX\", 0, 0xf375ee03, 0],\r\n [\"UPX\", \"2.90-3.XX\", -1, 0xf737d853, 0],\r\n [\"UPX\", \"3.91+\", -1, [0x82a048fc, 0x554a1748], 0],\r\n [\"PESpin\", null, 2, 0xd4fdcab1, 0],\r\n [\"NsPack\", null, 0, 0xf375ee03, 0], // https://nspack.apponic.com/\r\n [\"NsPack\", \"3.X\", 0, 0x86111e49, 0], // For .NET\r\n [\"ASPack\", \"1.XX-2.XX\", 0, 0x1272f45b, 0], // https://www.aspack.com/\r\n [\"ASPack\", null, 0, 0xee6ea174, 0],\r\n [\"MKFPACK\", null, 0, 0x42b3e7f9, 0],\r\n [\"MPRESS\", null, 0, 0x174efb84, 0], // https://www.autohotkey.com/mpress/mpress_web.htm\r\n [\"Packman\", \"0.0.0.1\", 0, 0x174efb84, 0],\r\n [\"Packman\", \"1.0\", 0, 0x69076a83, 0],\r\n [\"PECompact\", \"0.90-0.91\", -1, 0xbea416d1, 0], // https://bitsum.com/portfolio/pecompact/\r\n [\"PECompact\", \"0.92-0.94\", -1, 0x93312c2e, 0],\r\n [\"PECompact\", \"0.97-0.971b\", -1, 0xe6aa8495, 0],\r\n [\"PECompact\", \"1.10b7-1.34\", -1, 0xe4c11305, 0],\r\n [\"PECompact\", \"1.30-1.40\", 0, 0x9b3305ed, 0],\r\n [\"PECompact\", \"1.40-1.84\", 0, 0xcc5b2a3c, 0],\r\n [\"PECompact\", \"2.40-3.XX\", 0, 0x2652ce4f, 0],\r\n [\"PECompact\", \"2.40-3.XX\", -1, 0xdb8fbb75, 0],\r\n [\"tElock\", \"1.0\", -1, 0x051946f7, 0], // https://www.softpedia.com/get/Programming/Packers-Crypters-Protectors/Telock.shtml\r\n [\"tElock\", \"0.98\", 0, 0x3651f68d, 0],\r\n [\"JDPACK\", \"2.00\", 0, 0xc002db0e, 0],\r\n [\"CRINKLER\", null, 0, 0x0b0e1fbf, 0],\r\n [\"XComp\", \"0.97-0.98\", -1, 0xea1e66e4, 0],\r\n [\"XPack\", null, -1, [0x2ac44dd2, 0x6c170ab3], 0],\r\n [\"kkrunchy\", null, 0, 0x29188619, 0], // https://www.farbrausch.de/~fg/kkrunchy/\r\n [\"ANDPakk2\", \"0.18\", -1, 0x29188619, 0],\r\n [\"RLPack\", \"1.1-1.2\", 0, 0x5bd1d713, 0],\r\n [\"RLPack\", \"1.16+\", 0, 0x6889715b, 0],\r\n [\"Petite\", \"2.2\", -1, 0x61e53682, 0], // https://www.un4seen.com/petite/\r\n [\"bambam\", \"0.1-0.4\", 0, 0xb5b153cd, 0],\r\n [\"py2exe\", null, 2, 0xe5907ffa, 0],\r\n [\"py2exe\", null, -1, 0xc544ca52, 0],\r\n [\"MEW\", null, 0, 0x87214e52, 0],\r\n [\"nPack\", \"1.1+\", 0, 0xba8bf4be, 0],\r\n [\"CExe\", \"1.0a\", 0, 0xdcf764d2, 0],\r\n [\"PE-PACK\", \"1.0\", 0, 0xa4d96677, 0],\r\n [\"BoxedApp\", null, 0, 0x6206c0c2, 0],\r\n [\"VPacker\", \"0.02.X\", 0, 0xebc3bc90, 0],\r\n [\"PKLITE32\", \"1.1\", 0, [0x621f19fb, 0xee04c332], 0],\r\n [\"PKLITE32\", \"1.1\", 1, 0x184539e7, 0],\r\n [\"PeX\", \"0.99\", 0, 0x5fbf5fd8, 0],\r\n [\"XComp\", null, 0, 0x4bc52e77, 0],\r\n [\"Fatpack\", null, 0, 0x74244911, 0],\r\n // cryptors\r\n [\"Yoda's Crypter\", \"1.X\", -1, 0x1303a51b, 1],\r\n [\"EXECryptor\", \"1.4-1.5\", -1, 0xd1de53b5, 1],\r\n [\"EXECryptor\", \"2.X\", -1, 0xf51b2817, 1],\r\n [\"Amber\", null, -1, 0x97c72051, 1],\r\n [\"Lumy\", null, -1, 0x821669d5, 1],\r\n // protectors\r\n [\"ASProtect\", \"1.XX-2.XX\", 0, 0x1272f45b, 2], // https://www.asprotect.ru/\r\n [\"Shrinker\", \"3.2\", 0, [0xb2a64858, 0x158af2d0, 0x49e8aa1f], 2],\r\n [\"Shrinker\", \"3.5\", 0, [0xe9ea0851, 0x3344b95d, 0x586088f3], 2],\r\n [\"Enigma\", \"1.00-3.60\", 0, 0xc002db0e, 2], // https://enigmaprotector.com/\r\n [\"Enigma\", \"2.XX\", 0, 0xdd92de10, 2],\r\n [\"Enigma\", \"3.70+\", 0, 0xd04c7a50, 2],\r\n [\"PCGUARD\", \"5.04-5.05\", 0, [0x5a169c7a, 0x0b0b2965], 2],\r\n [\"Vbs To Exe\", null, 1, [0x2bc5f1f9, 0x009a2869, 0x5a7ce7d6, 0xe513a67d, 0x4d65f922], 2],\r\n [\"eXPressor\", \"1.2\", -1, [0x66b35c6e, 0x32f4466c], 2], // https://www.cgsoftlabs.ro/express.html\r\n [\"eXPressor\", \"1.3\", -1, [0x921d0280, 0xf51eba68, 0xbc84ce09], 2],\r\n [\"eXPressor\", \"1.4.5.X\", 0, [0x427816ab, 0x3c705cae, 0x4d02e093, 0x958a9ea2], 2],\r\n [\"eXPressor\", \"1.5.0.X\", -1, [0x7ababb5a, 0x95ca15e4, 0xbd41da20], 2],\r\n [\"eXPressor\", \"1.6\", -1, 0xca58fa0c, 2],\r\n [\"eXPressor\", \"1.6\", 0, 0x30bc0039, 2],\r\n [\"eXPressor\", \"1.6.1\", 0, 0xa5792a26, 2],\r\n [\"eXPressor\", \"1.6.1\", -1, 0x48ffd359, 2],\r\n [\"VMProtect\", \"1.70\", -1, 0x1ff3103f, 2], // https://vmpsoft.com/\r\n [\"VMProtect\", \"2.0.3-2.13\", -1, 0x9d12b153, 2],\r\n [\"VMProtect\", \"3.0.0\", -1, 0x1e5500c1, 2],\r\n [\"VMProtect\", \"3.0.9\", -1, 0xc5fb6a4b, 2],\r\n [\"VMProtect\", \"3.2.0-3.5.0\", -1, 0x5caa99c7, 2],\r\n [\"VMProtect\", \"3.6.0+\", -1, [0x66e03954, 0xdae9f570], 2],\r\n [\"YodasProtector\", \"1.0b\", -1, 0x1303a51b, 2],\r\n [\"ASM Guard\", \"2.XX+\", -1, 0xf1e0d63b, 2], // https://github.com/DosX-dev/ASM-Guard\r\n [\"Themida\", \"2.XX-3.XX\", 0, 0x3ffccc8a, 2],\r\n [\"Themida\", null, 0, 0xad97c503, 2],\r\n [\".NET Reactor\", null, 0, 0x96be8e26, 2], // https://www.eziriz.com/dotnet_reactor.htm\r\n [\".NET Reactor\", null, 1, 0xb4cda32f, 2],\r\n [\"Bat To Exe Converter\", null, 0, 0x72a2ca64, 2],\r\n [\"Vbs To Exe Converter\", null, 0, 0x182aac68, 2],\r\n [\"DNGuard\", null, 0, 0x38432571, 2], // https://www.dnguard.net/\r\n [\"DNGuard\", \"4.9+\", 0, 0x99f8b58e, 2],\r\n [\"obfus.h\", null, -1, 0x02f4771f, 2], // https://github.com/DosX-dev/obfus.h ; default, antidebug v1\r\n [\"Crunch\", \"1.0-2.0\", 0, 0x615665dd, 2],\r\n [\"Private EXE Protector\", null, 0, 0xd89af68d, 2], // https://www.privacy-tutorials.com/private-exe-protector/\r\n [\"CodeVirtualizer\", null, 4, 0x4fbeea23, 2], // https://www.oreans.com/CodeVirtualizer.php\r\n [\"PELock\", null, 0, [0x6eb8f6f1, 0xe571f715], 2],\r\n [\"PELock\", \"2.X\", 0, 0xe1689d7c, 2],\r\n [\"CrypToCrack\", \"0.9.X\", 0, 0x8b28bb4e, 2],\r\n [\"DBPE\", null, 0, [0x301ad755, 0x33406ae3], 2],\r\n [\"Virbox\", null, 0, 0xe6eb008d, 2], // https://lm-global.virbox.com/detail/virboxProtector.html\r\n [\"Quick Batch File Compiler\", null, -1, 0x347060fa, 2], // https://www.abyssmedia.com/quickbfc/\r\n [\"CodeVeil\", null, 0, 0xd2c88a9c, 2]\r\n ];\r\n\r\n const importValidatingResult = validateImportHashes(dbCollectionOfHashesDict);\r\n\r\n var versionByImportsDetected;\r\n\r\n if (importValidatingResult != null) {\r\n versionByImportsDetected = importValidatingResult[1];\r\n\r\n log(logType.nothing, \"Imports hash like \" + importValidatingResult[0] + (versionByImportsDetected ? \" (version \" + versionByImportsDetected + \")\" : String()));\r\n\r\n isImportsLikePacker = true;\r\n }\r\n\r\n // Clean up: release the dictionary\r\n dbCollectionOfHashesDict = undefined;\r\n\r\n if (isImportsLikePacker) options = addOption(options, \"Imports like \" + importValidatingResult[0] + (versionByImportsDetected ? \" (v\" + importValidatingResult[1] + \")\" : String()));\r\n\r\n\r\n\r\n\r\n // Check for packers and protections by section names\r\n\r\n var isSectionNameLikePacker = false;\r\n\r\n // [{Name}, {Version}, {SectionNameSignature}]\r\n\r\n var dbCollectionOfSectionNamesDict = [\r\n [\"DBPE\", null, \" \"],\r\n [\"Themida\", \"2.XX\", \" \"], // https://www.oreans.com/Themida.php\r\n [\"Themida\", \"3.XX\", [\".imports\", \".loadcon\", \".themida\", \".winlice\"]], // .\r\n [\"Themida\", null, [\".stub01\", \"WinLicen\", \".v-lizer\", \"Themida \"]], // .\r\n [\"PEBundle\", null, /^(PEB|peb)undle$/], // https://bitsum.com/pebundle.htm\r\n [\"DZA Patcher\", null, \"yoda\"],\r\n [\"UPX\", null, /^UPX[0-3]$/], // https://github.com/upx/upx\r\n [\"VMProtect\", null, /^\\.vmp[0-3]$/], // https://vmpsoft.com/\r\n [\".NET Reactor\", \"2.XX\", \".reacto\"], // https://www.eziriz.com/dotnet_reactor.htm\r\n [\"ACProtect\", null, \".perplex\"], // https://acprotect-standard.soft112.com/\r\n [\"ANDpakk2\", null, \"ANDpakk2\"],\r\n [\"ASM Guard\", \"2.XX\", [\".asmg\", \"ASMGUARD\"]], // https://github.com/DosX-dev/ASM-Guard\r\n [\"ASPack\", \"1.08-2.XX\", \".adata\"], // https://www.aspack.com/\r\n [\"ASPack\", \"2.XX\", \".aspack\"], // .\r\n [\"ASPack\", null, /^(\\.)?ASPack$/], // .\r\n [\"Alienyze\", null, \".alien\"], // https://alienyze.com/\r\n [\"BoxedApp\", null, \".bxpck\"], // https://www.boxedapp.com/\r\n [\"CodeVirtualizer\", null, \".vlizer\"], // https://www.oreans.com/CodeVirtualizer.php\r\n [\"Enigma\", null, /^\\.enigma[12]$/], // https://enigmaprotector.com/\r\n [\"Eronana\", null, \".packer\"], // https://github.com/Eronana/packer\r\n [\"MPRESS\", null, /^\\.MPRESS[12]$/], // https://www.autohotkey.com/mpress/mpress_web.htm\r\n [\"NsPack\", null, [/^(\\.)?nsp[01]$/, /^PE[Pp][01]$/, \".Packer!\"]], // https://nspack.apponic.com/\r\n [\"PE Diminisher\", null, \".teraphy\"], // https://web.archive.org/web/20060111104142/http://www.exetools.com/files/compressors/win/ped.zip\r\n [\"PE-SHiELD\", null, \"PESHiELD\"], // https://webscene.ir/tools/show/PE-SHIELD-0.25\r\n [\"PECompact\", null, [/^PEC2(MO)?$/, /^pec(1)?$/]], // https://bitsum.com/portfolio/pecompact/\r\n [\"PELock\", null, [\"PELOCKnt\", \".pelock\"]], // https://www.pelock.com/ 💩\r\n [\"Petite\", null, /^(\\.)?petite$/], // https://www.un4seen.com/petite/\r\n [\"SecuROM\", null, [/^\\.cms_[dt]$/, \".securom\", \".dsstext\"]], // https://en.wikipedia.org/wiki/SecuROM\r\n [\"StarForce\", \"3.X\", [\".sforce3\", \".brick\"]], // https://www.star-force.com/\r\n [\"Wise Installer\", null, \".wise\"], // https://wpkg.org/WISE_installer\r\n [\"Gentee Installer\", null, \".gentee\"], // https://www.gentee.com/download/\r\n [\"Nullsoft Installer\", null, \".ndata\"], // https://sourceforge.net/projects/nsis/\r\n [\"WiX Installer\", null, \".wixburn\"], // https://github.com/wixtoolset\r\n [\"BeRoEXEPacker\", null, [\"packerBY\", \"bero^fr \"]], // https://blog.rosseaux.net/page/875fbe6549aa072b5ee0ac9cefff4827/BeRoEXEPacker\r\n [\"Warbird\", null, \"?g_Encry\"], // https://security-explorations.com/microsoft-warbird-pmp.html\r\n [\"YodasCrypter\", \"1.X\", \"yC\"], // https://sourceforge.net/projects/yodap/files/Yoda%20Crypter/1.3/yC1.3.zip/download\r\n [\"eXPressor\", null, /^\\.ex_(cod|rsc)$/], // https://www.cgsoftlabs.ro/express.html\r\n [\"kkrunchy\", null, \"kkrunchy\"], // https://www.farbrausch.de/~fg/kkrunchy/\r\n [\"tElock\", null, \"UPX!\"], // https://www.softpedia.com/get/Programming/Packers-Crypters-Protectors/Telock.shtml\r\n [\"Private EXE Protector\", null, [\".-PEP-\", \".TRIAL!\", \".const\"]], // https://github.com/NIKJOO/PEP\r\n [\"AtomPePacker\", null, \".ATOM\"], // https://web.archive.org/web/20221012050538/https://github.com/ORCx41/AtomPePacker\r\n [\"ExeStealth\", null, \"ExeS\"], // https://web.archive.org/web/20250124130104/https://www.webtoolmaster.com/exestealth.htm\r\n [\"RLPack\", null, [\".RLPack\", \".packed\"]],\r\n [\"RLPack\", null, \"Obsidium\"], // (Fake Obsidium section name)\r\n [\"BattlEye\", null, /^\\.be[0-2]$/], // https://www.battleye.com/ (VMProtect-based)\r\n [\"YodasProtector\", \"1.0b\", [\".y0da\", \".yP\"]], // https://yodap.sourceforge.net/\r\n [\"obfus.h\", null, \".obfh\"], // https://github.com/DosX-dev/obfus.h\r\n [\"Windows PE Packer by Chenzs108\", null, \".shell\"], // https://github.com/czs108/Windows-PE-Packer\r\n [\"SoftSentry\", null, [/^_(stext|rdata|data|idata|rsrc|reloc)$/, \".prdata\"]], // https://forum.exetools.com/showthread.php?t=1181\r\n [\"PE Lock Phantasm\", \"1.X\", \"DINGBOY\"], // https://www.arteam.accessroot.com/download39d1.html\r\n [\"XComp\", null, /^\\.XComp(0)?$/], // http://www.soft-lab.de/JoKo/\r\n [\"XVolkolak\", null, \".xvlk\"], // unpacker & reconstructor\r\n [\"NetShield\", null, \"!Sugar\"], // https://github.com/AdvDebug/NetShield_Protector\r\n [\"Fatpack\", null, \".fpack \"], // https://github.com/Fatmike-GH/Fatpack\r\n [\"Safengine Shielden\", null, \".sedat\"], // https://safengine.com/downloads/get-demo\r\n [\"Inquartos Obfuscator\", null, \".inq\"], // http://www.vbnet.ru/forum/show.aspx?id=175877\r\n [\"WinUPack\", null, [\".ByDwing\", \".Upack\"]], // https://www.softpedia.com/get/PORTABLE-SOFTWARE/Compression-Tools/Windows-Portable-Applications-Portable-WinUpack.shtml\r\n [\"Xenocode Postbuild\", null, \".xcpad\"], // https://download.cnet.com/xenocode-postbuild/3000-10250_4-10506240.html\r\n [\"Alloy\", null, \".alloy32\"],\r\n [\"Crinkler\", null, \"lz32.dll\"],\r\n [\"Crunch\", \"2.0\", \"BitArts\"],\r\n [\"CrypToCrack\", null, \".ccp3p\"],\r\n [\"DxPack\", \"1.0\", [\"coderpub\", \".reloc1\"]],\r\n [\"EXE Pack\", null, \"!EPack\"],\r\n [\"FishPE Shield\", null, \".FishPE\"],\r\n [\"FishPE\", null, \".FISHEP\"],\r\n [\"G!X Protector\", null, \".g!x\"],\r\n [\"JDPack\", null, \".jdpack\"],\r\n [\"Krypton\", null, [\"krypton\", \"YADO\", \"_!_!_!_\"]],\r\n [\"MEW\", null, \"MEW\"],\r\n [\"MaskPE\", null, \".MaskPE\"],\r\n [\"Morphnah\", \"1.0.X\", \".nah\"],\r\n [\"NakedPacker\", null, /^\\.naked[12]$/],\r\n [\"NativeCryptor\", null, /^(NATIVES|CONFIG|(F)?CRYPT)~$/],\r\n [\"NeoLite\", null, \".neolite\"],\r\n [\"PE-PACK\", \"1.0\", \"PEPACK!!\"],\r\n [\"Perplex\", null, \".perplex\"],\r\n [\"RLP\", null, \".rlp\"],\r\n [\"ORiEN\", \"2.XX\", \".loader\"],\r\n [\"SC Pack\", null, \".scpack\"],\r\n [\"SVK Protector\", null, [\"SVKP\", /\\.svkp( )?/]],\r\n [\"SafeNet\", null, /^\\.AKS[1-3]$/],\r\n [\"Shrinker\", null, \".shrink1\"],\r\n [\"Simple Pack\", null, \".spack\"],\r\n [\"Software Compress\", null, \"SoftComp\"],\r\n [\"StarForce\", \"4.X-5.X\", \".ps4\"],\r\n [\"VCL\", null, \".vcl\"],\r\n [\"VirtualizeProtect\", null, \"VProtect\"],\r\n [\"WWPack\", null, \".WWPACK\"],\r\n [\"WWPack32\", null, \".WWP32\"],\r\n [\"dePack\", \"1.3.5\", \".depack\"],\r\n [\"hmimys\", \"1.3\", \"hmimys\"],\r\n [\"nPack\", null, \".nPack\"],\r\n [\"yzPack\", null, \".yzpack2\"],\r\n [\"NeoLite\", null, \".neolit\"],\r\n [\"bambam\", null, \".bedrock\"],\r\n [\"WibuKey\", null, \".wibu\"],\r\n [\"Wibu CodeMeter\", null, /^__wibu0[01]$/],\r\n [\"AverCryptor\", \"1.0-1.02\", [\".avc\", \".Polyene\"]],\r\n [\"Huan\", null, \".huan\"],\r\n [\"Morphnah\", \"1.0.X\", \".nah\"],\r\n [\"TSULoader\", null, \".tsustub\"],\r\n [\"RPCrypt\", null, /^\\.R(Cryptor|PCrypt)$/],\r\n [\"ExE Pack\", null, [\"!EPack\", \".!ep\"]],\r\n [\"XerinFuscator\", null, \".Xerin\"],\r\n [\"AZProtect 0001\", null, \"AZPR0001\"],\r\n [\"ExeShield\", null, \".shield\"],\r\n [\"XPack\", null, /^\\.XPack(0)?$/],\r\n [\"KByS\", null, \".shoooo\"],\r\n [\"HyperTech Crackproof\", null, \"peC\"],\r\n [\"Byfron\", null, /^\\.byfron(1)?$/],\r\n [\"DYAMAR\", \"1.3.X\", /^\\.dyamar[CD]$/],\r\n [\"Alcatraz\", null, \".0Dev\"],\r\n [\"Squishy\", null, \"logicoma\"],\r\n [\"DragonArmor\", \"0.0.4.1\", /^(\\.)?DAStub$/],\r\n [\"EXECrypt\", \"1.0\", \"CRPT\"],\r\n [\"N-Code\", \"0.2\", [\".pepsi\", \"n-coded\", \".vrs\"]],\r\n [\"NoodleCrypt\", \"2.X\", [\".Ncryo \", \".De-vir \"]],\r\n [\"TheArk\", null, [\"30cm\", \".tw\"]],\r\n [\"Virbox\", null, /^\\.v(data[1-9]|irbox[1-9]?)$/],\r\n [\"ElecKey\", null, \".sstb\"],\r\n [\"PKLITE32\", \"1.1\", \".pklstb\"],\r\n [\".BJFnt\", \"1.X\", \".BJFnt\"],\r\n [\"Goliath\", null, \".GOLIATH\"],\r\n [\"PE Encrypt\", null, [\".ice\", \".lea\"]],\r\n [\"PECRYPT32\", null, \".ficken\"],\r\n [\"PolyCrypt\", \"2.8\", /^sec[0-9]$/],\r\n [\"RCryptor\", null, /^(\\.)?RCryptor$/],\r\n [\"SDProtector\", null, \".data \"],\r\n [\"Shielden\", null, \".sedata\"],\r\n [\"SimbiOZ\", null, \".ximera\"],\r\n [\"LARP\", \"2.X\", \"SnD \"],\r\n [\"DalKrypt\", \"1.X\", \".DalKiT\"],\r\n [\"Fish PE\", \"1.2-1.4\", \".PEDATA\"],\r\n [\"NoobyProtect (Safengine)\", null, \"SE\"],\r\n [\"KeySec\", null, \".ksec\"],\r\n [\"Lumy\", null, \".lumy\"],\r\n [\"TomatoX\", null, \".tomato\"],\r\n [\"PwdProtect\", null, \".pwdprot\"],\r\n [\"ID Application\", null, /^\\.Prt(1)?$/],\r\n [\"PETetris\", null, \"PETETRIS\"]\r\n ];\r\n\r\n const sectionNamesValidatingResult = validateSectionNames(dbCollectionOfSectionNamesDict.concat(\r\n (function () {\r\n var dbCollectionOfFakeSectionNamesDict = [\r\n [\"Enigma\", /^(\\.)?enigma$/i],\r\n [\"UPX\", [/^\\.upx/i, /^upx/]],\r\n [\"VMProtect\", /^(\\.)?vmp$/i],\r\n [\"MPRESS\", /^mpress/i],\r\n [\"Denuvo\", /denuvo/i],\r\n [\"Themida\", \".Themida\"]\r\n ];\r\n\r\n return dbCollectionOfFakeSectionNamesDict.map(function (entry) {\r\n return [\"fake \" + entry[0], null, entry[1]];\r\n });\r\n })()\r\n ).concat(\r\n [\r\n [\"a packer\", null, [/p(a)?ck|sh(e)?ll|exe|^\\.pe/i, /^PE/]],\r\n [\"a cryptor\", null, [/crypt|crpt|stub|enc|inj/i, /stb/]],\r\n [\"a protector\", null, [/(?!^prot$)prot|safe|lock|sec|virt|obf|guard|sh(ie)?ld/i, /DRM|drm/]]\r\n ]\r\n ));\r\n\r\n var versionBySectionDetected = String();\r\n\r\n if (sectionNamesValidatingResult != null) {\r\n versionBySectionDetected = sectionNamesValidatingResult[1];\r\n\r\n log(logType.nothing, \"Sections like \" + sectionNamesValidatingResult[0] + (versionBySectionDetected ? \" (v\" + versionBySectionDetected + \")\" : String()));\r\n\r\n isSectionNameLikePacker = true;\r\n }\r\n\r\n // Clean up: release the dictionary\r\n dbCollectionOfSectionNamesDict = undefined;\r\n\r\n if (isSectionNameLikePacker) options = addOption(options, \"Sections like \" + sectionNamesValidatingResult[0] + (versionBySectionDetected ? \" (v\" + sectionNamesValidatingResult[1] + \")\" : String()));\r\n\r\n\r\n\r\n\r\n // Check for packers and protections by resource names\r\n\r\n var isResourceNameLikePacker = false;\r\n\r\n // [{Name}, {Version}, {ResourceNameSignature}]\r\n\r\n var dbCollectionOfResourceNamesDict = [\r\n [\"Bat To Exe Converter\", null, /^(?=[0-9A-F]{40}$)(?=.*[0-9])(?=.*[A-F])[0-9A-F]{40}$/],\r\n [\"Fatpack\", null, \"FPACK\"],\r\n [\"Quick Batch File Compiler\", null, \"PLATFORMTARGETS\"],\r\n [\"ScriptCryptor\", null, \"AOPT\"],\r\n [\"ExeStealth\", null, \"TN\"],\r\n [\".NET Reactor\", null, \"__\"],\r\n [\"SoftEntry\", null, \"SENTRYABORTDLG\"],\r\n [\"ASM Guard\", null, \"ASMG.DLL\"],\r\n [\"UPX Protector\", null, \"SCAREBYTE\"],\r\n [\"Vbs To Exe\", null, \"B\"],\r\n [\"QQProtect\", null, \"QQPROTECT\"]\r\n ];\r\n\r\n const resourceNamesValidatingResult = validateResourceNames(dbCollectionOfResourceNamesDict);\r\n\r\n var versionByResourceDetected = String();\r\n\r\n if (resourceNamesValidatingResult != null) {\r\n versionByResourceDetected = resourceNamesValidatingResult[1];\r\n\r\n log(logType.nothing, \"Resources like \" + resourceNamesValidatingResult[0] + (versionByResourceDetected ? \" (v\" + versionByResourceDetected + \")\" : String()));\r\n\r\n isResourceNameLikePacker = true;\r\n }\r\n\r\n // Clean up: release the dictionary\r\n dbCollectionOfResourceNamesDict = undefined;\r\n\r\n if (isResourceNameLikePacker) options = addOption(options, \"Resources like \" + resourceNamesValidatingResult[0] + (versionByResourceDetected ? \" (v\" + versionByResourceDetected + \")\" : String()));\r\n\r\n\r\n\r\n\r\n // Check if there is a collision in sections\r\n\r\n var isCollisionInSectionsPresent = false;\r\n\r\n // Get section name collision between \"0\" and \"1\"\r\n const sectionNameCollision = PE.getSectionNameCollision(\"0\", \"1\");\r\n\r\n // Check if there is a collision\r\n if (sectionNameCollision.length) {\r\n log(logType.nothing, \"Section names collision: \\\"\" + clearSectionName(sectionNameCollision) + \"\\\"\");\r\n\r\n isCollisionInSectionsPresent = true;\r\n }\r\n\r\n if (isCollisionInSectionsPresent) options = addOption(options, \"Sections collision (\\\"\" + clearSectionName(sectionNameCollision) + \"\\\")\");\r\n\r\n\r\n\r\n\r\n // Check if there are repeating section names\r\n\r\n var isSectionNamesRepeatingPresent = false;\r\n\r\n var sectionNamesDict = {};\r\n\r\n for (var i = 0; i < PE_Cached.numberOfSections && !isSectionNamesRepeatingPresent; i++) {\r\n var sectionName = PE.getSectionName(i);\r\n sectionNamesDict[sectionName] = (sectionNamesDict[sectionName] || 0) + 1;\r\n if (sectionNamesDict[sectionName] > 1) {\r\n log(logType.nothing, \"Section names repeating: \\\"\" + clearSectionName(sectionName) + \"\\\"\");\r\n\r\n isSectionNamesRepeatingPresent = true;\r\n }\r\n }\r\n\r\n // Clean up: release the dictionary\r\n sectionNamesDict = undefined;\r\n\r\n if (isSectionNamesRepeatingPresent) options = addOption(options, \"Section names repeating\");\r\n\r\n\r\n\r\n\r\n // Check for compressed sections using entropy\r\n\r\n var isCompressedSectionPresent = false;\r\n\r\n var compressedSectionIndex = -1;\r\n\r\n for (var t = 0; t < PE_Cached.numberOfSections && !isCompressedSectionPresent; t++) {\r\n compressedSectionIndex = t;\r\n if (PE.calculateEntropy(PE.getSectionFileOffset(compressedSectionIndex), PE.getSectionFileSize(compressedSectionIndex)) > 7.4) {\r\n log(logType.any, \"Section #\" + compressedSectionIndex + \" (\\\"\" + clearSectionName(PE.getSectionName(compressedSectionIndex)) + \"\\\") entropy: \" + PE.calculateEntropy(PE.getSectionFileOffset(compressedSectionIndex), PE.getSectionFileSize(compressedSectionIndex)));\r\n\r\n isCompressedSectionPresent = true;\r\n }\r\n }\r\n\r\n if (isCompressedSectionPresent) options = addOption(options, \"Section #\" + compressedSectionIndex + \" (\\\"\" + clearSectionName(PE.getSectionName(compressedSectionIndex)) + \"\\\") compressed\");\r\n\r\n\r\n\r\n\r\n var standardSectionsWithUnusualValuesDict = [\".bss\", \"BSS\", \".tls\", \"hydrated\"];\r\n\r\n\r\n\r\n\r\n // Check for sections with strange characteristics\r\n\r\n var isSectionHasWrongOffsetOrSize = false;\r\n\r\n var sectionWithWrongOffsetOrSizeIndex = -1;\r\n\r\n var wrongOffset = false,\r\n wrongSize = false;\r\n\r\n for (var t = 0; t < PE_Cached.numberOfSections && !isSectionHasWrongOffsetOrSize; t++) {\r\n sectionWithWrongOffsetOrSizeIndex = t;\r\n if (standardSectionsWithUnusualValuesDict.indexOf(PE.getSectionName(sectionWithWrongOffsetOrSizeIndex)) === -1) {\r\n const currentSection = PE.section[sectionWithWrongOffsetOrSizeIndex];\r\n\r\n // Todo: add more checks\r\n if (currentSection.FileOffset === 0x00 || currentSection.FileOffset > (PE.getSize() - PE.getOverlaySize())) {\r\n wrongOffset = true;\r\n }\r\n\r\n if (currentSection.FileSize === 0x00 || currentSection.FileSize > (PE.getSize() - PE.getOverlaySize())) {\r\n wrongSize = true;\r\n }\r\n\r\n isSectionHasWrongOffsetOrSize = wrongOffset || wrongSize;\r\n\r\n if (isSectionHasWrongOffsetOrSize) {\r\n log(logType.any,\r\n \"Section #\" + sectionWithWrongOffsetOrSizeIndex + \" (\\\"\" + clearSectionName(PE.getSectionName(sectionWithWrongOffsetOrSizeIndex)) + \"\\\") has wrong \" +\r\n (wrongOffset ? \"offset (0x\" + currentSection.FileOffset.toString(16) + \")\" : String()) + (wrongOffset && wrongSize ? \", \" : String()) + (wrongSize ? \"size (0x\" + currentSection.FileSize.toString(16) + \")\" : String()));\r\n }\r\n }\r\n }\r\n\r\n if (isSectionHasWrongOffsetOrSize) options = addOption(options, \"Section #\" + sectionWithWrongOffsetOrSizeIndex + \" (\\\"\" + clearSectionName(PE.getSectionName(sectionWithWrongOffsetOrSizeIndex)) + \"\\\") has wrong \" + (wrongOffset ? \"offset\" : String()) + (wrongOffset && wrongSize ? \" and \" : String()) + (wrongSize ? \"size\" : String()));\r\n\r\n\r\n\r\n\r\n // Check for sections with identical offsets\r\n\r\n var isSectionHasDuplicateOffset = false;\r\n\r\n var currentSectionIndex = -1;\r\n\r\n var firstSectionIndex = 0,\r\n firstSectionName = String(),\r\n secondSectionIndex = 0,\r\n secondSectionName = String();\r\n\r\n var sectionOffsetsDict = {};\r\n\r\n for (var i = 0; i < PE_Cached.numberOfSections && !isSectionHasDuplicateOffset; i++) {\r\n currentSectionIndex = i;\r\n if (standardSectionsWithUnusualValuesDict.indexOf(PE.getSectionName(currentSectionIndex)) === -1) {\r\n var currentSectionOffset = PE.section[currentSectionIndex].FileOffset;\r\n if (currentSectionOffset !== 0) {\r\n if (typeof sectionOffsetsDict[currentSectionOffset] === \"undefined\") {\r\n sectionOffsetsDict[currentSectionOffset] = [currentSectionIndex];\r\n } else {\r\n log(logType.any, \"Section #\" + sectionOffsetsDict[currentSectionOffset][0] + \" (\\\"\" + clearSectionName(PE.getSectionName(sectionOffsetsDict[currentSectionOffset][0])) + \"\\\") and #\" + currentSectionIndex + \" (\\\"\" + clearSectionName(PE.getSectionName(currentSectionIndex)) + \"\\\") have one offset: 0x\" + currentSectionOffset.toString(16));\r\n\r\n firstSectionIndex = sectionOffsetsDict[currentSectionOffset][0];\r\n secondSectionIndex = currentSectionIndex;\r\n\r\n firstSectionName = clearSectionName(PE.getSectionName(firstSectionIndex));\r\n secondSectionName = clearSectionName(PE.getSectionName(secondSectionIndex));\r\n\r\n isSectionHasDuplicateOffset = true;\r\n }\r\n }\r\n }\r\n }\r\n\r\n // Clean up: release the dictionary\r\n sectionOffsetsDict = undefined;\r\n\r\n if (isSectionHasDuplicateOffset) options = addOption(options, \"Section #\" + firstSectionIndex + \" (\\\"\" + firstSectionName + \"\\\") and #\" + secondSectionIndex + \" (\\\"\" + secondSectionName + \"\\\") have one offset\");\r\n\r\n\r\n\r\n\r\n // Check for 'MZ' signature in the overlay\r\n\r\n var isPeAtOverlayDetected = false;\r\n\r\n if (PE.isOverlayPresent() &&\r\n PE.getOverlaySize() >= 100 &&\r\n PE.compareOverlay(\"'MZ'\")) {\r\n log(logType.any, \"PE signature at overlay detected\");\r\n\r\n isPeAtOverlayDetected = true;\r\n }\r\n\r\n if (isPeAtOverlayDetected) options = addOption(options, \"PE at overlay\");\r\n\r\n\r\n\r\n\r\n // Check for a strange overlay in the PE file\r\n\r\n var hasStrangeOverlay = false;\r\n\r\n // Conditions to check for a strange overlay\r\n if (!isPeAtOverlayDetected && !isSfx && !PE.isSigned() && PE.isOverlayPresent()) {\r\n var overlayEntropy = PE.calculateEntropy(PE.getOverlayOffset(), PE.getOverlaySize());\r\n\r\n if (\r\n PE.getOverlaySize() > 150 && overlayEntropy > 7 ||\r\n PE.getOverlaySize() > (PE.getSize() - PE.getOverlaySize())\r\n ) {\r\n log(logType.any, \"Overlay size: \" + PE.getOverlaySize() + \" bytes; Entropy: \" + overlayEntropy);\r\n\r\n hasStrangeOverlay = true;\r\n }\r\n }\r\n\r\n if (hasStrangeOverlay) options = addOption(options, \"Strange overlay\");\r\n\r\n\r\n\r\n\r\n // Checks if a PE file is embedded in the resources\r\n\r\n var isPeInResourcesPresent = false;\r\n\r\n for (var i = 0; i < PE_Cached.numberOfUnmanagedResources && !isPeInResourcesPresent; i++) {\r\n const resourceOffset = PE.getResourceOffsetByNumber(i);\r\n\r\n if (PE.compare(\"'MZ'\", resourceOffset)) {\r\n log(logType.any, \"PE signature in resources detected\");\r\n\r\n isPeInResourcesPresent = true;\r\n }\r\n }\r\n\r\n if (isPeInResourcesPresent) options = addOption(options, \"PE in resources\");\r\n\r\n\r\n\r\n\r\n // Flag to indicate high entropy\r\n\r\n var isHighEntropy = false;\r\n\r\n // Checks for high entropy (ignore overlay)\r\n if (!(PE_Cached.isDynamicLinkLibrary && (PE.section[\".rdata\"] || PE.isSectionNamePresent(\".rsrc\"))) && // .dll with resources\r\n PE.calculateEntropy(0x00, PE.getSize() - PE.getOverlaySize()) > 7.3) {\r\n isHighEntropy = true;\r\n }\r\n\r\n if (isHighEntropy) options = addOption(options, \"High entropy\");\r\n\r\n\r\n\r\n\r\n // Check for recurring import names\r\n\r\n var recurringImports = false;\r\n\r\n var importNamesDict = {};\r\n\r\n if (!_isResultPresent(\"linker\", \"Turbo Linker\")) { // Ignore Delphi\r\n for (var i = 0; i < PE_Cached.numberOfUnmanagedImports && !recurringImports; i++) {\r\n var name = PE.getImportLibraryName(i);\r\n importNamesDict[name] = (importNamesDict[name] || 0) + 1;\r\n if (importNamesDict[name] >= 3) {\r\n log(logType.nothing, \"Recurring import name: \\\"\" + name + \"\\\"\");\r\n\r\n recurringImports = true;\r\n }\r\n }\r\n }\r\n\r\n // Clean up: release the dictionary\r\n importNamesDict = undefined;\r\n\r\n if (recurringImports) options = addOption(options, \"Recurring import names\");\r\n\r\n\r\n\r\n\r\n if (isImportsLikePacker && !_getNumberOfResults(\"packer\") && !_getNumberOfResults(\"cryptor\") && !_getNumberOfResults(\"protector\") && !_getNumberOfResults(\"protection\")) {\r\n var typeOfDetectedItem = String();\r\n\r\n switch (importValidatingResult[4]) {\r\n case 0: typeOfDetectedItem = \"packer\"; break;\r\n case 1: typeOfDetectedItem = \"cryptor\"; break;\r\n case 2: typeOfDetectedItem = \"protector\"; break;\r\n case 3: typeOfDetectedItem = \"protection\"; break;\r\n }\r\n\r\n if (typeOfDetectedItem) {\r\n var version = String(),\r\n importAndSectionValidationVerdictsDiffer = false;\r\n\r\n if (importValidatingResult[1]) {\r\n version = importValidatingResult[1];\r\n } else if (isSectionNameLikePacker && !/^(a [pc]|fake )$/.test(sectionNamesValidatingResult[0])) {\r\n if (importValidatingResult[0] === sectionNamesValidatingResult[0]) { // is same result\r\n if (sectionNamesValidatingResult[1]) {\r\n version = sectionNamesValidatingResult[1];\r\n }\r\n } else { // Inconsistency of verdicts\r\n importAndSectionValidationVerdictsDiffer = true;\r\n }\r\n }\r\n\r\n _setResult(\"~\" + typeOfDetectedItem, importValidatingResult[0] + (importAndSectionValidationVerdictsDiffer ? \"-like\" : String()), version, \"Suspicion only\");\r\n }\r\n }\r\n\r\n\r\n\r\n\r\n if (options.length != 0) isDetected = true;\r\n\r\n\r\n if (isDetected) {\r\n var detectedType = isCryptor ? \"cryptor\" : \"packer\";\r\n\r\n _setResult(\"~\" + detectedType, \"Generic\", String(), PE.isVerbose() ? options : String());\r\n }\r\n}\r\n// #endregion\r\n\r\n\r\n\r\n// #region \"licensing systems (.NET and Native)\"\r\nfunction scanForLicensingSystems_NET_and_Native() { // For .NET and Native apps\r\n log(logType.nothing, \"Scanning for licensing systems...\");\r\n\r\n var options = String();\r\n\r\n var isDetected = Boolean();\r\n\r\n\r\n\r\n\r\n if (PE_Cached.isDotNet) {\r\n\r\n var isLicenseCheckingPresent = false;\r\n\r\n if (validateNetObject(\"CheckLicense\") || validateNetObject(\"set_License\") || validateNetObject(\"Licensing\")) {\r\n isLicenseCheckingPresent = true;\r\n }\r\n\r\n if (isLicenseCheckingPresent) options = \"DotNET methods\";\r\n\r\n\r\n\r\n\r\n // https://learn.microsoft.com/en-us/dotnet/api/system.componentmodel.licenseproviderattribute\r\n\r\n var isLicenseProviderPresent = false;\r\n\r\n if (validateNetObject(\"LicenseProviderAttribute\")) {\r\n isLicenseProviderPresent = true;\r\n }\r\n\r\n if (isLicenseProviderPresent) options = addOption(options, \"Provider attribute\");\r\n\r\n\r\n\r\n\r\n // https://learn.microsoft.com/ru-ru/dotnet/api/system.componentmodel.licensemanager\r\n\r\n var isLicenseManagerPresent = false;\r\n\r\n if (validateNetObject(\"LicenseManager\")) {\r\n isLicenseManagerPresent = true;\r\n }\r\n\r\n if (isLicenseManagerPresent) options = addOption(options, \"License manager\");\r\n\r\n }\r\n\r\n\r\n\r\n\r\n // Check for licensing strings\r\n\r\n var isInterestingStringsFound = false;\r\n\r\n const licesingStrings = [ /*[E]*/ \"nter serial \", /*[S]*/ \"erial key \", \" activate \", \" trial \", /*[W]*/ \"rong activation\", /*[W]*/ \"rong licens\", /*[L]*/ \"icense expire\", \"valid license\", /*[L]*/ \"icense key\", \" full version\", \" purchase a \"];\r\n\r\n for (var i = 0; i < licesingStrings.length; i++) {\r\n const currentPatternToFind = licesingStrings[i];\r\n\r\n if (PE.isSignaturePresent(0x00, PE.getSize(), \"'\" + currentPatternToFind + \"'\") ||\r\n PE.isSignaturePresent(0x00, PE.getSize(), \"'\" + generateUnicodeSignatureMask(currentPatternToFind) + \"'\")) {\r\n isInterestingStringsFound = true;\r\n break;\r\n }\r\n }\r\n\r\n if (isInterestingStringsFound) options = addOption(options, \"Strings\");\r\n\r\n\r\n\r\n\r\n var isDenuvoLibraryPresent = false;\r\n\r\n if (PE.isLibraryPresentExp(/(Core\\\\Activation|Activation64)/i)) {\r\n isDenuvoLibraryPresent = true;\r\n }\r\n\r\n if (isDenuvoLibraryPresent) options = addOption(options, \"Denuvo DRM\");\r\n\r\n\r\n\r\n\r\n if (options.length != 0) isDetected = true;\r\n\r\n\r\n if (isDetected) {\r\n _setResult(\"~licensing\", \"Contains\", String(), PE.isVerbose() ? options : String());\r\n }\r\n}\r\n// #endregion\r\n\r\n\r\n\r\n// #region \"corrupted data (.NET and Native)\"\r\nfunction scanForBadFileFormat_NET_and_Native() {\r\n log(logType.nothing, \"Scanning for corrupted data...\");\r\n\r\n var options = String();\r\n\r\n var isDetected = Boolean();\r\n\r\n\r\n\r\n\r\n // EP check\r\n\r\n var isEntryPointIncorrect = false;\r\n\r\n if (!PE.isEntryPointCorrect()) {\r\n isEntryPointIncorrect = true;\r\n }\r\n\r\n if (isEntryPointIncorrect) options = addOption(options, \"EntryPoint\");\r\n\r\n\r\n\r\n\r\n // Section alignment check\r\n\r\n var isSectionAlignmentIncorrect = false;\r\n\r\n if (!PE.isSectionAlignmentCorrect()) {\r\n isSectionAlignmentIncorrect = true;\r\n }\r\n\r\n if (isSectionAlignmentIncorrect) options = addOption(options, \"Section alignment\");\r\n\r\n\r\n\r\n\r\n // File alignment check\r\n\r\n var isFileAlignmentIncorrect = false;\r\n\r\n if (!PE.isFileAlignmentCorrect()) {\r\n isFileAlignmentIncorrect = true;\r\n }\r\n\r\n if (isFileAlignmentIncorrect) options = addOption(options, \"File alignment\");\r\n\r\n\r\n\r\n\r\n // Check for correct header\r\n\r\n var isHeaderIncorrect = false;\r\n\r\n if (!PE.isHeaderCorrect()) {\r\n isHeaderIncorrect = true;\r\n }\r\n\r\n if (isHeaderIncorrect) options = addOption(options, \"Header\");\r\n\r\n\r\n\r\n\r\n // Check for correct section headers\r\n\r\n var isRelocsTableIncorrect = false;\r\n\r\n if (!PE.isRelocsTableCorrect()) {\r\n isRelocsTableIncorrect = true;\r\n }\r\n\r\n if (isRelocsTableIncorrect) options = addOption(options, \"Relocs\");\r\n\r\n\r\n\r\n\r\n // Check IAT (Import Address Table)\r\n // Can be destroyed when the PE dumped from memory\r\n\r\n var isImportTableIncorrect = false;\r\n\r\n if (!PE.isImportTableCorrect()) {\r\n isImportTableIncorrect = true;\r\n }\r\n\r\n if (isImportTableIncorrect) options = addOption(options, \"IAT\");\r\n\r\n\r\n\r\n\r\n // Check EAT (only for .dll)\r\n\r\n var isExportTableIncorrect = false;\r\n\r\n if (PE_Cached.isDynamicLinkLibrary && !PE.isExportTableCorrect()) {\r\n isExportTableIncorrect = true;\r\n }\r\n\r\n if (isExportTableIncorrect) options = addOption(options, \"EAT\");\r\n\r\n\r\n\r\n\r\n // Check for resources table\r\n\r\n var isResourcesTableIncorrect = false;\r\n\r\n if (!PE.isResourcesTableCorrect()) {\r\n isResourcesTableIncorrect = true;\r\n }\r\n\r\n if (isResourcesTableIncorrect) options = addOption(options, \"Resources\");\r\n\r\n\r\n\r\n\r\n // Check for corrupted DotNET data\r\n\r\n var isNetImportsCorrupted = false;\r\n\r\n if (!PE_Cached.isDotNet && isNetMetaDataPresent() && PE_Cached.numberOfUnmanagedImports == 0) {\r\n isNetImportsCorrupted = true;\r\n }\r\n\r\n if (isNetImportsCorrupted) options = addOption(options, \"DotNET headers/meta\");\r\n\r\n\r\n\r\n\r\n // Check for corrupted DotNET CLR version\r\n\r\n var isNetClrVersionCorrupted = false;\r\n\r\n if (PE_Cached.isDotNet && !isAsciiString(PE.getNETVersion())) {\r\n isNetClrVersionCorrupted = true;\r\n }\r\n\r\n if (isNetClrVersionCorrupted) options = addOption(options, \"DotNET CLR version\");\r\n\r\n\r\n\r\n\r\n if (options.length != 0) isDetected = true;\r\n\r\n\r\n if (isDetected) {\r\n _setResult(\"~corrupted data\", \"Generic\", String(), PE.isVerbose() ? options : String());\r\n }\r\n}\r\n// #endregion\r\n\r\n\r\n\r\n// #region \"debug data (.NET and Native)\"\r\nfunction scanForDebugData_NET_and_Native() { // For .NET and Native apps\r\n log(logType.nothing, \"Scanning for debug data...\");\r\n\r\n var options = String();\r\n\r\n var isDetected = Boolean();\r\n\r\n\r\n\r\n\r\n // Check for sections with debug data by name\r\n\r\n var isDebugSectionPresent = false;\r\n\r\n var debugSectionIndex = -1;\r\n\r\n for (var i = 0; i < PE_Cached.numberOfSections && !isDebugSectionPresent; i++) {\r\n debugSectionIndex = i;\r\n\r\n const currentSectionName = PE.getSectionName(i);\r\n\r\n if (/(debug|^\\.stab(str)?$)/i.test(currentSectionName)) { // Detects TCC/GCC and modern LLVM debug sections\r\n log(logType.any, \"Debug section detected: \\\"\" + clearSectionName(PE.getSectionName(debugSectionIndex)) + \"\\\"\");\r\n\r\n isDebugSectionPresent = true;\r\n }\r\n }\r\n\r\n if (isDebugSectionPresent) options = \"Section #\" + debugSectionIndex + \" (\\\"\" + clearSectionName(PE.getSectionName(debugSectionIndex)) + \"\\\")\";\r\n\r\n\r\n\r\n\r\n // .NET Native debug header, EAT function\r\n\r\n var isNetNativeDebugDataPresent = false;\r\n\r\n if (!PE_Cached.isDotNet && PE.isExportFunctionPresent(\"DotNetRuntimeDebugHeader\")) {\r\n log(logType.any, \".NET Native debug symbols detected\");\r\n\r\n isNetNativeDebugDataPresent = true;\r\n }\r\n\r\n if (isNetNativeDebugDataPresent) options = addOption(options, \"DotNET runtime header\");\r\n\r\n\r\n\r\n\r\n // Check for -Wl,--export-all-symbols linker option\r\n\r\n var isSymbolsExported = false;\r\n\r\n if (!PE_Cached.isDynamicLinkLibrary && PE.isExportFunctionPresent(\"main\")) {\r\n log(logType.any, \"The \\\"--export-all-symbols\\\" linker option was probably used\");\r\n\r\n isSymbolsExported = true;\r\n }\r\n\r\n if (isSymbolsExported) options = addOption(options, \"Symbols exported\");\r\n\r\n\r\n\r\n\r\n // Check for absolute PDB path\r\n\r\n var isPdbFullPathPresent = false;\r\n\r\n var pdbExtensionPatternOffset = PE.findSignature(\r\n PE.getDosStubOffset() + PE.getDosStubSize(),\r\n PE.getSize() - PE.getOverlaySize(),\r\n \"%% %% %% '.pdb' 00\"\r\n );\r\n\r\n var pdbPathBeginOffset = 0,\r\n pdbPath = String();\r\n\r\n if (pdbExtensionPatternOffset !== -1) {\r\n\r\n for (var i = pdbExtensionPatternOffset; i > 0; i--) {\r\n if (PE.readByte(i) === 0x00) {\r\n pdbPathBeginOffset = i + 1;\r\n break;\r\n }\r\n }\r\n\r\n pdbPath = PE.getString(pdbPathBeginOffset, 256);\r\n\r\n if (pdbPath.length > 255)\r\n pdbPath = pdbPath.substring(0, 255) + \" . . .\";\r\n\r\n pdbPath = pdbPath.replace(/[\\n\\r]/g, String());\r\n\r\n if (pdbPath.match(/^[a-zA-Z]:\\\\/) !== null) {\r\n log(logType.any, \"PDB absolute path: \\\"\" + pdbPath + \"\\\"\");\r\n\r\n isPdbFullPathPresent = true;\r\n }\r\n }\r\n\r\n if (isPdbFullPathPresent) options = addOption(options, \"Absolute PDB path\");\r\n\r\n\r\n\r\n\r\n // Check for portable (relative path) or embedded PDB\r\n\r\n var isPortableOrEmbeddedPdbDetected = false;\r\n\r\n var pdbTextType = String();\r\n\r\n if (pdbPath && pdbPath[0] !== '.' && !isPdbFullPathPresent) {\r\n pdbTextType = validateSignature(\"00 52 53 44 53\") ? \"Embedded\" : \"Portable\";\r\n\r\n log(logType.any, pdbTextType + \" PDB name: \\\"\" + pdbPath + \"\\\"\");\r\n\r\n isPortableOrEmbeddedPdbDetected = true;\r\n }\r\n\r\n if (isPortableOrEmbeddedPdbDetected) options = addOption(options, pdbTextType + \" PDB (release)\");\r\n\r\n\r\n\r\n\r\n // Check for Costura.Fody embedded PDB. It is a .NET tool (library) that embeds DLL builds into the main assembly.\r\n\r\n var isCosturaEmbeddedDebugData = false;\r\n\r\n if (PE_Cached.isDotNet && validateNetObject(\"costura.costura.pdb.compressed\")) {\r\n log(logType.any, \"Costura embedded PDB detected\");\r\n\r\n isCosturaEmbeddedDebugData = true;\r\n }\r\n\r\n if (isCosturaEmbeddedDebugData) options = addOption(options, \"Costura.Fody embedded PDB\");\r\n\r\n\r\n\r\n\r\n if (options.length != 0) isDetected = true;\r\n\r\n\r\n if (isDetected) {\r\n _setResult(\"~debug data\", \"Contains\", String(), PE.isVerbose() ? options : String());\r\n }\r\n}\r\n// #endregion\r\n\r\n\r\n\r\n/**\r\n * Checks if the .NET Visual Basic standard library is present.\r\n *\r\n * @returns {boolean} True if the Microsoft.VisualBasic library is found; otherwise false.\r\n */\r\nfunction isVbNetStandardLibraryPresent() {\r\n return PE.isNetObjectPresent(\"Microsoft.VisualBasic\");\r\n}\r\n\r\n\r\n\r\n\r\n/**\r\n * Checks if the .NET JScript standard library is present.\r\n *\r\n * @returns {boolean} True if the Microsoft.JScript library is found; otherwise false.\r\n */\r\nfunction isJscriptNetStandardLibraryPresent() {\r\n return PE.isNetObjectPresent(\"Microsoft.JScript\");\r\n}\r\n\r\n\r\n\r\n/**\r\n * Determines if the current PE file is a .NET component.\r\n *\r\n * @returns {boolean} Returns true if the PE file is identified as a .NET component, otherwise false.\r\n */\r\nfunction isFrameworkComponent() {\r\n if (!PE_Cached.isDotNet || !PE_Cached.isDynamicLinkLibrary || PE_Cached.isNetGlobalCctorPresent) {\r\n return false;\r\n }\r\n\r\n const\r\n buildAssemblyName = PE_Cached.nameOfNetAssemblyName,\r\n buildModuleName = PE_Cached.nameOfNetModuleName;\r\n\r\n if (buildAssemblyName.length >= 6 && buildAssemblyName.substring(0, 6) === \"System\" && buildModuleName === (buildAssemblyName + \".dll\")) {\r\n return true;\r\n }\r\n\r\n return false;\r\n}\r\n\r\n\r\n\r\n/**\r\n * Validates the presence of a signature (pattern) within a specified range in a PE file.\r\n *\r\n * Searches for the given pattern starting from the DOS stub end until the PE size excluding the overlay.\r\n * Logs a message if the pattern is found and returns a boolean indicating the result.\r\n *\r\n * @param {string} pattern - The pattern to search for within the file.\r\n * @returns {boolean} True if the pattern is found, false otherwise.\r\n */\r\nfunction validateSignature(pattern) {\r\n const\r\n offsetFound = PE.findSignature(PE.getDosStubOffset() + PE.getDosStubSize(), PE.getSize() - PE.getOverlaySize(), pattern),\r\n resultBool = offsetFound != -1;\r\n\r\n if (resultBool) {\r\n lastOffsetDetected = \"0x\" + Number(offsetFound).toString(16);\r\n log(logType.any, \"Pattern found: \" + pattern);\r\n }\r\n\r\n return resultBool;\r\n}\r\n\r\n\r\n\r\n/**\r\n * Searches all sections in the current PE file for the specified byte code.\r\n * If discovered, logs the offset at which it appears and returns true.\r\n * \r\n * @param {string} byteCode - The byte code signature to locate.\r\n * @returns {boolean} True if the byte code is found in any section, otherwise false.\r\n */\r\nfunction validateNetByteCode(byteCode) {\r\n for (var s = 0; s < PE_Cached.numberOfSections; s++) {\r\n const\r\n sectionOffset = PE.getSectionFileOffset(s),\r\n sectionSize = PE.getSectionFileSize(s);\r\n\r\n var offsetFound = PE.findSignature(sectionOffset, sectionOffset + sectionSize, byteCode);\r\n if (offsetFound != -1) {\r\n lastOffsetDetected = \"0x\" + Number(offsetFound).toString(16);\r\n log(logType.net, \"ByteCode detected: \" + byteCode);\r\n return true;\r\n }\r\n }\r\n\r\n return false;\r\n}\r\n\r\n\r\n\r\n/**\r\n * Validates if the given .NET object is present in the PE file.\r\n *\r\n * @param {Object} object - The object to be validated.\r\n * @returns {boolean} - Returns true if the object is a .NET object, otherwise false.\r\n */\r\nfunction validateNetObject(object) {\r\n const result = PE.isNetObjectPresent(object);\r\n if (result) log(logType.net, \"Object present: \" + object);\r\n return result;\r\n}\r\n\r\n\r\n\r\n/**\r\n * Validates if a .NET Unicode string is present in the PE file.\r\n *\r\n * @param {string} ustring - The Unicode string to validate.\r\n * @returns {boolean} - Returns true if the Unicode string is present, otherwise false.\r\n */\r\nfunction validateNetUnicodeString(ustring) {\r\n const result = PE.isNetUStringPresent(ustring);\r\n if (result) log(logType.net, \"String present: \\\"\" + ustring + \"\\\"\");\r\n return result;\r\n}\r\n\r\n\r\n\r\n/**\r\n * Validates if a given Unicode string exists within the PE file.\r\n *\r\n * This function searches for the specified Unicode string within the PE file's\r\n * memory range, excluding the DOS stub and overlay sections. If the string is\r\n * found, it logs a message indicating the presence of the string.\r\n *\r\n * @param {string} ustring - The Unicode string to search for within the PE file.\r\n * @returns {boolean} - Returns true if the Unicode string is found, otherwise false.\r\n */\r\nfunction validateGlobalUnicodeString(ustring) {\r\n const result = PE.findSignature(PE.getDosStubOffset() + PE.getDosStubSize(), PE.getSize() - PE.getOverlaySize(), generateUnicodeSignatureMask(ustring)) != -1;\r\n if (result) log(logType.nothing, \"Unicode string found: \\\"\" + ustring + \"\\\"\");\r\n return result;\r\n}\r\n\r\n\r\n\r\n/**\r\n * Generates a Unicode signature mask for the given input string.\r\n *\r\n * This function iterates through each character in the input string and appends\r\n * its Unicode representation to the output string. The first character is appended\r\n * without a prefix, while subsequent characters are prefixed with \"00\".\r\n * \r\n * \"test\" -> \"'t'00'e'00's'00't'\"\r\n *\r\n * @param {string} ustring - The input string for which to generate the Unicode signature mask.\r\n * @returns {string} The generated Unicode signature mask.\r\n */\r\nfunction generateUnicodeSignatureMask(ustring) {\r\n var output = String();\r\n\r\n // Iterate through each character in the input string\r\n for (var c = 0; c < ustring.length; c++) {\r\n // Append the Unicode representation of the character to the output\r\n output += (c != 0 ? \"00\" : String()) + \"'\" + ustring[c] + \"'\";\r\n }\r\n\r\n // Return the generated Unicode signature mask\r\n return output;\r\n}\r\n\r\n\r\n\r\n/**\r\n * Checks if all .NET references in the provided array are missing.\r\n *\r\n * @param {Array} references - An array of .NET references to check.\r\n * @returns {boolean} - Returns true if all .NET references are missing, otherwise false.\r\n */\r\nfunction isAllNetReferencesMissing(references) {\r\n // Iterate through the array of .NET references\r\n for (var i = 0; i < references.length; i++) {\r\n // Get the current reference\r\n const ref = references[i];\r\n\r\n // If the .NET object corresponding to the reference is present, return false\r\n if (PE.isNetObjectPresent(ref)) {\r\n return false;\r\n }\r\n }\r\n\r\n // If all .NET references are missing, return true\r\n return true;\r\n}\r\n\r\n\r\n\r\n/**\r\n * Checks if all .NET references are present.\r\n *\r\n * @param {Array} references - An array of .NET references to check.\r\n * @returns {boolean} - Returns true if all .NET references are present, otherwise false.\r\n */\r\nfunction isAllNetReferencesPresent(references) {\r\n // Iterate through the array of .NET references\r\n for (var i = 0; i < references.length; i++) {\r\n // Get the current reference\r\n const ref = references[i];\r\n\r\n // If the .NET object corresponding to the reference is not present, return false\r\n if (!PE.isNetObjectPresent(ref)) {\r\n return false;\r\n }\r\n }\r\n\r\n // If all .NET references are present, return true\r\n return true;\r\n}\r\n\r\n\r\n\r\n/**\r\n * Searches for a signature in the first section of a PE file and marks it if found.\r\n *\r\n * @param {string} sign - The signature to search for.\r\n * @param {boolean} isFullName - A flag indicating whether to append '00' to the signature.\r\n * @returns {string} - The found signature if present, otherwise an empty string.\r\n */\r\nfunction findAndMark(sign, isFullName) {\r\n if (PE.isSignatureInSectionPresent(0,\r\n (\"00'\" + sign + \"'\") + // 00'string\r\n (isFullName ? \"00\" : String()))) { // ... '00\r\n return sign;\r\n }\r\n return String();\r\n}\r\n\r\n\r\n\r\n/**\r\n * Determines if a given string name is obfuscated.\r\n *\r\n * The function checks for obfuscation in two cases:\r\n * 1. If the name contains spaces, it splits the name into tokens and checks each token for obfuscation.\r\n * 2. If the name does not contain spaces, it checks each chunk of the string (of size 20) for obfuscation.\r\n *\r\n * Logs a message if an obfuscated segment or chunk is found.\r\n *\r\n * @param {string} name - The string to analyze for obfuscation.\r\n * @returns {boolean} True if the name or any of its segments/chunks are obfuscated, false otherwise.\r\n */\r\nfunction isNameObfuscated(name) {\r\n if (!name || name.length === 0) return false;\r\n\r\n if (name.indexOf(' ') !== -1) {\r\n const tokens = name.split(/\\s+/);\r\n for (var i = 0; i < tokens.length; i++) {\r\n var currentToken = tokens[i];\r\n\r\n // If it starts with an abbreviation and the string is separated by a space, then it is not obfuscated (samples: The Last Of Us: II Remastered resource files)\r\n if (i == 0 && currentToken.match(/^[A-Z]{3,}/)) {\r\n return false;\r\n }\r\n\r\n if (isTokenObfuscated(currentToken)) {\r\n log(logType.nothing, \"Obfuscated string segment: \\\"\" + currentToken + \"\\\" in \\\"\" + name + \"\\\"\");\r\n return true;\r\n }\r\n }\r\n return false;\r\n }\r\n\r\n // Split the name into chunks\r\n const CHUNK_SIZE = 20;\r\n\r\n for (var start = 0; start < name.length; start += CHUNK_SIZE) {\r\n const chunk = name.substring(start, start + CHUNK_SIZE);\r\n if (isTokenObfuscated(chunk)) {\r\n log(logType.nothing, \"Obfuscated string chunk: \\\"\" + chunk + \"\\\" in \\\"\" + name + \"\\\"\");\r\n return true;\r\n }\r\n }\r\n\r\n return false;\r\n}\r\n\r\n\r\n\r\n/**\r\n * Determines whether a given token is considered obfuscated based on advanced heuristics.\r\n * \r\n * The function checks for:\r\n * - Tokens shorter than 7 characters are automatically considered clean\r\n * - Common legitimate patterns (dates, versions, UUIDs, etc.)\r\n * - Hexadecimal strings (8+ chars) like 'd3adc0de'\r\n * - Regular expression patterns indicating mixed alphanumeric sequences\r\n * - Statistical character analysis with entropy detection\r\n * - Repetitive pattern detection\r\n *\r\n * @param {string} token - The string token to analyze\r\n * @returns {boolean} True if token matches obfuscation patterns, false otherwise\r\n */\r\nfunction isTokenObfuscated(token) {\r\n if (!token || token.length < 7) return false;\r\n\r\n // === WHITELIST: Common legitimate patterns ===\r\n\r\n // Date patterns: YYYY-YYYY, DD.MM.YYYY, YYYY-MM-DD\r\n if (token.match(/^\\d{4}[-\\/\\.]\\d{4}$/) ||\r\n token.match(/^\\d{1,2}[-\\/\\.]\\d{1,2}[-\\/\\.]\\d{2,4}$/) ||\r\n token.match(/^\\d{4}[-\\/\\.]\\d{1,2}[-\\/\\.]\\d{1,2}$/)) return false;\r\n\r\n // Version numbers: v1.2.3, 1.0.0.0, 10.15.7\r\n if (token.match(/^v?\\d+(\\.\\d+){1,4}$/i)) return false;\r\n\r\n // UUIDs: 550e8400-e29b-41d4-a716-446655440000\r\n if (token.match(/^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$/i)) return false;\r\n\r\n // Common hex prefixes: 0x1234ABCD, 0X1A2B3C4D\r\n if (token.match(/^0x[0-9a-f]+$/i)) return false;\r\n\r\n // File sizes with units: 123KB, 45.6MB, 1.5GB\r\n if (token.match(/^\\d+(\\.\\d+)?(bytes?|[kmgt]b)$/i)) return false;\r\n\r\n // IP addresses: 192.168.1.1\r\n if (token.match(/^\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}$/)) return false;\r\n\r\n // Common abbreviations/acronyms (all caps with digits): DX11, OpenGL3, Win32\r\n if (token.match(/^[A-Z]{2,}[0-9]{1,3}$/)) return false;\r\n\r\n // Changelist/build numbers (pure digits 6-12 chars): CL 35398403, Build 123456\r\n // Todo: upgrade\r\n if (token.match(/^\\d{6,12}$/)) return false;\r\n\r\n // Version control tags: v1.0, v21.9\r\n if (token.match(/^[Vv]\\d{1,2}\\.\\d{1,4}/)) return false;\r\n\r\n // Build/CI server patterns: buildbot, jenkins, gitlab-runner, etc.\r\n // Contains common CI/build keywords with hyphens/underscores\r\n if (token.match(/(buildbot|builder|jenkins|gitlab|runner|relclient|steam|win32|win64|x64|x86)/i)) return false;\r\n\r\n\r\n // === OBFUSCATION DETECTION ===\r\n\r\n var stats = { digits: 0, lower: 0, upper: 0, special: 0, transitions: 0 };\r\n var charTypes = [];\r\n\r\n for (var i = 0; i < token.length; i++) {\r\n var char = token[i];\r\n var prevType = charTypes[charTypes.length - 1];\r\n var currType;\r\n\r\n if (char >= '0' && char <= '9') {\r\n stats.digits++;\r\n currType = 'digit';\r\n } else if (char >= 'a' && char <= 'z') {\r\n stats.lower++;\r\n currType = 'lower';\r\n } else if (char >= 'A' && char <= 'Z') {\r\n stats.upper++;\r\n currType = 'upper';\r\n } else {\r\n stats.special++;\r\n currType = 'special';\r\n }\r\n\r\n charTypes.push(currType);\r\n if (prevType && prevType !== currType) {\r\n stats.transitions++;\r\n }\r\n }\r\n\r\n const\r\n totalChars = token.length,\r\n alphaChars = stats.lower + stats.upper;\r\n\r\n // Detect excessive character type transitions (obfuscation indicator)\r\n if ((stats.transitions / totalChars) > 0.6 && stats.digits >= 4) return true;\r\n\r\n // Detect repetitive patterns (e.g., \"a1b2c3d4e5\")\r\n if (token.match(/^(?:[a-z]\\d){4,}$/i)) return true;\r\n\r\n // Pattern: letter-digit-letter with 4+ total digits\r\n if (token.match(/^(?=\\d|[a-z])(?=.*[a-z]\\d[a-z])(?=(?:.*\\d){4,})/i)) return true;\r\n\r\n // Detect pure hex strings (8+ chars) - likely hashes\r\n if (token.match(/^[0-9a-f]{8,}$/i)) {\r\n // Exception: common words that are hex-valid (like \"decade\", \"faded\")\r\n if (!token.match(/^(dead|beef|cafe|babe|fade|deed|feed|face|decade|deface)$/i)) {\r\n return true;\r\n }\r\n }\r\n\r\n // Repeating syllables/segments (e.g., \"jnfasjknjnjnjn\" - \"nj\" repeats 3+ times)\r\n // Detects 2-3 char segments repeating 3+ times consecutively\r\n if (token.match(/(.{2,3})\\1{2,}/)) return true;\r\n\r\n // Mixed letters and digit clusters (e.g., \"ac8a8sic8i19o9oi\", \"j9813jd1039i098\")\r\n // Pattern: letter(s) + digit(s), repeated 4+ times with varying lengths\r\n if (token.match(/(?:[a-z]+\\d+){4,}/i) && stats.digits >= 4) return true;\r\n\r\n // Chaotic alternating: single letter + multiple digits (e.g., \"j9813jd1039i098\")\r\n // Pattern: letter + 3+ digits, repeated 2+ times\r\n if (token.match(/(?:[a-z]\\d{3,}){2,}/i)) return true;\r\n\r\n // Random consonant clusters without vowels (e.g., \"jnfsjknjn\", \"bcdfgh\")\r\n // 6+ consonants in a row (excluding common patterns and abbreviation-style names with doubled consonants like \"spprgrss.dll\")\r\n // Doubled consonants (pp, ss, rr, etc.) indicate vowel-stripped abbreviations, not obfuscation\r\n if (token.match(/[bcdfghjklmnpqrstvwxz]{6,}/i) &&\r\n !token.match(/str|chr|thr|sch|scr|spr/i) &&\r\n !token.match(/([bcdfghjklmnpqrstvwxz])\\1/i)) return true;\r\n\r\n // Single consonant repeated excessively (e.g., \"jnfasjknjnjnjn\")\r\n // Same consonant appears 5+ times in strings shorter than 15 chars\r\n var consonantCounts = {};\r\n for (var i = 0; i < token.length; i++) {\r\n var ch = token[i].toLowerCase();\r\n if ('bcdfghjklmnpqrstvwxz'.indexOf(ch) !== -1) {\r\n consonantCounts[ch] = (consonantCounts[ch] || 0) + 1;\r\n if (consonantCounts[ch] >= 5 && token.length < 15) return true;\r\n }\r\n }\r\n\r\n // Keyboard walk patterns (e.g., \"qwerty\", \"asdfgh\", \"zxcvbn\")\r\n if (token.match(/qwerty|asdfgh|zxcvbn|yuiop|hjkl|cvbnm|poiuy|lkjh/i)) return true;\r\n\r\n // Excessive digit-letter boundaries (e.g., \"a1b2c3d4e5f6\")\r\n // Count transitions specifically between letters and digits (8+ transitions)\r\n var digitLetterTransitions = 0;\r\n for (var i = 1; i < token.length; i++) {\r\n var curr = token[i], prev = token[i - 1],\r\n currIsDigit = (curr >= '0' && curr <= '9'),\r\n prevIsDigit = (prev >= '0' && prev <= '9'),\r\n currIsLetter = ((curr >= 'a' && curr <= 'z') || (curr >= 'A' && curr <= 'Z')),\r\n prevIsLetter = ((prev >= 'a' && prev <= 'z') || (prev >= 'A' && prev <= 'Z'));\r\n\r\n if ((currIsDigit && prevIsLetter) || (currIsLetter && prevIsDigit)) {\r\n digitLetterTransitions++;\r\n }\r\n }\r\n if (digitLetterTransitions >= 8) return true;\r\n\r\n // Statistical thresholds for obfuscation\r\n return (\r\n (stats.digits >= 7) || // Too many digits\r\n (stats.digits >= 4 && stats.digits / totalChars > 0.4) || // High digit density (raised from 0.35)\r\n (stats.digits >= 5 && stats.lower >= 3 && stats.upper >= 3) || // Balanced mix (suspicious)\r\n (stats.digits >= 6 && stats.lower >= 5) || // Many digits + lowercase\r\n (alphaChars >= 5 && stats.digits >= 5 && stats.upper === 0 && stats.lower === alphaChars) // No uppercase variation\r\n );\r\n}\r\n\r\n\r\n\r\n// #region \"obfuscations (Native)\"\r\nfunction scanForObfuscations_Native() {\r\n log(logType.nothing, \"Scanning for obfuscation...\");\r\n\r\n var options = String();\r\n\r\n var isDetected = Boolean();\r\n\r\n\r\n\r\n\r\n // PE file must contain at least two sections: one for code and one for resources.\r\n\r\n var isOneSectionFile = false;\r\n\r\n if (PE_Cached.numberOfSections === 1) {\r\n log(logType.any, \"Only one section found!\");\r\n\r\n isOneSectionFile = true;\r\n }\r\n\r\n if (isOneSectionFile) options = addOption(options, \"Only one section\");\r\n\r\n\r\n\r\n\r\n // Check for section names containing forbidden characters\r\n\r\n var isStrangeSectionsPresent = false;\r\n\r\n // Define forbidden characters\r\n const badSectionChars = '-=+~!@#$%^&*()\"№;%:?*():;,/\\\\|\\'`<> ';\r\n\r\n // Iterate through sections and characters to check for forbidden characters\r\n for (var i = 0; i < PE_Cached.numberOfSections && !isStrangeSectionsPresent; i++) {\r\n var sectionName = PE.getSectionName(i);\r\n\r\n if (sectionName.length < 3 || (/^.\\d.+/.test(sectionName) && sectionName !== \".00cfg\") || sectionName[0] === \" \") {\r\n isStrangeSectionsPresent = true;\r\n }\r\n\r\n var isIdioticMinGwSectionsPresent = false;\r\n\r\n if (_isResultPresent(\"linker\", \"GNU linker ld (GNU Binutils)\")) {\r\n if (PE.isSectionNamePresent(\".build-id\")) {\r\n isIdioticMinGwSectionsPresent = true;\r\n } else {\r\n for (var d = 1; d < 10 && !isIdioticMinGwSectionsPresent; d++) { // sections like \"/5\", \"/2\" etc\r\n if (sectionName.indexOf(\"/\" + d) != -1) {\r\n isIdioticMinGwSectionsPresent = true;\r\n }\r\n }\r\n }\r\n }\r\n\r\n if (isIdioticMinGwSectionsPresent) {\r\n isStrangeSectionsPresent = false;\r\n break;\r\n }\r\n\r\n for (var d = 0; d < badSectionChars.length && !isStrangeSectionsPresent; d++) {\r\n // If forbidden character is found, set flag and break\r\n if (sectionName.indexOf(badSectionChars[d]) !== -1) {\r\n isStrangeSectionsPresent = true;\r\n }\r\n }\r\n\r\n if (!isAsciiString(sectionName) && !isStrangeSectionsPresent) {\r\n isStrangeSectionsPresent = true;\r\n }\r\n }\r\n\r\n if (isStrangeSectionsPresent) options = addOption(options, \"Strange sections\");\r\n\r\n\r\n\r\n\r\n // Check for DOS header in the PE file\r\n\r\n var isDosMissing = false,\r\n isCustomDosPresent = false;\r\n\r\n // If DOS stub size is 0, set flag for missing DOS\r\n if (PE.getDosStubSize() === 0) {\r\n isDosMissing = true;\r\n } else {\r\n // Define messages to check for custom DOS\r\n const messages = [\r\n \"This program cannot be run in DOS mode.\", // most popular (standard)\r\n \"This program must be run under Windows\", // twinBASIC\r\n \"This program must be run under Win32\",\r\n \"This program must be run under Win64\",\r\n \"This program requires Win32\",\r\n \"This is a Windows NT character-mode executable\" // Watcom C/C++\r\n ];\r\n\r\n isCustomDosPresent = true;\r\n\r\n // Iterate through messages to check for custom DOS\r\n for (var d = 0; d < messages.length && isCustomDosPresent; d++) {\r\n if (PE.isSignaturePresent(PE.getDosStubOffset(), PE.getDosStubSize(), \"'\" + messages[d] + \"'\")) {\r\n isCustomDosPresent = false;\r\n }\r\n }\r\n }\r\n\r\n // Add appropriate option based on DOS presence\r\n if (isDosMissing) options = addOption(options, \"Missing DOS\");\r\n else if (isCustomDosPresent) options = addOption(options, \"Custom DOS\");\r\n\r\n\r\n\r\n\r\n // It works if the file contains an import without an extension (for example, instead of \"kernel32.dll\" it is written \"kernel32\").\r\n // Compilers don't do that\r\n\r\n var isContainsNoExtensionLibrary = false;\r\n\r\n for (var i = 0; i < PE_Cached.numberOfUnmanagedImports && !isContainsNoExtensionLibrary; i++) {\r\n const libraryName = PE.getImportLibraryName(i).toLowerCase();\r\n\r\n if (libraryName.length > 4) {\r\n if (libraryName[libraryName.length - 4] !== \".\") {\r\n isContainsNoExtensionLibrary = true;\r\n }\r\n } else { /* if (libraryName.indexOf(\".\") === -1) */\r\n isContainsNoExtensionLibrary = true;\r\n }\r\n }\r\n\r\n if (isContainsNoExtensionLibrary) options = addOption(options, \"No extension import\");\r\n\r\n\r\n\r\n\r\n // .exe files in imports are a separate type of sophistication. But this happens.\r\n\r\n var exeInImports = false;\r\n\r\n for (var i = 0; i < PE_Cached.numberOfUnmanagedImports && !exeInImports; i++) {\r\n const libraryName = PE.getImportLibraryName(i).toLowerCase();\r\n\r\n if (libraryName.length > 4) {\r\n if (libraryName !== \"ntoskrnl.exe\" && libraryName.substr(libraryName.length - 4, 4) === \".exe\") {\r\n exeInImports = true;\r\n }\r\n }\r\n }\r\n\r\n if (exeInImports) options = addOption(options, \"EXE in imports\");\r\n\r\n\r\n\r\n\r\n // Checks if application resources can be read or if they are compressed/encrypted\r\n\r\n var isUnreadableResourcesPresent = false;\r\n\r\n for (var i = 0; i < PE_Cached.numberOfUnmanagedResources && !isUnreadableResourcesPresent; i++) {\r\n if (PE.getResourceOffsetByNumber(i) === -1) {\r\n isUnreadableResourcesPresent = true;\r\n }\r\n }\r\n\r\n if (isUnreadableResourcesPresent) options = addOption(options, \"Unreadable resources\");\r\n\r\n\r\n\r\n\r\n // Checks is executable application has been compiled or converted to a DLL\r\n // Like https://github.com/hasherezade/exe_to_dll\r\n\r\n var exeAsDll = false;\r\n\r\n if (PE_Cached.isDynamicLinkLibrary &&\r\n PE.isExportFunctionPresentExp(/^(Start|main|_start|(w)?WinMain|EntryPoint)$/)) {\r\n exeAsDll = true;\r\n }\r\n\r\n if (exeAsDll) options = addOption(options, \"EXE as DLL\");\r\n\r\n\r\n\r\n\r\n // The .text section should always come first\r\n\r\n var isTextSectionNotFirst = false;\r\n\r\n if (PE_Cached.numberOfSections > 0 && (PE.section[0].Name !== \".text\" && PE.section[0].Name !== \".textbss\") && (PE.isSectionNamePresent(\".text\") || PE.isSectionNamePresent(\".textbss\")) && PE.section[0] === \".code\") {\r\n isTextSectionNotFirst = true;\r\n }\r\n\r\n if (isTextSectionNotFirst) options = addOption(options, \"\\\".text\\\" section is not first\");\r\n\r\n\r\n\r\n\r\n // If IAT (Import Address Table) is missing or empty\r\n\r\n var isIatMissing = false,\r\n isEmptyIatPresent = false;\r\n\r\n if (PE_Cached.indexOfImportsSection === -1 && !PE_Cached.isDynamicLinkLibrary) { // DLLs can be resource-only\r\n isIatMissing = true;\r\n } else if (PE_Cached.indexOfImportsSection !== -1 && !PE_Cached.numberOfUnmanagedImports) {\r\n isEmptyIatPresent = true;\r\n }\r\n\r\n if (isIatMissing) options = addOption(options, \"No IAT\");\r\n else if (isEmptyIatPresent) options = addOption(options, \"Empty IAT\");\r\n\r\n\r\n\r\n\r\n // If both IAT and EAT are missing (for DLLs only)\r\n\r\n var isDllIatAndEatMissing = false;\r\n\r\n if (PE_Cached.isDynamicLinkLibrary && PE.getAddressOfEntryPoint() && (PE_Cached.indexOfImportsSection === -1 && PE_Cached.indexOfExportsSection === -1)) { // DLLs without imports/exports and with EP (not a resource-only DLL)\r\n isDllIatAndEatMissing = true;\r\n }\r\n\r\n if (isDllIatAndEatMissing) options = addOption(options, \"No IAT and EAT\");\r\n\r\n\r\n\r\n\r\n // If EAT (Export Address Table) is missing or empty (for DLLs only)\r\n\r\n var isDllEatMissing = false,\r\n isDllEmptyEatPresent = false;\r\n\r\n if (!isDllIatAndEatMissing && PE_Cached.isDynamicLinkLibrary) {\r\n if (PE_Cached.indexOfExportsSection === -1 && PE.getAddressOfEntryPoint()) { // DLL without exports and with EP (not a resource-only DLL)\r\n isDllEatMissing = true;\r\n } else if (PE_Cached.indexOfExportsSection !== -1 && PE_Cached.numberOfUnmanagedExports === 0) { // DLL with empty exports\r\n isDllEmptyEatPresent = true;\r\n }\r\n }\r\n\r\n if (isDllEatMissing) options = addOption(options, \"No EAT\");\r\n else if (isDllEmptyEatPresent) options = addOption(options, \"Empty EAT\");\r\n\r\n\r\n\r\n\r\n // Check if the entry point starts with NOP or a NOP-like instruction\r\n\r\n var isStartsWithNop = false;\r\n\r\n if (PE_Cached.isArchX86) {\r\n /*\r\n * NOP-equivalent instructions for x86/x64:\r\n * * Standard NOP instructions:\r\n * - 0x90 -> NOP (standard 1-byte NOP)\r\n * - 0x66 0x90 -> XCHG AX, AX (2-byte NOP)\r\n * - 0x0F 0x1F 0x00 -> NOP DWORD PTR [EAX/RAX] (3-byte NOP)\r\n * - 0x0F 0x1F 0x40 0x00 -> NOP DWORD PTR [EAX/RAX+0x00] (4-byte NOP)\r\n * - 0x0F 0x1F 0x44 0x00 0x00 -> NOP DWORD PTR [EAX/RAX+EAX/RAX*1+0x00] (5-byte NOP)\r\n * - 0x66 0x0F 0x1F 0x44 0x00 0x00 -> NOP WORD PTR [EAX/RAX+EAX/RAX*1+0x00] (6-byte NOP)\r\n * - 0x0F 0x1F 0x80 0x00 0x00 0x00 0x00 -> NOP DWORD PTR [EAX/RAX+0x00000000] (7-byte NOP)\r\n * - 0x0F 0x1F 0x84 0x00 0x00 0x00 0x00 0x00 -> NOP DWORD PTR [EAX/RAX+EAX/RAX*1+0x00000000] (8-byte NOP)\r\n * - 0x66 0x0F 0x1F 0x84 0x00 0x00 0x00 0x00 0x00 -> NOP WORD PTR [EAX/RAX+EAX/RAX*1+0x00000000] (9-byte NOP)\r\n * \r\n * Functional equivalents of NOP:\r\n * - 0x89 0xF6 -> MOV ESI, ESI (x86)\r\n * - 0x48 0x89 0xF6 -> MOV RSI, RSI (x64)\r\n * - 0x8D 0x76 0x00 -> LEA ESI, [ESI+0x00] (x86)\r\n * - 0x48 0x8D 0x76 0x00 -> LEA RSI, [RSI+0x00] (x64)\r\n * - 0x8D 0x74 0x26 0x00 -> LEA ESI, [ESI+EIZ+0x00] (x86)\r\n * - 0x48 0x8D 0x74 0x26 0x00 -> LEA RSI, [RSI+RIZ+0x00] (x64)\r\n * - 0x87 0xDB -> XCHG EBX, EBX (x86)\r\n * - 0x48 0x87 0xDB -> XCHG RBX, RBX (x64)\r\n * - 0x87 0xC9 -> XCHG ECX, ECX (x86)\r\n * - 0x48 0x87 0xC9 -> XCHG RCX, RCX (x64)\r\n * - 0x87 0xD2 -> XCHG EDX, EDX (x86)\r\n * - 0x48 0x87 0xD2 -> XCHG RDX, RDX (x64)\r\n * - 0x87 0xFF -> XCHG EDI, EDI (x86)\r\n * - 0x48 0x87 0xFF -> XCHG RDI, RDI (x64)\r\n * - 0x87 0xC0 -> XCHG EAX, EAX (x86)\r\n * - 0x48 0x87 0xC0 -> XCHG RAX, RAX (x64)\r\n * - 0x8D 0x00 -> LEA EAX, [EAX] (x86)\r\n * - 0x48 0x8D 0x00 -> LEA RAX, [RAX] (x64)\r\n */\r\n\r\n // Universal NOP equivalents (work on both architectures)\r\n const nopEquivalentsUniversal = [\r\n \"XCHG AX, AX\",\r\n \"XCHG BX, BX\", \"XCHG CX, CX\", \"XCHG DX, DX\",\r\n \"XCHG SI, SI\", \"XCHG DI, DI\", \"XCHG BP, BP\"\r\n ];\r\n\r\n // Collections of NOP-equivalent instructions based on architecture\r\n const nopEquivalents32bit = [\r\n // x86\r\n \"MOV ESI, ESI\", \"XCHG EAX, EAX\",\r\n \"XCHG EBX, EBX\", \"XCHG ECX, ECX\",\r\n \"XCHG EDX, EDX\", \"XCHG EDI, EDI\",\r\n \"LEA EAX, [EAX]\", \"LEA ESI, [ESI]\",\r\n \"LEA ESI, CS:[ESI]\"\r\n ];\r\n\r\n const nopEquivalents64bit = [\r\n // x64\r\n \"MOV RSI, RSI\", \"XCHG RAX, RAX\",\r\n \"XCHG RBX, RBX\", \"XCHG RCX, RCX\",\r\n \"XCHG RDX, RDX\", \"XCHG RDI, RDI\",\r\n \"LEA RAX, [RAX]\", \"LEA RSI, [RSI]\",\r\n \"LEA RSI, CS:[RSI]\"\r\n ];\r\n\r\n // Combine universal and architecture-specific instructions\r\n const nopEquivalents = nopEquivalentsUniversal.concat(\r\n PE_Cached.is64bit ? nopEquivalents64bit : nopEquivalents32bit\r\n );\r\n\r\n // First check for standard NOP opcode which covers all NOP variants with different operands\r\n if (getFirstEpAsmOpCode() === \"NOP\") {\r\n isStartsWithNop = true;\r\n } else {\r\n // Then check for all functional NOP equivalents that have different opcodes\r\n for (var i = 0; i < nopEquivalents.length && !isStartsWithNop; i++) {\r\n if (PE_Cached.firstEpAsmInstruction === nopEquivalents[i]) {\r\n isStartsWithNop = true;\r\n }\r\n }\r\n }\r\n } else {\r\n /*\r\n * NOP-equivalent instructions for ARM/ARM64:\r\n * * Standard NOP instructions:\r\n * - 0x00 0xF0 0x20 0xE3 -> NOP (ARM32 explicit)\r\n * - 0x1F 0x20 0x03 0xD5 -> NOP (ARM64 explicit)\r\n * \r\n * Functional equivalents of NOP:\r\n * - 0x00 0x00 0xA0 0xE1 -> MOV R0, R0 (ARM32)\r\n * - 0x01 0x10 0xA0 0xE1 -> MOV R1, R1 (ARM32)\r\n * - 0x02 0x20 0xA0 0xE1 -> MOV R2, R2 (ARM32)\r\n * - 0x03 0x30 0xA0 0xE1 -> MOV R3, R3 (ARM32)\r\n * - 0x04 0x40 0xA0 0xE1 -> MOV R4, R4 (ARM32)\r\n * - 0x05 0x50 0xA0 0xE1 -> MOV R5, R5 (ARM32)\r\n * - 0x06 0x60 0xA0 0xE1 -> MOV R6, R6 (ARM32)\r\n * - 0x07 0x70 0xA0 0xE1 -> MOV R7, R7 (ARM32)\r\n * - 0x08 0x80 0xA0 0xE1 -> MOV R8, R8 (ARM32)\r\n * - 0x09 0x90 0xA0 0xE1 -> MOV R9, R9 (ARM32)\r\n * - 0x0A 0xA0 0xA0 0xE1 -> MOV R10, R10 (ARM32)\r\n * - 0x0B 0xB0 0xA0 0xE1 -> MOV R11, R11 (ARM32)\r\n * - 0x0C 0xC0 0xA0 0xE1 -> MOV R12, R12 (ARM32)\r\n * - 0xE0 0x03 0x00 0xAA -> MOV X0, X0 (ARM64)\r\n * - 0xE1 0x03 0x01 0xAA -> MOV X1, X1 (ARM64)\r\n * - 0xE2 0x03 0x02 0xAA -> MOV X2, X2 (ARM64)\r\n * - 0xE3 0x03 0x03 0xAA -> MOV X3, X3 (ARM64)\r\n * - 0xE4 0x03 0x04 0xAA -> MOV X4, X4 (ARM64)\r\n * - 0xE5 0x03 0x05 0xAA -> MOV X5, X5 (ARM64)\r\n * - 0xE6 0x03 0x06 0xAA -> MOV X6, X6 (ARM64)\r\n * - 0xE7 0x03 0x07 0xAA -> MOV X7, X7 (ARM64)\r\n * - 0xE0 0x03 0x00 0x2A -> MOV W0, W0 (ARM64)\r\n * - 0xE1 0x03 0x01 0x2A -> MOV W1, W1 (ARM64)\r\n * - 0xE2 0x03 0x02 0x2A -> MOV W2, W2 (ARM64)\r\n * - 0xE3 0x03 0x03 0x2A -> MOV W3, W3 (ARM64)\r\n */\r\n\r\n // ARM/ARM64 NOP equivalents\r\n const nopEquivalentsArm = [\r\n \"NOP\",\r\n \"MOV R0, R0\", \"MOV R1, R1\", \"MOV R2, R2\", \"MOV R3, R3\",\r\n \"MOV R4, R4\", \"MOV R5, R5\", \"MOV R6, R6\", \"MOV R7, R7\",\r\n \"MOV R8, R8\", \"MOV R9, R9\", \"MOV R10, R10\", \"MOV R11, R11\",\r\n \"MOV R12, R12\", \"MOV R13, R13\", \"MOV R14, R14\", \"MOV R15, R15\"\r\n ];\r\n\r\n const nopEquivalentsArm64 = [\r\n \"NOP\",\r\n \"MOV X0, X0\", \"MOV X1, X1\", \"MOV X2, X2\", \"MOV X3, X3\",\r\n \"MOV X4, X4\", \"MOV X5, X5\", \"MOV X6, X6\", \"MOV X7, X7\",\r\n \"MOV W0, W0\", \"MOV W1, W1\", \"MOV W2, W2\", \"MOV W3, W3\"\r\n ];\r\n\r\n const nopEquivalents = PE_Cached.is64bit ? nopEquivalentsArm64 : nopEquivalentsArm;\r\n\r\n // Check for standard NOP opcode\r\n if (getFirstEpAsmOpCode() === \"NOP\") {\r\n isStartsWithNop = true;\r\n } else {\r\n // Check for functional NOP equivalents\r\n for (var i = 0; i < nopEquivalents.length && !isStartsWithNop; i++) {\r\n if (PE_Cached.firstEpAsmInstruction === nopEquivalents[i]) {\r\n isStartsWithNop = true;\r\n }\r\n }\r\n }\r\n }\r\n\r\n if (isStartsWithNop) options = addOption(options, \"Nop at EP\");\r\n\r\n\r\n\r\n\r\n // Check for \"Stack-push address near EP\" (CALL $+5)\r\n\r\n var isAddrToStackTrickPresent = false;\r\n\r\n if (PE_Cached.isArchX86) {\r\n // Check first 30 instructions for \"Stack-push address near EP\"\r\n // This trick uses \"CALL $+5\" (E8 00 00 00 00) to push next instruction address on stack\r\n if (!PE_Cached.isDynamicLinkLibrary) {\r\n for (var i = 0; i < 32 && !isAddrToStackTrickPresent; i++) {\r\n var asmInstruction = getAsmInstructionByIndex(i);\r\n\r\n if (!asmInstruction) break; // Safety check\r\n\r\n // Check if instruction is CALL\r\n if (getAsmOpCode(asmInstruction) === \"CALL\") {\r\n // Get address and offset for this instruction\r\n var disasmAddress = PE.getAddressOfEntryPoint();\r\n\r\n for (var j = 0; j < i; j++) {\r\n disasmAddress = PE.getDisasmNextAddress(disasmAddress);\r\n }\r\n\r\n var currentOffset = PE.VAToOffset(disasmAddress);\r\n\r\n // Check if machine code matches E8 00 00 00 00 pattern\r\n if (PE.compare(\"E8 00 00 00 00\", currentOffset)) {\r\n log(logType.any, \"Stack-push address near EP found at offset: 0x\" + currentOffset.toString(16));\r\n\r\n isAddrToStackTrickPresent = true;\r\n }\r\n }\r\n }\r\n }\r\n }\r\n\r\n if (isAddrToStackTrickPresent) options = addOption(options, \"Stack-push address near EP\");\r\n\r\n\r\n\r\n\r\n // Check for CPUID at entry point\r\n\r\n var isCpuidNearEpPresent = false;\r\n\r\n if (PE_Cached.isArchX86) {\r\n // Check first 15 instructions for CPUID instruction\r\n if (!PE_Cached.isDynamicLinkLibrary) {\r\n for (var i = 0; i < 15 && !isCpuidNearEpPresent; i++) {\r\n var asmInstruction = getAsmInstructionByIndex(i);\r\n\r\n if (!asmInstruction) break; // Safety check\r\n\r\n // Check if instruction is CPUID\r\n if (getAsmOpCode(asmInstruction) === \"CPUID\") {\r\n log(logType.any, \"CPUID near EP found at instruction index: \" + i);\r\n\r\n isCpuidNearEpPresent = true;\r\n }\r\n }\r\n }\r\n }\r\n\r\n if (isCpuidNearEpPresent) options = addOption(options, \"Cpuid near EP\");\r\n\r\n\r\n\r\n\r\n // Check for TLS (Thread Local Storage) with a bad entry point (like INT3 or RET). Trick to hide the real EP. (like BoxedApp)\r\n\r\n var isTlsWithBadEpPresent = false;\r\n\r\n if (PE.isTLSPresent()) {\r\n if (PE_Cached.isArchX86) {\r\n if (/^INT( )?3$/.test(getAsmOpCode(PE_Cached.firstEpAsmInstruction)) || // INT3 (0xCC) / INT 3 (0xCD 0x03)\r\n /^RET( \\d+)?$/.test(getAsmOpCode(PE_Cached.firstEpAsmInstruction))) { // All types of RET\r\n isTlsWithBadEpPresent = true;\r\n }\r\n } else {\r\n // ARM: Check for breakpoint or return instructions\r\n if (/^BKPT/.test(getAsmOpCode(PE_Cached.firstEpAsmInstruction)) || // BKPT (breakpoint)\r\n /^BRK/.test(getAsmOpCode(PE_Cached.firstEpAsmInstruction)) || // BRK (ARM64 breakpoint)\r\n /^RET/.test(getAsmOpCode(PE_Cached.firstEpAsmInstruction)) || // RET (ARM64 return)\r\n /^BX( )?LR$/.test(PE_Cached.firstEpAsmInstruction)) { // BX LR (ARM32 return)) {\r\n isTlsWithBadEpPresent = true;\r\n }\r\n }\r\n }\r\n\r\n if (isTlsWithBadEpPresent) options = addOption(options, \"TLS hidden EP\");\r\n\r\n\r\n\r\n\r\n // Check for multiple JMPs leading to each other\r\n\r\n var proxyJumpsAtEpPresent = false;\r\n\r\n if (PE_Cached.isArchX86 && (\r\n PE.compareEP(\"EB $$ EB\") ||\r\n PE.compareEP(\"EB $$ E9\") ||\r\n PE.compareEP(\"E9 ## ## ## ## EB\") ||\r\n PE.compareEP(\"E9 ## ## ## ## E9\")\r\n )) {\r\n proxyJumpsAtEpPresent = true;\r\n }\r\n\r\n if (proxyJumpsAtEpPresent) options = addOption(options, \"Proxy jmp at EP\");\r\n\r\n\r\n\r\n\r\n // Check if NOP padding is present at the entry point\r\n\r\n var isNopPaddingPresent = false;\r\n\r\n // Condition to check for NOP padding\r\n if (!isStartsWithNop && getEpAsmPattern(true, 5).indexOf(getInstructionsAsmPattern([\"NOP\", \"NOP\"])) !== -1) {\r\n isNopPaddingPresent = true;\r\n }\r\n\r\n if (isNopPaddingPresent) options = addOption(options, \"Nop EP padding\");\r\n\r\n\r\n\r\n\r\n // Check for sections with full RWX permissions (Read, Write, Execute)\r\n\r\n var isRwxSectionPresent = false;\r\n\r\n var rwxSectionIndex = -1;\r\n\r\n const\r\n SECTION_FLAGS_EXECUTE = 0x20000000, // IMAGE_SCN_MEM_EXECUTE\r\n SECTION_FLAGS_READ = 0x40000000, // IMAGE_SCN_MEM_READ\r\n SECTION_FLAGS_WRITE = 0x80000000, // IMAGE_SCN_MEM_WRITE\r\n SECTION_FLAGS_CODE = 0x00000020; // IMAGE_SCN_CNT_CODE\r\n\r\n const\r\n RWX_MASK = SECTION_FLAGS_EXECUTE | SECTION_FLAGS_READ | SECTION_FLAGS_WRITE,\r\n RWX_CODE_MASK = RWX_MASK | SECTION_FLAGS_CODE;\r\n\r\n\r\n for (var i = 0; i < PE_Cached.numberOfSections && !isRwxSectionPresent; i++) {\r\n var currentSectionCharacteristics = PE.section[i].Characteristics;\r\n\r\n if ((currentSectionCharacteristics & RWX_MASK) === RWX_MASK ||\r\n (currentSectionCharacteristics & RWX_CODE_MASK) === RWX_CODE_MASK) {\r\n isRwxSectionPresent = true;\r\n rwxSectionIndex = i;\r\n }\r\n }\r\n\r\n if (isRwxSectionPresent) options = addOption(options, \"Section #\" + rwxSectionIndex + \" (\\\"\" + clearSectionName(PE.getSectionName(rwxSectionIndex)) + \"\\\") has RWX\");\r\n\r\n\r\n\r\n\r\n // Check for zero padding at the beginning of the entry point section\r\n\r\n var isEpSectionZeroPaddingPresent = false;\r\n\r\n var epSectionWithZeroPaddingIndex = -1;\r\n\r\n // Find the section that contains the entry point\r\n const entryPointRva = PE.getAddressOfEntryPoint() - PE.getImageBase();\r\n\r\n for (var i = 0; i < PE_Cached.numberOfSections && !isEpSectionZeroPaddingPresent; i++) {\r\n const\r\n sectionVirtualAddress = PE.getSectionVirtualAddress(i),\r\n sectionVirtualSize = PE.getSectionVirtualSize(i);\r\n\r\n // Check if the entry point is within this section\r\n if (entryPointRva >= sectionVirtualAddress &&\r\n entryPointRva < sectionVirtualAddress + sectionVirtualSize) {\r\n epSectionWithZeroPaddingIndex = i;\r\n\r\n // Check for zero padding at the beginning of the section\r\n if (PE.compare(\"00 00 00\", PE.getSectionFileOffset(epSectionWithZeroPaddingIndex))) {\r\n isEpSectionZeroPaddingPresent = true;\r\n }\r\n }\r\n }\r\n\r\n if (isEpSectionZeroPaddingPresent) options = addOption(options, \"EP-section #\" + epSectionWithZeroPaddingIndex + \" (\\\"\" + clearSectionName(PE.getSectionName(epSectionWithZeroPaddingIndex)) + \"\\\") zero padding\");\r\n\r\n\r\n\r\n\r\n // Check for a lot of sections (more than 20 -> this is a lot for native builds)\r\n\r\n var tooManySectionsPresent = false;\r\n\r\n if (PE_Cached.numberOfSections > 20) {\r\n tooManySectionsPresent = true;\r\n }\r\n\r\n if (tooManySectionsPresent) options = addOption(options, \"Too many sections\");\r\n\r\n\r\n\r\n\r\n // Check for IAT directory presence\r\n\r\n var isIatDirEmpty = false;\r\n\r\n if (!_isResultPresent(\"linker\", \"Turbo Linker\")) { // Ignore Delphi\r\n // Offset of the IAT directory (12 is the number of IMAGE_DIRECTORY_ENTRY_ entries, 8 is the size of each entry)\r\n const iatDirOffset = getOptHeaderOffset() + (PE_Cached.is64bit ? 0x70 : 0x60) + 12 * 8;\r\n\r\n if (PE_Cached.indexOfImportsSection !== -1 && PE.read_int32(iatDirOffset) === 0) {\r\n isIatDirEmpty = true;\r\n }\r\n }\r\n\r\n if (isIatDirEmpty) options = addOption(options, \"IAT directory empty\");\r\n\r\n\r\n\r\n\r\n // Check for unused exception section\r\n\r\n var isUnusedExceptionSectionPresent = false;\r\n\r\n if (PE.isSectionNamePresentExp(/^\\.[xp]data$/)) {\r\n\r\n // Offset of the exception directory (12 is the number of IMAGE_DIRECTORY_ENTRY_ entries, 8 is the size of each entry)\r\n var exceptionDirOffset = getOptHeaderOffset() + (PE_Cached.is64bit ? 0x88 : 0x78);\r\n\r\n if (PE.read_int32(exceptionDirOffset) === 0 && PE.read_int32(exceptionDirOffset + 4) === 0) {\r\n isUnusedExceptionSectionPresent = true;\r\n }\r\n }\r\n\r\n if (isUnusedExceptionSectionPresent) options = addOption(options, \"Exceptions directory empty\");\r\n\r\n\r\n\r\n\r\n // Check for strange exports (Non-ASCII names)\r\n\r\n var isStrangeExportsPresent = false;\r\n\r\n if (PE_Cached.numberOfUnmanagedExports > 0) {\r\n for (var i = 0; i < PE_Cached.numberOfUnmanagedExports && !isStrangeExportsPresent; i++) {\r\n const functionName = PE.getExportFunctionName(i);\r\n\r\n if (functionName && (\r\n /^\\d/.test(functionName) ||\r\n !isAsciiString(functionName) || (\r\n !isItemMangled(functionName) &&\r\n isNameObfuscated(replaceAllInString(functionName, \"_\", \" \"))\r\n )\r\n )) {\r\n isStrangeExportsPresent = true;\r\n }\r\n }\r\n }\r\n\r\n if (isStrangeExportsPresent) options = addOption(options, \"Strange exports\");\r\n\r\n\r\n\r\n\r\n // Looks for sections whose names contain strange (or invalid) characters\r\n\r\n var isStrangeImportsPresent = false;\r\n\r\n const badImportChars = '=~!@#$%^&*()\"№;%:?*():;,|\\'`<> ';\r\n\r\n for (var i = 0; i < PE_Cached.numberOfUnmanagedImports && !isStrangeImportsPresent; i++) {\r\n const libraryName = PE.getImportLibraryName(i);\r\n\r\n if (isAsciiString(libraryName)) {\r\n for (var l = 0; l < badImportChars.length && !isStrangeImportsPresent; l++) {\r\n if (!isAsciiString(libraryName) || libraryName.indexOf(badImportChars[l]) !== -1) {\r\n isStrangeImportsPresent = true;\r\n }\r\n }\r\n } else if (libraryName.indexOf(\"MZ\") !== 0) { // 'MZ' -> IAT corrupted\r\n isStrangeImportsPresent = true;\r\n }\r\n }\r\n\r\n if (isStrangeImportsPresent) options = addOption(options, \"Strange imports\");\r\n\r\n\r\n\r\n\r\n // Check for strange resources\r\n\r\n var isStrangeResourcesPresent = false;\r\n\r\n for (var i = 0; i < PE_Cached.numberOfUnmanagedResources && !isStrangeResourcesPresent; i++) {\r\n const resourceName = PE.getResourceNameByNumber(i);\r\n\r\n if (resourceName && (!isAsciiString(resourceName) || isNameObfuscated(resourceName))) {\r\n log(logType.any, \"Strange resource name: \" + resourceName);\r\n\r\n isStrangeResourcesPresent = true;\r\n }\r\n }\r\n\r\n if (isStrangeResourcesPresent) options = addOption(options, \"Strange resources\");\r\n\r\n\r\n\r\n\r\n // Check for zero linker version\r\n\r\n var isZeroLinkerVersionPresent = false;\r\n\r\n if (PE.getMajorLinkerVersion() === 0 && PE.getMinorLinkerVersion() === 0) {\r\n isZeroLinkerVersionPresent = true;\r\n }\r\n\r\n if (isZeroLinkerVersionPresent) options = addOption(options, \"Zero linker version\");\r\n\r\n\r\n\r\n\r\n // Check for .NET metadata presence\r\n\r\n var isNetMetaDataInNativePresent = false;\r\n\r\n if (isNetMetaDataPresent() && PE_Cached.numberOfUnmanagedImports > 0) {\r\n isNetMetaDataInNativePresent = true;\r\n }\r\n\r\n if (isNetMetaDataInNativePresent) options = addOption(options, \"DotNET meta\");\r\n\r\n\r\n\r\n\r\n // Check for .NET runtime attach functions\r\n\r\n var isNetRuntimeAttachFunctionPresent = false;\r\n\r\n if (PE.isFunctionPresent(\"_CorExeMain\") || PE.isFunctionPresent(\"_CorDllMain\")) {\r\n isNetRuntimeAttachFunctionPresent = true;\r\n }\r\n\r\n if (isNetRuntimeAttachFunctionPresent) options = addOption(options, \"DotNET runtime attach\");\r\n\r\n\r\n\r\n\r\n // ASM Guard fake signatures\r\n\r\n if (PE.section[\".asmg\"] || PE.section[\"ASMGUARD\"]) {\r\n for (var f = 0; f < 3; f++)\r\n _removeResult(\"packer\", [\"UPX\", \"MPRESS\", \"EP:MPRESS\"][f]);\r\n }\r\n\r\n\r\n\r\n\r\n if (options.length != 0) isDetected = true;\r\n\r\n\r\n if (isDetected) {\r\n _setResult(\"~protection\", \"Generic\", String(), PE.isVerbose() ? options : String());\r\n }\r\n}\r\n// #endregion\r\n\r\n\r\n\r\n/**\r\n * Determines if the PE file's operating system architecture is x86-based.\r\n *\r\n * @returns {boolean|undefined} Returns true if the architecture is x86_32 (I386) or x86_64 (AMD64),\r\n * false if the architecture is ARM-based (ARM, ARMNT, THUMB),\r\n * undefined if the architecture is unknown or not recognized.\r\n */\r\nfunction isArchX86() {\r\n switch (PE.getOperationSystemOptions().split(',')[0]) {\r\n case \"I386\": // x86\r\n case \"AMD64\": // x86_64\r\n return true;\r\n case \"ARM\": // ARM\r\n case \"ARMNT\": // ARMv7\r\n case \"THUMB\": // ARM Thumb\r\n return false;\r\n default:\r\n return undefined;\r\n }\r\n}\r\n\r\n\r\n\r\nconst _patternSplitter = \"|\";\r\n\r\n/**\r\n * Generates a pattern of assembly instructions or opcodes from the entry point.\r\n *\r\n * @param {boolean} onlyOpCodes - If true, only the opcodes of the instructions are included in the pattern.\r\n * @param {number} numberOf - The number of instructions to include in the pattern.\r\n * @returns {string} The generated assembly pattern.\r\n */\r\nfunction getEpAsmPattern(onlyOpCodes, numberOf) {\r\n // Initialize the result with a pattern splitter\r\n var result = _patternSplitter;\r\n\r\n // Get the address of the entry point\r\n var disasmAddress = PE.getAddressOfEntryPoint();\r\n\r\n // Iterate through instructions up to the specified number\r\n for (var i = 0; i < numberOf; i++) {\r\n\r\n // Update the address to the next instruction if not the first iteration\r\n if (i >= 1) {\r\n disasmAddress = PE.getDisasmNextAddress(disasmAddress);\r\n }\r\n\r\n // Get the assembly instruction at the current address\r\n const asmInstruction = PE.getDisasmString(disasmAddress);\r\n\r\n // Append either the opcode or the full instruction to the result\r\n result += (\r\n onlyOpCodes ?\r\n getAsmOpCode(asmInstruction) : // \"MOV\"\r\n asmInstruction // \"MOV EAX, 4\"\r\n ) + _patternSplitter;\r\n }\r\n\r\n // Return the generated assembly pattern\r\n return result;\r\n}\r\n\r\n\r\n\r\nvar epAsmInstructions = [];\r\n\r\n/**\r\n * Retrieves the assembly instruction at the specified index from the entry point of a PE file.\r\n *\r\n * @param {number} index - The index of the assembly instruction to retrieve.\r\n * @returns {string} The assembly instruction at the specified index.\r\n */\r\nfunction getAsmInstructionByIndex(index) {\r\n // Check if the instruction is already cached\r\n if (epAsmInstructions[index] !== undefined) {\r\n return epAsmInstructions[index];\r\n }\r\n\r\n // Get the address of the entry point\r\n var disasmAddress = PE.getAddressOfEntryPoint();\r\n\r\n // Iterate through instructions until the specified index is reached\r\n for (var i = 0; i <= index; i++) {\r\n\r\n // Update the address to the next instruction if not the first iteration\r\n if (i >= 1) {\r\n disasmAddress = PE.getDisasmNextAddress(disasmAddress);\r\n }\r\n\r\n // Cache the instruction if it hasn't been cached yet\r\n if (epAsmInstructions[i] === undefined) {\r\n epAsmInstructions[i] = PE.getDisasmString(disasmAddress);\r\n }\r\n\r\n // If the current iteration matches the specified index, retrieve the instruction\r\n if (i === index) {\r\n // Return the assembly instruction from cache\r\n return epAsmInstructions[index];\r\n }\r\n }\r\n}\r\n\r\n\r\n\r\n/**\r\n * Generates a subpattern string to search for instructions within a pattern divided by a separator.\r\n *\r\n * This function allows you to create a subpattern that can be used to search for specific instructions\r\n * within a larger pattern string that is divided by a separator (_patternSplitter).\r\n *\r\n * Examples:\r\n * - \"|OPCODE1|OPCODE2|OPCODE3|\".indexOf(\"|OPCODE2|\")\r\n * - \"|OPCODE1|OPCODE2|OPCODE3|\".indexOf(getInstructionsAsmPattern(\"OPCODE2\"))\r\n * - \"|OPCODE1|OPCODE2|OPCODE3|\".indexOf(\"|OPCODE2|OPCODE3|\")\r\n * - \"|OPCODE1|OPCODE2|OPCODE3|\".indexOf(getInstructionsAsmPattern([\"OPCODE2\", \"OPCODE3\"]))\r\n *\r\n * @param {string|string[]} instruction - The instruction or array of instructions to create the subpattern for.\r\n * @returns {string} The generated subpattern string.\r\n */\r\nfunction getInstructionsAsmPattern(instruction) {\r\n return _patternSplitter +\r\n (\r\n Array.isArray(instruction) ?\r\n instruction.join(_patternSplitter) :\r\n instruction\r\n ) +\r\n _patternSplitter;\r\n}\r\n\r\n\r\n\r\n/**\r\n * Retrieves the first assembly instruction at the entry point of the PE file.\r\n *\r\n * @returns {string} The disassembled string of the first instruction at the entry point.\r\n */\r\nfunction getFirstEpAsmInstruction() {\r\n return getAsmInstructionByIndex(0);\r\n // return PE.getDisasmString(PE.OffsetToVA(PE.getEntryPointOffset()));\r\n}\r\n\r\n\r\n\r\n/**\r\n * Extracts the opcode from an assembly instruction.\r\n *\r\n * @param {string} instruction - The assembly instruction.\r\n * @returns {string} - The opcode of the instruction.\r\n */\r\nfunction getAsmOpCode(instruction) {\r\n return instruction.indexOf(\" \") !== -1 ? instruction.split(\" \")[0] : instruction;\r\n}\r\n\r\n\r\n\r\n/**\r\n * Retrieves the first assembly operation code from the entry point of the executable.\r\n *\r\n * @returns {string} The assembly operation code of the first instruction at the entry point.\r\n */\r\nfunction getFirstEpAsmOpCode() {\r\n return getAsmOpCode(PE_Cached.firstEpAsmInstruction);\r\n}\r\n\r\n\r\n\r\n/**\r\n * Checks if an item pattern appears to be a mangled symbol name.\r\n * \r\n * @param {string} itemPattern - The pattern string to check for mangling\r\n * @returns {boolean} True if the pattern appears to be a mangled symbol, false otherwise\r\n */\r\nfunction isItemMangled(itemPattern) {\r\n // Check if the pattern is too short to be mangled\r\n if (itemPattern.length <= 5) {\r\n return false;\r\n }\r\n\r\n return (\r\n (itemPattern[0] === '?' && (itemPattern.indexOf(\"@@\") !== -1 || itemPattern[1] === '?')) || // MSVC mangling: starts with '?' and contains \"@@\" or has double '?'\r\n (itemPattern.substring(0, 2) === \"_Z\") || // GNU mangling: starts with \"_Z\"\r\n (itemPattern[0] === '@' && itemPattern.indexOf('$') !== -1) || // Borland C++ mangling: starts with '@' and contains '$'\r\n (itemPattern[0] === '$' && (itemPattern[1] === 's' || itemPattern[1] === 'S')) // Swift mangling: starts with '$s' or '$S'\r\n );\r\n}\r\n\r\n\r\n\r\n/**\r\n * Returns information about the compiler and language based on a mangled symbol pattern.\r\n *\r\n * @param {string} itemPattern - The mangled symbol pattern to analyze.\r\n * @returns {{compiler: string, language: string} | undefined} An object containing the compiler and language if recognized, otherwise undefined.\r\n */\r\nfunction getManglerInfoByMangledItem(itemPattern) {\r\n if (!isItemMangled(itemPattern)) {\r\n return undefined;\r\n }\r\n\r\n // Visual C++ (MSVC)\r\n if (itemPattern[0] === '?') {\r\n return { compiler: \"Microsoft Visual C++\", language: \"C++\" };\r\n }\r\n\r\n // MinGW (GNU)\r\n if (itemPattern.substring(0, 2) === \"_Z\") {\r\n return { compiler: \"MinGW\", language: \"C++\" };\r\n }\r\n\r\n // Borland C++\r\n if (itemPattern[0] === '@' && itemPattern.indexOf('$') !== -1) {\r\n return { compiler: \"Borland C++\", language: \"C++\" };\r\n }\r\n\r\n // Swift\r\n if (itemPattern[0] === '$' && (itemPattern[1] === 's' || itemPattern[1] === 'S')) {\r\n return { compiler: \"Swift\", language: \"Swift\" };\r\n }\r\n\r\n return undefined;\r\n}\r\n\r\n\r\n\r\n/**\r\n * Extracts the unmangled name from a mangled C++ symbol.\r\n * \r\n * This function handles both Microsoft Visual C++ (MSVC) and GNU C++ (GCC) name mangling schemes:\r\n * - MSVC mangled names start with '?' and include patterns for functions, constructors, destructors, operators, and templates\r\n * - GCC mangled names start with '_Z' and include patterns for STL functions, namespaced functions, and regular functions\r\n * - Swift mangled names start with '$s' or '$S' and include patterns for types, functions, properties, and protocols\r\n * \r\n * @param {string} itemPattern - The mangled symbol name to decode\r\n * @returns {string} The unmangled function/symbol name, or the original pattern if it's not mangled or cannot be decoded\r\n * \r\n * @example\r\n * // MSVC examples\r\n * getNameOfMangledItem('?myFunction@@YAXXZ') // returns 'myFunction'\r\n * getNameOfMangledItem('??0MyClass@@QAE@XZ') // returns 'MyClass' (constructor)\r\n * getNameOfMangledItem('??$myTemplate@H@@YAXXZ') // returns 'myTemplate'\r\n * \r\n * @example\r\n * // GCC examples\r\n * getNameOfMangledItem('_Z9myFunctionv') // returns 'myFunction'\r\n * getNameOfMangledItem('_ZSt4cout') // returns 'cout'\r\n * getNameOfMangledItem('_ZN3std4cout') // returns 'cout'\r\n * \r\n * @example\r\n * // Borland examples\r\n * getNameOfMangledItem('@func$qi') // returns 'func'\r\n * getNameOfMangledItem('@Class@method$qpc') // returns 'method'\r\n * getNameOfMangledItem('@Class@$bctr$qi') // returns 'Class' (constructor)\r\n * \r\n * @example\r\n * // Swift examples\r\n * getNameOfMangledItem('$s11MaskStorages4SIMDPTl') // returns 'SIMD'\r\n * getNameOfMangledItem('$ss9_IndexBoxC6_unboxqd__SgySLRd__lF') // returns '_unbox'\r\n * getNameOfMangledItem('$sSn11descriptionSSvpMV') // returns 'description'\r\n */\r\nfunction getNameOfMangledItem(itemPattern) {\r\n if (!isItemMangled(itemPattern)) {\r\n return itemPattern;\r\n }\r\n\r\n // MSVCPP mangled names start with '?'\r\n if (itemPattern[0] === '?') {\r\n // Regular function: ?myFunction@@YAXXZ\r\n if (itemPattern[1] !== '?') {\r\n return itemPattern.split(\"?\")[1].split(\"@\")[0];\r\n }\r\n\r\n // Handle all ?? patterns\r\n if (itemPattern[1] === '?') {\r\n var parts, nameWithPrefix;\r\n\r\n // Simple template: ??$myTemplate@H@@YAXXZ\r\n if (itemPattern[2] === '$') {\r\n return itemPattern.split(\"$\")[1].split(\"@\")[0];\r\n }\r\n\r\n // Complex template: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ\r\n if (itemPattern.indexOf('?$') !== -1) {\r\n var complexMatch = itemPattern.match(/\\?\\?\\d\\?\\$([^@]+)@/);\r\n\r\n if (complexMatch) {\r\n return complexMatch[1];\r\n }\r\n }\r\n\r\n // Special mangler: ??_7MyClass@@6B@, ??_EMyClass@@QAEPAXI@Z\r\n if (itemPattern[2] === '_') {\r\n parts = itemPattern.split(\"?\");\r\n if (parts.length >= 3) {\r\n nameWithPrefix = parts[2].split(\"@\")[0];\r\n // For _E, _G, _R patterns, return the full name\r\n if (nameWithPrefix.length > 1 && /[EGR]/.test(nameWithPrefix[1])) {\r\n return nameWithPrefix;\r\n }\r\n\r\n // For _7 and other patterns, remove underscore and digit\r\n var nameAfterUnderscore = nameWithPrefix.substring(2);\r\n\r\n return nameAfterUnderscore.indexOf('_') === 0 ? nameAfterUnderscore.substring(1) : nameAfterUnderscore;\r\n }\r\n }\r\n\r\n // Constructor/destructor/operators: ??0MyClass@@QAE@XZ, ??1MyClass@@QAE@XZ, ??2@YAPAXI@Z\r\n if (/[0-9A-D]/.test(itemPattern[2])) {\r\n parts = itemPattern.split(\"?\");\r\n if (parts.length >= 3) {\r\n nameWithPrefix = parts[2].split(\"@\")[0];\r\n\r\n // Global operator (single character)\r\n if (nameWithPrefix.length === 1 && /[0-9A-D]/.test(nameWithPrefix[0])) {\r\n var operatorNames = {\r\n '2': 'operator_new', '3': 'operator_delete', '4': 'operator_assign',\r\n '5': 'operator_shift_left', '6': 'operator_shift_right', '8': 'operator_equal',\r\n '9': 'operator_not_equal', 'A': 'operator_subscript', 'B': 'operator_not',\r\n 'C': 'operator_cast', 'D': 'operator_cast_const'\r\n };\r\n\r\n return operatorNames[nameWithPrefix[0]] || 'operator_unknown';\r\n }\r\n\r\n // Class functions - remove first character\r\n return nameWithPrefix.substring(1);\r\n }\r\n }\r\n\r\n // Fallback\r\n parts = itemPattern.split(\"?\");\r\n if (parts.length >= 3) {\r\n var name = parts[2].split(\"@\")[0];\r\n\r\n return (name.length > 0 && /[0-9A-D]/.test(name[0])) ? name.substring(1) : name;\r\n }\r\n }\r\n }\r\n\r\n // GNUCPP mangled names start with '_Z'\r\n if (itemPattern.substring(0, 2) === \"_Z\") {\r\n // STL mangler: _ZSt4cout, _ZSt3minIiET_RKS0_S2_\r\n if (itemPattern[2] === 'S' && itemPattern[3] === 't') {\r\n var stlMatch = itemPattern.match(/_ZSt(\\d+)(.+)/);\r\n\r\n if (stlMatch) {\r\n return stlMatch[2].substring(0, parseInt(stlMatch[1], 10));\r\n }\r\n } else if (itemPattern[2] === 'N') { // Namespace mangler: _ZN...E\r\n var components = [],\r\n remaining = itemPattern.substring(3); // Skip \"_ZN\"\r\n\r\n // Parse all components\r\n while (remaining.length > 0 && remaining[0] !== 'E' && /^\\d/.test(remaining)) {\r\n var lengthMatch = remaining.match(/^(\\d+)/);\r\n\r\n if (lengthMatch) {\r\n var length = parseInt(lengthMatch[1], 10),\r\n nameStart = lengthMatch[1].length;\r\n\r\n if (remaining.length >= nameStart + length) {\r\n var name = remaining.substring(nameStart, nameStart + length);\r\n components.push(name);\r\n remaining = remaining.substring(nameStart + length);\r\n } else {\r\n break;\r\n }\r\n } else {\r\n break;\r\n }\r\n }\r\n\r\n // Return the last component (function name)\r\n if (components.length > 0) {\r\n return components[components.length - 1];\r\n }\r\n } else { // Regular mangler: _Z9myFunctionv, _Z3fooi\r\n var regularMatch = itemPattern.match(/_Z(\\d+)(.+)/);\r\n\r\n if (regularMatch) {\r\n var funcNameLength = parseInt(regularMatch[1], 10);\r\n return regularMatch[2].substring(0, funcNameLength);\r\n }\r\n }\r\n }\r\n\r\n // Borland C++ mangled names start with '@'\r\n if (itemPattern[0] === '@') {\r\n var parts = itemPattern.split('@');\r\n\r\n // Simple function: @func$qi\r\n if (parts.length === 2) {\r\n return parts[1].split('$')[0];\r\n }\r\n\r\n // Class method: @Class@method$qpc\r\n if (parts.length >= 3) {\r\n var methodName = parts[2].split('$')[0];\r\n\r\n // Constructor: @Class@$bctr$...\r\n if (methodName === '$bctr') {\r\n return parts[1]; // Return class name\r\n }\r\n\r\n // Destructor: @Class@$bdtr$...\r\n if (methodName === '$bdtr') {\r\n return '~' + parts[1]; // Return destructor name\r\n }\r\n\r\n // Regular method\r\n return methodName;\r\n }\r\n }\r\n\r\n // Swift mangled names start with '$s' or '$S'\r\n if (itemPattern[0] === '$' && (itemPattern[1] === 's' || itemPattern[1] === 'S')) {\r\n var pos = 2,\r\n identifiers = [];\r\n\r\n // Parse length-prefixed identifier\r\n function parseIdentifier(str, startPos) {\r\n if (startPos >= str.length || !/^\\d/.test(str[startPos])) {\r\n return null;\r\n }\r\n\r\n var match = str.substring(startPos).match(/^(\\d+)/);\r\n if (!match) return null;\r\n\r\n var len = parseInt(match[1], 10),\r\n digitLen = match[1].length;\r\n\r\n if (startPos + digitLen + len > str.length) {\r\n return null;\r\n }\r\n\r\n return {\r\n name: str.substring(startPos + digitLen, startPos + digitLen + len),\r\n nextPos: startPos + digitLen + len\r\n };\r\n }\r\n\r\n // Parse ALL length-prefixed identifiers, skipping markers/types/substitutions\r\n // We want to collect ALL readable names and return the last one\r\n var loopLimit = 50; // Safety limit to prevent infinite loops\r\n\r\n while (pos < itemPattern.length && loopLimit-- > 0) {\r\n var char = itemPattern[pos];\r\n\r\n // Try to parse length-prefixed identifier\r\n if (/^\\d/.test(char)) {\r\n var result = parseIdentifier(itemPattern, pos);\r\n\r\n if (result) {\r\n identifiers.push(result.name);\r\n pos = result.nextPos;\r\n continue;\r\n }\r\n }\r\n\r\n // Skip substitution references (x, q, y, z and combinations like qd__, yz, etc.)\r\n if (/^[xqyz]/.test(char)) {\r\n pos++;\r\n // Skip additional substitution characters\r\n while (pos < itemPattern.length && /^[xqyzd_0-9]/.test(itemPattern[pos])) {\r\n pos++;\r\n }\r\n continue;\r\n }\r\n\r\n // Skip single-letter markers if followed by digit or known pattern\r\n if (/^[a-zA-Z]$/.test(char)) {\r\n var nextChar = pos + 1 < itemPattern.length ? itemPattern[pos + 1] : String();\r\n\r\n // Check for stdlib type codes (2 letters starting with S)\r\n if (char === 'S' && /^[a-zA-Z]/.test(nextChar)) {\r\n var afterStdlib = pos + 2 < itemPattern.length ? itemPattern[pos + 2] : String();\r\n // If after stdlib type there's a marker + digit, skip stdlib and continue\r\n if (/^[a-z]$/.test(afterStdlib)) {\r\n var afterMarker = pos + 3 < itemPattern.length ? itemPattern[pos + 3] : String();\r\n if (/^\\d/.test(afterMarker)) {\r\n pos += 3; // Skip Sx + marker\r\n continue;\r\n }\r\n }\r\n // If directly followed by digit, skip stdlib type\r\n if (/^\\d/.test(afterStdlib)) {\r\n pos += 2;\r\n continue;\r\n }\r\n }\r\n\r\n // Single letter followed by digit - skip it\r\n if (/^\\d/.test(nextChar)) {\r\n pos++;\r\n continue;\r\n }\r\n }\r\n\r\n // Can't parse further - stop\r\n break;\r\n }\r\n\r\n // Return the last identifier (most specific name)\r\n if (identifiers.length > 0) {\r\n return identifiers[identifiers.length - 1];\r\n }\r\n\r\n // Fallback: check for stdlib type codes at current position\r\n if (pos < itemPattern.length && itemPattern[pos] === 'S' && pos + 1 < itemPattern.length) {\r\n var typeCode = itemPattern.substring(pos, pos + 2);\r\n\r\n var stdlibTypes = {\r\n 'Sa': 'Array', 'Sb': 'Bool', 'Sc': 'UnicodeScalar', 'Sd': 'Double',\r\n 'Sf': 'Float', 'Sg': 'Optional', 'Sh': 'Set', 'Si': 'Int',\r\n 'SL': 'Collection', 'Sl': 'Slice', 'Sm': 'Mirror', 'Sn': 'Numeric',\r\n 'So': 'ObjectiveC', 'Sp': 'UnsafePointer', 'Sq': 'Optional',\r\n 'SR': 'Sequence', 'Sr': 'UnsafeRawPointer', 'Ss': 'String',\r\n 'SS': 'String', 'St': 'Range', 'ST': 'Equatable', 'Su': 'UInt',\r\n 'Sv': 'UnsafeRawBufferPointer', 'Sw': 'UnsafeBufferPointer',\r\n 'Sx': 'Strideable', 'SY': 'RawRepresentable', 'Sy': 'RawRepresentable',\r\n 'Sz': 'BinaryInteger', 'SD': 'Dictionary', 'SE': 'Encodable',\r\n 'SH': 'Hashable', 'Sk': 'KeyPath', 'SK': 'KeyPath'\r\n };\r\n\r\n if (stdlibTypes[typeCode]) {\r\n return stdlibTypes[typeCode];\r\n }\r\n }\r\n }\r\n\r\n return itemPattern;\r\n}\r\n\r\n\r\n\r\n/**\r\n * Validates import hashes within a database collection.\r\n * Iterates through each entry in the collection, checking if the import position hash is present.\r\n * If a matching hash is found, returns the corresponding entry; otherwise, returns null.\r\n *\r\n * @param {Array} dbCollection - The database collection to validate, where each entry is an array containing at least a position and hash.\r\n * @returns {Array|null} The first entry with a matching import position hash, or null if none found.\r\n */\r\nfunction validateImportHashes(dbCollection) {\r\n for (var i = 0; i < dbCollection.length; i++) {\r\n var position = dbCollection[i][2], hash = dbCollection[i][3];\r\n if (Array.isArray(hash)) {\r\n for (var j = 0; j < hash.length; j++) {\r\n if (PE.isImportPositionHashPresent(position, hash[j])) return dbCollection[i];\r\n }\r\n } else if (PE.isImportPositionHashPresent(position, hash)) {\r\n return dbCollection[i];\r\n }\r\n }\r\n\r\n return null;\r\n}\r\n\r\n\r\n\r\n/**\r\n * Validates section names within a database collection against known PE section names or regular expressions.\r\n * Iterates through the collection and checks if any section signature matches a known section name or passes a regular expression test.\r\n *\r\n * @param {Array} dbCollection - The database collection to validate, where each item is expected to have a section signature at index 2.\r\n * @returns {Array|null} The first matching item from the collection, or null if no match is found.\r\n */\r\nfunction validateSectionNames(dbCollection) {\r\n for (var i = 0; i < dbCollection.length; i++) {\r\n var sectionSignature = dbCollection[i][2];\r\n if (Array.isArray(sectionSignature)) {\r\n for (var j = 0; j < sectionSignature.length; j++) {\r\n if ((typeof sectionSignature[j] === \"string\" && PE.isSectionNamePresent(sectionSignature[j])) ||\r\n (sectionSignature[j] instanceof RegExp && PE.isSectionNamePresentExp(sectionSignature[j]))) {\r\n return dbCollection[i];\r\n }\r\n }\r\n } else if ((typeof sectionSignature === \"string\" && PE.isSectionNamePresent(sectionSignature)) ||\r\n (sectionSignature instanceof RegExp && PE.isSectionNamePresentExp(sectionSignature))) {\r\n return dbCollection[i];\r\n }\r\n }\r\n\r\n return null;\r\n}\r\n\r\n\r\n\r\n/**\r\n * Validates resource names within a database collection against known PE resource names or regular expressions.\r\n * Iterates through the collection and checks if any resource signature matches a known resource name or passes a regular expression test.\r\n *\r\n * @param {Array} dbCollection - The database collection to validate, where each item is expected to have a resource signature at index 2.\r\n * @returns {Array|null} The first matching item from the collection, or null if no match is found.\r\n */\r\nfunction validateResourceNames(dbCollection) {\r\n for (var i = 0; i < dbCollection.length; i++) {\r\n var resourceSignature = dbCollection[i][2];\r\n if (Array.isArray(resourceSignature)) {\r\n for (var j = 0; j < resourceSignature.length; j++) {\r\n if ((typeof resourceSignature[j] === \"string\" && PE.isResourceNamePresent(resourceSignature[j])) ||\r\n (resourceSignature[j] instanceof RegExp && PE.isResourceNamePresentExp(resourceSignature[j]))) {\r\n return dbCollection[i];\r\n }\r\n }\r\n } else if ((typeof resourceSignature === \"string\" && PE.isResourceNamePresent(resourceSignature)) ||\r\n (resourceSignature instanceof RegExp && PE.isResourceNamePresentExp(resourceSignature))) {\r\n return dbCollection[i];\r\n }\r\n }\r\n\r\n return null;\r\n}\r\n\r\n\r\n\r\n/**\r\n * Calculates and returns the offset of the PE optional header within the file.\r\n * \r\n * The function reads the e_lfanew field at offset 0x3C to find the PE header start,\r\n * then adds 4 bytes for the PE signature and 20 bytes for the COFF header to locate\r\n * the start of the optional header.\r\n *\r\n * @returns {number} The offset (in bytes) to the optional header in the PE file.\r\n */\r\nfunction getOptHeaderOffset() {\r\n return PE.read_int32(0x3C) + 4 + 20;\r\n}\r\n\r\n\r\n\r\n/**\r\n * Checks if the .NET CLR metadata directory is present in the PE file.\r\n *\r\n * This function determines the presence of the .NET CLR Runtime Header\r\n * by reading the appropriate Data Directory entry from the PE Optional Header.\r\n * It supports both PE32 and PE32+ formats.\r\n *\r\n * @returns {boolean} True if the .NET CLR metadata directory is present, false otherwise.\r\n */\r\nfunction isNetMetaDataPresent() {\r\n var optHeaderOffset = getOptHeaderOffset();\r\n\r\n var numRvaAndSizesOffset, clrDirOffset;\r\n\r\n if (!PE_Cached.is64bit) {\r\n numRvaAndSizesOffset = optHeaderOffset + 0x5C;\r\n clrDirOffset = optHeaderOffset + 0xD0; // CLR offset for PE32\r\n } else {\r\n numRvaAndSizesOffset = optHeaderOffset + 0x6C;\r\n clrDirOffset = optHeaderOffset + 0xE0; // CLR offset for PE64\r\n }\r\n\r\n // Check if the offsets are within the bounds of the PE file size\r\n if (clrDirOffset + 8 > PE.getSize() ||\r\n numRvaAndSizesOffset + 4 > PE.getSize()) {\r\n return false;\r\n }\r\n\r\n // Check if the number of RVA and sizes is valid\r\n if (PE.read_int32(numRvaAndSizesOffset) < 15) {\r\n return false;\r\n }\r\n\r\n // Read CLR directory RVA and size\r\n var clrRva = PE.read_int32(clrDirOffset),\r\n clrSize = PE.read_int32(clrDirOffset + 4);\r\n\r\n // Validate CLR directory RVA and size\r\n return clrRva !== 0 && clrSize !== 0;\r\n}\r\n\r\n\r\n\r\n/**\r\n * Checks if a compiler has been detected in the analysis results.\r\n * \r\n * @returns {boolean} Returns true if any compiler or compiler-related results are found, false otherwise.\r\n */\r\nfunction isCompilerDetected() {\r\n return _getNumberOfResults(\"compiler\") > 0 || _getNumberOfResults(\"~compiler\") > 0;\r\n}\r\n\r\n\r\n\r\n/**\r\n * Checks if a linker has been detected in the analysis results.\r\n * \r\n * @returns {boolean} Returns true if any linker or linker-related results are found, false otherwise.\r\n */\r\nfunction isLinkerDetected() {\r\n return _getNumberOfResults(\"linker\") > 0 || _getNumberOfResults(\"~linker\") > 0;\r\n}\r\n\r\n\r\n\r\n// #region \"languages and compilers (.NET and Native)\"\r\nfunction scanForLanguagesAndCompilers_NET_and_Native() {\r\n log(logType.nothing, \"Scanning for programming language...\");\r\n\r\n var c_cpp = _isLangPresent(\"C/C++\"); // Unknown; C or C++\r\n\r\n\r\n const extdb = [\r\n [\"C++\", \"cpp\"],\r\n [\"Rust\", \"rs\"],\r\n [\"Java\", \"jar\"],\r\n [\"Python\", \"pyd\"],\r\n [\"Kotlin\", \"kt\"]\r\n ];\r\n\r\n\r\n for (var i = 0; i < extdb.length; i++) {\r\n const\r\n langName = extdb[i][0],\r\n langExtName = extdb[i][1];\r\n\r\n if (PE.isSignaturePresent(0x00, PE.getSize(), \"%% %% %% %% %% %% %% %% '.\" + langExtName + \"' 00\")) {\r\n log(logType.any, \"Lines of .\" + langExtName + \" files (\" + langName + \") detected\");\r\n _setLangByHeur(langName);\r\n }\r\n }\r\n\r\n\r\n if (!_isLangDetected(\"C++\") && PE.isSignaturePresent(0x00, PE.getSize(), \"%% %% %% %% %% %% %% %% %% %% '.c' 00\")) {\r\n log(logType.any, \"Lines of .c files (C) detected (not a C++)\");\r\n _setLangByHeur(\"C\");\r\n }\r\n\r\n\r\n for (var i = 0; i < PE_Cached.numberOfUnmanagedResources; i++) {\r\n var resourceOffset = PE.getResourceOffsetByNumber(i);\r\n\r\n if (resourceOffset !== -1) {\r\n var resourceSignature = PE.getString(resourceOffset, 0x40);\r\n\r\n if (resourceSignature.split(\" \")[0] === \"object\" && resourceSignature.indexOf(\": \") !== -1) {\r\n _setLangByHeur(\"Object Pascal\");\r\n break;\r\n }\r\n }\r\n }\r\n\r\n\r\n\r\n\r\n var isPpLibraryPresent = false,\r\n isCLibraryPresent = false;\r\n\r\n for (var i = 0; i < PE_Cached.numberOfUnmanagedImports; i++) {\r\n const libraryName = PE.getImportLibraryName(i).toLowerCase();\r\n\r\n // Detect mangler in imported libraries\r\n for (var k = 0; k < PE.getNumberOfImportThunks(i) && !isPpLibraryPresent; k++) {\r\n const functionName = PE.getImportFunctionName(i, k); // import, thunk\r\n\r\n if (isItemMangled(functionName)) {\r\n log(logType.any, \"Mangler detected -> \\\"\" + libraryName + \"\\\", at function \\\"\" + getNameOfMangledItem(functionName) + \"\\\"\");\r\n\r\n var isNotCpp = false;\r\n\r\n if (!isCompilerDetected()) {\r\n var manglerInfo = getManglerInfoByMangledItem(functionName);\r\n\r\n if (manglerInfo) {\r\n _setResult(\"~compiler\", manglerInfo.compiler, String(), String());\r\n if (!_isLangDetected()) _setLangByHeur(manglerInfo.language);\r\n\r\n if (manglerInfo.language !== \"C++\") isNotCpp = true;\r\n }\r\n }\r\n\r\n isPpLibraryPresent = !isNotCpp; // if language is unknown\r\n }\r\n }\r\n\r\n\r\n\r\n\r\n if (\r\n libraryName.indexOf(\"++\") !== -1 ||\r\n libraryName.indexOf(\"cpp\") !== -1 ||\r\n libraryName.indexOf(\"msvcp\") !== -1\r\n ) {\r\n log(logType.any, \"C++ library present -> \\\"\" + libraryName + \"\\\"\");\r\n\r\n isPpLibraryPresent = true;\r\n }\r\n\r\n\r\n\r\n\r\n if (libraryName.indexOf(\"msvcr\") !== -1 || libraryName.indexOf(\"crtdll\") !== -1) {\r\n log(logType.any, \"C library present -> \\\"\" + libraryName + \"\\\"\");\r\n\r\n isCLibraryPresent = true;\r\n }\r\n }\r\n\r\n\r\n\r\n\r\n // Detect mangler in exports\r\n for (var e = 0; e < PE_Cached.numberOfUnmanagedExports && !isPpLibraryPresent; e++) {\r\n var exportName = PE.getExportFunctionName(e);\r\n if (exportName && isItemMangled(exportName)) {\r\n log(logType.any, \"Mangler detected at exported item \\\"\" + getNameOfMangledItem(exportName) + \"\\\"\");\r\n\r\n var isNotCpp = false;\r\n\r\n if (!isCompilerDetected()) {\r\n var manglerInfo = getManglerInfoByMangledItem(exportName);\r\n\r\n if (manglerInfo) {\r\n _setResult(\"~compiler\", manglerInfo.compiler, String(), String());\r\n if (!_isLangDetected()) _setLangByHeur(manglerInfo.language);\r\n\r\n if (manglerInfo.language !== \"C++\") isNotCpp = true;\r\n }\r\n }\r\n\r\n isPpLibraryPresent = !isNotCpp;\r\n }\r\n }\r\n\r\n\r\n\r\n\r\n // Detect compilers by Rich signature\r\n\r\n if (!isCompilerDetected() && PE_Cached.isRichSignaturePresent) {\r\n for (var j = 0; j < PE_Cached.numberOfRichIDs; j++) {\r\n const\r\n richId = PE.getRichID(j),\r\n richVersion = PE.getRichVersion(j),\r\n richCount = PE.getRichCount(j);\r\n\r\n if (richId === 0x000d && richVersion === 9782 && richCount === 0x0001) {\r\n _setResult(\"~compiler\", \"Microsoft Visual Basic\", \"6.0\", String());\r\n _setLangByHeur(\"VB\");\r\n break;\r\n } else if (richId === 0x0103) {\r\n _setResult(\"~compiler\", \"MASM\", String(), String());\r\n break;\r\n }\r\n }\r\n }\r\n\r\n\r\n\r\n\r\n // Detect IL2CPP by sections (thanks to AyukiDev)\r\n\r\n if (!isCompilerDetected()) {\r\n const il2cppSections = [\r\n \".text$mn\",\r\n \".rdata$zzzdbg\",\r\n \".rtc$IAA\",\r\n \".rtc$IZZ\",\r\n \".rtc$TAA\",\r\n \".rtc$TZZ\",\r\n \"il2cpp\"\r\n ];\r\n\r\n for (var i = 0; i < il2cppSections.length; i++) {\r\n if (PE.isSectionNamePresent(il2cppSections[i])) {\r\n _setResult(\"~compiler\", \"IL2CPP Technology\", String(), String());\r\n _setLangByHeur(\"Native MSIL/C#\");\r\n break;\r\n }\r\n }\r\n }\r\n\r\n\r\n\r\n\r\n var isCLikeLibsNotFound = !isCLibraryPresent && !isPpLibraryPresent;\r\n\r\n var majorLinkerVersion = PE.getMajorLinkerVersion(),\r\n minorLinkerVersion = PE.getMinorLinkerVersion();\r\n\r\n if (!isCompilerDetected() && !isLinkerDetected() && !PE_Cached.isDotNet) {\r\n var ehFrameSection = PE.section[\".eh_frame\"],\r\n buildIdSection = PE.section[\".build-id\"];\r\n\r\n if (!ehFrameSection && !buildIdSection && (\r\n PE_Cached.isRichSignaturePresent ||\r\n PE.compare(\"'MZ'90000300000004000000FFFF0000B800000000000000400000000000000000000000000000000000000000000000000000000000000000000000....00000E1FBA0E00B409CD21B8014CCD21'This program cannot be run in DOS mode.\\r\\r\\n$'00000000\") ||\r\n PE.compare(\"'MZ'90000300000004000000FFFF0000B800000000000000400000000000000000000000000000000000000000000000000000000000000000000000....000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000\") ||\r\n PE.isSectionNamePresent(\".00cfg\")\r\n )) {\r\n if (PE.isSectionNamePresent(\".gfids\") || PE.isSectionNamePresent(\".giats\") || PE.isSectionNamePresent(\".gljmp\")) {\r\n _setResult(\"~tool\", \"Microsoft Visual Studio\", String(), String())\r\n }\r\n\r\n _setResult(\"~linker\", \"Microsoft Linker\", (majorLinkerVersion !== 0 ? (majorLinkerVersion + \".\" + minorLinkerVersion) : String()), String());\r\n _setResult(\"~compiler\", \"Microsoft Visual C/C++\", String(), String());\r\n\r\n if (!_isLangDetected() && isCLikeLibsNotFound) {\r\n if (isNetMetaDataPresent()) {\r\n _setLangByHeur(\"MSIL/C/C++\");\r\n } else {\r\n _setLangByHeur(\"C/C++\");\r\n }\r\n }\r\n } else if (\r\n ehFrameSection || buildIdSection || (\r\n PE.isSectionNamePresent(\".CRT\") && PE.isSectionNamePresent(\".rdata\") && PE.isSectionNamePresent(\".xdata\") && PE.isSectionNamePresent(\".idata\") &&\r\n (PE.isSectionNamePresent(\".tls\") || PE.isSectionNamePresent(\".bss\")) || PE.isSectionNamePresent(\".buildid\")\r\n )) {\r\n\r\n _setResult(\"~compiler\", \"MinGW\", String(), String());\r\n\r\n if (!_isLangDetected() && isCLikeLibsNotFound) {\r\n _setLangByHeur(\"C/C++\");\r\n }\r\n } else if (PE.isSectionNamePresent(\".flat\") && !isPpLibraryPresent) {\r\n _setResult(\"~compiler\", \"FASM\", String(), String());\r\n _setLangByHeur(\"ASMx\" + (PE_Cached.is64bit ? \"64\" : \"86\"));\r\n }\r\n }\r\n\r\n\r\n\r\n\r\n const rdataSection = PE.section[\".rdata\"];\r\n\r\n if (rdataSection) {\r\n if (c_cpp && // if C/C++ detected by DIE\r\n PE.isSignaturePresent(\r\n rdataSection.FileOffset,\r\n rdataSection.FileSize,\r\n generateUnicodeSignatureMask(\"Visual C++\"))) {\r\n\r\n log(logType.any, \"Embedded Visual C++ Runtime detected.\");\r\n\r\n isPpLibraryPresent = true; // Visual C++ Runtime library in resources\r\n }\r\n }\r\n\r\n if (isPpLibraryPresent || (c_cpp && PE.isSignaturePresent(0x00, PE.getSize() - PE.getOverlaySize(), \"' C++ '\"))) {\r\n _setLangByHeur(\"C++\");\r\n } else if (!_isLangPresent(\"C++\") && isCLibraryPresent && (PE.isFunctionPresent(\"_iob\") || PE.isFunctionPresent(\"printf\") || PE.isFunctionPresent(\"malloc\") || PE.isFunctionPresent(\"memset\"))) {\r\n _setLangByHeur(\"C\");\r\n } else if (PE.isLibraryPresentExp(/^api-ms-win-crt*/i) || PE.isSectionNamePresent(\".msvcjmc\")) {\r\n _setLangByHeur(\"C/C++\");\r\n } else if (!_isLangDetected() && !_getNumberOfResults(\"compiler\") && !PE_Cached.isDotNet) {\r\n if (!_getNumberOfResults(\"protector\") &&\r\n !_getNumberOfResults(\"cryptor\") && !_getNumberOfResults(\"~cryptor\") &&\r\n !_getNumberOfResults(\"packer\") && !_getNumberOfResults(\"~packer\")) {\r\n _setLangByHeur(\"ASMx\" + (PE_Cached.is64bit ? \"64\" : \"86\"));\r\n }\r\n }\r\n}\r\n// #endregion\r\n\r\n\r\n\r\n/**\r\n * Sets the language based on heuristic analysis.\r\n *\r\n * @param {string} languageName - The name of the detected language.\r\n */\r\nfunction _setLangByHeur(languageName) {\r\n log(logType.any, languageName + \" language detected!\");\r\n\r\n _setLang(languageName, heurLabel);\r\n}\r\n\r\n\r\n\r\n/**\r\n * Adds a new option to the existing options text, separated by \" + \" if optionsText is not empty.\r\n *\r\n * @param {string} optionsText - The current options text.\r\n * @param {string} newOptionText - The new option to add.\r\n * @returns {string} The updated options text with the new option appended.\r\n */\r\nfunction addOption(optionsText, newOptionText) {\r\n if (optionsText) optionsText += \" + \";\r\n optionsText += newOptionText;\r\n return optionsText;\r\n}\r\n\r\n\r\n\r\n/**\r\n * Logs a message with a specific type and text.\r\n *\r\n * @param {number} messageTypeId - The type of the message. \r\n * -2: Error, \r\n * -1: About, \r\n * 1: Any, \r\n * 2: .NET.\r\n * @param {string} messageText - The text of the message to log. \r\n * Must not contain newline characters.\r\n * @throws Will throw an error if the messageText contains a newline character.\r\n */\r\nfunction log(messageTypeId, messageText) {\r\n if (!messageText) {\r\n return;\r\n } else if (/\\r|\\n|\\t/.test(messageText)) {\r\n messageText = messageText.replace(/[\\r\\n\\t]+/g, \" \").replace(/\\s+/g, \" \").trim();\r\n // _error(\"Illegal char at log( ... )\");\r\n }\r\n\r\n var prefix = String();\r\n\r\n if (messageTypeId !== -2) {\r\n prefix = heurLabel;\r\n }\r\n\r\n if (messageTypeId > -2 && messageTypeId !== 0) {\r\n prefix += \"/\";\r\n }\r\n\r\n switch (messageTypeId) {\r\n case -2: prefix = \"!\"; break;\r\n case -1: prefix += \"About\"; break;\r\n case 1: prefix += \"Any\"; break;\r\n case 2: prefix += \".NET\"; break;\r\n }\r\n\r\n if (typeof _log !== \"undefined\") {\r\n _log(\"[\" + prefix + \"] \" + messageText);\r\n } else {\r\n _error(\"Unable to write log message\");\r\n }\r\n}\r\n\r\n\r\n\r\n//#region \"malicious code (.NET and Native)\"\r\nfunction scanForMaliciousCode_NET_and_Native() {\r\n log(logType.nothing, \"Scanning for malicious code...\");\r\n\r\n var verdicts = [];\r\n\r\n const mayBeInfected = \"May be infected, be careful!\";\r\n\r\n\r\n if (PE_Cached.isDotNet) {\r\n\r\n var requiredDotNetImports = [\r\n \"System.Diagnostics\",\r\n \"System.IO.Compression\",\r\n \"user32\", \"kernel32\", \"ntdll\" // no ext\r\n ],\r\n foundImportsCount = 0,\r\n importSignature, pattern, allPatternImportsFound;\r\n\r\n for (var i = 0; i < requiredDotNetImports.length; i++) {\r\n importSignature = \"00'\" + requiredDotNetImports[i] + \"'00\";\r\n if (PE.isSignatureInSectionPresent(0, importSignature)) {\r\n foundImportsCount++;\r\n }\r\n }\r\n\r\n if (PE.isSignatureInSectionPresent(0, \"00'System.Net.Sockets'00\") && foundImportsCount >= 2) {\r\n var maliciousImportPatterns = [\r\n {\r\n type: \"NjRAT\",\r\n edition: \"0.7D Green Edition\",\r\n references: [\r\n \"w\", \"System.Drawing\", \"System.Windows.Forms\", \"System.Runtime.InteropServices\",\r\n \"avicap32.dll\", \"capGetDriverDescriptionA\",\r\n \"kernel32\", \"KERNEL32.DLL\", \"ntdll\",\r\n \"user32\", \"GetWindowText\", \"EnumChildWindows\", \"SendMessage\", \"GetWindowTextLength\",\r\n \"user32.dll\",\r\n \"winmm.dll\"\r\n ],\r\n isVbNet: true\r\n }, {\r\n type: \"NjRAT\",\r\n edition: \"0.7D Lime Edition\",\r\n references: [\r\n \"Stub\", \"System.Drawing\", \"System.Windows.Forms\", \"System.Runtime.InteropServices\",\r\n \"avicap32.dll\", \"capGetDriverDescriptionA\",\r\n \"kernel32\",\r\n \"ntdll\", \"NtSetInformationProcess\",\r\n \"user32\", \"MapVirtualKey\", \"ToUnicodeEx\", \"GetKeyboardState\",\r\n \"user32.dll\",\r\n \"wintrust.dll\"\r\n ],\r\n isVbNet: true\r\n }, {\r\n type: \"NjRAT\",\r\n edition: \"0.7D\",\r\n references: [\r\n \"Stub\", \"System.Drawing\", \"System.Windows.Forms\", \"System.Runtime.InteropServices\",\r\n \"avicap32.dll\", \"capGetDriverDescriptionA\",\r\n \"kernel32\",\r\n \"ntdll\", \"NtSetInformationProcess\",\r\n \"user32\", \"MapVirtualKey\", \"ToUnicodeEx\", \"GetKeyboardState\",\r\n \"user32.dll\"\r\n ],\r\n isVbNet: true\r\n }, {\r\n type: \"NjRAT\",\r\n edition: \"0.11G-0.12G\",\r\n references: [\r\n \"k\", \"System.Drawing\", \"System.Windows.Forms\", \"System.Runtime.InteropServices\",\r\n \"avicap32.dll\", \"capGetDriverDescriptionA\",\r\n \"kernel32\",\r\n \"ntdll\", \"NtsetInformationProcess\",\r\n \"user32\", \"MapVirtualKey\", \"ToUnicodeEx\", \"GetKeyboardState\", \"GetForegroundWindow\",\r\n \"GetWindowTextLengthA\", \"GetAsyncKeyState\",\r\n \"user32.dll\"\r\n ],\r\n isVbNet: true\r\n }, {\r\n type: \"NjRAT\",\r\n edition: \"0.7D Danger Edition\",\r\n references: [\r\n \"Stub\", \"System.Drawing\", \"System.Windows.Forms\", \"System.Runtime.InteropServices\",\r\n \"avicap32.dll\", \"capGetDriverDescriptionA\",\r\n \"Kernel32.dll\",\r\n \"KERNEL32.DLL\",\r\n \"user32\", \"GetWindowText\", \"EnumChildWindows\", \"GetForegroundWindow\", \"SendMessage\", \"GetWindowTextLength\", \"SetWindowPos\",\r\n \"user32.dll\",\r\n \"winmm.dll\"\r\n ],\r\n isVbNet: true\r\n }, {\r\n type: \"NjRAT\",\r\n edition: \"0.7D Golden Edition\",\r\n references: [\r\n \"Stub\", \"System.Drawing\", \"System.Windows.Forms\", \"System.Runtime.InteropServices\",\r\n \"avicap32.dll\",\r\n \"kernel32\",\r\n \"Kernel32.dll\",\r\n \"ntdll\", \"NtSetInformationProcess\",\r\n \"user32\", \"user32.dll\", \"GetForegroundWindow\", \"GetWindowTextA\", \"winmm.dll\"\r\n ],\r\n isVbNet: true\r\n }, {\r\n type: \"XWorm\",\r\n edition: \"3.0-5.0\",\r\n references: [\r\n \"System.Core\", \"System.Drawing\", \"System.Management\", \"System.Windows.Forms\", \"System.Runtime.InteropServices\",\r\n \"avicap32.dll\", \"capCreateCaptureWindowA\",\r\n \"kernel32.dll\", \"SetThreadExecutionState\",\r\n \"user32.dll\", \"GetForegroundWindow\", \"GetWindowText\"\r\n ],\r\n isVbNet: true\r\n }, {\r\n type: \"VenomRAT\",\r\n edition: \"6.X\",\r\n references: [\r\n \"Microsoft.CSharp\", \"System.Core\", \"System.Drawing\", \"System.Management\",\r\n \"System.Windows.Forms\", \"System.Runtime.InteropServices\",\r\n \"kernel32.dll\", \"SetThreadExecutionState\",\r\n \"ntdll.dll\", \"RtlSetProcessIsCritical\",\r\n \"user32.dll\", \"GetWindowText\", \"GetForegroundWindow\"\r\n ],\r\n isVbNet: true\r\n }, {\r\n type: \"RevengeRAT\",\r\n edition: \"0.3\",\r\n references: [\r\n \"System.Management\", \"System.Windows.Forms\",\r\n \"avicap32.dll\", \"capGetDriverDescriptionA\",\r\n \"kernel32\",\r\n \"psapi\", \"EmptyWorkingSet\",\r\n \"user32\", \"GetWindowText\"\r\n ],\r\n isVbNet: true\r\n }, {\r\n type: \"Webremote TorCT\",\r\n edition: undefined,\r\n references: [\r\n \"System.Windows.Forms\",\r\n \"avicap32.dll\", \"capGetDriverDescriptionA\", \"capCreateCaptureWindowA\",\r\n \"user32\", \"SendMessage\", \"SetWindowPos\", \"DestroyWindow\",\r\n \"user32.dll\", \"GetForegroundWindow\", \"GetWindowText\"\r\n ],\r\n isVbNet: true\r\n }, { // NjRAT Generic 1\r\n type: \"NjRAT\",\r\n edition: undefined,\r\n references: [\r\n \"System.Drawing\", \"System.Windows.Forms\", \"GetForegroundWindow\", \"System.Runtime.InteropServices\", \"System.Security.Cryptography\", \"GetWindowText\",\r\n \"avicap32.dll\", \"A\", \"kl\", \"OK\"\r\n ],\r\n isVbNet: true\r\n }, { // NjRAT Generic 2 (with USB-spreader)\r\n type: \"NjRAT\",\r\n edition: undefined,\r\n references: [\r\n \"System.Drawing\", \"System.Windows.Forms\", \"GetForegroundWindow\", \"System.Runtime.InteropServices\", \"System.Security.Cryptography\", \"GetWindowText\",\r\n \"avicap32.dll\", \"A\", \"kl\", \"USB\"\r\n ],\r\n isVbNet: true\r\n }\r\n ];\r\n\r\n for (var j = 0; j < maliciousImportPatterns.length; j++) {\r\n pattern = maliciousImportPatterns[j];\r\n allPatternImportsFound = true;\r\n\r\n for (var k = 0; k < pattern.references.length && allPatternImportsFound; k++) {\r\n importSignature = \"00'\" + pattern.references[k] + \"'00\";\r\n if (!PE.isSignatureInSectionPresent(0, importSignature)) {\r\n allPatternImportsFound = false;\r\n }\r\n }\r\n\r\n // If not all pattern imports were found, skip this pattern\r\n if (!allPatternImportsFound) {\r\n continue;\r\n }\r\n\r\n // Check for VB.NET standard library references\r\n if (pattern.isVbNet && !PE_Cached.isVbNetStandardLibraryPresent) {\r\n continue;\r\n }\r\n\r\n verdicts.push({\r\n type: pattern.type,\r\n version: pattern.edition ? pattern.edition : String(),\r\n details: String()\r\n });\r\n\r\n break;\r\n }\r\n }\r\n\r\n var separatorToSearch = generateUnicodeSignatureMask(\"|'|'|\") + \"00\";\r\n separatorToSearch = \"??\" + separatorToSearch.substring(2, separatorToSearch.length);\r\n\r\n // NjRAT Generic: Detect NjRAT via requests-separator or assembly name\r\n if (verdicts.length === 0 && (\r\n PE_Cached.nameOfNetAssemblyName === \"w\" || PE_Cached.nameOfNetModuleName === \"w.exe\" ||\r\n PE_Cached.nameOfNetAssemblyName === \"k\" || PE_Cached.nameOfNetModuleName === \"k.exe\" ||\r\n PE.isNetObjectPresent(\"njLogger\") || PE.isNetUStringPresent(\"|PWD| \") || PE.isSignatureInSectionPresent(0, separatorToSearch))) {\r\n verdicts.push({\r\n type: \"NjRAT\",\r\n version: String(),\r\n details: String()\r\n });\r\n }\r\n\r\n\r\n if (verdicts.length === 0 && PE.isNetObjectPresent(\"avfucker\")) {\r\n verdicts.push({\r\n type: \"RAT Injector\",\r\n version: String(),\r\n details: String()\r\n });\r\n }\r\n\r\n\r\n // https://malpedia.caad.fkie.fraunhofer.de/details/win.asyncrat\r\n\r\n if (verdicts.length === 0 && (\r\n PE_Cached.nameOfNetAssemblyName === \"AsyncClient\" || PE_Cached.nameOfNetModuleName === \"AsyncClient.exe\" ||\r\n PE.isNetObjectPresent(\"Pastebin\")\r\n )) {\r\n verdicts.push({\r\n type: \"AsyncRAT\",\r\n version: String(),\r\n details: String()\r\n });\r\n }\r\n\r\n\r\n // https://malpedia.caad.fkie.fraunhofer.de/details/win.nanocore\r\n\r\n if (verdicts.length === 0 && (PE.isNetObjectPresent(\"ClientLoaderForm\") || PE_Cached.nameOfNetAssemblyName === \"NanoCore Client\")) {\r\n verdicts.push({\r\n type: \"NanoCore RAT\",\r\n version: String(),\r\n details: String()\r\n });\r\n }\r\n\r\n\r\n // https://malpedia.caad.fkie.fraunhofer.de/details/win.orcus_rat\r\n\r\n if (verdicts.length === 0 && (PE_Cached.nameOfNetModuleName === \"Orcus.exe\" || PE.isNetObjectPresent(\"Orcus.Connections\"))) {\r\n verdicts.push({\r\n type: \"Orcus RAT\",\r\n version: \"1.3-1.9.1\",\r\n details: String()\r\n });\r\n }\r\n\r\n\r\n // https://www.broadcom.com/support/security-center/protection-bulletin/liberium-rat-malware\r\n\r\n if (verdicts.length === 0 && (PE_Cached.nameOfNetModuleName === \"Client.exe\" && PE.isNetObjectPresent(\"System.Security.Cryptography.X509Certificates\"))) {\r\n verdicts.push({\r\n type: \"Liberium RAT\",\r\n version: String(),\r\n details: String()\r\n });\r\n }\r\n\r\n\r\n if (verdicts.length === 0 && PE.isNetObjectPresent(\"button_unlock_Click\")) {\r\n verdicts.push({\r\n type: \"Liberium WinLocker\",\r\n version: String(),\r\n details: String()\r\n });\r\n }\r\n\r\n\r\n if (verdicts.length === 0 && PE_Cached.nameOfNetModuleName === \"Kheir.exe\") {\r\n verdicts.push({\r\n type: \"jnRAT\",\r\n version: String(),\r\n details: String()\r\n });\r\n }\r\n\r\n\r\n if (verdicts.length === 0 && PE_Cached.nameOfNetModuleName === \"QatarC.exe\") {\r\n verdicts.push({\r\n type: \"Qatar RAT\",\r\n version: \"1.2\",\r\n details: String()\r\n });\r\n }\r\n\r\n\r\n // https://malpedia.caad.fkie.fraunhofer.de/details/win.darkrat\r\n\r\n if (verdicts.length === 0 && (PE_Cached.nameOfNetModuleName === \"Client.exe\" && PE.isNetObjectPresent(\"fusion\"))) {\r\n verdicts.push({\r\n type: \"DarkRAT\",\r\n version: String(),\r\n details: String()\r\n });\r\n }\r\n\r\n\r\n // https://malpedia.caad.fkie.fraunhofer.de/details/win.icarus (??)\r\n\r\n if (verdicts.length === 0 && PE.isNetObjectPresent(\"tosuck\")) {\r\n verdicts.push({\r\n type: \"ICARUS Evil Worm RAT\",\r\n version: String(),\r\n details: String()\r\n });\r\n }\r\n\r\n\r\n // https://malpedia.caad.fkie.fraunhofer.de/details/win.noneuclid_rat\r\n\r\n if (verdicts.length === 0 && PE.isNetObjectPresent(\"isVM_by_wim_temper\")) {\r\n verdicts.push({\r\n type: \"NonEuclid RAT\",\r\n version: String(),\r\n details: String()\r\n });\r\n }\r\n\r\n\r\n // https://malpedia.caad.fkie.fraunhofer.de/details/win.imminent_monitor_rat\r\n\r\n if (verdicts.length === 0 && PE.isNetObjectPresent(\"LZLoader\") && PE.isNetObjectPresent(\"Injector\")) {\r\n verdicts.push({\r\n type: \"Imminent Monitor RAT\",\r\n version: String(),\r\n details: String()\r\n });\r\n }\r\n\r\n\r\n if (verdicts.length === 0 && (PE.isSignatureInSectionPresent(0, \"00\" + generateUnicodeSignatureMask(\" RAT\") + \"00 **\") ||\r\n PE.isNetObjectPresent(\"AntiTaskManager\") ||\r\n PE.isNetObjectPresent(\"BlockAvSites\") ||\r\n PE.isNetObjectPresent(\"UpdaterEXE\") || (\r\n // System.Net.Sockets + GetForegroundWindow + GetWindowsText\r\n PE.isNetObjectPresent(\"System.Net.Sockets\") && PE.isNetObjectPresent(\"GetForegroundWindow\") && PE.isNetObjectPresent(\"GetWindowText\") && (\r\n // Search for 'AntivirusProduct' or 'DisableTaskMgr'\r\n PE.isSignatureInSectionPresent(0, generateUnicodeSignatureMask(\"AntivirusProduct\")) || PE.isSignatureInSectionPresent(0, generateUnicodeSignatureMask(\"DisableTaskMgr\"))\r\n )\r\n ) || (\r\n // GetForegroundWindow + GetWindowText + NtSetInformationProcess\r\n PE.isNetObjectPresent(\"GetForegroundWindow\") && PE.isNetObjectPresent(\"GetWindowText\") && PE.isNetObjectPresent(\"NtSetInformationProcess\")\r\n ))) {\r\n verdicts.push({\r\n type: \"RAT\",\r\n version: String(),\r\n details: \"General signs\"\r\n });\r\n }\r\n }\r\n\r\n\r\n\r\n\r\n if (verdicts.length === 0 && (\r\n PE.isNetObjectPresent(\"potentiallyVulnerablePasswords\") ||\r\n PE.isNetObjectPresent(\"ScanGeckoBrowsersPaths\") ||\r\n PE.isNetObjectPresent(\"ScannedWallets\") ||\r\n PE.isNetObjectPresent(\"GetPasswords\") ||\r\n PE.isNetObjectPresent(\"ScanSteam\") ||\r\n PE.isNetObjectPresent(\"GetCookies\")\r\n )) {\r\n verdicts.push({\r\n type: \"Stealer\",\r\n version: String(),\r\n details: \"General signs\"\r\n });\r\n }\r\n\r\n\r\n\r\n\r\n // https://malpedia.caad.fkie.fraunhofer.de/details/win.ramnit\r\n\r\n if (verdicts.length === 0 && PE.isSectionNamePresent(\".rmnet\")) {\r\n verdicts.push({\r\n type: \"Ramnit\",\r\n version: String(),\r\n details: \"infected\"\r\n });\r\n }\r\n\r\n\r\n\r\n\r\n // https://malpedia.caad.fkie.fraunhofer.de/details/win.neshta\r\n\r\n if (verdicts.length === 0 && PE_Cached.isArchX86 && PE.compareEP(\r\n \"55\" + // push ebp\r\n \"8B EC\" + // mov ebp, esp\r\n \"83 C4 E0\" + // add esp, -0x20\r\n \"33 C0\" + // xor eax, eax\r\n \"89 45 E0\" + // mov dword ptr [ebp - 0x20], eax\r\n \"89 45 E8\" + // mov dword ptr [ebp - 0x18], eax\r\n \"89 45 E4\" + // mov dword ptr [ebp - 0x1c], eax\r\n \"89 45 EC\" + // mov dword ptr [ebp - 0x14], eax\r\n \"B8 54 80 40 00\" + // mov eax, 0x408054\r\n \"E8 12 BE FF FF\" + // call $+5 - 0x41EE\r\n \"33 C0\" + // xor eax, eax\r\n \"55\" + // push ebp\r\n \"68 20 82 40 00\" + // push 0x408220\r\n \"64 FF 30\" + // push dword ptr fs:[eax]\r\n \"64 89 20\" + // mov dword ptr fs:[eax], esp\r\n \"B8 A8 91 40 00\" + // mov eax, 0x4091a8\r\n \"B9 0B 00 00 00\" // mov ecx, 0xb\r\n )) {\r\n verdicts.push({\r\n type: \"Neshta\",\r\n version: String(),\r\n details: \"infected\"\r\n });\r\n }\r\n\r\n\r\n\r\n\r\n // https://citec.us/forum/showthread.php/15998-ConsoleDevil\r\n\r\n if (verdicts.length === 0 && PE_Cached.isArchX86 && PE.compareEP(\r\n \"68 .. .. .. ..\" + // push [...]\r\n \"68 00 00 00 00\" + // push 0\r\n \"68 .. .. .. ..\" + // push [...]\r\n \"E8 .. .. .. ..\" + // call [...]\r\n \"83 C4 0C\" + // add esp, 0xc\r\n \"68 00 00 00 00\" // push 0\r\n )) {\r\n var consoleDevilVersion = String();\r\n\r\n if (PE.isImportPositionHashPresent(0, 0xb27ceda0) && PE.isImportPositionHashPresent(1, 0xa77d975c)) {\r\n consoleDevilVersion = \"1.0\";\r\n } else if (PE.isImportPositionHashPresent(0, 0x1dec6c44) && PE.isImportPositionHashPresent(1, 0xf1ed6358)) {\r\n consoleDevilVersion = \"1.2\";\r\n }\r\n\r\n if (consoleDevilVersion) {\r\n verdicts.push({\r\n type: \"ConsoleDevil RAT\",\r\n version: consoleDevilVersion,\r\n details: String()\r\n });\r\n }\r\n }\r\n\r\n\r\n\r\n\r\n // https://malpedia.caad.fkie.fraunhofer.de/details/win.poison_ivy\r\n\r\n if (verdicts.length === 0 && PE_Cached.isArchX86 && PE.compareEP(\r\n \"B8 00 04 40 00\" + // mov eax, 0x400400\r\n \"FF D0\" + // call eax\r\n \"6A 00\" // push 0\r\n ) && PE.isImportPositionHashPresent(0, 0xbd365a2a)) {\r\n verdicts.push({\r\n type: \"Poison Lvy RAT\",\r\n version: String(),\r\n details: String()\r\n });\r\n }\r\n\r\n\r\n\r\n\r\n // https://malpedia.caad.fkie.fraunhofer.de/details/win.ghost_rat\r\n\r\n if (verdicts.length === 0 && PE.isExportFunctionPresent(\"Ip\")) {\r\n verdicts.push({\r\n type: \"Gh0st RAT\",\r\n version: String(),\r\n details: String()\r\n });\r\n }\r\n\r\n\r\n\r\n\r\n // https://malpedia.caad.fkie.fraunhofer.de/details/win.darkcomet\r\n\r\n if (verdicts.length === 0 &&\r\n // Todo fix\r\n /* (PE.isImportPositionHashPresent(0, 0xcf603a7d) && PE.isImportPositionHashPresent(1, 0xe6aa7d45) && PE.isImportPositionHashPresent(2, 0xa26edfd0)) || */\r\n // UPX packed\r\n (PE.isImportPositionHashPresent(0, 0xf375ee03) && PE.isImportPositionHashPresent(1, 0x6043ad68) && PE.isImportPositionHashPresent(2, 0x49e8b6dd)) ||\r\n // MPRESS packed\r\n (PE.isImportPositionHashPresent(0, 0x174efb84) && PE.isImportPositionHashPresent(1, 0x4afe3a51) && PE.isImportPositionHashPresent(2, 0x3d9a43d0))\r\n ) {\r\n verdicts.push({\r\n type: \"DarkComet RAT\",\r\n version: \"5.3\",\r\n details: String()\r\n });\r\n }\r\n\r\n\r\n\r\n\r\n // https://malpedia.caad.fkie.fraunhofer.de/details/win.bit_rat\r\n\r\n if (verdicts.length === 0 &&\r\n PE_Cached.numberOfUnmanagedImports === 1) {\r\n var isBitRatDetected = false,\r\n isBitRatTorStubVersion = false;\r\n\r\n if (PE.isImportPositionHashPresent(0, 0x202c6668)) {\r\n isBitRatDetected = true;\r\n } else if (PE.isImportPositionHashPresent(0, 0x249e9ed3)) {\r\n isBitRatDetected = true;\r\n isBitRatTorStubVersion = true;\r\n }\r\n\r\n if (isBitRatDetected) {\r\n verdicts.push({\r\n type: \"BitRAT\",\r\n version: String(),\r\n details: isBitRatTorStubVersion ? \"Tor\" : String()\r\n });\r\n }\r\n }\r\n\r\n\r\n\r\n\r\n if (verdicts.length === 0 &&\r\n (PE.isImportPositionHashPresent(0, 0x991f7f9a) && PE.isImportPositionHashPresent(1, 0x3495fca1)) ||\r\n (PE.isImportPositionHashPresent(0, 0x7d78c0f9) && PE.isImportPositionHashPresent(1, 0x4b76cb0f))) {\r\n verdicts.push({\r\n type: \"Furax RAT\",\r\n version: String(),\r\n details: String()\r\n });\r\n }\r\n\r\n\r\n\r\n\r\n // https://malpedia.caad.fkie.fraunhofer.de/details/ps1.octopus\r\n\r\n if (verdicts.length === 0 &&\r\n (PE.isImportPositionHashPresent(0, 0x42600eef) && PE.isSignatureInSectionPresent(0, \"'Octopus'\"))) {\r\n verdicts.push({\r\n type: \"Octopus RAT\",\r\n version: String(),\r\n details: String()\r\n });\r\n }\r\n\r\n\r\n\r\n\r\n if (verdicts.length === 0 &&\r\n (PE_Cached.numberOfUnmanagedImports === 1 && PE.isImportPositionHashPresent(0, 0x06a04d16)) ||\r\n (PE_Cached.numberOfUnmanagedImports > 4 && PE.isImportPositionHashPresent(0, 0xa719918b) && PE.isImportPositionHashPresent(-1, 0x9f8ccfc6))\r\n ) {\r\n verdicts.push({\r\n type: \"Biorante\",\r\n version: \"1.X\",\r\n details: String()\r\n });\r\n }\r\n\r\n\r\n\r\n\r\n if (verdicts.length === 0 &&\r\n PE.isImportPositionHashPresent(0, 0xb3318086) && // UPX packed\r\n PE.isImportPositionHashPresent(1, 0x3d9a43d0) &&\r\n PE.isImportPositionHashPresent(7, 0xf3b2674d)) {\r\n verdicts.push({\r\n type: \"Smart RAT\",\r\n version: \"1.0.X\",\r\n details: String()\r\n });\r\n }\r\n\r\n\r\n\r\n\r\n if (verdicts.length === 0 &&\r\n PE_Cached.numberOfUnmanagedImports === 1 && PE.isImportPositionHashPresent(0, 0x1b62aa20)) {\r\n verdicts.push({\r\n type: \"Ace RAT\",\r\n version: \"1.X\",\r\n details: String()\r\n });\r\n }\r\n\r\n\r\n\r\n\r\n if (verdicts.length === 0 &&\r\n PE_Cached.numberOfUnmanagedImports === 1 &&\r\n PE_Cached.isRichSignaturePresent &&\r\n PE.isImportPositionHashPresent(0, 0x2d6f7e88)) {\r\n verdicts.push({\r\n type: \"Aquates RAT\",\r\n version: \"1.0\",\r\n details: String()\r\n });\r\n }\r\n\r\n\r\n\r\n\r\n if (verdicts.length === 0 &&\r\n PE.section[0].Name === \"\\uFFFD\\uFFFD50\") {\r\n verdicts.push({\r\n type: \"Exception RAT\",\r\n version: \"1.0\",\r\n details: String()\r\n });\r\n }\r\n\r\n\r\n\r\n\r\n // https://malpedia.caad.fkie.fraunhofer.de/details/win.bozok\r\n\r\n if (verdicts.length === 0 &&\r\n !PE_Cached.isRichSignaturePresent &&\r\n PE.isImportPositionHashPresent(0, 0xbd365a2a)) { // kernel32.dll->ExitProcess\r\n var bozokRatVersion = String();\r\n\r\n if (PE.isImportPositionHashPresent(1, 0x0ed01f83)) {\r\n bozokRatVersion = \"1.0\";\r\n } else if (PE.isImportPositionHashPresent(1, 0xefd4be65)) {\r\n bozokRatVersion = \"1.2-1.3\";\r\n } else if (PE.isImportPositionHashPresent(1, 0x58133a50)) {\r\n bozokRatVersion = \"1.4-1.5.X\";\r\n }\r\n\r\n if (bozokRatVersion) {\r\n verdicts.push({\r\n type: \"Bozok RAT\",\r\n version: bozokRatVersion,\r\n details: String()\r\n });\r\n }\r\n }\r\n\r\n\r\n\r\n\r\n if (verdicts.length === 0 && !PE_Cached.isRichSignaturePresent) { // VB5\r\n var aquaRatVersion = String();\r\n\r\n if (PE.isImportPositionHashPresent(0, 0xfc2095af)) {\r\n aquaRatVersion = \"0.0.1\";\r\n } else if (PE.isImportPositionHashPresent(0, 0x8bc8445e)) {\r\n aquaRatVersion = \"0.2\";\r\n }\r\n\r\n if (aquaRatVersion && PE.isSignatureInSectionPresent(0, \"'Aqua'\")) {\r\n verdicts.push({\r\n type: \"Aqua RAT\",\r\n version: aquaRatVersion,\r\n details: String()\r\n });\r\n }\r\n }\r\n\r\n\r\n\r\n\r\n if (verdicts.length === 0 &&\r\n (PE.isImportPositionHashPresent(0, 0x90648ec6) && PE.isImportPositionHashPresent(1, 0x199ccb02) && PE.isImportPositionHashPresent(2, 0x4bb25d37)) ||\r\n (PE.isImportPositionHashPresent(0, 0x41b27a00) && PE.isImportPositionHashPresent(1, 0x56a9aa44) && PE.isImportPositionHashPresent(2, 0x4bb25d37)) ||\r\n (PE.isImportPositionHashPresent(0, 0xc649d485) && PE.isImportPositionHashPresent(1, 0xf2e69b15) && PE.isImportPositionHashPresent(2, 0x4bb25d37)) ||\r\n (PE.isImportPositionHashPresent(0, 0xe27edc0d) && PE.isImportPositionHashPresent(1, 0x1da5760e) && PE.isImportPositionHashPresent(2, 0x42779d34)) ||\r\n // UPX packed\r\n (PE.isImportPositionHashPresent(0, 0x3d9a43d0) && PE.isImportPositionHashPresent(1, 0xc28f4fe3) && PE.isImportPositionHashPresent(2, 0x5d1bddcc)) ||\r\n (PE.isImportPositionHashPresent(0, 0xf375ee03) && PE.isImportPositionHashPresent(1, 0x3d9a43d0) && PE.isImportPositionHashPresent(2, 0xc28f4fe3) && (PE.isImportPositionHashPresent(3, 0x5d1bddcc) || PE.isImportPositionHashPresent(3, 0xa2163984)))\r\n ) {\r\n verdicts.push({\r\n type: \"Babylon RAT\",\r\n version: String(),\r\n details: String()\r\n });\r\n }\r\n\r\n\r\n\r\n\r\n if (verdicts.length === 0 &&\r\n PE.isImportPositionHashPresent(0, 0x519fb9a6) &&\r\n PE.isImportPositionHashPresent(1, 0x69561fa8) &&\r\n PE.isImportPositionHashPresent(2, 0xe6aa7d45)) {\r\n verdicts.push({\r\n type: \"Sinique RAT\",\r\n version: \"1.0\",\r\n details: String()\r\n });\r\n }\r\n\r\n\r\n\r\n\r\n // https://malpedia.caad.fkie.fraunhofer.de/details/win.netwire\r\n\r\n if (verdicts.length === 0 &&\r\n PE.isImportPositionHashPresent(1, 0x5d1bddcc)) {\r\n var netWireVersion = String();\r\n\r\n if (PE.isImportPositionHashPresent(0, 0xfa0dd025)) {\r\n netWireVersion = \"1.2.X\";\r\n } else if (PE.isImportPositionHashPresent(0, 0x7845f465)) {\r\n netWireVersion = \"1.4\";\r\n }\r\n\r\n if (netWireVersion) {\r\n verdicts.push({\r\n type: \"NetWire RAT\",\r\n version: netWireVersion,\r\n details: String()\r\n });\r\n }\r\n }\r\n\r\n\r\n\r\n\r\n // https://malpedia.caad.fkie.fraunhofer.de/details/win.remcos\r\n\r\n if (verdicts.length === 0 &&\r\n PE.isImportPositionHashPresent(0, 0xf25ba92f) &&\r\n PE.isImportPositionHashPresent(1, 0xf740ae08) &&\r\n PE.isImportPositionHashPresent(2, 0xba3a1112)) {\r\n verdicts.push({\r\n type: \"Remcos RAT\",\r\n version: String(),\r\n details: String()\r\n });\r\n }\r\n\r\n\r\n\r\n\r\n // https://web.archive.org/web/20260108153947/https://indetectables.net/viewtopic.php?t=20716\r\n\r\n if (verdicts.length === 0 &&\r\n !PE_Cached.isRichSignaturePresent &&\r\n PE_Cached.numberOfUnmanagedImports === 20 &&\r\n PE.isImportPositionHashPresent(9, 0x5206612e) &&\r\n PE.isImportPositionHashPresent(16, 0xf3b2674d) &&\r\n PE.isImportPositionHashPresent(19, 0xabde73fb)) {\r\n verdicts.push({\r\n type: \"Daleth RAT\",\r\n version: \"1.0\",\r\n details: String()\r\n });\r\n }\r\n\r\n\r\n\r\n\r\n // https://web.archive.org/web/20090902161812/http://synsecurity.net/index.php?page=downloads\r\n\r\n if (verdicts.length === 0 &&\r\n !PE_Cached.isRichSignaturePresent &&\r\n PE_Cached.numberOfUnmanagedImports === 31 &&\r\n PE.isImportPositionHashPresent(0, 0xcf603a7d) &&\r\n PE.isImportPositionHashPresent(-1, 0x0201b2be) &&\r\n PE.isImportPositionHashPresent(-1, 0x3ca208f6)) {\r\n verdicts.push({\r\n type: \"Syndrome RAT\",\r\n version: \"4.3.X\",\r\n details: String()\r\n });\r\n }\r\n\r\n\r\n\r\n\r\n if (verdicts.length === 0 &&\r\n !PE_Cached.isRichSignaturePresent && PE.isTLSPresent() && (\r\n (PE.isImportPositionHashPresent(18, 0xc3df3568) && PE.isSignatureInSectionPresent(0, \"'lock_text'00\")) ||\r\n (PE.isImportPositionHashPresent(4, 0xc3df3568) && PE.isImportPositionHashPresent(5, 0x622ae906)) // UPX packed\r\n )) {\r\n verdicts.push({\r\n type: \"Amp WinLocker\",\r\n version: \"Sumhex Edition\",\r\n details: String()\r\n });\r\n }\r\n\r\n\r\n\r\n\r\n // https://max.ru/\r\n\r\n if (verdicts.length === 0 && (\r\n PE.getVersionStringInfo(\"ProductName\") === \"Max\" ||\r\n PE.getVersionStringInfo(\"CompanyName\") === \"Communication Platform LLC\"\r\n )) {\r\n verdicts.push({\r\n type: \"MAX Spyware\",\r\n version: String(),\r\n details: String()\r\n });\r\n }\r\n\r\n\r\n\r\n\r\n // Many not-so-smart virus writers use base64 to pack\r\n // or hide malicious code, but do not realize that this\r\n // is very easily detected by heuristic analysis.\r\n\r\n const signaturesVariants = [\r\n \"TVoAAAAAA\", // MZ ~[00 00 00 00 00]\r\n \"TVqQAA\", // MZ ~[90 00 03]\r\n \"TVpQAA\", // MZ ~[50 00 02]\r\n \"TVp4AA\" // MZ ~[78 00 01]\r\n ];\r\n\r\n // Iterate through signature variants\r\n for (var s = 0; s < signaturesVariants.length; s++) {\r\n const trigger = signaturesVariants[s];\r\n\r\n // Check if the signature is valid using Unicode signature mask or the original signature\r\n if (\r\n validateGlobalUnicodeString(trigger) ||\r\n validateSignature(\"'\" + trigger + \"'\")\r\n ) {\r\n verdicts.push({\r\n type: \"Base64 payload\",\r\n version: String(),\r\n details: mayBeInfected\r\n });\r\n\r\n break;\r\n }\r\n }\r\n\r\n\r\n\r\n\r\n // Check for obfuscated names and anomalous signs in .NET and native assemblies\r\n\r\n if (PE_Cached.isDotNet && (\r\n PE_Cached.nameOfNetAssemblyName.toLowerCase() === \"stub\" ||\r\n PE_Cached.nameOfNetModuleName.toLowerCase().indexOf(\"stub.\") === 0 ||\r\n PE_Cached.nameOfNetAssemblyName.toLowerCase().indexOf(\"crypted\") !== -1 ||\r\n PE_Cached.nameOfNetModuleName.toLowerCase().indexOf(\"crypted\") !== -1 ||\r\n PE_Cached.nameOfNetAssemblyName.toLowerCase().indexOf(\"payload\") !== -1 ||\r\n PE_Cached.nameOfNetModuleName.toLowerCase().indexOf(\"payload\") !== -1 ||\r\n isNameObfuscated(PE_Cached.nameOfNetAssemblyName) ||\r\n isNameObfuscated(PE_Cached.nameOfNetModuleName) ||\r\n /(^tmp|\\.tmp$)/.test(PE_Cached.nameOfNetModuleName)\r\n ) ||\r\n PE.getVersionStringInfo(\"OriginalFilename\").toLowerCase().indexOf(\"stub.\") === 0 ||\r\n PE.getVersionStringInfo(\"InternalName\").toLowerCase().indexOf(\"stub.\") === 0 ||\r\n (function () {\r\n var fieldsToCheck = [\r\n \"Comments\",\r\n \"CompanyName\",\r\n \"FileDescription\",\r\n \"ProductName\",\r\n \"LegalCopyright\",\r\n \"LegalTrademarks\",\r\n \"OriginalFilename\",\r\n \"InternalName\"\r\n ];\r\n\r\n for (var i = 0; i < fieldsToCheck.length; i++) {\r\n if (isNameObfuscated(PE.getVersionStringInfo(fieldsToCheck[i]))) {\r\n return true;\r\n }\r\n }\r\n\r\n return false;\r\n })()\r\n ) {\r\n verdicts.push({\r\n type: \"Anomalous build info\",\r\n version: String(),\r\n details: mayBeInfected\r\n });\r\n }\r\n\r\n\r\n\r\n\r\n if (PE.isResourceNamePresentExp(/^(STUB|SERVER)(\\.[A-Z]{3})?$/) ||\r\n PE.isResourceNamePresentExp(/(PAYLOAD|SHELLCODE|INJECT|CRYPTED)/)) {\r\n verdicts.push({\r\n type: \"Anomalous resources\",\r\n version: String(),\r\n details: mayBeInfected\r\n });\r\n }\r\n\r\n\r\n\r\n\r\n for (var v = 0; v < verdicts.length; v++) {\r\n var verdict = verdicts[v];\r\n\r\n _setResult(\"~malware\", verdict.type, verdict.version, verdict.details);\r\n }\r\n}\r\n// #endregion\r\n\r\n\r\n\r\n// #region \"interesting markers (.NET and Native)\"\r\nfunction scanForInterestingMarkers_NET_and_Native() {\r\n log(logType.nothing, \"Scanning for interesting markers...\");\r\n\r\n var options = String();\r\n\r\n var isDetected = Boolean();\r\n\r\n\r\n\r\n\r\n // https://learn.microsoft.com/en-us/previous-versions/windows/desktop/legacy/ee417681(v=vs.85)#:~:text=Root%20Element:%20GameDefinitionFile,GameDefinition%20Attributes\r\n\r\n var isGdfSchemaPresent = false;\r\n\r\n for (var i = 0; i < PE_Cached.numberOfUnmanagedResources && !isGdfSchemaPresent; i++) {\r\n if (PE.getResourceNameByNumber(i) === \"__GDF_XML\") {\r\n if (PE.isSignaturePresent(\r\n PE.getResourceOffsetByNumber(i),\r\n PE.getResourceSizeByNumber(i), generateUnicodeSignatureMask(\"GameDefinitionFile\"))) {\r\n isGdfSchemaPresent = true;\r\n }\r\n }\r\n }\r\n\r\n if (isGdfSchemaPresent) options = \"GDF Schema\";\r\n\r\n\r\n\r\n\r\n if (options.length != 0) isDetected = true;\r\n\r\n\r\n if (isDetected) {\r\n _setResult(\"~marker\", \"Contains\", String(), PE.isVerbose() ? options : String());\r\n }\r\n}\r\n// #endregion\r\n\r\n// Every time I start writing bad code I get hit with my head on the keybofewuihdsowefjfqodgsa79dowqhdsioefurogrwhuoguethuhofrwyioguqwehuf\r\n" }, { "path": "db/PE/_debug_data.5.sg", "content": "// Detect It Easy: detection rule file\r\n// Author: horsicq \r\n// Detect It Easy: detection rule file\r\n// Reports each PE Debug Directory entry as a separate detection result.\r\n// For UNKNOWN-typed entries the raw data is inspected to identify the format.\r\n\r\nmeta(\"debug data\", \"Records\");\r\n\r\nfunction detect() {\r\n var numOfDebugDataRecords = PE.getNumberOfDebugDataRecords();\r\n\r\n if (numOfDebugDataRecords > 0) {\r\n bDetected = true;\r\n }\r\n\r\n for (var i = 0; i < numOfDebugDataRecords; i++) {\r\n var sType = PE.getDebugDataType(i);\r\n\r\n if (sType === \"UNKNOWN\") {\r\n detectUnknownDebugData(PE.getDebugDataOffset(i), PE.getDebugDataSize(i));\r\n } else {\r\n sOptions = sOptions.append(sType.toLowerCase());\r\n }\r\n }\r\n\r\n return result();\r\n}\r\n\r\nfunction detectUnknownDebugData(nDataOffset, nDataSize) {\r\n if (nDataSize < 2) {\r\n return;\r\n }\r\n\r\n // Borland TDS (Turbo Debugger Symbols)\r\n if (PE.readWord(nDataOffset) === 0x52FB) {\r\n var minor = PE.readByte(nDataOffset + 2),\r\n major = PE.readByte(nDataOffset + 3),\r\n minorStr = ((minor >> 4) * 10 + (minor & 0x0F)).toString(),\r\n majorStr = ((major >> 4) * 10 + (major & 0x0F)).toString(),\r\n sVer = majorStr + \".\" + minorStr,\r\n nSymbols = PE.readWord(nDataOffset + 0xE);\r\n\r\n _setResult(\"debug data\", \"Borland TDS\", sVer, nSymbols ? (nSymbols + \" symbols\") : \"\");\r\n } else if (PE.compare(\"'FB09'\", nDataOffset)) {\r\n _setResult(\"debug data\", \"Borland TDS\", \"\", \"Delphi TDS\");\r\n } else if (PE.compare(\"'FB0A'\", nDataOffset)) {\r\n _setResult(\"debug data\", \"Borland TDS\", \"\", \"C++ TDS\");\r\n }\r\n}\r\n" }, { "path": "db/PE/_init", "content": "// Detect It Easy: DiE-JS framework file\r\n// Don't change anything unless you're sure about what you're doing\r\n\r\nvar File = PE;\r\nvar X = PE;\r\n\r\n/**\r\n * Get the signature at an offset of the entry point.\r\n * @see Binary.getSignature\r\n */\r\nPE.getEntryPointSignature = function (nOffset, nSize) {\r\n return PE.getSignature(PE.nEP + nOffset, nSize);\r\n}\r\n\r\n\r\n/**\r\n * Add console and/or administrator requirement to the general options.\r\n * @returns {String}\r\n */\r\nPE.getGeneralOptionsEx = function () {\r\n sResult = PE.getGeneralOptions();\r\n if (PE.isConsole()) {\r\n sResult = sResult.append(\"console\");\r\n }\r\n if (/requireAdministrator/.test(PE.getManifest())) {\r\n sResult = sResult.append(\"admin\");\r\n }\r\n if (PE.isSignedFile()) {\r\n sResult = sResult.append(\"signed\");\r\n }\r\n\r\n return sResult;\r\n}\r\n\r\n\r\n/**\r\n * Locate the first library matching a pattern.\r\n * @returns {?Array} null if not found, otherwise:\r\n *
[-1] is the number of the library;\r\n *
[0] is the name of the library (lower cased);\r\n *
[1] onwards are the captured subpatterns.\r\n */\r\nPE.isLibraryPresentExp = function (sLibraryPattern) {\r\n var aMatch = null;\r\n for (var n = 0; n < PE.getNumberOfImports(); n++) {\r\n aMatch = PE.getImportLibraryName(n).match(sLibraryPattern);\r\n if (aMatch) {\r\n aMatch[-1] = n;\r\n aMatch[0] = PE.getImportLibraryName(n).toLowerCase();\r\n break;\r\n }\r\n }\r\n\r\n return aMatch;\r\n}\r\n\r\n\r\n/**\r\n * Locate the first export function matching a pattern.\r\n * @returns {?Array} null if not found, otherwise:\r\n *
[-1] is the number of the export function;\r\n *
[0] is the name of the export function;\r\n *
[1] onwards are the captured subpatterns.\r\n */\r\nPE.isExportFunctionPresentExp = function (sExportPattern) {\r\n var aMatch = null;\r\n for (var n = 0; n < PE.getNumberOfExportFunctions(); n++) {\r\n aMatch = PE.getExportFunctionName(n).match(sExportPattern);\r\n if (aMatch) {\r\n aMatch[-1] = n;\r\n aMatch[0] = PE.getExportFunctionName(n);\r\n break;\r\n }\r\n }\r\n\r\n return aMatch;\r\n}\r\n\r\n\r\n/**\r\n * Locate the first section matching a pattern.\r\n * @returns {?Array} null if not found, otherwise:\r\n *
[-1] is the number of the section;\r\n *
[0] is the name of the section;\r\n *
[1] onwards are the captured subpatterns.\r\n */\r\nPE.isSectionNamePresentExp = function (sSectionPattern) {\r\n var aMatch = null;\r\n for (var n = 0; n < PE.getNumberOfSections(); n++) {\r\n aMatch = PE.getSectionName(n).match(sSectionPattern);\r\n if (aMatch) {\r\n aMatch[-1] = n;\r\n aMatch[0] = PE.getSectionName(n);\r\n break;\r\n }\r\n }\r\n\r\n return aMatch;\r\n}\r\n\r\n\r\n/**\r\n * Locate the first resource matching a pattern.\r\n * @returns {?Array} null if not found, otherwise:\r\n *
[-1] is the number of the resource;\r\n *
[0] is the name of the resource;\r\n *
[1] onwards are the captured subpatterns.\r\n */\r\nPE.isResourceNamePresentExp = function (sResourcePattern) {\r\n var aMatch = null;\r\n for (var n = 0; n < PE.getNumberOfResources(); n++) {\r\n aMatch = PE.getResourceNameByNumber(n).match(sResourcePattern);\r\n if (aMatch) {\r\n aMatch[-1] = n;\r\n aMatch[0] = PE.getResourceNameByNumber(n);\r\n break;\r\n }\r\n }\r\n\r\n return aMatch;\r\n}\r\n\r\n\r\n/**\r\n * The number of the last section.\r\n */\r\nPE.nLastSection = PE.getNumberOfSections() - 1;\r\n\r\nfunction Section(number, name, virtsize, rva, filesize, offset, characteristics) {\r\n this.Number = number;\r\n this.Name = name;\r\n this.VirtualSize = virtsize;\r\n this.VirtualAddress = rva;\r\n this.FileSize = filesize;\r\n this.FileOffset = offset;\r\n this.Characteristics = characteristics;\r\n}\r\n\r\n/**\r\n * An array of sections, indexed by number and name (if not numeric). Members are the same as the functions.\r\n * @example\r\n * var rsrcSection = PE.section[\".rsrc\"].FileOffset;\r\n */\r\nPE.section = [];\r\nfor (var i = 0; i <= PE.nLastSection; i++) {\r\n PE.section[i] = new Section(i,\r\n PE.getSectionName(i),\r\n PE.getSectionVirtualSize(i),\r\n PE.getSectionVirtualAddress(i),\r\n PE.getSectionFileSize(i),\r\n PE.getSectionFileOffset(i),\r\n PE.getSectionCharacteristics(i));\r\n if (PE.section[i].Name) {\r\n var name = PE.section[i].Name;\r\n // Don't do numeric names, as they are always treated as an index.\r\n if (+name.toString() != name) { // parseInt crashes the application if Delphi project uses diedll :(\r\n PE.section[name] = PE.section[i];\r\n }\r\n }\r\n}\r\n\r\n// Create dummy sections for the few files that need them.\r\nPE.section[-1] = new Section(-1, \"\\0\", 0, 0, 0, PE.getSize(), 0);\r\nif (PE.nLastSection == -1) {\r\n PE.section[0] = PE.section[-1];\r\n}\r\n\r\n\r\n// Create an array of resources.\r\n\r\nfunction Resource(number, id, name, offset, size, type) {\r\n this.Number = number;\r\n this.Id = id;\r\n this.Name = name;\r\n this.Offset = offset;\r\n this.Size = size;\r\n this.Type = type;\r\n}\r\n\r\n/**\r\n * An array of resources, indexed by number and name (if not numeric). Members are the same as the functions.\r\n * @example\r\n * var packageInfoResource = PE.resource[\"PACKAGEINFO\"].Offset;\r\n */\r\nPE.resource = [];\r\nfor (var i = 0; i < PE.getNumberOfResources(); i++) {\r\n PE.resource[i] = new Resource(i,\r\n PE.getResourceIdByNumber(i),\r\n PE.getResourceNameByNumber(i),\r\n PE.getResourceOffsetByNumber(i),\r\n PE.getResourceSizeByNumber(i),\r\n PE.getResourceTypeByNumber(i));\r\n if (PE.resource[i].Name) {\r\n var name = PE.resource[i].Name;\r\n // Don't do numeric names, as they are always treated as an index.\r\n if ((+name).toString() != name) { // parseInt crashes the application if Delphi project uses diedll :(\r\n PE.resource[name] = PE.resource[i];\r\n }\r\n }\r\n}" }, { "path": "db/PE/archive_7z.6.sg", "content": "// Detect It Easy: detection rule file\r\n// Author: horsicq \r\n\r\nmeta(\"archive\", \"7-Zip\");\r\n\r\nfunction detect() {\r\n const overlayOffset = PE.getOverlayOffset();\r\n\r\n if (PE.compareOverlay(\"';!@Install@!UTF-8!'\") || PE.compareOverlay(\"efbbbf';!@Install@!UTF-8!'\")) {\r\n if (PE.isSignaturePresent(overlayOffset, 0x2000, \"'7z'BCAF271C\")) {\r\n sVersion = \"SFX\";\r\n bDetected = true;\r\n }\r\n } else if (PE.compare(\"'7z'BCAF271C\", overlayOffset)) {\r\n sVersion = PE.readByte(overlayOffset + 6) + \".\" + PE.readByte(overlayOffset + 7);\r\n\r\n if (sVersion.match(/^\\d+\\.\\d+$/)) {\r\n bDetected = true;\r\n }\r\n }\r\n\r\n return result();\r\n}\r\n" }, { "path": "db/PE/arj.6.sg", "content": "// Detect It Easy: detection rule file\r\n// Author: Jason Hood \r\n\r\nincludeScript(\"arj\");\r\n\r\nfunction detect() {\r\n detect_ARJ(0);\n\n return result();\n}" }, { "path": "db/PE/compiler_BatchToApp.6.sg", "content": "// Detect It Easy: detection rule file\n\n// Author: DosX\n// E-Mail: collab@kay-software.ru\n// GitHub: https://github.com/DosX-dev\n// Telegram: @DosX_dev\n\n// https://github.com/DosX-dev/BatchToApp\nmeta(\"compiler\", \"BatchToApp\");\n\nfunction detect() {\n bDetected = PE.isNetObjectPresent(\"GeneratedWithBatchToApp\") && PE.isNetUStringPresent(\"Unable to execute.\");\n\n sLang = \"Batch\";\n\n return result();\n}" }, { "path": "db/PE/compiler_BeRo_Tiny_Pascal.6.sg", "content": "// Detect It Easy: detection rule file\r\n// Author: horsicq \r\n\r\nmeta(\"compiler\", \"BeRo Tiny Pascal\");\r\n\r\nfunction detect() {\r\n if (PE.compareEP(\"E9........' Compiled by: BeRoTinyPascal - (C) Copyright 2006, Benjamin '27'BeRo'27' Rosseaux '\")) {\r\n bDetected = true;\r\n }\r\n\r\n sLang = \"Pascal\";\r\n\r\n return result();\r\n}\r\n" }, { "path": "db/PE/compiler_Borland_C++.6.sg", "content": "// Detect It Easy: detection rule file\r\n// Author: horsicq \r\n// https://docwiki.embarcadero.com/RADStudio/Alexandria/en/Compiler_Versions\r\n// coauthor: sendersu (If errors pls contact sendersu on cracklab.team)\r\n\r\nmeta(\"compiler\", \"Borland C++\");\r\n\r\nincludeScript(\"Borland\");\r\n\r\nfunction detect() {\r\n bDetected = bBorlandC;\r\n\r\n if (bDetected == 2) {\r\n sVersion = \"1999\";\r\n bDetected = true;\r\n }\r\n\r\n if (bDetected) {\r\n var dvclalResource = PE.resource[\"DVCLAL\"];\r\n\r\n if (PE.resource[\"PACKAGEINFO\"] || dvclalResource) {\r\n sVersion = \"Builder\";\r\n\r\n if (dvclalResource) {\r\n // try to decode DVCLAL (Delphi Visual Component Library Access License) values\r\n nOffset = PE.getResourceNameOffset(\"DVCLAL\");\r\n if (PE.compare(\"A28CDF987B3C3A7926713F090F2A2517\", nOffset)) {\r\n sOptions = \"Professional\";\r\n } else if (PE.compare(\"23785D23B6A5F31943F3400226D111C7\", nOffset)) {\r\n sOptions = \"Standard\";\r\n } else if (PE.compare(\"263D4F38C28237B8F3244203179B3A83\", nOffset)) {\r\n sOptions = \"Enterprise\";\r\n }\r\n }\r\n }\r\n }\r\n\r\n sLang = \"C++\";\r\n\r\n return result();\r\n}\r\n" }, { "path": "db/PE/compiler_Cygwin32.4.sg", "content": "// Detect It Easy: detection rule file\r\n// Author: horsicq \r\n\r\nmeta(\"compiler\", \"Cygwin32\");\r\n\r\nfunction detect() {\r\n if (PE.compareEP(\"5589E583EC04833D\")) {\r\n bDetected = true;\r\n }\r\n\r\n return result();\r\n}\r\n" }, { "path": "db/PE/compiler_DECFortran.4.sg", "content": "// Detect It Easy: detection rule file\n// Author: sendersu\n// If errors pls contact sendersu on cracklab.team\n\nmeta(\"compiler\", \"DEC Visual Fortran (Windows)\");\n\nfunction detect() {\n if (PE.isSectionNamePresent(\".data\")) {\n var dataSection = PE.section[\".data\"];\n\n var nVersionOffset = PE.findString(dataSection.FileOffset, dataSection.FileSize, \"DEC Fortran RTL Message Catalog\");\n if (nVersionOffset != -1) {\n sVersion = \"14-Jul-1999\"\n bDetected = true;\n }\n }\n\n sLang = \"Fortran\";\n\n return result();\n}\n" }, { "path": "db/PE/compiler_DMD.6.sg", "content": "// Detect It Easy: detection rule file\r\n// Author: horsicq \r\n// 27.12.2023 @DosX_dev add strings\r\n// 29.06.2025 @DosX_dev rule logic optimized\r\n\r\n// TODO: Rewrite this script\r\n\r\nmeta(\"compiler\", \"DMD\");\r\n\r\nfunction detect() {\r\n if (PE.isNet()) return; // Doesn't support .NET\r\n\r\n if (PE.isSectionNamePresent(\".minfo\") && PE.isSectionNamePresent(\"._deh\")) {\r\n bDetected = true;\r\n }\r\n\r\n var rdataSection = PE.section[\".rdata\"],\r\n rdataSectionOffset = -1,\r\n rdataSectionSize = -1;\r\n\r\n if (rdataSection) {\r\n rdataSectionOffset = rdataSection.FileOffset;\r\n rdataSectionSize = rdataSection.FileSize;\r\n }\r\n\r\n if (!bDetected) {\r\n if (rdataSection && PE.isDeepScan()) {\r\n if (PE.findSignature(rdataSectionOffset, rdataSectionSize, \"'core.sys.windows.dll'\") != -1 &&\r\n PE.findSignature(rdataSectionOffset, rdataSectionSize, \"'string.d'\") != -1) {\r\n bDetected = true;\r\n }\r\n }\r\n }\r\n\r\n if (bDetected && rdataSection) {\r\n var strOffset = PE.findString(rdataSectionOffset, rdataSectionSize, \"This program will continue, but will not operate when using DMD \");\r\n\r\n if (strOffset != -1) {\r\n sVersion = PE.getString(strOffset - 7, 5);\r\n\r\n if (sVersion.indexOf(\".\") == -1 || sVersion.split(\".\")[0].length != 1) {\r\n sVersion = String();\r\n }\r\n }\r\n }\r\n\r\n sLang = \"D\";\r\n\r\n return result();\r\n}\r\n" }, { "path": "db/PE/compiler_DarkBASIC.4.sg", "content": "// Detect It Easy: detection rule file\r\n// Author: horsicq \r\n\r\nmeta(\"compiler\", \"DarkBASIC Professional\");\r\n\r\nfunction detect() {\r\n if (PE.isOverlayPresent() && PE.isSignaturePresent(PE.getOverlayOffset(), 2048, \"'dbprocore.dll'\")) {\r\n bDetected = true;\r\n }\r\n\r\n sLang = \"DarkBASIC\";\r\n\r\n return result();\r\n}\r\n" }, { "path": "db/PE/compiler_Delphi.4.sg", "content": "// Detect It Easy: detection rule file\r\n// Author: horsicq \r\n// 1995-2007 Borland Delphi\r\n// 2007-2014 Embarcadero Delphi;\r\n// https://docwiki.embarcadero.com/RADStudio/Alexandria/en/Compiler_Versions\r\n// coauthor: sendersu\r\n\r\nmeta(\"compiler\", \"Borland Delphi\");\r\n\r\nincludeScript(\"Borland\");\r\n\r\nfunction getVersion() {\r\n if (PE.isNet()) {\r\n sOptions = \".NET\";\r\n\r\n if (PE.isNetObjectPresent(\"Borland.Vcl.Types\")) {\r\n sVersion = \"8\";\r\n } else if (PE.isNetObjectPresent(\"Borland.Eco.Interfaces\")) {\r\n sVersion = \"8 Eco WinForm\";\r\n } else if (PE.isNetObjectPresent(\"Borland.Delphi.System\") &&\r\n PE.isNetObjectPresent(\"WinForm\")) {\r\n sVersion = \"8 WinForm\";\r\n } else if (PE.isNetObjectPresent(\"Borland.Delphi.Units\")) {\r\n sVersion = \"2005\";\r\n } else if (PE.isNetObjectPresent(\"Borland.Studio.Delphi\")) {\r\n sName = \"Embarcadero Delphi\";\r\n sVersion = \"XE*\";\r\n } else {\r\n return false;\r\n }\r\n\r\n return true;\r\n }\r\n\r\n var nSectionOffset = PE.section[0].FileOffset,\r\n nSectionSize = PE.section[0].FileSize,\r\n nOffset = nSectionOffset,\r\n nSize = nSectionSize,\r\n nOffset2,\r\n nAddress,\r\n nLng,\r\n nLng1,\r\n bNewVersion = false;\r\n\r\n var nAddressSize = PE.is64() ? 8 : 4;\r\n\r\n while (nSize > 0) {\r\n nOffset = PE.findSignature(nOffset, nSize, \"0708'TControl'\");\r\n\r\n if (nOffset == -1) {\r\n break;\r\n }\r\n\r\n nAddress = PE.readDword(nOffset + 10);\r\n nOffset2 = PE.VAToOffset(nAddress);\r\n\r\n if (nOffset2 != -1) {\r\n if (nOffset2 >= nSectionOffset && (nOffset2 < nSectionOffset + nSectionSize)) {\r\n nLng = PE.readDword(nOffset2 - 10 * nAddressSize);\r\n nLng1 = PE.readDword(nOffset2 - 10 * nAddressSize - 11 * nAddressSize);\r\n\r\n switch (nLng) {\r\n case 0:\r\n if (nLng1 == 0x746E4907) {\r\n sVersion = \"3\";\r\n } else if (nLng1 == 0x4F540774) {\r\n sVersion = \"2\";\r\n }\r\n\r\n break;\r\n case 0x0B4: sVersion = \"C++ Builder\"; break;\r\n case 0x114: sVersion = \"4\"; break;\r\n case 0x120: sVersion = \"5\"; break;\r\n case 0x128: sVersion = \"6 CLX\"; break;\r\n case 0x12C: sVersion = \"7 CLX\"; break;\r\n case 0x138: sVersion = \"Kylix\"; break;\r\n case 0x15C:\r\n case 0x160: sVersion = (nLng1 == 0x40100000 || nLng1 == 0x100000) ? \"7\" : \"6\"; break;\r\n case 0x164: sVersion = \"2005\"; break;\r\n case 0x190: sVersion = \"2006\"; break;\r\n\r\n default:\r\n nLng = PE.readDword(nOffset2 - 13 * nAddressSize);\r\n\r\n if (nLng == 0x1A4) {\r\n sName = \"Embarcadero Delphi\";\r\n sVersion = \"2009\";\r\n } else if (nLng == 0x1AC) {\r\n var packageInfoResource = PE.resource[\"PACKAGEINFO\"];\r\n\r\n if (packageInfoResource) {\r\n\r\n nOffset = packageInfoResource.Offset;\r\n nSize = packageInfoResource.Size;\r\n\r\n if (PE.isSignaturePresent(nOffset, nSize, \"'ExcUtils'\")) {\r\n sName = \"Embarcadero Delphi\";\r\n sVersion = \"XE\";\r\n } else if (PE.isSignaturePresent(nOffset, nSize, \"'StrUtils'\")) {\r\n sName = \"Embarcadero Delphi\";\r\n sVersion = \"2010\";\r\n } else {\r\n sName = \"Embarcadero Delphi\";\r\n sVersion = \"2010 or XE\";\r\n }\r\n }\r\n } else if (nLng == 0x1B4) {\r\n // 32\r\n sName = \"Embarcadero Delphi\";\r\n sVersion = \"XE2-XE4\";\r\n } else if (nLng == 0x2F0 || nLng == 0x2F8) {\r\n // 64\r\n sName = \"Embarcadero Delphi\";\r\n sVersion = \"XE2\";\r\n } else if (nLng == 0x1BC) {\r\n // 32\r\n sName = \"Embarcadero Delphi\";\r\n sVersion = \"XE5-XE6\";\r\n bNewVersion = true;\r\n } else {\r\n if (nAddressSize == 8) {\r\n nLng = PE.readDword(nOffset2 - 16 * nAddressSize);\r\n if (nLng == 0x2F8) {\r\n // 64\r\n sName = \"Embarcadero Delphi\";\r\n sVersion = \"XE3-X4\";\r\n } else if (nLng == 0x308) {\r\n // 64\r\n sName = \"Embarcadero Delphi\";\r\n sVersion = \"XE5-XE6\";\r\n bNewVersion = true;\r\n }\r\n }\r\n }\r\n }\r\n\r\n if (sVersion && !bNewVersion) {\r\n return true;\r\n }\r\n }\r\n }\r\n\r\n nOffset++;\r\n nSize = nSectionSize - (nOffset - nSectionOffset + 1);\r\n }\r\n\r\n if (PE.resource[\"PACKAGEINFO\"]) {\r\n nOffset = PE.resource[\"PACKAGEINFO\"].Offset;\r\n nSize = PE.resource[\"PACKAGEINFO\"].Size;\r\n\r\n if (PE.isSignaturePresent(nOffset, nSize, \"'System.SysUtils'\")) {\r\n sName = \"Embarcadero Delphi\";\r\n sVersion = \"XE2-XE6\";\r\n bNewVersion = true;\r\n } else if (PE.isSignaturePresent(nOffset, nSize, \"'ExcUtils'\")) {\r\n sName = \"Embarcadero Delphi\";\r\n sVersion = \"XE\";\r\n } else if (PE.isSignaturePresent(nOffset, nSize, \"'StrUtils'\")) {\r\n sName = \"Embarcadero Delphi\";\r\n sVersion = \"2009-2010\";\r\n } else if (PE.isSignaturePresent(nOffset, nSize, \"'ImageHlp'\")) {\r\n sVersion = \"2006\";\r\n } else if (PE.isSignaturePresent(nOffset, nSize, \"'SysInit'\")) {\r\n sVersion = \"6-7 or 2005\";\r\n }\r\n\r\n if (sVersion && !bNewVersion) {\r\n return true;\r\n }\r\n } else {\r\n if (PE.findString(PE.section[0].FileOffset, PE.section[0].FileSize, \"Borland\\\\Delphi\") != -1) {\r\n sVersion = \"2-3\";\r\n return true;\r\n }\r\n }\r\n\r\n if (bNewVersion) {\r\n var rdataSection = PE.section[\".rdata\"];\r\n\r\n if (rdataSection) {\r\n var nVersionOffset = PE.findString(rdataSection.FileOffset, rdataSection.FileSize, \"Embarcadero Delphi for Win\");\r\n\r\n if (nVersionOffset != -1) {\r\n var sCompilerVersion = PE.getString(nVersionOffset + 46, 4);\r\n if (sCompilerVersion == \"28.0\") {\r\n sVersion = \"XE7\";\r\n } else if (sCompilerVersion == \"29.0\") {\r\n sVersion = \"XE8\";\r\n } else if (sCompilerVersion == \"30.0\") {\r\n sVersion = \"10 Seattle\";\r\n } else if (sCompilerVersion == \"31.0\") {\r\n sVersion = \"10.1 Berlin\";\r\n } else if (sCompilerVersion == \"32.0\") {\r\n sVersion = \"10.2 Tokyo\";\r\n } else if (sCompilerVersion == \"33.0\") {\r\n sVersion = \"10.3 Rio\";\r\n } else if (sCompilerVersion == \"34.0\") {\r\n sVersion = \"10.4 Sydney\";\r\n } else if (sCompilerVersion == \"35.0\") {\r\n sVersion = \"11.0 Alexandria\";\r\n } else if (sCompilerVersion == \"36.0\") {\r\n sVersion = \"12.0 Athens\";\r\n } else {\r\n sVersion = \"12.X Athens++\";\r\n }\r\n }\r\n }\r\n\r\n return true;\r\n }\r\n\r\n return false;\r\n}\r\n\r\nfunction detect() {\r\n if (bBorlandC) { // can't be Delphi if it's already C/C++\r\n return;\r\n }\r\n\r\n if (PE.resource[\"PACKAGEINFO\"]) {\r\n bDetected = true;\r\n getVersion();\r\n }\r\n if (PE.resource[\"DVCLAL\"]) {\r\n bDetected = true;\r\n getVersion();\r\n\r\n // try to decode DVCLAL (Delphi Visual Component Library Access License) values\r\n nOffset = PE.getResourceNameOffset(\"DVCLAL\");\r\n if (PE.compare(\"A28CDF987B3C3A7926713F090F2A2517\", nOffset)) {\r\n sOptions = \"Professional\";\r\n } else if (PE.compare(\"23785D23B6A5F31943F3400226D111C7\", nOffset)) {\r\n sOptions = \"Standard\";\r\n } else if (PE.compare(\"263D4F38C28237B8F3244203179B3A83\", nOffset)) {\r\n sOptions = \"Enterprise\";\r\n }\r\n } else if (PE.resource[\"TMAINFORM\"]) {\r\n bDetected = true;\r\n getVersion();\r\n } else if (PE.isNet()) {\r\n if (getVersion()) {\r\n bDetected = true;\r\n }\r\n } else if (PE.compare(\"0A06'string'\", PE.section[0].FileOffset)) {\r\n sVersion = \"2\";\r\n bDetected = true;\r\n } else if (PE.findSignature(PE.section[0].FileOffset, 100, \"07'Boolean'\") != -1) {\r\n bDetected = true;\r\n getVersion();\r\n } else if (PE.findSignature(PE.section[0].FileOffset, 100, \"06'String'\") != -1) {\r\n bDetected = true;\r\n getVersion();\r\n } else if (PE.findSignature(PE.section[0].FileOffset, 0x100, \"FF25........8BC0FF25........8BC0\")) {\r\n if (getVersion()) {\r\n bDetected = true;\r\n }\r\n }\r\n\r\n sLang = \"Object Pascal (Delphi)\";\r\n\r\n return result();\r\n}\r\n" }, { "path": "db/PE/compiler_EuroASM.4.sg", "content": "// Detect It Easy: detection rule file\n\n// Author: DosX\n// E-Mail: collab@kay-software.ru\n// GitHub: https://github.com/DosX-dev\n// Telegram: @DosX_dev\n\n// https://euroassembler.eu/\nmeta(\"compiler\", \"EuroASM\");\n\nfunction detect() {\n if (!PE.isNet() && !PE.isTLSPresent() && !PE.isRichSignaturePresent() &&\n PE.getMajorLinkerVersion() === 1 && PE.getMinorLinkerVersion() === 0 &&\n PE.getImageOptionalHeader(\"CheckSum\") === 0) {\n if (PE.compare(\"89000100000004002100FFFF05000002618A00000000400000000000000000000000000000000000000000000000000000000000000000000000900000000E1FBA0E00B409CD21B8084CCD21\", 2)) {\n sVersion = \"20180508-20190402\";\n bDetected = true;\n } else if (PE.compare(\"89000100000004002100FFFF05000002BFA200000000400000000000000000000000000000000000000000000000000000000000000000000000900000000E1FBA0E00B409CD21B8084CCD21\", 2)) {\n sVersion = \"20240831+\";\n bDetected = true;\n } else if (PE.compare(\"'This program was launched in DOS but it requires Windows.'\", 0x4e)) {\n bDetected = true;\n }\n }\n\n sLang = \"ASMx\" + (PE.is64() ? \"64\" : \"86\");\n\n return result();\n}" }, { "path": "db/PE/compiler_Excelsior_JET.4.sg", "content": "// Detect It Easy: detection rule file\n// Author: sendersu\n// If errors pls contact sendersu on cracklab.team\n\nmeta(\"compiler\", \"Excelsior JET\");\n\nfunction detect() {\n var nFound = 0;\n\n for (var i = 0; i <= PE.nLastSection; i++) {\n var nOffset = PE.section[i].FileOffset,\n sSection = PE.section[i].Name;\n\n if (sSection == \".jidata\") {\n if (PE.isSignaturePresent(nOffset, 16, \"'JIMP'\")) {\n ++nFound;\n }\n } else if (sSection == \".jedata\") {\n if (PE.isSignaturePresent(nOffset, 16, \"'JEXP'\")) {\n ++nFound;\n }\n } else if (sSection == \".config\") {\n ++nFound;\n }\n if (nFound == 3) {\n bDetected = true;\n break;\n }\n }\n\n sLang = \"Java\";\n\n return result();\n}" }, { "path": "db/PE/compiler_FASM.4.sg", "content": "// Detect It Easy: detection rule file\r\n// Author: horsicq \r\n\r\nmeta(\"compiler\", \"FASM\");\r\n\r\nincludeScript(\"FASM\");\r\n\r\nfunction detect() {\r\n if (bFASM) {\r\n sVersion = PE.getCompilerVersion();\r\n bDetected = true;\r\n\r\n // Correct version\r\n if (PE.getMajorLinkerVersion() > 2) {\r\n sVersion += \"*\";\r\n }\r\n }\r\n\r\n sLang = \"ASMx\" + (PE.is64() ? \"64\" : \"86\");\r\n\r\n return result();\r\n}\r\n" }, { "path": "db/PE/compiler_FreeBasic.6.sg", "content": "// Detect It Easy: detection rule file\n\n// Author: DosX\n// E-Mail: collab@kay-software.ru\n// GitHub: https://github.com/DosX-dev\n// Telegram: @DosX_dev\n\n// https://freebasic.net/\nmeta(\"compiler\", \"FreeBASIC\");\n\nfunction detect() {\n if (PE.isNet()) return; // Doesn't support .NET\n\n if (PE.isSectionNamePresent(\".CRT\") && PE.isLibraryPresent(\"msvcrt.dll\")) {\n sVersion = \"MinGW\";\n\n // fb_StrAllocTempDescZEx\n if (PE.is64()) {\n bDetected = PE.compareEP(\"48\") && PE.isSignatureInSectionPresent(0, \"564889CE534889D34883EC28E8........4885C074..48893048895808488958104883C4285B5EC3\");\n } else {\n bDetected = PE.compareEP(\"83\") && PE.isSignatureInSectionPresent(0, \"5383EC088B5C2414E8........85C074..8B542410895804895808891083C4085BC20800\");\n }\n }\n\n if (!bDetected && PE.compareEP(\"E8....0000E801000000C35589E5\")) {\n sVersion = \"0.11+\";\n }\n\n sLang = \"FreeBASIC\";\n\n return result();\n}" }, { "path": "db/PE/compiler_Free_Pascal.6.sg", "content": "// Detect It Easy: detection rule file\r\n// Author: horsicq \r\n\r\nmeta(\"compiler\", \"Free Pascal\");\r\n\r\nincludeScript(\"FPC\");\r\n\r\nfunction detect() {\r\n if (PE.compareEP(\"E8006E00005589E58B7D0C8B750889F88B5D1029\")) {\r\n sVersion = \"0.99.10\";\r\n bDetected = true;\r\n } else if (PE.compareEP(\"E8006E00005589E58B7D0C8B750889F88B5D1029\", 19)) {\r\n sVersion = \"0.99.10\";\r\n bDetected = true;\r\n } else if (PE.compareEP(\"C605........01E8....0000C605........00E8....000050E800000000FF25........55\")) {\r\n sVersion = \"1.0.10\";\r\n sOptions = \"win32 console\";\r\n bDetected = true;\r\n } else if (PE.compareEP(\"C605........00E8....000050E800000000FF25........5589E5\")) {\r\n sVersion = \"1.0.10\";\r\n sOptions = \"win32 GUI\";\r\n bDetected = true;\r\n } else if (PE.compareEP(\"5589E5C605........00E8........5531ED89E0A3........668CD5892D\")) {\r\n sVersion = \"1.0.4\";\r\n bDetected = true;\r\n } else if (PE.compareEP(\"C605........005589E55356578B7D08893D........8B7D0C893D........8B7D10893D\")) {\r\n sVersion = \"1.0.4\";\r\n sOptions = \"DLL\";\r\n bDetected = true;\r\n } else if (PE.compareEP(\"5589E5C605........00E8........6A0064FF350000000089E0A3\")) {\r\n sVersion = \"2.0.0\";\r\n bDetected = true;\r\n } else if (PE.compareEP(\"C605........01E874000000C605........00E86800000050E800000000FF25........90\")) {\r\n sVersion = \"2.0.0\";\r\n bDetected = true;\r\n } else if (PE.compareEP(\"5589E5C605........0168........6AF6E8........50E8\")) {\r\n sVersion = \"2.6.0\";\r\n bDetected = true;\r\n } else if (PE.compareEP(\"C605..........E8$$$$$$$$5589E5C605..........E8........5531ed89e0A3........668cd5892d........dbe3d9\")) {\r\n sVersion = \"1.0.2\";\r\n bDetected = true;\r\n }\r\n if (bFPC) {\r\n var nVersionOffset = PE.findString(nOffset, 0x1024, \"FPC \");\r\n\r\n if (nVersionOffset !== -1) {\r\n sVersion = PE.getString(nVersionOffset + 4);\r\n }\r\n\r\n bDetected = true;\r\n // Gui Lazarus ?\r\n if (PE.getResourceNameOffset(\"LAZ_PIC_DIALOG_TEMPLATE\") != -1) {\r\n sOptions = \"Lazarus\";\r\n }\r\n }\r\n\r\n sLang = \"Pascal\";\r\n\r\n return result();\r\n}\r\n" }, { "path": "db/PE/compiler_Go.4.sg", "content": "// Detect It Easy: detection rule file\r\n// created by A.S.L - asl@onet.eu - 2019.01\r\n// improved by fernandom - menteb.in - 2020.04\r\n// improved by sendersu - cracklab.team - 2024.04\r\n\r\nmeta(\"compiler\", \"Go\");\r\n\r\nfunction detect() {\r\n bDetected = false;\r\n\r\n // All **UNMODIFIED** go compiled PE binaries have a .symtab section\r\n if (!PE.section[\".symtab\"]) {\r\n // If it doesn't have, let's try a heuristic only, no pattern matching\r\n // Who knows if pattern matching is good enough\r\n if (PE.isSignatureInSectionPresent(0, \"ff20'Go build ID: '\")) {\r\n sVersion = \"1.15.0+\";\r\n bDetected = true;\r\n }\r\n } else {\r\n bDetected = true;\r\n if (PE.compareEP(\"488d742408488b3c24488d0510000000ffe0cccccccccccccccccccccccccccc\") ||\r\n PE.compareEP(\"83ec0c8b44240c8d5c241089442404895c2408c70424ffffffffe901000000cc\")) {\r\n sVersion = \"1.7.X-1.9.X\";\r\n } else if (PE.compareEP(\"e90bd8ffffcccccccccccccccccccccc8b5c240464c705340000000000000089\") ||\r\n PE.compareEP(\"e92bc7ffffcccccccccccccccccccccc51488b01488b7110488b490865488b3c\")) {\r\n sVersion = \"1.10\";\r\n } else if (PE.compareEP(\"e98bc8ffffcccccccccccccccccccccc51488b01488b7110488b490865488b3c\") ||\r\n PE.compareEP(\"e90bd9ffffcccccccccccccccccccccc8b5c240464c705340000000000000089\")) {\r\n sVersion = \"1.10.X\";\r\n } else if (PE.compareEP(\"e98bdbffffcccccccccccccccccccccc8b5c240464c705340000000000000089\") ||\r\n PE.compareEP(\"e9dbc5ffffcccccccccccccccccccccc51488b01488b7110488b490865488b3c\")) {\r\n sVersion = \"1.11-1.11.X\";\r\n } else if (PE.compareEP(\"e9ebc5ffffcccccccccccccccccccccc51488b01488b7110488b490865488b3c\") ||\r\n PE.compareEP(\"e99bdbffffcccccccccccccccccccccc8b5c240464c705340000000000000089\")) {\r\n sVersion = \"1.12 or 1.12.2-1.12.9\";\r\n } else if (PE.compareEP(\"e98bc4ffffcccccccccccccccccccccc51488b01488b7110488b490865488b3c\") ||\r\n PE.compareEP(\"e99bdaffffcccccccccccccccccccccc8b5c240464c705340000000000000089\")) {\r\n sVersion = \"1.12.1\";\r\n } else if (PE.compareEP(\"e92bc5ffffcccccccccccccccccccccc51488b01488b7110488b490865488b3c\") ||\r\n PE.compareEP(\"e9cbdaffffcccccccccccccccccccccc8b5c240464c705340000000000000089\")) {\r\n sVersion = \"1.13 or 1.13.2\";\r\n } else if (PE.compareEP(\"e9cbc3ffffcccccccccccccccccccccc51488b01488b7110488b490865488b3c\") ||\r\n PE.compareEP(\"e9cbd9ffffcccccccccccccccccccccc8b5c240464c705340000000000000089\")) {\r\n sVersion = \"1.13.1 or 1.13.3-9\";\r\n } else if (PE.compareEP(\"e9cbd8ffffcccccccccccccccccccccc8b5c240464c705340000000000000089\") ||\r\n PE.compareEP(\"e9cbc1ffffcccccccccccccccccccccc51488b01488b7110488b490865488b3c\")) {\r\n sVersion = \"1.14 or 1.14.X\";\r\n } else if (PE.compareEP(\"e9....ffffcccccccccccccccccccccc51488b01488b7110488b490865488b3c2530000000c7476800000000\") ||\r\n PE.compareEP(\"e9....ffffcccccccccccccccccccccc8b5c240464c705340000000000000089e58b4b0489c8c1e00229c489e78b7308fcf3\")) {\r\n sVersion = \"1.X\";\r\n } else if (PE.compareEP(\"e9....ffffcccccccccccccccccccccc83ec28895c241c896c241089742414897c2418890424894c2404e8\") ||\r\n PE.compareEP(\"e9$$$$$$$$488b3c24488d742408e9$$$$$$$$4889f84889f34883ec284883e4f0\")) { // x86-64\r\n sVersion = \"1.18.X-1.24.0\";\r\n } else if (PE.isSignatureInSectionPresent(0, \"ff20'Go build ID: '\")) {\r\n sVersion = \"1.15.0+\";\r\n } else {\r\n bDetected = false;\r\n }\r\n }\r\n\r\n sLang = \"Go\";\r\n\r\n return result();\r\n}\r\n" }, { "path": "db/PE/compiler_IBM_VisualAge_C.6.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"compiler\", \"IBM VisualAge C/C++\");\n\nfunction detect() {\n if (PE.compareEP(\"558bec68........64ff35........648925........83ec0457e8$$$$$$$$dbe3c3\")) {\n sVersion = \"4.0\";\n bDetected = true;\n } else if (PE.compareEP(\"83ec..837c24....75..ff15........85c075..33c0e8\")) {\n sVersion = \"4.0\";\n sOptions = \"DLL\";\n bDetected = true;\n } else if (PE.compareEP(\"83ec..837c24....75..e8........85c00f85........33c0e8\")) {\n sVersion = \"4.0\";\n sOptions = \"DLL\";\n bDetected = true;\n } else if (PE.compareEP(\"535783ec..e8........ff15........b8........e8........85c075..83c4..b8\")) {\n sVersion = \"3.5\";\n bDetected = true;\n } else if (PE.compareEP(\"558bec68........64ff35........648925........e8........ff15........83ec04b8........e8$$$$$$$$b801000000c3\")) {\n sVersion = \"3.6\";\n bDetected = true;\n } else if (PE.compareEP(\"558bec8b45..83f8..74..85c074..eb..6a006a006a00ff15\")) {\n sOptions = \"1996\";\n bDetected = true;\n }\n\n sLang = \"C/C++\";\n\n return result();\n}" }, { "path": "db/PE/compiler_IBM_VisualAge_COBOL.6.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"compiler\", \"IBM VisualAge COBOL\");\n\nfunction detect() {\n if (PE.compareEP(\"558bec81ec........e8$$$$$$$$558becb8........2d........8b40..c9c3\")) {\n sVersion = \"2.0\";\n bDetected = true;\n } else if (PE.compareEP(\"558bec68........64ff35........648925........e8........e8\")) {\n sVersion = \"2.2\";\n bDetected = true;\n }\n\n sLang = \"COBOL\";\n\n return result();\n}" }, { "path": "db/PE/compiler_IBM_VisualAge_PL_I.6.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"compiler\", \"IBM VisualAge PL/I\");\n\nfunction detect() {\n if (PE.compareEP(\"558bfc83e4..8bec33c08d15........8d0d........515250e8\")) {\n sVersion = \"2.0\";\n bDetected = true;\n }\n\n return result();\n}\n" }, { "path": "db/PE/compiler_Intel_C.6.sg", "content": "// Detect It Easy: detection rule file\r\n// Authors: hypn0, BJNFNE, DosX\r\n\r\nmeta(\"compiler\", \"Intel C/C++\");\r\n\r\nfunction detect() {\r\n if (PE.isNet()) return; // Doesn't support .NET\r\n\r\n const watermarkPos = 0x4ce;\r\n\r\n if (PE.compareEP(\"83ec..56ff15........8bf08a063c..75..8a46..463c..74..84c074..8a46..463c..75..803e..75..46eb\")) {\r\n bDetected = true;\r\n } else if (PE.compare(\"'Intel(R) C++ Compiler for 32-bit applications'\", watermarkPos)) {\r\n sVersion = PE.getString(watermarkPos + 55, 8);\r\n if (sVersion && sVersion.indexOf(\" \") !== -1) {\r\n sVersion = sVersion.split(\" \")[0];\r\n } else {\r\n sVersion = String();\r\n }\r\n\r\n bDetected = true;\r\n }\r\n\r\n sLang = \"C/C++\";\r\n\r\n return result();\r\n}\r\n" }, { "path": "db/PE/compiler_Kotlin.4.sg", "content": "// Detect It Easy: detection rule file\r\n// Author: horsicq \r\n\r\nmeta(\"compiler\", \"Kotlin\");\r\n\r\nfunction detect() {\r\n if (PE.isNet()) return; // Doesn't support .NET\r\n\r\n const rdataSection = PE.section[\".rdata\"];\r\n\r\n if (rdataSection && PE.isSignaturePresent(rdataSection.Offset, 512, \"6B006F0074006C0069006E0078002E00630069006E007400650072006F007000\")) {\r\n bDetected = true;\r\n }\r\n\r\n sLang = \"Kotlin\";\r\n\r\n return result();\r\n}\r\n" }, { "path": "db/PE/compiler_LCC-Win32.4.sg", "content": "// Detect It Easy: detection rule file\n// Author: Jason Hood \n\nmeta(\"compiler\", \"LCC-Win32\")\n\nfunction detect() {\n if (PE.isNet()) return; // Doesn't support .NET\n\n if (PE.compareEP(\"64a1........5589e56a..68........68........506489..........83ec..53565789\")) {\n sVersion = \"1.3\";\n bDetected = true;\n }\n\n sLang = \"C\";\n\n return result();\n}\n" }, { "path": "db/PE/compiler_LDC.6.sg", "content": "// Detect It Easy: detection rule file\r\n// Author: horsicq \r\n\r\nmeta(\"compiler\", \"LDC\");\r\n\r\nfunction detect() {\r\n if (PE.isSectionNamePresent(\".minfo\") && (!(PE.isSectionNamePresent(\"._deh\")))) {\r\n bDetected = true;\r\n }\r\n\r\n sLang = \"D\";\r\n\r\n return result();\r\n}\r\n" }, { "path": "db/PE/compiler_LLVM.6.sg", "content": "// Detect It Easy: detection rule file\n// Author: BJNFNE \n\n// https://github.com/llvm/llvm-project\nmeta(\"compiler\", \"LLVM\");\n\nfunction detect() {\n if (PE.section[\".buildid\"] || PE.compare(\"'LLD PDB.'\", 0x0a27)) {\n sOptions = \"LLD compiled\";\n bDetected = true;\n }\n\n sLang = \"C/C++\";\n\n return result();\n}" }, { "path": "db/PE/compiler_Lahey_Fortran_90.4.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"compiler\", \"Lahey Fortran 90\");\n\nfunction detect() {\n if (PE.compareEP(\"eb$$b8........a3........c705................6a..e8$$$$$$$$558becff75..e8........595dc3\")) {\n sVersion = \"1994\";\n sOptions = \"by Lahey Computer Systems Inc.\";\n bDetected = true;\n } else if (PE.compareEP(\"558bec8b45..83e8..72..74..4874..4874..eb..68........e8........59e8\")) {\n sVersion = \"2001\";\n sOptions = \"by Lahey Computer Systems Inc.\";\n bDetected = true;\n }\n\n sLang = \"Fortran\";\n\n return result();\n}" }, { "path": "db/PE/compiler_MinGW.6.sg", "content": "// Detect It Easy: detection rule file\r\n// Authors: DosX, fernandom\r\n\r\nmeta(\"compiler\", \"MinGW\");\r\n\r\nincludeScript(\"FPC\");\r\n\r\nfunction getMinGWVersion() {\r\n var sResult = \"\";\r\n\r\n var rdataSection = PE.section[\".rdata\"];\r\n\r\n if (rdataSection) {\r\n var nOffset = rdataSection.FileOffset,\r\n nSize = rdataSection.FileSize,\r\n nVersionOffset = PE.findString(nOffset, nSize, \"GCC: \");\r\n\r\n if (nVersionOffset != -1) {\r\n sResult = PE.getString(nVersionOffset, 128);\r\n }\r\n\r\n if (!sResult) {\r\n var nVersionOffset = PE.findString(nOffset, nSize, \"gcc-\");\r\n if (nVersionOffset != -1) {\r\n sResult = PE.getString(nVersionOffset);\r\n sResult = sResult.substring(0, sResult.indexOf('/'));\r\n }\r\n }\r\n }\r\n\r\n return sResult;\r\n}\r\n\r\nfunction detect() {\r\n if (PE.getMajorLinkerVersion() == 2) {\r\n var minor = PE.getMinorLinkerVersion();\r\n\r\n if (!bFPC && (minor <= 30 || minor == 36 || minor == 41 || minor == 44 || minor == 56)) {\r\n if (PE.compare(\"'MZ'90000300000004000000FFFF0000B800000000000000400000000000000000000000000000000000000000000000000000000000000000000000800000000E1FBA0E00B409CD21B8014CCD21'This program cannot be run in DOS mode.\\r\\r\\n$'00000000000000'PE'0000\")) {\r\n if (!PE.isSectionNamePresent(\".rsrc\")) {\r\n bDetected = true;\r\n } else {\r\n var rsrcSection = PE.section[\".rsrc\"];\r\n\r\n if (rsrcSection && !PE.isSignaturePresent(rsrcSection.FileOffset + rsrcSection.FileOffset - 512, 512, \"'Microsoft Corp.'\")) {\r\n bDetected = true;\r\n }\r\n }\r\n }\r\n }\r\n }\r\n\r\n if (!bDetected && PE.compareEP(\"5589e583ec..e8$$$$$$$$5589e583ec..5383c4..68........e8........83c4..e8........e8........e8........83c4\")) {\r\n sVersion = \"2.9X\";\r\n bDetected = true;\r\n }\r\n\r\n if (bDetected) {\r\n sVersion = getMinGWVersion();\r\n } else {\r\n var buildidSection = PE.section[\".buildid\"],\r\n rdataSection = PE.section[\".rdata\"];\r\n\r\n if (rdataSection) {\r\n bDetected = PE.isSignaturePresent(rdataSection.FileOffset, 256, \"'mingw'\")\r\n }\r\n\r\n if (!bDetected && buildidSection && rdataSection) {\r\n bDetected = PE.isSignaturePresent(rdataSection.FileOffset, rdataSection.FileSize, \"'Mingw'\");\r\n }\r\n }\r\n\r\n if (bDetected && !PE.isOverlayPresent()) {\r\n sOptions = \"stripped\";\r\n } else if (!bDetected) {\r\n if (PE.isOverlayPresent()) {\r\n if (PE.compareOverlay(\"'.file' 00 00 00\")) {\r\n bDetected = true;\r\n }\r\n } else {\r\n var ehFrameSection = PE.section[\".eh_frame\"];\r\n\r\n if (ehFrameSection && (ehFrameSection.Characteristics & 0x40000040)) {\r\n bDetected = true;\r\n }\r\n }\r\n }\r\n\r\n sLang = \"C/C++\";\r\n\r\n return result();\r\n}\r\n" }, { "path": "db/PE/compiler_Nim.4.sg", "content": "// Detect It Easy: detection rule file\r\n// Author: horsicq \r\n\r\nmeta(\"compiler\", \"Nim\");\r\n\r\nfunction detect() {\r\n var rdataSection = PE.section[\".rdata\"];\r\n\r\n if (!PE.isRichSignaturePresent() && rdataSection && PE.isLibraryPresentExp(/^msvcrt/i)) {\r\n var nOffset = rdataSection.FileOffset,\r\n nSize = rdataSection.FileSize;\r\n\r\n if (PE.findString(nOffset, nSize, \"io.nim\") !== -1 || PE.findString(nOffset, nSize, \"fatal.nim\") !== -1) {\r\n bDetected = true;\r\n }\r\n }\r\n\r\n sLang = \"Nim\";\r\n\r\n return result();\r\n}\r\n" }, { "path": "db/PE/compiler_Pelles_C.6.sg", "content": "// Detect It Easy: detection rule file\n// Author: Jason Hood \n\nmeta(\"compiler\", \"Pelles C\")\n\nfunction detect() {\n if (PE.compareEP(\"5589E56AFF68........68........64FF35000000006489250000000083EC0C\")) {\n bDetected = true;\n }\n\n sLang = \"C\";\n\n return result();\n}" }, { "path": "db/PE/compiler_PerlApp.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"compiler\", \"PerlApp\");\n\nfunction detect() {\n if (PE.compareEP(\"558bec6a..68........68........64a1........50648925........83ec..5356578965..8365....6a..ff15\")) {\n for (var i = 0; i < PE.getNumberOfResources(); i++) {\n if ((PE.resource[i].Type == \"232\") || (PE.resource[i].Name == \"BFS\")) { // BFS\n if (PE.compare(\"ff'BFS'01\", PE.resource[i].Offset)) {\n bDetected = true;\n break;\n }\n }\n }\n }\n\n sLang = \"Perl\";\n\n return result();\n}" }, { "path": "db/PE/compiler_PowerBASIC.4.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"compiler\", \"PowerBASIC\");\n\nfunction detect() {\n if (PE.compareEP(\"558bec535657bb........662ef705............0f85........6a..ff15........e8........c783\")) {\n bDetected = true;\n }\n\n sLang = \"Basic\";\n\n return result();\n}\n" }, { "path": "db/PE/compiler_PureBasic.4.sg", "content": "// Detect It Easy: detection rule file\r\n// Author: horsicq \r\n\r\nmeta(\"compiler\", \"PureBasic\");\r\n\r\nfunction detect() {\r\n\r\n\r\n var codeSectionDetected = false; // If no code section is detected, then it is not PureBasic\r\n\r\n for (var i = 1; i < PE.getNumberOfSections() && !codeSectionDetected; i++) {\r\n if (PE.section[i].Characteristics == 0x60000020) {\r\n codeSectionDetected = true;\r\n }\r\n }\r\n\r\n if (!codeSectionDetected) return false;\r\n\r\n\r\n if (!PE.is64()) {\r\n if (PE.compareEP(\"68....0000680000000068......00E8......0083C40C6800000000E8......00A3\")) {\r\n sVersion = \"4.X-6.X\";\r\n bDetected = true;\r\n } else if (PE.compareEP(\"837C24080175..8B442404A3........E8\")) {\r\n sVersion = \"4.X\";\r\n bDetected = true;\r\n }\r\n } else {\r\n if (PE.compareEP(\"4883EC..49C7C0........4831D248B9................E8........4831C9E8\")) {\r\n sVersion = \"4.X-6.X\";\r\n bDetected = true;\r\n }\r\n }\r\n\r\n if (PE.isSectionNamePresent(\".drectve\")) {\r\n var sn = PE.getSectionNumber(\".drectve\");\r\n\r\n if (PE.isSignatureInSectionPresent(sn, \"'pb_datapointer'\")) {\r\n sVersion = \"6.X\";\r\n sOptions = \"gcc\";\r\n bDetected = true;\r\n }\r\n }\r\n\r\n if (!bDetected && PE.getImportLibraryName(0) === \"KERNEL32.dll\") {\r\n const rdataSection = PE.section[\".rdata\"];\r\n\r\n if (rdataSection) {\r\n bDetected = PE.findSignature(rdataSection.FileOffset, 5120, \"1415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F30313233\") !== -1;\r\n }\r\n }\r\n\r\n sLang = \"PureBasic\";\r\n\r\n return result();\r\n}\r\n" }, { "path": "db/PE/compiler_RADBasic.6.sg", "content": "// Detect It Easy: detection rule file\n\n// Author: DosX\n// E-Mail: collab@kay-software.ru\n// GitHub: https://github.com/DosX-dev\n// Telegram: @DosX_dev\n\n// https://www.radbasic.dev/\nmeta(\"compiler\", \"RAD Basic\");\n\nfunction detect() {\n if (PE.compareEP(PE.is64() ? \"48 83 EC\" : \"E8\") && PE.getImportFunctionName(0, 0) === \"CloseHandle\") {\n const rdataSection = PE.section[\".rdata\"];\n\n if (rdataSection && PE.isSignatureInSectionPresent(rdataSection.Number, \"'RADBasic'\")) {\n bDetected = true;\n }\n }\n\n if (!bDetected && PE.isResourceNamePresent(\"RADBASICAPPICON\")) {\n bDetected = true;\n }\n\n sLang = \"VB\";\n\n return result();\n}" }, { "path": "db/PE/compiler_RealBasic.4.sg", "content": "// Detect It Easy: detection rule file\n// Author: sendersu\n// If errors pls contact sendersu on cracklab.team\n\nmeta(\"compiler\", \"REALbasic (by Xojo.com)\");\n\nfunction detect() {\n if (PE.isOverlayPresent()) {\n var nOffset = PE.getOverlayOffset(),\n nSize = PE.getOverlaySize();\n\n if (PE.isResourceGroupNamePresent(\"PICKLE\") &&\n PE.findString(nOffset, nSize, \"REALbasic.Point\") !== -1 &&\n PE.findString(nOffset, nSize, \"Xojo.Introspection\") !== -1) {\n bDetected = true;\n }\n }\n\n sLang = \"Basic\";\n\n return result();\n}" }, { "path": "db/PE/compiler_RosASM.4.sg", "content": "// Detect It Easy: detection rule file\r\n// Author: horsicq \r\n\r\nmeta(\"compiler\", \"RosASM\");\r\n\r\nincludeScript(\"RosASM\");\r\n\r\nfunction detect() {\r\n if (bRosASM) {\r\n sVersion = PE.getCompilerVersion();\r\n sOptions = PE.getGeneralOptionsEx(); // RosASM doesn't have a linker\r\n bDetected = true;\r\n\r\n // Correct version\r\n if (PE.getMajorLinkerVersion() > 3) {\r\n sVersion += \"*\";\r\n }\r\n }\r\n\r\n sLang = \"ASMx\" + (PE.is64() ? \"64\" : \"86\");\r\n\r\n return result();\r\n}\r\n" }, { "path": "db/PE/compiler_Rust.4.sg", "content": "// Detect It Easy: detection rule file\n\n// Author: DosX\n// E-Mail: collab@kay-software.ru\n// GitHub: https://github.com/DosX-dev\n// Telegram: @DosX_dev\n\nmeta(\"compiler\", \"Rust\");\n\nfunction detect() {\n /* if (!PE.is64()) {\n if (PE.compareEP(\"e8$$$$$$$$8b0d........5657bf........be........3bcf74..85ce75..e8\")) {\n sVersion = \"i686-pc-windows-msvc\";\n bDetected = true;\n }\n } else if (PE.compareEP(\"4883ec..e8$$$$$$$$48895c24..55488bec4883ec..488b05........48bb................483bc3\")) {\n sVersion = \"x86_64-pc-windows-msvc\";\n bDetected = true;\n } else if (PE.compareEP(\"48895c24..48897424..574883ec..498bf88bda488bf183fa..75..e8$$$$$$$$48895c24..55488bec4883ec..488b05........48bb................483bc3\")) {\n sVersion = \"x86_64-pc-windows-msvc\";\n bDetected = true;\n } */\n\n var rdataSection = PE.section[\".rdata\"];\n\n if (PE.isTLSPresent() && rdataSection && PE.section[\"_RDATA\"] &&\n PE.findSignature(rdataSection.FileOffset, rdataSection.FileSize, \"4C6F63616C5C527573744261636B74726163654D75746578\") != -1 &&\n PE.findSignature(rdataSection.FileOffset, rdataSection.FileSize, \"'/rust'\") != -1) {\n bDetected = true;\n }\n\n sLang = \"Rust\";\n\n return result();\n}" }, { "path": "db/PE/compiler_SpASM.4.sg", "content": "// Detect It Easy: detection rule file\r\n// Author: horsicq \r\n\r\nmeta(\"compiler\", \"SpASM\");\r\n\r\nincludeScript(\"SpASM\");\r\n\r\nfunction detect() {\r\n if (bSpASM) {\r\n sVersion = PE.getCompilerVersion();\r\n sOptions = PE.getGeneralOptionsEx(); // SpASM doesn't have a linker\r\n bDetected = true;\r\n\r\n // Correct version\r\n if (PE.getMajorLinkerVersion() > 3) {\r\n sVersion += \"*\";\r\n }\r\n }\r\n\r\n _sLang = \"ASMx\" + (PE.is64() ? \"64\" : \"86\");\r\n\r\n return result();\r\n}\r\n" }, { "path": "db/PE/compiler_Swift.6.sg", "content": "// Detect It Easy: detection rule file\n\n// Author: DosX\n// E-Mail: collab@kay-software.ru\n// GitHub: https://github.com/DosX-dev\n// Telegram: @DosX_dev\n\n// https://github.com/swiftlang/swift\nmeta(\"compiler\", \"Swift\");\n\nfunction detect() {\n if (PE.isNet() || PE.isRichSignaturePresent()) return; // Doesn't support .NET and files with Rich Signature\n\n if (PE.isLibraryPresentExp(/^swift/)) {\n bDetected = true;\n\n if (PE.isLibraryPresent(\"swiftCRT.dll\")) {\n sOptions = \"dynamic\";\n }\n }\n\n if (PE.getNumberOfSections() > 15 && PE.isSectionNamePresentExp(/^.sw5/)) {\n sVersion = \"5.X\";\n bDetected = true;\n }\n\n sLang = \"Swift\";\n sLangVersion = sVersion;\n\n return result();\n}" }, { "path": "db/PE/compiler_Symantec_C.6.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"compiler\", \"Symantec C/C++\");\n\nfunction detect() {\n if (PE.compareEP(\"83ec08535556578b7c24..8b7424..8b6c24..ff15........894424..a9........74..807c24\")) {\n sVersion = \"7.2\";\n sOptions = \"DLL\";\n bDetected = true;\n }\n\n sLang = \"C/C++\";\n\n return result();\n}\n" }, { "path": "db/PE/compiler_TASM32.4.sg", "content": "// Detect It Easy: detection rule file\r\n// Author: horsicq \r\n// Turbo Assembler 32 (TASM32) by Borland.\r\n// Versions: 5.X. Linker: TLINK32.\r\n// https://en.wikipedia.org/wiki/Turbo_Assembler\r\n\r\nmeta(\"compiler\", \"TASM32\");\r\n\r\nincludeScript(\"Borland\"); // sets bBorlandC\r\nincludeScript(\"TASM32\"); // uses bBorlandC; sets bTASM32\r\n\r\nfunction detect() {\r\n if (bTASM32) {\r\n // Map TLINK32 linker version to TASM32 product version.\r\n // TLINK32 always stamps major version 2 in the PE optional header.\r\n if (PE.getMajorLinkerVersion() == 2 && PE.getMinorLinkerVersion() == 25) {\r\n sVersion = \"5.x\";\r\n }\r\n\r\n bDetected = true;\r\n }\r\n\r\n sLang = \"ASMx86\";\r\n\r\n return result();\r\n}\r\n" }, { "path": "db/PE/compiler_Virtual_Pascal.4.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"compiler\", \"Virtual Pascal\");\n\nfunction detect() {\n if (PE.compareEP(\"b9........b8........e8$$$$$$$$83ec..fc51e8\")) {\n sVersion = \"2.1\";\n bDetected = true;\n }\n\n sLang = \"Pascal\";\n\n return result();\n}" }, { "path": "db/PE/compiler_Visual_Objects.4.sg", "content": "// Detect It Easy: detection rule file\r\n// Author: horsicq \r\n\r\nmeta(\"compiler\", \"Visual Objects\");\r\n\r\nfunction detect() {\r\n if (PE.compare(\"'This Visual Objects application cannot be run in DOS mode'\", 0x312)) {\r\n sVersion = \"2.XX\";\r\n bDetected = true;\r\n }\r\n\r\n sLang = \"Visual Objects\";\r\n\r\n return result();\r\n}\r\n" }, { "path": "db/PE/compiler_Visual_Prolog.4.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"compiler\", \"Visual Prolog\");\n\nfunction detect() {\n if (PE.compareEP(\"558bec57dbe3d92d........68........e8........8325..........75..6a..eb..33c066a1........50e8........8038\")) {\n sVersion = \"5.2\";\n bDetected = true;\n }\n\n sLang = \"Visual Prolog\";\n\n return result();\n}\n" }, { "path": "db/PE/compiler_Watcom.6.sg", "content": "// Detect It Easy: detection rule file\r\n// Author: horsicq \r\n\r\nmeta(\"compiler\", \"Watcom C/C++\");\r\n\r\nfunction detect() {\r\n if (PE.compare( /*[Tt]*/ \"'his is a Windows '\" /*(?:95|NT)*/, 0x4f)) {\r\n bDetected = true;\r\n } else if (PE.findString(PE.getEntryPointOffset(), 32, \"watcom\") != -1) {\r\n bDetected = true;\r\n } else if (PE.compareEP(\"e9$$$$$$$$5351525589e583ec..b8........e8........a1........83c0..24..31d229c489e18b1d\")) {\r\n sOptions = \"1995 by Watcom International\";\r\n bDetected = true;\r\n } else if (PE.compareEP(\"e9$$$$$$$$535657558b7c24..8b7424..8b6c24..83fe..0f87........89f02eff\")) {\r\n sVersion = \"1995\"; // DLL32\r\n bDetected = true;\r\n } else if (PE.compareEP(\"e9$$$$$$$$535657558b7424..8b7c24..8b6c24..83ff..0f87........89f82eff\")) {\r\n sVersion = \"1995\"; // DLL32\r\n bDetected = true;\r\n } else if (PE.compareEP(\"e9$$$$$$$$535589e583ec..b8........e8........a1........83c0..24..29c489e38b15\")) {\r\n sVersion = \"1995 EXE32, console\";\r\n bDetected = true;\r\n } else if (PE.compareEP(\"e9$$$$$$$$535152565783ec..e8........a3........894424..8d4424..31dbe8\")) {\r\n sVersion = \"1995\"; // EXE32, console\r\n bDetected = true;\r\n } else if (PE.compareEP(\"e9$$$$$$$$535657558b7424..8b7c24..8b6c24..83ff..0f87........2eff\")) {\r\n sVersion = \"2000\"; // DLL32\r\n bDetected = true;\r\n } else if (PE.compareEP(\"c705................e9$$$$$$$$5351525589e583ec..b8........e8........a1........83c0..24..31d229c489e1\")) {\r\n sVersion = \"1995\"; // EXE32\r\n bDetected = true;\r\n }\r\n\r\n sLang = \"C/C++\";\r\n\r\n return result();\r\n}\r\n" }, { "path": "db/PE/compiler_WutaoEPL.6.sg", "content": "// Detect It Easy: detection rule file\n\n// Author: DosX\n// E-Mail: collab@kay-software.ru\n// GitHub: https://github.com/DosX-dev\n// Telegram: @DosX_dev\n\n// https://www.dywt.com.cn/\nmeta(\"compiler\", \"Wutao Easy Compiler\");\n\nfunction detect() {\n var ecodeSection = PE.section[\".ecode\"];\n\n if (ecodeSection && PE.compare(\"'WTNE / MADE BY E COMPILER - WUTAO '\", ecodeSection.FileOffset)) {\n sVersion = \"4.X\";\n bDetected = true;\n }\n\n sLang = \"Easy (EPL)\";\n\n return result();\n}" }, { "path": "db/PE/compiler_Xbase.4.sg", "content": "// Detect It Easy: detection rule file\n// Author: sendersu\n// If errors pls contact sendersu on cracklab.team\n\n// https://www.alaska-software.com/products/features-list.cxp#F14CTT\nmeta(\"compiler\", \"Xbase++ Native Code Compiler\");\n\nfunction detect() {\n if (PE.isNet()) return; // Doesn't support .NET\n\n var xppSection = PE.section[\".xpp\"];\n\n if (xppSection) {\n bDetected = PE.findString(xppSection.FileOffset, xppSection.FileSize, \"XBPEXCEPTION\");\n }\n\n if (PE.isLibraryPresent(\"XBTBase1.dll\")) {\n sOptions = \"Runtime\";\n bDetected = true;\n }\n\n sLang = \"Xbase++\";\n\n return result();\n}\n" }, { "path": "db/PE/compiler_Zig.4.sg", "content": "// Detect It Easy: detection rule file\r\n// Author: horsicq \r\n\r\nmeta(\"compiler\", \"Zig\");\r\n\r\nfunction detect() {\r\n if (PE.compare(\"'MZ'78000100000004000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000780000000E1FBA0E00B409CD21B8014CCD21'This program cannot be run in DOS mode.\\\r\n0000'PE'0000\")) {\r\n var rdataSection = PE.section[\".rdata\"];\r\n\r\n if (rdataSection && PE.isDeepScan()) {\r\n bDetected = (PE.findSignature(rdataSection.FileOffset, rdataSection.FileSize, \"5A00490047005F00440045004200550047005F0043004F004C004F005200\") !== -1); // ZIG_DEBUG_COLOR\r\n }\r\n }\r\n\r\n sLang = \"Zig\";\r\n\r\n return result();\r\n}\r\n" }, { "path": "db/PE/compiler_tcc.6.sg", "content": "// Detect It Easy: detection rule file\n\n// Author: DosX\n// E-Mail: collab@kay-software.ru\n// GitHub: https://github.com/DosX-dev\n// Telegram: @DosX_dev\n\n// The best compiler for C. Better than VC/Clang/GCC!\n// Thank you, Bellard. ;)\n\n// https://bellard.org/tcc/\nmeta(\"compiler\", \"Tiny C\");\n\nfunction detect() {\n if (PE.isNet()) return;\n\n var isLinkerDetected = false,\n isInitFuncDetected = false,\n isStdLibUsed = PE.isLibraryPresent(\"msvcrt.dll\");\n\n if (PE.compare(\"'MZ'90000300000004000000FFFF0000B800000000000000400000000000000000000000000000000000000000000000000000000000000000000000800000000E1FBA0E00B409CD21B8014CCD21546869732070726F6772616D2063616E6E6F742062652072756E20696E20444F53206D6F64652E0D0D0A2400000000000000'PE'0000\") &&\n PE.getCompilerVersion() == \"6.0\" && !PE.section[\".reloc\"] && !PE.section[\".tls\"] && !PE.section[\".rdata\"] && !PE.section[\".rsrc\"]) {\n _setResult(\"linker\", \"TCC Linker\", \"6.0\", \"\");\n isLinkerDetected = true;\n }\n\n if (isStdLibUsed && PE.compareEP(PE.is64() ?\n \"554889e54881ec........b8........8945..b8........4989c24c89d1e8\" :\n \"5589e581ec........908d45..50e8........83c4..b8........8945..b8........50e8........83c4\"))\n isInitFuncDetected = true;\n\n if (isLinkerDetected || isInitFuncDetected) bDetected = true;\n\n if (bDetected && !isInitFuncDetected && PE.compareEP(\"5589E581EC........90E8\")) {\n sVersion = \"legacy\";\n isInitFuncDetected = true;\n }\n\n if (bDetected) {\n if (!isStdLibUsed) sOptions = \"no std\"; // detectible on last versions\n if (!isInitFuncDetected) sOptions = sOptions.append(\"no init\"); // if EP is '_start()'\n }\n\n sLang = \"C\";\n\n return result();\n}" }, { "path": "db/PE/compiler_twinBASIC.6.sg", "content": "// Detect It Easy: detection rule file\n\n// Author: DosX\n// E-Mail: collab@kay-software.ru\n// GitHub: https://github.com/DosX-dev\n// Telegram: @DosX_dev\n\n// https://twinbasic.com/\nmeta(\"compiler\", \"twinBASIC\");\n\nfunction detect() {\n if (PE.isNet()) return; // Doesn't support .NET\n\n if (!PE.isRichSignaturePresent()) {\n if (PE.isImportPositionHashPresent(0, 0xc28f4fe3) && PE.isImportPositionHashPresent(1, 0x3f8b3302) ||\n PE.isResourceNamePresent(\"TWINBASIC.ICO\")) {\n bDetected = true;\n\n if (PE.is64()) {\n sVersion = \"Professional/Ultimate\";\n }\n }\n }\n\n sLang = \"twinBASIC\";\n\n return result();\n}" }, { "path": "db/PE/cryptor_Amber.2.sg", "content": "// Detect It Easy: detection rule file\n\n// Author: DosX\n// E-Mail: collab@kay-software.ru\n// GitHub: https://github.com/DosX-dev\n// Telegram: @DosX_dev\n\n// https://github.com/EgeBalci/amber\nmeta(\"cryptor\", \"Amber\");\n\nfunction detect() {\n if (PE.isImportPositionHashPresent(-1, 0x97c72051) &&\n PE.compareEP(PE.is64() ?\n \"48 83 EC .. 48 8B 05 .. .. .. .. C7 00 .. .. .. .. E8 .. .. .. .. E8 .. .. .. .. 90 90 48 83 C4\" : // 64 bit\n \"83 EC 0C C7 05 94 53 40 00 01 00 00 00 E8 9E 02 00 00 83 C4 0C E9 A6 FC FF FF 8D B6 00 00 00 00 83 EC 0C C7 05 94 53 40 00 00 00 00 00 E8 7E 02 00 00 83 C4 0C E9 86 FC FF FF 8D B6 00 00 00 00 83 EC 1C 8B 44 24 20 89 04 24 E8 1D 12 00 00 85 C0 0F 94 C0 83 C4 1C 0F B6 C0 F7 D8 C3 90 90 90 55 89 E5 83\")) { // 32 bit\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/PE/cryptor_AverCryptor.2.sg", "content": "// Detect It Easy: detection rule file\r\n// Author: horsicq \r\n\r\n// https://web.archive.org/web/20071012084924/http://secnull.org/\r\nmeta(\"cryptor\", \"AverCryptor\");\r\n\r\nfunction detect() {\r\n if (PE.compareEP(\"60E8000000005D81ED........8BBD........8B8D........B8\")) {\r\n bDetected = true;\r\n\r\n switch (PE.readByte(PE.getEntryPointOffset() + 65)) {\r\n case 0xFA: sVersion = \"1.0\"; break;\r\n case 0xF7: sVersion = \"1.02\";\r\n }\r\n\r\n if (!PE.isSectionNamePresent(\".avc\")) {\r\n sOptions = \"modified\";\r\n }\r\n }\r\n\r\n return result();\r\n}\r\n" }, { "path": "db/PE/cryptor_BattleshipCrypter.2.sg", "content": "// Detect It Easy: detection rule file\r\n// Author: horsicq \r\n// Author A.S.L\r\n\r\nmeta(\"cryptor\", \"Battleship Crypter\");\r\n\r\nfunction detect() {\r\n if (PE.compareEP(\"6818144000E8F0FFFFFF0000000000003000000038000000000000007A88CD659A43264D8DF747BE8615237F\")) {\r\n sVersion = \"1.0\";\r\n bDetected = true;\r\n }\r\n\r\n return result();\r\n}\r\n" }, { "path": "db/PE/cryptor_CronosCrypter.1.sg", "content": "// Detect It Easy: detection rule file\r\n// Author: horsicq \r\n\r\n// https://github.com/TalosSec/Cronos-Crypter\r\nmeta(\"cryptor\", \"CronosCrypter\");\r\n\r\nfunction detect() {\r\n if (PE.isNet() && PE.isSignatureInSectionPresent(0, \"43 72 6F 6E 6F 73 2D 43 72 79 70 74 65 72\")) {\r\n bDetected = true;\r\n }\r\n\r\n return result();\r\n}\r\n" }, { "path": "db/PE/cryptor_CryptEngine_MalwareCryptor.2.sg", "content": "// Detect It Easy: detection rule file\n\n// Author: DosX\n// E-Mail: collab@kay-software.ru\n// GitHub: https://github.com/DosX-dev\n// Telegram: @DosX_dev\n\n// https://github.com/DosX-dev/NET-MalwareCryptor\nmeta(\"cryptor\", \"CryptEngine\");\n\nfunction detect() {\n if (PE.isNetObjectPresent(\"Inject\") && PE.isNetUStringPresent(\"EntryPoint\") && PE.isNetUStringPresent(\"Invoke\") && PE.isNetUStringPresent(\"Load\")) {\n sVersion = \"NET-MalwareCryptor\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/PE/cryptor_Duals_eXe_Encryptor.2.sg", "content": "// Detect It Easy: detection rule file\r\n// Author: horsicq \r\n\r\nmeta(\"cryptor\", \"Duals eXe Encryptor\");\r\n\r\nfunction detect() {\r\n if (PE.compareEP(\"558BEC81EC00050000E8000000005D81ED0E\")) {\r\n switch (PE.readWord(PE.getEntryPointOffset() + 18)) {\r\n case 0x308: sVersion = \"1.0\"; break;\r\n case 0x43A: sVersion = \"1.0b\"; break;\r\n }\r\n bDetected = true;\r\n }\r\n\r\n return result();\r\n}\r\n" }, { "path": "db/PE/cryptor_EXECryptor.2.sg", "content": "// Detect It Easy: detection rule file\r\n// Author: horsicq \r\n\r\nmeta(\"cryptor\", \"EXECryptor\");\r\n\r\nfunction detect() {\r\n if (PE.isNet()) return; // Doesn't support .NET\r\n\r\n if (PE.compareEP(\"A4......00000000FFFFFFFF3C......94......D8......00000000FFFFFFFFB8\")) {\r\n sVersion = \"2.0/2.1\";\r\n sOptions = \"protected IAT\";\r\n bDetected = true;\r\n } else if (PE.compareEP(\"558BEC83C4F4565753BE........B80000....8945FC89C28B460C09C00F84\")) {\r\n sVersion = \"2.0/2.1\";\r\n bDetected = true;\r\n } else if (PE.compareEP(\"BE........B80000....8945FC89C28B460C09C00F84..00000001D089C350FF15\")) {\r\n sVersion = \"2.1.17\";\r\n bDetected = true;\r\n } else if (PE.compareEP(\"E8$$$$$$$$E800000000............8B1C2481EB........B8........506A..68\")) {\r\n sVersion = \"2.2.4\";\r\n bDetected = true;\r\n } else if (PE.compareEP(\"5068........5881E0........E9......00870C2459E8......008945F8E9\")) {\r\n sVersion = \"2.2.6\";\r\n sOptions = \"minimum protection\";\r\n bDetected = true;\r\n } else if (PE.compareEP(\"508BC687042468........5EE9........85C8E9........81C3........0F81\")) {\r\n sVersion = \"2.2.6\";\r\n sOptions = \"DLL/minimum protection\";\r\n bDetected = true;\r\n } else if (PE.compareEP(\"E80000000058..........8B1C2481EB........B8........506A046800100000506A00B8\")) {\r\n sVersion = \"2.2/2.3\";\r\n sOptions = \"compressed code\";\r\n bDetected = true;\r\n } else if (PE.compareEP(\"CC......00000000FFFFFFFF3C......B4......08......00000000FFFFFFFFE8\")) {\r\n sVersion = \"2.2/2.3\";\r\n sOptions = \"protected IAT\";\r\n bDetected = true;\r\n } else if (PE.compareEP(\"5168........5981F1123CCB98E9532C0000F7D7E9EB6000008345F802E9E3360000\")) {\r\n sVersion = \"2.3.9\";\r\n sOptions = \"compressed resources\";\r\n bDetected = true;\r\n } else if (PE.compareEP(\"68........E9......FF50C1C8188905........C3C1C01851E9......FF84C00F84\")) {\r\n sVersion = \"2.3.9\";\r\n sOptions = \"minimum protection\";\r\n bDetected = true;\r\n } else if (PE.compareEP(\"5068........58C1C00FE9......00870424588945FCE9......FFFF05........E9\")) {\r\n sVersion = \"2.3.9\";\r\n sOptions = \"DLL/compressed resources\";\r\n bDetected = true;\r\n } else if (PE.compareEP(\"5168........872C248BCD5D81E1........E9......008945F85168........5981F1\")) {\r\n sVersion = \"2.3.9\";\r\n sOptions = \"DLL/minimum protection\";\r\n bDetected = true;\r\n } else if (PE.compareEP(\"56575331DB89C689D70FB60689C283E01FC1EA05742D4A74158D5C130246C1E00889\")) {\r\n sVersion = \"2.XX\";\r\n sOptions = \"compressed resources\";\r\n bDetected = true;\r\n } else if (PE.compareEP(\"558BEC83C4ECFC5357568945FC8955F889C689D766813E4A430F852301000083C60A\")) {\r\n sVersion = \"2.XX\";\r\n sOptions = \"max. compressed resources\";\r\n bDetected = true;\r\n } else if (PE.compareEP(\"E824......8B4C240CC70117..01..C781..............31C089411489411880A1\")) {\r\n sVersion = \"1.3.0.45\";\r\n bDetected = true;\r\n } else if (PE.compareEP(\"E8$$$$$$$$31c064ff30648920648f05........83c4..e9$$$$$$$$60e8$$$$$$$$83c4\")) {\r\n sVersion = \"1.4X-1.5X\";\r\n bDetected = true;\r\n } else if (PE.compareEP(\"E8$$$$$$$$31C064FF30648920CCC3\")) {\r\n sVersion = \"1.5X\";\r\n bDetected = true;\r\n } else if (PE.compareEP(\"83C6148B55FCE9..FFFFFF\")) {\r\n sVersion = \"2.1X\";\r\n bDetected = true;\r\n } else if (PE.compareEP(\"E9........669C60508D88........8D900416....8BDC8BE1\")) {\r\n sVersion = \"2.1X\";\r\n bDetected = true;\r\n } else if (PE.compareEP(\"FFE0E804000000FFFFFFFF5EC300\")) {\r\n sVersion = \"2.2X\";\r\n bDetected = true;\r\n } else if (PE.compareEP(\"E9$$$$$$$$E8$$$$$$$$0F\")) {\r\n bDetected = true;\r\n }\r\n\r\n if (!bDetected) {\r\n var nNumberOfSections = PE.section.length;\r\n if (nNumberOfSections > 3 &&\r\n PE.getNumberOfImports() == 2 &&\r\n PE.getNumberOfImportThunks(1) == 1 &&\r\n PE.getImportFunctionName(1, 0) == \"MessageBoxA\") {\r\n for (var nAdjust = 1; nAdjust < 3; nAdjust++) {\r\n if (PE.getImportSection() == nNumberOfSections - nAdjust &&\r\n PE.section[nNumberOfSections - nAdjust - 1].FileSize == 0) {\r\n sVersion = nNumberOfSections > 4 ? \"2.4X\" : \"2.X\";\r\n bDetected = true;\r\n break;\r\n }\r\n }\r\n }\r\n }\r\n\r\n return result();\r\n}\r\n" }, { "path": "db/PE/cryptor_Huan.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: KDSS-Research\n\n// https://github.com/frkngksl/Huan\nmeta(\"cryptor\", \"Huan\");\n\nfunction detect() {\n if (PE.isSectionNamePresent(\".huan\")) {\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/PE/cryptor_KCryptor.2.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"cryptor\", \"K!Cryptor\");\n\nfunction detect() {\n if (PE.compareEP(\"558bec83ec..53565733db53ff15........8b3d........8945..b8........ff30be........56e8........68........6a..e8........83c4..6a..68........5753ffd0\")) {\n sVersion = \"0.11\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/PE/cryptor_Kryptonit.2.sg", "content": "// Detect It Easy: detection rule file\r\n// Author: horsicq \r\n// sign by A.S.L - asl@onet.eu\r\n\r\n// https://github.com/ximerus/Kryptonite\r\nmeta(\"cryptor\", \"Kryptonite\");\r\n\r\nfunction detect() {\r\n nOffset = 0x0093;\r\n if (PE.compareEP(\"558BEC\")) {\r\n if (PE.compare(\"'Krypton'\", nOffset)) {\r\n sVersion = \"0.1-0.2\";\r\n bDetected = true;\r\n }\r\n }\r\n\r\n return result();\r\n}\r\n" }, { "path": "db/PE/cryptor_LimeCrypter.2.sg", "content": "// Detect It Easy: detection rule file\n// Author: KDSS-Research\n\nmeta(\"cryptor\", \"LimeCrypter\");\n\nfunction detect() {\n if (PE.isNet()) {\n bDetected = true;\n if (validateReferences(\n isPositive = true,\n references = [\n \"System.Security.Cryptography\",\n \"System.Collections.Generic\",\n \"System.Resources\",\n \"System.Reflection\"\n ]\n )) {\n bDetected = false;\n return; // end\n }\n\n if (!PE.isSignatureInSectionPresent(0, \"3c50726976617465496d706c656d656e746174696f6e44657461696c733e7b........................................................................7d\") ||\n !PE.isSignatureInSectionPresent(0, \"24........................................................................\") ||\n !PE.isNetObjectPresent(\"o__SiteContainer0\") ||\n !PE.isNetObjectPresent(\"$$method0x6000005-1\") ||\n !PE.isNetObjectPresent(\"Assembly\") ||\n !PE.isNetObjectPresent(\"Rfc2898DeriveBytes\") ||\n !PE.isNetObjectPresent(\"AES_Decrypt\") ||\n !PE.isNetObjectPresent(\"<>p__Site1\") || PE.isNetObjectPresent(\"Chainski\")) {\n bDetected = false;\n }\n }\n\n return result();\n}\n\n\n// validateReferences by DosX\nfunction validateReferences(isPositive, references) {\n for (var i = 0; i < references.length; i++) {\n var sign = \"00'\" + references[i] + \"'00\";\n if (isPositive == true) {\n if (!PE.isSignatureInSectionPresent(0, sign)) {\n return true;\n }\n } else { // negative\n if (PE.isSignatureInSectionPresent(0, sign)) {\n return true;\n }\n }\n }\n return false;\n}" }, { "path": "db/PE/cryptor_NativeCryptor_by_DosX.2.sg", "content": "// Detect It Easy: detection rule file\r\n// Author: horsicq \r\n\r\nmeta(\"cryptor\", \"NativeCryptor by DosX\");\r\n\r\nfunction detect() {\r\n bDetected = PE.getNumberOfSections() >= 3 && PE.compareOverlay(\"'7stgc_hdr'00\");\r\n\r\n return result();\r\n}\r\n" }, { "path": "db/PE/cryptor_PEUnion.2.sg", "content": "// Detect It Easy: detection rule file\n// Author: KDSS-Research\n// Edited: DosX\n\nmeta(\"cryptor\", \"PEUnion\");\n\nfunction detect() {\n // 32bit RUNPE stub\n if (!PE.isNet()) {\n bDetected = true;\n\n if (PE.is64()) {\n bDetected = false;\n }\n\n const kLib = \"kernel32.dll\";\n\n if (validateNativeImports(\n isPositive = true,\n references = [\n [kLib, \"GetProcAddress\"],\n [kLib, \"ExitProcess\"],\n [kLib, \"GetModuleFileNameA\"],\n [kLib, \"GetComputerNameA\"],\n [kLib, \"VirtualAllocExNuma\"],\n [\"shlwapi.dll\", \"PathFindFileNameA\"]\n ]\n )) {\n bDetected = false;\n }\n\n // ====== ENTRY POINT ======\n // E8: call ...\n // 6A: push 0\n // FF15A4: call dword ptr [...]\n // C3: ret\n // =========================\n const entryPoint = \"E8??????006A00FF15A4????00C3\";\n\n if (PE.getNumberOfSections() != 3 ||\n !PE.compareEP(entryPoint) ||\n !PE.isSectionNamePresent(\".rsrc\") || !PE.isSectionNamePresent(\".idata\") || !PE.isSectionNamePresent(\".text\") ||\n PE.findString(PE.section[\".rsrc\"].FileOffset, PE.section[\".rsrc\"].FileSize, \"\") == -1 ||\n !(PE.getSectionVirtualSize(1) + PE.getSectionVirtualSize(2) < PE.getSectionVirtualSize(0)) ||\n !PE.isSignatureInSectionPresent(1, \"00'Shlwapi.dll'00\")) { // validate imports with signature <[S]hlwapi.dll>\n bDetected = false;\n }\n\n\n sOptions += \"RunPE\"\n }\n\n if (PE.isNet()) {\n bDetected = true;\n if (validateReferences(\n isPositive = true,\n references = [\n \"kernel32.dll\", \"LoadLibraryA\", \"GetProcAddress\",\n \"System.Runtime.InteropServices\",\n \"System.Runtime.CompilerServices\",\n \"System.IO\",\n \"System.Reflection\",\n \"System.Resources\",\n \"System.Collections.Generic\",\n \"System.Core\",\n \"System.Linq\",\n \"IEnumerable`1\", \"<>c__DisplayClass1\", \"Func`2\"\n ],\n section = 0\n )) {\n bDetected = false;\n }\n\n if (PE.isNetObjectPresent(\"BeginInvoke\") ||\n PE.isNetObjectPresent(\"EndInvoke\")) {\n sOptions += \"Invoke\"\n }\n\n }\n\n sVersion = \"4.0\";\n}\n\n\n// validateReferences by DosX\nfunction validateReferences(isPositive, references, section) {\n for (var i = 0; i < references.length; i++) {\n var sign = \"00'\" + references[i] + \"'00\";\n if (isPositive == true) {\n if (!PE.isSignatureInSectionPresent(section, sign)) {\n return true;\n }\n } else { // negative\n if (PE.isSignatureInSectionPresent(section, sign)) {\n return true;\n }\n }\n }\n return false;\n\n return result();\n}\n\n// and validateNativeImports by DosX also\nfunction validateNativeImports(isPositive, references) { // references[2]\n for (var i = 0; i < references.length; i++) {\n var importSign = references[i],\n library = importSign[0],\n entry = importSign[1];\n if (isPositive == true) {\n if (!PE.isLibraryFunctionPresent(library, entry)) {\n return true;\n }\n } else { // negative\n if (PE.isLibraryFunctionPresent(library, entry)) {\n return true;\n }\n }\n }\n return false;\n}\n\n// I like coffee. Preferably with milk" }, { "path": "db/PE/cryptor_RCryptor.2.sg", "content": "// Detect It Easy: detection rule file\r\n// Author: horsicq \r\n\r\nmeta(\"cryptor\", \"RCryptor\");\r\n\r\nfunction detect() {\r\n if (PE.compareEP(\"90589050908B00903C5090580F8567D6EF115068\")) {\r\n sVersion = \"1.??\";\r\n bDetected = true;\r\n } else if (PE.compareEP(\"8B042483E84F68........FFD0\")) {\r\n sVersion = \"1.1\";\r\n bDetected = true;\r\n } else if (PE.compareEP(\"558BEC8B44240483E84F68........FFD0585950\")) {\r\n sVersion = \"1.3/1.4\";\r\n bDetected = true;\r\n } else if (PE.compareEP(\"6183EF4F6068........FFD7\")) {\r\n sVersion = \"1.3b\";\r\n bDetected = true;\r\n } else if (PE.compareEP(\"832C244F68........FF542404834424044F\")) {\r\n sVersion = \"1.5\";\r\n bDetected = true;\r\n } else if (PE.compareEP(\"33D068........FFD2\")) {\r\n sVersion = \"1.6\";\r\n bDetected = true;\r\n } else if (PE.compareEP(\"8BC70304242BC78038500F851B8B1FFF68\")) {\r\n sVersion = \"1.6b/1.6c\";\r\n bDetected = true;\r\n } else if (PE.compareEP(\"60906161807FF04590600F851B8B1FFF68\")) {\r\n sVersion = \"1.6d\";\r\n bDetected = true;\r\n } else if (PE.compareEP(\"F7D183F1FF6A00F7D183F1FF810424........F7D183F1FF\")) {\r\n if (PE.compareEP(\"E8\", 24)) {\r\n sOptions = \"Hide EP\";\r\n }\r\n sVersion = \"2.0\";\r\n bDetected = true;\r\n }\r\n\r\n if (bDetected && !PE.isSectionNamePresentExp(/^(\\.)?RCryptor$/)) {\r\n sOptions = \"modified\";\r\n }\r\n\r\n return result();\r\n}\r\n" }, { "path": "db/PE/cryptor_RDG_Tejon_Crypter.2.sg", "content": "// Detect It Easy: detection rule file\r\n// Author: horsicq \r\n\r\nmeta(\"cryptor\", \"RDG Tejon Crypter\");\r\n\r\nfunction detect() {\r\n if (PE.compareEP(\"6850171001E8EEFFFFFF000000000000300000003800000100000000B365D0B8919CE145AA1BEEE0C80467EE\")) {\r\n sVersion = \"0.7\";\r\n bDetected = true;\r\n }\r\n\r\n return result();\r\n}\r\n" }, { "path": "db/PE/cryptor_ReXCrypter.2.sg", "content": "// Detect It Easy: detection rule file\n\n// Author: DosX\n// E-Mail: collab@kay-software.ru\n// GitHub: https://github.com/DosX-dev\n// Telegram: @DosX_dev\n\n// https://github.com/syrex1013/rexcrypter-2\nmeta(\"cryptor\", \"ReXCrypter\");\n\nfunction detect() {\n if (PE.isNet()) {\n var netAssemblyName = PE.getNetAssemblyName();\n\n if (netAssemblyName.indexOf(\"ReXStub \") === 0) {\n var stubVersion = netAssemblyName.split(\" \")[1];\n\n if (stubVersion && stubVersion.length < 5) {\n sVersion = \"1.0-2.0, stub \" + stubVersion;\n }\n\n bDetected = true;\n }\n\n if (!bDetected) {\n if (PE.isNetObjectPresent(\"GetConsoleWindow\") && PE.isNetObjectPresent(\"LoadInMem\")) {\n sVersion = \"custom stub\";\n bDetected = true;\n }\n }\n }\n\n return result();\n}" }, { "path": "db/PE/cryptor_Stones_PE_Encryptor.2.sg", "content": "// Detect It Easy: detection rule file\r\n// Author: horsicq \r\n\r\nmeta(\"cryptor\", \"Stone's PE Encryptor\");\r\n\r\nfunction detect() {\r\n if (PE.compareEP(\"555756525153E8........5D8BD581ED........2B95........83EA0B8995\")) {\r\n switch (PE.getEntryPointSignature(35, 2)) {\r\n case \"8DB5\": sVersion = \"1.0\"; break;\r\n case \"0195\": sVersion = \"1.13\"; break;\r\n }\r\n bDetected = true;\r\n } else if (PE.compareEP(\"535152565755E8........5D81ED........FF95........B8........03C52B85\")) {\r\n sVersion = \"2.0\";\r\n bDetected = true;\r\n }\r\n\r\n return result();\r\n}\r\n" }, { "path": "db/PE/cryptor_Virogen_Crypt.2.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"cryptor\", \"Virogen Crypt\");\n\nfunction detect() {\n if (PE.compareEP(\"9c55e8$$$$$$$$e8000000008b2c2481ed........83c4..c3\")) {\n sVersion = \"0.75\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/PE/cryptor_XorCryptor.2.sg", "content": "// Detect It Easy: detection rule file\n\n// Author: DosX\n// E-Mail: collab@kay-software.ru\n// GitHub: https://github.com/DosX-dev\n// Telegram: @DosX_dev\n\n// https://github.com/DosX-dev/DotNET_XorCryptor\nmeta(\"cryptor\", \"XorCryptor\");\n\nfunction detect() {\n if (/^[A-Za-z]{10,31}$/.test(PE.getNetAssemblyName()) &&\n PE.isNetObjectPresent(\"LateIndexGet\") &&\n PE.isNetUStringPresent(\"System.Reflection.Assembly\") &&\n PE.isNetUStringPresent(\"EntryPoint\") &&\n PE.isNetUStringPresent(\"Load\") &&\n PE.isNetUStringPresent(\"Invoke\")) {\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/PE/cryptor_Yodas_Crypter.2.sg", "content": "// Detect It Easy: detection rule file\r\n// Author: horsicq \r\n\r\nmeta(\"cryptor\", \"Yoda's Crypter\");\r\n\r\nfunction detect() {\r\n if (PE.compareEP(\"60E8000000005D81ED........E8A1000000E8D1000000E885010000F785\")) {\r\n sVersion = \"1.0\";\r\n bDetected = true;\r\n } else if (PE.compareEP(\"60E8000000005D81ED........B9....00008DBD........8BF7\")) {\r\n switch (PE.readWord(PE.getEntryPointOffset() + 14)) {\r\n case 0x009E: sVersion = \"1.1\"; break;\r\n case 0x097B: sVersion = \"1.2\"; break;\r\n default:\r\n sVersion = \"1.X\";\r\n }\r\n\r\n bDetected = true;\r\n } else if (PE.compareEP(\"558BEC53565760E8000000005D81ED\")) {\r\n if (PE.compareEP(\"E803000000EB01\", 19)) {\r\n sVersion = \"1.0b\";\r\n bDetected = true;\r\n } else if (PE.compareEP(\"B9\", 19)) {\r\n sVersion = \"1.3\";\r\n bDetected = true;\r\n }\r\n } else if (PE.compareEP(\"558BEC81ECC00000005356578DBD40FFFFFFB930000000B8CCCCCCCCF3AB60\")) {\r\n sVersion = \"1.3\";\r\n bDetected = true;\r\n }\r\n\r\n return result();\r\n}\r\n" }, { "path": "db/PE/custom_sfx_installers.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"sfx\");\n\nfunction detect() {\n if (PE.compareEP(\"558bec6aff68........68........64a1........50648925........83ec..535657\")) {\n if (PE.compareOverlay(\"....'-lh5-'\")) {\n sName = \"Toxsoft SFX\";\n bDetected = true;\n } else if (PE.findSignature(PE.getOverlayOffset(), 0x100, \"'MSCF'\") !== -1) {\n sName = \"Webest SFX\";\n sVersion = \"1.0\";\n bDetected = true;\n } else if (PE.compareOverlay(\"a6d6b210\")) {\n sType = \"installer\";\n sName = \"Sax Software installer\";\n bDetected = true;\n } else if (PE.compareOverlay(\"'Win_Sfx_For_Windows_'\")) {\n sName = \"XZIP-SFX\";\n sOptions = \"by Netzip\";\n bDetected = true;\n } else if (PE.getNumberOfResources() > 0) {\n for (var i = 0; i < PE.resource.length && !bDetected; i++) {\n if (PE.compare(\"'SZDD'88\", PE.resource[i].Offset)) {\n sType = \"installer\";\n sName = \"custom installer with SZDD-archives\";\n bDetected = true;\n }\n }\n }\n } else if (PE.compareEP(\"558bec81ec........5333db53ff15........a3........891d........891d........e8........391d\")) {\n if (PE.compareOverlay(\"'PK'0304\")) {\n sType = \"sfx\";\n sName = \"ZIP-SFX\";\n sOptions = \"by Ashampoo\";\n bDetected = true;\n }\n } else if (PE.compareEP(\"e8$$$$$$$$8b0d........5657bf........be........3bcf74..85ce75..e8........8bc8\")) {\n if (PE.getNumberOfResources() > 0 && PE.compare(\"5d00008000........000000000000\", PE.resource[0].Offset)) {\n sType = \"installer\";\n sName = \"Microsoft Windows update\";\n bDetected = true;\n }\n } else if (PE.compareEP(\"e8$$$$$$$$8bff558bec83ec..a1........8365....8365....5357bf........bb........3bc7\")) {\n if (PE.compareOverlay(\"........00020200\")) {\n var a = PE.getOverlayOffset();\n var b = PE.readWord(a);\n if (PE.compare(\"'SDLSOPKG'\", a + b)) {\n sType = \"installer\";\n sName = \"SysDev Laboratories\";\n bDetected = true;\n }\n }\n } else if (PE.compareEP(\"64a1........558bec6a..68........68........50a1........648925........8b0d\")) {\n if (PE.compareOverlay(\"'PK'0304\")) {\n sType = \"sfx\";\n sName = \"ZIP-SFX\";\n sOptions = \"by Aeco Systems\";\n bDetected = true;\n }\n }\n\n return result();\n}" }, { "path": "db/PE/dotnet_only/about.txt", "content": "Scripts for .NET files only will be located here (PE.isNet() == true)" }, { "path": "db/PE/emulator_Wine.3.sg", "content": "// Detect It Easy: detection rule file\r\n// Author: horsicq \r\n\r\nmeta(\"emulator\", \"Wine\");\r\n\r\nfunction detect() {\r\n if (PE.compare(\"'Wine'\", 0x40)) {\r\n sVersion = \"1.X\";\r\n bDetected = true;\r\n }\r\n\r\n return result();\r\n}\r\n" }, { "path": "db/PE/engine_AGS.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: BJNFNE \n\n// https://www.adventuregamestudio.co.uk/\nmeta(\"engine\", \"Adventure Game Studio (AGS)\");\n\nfunction detect() {\n if (PE.compareOverlay(\"434c49421a..00\")) {\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/PE/format_AutoHotKey.3.sg", "content": "// Detect It Easy: detection rule file\r\n// Author: horsicq \r\n\r\nmeta(\"format\", \"Compiled AutoHotKey\");\r\n\r\nfunction detect() {\r\n if (PE.resource[\">AUTOHOTKEY SCRIPT<\"]) {\r\n sVersion = PE.getFileVersion();\r\n bDetected = true;\r\n } else {\r\n var sManifest = PE.getManifest();\r\n\r\n if (sManifest.indexOf(\"AutoHotkey\") !== -1 && // First, we look for a substring to save processor cycles\r\n sManifest.match(/(\\n?)\r\n\r\n// https://en.wikipedia.org/wiki/AutoIt\r\nmeta(\"format\", \"AutoIt\");\r\n\r\nfunction detect() {\r\n if (PE.isResourceNamePresent(\"SCRIPT\")) {\r\n sVersion = \"3.XX\";\r\n bDetected = true;\r\n } else if (PE.compareEP(\"e8$$$$$$$$8bff558bec83ec..a1........8365....8365....5357bf........bb........3bc774..85c374..f7d0\") && PE.compareOverlay(\"a3484bbe986c4aa9\")) {\r\n sVersion = \"3.XX\";\r\n bDetected = true;\r\n } else if (PE.getVersionStringInfo(\"FileDescription\") == \"Compiled AutoIt Script\") {\r\n sVersion = PE.getFileVersionMS();\r\n bDetected = true;\r\n }\r\n\r\n return result();\r\n}\r\n" }, { "path": "db/PE/game_engine_Atlas.3.sg", "content": "// Detect It Easy: detection rule file\n// Author: BJNFNE \n\n// https://wiki.multimedia.cx/index.php/Engines/Atlas\nmeta(\"game engine\", \"Atlas\");\n\nfunction detect() {\n if (PE.getVersionStringInfo(\"ProductName\") == \"Atlas Game Engine\") {\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/PE/game_engine_DEV7.3.sg", "content": "// Detect It Easy: detection rule file\n// Author: BJNFNE \n\n// https://wiki.scummvm.org/index.php?title=DEV7_Information\nmeta(\"game engine\", \"DEV7\");\n\nfunction detect() {\n if (PE.getVersionStringInfo(\"ProductName\") == \"Dev7 VM v1.30b\") {\n sVersion = \"1.30b\";\n bDetected = true;\n } else if (PE.getVersionStringInfo(\"ProductName\") == \"Loader 7 v1.10a\") {\n sVersion = \"1.10a\";\n bDetected = true;\n } else if (PE.getVersionStringInfo(\"ProductName\") == \"Dev7 VM v1.30a\") {\n sVersion = \"1.30a\";\n sOptions = \"Антошка 3\";\n bDetected = true;\n } else if (PE.getVersionStringInfo(\"ProductName\") == \"Dev7 VM v1.30\") {\n sVersion = \"1.30\";\n bDetected = true;\n }\n return result();\n}" }, { "path": "db/PE/game_engine_Director.3.sg", "content": "// Detect It Easy: detection rule file\n// Author: BJNFNE \n\n// https://wiki.scummvm.org/index.php?title=Director\nmeta(\"game engine\", \"Director\");\n\nfunction detect() {\n if (PE.isExportFunctionPresent(\"_FindEmbeddedMovie\") || PE.isExportFunctionPresent(\"_GetCurrentEmbeddedMovie\")) {\n sVersion = \"7.0-7.0.2\";\n bDetected = true;\n } else if (PE.getVersionStringInfo(\"LegalCopyright\") == \"Copyright © 1985-1996 Macromedia, Inc.\") {\n sVersion = \"5.0-5.0.1\";\n bDetected = true;\n } else if (PE.getVersionStringInfo(\"LegalCopyright\") == \"Copyright © 1985-1997 Macromedia, Inc.\") {\n sVersion = \"6.0-6.5\";\n bDetected = true;\n } else if (PE.getVersionStringInfo(\"ProductName\") == \"Director 8 Shockwave Studio\") {\n sVersion = \"8.0\";\n sOptions = \"Shockwave Studio\";\n bDetected = true;\n } else if (PE.getVersionStringInfo(\"ProductName\") == \"Director 8.5 Shockwave Studio\") {\n sVersion = \"8.5\";\n sOptions = \"Shockwave Studio\";\n bDetected = true;\n } else if (PE.getVersionStringInfo(\"LegalCopyright\") == \"Copyright © 1985-2002 Macromedia, Inc.\") {\n sVersion = \"9.0\";\n bDetected = true;\n } else if (PE.getVersionStringInfo(\"LegalCopyright\") == \"Copyright © 1985-2003 Macromedia, Inc.\") {\n sVersion = \"10.0\";\n bDetected = true;\n } else if (PE.getVersionStringInfo(\"ProductName\") == \"Director MX 2004\") {\n sVersion = \"10.1\";\n sOptions = \"MX 2004\";\n bDetected = true;\n } else if (PE.getVersionStringInfo(\"ProductName\") == \"Director 11.3\") {\n sVersion = \"11.0.3\";\n bDetected = true;\n } else if (PE.getVersionStringInfo(\"ProductName\") == \"Director 11.5\") {\n sVersion = \"11.5\";\n bDetected = true;\n } else if (PE.getVersionStringInfo(\"ProductVersion\") == \"12.0.1 Development\") {\n sVersion = \"12.0.1\";\n sOptions = \"Development build\";\n bDetected = true;\n }\n return result();\n}" }, { "path": "db/PE/game_engine_Godot.3.sg", "content": "// Detect It Easy: detection rule file\n// Author: BJNFNE \n\n// https://godotengine.org\nmeta(\"game engine\", \"Godot\");\n\nfunction detect() {\n if (PE.getVersionStringInfo(\"FileDescription\") == \"Godot Engine\") {\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/PE/game_engine_Wintermute.3.sg", "content": "// Detect It Easy: detection rule file\n// Author: BJNFNE \n\n// https://wiki.scummvm.org/index.php?title=Wintermute\nmeta(\"game engine\", \"Wintermute\");\n\nfunction detect() {\n if (PE.getVersionStringInfo(\"FileDescription\") == \"Wintermute Engine Runtime\") {\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/PE/game_engine_XPAT.3.sg", "content": "// Detect It Easy: detection rule file\n// Author: BJNFNE \n\n// https://wiki.multimedia.cx/index.php/Engines/XPAT\nmeta(\"game engine\", \"XPAT\");\n\nfunction detect() {\n if (PE.getVersionStringInfo(\"FileDescription\") === \"Xpat Runtime Engine\") {\n sVersion = \"1.0.0.1\";\n sOptions = \"1995\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/PE/game_engine_Xash.3.sg", "content": "// Detect It Easy: detection rule file\n// Author: KDSS-Research\n\nmeta(\"game engine\", \"Xash3D\");\n\nfunction detect() {\n var dataSection = PE.section[\".data\"];\n\n if (dataSection &&\n PE.findString(dataSection.FileOffset, dataSection.FileSize, \"Xash Error\") != -1 &&\n PE.findString(dataSection.FileOffset, dataSection.FileSize, \"xash.dll\") != -1 &&\n PE.findString(dataSection.FileOffset, dataSection.FileSize, \"Unable to load the xash.dll\") != -1) {\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/PE/installer_ACCAStore.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"installer\", \"ACCAStore\");\n\nfunction detect() {\n if (PE.compareEP(\"558bec83c4..b8........e8$$$$$$$$538bd833c0a3........6a..e8........a3........a1\") &&\n PE.getNumberOfResources() > 0 &&\n PE.getResourceNameOffset(\"METRO_INFO\") !== -1) {\n sVersion = \"1.9.4.0\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/PE/installer_AOLSetup.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"installer\", \"AOLSetup\");\n\nfunction detect() {\n if (PE.compareEP(\"64a1........558bec6a..68........68........50648925........83ec..535657\")) {\n if (PE.compareOverlay(\"'RS'\")) {\n sVersion = \"by America Online\";\n bDetected = true;\n }\n }\n\n return result();\n}" }, { "path": "db/PE/installer_Acronis_installer.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"installer\", \"Acronis installer\");\n\nfunction detect() {\n if (PE.compareOverlay(\"'PK'0304\")) {\n if (PE.compareEP(\"6a..68........e8........bf........8bc7e8........8965..8bf4893e56ff15\") ||\n PE.compareEP(\"6a..68........e8$$$$$$$$68........64a1........508b4424..896c24..8d6c24..2be05356578b45..8965..508b45..c7\") ||\n PE.compareEP(\"e8$$$$$$$$558bec83ec..a1........8365....8365....5357bf........3bc7bb........74\") ||\n PE.compareEP(\"558bec8b45..8b4d..8b55..83f8..75..8915........894d..8945..8955..5de9\") ||\n PE.compareEP(\"8b4424..83f8..8b4c24..8b5424..75..8915........894c24..894424..895424..e9\") ||\n PE.compareEP(\"e8$$$$$$$$558bec83ec..8365....8365....a1........5657bf........be........3bc7\")) {\n sOptions = \"ZIP\";\n bDetected = true;\n }\n }\n\n return result();\n}" }, { "path": "db/PE/installer_Actual_Installer.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\n// https://www.actualinstaller.ru/\nmeta(\"installer\", \"Actual Installer\");\n\nfunction detect() {\n if (PE.compareEP(\"558bec83c4..b8........e8$$$$$$$$538bd833c0a3........6a..e8........a3........a1........a3........33c0a3........33c0a3........e8........ba........8bc3e8........5bc3\")) {\n if (PE.compareOverlay(\"....................'MSCF'00\")) {\n sVersion = \"1.0.0.0\";\n bDetected = true;\n }\n }\n\n return result();\n}" }, { "path": "db/PE/installer_Adobe_FlashPlayer_downloader.1.sg", "content": "// Detect It Easy: detection rule file\r\n// Author: horsicq \r\n// created by A.S.L - asl@onet.eu - 2019\r\n// 2020.07 fixed\r\n\r\nmeta(\"installer\", \"Adobe FlashPlayer downloader\");\r\n\r\nfunction detect() {\r\n if (PE.compareEP(\"B8......005064FF3500\") && PE.isOverlayPresent()) {\r\n if (PE.getVersionStringInfo(\"InternalName\") == \"Adobe Download Manager\") {\r\n sVersion = \"2.0\";\r\n sOptions = \"PECompact\"; // packed stub\r\n bDetected = true;\r\n }\r\n }\r\n\r\n return result();\r\n}\r\n" }, { "path": "db/PE/installer_Adobe_installers.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"installer\", \"Adobe\");\n\nfunction detect() {\n if (PE.compareEP(\"e8$$$$$$$$8bff558bec83ec..a1........8365....8365....5357bf........bb........3bc774..85c374..f7d0\")) {\n for (var i = 0; i < PE.resource.length; i++) {\n if (PE.resource[i].Type == 3284) { // ARCHIVE_7Z\n if (PE.findSignature(PE.resource[i].Offset, 6, \"'7z'BCAF271C\") != -1) {\n sName += \" Reader Installer\";\n sOptions = \"7zip sfx\";\n bDetected = true;\n break;\n }\n }\n }\n } else if (PE.compareEP(\"558bec6a..68........68........64a1........50648925........83ec..5356578965..ff15\")) {\n if (PE.compareOverlay(\"'^OPT'\")) {\n var ArcOffset = PE.findString(PE.getOverlayOffset(), 0x50, \"^ARC\");\n if (ArcOffset != -1) {\n if (PE.compare(\"1f8b08\", ArcOffset + 4)) {\n sName += \" SVG Installer\";\n sOptions = \"gzip\";\n bDetected = true;\n }\n }\n }\n } else if (PE.compareEP(\"e8$$$$$$$$8b0d........5657bf........be........3bcf74..85ce75..e8........8bc8\")) {\n if (PE.resource[0] && PE.findSignature(PE.resource[0].Offset, 6, \"'7z'BCAF271C\") != -1) {\n sName += \" WebInstaller\";\n sOptions = \"7zip sfx\";\n bDetected = true;\n }\n }\n\n return result();\n}" }, { "path": "db/PE/installer_Advanced_installer.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"installer\", \"Advanced Installer\");\n\nfunction detect() {\n if (PE.compareOverlay(\"2f30ee1f5e4ee51e\")) {\n if (PE.compareEP(\"e8$$$$$$$$8bff558bec83ec..a1........8365....8365....5357bf........bb........3bc774..85c374..f7d0\")) {\n bDetected = true;\n } else if (PE.compareEP(\"558bec83ec..5657ff15........8bf085f675..6a..eb..e8........8a063c..8b3d........75..56ffd7\")) {\n bDetected = true;\n } else if (PE.compareEP(\"e8$$$$$$$$8b0d........5657bf........be........3bcf74..85ce75..e8........8bc83bcf75..b9........eb\")) {\n bDetected = true;\n }\n } else if (PE.compareOverlay(\"d0cf11e0a1b11ae1\")) {\n if (PE.compareEP(\"558bec83ec..5657ff15........8bf085f675..6a..eb..e8........8a063c..8b3d........75..56ffd7\")) {\n bDetected = true;\n } else if (PE.compareEP(\"e8$$$$$$$$8bff558bec83ec..a1........8365....8365....5357bf........bb........3bc774..85c374..f7d0\")) {\n bDetected = true;\n }\n } else if (PE.isSignaturePresent(PE.getSize() - 0x50, 0x50, \"'ADVINSTSFX'\")) {\n if (PE.compareEP(\"558bec837d....75..e8$$$$$$$$8b0d........5657bf........be........3bcf74\")) {\n bDetected = true;\n } else if (PE.compareEP(\"e8$$$$$$$$558bec83ec..8365....8365....a1........5657bf........be........3bc7\")) {\n bDetected = true;\n } else if (PE.compareEP(\"558bec837d....75..e8........ff75..ff75..ff75..e8........83c4..5d\")) {\n sVersion = \"12.6.1\";\n bDetected = true;\n }\n } else if (PE.compareEP(\"e8$$$$$$$$8b0d........5657bf........be........3bcf74..85ce75..e8........8bc8\")) {\n if (PE.read_unicodeString(PE.getOverlayOffset() + 2, 16) == \"[GeneralOptions]\") {\n bDetected = true;\n }\n } else if (PE.compareOverlay(\"c885'CP'd8e3\")) {\n if (PE.compareEP(\"558bec837d....75..e8........ff75..ff75..ff75..e8........83c4..5d\")) {\n sVersion = \"16.3.0.0\";\n bDetected = true;\n }\n }\n\n return result();\n}" }, { "path": "db/PE/installer_Adveractive.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"installer\", \"Adveractive\");\n\nfunction detect() {\n if (PE.compareEP(\"558bec6a..68........68........64a1........50648925........83ec..5356578965..ff15\") && PE.compareOverlay(\"'10JP'\")) {\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/PE/installer_Aeco_installer.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"installer\", \"Aeco Systems installer\");\n\nfunction detect() {\n if (PE.compareEP(\"64a1........558bec6a..68........68........50a1........648925........8b0d........83ec..8901\") &&\n PE.compareOverlay(\"'EWETAR DATA FILE!! VER 1.00 <<<>>>'\")) {\n sVersion = \"1.0\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/PE/installer_Alchemy_Mindworks_installer.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"installer\", \"Alchemy Mindworks installer\");\n\nfunction detect() {\n if (PE.compareEP(\"a1........c1e0..a3........575133c0bf........b9........3bcf\") && PE.getNumberOfResources() > 0) {\n for (var i = 0; i < PE.resource.length && !bDetected; i++) {\n if (PE.compare(\"504b0304\", PE.resource[i].Offset))\n bDetected = true;\n }\n }\n\n return result();\n}" }, { "path": "db/PE/installer_Astrum.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"installer\", \"Astrum\");\n\nfunction detect() {\n if (PE.compareEP(\"558bec6a..68........68........64a1........50648925........83ec..5356578965..ff15\")) {\n if (PE.isOverlayPresent() != -1) {\n for (var i = 0; i < PE.getNumberOfResources(); i++) {\n if (PE.resource[i].Type == 77) {\n if (PE.findSignature(PE.resource[i].Offset, 0x140, \"'AstrumInstallWizard'\") != -1) {\n bDetected = true;\n break;\n }\n }\n }\n }\n }\n\n return result();\n}" }, { "path": "db/PE/installer_AutoPlay_Media_Studio.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"installer\", \"AutoPlay Media Studio\");\n\nfunction detect() {\n if (PE.compareOverlay(\"0b0bafaf0b0ba4\")) {\n if (PE.compareEP(\"e8$$$$$$$$8bff558bec83ec..a1........8365....8365....5357bf........bb........3bc774..85c374..f7d0a3........eb\")) {\n sVersion = \"8.X\";\n bDetected = true;\n }\n if (PE.compareEP(\"558bec6a..68........68........64a1........50648925........83ec..5356578965..ff15........33d28ad48915........8bc8\")) {\n sVersion = \"7.5.X\";\n bDetected = true;\n }\n }\n\n if (bDetected) {\n var sRawVersion = PE.getFileVersion().replace(/\\.0\\.0$/, \"\");\n if (sRawVersion) {\n sVersion = sRawVersion;\n }\n }\n\n return result();\n}" }, { "path": "db/PE/installer_Autodesk_Self-Extract.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"installer\", \"Autodesk Self-Extract\");\n\nfunction detect() {\n if (PE.compareEP(\"e8$$$$$$$$558bec83ec..a1........8365....8365....5657bf........be........3bc774..85c674..f7d0\") &&\n PE.compareOverlay(\"'00000000000000BD00000000000000010000000000000001'\", 0x19a0)) {\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/PE/installer_AutorunProEnterprise.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: KDSS-Research\n\nmeta(\"installer\", \"Autorun Pro Enterprise\");\n\nfunction detect() {\n var rsrcSection = PE.section[\".rsrc\"];\n\n if (rsrcSection && PE.isSectionNamePresent(\"CODE\")) {\n if (PE.findString(rsrcSection.FileOffset, rsrcSection.FileSize, \"9AutoRunObjects\") !== -1 &&\n PE.findString(rsrcSection.FileOffset, rsrcSection.FileSize, \"AutoRunObjects\") !== -1) {\n bDetected = true;\n }\n }\n\n return result();\n}" }, { "path": "db/PE/installer_AutorunProEnterpriseII.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: KDSS-Research\n\nmeta(\"installer\", \"Autorun Pro Enterprise II\");\n\nfunction detect() {\n var rsrcSection = PE.section[\".rsrc\"],\n codeSection = PE.section[\"CODE\"];\n\n if (rsrcSection && codeSection) {\n bDetected =\n PE.findString(codeSection.FileOffset, codeSection.FileSize, \"TAutoRunProjectX\") !== -1 &&\n PE.findString(rsrcSection.FileOffset, rsrcSection.FileSize, \"AutoRunObjects\") !== -1;\n }\n\n return result();\n}" }, { "path": "db/PE/installer_BitRock_Installer.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"installer\", \"BitRock Installer\");\n\nfunction detect() {\n if (PE.compareOverlay(\"........'.eh_frame'00\")) {\n if (PE.compareEP(\"60be........8dbe........c787................5789e58d9c24........31c05039dc75..46465368\")) {\n bDetected = true;\n } else if (PE.compareEP(\"83ec..c70424........ff15........e8........8d7426..8dbc27........a1........ffe0\")) {\n bDetected = true;\n }\n }\n\n if (!bDetected) {\n if (/BitRock/.test(PE.getManifest())) {\n bDetected = true;\n }\n }\n\n return result();\n}" }, { "path": "db/PE/installer_Bytessence_Install_Maker.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"installer\", \"Bytessence Install Maker\");\n\nfunction detect() {\n if (PE.compareOverlay(\"'$_BIM_CONFIG_START_$'\")) {\n if (PE.compareEP(\"68........68........68........e8........83c4..68........e8........a3........68........68........68\")) {\n sVersion = \"5.40\";\n bDetected = true;\n } else if (PE.compareEP(\"4883ec..49c7c0........4831d248b9................e8........4831c9e8........488905........4d31c048c7c2........4831c9e8........488905........48b8\")) {\n sVersion = \"5.40\";\n sOptions = \"x64\";\n bDetected = true;\n }\n }\n\n return result();\n}" }, { "path": "db/PE/installer_CNetX.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"installer\", \"CNetX\");\n\nfunction detect() {\n if (PE.compareEP(\"83ec..56ff15........8bf08a063c..75..8a46..4684c074..3c..75\")) {\n for (var i = 0; i < PE.resource.length && !bDetected; i++) {\n if (PE.compare(\"784b0304\", PE.resource[i].Offset)) {\n sOptions = \"modified ZIP\";\n bDetected = true;\n }\n }\n }\n\n return result();\n}" }, { "path": "db/PE/installer_CSDD_installer.1.sg", "content": "// Detect It Easy: detection rule file\r\n// Author: horsicq \r\n\r\nmeta(\"installer\", \"CSDD's\");\r\n\r\nfunction detect() {\r\n if (PE.compareEP(\"558bec6a..68........68........64a100000000506489250000000083c4..535657\")) {\r\n if (PE.getNumberOfResources() > 0) {\r\n if (PE.resource[0].Name = \"1\") {\r\n if (PE.compare(\"ec7c7f7c\", PE.getResourceOffsetByNumber(0))) {\r\n sVersion = \"1.1\";\r\n bDetected = true;\r\n }\r\n }\r\n }\r\n }\r\n\r\n return result();\r\n}\r\n" }, { "path": "db/PE/installer_CZ_installer.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"installer\", \"CZ installer\");\n\nfunction detect() {\n if (PE.compareEP(\"558bec83c4..b8........e8$$$$$$$$538bd833c0a3........6a..e8........a3........a1........a3\") &&\n PE.getNumberOfResources() > 0 &&\n PE.getResourceNameOffset(\"CZ_STORAGE\") != -1) {\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/PE/installer_Calibre_installer.1.sg", "content": "// Detect It Easy: detection rule file\r\n// Author: horsicq \r\n// sign by A.S.L - asl@onet.eu 2022.11.05\r\n// compiler : x64 MSC++ v.14.19\r\n// \"LZIP\" unpacker : nongnu.org/lzip/lzip.html - Antonio Diaz Diaz\r\n\r\nmeta(\"installer\", \"Calibre Portable Installer\");\r\n\r\nfunction detect() {\r\n if (PE.resource[\"EXTRA\"] && PE.section[\".rsrc\"].FileSize > 0x6000000 && // over 100 MB\r\n PE.getVersionStringInfo(\"ProductName\") == \"calibre\") {\r\n\r\n sVersion = PE.getVersionStringInfo(\"FileVersion\");\r\n sOptions = \".LZ Archive\";\r\n bDetected = true;\r\n\r\n }\r\n\r\n return result();\r\n}\r\n" }, { "path": "db/PE/installer_Chaos_Software_installer.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"installer\", \"Chaos Software installer\");\n\nfunction detect() {\n if (PE.compareEP(\"4883ec..e8$$$$$$$$48895c24..574883ec..488b..........48836424....48bf................483bc774\") && PE.compareOverlay(\"276327631226097513180178\")) {\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/PE/installer_ClickTeam.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\n// https://www.clickteam.com/download-centre/install-creator\nmeta(\"installer\", \"ClickTeam\");\n\nfunction detect() {\n if (PE.compareEP(\"558bec6a..68........68........64a1........50648925........83ec..5356578965..ff15\")) {\n if (PE.compareOverlay(\"'wwgT)'\")) {\n bDetected = true;\n } else if (PE.compareOverlay(\"..120100....0000\")) {\n bDetected = true;\n }\n }\n\n return result();\n}" }, { "path": "db/PE/installer_Codegear_Installer.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"installer\", \"Codegear Installer\");\n\nfunction detect() {\n if (PE.compareEP(\"60be........8dbe........5783cd..eb$$8b1e83ee..11db72..b8........01db75..8b1e\") && PE.compareOverlay(\"........'GRCSETUPINFORMATION'\")) {\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/PE/installer_CreateInstall.1.sg", "content": "// Detect It Easy: detection rule file\r\n// Author: horsicq \r\n\r\nmeta(\"installer\", \"CreateInstall\");\r\n\r\nfunction detect() {\r\n if (PE.compareEP(\"558BEC81EC200200005356576A00FF15........68........894508FF15........85C074276A00A1........50FF15\")) {\r\n bDetected = true;\r\n } else if (PE.compareEP(\"81EC0C0400005356575568605040006A016A00FF15........8BF0FF15........3DB7000000750F56FF15\")) {\r\n if (PE.compareOverlay(\"02060a0405fd59\")) {\r\n sVersion = \"2003.3.5\";\r\n bDetected = true;\r\n }\r\n } else if (PE.compareOverlay(\"'aWAW'\")) {\r\n if (PE.compareEP(\"64a1........558bec6a..68........68........50648925........83ec..5356578965..ff15\")) {\r\n bDetected = true;\r\n } else if (PE.compareEP(\"68........ff15........0bc074..e8\")) {\r\n bDetected = true;\r\n }\r\n }\r\n\r\n return result();\r\n}\r\n" }, { "path": "db/PE/installer_CrypKey_Installer.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"installer\", \"CrypKey\");\n\nfunction detect() {\n if (PE.compareEP(\"e8$$$$$$$$5668........e8........8bf068........56e8........a3........68........56e8........a3........68........56e8........a3........68........56e8........a3........68........56e8\")) {\n if (PE.compareOverlay(\"'CK16'\")) {\n bDetected = true;\n }\n }\n\n return result();\n}" }, { "path": "db/PE/installer_DeployMaster.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"installer\", \"DeployMaster\");\n\nfunction detect() {\n if (PE.compareEP(\"558bec81c4........5333c08985........8985........b8........e8........33c05568........64ff30\") && PE.compareOverlay(\"'BZh91'\")) {\n sVersion = \"2.8.0\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/PE/installer_DesktopX_Installer.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"installer\", \"DesktopX Installer\");\n\nfunction detect() {\n if (PE.compareEP(\"6a..68........6a..6a..ff15........50e8........50ff15\")) {\n for (var i = 0; i < PE.resource.length; i++) {\n if (PE.resource[i].Type == 630 || PE.resource[i].Type == 726 || PE.resource[i].Type == 678 || PE.resource[i].Type == 774) {\n if (PE.compare(\"'PK'0304\", PE.getResourceOffsetByNumber(i))) {\n bDetected = true;\n }\n }\n }\n }\n\n return result();\n}" }, { "path": "db/PE/installer_Eschalon_installer.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"installer\", \"Eschalon Installer\");\n\nfunction detect() {\n if (PE.compareEP(\"558bec81c4........53565733c08985........8985........e8$$$$$$$$e8$$$$$$$$31d28d\")) {\n if (PE.compareOverlay(\"'EPSF'\")) {\n sVersion = PE.getFileVersion().replace(/\\.0\\.0$/, String());\n bDetected = true;\n }\n }\n\n return result();\n}" }, { "path": "db/PE/installer_Excelsior_Installer.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"installer\", \"Excelsior Installer\");\n\nfunction detect() {\n if (PE.compareEP(\"83ec..53555657e8........6a..5b391d........8bf37e..8b3d........a1........8b....8a08\")) {\n if (PE.compareOverlay(\"'ExcelsiorII1'\")) {\n bDetected = true;\n }\n }\n\n return result();\n}" }, { "path": "db/PE/installer_FDM_Installer.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: A.S.L \n\nmeta(\"installer\", \"FDM Installer\");\n\nfunction detect() {\n if (PE.compareOverlay(\"'###FDMDATA###'\")) {\n bDetected = true;\n\n if (PE.compareEP(\"558BEC6AFF6820714000682C364000\")) {\n sVersion = \"1.0\";\n }\n }\n\n return result();\n}" }, { "path": "db/PE/installer_GPInstall.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"installer\", \"GPInstall\");\n\nfunction detect() {\n if (PE.compareOverlay(\"........'SPIS'1a'LH5'\")) {\n sOptions = \"SPIS LH5\";\n if (PE.compareEP(\"558bec83c4..5333c08945..b8........e8........33c05568........64ff30648920ba........33c0e8\")) {\n bDetected = true;\n } else if (PE.compareEP(\"558bec83c4..53565733c08945..b8........e8........33c05568........64ff30648920ba........33c0e8\")) {\n bDetected = true;\n } else if (PE.compareEP(\"558bec33c951515151515151535657b8........e8........33c05568........64ff30648920ba........33c0\")) {\n bDetected = true;\n }\n }\n\n return result();\n}" }, { "path": "db/PE/installer_Gentee_Installer.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"installer\", \"Gentee Installer\");\n\nfunction detect() {\n if (PE.compareEP(\"558bec81ec........538d85........5633db578d8d........68........895d..518945..53ff15\")) {\n if (PE.findSignature(PE.getOverlayOffset(), 0x80, \"'GEA'\") != -1) {\n bDetected = true;\n } else if (PE.getNumberOfResources() > 0 && PE.compare(\"'GEA'\", PE.getResourceNameOffset(\"SETUP_TEMP\"))) {\n bDetected = true;\n }\n\n } else if (PE.compareEP(\"558bec6a..68........68........64a1........50648925........83ec..5356578965..33db895d..6a..ff15\")) {\n if (PE.findSignature(PE.getOverlayOffset(), 0x80, \"'GEA'\") != -1 ||\n PE.findSignature(PE.getSectionFileOffset(PE.getSectionNumber(\".data\")), 0x80, \"'gentee'\") != -1) {\n bDetected = true;\n }\n } else if (PE.compareEP(\"81ec........5356575568........6a..6a..ff15........8bf0ff15........3d........75..56\") && PE.compareOverlay(\"'OWS9G1'\", 0xb) != -1) {\n bDetected = true;\n } else if (PE.compareEP(\"558bec81ec........5356576a..ff15........68........ff15........85c074..6a..a1........50ff15........8bf06a..56ff15\")) {\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/PE/installer_Ghost_Installer.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"installer\", \"Ghost Installer\");\n\nfunction detect() {\n if (PE.compareEP(\"60be........8dbe........c787................5783cd..eb\") && PE.compareOverlay(\"c0dececb8d8d8d8d\")) {\n sOptions = \"xored MSCF, mask: 8D\";\n sVersion = \"1.0.0.0\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/PE/installer_Gremlin_Patcher.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"installer\", \"Gremlin Software Patcher/Updater\");\n\nfunction detect() {\n if (PE.compareEP(\"558bec6a..68........68........64a1........50648925........83c4..5356578965..ff15\")) {\n for (var i = 0; i < PE.resource.length; i++) {\n if (PE.resource[i].Type == 9942) { // FILES_MAIN (Name: IDR_FILES_MAIN)\n if (PE.findSignature(PE.resource[i].Offset, 256, \"'SZDD'\")) {\n sOptions = \"SZDD\";\n bDetected = true;\n break;\n }\n }\n }\n }\n\n return result();\n}" }, { "path": "db/PE/installer_I-D_Media_installer.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"installer\", \"I-D Media installer\");\n\nfunction detect() {\n if (PE.compareEP(\"558bec6a..68........68........64a100000000506489250000000083ec..5356578965\")) {\n if (PE.compareOverlay(\"'XXataDfOnigeB'\")) {\n sVersion = \"1.0.0.13\";\n bDetected = true;\n }\n }\n\n return result();\n}" }, { "path": "db/PE/installer_IDM_Installer.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"installer\", \"Internet Download Manager Installer\");\n\nfunction detect() {\n if (PE.compareEP(\"558bec6a..68........68........64a1........50648925........83ec..5356578965..33db895d..6a..ff15\")) {\n if (PE.compareOverlay(\"2a330000da050000fec1cd666ebccf01fec1cd666ebccf0100..............78da\")) {\n sOptions = \"zlib\";\n bDetected = true;\n }\n }\n\n return result();\n}" }, { "path": "db/PE/installer_INTENIUM.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: Jason Hood \n\nmeta(\"installer\", \"INTENIUM\");\n\nfunction detect() {\n if (PE.compareOverlay(\"'stgc_hdr'\")) {\n sVersion = PE.getFileVersion();\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/PE/installer_Inno_Setup_Module.1.sg", "content": "// Detect It Easy: detection rule file\r\n// Author: horsicq \r\n\r\nmeta(\"installer\", \"Inno Setup Module\");\r\n\r\nfunction getVersionAndOptions(nOffset) {\r\n var sRawVersion = PE.getString(nOffset);\r\n sVersion = sRawVersion.substring(0, sRawVersion.indexOf(')'));\r\n if (/\\(u\\)/.test(sRawVersion)) {\r\n sOptions = sOptions.append(\"unicode\");\r\n } else if (/\\(a\\)/.test(sRawVersion)) {\r\n sOptions = sOptions.append(\"ANSI\");\r\n }\r\n}\r\n\r\nfunction getVersion(sSection) {\r\n if (PE.section[sSection]) {\r\n var nOffset = PE.section[sSection].FileOffset,\r\n nSize = PE.section[sSection].FileSize;\r\n\r\n if (nSize < 0x4000) { // There are files with \"data\" section's size more as 0x2000\r\n var nInno = PE.findString(nOffset, nSize, \"Inno Setup Setup Data\");\r\n if (nInno != -1) {\r\n getVersionAndOptions(nInno + 23);\r\n return true;\r\n } else {\r\n nInno = PE.findSignature(nOffset, nSize, \"'i1.'............'32'1A\");\r\n if (nInno != -1) {\r\n sVersion = PE.getString(nInno + 1).replace(/-.*/, \"\");\r\n return true;\r\n }\r\n }\r\n }\r\n }\r\n\r\n return false;\r\n}\r\n\r\nfunction detect() {\r\n if (PE.compareOverlay(\"'zlb'1A\") || PE.compareOverlay(\"'idska32'1A\")) {\r\n if (!getVersion(\"DATA\")) {\r\n getVersion(\".data\");\r\n }\r\n\r\n bDetected = true;\r\n } else {\r\n if (PE.getString(0x30, 4) == \"InUn\") {\r\n sOptions = \"uninstall\";\r\n var nOffset = PE.findString(PE.getOverlayOffset(), Math.min(0x100, PE.getOverlaySize()), \"Inno Setup Messages\");\r\n\r\n if (nOffset != -1) {\r\n getVersionAndOptions(nOffset + 21);\r\n bDetected = true;\r\n }\r\n\r\n if (!bDetected) {\r\n nOffset = PE.findString(PE.section[0].FileOffset, PE.section[0].FileSize, \"Inno Setup version\");\r\n if (nOffset != -1) {\r\n getVersionAndOptions(nOffset + 19);\r\n bDetected = true;\r\n }\r\n }\r\n\r\n if (!bDetected) {\r\n if (getVersion(\"DATA\") || getVersion(\".data\")) {\r\n bDetected = true;\r\n }\r\n }\r\n }\r\n }\r\n\r\n if (!bDetected) {\r\n if (PE.compareOverlay(\"'Inno Setup Messages'\")) {\r\n sOptions = \"uninstall\";\r\n getVersionAndOptions(PE.getOverlayOffset() + 21);\r\n bDetected = true;\r\n } else if (PE.compareOverlay(\"'Inno Setup Setup Data'\")) {\r\n getVersionAndOptions(PE.getOverlayOffset() + 23);\r\n bDetected = true;\r\n }\r\n }\r\n\r\n if (PE.compareOverlay(\"78da\")) {\r\n sOptions = \"zlib\";\r\n if (PE.compareEP(\"558bec83c4..53565733c08945..8945\")) {\r\n bDetected = true;\r\n } else if (PE.compareEP(\"558bec83c4..e8........e8........e8\")) {\r\n bDetected = true;\r\n }\r\n } else if (PE.compareOverlay(\"'Inno'\", 0x34)) {\r\n sOptions = \"with stub\";\r\n bDetected = true;\r\n }\r\n if (!bDetected) {\r\n if (PE.isNet()) {\r\n if (PE.getVersionStringInfo(\"Comments\") == \"This installation was built with Inno Setup.\") {\r\n bDetected = true;\r\n }\r\n }\r\n }\r\n\r\n return result();\r\n}\r\n" }, { "path": "db/PE/installer_Instalit.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"installer\", \"Instalit\");\n\nfunction detect() {\n if (PE.compareEP(\"64a1........558bec6a..68........68........50648925........83ec..5356578965..ff15\")) {\n for (var i = 0; i < PE.resource.length && !bDetected; i++) {\n if (PE.resource[i].Type == 854 || PE.resource[i].Type == 808 || PE.resource[i].Type == 884) { // DLLFILE or EXEFILE or CFGFILE\n sVersion = \"7.10.11, x32\";\n bDetected = true;\n } else if (PE.resource[i].Type == 686 || PE.resource[i].Type == 640) { // CFGFILE or EXEFILE\n sVersion = \"6.59.09, x32\";\n bDetected = true;\n }\n\n }\n }\n\n return result();\n}" }, { "path": "db/PE/installer_Install4j_installer.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"installer\", \"Install4j Installer\");\n\nfunction detect() {\n if (PE.compareOverlay(\"d513e4e801000000\")) {\n if (PE.compareEP(\"e8$$$$$$$$8bff558bec83ec..a1........8365....8365....5357bf........bb........3bc774\")) {\n bDetected = true;\n } else if (PE.compareEP(\"4883ec..e8$$$$$$$$48895c24..574883ec..488b05........48836424....48bf................483bc774\")) {\n bDetected = true;\n }\n }\n\n return result();\n}" }, { "path": "db/PE/installer_InstallAnywhere.1.sg", "content": "// Detect It Easy: detection rule file\r\n// Author: horsicq \r\n\r\nmeta(\"installer\", \"InstallAnywhere\");\r\n\r\nfunction detect() {\r\n if (PE.compareEP(\"60BE........8DBE0070FDFF5783CDFFEB109090909090908A064688074701DB75078B1E83EEFC11DB72EDB80100000001DB7507\")) {\r\n sVersion = \"6.1\";\r\n bDetected = true;\r\n } else if (PE.compareEP(\"6a..68........e8........bf........8bc7e8........8965..8bf4893e56ff15........8b4e..890d\")) {\r\n if (PE.compareOverlay(\"5b3e\")) {\r\n var ArcOffset = PE.findSignature(PE.getOverlayOffset(), 0x500, \"'PK'0304\");\r\n if (ArcOffset != -1) {\r\n sOptions = \"zip\";\r\n bDetected = true;\r\n }\r\n }\r\n } else if (PE.compareEP(\"4883ec..e8$$$$$$$$48895c24..55488bec4883ec..488b..........488365....48bb................483bc375\")) {\r\n if (PE.compareOverlay(\"5b3e\")) {\r\n var ArcOffset = PE.findSignature(PE.getOverlayOffset(), 0x500, \"'PK'0304\");\r\n if (ArcOffset != -1) {\r\n sOptions = \"zip\";\r\n bDetected = true;\r\n }\r\n }\r\n } else if (PE.compareEP(\"e8$$$$$$$$558bec83ec..a1........8365....8365....5657bf........be........3bc774..85c674..f7\")) {\r\n if (PE.compareOverlay(\"5b3e\")) {\r\n var ArcOffset = PE.findSignature(PE.getOverlayOffset(), 0x500, \"'PK'0304\");\r\n if (ArcOffset != -1) {\r\n sOptions = \"zip\";\r\n bDetected = true;\r\n }\r\n }\r\n }\r\n\r\n return result();\r\n}\r\n" }, { "path": "db/PE/installer_InstallShield.1.sg", "content": "// Detect It Easy: detection rule file\r\n// Author: horsicq \r\n\r\nmeta(\"installer\", \"InstallShield\");\r\n\r\nfunction detect() {\r\n if (PE.compareEP(\"64a1........558bec6a..68........68........50648925........83ec..5356578965..ff15\")) {\r\n if (PE.isOverlayPresent()) {\r\n nOffset = PE.readByte(PE.getOverlayOffset()) + PE.getOverlayOffset() + 12;\r\n if (PE.compare(\"135d658c\", nOffset)) {\r\n sVersion = \"3.X\";\r\n bDetected = true;\r\n } else if (PE.compare(\"'PK'0304\", nOffset)) {\r\n sVersion = \"3.X\";\r\n sOptions = \"zip\";\r\n bDetected = true;\r\n }\r\n } else {\r\n for (var i = 0; i < PE.resource.length; i++) {\r\n if (PE.resource[i].Type == 3000) //IS2\r\n {\r\n if (PE.compare(\"'SZDD'\", PE.resource[i].Offset)) {\r\n sVersion = \"2.X\"\r\n bDetected = true;\r\n break;\r\n }\r\n }\r\n }\r\n }\r\n\r\n if (PE.isSectionNamePresent(\"_cabinet\")) {\r\n bDetected = true;\r\n }\r\n\r\n } else if (PE.compareEP(\"558bec6a..68........68........64a1........50648925........83ec..5356578965..ff15\")) {\r\n if (PE.findSignature(PE.getOverlayOffset(), 0x100, \"'InstallShield Native Installer'\") !== -1) {\r\n sName += \" Java Edition\";\r\n bDetected = true;\r\n } else if (PE.findSignature(PE.getOverlayOffset(), 0x100, \"'setup.class'\") !== -1) {\r\n sName += \" Java Edition\";\r\n sVersion = \"3.X\";\r\n bDetected = true;\r\n }\r\n } else if (PE.compareEP(\"558BEC83EC4456FF15........8BF085F675086AFFFF15........8A06578B3D\")) {\r\n bDetected = true;\r\n } else if (PE.compareEP(\"558bec6a..68........68........64a1........50648925........83ec..5356578965..ff15........33d2\")) {\r\n if (PE.findSignature(PE.getOverlayOffset(), Math.min(0x2000, PE.getOverlaySize()), \"'ISc('\") !== -1) {\r\n sVersion = \"19.X\";\r\n bDetected = true;\r\n }\r\n } else if (PE.compareEP(\"e8$$$$$$$$8bff558bec83ec..a1........8365....8365....5357bf........bb........3bc774..85c374..f7\")) {\r\n if (PE.findSignature(PE.getOverlayOffset(), Math.min(0x2000, PE.getOverlaySize()), \"'ISSetupStream'\") !== -1) {\r\n sVersion = \"18.X\";\r\n bDetected = true;\r\n }\r\n } else if (PE.compareEP(\"e8$$$$$$$$558bec83ec..a1........8365....8365....5657bf........be........3bc7\")) {\r\n if (PE.findSignature(PE.getOverlayOffset(), Math.min(0x10000, PE.getOverlaySize()), \"'ISc('\") !== -1) {\r\n sVersion = \"25.X\";\r\n bDetected = true;\r\n }\r\n } else if (PE.compareEP(\"e8$$$$$$$$8b0d........5657bf........be........3bcf74..85ce75..e8........8bc8\")) {\r\n if (PE.compareOverlay(\"'ISSetupStream'\")) {\r\n sVersion = \"29.X\";\r\n bDetected = true;\r\n }\r\n } else if (PE.compareEP(\"e8$$$$$$$$558bec83ec..a1........8365....8365....5657bf........be........3bc774..85c674..f7\")) {\r\n if (PE.compareOverlay(\"'ISSetupStream'\")) {\r\n sVersion = \"19.X\";\r\n bDetected = true;\r\n }\r\n }\r\n\r\n if (PE.getVersionStringInfo(\"ProductName\").substr(0, 13) == \"InstallShield\" || PE.getVersionStringInfo(\"CompanyName\") == \"InstallShield Software Corporation\") {\r\n sVersion = PE.getVersionStringInfo(\"FileVersion\").replace(/, /g, \".\").trim();\r\n bDetected = true;\r\n }\r\n\r\n if (!bDetected) {\r\n if (/InstallShield/.test(PE.getManifest())) {\r\n bDetected = true;\r\n }\r\n }\r\n\r\n return result();\r\n}\r\n" }, { "path": "db/PE/installer_InstallUs.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"installer\", \"InstallUs\");\n\nfunction detect() {\n if (PE.compareEP(\"558bec83c4..b8........e8........a1........8b00ba........e8........8b0d........a1........8b008b15\")) {\n if (PE.findSignature(PE.getOverlayOffset(), 0x1000, \"'SPIS'1a'LZH'\") !== -1) {\n sOptions = \"SPIS LZH\";\n bDetected = true;\n }\n }\n\n return result();\n}" }, { "path": "db/PE/installer_Install_Factory.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"installer\", \"Install Factory\");\n\nfunction detect() {\n if (PE.compareOverlay(\"a7870800\")) {\n if (PE.compareEP(\"5589e55383ec..55b8........505068........64ff35........648925........83ec..83e4..68\")) {\n bDetected = true;\n }\n }\n\n return result();\n}" }, { "path": "db/PE/installer_LucasArts_Update_Installer.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"installer\", \"LucasArts Update Installer\");\n\nfunction detect() {\n if (PE.compareEP(\"558bec6a..68........68........64a1........50648925........83ec..5356578965..ff15\") && PE.compareOverlay(\"'1CNT'\")) {\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/PE/installer_Miktex_Installer.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"installer\", \"MiKTeX Installer\");\n\nfunction detect() {\n if (PE.compareEP(\"e9$$$$$$$$4883ec..e8$$$$$$$$e9$$$$$$$$48895c24..55488bec4883ec..488b05........48bb................483bc375..488365\")) {\n if (PE.compareOverlay(\"'TARTARTARTARTART'\")) {\n sOptions = \"tar\";\n bDetected = true;\n }\n }\n\n return result();\n}" }, { "path": "db/PE/installer_Mioplanet_installer.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"installer\", \"Mioplanet installer\");\n\nfunction detect() {\n if (PE.compareEP(\"eb$$a1........c1e0..a3........526a..e8........8bd0e8........5ae8\")) {\n if (PE.compareOverlay(\"'[(*|*)]MZ'\")) {\n bDetected = true;\n }\n }\n\n return result();\n}" }, { "path": "db/PE/installer_Morton_installer.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"installer\", \"Morton Software Installer\");\n\nfunction detect() {\n if (PE.compareEP(\"64a1........558bec6a..68........68........50648925........83ec..5356578965..ff15\")) {\n for (var i = 0; i < PE.resource.length; i++) {\n if (PE.resource[i].Type == 856) { // RT_RCDATA\n if (PE.compare(\"'SZDD'\", PE.resource[i].Offset)) {\n sOptions = \"SZDD\";\n bDetected = true;\n break;\n }\n }\n }\n }\n\n return result();\n}" }, { "path": "db/PE/installer_Multimedia_Fusion_Installer.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"installer\", \"Multimedia Fusion Installer\");\n\nfunction detect() {\n if (PE.compareEP(\"558bec6a..68........68........64a1........50648925........83ec..5356578965\")) {\n if (PE.compareOverlay(\"'wwwwI'874712\")) {\n bDetected = true;\n }\n }\n\n return result();\n}" }, { "path": "db/PE/installer_Myriad_Install.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"installer\", \"Myriad Install\");\n\nfunction detect() {\n if (PE.compareEP(\"5589e5535683ec..55b8........505068........64ff35........648925........68........e8\")) {\n if (PE.findSignature(PE.getOverlayOffset(), 0x100, \"01006215\") != -1) {\n bDetected = true;\n }\n }\n\n return result();\n}" }, { "path": "db/PE/installer_NOS_Installer.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"installer\", \"NOS Installer\");\n\nfunction detect() {\n if (PE.compareEP(\"50e8000000005b81eb........b9........2bd98bf381eb........8bfb81eb........575156e8........83c4..8bab........8d2c2b4d8a4d..80f9..74..83ed..8bd32b53\")) {\n if (PE.compareOverlay(\"'PK??NOS_PO'\") || PE.compareOverlay(\"'NOS_PO'\")) {\n bDetected = true;\n }\n }\n\n if (PE.compareEP(\"e8$$$$$$$$58bb........8bb3........8d0433488a0880f9..74..83e8..8b108bb3........03f38dbb........578bca2bce5156\")) {\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/PE/installer_Nullsoft_Scriptable_Install_System.1.sg", "content": "// Detect It Easy: detection rule file\r\n// Author: horsicq \r\n\r\nmeta(\"installer\", \"Nullsoft Scriptable Install System\");\r\n\r\nfunction detect() {\r\n if (PE.isNet()) return; // Doesn't support .NET\r\n\r\n var nOffset = PE.getOverlayOffset();\r\n if (!PE.compareOverlay(\"EFBEADDE'Null'..'oftInst'\", 4) && !PE.compareOverlay(\"EFBEADDE'nsisinstall'\")) {\r\n if (PE.isOverlayPresent()) {\r\n nOffset += PE.readDword(nOffset);\r\n if (nOffset + 4 >= PE.getSize() || !PE.compare(\"EFBEADDE'Null' %% 'oftInst'\", nOffset + 4)) {\r\n nOffset = 0;\r\n }\r\n }\r\n }\r\n if (nOffset && PE.isOverlayPresent()) {\r\n // Method detection adapted from 7-Zip.\r\n nOffset += 0x1C;\r\n if (PE.compare(\"5D0000..00\", nOffset)) {\r\n sOptions = sOptions.append(\"lzma\", \"solid\");\r\n } else if (PE.compare(\"5D0000....00\", nOffset + 4)) {\r\n sOptions = sOptions.append(\"lzma\");\r\n } else {\r\n function BorZ(nOffset) {\r\n if (PE.readByte(nOffset) == 0x31 && PE.readByte(nOffset + 1) < 14) {\r\n return \"bzip2\";\r\n } else {\r\n return \"zlib\";\r\n }\r\n }\r\n\r\n if (PE.compare(\"8\", nOffset + 3)) {\r\n sOptions = sOptions.append(BorZ(nOffset + 4));\r\n } else {\r\n sOptions = sOptions.append(BorZ(nOffset), \"solid\");\r\n }\r\n }\r\n bDetected = true;\r\n }\r\n\r\n var aVersion = PE.getManifest().match(/Null[sS]oft Install System v?(.*?)\n\nmeta(\"installer\", \"O'Setup95\");\n\nfunction detect() {\n if (PE.compareEP(\"64a1........558bec6a..68........68........50648925........83ec..5356578965..ff15\")) {\n if (PE.compareOverlay(\"'FILE'\")) {\n sOptions = \"Celtech Software\";\n bDetected = true;\n }\n }\n\n return result();\n}" }, { "path": "db/PE/installer_PCInstall.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"installer\", \"PCInstall\");\n\nfunction detect() {\n if (PE.compareEP(\"64a1........558bec6a..68........68........50648925........83ec..5356578965..ff15\")) {\n if (PE.compareOverlay(\"'[20/20]'\")) {\n bDetected = true;\n }\n }\n\n return result();\n}" }, { "path": "db/PE/installer_PIMP.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"installer\", \"PIMP Installer\");\n\nfunction detect() {\n if (PE.compareEP(\"558bec81ec........56576a..be........598dbd........f3a56a..33c0598dbd........f3ab8d85........68........33f65056ff\") &&\n PE.compareOverlay(\"'PIMPFILE'00\")) {\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/PE/installer_PackageForTheWeb.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"installer\", \"PackageForTheWeb\");\n\nfunction detect() {\n if (PE.compareEP(\"558bec6a..68........68........64a1........50648925........83....5356578965..ff15\")) {\n if (PE.compareOverlay(\"....0000dcedbd\")) {\n sOptions = \"InstallShield\";\n bDetected = true;\n }\n }\n\n return result();\n}" }, { "path": "db/PE/installer_Pantaray_QSetup.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"installer\", \"Pantaray QSetup\");\n\nfunction detect() {\n\n if (PE.compareEP(\"558bec83c4..b8........e8$$$$$$$$538bd833c0a3........6a..e8........a3........a1........a3........33c0a3........33c0a3........e8........ba........8bc3e8........5bc3\")) {\n if (PE.compareOverlay(\"970300000201\")) {\n sVersion = \"10.0.0.X\";\n bDetected = true;\n } else if (PE.compareOverlay(\"370700000201\")) {\n sVersion = \"11.0.0.X\";\n bDetected = true;\n }\n\n if (PE.findSignature(PE.getOverlayOffset(), 0x400, \"'|http:'\") !== -1) {\n sVersion = \"6.0.0.0\";\n bDetected = true;\n }\n\n if (PE.findSignature(PE.getOverlayOffset(), 0x400, \"'|www.'\") !== -1) {\n sVersion = \"8.0.0.0\";\n bDetected = true;\n }\n }\n\n return result();\n}" }, { "path": "db/PE/installer_Paquet_Builder.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"installer\", \"Paquet Builder\");\n\nfunction detect() {\n if (PE.compareEP(\"5589e56a..68........68........64ff35........648925........83ec..83ec..5356578965..68\")) {\n if (PE.compareOverlay(\"'PB'................................'7z'\")) {\n sOptions = \"7zip\";\n bDetected = true;\n }\n }\n\n return result();\n}" }, { "path": "db/PE/installer_Quick_Install.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"installer\", \"Quick Install\");\n\nfunction detect() {\n if (PE.compareEP(\"558bec68........64ff35........648925........83ec0457e8$$$$$$$$dbe3c3\") &&\n PE.isSectionNamePresent(\"txt0\")) {\n sOptions = \"by Snow Storm Software\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/PE/installer_RNsetup.1.sg", "content": "// Detect It Easy: detection rule file\r\n// Author: horsicq \r\n\r\nmeta(\"installer\", \"RNsetup\");\r\n\r\nfunction detect() {\r\n if (PE.compareEP(\"558bec6a..68........68........64a100000000506489250000000083c4..535657\")) {\r\n if (PE.getNumberOfResources() > 0) {\r\n if (PE.resource[0].Name = \"Archive\") {\r\n if (PE.compare(\"'.rzt'\", PE.getResourceOffsetByNumber(0))) {\r\n sVersion = \"6.0\";\r\n bDetected = true;\r\n }\r\n }\r\n }\r\n }\r\n\r\n return result();\r\n}\r\n" }, { "path": "db/PE/installer_SCE_installer.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"installer\", \"Silver Creek Entertainment\");\n\nfunction detect() {\n if (PE.compareEP(\"558bec6a..68........68........64a1........50648925........83ec..5356578965..ff15\")) {\n for (var i = 0; i < PE.resource.length; i++) {\n if (PE.compare(\"789c\", PE.resource[i].Offset)) {\n sOptions = \"zlib\";\n bDetected = true;\n break;\n }\n }\n }\n\n return result();\n}" }, { "path": "db/PE/installer_STATICSUP.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"installer\", \"STATICSUP\");\n\nfunction detect() {\n if (PE.compareEP(\"64a1........558bec6a..68........68........50648925........83ec..5356578965..ff15\")) {\n if (PE.compareOverlay(\"67155234ff4d3642\")) {\n bDetected = true;\n }\n }\n\n return result();\n}" }, { "path": "db/PE/installer_Setup-Specialist.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"installer\", \"Setup-Specialist\");\n\nfunction detect() {\n if (PE.compareEP(\"6a..68........e8........bf........8bc7e8........8965..8bf4893e56ff15\") && PE.compareOverlay(\"'TGCF'\")) {\n sVersion = \"4.0.X\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/PE/installer_Setup_Factory.1.sg", "content": "// Detect It Easy: detection rule file\r\n// Author: horsicq \r\n\r\nmeta(\"installer\", \"Setup Factory\");\r\n\r\nfunction detect() {\r\n if (PE.compareEP(\"558BEC6AFF68..61400068..43400064A1000000005064892500000000\")) {\r\n if (PE.compareEP(\"90614000\", 6)) {\r\n sVersion = \"6.0.0.3\";\r\n } else {\r\n sVersion = \"6.X\";\r\n }\r\n bDetected = true;\r\n } else if (PE.compareOverlay(\"e0e0e1e1e2e2e3e3e4e4e5e5e6e6e7e7\")) {\r\n if (PE.compareEP(\"e8$$$$$$$$558bec83ec..a1........8365....8365....5357bf........3bc7bb........74..85c374..f7d0a3........eb\")) {\r\n sVersion = \"8.0\";\r\n bDetected = true;\r\n } else if (PE.compareEP(\"e8$$$$$$$$8bff558bec83ec..a1........8365....8365....5357bf........bb........3bc774..85c374..f7d0a3........eb\")) {\r\n sVersion = \"9.0\";\r\n bDetected = true;\r\n } else if (PE.compareEP(\"4883ec..e8$$$$$$$$48895c24..574883ec..488b05........48836424....48bf................483bc774..48f7d0488905........eb\")) {\r\n sVersion = \"9.5\";\r\n bDetected = true;\r\n }\r\n } else if (PE.compareOverlay(\"e0e1e2e3e4e5e6\")) {\r\n if (PE.compareEP(\"558bec6a..68........68........64a1........50648925........83ec..5356578965..ff15\")) {\r\n sVersion = \"5.0\";\r\n bDetected = true;\r\n } else if (PE.compareEP(\"64a1........558bec6a..68........68........50648925........83ec..5356578965..ff15\")) {\r\n sVersion = \"4.02\";\r\n bDetected = true;\r\n }\r\n }\r\n\r\n if (bDetected) {\r\n if (PE.getVersionStringInfo(\"Comments\").indexOf(\"Trial\") >= 0) {\r\n sOptions = \"Trial\";\r\n }\r\n }\r\n\r\n return result();\r\n}\r\n" }, { "path": "db/PE/installer_SfxCA.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"installer\", \"Sfx Custom Action\");\n\nfunction detect() {\n if (PE.compareOverlay(\"'MSCF'00000000\")) {\n if (PE.compareEP(\"48895c24..48897424..574883ec..498bf88bda488bf183fa..75..e8........4c8bc7\")) {\n sVersion = \"3.8, by Outercurve Foundation\";\n bDetected = true;\n } else if (PE.compareEP(\"558bec837d....75..e8$$$$$$$$558bec83ec..8365....8365....a1........5657bf........be........3bc7\")) {\n sVersion = \"3.10, by Outercurve Foundation\";\n bDetected = true;\n }\n }\n\n return result();\n}" }, { "path": "db/PE/installer_Smart_Install_Maker.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\n// https://smart-install-maker.software.informer.com/\nmeta(\"installer\", \"Smart Install Maker\");\n\nfunction detect() {\n if (PE.compareEP(\"558bec83c4..b8........e8$$$$$$$$538bd833c0a3........6a..e8........a3........a1........a3........33c0a3\")) {\n if (PE.compareOverlay(\"'Smart Install Maker v'\")) {\n sVersion = PE.getString(PE.getOverlayOffset() + 0x17);\n bDetected = true;\n } else if (PE.compareOverlay(\"..........87000001........5d0000800000\")) {\n bDetected = true;\n }\n }\n\n return result();\n}" }, { "path": "db/PE/installer_Sony_Windows_Installer.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"installer\", \"Sony Windows Installer\");\n\nfunction detect() {\n if (PE.compareOverlay(\"'UM'030a00\")) {\n if (PE.compareEP(\"4883ec..e8$$$$$$$$48895c....574883ec..488b..........48836424....48bf................483bc774\")) {\n bDetected = true;\n } else if (PE.compareEP(\"e8$$$$$$$$8bff558bec83ec..a1........8365....8365....5357bf........bb........3bc774\")) {\n bDetected = true;\n }\n }\n\n return result();\n}" }, { "path": "db/PE/installer_Spoon_Installer.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n// updated A.S.L 2022.08.06\n\nmeta(\"installer\", \"Spoon Installer\");\n\nfunction detect() {\n if (PE.compareEP(\"558bec6a..68........68........64a1........50648925........83ec..5356578965..ff15\")) {\n if (PE.compareOverlay(\"'BZh91AY&SY'\")) {\n sOptions = \"BZIP2\";\n bDetected = true;\n } else if (PE.compareOverlay(\"']'00008000\")) {\n sOptions = \"Lzma\";\n bDetected = true;\n }\n\n if (PE.getAddressOfEntryPoint() == 0x0040C36E) {\n sVersion = \"11 2005\";\n }\n }\n\n return result();\n}" }, { "path": "db/PE/installer_Squirrel.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: BJNFNE \n\n// https://github.com/Squirrel/Squirrel.Windows\nmeta(\"installer\", \"Squirrel\");\n\nfunction detect() {\n var versionString = PE.getVersionStringInfo(\"SquirrelAwareVersion\");\n\n if (versionString) {\n sVersion = versionString;\n if (sVersion == \"1\") {\n sVersion = \"1.0.0-1.9.1\";\n }\n\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/PE/installer_SwiftView_installer.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"installer\", \"SwiftView Inc. installer\");\n\nfunction detect() {\n if (PE.compareEP(\"558bec6a..68........68........64a100000000506489250000000083ec..5356578965\") && PE.compareOverlay(\"'This is the end of the executable'\")) {\n sVersion = \"6.1\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/PE/installer_Synactis_In-The-Box_Installer.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: A.S.L. 2019.07.25\n\nmeta(\"installer\", \"Synactis In-The-Box Installer\");\n\nfunction detect() {\n if (PE.getAddressOfEntryPoint() == 0x00A98B0) {\n if (PE.compareEP(\"558bEC83C4F0B8\") && PE.compareOverlay(\"'['\")) {\n sVersion = \"4.0\";\n sOptions = \"zip sfx\";\n bDetected = true;\n }\n } else if (PE.compareEP(\"'All In-The-Box Installer'\", 0x60)) {\n sOptions = \"zip sfx\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/PE/installer_Tarma_Installer.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"installer\", \"Tarma Installer\");\n\nfunction detect() {\n if (PE.compareOverlay(\"'tiz1'........78da\")) {\n sOptions = \"zlib\";\n if (PE.compareEP(\"558bec6a..68........68........64a1........50648925........83ec..5356578965..e8\")) {\n bDetected = true;\n } else if (PE.compareEP(\"60be........8dbe........5783cd..eb\")) {\n bDetected = true;\n }\n }\n if (PE.isSectionNamePresent(\".tsustub\") && PE.isSectionNamePresent(\".tsuarch\")) {\n if (PE.compareEP(\"558bec81ec........535633db5766899d........895d..895d..ff15\")) {\n sName = \"Tarma InstallMate\";\n sVersion = \"9.0\";\n bDetected = true;\n } else if (PE.compareEP(\"48895c24..48896c24..48897424..574881ec........66836424....33f633ffff15........488d8c24........8bd8ff15\")) {\n sName = \"Tarma InstallMate\";\n sVersion = \"9.0\";\n sOptions = \"x64\";\n bDetected = true;\n }\n }\n\n return result();\n}" }, { "path": "db/PE/installer_Themepak.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"installer\", \"THEMEPAK\");\n\nfunction detect() {\n if (PE.compareEP(\"558bec81ec........535657c745..........ff75..64ff35........648925........8d45\")) {\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/PE/installer_UFI_installer.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: A.S.L. 2020.09.30\n\nmeta(\"installer\", \"UFI installer\");\n\nfunction detect() {\n if (PE.compareEP(\"558BEC\") && PE.resource[\"BINFILE\"] && PE.resource[\"BINFILE_2\"]) {\n sVersion = \"1.X, Flash\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/PE/installer_VMWare.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"installer\", \"VMWare\");\n\nfunction detect() {\n if (PE.compareOverlay(\"'RWMV'\")) {\n if (PE.compareEP(\"e8$$$$$$$$8bff558bec83ec..a1........8365....8365....5357bf........bb........3bc774..85c374..f7d0\")) {\n sName += \" Installation Launcher\";\n bDetected = true;\n } else if (PE.compareEP(\"e8$$$$$$$$558bec83ec..a1........8365....8365....5357bf........3bc7bb........74..85c374..f7d0\")) {\n sName += \" Installation Launcher\";\n bDetected = true;\n } else if (PE.compareEP(\"4883ec..e8$$$$$$$$48895c24..574883ec..488b05........48836424....48bf................483bc774..48f7d0\")) {\n sName += \" Installation Launcher\";\n bDetected = true;\n } else if (PE.compareEP(\"e8$$$$$$$$558bec83ec..8365....8365....a1........5657bf........be........3bc7\")) {\n sName += \" Installation Launcher\";\n bDetected = true;\n }\n }\n\n if (PE.isOverlayPresent() && PE.compareEP(\"e8$$$$$$$$558bec83ec..a1........8365....8365....5357bf........3bc7bb........74..85c374..f7d0\")) {\n var nSize = Math.min(PE.getOverlaySize(), 0x100);\n if (PE.findString(PE.getOverlayOffset(), nSize, \"BZh91AY&\") != -1) {\n sName += \" Software Installer\";\n sOptions = \"bzip2\";\n bDetected = true;\n } else if (PE.findSignature(PE.getOverlayOffset(), nSize, \"d0cf11e0a1b11ae1\") != -1) {\n sName += \" Software Installer\";\n sOptions = \"MS Compound\";\n bDetected = true;\n }\n }\n\n if (bDetected) {\n sVersion = PE.getFileVersion();\n }\n\n return result();\n}" }, { "path": "db/PE/installer_Vise.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"installer\", \"Vise\");\n\nfunction detect() {\n if (PE.compareEP(\"558bec6a..68........68........64a1........50648925........83ec..5356578965..ff15\")) {\n if (PE.compareOverlay(\"'ESIV'\")) {\n bDetected = true;\n } else if (PE.compare(\"'SIVM'\", 0xf000)) {\n bDetected = true;\n }\n }\n\n return result();\n}" }, { "path": "db/PE/installer_WiX_Toolset_installer.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"installer\", \"WiX Toolset Installer\");\n\nfunction detect() {\n if (PE.compareOverlay(\"'MSCF'00000000\")) {\n if (PE.compareEP(\"e8$$$$$$$$558bec83ec..a1........8365....8365....5657bf........be........3bc774..85c674..f7\")) {\n bDetected = true;\n } else if (PE.compareEP(\"e8$$$$$$$$558bec83ec..8365....8365....a1........5657bf........be........3bc774..85c674..f7\")) {\n bDetected = true;\n } else if (PE.compareEP(\"e8$$$$$$$$8bff558bec83ec..a1........8365....8365....5357bf........bb........3bc774..85c374..f7\")) {\n bDetected = true;\n } else if (PE.isSectionNamePresent(\".wixburn\")) {\n sVersion = \"1.0\";\n bDetected = true;\n }\n }\n\n return result();\n}" }, { "path": "db/PE/installer_WinRAR_Installer.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"installer\", \"WinRAR Installer\");\n\nfunction detect() {\n if (PE.compareEP(\"e8$$$$$$$$558bec83c4..b8........53\")) {\n if (PE.compareOverlay(\"'***messages***'\")) {\n bDetected = true;\n }\n } else if (PE.compareEP(\"a1........c1e0..a3........575133c0bf........b9........3bcf76..2bcffcf3aa595f\")) {\n if (PE.compareOverlay(\"'Rar!'1a\")) {\n bDetected = true;\n }\n } else if (PE.compareEP(\"e8$$$$$$$$558bec83ec..68........68........e8........59598945..837d\")) {\n if (PE.compareOverlay(\"'PK'0304\")) {\n bDetected = true;\n }\n }\n if (PE.compareOverlay(\"fffe2a002a002a006d0065007300730061006700650073002a002a002a00\")) {\n sOptions = \"Unicode\";\n if (PE.compareEP(\"4883ec..e8$$$$$$$$48895c24..55488bec4883ec..488365....48bb................488b05........483bc375\")) {\n sVersion = \"5.X\";\n bDetected = true;\n } else if (PE.compareEP(\"e8$$$$$$$$558bec83ec..8365....8365....a1........5657bf........be........3bc7\")) {\n sVersion = \"5.X\";\n bDetected = true;\n }\n }\n\n return result();\n}" }, { "path": "db/PE/installer_Winamp_Installer.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"installer\", \"Winamp Installer\");\n\nfunction detect() {\n if (PE.compareEP(\"81ec........a1........8b0d........8b15........53894424..a1........894c24..8a0d........555657894424..884c24..b9\")) {\n sVersion = \"1.0\";\n sOptions = \"1997-98 by Nullsoft, Inc.\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/PE/installer_Windows_Installer.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: Jason Hood \n\nmeta(\"installer\", \"Windows Installer\");\n\nfunction detect() {\n for (var i = 0; i < PE.resource.length; i++) {\n if (PE.compare(\"D0CF11E0A1B11AE1\", PE.resource[i].Offset)) {\n var nOffset = PE.findString(PE.resource[i].Offset, PE.resource[i].Size, \"Windows Installer\");\n if (nOffset != -1) {\n var aVersion = PE.getString(nOffset).match(/ XML \\((.*?)\\)/);\n if (aVersion) {\n sOptions = \"XML\";\n sVersion = aVersion[1];\n }\n\n bDetected = true;\n }\n }\n }\n\n return result();\n}" }, { "path": "db/PE/installer_Wise_Installer.1.sg", "content": "// Detect It Easy: detection rule file\r\n// Author: horsicq \r\n\r\nmeta(\"installer\", \"Wise Installer\");\r\n\r\nfunction detect() {\r\n if (PE.getOverlaySize() > 80) {\r\n var nOffset = PE.getOverlayOffset() + 77;\r\n if (PE.readDword(nOffset) == PE.getSize()) {\r\n bDetected = true;\r\n } else if (PE.isSectionNamePresent(\".WISE\")) {\r\n bDetected = true;\r\n } else if (PE.compareEP(\"558bec81ec........5356576a..ff15........ff15........8bf08975..8a063c..0f85........8a46..46\")) {\r\n bDetected = true;\r\n } else if (PE.compareEP(\"558bec81ec........5356576a..5e6a..8975..ff15........ff15........8bf8897d..8a073c..0f85........8a47..47\")) {\r\n bDetected = true;\r\n }\r\n } else if (PE.compareEP(\"81ec........535556576a..ff15........33db895c24..895c24..895c24..895c24..895c24..ff15........8a08894424\")) {\r\n if (PE.isSectionNamePresent(\".WISE\")) {\r\n sOptions = \"CAB\";\r\n bDetected = true;\r\n }\r\n }\r\n if (PE.compareEP(\"558bec81ec........53565733f6466a..8975..ff15........ff15........8bf88a07\")) {\r\n if (PE.findSignature(PE.getOverlayOffset(), 0x1000, \"'Wise Installation Wizard...'\") != -1) {\r\n bDetected = true;\r\n }\r\n }\r\n if (PE.isSectionNamePresent(\".WISE\")) {\r\n if (PE.findSignature(PE.getSectionFileOffset(PE.getSectionNumber(\".WISE\")), 0x1000, \"'Wise Installation Wizard...'\") != -1) {\r\n bDetected = true;\r\n }\r\n }\r\n if (PE.compareEP(\"64a1........558bec6a..68........68........50648925........83ec..5356578965..ff15\")) {\r\n if (PE.findSignature(PE.getOverlayOffset(), 0x1000, \"504b0304\") != -1) {\r\n sOptions = \"ZIP\";\r\n bDetected = true;\r\n } else if (PE.compareOverlay(\"'MSCF'0000\")) {\r\n sOptions = \"CAB\";\r\n bDetected = true;\r\n }\r\n }\r\n if (PE.compareEP(\"558bec81ec........538d85........5633db57be........565053ff15........568d85........5050ff15........538d8d........536a..536a..68........51ff15\")) {\r\n bDetected = true;\r\n }\r\n if (PE.compareEP(\"558bec81ec........538d85........565733f6\")) {\r\n bDetected = true;\r\n }\r\n if (PE.compareEP(\"558bec81ec........5356be........578d85........5633db5053\")) {\r\n if (PE.compare(\"'GLB'00\", PE.getSectionFileOffset(PE.getSectionNumber(\".data\")) + 0x10)) {\r\n bDetected = true;\r\n }\r\n }\r\n\r\n return result();\r\n}\r\n" }, { "path": "db/PE/installer_Xoreax_installer.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"installer\", \"Xoreax Installer\");\n\nfunction detect() {\n if (PE.compareEP(\"558becb9........6a..6a..4975..51535657b8........e8........33c055\")) {\n for (var i = 0; i < PE.getNumberOfResources(); i++) {\n if (PE.resource[i].Type == \"RT_RCDATA\") {\n if (PE.compare(\"5d0000\", PE.resource[i].Offset)) {\n bDetected = true;\n break;\n }\n }\n }\n }\n\n return result();\n}" }, { "path": "db/PE/installer_distutils.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"installer\", \"distutils\");\n\nfunction detect() {\n if (PE.compareOverlay(\"'[metadata]'\")) {\n if (PE.compareEP(\"e8........e9$$$$$$$$6a5868........e8........33f68975..8d45..50ff15........6a..5f897d..b8........663905........75\")) {\n sVersion = \"2.6\"\n bDetected = true;\n } else if (PE.compareEP(\"6a..68........e8........33db895d..538b3d........ffd766........75..8b48..03c88139........75..0fb7\")) {\n sVersion = \"2.5\"\n bDetected = true;\n }\n }\n\n return result();\n}" }, { "path": "db/PE/installer_sqx.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: A.S.L \n// SIGNATURE CREATED : 2023.10.02\n\nmeta(\"installer\", \"SQX Archive Installer 2002\");\n\nfunction detect() {\n var dataSection = PE.section[\".data\"];\n\n if (PE.compareEP(\"558bec83ec44\") && dataSection && PE.findString(dataSection.FileOffset, dataSection.FileSize, \"SFX kann nicht gestartet werden\") != 1) {\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/PE/joiner_Celesty_File_Binder.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: Eliseu Filipi\n\nmeta(\"joiner\", \"Celesty File Binder\");\n\nfunction detect() {\n if (PE.compareEP(\"E8261F0000E989FEFFFF8BFF558BEC83EC208B450856576A0859BE0C9240008D7DE0F3A58945F88B450C5F8945FC5E85C074\")) {\n sVersion = \"1.0\";\n sOptions = \"static\";\n bDetected = true;\n } else if (PE.compareEP(\"E896040000E963FDFFFF8BFF558BEC81EC28030000A3E8514000890DE45140008915E0514000891DDC5140008935D8514000893DD4514000668C1500\")) {\n sVersion = \"1.0\";\n sOptions = \"dynamic\"; // AnyCPU\n bDetected = true;\n }\n\n sLang = \"C++\";\n\n return result();\n}" }, { "path": "db/PE/joiner_ExeSplitter.1.sg", "content": "// Detect It Easy: detection rule file\r\n// Author: horsicq \r\n\r\nmeta(\"joiner\", \"ExeSplitter\");\r\n\r\nfunction detect() {\r\n if (PE.compareEP(\"E99502000064A1000000008338FF74048B00EBF78B4004C3558BECB8000000008B750881E60000FFFF\")) {\r\n sVersion = \"1.2\";\r\n bDetected = true;\r\n } else if (PE.compareEP(\"E8000000005D81ED........E866FEFFFF55508D9D........538D9D\")) {\r\n sVersion = \"1.3\";\r\n sOptions = \"Split Method\";\r\n bDetected = true;\r\n } else if (PE.compareEP(\"E9FE010000..............000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000073766345723031312E746D7000\")) { // s v c E r 0 1 1 . t m p\r\n sVersion = \"1.3\";\r\n sOptions = \"Split Method\";\r\n bDetected = true;\r\n } else if (PE.compareEP(\"E8000000005D81ED........B9........8D85........80306640E2FA8F98676666\")) {\r\n sVersion = \"1.3\";\r\n sOptions = \"Split+Crypt Method\";\r\n bDetected = true;\r\n }\r\n\r\n return result();\r\n}\r\n" }, { "path": "db/PE/joiner_FreeJoiner.1.sg", "content": "// Detect It Easy: detection rule file\r\n// Author: horsicq \r\n\r\nmeta(\"joiner\", \"FreeJoiner\");\r\n\r\nfunction detect() {\r\n if (PE.compareEP(\"9087FF9090B92B000000BA........83C2039087FF9090B9040000009087FF9033C9C705\")) {\r\n sVersion = \"1.5.1\";\r\n bDetected = true;\r\n } else if (PE.compareEP(\"E846FDFFFF50E80C000000FF25........FF25........FF25........FF25........FF25\")) {\r\n sVersion = \"1.5.2 Stub engine 1.6\";\r\n bDetected = true;\r\n } else if (PE.compareEP(\"E833FDFFFF50E80D000000CCFF25........FF25........FF25........FF25........FF25\")) {\r\n sVersion = \"1.5.3 Stub engine 1.7\";\r\n bDetected = true;\r\n } else if (PE.compareEP(\"86D69086F2B9936008FE9086D69086F2B99D13450186D69086F281C2936008FE33C9B930744D\")) {\r\n sVersion = \"1.5.3 Stub engine 1.7.1\";\r\n bDetected = true;\r\n } else if (PE.compareEP(\"558BEC83C4F086FF680001000068........6A00E8F30100008AC06A0068800000006A036A00\")) {\r\n sVersion = \"Small build 014/015\";\r\n bDetected = true;\r\n } else if (PE.compareEP(\"E8....FFFF6A00E80D000000CCFF25........FF25........FF25........FF25........FF25\")) {\r\n sVersion = \"Small build 014-020\";\r\n bDetected = true;\r\n } else if (PE.compareEP(\"558BEC83C4F086FF86DB86FF680001000068........6A00E8FF0100008AE46A0068800000006A03\")) {\r\n sVersion = \"Small build 017\";\r\n bDetected = true;\r\n } else if (PE.compareEP(\"E8E1FDFFFF6A00E80C000000FF25........FF25........FF25........FF25........FF25\")) {\r\n sVersion = \"Small build 023\";\r\n bDetected = true;\r\n } else if (PE.compareEP(\"5032C48AC358E8DEFDFFFF6A00E80D000000CCFF25........FF25........FF25........FF25\")) {\r\n sVersion = \"Small build 029\";\r\n bDetected = true;\r\n } else if (PE.compareEP(\"5032..668BC358E8..FDFFFF6A00E80D000000CCFF25........FF25........FF25........FF25\")) {\r\n sVersion = \"Small build 031/032\";\r\n bDetected = true;\r\n } else if (PE.compareEP(\"506633C3668BC158E8ACFDFFFF6A00E80D000000CCFF25........FF25........FF25........FF25\")) {\r\n sVersion = \"Small build 033\";\r\n bDetected = true;\r\n } else if (PE.compareEP(\"5133CB86C959E89EFDFFFF6687DB6A00E80C000000FF25........FF25........FF25........FF25\")) {\r\n sVersion = \"Small build 035\";\r\n bDetected = true;\r\n }\r\n\r\n return result();\r\n}\r\n" }, { "path": "db/PE/joiner_MicroJoiner.1.sg", "content": "// Detect It Easy: detection rule file\r\n// Author: horsicq \r\n\r\nmeta(\"joiner\", \"MicroJoiner\");\r\n\r\nfunction detect() {\r\n if (PE.compareEP(\"BE........BB........33ED83EE04392E7411\")) {\r\n sVersion = \"1.1\";\r\n bDetected = true;\r\n } else if (PE.compareEP(\"BF........83EC308BECE8C8FFFFFFE8C3FFFFFF\")) {\r\n sVersion = \"1.5\";\r\n bDetected = true;\r\n } else if (PE.compareEP(\"33C0648B38488BC8F2AFAF8B1F6633DB66813B\")) {\r\n sVersion = \"1.6\";\r\n bDetected = true;\r\n } else if (PE.compareEP(\"BF........8D5F216A0A586A04596057E88E000000\")) {\r\n sVersion = \"1.7\";\r\n bDetected = true;\r\n }\r\n\r\n return result();\r\n}\r\n" }, { "path": "db/PE/joiner_N-Joiner.1.sg", "content": "// Detect It Easy: detection rule file\r\n// Author: horsicq \r\n\r\nmeta(\"joiner\", \"N-Joiner\");\r\n\r\nfunction detect() {\r\n if (PE.compareEP(\"6A0068........68........6A00E8140000006A00E813000000CCFF25........FF25........FF25........FF25\")) {\r\n sVersion = \"0.1\";\r\n bDetected = true;\r\n }\r\n\r\n return result();\r\n}\r\n" }, { "path": "db/PE/joiner_OxiJoiner.2.sg", "content": "// Detect It Easy: detection rule file\n// Author: KDSS-Research\n\n// https://happy-hack.net/pentest/10639-oxi-joiner-by-vazonez.html\nmeta(\"joiner\", \"OxiJoiner\");\n\nfunction detect() {\n var rsrcSection = PE.section[\".rsrc\"];\n\n if (PE.compareEP(\"e85c000000a30b3040006a00e868000000a313304000e86a000000a3703c40006a0aff350b3040006a00ff3513304000e8eaf4ffff6a00e813000000ccff257c204000ff2508204000ff250c204000ff\") &&\n rsrcSection && PE.findString(rsrcSection.FileOffset, rsrcSection.FileSize, \"PAPADDING\") !== -1) {\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/PE/joiner_RJoiner.1.sg", "content": "// Detect It Easy: detection rule file\r\n// Author: horsicq \r\n\r\nmeta(\"joiner\", \"RJoiner\");\r\n\r\nfunction detect() {\r\n if (PE.compareEP(\"558BEC81EC0C0200008D85F4FDFFFF56506804010000FF15\")) {\r\n sVersion = \"1.2\";\r\n bDetected = true;\r\n } else if (PE.compareEP(\"558BEC81EC0C0100008D85F4FEFFFF56506804010000FF15\")) {\r\n sVersion = \"1.2a\";\r\n bDetected = true;\r\n } else if (PE.compareEP(\"E803FDFFFF6A00E80C000000FF25........FF25........FF25\")) {\r\n bDetected = true;\r\n }\r\n\r\n return result();\r\n}\r\n" }, { "path": "db/PE/joiner_SFXRun.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"joiner\", \"SFXRun\");\n\nfunction detect() {\n if (PE.compareEP(\"ff15........8038..75..8a48..4080f9..74..84c975..eb..408a0880f9..74..80f9..74\")) {\n sVersion = \"1.1\";\n sOptions = \"1999 by Sergey Sorokin\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/PE/joiner_inPEct.1.sg", "content": "// Detect It Easy: detection rule file\r\n// Author: horsicq \r\n\r\nmeta(\"joiner\", \"inPEct\");\r\n\r\nfunction detect() {\r\n if (PE.compareEP(\"E8000000005D5583C5208BF58BFEB9......00BA........AD8BD833C2C1C20703D3ABE2F3\")) {\r\n sVersion = \"1.1\";\r\n bDetected = true;\r\n }\r\n\r\n return result();\r\n}\r\n" }, { "path": "db/PE/library_16Edit.4.sg", "content": "// Detect It Easy: detection rule file\n// Author: BJNFNE \n\n// http://old-dos.ru/index.php?page=files&mode=files&do=list&cat=231\nmeta(\"library\", \"16Edit\");\n\nfunction detect() {\n if (PE.isLibraryPresent(\"16Edit.dll\")) {\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/PE/library_7z.4.sg", "content": "// Detect It Easy: detection rule file\n\n// Author: DosX\n// E-Mail: collab@kay-software.ru\n// GitHub: https://github.com/DosX-dev\n// Telegram: @DosX_dev\n\nmeta(\"library\", \"7-Zip\");\n\nfunction detect() {\n if (PE.isLibraryPresentExp(/^7z/) || PE.isLibraryPresentExp(/lib7z/i)) {\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/PE/library_AMD_FSR.4.sg", "content": "// Detect It Easy: detection rule file\n\n// Author: DosX\n// E-Mail: collab@kay-software.ru\n// GitHub: https://github.com/DosX-dev\n// Telegram: @DosX_dev\n\n// https://www.amd.com/en/products/graphics/technologies/fidelityfx/super-resolution.html\nmeta(\"library\", \"AMD FSR\");\n\nfunction detect() {\n if (PE.is64()) {\n if (PE.isLibraryPresentExp(/^ffx_fsr2/i)) {\n sVersion = \"2.X\";\n } else if (PE.isExportFunctionPresent(\"ffxFsr2ContextCreate\")) {\n sOptions = \"static\"; // EAT\n sVersion = \"2.X\";\n } else if (PE.isLibraryPresentExp(/^ffx_fsr3/i)) {\n sVersion = \"3.X\";\n } else if (PE.isExportFunctionPresent(\"ffxFsr3UpscalerContextCreate\")) {\n sOptions = \"static\"; // EAT\n sVersion = \"3.X\";\n } else if (PE.isLibraryPresentExp(/^ffx_fsr/i) || PE.isLibraryPresentExp(/fidelityfx/i)) { // unknown version\n bDetected = true;\n } else if (PE.isExportFunctionPresentExp(/^ffxFsr/)) {\n sOptions = \"static\"; // EAT\n }\n }\n\n bDetected = bDetected || Boolean(sVersion) || Boolean(sOptions);\n\n return result();\n}" }, { "path": "db/PE/library_AMD_GraphicalServices.4.sg", "content": "// Detect It Easy: detection rule file\n// Author: BJNFNE \n\n// https://gpuopen.com/amd-gpu-services-ags-library/\nmeta(\"library\", \"AMD Graphical Services\");\n\nfunction detect() {\n if (PE.isLibraryPresentExp(/^amd_ags_x(86|64)/i)) {\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/PE/library_ASIPort.4.sg", "content": "// Detect It Easy: detection rule file\n// Author: BJNFNE \n// Copyright (c) 1991 Altura Software, Inc.\n\n// https://wiki.scummvm.org/index.php?title=Director\nmeta(\"library\", \"ASIPort\");\n\nfunction detect() {\n if (PE.compareOverlay(\"35394a50\")) {\n sVersion = \"1.0\";\n sOptions = \"Director Engine\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/PE/library_AjaxMin.4.sg", "content": "// Detect It Easy: detection rule file\n\n// Author: DosX\n// E-Mail: collab@kay-software.ru\n// GitHub: https://github.com/DosX-dev\n// Telegram: @DosX_dev\n\n// http://ajaxmin.codeplex.com/\nmeta(\"library\", \"AjaxMin\");\n\nfunction detect() {\n if (PE.isNetObjectPresent(\"AjaxMin\")) {\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/PE/library_Alibaba_CloudSDK.4.sg", "content": "// Detect It Easy: detection rule file\n\n// Author: DosX\n// E-Mail: collab@kay-software.ru\n// GitHub: https://github.com/DosX-dev\n// Telegram: @DosX_dev\n\n// https://github.com/aliyun/aliyun-openapi-net-sdk\nmeta(\"library\", \"Alibaba Cloud SDK\");\n\nfunction detect() {\n if (PE.isNetObjectPresent(\"aliyun-net-sdk-ram\")) {\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/PE/library_Amazon_CloudWatch.4.sg", "content": "// Detect It Easy: detection rule file\n\n// Author: DosX\n// E-Mail: collab@kay-software.ru\n// GitHub: https://github.com/DosX-dev\n// Telegram: @DosX_dev\n\n// https://www.nuget.org/packages/AWSSDK.CloudWatch\nmeta(\"library\", \"Amazon CloudWatch\");\n\nfunction detect() {\n if (PE.isNetObjectPresent(\"AWSSDK.CloudWatch\")) {\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/PE/library_Amazon_CloudWatchLogs.4.sg", "content": "// Detect It Easy: detection rule file\n\n// Author: DosX\n// E-Mail: collab@kay-software.ru\n// GitHub: https://github.com/DosX-dev\n// Telegram: @DosX_dev\n\n// https://www.nuget.org/packages/AWSSDK.CloudWatchLogs\nmeta(\"library\", \"Amazon CloudWatchLogs\");\n\nfunction detect() {\n if (PE.isNetObjectPresent(\"AWSSDK.CloudWatchLogs\")) {\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/PE/library_Amazon_DynamoDB.4.sg", "content": "// Detect It Easy: detection rule file\n\n// Author: DosX\n// E-Mail: collab@kay-software.ru\n// GitHub: https://github.com/DosX-dev\n// Telegram: @DosX_dev\n\n// https://www.nuget.org/packages/AWSSDK.DynamoDBv2\nmeta(\"library\", \"Amazon DynamoDB\");\n\nfunction detect() {\n if (PE.isNetObjectPresent(\"AWSSDK.DynamoDBv2\")) {\n sVersion = \"2, 3.X-4.X\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/PE/library_Amazon_ElasticComputeCloudService.4.sg", "content": "// Detect It Easy: detection rule file\n\n// Author: DosX\n// E-Mail: collab@kay-software.ru\n// GitHub: https://github.com/DosX-dev\n// Telegram: @DosX_dev\n\n// https://www.nuget.org/packages/AWSSDK.EC2\nmeta(\"library\", \"Amazon Elastic Compute Cloud Service\");\n\nfunction detect() {\n if (PE.isNetObjectPresent(\"AWSSDK.EC2\")) {\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/PE/library_Amazon_Glue.4.sg", "content": "// Detect It Easy: detection rule file\n\n// Author: DosX\n// E-Mail: collab@kay-software.ru\n// GitHub: https://github.com/DosX-dev\n// Telegram: @DosX_dev\n\n// https://www.nuget.org/packages/AWSSDK.Glue\nmeta(\"library\", \"Amazon Glue\");\n\nfunction detect() {\n if (PE.isNetObjectPresent(\"AWSSDK.Glue\")) {\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/PE/library_Amazon_Kinesis.4.sg", "content": "// Detect It Easy: detection rule file\n\n// Author: DosX\n// E-Mail: collab@kay-software.ru\n// GitHub: https://github.com/DosX-dev\n// Telegram: @DosX_dev\n\n// https://www.nuget.org/packages/AWSSDK.Kinesis\nmeta(\"library\", \"Amazon Kinesis\");\n\nfunction detect() {\n if (PE.isNetObjectPresent(\"AWSSDK.Kinesis\")) {\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/PE/library_Amazon_Lambda.4.sg", "content": "// Detect It Easy: detection rule file\n\n// Author: DosX\n// E-Mail: collab@kay-software.ru\n// GitHub: https://github.com/DosX-dev\n// Telegram: @DosX_dev\n\n// https://www.nuget.org/packages/AWSSDK.Lambda\nmeta(\"library\", \"Amazon Lambda\");\n\nfunction detect() {\n if (PE.isNetObjectPresent(\"AWSSDK.Lambda\")) {\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/PE/library_Amazon_RelationalDatabaseService.4.sg", "content": "// Detect It Easy: detection rule file\n\n// Author: DosX\n// E-Mail: collab@kay-software.ru\n// GitHub: https://github.com/DosX-dev\n// Telegram: @DosX_dev\n\n// https://www.nuget.org/packages/AWSSDK.RDS\nmeta(\"library\", \"Amazon Relational Database Service\");\n\nfunction detect() {\n if (PE.isNetObjectPresent(\"AWSSDK.RDS\")) {\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/PE/library_Amazon_SecretsManager.4.sg", "content": "// Detect It Easy: detection rule file\n\n// Author: DosX\n// E-Mail: collab@kay-software.ru\n// GitHub: https://github.com/DosX-dev\n// Telegram: @DosX_dev\n\n// https://www.nuget.org/packages/AWSSDK.SecretsManager\nmeta(\"library\", \"Amazon SecretsManager\");\n\nfunction detect() {\n if (PE.isNetObjectPresent(\"AWSSDK.SecretsManager\")) {\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/PE/library_Amazon_SecurityToken.4.sg", "content": "// Detect It Easy: detection rule file\n\n// Author: DosX\n// E-Mail: collab@kay-software.ru\n// GitHub: https://github.com/DosX-dev\n// Telegram: @DosX_dev\n\n// https://www.nuget.org/packages/AWSSDK.SecurityToken\nmeta(\"library\", \"Amazon Security Token Service\");\n\nfunction detect() {\n if (PE.isNetObjectPresent(\"AWSSDK.SecurityToken\")) {\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/PE/library_Amazon_ServicesSDK.4.sg", "content": "// Detect It Easy: detection rule file\n\n// Author: DosX\n// E-Mail: collab@kay-software.ru\n// GitHub: https://github.com/DosX-dev\n// Telegram: @DosX_dev\n\n// https://github.com/aws/aws-sdk-net\nmeta(\"library\", \"Amazon Services SDK\");\n\nfunction detect() {\n if (PE.isNetObjectPresent(\"AWSSDK.Core\")) {\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/PE/library_Amazon_SimpleEmail.4.sg", "content": "// Detect It Easy: detection rule file\n\n// Author: DosX\n// E-Mail: collab@kay-software.ru\n// GitHub: https://github.com/DosX-dev\n// Telegram: @DosX_dev\n\n// https://www.nuget.org/packages/AWSSDK.SimpleEmail\nmeta(\"library\", \"Amazon SimpleEmail\");\n\nfunction detect() {\n if (PE.isNetObjectPresent(\"AWSSDK.SimpleEmail\")) {\n sVersion = \"2, 3.X-4.X\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/PE/library_Amazon_SimpleQueueService.4.sg", "content": "// Detect It Easy: detection rule file\n\n// Author: DosX\n// E-Mail: collab@kay-software.ru\n// GitHub: https://github.com/DosX-dev\n// Telegram: @DosX_dev\n\n// https://www.nuget.org/packages/AWSSDK.S3\nmeta(\"library\", \"Amazon Simple Queue Service\");\n\nfunction detect() {\n if (PE.isNetObjectPresent(\"AWSSDK.SQS\")) {\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/PE/library_Amazon_SimpleStorageService.4.sg", "content": "// Detect It Easy: detection rule file\n\n// Author: DosX\n// E-Mail: collab@kay-software.ru\n// GitHub: https://github.com/DosX-dev\n// Telegram: @DosX_dev\n\n// https://www.nuget.org/packages/AWSSDK.S3\nmeta(\"library\", \"Amazon Simple Storage Service\");\n\nfunction detect() {\n if (PE.isNetObjectPresent(\"AWSSDK.S3\")) {\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/PE/library_Amazon_SingleSignOn.4.sg", "content": "// Detect It Easy: detection rule file\n\n// Author: DosX\n// E-Mail: collab@kay-software.ru\n// GitHub: https://github.com/DosX-dev\n// Telegram: @DosX_dev\n\n// https://www.nuget.org/packages/AWSSDK.SSO\nmeta(\"library\", \"Amazon Single Sign-On\");\n\nfunction detect() {\n if (PE.isNetObjectPresent(\"AWSSDK.SSO\")) {\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/PE/library_Amazon_X-Ray.4.sg", "content": "// Detect It Easy: detection rule file\n\n// Author: DosX\n// E-Mail: collab@kay-software.ru\n// GitHub: https://github.com/DosX-dev\n// Telegram: @DosX_dev\n\n// https://www.nuget.org/packages/AWSSDK.Glue\nmeta(\"library\", \"Amazon X-Ray\");\n\nfunction detect() {\n if (PE.isNetObjectPresent(\"AWSSDK.XRay\")) {\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/PE/library_AngleSharp.4.sg", "content": "// Detect It Easy: detection rule file\n\n// Author: DosX\n// E-Mail: collab@kay-software.ru\n// GitHub: https://github.com/DosX-dev\n// Telegram: @DosX_dev\n\n// https://github.com/AngleSharp/AngleSharp\nmeta(\"library\", \"AngleSharp\");\n\nfunction detect() {\n if (PE.isNetObjectPresent(\"AngleSharp\")) {\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/PE/library_Antlr.4.sg", "content": "// Detect It Easy: detection rule file\n\n// Author: DosX\n// E-Mail: collab@kay-software.ru\n// GitHub: https://github.com/DosX-dev\n// Telegram: @DosX_dev\n\n// https://www.nuget.org/packages/Antlr\nmeta(\"library\", \"Antlr\");\n\nfunction detect() {\n if (PE.isNetObjectPresent(\"Antlr3.Runtime\")) {\n sVersion = \"3.X\";\n bDetected = true;\n } else if (PE.isNetObjectPresent(\"Antlr4.Runtime\")) {\n sVersion = \"4.X\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/PE/library_AppleSoftwareUpdate.4.sg", "content": "// Detect It Easy: detection rule file\n// Author: BJNFNE \n\n// https://www.dllme.com/dll/files/softwareupdatefiles\nmeta(\"library\", \"Apple Software Update\");\n\nfunction detect() {\n if (PE.isLibraryPresent(\"SoftwareUpdateFiles.dll\")) {\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/PE/library_Argon2.4.sg", "content": "// Detect It Easy: detection rule file\n\n// Author: DosX\n// E-Mail: collab@kay-software.ru\n// GitHub: https://github.com/DosX-dev\n// Telegram: @DosX_dev\n\n// https://github.com/P-H-C/phc-winner-argon2\nmeta(\"library\", \"Argon2\");\n\nfunction detect() {\n if (PE.isFunctionPresent(\"argon2_hash\")) {\n bDetected = true;\n } else if (PE.isExportFunctionPresent(\"argon2_hash\")) {\n sOptions = \"static\"; // EAT\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/PE/library_AtMsg32.4.sg", "content": "// Detect It Easy: detection rule file\n// Author: BJNFNE \n\n// https://wiki.multimedia.cx/index.php/Engines/Atlas#AtMsg32.dll\nmeta(\"library\", \"AtMsg32\");\n\nfunction detect() {\n if (PE.isLibraryPresent(\"AtMsg32.dll\")) {\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/PE/library_Atlantic.4.sg", "content": "// Detect It Easy: detection rule file\n// Author: BJNFNE \n\n// https://www.magix.com/\nmeta(\"library\", \"VEGAS Atlantic Component\");\n\nfunction detect() {\n if (PE.isLibraryPresent(\"Atlantic.dll\")) {\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/PE/library_Authorwave.4.sg", "content": "// Detect It Easy: detection rule file\n// Author: BJNFNE \n\n// https://en.wikipedia.org/wiki/Adobe_Authorware\nmeta(\"library\", \"Adobe Authorware\");\n\nfunction detect() {\n if (PE.compareOverlay(\"'PCRS'afbcadac16000000f8\")) {\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/PE/library_Autofac.4.sg", "content": "// Detect It Easy: detection rule file\n\n// Author: DosX\n// E-Mail: collab@kay-software.ru\n// GitHub: https://github.com/DosX-dev\n// Telegram: @DosX_dev\n\n// https://github.com/autofac/Autofac\nmeta(\"library\", \"Autofac IoC Container\");\n\nfunction detect() {\n if (PE.isNetObjectPresent(\"Autofac\")) {\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/PE/library_BenchmarkDotNet.4.sg", "content": "// Detect It Easy: detection rule file\n\n// Author: DosX\n// E-Mail: collab@kay-software.ru\n// GitHub: https://github.com/DosX-dev\n// Telegram: @DosX_dev\n\n// https://github.com/dotnet/BenchmarkDotNet\nmeta(\"library\", \"BenchmarkDotNet\");\n\nfunction detect() {\n if (PE.isNetObjectPresent(\"BenchmarkDotNet\")) {\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/PE/library_Boost.4.sg", "content": "// Detect It Easy: detection rule file\n// Author: BJNFNE \n\n// https://www.boost.org/\nmeta(\"library\", \"Boost\");\n\nfunction detect() {\n if (PE.isLibraryPresentExp(/libboost/i)) {\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/PE/library_BrotliSharpLib.4.sg", "content": "// Detect It Easy: detection rule file\n\n// Author: DosX\n// E-Mail: collab@kay-software.ru\n// GitHub: https://github.com/DosX-dev\n// Telegram: @DosX_dev\n\n// https://github.com/master131/BrotliSharpLib\nmeta(\"library\", \"BrotliSharpLib\");\n\nfunction detect() {\n if (PE.isNetObjectPresent(\"BrotliSharpLib\")) {\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/PE/library_CUDA-Driver.4.sg", "content": "// Detect It Easy: detection rule file\n\n// Author: DosX\n// E-Mail: collab@kay-software.ru\n// GitHub: https://github.com/DosX-dev\n// Telegram: @DosX_dev\n\nmeta(\"library\", \"CUDA Driver\");\n\nfunction detect() {\n if (PE.isLibraryPresentExp(/^nvcuda/i)) {\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/PE/library_Castle.Net.4.sg", "content": "// Detect It Easy: detection rule file\n\n// Author: DosX\n// E-Mail: collab@kay-software.ru\n// GitHub: https://github.com/DosX-dev\n// Telegram: @DosX_dev\n\n// https://github.com/castleproject/Core\nmeta(\"library\", \"Castle\");\n\nfunction detect() {\n if (PE.isNetObjectPresent(\"Castle.Core\")) {\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/PE/library_ChilkatNativeLib.4.sg", "content": "// Detect It Easy: detection rule file\n\n// Author: DosX\n// E-Mail: collab@kay-software.ru\n// GitHub: https://github.com/DosX-dev\n// Telegram: @DosX_dev\n\n// https://www.chilkatsoft.com/\nmeta(\"library\", \"ChilkatNativeLib\");\n\nfunction detect() {\n if (PE.isNetObjectPresent(\"ChilkatNativeLib\")) {\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/PE/library_Chromium_Embedded_Framework.4.sg", "content": "// Detect It Easy: detection rule file\n\n// Author: DosX\n// E-Mail: collab@kay-software.ru\n// GitHub: https://github.com/DosX-dev\n// Telegram: @DosX_dev\n\nmeta(\"library\", \"Chromium Framework\");\n\nfunction detect() {\n if (PE.isLibraryPresent(\"libcef.dll\")) {\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/PE/library_Chromium_WebView.4.sg", "content": "// Detect It Easy: detection rule file\n\n// Author: DosX\n// E-Mail: collab@kay-software.ru\n// GitHub: https://github.com/DosX-dev\n// Telegram: @DosX_dev\n\nmeta(\"library\", \"Chromium WebView\");\n\nfunction detect() {\n if (PE.isLibraryPresent(\"chrome_elf.dll\") || PE.isSectionNamePresent(\"CPADinfo\")) {\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/PE/library_CliWrap.4.sg", "content": "// Detect It Easy: detection rule file\n\n// Author: DosX\n// E-Mail: collab@kay-software.ru\n// GitHub: https://github.com/DosX-dev\n// Telegram: @DosX_dev\n\n// https://github.com/Tyrrrz/CliWrap\nmeta(\"library\", \"CliWrap\");\n\nfunction detect() {\n if (PE.isNetObjectPresent(\"CliWrap\")) {\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/PE/library_ClosedXML.4.sg", "content": "// Detect It Easy: detection rule file\n\n// Author: DosX\n// E-Mail: collab@kay-software.ru\n// GitHub: https://github.com/DosX-dev\n// Telegram: @DosX_dev\n\n// https://github.com/ClosedXML/ClosedXML\nmeta(\"library\", \"ClosedXML\");\n\nfunction detect() {\n if (PE.isNetObjectPresent(\"ClosedXML\")) {\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/PE/library_CodeBase.4.sg", "content": "// Detect It Easy: detection rule file\n// Author: BJNFNE \n\n// https://github.com/MPSystemsServices/CodeBase-for-DBF\nmeta(\"library\", \"CodeBase\");\n\nfunction detect() {\n if (PE.isExportFunctionPresent(\"??4l4linkSt@@QAEAAU0@ABU0@@Z\")) {\n sVersion = \"4.0\";\n sOptions = \"static\"; // EAT\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/PE/library_CommandLineParser.4.sg", "content": "// Detect It Easy: detection rule file\n\n// Author: DosX\n// E-Mail: collab@kay-software.ru\n// GitHub: https://github.com/DosX-dev\n// Telegram: @DosX_dev\n\n// https://github.com/commandlineparser/commandline\nmeta(\"library\", \"CommandLineParser\");\n\nfunction detect() {\n if (PE.isNetObjectPresent(\"CommandLine\") && PE.isNetObjectPresent(\"ParseArguments\")) {\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/PE/library_Costura.Fody.4.sg", "content": "// Detect It Easy: detection rule file\r\n// Author: horsicq \r\n\r\nmeta(\"library\", \"Costura.Fody\");\r\n\r\nfunction detect() {\r\n if (PE.isNetGlobalCctorPresent() && (PE.isNetObjectPresent(\"costura.costura.dll.compressed\") || PE.isNetUStringPresent(\"costura.costura.dll.compressed\"))) {\r\n bDetected = true;\r\n }\r\n\r\n return result();\r\n}\r\n" }, { "path": "db/PE/library_Crc32_NET.4.sg", "content": "// Detect It Easy: detection rule file\n\n// Author: DosX\n// E-Mail: collab@kay-software.ru\n// GitHub: https://github.com/DosX-dev\n// Telegram: @DosX_dev\n\n// https://github.com/force-net/Crc32.NET\nmeta(\"library\", \"Crc32.NET\");\n\nfunction detect() {\n if (PE.isNetObjectPresent(\"Crc32.NET\")) {\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/PE/library_Crc_NET.4.sg", "content": "// Detect It Easy: detection rule file\n\n// Author: DosX\n// E-Mail: collab@kay-software.ru\n// GitHub: https://github.com/DosX-dev\n// Telegram: @DosX_dev\n\n// https://github.com/GediminasMasaitis/crc-dot-net\nmeta(\"library\", \"Crc.NET\");\n\nfunction detect() {\n if (PE.isNetObjectPresent(\"Crc\") && (PE.isNetObjectPresent(\"CrcBase\") || PE.isNetObjectPresent(\"Crc32Base\")) && PE.isNetObjectPresent(\"Crc32\") && PE.isNetObjectPresent(\"ComputeHash\")) {\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/PE/library_CsvHelper.4.sg", "content": "// Detect It Easy: detection rule file\n\n// Author: DosX\n// E-Mail: collab@kay-software.ru\n// GitHub: https://github.com/DosX-dev\n// Telegram: @DosX_dev\n\n// https://github.com/JoshClose/CsvHelper\nmeta(\"library\", \"CsvHelper\");\n\nfunction detect() {\n if (PE.isNetObjectPresent(\"CsvHelper\")) {\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/PE/library_D3DRM.4.sg", "content": "// Detect It Easy: detection rule file\n// Author: BJNFNE \n\n// https://en.wikipedia.org/wiki/DirectSound\nmeta(\"library\", \"Direct3D Retained Mode\");\n\nfunction detect() {\n if (PE.isLibraryPresent(\"D3DRM.DLL\")) {\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/PE/library_D3DXOF.4.sg", "content": "// Detect It Easy: detection rule file\n// Author: BJNFNE \n\n// https://learn.microsoft.com/en-us/windows/win32/direct3d9/directxfilecreate\nmeta(\"library\", \"D3DXOF\");\n\nfunction detect() {\n if (PE.isLibraryPresent(\"d3dxof.dll\")) {\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/PE/library_Dapper.4.sg", "content": "// Detect It Easy: detection rule file\n\n// Author: DosX\n// E-Mail: collab@kay-software.ru\n// GitHub: https://github.com/DosX-dev\n// Telegram: @DosX_dev\n\n// https://github.com/DapperLib/Dapper\nmeta(\"library\", \"Dapper\");\n\nfunction detect() {\n if (PE.isNetObjectPresent(\"Dapper\")) {\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/PE/library_DeepCloner.4.sg", "content": "// Detect It Easy: detection rule file\n\n// Author: DosX\n// E-Mail: collab@kay-software.ru\n// GitHub: https://github.com/DosX-dev\n// Telegram: @DosX_dev\n\n// https://github.com/force-net/DeepCloner\nmeta(\"library\", \"DeepCloner\");\n\nfunction detect() {\n if (PE.isNetObjectPresent(\"DeepCloner\")) {\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/PE/library_Direct2D.4.sg", "content": "// Detect It Easy: detection rule file\n\n// Author: DosX\n// E-Mail: collab@kay-software.ru\n// GitHub: https://github.com/DosX-dev\n// Telegram: @DosX_dev\n\nmeta(\"library\", \"Direct2D\");\n\nfunction detect() {\n if (PE.isLibraryPresentExp(/^d2d*/i)) {\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/PE/library_Direct3D.4.sg", "content": "// Detect It Easy: detection rule file\n\n// Author: DosX\n// E-Mail: collab@kay-software.ru\n// GitHub: https://github.com/DosX-dev\n// Telegram: @DosX_dev\n\nmeta(\"library\", \"Direct3D\");\n\nfunction detect() {\n var maxVersion = 0,\n re = /d3dx?(\\d+)/i;\n\n for (var n = 0; n < PE.getNumberOfImports(); n++) {\n var m = PE.getImportLibraryName(n).match(re);\n if (m && /^\\d+$/.test(m[1]) && Number(m[1]) > maxVersion) {\n maxVersion = Number(m[1]);\n }\n }\n\n for (var n = 0; n < PE.getNumberOfExportFunctions(); n++) {\n var m = PE.getExportFunctionName(n).match(re);\n if (m && /^\\d+$/.test(m[1]) && Number(m[1]) > maxVersion) {\n maxVersion = Number(m[1]);\n }\n }\n\n if (maxVersion > 0) {\n sVersion = String(maxVersion);\n bDetected = true;\n } else if (PE.isLibraryPresentExp(/^d3d/i)) {\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/PE/library_DirectDraw.4.sg", "content": "// Detect It Easy: detection rule file\n// Author: BJNFNE \n\n// https://en.wikipedia.org/wiki/DirectDraw\nmeta(\"library\", \"DirectDraw\");\n\nfunction detect() {\n if (PE.isLibraryPresent(\"DDRAW.DLL\")) {\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/PE/library_DirectInput.4.sg", "content": "// Detect It Easy: detection rule file\n// Author: BJNFNE \n\n// https://en.wikipedia.org/wiki/DirectInput\nmeta(\"library\", \"DirectInput\");\n\nfunction detect() {\n if (PE.isLibraryPresent(\"DINPUT.DLL\")) {\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/PE/library_DirectSound.4.sg", "content": "// Detect It Easy: detection rule file\n// Author: BJNFNE \n\n// https://en.wikipedia.org/wiki/DirectSound\nmeta(\"library\", \"DirectSound\");\n\nfunction detect() {\n if (PE.isLibraryPresent(\"DSOUND.DLL\")) {\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/PE/library_DirectX.4.sg", "content": "// Detect It Easy: detection rule file\n\n// Author: DosX\n// E-Mail: collab@kay-software.ru\n// GitHub: https://github.com/DosX-dev\n// Telegram: @DosX_dev\n\nmeta(\"library\", \"DirectX Graphics\");\n\nfunction detect() {\n if (PE.isLibraryPresentExp(/^dxgi/i)) {\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/PE/library_DirectorAPI.4.sg", "content": "// Detect It Easy: detection rule file\n// Author: BJNFNE \n\n// https://wiki.scummvm.org/index.php?title=Director\nmeta(\"library\", \"Director API\");\n\nfunction detect() {\n if (PE.compareOverlay(\"..304a50\")) {\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/PE/library_Discord.Net.4.sg", "content": "// Detect It Easy: detection rule file\n\n// Author: DosX\n// E-Mail: collab@kay-software.ru\n// GitHub: https://github.com/DosX-dev\n// Telegram: @DosX_dev\n\n// https://github.com/discord-net/Discord.Net\nmeta(\"library\", \"Discord.Net\");\n\nfunction detect() {\n if (PE.isNetObjectPresent(\"Discord.Net.Core\")) {\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/PE/library_DnsClient.NET.4.sg", "content": "// Detect It Easy: detection rule file\n\n// Author: DosX\n// E-Mail: collab@kay-software.ru\n// GitHub: https://github.com/DosX-dev\n// Telegram: @DosX_dev\n\n// https://github.com/MichaCo/DnsClient.NET\nmeta(\"library\", \"DnsClient.NET\");\n\nfunction detect() {\n if (PE.isNetObjectPresent(\"DnsClient\")) {\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/PE/library_Dryloc.4.sg", "content": "// Detect It Easy: detection rule file\n\n// Author: DosX\n// E-Mail: collab@kay-software.ru\n// GitHub: https://github.com/DosX-dev\n// Telegram: @DosX_dev\n\n// https://github.com/dadhi/DryIoc\nmeta(\"library\", \"Dryloc IoC Container\");\n\nfunction detect() {\n if (PE.isNetObjectPresent(\"Dryloc\")) {\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/PE/library_EAX_Unified.4.sg", "content": "// Detect It Easy: detection rule file\n// Author: BJNFNE \n\n// https://community.pcgamingwiki.com/files/file/367-eax-unified/\nmeta(\"library\", \"EAX Unified\");\n\nfunction detect() {\n if (PE.isLibraryPresent(\"EAX.dll\")) {\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/PE/library_EcmaScript_NET.4.sg", "content": "// Detect It Easy: detection rule file\n\n// Author: DosX\n// E-Mail: collab@kay-software.ru\n// GitHub: https://github.com/DosX-dev\n// Telegram: @DosX_dev\n\n// https://github.com/PureKrome/EcmaScript.NET\nmeta(\"library\", \"EcmaScript.NET\");\n\nfunction detect() {\n if (PE.isNetObjectPresent(\"EcmaScript.NET\")) {\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/PE/library_Edit_Dev.4.sg", "content": "// Detect It Easy: detection rule file\n// Author: BJNFNE \n\n// https://wiki.scummvm.org/index.php?title=Gob/DEV6_Information\nmeta(\"library\", \"Edit_Dev\");\n\nfunction detect() {\n if (PE.isLibraryPresent(\"edit_dev.dll\")) {\n sOptions = \"DEV6\";\n sVersion = \"ADI4\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/PE/library_ElectronApp.4.sg", "content": "// Detect It Easy: detection rule file\n// Author: sendersu\n// If errors pls contact sendersu on cracklab.team\n\nmeta(\"library\", \"Electron package\");\n\nfunction detect() {\n var cpadInfoSection = PE.section[\"CPADinfo\"];\n\n if (cpadInfoSection &&\n PE.isSectionNamePresent(\".00cfg\")) {\n\n bDetected = PE.findString(cpadInfoSection.FileOffset, cpadInfoSection.FileSize, \"daPC\");\n }\n\n return result();\n}" }, { "path": "db/PE/library_EpicGames.4.sg", "content": "// Detect It Easy: detection rule file\n\n// Author: DosX\n// E-Mail: collab@kay-software.ru\n// GitHub: https://github.com/DosX-dev\n// Telegram: @DosX_dev\n\n// https://onlineservices.epicgames.com/en-US/sdk\nmeta(\"library\", \"Epic Games Services\");\n\nfunction detect() {\n if (PE.isLibraryPresentExp(/^EOSSDK/)) {\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/PE/library_ExcelDataReader.4.sg", "content": "// Detect It Easy: detection rule file\n\n// Author: DosX\n// E-Mail: collab@kay-software.ru\n// GitHub: https://github.com/DosX-dev\n// Telegram: @DosX_dev\n\n// https://github.com/ExcelDataReader/ExcelDataReader\nmeta(\"library\", \"ExcelDataReader\");\n\nfunction detect() {\n if (PE.isNetObjectPresent(\"ExcelDataReader\")) {\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/PE/library_ExcelNumberFormat.4.sg", "content": "// Detect It Easy: detection rule file\n\n// Author: DosX\n// E-Mail: collab@kay-software.ru\n// GitHub: https://github.com/DosX-dev\n// Telegram: @DosX_dev\n\n// https://github.com/andersnm/ExcelNumberFormat\nmeta(\"library\", \"ExcelNumberFormat\");\n\nfunction detect() {\n if (PE.isNetObjectPresent(\"ExcelNumberFormat\")) {\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/PE/library_ExifLibNet.4.sg", "content": "// Detect It Easy: detection rule file\n\n// Author: DosX\n// E-Mail: collab@kay-software.ru\n// GitHub: https://github.com/DosX-dev\n// Telegram: @DosX_dev\n\n// https://github.com/oozcitak/exiflibrary\nmeta(\"library\", \"ExifLibrary\");\n\nfunction detect() {\n if (PE.isNetObjectPresent(\"ExifLibrary\")) {\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/PE/library_FAAD.4.sg", "content": "// Detect It Easy: detection rule file\n// Author: BJNFNE \n\n// https://www.rarewares.org/aac-decoders.php\nmeta(\"library\", \"FAAD\");\n\nfunction detect() {\n if (PE.isLibraryPresentExp(/libfaad/i)) {\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/PE/library_FFmpeg.4.sg", "content": "// Detect It Easy: detection rule file\n// Author: BJNFNE \n\n// https://www.ffmpeg.org/\nmeta(\"library\", \"FFmpeg\");\n\nfunction detect() {\n if (PE.isLibraryPresentExp(/ffmpeg/i)) {\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/PE/library_FastExpressionCompiler.4.sg", "content": "// Detect It Easy: detection rule file\n\n// Author: DosX\n// E-Mail: collab@kay-software.ru\n// GitHub: https://github.com/DosX-dev\n// Telegram: @DosX_dev\n\n// https://github.com/dadhi/FastExpressionCompiler\nmeta(\"library\", \"FastExpressionCompiler\");\n\nfunction detect() {\n if (PE.isNetObjectPresent(\"FastExpressionCompiler\")) {\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/PE/library_FastMember.4.sg", "content": "// Detect It Easy: detection rule file\n\n// Author: DosX\n// E-Mail: collab@kay-software.ru\n// GitHub: https://github.com/DosX-dev\n// Telegram: @DosX_dev\n\n// https://github.com/mgravell/fast-member\nmeta(\"library\", \"FastMember\");\n\nfunction detect() {\n if (PE.isNetObjectPresent(\"FastMember\")) {\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/PE/library_FastRsync_NET.4.sg", "content": "// Detect It Easy: detection rule file\n\n// Author: DosX\n// E-Mail: collab@kay-software.ru\n// GitHub: https://github.com/DosX-dev\n// Telegram: @DosX_dev\n\n// https://github.com/GrzegorzBlok/FastRsyncNet\nmeta(\"library\", \"FastRsync.NET\");\n\nfunction detect() {\n if (PE.isNetObjectPresent(\"FastRsync\")) {\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/PE/library_Fastenshtein.4.sg", "content": "// Detect It Easy: detection rule file\n\n// Author: DosX\n// E-Mail: collab@kay-software.ru\n// GitHub: https://github.com/DosX-dev\n// Telegram: @DosX_dev\n\n// https://github.com/DanHarltey/Fastenshtein\nmeta(\"library\", \"Fastenshtein\");\n\nfunction detect() {\n if (PE.isNetObjectPresent(\"Fastenshtein\")) {\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/PE/library_Fasterflect.4.sg", "content": "// Detect It Easy: detection rule file\n\n// Author: DosX\n// E-Mail: collab@kay-software.ru\n// GitHub: https://github.com/DosX-dev\n// Telegram: @DosX_dev\n\n// https://github.com/buunguyen/fasterflect\nmeta(\"library\", \"Combres Optimizer\");\n\nfunction detect() {\n if (PE.isNetObjectPresent(\"Fasterflect\")) {\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/PE/library_FlashPlayer.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"library\", \"Flash Player\");\n\nfunction detect() {\n if (PE.compareEP(\"83....56FF15........8BF08A063C..75..8A....463C..74..84C074..8A....463C..75..80....75..46EB..3C..7E..8A\")) {\n sVersion = PE.getFileVersion();\n bDetected = true;\n } else if (PE.compareEP(\"83....56FF15........8BF08A063C..75..8A....463C..74..84C075..3c..75..46eb..3c..76..8da4\")) {\n sVersion = \"8.0\";\n bDetected = true;\n } else if (PE.compareEP(\"83ec..56ff15........8bf08a063c..75..8a46..463c..74..84c074..8a46..463c..75..803e..75..46eb\")) {\n if (PE.compareOverlay(\"'CWS'\") || PE.compareOverlay(\"'FWS'\")) {\n sVersion = \"7.0\";\n bDetected = true;\n }\n }\n\n return result();\n}" }, { "path": "db/PE/library_FluentValidation.4.sg", "content": "// Detect It Easy: detection rule file\n\n// Author: DosX\n// E-Mail: collab@kay-software.ru\n// GitHub: https://github.com/DosX-dev\n// Telegram: @DosX_dev\n\n// https://github.com/FluentValidation/FluentValidation\nmeta(\"library\", \"FluentValidation\");\n\nfunction detect() {\n if (PE.isNetObjectPresent(\"FluentValidation\")) {\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/PE/library_Fox_Pro.4.sg", "content": "// Detect It Easy: detection rule file\r\n// Author: horsicq \r\n\r\nmeta(\"library\", \"FOXPRO\");\r\n\r\nfunction detect() {\r\n for (var i = 0; i <= PE.nLastSection; i++) {\r\n var nOffset = PE.findString(PE.section[i].FileOffset, 512, \"VisualFoxProRuntime.\");\r\n if (nOffset != -1) {\r\n sVersion = PE.getString(nOffset + 20) + \".0\";\r\n bDetected = true;\r\n }\r\n }\r\n\r\n return result();\r\n}\r\n" }, { "path": "db/PE/library_FusionCache.4.sg", "content": "// Detect It Easy: detection rule file\n\n// Author: DosX\n// E-Mail: collab@kay-software.ru\n// GitHub: https://github.com/DosX-dev\n// Telegram: @DosX_dev\n\n// https://github.com/ZiggyCreatures/FusionCache\nmeta(\"library\", \"FusionCache\");\n\nfunction detect() {\n if (PE.isNetObjectPresent(\"ZiggyCreatures.FusionCache\")) {\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/PE/library_FuzzySharp.4.sg", "content": "// Detect It Easy: detection rule file\n\n// Author: DosX\n// E-Mail: collab@kay-software.ru\n// GitHub: https://github.com/DosX-dev\n// Telegram: @DosX_dev\n\n// https://github.com/JakeBayer/FuzzySharp\nmeta(\"library\", \"FuzzySharp\");\n\nfunction detect() {\n if (PE.isNetObjectPresent(\"FuzzySharp\")) {\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/PE/library_GitLabApiClient.4.sg", "content": "// Detect It Easy: detection rule file\n\n// Author: DosX\n// E-Mail: collab@kay-software.ru\n// GitHub: https://github.com/DosX-dev\n// Telegram: @DosX_dev\n\n// https://github.com/nmklotas/GitLabApiClient\nmeta(\"library\", \"GitLabApiClient\");\n\nfunction detect() {\n if (PE.isNetObjectPresent(\"GitLabApiClient\")) {\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/PE/library_GoldSrc.3.sg", "content": "// Detect It Easy: detection rule file\n// Author: KDSS-Research\n\n// https://en.wikipedia.org/wiki/GoldSrc\nmeta(\"library\", \"GoldSrc\");\n\nfunction detect() {\n var dataSection = PE.section[\".data\"];\n\n if (dataSection) {\n if (PE.findString(dataSection.FileOffset, dataSection.FileSize, \"VENGINE_\") !== -1 &&\n PE.findString(dataSection.FileOffset, dataSection.FileSize, \"VFileSystem\") !== -1 &&\n PE.findString(dataSection.FileOffset, dataSection.FileSize, \"_API_VERSION\")) {\n bDetected = true;\n\n var apiVersion = PE.findString(dataSection.FileOffset, dataSection.FileSize, \"_API_VERSION\");\n\n sOptions = \"API v\" + PE.getString(apiVersion + 12, apiVersion + 3);\n }\n\n }\n\n return result();\n}" }, { "path": "db/PE/library_Google_APIs.4.sg", "content": "// Detect It Easy: detection rule file\n\n// Author: DosX\n// E-Mail: collab@kay-software.ru\n// GitHub: https://github.com/DosX-dev\n// Telegram: @DosX_dev\n\n// https://github.com/googleapis/google-api-dotnet-client\nmeta(\"library\", \"Google APIs\");\n\nfunction detect() {\n if (PE.isNetObjectPresent(\"Google.Apis\") || PE.isNetObjectPresent(\"Google.Apis.Auth\") || PE.isNetObjectPresent(\"Google.Apis.Core\")) {\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/PE/library_Google_ProtoBuf.4.sg", "content": "// Detect It Easy: detection rule file\n\n// Author: DosX\n// E-Mail: collab@kay-software.ru\n// GitHub: https://github.com/DosX-dev\n// Telegram: @DosX_dev\n\n// https://www.nuget.org/packages/LibNoise\nmeta(\"library\", \"Google ProtoBuf\");\n\nfunction detect() {\n if (PE.isNetObjectPresent(\"LibNoise\")) {\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/PE/library_Harmony.4.sg", "content": "// Detect It Easy: detection rule file\n\n// Author: DosX\n// E-Mail: collab@kay-software.ru\n// GitHub: https://github.com/DosX-dev\n// Telegram: @DosX_dev\n\n// https://github.com/pardeike/Harmony\nmeta(\"library\", \"Harmony\");\n\nfunction detect() {\n if (PE.isNetObjectPresent(\"0Harmony\")) {\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/PE/library_HtmlAgilityPack.4.sg", "content": "// Detect It Easy: detection rule file\n\n// Author: DosX\n// E-Mail: collab@kay-software.ru\n// GitHub: https://github.com/DosX-dev\n// Telegram: @DosX_dev\n\n// https://html-agility-pack.net/\nmeta(\"library\", \"Html Agility Pack\");\n\nfunction detect() {\n if (PE.isNetObjectPresent(\"HtmlAgilityPack\")) {\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/PE/library_Humanizer.4.sg", "content": "// Detect It Easy: detection rule file\n\n// Author: DosX\n// E-Mail: collab@kay-software.ru\n// GitHub: https://github.com/DosX-dev\n// Telegram: @DosX_dev\n\n// https://github.com/Humanizr/Humanizer\nmeta(\"library\", \"Humanizer\");\n\nfunction detect() {\n if (PE.isNetObjectPresent(\"Humanizer\")) {\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/PE/library_ImageSharp.4.sg", "content": "// Detect It Easy: detection rule file\n\n// Author: DosX\n// E-Mail: collab@kay-software.ru\n// GitHub: https://github.com/DosX-dev\n// Telegram: @DosX_dev\n\n// https://github.com/SixLabors/ImageSharp\nmeta(\"library\", \"ImageSharp\");\n\nfunction detect() {\n if (PE.isNetObjectPresent(\"SixLabors.ImageSharp\")) {\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/PE/library_Intel_IPP.4.sg", "content": "// Detect It Easy: detection rule file\n// Author: sendersu\n// If errors pls contact sendersu on cracklab.team\n\n// https://en.wikipedia.org/wiki/Integrated_Performance_Primitives\nmeta(\"library\", \"Intel IPP\");\n\nfunction detect() {\n if (PE.isSectionNamePresent(\"IPPCODE\") && PE.isSectionNamePresent(\"IPPDATA\")) {\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/PE/library_Intel_TBB.4.sg", "content": "// Detect It Easy: detection rule file\n\n// Author: DosX\n// E-Mail: collab@kay-software.ru\n// GitHub: https://github.com/DosX-dev\n// Telegram: @DosX_dev\n\n// https://ru.wikipedia.org/wiki/Intel_Threading_Building_Blocks\nmeta(\"library\", \"Intel TBB\");\n\nfunction detect() {\n if (PE.isLibraryPresent(\"tbb.dll\")) {\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/PE/library_Intel_XeSS.4.sg", "content": "// Detect It Easy: detection rule file\n\n// Author: DosX\n// E-Mail: collab@kay-software.ru\n// GitHub: https://github.com/DosX-dev\n// Telegram: @DosX_dev\n\n// https://www.intel.com/content/www/us/en/developer/topic-technology/gamedev/xess2.html\nmeta(\"library\", \"Intel XeSS\");\n\nfunction detect() {\n if (PE.isLibraryPresentExp(/(lib|ig)xess/)) {\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/PE/library_Irony.4.sg", "content": "// Detect It Easy: detection rule file\n\n// Author: DosX\n// E-Mail: collab@kay-software.ru\n// GitHub: https://github.com/DosX-dev\n// Telegram: @DosX_dev\n\n// https://github.com/daxnet/irony\nmeta(\"library\", \"Irony\");\n\nfunction detect() {\n if (PE.isNetObjectPresent(\"Irony\")) {\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/PE/library_LCL.5.sg", "content": "// Detect It Easy: detection rule file\r\n// Author: horsicq \r\n\r\nincludeScript(\"FPC\");\r\n\r\nmeta(\"library\", \"LCL\");\r\n\r\nfunction detect() {\r\n if (bFPC) {\r\n var verInfoOffset = PE.findSignature(PE.section[0].FileOffset, PE.isOverlayPresent() ? PE.getOverlayOffset() : PE.getSize(), \"'LCLVersion' ?? ?? %% '.' %%\");\r\n if (verInfoOffset != -1) {\r\n sVersion = PE.getString(verInfoOffset + 12);\r\n bDetected = true;\r\n }\r\n }\r\n\r\n return result();\r\n}\r\n" }, { "path": "db/PE/library_LINQKit.4.sg", "content": "// Detect It Easy: detection rule file\n\n// Author: DosX\n// E-Mail: collab@kay-software.ru\n// GitHub: https://github.com/DosX-dev\n// Telegram: @DosX_dev\n\n// https://github.com/scottksmith95/LINQKit\nmeta(\"library\", \"LINQKit\");\n\nfunction detect() {\n if (PE.isNetObjectPresent(\"LinqKit\")) {\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/PE/library_LZMA.4.sg", "content": "// Detect It Easy: detection rule file\n// Author: BJNFNE \n\n// https://en.wikipedia.org/wiki/LZMA\nmeta(\"library\", \"LZMA\");\n\nfunction detect() {\n if (PE.isLibraryPresentExp(/liblzma/i)) {\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/PE/library_LazyCache.4.sg", "content": "// Detect It Easy: detection rule file\n\n// Author: DosX\n// E-Mail: collab@kay-software.ru\n// GitHub: https://github.com/DosX-dev\n// Telegram: @DosX_dev\n\n// https://github.com/alastairtree/LazyCache\nmeta(\"library\", \"LazyCache\");\n\nfunction detect() {\n if (PE.isNetObjectPresent(\"LazyCache\")) {\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/PE/library_Lego1.4.sg", "content": "// Detect It Easy: detection rule file\n// Author: BJNFNE \n\n// https://www.legoisland.org/wiki/Local_Files\nmeta(\"library\", \"Lego1\");\n\nfunction detect() {\n if (PE.isLibraryPresent(\"Lego1.dll\")) {\n sVersion = \"release\";\n bDetected = true;\n } else if (PE.isLibraryPresent(\"Lego1d.dll\")) {\n sVersion = \"debug\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/PE/library_LibLog.4.sg", "content": "// Detect It Easy: detection rule file\n\n// Author: DosX\n// E-Mail: collab@kay-software.ru\n// GitHub: https://github.com/DosX-dev\n// Telegram: @DosX_dev\n\n// https://github.com/damianh/LibLog\nmeta(\"library\", \"LibLog\");\n\nfunction detect() {\n if (PE.isNetObjectPresent(\"LibLog\")) {\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/PE/library_LibNoise.4.sg", "content": "// Detect It Easy: detection rule file\n\n// Author: DosX\n// E-Mail: collab@kay-software.ru\n// GitHub: https://github.com/DosX-dev\n// Telegram: @DosX_dev\n\n// https://www.nuget.org/packages/LibNoise\nmeta(\"library\", \"MoLibNoise\");\n\nfunction detect() {\n if (PE.isNetObjectPresent(\"LibNoise\")) {\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/PE/library_LibPhoneNumber_NET.4.sg", "content": "// Detect It Easy: detection rule file\n\n// Author: DosX\n// E-Mail: collab@kay-software.ru\n// GitHub: https://github.com/DosX-dev\n// Telegram: @DosX_dev\n\n// https://github.com/twcclegg/libphonenumber-csharp\nmeta(\"library\", \"LibPhoneNumber.NET\");\n\nfunction detect() {\n if (PE.isNetObjectPresent(\"PhoneNumbers\")) {\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/PE/library_LibSassBuilder.4.sg", "content": "// Detect It Easy: detection rule file\n\n// Author: DosX\n// E-Mail: collab@kay-software.ru\n// GitHub: https://github.com/DosX-dev\n// Telegram: @DosX_dev\n\n// https://github.com/johan-v-r/LibSassBuilder\nmeta(\"library\", \"LibSassBuilder\");\n\nfunction detect() {\n if (PE.isNetObjectPresent(\"LibSassBuilder\")) {\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/PE/library_LibVLCSharp.4.sg", "content": "// Detect It Easy: detection rule file\n\n// Author: DosX\n// E-Mail: collab@kay-software.ru\n// GitHub: https://github.com/DosX-dev\n// Telegram: @DosX_dev\n\n// https://www.nuget.org/packages/LibVLCSharp\nmeta(\"library\", \"LibVLCSharp\");\n\nfunction detect() {\n if (PE.isNetObjectPresent(\"LibVLCSharp\") || PE.isNetObjectPresent(\"LibVLCSharp.Shared\")) {\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/PE/library_LiteDB.4.sg", "content": "// Detect It Easy: detection rule file\n\n// Author: DosX\n// E-Mail: collab@kay-software.ru\n// GitHub: https://github.com/DosX-dev\n// Telegram: @DosX_dev\n\n// https://github.com/mbdavid/litedb\nmeta(\"library\", \"LiteDB\");\n\nfunction detect() {\n if (PE.isNetObjectPresent(\"LiteDB\")) {\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/PE/library_LoadServ.4.sg", "content": "// Detect It Easy: detection rule file\n// Author: BJNFNE \n\n// https://wiki.scummvm.org/index.php?title=Gob/DEV6_Information\nmeta(\"library\", \"LoadServ\");\n\nfunction detect() {\n if (PE.isLibraryPresent(\"LoadServ.dll\")) {\n sOptions = \"DEV6\";\n sVersion = \"Adibou2\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/PE/library_Lua_Runtime.4.sg", "content": "// Detect It Easy: detection rule file\n\n// Author: DosX\n// E-Mail: collab@kay-software.ru\n// GitHub: https://github.com/DosX-dev\n// Telegram: @DosX_dev\n\nmeta(\"library\", \"Lua Runtime\");\n\nfunction detect() {\n if (PE.isLibraryPresentExp(/^lua5/i)) {\n sLang = \"Lua\";\n sVersion = \"5.X\";\n bDetected = true;\n } else if (PE.isExportFunctionPresentExp(/^lua(L)?_/)) {\n sOptions = \"static\"; // EAT\n bDetected = true;\n\n var rdataSection = PE.section[\".rdata\"];\n\n if (rdataSection) {\n var embeddedLuaVersion = PE.findSignature(rdataSection.FileOffset, rdataSection.FileSize, \"'Lua ' %% '.' %%\");\n\n if (embeddedLuaVersion !== -1) {\n sVersion = PE.getString(embeddedLuaVersion + 4, 3);\n }\n }\n }\n\n\n return result();\n}" }, { "path": "db/PE/library_MacroMix.4.sg", "content": "// Detect It Easy: detection rule file format\n// Author: BJNFNE \n// Rewritten by: DosX\n\n// https://wiki.scummvm.org/index.php/Director/Games\nmeta(\"library\", \"MacroMix\");\n\nfunction detect() {\n var macroMixSection = PE.section[\"MacroMix\"];\n\n if (macroMixSection && (macroMixSection.Characteristics & 0x60000020)) {\n sOptions = \"Director Engine\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/PE/library_MailKit.4.sg", "content": "// Detect It Easy: detection rule file\n\n// Author: DosX\n// E-Mail: collab@kay-software.ru\n// GitHub: https://github.com/DosX-dev\n// Telegram: @DosX_dev\n\n// https://github.com/jstedfast/MailKit\nmeta(\"library\", \"MailKit\");\n\nfunction detect() {\n if (PE.isNetObjectPresent(\"MailKit\")) {\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/PE/library_ManagedCuda.4.sg", "content": "// Detect It Easy: detection rule file\n\n// Author: DosX\n// E-Mail: collab@kay-software.ru\n// GitHub: https://github.com/DosX-dev\n// Telegram: @DosX_dev\n\n// https://github.com/kunzmi/managedCuda\nmeta(\"library\", \"ManagedCuda\");\n\nfunction detect() {\n if (PE.isNetObjectPresent(\"ManagedCuda\")) {\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/PE/library_Mapster.4.sg", "content": "// Detect It Easy: detection rule file\n\n// Author: DosX\n// E-Mail: collab@kay-software.ru\n// GitHub: https://github.com/DosX-dev\n// Telegram: @DosX_dev\n\n// https://github.com/MapsterMapper/Mapster\nmeta(\"library\", \"Mapster\");\n\nfunction detect() {\n if (PE.isNetObjectPresent(\"Mapster\")) {\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/PE/library_Markdig.4.sg", "content": "// Detect It Easy: detection rule file\n\n// Author: DosX\n// E-Mail: collab@kay-software.ru\n// GitHub: https://github.com/DosX-dev\n// Telegram: @DosX_dev\n\n// https://github.com/xoofx/markdig\nmeta(\"library\", \"Markdig\");\n\nfunction detect() {\n if (PE.isNetObjectPresent(\"Markdig\")) {\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/PE/library_MassTransit.4.sg", "content": "// Detect It Easy: detection rule file\n\n// Author: DosX\n// E-Mail: collab@kay-software.ru\n// GitHub: https://github.com/DosX-dev\n// Telegram: @DosX_dev\n\n// https://github.com/MassTransit/MassTransit\nmeta(\"library\", \"MassTransit\");\n\nfunction detect() {\n if (PE.isNetObjectPresent(\"MassTransit\")) {\n bDetected = true;\n }\n\n if (PE.isNetObjectPresent(\"MassTransit.AmazonSQS\")) {\n sVersion = \"AmazonSQS\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/PE/library_MediatR.4.sg", "content": "// Detect It Easy: detection rule file\n\n// Author: DosX\n// E-Mail: collab@kay-software.ru\n// GitHub: https://github.com/DosX-dev\n// Telegram: @DosX_dev\n\n// https://github.com/LuckyPennySoftware/MediatR\nmeta(\"library\", \"MediatR\");\n\nfunction detect() {\n if (PE.isNetObjectPresent(\"MediatR\")) {\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/PE/library_MemoryPack.4.sg", "content": "// Detect It Easy: detection rule file\n\n// Author: DosX\n// E-Mail: collab@kay-software.ru\n// GitHub: https://github.com/DosX-dev\n// Telegram: @DosX_dev\n\nmeta(\"library\", \"MemoryPack Serializer\");\n\nfunction detect() {\n if (PE.isNetObjectPresent(\"MemoryPack\") && PE.isNetObjectPresent(\"MemoryPack.Core\")) {\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/PE/library_MessagePack.4.sg", "content": "// Detect It Easy: detection rule file\n\n// Author: DosX\n// E-Mail: collab@kay-software.ru\n// GitHub: https://github.com/DosX-dev\n// Telegram: @DosX_dev\n\n// https://github.com/MessagePack-CSharp/MessagePack-CSharp\nmeta(\"library\", \"MessagePack Serializer\");\n\nfunction detect() {\n if (PE.isNetObjectPresent(\"MessagePack\")) {\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/PE/library_Microsoft_AzureSDK.4.sg", "content": "// Detect It Easy: detection rule file\n\n// Author: DosX\n// E-Mail: collab@kay-software.ru\n// GitHub: https://github.com/DosX-dev\n// Telegram: @DosX_dev\n\n// https://www.nuget.org/packages/Azure.Core\nmeta(\"library\", \"Microsoft Azure SDK\");\n\nfunction detect() {\n if (PE.isNetObjectPresent(\"Azure.Core\")) {\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/PE/library_Microsoft_Azure_SDK.4.sg", "content": "// Detect It Easy: detection rule file\n\n// Author: DosX\n// E-Mail: collab@kay-software.ru\n// GitHub: https://github.com/DosX-dev\n// Telegram: @DosX_dev\n\nmeta(\"library\", \"Microsoft Azure SDK\");\n\nfunction detect() {\n if (PE.isNetObjectPresent(\"Azure.Core\")) {\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/PE/library_Microsoft_C_Runtime.4.sg", "content": "// Detect It Easy: detection rule file\n\n// Author: DosX\n// E-Mail: collab@kay-software.ru\n// GitHub: https://github.com/DosX-dev\n// Telegram: @DosX_dev\n\nmeta(\"library\", \"Microsoft C/C++ Runtime\");\n\nfunction detect() {\n if (PE.isLibraryPresent(\"vcruntime140.dll\") ||\n PE.isLibraryPresent(\"vcruntime140_1.dll\")) {\n sOptions = \"dynamic\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/PE/library_Microsoft_Edge_WebView.4.sg", "content": "// Detect It Easy: detection rule file\n\n// Author: DosX\n// E-Mail: collab@kay-software.ru\n// GitHub: https://github.com/DosX-dev\n// Telegram: @DosX_dev\n\nmeta(\"library\", \"Microsoft Edge Chromium WebView\");\n\nfunction detect() {\n if (PE.isLibraryPresent(\"WebView2Loader.dll\") || PE.isLibraryPresent(\"msedge_elf.dll\")) {\n bDetected = true;\n } else if (PE.isNetObjectPresent(\"Microsoft.Web.WebView2\") || PE.isNetObjectPresent(\"Microsoft.Web.WebView2.WinForms\") || PE.isNetObjectPresent(\"Microsoft.Web.Wpf\")) {\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/PE/library_Microsoft_NET_Runtime.4.sg", "content": "// Detect It Easy: detection rule file\n\n// Author: DosX\n// E-Mail: collab@kay-software.ru\n// GitHub: https://github.com/DosX-dev\n// Telegram: @DosX_dev\n\nmeta(\"library\", \".NET Core runtime\");\n\nfunction detect() {\n if (PE.isLibraryPresent(\"coreclr.dll\")) {\n bDetected = true;\n sVersion = \"5.XX+\";\n }\n\n return result();\n}" }, { "path": "db/PE/library_Microsoft_OpenAPI.4.sg", "content": "// Detect It Easy: detection rule file\n\n// Author: DosX\n// E-Mail: collab@kay-software.ru\n// GitHub: https://github.com/DosX-dev\n// Telegram: @DosX_dev\n\n// https://github.com/Microsoft/OpenAPI.NET\nmeta(\"library\", \"Microsoft OpenAPI\");\n\nfunction detect() {\n if (PE.isNetObjectPresent(\"Microsoft.OpenApi\")) {\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/PE/library_MilesSoundSystem.4.sg", "content": "// Detect It Easy: detection rule file\n// Author: BJNFNE \n\n// https://www.radgametools.com/miles.htm\nmeta(\"library\", \"Miles Sound System\");\n\nfunction detect() {\n if (PE.isLibraryPresent(\"mss32.dll\")) {\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/PE/library_MimeKit.4.sg", "content": "// Detect It Easy: detection rule file\n\n// Author: DosX\n// E-Mail: collab@kay-software.ru\n// GitHub: https://github.com/DosX-dev\n// Telegram: @DosX_dev\n\n// https://github.com/jstedfast/MimeKit\nmeta(\"library\", \"MimeKit\");\n\nfunction detect() {\n if (PE.isNetObjectPresent(\"MimeKit\")) {\n if (PE.isNetObjectPresent(\"MimeKitLite\")) {\n sVersion = \"Lite\";\n }\n\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/PE/library_MongoDB.NET.4.sg", "content": "// Detect It Easy: detection rule file\n\n// Author: DosX\n// E-Mail: collab@kay-software.ru\n// GitHub: https://github.com/DosX-dev\n// Telegram: @DosX_dev\n\n// https://github.com/mongodb/mongo-csharp-driver\nmeta(\"library\", \"MongoDB.NET Driver\");\n\nfunction detect() {\n if (PE.isNetObjectPresent(\"MongoDB\") ||\n PE.isNetObjectPresent(\"MongoDB.Driver\") ||\n PE.isNetObjectPresent(\"MongoDB.Driver.Core\") ||\n PE.isNetObjectPresent(\"MongoDB.Analyzer\")) {\n bDetected = true;\n }\n\n if (PE.isNetObjectPresent(\"MongoDB.AspNetCore.OData\")) {\n sVersion = \"ASP.NET Core\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/PE/library_MonkeyCache.4.sg", "content": "// Detect It Easy: detection rule file\n\n// Author: DosX\n// E-Mail: collab@kay-software.ru\n// GitHub: https://github.com/DosX-dev\n// Telegram: @DosX_dev\n\n// https://github.com/jamesmontemagno/monkey-cache\nmeta(\"library\", \"MonkeyCache\");\n\nfunction detect() {\n if (PE.isNetObjectPresent(\"MonkeyCache\")) {\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/PE/library_Moq.4.sg", "content": "// Detect It Easy: detection rule file\n\n// Author: DosX\n// E-Mail: collab@kay-software.ru\n// GitHub: https://github.com/DosX-dev\n// Telegram: @DosX_dev\n\n// https://github.com/devlooped/moq\nmeta(\"library\", \"Moq\");\n\nfunction detect() {\n if (PE.isNetObjectPresent(\"Moq\") && PE.isNetObjectPresent(\"DownloadExists\")) {\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/PE/library_NJsonSchema.4.sg", "content": "// Detect It Easy: detection rule file\n\n// Author: DosX\n// E-Mail: collab@kay-software.ru\n// GitHub: https://github.com/DosX-dev\n// Telegram: @DosX_dev\n\n// https://github.com/RicoSuter/NJsonSchema\nmeta(\"library\", \"NJsonSchema\");\n\nfunction detect() {\n if (PE.isNetObjectPresent(\"NJsonSchema\")) {\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/PE/library_NSubstitute.4.sg", "content": "// Detect It Easy: detection rule file\n\n// Author: DosX\n// E-Mail: collab@kay-software.ru\n// GitHub: https://github.com/DosX-dev\n// Telegram: @DosX_dev\n\n// https://github.com/nsubstitute/NSubstitute\nmeta(\"library\", \"NSubstitute\");\n\nfunction detect() {\n if (PE.isNetObjectPresent(\"NSubstitute\")) {\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/PE/library_NUnit.4.sg", "content": "// Detect It Easy: detection rule file\n\n// Author: DosX\n// E-Mail: collab@kay-software.ru\n// GitHub: https://github.com/DosX-dev\n// Telegram: @DosX_dev\n\n// https://github.com/nunit/nunit\nmeta(\"library\", \"NUnit\");\n\nfunction detect() {\n if (PE.isNetObjectPresent(\"NUnit\") || PE.isNetObjectPresent(\"nunit.framework\")) {\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/PE/library_Nerdbank.Streams.4.sg", "content": "// Detect It Easy: detection rule file\n\n// Author: DosX\n// E-Mail: collab@kay-software.ru\n// GitHub: https://github.com/DosX-dev\n// Telegram: @DosX_dev\n\n// https://github.com/dotnet/Nerdbank.Streams\nmeta(\"library\", \"Nerdbank.Streams\");\n\nfunction detect() {\n if (PE.isNetObjectPresent(\"Nerdbank.Streams\")) {\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/PE/library_Newtonsoft.Json.4.sg", "content": "// Detect It Easy: detection rule file\n\n// Author: DosX\n// E-Mail: collab@kay-software.ru\n// GitHub: https://github.com/DosX-dev\n// Telegram: @DosX_dev\n\nmeta(\"library\", \"Newton Json\");\n\nfunction detect() {\n if (PE.isNetObjectPresent(\"Newtonsoft.Json\")) {\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/PE/library_Ninject.4.sg", "content": "// Detect It Easy: detection rule file\n\n// Author: DosX\n// E-Mail: collab@kay-software.ru\n// GitHub: https://github.com/DosX-dev\n// Telegram: @DosX_dev\n\n// http://www.ninject.org/\nmeta(\"library\", \"Ninject\");\n\nfunction detect() {\n if (PE.isNetObjectPresent(\"Ninject\")) {\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/PE/library_NodaTime.4.sg", "content": "// Detect It Easy: detection rule file\n\n// Author: DosX\n// E-Mail: collab@kay-software.ru\n// GitHub: https://github.com/DosX-dev\n// Telegram: @DosX_dev\n\n// https://github.com/nodatime/nodatime\nmeta(\"library\", \"NodaTime\");\n\nfunction detect() {\n if (PE.isNetObjectPresent(\"NodaTime\")) {\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/PE/library_Nvidia_DLSS.4.sg", "content": "// Detect It Easy: detection rule file\n\n// Author: DosX\n// E-Mail: collab@kay-software.ru\n// GitHub: https://github.com/DosX-dev\n// Telegram: @DosX_dev\n\n// https://www.nvidia.com/en-gb/geforce/technologies/dlss/\nmeta(\"library\", \"Nvidia DLSS\");\n\nfunction detect() {\n if (PE.isLibraryPresentExp(/^nvngx_dlss|\\.dlss(\\.|_)/i)) {\n bDetected = true;\n } else if (PE.isLibraryPresentExp(/^d3d/i) || PE.isLibraryPresentExp(/^physx/i)) {\n var rdataSection = PE.section[\".rdata\"];\n\n if (rdataSection && PE.isSignaturePresent(rdataSection.FileOffset, rdataSection.FileSize, \"%% 'DLSS' %%\")) {\n bDetected = true;\n }\n }\n\n return result();\n}" }, { "path": "db/PE/library_Nvidia_PhysX.4.sg", "content": "// Detect It Easy: detection rule file\n\n// Author: DosX\n// E-Mail: collab@kay-software.ru\n// GitHub: https://github.com/DosX-dev\n// Telegram: @DosX_dev\n\n// https://www.nvidia.com/en-gb/drivers/physx/physx-9-19-0218-driver/\nmeta(\"library\", \"Nvidia PhysX\");\n\nfunction detect() {\n if (PE.is64() && PE.section[\".rdata\"] && PE.isLibraryPresentExp(/^physx/i)) {\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/PE/library_Nvidia_Streamline.4.sg", "content": "// Detect It Easy: detection rule file\n\n// Author: DosX\n// E-Mail: collab@kay-software.ru\n// GitHub: https://github.com/DosX-dev\n// Telegram: @DosX_dev\n\n// https://developer.nvidia.com/rtx/streamline\nmeta(\"library\", \"Nvidia Streamline\");\n\nfunction detect() {\n if (PE.isLibraryPresent(\"sl.interposer.dll\")) {\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/PE/library_OodleCompression.4.sg", "content": "// Detect It Easy: detection rule file\n\n// Author: DosX\n// E-Mail: collab@kay-software.ru\n// GitHub: https://github.com/DosX-dev\n// Telegram: @DosX_dev\n\n// https://www.radgametools.com/oodle.htm\nmeta(\"library\", \"Oodle Compression\");\n\nfunction detect() {\n var oodleLibrary = PE.isLibraryPresentExp(/^oo2core_\\d{1,2}_win/i);\n\n if (oodleLibrary) {\n var version = String(oodleLibrary).split(\"_\")[1];\n\n if (version) {\n sVersion = version;\n }\n\n bDetected = true;\n } else if (PE.isExportFunctionPresentExp(/^OodleLZ/)) {\n sOptions = \"static\"; // EAT\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/PE/library_OpenAI.4.sg", "content": "// Detect It Easy: detection rule file\n\n// Author: DosX\n// E-Mail: collab@kay-software.ru\n// GitHub: https://github.com/DosX-dev\n// Telegram: @DosX_dev\n\nmeta(\"library\", \"OpenAI SDK\");\n\nfunction detect() {\n if (PE.isNetObjectPresent(\"OpenAI\")) {\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/PE/library_OpenAL.4.sg", "content": "// Detect It Easy: detection rule file\n\n// Author: DosX\n// E-Mail: collab@kay-software.ru\n// GitHub: https://github.com/DosX-dev\n// Telegram: @DosX_dev\n\nmeta(\"library\", \"OpenAL\");\n\nfunction detect() {\n if (PE.isLibraryPresentExp(/openal/i)) {\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/PE/library_OpenCL.4.sg", "content": "// Detect It Easy: detection rule file\n\n// Author: DosX\n// E-Mail: collab@kay-software.ru\n// GitHub: https://github.com/DosX-dev\n// Telegram: @DosX_dev\n\nmeta(\"library\", \"OpenCL\");\n\nfunction detect() {\n if (PE.isLibraryPresentExp(/opencl/i)) {\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/PE/library_OpenCV.4.sg", "content": "// Detect It Easy: detection rule file\n\n// Author: DosX\n// E-Mail: collab@kay-software.ru\n// GitHub: https://github.com/DosX-dev\n// Telegram: @DosX_dev\n\n// https://github.com/opencv/opencv\n// https://github.com/shimat/opencvsharp\nmeta(\"library\", \"OpenCV\");\n\nfunction detect() {\n if (PE.isNetObjectPresent(\"OpenCvSharp\")) {\n bDetected = true;\n } else if (PE.isLibraryPresentExp(/^opencv/i)) {\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/PE/library_OpenColorIO.4.sg", "content": "// Detect It Easy: detection rule file\n// Author: BJNFNE \n\n// https://opencolorio.org/\nmeta(\"library\", \"OpenColorIO\");\n\nfunction detect() {\n if (PE.isLibraryPresentExp(/^OpenColorIO/i)) {\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/PE/library_OpenGL.4.sg", "content": "// Detect It Easy: detection rule file\n\n// Author: DosX\n// E-Mail: collab@kay-software.ru\n// GitHub: https://github.com/DosX-dev\n// Telegram: @DosX_dev\n\nmeta(\"library\", \"OpenGL\");\n\nfunction detect() {\n if (PE.isLibraryPresentExp(/opengl/i)) {\n bDetected = true;\n } else if (PE.isExportFunctionPresentExp(/^ANGLE(GetDisplayPlatform|ResetDisplayPlatform)/)) {\n sVersion = \"ANGLE\";\n sOptions = \"static\"; // EAT\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/PE/library_OpenIddict.4.sg", "content": "// Detect It Easy: detection rule file\n\n// Author: DosX\n// E-Mail: collab@kay-software.ru\n// GitHub: https://github.com/DosX-dev\n// Telegram: @DosX_dev\n\n// https://openiddict.com/\nmeta(\"library\", \"OpenIddict\");\n\nfunction detect() {\n if (PE.isNetObjectPresent(\"OpenIddict.Client\") || PE.isNetObjectPresent(\"OpenIddict.Abstractions\")) {\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/PE/library_OpenSSL.4.sg", "content": "// Detect It Easy: detection rule file\n\n// Author: DosX\n// E-Mail: collab@kay-software.ru\n// GitHub: https://github.com/DosX-dev\n// Telegram: @DosX_dev\n\nmeta(\"library\", \"OpenSSL\");\n\nfunction detect() {\n if (PE.isLibraryPresentExp(/libssl|libcrypto/i)) {\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/PE/library_OpenTelemetry.4.sg", "content": "// Detect It Easy: detection rule file\n\n// Author: DosX\n// E-Mail: collab@kay-software.ru\n// GitHub: https://github.com/DosX-dev\n// Telegram: @DosX_dev\n\n// https://github.com/open-telemetry/opentelemetry-dotnet\nmeta(\"library\", \"OpenTelemetry\");\n\nfunction detect() {\n if (PE.isNetObjectPresent(\"OpenTelemetry\") || PE.isNetObjectPresent(\"OpenTelemetry.Api\")) {\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/PE/library_OpusAudio.4.sg", "content": "// Detect It Easy: detection rule file\n\n// Author: DosX\n// E-Mail: collab@kay-software.ru\n// GitHub: https://github.com/DosX-dev\n// Telegram: @DosX_dev\n\n// https://github.com/xiph/opus\nmeta(\"library\", \"Opus Audio\");\n\nfunction detect() {\n if (PE.isLibraryPresentExp(/^(opus(enc)?\\.)|(ms|lib)opus|bass(_)?opus/i)) {\n bDetected = true;\n } else if (PE.isExportFunctionPresentExp(/^opus_(de|en)code/)) {\n sOptions = \"static\"; // EAT\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/PE/library_PdfPig.4.sg", "content": "// Detect It Easy: detection rule file\n\n// Author: DosX\n// E-Mail: collab@kay-software.ru\n// GitHub: https://github.com/DosX-dev\n// Telegram: @DosX_dev\n\n// https://github.com/UglyToad/PdfPig\nmeta(\"library\", \"PdfPig\");\n\nfunction detect() {\n if (PE.isNetObjectPresent(\"UglyLoad.PdfPig\")) {\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/PE/library_Perfolizer.4.sg", "content": "// Detect It Easy: detection rule file\n\n// Author: DosX\n// E-Mail: collab@kay-software.ru\n// GitHub: https://github.com/DosX-dev\n// Telegram: @DosX_dev\n\n// https://github.com/AndreyAkinshin/perfolizer\nmeta(\"library\", \"Perfolizer\");\n\nfunction detect() {\n if (PE.isNetObjectPresent(\"Perfolizer\")) {\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/PE/library_Perl.3.sg", "content": "// Detect It Easy: detection rule file\n// Author: hbasrc \n\nmeta(\"library\", \"Perl5 xs\");\n\nfunction detect() {\n if (!PE.isDll()) return;\n\n var sLib = PE.isLibraryPresentExp(/perl(5)_?(\\d\\d*)/i);\n if (sLib) {\n bDetected = true;\n sVersion = sLib[1] + \".\" + sLib[2];\n\n sLang = \"Perl\";\n }\n\n if (PE.isExportFunctionPresentExp(\"Perl_sv_bless|perl_parse\")) {\n bDetected = true;\n sVersion = getPerlVersion();\n\n sLang = \"Perl\";\n\n return _setResult(\"library\", \"Perl Runtime\", sVersion, \"\");\n }\n\n return result();\n}\n\nfunction getPerlVersion() {\n const verSig = [\n \"'erl5' %% '.dll'\", // v5.X\n \"'erl5' %% %% '.dll'\", // v5.XX\n \"'erl5_' %% '.dll'\", // cygwin or msys\n \"'erl5_' %% %% '.dll'\"\n ];\n\n var nExp = PE.getExportSection(),\n sPLVersion = String(),\n nMinorVer = 0,\n nGot = -1;\n\n for (var i = 0; i < verSig.length; ++i) {\n nGot = PE.findSignature(PE.section[nExp].FileOffset, PE.getSize(), verSig[i]);\n if (nGot > -1) break;\n }\n\n if (nGot > 0) {\n var sRes = PE.getString(nGot, 12);\n\n sRes = sRes.match(/(5)_?(\\d\\d*)/);\n\n if (sRes) {\n sPLVersion = sRes[1] + \".\" + sRes[2];\n nMinorVer = Number(sRes[2]);\n } else {\n return sPLVersion;\n }\n\n // find 5.X.X or 5.XX.X\n var sSign = nMinorVer > 9 ? \"'5.' %% %% '.' %% \" : \"'5.' %% '.' %%\",\n patchVer = findPatchVersion(sSign);\n\n if (patchVer > 0) sPLVersion += \".\" + patchVer;\n }\n\n return sPLVersion;\n}\n\nfunction findPatchVersion(sSign) {\n var nOffset = 0,\n nSize = PE.getSize(),\n nPatchVer = 0,\n nGot = -1;\n\n // Traverse and find the max number\n while ((nGot = PE.findSignature(nOffset, nSize, sSign)) != -1) {\n var sRes = PE.getString(nGot, 12);\n nOffset = nGot + sRes.length;\n\n sRes = sRes.match(/5\\.\\d\\d*\\.(\\d\\d*)/);\n if (sRes && sRes[1] > nPatchVer) nPatchVer = sRes[1];\n }\n\n return nPatchVer;\n}" }, { "path": "db/PE/library_Plivo.4.sg", "content": "// Detect It Easy: detection rule file\n\n// Author: DosX\n// E-Mail: collab@kay-software.ru\n// GitHub: https://github.com/DosX-dev\n// Telegram: @DosX_dev\n\n// http://github.com/plivo/plivo-dotnet\nmeta(\"library\", \"Plivo\");\n\nfunction detect() {\n if (PE.isNetObjectPresent(\"Plivo\")) {\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/PE/library_Polly.4.sg", "content": "// Detect It Easy: detection rule file\n\n// Author: DosX\n// E-Mail: collab@kay-software.ru\n// GitHub: https://github.com/DosX-dev\n// Telegram: @DosX_dev\n\n// https://github.com/App-vNext/Polly\nmeta(\"library\", \"Polly\");\n\nfunction detect() {\n if (PE.isNetObjectPresent(\"Polly\") || PE.isNetObjectPresent(\"Polly.Core\")) {\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/PE/library_PortAudio.4.sg", "content": "// Detect It Easy: detection rule file\n// Author: BJNFNE \n\n// https://www.portaudio.com/\nmeta(\"library\", \"PortAudio\");\n\nfunction detect() {\n if (PE.isLibraryPresentExp(/^portaudio_x(86|64)/i)) {\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/PE/library_Python.4.sg", "content": "// Detect It Easy: detection rule file\r\n// Author: horsicq \r\n\r\nmeta(\"library\", \"Python\"); // !!!! 🐓🐓🐓🐓🐓 !!!!\r\n\r\nfunction detect() {\r\n var aPython = PE.isLibraryPresentExp(/^python(\\d)(\\d+)/i);\r\n if (aPython) {\r\n sVersion = aPython[1] + \".\" + aPython[2];\r\n bDetected = true;\r\n }\r\n\r\n var aPython2 = PE.isLibraryPresentExp(/^libpython(\\d.\\d)/i);\r\n if (aPython2) {\r\n sVersion = aPython2[1];\r\n bDetected = true;\r\n }\r\n\r\n sLang = \"Python\";\r\n sLangVersion = sVersion;\r\n\r\n return result();\r\n}\r\n" }, { "path": "db/PE/library_QMixer.4.sg", "content": "// Detect It Easy: detection rule file\n// Author: BJNFNE \n\n// https://www.ixbt.com/multimedia/3dsoundfaq.html\nmeta(\"library\", \"QMixer\");\n\nfunction detect() {\n if (PE.isLibraryPresent(\"QMDX.DLL\")) {\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/PE/library_Qt.4.sg", "content": "// Detect It Easy: detection rule file\r\n// Author: horsicq \r\n// coauthor: sendersu\r\n\r\nmeta(\"library\", \"Qt\");\r\n\r\nincludeScript(\"QtFramework\");\r\n\r\nfunction detect() {\r\n if (aQt) {\r\n sVersion = PE.getPEFileVersion(PE.getFileDirectory() + \"/\" + aQt[0]);\r\n if (!sVersion) {\r\n if (PE.getVersionStringInfo(\"ProductName\") == \"The Qt Company Ltd\" ||\r\n PE.getVersionStringInfo(\"ProductName\") == \"Qt5\") {\r\n sVersion = PE.getPEFileVersion(PE.getFileDirectory() + \"/\" + ownName); // Check Linux !!!\r\n }\r\n if (!sVersion)\r\n sVersion = (aQt[3] ? aQt[3] : aQt[1]) + \".X\";\r\n }\r\n if (aQt[2]) {\r\n sOptions = \"debug\";\r\n }\r\n bDetected = true;\r\n }\r\n\r\n if (!aQt && PE.section[\".rdata\"]) {\r\n if (PE.findString(PE.section[\".rdata\"].FileOffset, PE.section[\".rdata\"].FileSize, \"QWidget\") != -1) {\r\n sOptions = \"static\";\r\n bDetected = true;\r\n }\r\n }\r\n\r\n return result();\r\n}\r\n" }, { "path": "db/PE/library_RADVideoTools.4.sg", "content": "// Detect It Easy: detection rule file\n\n// Author: DosX\n// E-Mail: collab@kay-software.ru\n// GitHub: https://github.com/DosX-dev\n// Telegram: @DosX_dev\n\n// https://www.radgametools.com/bnkdown.htm\nmeta(\"library\", \"RAD Video Tools\");\n\nfunction detect() {\n if (PE.isLibraryPresentExp(/^(binkw|bink2|video_bink)/i)) {\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/PE/library_RNNoise.4.sg", "content": "// Detect It Easy: detection rule file\n\n// Author: DosX\n// E-Mail: collab@kay-software.ru\n// GitHub: https://github.com/DosX-dev\n// Telegram: @DosX_dev\n\n// https://github.com/xiph/rnnoise\nmeta(\"library\", \"RNNoise Noise Suppressor\");\n\nfunction detect() {\n if (PE.isLibraryPresentExp(/rnnoise/i) || PE.isFunctionPresent(\"rnnoise_init\")) {\n bDetected = true;\n } else if (PE.isExportFunctionPresentExp(/^rnnoise_/)) {\n sOptions = \"static\"; // EAT\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/PE/library_RabbitMQ.4.sg", "content": "// Detect It Easy: detection rule file\n\n// Author: DosX\n// E-Mail: collab@kay-software.ru\n// GitHub: https://github.com/DosX-dev\n// Telegram: @DosX_dev\n\n// https://github.com/rabbitmq/rabbitmq-dotnet-client\nmeta(\"library\", \"RabbitMQ\");\n\nfunction detect() {\n if (PE.isNetObjectPresent(\"RabbitMQ.Client\")) {\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/PE/library_RamlToOpenApiConverter.4.sg", "content": "// Detect It Easy: detection rule file\n\n// Author: DosX\n// E-Mail: collab@kay-software.ru\n// GitHub: https://github.com/DosX-dev\n// Telegram: @DosX_dev\n\n// https://github.com/StefH/RamlToOpenApiConverter\nmeta(\"library\", \"RamlToOpenApiConverter\");\n\nfunction detect() {\n if (PE.isNetObjectPresent(\"RamlToOpenApiConverter\")) {\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/PE/library_RestSharp.4.sg", "content": "// Detect It Easy: detection rule file\n\n// Author: DosX\n// E-Mail: collab@kay-software.ru\n// GitHub: https://github.com/DosX-dev\n// Telegram: @DosX_dev\n\n// https://github.com/restsharp/RestSharp\nmeta(\"library\", \"RestSharp HTTP\");\n\nfunction detect() {\n if (PE.isNetObjectPresent(\"RestSharp\")) {\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/PE/library_SDL.4.sg", "content": "// Detect It Easy: detection rule file\n\n// Author: DosX\n// E-Mail: collab@kay-software.ru\n// GitHub: https://github.com/DosX-dev\n// Telegram: @DosX_dev\n\n// https://github.com/libsdl-org/SDL\nmeta(\"library\", \"SDL\");\n\nfunction detect() {\n if (PE.isLibraryPresentExp(/^sdl2/i)) {\n sVersion = \"2\";\n } else if (PE.isLibraryPresentExp(/^sdl3/i)) {\n sVersion = \"3\";\n } else if (PE.isLibraryPresentExp(/^sdl/i)) {\n bDetected = true;\n }\n\n bDetected = bDetected || Boolean(sVersion);\n\n return result();\n}" }, { "path": "db/PE/library_ScePad.4.sg", "content": "// Detect It Easy: detection rule file\n\n// Author: DosX\n// E-Mail: collab@kay-software.ru\n// GitHub: https://github.com/DosX-dev\n// Telegram: @DosX_dev\n\nmeta(\"library\", \"PlayStation Controller SDK\");\n\nfunction detect() {\n if (PE.isLibraryPresentExp(/^libscepad/i)) {\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/PE/library_ScriptHookV.4.sg", "content": "// Detect It Easy: detection rule file\n\n// Author: DosX\n// E-Mail: collab@kay-software.ru\n// GitHub: https://github.com/DosX-dev\n// Telegram: @DosX_dev\n\n// https://www.dev-c.com/gtav/scripthookv/\nmeta(\"library\", \"ScriptHookV for GTA V\");\n\nfunction detect() {\n if (PE.isLibraryPresent(\"ScriptHookV.dll\")) {\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/PE/library_Scrutor.4.sg", "content": "// Detect It Easy: detection rule file\n\n// Author: DosX\n// E-Mail: collab@kay-software.ru\n// GitHub: https://github.com/DosX-dev\n// Telegram: @DosX_dev\n\n// https://github.com/khellang/Scrutor\nmeta(\"library\", \"Scrutor\");\n\nfunction detect() {\n if (PE.isNetObjectPresent(\"Scrutor\")) {\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/PE/library_SecretRabbitCode.4.sg", "content": "// Detect It Easy: detection rule file\n\n// Author: DosX\n// E-Mail: collab@kay-software.ru\n// GitHub: https://github.com/DosX-dev\n// Telegram: @DosX_dev\n\n// https://libsndfile.github.io/libsamplerate/\nmeta(\"library\", \"Secret Rabbit Code\");\n\nfunction detect() {\n if (PE.isLibraryPresentExp(/^libsamplerate/i) ||\n PE.isFunctionPresent(\"src_set_ratio\")) {\n bDetected = true;\n } else if (\n PE.isExportFunctionPresent(\"src_set_ratio\") ||\n PE.isExportFunctionPresent(\"src_simple\") ||\n PE.isExportFunctionPresent(\"src_is_valid_ratio\")) {\n sOptions = \"static\"; // EAT\n bDetected = true;\n }\n return result();\n}" }, { "path": "db/PE/library_Serilog.4.sg", "content": "// Detect It Easy: detection rule file\n\n// Author: DosX\n// E-Mail: collab@kay-software.ru\n// GitHub: https://github.com/DosX-dev\n// Telegram: @DosX_dev\n\nmeta(\"library\", \"Serilog\");\n\nfunction detect() {\n if (PE.isNetObjectPresent(\"Serilog\")) {\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/PE/library_SharpCompress.4.sg", "content": "// Detect It Easy: detection rule file\n\n// Author: DosX\n// E-Mail: collab@kay-software.ru\n// GitHub: https://github.com/DosX-dev\n// Telegram: @DosX_dev\n\n// https://github.com/adamhathcock/sharpcompress\nmeta(\"library\", \"SharpCompress\");\n\nfunction detect() {\n if (PE.isNetObjectPresent(\"SharpCompress\")) {\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/PE/library_SharpZipLib.4.sg", "content": "// Detect It Easy: detection rule file\n\n// Author: DosX\n// E-Mail: collab@kay-software.ru\n// GitHub: https://github.com/DosX-dev\n// Telegram: @DosX_dev\n\n// https://github.com/icsharpcode/SharpZipLib\nmeta(\"library\", \"SharpZipLib Compression\");\n\nfunction detect() {\n if (PE.isNetObjectPresent(\"SharpZipLib\")) {\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/PE/library_Sigil.4.sg", "content": "// Detect It Easy: detection rule file\n\n// Author: DosX\n// E-Mail: collab@kay-software.ru\n// GitHub: https://github.com/DosX-dev\n// Telegram: @DosX_dev\n\n// https://github.com/kevin-montrose/Sigil\nmeta(\"library\", \"Sigil Helper\");\n\nfunction detect() {\n if (PE.isNetObjectPresent(\"Sigil\")) {\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/PE/library_SkiaSharp.4.sg", "content": "// Detect It Easy: detection rule file\n\n// Author: DosX\n// E-Mail: collab@kay-software.ru\n// GitHub: https://github.com/DosX-dev\n// Telegram: @DosX_dev\n\n// https://github.com/mono/SkiaSharp (.NET)\nmeta(\"library\", \"SkiaSharp\");\n\nfunction detect() {\n if (PE.isNetObjectPresent(\"SkiaSharp\")) {\n sVersion = \"Mono-based\";\n bDetected = true;\n } else if (PE.isLibraryPresentExp(/^libskiasharp/i)) {\n sVersion = \"Native\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/PE/library_Smacker.4.sg", "content": "// Detect It Easy: detection rule file\n// Author: BJNFNE \n\n// https://wiki.multimedia.cx/index.php/RAD_Game_Tools_Smacker_API\nmeta(\"library\", \"RAD Game Tools Smacker API\");\n\nfunction detect() {\n if (PE.isLibraryPresent(\"smackw32.dll\")) {\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/PE/library_SmartHeap.4.sg", "content": "// Detect It Easy: detection rule file\n// Author: BJNFNE \n\n// https://www.xlsoft.com/en/products/microquill/smartheap.html\nmeta(\"library\", \"SmartHeap\");\n\nfunction detect() {\n if (PE.isLibraryPresent(\"SHW32.dll\")) {\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/PE/library_Snappier.4.sg", "content": "// Detect It Easy: detection rule file\n\n// Author: DosX\n// E-Mail: collab@kay-software.ru\n// GitHub: https://github.com/DosX-dev\n// Telegram: @DosX_dev\n\n// https://github.com/brantburnett/Snappier\nmeta(\"library\", \"Snappier Compression\");\n\nfunction detect() {\n if (PE.isNetObjectPresent(\"Snappier\")) {\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/PE/library_Spectre.Console.4.sg", "content": "// Detect It Easy: detection rule file\n\n// Author: DosX\n// E-Mail: collab@kay-software.ru\n// GitHub: https://github.com/DosX-dev\n// Telegram: @DosX_dev\n\n// https://github.com/spectreconsole/spectre.console\nmeta(\"library\", \"Spectre.Console\");\n\nfunction detect() {\n if (PE.isNetObjectPresent(\"Spectre.Console\")) {\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/PE/library_Stackify.4.sg", "content": "// Detect It Easy: detection rule file\n\n// Author: DosX\n// E-Mail: collab@kay-software.ru\n// GitHub: https://github.com/DosX-dev\n// Telegram: @DosX_dev\n\n// https://github.com/stackify/stackify-api-dotnet\nmeta(\"library\", \"Stackify\");\n\nfunction detect() {\n if (PE.isNetObjectPresent(\"StackifyLib\")) {\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/PE/library_Starkbank_ECDSA.4.sg", "content": "// Detect It Easy: detection rule file\n\n// Author: DosX\n// E-Mail: collab@kay-software.ru\n// GitHub: https://github.com/DosX-dev\n// Telegram: @DosX_dev\n\n// https://github.com/starkbank/ecdsa-dotnet\nmeta(\"library\", \"Starkbank ECDSA\");\n\nfunction detect() {\n if (PE.isNetObjectPresent(\"StarkbankEcdsa\")) {\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/PE/library_Steam.4.sg", "content": "// Detect It Easy: detection rule file\n\n// Author: DosX\n// E-Mail: collab@kay-software.ru\n// GitHub: https://github.com/DosX-dev\n// Telegram: @DosX_dev\n\nmeta(\"library\", \"Steam\");\n\nfunction detect() {\n if (PE.isLibraryPresentExp(/^steam/i)) {\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/PE/library_Swashbuckle.AspNetCore.4.sg", "content": "// Detect It Easy: detection rule file\n\n// Author: DosX\n// E-Mail: collab@kay-software.ru\n// GitHub: https://github.com/DosX-dev\n// Telegram: @DosX_dev\n\n// https://github.com/domaindrivendev/Swashbuckle.AspNetCore\nmeta(\"library\", \"Swashbuckle.AspNetCore\");\n\nfunction detect() {\n if (PE.isNetObjectPresent(\"Swashbuckle.Core\")) {\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/PE/library_TNTSI.4.sg", "content": "// Detect It Easy: detection rule file\n// Author: BJNFNE \n\n// https://otvet.mail.ru/question/64229866\nmeta(\"library\", \"TNTSI\");\n\nfunction detect() {\n if (PE.isLibraryPresent(\"TNTSI.dll\")) {\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/PE/library_Tabula.4.sg", "content": "// Detect It Easy: detection rule file\n\n// Author: DosX\n// E-Mail: collab@kay-software.ru\n// GitHub: https://github.com/DosX-dev\n// Telegram: @DosX_dev\n\n// https://github.com/BobLd/tabula-sharp\nmeta(\"library\", \"Tabula\");\n\nfunction detect() {\n if (PE.isNetObjectPresent(\"Tabula\")) {\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/PE/library_Telegram.Bot.4.sg", "content": "// Detect It Easy: detection rule file\n\n// Author: DosX\n// E-Mail: collab@kay-software.ru\n// GitHub: https://github.com/DosX-dev\n// Telegram: @DosX_dev\n\n// https://github.com/TelegramBots/Telegram.Bot\nmeta(\"library\", \"Telegram.Bot\");\n\nfunction detect() {\n if (PE.isNetObjectPresent(\"Telegram.Bot\")) {\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/PE/library_Twilio.4.sg", "content": "// Detect It Easy: detection rule file\n\n// Author: DosX\n// E-Mail: collab@kay-software.ru\n// GitHub: https://github.com/DosX-dev\n// Telegram: @DosX_dev\n\n// https://github.com/twilio/twilio-csharp\nmeta(\"library\", \"Twilio REST Helper\");\n\nfunction detect() {\n if (PE.isNetObjectPresent(\"Twilio\")) {\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/PE/library_Twilio_SendGrid.4.sg", "content": "// Detect It Easy: detection rule file\n\n// Author: DosX\n// E-Mail: collab@kay-software.ru\n// GitHub: https://github.com/DosX-dev\n// Telegram: @DosX_dev\n\n// https://github.com/sendgrid\nmeta(\"library\", \"Twilio SendGrid\");\n\nfunction detect() {\n if (PE.isNetObjectPresent(\"SendGrid\")) {\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/PE/library_UAParser.4.sg", "content": "// Detect It Easy: detection rule file\n\n// Author: DosX\n// E-Mail: collab@kay-software.ru\n// GitHub: https://github.com/DosX-dev\n// Telegram: @DosX_dev\n\n// https://github.com/ua-parser/uap-csharp\nmeta(\"library\", \"UAParser\");\n\nfunction detect() {\n if (PE.isNetObjectPresent(\"UAParser\")) {\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/PE/library_Unity.4.sg", "content": "// Detect It Easy: detection rule file\n\n// Author: DosX\n// E-Mail: collab@kay-software.ru\n// GitHub: https://github.com/DosX-dev\n// Telegram: @DosX_dev\n\nmeta(\"library\", \"Unity Engine\");\n\nfunction detect() {\n if (PE.isLibraryPresent(\"UnityPlayer.dll\") || PE.isExportFunctionPresent(\"UnityMain\")) {\n bDetected = true;\n }\n\n if (PE.isExportFunctionPresent(\"il2cpp_alloc\")) {\n sLang = \"Native MSIL/C#\";\n sOptions = \"IL2CPP\";\n bDetected = true;\n\n _setResult(\"compiler\", \"IL2CPP Technology\", String(), String());\n }\n\n return result();\n}" }, { "path": "db/PE/library_VFW.4.sg", "content": "// Detect It Easy: detection rule file\n// Author: BJNFNE \n\n// https://en.wikipedia.org/wiki/Video_for_Windows\nmeta(\"library\", \"Video for Windows (VFW)\");\n\nfunction detect() {\n if (PE.isLibraryPresent(\"MSVFW32.dll\")) {\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/PE/library_Vorbis.4.sg", "content": "// Detect It Easy: detection rule file\n// Author: BJNFNE \n// Rewritten by: DosX\n\n// https://en.wikipedia.org/wiki/Vorbis\nmeta(\"library\", \"Vorbis\");\n\nfunction detect() {\n if (PE.isLibraryPresentExp(/vorbis/i)) {\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/PE/library_Vulkan.4.sg", "content": "// Detect It Easy: detection rule file\n\n// Author: DosX\n// E-Mail: collab@kay-software.ru\n// GitHub: https://github.com/DosX-dev\n// Telegram: @DosX_dev\n\nmeta(\"library\", \"Vulkan\");\n\nfunction detect() {\n if (PE.isLibraryPresentExp(/[V|v]ulkan/i)) {\n bDetected = true;\n } else if (PE.isExportFunctionPresentExp(/VULKAN/)) {\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/PE/library_WF.Guna.UI2.4.sg", "content": "// Detect It Easy: detection rule file\n\n// Author: DosX\n// E-Mail: collab@kay-software.ru\n// GitHub: https://github.com/DosX-dev\n// Telegram: @DosX_dev\n\nmeta(\"library\", \"Guna UI\");\n\nfunction detect() {\n if (PE.isNetObjectPresent(\"Guna.UI2\") && PE.isNetObjectPresent(\"Guna.UI2.WinForms\")) {\n sVersion = \"2.0\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/PE/library_WF.Krypton.4.sg", "content": "// Detect It Easy: detection rule file\n\n// Author: DosX\n// E-Mail: collab@kay-software.ru\n// GitHub: https://github.com/DosX-dev\n// Telegram: @DosX_dev\n\nmeta(\"library\", \"Krypton UI\");\n\nfunction detect() {\n if (PE.isNetObjectPresent(\"ComponentFactory.Krypton.Toolkit\")) {\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/PE/library_WF.MetroFramework.4.sg", "content": "// Detect It Easy: detection rule file\n\n// Author: DosX\n// E-Mail: collab@kay-software.ru\n// GitHub: https://github.com/DosX-dev\n// Telegram: @DosX_dev\n\nmeta(\"library\", \"MetroFramework UI\");\n\nfunction detect() {\n if (PE.isNetObjectPresent(\"MetroFramework\")) {\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/PE/library_WF.ReaLTaiizor.4.sg", "content": "// Detect It Easy: detection rule file\n\n// Author: DosX\n// E-Mail: collab@kay-software.ru\n// GitHub: https://github.com/DosX-dev\n// Telegram: @DosX_dev\n\n// https://github.com/Taiizor/ReaLTaiizor\nmeta(\"library\", \"ReaLTaiizor UI\");\n\nfunction detect() {\n if (PE.isNetObjectPresent(\"ReaLTaiizor\")) {\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/PE/library_WF_WPF.MaterialSkin.4.sg", "content": "// Detect It Easy: detection rule file\n\n// Author: DosX\n// E-Mail: collab@kay-software.ru\n// GitHub: https://github.com/DosX-dev\n// Telegram: @DosX_dev\n\nmeta(\"library\", \"MaterialSkin UI\");\n\nfunction detect() {\n if (PE.isNetObjectPresent(\"MaterialSkin\")) {\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/PE/library_WPF.AvalonEdit.4.sg", "content": "// Detect It Easy: detection rule file\n\n// Author: DosX\n// E-Mail: collab@kay-software.ru\n// GitHub: https://github.com/DosX-dev\n// Telegram: @DosX_dev\n\n// https://github.com/icsharpcode/AvalonEdit\nmeta(\"library\", \"AvalonEdit\");\n\nfunction detect() {\n if (PE.isNetObjectPresent(\"AvalonEdit\")) {\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/PE/library_WPF.ControlzEx.4.sg", "content": "// Detect It Easy: detection rule file\n\n// Author: DosX\n// E-Mail: collab@kay-software.ru\n// GitHub: https://github.com/DosX-dev\n// Telegram: @DosX_dev\n\n// https://github.com/MahApps/MahApps.Metro\nmeta(\"library\", \"ControlzEx UI\");\n\nfunction detect() {\n if (PE.isNetObjectPresent(\"ControlzEx\")) {\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/PE/library_WPF.MahApps_Metro.4.sg", "content": "// Detect It Easy: detection rule file\n\n// Author: DosX\n// E-Mail: collab@kay-software.ru\n// GitHub: https://github.com/DosX-dev\n// Telegram: @DosX_dev\n\n// https://github.com/MahApps/MahApps.Metro\nmeta(\"library\", \"MahApps Metro UI\");\n\nfunction detect() {\n if (PE.isNetObjectPresent(\"MahApps.Metro\")) {\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/PE/library_WebActivatorEx.4.sg", "content": "// Detect It Easy: detection rule file\n\n// Author: DosX\n// E-Mail: collab@kay-software.ru\n// GitHub: https://github.com/DosX-dev\n// Telegram: @DosX_dev\n\n// https://github.com/davidebbo/WebActivator\nmeta(\"library\", \"WebActivator\");\n\nfunction detect() {\n if (PE.isNetObjectPresent(\"WebActivatorEx\")) {\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/PE/library_WinSparkle.4.sg", "content": "// Detect It Easy: detection rule file\n// Author: BJNFNE \n\n// https://github.com/vslavik/winsparkle\nmeta(\"library\", \"WinSparkle\");\n\nfunction detect() {\n if (PE.isLibraryPresent(\"WinSparkle.dll\")) {\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/PE/library_WwiseAudioEngine.4.sg", "content": "// Detect It Easy: detection rule file\n\n// Author: DosX\n// E-Mail: collab@kay-software.ru\n// GitHub: https://github.com/DosX-dev\n// Telegram: @DosX_dev\n\n// https://www.audiokinetic.com/en/wwise/overview/\nmeta(\"library\", \"Wwise Audio Engine\");\n\nfunction detect() {\n if (PE.isFunctionPresent(\"g_pAKPluginList\")) {\n bDetected = true;\n } else if (PE.isExportFunctionPresent(\"g_pAKPluginList\")) {\n sOptions = \"static\"; // EAT\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/PE/library_XLive.4.sg", "content": "// Detect It Easy: detection rule file\n// Author: BJNFNE \n\n// https://www.xbox.com/en-us/live\nmeta(\"library\", \"Xbox Live\");\n\nfunction detect() {\n if (PE.isLibraryPresent(\"xlive.dll\")) {\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/PE/library_XPatFC.4.sg", "content": "// Detect It Easy: detection rule file\n// Author: BJNFNE \n\n// https://landbeforetime.fandom.com/wiki/The_Land_Before_Time:_Kindergarten_Adventure\nmeta(\"library\", \"XPatFC\");\n\nfunction detect() {\n if (PE.isLibraryPresent(\"XpatFC.dll\")) {\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/PE/library_Xerces-CPP.4.sg", "content": "// Detect It Easy: detection rule file\n\n// Author: DosX\n// E-Mail: collab@kay-software.ru\n// GitHub: https://github.com/DosX-dev\n// Telegram: @DosX_dev\n\n// https://github.com/apache/xerces-c\nmeta(\"library\", \"Xerces-C++ XML Parser\");\n\nfunction detect() {\n if (PE.isLibraryPresentExp(/^xerces/i)) {\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/PE/library_Xojo.4.sg", "content": "// Detect It Easy: detection rule file\n// Author: Jupiter\n\n// https://www.xojo.com\nmeta(\"library\", \"Xojo\");\n\nfunction detect() {\n if (PE.section[\"xojoinit\"]) {\n // plugins\n if (PE.section[\"xojoplgn\"]) {\n sOptions = sOptions.append(\"plugins\");\n }\n\n // x64 | x86\n if (PE.isLibraryPresent(\"XojoGUIFramework64.dll\")) {\n sVersion = \"x64\";\n } else if (PE.isLibraryPresent(\"XojoGUIFramework32.dll\")) {\n sVersion = \"x86\";\n }\n //sVersion=\"2018r2\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/PE/library_YUICompressor_NET.4.sg", "content": "// Detect It Easy: detection rule file\n\n// Author: DosX\n// E-Mail: collab@kay-software.ru\n// GitHub: https://github.com/DosX-dev\n// Telegram: @DosX_dev\n\n// https://github.com/YUICompressor-NET/YUICompressor.NET\nmeta(\"library\", \"YUICompressor.NET\");\n\nfunction detect() {\n if (PE.isNetObjectPresent(\"Yahoo.Yui.Compressor\")) {\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/PE/library_YamlDotNet.4.sg", "content": "// Detect It Easy: detection rule file\n\n// Author: DosX\n// E-Mail: collab@kay-software.ru\n// GitHub: https://github.com/DosX-dev\n// Telegram: @DosX_dev\n\n// https://github.com/aaubry/YamlDotNet\nmeta(\"library\", \"YamlDotNet\");\n\nfunction detect() {\n if (PE.isNetObjectPresent(\"YamlDotNet\")) {\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/PE/library_ZstdSharp.4.sg", "content": "// Detect It Easy: detection rule file\n\n// Author: DosX\n// E-Mail: collab@kay-software.ru\n// GitHub: https://github.com/DosX-dev\n// Telegram: @DosX_dev\n\n// https://github.com/oleg-st/ZstdSharp\nmeta(\"library\", \"ZstdSharp\");\n\nfunction detect() {\n if (PE.isNetObjectPresent(\"ZstdSharp\")) {\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/PE/library_Zydis.4.sg", "content": "// Detect It Easy: detection rule file\n\n// Author: DosX\n// E-Mail: collab@kay-software.ru\n// GitHub: https://github.com/DosX-dev\n// Telegram: @DosX_dev\n\nmeta(\"library\", \"Zyan Disassembler\");\n\nfunction detect() {\n if (PE.isLibraryPresent(\"zydis.dll\")) {\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/PE/library_combres.4.sg", "content": "// Detect It Easy: detection rule file\n\n// Author: DosX\n// E-Mail: collab@kay-software.ru\n// GitHub: https://github.com/DosX-dev\n// Telegram: @DosX_dev\n\n// https://github.com/buunguyen/combres\nmeta(\"library\", \"Combres Optimizer\");\n\nfunction detect() {\n if (PE.isNetObjectPresent(\"Combres\")) {\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/PE/library_curl.4.sg", "content": "// Detect It Easy: detection rule file\n\n// Author: DosX\n// E-Mail: collab@kay-software.ru\n// GitHub: https://github.com/DosX-dev\n// Telegram: @DosX_dev\n\nmeta(\"library\", \"Curl\");\n\nfunction detect() {\n if (PE.isLibraryPresentExp(/libcurl/i)) {\n bDetected = true;\n } else if (PE.isExportFunctionPresentExp(/^curl_easy_/)) {\n sOptions = \"static\"; // EAT\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/PE/library_discord-rpc.4.sg", "content": "// Detect It Easy: detection rule file\n// Author: BJNFNE \n\n// https://github.com/discord/discord-rpc\nmeta(\"library\", \"Discord RPC\");\n\nfunction detect() {\n if (PE.isLibraryPresent(\"discord-rpc.dll\")) {\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/PE/library_dotless.4.sg", "content": "// Detect It Easy: detection rule file\n\n// Author: DosX\n// E-Mail: collab@kay-software.ru\n// GitHub: https://github.com/DosX-dev\n// Telegram: @DosX_dev\n\n// https://github.com/dotless/dotless\nmeta(\"library\", \"dotless\");\n\nfunction detect() {\n if (PE.isNetObjectPresent(\"dotless.Core\")) {\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/PE/library_expat_xml_parser.4.sg", "content": "// Detect It Easy: detection rule file\n\n// Author: DosX\n// E-Mail: collab@kay-software.ru\n// GitHub: https://github.com/DosX-dev\n// Telegram: @DosX_dev\n\n// https://libexpat.github.io/\nmeta(\"library\", \"Expat XML Parser\");\n\nfunction detect() {\n if (PE.isLibraryPresentExp(/^libexpat/i)) {\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/PE/library_gRPC_NET.4.sg", "content": "// Detect It Easy: detection rule file\n\n// Author: DosX\n// E-Mail: collab@kay-software.ru\n// GitHub: https://github.com/DosX-dev\n// Telegram: @DosX_dev\n\n// https://github.com/grpc/grpc-dotnet\nmeta(\"library\", \"gRPC.NET\");\n\nfunction detect() {\n if (PE.isNetObjectPresent(\"Grpc.Core.Api\")) {\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/PE/library_iMuse.4.sg", "content": "// Detect It Easy: detection rule file\n// Author: BJNFNE \n\n// https://wiki.scummvm.org/index.php/SCUMM/Technical_Reference/iMuse_data\nmeta(\"library\", \"iMuse\");\n\nfunction detect() {\n if (PE.isLibraryPresent(\"iMUSE.dll\")) {\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/PE/library_java.3.sg", "content": "// Detect It Easy: detection rule file\r\n// Author: horsicq \r\n\r\nmeta(\"library\", \"Java\");\r\n\r\nfunction detect() {\r\n if (PE.getOverlaySize() > 0x40) {\r\n if (PE.findString(PE.getOverlayOffset(), 0x40, \"META-INF/MANIFEST.MF\") != -1) {\r\n var nResSection = PE.getResourceSection();\r\n if (nResSection != -1) {\r\n if (PE.isSignatureInSectionPresent(nResSection, \"'Java Runtime Environment'\")) {\r\n bDetected = true;\r\n }\r\n }\r\n }\r\n }\r\n\r\n sLang = \"Java\";\r\n\r\n return result();\r\n}\r\n" }, { "path": "db/PE/library_libfvad.4.sg", "content": "// Detect It Easy: detection rule file\n\n// Author: DosX\n// E-Mail: collab@kay-software.ru\n// GitHub: https://github.com/DosX-dev\n// Telegram: @DosX_dev\n\n// https://github.com/dpirch/libfvad\nmeta(\"library\", \"libfvad\");\n\nfunction detect() {\n if (PE.isLibraryPresentExp(/fvad\\./i)) {\n bDetected = true;\n } else if (PE.isExportFunctionPresentExp(/^fvad_/)) {\n sOptions = \"static\"; // EAT\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/PE/library_libpng.4.sg", "content": "// Detect It Easy: detection rule file\n// Author: BJNFNE \n\n// http://www.libpng.org/\nmeta(\"library\", \"libpng\");\n\nfunction detect() {\n if (PE.isLibraryPresentExp(/^libpng/i)) {\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/PE/library_log4net.4.sg", "content": "// Detect It Easy: detection rule file\n\n// Author: DosX\n// E-Mail: collab@kay-software.ru\n// GitHub: https://github.com/DosX-dev\n// Telegram: @DosX_dev\n\n// https://github.com/apache/logging-log4net\nmeta(\"library\", \"log4net\");\n\nfunction detect() {\n if (PE.isNetObjectPresent(\"log4net\")) {\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/PE/library_lz4net.4.sg", "content": "// Detect It Easy: detection rule file\n\n// Author: DosX\n// E-Mail: collab@kay-software.ru\n// GitHub: https://github.com/DosX-dev\n// Telegram: @DosX_dev\n\n// https://github.com/MiloszKrajewski/lz4net\nmeta(\"library\", \"lz4net\");\n\nfunction detect() {\n if (PE.isNetObjectPresent(\"LZ4\")) {\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/PE/library_nClam.4.sg", "content": "// Detect It Easy: detection rule file\n\n// Author: DosX\n// E-Mail: collab@kay-software.ru\n// GitHub: https://github.com/DosX-dev\n// Telegram: @DosX_dev\n\n// https://github.com/tekmaven/nClam\nmeta(\"library\", \"nClam\");\n\nfunction detect() {\n if (PE.isNetObjectPresent(\"nClam\")) {\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/PE/library_rlottie.4.sg", "content": "// Detect It Easy: detection rule file\n\n// Author: DosX\n// E-Mail: collab@kay-software.ru\n// GitHub: https://github.com/DosX-dev\n// Telegram: @DosX_dev\n\n// https://github.com/Samsung/rlottie\nmeta(\"library\", \"rlottie\");\n\nfunction detect() {\n if (PE.isLibraryPresentExp(/^rlottie/i)) {\n bDetected = true;\n } else if (PE.isExportFunctionPresentExp(/^(\\?|_)+.{6,}rlottie/)) {\n sOptions = \"static\"; // EAT\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/PE/library_sqlite.4.sg", "content": "// Detect It Easy: detection rule file\n\n// Author: DosX\n// E-Mail: collab@kay-software.ru\n// GitHub: https://github.com/DosX-dev\n// Telegram: @DosX_dev\n\n// https://github.com/praeclarum/sqlite-net (.NET)\nmeta(\"library\", \"SQLite\");\n\nfunction detect() {\n var sLibrary = PE.isLibraryPresentExp(/sqlite\\d+/i);\n if (sLibrary) {\n var match = /sqlite(\\d+)/i.exec(sLibrary);\n\n if (match) {\n sVersion = match[1];\n }\n\n bDetected = true;\n } else {\n var sExportFunction = PE.isExportFunctionPresentExp(/sqlite\\d+/i);\n if (sExportFunction) {\n sOptions = \"static\"; // EAT\n\n var match = /sqlite(\\d+)/i.exec(sExportFunction);\n\n if (match) {\n sVersion = match[1];\n }\n\n bDetected = true;\n } else if (PE.isLibraryPresentExp(/sqlite|sqlmin|sqllang|sqltses|sqldk/i)) {\n bDetected = true;\n }\n }\n\n if (!bDetected && PE.isNet()) {\n if (PE.isNetObjectPresent(\"SQLite-net\")) {\n sName += \"-net\";\n bDetected = true;\n }\n }\n\n return result();\n}" }, { "path": "db/PE/library_wxWidgets.5.sg", "content": "// Detect It Easy: detection rule file\n// Author: Jason Hood \n\nmeta(\"library\", \"wxWidgets\");\n\nincludeScript(\"wxWidgets\");\n\nfunction detect() {\n if (aWx == 1) {\n sOptions = \"static\";\n bDetected = true;\n } else if (aWx) {\n sVersion = (aWx[2] / 10).toFixed(1);\n\n if (aWx[1]) {\n sOptions = \"universal\";\n }\n\n if (aWx[3]) {\n sOptions = sOptions.append(\"unicode\");\n }\n\n if (aWx[4]) {\n sOptions = sOptions.append(\"debug\");\n }\n\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/PE/library_xUnit.net.4.sg", "content": "// Detect It Easy: detection rule file\n\n// Author: DosX\n// E-Mail: collab@kay-software.ru\n// GitHub: https://github.com/DosX-dev\n// Telegram: @DosX_dev\n\n// https://github.com/xunit/xunit\nmeta(\"library\", \"xUnit.net\");\n\nfunction detect() {\n if (PE.isNetObjectPresent(\"xunit.core\") || PE.isNetObjectPresent(\"xunit.assert\") || PE.isNetObjectPresent(\"xunit.analyzers\")) {\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/PE/library_zlib.4.sg", "content": "// Detect It Easy: detection rule file\n\n// Author: DosX\n// E-Mail: collab@kay-software.ru\n// GitHub: https://github.com/DosX-dev\n// Telegram: @DosX_dev\n\nmeta(\"library\", \"zlib\");\n\nfunction detect() {\n if (PE.isLibraryPresentExp(/^zlib*/)) {\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/PE/linkers.6.sg", "content": "// Detect It Easy: detection rule file\r\n// Author: horsicq \r\n\r\nmeta(\"linker\");\r\n\r\nincludeScript(\"FASM\");\r\nincludeScript(\"RosASM\");\r\nincludeScript(\"SpASM\");\r\nincludeScript(\"FPC\");\r\n\r\nfunction detect() {\r\n sVersion = PE.getCompilerVersion();\r\n\r\n if (PE.compare(\"'MZ'90000300000004000000FFFF0000B800000000000000400000000000000000000000000000000000000000000000000000000000000000000000800000000E1FBA0E00B409CD21B8014CCD21'This program cannot be run in DOS mode.\\r\\r\\n$'0000000000000'PE'0000\")) {\r\n var nMajor = PE.getMajorLinkerVersion(),\r\n nMinor = PE.getMinorLinkerVersion();\r\n\r\n if (nMajor == 2) {\r\n if (nMinor == 55) {\r\n sName = \"LCC Linker\";\r\n sVersion += \"*\";\r\n sLang = \"C\";\r\n bDetected = true;\r\n } else if (nMinor <= 40 || nMinor == 56) {\r\n sName = \"GNU Linker ld (GNU Binutils)\";\r\n if (nMinor == 56) {\r\n sVersion += \"*\";\r\n }\r\n bDetected = true;\r\n } else if (nMinor == 50) {\r\n sName = \"Polink\";\r\n sVersion += \"*\";\r\n bDetected = true;\r\n }\r\n } else if (nMajor == 1) {\r\n if (nMinor == 3) {\r\n sName = \"LCC Linker\";\r\n bDetected = true;\r\n }\r\n }\r\n } else if (PE.compare(\"'This program must be run under Win'....0D0A24..00\", 0x50)) {\r\n sName = \"Turbo Linker\";\r\n if (sVersion == \"2.25\") {\r\n if (PE.isSectionNamePresent(\".tls\")) {\r\n sLang = \"Object Pascal (Delphi)\";\r\n }\r\n }\r\n bDetected = true;\r\n } else if (PE.compare(\"FB..'jr'\", 0x1e)) {\r\n sName = \"Turbo Linker\";\r\n sVersion = (PE.readByte(0x1f) / 16).toFixed(1);\r\n if (PE.compare(\"'32STUB'\", 0x200)) {\r\n sOptions = sOptions.append(\"RTM32\");\r\n }\r\n bDetected = true;\r\n } else if (PE.compare( /*[Tt]*/ \"'his is a Windows '\" /*(?:95|NT)*/, 0x4f)) {\r\n sName = \"Watcom Linker\";\r\n sVersion += \"*\";\r\n bDetected = true;\r\n } else if (PE.compare(\"'MZ'6c000100000002000000ffff000000000000110000004000000000000000'Win'....' Program!\\r\\n\\b409ba0001cd21b44ccd2160000000'GoLink, GoAsm www.GoDevTool.com'00\")) {\r\n sName = \"GoLink\";\r\n bDetected = true;\r\n }\r\n\r\n var nMajor = PE.getMajorLinkerVersion(),\r\n nMinor = PE.getMinorLinkerVersion();\r\n\r\n if (nMajor == 2 && nMinor == 18) {\r\n sName = \"Watcom Linker\";\r\n bDetected = true;\r\n } else if (nMajor == 2 && nMinor == 52) {\r\n sName = \"PowerBASIC Linker\";\r\n sLang = \"Basic\";\r\n bDetected = true;\r\n } else if (nMajor == 255 && nMinor == 255) {\r\n sName = \"IBM VisualAge\";\r\n bDetected = true;\r\n } else if (nMajor == 7 && nMinor == 32) {\r\n sName = \"Symantec C/C++\";\r\n sVersion = \"7.2\";\r\n bDetected = true;\r\n }\r\n // Correct version\r\n if (sName == \"Borland Linker\") {\r\n if (PE.getMajorLinkerVersion() > 15) {\r\n sVersion += \"*\";\r\n }\r\n }\r\n\r\n // Doesn't have a linker.\r\n if (bFASM || bRosASM || bSpASM || bFPC) {\r\n bDetected = false;\r\n }\r\n\r\n return result();\r\n}\r\n" }, { "path": "db/PE/marker_AMD_PowerXpress.5.sg", "content": "// Detect It Easy: detection rule file\n\n// Author: DosX\n// E-Mail: collab@kay-software.ru\n// GitHub: https://github.com/DosX-dev\n// Telegram: @DosX_dev\n\n// https://en.wikipedia.org/wiki/AMD_Hybrid_Graphics#PowerXpress\nmeta(\"marker\", \"AMD PowerXpress\");\n\nfunction detect() {\n if (PE.isExportFunctionPresent(\"AmdPowerXpressRequestHighPerformance\")) {\n bDetected = true;\n } else if (PE.isExportFunctionPresent(\"NoAmdPwrXpressRequestHighPerformance\")) {\n sOptions = \"Disabled\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/PE/marker_Nvidia_Optimus.5.sg", "content": "// Detect It Easy: detection rule file\n\n// Author: DosX\n// E-Mail: collab@kay-software.ru\n// GitHub: https://github.com/DosX-dev\n// Telegram: @DosX_dev\n\n// https://www.nvidia.com/en-us/geforce/technologies/optimus/technology/\nmeta(\"marker\", \"Nvidia Optimus\");\n\nfunction detect() {\n if (PE.isExportFunctionPresent(\"NvOptimusEnablement\")) {\n bDetected = true;\n } else if (PE.isExportFunctionPresent(\"NoNvOptimEnablement\")) {\n sOptions = \"Disabled\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/PE/native_only/about.txt", "content": "Scripts for Native files only will be located here (PE.isNet() == false)" }, { "path": "db/PE/other_Dolphin_VM.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\n// Executable made by Dolphin XP ToGo Application (Dolphin Smalltalk platform)\n\nmeta(\"other\", \"Dolphin Virtual Machine\");\n\nfunction detect() {\n if (PE.compareEP(\"558bec6a..68........68........64a1........50648925........83ec..5356578965..33db895d..6a..ff15\")) {\n if (PE.compareOverlay(\"'IST'00\")) {\n sVersion = \"5.0\";\n sOptions = \"2003 by Object Arts\";\n bDetected = true;\n }\n }\n\n return result();\n}" }, { "path": "db/PE/other_FileSplit_Self-Merger.2.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"other\", \"Partridgesoft FileSplit Self-Merger\");\n\nfunction detect() {\n if (PE.compareEP(\"56576a..ff15........8bf8ff15........8a088b35........80f9..75..50ffd68a0884c974..80f9..75..50ffd6\")) {\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/PE/other_GSplit.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"other\", \"GSplit Self-Uniting\");\n\nfunction detect() {\n if (PE.compareEP(\"558bec83c4..b8........e8$$$$$$$$538bd833c0a3........6a..e8........a3........a1........a3........33c0\")) {\n if (PE.getNumberOfResources() > 0) {\n nOffset = PE.getResourceNameOffset(\"ENG\"); {\n if (PE.compare(\"'GS'\", nOffset)) {\n sVersion = \"3.0\";\n bDetected = true;\n }\n }\n\n }\n }\n\n return result();\n}" }, { "path": "db/PE/packer_32LiTe.2.sg", "content": "// Detect It Easy: detection rule file\r\n// Author: horsicq \r\n\r\n// https://www.softpedia.com/get/Compression-tools/32LiTE.shtml\r\nmeta(\"packer\", \"32LiTe\");\r\n\r\nfunction detect() {\r\n if (PE.compareEP(\"6006FC1E07BE........6A0468........68\")) {\r\n sVersion = \"0.03a\";\r\n bDetected = true;\r\n }\r\n\r\n return result();\r\n}\r\n" }, { "path": "db/PE/packer_AHpacker.2.sg", "content": "// Detect It Easy: detection rule file\r\n// Author: horsicq \r\n\r\nmeta(\"packer\", \"AHpacker\");\r\n\r\nfunction detect() {\r\n const epackSectionName = \"!EPack\";\r\n\r\n if (PE.compareEP(\"6068........B8........FF1068........50B8........FF1068........6A40FFD08905\") &&\r\n PE.section[0].Name !== epackSectionName &&\r\n PE.section[PE.nLastSection].Name !== epackSectionName) {\r\n sVersion = \"0.1\";\r\n bDetected = true;\r\n }\r\n\r\n return result();\r\n}\r\n" }, { "path": "db/PE/packer_ANDpakk.2.sg", "content": "// Detect It Easy: detection rule file\r\n// Author: horsicq \r\n\r\nmeta(\"packer\", \"ANDpakk\");\r\n\r\nfunction detect() {\r\n if (PE.compareEP(\"60FCBED4004000BF001000015783CDFF33C9F9EB05A402DB75058A1E4612DB72F4\")) {\r\n sVersion = \"2.0.06\";\r\n bDetected = true;\r\n } else if (PE.getNumberOfSections() == 1 && PE.getNumberOfImports() == 1 && PE.getNumberOfImportThunks(0) == 2) {\r\n if (PE.section[0].Name == \"ANDpakk2\") {\r\n sVersion = \"2.X\";\r\n bDetected = true;\r\n }\r\n }\r\n\r\n return result();\r\n}\r\n" }, { "path": "db/PE/packer_ASDPack.2.sg", "content": "// Detect It Easy: detection rule file\r\n// Author: horsicq \r\n\r\nmeta(\"packer\", \"ASDPack\");\r\n\r\nfunction detect() {\r\n if (PE.compareEP(\"8B442404565753E8CD010000C30000000000000000000000000010000000\")) {\r\n sVersion = \"2.0\";\r\n bDetected = true;\r\n } else if (\r\n PE.getNumberOfImports() === 1 &&\r\n PE.getNumberOfSections() === 3 &&\r\n PE.getImportLibraryName(0) === \"Kernel32.dll\" &&\r\n PE.isImportPositionHashPresent(0, 0x3651f68d) // GetModuleHandleA\r\n ) {\r\n bDetected = true;\r\n }\r\n\r\n return result();\r\n}\r\n" }, { "path": "db/PE/packer_ASPack.2.sg", "content": "// Detect It Easy: detection rule file\r\n// Author: horsicq \r\n\r\n// http://www.aspack.com/\r\nmeta(\"packer\", \"ASPack\");\r\n\r\nfunction getASPackVersion(nOffset) {\r\n if (PE.compare(\"60E8000000005D81ED........B8........03C5\", nOffset)) {\r\n sVersion = \"1.00b-1.07b\";\r\n } else if (PE.compare(\"60EB..5DEB..FF..........E9\", nOffset)) {\r\n sVersion = \"1.08.00-1.08.02\";\r\n } else if (PE.compare(\"60E8000000005D............BB........03DD\", nOffset)) {\r\n sVersion = \"1.08.03\";\r\n } else if (PE.compare(\"60E8000000005D81ed........BB........01eb\", nOffset)) {\r\n sVersion = \"1.08.X\";\r\n sOptions = \"possibly\";\r\n } else if (PE.compare(\"60E841060000EB41\", nOffset)) {\r\n sVersion = \"1.08.04\";\r\n } else if (PE.compare(\"60EB..5DFFE5E8........81ED........BB........03DD2B9D\", nOffset)) {\r\n sVersion = \"1.08.X\";\r\n } else if (PE.compare(\"60E870050000EB4C\", nOffset)) {\r\n sVersion = \"2.000\";\r\n } else if (PE.compare(\"60E872050000EB4C\", nOffset)) {\r\n sVersion = \"2.001\";\r\n } else if (PE.compare(\"60E872050000EB3387DB9000\", nOffset)) {\r\n sVersion = \"2.1\";\r\n } else if (PE.compare(\"60E93D040000\", nOffset)) {\r\n sVersion = \"2.11\";\r\n } else if (PE.compare(\"60E802000000EB095D5581ED39394400C3E93D040000\", nOffset)) {\r\n sVersion = \"2.11b\";\r\n } else if (PE.compare(\"60E802000000EB095D5581ED39394400C3E959040000\", nOffset)) {\r\n sVersion = \"2.11c-2.11d\";\r\n } else if (PE.compare(\"60E802000000EB095D55\", nOffset)) {\r\n sVersion = \"2.11d\";\r\n } else if (PE.compare(\"60E803000000E9EB045D4555C3E801\", nOffset)) {\r\n sVersion = \"2.12-2.42\";\r\n } else if (PE.compare(\"9060E8$$$$$$$$5D4555C3\", nOffset)) {\r\n sVersion = \"2.12b\";\r\n } else if (PE.compare(\"60e8$$$$$$$$8b2c2481ed........c3\", nOffset)) {\r\n sVersion = \"2.1X-2.39\";\r\n } else if (PE.compare(\"9060e8$$$$$$$$8b2c2481ed........c3\", nOffset)) {\r\n sVersion = \"2.1X-2.39\";\r\n } else {\r\n return false;\r\n }\r\n\r\n return true;\r\n}\r\n\r\nfunction detect() {\r\n var nOffset = PE.getEntryPointOffset();\r\n if (nOffset != -1) {\r\n if (!getASPackVersion(nOffset)) {\r\n if (PE.compareEP(\"7500E9\")) {\r\n nOffset += 3;\r\n bDetected = true;\r\n } else if (PE.compareEP(\"907500E9\")) {\r\n nOffset += 4;\r\n bDetected = true;\r\n } else if (PE.compareEP(\"90907500E9\")) {\r\n nOffset += 5;\r\n bDetected = true;\r\n } else if (PE.compareEP(\"90750190E9\")) {\r\n nOffset += 5;\r\n bDetected = true;\r\n } else if (PE.compareEP(\"907501FFE9\")) {\r\n nOffset += 5;\r\n bDetected = true;\r\n } else if (PE.compareEP(\"9090907500E9\")) {\r\n nOffset += 6;\r\n bDetected = true;\r\n } else if (PE.compareEP(\"9090750190E9\")) {\r\n nOffset += 6;\r\n bDetected = true;\r\n } else if (PE.compareEP(\"909090750190E9\")) {\r\n nOffset += 7;\r\n bDetected = true;\r\n }\r\n if (bDetected) {\r\n // Can't simply adjust the offset, as the destination may be in a different section.\r\n nOffset = PE.RVAToOffset(PE.OffsetToRVA(nOffset) + 4 + ~~PE.readDword(nOffset));\r\n bDetected = getASPackVersion(nOffset);\r\n }\r\n } else {\r\n bDetected = true;\r\n }\r\n }\r\n\r\n if (!bDetected) {\r\n if (PE.section[\".aspack\"] && PE.section[\".adata\"]) {\r\n sVersion = \"2.12-2.XX\";\r\n bDetected = true;\r\n }\r\n }\r\n\r\n return result();\r\n}\r\n" }, { "path": "db/PE/packer_Advanced_BAT_to_EXE_Converter.2.sg", "content": "// Detect It Easy: detection rule file\n// Author: A.S.L. 2018\n\n// https://www.battoexeconverter.com/\nmeta(\"packer\", \"Advanced BAT to EXE Converter\");\n\nfunction detect() {\n if (PE.compareEP(\"558BEC6AFF68\") && PE.compareOverlay(\"..02020202363A38393a\")) {\n sVersion = \"2.X-4.X\";\n bDetected = true;\n }\n\n sLang = \"Batch\";\n\n return result();\n}" }, { "path": "db/PE/packer_AlushPacker.2.sg", "content": "// Detect It Easy: detection rule file\n\n// Author: DosX\n// E-Mail: collab@kay-software.ru\n// GitHub: https://github.com/DosX-dev\n// Telegram: @DosX_dev\n\n// https://github.com/Alon-Alush/AlushPacker\nmeta(\"packer\", \"AlushPacker\");\n\nfunction detect() {\n if (PE.getNumberOfImports() > 2 &&\n PE.isRichSignaturePresent() &&\n PE.isLibraryPresentExp(/vcruntime140/i) && (\n PE.getImportFunctionName(0, 0) === \"VirtualProtect\" &&\n PE.getImportFunctionName(0, 1) === \"GetCurrentProcess\" &&\n PE.getImportFunctionName(0, 2) === \"GetModuleHandleA\" &&\n PE.getImportFunctionName(0, 3) === \"MultiByteToWideChar\" &&\n PE.getImportFunctionName(0, 4) === \"FlushInstructionCache\"\n )) {\n var packedLatestSection = PE.section[\".packed\"];\n\n if (!packedLatestSection) {\n packedLatestSection = PE.section[PE.getNumberOfSections() - 1];\n sOptions = \"modified\";\n }\n\n if (PE.compare(\"00 ** ?? 00\", packedLatestSection.FileOffset)) {\n bDetected = true;\n }\n\n }\n\n return result();\n}" }, { "path": "db/PE/packer_Anskya_NTPacker_Generator.2.sg", "content": "// Detect It Easy: detection rule file\r\n// Author: horsicq \r\n\r\nmeta(\"packer\", \"Anskya NTPacker Generator\");\r\n\r\nfunction detect() {\r\n if (PE.compareEP(\"558BEC83C4F053B8881D0010E8C7FAFFFF6A0A68201E0010A11431001050\")) {\r\n bDetected = true;\r\n }\r\n\r\n return result();\r\n}\r\n" }, { "path": "db/PE/packer_AtomPePacker.2.sg", "content": "// Detect It Easy: detection rule file\n\n// Author: DosX\n// E-Mail: collab@kay-software.ru\n// GitHub: https://github.com/DosX-dev\n// Telegram: @DosX_dev\n\n// https://web.archive.org/web/20221012050538/https://github.com/ORCx41/AtomPePacker\nmeta(\"packer\", \"AtomPePacker\");\n\nfunction detect() {\n if (PE.is64() && PE.compareEP(\"4053574883EC**65488B1C25........FF15**......BA........41B8........488BC8\")) {\n sOptions = PE.isSectionNamePresent(\".ATOM\") ? \"x64 stub\" : \"modified\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/PE/packer_BatToExe.2.sg", "content": "// Detect It Easy: detection rule file\r\n// Author: horsicq \r\n\r\nmeta(\"packer\", \"Bat To Exe\");\r\n\r\nfunction detect() { // Fatih Kodak\r\n if (PE.compareEP(\"68........68........68........e8........83c4..68........e8........a3........68........68........68........e8........a3\")) {\r\n for (var i = 0; i < PE.getNumberOfResources() && !bDetected; i++) {\r\n if (PE.resource[i].Type == \"RT_RCDATA\") {\r\n bDetected = PE.compare(\"78 9c 63 60 18 05 23 19 00 00 02 00 00 01\", PE.resource[i].Offset);\r\n }\r\n }\r\n }\r\n\r\n sLang = \"Batch\";\r\n\r\n return result();\r\n}\r\n" }, { "path": "db/PE/packer_BatToExeConverter.2.sg", "content": "// Detect It Easy: detection rule file\n\n// Author: DosX\n// E-Mail: collab@kay-software.ru\n// GitHub: https://github.com/DosX-dev\n// Telegram: @DosX_dev\n\nmeta(\"packer\", \"Bat To Exe Converter\");\n\nfunction detect() {\n if ((\n PE.isImportPositionHashPresent(0, 0x72a2ca64) ||\n PE.isImportPositionHashPresent(0, 0x2afcef3f)\n ) && PE.compareEP(PE.is64() ?\n \"48 83 EC .. 49 C7 C0 .. .. .. .. 48 31 D2 48 B9 .. .. .. .. .. .. .. .. E8 .. .. .. .. 48 31 C9 E8 .. .. .. .. 48 89 05 .. .. .. ..\" : // 64 bit\n \"68 .. .. .. .. 68 .. .. .. .. 68 .. .. .. .. E8 .. .. .. .. 83 C4 .. 68 .. .. .. .. E8 .. .. .. .. A3 .. .. .. ..\")) { // 32 bit\n bDetected = true;\n }\n\n sLang = \"Batch\";\n\n return result();\n}" }, { "path": "db/PE/packer_BeRoEXEPacker.2.sg", "content": "// Detect It Easy: detection rule file\r\n// Author: horsicq \r\n\r\n// https://blog.rosseaux.net/page/875fbe6549aa072b5ee0ac9cefff4827/BeRoEXEPacker\r\nmeta(\"packer\", \"BeRoEXEPacker\");\r\n\r\nfunction detect() {\r\n var nEP = PE.compareEP(\"837C2408010F85\") ? 11 : 0;\r\n if (PE.compareEP(\"60BE........BF........FCB28033DBA4B302E8\", nEP)) {\r\n sVersion = \"1.00\";\r\n sOptions = \"LZBRR\";\r\n } else if (PE.compareEP(\"60BE........BF........FCAD8D1C07B0803BFB733BE8\", nEP)) {\r\n sVersion = \"1.00\";\r\n sOptions = \"LZBRS\";\r\n } else if (PE.compareEP(\"6068........68........68........E8........BE........B9\")) {\r\n sVersion = \"1.00\";\r\n sOptions = \"LZMA\";\r\n } else if (PE.compareEP(\"BA........8DB2........8B46..85C0745103C28B7E..8B1E85DB75028BDF03DA03FA525750FF15\")) {\r\n sVersion = \"1.00\";\r\n } else if (PE.compareEP(\"6068........68......0068........e8..040000..................00\")) {\r\n sVersion = \"1.00\";\r\n sOptions = \"LZMA\";\r\n } else if (PE.compareEP(\"60e8000000005e81c6....0000bf........6081ec0804000089e357fc31c0b4\")) {\r\n sVersion = \"1.00\";\r\n sOptions = \"CTX1\";\r\n } else if (PE.compareEP(\"60c8940c0060fcbe........ad8945fc33c0f7d08945f8f7d0b408b923030000\")) {\r\n sVersion = \"1.00\";\r\n sOptions = \"LZBRA\";\r\n } else if (PE.compare(\"52c3'(C)BeRo!PE'0000\", 2)) {\r\n bDetected = true;\r\n }\r\n\r\n bDetected = bDetected || Boolean(sVersion) || Boolean(sOptions);\r\n\r\n return result();\r\n}\r\n" }, { "path": "db/PE/packer_BoxedApp.2.sg", "content": "// Detect It Easy: detection rule file\n\n// Author: DosX\n// E-Mail: collab@kay-software.ru\n// GitHub: https://github.com/DosX-dev\n// Telegram: @DosX_dev\n\n// https://www.boxedapp.com/\nmeta(\"packer\", \"BoxedApp\");\n\nfunction detect() {\n if (PE.isTLSPresent()) {\n const boxedAppSection = PE.section[\".bxpck\"];\n\n if (boxedAppSection && PE.getNumberOfSections() > 2) {\n\n const mainSection = PE.section[boxedAppSection.Number + 1];\n\n if (mainSection && mainSection.Name === \".main\") {\n bDetected = true;\n }\n }\n\n if (!bDetected && PE.getNumberOfImports() === 2 && PE.compareEP(\"C200000000000000000000000000000000\")) {\n sOptions = \"modified\";\n bDetected = true;\n }\n\n if (bDetected && boxedAppSection && PE.isSignatureInSectionPresent(boxedAppSection.Number, \"2000640065006D006F0020\")) {\n sVersion = \"demo\";\n }\n }\n\n return result();\n}" }, { "path": "db/PE/packer_CExe.2.sg", "content": "// Detect It Easy: detection rule file\r\n// Author: horsicq \r\n\r\n// https://compression.ru/arctest/self/cexe.htm\r\nmeta(\"packer\", \"CExe\");\r\n\r\nfunction detect() {\r\n if (PE.compareEP(\"558BEC81EC0C02....56BE........8D85F8FEFFFF56506A..FF15........8A8DF8FEFFFF33D284C98D85F8FEFFFF7416\")) {\r\n sVersion = \"1.0a\";\r\n bDetected = true;\r\n }\r\n\r\n return result();\r\n}\r\n" }, { "path": "db/PE/packer_CICompress.2.sg", "content": "// Detect It Easy: detection rule file\r\n// Author: horsicq \r\n\r\nmeta(\"packer\", \"CICompress\");\r\n\r\nfunction detect() {\r\n if (PE.compareEP(\"6A046800100000FF35........6A00FF15........A3........97BE........E8710000003B05\")) {\r\n sVersion = \"1.0\";\r\n bDetected = true;\r\n }\r\n\r\n return result();\r\n}\r\n" }, { "path": "db/PE/packer_Cxfreeze.2.sg", "content": "// Detect It Easy: detection rule file\r\n// Author: horsicq \r\n// Made by KDSS-Research \r\n\r\n// Rewritten by: DosX\r\n\r\nmeta(\"packer\", \"CX_Freeze\");\r\n\r\nfunction detect() {\r\n var rdataSection = PE.section[\".rdata\"];\r\n\r\n if (rdataSection) {\r\n\r\n bDetected = (PE.findString(rdataSection.FileOffset, rdataSection.FileSize, \"Unable to change DLL search path!\") !== -1 &&\r\n PE.isSignaturePresent(rdataSection.FileOffset, rdataSection.FileSize, \"25006C0073005C006C00690062005C006C006900620072006100720079002E007A00690070003B0025006C0073005C006C0069006200\") &&\r\n PE.findString(rdataSection.FileOffset, rdataSection.FileSize, \"Out of memory creating sys.path!\") !== -1 &&\r\n PE.findString(rdataSection.FileOffset, rdataSection.FileSize, \"Unable to calculate directory of executable!\") !== -1);\r\n\r\n }\r\n\r\n sLang = \"Python\";\r\n\r\n return result();\r\n}\r\n" }, { "path": "db/PE/packer_DxPack.2.sg", "content": "// Detect It Easy: detection rule file\r\n// Author: horsicq \r\n\r\nmeta(\"packer\", \"DxPack\");\r\n\r\nfunction detect() {\r\n if (PE.compareEP(\"60E8........5D8BFD81ED........2BB9........81EF........83BD..........0F84\")) {\r\n switch (PE.readByte(PE.getEntryPointOffset() + 32)) {\r\n case 0xB9: sVersion = \"1.0\"; break;\r\n case 0xBD: sVersion = \"0.86\"; break;\r\n }\r\n bDetected = true;\r\n } else if (PE.compareEP(\"EB03C20C00558BEC81EC00100000B80000....B900100000BA0000....89\")) {\r\n sVersion = \"1.0\";\r\n bDetected = true;\r\n }\r\n\r\n var coderpubSection = PE.section[\"coderpub\"];\r\n\r\n if (bDetected && !coderpubSection) {\r\n sOptions = \"modified\";\r\n } else if (!bDetected && coderpubSection) {\r\n if (PE.compareEP(\"558BEC\") || PE.compareEP(\"880D........CC\")) {\r\n bDetected = true;\r\n }\r\n }\r\n\r\n return result();\r\n}\r\n" }, { "path": "db/PE/packer_EXE32Pack.2.sg", "content": "// Detect It Easy: detection rule file\r\n// Author: horsicq \r\n\r\n// https://exe32pack.apponic.com/\r\nmeta(\"packer\", \"Exe32Pack\");\r\n\r\nfunction detect() {\r\n if (PE.compareEP(\"3BC074028183553BC074028183533BC97401BC563BD27402818557E8000000003BDB7401BE5D8BD581ED\")) {\r\n sVersion = \"1.4X\";\r\n bDetected = true;\r\n }\r\n\r\n return result();\r\n}\r\n" }, { "path": "db/PE/packer_ExE_Pack.2.sg", "content": "// Detect It Easy: detection rule file\r\n// Author: horsicq \r\n\r\nmeta(\"packer\", \"ExE Pack\");\r\n\r\nfunction detect() {\r\n if (PE.compareEP(\"6068........B8........FF1068........50B8........FF1068........6A40FFD08905\")) {\r\n if (PE.section[0].Name == \"!EPack\") {\r\n sVersion = \"1.0-1.2\";\r\n bDetected = true;\r\n }\r\n } else if (PE.compareEP(\"9090909061B8........FFE0558BEC60558B75088B7D0CE802000000EB048B1C24C381C3\")) {\r\n sVersion = \"1.4 lite final\";\r\n bDetected = true;\r\n } else if (PE.compareEP(\"33C08BC068........68........E8\")) {\r\n sVersion = \"1.4 lite final\";\r\n bDetected = true;\r\n } else if (PE.section[PE.nLastSection].Name == \".!ep\") {\r\n sVersion = \"1.4\";\r\n bDetected = true;\r\n }\r\n\r\n return result();\r\n}\r\n" }, { "path": "db/PE/packer_FSG.2.sg", "content": "// Detect It Easy: detection rule file\r\n// Author: horsicq \r\n\r\nmeta(\"packer\", \"FSG\");\r\n\r\nfunction detect() {\r\n if (PE.compareEP(\"BE........BF........BB........53BB........B280\")) {\r\n sVersion = \"1.31\";\r\n } else if (PE.compareEP(\"BB........BF........BE........53E80A00000002D275058A164612D2\")) {\r\n sVersion = \"1.0\";\r\n } else if (PE.compareEP(\"BB........BF........BE........FCB2808A064688074702D275058A16\")) {\r\n sVersion = \"1.1\";\r\n } else if (PE.compareEP(\"EB02CD2003..8D..80....00..................EB02\")) {\r\n sVersion = \"1.10\";\r\n sOptions = \"Watcom C/C++ EXE\";\r\n } else if (PE.compareEP(\"80E9A1C1C11368E4167546C1C1055EEB019D6864863746EB028CE05FF7D0\")) {\r\n sVersion = \"1.10\";\r\n sOptions = \"WinRAR-SFX\";\r\n } else if (PE.compareEP(\"EB0102EB02CD20B8........EB0155BEF400000013DF13D80FB638D1F3F7\")) {\r\n sVersion = \"1.10\";\r\n sOptions = \"WinRAR-SFX\";\r\n } else if (PE.compareEP(\"EB02CD202BC868........EB021EBB5EEB02CD2068B12B6E37405B0FB6C9\")) {\r\n sVersion = \"1.10\";\r\n sOptions = \"Borland C++ 1999\";\r\n } else if (PE.compareEP(\"23CAEB025A0DE8020000006A3558C1C910BE........0FB6C9EB02CD20BB\")) {\r\n sVersion = \"1.10\";\r\n sOptions = \"Borland C++\";\r\n } else if (PE.compareEP(\"2BC2E802000000954A598D3D52F12AE8C1C81CBE2E....18EB02ABA003F7\")) {\r\n sVersion = \"1.10\";\r\n sOptions = \"Borland Delphi/Borland C++\";\r\n } else if (PE.compareEP(\"EB012EEB02A555BB........87FE8D05AACEE063EB0175BA5ECEE063EB02\")) {\r\n sVersion = \"1.10\";\r\n sOptions = \"Borland Delphi/Borland C++\";\r\n } else if (PE.compareEP(\"EB02CD20EB02CD20EB02CD20C1E618BB........EB0282B8EB01108D05F4\")) {\r\n sVersion = \"1.10\";\r\n sOptions = \"Borland Delphi/Microsoft Visual C++/ASM\";\r\n } else if (PE.compareEP(\"C1C810EB010FBF03746677C1E91D6883....77EB02CD205EEB02CD202BF7\")) {\r\n sVersion = \"1.10\";\r\n sOptions = \"Borland Delphi/Microsoft Visual C++\";\r\n } else if (PE.compareEP(\"1BDBE8020000001A0D5B68........E801000000EA5A58EB02CD2068F400\")) {\r\n sVersion = \"1.10\";\r\n sOptions = \"Borland Delphi/Microsoft Visual C++\";\r\n } else if (PE.compareEP(\"EB0156E802000000B2D9596880..4100E8020000006532595EEB02CD20BB\")) {\r\n sVersion = \"1.10\";\r\n sOptions = \"Borland Delphi 2.0\";\r\n } else if (PE.compareEP(\"F7D80FBEC2BE........0FBEC9BF083B6507EB02D829BBECC59AF8EB0194\")) {\r\n sVersion = \"1.10\";\r\n sOptions = \"MASM32/TASM32/Microsoft Visual Basic\";\r\n } else if (PE.compareEP(\"03F723FE33FBEB02CD20BB........EB0186EB0190B8F400000083EE052B\")) {\r\n sVersion = \"1.10\";\r\n sOptions = \"MASM32/TASM32\";\r\n } else if (PE.compareEP(\"EB01DBE80200000086435E8D1DD075CF83C1EE1D6850..8F83EB023D0F5A\")) {\r\n sVersion = \"1.10\";\r\n sOptions = \"MASM32\";\r\n } else if (PE.compareEP(\"EB0209940FB7FF68........81F68E0000005BEB0211C28D05F400000047\")) {\r\n sVersion = \"1.10\";\r\n sOptions = \"Microsoft Visual Basic/MASM32\";\r\n } else if (PE.compareEP(\"C1CB10EB010FB90374F6EE0FB6D38D0583....EF80F3F62BC1EB01DE6877\")) {\r\n sVersion = \"1.10\";\r\n sOptions = \"Microsoft Visual Basic 5.0/6.0\";\r\n } else if (PE.compareEP(\"2C711BCAEB012AEB01658D3580....0080C98480C968BBF4000000EB01EB\")) {\r\n sVersion = \"1.10\";\r\n sOptions = \"Microsoft Visual C++ 4.X/LCC Win32 1.X\";\r\n } else if (PE.compareEP(\"33D20FBED2EB01C7EB01D88D0580......EB02CD20EB01F8BEF4000000EB\")) {\r\n sVersion = \"1.10\";\r\n sOptions = \"Microsoft Visual C++ 5.0/6.0\";\r\n } else if (PE.compareEP(\"E8010000005A5EE802000000BADD5E03F2EB0164BB........8BFAEB01A8\")) {\r\n sVersion = \"1.10\";\r\n sOptions = \"Microsoft Visual C++ 6.0/7.0/ASM\";\r\n } else if (PE.compareEP(\"0BD08BDAE80200000040A05AEB019DB8........EB02CD2003D38D35F400\")) {\r\n sVersion = \"1.10\";\r\n sOptions = \"Microsoft Visual C++ 6.0/7.0\";\r\n } else if (PE.compareEP(\"87FEE80200000098CC5FBB80....00EB02CD2068F4000000E801000000E3\")) {\r\n sVersion = \"1.10\";\r\n sOptions = \"Microsoft Visual C++ 6.0/7.0\";\r\n } else if (PE.compareEP(\"F7D84049EB02E00A8D3580......0FB6C2EB019C8D1DF4000000EB013C80\")) {\r\n sVersion = \"1.10\";\r\n sOptions = \"Microsoft Visual C++ 6.0/7.0\";\r\n } else if (PE.compareEP(\"F7DB80EABFB92F4067BAEB010168AF..A7BA80EA9D58C1C2092BC18BD768\")) {\r\n sVersion = \"1.10\";\r\n sOptions = \"Microsoft Visual C++ 6.0/7.0\";\r\n } else if (PE.compareEP(\"F7D0EB02CD20BEBB741CFBEB02CD20BF3B....FBC1C10333F7EB02CD2068\")) {\r\n sVersion = \"1.10\";\r\n sOptions = \"Microsoft Visual C++ 6.0/ASM\";\r\n } else if (PE.compareEP(\"03DEEB01F8B8........EB02CD206817A0B3ABEB01E8590FB6DB680BA1B3\")) {\r\n sVersion = \"1.10\";\r\n sOptions = \"Microsoft Visual C++ 6.0\";\r\n } else if (PE.compareEP(\"91EB02CD20BF50BC046F91BED0....6FEB02CD202BF7EB02F0468D1DF400\")) {\r\n sVersion = \"1.10\";\r\n sOptions = \"Microsoft Visual C++ 6.0\";\r\n } else if (PE.compareEP(\"C1CE10C1F60F68........2BFA5B23F98D15........E801000000B65E0B\")) {\r\n sVersion = \"1.10\";\r\n sOptions = \"Microsoft Visual C++ 6.0\";\r\n } else if (PE.compareEP(\"E8010000000E59E8010000005858BE........EB0261E968F4000000C1C8\")) {\r\n sVersion = \"1.10\";\r\n sOptions = \"Microsoft Visual C++ 6.0\";\r\n } else if (PE.compareEP(\"EB014D83F64C68........EB02CD205BEB012368481C2B3AE80200000038\")) {\r\n sVersion = \"1.10\";\r\n sOptions = \"Microsoft Visual C++ 6.0\";\r\n } else if (PE.compareEP(\"EB02AB35EB02B5C68D05........C1C211BEF4000000F7DBF7DB0FBE38E8\")) {\r\n sVersion = \"1.10\";\r\n sOptions = \"Microsoft Visual C++ 6.0\";\r\n } else if (PE.compareEP(\"EB02CD20..CF....80....00................00\")) {\r\n sVersion = \"1.10\";\r\n sOptions = \"Microsoft Visual C++ 6.0\";\r\n } else if (PE.compareEP(\"C1F007EB02CD20BE........1BC68D1DF40000000FB606EB02CD208A160F\")) {\r\n sVersion = \"1.20\";\r\n sOptions = \"Borland C++\";\r\n } else if (PE.compareEP(\"0FBEC1EB010E8D35C3BEB622F7D16843....22EB02B5155FC1F11533F780\")) {\r\n sVersion = \"1.20\";\r\n sOptions = \"Borland Delphi/Borland C++\";\r\n } else if (PE.compareEP(\"0FB6D0E8010000000C5AB8........EB0200DE8D35F4000000F7D2EB020E\")) {\r\n sVersion = \"1.20\";\r\n sOptions = \"Borland Delphi/Microsoft Visual C++\";\r\n } else if (PE.compareEP(\"33C22CFB8D3D7E45B480E8020000008A45586802..8C7FEB02CD205E80C9\")) {\r\n sVersion = \"1.20\";\r\n sOptions = \"MASM32/TASM32\";\r\n } else if (PE.compareEP(\"EB02CD20EB01918D35........33C26883937E7D0CA45B23C36877937E7D\")) {\r\n sVersion = \"1.20\";\r\n sOptions = \"Microsoft Visual C++ 6.0/7.0\";\r\n } else if (PE.compareEP(\"C1E006EB02CD20EB0127EB0124BE........49EB01998D1DF4000000EB01\")) {\r\n sVersion = \"1.20\";\r\n sOptions = \"Microsoft Visual C++ 6.0\";\r\n } else if (PE.compareEP(\"BB........BF........BE........53BB........B280A4B680FFD373F9\")) {\r\n sVersion = \"1.31\";\r\n } else if (PE.compareEP(\"BE........AD93AD97AD5696B280A4B680FF1373\")) {\r\n sVersion = \"1.33\";\r\n } else if (PE.compareEP(\"BE........AD97AD569683CD..EB\")) {\r\n sVersion = \"1.3.3\";\r\n } else if (PE.compareEP(\"8725........619455A4B6..FF13\")) {\r\n sVersion = \"2.0\";\r\n }\r\n\r\n bDetected = bDetected || Boolean(sVersion);\r\n\r\n return result();\r\n}\r\n" }, { "path": "db/PE/packer_Fatpack.2.sg", "content": "// Detect It Easy: detection rule file\n\n// Author: DosX\n// E-Mail: collab@kay-software.ru\n// GitHub: https://github.com/DosX-dev\n// Telegram: @DosX_dev\n\n// https://github.com/Fatmike-GH/Fatpack\nmeta(\"packer\", \"Fatpack\");\n\nfunction detect() {\n if (!PE.isNet() && PE.is64() && PE.isTLSPresent()) {\n if (PE.getNumberOfImports() === 1 && PE.isImportPositionHashPresent(0, 0x74244911)) {\n bDetected = true;\n\n if (PE.getNumberOfSections() === 6 && PE.getNumberOfResources() > 0) {\n sOptions = \"resources payload\";\n\n if (!PE.isResourceNamePresent(\"FPACK\")) {\n sOptions = sOptions.append(\"modified\");\n }\n } else if (PE.getNumberOfSections() === 5) {\n sOptions = \"section payload\";\n\n if (PE.section[PE.nLastSection].Name !== \".fpack \") {\n sOptions = sOptions.append(\"modified\");\n }\n } else {\n sVersion = \"custom\";\n }\n }\n }\n\n return result();\n}" }, { "path": "db/PE/packer_HTML_executable.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"packer\", \"HTML Executable\");\n\nfunction detect() {\n if (PE.compareEP(\"558bec83c4..b8........e8$$$$$$$$538bd833c0a3........6a..e8........a3\")) {\n if (PE.compareOverlay(\"'GHE32'\")) {\n bDetected = true;\n }\n } else if (PE.compareEP(\"558becb9........6a..6a..4975..535657b8........e8$$$$$$$$538bd833c0a3........6a..e8........a3\")) {\n if (PE.compareOverlay(\"'HEEG'\")) {\n bDetected = true;\n }\n }\n\n sLang = \"HTML\";\n\n return result();\n}" }, { "path": "db/PE/packer_JDPack.2.sg", "content": "// Detect It Easy: detection rule file\r\n// Author: horsicq \r\n\r\nmeta(\"packer\", \"JDPack\");\r\n\r\nfunction detect() {\r\n if (PE.compareEP(\"60E8000000005D8BD581ED........2B95........81EA06......8995........83BD\")) {\r\n sVersion = \"1.01\";\r\n bDetected = true;\r\n } else if (PE.compareEP(\"558BEC6AFF68........68........64A1000000005064892500000000......E801000000\")) {\r\n sVersion = \"2.00\";\r\n bDetected = true;\r\n }\r\n\r\n return result();\r\n}\r\n" }, { "path": "db/PE/packer_KByS.2.sg", "content": "// Detect It Easy: detection rule file\r\n// Author: horsicq \r\n\r\nmeta(\"packer\", \"KByS\");\r\n\r\nfunction detect() {\r\n if (PE.compareEP(\"60E8000000005E83EE0A8B0603C28B08894EF383EE0F56528BF0ADAD03C28BD86A04BF00100000\")) {\r\n sVersion = \"0.28b\";\r\n bDetected = true;\r\n } else if (PE.compareEP(\"68........E801000000C3C3608B7424248B7C2428FCB28033DBA4\")) {\r\n sVersion = \"0.28\";\r\n bDetected = true;\r\n } else if (PE.compareEP(\"B8........BA........03C2FFE0........60E800000000\")) {\r\n sVersion = \"0.28\";\r\n bDetected = true;\r\n } else if (PE.compareEP(\"68........90b8........c3608b7424..8b7c24\")) {\r\n sVersion = \"0.28b\";\r\n bDetected = true;\r\n }\r\n\r\n return result();\r\n}\r\n" }, { "path": "db/PE/packer_MEW.2.sg", "content": "// Detect It Easy: detection rule file\r\n// Author: horsicq \r\n\r\nmeta(\"packer\", \"MEW\");\r\n\r\nfunction detect() {\r\n if (PE.compareEP(\"33C0e9$$$$$$$$be........ac91ad95ad92ad515687f297fcb2..33dba4b3..ff55\")) {\r\n sVersion = \"1.0\";\r\n bDetected = true;\r\n } else if (PE.compareEP(\"E9........000000020000000C\")) {\r\n sVersion = \"SE 1.0\";\r\n bDetected = true;\r\n } else if (PE.compareEP(\"E9......FF0C\")) {\r\n sVersion = \"SE 1.1-1.2\";\r\n bDetected = true;\r\n } else if (PE.compareEP(\"e9$$$$$$$$be........8bdeadad50ad97b2\")) {\r\n sVersion = \"SE 1.1-1.2\";\r\n bDetected = true;\r\n } else if (PE.compareEP(\"BE5B00....AD91AD9353AD96565FACC0C0\")) {\r\n bDetected = true;\r\n } else if (PE.compareEP(\"2BC0E9D090FFFF6AE0E8382B23700EA31C504018186824511007E565F8E8AF7022DD15D8023B558B00EC535756817D0C1060\")) {\r\n sVersion = \"10 1.0\";\r\n bDetected = true;\r\n }\r\n\r\n return result();\r\n}\r\n" }, { "path": "db/PE/packer_MPRESS.2.sg", "content": "// Detect It Easy: detection rule file\n// Author: ajax, adoxa\n// History:\n// 13:37 05.02.2013 create (ajax)\n// 2014-05-10 rewrite (adoxa)\n\nmeta(\"packer\", \"MPRESS\");\n\nfunction detect() {\n var nSig = PE.getString(0x2e, 13);\n switch (nSig) {\n case \"It's .NET EXE\":\n case \"Win32 .EXE.\\r\\n\":\n case \"Win64 .EXE.\\r\\n\":\n case \"Win32 .DLL.\\r\\n\":\n case \"Win64 .DLL.\\r\\n\":\n var nOffset = PE.findString(0x1f0, 16, \"v\");\n\n if (nOffset != -1) {\n sVersion = PE.getString(nOffset + 1, 0x1ff - nOffset);\n }\n\n bDetected = true;\n break;\n default:\n sOptions = \"modified\";\n }\n\n if (!bDetected && !PE.isNet()) {\n if (PE.compareEP(\"575653515255e8$$$$$$$$e8$$$$$$$$5805........8b3003f02bc08bfe66adc1e0..8bc8ad2bc803f18bc8498a4439..74..880431eb\")) {\n sVersion = \"0.71-0.75\";\n bDetected = true;\n } else if (PE.compareEP(\"60e8$$$$$$$$e8$$$$$$$$5805........8b3003f02bc08bfe66adc1e0..8bc8ad2bc803f18bc8498a4439..74..880431eb\")) {\n sVersion = \"0.77\";\n bDetected = true;\n } else if (PE.compareEP(\"60e8$$$$$$$$5805........8b3003f02bc08bfe66adc1e0..8bc850ad2bc803f18bc857498a4439..74..880431eb\")) {\n sVersion = \"0.85-0.97\";\n bDetected = true;\n } else if (PE.compareEP(\"60e8$$$$$$$$5805........8b3003f02bc08bfe66adc1e0..8bc850ad2bc803f18bc85751498a4439..74..880431eb\")) {\n sVersion = \"1.27\";\n bDetected = true;\n } else if (PE.compareEP(\"60e8$$$$$$$$5805........8b3003f02bc08bfe66adc1e0..8bc850ad2bc803f18bc85751498a4439..88043175\")) {\n sVersion = \"2.01-2.12\";\n bDetected = true;\n }\n\n if (PE.is64()) {\n if (PE.compareEP(\"57565351524150e8$$$$$$$$488d05........488b304803f0482bc0488bfe66adc1e0..488bc8ad2bc84803f18bc8ffc98a4439..74..880431eb\")) {\n sVersion = \"0.71-0.92\";\n bDetected = true;\n } else if (PE.compareEP(\"57565351524150488d05........488b304803f0482bc0488bfe66adc1e0..488bc850ad2bc84803f18bc857ffc98a4439..74..880431eb\")) {\n sVersion = \"0.97\";\n bDetected = true;\n } else if (PE.compareEP(\"57565351524150488d05........488b304803f0482bc0488bfe66adc1e0..488bc850ad2bc84803f18bc857448bc1ffc98a4439..88043175\")) {\n sVersion = \"1.27-2.12\";\n bDetected = true;\n }\n }\n }\n\n return result();\n}" }, { "path": "db/PE/packer_MoleBox.2.sg", "content": "// Detect It Easy: detection rule file\r\n// Author: horsicq \r\n\r\nmeta(\"packer\", \"MoleBox\");\r\n\r\nfunction detect() {\r\n if (PE.compareEP(\"e80000000060e8$$$$$$$$e8$$$$$$$$e8$$$$$$$$558bec83ec..56576a..ff15........8945..68........6a..ff15\")) {\r\n sVersion = \"2.3.3-2.6.4\";\r\n bDetected = true;\r\n } else if (PE.compareEP(\"e80000000060e8$$$$$$$$e8$$$$$$$$8b4424..508b4424..50e8$$$$$$$$558bec83ec..5356576a..ff15\")) {\r\n sVersion = \"2.3.3-2.6.4\";\r\n bDetected = true;\r\n } else if (PE.compareEP(\"60e8$$$$$$$$e8$$$$$$$$e8$$$$$$$$558bec83ec..56576a..ff15........8945..68........6a..ff15\")) {\r\n sVersion = \"2.0.0-2.3.0\";\r\n bDetected = true;\r\n } else if (PE.compareEP(\"eb$$b8........8338..74..50ff70..ff3050830424..e8$$$$$$$$558beca1........53568b75..85c0578bde75..6a..68........68........ff15\")) {\r\n sVersion = \"2.36\";\r\n bDetected = true;\r\n }\r\n\r\n return result();\r\n}\r\n" }, { "path": "db/PE/packer_Mystic_Compressor.2.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"packer\", \"Mystic Compressor\");\n\nfunction detect() {\n if (PE.compareEP(\"558bec83ec..6a..ff35........6a..ff15........8d55..5268........68........ff15........6a..ff35\")) {\n bDetected = true;\n } else if (PE.compareEP(\"558bec83c4..68........ff15........8945..68........ff75..ff15........8945..8d55..526a..68\")) {\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/PE/packer_NETZ.2.sg", "content": "// Detect It Easy: detection rule file\r\n// Author: horsicq \r\n\r\nmeta(\"packer\", \".NETZ\");\r\n\r\nfunction detect() {\r\n if (PE.isNetObjectPresent(\"NetzStarter\") && PE.isSignatureInSectionPresent(0, \"00'NetzStarter'00'netz'00\")) {\r\n bDetected = true;\r\n }\r\n\r\n return result();\r\n}\r\n" }, { "path": "db/PE/packer_NOS_Packer.2.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"packer\", \"NOS Packer\");\n\nfunction detect() {\n if (PE.compareEP(\"50e8000000005b81eb........b9........2bd98bf381eb........8bfb81eb........575156e8........83c4..8bab........8d2c2b4d8a4d..80f9..74..83ed..8bd32b53\")) {\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/PE/packer_NTPacker.2.sg", "content": "// Detect It Easy: detection rule file\r\n// Author: horsicq \r\n\r\n// https://hacking-software-free-download.blogspot.com/2013/02/nt-packer-v21.html\r\nmeta(\"packer\", \"NTPacker\");\r\n\r\nfunction detect() {\r\n if (PE.compareEP(\"558BEC83C4E05333C08945E08945E48945E88945ECB8........E8....FFFF33C05568\")) {\r\n sVersion = \"1.0\";\r\n bDetected = true;\r\n } else if (PE.compareEP(\"4B 57 69 6E 64 6F 77 73 00 10 55 54 79 70 65 73 00 00 3F 75 6E 74 4D 61 69 6E 46 75 6E 63 74 69 6F 6E 73 00 00 47 75 6E 74 42 79 70 61 73 73 00 00 B7 61 50 4C 69 62 75 00 00 00\")) {\r\n sVersion = \"2.0\";\r\n bDetected = true;\r\n }\r\n\r\n return result();\r\n}\r\n" }, { "path": "db/PE/packer_NTShell.2.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"packer\", \"NTSHELL\");\n\nfunction detect() {\n if (PE.compareEP(\"55e8........5d81ed........eb$$eb$$8d85........8dbd........eb$$8db5........eb$$8bcfeb$$2bc84ffdeb$$33dbeb$$8a07eb$$d2c8eb$$2a....eb$$E8\")) {\n sVersion = \"5.0\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/PE/packer_NakedPacker.2.sg", "content": "// Detect It Easy: detection rule file\r\n// Author: horsicq \r\n\r\nmeta(\"packer\", \"NakedPacker\");\r\n\r\nfunction detect() {\r\n if (PE.compareEP(\"60FC0FB605............7531B8........2B05..............................05........A3........E89A000000A3\")) {\r\n sVersion = \"1.0\";\r\n sOptions = \"by BigBoote\";\r\n bDetected = true;\r\n } else if (PE.isSectionNamePresent(\".naked1\") && PE.compareEP(\"60\")) {\r\n bDetected = true;\r\n }\r\n\r\n return result();\r\n}\r\n" }, { "path": "db/PE/packer_NeoLite.2.sg", "content": "// Detect It Easy: detection rule file\r\n// Author: horsicq \r\n\r\n// https://github.com/russdill/Neo-Executable-Decompressor\r\nmeta(\"packer\", \"NeoLite\");\r\n\r\nfunction detect() {\r\n if (PE.compareEP(\"8B4424048D5424FC2305........E8........FF35........50FF25\")) {\r\n sVersion = \"1.0\";\r\n bDetected = true;\r\n } else if (PE.compareEP(\"E9$$$$$$$$8B44....2305........E8$$$$$$$$5351525657C8......5081ED........8D..........B8........8B1D\")) {\r\n sVersion = \"1.0\";\r\n bDetected = true;\r\n } else if (PE.compareEP(\"E9\") && (PE.compareEP(\"'NeoLite'\", 29) || PE.compareEP(\"'NeoLite'\", 33))) {\r\n sVersion = \"1.0\";\r\n bDetected = true;\r\n } else if (PE.compareEP(\"E9A6000000\")) {\r\n sVersion = \"2.0\";\r\n bDetected = true;\r\n } else if (PE.compareEP(\"8B4424042305........50E8........83C404FE05........0BC074\")) {\r\n sVersion = \"2.0\";\r\n bDetected = true;\r\n } else if (PE.compareEP(\"e9$$$$$$$$8b4424..8d5424..2e2305........e8........09c074..2eff35\")) {\r\n sVersion = \"1.01\";\r\n bDetected = true;\r\n } else if (PE.compareEP(\"e9$$$$$$$$e9$$$$$$$$8b4424..8d5424..2e2305........e8........09c074..2eff35\")) {\r\n sVersion = \"1.01\";\r\n bDetected = true;\r\n } else if (PE.compareEP(\"e9$$$$$$$$e9$$$$$$$$8b4424..8d5424..2305........e8........ff35........50ff25\")) {\r\n bDetected = true;\r\n } else if (PE.compareEP(\"e9$$$$$$$$8b4424..8d5424..2305........e8........ff35........50ff25\")) {\r\n sVersion = \"2.0\";\r\n bDetected = true;\r\n } else if (PE.compareEP(\"e9$$$$$$$$8b4424..2305........e8........fe05........ffe0\")) {\r\n sVersion = \"2.0\";\r\n bDetected = true;\r\n }\r\n\r\n return result();\r\n}\r\n" }, { "path": "db/PE/packer_NodeJS_Nexe.2.sg", "content": "// Detect It Easy: detection rule file\r\n// Author: horsicq \r\n\r\n// https://github.com/nexe/nexe\r\nmeta(\"packer\", \"nexe\");\r\n\r\nfunction detect() {\r\n if (!PE.isExportFunctionPresent(\"napi_wrap\"))\r\n return;\r\n\r\n // Has overlay at all\r\n bDetected = PE.isOverlayPresent() && PE.getOverlaySize() >= 0x100 && PE.findString(PE.section[1].FileOffset, PE.section[1].FileSize, \"nexe~~sentinel\") !== -1;\r\n\r\n sLang = \"JavaScript\";\r\n\r\n return result();\r\n}\r\n" }, { "path": "db/PE/packer_NodeJS_Pkg.2.sg", "content": "// Detect It Easy: detection rule file\r\n// Author: horsicq \r\n\r\n// https://github.com/vercel/pkg\r\nmeta(\"packer\", \"pkg\");\r\n\r\nfunction detect() {\r\n if (!PE.isExportFunctionPresent(\"napi_wrap\"))\r\n return;\r\n\r\n // Has overlay at all\r\n bDetected = PE.isOverlayPresent() && PE.getOverlaySize() >= 0x100 && PE.findString(PE.section[1].FileOffset, PE.section[1].FileSize, \"pkg/prelude/bootstrap.js\") != -1;\r\n\r\n sLang = \"JavaScript\";\r\n\r\n return result();\r\n}\r\n" }, { "path": "db/PE/packer_NsPack.2.sg", "content": "// Detect It Easy: detection rule file\r\n// Author: horsicq \r\n\r\nmeta(\"packer\", \"NsPack\");\r\n\r\nfunction getNSPackVersion() {\r\n if (PE.section[0].FileSize > 0 && PE.section[0].FileOffset < 0x200) {\r\n sVersion = \"2.X\";\r\n } else if (PE.section[0].FileSize == 0 && PE.section[0].FileOffset >= 0x200) {\r\n sVersion = \"3.X\";\r\n }\r\n}\r\n\r\nfunction detect() {\r\n var nNumberOfFunctions = PE.getNumberOfImportThunks(0);\r\n if (nNumberOfFunctions == 6 && !PE.getSizeOfCode()) {\r\n if (PE.getImportFunctionName(0, 0) == \"LoadLibraryA\" &&\r\n PE.getImportFunctionName(0, 1) == \"GetProcAddress\" &&\r\n PE.getImportFunctionName(0, 2) == \"VirtualProtect\" &&\r\n PE.getImportFunctionName(0, 3) == \"VirtualAlloc\" &&\r\n PE.getImportFunctionName(0, 4) == \"VirtualFree\" &&\r\n PE.getImportFunctionName(0, 5) == \"ExitProcess\") {\r\n getNSPackVersion();\r\n bDetected = true;\r\n }\r\n }\r\n if (!bDetected) {\r\n if (PE.isLibraryPresent(\"mscoree.dll\") &&\r\n PE.getImportLibraryName(0) == \"KERNEL32.dll\" &&\r\n PE.getImportFunctionName(0, nNumberOfFunctions - 1) == \"GetSystemInfo\") {\r\n getNSPackVersion();\r\n sOptions = \".NET\";\r\n bDetected = true;\r\n } else if (PE.isImportPositionHashPresent(0, 0x86111e49) && PE.isNetObjectPresent(\"nsnet\")) {\r\n sVersion = \"3.X\";\r\n bDetected = true;\r\n } else if (PE.compareEP(\"9c60e8..........83....8d8d........8039..0f..........c601..8bc5\")) {\r\n sVersion = \"3.7\";\r\n bDetected = true;\r\n } else if (PE.compareEP(\"9c60e8........5d83ed..8d9d........8a033c..74..8d9d........8a03\")) {\r\n sVersion = \"3.1\";\r\n bDetected = true;\r\n } else if (PE.compareEP(\"9c60e8........5d83ed..8d85........8338..0f..........c700........8bd5\")) {\r\n sVersion = \"3.6\";\r\n bDetected = true;\r\n } else if (PE.compareEP(\"9c60e8........5d83ed..8d85........8038..0f..........c600..8bd5\")) {\r\n sVersion = \"3.5\";\r\n bDetected = true;\r\n } else if (PE.compareEP(\"9c60e8........5db8........2be88db5........8a063c..74..8bf5\")) {\r\n sVersion = \"2.9\";\r\n bDetected = true;\r\n } else if (PE.compareEP(\"e9$$$$$$$$e9$$$$$$$$e9$$$$$$$$9c60e8........5db8........2be88db5........8b06\")) {\r\n sVersion = \"2.3-2.9\";\r\n bDetected = true;\r\n } else if (PE.compareEP(\"9c60e8........5d83ed..8d85........8038..74..8d85........8038..0f84........c600..8bd5\")) {\r\n sVersion = \"3.3\";\r\n bDetected = true;\r\n }\r\n }\r\n\r\n return result();\r\n}\r\n" }, { "path": "db/PE/packer_Nuitka.2.sg", "content": "// Detect It Easy: detection rule file\n// Author: KDSS-Research (koffidev365supp@gmail.com)\n\n// Rewritten by DosX\n// E-Mail: collab@kay-software.ru\n// GitHub: https://github.com/DosX-dev\n// Telegram: @DosX_dev\n\n// https://github.com/Nuitka/Nuitka\nmeta(\"packer\", \"Nuitka\");\n\nfunction detect() {\n var dataSection = PE.section[\".rdata\"]\n\n if (dataSection && !PE.isRichSignaturePresent()) {\n var dataSectionOffset = dataSection.FileOffset,\n dataSectionSize = dataSection.FileSize;\n\n if (PE.findString(dataSectionOffset, dataSectionSize, \"__nuitka_version__\") != -1) {\n bDetected = true;\n } else if (PE.findString(dataSectionOffset, dataSectionSize, \"NUITKA_ONEFILE_PARENT\") != -1) {\n sOptions = \"OneFile\";\n bDetected = true;\n }\n }\n\n sLang = \"Python\";\n\n return result();\n}" }, { "path": "db/PE/packer_PACKWIN.2.sg", "content": "// Detect It Easy: detection rule file\r\n// Author: horsicq \r\n\r\nmeta(\"packer\", \"PACKWIN\");\r\n\r\nfunction detect() {\r\n if (PE.compareEP(\"8CC0FA8ED0BC....FB060E1F2E........8BF14E8BFE8CDB2E........8EC3FDF3A453B8....50CB\")) {\r\n sVersion = \"1.01p\";\r\n bDetected = true;\r\n }\r\n\r\n return result();\r\n}\r\n" }, { "path": "db/PE/packer_PE-PACK.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"packer\", \"PE-PACK\");\n\nfunction detect() {\n if (PE.compareEP(\"60E8000000005D83ed..80bd..........0f84........c685..........8bc52b..........89..........89\")) {\n sVersion = \"0.99\";\n bDetected = true;\n } else if (PE.compareEP(\"74..E9$$$$$$$$60E8........5D83ED..80............0F84........C685..........8BC52B..........89\")) {\n sVersion = \"1.0\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/PE/packer_PECompact.2.sg", "content": "// Detect It Easy: detection rule file\r\n// Author: horsicq \r\n\r\nmeta(\"packer\", \"PECompact\");\r\n\r\nfunction detect() {\r\n if (PE.compareEP(\"EB0668........C39C60BD........B902......B0908DBD........F3AA01AD........FFB5\")) {\r\n sVersion = \"0.90-0.92\";\r\n bDetected = true;\r\n } else if (PE.compareEP(\"EB0668........C39C60E8........5D555881ED........2B85........0185........50B902\")) {\r\n sVersion = \"0.94\";\r\n bDetected = true;\r\n } else if (PE.compareEP(\"EB$$9C60E8$$$$$$$$8BC483....938BE38B....81EB........87DD8B85........0185........66C785\")) {\r\n sVersion = \"1.68-1.84\";\r\n bDetected = true;\r\n } else if (PE.compareEP(\"eb$$9c60e8$$$$$$$$83c4..8b4424..50505b5d81ed........8b85........0185........66c785\")) {\r\n sVersion = \"1.00-1.3X\";\r\n bDetected = true;\r\n } else if (PE.compareEP(\"eb$$9c60e8$$$$$$$$5d555b81ed........8b85........0185........66c785\")) {\r\n sVersion = \"1.00-1.3X\";\r\n bDetected = true;\r\n } else if (PE.compareEP(\"33C08BC483C004938BE38B5BFC81\")) {\r\n sVersion = \"1.84\";\r\n bDetected = true;\r\n } else if (PE.compareEP(\"B8........05........5064FF350000000064892500000000CC90909090\")) {\r\n sVersion = \"2.0 beta\";\r\n bDetected = true;\r\n } else if (PE.compareEP(\"B8........80002840\")) {\r\n sVersion = \"2.X beta version\";\r\n bDetected = true;\r\n } else if (PE.compareEP(\"B8........5064FF35000000006489250000000033C08908'PECompact2'00\")) {\r\n sVersion = \"3.02.2 or 3.03.21 beta\";\r\n bDetected = true;\r\n } else if (PE.compareEP(\"B8........5064FF..........6489..........33C08908\")) {\r\n sVersion = \"2.20-3.02\";\r\n bDetected = true;\r\n } else if (PE.compareEP(\"B8........5064FF35000000006489250000000033C08908'PEC'\")) {\r\n sVersion = \"2.X\";\r\n if (PE.compareEP(\"32\", 27)) {\r\n sOptions = \"Slim Loader\";\r\n }\r\n bDetected = true;\r\n } else if (PE.compareEP(\"B8........5553515756528D98........8B5318528BE86A406800100000FF7304\")) {\r\n sVersion = \"2.53-2.76\";\r\n bDetected = true;\r\n } else if (PE.compareEP(\"B8........5064ff35........648925........33c0890800000000\")) {\r\n sVersion = \"2.78a-3.11\";\r\n bDetected = true;\r\n } else if (PE.compareEP(\"b8########b8........5553515756528d98\")) {\r\n bDetected = true;\r\n }\r\n if (bDetected) {\r\n var nOffset = PE.findString(0, 0x600, \"PEC2\");\r\n if (nOffset != -1) {\r\n var nBuildNumber = PE.readDword(nOffset + 4);\r\n switch (nBuildNumber) {\r\n case 20206: sVersion = \"2.70\"; break;\r\n case 20240: sVersion = \"2.78a\"; break;\r\n case 20243: sVersion = \"2.79b1\"; break;\r\n case 20245: sVersion = \"2.79bB\"; break;\r\n case 20247: sVersion = \"2.79bD\"; break;\r\n case 20252: sVersion = \"2.80b1\"; break;\r\n case 20256: sVersion = \"2.80b5\"; break;\r\n case 20261: sVersion = \"2.82\"; break;\r\n case 20285: sVersion = \"2.92.0\"; break;\r\n case 20288: sVersion = \"2.93b3\"; break;\r\n case 20294: sVersion = \"2.96.2\"; break;\r\n case 20295: sVersion = \"2.97b1\"; break;\r\n case 20296: sVersion = \"2.98\"; break;\r\n case 20300: sVersion = \"2.98.04\"; break;\r\n case 20301: sVersion = \"2.98.05\"; break;\r\n case 20302: sVersion = \"2.98.06\"; break;\r\n case 20303: sVersion = \"2.99b\"; break;\r\n case 20308: sVersion = \"3.00.2\"; break;\r\n case 20312: sVersion = \"3.01.3\"; break;\r\n case 20317: sVersion = \"3.02.1\"; break;\r\n case 20318: sVersion = \"3.02.2\"; break;\r\n case 20323: sVersion = \"3.03.5b\"; break;\r\n case 20327: sVersion = \"3.03.9b\"; break;\r\n case 20329: sVersion = \"3.03.10b\"; break;\r\n case 20334: sVersion = \"3.03.12b\"; break;\r\n case 20342: sVersion = \"3.03.18b\"; break;\r\n case 20343: sVersion = \"3.03.19b\"; break;\r\n case 20344: sVersion = \"3.03.20b\"; break;\r\n case 20345: sVersion = \"3.03.21b\"; break;\r\n case 20348: sVersion = \"3.03.23b\"; break;\r\n default:\r\n if (nBuildNumber) {\r\n if (X.isVerbose()) sOptions = \"unknown magic: \" + nBuildNumber\r\n }\r\n }\r\n }\r\n } else if (PE.isNet()) {\r\n if (PE.isSignaturePresent(0, 512, \"00'PEC2XO'000000000000..0000..'.rsrc'00\")) {\r\n sVersion = \"2.X-3.X\";\r\n sOptions = \".NET\";\r\n bDetected = true;\r\n } else if (PE.isSignatureInSectionPresent(0, \"'mscoree.dll'000000'CorBindToRuntimeEx'\")) {\r\n sVersion = \"2.X-3.X\";\r\n sOptions = \".NET\";\r\n bDetected = true;\r\n }\r\n }\r\n\r\n return result();\r\n}\r\n" }, { "path": "db/PE/packer_PKLITE.2.sg", "content": "// Detect It Easy: detection rule file\r\n// Author: horsicq \r\n\r\nmeta(\"packer\", \"PKLITE32\");\r\n\r\nfunction detect() {\r\n if (PE.compareEP(\"68........68........68........e8$$$$$$$$558beca1\")) {\r\n sVersion = \"1.1\";\r\n bDetected = true;\r\n } else if (PE.compareEP(\"68........68........B8........2b4424..50e8$$$$$$$$558beca1\")) {\r\n sVersion = \"1.1\";\r\n bDetected = true;\r\n }\r\n\r\n return result();\r\n}\r\n" }, { "path": "db/PE/packer_Pack_Master.2.sg", "content": "// Detect It Easy: detection rule file\r\n// Author: horsicq \r\n\r\nmeta(\"packer\", \"Pack Master\");\r\n\r\nfunction detect() {\r\n if (PE.compareEP(\"60E801000000E883C404E801000000E95D81ED........E804020000E8EB08EB02CD20FF24249A66BE4746\")) {\r\n sVersion = \"1.0\";\r\n bDetected = true;\r\n }\r\n\r\n return result();\r\n}\r\n" }, { "path": "db/PE/packer_Packanoid.2.sg", "content": "// Detect It Easy: detection rule file\r\n// Author: horsicq \r\n\r\nmeta(\"packer\", \"Packanoid\");\r\n\r\nfunction detect() {\r\n if (PE.compareEP(\"BF........BE........E89D000000B8........8B308B7804BB\")) {\r\n sVersion = \"1.0\";\r\n bDetected = true;\r\n }\r\n\r\n return result();\r\n}\r\n" }, { "path": "db/PE/packer_Packman.2.sg", "content": "// Detect It Easy: detection rule file\r\n// Author: horsicq \r\n\r\nmeta(\"packer\", \"Packman\");\r\n\r\nfunction detect() {\r\n if (PE.compareEP(\"0F85..FFFFFF8DB3........EB3D8B460C03C350FF5500568B36\")) {\r\n sVersion = \"0.0.0.1\";\r\n bDetected = true;\r\n } else if (PE.compareEP(\"60E800000000588D..........8D..........8D\")) {\r\n sVersion = \"0.0.0.1\";\r\n bDetected = true;\r\n } else if (PE.compareEP(\"60E8000000005B8D5BC6011B8B138D73146A08590116AD4975FA\")) {\r\n sVersion = \"1.0\";\r\n bDetected = true;\r\n }\r\n\r\n return result();\r\n}\r\n" }, { "path": "db/PE/packer_PeX.2.sg", "content": "// Detect It Easy: detection rule file\r\n// Author: horsicq \r\n\r\nmeta(\"packer\", \"PeX\");\r\n\r\nfunction detect() {\r\n if (PE.compareEP(\"E9$$$$$$$$60e8$$$$$$$$83c404e8\")) {\r\n sVersion = \"0.99\";\r\n bDetected = true;\r\n }\r\n\r\n return result();\r\n}\r\n" }, { "path": "db/PE/packer_Petite.2.sg", "content": "// Detect It Easy: detection rule file\r\n// Author: horsicq \r\n\r\nmeta(\"packer\", \"Petite\");\r\n\r\nfunction detect() {\r\n if (PE.compareEP(\"9C60E8CA......03..04..05..06..07..08\")) {\r\n sVersion = \"1.2\";\r\n bDetected = true;\r\n } else if (PE.compareEP(\"669C60E8$$$$$$$$582c..508bc88bd081c1........81c2........89208be15081\")) {\r\n sVersion = \"1.2\";\r\n bDetected = true;\r\n } else if (PE.compareEP(\"669C60508D8800F000008D90041600008BDC8BE1\")) {\r\n sVersion = \"1.3\";\r\n bDetected = true;\r\n }\r\n /*else if (PE.compareEP(\"B8........669C60508BD8030068........6a..ff....8bcc8da0\")) {\r\n sVersion = \"1.4\";\r\n bDetected = true;\r\n }*/\r\n else if (PE.compareEP(\"669C60508BD803006854BC00006A00FF50148BCC\")) {\r\n sVersion = \"1.4\";\r\n bDetected = true;\r\n } else if (PE.compareEP(\"64FF350000000064892500000000669C60508BD8\")) {\r\n sVersion = \"2.1-2.3\";\r\n bDetected = true;\r\n } else if (PE.compareEP(\"B8........669C60508D..........68........83\")) {\r\n bDetected = true;\r\n } else if (PE.compareEP(\"B8........669C60508D88........8d90........8bdc8be168\")) {\r\n sVersion = \"1.3, 1.3a\";\r\n bDetected = true;\r\n }\r\n /*else if (PE.compareEP(\"B8........669C60508BD803..6854BC....6A..FF50188BCC8DA054BC\")) {\r\n sVersion = \"2.0\";\r\n bDetected = true;\r\n }*/\r\n else if (PE.compareEP(\"B8........6A..68........64FF35........648925........669C6050\")) {\r\n sVersion = \"2.1\";\r\n bDetected = true;\r\n } else if (PE.compareEP(\"B8........68........64FF35........648925........669C6050\")) {\r\n sVersion = \"2.2\";\r\n bDetected = true;\r\n } else if (PE.compareEP(\"b8........669c605033db8d90........68........833a..0f84........8b0a\")) {\r\n sVersion = \"2.2\";\r\n bDetected = true;\r\n } else if (PE.compareEP(\"b8........669c60508bd803..68........6a..ff50\")) {\r\n sVersion = \"1.4-2.2\";\r\n bDetected = true;\r\n } else if (PE.compareEP(\"B8........608DA8........68........6A40680030000068........6A00FF90........8944241CBB........8DB5........8BF850\")) {\r\n sVersion = \"2.X\";\r\n bDetected = true;\r\n }\r\n\r\n return result();\r\n}\r\n" }, { "path": "db/PE/packer_PyInstaller.2.sg", "content": "// Detect It Easy: detection rule file\n\n// Author: DosX\n// E-Mail: collab@kay-software.ru\n// GitHub: https://github.com/DosX-dev\n// Telegram: @DosX_dev\n\nmeta(\"packer\", \"PyInstaller\"); // python = 💩\n\nincludeScript(\"python\");\n\nfunction detect() {\n if (PE.isNet()) return; // Doesn't support .NET files\n\n const overlaySignatureDetected = PE.compareOverlay(\"78da\");\n\n if (overlaySignatureDetected) {\n const rdata = PE.section[\".rdata\"];\n\n if (rdata &&\n PE.findString(\n rdata.FileOffset,\n rdata.FileSize,\n \"PyInstaller: FormatMessageW failed.\"\n ) != -1) {\n bDetected = true;\n }\n }\n\n for (var i = 0; i < PE.getNumberOfResources() && !bDetected; i++) {\n const resSize = PE.getResourceSizeByNumber(i);\n if ((\n resSize == 0x909b && // black\n PE.calculateMD5(PE.getResourceOffsetByNumber(i), resSize) == \"20d36c0a435caad0ae75d3e5f474650c\"\n ) || (\n resSize == 0x952c && // white\n PE.calculateMD5(PE.getResourceOffsetByNumber(i), resSize) == \"f6fbada22d6a6c07ef8fdaa504f117d5\"\n )) {\n\n if (!overlaySignatureDetected) {\n sOptions = \"custom\";\n } else {\n sOptions = PE.section[\".rdata\"] ? \"modified\" : \"packed\";\n }\n\n bDetected = true;\n }\n }\n\n if (!bDetected && overlaySignatureDetected && PE.findSignature(\n PE.getOverlayOffset(),\n PE.getOverlaySize(),\n \"4d45490c0b0a0b0e\"\n ) != -1) {\n sOptions = \"overlay\";\n bDetected = true;\n }\n\n var version;\n\n if (bDetected) {\n for (var i = 0; i < 2 && !version; i++) {\n var sign = PE.findSignature(\n PE.getOverlayOffset(),\n PE.getOverlaySize(),\n \"70 79 74 68 6F 6E'\" + [2, 3][i] + \"'\");\n\n if (sign && PE.findString(sign, 15, \".\") != -1) {\n version = getPythonVersionByDll(PE.getString(sign - 1, 15));\n }\n }\n }\n\n sLang = \"Python\";\n sLangVersion = version;\n\n return result();\n}\n" }, { "path": "db/PE/packer_QuestPowerGUI.2.sg", "content": "// Detect It Easy: detection rule file\n// Author: Arjan Onwezen\n\n// Rewritten by: DosX\n\nmeta(\"packer\", \"Quest PowerGUI\");\n\nfunction detect() {\n bDetected = PE.isNetObjectPresent(\"Quest.PowerGUI.ScriptRunner\");\n\n sOptions = (bDetected && !PE.isConsole()) ? \"Hide console\" : \"\";\n\n sLang = \"PowerShell\";\n\n return result();\n}" }, { "path": "db/PE/packer_RLPack.2.sg", "content": "// Detect It Easy: detection rule file\r\n// Author: horsicq \r\n\r\nmeta(\"packer\", \"RLPack\");\r\n\r\nfunction detect() {\r\n // DLL\r\n var nEP = PE.compareEP(\"807C2408010F85\") ? 11 : 0;\r\n if (PE.compareEP(\"608BDDE8000000005D9532C095899D80000000B8\", nEP)) {\r\n sVersion = \"0.7.3 beta\";\r\n bDetected = true;\r\n } else if (PE.compareEP(\"60E8000000008D6424048B6C24FC8DB5........8D9D........33FF\", nEP)) {\r\n sVersion = \"1.0 beta\";\r\n bDetected = true;\r\n } else if (PE.compareEP(\"60E8000000008B2C2483C404\", nEP)) {\r\n if (PE.compareEP(\"33FFEB\", nEP + 24)) {\r\n sVersion = \"1.11-1.14\";\r\n sOptions = \"aPlib\";\r\n } else if (PE.compareEP(\"33FF6A\", nEP + 24)) {\r\n sVersion = \"1.11-1.14\";\r\n sOptions = \"LZMA\";\r\n } else if (PE.compareEP(\"0000EB\", nEP + 29)) {\r\n sVersion = \"1.15-1.18\";\r\n sOptions = \"aPlib\";\r\n } else if (PE.compareEP(\"00006A\", nEP + 29)) {\r\n sVersion = \"1.15-1.18\";\r\n sOptions = \"LZMA\";\r\n } else if (PE.compareEP(\"33FFE8\", nEP + 55)) {\r\n sVersion = \"1.19-1.20\";\r\n sOptions = \"aPlib\";\r\n } else if (PE.compareEP(\"33FF6A\", nEP + 55)) {\r\n sVersion = \"1.19-1.20\";\r\n sOptions = \"LZMA\";\r\n } else if (PE.compareEP(\"EB0FFF\", nEP + 56)) {\r\n sVersion = \"1.17 Full Edition\";\r\n sOptions = \"aPLib\";\r\n } else if (PE.compareEP(\"6A4068\", nEP + 51)) {\r\n sVersion = \"1.17 Full Edition\";\r\n sOptions = \"LZMA\";\r\n } else if (PE.compareEP(\"33ffe8\", nEP + 60)) {\r\n sVersion = \"1.21\";\r\n sOptions = \"aPLib\";\r\n }\r\n\r\n bDetected = true;\r\n } else if (PE.getNumberOfImports() === 1 && PE.compareEP(\"60\") && PE.isSectionNamePresent(\".RLPack\")) {\r\n bDetected = true;\r\n }\r\n\r\n return result();\r\n}\r\n" }, { "path": "db/PE/packer_SC_Pack.2.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"packer\", \"SC Pack\");\n\nfunction detect() {\n if (PE.compareEP(\"558bec83c4..5356578d7d..50e8........5825........05........8945\")) {\n sVersion = \"0.2\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/PE/packer_SecuPack.2.sg", "content": "// Detect It Easy: detection rule file\r\n// Author: horsicq \r\n\r\nmeta(\"packer\", \"SecuPack\");\r\n\r\nfunction detect() {\r\n if (PE.compareEP(\"558BEC83C4F053565733C08945F0B8CC3A4000E8E0FCFFFF33C05568EA3C400064FF306489206A0068800000006A036A006A\")) {\r\n sVersion = \"1.5\";\r\n sOptions = \"Soft Stuttgart\";\r\n bDetected = true;\r\n }\r\n\r\n return result();\r\n}\r\n" }, { "path": "db/PE/packer_SerGreen_Appacker.2.sg", "content": "// Detect It Easy: detection rule file\r\n// Author: horsicq \r\n\r\nmeta(\"packer\", \"SerGreen Appacker\");\r\n\r\nfunction detect() {\r\n if (PE.isNet() && PE.compareOverlay(\"''\")) {\r\n sVersion = \"1.XX\";\r\n bDetected = true;\r\n }\r\n\r\n return result();\r\n}\r\n" }, { "path": "db/PE/packer_SimplePackerByEronana.2.sg", "content": "// Detect It Easy: detection rule file\n\n// Author: DosX\n// E-Mail: collab@kay-software.ru\n// GitHub: https://github.com/DosX-dev\n// Telegram: @DosX_dev\n\n// https://github.com/Eronana/packer\nmeta(\"packer\", \"Eronana\");\n\nfunction detect() {\n if (PE.isSectionNamePresent(\".packer\") && PE.compareEP(\"60 68 00 ?? ?? ?? E8 17 FC FF FF 89 45 FC 61 FF 65 FC 00 00 00 00 00 00 00 00 00\")) {\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/PE/packer_Simple_Pack.2.sg", "content": "// Detect It Easy: detection rule file\r\n// Author: horsicq \r\n\r\nmeta(\"packer\", \"Simple Pack\");\r\n\r\nfunction detect() {\r\n if (PE.compareEP(\"60e8$$$$$$$$5b8d5b..6a..ff93........89c58b7d..8d74....8dbe........8b86........09c075..8d83........506a..68........55ff93\")) {\r\n sVersion = \"1.0\";\r\n bDetected = true;\r\n } else if (PE.compareEP(\"60e8$$$$$$$$5b8d5b..bd........8b7d..8d74....8dbe........0fb776..4e8b47..09c074..0fb747..09c074..6a..68........ff77..6a..ff93\")) {\r\n sVersion = \"1.2X\";\r\n bDetected = true;\r\n } else if ((PE.compareEP(\"6050\") || PE.compareEP(\"55\")) && PE.isSectionNamePresent(\".spack\")) {\r\n bDetected = true;\r\n }\r\n\r\n return result();\r\n}\r\n" }, { "path": "db/PE/packer_Software_Compress.2.sg", "content": "// Detect It Easy: detection rule file\r\n// Author: horsicq \r\n\r\nmeta(\"packer\", \"Software Compress\");\r\n\r\nfunction detect() {\r\n if (PE.compareEP(\"E9BE000000608B7424248B7C2428FCB28033DBA4B302E86D0000\")) {\r\n sVersion = \"1.2\";\r\n bDetected = true;\r\n } else if (PE.compareEP(\"E800000000812C24AA1A41005DE800000000832C246E8B855D1A4100\")) {\r\n sVersion = \"1.4 LITE\";\r\n bDetected = true;\r\n }\r\n\r\n return result();\r\n}\r\n" }, { "path": "db/PE/packer_Squishy.2.sg", "content": "// Detect It Easy: detection rule file\r\n// Author: horsicq \r\n// Made by KDSS-Research\r\n\r\nmeta(\"packer\", \"Squishy\");\r\n\r\nfunction detect() {\r\n if (PE.isSectionNamePresent(\"logicoma\")) {\r\n bDetected = true;\r\n }\r\n\r\n return result();\r\n}\r\n" }, { "path": "db/PE/packer_TPP_Pack.2.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"packer\", \"TPP Pack\");\n\nfunction detect() {\n if (PE.compareEP(\"e8$$$$$$$$5d81ed........60e8$$$$$$$$5883c0..ffe0\")) {\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/PE/packer_TheArk.2.sg", "content": "// Detect It Easy: detection rule file\n// Author: KDSS-Research\n\nmeta(\"packer\", \"TheArk\");\n\nfunction detect() {\n if (PE.isSectionNamePresent(\"adr\") && PE.isSectionNamePresent(\"have\") && PE.isSectionNamePresent(\"30cm\") && PE.isSectionNamePresent(\".tw\")) {\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/PE/packer_UPX.2.sg", "content": "// Detect It Easy: detection rule file\r\n// Authors: horsicq, ajax, adoxa, DosX\r\n\r\nmeta(\"packer\", \"UPX\");\r\n\r\nfunction isPatchedUPX() {\r\n var isDetected = 0,\r\n nNumberOfFunctions = PE.getNumberOfImportThunks(0);\r\n\r\n if (nNumberOfFunctions > 1 && nNumberOfFunctions < 7) {\r\n if (PE.getSizeOfCode() && PE.getSizeOfUninitializedData() && PE.section.length > 2 && PE.section[0].FileSize == 0) {\r\n var funcCounter = 0;\r\n\r\n if (PE.getImportFunctionName(0, 0) == \"LoadLibraryA\") {\r\n funcCounter++;\r\n }\r\n\r\n if (PE.getImportFunctionName(0, 1) == \"GetProcAddress\") {\r\n funcCounter++;\r\n }\r\n\r\n if (nNumberOfFunctions == 4) {\r\n if (PE.getImportFunctionName(0, 2) == \"VirtualProtect\") {\r\n funcCounter++;\r\n }\r\n\r\n if (PE.getImportFunctionName(0, 3) == \"ExitProcess\") {\r\n funcCounter++;\r\n }\r\n }\r\n\r\n if (nNumberOfFunctions >= 3 && funcCounter < 4) {\r\n if (PE.getImportFunctionName(0, 2) == \"ExitProcess\") {\r\n funcCounter++;\r\n } else if (PE.isDll()) {\r\n if (PE.getImportFunctionName(0, 2) == \"VirtualProtect\") {\r\n funcCounter++;\r\n }\r\n }\r\n }\r\n\r\n if (nNumberOfFunctions == 6) {\r\n if (PE.getImportFunctionName(0, 2) == \"VirtualProtect\") {\r\n funcCounter++;\r\n }\r\n\r\n if (PE.getImportFunctionName(0, 3) == \"VirtualAlloc\") {\r\n funcCounter++;\r\n }\r\n\r\n if (PE.getImportFunctionName(0, 4) == \"VirtualFree\") {\r\n funcCounter++;\r\n }\r\n\r\n if (PE.getImportFunctionName(0, 5) == \"ExitProcess\") {\r\n funcCounter++;\r\n }\r\n }\r\n\r\n if (funcCounter == 2 && nNumberOfFunctions == 2 ||\r\n funcCounter == 3 && nNumberOfFunctions >= 3 ||\r\n funcCounter == 4 && nNumberOfFunctions == 4 ||\r\n funcCounter == 6 && nNumberOfFunctions == 6) {\r\n isDetected = true;\r\n }\r\n\r\n if (isDetected) {\r\n if (PE.getAddressOfEntryPoint() == 0x00001018) {\r\n // (Win)Upack\r\n isDetected = false;\r\n }\r\n }\r\n }\r\n }\r\n\r\n return isDetected;\r\n}\r\n\r\nfunction getUPXOptions(nOffset) {\r\n var nMethod = PE.readByte(nOffset + 2),\r\n nLevel = PE.readByte(nOffset + 3),\r\n sCompression = \"\";\r\n\r\n switch (nMethod) // From http://sourceforge.net/p/upx/code/ci/default/tree/src/conf.h\r\n {\r\n case 2: case 3:\r\n case 4: case 5:\r\n case 6: case 7:\r\n case 8: case 9:\r\n case 10: sCompression = \"NRV\"; break;\r\n case 14: sCompression = \"LZMA\"; break;\r\n case 15: sCompression = \"zlib\"; break;\r\n }\r\n\r\n if (sCompression) {\r\n sOptions = sOptions.append(sCompression);\r\n if (nLevel == 8) {\r\n sOptions = sOptions.append(\"best\");\r\n } else {\r\n sOptions = sOptions.append(\"brute\");\r\n }\r\n }\r\n}\r\n\r\nfunction getUPXVersion() {\r\n var nOffset1 = PE.findString(0, 1024, \"$Id: UPX \"),\r\n nOffset2 = PE.findString(0, 1024, \"UPX!\");\r\n\r\n if (nOffset2 != -1) {\r\n getUPXOptions(nOffset2 + 4);\r\n }\r\n\r\n if (nOffset1 != -1) {\r\n sVersion = PE.getString(nOffset1 + 9, 4);\r\n }\r\n\r\n if (!sVersion && nOffset2 != -1) {\r\n sVersion = PE.getString(nOffset2 - 5, 4);\r\n }\r\n\r\n if (sVersion) {\r\n if (+sVersion.toString() != sVersion) {\r\n if (PE.is64()) {\r\n sVersion = \"3.91+\";\r\n } else {\r\n sVersion = \"0.89+\";\r\n }\r\n sOptions = \"modified\";\r\n }\r\n }\r\n}\r\n\r\nfunction detect() {\r\n if (PE.isNet()) return; // Doesn't support .NET\r\n\r\n if (!PE.is64()) {\r\n if (PE.compareEP(\"60BE........8DBE........57\", PE.compareEP(\"807C\") ? 27 : 0)) {\r\n bDetected = true;\r\n } else if (PE.compareEP(\"60e8000000005883e8..508db8........578db0........83cd..31db9090909001db75\")) {\r\n sVersion = \"0.70\";\r\n bDetected = true;\r\n }\r\n } else {\r\n if (PE.compareEP(\"53565755488D35........488DBE........57\", PE.compareEP(\"4889\") ? 24 : 0)) {\r\n bDetected = true;\r\n }\r\n }\r\n\r\n getUPXVersion();\r\n\r\n if (sVersion) {\r\n bDetected = true;\r\n }\r\n\r\n if (!bDetected) {\r\n bDetected = isPatchedUPX();\r\n } else {\r\n if (!sVersion) {\r\n if (PE.is64()) {\r\n sVersion = \"3.91+\"; // UPX 3.91 was the first version with a PE+ support.\r\n }\r\n\r\n sOptions = \"modified\";\r\n } else if (!PE.isSectionNamePresent(\"UPX0\")) {\r\n sOptions = sOptions.append(\"modified\");\r\n }\r\n }\r\n\r\n return result();\r\n}\r\n" }, { "path": "db/PE/packer_VPacker.2.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"packer\", \"VPacker\");\n\nfunction detect() {\n if (PE.compareEP(\"60e8$$$$$$$$558bec83c4..5356578b45..83c0..8b008945..837d....75..e8........8945..e8........8b10\")) {\n sVersion = \"0.02.10\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/PE/packer_VbsToExeConverter.2.sg", "content": "// Detect It Easy: detection rule file\n\n// Author: DosX\n// E-Mail: collab@kay-software.ru\n// GitHub: https://github.com/DosX-dev\n// Telegram: @DosX_dev\n\nmeta(\"packer\", \"Vbs To Exe Converter\");\n\nfunction detect() {\n if (PE.isImportPositionHashPresent(0, 0x182aac68) && PE.compareEP(PE.is64() ?\n \"48 83 EC .. 49 C7 C0 .. .. .. .. 48 31 D2 48 B9 .. .. .. .. .. .. .. .. E8 .. .. .. .. 48 31 C9 E8 .. .. .. .. 48 89 05 .. .. .. ..\" : // 64 bit\n \"68 .. .. .. .. 68 .. .. .. .. 68 .. .. .. .. E8 .. .. .. .. 83 C4 .. 68 .. .. .. .. E8 .. .. .. .. A3 .. .. .. ..\")) { // 32 bit\n bDetected = true;\n }\n\n sLang = \"VBScript\";\n\n return result();\n}" }, { "path": "db/PE/packer_WWPack32.2.sg", "content": "// Detect It Easy: detection rule file\r\n// Author: horsicq \r\n// Enhanced by: DosX\r\n\r\n// https://www.wwpack32.venti.pl/\r\nmeta(\"packer\", \"WWPack32\");\r\n\r\nfunction detect() {\r\n if (PE.compareEP(\"53558be833dbeb$$e8000000005d3e807d....0f84........6083ed..33c033c9\")) {\r\n sVersion = \"1.XX\";\r\n bDetected = true;\r\n } else if (PE.isDll() && PE.section[PE.nLastSection].Name === \".WWP32\") {\r\n bDetected = true;\r\n }\r\n\r\n return result();\r\n}\r\n" }, { "path": "db/PE/packer_WinUpack.2.sg", "content": "// Detect It Easy: detection rule file\r\n// Author: horsicq \r\n\r\nmeta(\"packer\", \"(Win)Upack\");\r\n\r\nfunction detect() {\r\n if (PE.compareEP(\"BE........AD8BF895A533C033\")) {\r\n sVersion = \"0.1X/0.20/0.21/0.24 beta\";\r\n } else if (PE.compareEP(\"BE........AD8BF86A0495A533C0AB\")) {\r\n sVersion = \"0.21 beta\";\r\n } else if (PE.compareEP(\"BE........AD8BF895AD91F3A5ADB5\")) {\r\n sVersion = \"0.24-0.27 beta/0.28 alpha\";\r\n } else if (PE.compareEP(\"BE........AD50FF7634EB7C4801\")) {\r\n switch (PE.readByte(PE.getEntryPointOffset() + 62)) {\r\n case 0x37: sVersion = \"0.37 beta\"; break;\r\n case 0x38: sVersion = \"0.38 beta\"; break;\r\n case 0x39: sVersion = \"0.39 final\"; break;\r\n case 0x3A: sVersion = \"0.399\"; break;\r\n }\r\n } else if (PE.compareEP(\"6A07BE........AD8BF85995F3A5\")) {\r\n sVersion = \"0.22/0.23 beta\";\r\n } else if (PE.compareEP(\"BE........AD50..AD91F3A5\")) {\r\n sVersion = \"0.32 beta\";\r\n sOptions = \"Patch\";\r\n } else if (PE.compareEP(\"BE........AD50..AD91..F3A5\")) {\r\n sVersion = \"0.32 beta\";\r\n } else if (PE.compareEP(\"BE........AD50....AD91F3A5\")) {\r\n sVersion = \"0.32 beta\";\r\n } else if (PE.compareEP(\"BE........AD50AD5066BE....6A..BF\")) {\r\n sVersion = \"0.34\";\r\n } else if (PE.compareEP(\"BE........FF36E9C3000000\")) {\r\n sVersion = \"0.36 beta\";\r\n } else if (PE.compareEP(\"60E809000000..................33C95E870E\")) {\r\n sOptions = \"Alt stub\";\r\n } else if (PE.compare(\"4D5A4C6F61644C696272617279410000504500004C0102004B45524E454C3332\")) {\r\n sVersion = \"0.33\";\r\n } else if (PE.compare(\"4D5A4B45524E454C33322E444C4C00004C6F61644C696272617279410000000047657450726F63416464726573730000\")) {\r\n sVersion = \"0.32\";\r\n } else if (PE.compare(\"4D5A4B45524E454C33322E444C4C00005045\")) {\r\n bDetected = true;\r\n }\r\n\r\n bDetected = bDetected || Boolean(sVersion) || Boolean(sOptions);\r\n\r\n return result();\r\n}\r\n" }, { "path": "db/PE/packer_Windows_PE_Packer_by_Chenzs108.2.sg", "content": "// Detect It Easy: detection rule file\n\n// Author: DosX\n// E-Mail: collab@kay-software.ru\n// GitHub: https://github.com/DosX-dev\n// Telegram: @DosX_dev\n\n// https://github.com/czs108/Windows-PE-Packer\nmeta(\"packer\", \"Windows PE Packer by Chenzs108\");\n\nfunction detect() {\n if (!PE.is64() && !PE.isNet() &&\n PE.getNumberOfSections() > 2 &&\n PE.getNumberOfImports() === 1 &&\n PE.isImportPositionHashPresent(0, 0x1272f45b)) {\n if (PE.compareEP(\"60E8E10000002E0002000000000000\")) {\n var shellSectionByIndex = PE.section[PE.nLastSection];\n\n if (shellSectionByIndex.Characteristics & 0xe0000040) { // R/W/X\n bDetected = true;\n\n if (shellSectionByIndex.Name !== \".shell\") {\n sOptions = \"modified sections\";\n }\n if (PE.getImportLibraryName(0) !== \"Kernel32.dll\") {\n sOptions += (sOptions ? \" and \" : \"modified \") + \"IAT\";\n }\n }\n }\n\n }\n\n return result();\n}" }, { "path": "db/PE/packer_XComp.2.sg", "content": "// Detect It Easy: detection rule file\r\n// Author: horsicq \r\n\r\nmeta(\"packer\", \"XComp\");\r\n\r\nfunction detect() {\r\n if (PE.getNumberOfImports() == 1 &&\r\n PE.isImportPositionHashPresent(0, 0x4bc52e77)) { // GetProcAddress, LoadLibraryA, VirtualAlloc, VirtualFree, VirtualProtect\r\n if (PE.compareEP(\"68........9C60E8$$$$$$$$E8$$$$$$$$5B5D833B00\")) {\r\n bDetected = true;\r\n }\r\n }\r\n\r\n return result();\r\n}\r\n" }, { "path": "db/PE/packer_XPack.2.sg", "content": "// Detect It Easy: detection rule file\r\n// Author: horsicq \r\n\r\nmeta(\"packer\", \"XPack\");\r\n\r\nfunction detect() {\r\n if (PE.getNumberOfImports() == 1 &&\r\n PE.isImportPositionHashPresent(0, 0x6c170ab3)) { // GetProcAddress, LoadLibraryA, VirtualProtect\r\n if (PE.compareEP(\"68........9C60E8$$$$$$$$E8$$$$$$$$5B5D833B00\")) {\r\n bDetected = true;\r\n }\r\n }\r\n\r\n return result();\r\n}\r\n" }, { "path": "db/PE/packer_aPack.2.sg", "content": "// Detect It Easy: detection rule file\r\n// Author: horsicq \r\n\r\nmeta(\"packer\", \"aPack\");\r\n\r\nfunction detect() {\r\n if (PE.compareEP(\"1E068CC88ED8......8EC050BE....33FFFCB6\")) {\r\n sVersion = \"0.62\";\r\n bDetected = true;\r\n } else if (PE.compareEP(\"1E068CCBBA....03DA8D......FC33F633FF484B8EC08EDB\")) {\r\n sVersion = \"0.82\";\r\n bDetected = true;\r\n } else if (PE.compareEP(\"1E068CC88ED805....8EC050BE....33FFFCB2..BD....33C950A4BB....3BF376\")) {\r\n sVersion = \"0.98\";\r\n sOptions = \"-m\";\r\n bDetected = true;\r\n } else if (PE.compareEP(\"8CCBBA....03DAFC33F633FF4B8EDB8D......8EC0B9....F3A54A75\")) {\r\n sVersion = \"0.98b\";\r\n bDetected = true;\r\n } else if (PE.compareEP(\"93071F05....8ED0BC....EA\")) { // exe\r\n sVersion = \"0.98b\";\r\n bDetected = true;\r\n }\r\n\r\n return result();\r\n}\r\n" }, { "path": "db/PE/packer_dePACK.2.sg", "content": "// Detect It Easy: detection rule file\r\n// Author: horsicq \r\n\r\nmeta(\"packer\", \"dePack\");\r\n\r\nfunction detect() {\r\n if (PE.compareEP(\"eb$$6068........68........e8$$$$$$$$558bec60558b75..8b7d..e8........eb..8b1c24c3\")) {\r\n bDetected = true;\r\n } else if (PE.compareEP(\"eb$$6090eb$$61b8........ffe0\")) {\r\n bDetected = true;\r\n }\r\n\r\n return result();\r\n}\r\n" }, { "path": "db/PE/packer_ezip.2.sg", "content": "// Detect It Easy: detection rule file\r\n// Author: horsicq \r\n\r\nmeta(\"packer\", \"ezip\");\r\n\r\nfunction detect() {\r\n if (PE.isOverlayPresent()) {\r\n if (PE.compareEP(\"E919320000E97C2A0000E919240000E9FF230000E91E2E0000E9882E0000E92C250000E9AE150000E9772B0000E987020000E9702E\")) {\r\n bDetected = true;\r\n sVersion = \"1.X\";\r\n }\r\n }\r\n\r\n return result();\r\n}\r\n" }, { "path": "db/PE/packer_hXOR.2.sg", "content": "// Detect It Easy: detection rule file\n// Author: KDSS-Research\n\n// https://github.com/akuafif/hXOR-Packer\nmeta(\"packer\", \"hXOR\");\n\nfunction detect() {\n if (PE.compareEP(\"5589e583ec18c7042402000000ff1538424100e8f8feffff908db426000000005589e583ec18c7042401000000ff1538424100e8d8feffff908db426000000005589e55383ec148b45088b008b003d\")) {\n sVersion = \"0.1\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/PE/packer_hmimys_PE-Pack.2.sg", "content": "// Detect It Easy: detection rule file\r\n// Author: horsicq \r\n\r\nmeta(\"packer\", \"hmimys PE-Pack\");\r\n\r\nfunction detect() {\r\n if (PE.compareEP(\"E8000000005D83ED056A00FF95E10E00008985850E00008B583C03D881C3F8000000\")) {\r\n sVersion = \"0.1\";\r\n bDetected = true;\r\n } else if (PE.compareEP(\"5E83C664AD50AD5083EE6CAD50AD50AD50AD50AD50E8E707\")) {\r\n sVersion = \"1.0\";\r\n bDetected = true;\r\n } else if (PE.compareEP(\"E8$$$$$$$$5EAD50AD5097AD50AD50AD50E8C0010000AD50AD9387DEB9\")) {\r\n sVersion = \"1.2\";\r\n bDetected = true;\r\n } else if (PE.isSectionNamePresent(\"hmimys\")) {\r\n if (PE.compareEP(\"E8\")) {\r\n sVersion = \"1.3\";\r\n bDetected = true;\r\n }\r\n }\r\n\r\n return result();\r\n}\r\n" }, { "path": "db/PE/packer_kkrunchy.2.sg", "content": "// Detect It Easy: detection rule file\r\n// Author: horsicq \r\n\r\nmeta(\"packer\", \"kkrunchy\");\r\n\r\nfunction detect() {\r\n if (PE.compareEP(\"BD........C745..........B8........89450489455450C74510\")) {\r\n sVersion = \"0.23 alpha 2\";\r\n bDetected = true;\r\n } else if (PE.compareEP(\"BD........C745..........FF4D08C6450C058D7D1431C0B40489C1F3ABBF\")) {\r\n sVersion = \"0.2X\";\r\n bDetected = true;\r\n } else if (PE.compareEP(\"bd........c7............fcff4d0831d28d7d30be\")) {\r\n bDetected = true;\r\n } else if (PE.compare(\"'MZfarbrauschPE'\")) {\r\n bDetected = true;\r\n }\r\n\r\n if (bDetected && !PE.isSectionNamePresent(\"kkrunchy\")) {\r\n sOptions = \"modified\";\r\n }\r\n\r\n return result();\r\n}\r\n" }, { "path": "db/PE/packer_mPack.2.sg", "content": "// Detect It Easy: detection rule file\r\n// Author: horsicq \r\n\r\nmeta(\"packer\", \"mPack\");\r\n\r\nfunction detect() {\r\n if (PE.compareEP(\"E90000000060E8140000005D81ED000000006A45E8A30000006800000000E85861E8AA0000004E\")) {\r\n sVersion = \"0.0.2\";\r\n bDetected = true;\r\n } else if (PE.compareEP(\"558BEC83....33C08945F0B8........E867C4FFFF33C05568........64FF306489208D55F033C0E893C8FFFF\")) {\r\n sVersion = \"0.0.3\";\r\n bDetected = true;\r\n }\r\n\r\n return result();\r\n}\r\n" }, { "path": "db/PE/packer_mkfPack.2.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"packer\", \"mkfPack\");\n\nfunction detect() {\n if (PE.compareEP(\"e8$$$$$$$$5b81eb........8b93........536a..68........526a..ff93........5b8bf08bbb........03fb5657e8........83c4..8d93........5253ffe6\")) {\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/PE/packer_nPack.2.sg", "content": "// Detect It Easy: detection rule file\r\n// Author: horsicq \r\n\r\nmeta(\"packer\", \"nPack\");\r\n\r\nfunction detect() {\r\n if (PE.compareEP(\"833D..........7505E901000000C3E841000000B8........2B05........A3........E85E000000E8\")) {\r\n switch (PE.getEntryPointSignature(42, 7)) {\r\n case \"E0010000E8EC06\": sVersion = \"1.1.150.2006.Beta\"; break;\r\n case \"EC010000E8F806\": sVersion = \"1.1.200.2006.Beta\"; break;\r\n default: sVersion = \"1.1.XXX\";\r\n }\r\n\r\n bDetected = true;\r\n } else if (PE.compareEP(\"833D..........7505E901000000C3E846000000E873000000B8........2B05........A3........E89C000000E8\")) {\r\n switch (PE.readDword(PE.getEntryPointOffset() + 47)) {\r\n case 0x204: sVersion = \"1.1.250.2006.Beta\"; break;\r\n case 0x22D: sVersion = \"1.1.300.2006.Beta\"; break;\r\n case 0x248: sVersion = \"1.1.800.2008.Beta\"; break;\r\n default: sVersion = \"1.1.XXX\";\r\n }\r\n\r\n bDetected = true;\r\n } else if (PE.compareEP(\"833C24..0F84........8D6424\") && PE.isImportPositionHashPresent(0, 0xba8bf4be)) {\r\n bDetected = true;\r\n }\r\n\r\n if (bDetected && !PE.isSectionNamePresent(\".nPack\")) {\r\n sOptions = \"modified\";\r\n }\r\n\r\n return result();\r\n}\r\n" }, { "path": "db/PE/packer_netshrink.2.sg", "content": "// Detect It Easy: detection rule file\r\n// Author: horsicq \r\n\r\nmeta(\"packer\", \".netshrink\");\r\n\r\nfunction detect() {\r\n if (PE.isNet()) {\r\n if (PE.isSignatureInSectionPresent(0, \"20fe2b136028........13..203b28136028........13..11..11..161f4028........26\")) {\r\n sVersion = \"2.01 Demo\";\r\n sOptions = \"Encrypted/Password mode\";\r\n bDetected = true;\r\n } else if (PE.isSignatureInSectionPresent(0, \"20ad65133228........13..206866133228........13..11..11..161f4028........26\")) {\r\n sVersion = \"2.01 Demo\";\r\n sOptions = \"Encrypted/Password mode\";\r\n bDetected = true;\r\n } else if (PE.isSignatureInSectionPresent(0, \"20b9059f0728........13..2066059f0728........13..11..11..161f4028........26\")) {\r\n sVersion = \"2.01 Demo\";\r\n bDetected = true;\r\n } else if (PE.isSignatureInSectionPresent(0, \"20e6ea19be28........13..2039ea19be28........13..11..11..161f4028........26\")) {\r\n sVersion = \"2.01 Demo\";\r\n bDetected = true;\r\n }\r\n }\r\n\r\n return result();\r\n}\r\n" }, { "path": "db/PE/packer_ps2exe.2.sg", "content": "// Detect It Easy: detection rule file\n\n// Author: DosX\n// E-Mail: collab@kay-software.ru\n// GitHub: https://github.com/DosX-dev\n// Telegram: @DosX_dev\n\n// https://github.com/MScholtes/PS2EXE\nmeta(\"packer\", \"PS2EXE\");\n\nfunction detect() {\n bDetected = PE.isNetUStringPresent(\"^-([^: ]+)[ :]?([^:]*)$\");\n\n sLang = \"PowerShell\";\n\n return result();\n}" }, { "path": "db/PE/packer_py2exe.2.sg", "content": "// Detect It Easy: detection rule file\r\n// Author: horsicq \r\n\r\nmeta(\"packer\", \"py2exe\");\r\n\r\nfunction detect() {\r\n for (var i = 0; i < PE.getNumberOfResources(); i++) {\r\n // py2exe magic number\r\n if (PE.compare(\"12345678\", PE.resource[i].Offset)) {\r\n bDetected = true;\r\n break;\r\n }\r\n }\r\n\r\n sLang = \"Python\";\r\n\r\n return result();\r\n}\r\n" }, { "path": "db/PE/packer_scr2exe.2.sg", "content": "// Detect It Easy: detection rule file\n// Author: sendersu\n// Edited: DosX\n\n// www.screen-record.com/screen2exe.htm\n\nmeta(\"packer\", \"SCREEN2EXE/SCREEN2SWF\");\n\nfunction detect() {\n var rdataSection = PE.section[\".rdata\"];\n\n if (!PE.is64() && PE.compareEP(\"E8........E9........8BFF558BEC83EC..5356\") && rdataSection && PE.findString(rdataSection.FileOffset, rdataSection.FileSize, \"Video created by SCREEN2EXE/SCREEN2SWF\") != -1) {\n sVersion = PE.getFileVersion().split(\", \").join(\".\");\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/PE/packer_yzPack.2.sg", "content": "// Detect It Easy: detection rule file\r\n// Author: horsicq \r\n\r\nmeta(\"packer\", \"yzPack\");\r\n\r\nfunction detect() {\r\n if (PE.compareEP(\"6033C08D480750E2FD8BEC648B4030780C8B400C\")) {\r\n sVersion = \"1.0-1.1\";\r\n bDetected = true;\r\n } else if (PE.compareEP(\"4D5A52456083EC188BEC8BFC33C0648B4030780C8B400C8B701CAD8B4008EB098B403483C07C8B403CABE9\")) {\r\n sVersion = \"1.2\";\r\n bDetected = true;\r\n } else if (PE.compareEP(\"5A52456083EC188BEC8BFC33C0648B4030780C8B400C8B701CAD8B4008EB098B403483C07C8B403CABE9\")) {\r\n sVersion = \"1.12\";\r\n bDetected = true;\r\n } else if (PE.compareEP(\"25........6187CC5545455581EDCA00000055A4B302FF142473F833C9FF1424731833C0FF1424731FB3\")) {\r\n sVersion = \"2.0\";\r\n bDetected = true;\r\n }\r\n /* else if (PE.isSignaturePresent(0, 512, \"'MZKERNEL32'\")) { // false detect (Win)Upack\r\n sVersion = \"2.0\";\r\n bDetected = true;\r\n } */\r\n\r\n return result();\r\n}\r\n" }, { "path": "db/PE/patcher_CodeFusion_Wizard.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"patcher\", \"CodeFusion Wizard\");\n\nfunction detect() {\n if (PE.compareEP(\"558bec83c4..535657e8........e8........33c05568........64ff30648920e8........e8........a3........833d\")) {\n if (PE.compareOverlay(\"'@._P-DATA_.@'\")) {\n bDetected = true;\n }\n }\n\n return result();\n}" }, { "path": "db/PE/patcher_PMaker.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"patcher\", \"PMAKER\");\n\nfunction detect() {\n if (PE.compareEP(\"68........e8........6a..e8........a3........8b58..03d80fb743..0fb74b..8d7c18..813f........74..83c7\")) {\n sVersion = \"0.9\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/PE/patcher_RPP.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"patcher\", \"R!SC Process Patcher\");\n\nfunction detect() {\n if (PE.compareEP(\"68........c705................68........68........6a..6a..6a..6a..6a..6a..6a..68........e8\")) {\n sVersion = \"1.X\";\n sOptions = \"by R!SC\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/PE/patcher_RTPatch.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"patcher\", \"RTPatch\");\n\nfunction detect() {\n if (PE.compareOverlay(\"4B2A9A\") || PE.compareOverlay(\"4B2A84\")) {\n if (PE.compareEP(\"64a1........558bec6a..68........68........50648925........83ec..5356578965..ff15\")) {\n sVersion = \"10.50\";\n bDetected = true;\n }\n }\n\n return result();\n}" }, { "path": "db/PE/patcher_dUP.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"patcher\", \"dUP diablo2oo2's Universal Patcher\");\n\nfunction detect() {\n if (PE.compareEP(\"e8$$$$$$$$558bec81c4........5657536a..e8........a3........c745..........6a..68\")) {\n if (PE.getNumberOfResources() > 0) {\n nOffset = PE.getResourceNameOffset(\"DLL\"); {\n if (PE.compare(\"a2\", nOffset)) {\n sVersion = \"2.0\";\n bDetected = true;\n }\n }\n }\n\n }\n\n return result();\n}" }, { "path": "db/PE/patcher_simple_patch.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"patcher\", \"simple patch\");\n\nfunction detect() {\n if (PE.compareEP(\"33c040c2\")) {\n bDetected = true;\n } else if (PE.compareEP(\"33c0c3\")) {\n bDetected = true;\n } else if (PE.compareEP(\"b801000000c2\")) {\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/PE/player_Power_Screen_Recorder.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"player\", \"Power Screen Recorder\");\n\nfunction detect() {\n if (PE.compareEP(\"eb$$a1........c1e0..a3........526a..e8........8bd0e8........5ae8........e8\")) {\n if (PE.findSignature(PE.getSize() - 0x500, 0x500, \"'xzjtlx'\") != -1) {\n sVersion = \"6.X-7.X\";\n sOptions = \"by www.tlxsoft.com\";\n bDetected = true;\n }\n }\n\n return result();\n}" }, { "path": "db/PE/protection_BattlEye.5.sg", "content": "// Detect It Easy: detection rule file\r\n// Author: horsicq \r\n\r\n// https://www.battleye.com/\r\nmeta(\"protection\", \"BattlEye\");\r\n\r\nfunction detect() {\r\n if (PE.getSectionNameCollision(\"0\", \"1\") === \".be\" && // VMProtect'ed\r\n (PE.isLibraryPresentExp(/ntdll/) || PE.isFunctionPresent(\"CryptCATAdminAcquireContext\")) &&\r\n PE.isSigned()) {\r\n bDetected = true;\r\n\r\n if (PE.isSignaturePresent(0x00, PE.getSize() - PE.getOverlaySize(), \"'https://cdn.battleye.com/%S/%s/%s'\")) {\r\n sVersion = \"Launcher\";\r\n }\r\n }\r\n\r\n return result();\r\n}\r\n" }, { "path": "db/PE/protection_DS.Eutron_SmartKey_dongle.5.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"protection\", \"Eutron SmartKey dongle reference\");\n\nfunction detect() {\n // I'm (adoxa) guessing these don't occur in the overlay, so don't search it (avoid wasting time on big installers).\n var nSize = PE.isOverlayPresent() ? PE.getOverlayOffset() : PE.getSize();\n\n if (nSize > 50000000)\n nSize = 50000000;\n\n if (PE.findString(0, nSize, \"skeydrv.dll\") !== -1) {\n bDetected = true;\n } else {\n var nOffset = 0;\n var foundOffset;\n while ((foundOffset = PE.findString(nOffset, nSize - nOffset, \"\\\\.\\\\\")) !== -1) {\n nOffset = foundOffset + 4;\n if (PE.compare(\"'eusk2'\", nOffset) ||\n PE.compare(\"'Skey-'\", nOffset) ||\n PE.compare(\"'SkeyDev'\", nOffset)) {\n bDetected = true;\n break;\n }\n }\n }\n\n return result();\n}" }, { "path": "db/PE/protection_DS.HASP_dongle.5.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"protection\", \"HASP dongle reference\");\n\nfunction detect() {\n // I'm (adoxa) guessing these don't occur in the overlay, so don't search it (avoid wasting time on big installers).\n var nSize = PE.isOverlayPresent() ? PE.getOverlayOffset() : PE.getSize();\n\n if (nSize > 50000000)\n nSize = 50000000;\n\n if (PE.findString(0, nSize, \"HASPDOSDRV\") != -1 ||\n PE.findString(0, nSize, \"HASPUT16.DLL\") != -1) {\n bDetected = true;\n } else if ((PE.isLibraryPresent(\"MSVBVM60.DLL\") || PE.isLibraryPresent(\"MSVBVM50.DLL\")) && PE.findString(0, nSize, \"haspvb32.dll\") !== -1) {\n sVersion = \"Visual Basic\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/PE/protection_DS.Hardlock_dongle.5.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"protection\", \"Hardlock dongle reference\");\n\nfunction detect() {\n // I'm (adoxa) guessing these don't occur in the overlay, so don't search it (avoid wasting time on big installers).\n var nSize = PE.isOverlayPresent() ? PE.getOverlayOffset() : PE.getSize();\n\n if (nSize > 50000000)\n nSize = 50000000;\n\n var nOffset = 0;\n var foundOffset;\n while (true) {\n foundOffset = PE.findString(nOffset, nSize - nOffset, \"\\\\.\\\\\");\n if (foundOffset === -1) break;\n nOffset = foundOffset + 4;\n if (PE.compare(\"'HARDLOCK.VXD'\", nOffset) ||\n PE.compare(\"'FEnteDev'\", nOffset)) {\n bDetected = true;\n break;\n }\n }\n\n return result();\n}" }, { "path": "db/PE/protection_DS.MARX_Crypto-Box_dongle.5.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"protection\", \"MARX Crypto-Box dongle reference\");\n\nfunction detect() {\n // I'm (adoxa) guessing these don't occur in the overlay, so don't search it (avoid wasting time on big installers).\n var nSize = PE.isOverlayPresent() ? PE.getOverlayOffset() : PE.getSize();\n\n if (nSize > 50000000)\n nSize = 50000000;\n\n if (PE.findString(0, nSize, \"MARXDEV1.SYS\") !== -1) {\n bDetected = true;\n } else {\n var nOffset = 0;\n var foundOffset;\n while (true) {\n foundOffset = PE.findString(nOffset, nSize - nOffset, \"\\\\.\\\\\");\n if (foundOffset === -1) break;\n nOffset = foundOffset + 4;\n if (PE.compare(\"'MARXDEV'\", nOffset) ||\n PE.compare(\"'Cb7Dev'\", nOffset) ||\n PE.compare(\"'CB7'\", nOffset) ||\n PE.compare(\"'CBUSB'\", nOffset)) {\n bDetected = true;\n break;\n }\n }\n }\n\n return result();\n}" }, { "path": "db/PE/protection_DS.Matrix_Hardware_Lock_dongle.5.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"protection\", \"Matrix Hardware Lock dongle reference\");\n\nfunction detect() {\n // I'm (adoxa) guessing these don't occur in the overlay, so don't search it (avoid wasting time on big installers).\n var nSize = PE.isOverlayPresent() ? PE.getOverlayOffset() : PE.getSize();\n\n if (nSize > 50000000)\n nSize = 50000000;\n\n if (PE.findString(0, nSize, \"MxLPT_Sem\") !== -1 ||\n PE.findString(0, nSize, \"MxUSB_Sem\") !== -1) { // PE.findString(0, nSize, \"MATRIX.INI\") != -1\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/PE/protection_DS.NetHASP_dongle.5.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"protection\", \"NetHASP dongle reference\");\n\nfunction detect() {\n // I'm (adoxa) guessing these don't occur in the overlay, so don't search it (avoid wasting time on big installers).\n var nSize = PE.isOverlayPresent() ? PE.getOverlayOffset() : PE.getSize();\n\n if (nSize > 50000000)\n nSize = 50000000;\n\n if (PE.findString(0, nSize, \"NETHASP_00112233445566zz\") !== -1 ||\n PE.findString(0, nSize, \"nethasp.ini\") !== -1) {\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/PE/protection_DS.SenseLock_dongle.5.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"protection\", \"SenseLock dongle reference\");\n\nfunction detect() {\n // I'm (adoxa) guessing these don't occur in the overlay, so don't search it (avoid wasting time on big installers).\n var nSize = PE.isOverlayPresent() ? PE.getOverlayOffset() : PE.getSize();\n\n if (nSize > 50000000)\n nSize = 50000000;\n\n if (PE.findString(0, nSize, \"sense4.dll\") !== -1 ||\n PE.findString(0, nSize, \"S4Open\") !== -1) {\n\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/PE/protection_DS.Sentinel_SuperPro_dongle.5.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"protection\", \"Sentinel SuperPro dongle reference\");\n\nfunction detect() {\n // I'm (adoxa) guessing these don't occur in the overlay, so don't search it (avoid wasting time on big installers).\n var nSize = PE.isOverlayPresent() ? PE.getOverlayOffset() : PE.getSize();\n\n if (nSize > 50000000)\n nSize = 50000000;\n\n // Originally searched for \"RNBOsproInitialize\", \"RNBOsproGetKeyInfo\" and\n // \"RNBOsproGetVersion\", but this should be enough.\n if (PE.findString(0, nSize, \"RNBOspro\") !== -1) {\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/PE/protection_DS.Sentinel_dongle.5.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"protection\", \"Rainbow Sentinel dongle reference\");\n\nfunction detect() {\n // I'm (adoxa) guessing these don't occur in the overlay, so don't search it (avoid wasting time on big installers).\n var nSize = PE.isOverlayPresent() ? PE.getOverlayOffset() : PE.getSize();\n\n if (nSize > 50000000)\n nSize = 50000000;\n\n if (PE.findString(0, nSize, \"SNTNLUSB\") !== -1) {\n bDetected = true;\n } else {\n var nOffset = 0;\n var foundOffset;\n\n while (true) {\n foundOffset = PE.findString(nOffset, nSize - nOffset, \"\\\\.\\\\\");\n if (foundOffset === -1) break;\n nOffset = foundOffset + 4;\n if (PE.compare(\"'SENTINEL.VXD'\", nOffset) ||\n PE.compare(\"'SntnlUsb'\", nOffset)) {\n bDetected = true;\n break;\n }\n }\n }\n\n return result();\n}" }, { "path": "db/PE/protection_DS.SoftLok_dongle.5.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"protection\", \"SoftLok dongle reference\");\n\nfunction detect() {\n var nSize = PE.isOverlayPresent() ? PE.getOverlayOffset() : PE.getSize();\n\n if (nSize > 50000000)\n nSize = 50000000;\n\n if (PE.findSignature(0, nSize, \"5c5c2e5c'MNXX'\") !== -1 || PE.findSignature(0, nSize, \"5c5c2e5c'SoftLok'\") !== -1) {\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/PE/protection_DS.Unikey_dongle.5.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"protection\", \"Unikey/Activator dongle reference\");\n\nfunction detect() {\n // I'm (adoxa) guessing these don't occur in the overlay, so don't search it (avoid wasting time on big installers).\n var nSize = PE.isOverlayPresent() ? PE.getOverlayOffset() : PE.getSize();\n\n if (nSize > 50000000)\n nSize = 50000000;\n\n if (PE.findString(0, nSize, \"SSIVDDP.DLL\") !== -1 ||\n PE.findSignature(0, nSize, \"5C004400650076006900630065005C005300530049005000440044005000\") !== -1) { // L\"\\\\Device\\\\SSIPDDP\"\n bDetected = true;\n } else {\n var nOffset = 0;\n var foundOffset;\n while (true) {\n foundOffset = PE.findString(nOffset, nSize - nOffset, \"\\\\.\\\\\");\n if (foundOffset === -1) break;\n nOffset = foundOffset + 4;\n if (PE.compare(\"'SSIPDDP'\", nOffset) ||\n PE.compare(\"'PIPE\\\\SSINetPipe'\", nOffset)) {\n bDetected = true;\n break;\n }\n }\n }\n\n return result();\n}" }, { "path": "db/PE/protection_DS.WIBU_Key_dongle.5.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"protection\", \"WIBU Key dongle reference\");\n\nfunction detect() {\n // I'm (adoxa) guessing these don't occur in the overlay, so don't search it (avoid wasting time on big installers).\n var nSize = PE.isOverlayPresent() ? PE.getOverlayOffset() : PE.getSize();\n\n if (nSize > 50000000)\n nSize = 50000000;\n\n if (PE.findString(0, nSize, \"WIBUKEY\") !== -1 ||\n PE.findString(0, nSize, \"WkWin32.dll\") !== -1 ||\n PE.findString(0, nSize, \"WKWIN32.DLL\") !== -1) {\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/PE/protection_HASP_HL_Protection.5.sg", "content": "// Detect It Easy: detection rule file\n// Author: ajax\n// History:\n// 23:45 16.01.2013 add HASP SRM x32 1.X and HASP SRM x64 1.x\n// 15:40 19.01.2013 change name\n// 0:01 12.02.2013 add HASP 4/HL x32\n\nmeta(\"protection\", \"HASP HL/SRM\");\n\nfunction detect() {\n if (!PE.is64()) {\n if (PE.compareEP(\"558bec535657608bc4a3........b8........2b05........a3........833d..........74..8b0d........51ff15\")) {\n sVersion = \"4.X\";\n sOptions = \"HL\";\n bDetected = true;\n } else if (PE.compareEP(\"57565351E801000000..5805........508B3003F02BC08BFE66AD\")) {\n sVersion = \"1.X\";\n sOptions = \"SRM\";\n bDetected = true;\n } else if (PE.compareEP(\"558bec535657608bc4a3........b8........2b05........a3........833d..........0f84........a1........50ff15\")) {\n sVersion = \"1.X\";\n sOptions = \"HL\";\n bDetected = true;\n }\n } else {\n if (PE.compareEP(\"5750569C53515241504151488D05........488B304803F0482BC0488BFE66AD\")) {\n sVersion = \"1.X\";\n sOptions = \"SRM\";\n bDetected = true;\n }\n }\n\n return result();\n}" }, { "path": "db/PE/protection_Microsoft_Warbird.2.sg", "content": "// Detect It Easy: detection rule file\n\n// Author: DosX\n// E-Mail: collab@kay-software.ru\n// GitHub: https://github.com/DosX-dev\n// Telegram: @DosX_dev\n\nmeta(\"protection\", \"Microsoft Warbird\");\n\nfunction detect() {\n bDetected = PE.section[\"?g_Encry\"] && PE.isFunctionPresent(\"NtQuerySystemInformation\");\n\n if (bDetected && PE.findSignature(0, PE.getSize() - PE.getOverlaySize(), \"'?g_EncryptedSegmentSystemCall_\"))\n sOptions = \"VM\";\n\n return result();\n}" }, { "path": "db/PE/protection_Softlocx.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"protection\", \"Softlocx\");\n\nfunction detect() {\n if (PE.compareEP(\"eb$$55e8000000005d81ed........8bc555609c2b85........8985........ff74\")) {\n sVersion = \"6.0\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/PE/protection_SteamStub.5.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\n// https://gameindustry.eu/blog/steamstub-drm/\nmeta(\"protection\", \"SteamStub\");\n\nfunction detect() {\n if (PE.compareEP(\"e800000000505351525657558b4424..2d........8bcc83e4..51515150e8........83c4..5959598be1894424..5d5f5e5a595b58c3\")) {\n bDetected = true;\n } else if (PE.compareEP(\"e8000000005053515256575541504151415241534154415541564157488b4c24..4881e9........488bc44883e4..50504883ec..e8........4883c4..5959\")) {\n sOptions = \"x64\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/PE/protection_Wibu_Codemeter.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: sendersu\n// If errors pls contact sendersu on cracklab.team\n\nmeta(\"protection\", \"Wibu Codemeter\");\n\nfunction detect() {\n var nFound = 0;\n var nOffset;\n\n for (var i = 0; i <= PE.nLastSection; i++) {\n nOffset = PE.section[i].FileOffset;\n sSection = PE.section[i].Name;\n if (sSection == \"__wibu00\") {\n ++nFound;\n } else if (sSection == \"__wibu01\") {\n ++nFound;\n }\n // actually you may see many more __wibuXX sections,\n // we test just first two\n if (nFound == 2) {\n bDetected = true;\n break;\n }\n }\n\n return result();\n}" }, { "path": "db/PE/protection_obfus_h.5.sg", "content": "// Detect It Easy: detection rule file\n\n// Author: DosX\n// E-Mail: collab@kay-software.ru\n// GitHub: https://github.com/DosX-dev\n// Telegram: @DosX_dev\n\n// https://github.com/DosX-dev/obfus.h\nmeta(\"protection\", \"obfus.h\");\n\nfunction detect() {\n if ((PE.section[\".obfh\"] || PE.isExportFunctionPresent(\"WhatSoundDoesACowMake\")) && PE.isFunctionPresent(\"vsprintf\"))\n bDetected = true;\n\n sLang = \"C\";\n\n return result();\n}" }, { "path": "db/PE/protection_obfusheader_h.5.sg", "content": "// Detect It Easy: detection rule file\n\n// Author: DosX\n// E-Mail: collab@kay-software.ru\n// GitHub: https://github.com/DosX-dev\n// Telegram: @DosX_dev\n\n// https://github.com/ac3ss0r/obfusheader.h\nmeta(\"protection\", \"obfusheader.h\");\n\nfunction detect() {\n if (PE.section[\".rdata\"] && PE.isFunctionPresent(\"LoadLibraryA\") && PE.isFunctionPresent(\"GetProcAddress\") && PE.isSignaturePresent(\n PE.section[0].FileOffset, PE.getSize() - PE.getOverlaySize(),\n \"00 'Stop reversing the ' ** ** ** **\")) {\n bDetected = true;\n }\n\n const dataSection = PE.section[\".data\"];\n if (dataSection && PE.compare(\"6162636465666768696A6B6C6D6E6F707172737475767778797A534C41494450\", dataSection.FileOffset)) {\n sOptions = \"data consts\";\n bDetected = true;\n }\n\n if (bDetected && PE.section[\".vmp0\"]) {\n sOptions = sOptions.append(\"fake signs\");\n _removeResult(\"protector\", [\"Enigma\", \"SecuROM\", \"Denuvo\", \"Themida/Winlicense\"]);\n }\n\n sLang = \"C++\";\n\n return result();\n}" }, { "path": "db/PE/protector_ACProtect.2.sg", "content": "// Detect It Easy: detection rule file\r\n// Author: horsicq \r\n\r\nmeta(\"protector\", \"ACProtect\");\r\n\r\nfunction detect() {\r\n if (PE.compareEP(\"60F950E801000000..58584950E801000000..5858790466B9B872E801000000\")) {\r\n sVersion = \"1.09g\";\r\n } else if (PE.compareEP(\"E801000000..83\")) {\r\n sVersion = \"1.41\";\r\n } else if (PE.compareEP(\"6050E801000000..83\")) {\r\n sVersion = \"1.3X\";\r\n } else if (PE.compareEP(\"60E801000000..83042406C3\")) {\r\n sVersion = \"1.4X\";\r\n } else if (PE.compareEP(\"600F87020000001BF8E801000000..83042406C3\")) {\r\n sVersion = \"1.90g\";\r\n } else if (PE.compareEP(\"68........68........C3C3\")) {\r\n sVersion = \"2.0.X\";\r\n } else {\r\n var perplexSection = PE.section[\".perplex\"];\r\n\r\n if (perplexSection && (perplexSection.Characteristics & 0xe0000060)) {\r\n sVersion = \"1.X\";\r\n }\r\n }\r\n\r\n bDetected = bDetected || Boolean(sVersion) || Boolean(sOptions);\r\n\r\n return result();\r\n}\r\n" }, { "path": "db/PE/protector_AHTeam_EP_Protector.2.sg", "content": "// Detect It Easy: detection rule file\r\n// Author: horsicq \r\n\r\nmeta(\"protector\", \"AHTeam EP Protector\");\r\n\r\nfunction detect() {\r\n if (PE.compareEP(\"90\") && PE.compareEP(\"90FFE0\", 47)) {\r\n sVersion = \"0.3\";\r\n bDetected = true;\r\n\r\n if (PE.compareEP(\"60E8........5EB9000000002BC0\", 50)) {\r\n sOptions = \"fake k.kryptor 9/kryptor a\";\r\n } else if (PE.compareEP(\"6A0068........E8........BF\", 50)) {\r\n sOptions = \"fake Microsoft Visual C++ 7.0\";\r\n } else switch (PE.getEntryPointSignature(50, 14)) {\r\n case \"60E803000000E9EB045D4555C3E8\": sOptions = \"fake ASPack 2.12\"; break;\r\n case \"60E801000000905D81ED00000000\": sOptions = \"fake ASProtect 1.0\"; break;\r\n case \"538BD833C0A3000000006A00E800\": sOptions = \"fake Borland Delphi 6.0-7.0\"; break;\r\n case \"FC5550E8000000005DEB01E360E8\": sOptions = \"fake PCGuard 4.03-4.15\"; break;\r\n case \"EB03CD20C71EEB03CD20EA9CEB02\": sOptions = \"fake PE Lock NT 2.04\"; break;\r\n case \"E8000000005B83EB05EB04524E44\": sOptions = \"fake PE-Crypt 1.02\"; break;\r\n case \"60E800000000414E414B494E5D83\": sOptions = \"fake PESHiELD 2.X\"; break;\r\n case \"B800000000680000000064FF3500\": sOptions = \"fake PEtite 2.2\"; break;\r\n case \"9C608B442424E8000000005D81ED\": sOptions = \"fake Spalsher 1.X-3.X\"; break;\r\n case \"535152565755E8000000005D81ED\": sOptions = \"fake Stone's PE Encryptor 2.0\"; break;\r\n case \"60E8000000005D81ED06000000EB\": sOptions = \"fake SVKP 1.3X\"; break;\r\n case \"E90000000060E8000000005883C0\": sOptions = \"fake tElock 0.61\"; break;\r\n case \"EB16A85400004741424C4B434743\": sOptions = \"fake VIRUS/I-Worm Hybris\"; break;\r\n case \"5F81EF00000000BE000040008B87\": sOptions = \"fake VOB ProtectCD\"; break;\r\n case \"E8000000005D8100000000006A45\": sOptions = \"fake Xtreme-Protector 1.05\"; break;\r\n case \"E912000000000000000000000000\": sOptions = \"fake ZCode 1.01\"; break;\r\n }\r\n } else if (PE.compareEP(\"55908bec906aff9090\")) {\r\n sVersion = \"0.3\";\r\n sOptions = \"alt\";\r\n bDetected = true;\r\n }\r\n\r\n return result();\r\n}\r\n" }, { "path": "db/PE/protector_ASM_Guard.2.sg", "content": "// Detect It Easy: detection rule file\r\n// Author: horsicq \r\n\r\n// https://github.com/DosX-dev/ASM-Guard\r\nmeta(\"protector\", \"ASM Guard\");\r\n\r\nfunction detect() {\r\n if (PE.isOverlayPresent()) {\r\n if (PE.isSectionNamePresent(\"ASMGUARD\")) {\r\n sVersion = \"2.XX\";\r\n sOptions = \"shell mutation\";\r\n bDetected = true;\r\n } else if (PE.isResourceNamePresent(\"NT.DLL\")) {\r\n bDetected = true;\r\n }\r\n }\r\n\r\n return result();\r\n}\r\n" }, { "path": "db/PE/protector_ASProtect.2.sg", "content": "// Detect It Easy: detection rule file\r\n// Author: horsicq \r\n\r\nmeta(\"protector\", \"ASProtect\");\r\n\r\nfunction detect() {\r\n if (PE.compareEP(\"6801......E801000000C3C3\")) {\r\n sVersion = \"1.23-2.56\";\r\n } else if (PE.compareEP(\"68########9060e8$$$$$$$$5d4555c3\")) {\r\n sVersion = \"SKE 2.1-2.2\";\r\n } else if (PE.compareEP(\"68########60e8$$$$$$$$5d4555c3\")) {\r\n sVersion = \"SKE 2.3-2.5\";\r\n } else if (PE.compareEP(\"60E803000000E9EB045D4555C3E801000000EB5DBBEDFFFFFF03DD81EB00......807D4D01750C8B74242883FE01895D4E75318D45535053FFB5ED0900008D453550E9820000000000000000000000000000000000\")) {\r\n sVersion = \"SKE 2.1/2.2\";\r\n } else if (PE.compareEP(\"9060E803000000E9EB045D4555C3E801000000EB5DBBEDFFFFFF03DD81EB00......807D4D01750C8B74242883FE01895D4E75318D45535053FFB5ED0900008D453550E98200000000000000000000000000000000\")) {\r\n sVersion = \"SKE 2.1/2.2\";\r\n } else if (PE.compareEP(\"9060E803000000E9EB045D4555C3E801000000EB5DBBEDFFFFFF03DD81EB00......807D4D01750C8B74242883FE01895D4E75318D45535053FFB5E50B00008D453550E98200000000000000000000000000000000\")) {\r\n sVersion = \"SKE 2.3\";\r\n } else if (PE.compareEP(\"9060E803000000E9EB045D4555C3E801000000EB5DBBEDFFFFFF03DD81EB00....00807D4D01750C8B74242883FE01895D4E75318D45535053FFB5DD0900008D453550E98200000000000000000000000000000000\")) {\r\n bDetected = true;\r\n } else if (PE.compareEP(\"60E801000000905D81ED........BB........03DD2B9D\")) {\r\n sVersion = \"1.0\";\r\n } else if (PE.compareEP(\"60E9..05\")) {\r\n sVersion = \"1.1 BRS\";\r\n } else if (PE.compareEP(\"60E9........9178797979E9\")) {\r\n sVersion = \"1.1 MTE\";\r\n } else if (PE.compareEP(\"9060E9..04\")) {\r\n sVersion = \"1.1 MTEb\";\r\n } else if (PE.compareEP(\"9060E81B......E9FC\")) {\r\n sVersion = \"MTEc\";\r\n } else if (PE.compareEP(\"60E9..04....E9..............EE\")) {\r\n sVersion = \"1.1\";\r\n } else if (PE.compareEP(\"60E9$$$$$$$$81da........e8$$$$$$$$0fbffe0fbffd\")) {\r\n sVersion = \"1.1\";\r\n } else if (PE.compareEP(\"6801......C3\")) {\r\n sVersion = \"1.2\";\r\n } else if (PE.compareEP(\"9060E803000000E9EB045D4555C3E801000000EB5DBBEDFFFFFF03DD81EB........807D4D01750C8B74242883FE01895D4E75318D45535053FFB5D50900008D453550E98200000000000000000000000000000000\")) {\r\n sVersion = \"1.23 RC4 build 08.07\";\r\n } else if (PE.compareEP(\"60E8........E9........05........B9........AD35........AB4975F6EB045D4555C3\")) {\r\n sVersion = \"1.1\";\r\n }\r\n\r\n bDetected = bDetected || Boolean(sVersion);\r\n\r\n return result();\r\n}\r\n" }, { "path": "db/PE/protector_AT4RE.2.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\n// https://bbs.kanxue.com/thread-67920-1.htm\nmeta(\"protector\", \"AT4RE\");\n\nfunction detect() {\n if (PE.compareEP(\"0f3133c903c8eb$$0f312bc13d........0f83........e9$$$$$$$$b8........33f633db8a1c0680eb\")) {\n sVersion = \"1.0\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/PE/protector_AZProtect_0001.2.sg", "content": "// Detect It Easy: detection rule file\r\n// Author: horsicq \r\n\r\n// https://forum.hellroom.ru/index.php?topic=17435.0\r\nmeta(\"protector\", \"AZProtect 0001\");\r\n\r\nfunction detect() {\r\n if (PE.compareEP(\"EB70FC608C804D110070258100400D91BB608C804D11007021811D610D810040CE608C804D11007025812581258125812961418131611D610040B730\")) {\r\n bDetected = true;\r\n\r\n if (!PE.isSectionNamePresent(\"AZPR0001\")) {\r\n sOptions = \"modified\";\r\n }\r\n }\r\n\r\n return result();\r\n}\r\n" }, { "path": "db/PE/protector_AbyssMedia_ScriptCryptor.2.sg", "content": "// Detect It Easy: detection rule file\n\n// Author: DosX\n// E-Mail: collab@kay-software.ru\n// GitHub: https://github.com/DosX-dev\n// Telegram: @DosX_dev\n\n// https://www.abyssmedia.com/scriptcryptor/\nmeta(\"protector\", \"ScriptCryptor\");\n\nfunction detect() {\n if (PE.isNet() || PE.isRichSignaturePresent() || !PE.getNumberOfExports()) return; // Doesn't support .NET, files with Rich Signature and without exports\n\n if (PE.isResourceNamePresent(\"AOPT\") && PE.isImportPositionHashPresent(0, 0xcf603a7d) && PE.getNumberOfImports() === 15) {\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/PE/protector_ActiveMark.2.sg", "content": "// Detect It Easy: detection rule file\r\n// Author: horsicq \r\n\r\nmeta(\"protector\", \"ActiveMARK\");\r\n\r\nfunction detect() {\r\n if (PE.compareOverlay(\"00'TMSAMVOH'\")) {\r\n sVersion = \"5.X\";\r\n bDetected = true;\r\n } else if (PE.compareEP(\"8925........EB\")) {\r\n bDetected = true;\r\n }\r\n\r\n return result();\r\n}\r\n" }, { "path": "db/PE/protector_Agile.2.sg", "content": "// Detect It Easy: detection rule file\r\n// Author: horsicq \r\n\r\nmeta(\"protector\", \"Agile\");\r\n\r\nfunction detect() {\r\n if (_getNumberOfResults(\"protector\") <= 2 && PE.isNetObjectPresent(\"ObfuscatedByAgileDotNetAttribute\")) {\r\n bDetected = true;\r\n }\r\n\r\n return result();\r\n}\r\n" }, { "path": "db/PE/protector_Alcatraz.2.sg", "content": "// Detect It Easy: detection rule file\n// Author: KDSS-Research\n\n// https://github.com/weak1337/Alcatraz\n// https://www.elastic.co/security-labs/deobfuscating-alcatraz (protector was used in doubleloader)\nmeta(\"protector\", \"Alcatraz\");\n\nfunction detect() {\n if (PE.isSectionNamePresent(\".0Dev\")) { // need more samples\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/PE/protector_Alienyze.2.sg", "content": "// Detect It Easy: detection rule file\n\n// Author: DosX\n// E-Mail: collab@kay-software.ru\n// GitHub: https://github.com/DosX-dev\n// Telegram: @DosX_dev\n// ---\n// First version of detect made by KDSS-Research\n\n// https://alienyze.com/\nmeta(\"protector\", \"Alienyze\");\n\nfunction detect() {\n bDetected = PE.compareEP(\"55 8b ec\") && !PE.getNumberOfImports() && PE.getNumberOfSections() > 4 && PE.getSectionFileOffset(0) == 0x00;\n\n if (bDetected && PE.isSignaturePresent(0, PE.getSize(), \"540068006900730020006D00650073007300610067006500200077006F006E002700740020006100\")) {\n sVersion = \"demo\";\n }\n\n if (bDetected && !PE.isSectionNamePresent(\".alien\")) {\n sOptions = \"modified\";\n }\n\n return result();\n}" }, { "path": "db/PE/protector_AntiDote.2.sg", "content": "// Detect It Easy: detection rule file\r\n// Author: horsicq \r\n\r\nmeta(\"protector\", \"AntiDote\");\r\n\r\nfunction detect() {\r\n if (PE.compareEP(\"E8BBFFFFFF84C0742F680401000068C02360006A00FF1508106000E840FFFFFF50\")) {\r\n sVersion = \"1.0 Beta\";\r\n bDetected = true;\r\n } else if (PE.compareEP(\"6869D60000E8C6FDFFFF6869D60000E8BCFDFFFF83C408E8A4FFFFFF84C074\")) {\r\n sVersion = \"1.2 Beta\";\r\n bDetected = true;\r\n } else if (PE.compareEP(\"e8$$$$$$$$e8000000005853515657508b1c2481\")) {\r\n sVersion = \"1.2 Demo\";\r\n bDetected = true;\r\n } else if (PE.compareEP(\"EB1066623A432B2B484F4F4B90E9083290909090909090909090807C240801\")) {\r\n sVersion = \"1.2 Demo\";\r\n bDetected = true;\r\n } else if (PE.compareEP(\"6890030000E8C6FDFFFF6890030000E8BCFDFFFF6890030000E8B2FDFFFF50\")) {\r\n sVersion = \"1.4 SE\";\r\n bDetected = true;\r\n } else if (PE.compareEP(\"E8F7FEFFFF05CB220000FFE0E8EBFEFFFF05BB190000FFE0E8BD00000008B2\")) {\r\n sVersion = \"1.2 Demo\";\r\n bDetected = true;\r\n } else if (PE.compareEP(\"6895010000E8D0FDFFFF6895010000E8C3FDFFFF6890030000E8BCFDFFFF68\")) {\r\n sVersion = \"1.4 osCE\";\r\n bDetected = true;\r\n } else if (PE.compareEP(\"68....0000E8..FDFFFF68....0000E8..FDFFFF6890030000E8..FDFFFF\")) {\r\n sVersion = \"1.X\";\r\n bDetected = true;\r\n }\r\n\r\n return result();\r\n}\r\n" }, { "path": "db/PE/protector_Anticrack_Software.2.sg", "content": "// Detect It Easy: detection rule file\r\n// Author: horsicq \r\n\r\n// https://www.softpedia.com/get/Security/Encrypting/Anti-Crack-Software-Protector-Basic.shtml\r\nmeta(\"protector\", \"AntiCrack Software Basic\");\r\n\r\nfunction detect() {\r\n if (PE.compareEP(\"60..................E801000000............................................0000......04\")) {\r\n sVersion = \"1.09\";\r\n bDetected = true;\r\n } else if (PE.compareEP(\"60................0000........................E801000000..83042406C3..........00\")) {\r\n sVersion = \"1.09\";\r\n bDetected = true;\r\n }\r\n\r\n return result();\r\n}\r\n" }, { "path": "db/PE/protector_ArmDot.2.sg", "content": "// Detect It Easy: detection rule file\n\n// Author: DosX\n// E-Mail: collab@kay-software.ru\n// GitHub: https://github.com/DosX-dev\n// Telegram: @DosX_dev\n\n// https://www.armdot.com/\nmeta(\"protector\", \"ArmDot\");\n\nfunction detect() {\n if (PE.isNet() &&\n PE.isSignatureInSectionPresent(0, \"20 .. .. .. .. 8D .. .. .. .. FE 0E .. .. 20 .. .. .. .. 8D .. .. .. .. FE 0E .. .. 20 .. .. .. .. 8D .. .. .. .. FE 0E .. .. 20 .. .. .. ..\") &&\n PE.isSignatureInSectionPresent(0, \"20 .. .. .. .. FE 0C .. .. 3F .. .. 00 00 20 .. .. .. .. FE 0C .. .. 3D .. .. 00 00\")) {\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/PE/protector_Armadillo.2.sg", "content": "// Detect It Easy: detection rule file\r\n// Author: horsicq \r\n\r\nmeta(\"protector\", \"Armadillo\");\r\n\r\nfunction detect() {\r\n if (PE.compareEP(\"60E8000000005D50510FCAF7D29CF7D20FCAEB0FB9EB0FB8EB07B9EB0F90EB08FDEB0BF2EBF5EBF6F2EB08FDEBE9F3EBE4FCE99D0FC98BCAF7D1595850510FCAF7D29CF7D20FCAEB0FB9EB0FB8EB07B9EB0F90EB08\")) {\r\n sVersion = \"3.X-9.X\";\r\n bDetected = true;\r\n } else if (PE.compareEP(\"558BEC83EC0C5356578B450850FF15........83C4048945FC8B45FC51B900080000B906000000\")) {\r\n sVersion = \"4.44a public build\";\r\n bDetected = true;\r\n } else if (PE.compareEP(\"E8E3400000E916FEFFFF6A0C68........E8441500008B4D0833FF3BCF762E6AE05833D2F7F13B\")) {\r\n sVersion = \"5.00\";\r\n bDetected = true;\r\n } else if (PE.compareEP(\"837C2408017505E8DE4B0000FF7424048B4C24108B54240CE8EDFEFFFF59C20C006A0C68\")) {\r\n sVersion = \"5.00\";\r\n sOptions = \"DLL\";\r\n bDetected = true;\r\n } else if (PE.compareEP(\"6A..8BB5........C1E6048B85........2507....8079054883C8F84033C98A88........8B95........81E207....8079054A83CAF84233C08A82\")) {\r\n sVersion = \"2.XX\";\r\n sOptions = \"CopyMem II\";\r\n bDetected = true;\r\n } else if (PE.compareEP(\"60E8........5D5051EB0FB9EB0FB8EB07B9EB0F90EB08FDEB0BF2EBF5EBF6F2EB08FDEBE9F3EBE4FCE959586033C9\")) {\r\n sVersion = \"3.00\";\r\n bDetected = true;\r\n } else if (PE.compareEP(\"60E8........5D5051EB0FB9EB0FB8EB07B9EB0F90EB08FDEB0BF2EBF5EBF6F2EB08FDEBE9F3EBE4FCE959585051EB\")) {\r\n sVersion = \"3.00a-3.70a\";\r\n bDetected = true;\r\n } else {\r\n if (PE.getMajorLinkerVersion() == 0x53 && PE.getMinorLinkerVersion() == 0x52) {\r\n for (var i = 0; i <= PE.nLastSection; i++) {\r\n if (PE.compare(\"'PDATA000'\", PE.section[i].FileOffset)) {\r\n sVersion = \"6.X-9.X\";\r\n break;\r\n }\r\n }\r\n if (!sVersion) {\r\n if (PE.section.length > 7) {\r\n sVersion = \"6.X-9.X\";\r\n }\r\n }\r\n bDetected = true;\r\n }\r\n }\r\n\r\n return result();\r\n}\r\n" }, { "path": "db/PE/protector_Arxan.2.sg", "content": "// Detect It Easy: detection rule file\n// Author: securitystar\n\nmeta(\"protector\", \"Arxan\");\n\nfunction detect() {\n if (PE.is64() && !PE.isNet()) {\n if (PE.compareEP(\"40 50 40 51 40 52 40 53 55 56 57 9C 48 83 EC 38 FC B8 01 00 00 00 B9 FF FF 00 00 E0 FE\")) {\n bDetected = true;\n sVersion = \"GuardIT ~2013\";\n } else {\n var ep = skipJumpsAndNops(PE.getEntryPointOffset()),\n rva = PE.compare(\"48 83 EC 28 E8\", ep) ? PE.OffsetToRVA(ep) + PE.readSDword(ep + 5) + 9 : PE.OffsetToRVA(ep);\n\n if (rva != -1) {\n var addr = PE.OffsetToVA(PE.RVAToOffset(rva));\n const limit = 32;\n\n var pushCount = 0;\n\n for (var i = 0; i < limit; i++) {\n if (PE.getDisasmString(addr).indexOf(\"PUSH\") !== 0) break;\n pushCount++;\n addr = PE.getDisasmNextAddress(addr);\n }\n\n if (pushCount > 3 && PE.getDisasmString(addr).indexOf(\"LEA RSP,\") === 0) {\n addr = PE.getDisasmNextAddress(addr);\n\n var movupdCount = 0;\n for (var i = 0; i < limit; i++) {\n if (PE.getDisasmString(addr).indexOf(\"MOVUPD\") !== 0) break;\n movupdCount++;\n addr = PE.getDisasmNextAddress(addr);\n }\n\n if (movupdCount > 0 &&\n PE.getDisasmString(addr) === \"PUSH 0X10\" &&\n PE.getDisasmString(PE.getDisasmNextAddress(addr)) === \"TEST RSP, 0XF\") {\n\n bDetected = true;\n sVersion = \"GuardIT \";\n sVersion += (pushCount < 14 || movupdCount < 16) ? \"12.0+\" : \"2014-2021\";\n }\n }\n }\n }\n }\n\n return result();\n}\n\nfunction skipJumpsAndNops(offset) {\n var rva = PE.OffsetToRVA(offset);\n while (true) {\n const byte = PE.readByte(PE.RVAToOffset(rva));\n if (byte === 0xE9) {\n rva += PE.readSDword(PE.RVAToOffset(rva + 1)) + 5;\n } else if (byte === 0xEB) {\n rva += PE.readSByte(PE.RVAToOffset(rva + 1)) + 2;\n } else if (byte === 0x90) {\n rva++;\n } else {\n break;\n }\n }\n\n return PE.RVAToOffset(rva);\n}" }, { "path": "db/PE/protector_BJFnt.2.sg", "content": "// Detect It Easy: detection rule file\r\n// Author: horsicq \r\n\r\nmeta(\"protector\", \".BJFnt\");\r\n\r\nfunction detect() {\r\n if (PE.compareEP(\"EB01EA9CEB01EA53EB01EA51EB01EA52EB01EA56\")) {\r\n sVersion = \"1.1b\";\r\n bDetected = true;\r\n } else if (PE.compareEP(\"EB0269B183EC04EB03CD20EBEB01EB9CEB01EBEB\")) {\r\n sVersion = \"1.2 RC\";\r\n bDetected = true;\r\n } else if (PE.compareEP(\"EB033A4D3A1EEB02CD209CEB02CD20EB02CD2060\")) {\r\n sVersion = \"1.3\";\r\n bDetected = true;\r\n }\r\n\r\n return result();\r\n}\r\n" }, { "path": "db/PE/protector_Babel_.NET.2.sg", "content": "// Detect It Easy: detection rule file\r\n// Author: horsicq \r\n\r\nmeta(\"protector\", \"Babel .NET\");\r\n\r\nfunction detect() {\r\n if (PE.isNet()) {\r\n if (PE.isNetObjectPresent(\"BabelObfuscatorAttribute\")) {\r\n sVersion = \"1.0-2.X\";\r\n bDetected = true;\r\n } else if (PE.isNetObjectPresent(\"BabelAttribute\")) {\r\n sVersion = \"3.X\";\r\n bDetected = true;\r\n }\r\n\r\n // fake signatures\r\n if (bDetected &&\r\n PE.isNetObjectPresent(\"BabelAttribute\") &&\r\n PE.isNetObjectPresent(\"BabelObfuscatorAttribute\")) {\r\n bDetected = false;\r\n }\r\n }\r\n\r\n return result();\r\n}\r\n" }, { "path": "db/PE/protector_Berio.2.sg", "content": "// Detect It Easy: detection rule file\r\n// Author: horsicq \r\n\r\nmeta(\"protector\", \"Berio\");\r\n\r\nfunction detect() {\r\n if (PE.compareEP(\"909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090E9011200\")) {\r\n sVersion = \"1.00 beta\";\r\n bDetected = true;\r\n } else if (PE.compareEP(\"909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090E9017401\")) {\r\n sVersion = \"2.00 beta\";\r\n bDetected = true;\r\n }\r\n\r\n return result();\r\n}\r\n" }, { "path": "db/PE/protector_ByfronTech.2.sg", "content": "// Detect It Easy: detection rule file\n// Author: @justmazz_\n\nmeta(\"protector\", \"Byfron Technologies\");\n\nfunction detect() {\n // Engine-managed detection flag\n // Set bDetected = true when detection criteria is met\n\n var containsRunExport = false,\n containsTextSection = false,\n containsByfronCodeSection = false,\n containsByfronDataSection = false;\n\n // --- EXPORT DETECTION ---\n // Byfron often exports a function named 'run'\n if (PE.isExportFunctionPresent(\"run\")) {\n containsRunExport = true;\n }\n\n // --- SECTION ANALYSIS ---\n // .text - standard code section\n // .byfron - custom RX section used by Byfron\n // .byfron1 - initialized, discardable data used by Byfron\n\n const FLAGS_RX = 0x60000020, FLAGS_INITIALIZED_DATA_DISCARDABLE = 0x02000040;\n\n for (var i = PE.nLastSection; i >= 0; i--) {\n var sectionName = PE.getSectionName(i),\n sectionCharacteristics = PE.getSectionCharacteristics(i);\n\n if (sectionName == \".text\") {\n containsTextSection = true;\n continue;\n }\n\n if (sectionName == \".byfron\" && sectionCharacteristics == FLAGS_RX) {\n containsByfronCodeSection = true;\n continue;\n }\n\n if (sectionName == \".byfron1\" && sectionCharacteristics == FLAGS_INITIALIZED_DATA_DISCARDABLE) {\n containsByfronDataSection = true;\n continue;\n }\n }\n\n // --- VALIDATION LOGIC ---\n // Conditions typically associated with Byfron:\n // 1. Exported function named 'run'\n // 2. No standard .text section\n // 3. Presence of either .byfron or .byfron1 sections\n\n if (containsRunExport) {\n if (!containsTextSection) {\n if (containsByfronCodeSection || containsByfronDataSection) {\n bDetected = true;\n }\n }\n }\n\n return result();\n}\n" }, { "path": "db/PE/protector_ByteGuard.2.sg", "content": "// Detect It Easy: detection rule file\n\n// Author: DosX\n// E-Mail: collab@kay-software.ru\n// GitHub: https://github.com/DosX-dev\n// Telegram: @DosX_dev\n\n// https://github.com/mt-code/ByteGuard\nmeta(\"protector\", \"ByteGuard\");\n\nfunction detect() {\n if (PE.isNet() && PE.isNetGlobalCctorPresent() && (PE.section[0].Name === \".text\" || PE.isSectionNamePresent(\"UPX\")) &&\n PE.isNetUStringPresent(\"C# version only supports level 1 and 3\") &&\n PE.compareOverlay(\"%% %% %% %% %% %% %% %% %% %% %% %% %% %% %% %% %% %% %% %%\")) {\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/PE/protector_Cameyo.2.sg", "content": "// Detect It Easy: detection rule file\r\n// Author: horsicq \r\n\r\nmeta(\"protector\", \"Cameyo\");\r\n\r\nfunction detect() {\r\n if (PE.isOverlayPresent() && PE.compareOverlay(\"'MZ'\") && PE.getVersionStringInfo(\"ProductName\") == \"Cameyo Application Virtualization\") {\r\n sVersion = PE.getFileVersion();\r\n bDetected = true;\r\n }\r\n\r\n return result();\r\n}\r\n" }, { "path": "db/PE/protector_CliSecure.2.sg", "content": "// Detect It Easy: detection rule file\r\n// Author: horsicq \r\n\r\n// https://marketplace.visualstudio.com/items?itemName=MikeDr.CliSecureObfuscateNETCodeProtectionTool\r\nmeta(\"protector\", \"CliSecure\");\r\n\r\nfunction detect() {\r\n if (PE.isNet()) {\r\n if (PE.isNetObjectPresent(\"ObfuscatedByCliSecureAttribute\")) {\r\n sVersion = \"4.0-5.X\";\r\n bDetected = true;\r\n } else if (PE.isNetObjectPresent(\"CliSecureRd.dll\") || PE.isNetObjectPresent(\"CliSecureRd64.dll\")) {\r\n bDetected = true;\r\n } else if (PE.isSignatureInSectionPresent(0, \"'Cli'00'S'00'e'00'c'00'u'00'r'00'e'\")) {\r\n bDetected = true;\r\n }\r\n } else if (PE.compareEP(\"e9$$$$$$$$558bec81ec4c020000a1........33c58945f483\")) {\r\n sVersion = \"4.5\";\r\n bDetected = true;\r\n }\r\n\r\n return result();\r\n}\r\n" }, { "path": "db/PE/protector_Code-Lock.2.sg", "content": "// Detect It Easy: detection rule file\r\n// Author: horsicq \r\n\r\n// https://web.archive.org/web/20240616203445/http://www.chosenbytes.com/\r\nmeta(\"protector\", \"Code-Lock\");\r\n\r\nfunction detect() {\r\n if (PE.isLibraryPresent(\"CODE-LOCK.OCX\")) {\r\n bDetected = true;\r\n }\r\n\r\n return result();\r\n}\r\n" }, { "path": "db/PE/protector_CodeCrypt.2.sg", "content": "// Detect It Easy: detection rule file\r\n// Author: horsicq \r\n\r\nmeta(\"protector\", \"CodeCrypt\");\r\n\r\nfunction detect() {\r\n if (PE.compareEP(\"E9........EB02833D58EB02FF1D5BEB020FC75F\")) {\r\n switch (PE.readDword(PE.getEntryPointOffset() + 1)) {\r\n case 0x2c5: sVersion = \"0.14b\"; break;\r\n case 0x331: sVersion = \"0.15b\"; break;\r\n case 0x32e: sVersion = PE.compareEP(\"EB03FF1D34\", 20) ? \"0.164\" : \"0.16b-0.163b\";\r\n }\r\n\r\n bDetected = true;\r\n }\r\n\r\n return result();\r\n}\r\n" }, { "path": "db/PE/protector_CodeVeil.2.sg", "content": "// Detect It Easy: detection rule file\r\n// Author: horsicq \r\n\r\nmeta(\"protector\", \"CodeVeil\");\r\n\r\nfunction detect() {\r\n if (PE.compareEP(\"e9$$$$$$$$e9$$$$$$$$8bff60e8$$$$$$$$5ee8\")) {\r\n sVersion = \"1.2\";\r\n bDetected = true;\r\n } else if (PE.isNet()) {\r\n if (PE.isNetObjectPresent(\"____KILL\")) {\r\n sVersion = \"4.X\";\r\n bDetected = true;\r\n } else if (PE.isNetUStringPresent(\"E_TamperDetected\")) {\r\n sVersion = \"3.X-4.X\";\r\n bDetected = true;\r\n }\r\n }\r\n\r\n return result();\r\n}\r\n" }, { "path": "db/PE/protector_Code_Virtualizer.2.sg", "content": "// Detect It Easy: detection rule file\r\n// Author: horsicq \r\n\r\nmeta(\"protector\", \"Code Virtualizer\");\r\n\r\nfunction detect() {\r\n if (PE.compareEP(\"609CFCE8000000005F81EF........8BC781C7........3B472C7502EB2E89472CB9A7000000EB0501448F\")) {\r\n sVersion = \"1.3.1.0\";\r\n bDetected = true;\r\n }\r\n\r\n return result();\r\n}\r\n" }, { "path": "db/PE/protector_Codewall.2.sg", "content": "// Detect It Easy: detection rule file\r\n// Author: horsicq \r\n\r\nmeta(\"protector\", \"CodeWall\");\r\n\r\nfunction detect() {\r\n if (PE.isNet()) {\r\n if (PE.isNetObjectPresent(\"CodeWallTrialVersion\") || PE.isNetObjectPresent(\"CodeWallTrialVersion\\u0001\")) {\r\n sVersion = \"4.X\";\r\n sOptions = \"demo\";\r\n bDetected = true;\r\n } else if (PE.isSignatureInSectionPresent(0, \"9161d281........11..175813..11..11..32..28........11..6f........13..7e........2d..73\")) {\r\n sVersion = \"4.X\";\r\n bDetected = true;\r\n }\r\n }\r\n\r\n return result();\r\n}\r\n" }, { "path": "db/PE/protector_Confuser.2.sg", "content": "// Detect It Easy: detection rule file\n// Author: Levis http://ltops9.wordpress.com/\n\nmeta(\"protector\", \"Confuser\");\n\nfunction getConfuserVersion() {\n var sResult = String();\n\n var nVersionOffset = PE.findString(PE.section[0].FileOffset, PE.section[0].FileSize, \"Confuser v\");\n if (nVersionOffset !== -1) {\n sResult = PE.getString(nVersionOffset + 10);\n }\n\n return sResult;\n}\n\nfunction detect() {\n if (PE.isNetObjectPresent(\"ConfusedByAttribute\")) {\n var sConfuserVersion = getConfuserVersion();\n if (sConfuserVersion) {\n sVersion = sConfuserVersion;\n } else {\n sVersion = \"1.X\";\n }\n\n bDetected = true;\n } else if (PE.isNet()) {\n if (PE.section.length >= 2) {\n var nVersionOffset = PE.findString(PE.section[1].FileOffset, PE.section[1].FileSize, \"ConfuserEx v\");\n if (nVersionOffset != -1) {\n sVersion = PE.getString(nVersionOffset + 12, 7);\n sName = \"ConfuserEx\";\n bDetected = true;\n }\n }\n }\n\n if (PE.getNetAssemblyName().indexOf(\"вє∂ѕ ρяσтє¢тσя\") == 0) {\n sName = \"ConfuserEx\";\n sVersion = \"Bed's mod\";\n bDetected = true;\n } else if (bDetected && PE.isNetObjectPresent(\"DotNetPatcherPackerAttribute\")) {\n sName = \"ConfuserEx\";\n sVersion = \"DotNetPatcher mod\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/PE/protector_CopyMinder.2.sg", "content": "// Detect It Easy: detection rule file\r\n// Author: horsicq \r\n\r\n// https://www.microcosm.com/software-protection/copyminder\r\nmeta(\"protector\", \"CopyMinder\");\r\n\r\nfunction detect() {\r\n if (PE.compareEP(\"8325........EF6A00E8........E8........CCFF25........FF25........FF25........FF25........FF25........FF25........FF25........FF25........FF25........FF25........FF25\")) {\r\n bDetected = true;\r\n }\r\n\r\n return result();\r\n}\r\n" }, { "path": "db/PE/protector_Crinkler.2.sg", "content": "// Detect It Easy: detection rule file\r\n// Author: horsicq \r\n\r\nmeta(\"protector\", \"Crinkler\");\r\n\r\nfunction detect() {\r\n if (PE.compareEP(\"B9........01C068........6A0058506A005F485DBB03000000BE........E9\")) {\r\n sVersion = \"0.1-0.2\";\r\n bDetected = true;\r\n } else if (PE.compareEP(\"B8........31DB43EB58\")) {\r\n sVersion = \"0.3-0.4\";\r\n bDetected = true;\r\n }\r\n\r\n return result();\r\n}\r\n" }, { "path": "db/PE/protector_Crunch.2.sg", "content": "// Detect It Easy: detection rule file\r\n// Author: horsicq \r\n\r\nmeta(\"protector\", \"Crunch\");\r\n\r\nfunction detect() {\r\n if (PE.compareEP(\"EB100000000000000000000000000000000055E800000000\")) {\r\n sVersion = \"4.0\";\r\n bDetected = true;\r\n } else if (PE.compareEP(\"EB1503000000060000000000000000000000680000000055E800000000\")) {\r\n sVersion = \"5.0\";\r\n bDetected = true;\r\n } else if (PE.compareEP(\"55E8........5D83ED068BC5556089AD........2B85\")) {\r\n switch (PE.getEntryPointSignature(32, 2)) {\r\n case \"80BD\": sVersion = \"1.0\"; break;\r\n case \"55BB\": sVersion = \"2.0\"; break;\r\n }\r\n bDetected = true;\r\n }\r\n\r\n return result();\r\n}\r\n" }, { "path": "db/PE/protector_CrypKey.2.sg", "content": "// Detect It Easy: detection rule file\r\n// Author: horsicq \r\n\r\n// https://www.crypkey.com/\r\nmeta(\"protector\", \"CrypKey\");\r\n\r\nfunction detect() {\r\n if (PE.compareEP(\"8B1D........83FB00750AE83C000000E8..0A00008B44240850E8..020000A1\")) {\r\n bDetected = true;\r\n } else if (PE.compareEP(\"E8........5883E805505F578BF781EF........83C639BA........8BDFB90B......8B06\")) {\r\n sVersion = \"5.X-6.X\";\r\n bDetected = true;\r\n } else if (PE.compareEP(\"E8........E8........83F80075076A00E8\")) {\r\n sVersion = \"5.6.X\";\r\n bDetected = true;\r\n } else if (PE.compareEP(\"833D........00753468........E8\")) {\r\n sVersion = \"6.1X\";\r\n bDetected = true;\r\n } else if (PE.compareEP(\"8b4424..50e8$$$$$$$$558bec81c4........5081c4........53c745\")) {\r\n sOptions = \"Core module\";\r\n bDetected = true;\r\n }\r\n\r\n return result();\r\n}\r\n" }, { "path": "db/PE/protector_CrypToCrack.2.sg", "content": "// Detect It Easy: detection rule file\r\n// Author: horsicq \r\n\r\n// https://bbs.kanxue.com/thread-37904.htm\r\nmeta(\"protector\", \"CrypToCrack\");\r\n\r\nfunction detect() {\r\n if (PE.compareEP(\"E801000000E8585B81E300FFFFFF66813B4D5A753784DB75338BF303....813E504500007526\")) {\r\n sVersion = \"0.9.2\";\r\n bDetected = true;\r\n } else if (PE.compareEP(\"5B81E300FFFFFF66813B4D5A75338BF303733C813E5045000075260FB746188BC869C0AD0B0000F7E02DAB5D414B69C9DEC0000003C1\")) {\r\n sVersion = \"0.9.3\";\r\n bDetected = true;\r\n }\r\n\r\n return result();\r\n}\r\n" }, { "path": "db/PE/protector_Cryptect.2.sg", "content": "// Detect It Easy: detection rule file\r\n// Author: horsicq \r\n\r\nmeta(\"protector\", \"Cryptect\");\r\n\r\nfunction detect() {\r\n if (PE.compareEP(\"68........e8$$$$$$$$5052e9$$$$$$$$53660fcb560fb7df9c0fbff381d6........d2e7558bda57\")) {\r\n bDetected = true;\r\n } else if (PE.compareEP(\"68........e8$$$$$$$$525166990fca999cf550c0de..d2d40fb7c3550fabe5f8565766\")) {\r\n bDetected = true;\r\n }\r\n\r\n return result();\r\n}\r\n" }, { "path": "db/PE/protector_CryptoObfuscator.2.sg", "content": "// Detect It Easy: detection rule file\r\n// Author: horsicq \r\n\r\nmeta(\"protector\", \"Crypto Obfuscator\");\r\n\r\nfunction detect() {\r\n if (PE.isNet()) {\r\n if (PE.isSignatureInSectionPresent(0, \"000220....000a20ffffff0028........2a\")) {\r\n sVersion = \"5.X\";\r\n bDetected = true;\r\n } else if (PE.isSignatureInSectionPresent(0, \"0291203fffffff5f1f18620a067e........021758911f1062600a067e\")) {\r\n sVersion = \"5.X\";\r\n bDetected = true;\r\n }\r\n }\r\n\r\n return result();\r\n}\r\n" }, { "path": "db/PE/protector_DBPE.2.sg", "content": "// Detect It Easy: detection rule file\r\n// Author: horsicq \r\n\r\nmeta(\"protector\", \"DBPE\");\r\n\r\nfunction detect() {\r\n if (PE.compareEP(\"9C5557565251539CFAE8........5D81ED5B5340..B0..E8........5E83C611B927......3006464975FA\")) {\r\n sVersion = \"1.53\";\r\n bDetected = true;\r\n } else if (PE.compareEP(\"9C6A10730BEB02C151E806......C41173F75BCD83C404EB0299EBFF0C247101E879E07A017583C4049DEB017568\")) {\r\n sVersion = \"2.10\";\r\n bDetected = true;\r\n } else if (PE.compareEP(\"EB$$9C5557565251539CE8........5D81ED\")) {\r\n switch (PE.readByte(PE.getEntryPointOffset() + 0x5c)) {\r\n case 0xEB: sVersion = \"2.10\"; break;\r\n case 0x9C: sVersion = \"2.33\"; break;\r\n }\r\n bDetected = true;\r\n }\r\n\r\n return result();\r\n}\r\n" }, { "path": "db/PE/protector_DNGuard.2.sg", "content": "// Detect It Easy: detection rule file\r\n// Author: horsicq \r\n\r\nmeta(\"protector\", \"DNGuard\");\r\n\r\nfunction detect() {\r\n if (PE.isNet() && PE.isNetGlobalCctorPresent()) {\r\n if (_getNumberOfResults(\"protector\") <= 1) {\r\n if (PE.isNetObjectPresent(\"ZYXDNGuarder\") || PE.isNetObjectPresent(\"HVMRuntm.dll\")) {\r\n bDetected = true;\r\n } else if (PE.isSignatureInSectionPresent(0, \"'A newer version of DNGuard Runtime library is needed to run this application.'\")) {\r\n bDetected = true;\r\n }\r\n }\r\n } else if (PE.is64()) {\r\n var rdataSection = PE.section[\".rdata\"];\r\n\r\n if (rdataSection &&\r\n PE.isSignaturePresent(rdataSection.FileOffset, rdataSection.FileSize, \"'DNGuard'\") &&\r\n PE.isImportPositionHashPresent(0, 0x38432571) && PE.compareEP(\"48 83 EC 28 E8 07 AD\")) {\r\n bDetected = true;\r\n }\r\n } else if (!PE.is64() && PE.isImportPositionHashPresent(0, 0x99f8b58e)) {\r\n sVersion = \"4.9+\";\r\n bDetected = true;\r\n }\r\n\r\n return result();\r\n}\r\n" }, { "path": "db/PE/protector_DS.Sentinel_SuperPro.2.sg", "content": "// Detect It Easy: detection rule file\r\n// Author: horsicq \r\n\r\nmeta(\"protector\", \"Sentinel SuperPro\");\r\n\r\nfunction detect() {\r\n if (PE.compareEP(\"68........6A016A00FF15........A3........FF15........33C93DB7000000A1\")) {\r\n sVersion = \"6.4.0\";\r\n sOptions = \"Automatic Protection\";\r\n bDetected = true;\r\n } else if (PE.compareEP(\"A1........558B......85C074..85ED75..A1........5055FF15........8B0D\")) {\r\n sVersion = \"6.4.1\";\r\n sOptions = \"Automatic Protection\";\r\n bDetected = true;\r\n } else if (PE.compareEP(\"A1........85C00F85........C705................33C050C70485................E8\")) {\r\n sVersion = \"6.4.5.0\";\r\n sOptions = \"Automatic Protection\";\r\n bDetected = true;\r\n }\r\n\r\n return result();\r\n}\r\n" }, { "path": "db/PE/protector_DYAMAR.2.sg", "content": "// Detect It Easy: detection rule file\r\n// Author: horsicq \r\n\r\nmeta(\"protector\", \"DYAMAR\");\r\n\r\nfunction detect() {\r\n if (PE.isSectionNamePresentExp(/^\\.dyamar[CD]$/)) {\r\n sVersion = \"1.3.5\";\r\n bDetected = true;\r\n }\r\n\r\n return result();\r\n}\r\n" }, { "path": "db/PE/protector_DZA_Patcher.2.sg", "content": "// Detect It Easy: detection rule file\r\n// Author: horsicq \r\n\r\nmeta(\"protector\", \"DZA Patcher\");\r\n\r\nfunction detect() {\r\n if (PE.compareEP(\"EB08'5H40L1N'0060E8000000005D8BD581ED........2B95........83EA108995........8B442420250000FFFF\")) {\r\n sVersion = \"1.3\";\r\n bDetected = true;\r\n } else if (PE.compareEP(\"BF........9968........68........5252525252525257E81501000085C0751C9952525752E8CB000000FF35\")) {\r\n sVersion = \"1.3\";\r\n bDetected = true;\r\n }\r\n\r\n return result();\r\n}\r\n" }, { "path": "db/PE/protector_Daemon_Protect.2.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"protector\", \"Daemon Protect\");\n\nfunction detect() {\n if (PE.compareEP(\"60609c8cc932c9e3$$9d6130e230e231c055e8\")) {\n sVersion = \"0.6.7\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/PE/protector_DalKrypt.2.sg", "content": "// Detect It Easy: detection rule file\r\n// Author: horsicq \r\n\r\nmeta(\"protector\", \"DalKrypt\");\r\n\r\nfunction detect() {\r\n if (PE.compareEP(\"68........5868........5F33DBEB0D8A140380EA0780F2048814034381FB........72EBFFE7\")) {\r\n sVersion = \"1.0\";\r\n bDetected = true;\r\n }\r\n\r\n return result();\r\n}\r\n" }, { "path": "db/PE/protector_DeepSea.2.sg", "content": "// Detect It Easy: detection rule file\r\n// Author: horsicq \r\n\r\nmeta(\"protector\", \"DeepSea\");\r\n\r\nfunction detect() {\r\n if (PE.isNet()) {\r\n var nOffset = PE.findString(PE.section[0].FileOffset, PE.section[0].FileSize, \"DeepSeaObfuscator\");\r\n\r\n if (nOffset !== -1) {\r\n if (PE.compare(\"'Evaluation'\", nOffset + 18)) {\r\n sOptions = \"Evaluation\";\r\n sVersion = \"4.X\";\r\n }\r\n\r\n bDetected = true;\r\n }\r\n }\r\n\r\n return result();\r\n}\r\n" }, { "path": "db/PE/protector_Denuvo.2.sg", "content": "// Detect It Easy: detection rule file\n// Author: deadmau5 \n// Updated: DosX (@DosX-dev)\n// Updated 2: Nitr0-G (@Nitr0-G) (16.05.2025)\n// Updated 3: 0x80000003 (@0x80000003) (20.09.2025)\n// Updated 4: BJNFNE \n\n// https://en.wikipedia.org/wiki/Denuvo\nmeta(\"protector\", \"Denuvo\");\n\nfunction detect() {\n if (PE.isNet()) return; // Native code only\n\n if (PE.isSectionNamePresentExp(/\\.(e|sr|x(p|d))data$/) || PE.isSectionNamePresent(\".arch\") || PE.isSectionNamePresent(\".xtext\") || PE.isSectionNamePresent(\".xtls\")) {\n if (PE.is64()) {\n // Mad Max, Metal Gear Solid: TPP, Rise of the Tomb Raider\n if (PE.compareEP(\"51 52 41 50 41 51 4C 8D ?? ?? ?? ?? ?? 4C 8D ?? ?? ?? ?? ?? 4D 29 C1\")) {\n sVersion = \"1.0\";\n bDetected = true;\n }\n // Lords of the Fallen, Batman: AK, Just Cause 3, Sherlock Holmes: TdD, Tales of Berseria etc\n else if (PE.compareEP(\"48 8D 0D ?? ?? ?? ?? E9 ?? ?? ?? ??\")) {\n sVersion = \"2.0a\";\n bDetected = true;\n }\n // Yesterday Origins\n else if (PE.compareEP(\"48 89 ?? ?? ?? ?? ?? 48 89 ?? ?? ?? ?? ?? 4C 89 ?? ?? ?? ?? ?? 4C 89 ?? ?? ?? ?? ?? 48 83 FA 01\")) {\n sVersion = \"2.0b\";\n bDetected = true;\n }\n // Sniper Ghost Warrior 3 (beta), Dead Rising 4 (SteamStub-free)\n else if (PE.compareEP(\"?? ?? ?? ?? ?? ?? ?? ?? 4C 89 1C 24 49 89 E3\")) {\n sVersion = \"3.0a\";\n bDetected = true;\n }\n // Atomic Heart\n else if (PE.compareEP(\"48 8D 64 24 .. 50 51 52 80 3D .. .. .. .. .. 75 .. 48 8D 05 .. .. .. .. 48 8D 0D .. .. .. ..\")) {\n sVersion = \"17.0\"; // v17.0, what? How?\n bDetected = true;\n }\n // Train Sim World CSX Heavy Haul\n else if (PE.compareEP(\"4D 8D ?? ?? ?? ?? ?? ?? ?? ?? ?? 48 89 ?? ?? ?? ?? ?? 48 8D ?? ?? 48 89 ?? 48 89 ?? 48 89\")) {\n sVersion = \"3.0b\";\n bDetected = true;\n }\n // Hello Kitty : Island Adventure / Unity\n else if (PE.compareEP(\"47 61 6D 65 41 73 73 65 6D 62 6C 79 44 65 6E 75 76 6F 44 72 6D 2E 64 6C 6C\")) {\n sOptions = \"Unity\"; // The actual game exe won't show up as Denuvo because it only loads the GameAssembly.dll which is the one protected by Denuvo\n bDetected = true;\n } else if (PE.isSignaturePresent(PE.section[0].FileOffset, PE.getSize() - PE.getOverlaySize(), \"64 65 6E 75 76 6F 5F 61 74 64 00 00 00 00 00 00\")) {\n bDetected = true;\n }\n\n // Check if steam_api64.dll present\n if (PE.isLibraryPresent(\"steam_api64.dll\")) {\n sOptions = \"Steam\";\n bDetected = true;\n }\n // Check if eossdk-win32-shipping.dll present\n if (PE.isLibraryPresent(\"eossdk-win64-shipping.dll\")) {\n sOptions = \"Epic Games\";\n bDetected = true;\n }\n\n } else {\n // Pro Evolution Soccer 2017, Champions of Anteria\n if (PE.compareEP(\"55 89 E5 8D ?? ?? ?? ?? ?? ?? E8 ?? ?? ?? ?? E8 ?? ?? ?? ?? E8 ?? ?? ?? ?? E8 ?? ?? ?? ??\")) {\n sVersion = \"1.0\";\n bDetected = true;\n }\n // Romance of 13 Kingdoms, 2Dark\n else if (PE.compareEP(\"8D ?? ?? ?? ?? ?? ?? 89 7C 24 04 89 E7\")) {\n sVersion = \"2.0\";\n bDetected = true;\n }\n\n // Check if steam_api.dll present\n if (PE.isLibraryPresent(\"steam_api.dll\")) {\n sOptions = \"Steam\";\n bDetected = true;\n }\n\n // Check if eossdk-win64-shipping.dll present\n if (PE.isLibraryPresent(\"eossdk-win32-shipping.dll\")) {\n sOptions = \"Epic Game Store\";\n bDetected = true;\n }\n\n // Check if uplay_r1_loader.dll present\n if (PE.isLibraryPresent(\"uplay_r1_loader.dll\")) {\n sOptions = \"uPlay\";\n bDetected = true;\n }\n\n }\n }\n\n if (!bDetected) {\n if (PE.isLibraryPresent(\"dbdata.dll\")) {\n // Override additional info\n sOptions = \"FIFA23 series\";\n bDetected = true;\n }\n\n // Check if uplay_r1_loader64.dll present\n if (PE.isLibraryPresent(\"uplay_r1_loader64.dll\")) {\n sOptions = \"uPlay\";\n bDetected = true;\n }\n\n // Check if Core/Activation64.dll present\n if (PE.isLibraryPresentExp(/^Core\\/Activation(64)?.dll$/)) {\n sOptions = \"Origin\";\n bDetected = true;\n }\n\n if (PE.isExportFunctionPresent(\"GetDenuvoTicketLocation\")) {\n bDetected = true;\n }\n\n if (PE.isExportFunctionPresent(\"GetDenuvoTimeTicketRequest\")) {\n bDetected = true;\n }\n\n }\n\n if (PE.isExportFunctionPresentExp(/^ANTICHEAT_OBFUSCATE_.+_CODEMARKER$/)) {\n _setResult(\"marker\", \"Denuvo\", String(), String());\n }\n\n return result();\n}" }, { "path": "db/PE/protector_DotFix_Nice_Protect.2.sg", "content": "// Detect It Easy: detection rule file\r\n// Author: horsicq \r\n\r\nmeta(\"protector\", \"DotFix NiceProtect\");\r\n\r\nfunction detect() {\r\n if (PE.compareEP(\"E9FF000000608B7424248B7C2428FCB28033DBA4B302E86D00000073F633C9E864000000731C33C0E85B0000007323B30241B010E84F00000012C073F7753FAAEBD4E84D0000002BCB7510E842000000EB28ACD1E8\")) {\r\n sVersion = \"2.1-2.5\";\r\n bDetected = true;\r\n } else if (PE.compareEP(\"60E8550000008DBD........68........033C248BF79068........9BDBE355DB04248BC7DB442404DEC1DB1C248B1C2466AD51DB04249090DA8D........DB1C24D1E129\")) {\r\n bDetected = true;\r\n } else if (PE.compareEP(\"60be........8dbe........5783cd..eb$$619090505174..83c8..eb\")) {\r\n bDetected = true;\r\n } else if (PE.compareEP(\"e8$$$$$$$$eb$$5aeb$$524aeb$$eb$$b9........eb$$eb$$dd..eb$$803411..eb$$eb$$e2\")) {\r\n sVersion = \"1.0-2.X\";\r\n bDetected = true;\r\n } else if (PE.compareEP(\"60BE\") && PE.section[\".\"]) {\r\n bDetected = true;\r\n }\r\n\r\n return result();\r\n}\r\n" }, { "path": "db/PE/protector_Dotfuscator.2.sg", "content": "// Detect It Easy: detection rule file\r\n// Author: horsicq \r\n\r\nmeta(\"protector\", \"Dotfuscator\");\r\n\r\nfunction detect() {\r\n if (_getNumberOfResults(\"protector\") <= 2 && PE.isNetObjectPresent(\"DotfuscatorAttribute\")) {\r\n bDetected = true;\r\n }\r\n\r\n return result();\r\n}\r\n" }, { "path": "db/PE/protector_DragonArmor.2.sg", "content": "// Detect It Easy: detection rule file\r\n// Author: horsicq \r\n\r\nmeta(\"protector\", \"DragonArmor\");\r\n\r\nfunction detect() {\r\n if (PE.compareEP(\"BF........83C9FF33C068........F2AEF7D1495168........E8110A000083C40C68\")) {\r\n sVersion = \"0.0.4.1\";\r\n bDetected = true;\r\n }\r\n\r\n if (bDetected && !PE.isSectionNamePresentExp(/^(\\.)?DAStub$/)) {\r\n sOptions = \"modified\";\r\n }\r\n\r\n return result();\r\n}\r\n" }, { "path": "db/PE/protector_ENIGMA.2.sg", "content": "// Detect It Easy: detection rule file\r\n// Author: horsicq \r\n// 07.12.2014 detect x64, build date added //ajax\r\n\r\nmeta(\"protector\", \"Enigma\");\r\n\r\nfunction getEnigmaVersion() {\r\n var nSection = PE.nLastSection,\r\n nOffset = PE.section[nSection].FileOffset,\r\n nSize = PE.section[nSection].FileSize;\r\n\r\n if (nSize == 0) {\r\n nOffset = PE.section[nSection - 1].FileOffset;\r\n nSize = PE.section[nSection - 1].FileSize;\r\n }\r\n\r\n var nVersionOffset = PE.findSignature(nOffset, nSize, \"000000'ENIGMA'\");\r\n if (nVersionOffset != -1) {\r\n\r\n var sMajor = PE.readByte(nVersionOffset + 9),\r\n sMinor = PE.readByte(nVersionOffset + 10),\r\n bYear = PE.readWord(nVersionOffset + 11),\r\n bMonth = PE.readWord(nVersionOffset + 13),\r\n bDay = PE.readWord(nVersionOffset + 15),\r\n bHour = PE.readWord(nVersionOffset + 17),\r\n bMin = PE.readWord(nVersionOffset + 19),\r\n bSec = PE.readWord(nVersionOffset + 21);\r\n\r\n sVersion = sMajor + \".\" + sMinor + \" build \" + bYear + \".\" + bMonth + \".\" + bDay + \" \" + bHour + \":\" + bMin + \":\" + bSec;\r\n return true;\r\n }\r\n nVersionOffset = PE.findSignature(nOffset, nSize, \"'Enigma Protector'\");\r\n if (nVersionOffset != -1) {\r\n sVersion = \"5.X\";\r\n return true;\r\n }\r\n\r\n return false;\r\n}\r\n\r\nfunction getEnigmaVersion4x() {\r\n var nSection = PE.nLastSection,\r\n nOffset = PE.section[nSection - 1].FileOffset,\r\n nSize = PE.section[nSection - 1].FileSize;\r\n\r\n var nVersionOffset = PE.findSignature(nOffset, nSize, \"000000'ENIGMA'\");\r\n\r\n if (nVersionOffset != -1) {\r\n\r\n var sMajor = PE.readByte(nVersionOffset + 9),\r\n sMinor = PE.readByte(nVersionOffset + 10),\r\n bYear = PE.readWord(nVersionOffset + 11),\r\n bMonth = PE.readWord(nVersionOffset + 13),\r\n bDay = PE.readWord(nVersionOffset + 15),\r\n bHour = PE.readWord(nVersionOffset + 17),\r\n bMin = PE.readWord(nVersionOffset + 19),\r\n bSec = PE.readWord(nVersionOffset + 21);\r\n\r\n sVersion = sMajor + \".\" + sMinor + \" build \" + bYear + \".\" + bMonth + \".\" + bDay + \" \" + bHour + \":\" + bMin + \":\" + bSec;\r\n return true;\r\n }\r\n\r\n return false;\r\n}\r\n\r\nfunction getEnigmaVersion_old1x() {\r\n var nSection = PE.nLastSection;\r\n\r\n var nVersionOffset = PE.findSignature(PE.section[nSection].FileOffset, PE.section[nSection].FileSize, \"'ENIGMA'07' PROT'\");\r\n\r\n if (nVersionOffset != -1) {\r\n sVersion = 'v1.14';\r\n return true;\r\n }\r\n\r\n return false;\r\n}\r\n\r\nfunction getEnigmaVersion_old() {\r\n var dataSection = PE.section[\".data\"];\r\n\r\n if (dataSection) {\r\n\r\n var nOffset = dataSection.FileOffset,\r\n nOffset = PE.findString(nOffset, dataSection.FileSize, \"Enigma protector v\");\r\n\r\n if (nOffset != -1) {\r\n sVersion = PE.getString(nOffset + 18, 4);\r\n return true;\r\n }\r\n }\r\n\r\n return false;\r\n}\r\n\r\nfunction detect() {\r\n if (PE.isNet()) {\r\n if (PE.isSignatureInSectionPresent(0, \"000000'ENIGMA'\")) {\r\n bDetected = true;\r\n }\r\n } else {\r\n if (!PE.is64()) {\r\n if (PE.compareEP(\"558bec83c4..b8........e8........9a............e9$$$$$$$$60e8000000005d..ed\")) {\r\n getEnigmaVersion();\r\n bDetected = true;\r\n } else if (PE.compareEP(\"60e8000000005d81ed........81ed........e9\")) {\r\n getEnigmaVersion();\r\n bDetected = true;\r\n } else if (PE.compareEP(\"68........e8$$$$$$$$eb$$83c4..e9$$$$$$$$60e8000000005d81ed\")) {\r\n getEnigmaVersion();\r\n bDetected = true;\r\n } else if (PE.compareEP(\"eb$$e9$$$$$$$$60e8000000005d81ed........81ed........e9\")) {\r\n getEnigmaVersion();\r\n bDetected = true;\r\n } else if (PE.compareEP(\"e8$$$$$$$$83c4..e9$$$$$$$$60e8000000005d81ed........81ed........e9\")) {\r\n getEnigmaVersion();\r\n bDetected = true;\r\n } else if (PE.compareEP(\"60e8000000005d83....81ed\")) { // first versions\r\n getEnigmaVersion_old();\r\n bDetected = true;\r\n } else if (PE.compareEP(\"eb$$e9$$$$$$$$60e8000000005d83....81ed\")) { // 1.14\r\n getEnigmaVersion_old1x();\r\n getEnigmaVersion_old();\r\n bDetected = true;\r\n }\r\n } else if (PE.compareEP(\"5051525355565741504151415241534154415541564157489C4881EC080000000FAE1C24E8000000005D\")) {\r\n getEnigmaVersion();\r\n bDetected = true;\r\n } else if (PE.compareEP(\"eb$$60e8000000005d81ed........81ed........e9\")) {\r\n getEnigmaVersion();\r\n bDetected = true;\r\n }\r\n\r\n if (!bDetected) {\r\n if (PE.getNumberOfImports() > 1 &&\r\n PE.getNumberOfImportThunks(1) == 1 &&\r\n PE.getImportFunctionName(1, 0) == \"MessageBoxA\" &&\r\n PE.getSectionCharacteristics(0) == 0xe0000040 &&\r\n getEnigmaVersion()) {\r\n bDetected = true;\r\n } else if (PE.getSectionNameCollision(\"1\", \"2\") == \"enigma\") {\r\n bDetected = true;\r\n }\r\n }\r\n\r\n if (PE.compareEP(\"60648b2d........3e8b6d..3e8b6d..e8........bb........c3\")) {\r\n getEnigmaVersion4x();\r\n bDetected = true;\r\n }\r\n\r\n }\r\n return result();\r\n}\r\n" }, { "path": "db/PE/protector_EXEFog.2.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"protector\", \"ExeFog\");\n\nfunction detect() {\n if (PE.compareEP(\"56e8$$$$$$$$5e5ee9$$$$$$$$e8$$$$$$$$5d83c5..55c3\") ||\n PE.compareEP(\"52e8$$$$$$$$83c4..5a8be4510fb6c981e5\") ||\n PE.findSignature(PE.getEntryPointOffset(), 0x1000, \"6545c2fb195bbd004040ebef9155f0401897db0024e8e80000008387202e87d17820fb1cb800b0ef0b000000848e\") != -1) {\n sVersion = \"1.1\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/PE/protector_EXE_Password_Protector.2.sg", "content": "// Detect It Easy: detection rule file\n// Author: Eliseu Filipi\n\n// https://exe-password-protector.soft112.com/\nmeta(\"protector\", \"EXE Password Protector\");\n\nfunction detect() {\n if (PE.compareEP(\"6A606810B54000E82E020000BF940000008BC7E822F4FFFF8965E88BF4893E56FF1510B040008B4E10890D00ED40008B4604\")) {\n sVersion = \"1.1\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/PE/protector_Eazfuscator.2.sg", "content": "// Detect It Easy: detection rule file\n\n// Author: DosX\n// E-Mail: collab@kay-software.ru\n// GitHub: https://github.com/DosX-dev\n// Telegram: @DosX_dev\n\n// https://www.gapotchenko.com/eazfuscator.net\nmeta(\"protector\", \"EazFuscator\");\n\nfunction detect() {\n bDetected =\n PE.isNet() &&\n PE.isSignaturePresent(PE.section[0].FileOffset, 1024, \"'fefef'\") &&\n PE.isSignatureInSectionPresent(0, \"00 E2 80 ** E2 80 ** E2 80 ** E2 80 ** E2 80 ** E2 80 ** E2 80 ** E2 80 ** E2 80 ** E2 80 **\");\n\n return result();\n}" }, { "path": "db/PE/protector_Elan_License_Manager.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"protector\", \"Elan License Manager\");\n\nfunction detect() {\n if (PE.compareEP(\"8b4424..83f8..0f85........ff15........8b0d........a3........85c975..3c..75..a9\")) {\n sVersion = \"4.1.3\";\n sOptions = \"1995 by Elan Computer Group, Inc.\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/PE/protector_ElecKey.2.sg", "content": "// Detect It Easy: detection rule file\r\n// Author: horsicq \r\n// 2022.04.16 2.00.X version Thanks: A.S.L. \r\n\r\nmeta(\"protector\", \"ElecKey\");\r\n\r\nfunction detect() {\r\n if (PE.isNet()) {\r\n if (PE.isSignatureInSectionPresent(0, \"83c42068........68........c744240800000000ff15........50ff15........85c0a3\")) {\r\n sOptions = \"AnyCPU\";\r\n bDetected = true;\r\n } else if (PE.isSignatureInSectionPresent(0, \"488b0dd2be01006641b83200488d917b070000ff15a040010033c9ff15b8400100488b\")) {\r\n sOptions = \"x64\";\r\n bDetected = true;\r\n }\r\n }\r\n\r\n if (!bDetected) {\r\n // 2.00.X\r\n if (PE.is64()) {\r\n if (PE.compareEP(\"41504151515257535556E8000000005B48B8................482BD8488BEB\")) {\r\n sVersion = \"2.00.X\";\r\n bDetected = true;\r\n }\r\n } else {\r\n if (PE.compareEP(\"515257535556E8000000005BB8........2BD8\")) {\r\n sVersion = \"2.00.X\";\r\n bDetected = true;\r\n }\r\n }\r\n }\r\n\r\n return result();\r\n}\r\n" }, { "path": "db/PE/protector_Escargot.2.sg", "content": "// Detect It Easy: detection rule file\r\n// Author: horsicq \r\n\r\nmeta(\"protector\", \"Escargot\");\r\n\r\nfunction detect() {\r\n if (PE.compareEP(\"EB08'(esc0.1)'6068\")) {\r\n sVersion = \"0.1\";\r\n bDetected = true;\r\n } else if (PE.compareEP(\"EB04'@0.1'6068\")) {\r\n sVersion = \"0.1 final\";\r\n bDetected = true;\r\n }\r\n\r\n return result();\r\n}\r\n" }, { "path": "db/PE/protector_Excalibur.2.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"protector\", \"Excalibur\");\n\nfunction detect() {\n if (PE.compareEP(\"e9$$$$$$$$60e8$$$$$$$$5861eb$$609c9c6a..73..eb\")) {\n sVersion = \"1.03\";\n sOptions = \"by forgot/uS/DFCG\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/PE/protector_ExeShield.2.sg", "content": "// Detect It Easy: detection rule file\n\n// Author: DosX\n// E-Mail: collab@kay-software.ru\n// GitHub: https://github.com/DosX-dev\n// Telegram: @DosX_dev\n\n// https://www.softpedia.com/get/Security/Encrypting/ExeShield.shtml\nmeta(\"protector\", \"ExeShield\");\n\nfunction detect() {\n if (PE.compareEP(\"E8040000008360EB0C5DEB05\") && PE.compareOverlay(\"85c0\") && PE.isRichSignaturePresent() && !PE.getNumberOfImports()) {\n bDetected = true;\n\n if (!PE.isSectionNamePresent(\".shield\")) {\n sOptions = \"modified\";\n }\n }\n\n return result();\n}" }, { "path": "db/PE/protector_ExeStealth.2.sg", "content": "// Detect It Easy: detection rule file\r\n// Author: horsicq \r\n\r\n// https://unprotect.it/technique/exestealth/\r\nmeta(\"protector\", \"ExeStealth\");\r\n\r\nfunction detect() {\r\n if (PE.compareEP(\"60E8000000005D81ED........B97B0900008BF7AC\")) {\r\n sVersion = \"1.1\";\r\n bDetected = true;\r\n } else if (PE.compareEP(\"6090EB22'ExeStealth'\")) {\r\n sVersion = \"2.5\";\r\n bDetected = true;\r\n } else if (PE.compareEP(\"EB0060EB00E8000000005D81ED\")) {\r\n sVersion = \"2.70-2.71\";\r\n bDetected = true;\r\n } else if (PE.compareEP(\"EB00EB2F'Shareware - ExeStealth'00\")) {\r\n sVersion = \"2.72-2.73\";\r\n sOptions = \"Shareware\";\r\n bDetected = true;\r\n } else if (PE.compareEP(\"EB00EB17'Shareware - ExeStealth'00\")) {\r\n sVersion = \"2.74\";\r\n sOptions = \"Shareware\";\r\n bDetected = true;\r\n } else if (PE.compareEP(\"906090E8000000005D81ED........B915000000\")) {\r\n sVersion = \"2.75\";\r\n bDetected = true;\r\n } else if (PE.compareEP(\"EB58'Shareware-Version ExeStealth'\")) {\r\n sVersion = \"2.75a\";\r\n sOptions = \"Shareware\";\r\n bDetected = true;\r\n } else if (PE.compareEP(\"EB..'ExeStealth V2 Shareware '\")) {\r\n sVersion = \"2.76\";\r\n sOptions = \"Shareware\";\r\n bDetected = true;\r\n } else if (PE.compareEP(\"EB65'ExeStealth V2 - www'\")) {\r\n sVersion = \"2.76\";\r\n bDetected = true;\r\n }\r\n\r\n var tnResource = PE.resource[\"TN\"];\r\n if (!bDetected && tnResource) {\r\n if (PE.compare(\"'MZ'\", tnResource.FileOffset) || PE.isSectionNamePresent(\"ExeS\")) {\r\n bDetected = true;\r\n }\r\n }\r\n\r\n return result();\r\n}\r\n" }, { "path": "db/PE/protector_Exe_Guarder.2.sg", "content": "// Detect It Easy: detection rule file\r\n// Author: horsicq \r\n\r\n// https://www.exeicon.com/exeguarder/\r\nmeta(\"protector\", \"Exe Guarder\");\r\n\r\nfunction detect() {\r\n if (PE.compareEP(\"558BEC83C4D05356578D75FC8B442430250000FFFF81384D5A900074072D00100000EBF18945FCE8C8FFFFFF2DB2040000\")) {\r\n sVersion = \"1.8\";\r\n bDetected = true;\r\n }\r\n\r\n return result();\r\n}\r\n" }, { "path": "db/PE/protector_Exe_Shield.2.sg", "content": "// Detect It Easy: detection rule file\r\n// Author: horsicq \r\n\r\nmeta(\"protector\", \"Exe Shield\");\r\n\r\nfunction detect() {\r\n if (PE.compareEP(\"EB0668....0600C39C60E8020000\")) {\r\n switch (PE.readWord(PE.getEntryPointOffset() + 3)) {\r\n case 0x1f90: sVersion = \"1.7\"; break;\r\n case 0x86f4: sVersion = \"2.7\"; break;\r\n case 0x8540: sVersion = \"2.7b\"; break;\r\n }\r\n bDetected = true;\r\n } else if (PE.compareEP(\"60E8000000005D81ED........B9EB0800008DBD........8BF7AC......F8\")) {\r\n sVersion = \"2.9\";\r\n bDetected = true;\r\n } else if (PE.compareEP(\"558BEC53565760E8000000005D81ED........B9........81E9........8BD581C2\")) {\r\n sVersion = \"1.3RC\";\r\n bDetected = true;\r\n }\r\n\r\n return result();\r\n}\r\n" }, { "path": "db/PE/protector_FISH_.NET.2.sg", "content": "// Detect It Easy: detection rule file\r\n// Author: horsicq \r\n\r\nmeta(\"protector\", \"FISH .NET\");\r\n\r\nfunction detect() {\r\n if (PE.isNet()) {\r\n if (PE.isSignatureInSectionPresent(0, \"0800'FISH_NET'\")) {\r\n sVersion = \"1.X\";\r\n bDetected = true;\r\n } else if (PE.isSignatureInSectionPresent(0, \"'FISH.NET'\")) {\r\n sVersion = \"1.X\";\r\n bDetected = true;\r\n }\r\n }\r\n\r\n return result();\r\n}\r\n" }, { "path": "db/PE/protector_FishPE_Shield.2.sg", "content": "// Detect It Easy: detection rule file\r\n// Author: horsicq \r\n\r\n// https://huaidan.org/archives/983.html\r\nmeta(\"protector\", \"FishPE Shield\");\r\n\r\nfunction detect() {\r\n if (PE.compareEP(\"558BEC83C4D05356578B451083C00C8B008945DC\")) {\r\n sVersion = \"1.12/1.16\";\r\n bDetected = true;\r\n } else if (PE.compareEP(\"60E8EAFDFFFFFFD0C38D4000..0000002C000000\")) {\r\n sVersion = \"1.12/1.16\";\r\n bDetected = true;\r\n } else if (PE.compareEP(\"60E8........C390090000002C000000........C4030000BCA0000000400100\")) {\r\n sVersion = \"1.0X\";\r\n bDetected = true;\r\n } else if (PE.compareEP(\"60e8........61c3\") && PE.compareEP(\"60e8$$$$$$$$558bec81c470ffffff535657\")) {\r\n sVersion = \"2.0.1\";\r\n bDetected = true;\r\n }\r\n\r\n return result();\r\n}\r\n" }, { "path": "db/PE/protector_Fish_PE.2.sg", "content": "// Detect It Easy: detection rule file\r\n// Author: horsicq \r\n\r\nmeta(\"protector\", \"Fish PE\");\r\n\r\nfunction detect() {\r\n if (PE.getNumberOfSections() == 2) {\r\n if (PE.section[0].FileSize == 0) {\r\n if (PE.compareEP(\"60e8070000006168........c35e56\")) {\r\n sVersion = \"1.2\";\r\n bDetected = true;\r\n } else if (PE.compareEP(\"60e821000000eb$$6168........c35e56\")) {\r\n sVersion = \"1.3\";\r\n bDetected = true;\r\n } else if (PE.compareEP(\"60b8........ffd05a\")) {\r\n sVersion = \"1.4\";\r\n bDetected = true;\r\n }\r\n }\r\n }\r\n\r\n return result();\r\n}\r\n" }, { "path": "db/PE/protector_FlashBack_Protector.2.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"protector\", \"FlashBack\");\n\nfunction detect() {\n if (PE.compareEP(\"60609c8cc932c9e3$$9d6190609061eb$$558bec83c4..b8........e8\")) {\n sVersion = \"1.0\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/PE/protector_G!X_Protector.2.sg", "content": "// Detect It Easy: detection rule file\r\n// Author: horsicq \r\n\r\nmeta(\"protector\", \"G!X Protector\");\r\n\r\nfunction detect() {\r\n if (PE.compareEP(\"60EB05E8EB044000EBFAE80A000000\")) {\r\n sVersion = \"1.2\";\r\n bDetected = true;\r\n }\r\n\r\n return result();\r\n}\r\n" }, { "path": "db/PE/protector_GameGuard.2.sg", "content": "// Detect It Easy: detection rule file\r\n// Author: horsicq \r\n\r\n// https://gameguard.nprotect.com/en/index.html\r\nmeta(\"protector\", \"GameGuard\");\r\n\r\nfunction detect() {\r\n if (PE.compareEP(\"31FF740661E9'JMP0'\")) {\r\n sVersion = \"2006.5.X.X\";\r\n bDetected = true;\r\n }\r\n\r\n return result();\r\n}\r\n" }, { "path": "db/PE/protector_Goats_PE_Mutilator.2.sg", "content": "// Detect It Easy: detection rule file\r\n// Author: horsicq \r\n\r\nmeta(\"protector\", \"Goat's PE Mutilator\");\r\n\r\nfunction detect() {\r\n if (PE.compareEP(\"E8EA0B0000......8B1C79F663D88D22B0BFF64908C302BD3B6C294613285D\")) {\r\n sVersion = \"1.6\";\r\n bDetected = true;\r\n }\r\n\r\n return result();\r\n}\r\n" }, { "path": "db/PE/protector_Goliath.2.sg", "content": "// Detect It Easy: detection rule file\r\n// Author: horsicq \r\n\r\nmeta(\"protector\", \"Goliath\");\r\n\r\nfunction detect() {\r\n if (PE.isSectionNamePresent(\".GOLIATH\")) {\r\n if (PE.isNetObjectPresent(\"ObfuscatedByGoliath\")) {\r\n bDetected = true;\r\n } else if (PE.isSignatureInSectionPresent(0, \"'.Goliath.NET.CodeShield.'\")) {\r\n bDetected = true;\r\n }\r\n }\r\n\r\n if (bDetected && PE.isSignatureInSectionPresent(0, \"20006500760061006C007500610074006500\")) {\r\n sOptions = \"demo\";\r\n }\r\n\r\n return result();\r\n}\r\n" }, { "path": "db/PE/protector_HASP.2.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"protector\", \"HASP Protection\");\n\nfunction detect() {\n if (PE.compareEP(\"6a..602eff35........2eff35........68........e8........6683c4..2eff35........2eff35........b8........83c0..50\")) {\n sOptions = \"1997 by Aladdin Knowledge Systems Ltd.\";\n bDetected = true;\n }\n\n if (PE.section[0].FileOffset == 0 && PE.section[0].FileSize == 0) {\n if (PE.getResourceSection() == 1) {\n if (/manager/im.test(PE.getVersionStringInfo(\"ProductName\"))) {\n sVersion = PE.getVersionStringInfo(\"ProductVersion\");\n sOptions = PE.getVersionStringInfo(\"ProductName\");\n bDetected = true;\n }\n }\n }\n\n return result();\n}" }, { "path": "db/PE/protector_HackShield.2.sg", "content": "// Detect It Easy: detection rule file\r\n// Author: horsicq \r\n\r\nmeta(\"protector\", \"HackShield\");\r\n\r\nfunction detect() {\r\n var impSection = PE.section[PE.getImportSection()];\r\n if (impSection) {\r\n var nOffset = impSection.FileOffset,\r\n nSize = impSection.FileSize;\r\n\r\n nSize = Math.min(nSize, 0x2048);\r\n if (PE.findString(nOffset, nSize, \"TerminateHackShield\") != -1) {\r\n bDetected = true;\r\n }\r\n }\r\n\r\n return result();\r\n}\r\n" }, { "path": "db/PE/protector_Hide&Protect.2.sg", "content": "// Detect It Easy: detection rule file\r\n// Author: horsicq \r\n\r\n// https://download.cnet.com/hide-protect/3000-2092_4-10380452.html\r\nmeta(\"protector\", \"Hide&Protect\");\r\n\r\nfunction detect() {\r\n if (PE.compareEP(\"909090E9D8..050095..5300954A5000\") ||\r\n PE.compareEP(\"909090E9........0000000000000000\")) {\r\n sVersion = \"1.016\";\r\n bDetected = true;\r\n }\r\n\r\n return result();\r\n}\r\n" }, { "path": "db/PE/protector_HidePE.2.sg", "content": "// Detect It Easy: detection rule file\r\n// Author: horsicq \r\n\r\nmeta(\"protector\", \"HidePE by BGCorp\");\r\n\r\nfunction detect() {\r\n if (PE.compareEP(\"6006FC1E07BE909090906A04689010909068\")) {\r\n sVersion = \"0.1\";\r\n sOptions = \"32Lite 0.03\";\r\n } else if (PE.compareEP(\"6090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090EB02000090909004909090909090909090909090909090909090909090\")) {\r\n sVersion = \"0.1\";\r\n sOptions = \"ACProtect 1.09\";\r\n } else if (PE.compareEP(\"60E82A0000005D5051EB0FB9EB0FB8EB07B9EB0F90EB08FDEB0BF2EBF5EBF6F2EB08FDEBE9F3EBE4FCE959585051EB85\")) {\r\n sVersion = \"0.1\";\r\n sOptions = \"Armadillo 3.00\";\r\n } else if (PE.compareEP(\"9090909068........6764FF360000676489260000F190909090A8030000617508B801000000C20C006800000000C38B85260400008D8D3B0400005150FF95\")) {\r\n sVersion = \"0.1\";\r\n sOptions = \"ASPack 2.XX\";\r\n } else if (PE.compareEP(\"609090909090905D909090909090909090909003DD\")) {\r\n sVersion = \"0.1\";\r\n sOptions = \"ASProtect\";\r\n } else if (PE.compareEP(\"68########6f4067485e68........67494e68........50466f\")) {\r\n sVersion = \"1.2\";\r\n sOptions = \"ASProtect\";\r\n } else if (PE.compareEP(\"558BEC83C49090909068........9090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090\")) {\r\n sVersion = \"0.1\";\r\n sOptions = \"Borland Delphi 3.0\";\r\n } else if (PE.compareEP(\"558BEC9090909068........9090909090909090909090909090909090909090909090909090909000FF90909090909090900001909090909090909090EB0400000001909090909090900001909090909090909090\")) {\r\n sVersion = \"0.1\";\r\n sOptions = \"Borland Delphi 5.0 KOL/MCK\";\r\n } else if (PE.compareEP(\"9090909068........6764FF360000676489260000F190909090538BD833C0A3090909006A00E8090900FFA309090900A109090900A30909090033C0A30909090033C0A309090900E8\")) {\r\n sVersion = \"0.1\";\r\n sOptions = \"Borland Delphi 6.0-7.0\";\r\n } else if (PE.compareEP(\"5360BD909090908D45908D5D90E8000000008D01\")) {\r\n sVersion = \"0.1\";\r\n sOptions = \"CD-Cops II\";\r\n } else if (PE.compareEP(\"90909090909090909090909090909090909090909090EB0B83EC10535657E8C4010085\")) {\r\n sVersion = \"0.1\";\r\n sOptions = \"CodeSafe 2.0\";\r\n } else if (PE.compareEP(\"55E80E0000005D83ED068BC5556089AD........2B8500000000\")) {\r\n sVersion = \"0.1\";\r\n sOptions = \"Crunch\";\r\n } else if (PE.compareEP(\"BE000140006A0559807E070074118B46909090909090909090909090909090909083C101\")) {\r\n sVersion = \"0.1\";\r\n sOptions = \"DEF 1.0\";\r\n } else if (PE.compareEP(\"60E8000000005D8BFD81ED909090902BB90000000081EF9090909083BD90909090900F8400000000\")) {\r\n sVersion = \"0.1\";\r\n sOptions = \"DxPack 1.0\";\r\n } else if (PE.compareEP(\"9CFE039060BE909041908DBE9010FFFF5783CDFFEB1090909090909090909090909090909090FE0B\")) {\r\n sVersion = \"0.1\";\r\n sOptions = \"ExeSmasher\";\r\n } else if (PE.compareEP(\"9090909068........6764FF360000676489260000F190909090BBD0014000BF00104000BE9090909053E80A00000002D275058A164612D2C3FCB280A46A025B\")) {\r\n sVersion = \"0.1\";\r\n sOptions = \"FSG 1.0\";\r\n } else if (PE.compareEP(\"BE90909000BF90909000BB9090900053BB90909000B280\")) {\r\n sVersion = \"0.1\";\r\n sOptions = \"FSG 1.31\";\r\n } else if (PE.compareEP(\"90909090909090909090909090909090909090909090EB0B83EC0C535657E8240200FF\")) {\r\n sVersion = \"0.1\";\r\n sOptions = \"Gleam 1.00\";\r\n } else if (PE.compareEP(\"60E8220000005D8BD581ED909090902B959090909081EA0690909089959090909083BD4500010001\")) {\r\n sVersion = \"0.1\";\r\n sOptions = \"JDPack 1.X/JDProtect 0.9\";\r\n } else if (PE.compareEP(\"64A1010000005589E56AFF68........689A10409050\")) {\r\n sVersion = \"0.1\";\r\n sOptions = \"LCC Win32 1.X\";\r\n } else if (PE.compareEP(\"5589E5535657837D0C017505E817909090FF7510FF750CFF7508A1\")) {\r\n sVersion = \"0.1\";\r\n sOptions = \"LCC Win32 DLL\";\r\n } else if (PE.compareEP(\"2CE8EB1A90905D8BC581EDF67390902B859090909083E8068985FF01ECAD\")) {\r\n sVersion = \"0.1\";\r\n sOptions = \"Lockless Intro Pack\";\r\n } else if (PE.compareEP(\"54E8000000005D8BC581EDF67340002B858775400083E806\")) {\r\n sVersion = \"0.1\";\r\n sOptions = \"LTC 1.3\";\r\n } else if (PE.compareEP(\"9090909068........6764FF360000676489260000F19090909083EC4456FF15248149008BF08A063C22751C8A4601463C22740C84C074088A4601463C2275F4803E22750F46EB0C\")) {\r\n sVersion = \"0.1\";\r\n sOptions = \"Macromedia Flash Projector 6.0\";\r\n } else if (PE.compareEP(\"E909000000000000020000000C90\")) {\r\n sVersion = \"0.1\";\r\n sOptions = \"MEW 11 SE 1.0\";\r\n } else if (PE.compareEP(\"68........E80A00000000000000000030000000\")) {\r\n sVersion = \"0.1\";\r\n sOptions = \"Microsoft Visual Basic 5.0-6.0\";\r\n } else if (PE.compareEP(\"9090909068........6764FF360000676489260000F1909090905A6890909090689090909052E99090FF\")) {\r\n sVersion = \"0.1\";\r\n sOptions = \"Microsoft Visual Basic 6.0 DLL\";\r\n } else if (PE.compareEP(\"558BEC6AFF68........68........64A10000000050E9\")) {\r\n sVersion = \"0.1\";\r\n sOptions = \"Microsoft Visual C++ 5.0+/MFC\";\r\n } else if (PE.compareEP(\"558BEC5190909001019090909068........90909090909090909090909000019090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909000019090909090\")) {\r\n sVersion = \"0.1\";\r\n sOptions = \"Microsoft Visual C++ 6.0/Debug Version\";\r\n } else if (PE.compareEP(\"9090909068........6764FF360000676489260000F190909090558BEC83EC50535657BE909090908D7DF4A5A566A58B\")) {\r\n sVersion = \"0.1\";\r\n sOptions = \"Microsoft Visual C++ 6.20\";\r\n } else if (PE.compareEP(\"558D6C010081EC000000008B459083F801560F840000000085C00F84\")) {\r\n sVersion = \"0.1\";\r\n sOptions = \"Microsoft Visual C++ 7.0 DLL\";\r\n } else if (PE.compareEP(\"5589E5E802000000C9C39090455845\")) {\r\n sVersion = \"0.1\";\r\n sOptions = \"MinGW GCC 2.X\";\r\n } else if (PE.compareEP(\"E9A60000009090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090\")) {\r\n sVersion = \"0.1\";\r\n sOptions = \"Neolite 2.0\";\r\n } else if (PE.compareEP(\"9C60E8000000005DB8B38540002DAC8540002BE88DB500000000\")) {\r\n sVersion = \"0.1\";\r\n sOptions = \"NorthStar PE Shrinker 1.3\";\r\n } else if (PE.compareEP(\"60E801010000E883C404E801909090E95D81EDD3224090E804029090E8EB08EB02CD20FF24249A66BE4746909090909090909090909090909090909090909090909090909090909090909090909090909090909090\")) {\r\n sVersion = \"0.1\";\r\n sOptions = \"Pack Master 1.0/PEX Clone\";\r\n } else if (PE.compareEP(\"8B04249C60E8140000005D81ED0A45409080BD67444090900F8548FFED0A\")) {\r\n sVersion = \"0.1\";\r\n sOptions = \"PE Intro 1.0\";\r\n } else if (PE.compareEP(\"60E8110000005D83ED0680BDE0049090010F84F2FFCC0A\")) {\r\n sVersion = \"0.1\";\r\n sOptions = \"PE Pack 0.99\";\r\n } else if (PE.compareEP(\"525155576467A1300085C0780DE8070000005883C007C690C3\")) {\r\n sVersion = \"0.1\";\r\n sOptions = \"PE Protect 0.9\";\r\n } else if (PE.compareEP(\"9090909068........6764FF360000676489260000F190909090EB066890909090C39C60E80290909033C08BC483C004938BE38B5BFC81\")) {\r\n sVersion = \"0.1\";\r\n sOptions = \"PECompact 1.4+\";\r\n } else if (PE.compareEP(\"60E910000000EF4003A7078F071C375D43A704B92C3A\")) {\r\n sVersion = \"0.1\";\r\n sOptions = \"PENightMare 2 Beta\";\r\n }\r\n /* else if (PE.compareEP(\"909090909090909090909090909090909090909090909090909090909090909090909090\")) { // TODO Check\r\n sVersion = \"0.1\";\r\n sOptions = \"PENinja 1.31\";\r\n } */\r\n else if (PE.compareEP(\"60E82B0000009090909090909090909090909090909090909090909090909090909090909090909090909090909090CCCC\")) {\r\n sVersion = \"0.1\";\r\n sOptions = \"PESHiELD 0.25\";\r\n } else if (PE.compareEP(\"9090909068........6764FF360000676489260000F190909090B8009090006A00689090900064FF350000000064892500000000669C60508BD8030068\")) {\r\n sVersion = \"0.1\";\r\n sOptions = \"PEtite 2.X/level 0\";\r\n } else if (PE.compareEP(\"60E8010000005583C404E801000000905D81FFFFFF0001\")) {\r\n sVersion = \"0.1\";\r\n sOptions = \"PEX 0.99\";\r\n } else if (PE.compareEP(\"5589E5909090909090909090905090909090900001\")) {\r\n sVersion = \"0.1\";\r\n sOptions = \"REALBasic\";\r\n } else if (PE.compareEP(\"0BC00BC00BC00BC00BC00BC00BC00BC0BA........FFE2BAE0104000B868241A40890283C203B84000E8EE890283C2FDFFE22D3D5B20486964655045205D3D2D90000000\")) {\r\n sVersion = \"0.1\";\r\n sOptions = \"Ste@lth PE 1.01\";\r\n } else if (PE.compareEP(\"60E8000000005883E83D508DB8000000FF578DB0E8000000\")) {\r\n sVersion = \"0.1\";\r\n sOptions = \"UPX 0.6\";\r\n } else if (PE.compareEP(\"0BC00BC00BC00BC00BC00BC00BC00BC0\")) {\r\n sVersion = \"0.1\";\r\n sOptions = \"VBOX 4.3 MTE\";\r\n } else if (PE.compareEP(\"5589E583EC08909090909090909090909090909001FFFF0101010001909090909090909090909090909000010001000190900001\")) {\r\n sVersion = \"0.1\";\r\n sOptions = \"Video-Lan-Client\";\r\n } else if (PE.compareEP(\"363E268AC060E800000000\")) {\r\n sVersion = \"0.1\";\r\n sOptions = \"VOB ProtectCD 5\";\r\n } else if (PE.compareEP(\"E900000000909090905741\")) {\r\n sVersion = \"0.1\";\r\n sOptions = \"WATCOM C/C++ EXE\";\r\n } else if (PE.compareEP(\"608BF033DB83C30183C001\")) {\r\n sVersion = \"0.1\";\r\n sOptions = \"XCR 0.11\";\r\n } else if (PE.compareEP(\"E803000000EB019090\")) {\r\n sVersion = \"0.1\";\r\n sOptions = \"Yoda's Protector 1.02\";\r\n } else if (PE.compareEP(\"90909090909090909090909090909090EB06009090909090909090EB08E8900000006690909090909090909090909090909090909090909090909090909090905166909090599090909090909090909090909090909090909090EB0200009090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090909090EB02E2909090EB088290909090909090909090909090909090909090909090909090909090EB020001\")) {\r\n sVersion = \"0.1\";\r\n sOptions = \"Morphine 1.2\";\r\n } else if (PE.compareEP(\"EB01EA9CEB01EA53EB01EA51EB01EA52EB01EA5690\")) {\r\n sVersion = \"0.2\";\r\n sOptions = \"BJFNT 1.1b\";\r\n } else if (PE.compareEP(\"EB0269B183EC04EB03CD20EBEB01EB9CEB01EBEB00\")) {\r\n sVersion = \"0.2\";\r\n sOptions = \"BJFNT 1.2\";\r\n } else if (PE.compareEP(\"EB1066623A432B2B484F4F4B90E990909090\")) {\r\n sVersion = \"0.2\";\r\n sOptions = \"Borland C++\";\r\n } else if (PE.compareEP(\"558BEC83C4B4B890909090E800000000E8000000008D4000\")) {\r\n sVersion = \"0.2\";\r\n sOptions = \"Borland Delphi DLL\";\r\n } else if (PE.compareEP(\"558BEC83C49053565733C08945F08945D48945D0E800000000\")) {\r\n sVersion = \"0.2\";\r\n sOptions = \"Borland Delphi Setup Module\";\r\n } else if (PE.compareEP(\"E912000000000000000000000000000000E9FBFFFFFFC3680000000064FF3500000000\")) {\r\n sVersion = \"0.2\";\r\n sOptions = \"ZCode 1.01\";\r\n } else if (PE.compareEP(\"..BA........B8........890283C204B8........890283C204B8........890283C2F8FFE2'\\r\\n-=[ HidePE by BHCorp ]=-'\")) {\r\n sVersion = \"1.01\";\r\n }\r\n\r\n bDetected = bDetected || Boolean(sVersion) || Boolean(sOptions);\r\n\r\n return result();\r\n}\r\n" }, { "path": "db/PE/protector_HyperTech_Crackproof.2.sg", "content": "// Detect It Easy: detection rule file\r\n// Author: horsicq \r\n\r\nmeta(\"protector\", \"HyperTech Crackproof\");\r\n\r\nfunction detect() {\r\n if (PE.getNumberOfImports() > 0 && PE.getImportLibraryName(0) === \"KeRnEl32.dLl\") {\r\n bDetected = true;\r\n }\r\n\r\n return result();\r\n}\r\n" }, { "path": "db/PE/protector_ILProtector.2.sg", "content": "// Detect It Easy: detection rule file\n\n// Author: DosX\n// E-Mail: collab@kay-software.ru\n// GitHub: https://github.com/DosX-dev\n// Telegram: @DosX_dev\n\n// http://www.vgrsoft.net/Products/ILProtector\nmeta(\"protector\", \"ILProtector\");\n\nfunction detect() {\n bDetected = PE.isNet() && PE.isNetGlobalCctorPresent() && PE.isNetObjectPresent(\"Protect32.dll\") && PE.isNetObjectPresent(\"Protect64.dll\");\n\n return result();\n}" }, { "path": "db/PE/protector_ILUCRYPT.2.sg", "content": "// Detect It Easy: detection rule file\r\n// Author: horsicq \r\n\r\nmeta(\"protector\", \"ILUCRYPT\");\r\n\r\nfunction detect() {\r\n if (PE.compareEP(\"8BECFAC746F7....4281FA....75F9FF66F7\")) {\r\n sVersion = \"4.015\";\r\n bDetected = true;\r\n } else if (PE.compareEP(\"8BECFAC7........4C4CC3FBBF....B8....2E....D1C84F81\")) {\r\n sVersion = \"4.018\";\r\n bDetected = true;\r\n }\r\n\r\n return result();\r\n}\r\n" }, { "path": "db/PE/protector_IProtect.2.sg", "content": "// Detect It Easy: detection rule file\r\n// Author: horsicq \r\n\r\nmeta(\"protector\", \"IProtect\");\r\n\r\nfunction detect() {\r\n if (PE.compareEP(\"EB33'.FUXLoadLibraryA'00\")) {\r\n sVersion = \"1.0\";\r\n if (PE.compareEP(\"'FxLib.dll'00\", 19)) {\r\n sOptions = \"FxLib.dll mode\";\r\n } else if (PE.compareEP(\"'FxSub.dll'00\", 19)) {\r\n sOptions = \"FxSub.dll mode\";\r\n }\r\n bDetected = true;\r\n }\r\n\r\n return result();\r\n}\r\n" }, { "path": "db/PE/protector_Inquartos_Obfuscator.2.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"protector\", \"Inquartos Obfuscator\");\n\nfunction detect() {\n if (PE.compareEP(\"e8$$$$$$$$bb........e8$$$$$$$$e8$$$$$$$$33c064ff306489204bccc3\") && PE.isSectionNamePresent(\".inq\")) {\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/PE/protector_IntelliProtector.2.sg", "content": "// Detect It Easy: detection rule file\r\n// Author: horsicq \r\n\r\nmeta(\"protector\", \"IntelliProtector\");\r\n\r\nfunction detect() {\r\n var nLastSectionOffset = PE.section[PE.nLastSection].FileOffset;\r\n if (PE.compare(\"E9........CC\", nLastSectionOffset)) {\r\n var nVersionOffset = PE.findString(nLastSectionOffset, PE.section[PE.nLastSection].FileSize, \"Protected by IntelliProtector\");\r\n if (nVersionOffset != -1) {\r\n sVersion = PE.getString(nVersionOffset + 30);\r\n bDetected = true;\r\n }\r\n }\r\n\r\n return result();\r\n}\r\n" }, { "path": "db/PE/protector_InxObfuscator.2.sg", "content": "// Detect It Easy: detection rule file\n\n// Author: DosX\n// E-Mail: collab@kay-software.ru\n// GitHub: https://github.com/DosX-dev\n// Telegram: @DosX_dev\n\nmeta(\"protector\", \"Inx Obfuscator\");\n\nfunction detect() {\n if (PE.isNet() && PE.findSignature(0x00, PE.getSize() - PE.getOverlaySize(), \"0013'Inx .NET Obfuscator'0000\") != -1) {\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/PE/protector_Jar2exe.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\n// https://www.jar2exe.com/\nmeta(\"protector\", \"Jar2Exe\");\n\nfunction detect() {\n if (PE.compareOverlay(\"efbbbf\")) {\n if (PE.findSignature(PE.getOverlayOffset(), Math.min(255, PE.getOverlaySize()), \"504B0304\") != -1) {\n if (PE.compareEP(\"558BEC6a..68........68........64a1........50648925........83ec..5356578965..ff15........33d28ad48915........8bc881e1........890d\")) {\n sOptions = \"x86\";\n bDetected = true;\n } else if (PE.compareEP(\"4883ec..48895c24..48897c24..ff15........488bc833d241b8........ff15........488bd84885c075..b8........e9\")) {\n sOptions = \"x64\";\n bDetected = true;\n } else if (PE.compareEP(\"eb$$a1........c1e0..a3........526a..e8........8bd0e8........5ae8........e8........6a..e8........5968........6a\")) {\n bDetected = true;\n }\n }\n } else if (PE.compareEP(\"eb$$a1........c1e0..a3........526a..e8........8bd0e8........5ae8........e8........6a..e8........5968........6a\")) {\n if (PE.compareOverlay(\"504b0304\")) {\n bDetected = true;\n }\n }\n\n sLang = \"Java\";\n\n return result();\n}" }, { "path": "db/PE/protector_KoiVM.2.sg", "content": "// Detect It Easy: detection rule file\n// Author: r0da https://github.com/whereisr0da\n// Edited: DosX\n\nmeta(\"protector\", \"KoiVM\");\n\nfunction detect() {\n\n if (PE.isNet() && _getNumberOfResults(\"protector\") <= 1) {\n if (PE.isSignatureInSectionPresent(0, \"'KoiVM'\") ||\n PE.isSignatureInSectionPresent(0, \"'VMEntryRun'\")) {\n bDetected = true;\n }\n\n sVersion = \"2.0+\";\n }\n\n return result();\n}" }, { "path": "db/PE/protector_Konekt_Protector.2.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"protector\", \"Konekt Protector\");\n\nfunction detect() {\n if (PE.compareEP(\"fc5550e8$$$$$$$$5d50e8$$$$$$$$eb$$58eb$$40eb$$ffe0\")) {\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/PE/protector_Krypton.2.sg", "content": "// Detect It Easy: detection rule file\r\n// Author: horsicq \r\n\r\nmeta(\"protector\", \"Krypton\");\r\n\r\nfunction detect() {\r\n if (PE.compareEP(\"8B0C24E90A7C01..AD4240BDBE9D7A04\")) {\r\n sVersion = \"0.2\";\r\n bDetected = true;\r\n } else if (PE.compareEP(\"8B0C24E9C08D01..C13A6ECA5D7E796DB3645A71EA\")) {\r\n sVersion = \"0.3\";\r\n bDetected = true;\r\n } else if (PE.compareEP(\"54E8........5D8BC581ED........2B85\")) {\r\n switch (PE.getEntryPointSignature(21, 3)) {\r\n case \"83E806\": sVersion = \"0.4\"; break;\r\n case \"EB43DF\": sVersion = \"0.5\"; break;\r\n }\r\n bDetected = true;\r\n }\r\n\r\n return result();\r\n}\r\n" }, { "path": "db/PE/protector_LARP.2.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"protector\", \"LARP\");\n\nfunction detect() {\n if (PE.compareEP(\"e8$$$$$$$$e8$$$$$$$$e8$$$$$$$$e8$$$$$$$$5d81ed........830424..83c4..ff6424\")) {\n sVersion = \"2.0\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/PE/protector_LDK.2.sg", "content": "// Detect It Easy: detection rule file\n// Author: sendersu\n// If errors pls contact sendersu on cracklab.team\n\nmeta(\"protector\", \"SafeNet Sentinel LDK\");\n\nfunction detect() {\n if (PE.getNumberOfSections() == 4 &&\n PE.isSectionNamePresent(\".AKS1\") &&\n PE.isSectionNamePresent(\".AKS2\") &&\n PE.isSectionNamePresent(\".AKS3\") &&\n PE.isSectionNamePresent(\".rsrc\")) {\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/PE/protector_LDK_.NET.2.sg", "content": "// Detect It Easy: detection rule file\r\n// Author: horsicq \r\n\r\nmeta(\"protector\", \"SafeNet Sentinel LDK .NET\");\r\n\r\nfunction detect() {\r\n if (PE.isNet()) {\r\n if (PE.isNetObjectPresent(\".protect\") && PE.isNetObjectPresent(\"haspdnert.dll\")) {\r\n bDetected = true;\r\n }\r\n }\r\n\r\n return result();\r\n}\r\n" }, { "path": "db/PE/protector_LameCrypt.2.sg", "content": "// Detect It Easy: detection rule file\r\n// Author: horsicq \r\n\r\n// https://www.sac.sk/download/security/lamecryp.zip\r\nmeta(\"protector\", \"LameCrypt\");\r\n\r\nfunction detect() {\r\n if (PE.compareEP(\"60669CBB........80B3........904B83FBFF75F3669D61\")) {\r\n sVersion = \"1.0\";\r\n bDetected = true;\r\n }\r\n\r\n return result();\r\n}\r\n" }, { "path": "db/PE/protector_Laserlok.2.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"protector\", \"Laserlok\");\n\nfunction detect() {\n if (PE.compareEP(\"eb$$eb$$5055e8$$$$$$$$5d508bc581ed........2d........3e2b85........3E8985........608d85........508d9d........2bd853\")) {\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/PE/protector_MSLRH.2.sg", "content": "// Detect It Easy: detection rule file\r\n// Author: horsicq \r\n\r\nmeta(\"protector\", \"MSLRH\");\r\n\r\nfunction detect() {\r\n if (PE.compareEP(\"EB033A4D3A1EEB02CD209CEB02CD20EB02CD2060EB02C705EB02CD20E803000000E9EB04584050C3619D1FEB05E8EB044000EBFAE80A000000E8EB0C0000E8F6FFFFFFE8F2FFFFFF83C40874047502EB02EB018150\")) {\r\n sVersion = \"0.32a\";\r\n sOptions = \"fake .BJFNT 1.3\";\r\n } else if (PE.compareEP(\"60E802000000EB095D5581ED39394400C361EB05E8EB044000EBFAE80A000000E8EB0C0000E8F6FFFFFFE8F2FFFFFF83C40874047502EB02EB018150E802000000295A586BC003E802000000295A83C40458740475\")) {\r\n sVersion = \"0.32a\";\r\n sOptions = \"fake ASPack 2.11d\";\r\n } else if (PE.compareEP(\"60E803000000E9EB045D4555C3E801000000EB5DBBEDFFFFFF03DD81EB00A002EB05E8EB044000EBFAE80A000000E8EB0C0000E8F6FFFFFFE8F2FFFFFF83C40874047502EB02EB018150E802000000295A586BC003\")) {\r\n sVersion = \"0.32a\";\r\n sOptions = \"fake ASPack 2.12\";\r\n } else if (PE.compareEP(\"60E803000000E9EB045D4555C3E801000000EB5DBBEDFFFFFF03DD81EB0073000061EB05E8EB044000EBFAE80A000000E8EB0C0000E8F6FFFFFFE8F2FFFFFF83C40874047502EB02EB018150E802000000295A586B\")) {\r\n sVersion = \"0.32a\";\r\n sOptions = \"fake ASPack 2.12\";\r\n } else if (PE.compareEP(\"3BC074028183553BC074028183533BC97401BC563BD27402818557E8000000003BDB74019083C414EB05E8EB044000EBFAE80A000000E8EB0C0000E8F6FFFFFFE8F2FFFFFF83C40874047502EB02EB018150E80200\")) {\r\n sVersion = \"0.32a\";\r\n sOptions = \"fake EXE32Pack 1.3X\";\r\n } else if (PE.compareEP(\"558BEC6AFF68........68........64A1000000005064892500000000648F050000000083C40C5DEB05E8EB044000EBFAE80A000000E8EB0C0000E8F6FFFFFFE8F2FFFFFF83C40874047502EB02EB018150E80200\")) {\r\n sVersion = \"0.32a\";\r\n sOptions = \"fake Microsoft Visual C++\";\r\n } else if (PE.compareEP(\"558BEC538B5D08568B750C578B7D1085F65F5E5B5DEB05E8EB044000EBFAE80A000000E8EB0C0000E8F6FFFFFFE8F2FFFFFF83C40874047502EB02EB018150E802000000295A586BC003E802000000295A83C40458\")) {\r\n sVersion = \"0.32a\";\r\n sOptions = \"fake MSVC++ 6.0 DLL\";\r\n } else if (PE.compareEP(\"558BEC538B5D08568B750C5E5B5DEB05E8EB044000EBFAE80A000000E8EB0C0000E8F6FFFFFFE8F2FFFFFF83C40874047502EB02EB018150E802000000295A586BC003E802000000295A83C4045874047502EB02EB\")) {\r\n sVersion = \"0.32a\";\r\n sOptions = \"fake MSVC++ 7.0 DLL Method 3\";\r\n } else if (PE.compareEP(\"558BEC5657BF010000008B750C85F65F5E5DEB05E8EB044000EBFAE80A000000E8EB0C0000E8F6FFFFFFE8F2FFFFFF83C40874047502EB02EB018150E802000000295A586BC003E802000000295A83C40458740475\")) {\r\n sVersion = \"0.32a\";\r\n sOptions = \"fake MSVC++ DLL Method 4\";\r\n } else if (PE.compareEP(\"E9A6000000B07B4000786040007C60400000000000B03F000012624000'NeoLite Executable File Compressor\\r\\nCopyright (c) 1998'2C31\")) {\r\n sVersion = \"0.32a\";\r\n sOptions = \"fake Neolite 2.0\";\r\n } else if (PE.compareEP(\"9C60E8000000005DB8B38540002DAC8540002BE88DB5D3FEFFFF8B0683F80074118DB5DFFEFFFF8B0683F8010F84F1010000619DEB05E8EB044000EBFAE80A000000E8EB0C0000E8F6FFFFFFE8F2FFFFFF83C40874\")) {\r\n sVersion = \"0.32a\";\r\n sOptions = \"fake nSPack 1.3\";\r\n } else if (PE.compareEP(\"FC5550E8000000005DEB01E360E803000000D2EB0B58EB014840EB0135FFE0E761585DEB05E8EB044000EBFAE80A000000E8EB0C0000E8F6FFFFFFE8F2FFFFFF83C40874047502EB02EB018150E802000000295A58\")) {\r\n sVersion = \"0.32a\";\r\n sOptions = \"fake PC-Guard 4.XX\";\r\n } else if (PE.compareEP(\"E8000000005B83EB05EB04'RND!'85C07302F70550E808000000EAFF58EB18EB010FEB02CD20EB03EACD205858EB05E8EB044000EBFAE80A000000E8EB0C0000E8F6FFFFFFE8F2FFFFFF83C40874047502EB02EB\")) {\r\n sVersion = \"0.32a\";\r\n sOptions = \"fake PE Crypt 1.02\";\r\n } else if (PE.compareEP(\"EB03CD20C71EEB03CD20EA9CEB02EB01EB01EB60EB03CD20EBEB01EBE803000000E9EB04584050C3EB03CD20EBEB03CD2003619D83C404EB05E8EB044000EBFAE80A000000E8EB0C0000E8F6FFFFFFE8F2FFFFFF83\")) {\r\n sVersion = \"0.32a\";\r\n sOptions = \"fake PE Lock NT 2.04\";\r\n } else if (PE.compareEP(\"9C60E80200000033C08BC483C004938BE38B5BFC81EB0730400087DD619DEB05E8EB044000EBFAE80A000000E8EB0C0000E8F6FFFFFFE8F2FFFFFF83C40874047502EB02EB018150E802000000295A586BC003E802\")) {\r\n sVersion = \"0.32a\";\r\n sOptions = \"fake PEBundle 0.2-3.X\";\r\n } else if (PE.compareEP(\"9C60E80200000033C08BC483C004938BE38B5BFC81EB0730400087DD83BD9C38400001619DEB05E8EB044000EBFAE80A000000E8EB0C0000E8F6FFFFFFE8F2FFFFFF83C40874047502EB02EB018150E80200000029\")) {\r\n sVersion = \"0.32a\";\r\n sOptions = \"fake PEBundle 2.0X-2.4X\";\r\n } else if (PE.compareEP(\"EB06682EA80000C39C60E80200000033C08BC483C004938BE38B5BFC81EB3F904000619DEB05E8EB044000EBFAE80A000000E8EB0C0000E8F6FFFFFFE8F2FFFFFF83C40874047502EB02EB018150E802000000295A\")) {\r\n sVersion = \"0.32a\";\r\n sOptions = \"fake PECompact 1.4X\";\r\n } else if (PE.compareEP(\"60E82B000000'\\r\\n\\r\\n\\r\\nRegistAred to: NON-COMMERCIAL!!\\r\\n\\r\\n\\r'005861EB05E8EB044000EBFAE80A000000E8EB0C0000E8F6FFFFFFE8F2FFFFFF83C4087404\")) {\r\n sVersion = \"0.32a\";\r\n sOptions = \"fake PESHiELD 0.25\";\r\n } else if (PE.compareEP(\"B8........6A0068........64FF350000000064892500000000669C605083C40461669D648F050000000083C408EB05E8EB044000EBFAE80A000000E8EB0C0000E8F6FFFFFFE8F2FFFFFF83C40874047502EB02EB\")) {\r\n sVersion = \"0.32a\";\r\n sOptions = \"fake PEtite 2.1\";\r\n } else if (PE.compareEP(\"60E801000000E883C404E801000000E95D81EDFF22400061EB05E8EB044000EBFAE80A000000E8EB0C0000E8F6FFFFFFE8F2FFFFFF83C40874047502EB02EB018150E802000000295A586BC003E802000000295A83\")) {\r\n sVersion = \"0.32a\";\r\n sOptions = \"fake PEX 0.99\";\r\n } else if (PE.compareEP(\"60E8000000005D81ED0600000064A02300000083C50661EB05E8EB044000EBFAE80A000000E8EB0C0000E8F6FFFFFFE8F2FFFFFF83C40874047502EB02EB018150E802000000295A586BC003E802000000295A83C4\")) {\r\n sVersion = \"0.32a\";\r\n sOptions = \"fake SVKP 1.11\";\r\n } else if (PE.compareEP(\"60BE00908B008DBE0080B4FF5783CDFFEB3A9090909090908A064688074701DB75078B1E83EEFC11DB72EDB80100000001DB75078B1E83EEFC11DB11C001DB730B75198B1E83EEFC11DB7210586190EB05E8EB0440\")) {\r\n sVersion = \"0.32a\";\r\n sOptions = \"fake UPX 0.89.6-1.02/1.05-1.24\";\r\n } else if (PE.compareEP(\"53558be833dbeb$$e800000000582d........506033c9505850508be851fd2e2b84..........8bf02e03b4..........8bf8\")) {\r\n sVersion = \"0.32a\";\r\n sOptions = \"fake WWPack32 1.X\";\r\n } else if (PE.compareEP(\"60E8000000005D81EDF31D4000B97B0900008DBD3B1E40008BF7AC902C8AC0C078900462EB010061EB05E8EB044000EBFAE80A000000E8EB0C0000E8F6FFFFFFE8F2FFFFFF83C40874047502EB02EB018150E80200\")) {\r\n sVersion = \"0.32a\";\r\n sOptions = \"fake Yoda's Cryptor 1.2\";\r\n } else if (PE.compareEP(\"60EB05E8EB044000EBFAE80A000000E8EB0C0000E8F6FFFFFFE8F2FFFFFF83C40874047502EB02EB0181E80A000000E8EB0C0000E8F6FFFFFFE8F2FFFFFF83C40874047502EB02EB0181E80A000000E8EB0C0000E8\")) {\r\n sVersion = \"0.1-0.2\";\r\n } else if (PE.compareEP(\"60D1CB0FCAC1CAE0D1CA0FC8EB01F1\")) {\r\n sVersion = \"0.31\";\r\n } else if (PE.compareEP(\"EB05E8EB044000EBFAE80A000000E8EB0C0000E8F6FFFFFFE8F2FFFFFF83C40874047502EB02EB0181E80A000000E8EB0C0000E8F6FFFFFFE8F2FFFFFF83C40874047502EB02EB018150E802000000295A586BC003\")) {\r\n sVersion = \"0.32a\";\r\n } else if (PE.compareEP(\"558bec5657bf........8b75..85f65f5e5deb$$eb$$eb$$e8$$$$$$$$e8$$$$$$$$eb$$83c4\")) {\r\n sVersion = \"0.31a\";\r\n }\r\n\r\n bDetected = bDetected || Boolean(sVersion);\r\n\r\n return result();\r\n}\r\n" }, { "path": "db/PE/protector_MZ0oPE.2.sg", "content": "// Detect It Easy: detection rule file\r\n// Author: horsicq \r\n\r\nmeta(\"protector\", \"MZ0oPE\");\r\n\r\nfunction detect() {\r\n if (PE.compareEP(\"EBCA890383C30487FE32C0AE75FD87FE803EFF75E2465B83C304538B1B803FFF75C98BE56168\")) {\r\n sVersion = \"1.0.6b\";\r\n bDetected = true;\r\n }\r\n\r\n return result();\r\n}\r\n" }, { "path": "db/PE/protector_MaskPE.2.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"protector\", \"MaskPE\");\n\nfunction detect() {\n if (PE.isSectionNamePresent(\".MaskPE\") && PE.compareEP(\"60\")) {\n if (PE.isSignaturePresent(PE.getEntryPointOffset(), 0x100, \"6160e8........8bc33e8b..40e8\")) {\n sVersion = \"2.0\";\n bDetected = true;\n }\n }\n\n return result();\n}" }, { "path": "db/PE/protector_Maxtocode.2.sg", "content": "// Detect It Easy: detection rule file\r\n// Author: horsicq \r\n\r\nmeta(\"protector\", \"Maxtocode\");\r\n\r\nfunction detect() {\r\n if (PE.isNet()) {\r\n if (PE.isNetObjectPresent(\"Attick.dll\") && PE.isNetObjectPresent(\"CheckRuntime\")) {\r\n sVersion = \"1.X\";\r\n sOptions = \"Runtime\";\r\n bDetected = true;\r\n } else if (PE.isSignatureInSectionPresent(0, \"00'InfaceMax 'ffffff005f175920ffff00'toCode_interface'00\")) {\r\n sVersion = \"1.X\";\r\n bDetected = true;\r\n } else if (PE.isNetObjectPresent(\"MRuntime3.dll\")) {\r\n sVersion = \"3.X\";\r\n bDetected = true;\r\n }\r\n }\r\n\r\n return result();\r\n}\r\n" }, { "path": "db/PE/protector_Metrowerks_CodeWarrior.2.sg", "content": "// Detect It Easy: detection rule file\r\n// Author: horsicq \r\n\r\nmeta(\"protector\", \"Metrowerks CodeWarrior\");\r\n\r\nfunction detect() {\r\n if (PE.compareEP(\"5589E55356578B750C8B5D1083FE01740583FE0275125356FF7508E86EFFFFFF09C0750431C0EB215356FF7508E8\")) {\r\n // DLL\r\n sVersion = \"2.0\";\r\n bDetected = true;\r\n } else if (PE.compareEP(\"5589E5535683EC4455B8FFFFFFFF505068........64FF35000000006489250000000068\")) {\r\n // Console\r\n sVersion = \"2.0\";\r\n bDetected = true;\r\n }\r\n\r\n return result();\r\n}\r\n" }, { "path": "db/PE/protector_Morphnah.2.sg", "content": "// Detect It Easy: detection rule file\r\n// Author: horsicq \r\n\r\nmeta(\"protector\", \"Morphnah\");\r\n\r\nfunction detect() {\r\n if (PE.compareEP(\"558bec87e55de9$$$$$$$$558bec83ec..5356576064a1........8b40..8945..64a1........c740\")) {\r\n sVersion = \"1.0.7\";\r\n bDetected = true;\r\n } else if (PE.section[\".nah\"]) {\r\n if (PE.compareEP(\"60e8$$$$$$$$5d81ed........8bbd........8b8d........b8........01e88030..83f9..74..817f..........75..8b57\")) {\r\n sVersion = \"1.0.2\";\r\n bDetected = true;\r\n } else if (PE.compareEP(\"60e8$$$$$$$$5d81ed........31c04083f0..403d........75..be........eb..eb..8b85........83f8..75..31c001ee3d\")) {\r\n sVersion = \"1.0.3\";\r\n bDetected = true;\r\n } else if (PE.compareEP(\"eb$$608b4c....87d187d18b093bed\")) {\r\n sVersion = \"beta 2\";\r\n bDetected = true;\r\n }\r\n }\r\n\r\n return result();\r\n}\r\n" }, { "path": "db/PE/protector_N-Code.2.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"protector\", \"N-Code\");\n\nfunction detect() {\n if (PE.compareEP(\"9066be....6683fe..74..66b8....66be....6683fe..74..6683e8..66bb....6683c3..66436681fb....74..6683f8\")) {\n sVersion = \"0.2\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/PE/protector_N-Joy.2.sg", "content": "// Detect It Easy: detection rule file\r\n// Author: horsicq \r\n\r\nmeta(\"protector\", \"N-Joy\");\r\n\r\nfunction detect() {\r\n if (PE.compareEP(\"558BEC83C4F0B8........E8....FFFF6A0068........6A0A6A00E8....FFFFE8....FFFF8D4000\")) {\r\n switch (PE.readWord(PE.getEntryPointOffset() + 33)) {\r\n case 0xf5ef: sVersion = \"1.0\"; break;\r\n case 0xf57f: sVersion = \"1.1\"; break;\r\n case 0xeac7: sVersion = \"1.2\"; break;\r\n case 0xe723: sVersion = \"1.3\"; break;\r\n }\r\n bDetected = true;\r\n }\r\n\r\n return result();\r\n}\r\n" }, { "path": "db/PE/protector_NET_Spider.2.sg", "content": "// Detect It Easy: detection rule file\r\n// Author: horsicq \r\n\r\nmeta(\"protector\", \".NET Spider\");\r\n\r\nfunction detect() {\r\n if (PE.isNet() && PE.isSignatureInSectionPresent(0, \"'Protected_By_Attribute'00'NETSpider.Attribute'\")) {\r\n sVersion = \"0.5-1.3\";\r\n bDetected = true;\r\n }\r\n\r\n return result();\r\n}\r\n" }, { "path": "db/PE/protector_NTkrnl_Protector.2.sg", "content": "// Detect It Easy: detection rule file\r\n// Author: horsicq \r\n\r\nmeta(\"protector\", \"NTkrnl Protector\");\r\n\r\nfunction detect() {\r\n if (PE.compareEP(\"68........e8\") && PE.nLastSection >= 1) {\r\n if (PE.getNumberOfImports() == 1 && PE.getNumberOfImportThunks(0) == 2) {\r\n if (PE.getImportFunctionName(0, 0) == \"LoadLibraryA\" && PE.getImportFunctionName(0, 1) == \"GetProcAddress\") {\r\n if (PE.isSignatureInSectionPresent(1, \"'http://www.ntcore.com '\")) {\r\n sVersion = \"0.1\";\r\n bDetected = true;\r\n } else if (PE.isSignatureInSectionPresent(1, \"'http://www.ntkrnl.com'\")) {\r\n sVersion = \"0.15\";\r\n bDetected = true;\r\n }\r\n /* if (bDetected) {\r\n var nFind = PE.findString(PE.section[1].FileOffset, PE.section[1].FileSize, \"Version \");\r\n if (nFind !== -1) {\r\n sVersion = PE.getString(nFind, 20);\r\n sVersion = sVersion.match(/Version ?(.*?) /)[1];\r\n }\r\n } */\r\n }\r\n }\r\n }\r\n\r\n if (PE.compareEP(\"68........e8........c3\") && PE.compareEP(\"68########60e8$$$$$$$$5d4555c3\")) {\r\n bDetected = true;\r\n }\r\n\r\n return result();\r\n}\r\n" }, { "path": "db/PE/protector_NetReactor.2.sg", "content": "// Detect It Easy: detection rule file\n\n// Author: DosX\n// E-Mail: collab@kay-software.ru\n// GitHub: https://github.com/DosX-dev\n// Telegram: @DosX_dev\n// ----------------\n// First version of detect made by ajax\n\n// https://www.eziriz.com/dotnet_reactor.htm\nmeta(\"protector\", \".NET Reactor\");\n\nfunction detect() {\n if (PE.section[\".reacto\"]) {\n if (PE.section[1].FileSize == 0 && PE.section[2].FileSize == 0 && PE.section[3].FileSize == 0) {\n sVersion = \"2.0-2.1\";\n bDetected = true;\n }\n } else if (PE.compareEP(\"558becb90f0000006a006a004975f951535657b8........e8\")) {\n sVersion = \"2.X-3.X\";\n bDetected = true;\n } else if (PE.resource[\"__\"] && PE.compareEP(\"e8$$$$$$$$8bff558bec83ec10\")) {\n if (PE.compareEP(\"e8........e9........6a0c68\")) {\n sVersion = \"4.2\";\n bDetected = true;\n } else if (PE.compareEP(\"e8........e9........8bff558bec83ec208b45085657\")) {\n sVersion = \"4.5-4.7\";\n bDetected = true;\n }\n } else if (PE.isNet()) {\n if (PE.isSignatureInSectionPresent(0, \"558becb90f0000006a006a004975f951535657b8........e8\")) {\n sVersion = \"3.X\";\n bDetected = true;\n } else if (PE.section.length >= 2) {\n if (PE.section[1].Characteristics == 0xc0000040) { // .sdata\n if (PE.isSignatureInSectionPresent(1, \"5266686E204D182276B5331112330C6D0A204D18229EA129611C76B505190158\")) {\n sVersion = \"4.8-4.9\";\n bDetected = true;\n }\n }\n }\n\n if (PE.isNetObjectPresent(\"NecroVM.Runtime\")) return;\n\n if (PE.isSignatureInSectionPresent(0, \"6D5F6973526561644F6E6C790B636F6D70617265496E666F0874657874496E666F076E756D496E666F0C6461746554696D65496E666F0863616C656E6461720A6D5F646174614974656D0963756C747572654944066D5F6E616D65116D5F757365557365724F76657272696465\")) {\n sVersion = \"6.X\";\n }\n\n var signatureToScan = String();\n for (var i = 0; i < 5; i++) {\n signatureToScan += \"'m_'%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%00\";\n }\n\n if (PE.isSignatureInSectionPresent(0, signatureToScan)) {\n sOptions = sOptions.append(\"Control Flow\");\n sVersion = \"6.X\";\n bDetected = true;\n }\n\n if (PE.isSignatureInSectionPresent(0, \"'$$method0x'363030303331372D310024246D6574686F643078363030303333322D310024246D6574686F643078363030303333322D320024246D6574686F643078363030303334302D310024246D6574686F643078363030303334302D320024246D6574686F643078363030303335332D310024246D6574686F64\")) {\n sVersion = \"6.5\";\n bDetected = true;\n }\n\n if (PE.isNetGlobalCctorPresent()) {\n if (PE.isNetObjectPresent(\"BinaryReader\") && PE.isNetObjectPresent(\"RSACryptoServiceProvider\") && PE.isSignatureInSectionPresent(0, \"2000690073002000740061006D00700065007200650064002E00\")) {\n sOptions = sOptions.append(\"Anti-tamper\");\n bDetected = true;\n } else if (PE.isNetObjectPresent(\"kernel32\") && PE.isSignatureInSectionPresent(0, \"6B00650072006E0065006C002000\")) {\n bDetected = true;\n }\n }\n\n if (PE.isNetObjectPresent(\"SuppressIldasmAttribute\"))\n sOptions = sOptions.append(\"Anti-ILDASM\");\n\n if (PE.isSignatureInSectionPresent(0, \"45007A006900720069007A0027007300200022002E004E00450054002000520065006100630074006F0072002200210020005400680069007300200061\") && PE.isNetObjectPresent(\"DateTime\")) {\n sOptions = sOptions.append(\"Demo\");\n bDetected = true;\n }\n }\n\n return result();\n}" }, { "path": "db/PE/protector_NetShield.2.sg", "content": "// Detect It Easy: detection rule file\n\n// Author: DosX\n// E-Mail: collab@kay-software.ru\n// GitHub: https://github.com/DosX-dev\n// Telegram: @DosX_dev\n\n// https://github.com/AdvDebug/NetShield_Protector\nmeta(\"protector\", \"NetShield\");\n\nfunction detect() {\n if (PE.isNet()) {\n if (PE.isSectionNamePresent(\"!Sugar\") && PE.isNetGlobalCctorPresent()) {\n bDetected = true;\n\n if (PE.isNetObjectPresent(\"ConfusedByAttribute\")) {\n sOptions = \"Fake signs\";\n }\n\n if (PE.isNetObjectPresent(\"SuppressIldasmAttribute\")) {\n sOptions = sOptions.append(\"Anti-ILDASM\");\n }\n\n if (PE.isNetObjectPresent(\"Form200\")) {\n sOptions = sOptions.append(\"Anti-de4dot\");\n }\n }\n\n }\n\n return result();\n}" }, { "path": "db/PE/protector_Ningishzida.2.sg", "content": "// Detect It Easy: detection rule file\r\n// Author: horsicq \r\n\r\nmeta(\"protector\", \"Ningishzida\");\r\n\r\nfunction detect() {\r\n if (PE.compareEP(\"9C6096E8000000005D81ED........B9041B00008DBD........8BF7AC\")) {\r\n sVersion = \"1.0\";\r\n bDetected = true;\r\n }\r\n\r\n return result();\r\n}\r\n" }, { "path": "db/PE/protector_NoobyProtect.2.sg", "content": "// Detect It Easy: detection rule file\r\n// Author: horsicq \r\n\r\nmeta(\"protector\", \"NoobyProtect\");\r\n\r\nfunction detect() {\r\n var impSection = PE.section[PE.getImportSection()];\r\n if (impSection && impSection.Name == \"SE\") {\r\n sVersion = \"Safengine\";\r\n bDetected = true;\r\n }\r\n\r\n return result();\r\n}\r\n" }, { "path": "db/PE/protector_North_Star_PE_Shrinker.2.sg", "content": "// Detect It Easy: detection rule file\r\n// Author: horsicq \r\n\r\nmeta(\"protector\", \"North Star PE Shrinker\");\r\n\r\nfunction detect() {\r\n if (PE.compareEP(\"9C60E8000000005DB8........2D........2BE88DB5\") && !PE.isSectionNamePresent(\"nsp0\")) {\r\n sVersion = \"1.3\";\r\n bDetected = true;\r\n }\r\n\r\n return result();\r\n}\r\n" }, { "path": "db/PE/protector_ORiEN.2.sg", "content": "// Detect It Easy: detection rule file\r\n// Author: horsicq \r\n\r\nmeta(\"protector\", \"ORiEN\");\r\n\r\nfunction detect() {\r\n if (PE.compareEP(\"E95D010000CED1CE..'\\r\\n--------------------------------------------\\r\\n- ORiEN executable files protection system -\\r\\n------ Created by A. Fisun, 1994-2003 ------\\r\\n------- WWW: http://zalexf.narod.ru/ -------\\r\\n-------- e-mail: zalexf@hotmail.ru ---------\\r\\n--------------'\")) {\r\n switch (PE.readByte(PE.getEntryPointOffset() + 8)) {\r\n case 0xCE: sVersion = \"2.11\"; break;\r\n case 0xCD: sVersion = \"2.12\"; break;\r\n }\r\n bDetected = true;\r\n }\r\n\r\n return result();\r\n}\r\n" }, { "path": "db/PE/protector_Obfuscar.2.sg", "content": "// Detect It Easy: detection rule file\r\n// Author: horsicq \r\n\r\nmeta(\"protector\", \"Obfuscar\");\r\n\r\nfunction detect() {\r\n if (PE.isNet()) {\r\n if (PE.isSignatureInSectionPresent(0, \"0691066120AA00000061D29C0617580A\")) {\r\n sVersion = \"1.0\";\r\n bDetected = true;\r\n }\r\n }\r\n\r\n return result();\r\n}\r\n" }, { "path": "db/PE/protector_Obfuscator_NET_2009.2.sg", "content": "// Detect It Easy: detection rule file\r\n// Author: horsicq \r\n\r\nmeta(\"protector\", \"Obfuscator.NET 2009\");\r\n\r\nfunction detect() {\r\n if (PE.isNet()) {\r\n if (PE.isNetUStringPresent(\"Macrobject.Obfuscator\")) {\r\n bDetected = true;\r\n } else if (PE.isNetUStringPresent(\"Obfuscated by Macrobject Obfuscator.NET UNREGISTRED\")) {\r\n sOptions = \"Unregistered\";\r\n bDetected = true;\r\n }\r\n }\r\n\r\n return result();\r\n}\r\n" }, { "path": "db/PE/protector_Obsidium.2.sg", "content": "// Detect It Easy: detection rule file\n// Author: ajax\n// History:\n// 22:54 17.01.2013 add generic\n// 22:30 14.07.2013 improved generic\n\nmeta(\"protector\", \"Obsidium\");\n\nfunction detect() {\n if (PE.isNet()) return;\n\n if (PE.compareEP(\"E8AB1C\")) {\n sVersion = \"1.0.0.59\";\n bDetected = true;\n } else if (PE.compareEP(\"E8AF1C0000\")) {\n sVersion = \"1.0.0.61\";\n bDetected = true;\n } else if (PE.compareEP(\"EB02....E8E71C0000\")) {\n sVersion = \"1.1.1.1\";\n bDetected = true;\n } else if (PE.compareEP(\"EB02....E8771E0000\")) {\n sVersion = \"1.2\";\n bDetected = true;\n } else if (PE.compareEP(\"EB02....E83F1E0000\")) {\n sVersion = \"1.2.0.0\";\n bDetected = true;\n } else if (PE.compareEP(\"E80E0000008B54240C8382B8000000\")) {\n sVersion = \"1.2.5.0\";\n bDetected = true;\n } else if (PE.compareEP(\"EB01..E829000000EB02....EB01..8B54240CEB04\")) {\n sVersion = \"1.2.5.8\";\n bDetected = true;\n } else if (PE.compareEP(\"E80E00000033C08B54240C8382B80000000DC36467FF36\")) {\n sVersion = \"1.2.X\";\n bDetected = true;\n } else if (PE.compareEP(\"EB04........E829000000EB02....EB01..8B54240CEB02\")) {\n sVersion = \"1.3.0.0\";\n bDetected = true;\n } else if (PE.compareEP(\"EB02....E825000000EB04........EB01..8B54240CEB01\")) {\n sVersion = \"1.3.0.4\";\n bDetected = true;\n } else if (PE.compareEP(\"EB01..E826000000EB02....EB02....8B54240CEB01\")) {\n sVersion = \"1.3.0.13\";\n bDetected = true;\n } else if (PE.compareEP(\"EB02....E828000000EB04........EB01..8B54240CEB\")) {\n sVersion = \"1.3.0.17\";\n bDetected = true;\n } else if (PE.compareEP(\"EB03......E82E000000EB04........EB04........8B\")) {\n sVersion = \"1.3.0.21\";\n bDetected = true;\n } else if (PE.compareEP(\"EB02....E826000000EB03......EB01..8B54240CEB04\")) {\n sVersion = \"1.3.0.37\";\n bDetected = true;\n } else if (PE.compareEP(\"EB02....E827000000EB02....EB03......8B54240CEB01\")) {\n sVersion = \"1.3.1.1\";\n bDetected = true;\n } else if (PE.compareEP(\"EB04........E82A000000EB03......EB04........8B54\")) {\n sVersion = \"1.3.2.2\";\n bDetected = true;\n } else if (PE.compareEP(\"EB01..E829000000EB02....EB03......8B54240CEB02\")) {\n sVersion = \"1.3.3.1\";\n bDetected = true;\n } else if (PE.compareEP(\"EB01..E82B000000EB02....EB02....8B54240CEB03\")) {\n sVersion = \"1.3.3.2\";\n bDetected = true;\n } else if (PE.compareEP(\"EB02....E829000000EB03......EB03......8B..240CEB\")) {\n sVersion = \"1.3.3.3\";\n bDetected = true;\n } else if (PE.compareEP(\"EB02....E829000000EB03......EB02....8B54240CEB03\")) {\n sVersion = \"1.3.3.4\";\n bDetected = true;\n } else if (PE.compareEP(\"EB04........E828000000EB01..............8B54240\")) {\n sVersion = \"1.3.3.6\";\n bDetected = true;\n } else if (PE.compareEP(\"EB02....E827000000EB03......EB01..8B54240CEB03\")) {\n sVersion = \"1.3.3.7\";\n bDetected = true;\n } else if (PE.compareEP(\"EB02....E82C000000EB04........EB04........8B5424\")) {\n sVersion = \"1.3.3.7\";\n bDetected = true;\n } else if (PE.compareEP(\"EB04........E828000000EB01..EB01..8B54240CEB04\")) {\n sVersion = \"1.3.3.8\";\n bDetected = true;\n } else if (PE.compareEP(\"EB02....E829000000EB03......EB01..8B54240CEB04\")) {\n sVersion = \"1.3.3.9\";\n bDetected = true;\n } else if (PE.compareEP(\"EB01..E82A000000EB04........EB02....8B54240CEB03\")) {\n sVersion = \"1.3.4.1\";\n bDetected = true;\n } else if (PE.compareEP(\"EB02....E826000000EB03......EB01..8B54240CEB02\")) {\n sVersion = \"1.3.4.2\";\n bDetected = true;\n } else if (PE.compareEP(\"EB03......E8........EB02....EB04........8B54240C\")) {\n sVersion = \"1.3.5.0\";\n bDetected = true;\n } else if (PE.compareEP(\"EB04........50EB04........E8........EB02....EB04........33C0\")) {\n sVersion = \"1.4.2.0\";\n bDetected = true;\n } else if (PE.compareEP(\"EB02....50EB04........E8........EB01..EB01..8B54240C\")) {\n bDetected = true;\n } else if (PE.compareEP(\"EB04........50EB01..E8........EB02....EB01..33C0\")) {\n bDetected = true;\n } else if (PE.compareEP(\"EB05..........50EB04........E8........EB02....EB04........33C0\")) {\n bDetected = true;\n } else if (PE.compareEP(\"EB03......50EB02....E8........EB05..........EB04........33C0\")) {\n bDetected = true;\n } else if (PE.compareEP(\"EB01..50EB01..E8........EB04........EB02....33C0\")) {\n bDetected = true;\n } else if (PE.compareEP(\"EB01..50EB04........E8........EB03......EB03......33C0\")) {\n bDetected = true;\n } else if (PE.compareEP(\"EB01..50EB01..E8........EB01..EB02....33C0\")) {\n bDetected = true;\n } else if (PE.compareEP(\"EB01..50EB01..E8........EB05..........EB04........33C0\")) {\n bDetected = true;\n } else if (PE.compareEP(\"EB05..........50EB02....E8........EB02....EB03......33C0\")) {\n bDetected = true;\n } else if (PE.compareEP(\"EB01..50EB04........E8........EB04........EB01..33C0\")) {\n bDetected = true;\n } else if (PE.compareEP(\"EB03......50EB04........E8........EB04........EB03......8B54240C\")) {\n bDetected = true;\n } else if (PE.compareEP(\"EB04........50EB02....E8........EB03......EB02....8B54240C\")) {\n bDetected = true;\n } else if (PE.compareEP(\"EB04........50EB05..........E8........EB01..EB02....33C0\")) {\n bDetected = true;\n } else if (PE.compareEP(\"EB04........E8........EB01..EB01..8B54240C\")) {\n bDetected = true;\n } else if (PE.compareEP(\"EB03......E8........EB04........EB01..8B54240C\")) {\n bDetected = true;\n } else if (PE.compareEP(\"EB03......50EB02....E8........EB01..EB03......33C0\")) {\n bDetected = true;\n } else if (PE.compareEP(\"EB04........50EB01..E8........EB02....EB04........33C0\")) {\n bDetected = true;\n } else if (PE.compareEP(\"EB03......50EB03......E8........EB04........EB01..33C0\")) {\n bDetected = true;\n } else if (PE.compareEP(\"EB04........50EB01..E8........EB03......EB04........33C0\")) {\n bDetected = true;\n } else if (PE.compareEP(\"EB01..50EB01..E8........EB04........EB03......33C0\")) {\n bDetected = true;\n } else if (PE.compareEP(\"EB03......50EB01..E8........EB03......EB02....33C0\")) {\n bDetected = true;\n } else if (PE.compareEP(\"EB02....50EB02....E8........EB04........EB01..33C0\")) {\n bDetected = true;\n } else if (PE.compareEP(\"EB04........50EB02....E8........EB03......EB05..........33C0\")) {\n bDetected = true;\n } else if (PE.compareEP(\"EB01..50EB01..E8........EB02....EB03......33C0\")) {\n bDetected = true;\n } else if (PE.compareEP(\"EB05..........50EB04........E8........EB04........EB03......33C0\")) {\n bDetected = true;\n } else if (PE.compareEP(\"EB04........50EB01..E8........EB03......EB02....33C0\")) {\n bDetected = true;\n } else if (PE.compareEP(\"EB05..........50EB02....E8........EB03......EB04........33C0\")) {\n bDetected = true;\n } else if (PE.compareEP(\"EB04........50EB01..E8........EB04........EB04........33C0\")) {\n bDetected = true;\n } else if (PE.compareEP(\"EB02....50EB01..E8........EB05..........EB01..33C0\")) {\n bDetected = true;\n } else if (PE.compareEP(\"EB03......50EB04........E8........EB04........EB01..33C0\")) {\n bDetected = true;\n } else if (PE.compareEP(\"EB03......50EB01..E8........EB01..EB02....33C0\")) {\n bDetected = true;\n } else if (PE.compareEP(\"EB01..50EB05..........E8........EB05..........EB03......33C0\")) {\n bDetected = true;\n } else if (PE.compareEP(\"EB03......50EB02....E8........EB04........EB02....33C0\")) {\n bDetected = true;\n } else if (PE.compareEP(\"EB03......50EB02....E8........EB03......EB02....33C0\")) {\n bDetected = true;\n } else if (PE.compareEP(\"EB01..50EB04........E8........EB01..EB05..........33C0\")) {\n bDetected = true;\n } else if (PE.compareEP(\"EB05..........50EB01..E8........EB01..EB03......33C0\")) {\n bDetected = true;\n } else if (PE.compareEP(\"EB05..........50EB04........E8........EB01..EB02....33C0\")) {\n bDetected = true;\n } else if (PE.compareEP(\"EB04........50EB03......E8........EB04........EB03......33C0\")) {\n bDetected = true;\n } else if (PE.compareEP(\"EB05..........50EB03......E8........EB01..EB01..33C0\")) {\n bDetected = true;\n } else if (PE.compareEP(\"EB01..50EB03......E8........EB05..........EB03......33C0\")) {\n bDetected = true;\n } else if (PE.compareEP(\"EB$$EB$$50EB$$E8$$$$$$$$EB$$B8........eb$$eb$$05........eb$$75..eb$$64ff30\")) {\n bDetected = true;\n } else if (PE.compareEP(\"EB\")) {\n var ep = PE.OffsetToVA(PE.getEntryPointOffset());\n var byte = PE.readByte(PE.VAToOffset(ep) + 1);\n if (byte < 6) {\n ep = PE.getDisasmNextAddress(ep);\n byte = PE.readByte(PE.VAToOffset(ep));\n if (byte == 0x50) {\n ep = PE.getDisasmNextAddress(ep);\n byte = PE.readByte(PE.VAToOffset(ep));\n if (byte == 0xEB) {\n byte = PE.readByte(PE.VAToOffset(ep) + 1);\n if (byte < 6) {\n ep = PE.getDisasmNextAddress(ep);\n byte = PE.readByte(PE.VAToOffset(ep));\n if (byte == 0xE8) {\n ep = PE.getDisasmNextAddress(ep + 5);\n byte = PE.readByte(PE.VAToOffset(ep));\n if (byte == 0xEB) {\n byte = PE.readByte(PE.VAToOffset(ep) + 1);\n if (byte < 6) {\n ep = PE.getDisasmNextAddress(ep);\n if (PE.compare('8B54240C', PE.VAToOffset(ep)) || PE.compare('33C0', PE.VAToOffset(ep))) {\n sVersion = \"1.4.X.X\";\n bDetected = true;\n }\n }\n }\n }\n }\n }\n }\n }\n } else if (PE.compareEP(\"eb08................eb03......50eb02\")) {\n sVersion = \"1.6b43\";\n bDetected = true;\n } else if (PE.compareEP(\"E84719\")) {\n bDetected = true;\n } else if (PE.compareEP(\"EB$$E8....0000EB$$EB$$8B54240CEB\")) {\n bDetected = true;\n }\n // Generic\n else if (PE.getEntryPointSection() == PE.nLastSection) {\n if (PE.compareEP(\"EB\") && PE.getImportSection() >= 0 && PE.isOverlayPresent()) {\n bDetected = true;\n }\n } else if (PE.compareEP(\"EB\")) {\n if (PE.compare(\"'ANTS'\", PE.getEntryPointOffset() - 4)) {\n sOptions = \"heuristic detection\";\n bDetected = true;\n }\n }\n\n return result();\n}" }, { "path": "db/PE/protector_OneVM.2.sg", "content": "// Detect It Easy: detection rule file\n\n// Author: DosX\n// E-Mail: collab@kay-software.ru\n// GitHub: https://github.com/DosX-dev\n// Telegram: @DosX_dev\n\n// https://github.com/ZermangoLove/OneVM-Source-Code\nmeta(\"protector\", \"OneVM\");\n\nfunction detect() {\n if (PE.isNet() &&\n PE.isNetObjectPresent(\"Koi\") &&\n PE.isNetObjectPresent(\"OneVM.Runtime\") &&\n PE.isSignatureInSectionPresent(0, \"72 .. .. .. .. 73 .. .. .. .. 7A\") && // throw\n PE.isSignatureInSectionPresent(0, \"%% 00 %% %% %% %% %% %% %% %% 00 %%\")) {\n bDetected = true;\n\n if (PE.isNetUStringPresent(\"OneVM V2 BETA\")) {\n sVersion = \"2.0, beta\";\n }\n }\n\n return result();\n}" }, { "path": "db/PE/protector_Oreans_CodeVirtualizer.2.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"protector\", \"Oreans CodeVirtualizer\");\n\nfunction detect() {\n if (PE.compareEP(\"eb$$e9$$$$$$$$e9$$$$$$$$565053e8$$$$$$$$584889c348ffc0482d........482d........4805........803b..75..c603..bb........68........68........5350e8\")) {\n bDetected = true;\n } else if (PE.isSectionNamePresent(\".vlizer\")) {\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/PE/protector_PACE.2.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\n// https://www.ilok.com/#!license-manager\nmeta(\"protector\", \"PACE\");\n\nfunction detect() {\n if (PE.compareEP(\"833d..........75..E8........a3........e8$$$$$$$$56578b3d........8bc7e8........8bf085f674..5668........68........ff15\")) {\n sVersion = \"Eden wrapper\";\n bDetected = true;\n }\n if (PE.compareEP(\"558bec81ec........5356578d45..6a..5068........ff15........85c074..8b45..eb..8b75..6a..56ff15........85c075..66813e\")) {\n sVersion = \"InterLok\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/PE/protector_PCShrink.2.sg", "content": "// Detect It Easy: detection rule file\r\n// Author: horsicq \r\n\r\nmeta(\"protector\", \"PCShrink\");\r\n\r\nfunction detect() {\r\n if (PE.compareEP(\"01AD........FFB5........6A40FF95\")) {\r\n sVersion = \"0.71 beta\";\r\n bDetected = true;\r\n } else if (PE.compareEP(\"9C60BD........01AD........FF..........6A..FF..........50502D........89..........5F8D\")) {\r\n sVersion = \"0.71\";\r\n bDetected = true;\r\n }\r\n\r\n return result();\r\n}\r\n" }, { "path": "db/PE/protector_PC_Guard.2.sg", "content": "// Detect It Easy: detection rule file\r\n// Author: horsicq \r\n\r\nmeta(\"protector\", \"PC Guard\");\r\n\r\nfunction detect() {\r\n if (PE.isNet()) {\r\n if (PE.isSignatureInSectionPresent(0, \"00000000000000000000000000000000fc5550e8000000005d60e80300000083\")) {\r\n sVersion = \"5.X\";\r\n bDetected = true;\r\n }\r\n } else if (PE.compareEP(\"fc5550e8000000005d60e8$$$$$$$$eb$$58eb$$40eb$$ffe0\")) {\r\n sVersion = \"5.04-5.05\";\r\n bDetected = true;\r\n } else if (PE.compareEP(\"fc5550e8$$$$$$$$5deb$$60e8\")) {\r\n sVersion = \"4.06\";\r\n bDetected = true;\r\n }\r\n\r\n return result();\r\n}\r\n" }, { "path": "db/PE/protector_PE-Armor.2.sg", "content": "// Detect It Easy: detection rule file\r\n// Author: horsicq \r\n\r\nmeta(\"protector\", \"PE-Armor\");\r\n\r\nfunction detect() {\r\n if (PE.compareEP(\"E8$$$$$$$$5D81ED050000008D753D56FF55318DB5860000005650FF552D898593000000\")) {\r\n sVersion = \"0.46\";\r\n bDetected = true;\r\n } else if (PE.compareEP(\"5652515355E81501000032....0000000000\")) {\r\n sVersion = \"0.49\";\r\n bDetected = true;\r\n } else if (PE.compareEP(\"60E8000000005D81ED........8DB5........555681C5........55C3\")) {\r\n sVersion = \"0.7X\";\r\n bDetected = true;\r\n } else if (PE.compareEP(\"558bec83c4..b8........e8$$$$$$$$5883ec..5de9$$$$$$$$60e8000000005d81ed........8db5........5556\")) {\r\n sVersion = \"0.X\";\r\n bDetected = true;\r\n }\r\n\r\n return result();\r\n}\r\n" }, { "path": "db/PE/protector_PE-Shield.2.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n// Updated: DosX\n\nmeta(\"protector\", \"PE-SHiELD\");\n\nfunction detect() {\n if (PE.compareEP(\"E9$$$$$$$$60E8$$$$$$$$5D83ED..EB$$8DB5........BA........8A3C1632FA80....80....88....4AEB\")) {\n sVersion = \"0.25\";\n bDetected = true;\n } else if (PE.compareEP(\"60E8$$$$$$$$5D83ED..EB$$8D....................8A....32..80....80....88......EB\")) {\n sVersion = \"0.25-0.26\";\n bDetected = true;\n } else if (PE.compareEP(\"60E8$$$$$$$$414e414b494e5d83ed..eb$$8d....................8a....32\")) {\n sVersion = \"0.2\";\n bDetected = true;\n }\n\n var peShieldSection = PE.section[\"PESHiELD\"];\n\n if (!bDetected) {\n if (PE.isImportPositionHashPresent(0, 0x3651f68d) && peShieldSection) {\n bDetected = true;\n }\n } else if (!peShieldSection) {\n sOptions = \"modified\";\n }\n\n return result();\n}" }, { "path": "db/PE/protector_PEBundle.2.sg", "content": "// Detect It Easy: detection rule file\r\n// Author: horsicq \r\n\r\nmeta(\"protector\", \"PEBundle\");\r\n\r\nfunction detect() {\r\n if (PE.compareEP(\"9C60E802......33C08BC483C004938BE38B5BFC81EB........87DD\")) {\r\n switch (PE.getEntryPointSignature(28, 2)) {\r\n case \"6A04\": sVersion = \"0.2-2.0X\"; break;\r\n case \"01AD\": sVersion = \"2.0b5-2.3\"; break;\r\n case \"83BD\": sVersion = \"2.44\"; break;\r\n case \"80BD\": sVersion = \"3.XX\"; break;\r\n }\r\n bDetected = true;\r\n\r\n if (!PE.isSectionNamePresentExp(/^(peb|PEB)undle$/)) {\r\n sOptions = \"modified\";\r\n }\r\n }\r\n\r\n return result();\r\n}\r\n" }, { "path": "db/PE/protector_PECRYPT32.2.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"protector\", \"PECRYPT32\");\n\nfunction detect() {\n if (PE.compareEP(\"e8000000005b83eb..eb$$85c073..f705................58eb$$56575550e8\")) {\n sVersion = \"1.02\";\n sOptions = \"by random & killa\";\n bDetected = true;\n } else if (PE.compareEP(\"e8000000005b83eb..eb$$eb$$eb$$eb$$eb$$eb$$eb$$eb$$80bb..........74..83bb..........74..be........03f38bbb........eb\")) {\n sVersion = \"1.02\";\n sOptions = \"by random & acpizer\";\n bDetected = true;\n } else if (PE.compareEP(\"e8000000005b83eb..8b83........538beb2bd82b9d........899d........5bbe........03f38b93........52ad0bc00f84........8983\")) {\n sVersion = \"0.0193c\";\n sOptions = \"by random & acp\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/PE/protector_PELock.2.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n// Enhanced by: DosX\n\nmeta(\"protector\", \"PELock\");\n\nfunction detect() {\n if (PE.isNet() || PE.is64()) return; // Doesn't support .NET or AMD64 files\n\n var bEnableNewEngine = true; // Need more researches\n\n if (bEnableNewEngine) {\n var da = \"\",\n clc = 0,\n stc = 0,\n movsx = 0,\n movzx = 0,\n sub = 0,\n imul = 0,\n bt = 0,\n bsf = 0;\n\n var ep = PE.OffsetToVA(PE.getEntryPointOffset()),\n count = 0;\n\n while (count < 1000) {\n count++;\n var da = PE.getDisasmString(ep);\n if (da.indexOf(' ') != -1) {\n da = da.slice(0, da.indexOf(' '));\n }\n if (da == \"CLC\") { clc++; }\n if (da == \"STC\") { stc++; }\n if (da == \"MOVSX\") { movsx++; }\n if (da == \"MOVZX\") { movzx++; }\n if (da == \"SUB\") { sub++; }\n if (da == \"IMUL\") { imul++; }\n if (da == \"BT\" || da == \"BTR\" || da == \"BTS\" || da == \"BTC\") { bt++; }\n if (da == \"BSF\" || da == \"BSR\" || da == \"BSWAP\") { bsf++; }\n ep = PE.getDisasmNextAddress(ep);\n }\n\n if (clc > 0 && stc > 0 && movzx != 0 && (sub > imul || sub == 0 && imul == 0) && bt == 0 && bsf == 0) {\n bDetected = true;\n }\n }\n\n if (!bDetected) {\n if (PE.compareEP(\"6A6068........E8........BF94\") || PE.isImportPositionHashPresent(0, 0xe1689d7c)) {\n sVersion = \"2.X\";\n bDetected = true;\n }\n }\n\n return result();\n}" }, { "path": "db/PE/protector_PENinja.2.sg", "content": "// Detect It Easy: detection rule file\r\n// Author: horsicq \r\n\r\nmeta(\"protector\", \"PE Ninja\");\r\n\r\nfunction detect() {\r\n if (PE.compareEP(\"5D8BC581ED........2B85........2D710200008985........0FB6B5........8BFD\")) {\r\n sOptions = \"modified\";\r\n bDetected = true;\r\n }\r\n\r\n return result();\r\n}\r\n" }, { "path": "db/PE/protector_PESpin.2.sg", "content": "// Detect It Easy: detection rule file\r\n// Author: horsicq \r\n\r\nmeta(\"protector\", \"PESpin\");\r\n\r\nfunction detect() {\r\n if (!PE.is64()) {\r\n if (PE.compareEP(\"EB016860E8000000008B1C2483C312812BE8B10600FE4BFD822C24\")) {\r\n switch (PE.readByte(PE.getEntryPointOffset() + 27)) {\r\n case 0x5C: sVersion = \"0.1\"; break;\r\n case 0xB7: sVersion = \"0.3\"; break;\r\n case 0x73: sVersion = \"0.4\"; break;\r\n case 0x83: sVersion = \"0.7\"; break;\r\n case 0xC8: sVersion = \"1.0\"; break;\r\n case 0x7D: sVersion = \"1.1\"; break;\r\n case 0x71: sVersion = \"1.3, beta\"; break;\r\n case 0xAC: sVersion = \"1.3\"; break;\r\n case 0x88: sVersion = \"1.3X\"; break;\r\n case 0x17: sVersion = \"1.32\"; break;\r\n case 0x77: sVersion = \"1.33\"; break;\r\n }\r\n\r\n bDetected = true;\r\n }\r\n } else if (PE.compareEP(\"554881EC900000008D6C2428488975..48897D..48895D..4C8945..4C894D..4C8955..4C895D..4C8965..4C896D..4C8975..4C897D..48894D..488955\")) {\r\n sVersion = \"1.2X\";\r\n bDetected = true;\r\n } else if (PE.compareEP(\"554881EC90000000488d6c24284889751848897d2048895d004c8945284c894d304c8955384c895d404c8965484c896d504c8975584c897d6048894d0848895510482bc94c8d05\")) {\r\n sVersion = \"1.23\";\r\n bDetected = true;\r\n }\r\n\r\n return result();\r\n}\r\n" }, { "path": "db/PE/protector_PETetris.2.sg", "content": "// Detect It Easy: detection rule file\n// Author: KDSS-Research\n\nmeta(\"protector\", \"PETetris\");\n\nfunction detect() {\n if (PE.isSectionNamePresent(\"PETETRIS\")) {\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/PE/protector_PE_Diminisher.2.sg", "content": "// Detect It Easy: detection rule file\r\n// Author: horsicq \r\n\r\nmeta(\"protector\", \"PE Diminisher\");\r\n\r\nfunction detect() {\r\n if (PE.compareEP(\"535152565755E8000000005D8BD581ED........2B95........81EA0B0000008995........80BD\")) {\r\n sVersion = \"0.1\";\r\n bDetected = true;\r\n } else if (PE.compareEP(\"5D8BD581ED........2B95........81EA0B......8995........80BD\")) {\r\n sVersion = \"0.1\";\r\n sOptions = \"Alt\";\r\n bDetected = true;\r\n }\r\n\r\n return result();\r\n}\r\n" }, { "path": "db/PE/protector_PE_Encrypt.2.sg", "content": "// Detect It Easy: detection rule file\r\n// Author: horsicq \r\n\r\nmeta(\"protector\", \"PE Encrypt\");\r\n\r\nfunction detect() {\r\n if (PE.compareEP(\"558BEC83C4D05356578D75FC8B442430250000FFFF8138'MZ'900074072D00100000EBF18945FC\")) {\r\n sVersion = \"1.0\";\r\n bDetected = true;\r\n }\r\n\r\n return result();\r\n}\r\n" }, { "path": "db/PE/protector_PE_Intro.2.sg", "content": "// Detect It Easy: detection rule file\r\n// Author: horsicq \r\n\r\nmeta(\"protector\", \"PE Intro\");\r\n\r\nfunction detect() {\r\n if (PE.compareEP(\"8B04249C60E8........5D81ED........80BD..........0F8548\")) {\r\n sVersion = \"1.0\";\r\n bDetected = true;\r\n }\r\n\r\n return result();\r\n}\r\n" }, { "path": "db/PE/protector_PE_Lock_NT.2.sg", "content": "// Detect It Easy: detection rule file\r\n// Author: horsicq \r\n\r\nmeta(\"protector\", \"PELOCKnt\");\r\n\r\nfunction detect() {\r\n if (PE.compareEP(\"EB03CD20EBEB01EB1EEB01EBEB02CD209CEB03CD\")) {\r\n sVersion = \"2.01\";\r\n bDetected = true;\r\n } else if (PE.compareEP(\"EB02C7851EEB03CD20EBEB01EB9CEB01EBEB02CD\")) {\r\n sVersion = \"2.02c\";\r\n bDetected = true;\r\n } else if (PE.compareEP(\"EB02C7851EEB03CD20C79CEB0269B160EB02EB01\")) {\r\n sVersion = \"2.03\";\r\n bDetected = true;\r\n } else if (PE.compareEP(\"EB$$1EEB$$9CEB$$EB$$60EB$$EB$$E8$$$$$$$$584050C3\")) {\r\n sVersion = \"2.04\";\r\n bDetected = true;\r\n }\r\n\r\n return result();\r\n}\r\n" }, { "path": "db/PE/protector_PE_Lock_Phantasm_by_Ding_Boy.2.sg", "content": "// Detect It Easy: detection rule file\r\n// Author: horsicq \r\n\r\nmeta(\"protector\", \"PE Lock Phantasm by Ding Boy\");\r\n\r\nfunction detect() {\r\n if (PE.compareEP(\"555756525153E8000000005D8BD581ED\")) {\r\n sVersion = \"0.07/0.8\";\r\n bDetected = true;\r\n } else if (PE.compareEP(\"5557565251536681C3EB02EBFC6681C3EB02EBFC\")) {\r\n sVersion = \"1.0/1.1\";\r\n bDetected = true;\r\n } else if (PE.compareEP(\"9C5557565251539CFAE8000000005D81ED\")) {\r\n sVersion = \"1.5b3\";\r\n bDetected = true;\r\n }\r\n\r\n return result();\r\n}\r\n" }, { "path": "db/PE/protector_PE_Password.2.sg", "content": "// Detect It Easy: detection rule file\r\n// Author: horsicq \r\n\r\nmeta(\"protector\", \"PE Password\");\r\n\r\nfunction detect() {\r\n if (PE.compareEP(\"E804......8BEC5DC333C05D8BFD81ED........81EF........83EF0589AD........8D9D........8DB5........4680\")) {\r\n sVersion = \"0.2\";\r\n bDetected = true;\r\n }\r\n\r\n return result();\r\n}\r\n" }, { "path": "db/PE/protector_PE_Protect.2.sg", "content": "// Detect It Easy: detection rule file\r\n// Author: horsicq \r\n\r\nmeta(\"protector\", \"PE Protect\");\r\n\r\nfunction detect() {\r\n if (PE.compareEP(\"'\\r\\nPE-PROTECT 0.9 (C)o'\", 64)) {\r\n sVersion = \"0.9\";\r\n bDetected = true;\r\n } else if (PE.compareEP(\"525155576467A1300085C0780DE8........5883C007C6..C3\")) {\r\n sVersion = \"0.9\";\r\n bDetected = true;\r\n }\r\n\r\n return result();\r\n}\r\n" }, { "path": "db/PE/protector_PEncrypt.2.sg", "content": "// Detect It Easy: detection rule file\r\n// Author: horsicq \r\n\r\nmeta(\"protector\", \"PEncrypt\");\r\n\r\nfunction detect() {\r\n if (PE.compareEP(\"609CBE........8BFEB9........BB78563412AD33C3ABE2FA9D61E9......FF\")) {\r\n sVersion = \"1.0\";\r\n bDetected = true;\r\n } else if (PE.compareEP(\"EB$$E8000000005D81ED........8DB5........E8330000008985\")) {\r\n sVersion = \"2.0\";\r\n bDetected = true;\r\n } else if (PE.compareEP(\"E8000000005D81ED........8DB5........8BFEB90F000000BB\")) {\r\n sVersion = \"3.0\";\r\n bDetected = true;\r\n } else if (PE.compareEP(\"E9......00F00FC6\")) {\r\n sVersion = \"3.1\";\r\n bDetected = true;\r\n }\r\n\r\n return result();\r\n}\r\n" }, { "path": "db/PE/protector_PEnguinCrypt.2.sg", "content": "// Detect It Easy: detection rule file\r\n// Author: horsicq \r\n\r\nmeta(\"protector\", \"PEnguinCrypt\");\r\n\r\nfunction detect() {\r\n if (PE.compareEP(\"B8........55506764FF360000676489260000BD4B484342B804000000CC\")) {\r\n sVersion = \"1.0\";\r\n bDetected = true;\r\n }\r\n\r\n return result();\r\n}\r\n" }, { "path": "db/PE/protector_PUNiSHER.2.sg", "content": "// Detect It Easy: detection rule file\r\n// Author: horsicq \r\n\r\nmeta(\"protector\", \"PUNiSHER\");\r\n\r\nfunction detect() {\r\n if (PE.compareEP(\"EB0483A4BCCE60EB0480BC0411E800000000\")) {\r\n sVersion = \"1.5 demo\";\r\n bDetected = true;\r\n }\r\n\r\n return result();\r\n}\r\n" }, { "path": "db/PE/protector_Phoenix.2.sg", "content": "// Detect It Easy: detection rule file\r\n// Author: horsicq \r\n\r\nmeta(\"protector\", \"Phoenix\");\r\n\r\nfunction detect() {\r\n if (PE.isNet()) {\r\n if (PE.isSignatureInSectionPresent(0, \"0000010b160c..........0208..........0d0906085961d21304091e630861d21305070811051e62110460d19d081758\")) {\r\n sVersion = \"1.7-1.8\";\r\n bDetected = true;\r\n } else if (PE.isSignatureInSectionPresent(0, \"'?.resources'\")) {\r\n sVersion = \"1.X\";\r\n bDetected = true;\r\n } else if (PE.compareEP_NET(\"1b3002001c00000000000000280100000a280200000add01000000dc28070000\")) {\r\n bDetected = true;\r\n }\r\n }\r\n\r\n return result();\r\n}\r\n" }, { "path": "db/PE/protector_Photo_Compiler.2.sg", "content": "// Detect It Easy: detection rule file\n// Author: A.S.L. 2019.10.20\n\nmeta(\"protector\", \"Photo Compiler\");\n\nfunction detect() {\n if (PE.compareEP(\"558bEC83C4F0B8\") && PE.compareOverlay(\"'PK'\")) {\n if (PE.isSignatureInSectionPresent(0, \"'PhotoCompiler.Runtime'\")) {\n bDetected = true;\n }\n }\n\n return result();\n}" }, { "path": "db/PE/protector_PolyCrypt_PE.2.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"protector\", \"JLabSoftware PolyCrypt PE\");\n\nfunction detect() {\n if (PE.compareEP(\"60e8$$$$$$$$918bf4adfec9803408..e2..c3\")) {\n sVersion = \"2004-2005\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/PE/protector_Private_EXE_Protector.2.sg", "content": "// Detect It Easy: detection rule file\r\n// Author: horsicq \r\n// Updated: DosX\r\n\r\n// https://github.com/NIKJOO/PEP\r\nmeta(\"protector\", \"Private EXE Protector\");\r\n\r\nfunction detect() {\r\n if (PE.compareEP(\"558BEC83C4F4FC5357568B7424208B7C242466813E4A430F85A502000083C60A33DB\")) {\r\n sVersion = \"1.9.7\";\r\n bDetected = true;\r\n } else if (PE.compareEP(\"B8........B9..9001..BE........68........6801......C3\")) {\r\n sVersion = \"1.X\";\r\n bDetected = true;\r\n } else if (PE.compareEP(\"89....380000008B..0000000081..........89..0000000081..0400000081..0400000081..000000000F85D6FFFFFF\")) {\r\n sVersion = \"2.0\";\r\n bDetected = true;\r\n } else if (PE.compareEP(\"52ba........c702########....50....53....51....52....56..57....55....81ee\")) {\r\n sVersion = \"3.04\";\r\n bDetected = true;\r\n } else if (PE.compareEP(\"EB08....0000000000007.009C\")) {\r\n sVersion = \"4.0-4.12\";\r\n bDetected = true;\r\n } else if (PE.compareEP(\"EB08....0000000000007.0068\")) {\r\n sVersion = \"4.0-4.12\";\r\n bDetected = true;\r\n } else if (PE.compareEP(\"6064ff35........b9........89ce81c6........ba........bd........8b0683c6..8b1e89dffcf829c333dd31c3891e\")) {\r\n sVersion = \"4.X\";\r\n bDetected = true;\r\n } else if (PE.compareEP(\"51b9........c701........59ff35........c3\")) {\r\n sVersion = \"3.4.0\";\r\n bDetected = true;\r\n } else if (PE.compareEP(\"53bb........c703........5bff35........c3\")) {\r\n sVersion = \"3.4.0\";\r\n bDetected = true;\r\n } else if (PE.findSignature(PE.getEntryPointOffset(), 0xB00, \"b900000000f3ae\") != -1) {\r\n sVersion = \"3.0.0-3.3.5\";\r\n bDetected = true;\r\n } else if (PE.findSignature(PE.getEntryPointOffset(), 0xB00, \"b900000000f366\") != -1) {\r\n sVersion = \"3.0.0-3.3.5\";\r\n bDetected = true;\r\n } else if (PE.getNumberOfImports() == 1 &&\r\n PE.getImportLibraryName(0) == \"KERNEL32.DLL\" && PE.getNumberOfImportThunks(0) == 1 &&\r\n (PE.section[0].Characteristics == 0xc0000020 && PE.getEntryPointOffset() == 0x400 ||\r\n PE.section[0].Characteristics == 0xe0000020 && PE.getEntryPointOffset() == 0x200 ||\r\n PE.section[0].Characteristics == 0xe0000020 && PE.getEntryPointOffset() == 0x400 ||\r\n PE.section[0].Characteristics == 0x60000020 && PE.getEntryPointOffset() == 0x400 ||\r\n PE.section[0].Characteristics == 0xe0000080 && PE.getEntryPointOffset() == 0x400 ||\r\n PE.section[0].Characteristics == 0xc0000040 && PE.getEntryPointOffset() == 0x400 ||\r\n PE.section[0].Characteristics == 0xe0000060 && PE.getEntryPointOffset() == 0x400 ||\r\n PE.section[0].Characteristics == 0xe0000040 && PE.getEntryPointOffset() == 0x400 ||\r\n PE.section[0].Characteristics == 0xf0000040 && PE.getEntryPointOffset() == 0x400)) {\r\n sVersion = \"2.00-2.25\";\r\n bDetected = true;\r\n } else if (PE.section.length >= 3) {\r\n if (PE.getNumberOfImports() == 1 &&\r\n PE.getImportLibraryName(0) == \"KERNEL32.DLL\" &&\r\n PE.getImportFunctionName(0, 0) == \"ExitProcess\") {\r\n if (PE.getAddressOfEntryPoint() == 0x1000 &&\r\n PE.section[0].FileSize != 0x200 &&\r\n PE.section[0].FileSize != 0x400 &&\r\n PE.section[0].Characteristics == 0xe0000020) {\r\n bDetected = true;\r\n sVersion = \"1.X\";\r\n } else if (PE.section[0].Characteristics == 0xe4000000 &&\r\n PE.section[1].Characteristics == 0xC0000000 &&\r\n PE.section[2].Characteristics == 0x50000040) {\r\n bDetected = true;\r\n sVersion = \"1.7\";\r\n }\r\n } else if (PE.getNumberOfImports() == 1 || PE.getNumberOfImports() == 2) {\r\n if (PE.getImportLibraryName(0) == \"KERNEL32.DLL\") {\r\n if (PE.getNumberOfImportThunks(0) == 1) {\r\n var nSection = PE.nLastSection;\r\n if (PE.section[nSection].Name == \".rsrc\") {\r\n nSection--;\r\n }\r\n if (PE.section[nSection].Characteristics == 0xE0000000 &&\r\n PE.section[nSection - 1].Characteristics == 0xE0000000) {\r\n bDetected = true;\r\n sVersion = \"2.X\";\r\n }\r\n }\r\n }\r\n }\r\n }\r\n\r\n if (!bDetected) {\r\n if (PE.isImportPositionHashPresent(0, 0xd89af68d)) {\r\n if (PE.isSectionNamePresent(\".TRIAL!\")) {\r\n sOptions = \"demo\";\r\n bDetected = true;\r\n } else if (PE.isSectionNamePresent(\".-PEP-\")) {\r\n bDetected = true;\r\n }\r\n }\r\n }\r\n\r\n return result();\r\n}\r\n" }, { "path": "db/PE/protector_Protect_Disc.2.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"protector\", \"Protect Disc\");\n\nfunction detect() {\n if (PE.compareEP(\"363e268ac060e8$$$$$$$$558bec83ec..b8........8b7d..2bf8e8\")) {\n sVersion = \"9.11.0\";\n sOptions = \"Build \" + getBuild();\n bDetected = true;\n } else if (PE.compareEP(\"363e268ac060e8$$$$$$$$5f81ef........be........8b87........03c657568ca7\")) {\n sVersion = \"7.5.3\";\n sOptions = \"Build \" + getBuild();\n bDetected = true;\n }\n\n return result();\n}\n\nfunction getBuild() {\n return PE.readDword(PE.getEntryPointOffset() + 0x3e);\n}" }, { "path": "db/PE/protector_Protection_Plus.2.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\n// https://www.softwarekey.com/blog/softwarekey-system-releases/protection-plus-4-6-0-8-and-instant-plus-3-2-0-4-released/\nmeta(\"protector\", \"Protection Plus\");\n\nfunction detect() {\n if (PE.compareEP(\"506029c064ff30e8........5d83ed..89e889a5........2b85........8985........8d85........508b0085c00f85\")) {\n sVersion = \"4.X\";\n bDetected = true;\n } else if (PE.isImportPositionHashPresent(0, 0x174efb84) && PE.compare(\"'{4A6E2EB8-0392-4258-9C91-65BB5FF8F1F9}'\", PE.getEntryPointOffset() - 0x27)) {\n sName += \" Wrapper\";\n sVersion = \"4.6+\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/PE/protector_QrYPt0r.2.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"protector\", \"QrYPt0r\");\n\nfunction detect() {\n if (PE.compareEP(\"EB$$E8$$$$$$$$64FF3500000000\")) {\n sVersion = \"1.0\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/PE/protector_QuickBFC.2.sg", "content": "// Detect It Easy: detection rule file\n\n// Author: DosX\n// E-Mail: collab@kay-software.ru\n// GitHub: https://github.com/DosX-dev\n// Telegram: @DosX_dev\n\n// https://www.abyssmedia.com/quickbfc/\nmeta(\"protector\", \"Quick Batch File Compiler\");\n\nfunction detect() {\n var textSection = PE.section[\".text\"];\n\n if (PE.isSectionNamePresent(\".didata\") && textSection && PE.isResourceNamePresent(\"SRC\") && PE.isSignaturePresent(textSection.FileOffset, textSection.FileSize, \"'batfilerecord'\")) {\n bDetected = true;\n }\n\n sLang = \"Batch\";\n\n return result();\n}" }, { "path": "db/PE/protector_QuickPack_NT.2.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"protector\", \"QuickPack NT\");\n\nfunction detect() {\n if (PE.compareEP(\"4d5a90eb$$52e9$$$$$$$$e8$$$$$$$$5d8dad........8d9d........8d......506a..68........55ff53\")) {\n sVersion = \"0.1a\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/PE/protector_REVProt.2.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"protector\", \"REVProt\");\n\nfunction detect() {\n if (PE.compareEP(\"e8$$$$$$$$31c064ff30648920648f05........83c4..60e8$$$$$$$$83c4..e8$$$$$$$$5d81ed........60b9\")) {\n sVersion = \"0.1a\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/PE/protector_RLP.2.sg", "content": "// Detect It Easy: detection rule file\r\n// Author: horsicq \r\n\r\nmeta(\"protector\", \"RLP\");\r\n\r\nfunction detect() {\r\n if (PE.isSectionNamePresent(\".rlp\")) {\r\n sVersion = \"0.7.3b\";\r\n bDetected = true;\r\n }\r\n\r\n return result();\r\n}\r\n" }, { "path": "db/PE/protector_ReNET-pack.2.sg", "content": "// Detect It Easy: detection rule file\r\n// Author: horsicq \r\n\r\nmeta(\"protector\", \"ReNET-pack\");\r\n\r\nfunction detect() {\r\n if (PE.isNet() && PE.isSignatureInSectionPresent(0, \"'Protected/Packed with ReNET-Pack by stx'\")) {\r\n bDetected = true;\r\n }\r\n\r\n return result();\r\n}\r\n" }, { "path": "db/PE/protector_RobustObfuscator.2.sg", "content": "// Detect It Easy: detection rule file\n\n// Author: DosX\n// E-Mail: collab@kay-software.ru\n// GitHub: https://github.com/DosX-dev\n// Telegram: @DosX_dev\n\n// https://robustify.xyz/\nmeta(\"protector\", \"Robust Obfuscator\");\n\nfunction detect() {\n if (PE.isNet() && PE.isNetGlobalCctorPresent() && PE.isSignatureInSectionPresent(0, \"00 20 .. .. .. .. FE 0E .. .. 20 .. .. .. .. 20 .. .. .. .. 20 .. .. .. .. 61 20 .. .. .. .. 20 .. .. .. .. 5F 20 .. .. .. ..\")) {\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/PE/protector_SC_Obfuscator.2.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"protector\", \"SC Obfuscator\");\n\nfunction detect() {\n if (PE.compareEP(\"6033c98b1d........031d........8a041984c074..3c..74..34..880419413b0d........75..a1........0105........61ff25\")) {\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/PE/protector_SDProtector.2.sg", "content": "// Detect It Easy: detection rule file\r\n// Author: horsicq \r\n\r\nmeta(\"protector\", \"SDProtector\");\r\n\r\nfunction detect() {\r\n if (PE.compareEP(\"558BEC6AFF68........688888880864A1\")) {\r\n if (PE.compareEP(\"5083EC08\", 42)) {\r\n sVersion = \"1.10\";\r\n } else if (PE.compareEP(\"1833C0\", 77)) {\r\n sVersion = \"1.16\";\r\n } else {\r\n sVersion = \"1.1X\";\r\n }\r\n\r\n bDetected = true;\r\n }\r\n\r\n return result();\r\n}\r\n" }, { "path": "db/PE/protector_SLVc0deProtector.2.sg", "content": "// Detect It Easy: detection rule file\r\n// Author: horsicq \r\n\r\nmeta(\"protector\", \"SLVc0deProtector\");\r\n\r\nfunction detect() {\r\n var nLastSection = PE.nLastSection;\r\n if (PE.section[nLastSection].Characteristics == 0xA0000020) {\r\n if ((PE.section[nLastSection].VirtualSize & 0xFF) &&\r\n (PE.section[nLastSection].FileSize & 0xFF)) {\r\n if (PE.section[nLastSection].VirtualAddress == PE.getAddressOfEntryPoint()) {\r\n sVersion = \"0.61\";\r\n bDetected = true;\r\n }\r\n }\r\n } else if (PE.compareEP(\"E80000000058C600EBC6400108FFE0E952\")) {\r\n sVersion = \"1.12\";\r\n bDetected = true;\r\n }\r\n\r\n return result();\r\n}\r\n" }, { "path": "db/PE/protector_SVK_Protector.2.sg", "content": "// Detect It Easy: detection rule file\r\n// Author: horsicq \r\n\r\nmeta(\"protector\", \"SVK Protector\");\r\n\r\nfunction detect() {\r\n if (PE.compareEP(\"60EB03C784E8EB03C7849AE8000000005D81ED10000000EB03C784E964A023000000EB\")) {\r\n sVersion = \"1.051\";\r\n bDetected = true;\r\n } else if (PE.compareEP(\"60E8........5D81ED06......64A023\")) {\r\n sVersion = \"1.11\";\r\n bDetected = true;\r\n } else if (PE.compareEP(\"60E8000000005D81ED06000000EB05B8........64A023\")) {\r\n sVersion = \"1.3X-1.4X\";\r\n bDetected = true;\r\n } else if (PE.compareEP(\"E8000000005D81ED06000000EB05B8........64A023\")) {\r\n bDetected = true;\r\n } else if (PE.compareEP(\"60E8000000005D81ED0600000074..75........64a023\")) {\r\n bDetected = true;\r\n }\r\n\r\n return result();\r\n}\r\n" }, { "path": "db/PE/protector_Safedisc.2.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\n// https://ru.wikipedia.org/wiki/SafeDisc\nmeta(\"protector\", \"SafeDisc\");\n\nfunction detect() {\n if (PE.compareEP(\"558bec60bb........33c98a0d........85c974..b8........2bc383e8..eb\")) {\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/PE/protector_Safenet_RMS.2.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"protector\", \"Safenet RMS (Sentinel)\");\n\nfunction detect() {\n if (PE.compareEP(\"558bec81ec........535657c785................c745..........c745..........c745..........c785................c745..........8b45..a3........833d..........74..e9\")) {\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/PE/protector_Safengine_Shielden.2.sg", "content": "// Detect It Easy: detection rule file\r\n// Authors: hors, sendersu\r\n// If errors pls contact sendersu on cracklab.team\r\n\r\nmeta(\"protector\", \"Safengine Shielden\");\r\n\r\nfunction detect() {\r\n if (PE.compareEP(\"E8........5361\")) {\r\n if (PE.section[PE.nLastSection].FileSize == 0x1000 &&\r\n PE.section[PE.nLastSection].VirtualSize == 0x1000) {\r\n sVersion = \"2.X\";\r\n bDetected = true;\r\n } else if (PE.section[PE.nLastSection].FileSize == 0x2000 &&\r\n PE.section[PE.nLastSection].VirtualSize == 0x2000) {\r\n bDetected = true;\r\n }\r\n }\r\n\r\n if (PE.compareEP(\"EB$$E9$$$$$$$$E8........'Safengine Shielden'\")) {\r\n sVersion = \"2.X\";\r\n bDetected = true;\r\n }\r\n\r\n if (PE.compareEP(\"E8........'Shielden'\")) {\r\n var nOffset = PE.findString(PE.getEntryPointOffset(), 0x50, \"Shielden v\");\r\n if (nOffset != -1) {\r\n sName = \"Shielden\"\r\n sVersion = PE.getString(nOffset + 10);\r\n bDetected = true;\r\n }\r\n }\r\n\r\n if (bDetected == 1) {\r\n // try to deduce specific version from payload (if present)\r\n var nOffset = PE.findString(0, PE.getSize(), \"Safengine Shielden v\")\r\n if (nOffset != -1) {\r\n sVersion = PE.getString(nOffset + 19)\r\n }\r\n }\r\n\r\n return result();\r\n}\r\n" }, { "path": "db/PE/protector_SecuROM.2.sg", "content": "// Detect It Easy: detection rule file\r\n// Authors: ELF_7719116, DosX\r\n\r\nmeta(\"protector\", \"SecuROM\");\r\n\r\nfunction detect() {\r\n if (PE.section[PE.nLastSection].Name === \".securom\") {\r\n sVersion = \"pre-8.03.03\";\r\n bDetected = true;\r\n } else if (PE.section[\".dsstext\"]) {\r\n sVersion = \"8.03.03+\";\r\n bDetected = true;\r\n } else if (PE.compareOverlay(\"'AddD'03\")) {\r\n var nOffset = PE.getOverlayOffset();\r\n sVersion = PE.getString(nOffset + 8);\r\n bDetected = true;\r\n }\r\n\r\n return result();\r\n}\r\n" }, { "path": "db/PE/protector_Secure_Shade.2.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"protector\", \"Secure Shade\");\n\nfunction detect() {\n if (PE.compareEP(\"558bec81ec........535657be........8d7d..8d45..a5a5a5a56a..50a4e8........8b1d........595968........ffd3\")) {\n sVersion = \"1.8\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/PE/protector_Shrink_Wrap.2.sg", "content": "// Detect It Easy: detection rule file\r\n// Author: horsicq \r\n\r\nmeta(\"protector\", \"Shrink Wrap\");\r\n\r\nfunction detect() {\r\n if (PE.compareEP(\"58608BE85533F6684801....E84901....EB\")) {\r\n sVersion = \"1.4\";\r\n bDetected = true;\r\n }\r\n\r\n return result();\r\n}\r\n" }, { "path": "db/PE/protector_Shrinker.2.sg", "content": "// Detect It Easy: detection rule file\r\n// Author: horsicq \r\n\r\nmeta(\"protector\", \"Shrinker\");\r\n\r\nfunction detect() {\r\n if (PE.compareEP(\"558BEC565775656800010000E8F1E6FFFF83C404\")) {\r\n sVersion = \"3.2\";\r\n bDetected = true;\r\n } else if (PE.compareEP(\"558BEC565775656800010000E8\")) {\r\n sVersion = \"3.3\";\r\n bDetected = true;\r\n } else if (PE.compareEP(\"558BEC5657756B6800010000E8110B000083C404\")) {\r\n sVersion = \"3.4\";\r\n bDetected = true;\r\n } else if (PE.compareEP(\"833D..........558BEC565775..68........e8........83....8b....a3........85F674..68\")) {\r\n sVersion = \"3.2\";\r\n bDetected = true;\r\n } else if (PE.compareEP(\"833D..........558BEC565775..68........e8........83....8b....a3........85F674..83\")) {\r\n sVersion = \"3.5\";\r\n bDetected = true;\r\n } else if (PE.compareEP(\"833DB4........558BEC5657756B6800010000E8..0B000083C4048B7508A3B4......85F67423837D0C03771D68FF\")) {\r\n sVersion = \"3.4\";\r\n bDetected = true;\r\n } else if (PE.compareEP(\"803D..........53568b7424..575575..85f674..68........8b3d........68........56ffd7\")) {\r\n bDetected = true;\r\n }\r\n\r\n return result();\r\n}\r\n" }, { "path": "db/PE/protector_SimbiOZ.2.sg", "content": "// Detect It Easy: detection rule file\r\n// Author: horsicq \r\n\r\nmeta(\"protector\", \"SimbiOZ\");\r\n\r\nfunction detect() {\r\n if (PE.compareEP(\"5060E8000000005D81ED0710400068800B00008D851F10400050E8840B0000\")) {\r\n bDetected = true;\r\n } else if (PE.compareEP(\"57578D7C240450B800......AB585FC3\")) {\r\n sVersion = \"1.3\";\r\n bDetected = true;\r\n } else if (PE.compareEP(\"55508BC483C004C700........58C390\")) {\r\n sVersion = \"2.1\";\r\n bDetected = true;\r\n } else if (PE.compareEP(\"5560E8000000005D81ED........8D85........68........50E8\")) {\r\n bDetected = true;\r\n }\r\n\r\n return result();\r\n}\r\n" }, { "path": "db/PE/protector_Sixxpack.2.sg", "content": "// Detect It Easy: detection rule file\r\n// Author: horsicq \r\n\r\nmeta(\"protector\", \"Sixxpack\");\r\n\r\nfunction detect() {\r\n if (PE.isNet()) {\r\n if (PE.isSignatureInSectionPresent(0, \"00'actmp.dll'00'stub'00'Sixxpack'00\")) {\r\n sVersion = \"2.2\";\r\n bDetected = true;\r\n } else if (PE.isSignatureInSectionPresent(0, \"0021......'xpack!'00................'xpack'00\")) {\r\n sVersion = \"2.4\";\r\n bDetected = true;\r\n } else if (PE.isNetObjectPresent(\"Sixxpack\")) {\r\n sVersion = \"2.X\";\r\n bDetected = true;\r\n }\r\n }\r\n\r\n return result();\r\n}\r\n" }, { "path": "db/PE/protector_Skater.2.sg", "content": "// Detect It Easy: detection rule file\r\n// Author: horsicq \r\n\r\nmeta(\"protector\", \"Skater\");\r\n\r\nfunction detect() {\r\n if (PE.isNet()) {\r\n if (PE.compareEP_NET(\"4228070000066f09000006283800000a2a1b3004006f0000000d0000110272b9\")) {\r\n sVersion = \"2.X\";\r\n bDetected = true;\r\n } else if (PE.isSignatureInSectionPresent(0, \"'RustemSoft.Skater'\")) {\r\n bDetected = true;\r\n }\r\n }\r\n\r\n if (bDetected && PE.isSignatureInSectionPresent(0, \"4F0062006600750073006300610074006F0072002000440065006D006F00\")) {\r\n sOptions = \"demo\";\r\n }\r\n\r\n return result();\r\n}\r\n" }, { "path": "db/PE/protector_Smart_Assembly.2.sg", "content": "// Detect It Easy: detection rule file\r\n// Author: horsicq \r\n\r\nmeta(\"protector\", \"Smart Assembly\");\r\n\r\nfunction detect() {\r\n if (PE.isNet()) {\r\n if (PE.isSignatureInSectionPresent(0, \"20ffffff005f175920ffff0000\")) {\r\n sVersion = \"3.X\";\r\n bDetected = true;\r\n } else if (PE.isNetObjectPresent(\"Powered by {smartassembly}\")) {\r\n sVersion = \"1.X-4.X\";\r\n bDetected = true;\r\n } else if (PE.isNetObjectPresent(\"Powered by SmartAssembly\")) {\r\n sVersion = \"5.X\";\r\n bDetected = true;\r\n } else if (PE.isNetObjectPresent(\"SmartAssembly.Attributes\")) {\r\n bDetected = true;\r\n } else if ((nOffset = PE.findString(PE.section[0].FileOffset,\r\n PE.section[0].FileSize,\r\n \"Powered by SmartAssembly \")) != -1) {\r\n sVersion = PE.getString(nOffset + 25);\r\n bDetected = true;\r\n } else {\r\n var nEPSection = PE.getEntryPointSection();\r\n if (nEPSection != -1) {\r\n if ((nOffset = PE.findString(PE.section[nEPSection].FileOffset,\r\n PE.section[nEPSection].FileSize,\r\n \"Powered by {smartassembly}\")) != -1) {\r\n bDetected = true;\r\n }\r\n }\r\n }\r\n }\r\n\r\n return result();\r\n}\r\n" }, { "path": "db/PE/protector_SmokesCrypt.2.sg", "content": "// Detect It Easy: detection rule file\r\n// Author: horsicq \r\n\r\nmeta(\"protector\", \"SmokesCrypt\");\r\n\r\nfunction detect() {\r\n if (PE.compareEP(\"60B8........B8........8A140880F2..8814084183F9..75F1\")) {\r\n sVersion = \"1.2\";\r\n bDetected = true;\r\n }\r\n\r\n return result();\r\n}\r\n" }, { "path": "db/PE/protector_SoftProtect.2.sg", "content": "// Detect It Easy: detection rule file\r\n// Author: horsicq \r\n\r\nmeta(\"protector\", \"SoftProtect\");\r\n\r\nfunction detect() {\r\n if (PE.compareEP(\"E8....00008D85....0000C70000000000E8....0000E8....00008D85....000050E8....000083\")) {\r\n bDetected = true;\r\n } else if (PE.compareEP(\"EB01E360E803......D2EB0B58EB014840EB0135FFE0E76160E803\")) {\r\n bDetected = true;\r\n }\r\n\r\n return result();\r\n}\r\n" }, { "path": "db/PE/protector_SoftSentry.2.sg", "content": "// Detect It Easy: detection rule file\r\n// Author: horsicq \r\n\r\nmeta(\"protector\", \"SoftSentry\");\r\n\r\nfunction detect() {\r\n if (PE.compareEP(\"558BEC83EC..535657E9\")) {\r\n if (PE.compareEP(\"50\", 10)) {\r\n sVersion = \"2.11\";\r\n } else if (PE.compareEP(\"B006\", 10)) {\r\n sVersion = \"3.0\";\r\n }\r\n bDetected = true;\r\n }\r\n\r\n return result();\r\n}\r\n" }, { "path": "db/PE/protector_Special_EXE_Password_Protector.2.sg", "content": "// Detect It Easy: detection rule file\r\n// Author: horsicq \r\n\r\nmeta(\"protector\", \"Special EXE Password Protector\");\r\n\r\nfunction detect() {\r\n if (PE.compareEP(\"60E8000000005D81ED0600000089AD8C0100008BC52B85FE75000089853E\")) {\r\n sVersion = \"1.0X\";\r\n bDetected = true;\r\n }\r\n\r\n return result();\r\n}\r\n" }, { "path": "db/PE/protector_SpicesNet.2.sg", "content": "// Detect It Easy: detection rule file\r\n// Author: horsicq \r\n// 25.11.2018 added 5.X Version - A.S.L - asl@onet.eu\r\n\r\nmeta(\"protector\", \"Spices.Net\");\r\n\r\nfunction detect() {\r\n if (PE.isNet()) {\r\n if (PE.isNetObjectPresent(\"NineRays.Obfuscator\")) {\r\n if (PE.isSignaturePresent(PE.section[1].FileOffset - 512, 512, \"'Built using an evaluation version of 9Rays.Net Spices.Obfuscator.'\")) {\r\n sOptions = \"demo\";\r\n }\r\n\r\n bDetected = true;\r\n }\r\n\r\n if (!bDetected) {\r\n var spicesSignature = \"'9Rays.Net Spices.Net Obfuscator'\";\r\n if (PE.isDll()) {\r\n if (PE.isSignatureInSectionPresent(1, spicesSignature) || PE.isSignatureInSectionPresent(0, spicesSignature)) {\r\n sVersion = \"5.X\";\r\n sOptions = \"DLL\";\r\n bDetected = true;\r\n }\r\n }\r\n } else {\r\n if (PE.isSignatureInSectionPresent(0, spicesSignature)) {\r\n sVersion = \"5.X\";\r\n bDetected = true;\r\n }\r\n }\r\n }\r\n\r\n return result();\r\n}\r\n" }, { "path": "db/PE/protector_StarForce.2.sg", "content": "// Detect It Easy: detection rule file\r\n// Author: horsicq \r\n\r\nmeta(\"protector\", \"StarForce\");\r\n\r\nfunction detect() {\r\n if (PE.compareEP(\"68........FF25....63\")) {\r\n sVersion = \"3.0\";\r\n bDetected = true;\r\n } else if (PE.compareEP(\"68........FF25....57\")) {\r\n sVersion = \"1.1\";\r\n sOptions = \"ProActive\";\r\n bDetected = true;\r\n } else if (PE.compareEP(\"5768..0D01006800....00E850..FFFF68......0068......0068......0068......0068......00\")) {\r\n sOptions = \"Protection Driver\";\r\n bDetected = true;\r\n } else if (PE.compareEP(\"E8........000000000000\")) {\r\n sVersion = \"3.X\";\r\n bDetected = true;\r\n } else if (PE.compareEP(\"60e8000000005883c008\") && PE.isSectionNamePresent(\".brick\")) {\r\n sVersion = \"3.4\";\r\n bDetected = true;\r\n } else if (PE.compareEP(\"68........FF25........0000000000\")) {\r\n sVersion = \"3.X\";\r\n bDetected = true;\r\n } else if (PE.isLibraryPresent(\"protect.dll\")) {\r\n sVersion = PE.getPEFileVersion(PE.getFileDirectory() + \"/protect.dll\");\r\n if (!sVersion) {\r\n if (PE.isSectionNamePresent(\".ps4\")) {\r\n sVersion = \"4.X-5.X\";\r\n bDetected = true;\r\n } else if (PE.isSectionNamePresent(\".sforce3\")) {\r\n sVersion = \"3.X\";\r\n bDetected = true;\r\n }\r\n }\r\n } else {\r\n if (PE.isSectionNamePresent(\".ps4\")) {\r\n for (var i = 0; i < PE.getNumberOfImports(); i++) {\r\n if (PE.getNumberOfImportThunks(i) == 1 &&\r\n (!PE.getImportFunctionName(i, 0) || PE.getImportFunctionName(i, 0) == \"1\")) {\r\n var sLibraryName = PE.getImportLibraryName(i);\r\n\r\n sVersion = PE.getPEFileVersion(PE.getFileDirectory() + \"/\" + sLibraryName);\r\n\r\n if (!sVersion) {\r\n sVersion = \"4.X-5.X\";\r\n }\r\n\r\n sOptions = sLibraryName;\r\n bDetected = true;\r\n break;\r\n }\r\n }\r\n }\r\n }\r\n\r\n return result();\r\n}\r\n" }, { "path": "db/PE/protector_Ste@lth_PE.2.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"protector\", \"Ste@lth PE\");\n\nfunction detect() {\n if (PE.findSignature(PE.getSize() - 0x40, 0x40, \"ba........b8........8902424242b8........89024a4a4affd2\") != -1) {\n sVersion = \"2.X\";\n bDetected = true;\n } else if (PE.findSignature(PE.getSize() - 0x40, 0x40, \"b8........ba........8910404040ba........891048484850c3\") != -1) {\n sVersion = \"2.X\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/PE/protector_Tages.2.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\n// http://www.tagesprotection.com/main.htm\nmeta(\"protector\", \"TAGES\");\n\nfunction detect() {\n if (PE.compareEP(\"8925........e8$$$$$$$$6a..6a..c705................e8$$$$$$$$8b4424..0faf4424..506a..ff15........50ff15........c3\")) {\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/PE/protector_Themida.2.sg", "content": "// Detect It Easy: detection rule file\n// Author: ajax\n// History:\n// 21:54 17.01.2013 add 1.X and 2.x\n// 20.09.2013 add 2.X for x64\n\nmeta(\"protector\", \"Themida/Winlicense\");\n\nfunction detectThemida() {\n var sResult = \"\";\n\n if (PE.section.length >= 4) {\n var nEntryPointSection = PE.getEntryPointSection();\n\n if (PE.getResourceSection() == 1 && PE.getImportSection() == 2) {\n if (PE.getAddressOfEntryPoint() == PE.section[nEntryPointSection].VirtualAddress) {\n if (PE.calculateEntropy(PE.section[0].FileOffset, PE.section[0].FileSize) >= 7.5) {\n if (nEntryPointSection == 3) {\n sResult = \"1.X\";\n } else if (nEntryPointSection > 3) {\n sResult = \"2.X\";\n }\n }\n }\n }\n }\n\n return sResult;\n}\n\nfunction detect() {\n if (PE.is64() && PE.compareEP(\"4883EC085053E801000000CC584889C348FFC0482D........482D........4805........803BCC75..C60300\")) {\n sVersion = \"2.X\";\n } else if (PE.isNet()) {\n if (PE.isSignatureInSectionPresent(0, \"b8000000006011c0\")) {\n sVersion = \"1.9\";\n } else if (PE.isSignatureInSectionPresent(0, \"83ec048053e80100\")) {\n sVersion = \"2.X\";\n }\n } else if (PE.compareEP(\"B8........600BC074..E8000000005805..0000008038E975\")) {\n switch (PE.readByte(PE.getEntryPointOffset() + 9)) {\n case 0x58: sVersion = \"1.0.X.X-1.8.0.0\"; break;\n case 0x68: sVersion = \"1.8.X-1.9.X\"; break;\n }\n sOptions = \"Compressed\";\n } else if (PE.compareEP(\"558BEC83C4D860E8000000005A81EA........8BDAC745D8000000008B45D8408945D8817DD880000000\")) {\n sVersion = \"1.0.X.X-1.8.X.X\";\n sOptions = \"NoCompression\";\n } else if (PE.compareEP(\"8BC58BD460E8000000005D81ED........8995........89B5........8985........83BD\")) {\n sVersion = \"1.X\";\n sOptions = \"NoCompression SecureEngine\";\n } else if (PE.compareEP(\"83EC045053E801000000CC588BD840\")) {\n sVersion = \"2.0.1.0-2.1.8.0\";\n } else if (PE.compareEP(\"51b9........85c974$$59e9$$$$$$$$83ec..5053............5889c3402d........2d........05........803b..75..c603..bb........68........68........5350\")) {\n sVersion = \"2.0.1.0-2.1.8.0\";\n } else if (PE.compareEP(\"83EC045053E801000000CC5889C3402D........2D........05........803BCC75..C60300\")) {\n sVersion = \"2.X\";\n } else if (PE.compareEP(\"E9$$$$$$$$8bc58bd460e8\")) {\n sVersion = \"1.1.X-1.2.X\";\n } else if (PE.compareEP(\"eb$$e9$$$$$$$$e9$$$$$$$$565053e8$$$$$$$$5889c3402d\")) {\n bDetected = true;\n } else if (PE.isImportPositionHashPresent(0, 0x3ffccc8a) && PE.isImportPositionHashPresent(1, 0x4b2fc056)) {\n sVersion = \"1.XX-2.XX\";\n } else if (PE.isSectionNamePresent(\".themida\")) {\n sVersion = \"3.XX\";\n } else if (PE.isSectionNamePresent(\".winlice\")) {\n sVersion = \"3.XX, Winlicense\";\n } else if (PE.section[0].Name == \" \" && PE.isImportPositionHashPresent(0, 0x3ffccc8a)) {\n sVersion = \"~2.XX\";\n } else if (PE.section[0].Name == \" \" && PE.isImportPositionHashPresent(0, 0x3651f68d)) {\n bDetected = true;\n } else {\n var sThemidaVersion = detectThemida();\n if (sThemidaVersion) {\n sVersion = sThemidaVersion;\n }\n }\n\n\n bDetected = bDetected || Boolean(sVersion) || Boolean(sOptions);\n\n if (bDetected && PE.isFunctionPresent(\"_CorExeMain\")) sOptions = \"DotNET\";\n\n return result();\n}" }, { "path": "db/PE/protector_Thinstall.2.sg", "content": "// Detect It Easy: detection rule file\r\n// Author: horsicq \r\n\r\nmeta(\"protector\", \"Thinstall(VMware ThinApp)\");\r\n\r\nfunction detect() {\r\n if (PE.compareEP(\"6A00FF1520504000E8D4F8FFFFE9E9ADFFFFFF8BC18B4C2404898829040000C7400C010000000FB64901D1E9894810C7401480000000C204008B442404C7410C010000008981290400000FB64001D1E8894110C741\")) {\r\n sVersion = \"2.403\";\r\n bDetected = true;\r\n } else if (PE.compareEP(\"558BECB8........BB........50E800000000582D..1A0000B9..1A0000BA..1B0000BE00100000BF..530000BD..1A000003E8817500..........7504........817508........81750C........817510\")) {\r\n sVersion = \"2.5XX\";\r\n bDetected = true;\r\n } else if (PE.compareEP(\"558BEC515356576A006A00FF15........50E887FCFFFF5959A1........8B40100305........8945FC8B45FCFFE05F5E5BC9C3000000\")) {\r\n sVersion = \"1.9X\";\r\n bDetected = true;\r\n } else if (PE.compareEP(\"B8EFBEADDE506A00FF15........E9..FFFFFF\")) {\r\n switch (PE.readByte(PE.getEntryPointOffset() + 15)) {\r\n case 0xAD: sVersion = \"2.0X\"; break;\r\n case 0xB9: sVersion = \"2.2X-2.308\"; break;\r\n }\r\n bDetected = true;\r\n } else if (PE.compareEP(\"E8F2FFFFFF5068........68401B0000E842FFFFFFE99DFFFFFF000000000000\")) {\r\n sVersion = \"2.545\";\r\n bDetected = true;\r\n } else if (PE.compareEP(\"E80000000058BB....00002BC35068........68....000068\")) {\r\n switch (PE.readWord(PE.getEntryPointOffset() + 7)) {\r\n case 0x80C1: sVersion = \"2.547-2.600\"; break;\r\n case 0x19AD: sVersion = \"2.609\"; break;\r\n case 0x1EAC: sVersion = \"2.620-2.623\"; break;\r\n case 0x1D34: sVersion = \"2.628\"; break;\r\n default: sVersion = \"2.6XX\";\r\n }\r\n bDetected = true;\r\n } else if (PE.compareEP(\"9C60E80000000058BB........2BC35068........68........68........E8........E9\")) {\r\n sVersion = \"2.7XX\";\r\n bDetected = true;\r\n } else if (PE.compareEP(\"9C6068'StAl'68'ThIn'E80000000058BB........2BC35068\")) {\r\n if (PE.compareEP(\"0028\", 32)) {\r\n sVersion = \"3.035-3.043\";\r\n } else if (PE.compareEP(\"002C\", 32)) {\r\n sVersion = \"3.049-3.080\";\r\n } else if (PE.compareEP(\"BAFE\", 42)) {\r\n sVersion = \"3.0XX\";\r\n } else if (PE.compareEP(\"2CFF\", 42)) {\r\n sVersion = \"3.10X\";\r\n }\r\n bDetected = true;\r\n } else if (PE.compareEP(\"b8........e8........482be08d50..4533c033c9e8........85c075..b9........ff15\")) {\r\n sVersion = \"5.0\";\r\n bDetected = true;\r\n } else if (PE.isOverlayPresent()) {\r\n if (PE.nLastSection >= 1 && PE.section[1].Name == \".res\") {\r\n sVersion = \"4.7.X\";\r\n bDetected = true;\r\n }\r\n }\r\n if (PE.compareEP(\"6a..6a..6a..e8$$$$$$$$8bff558bec837d....75..e8$$$$$$$$8bff558bec83ec..a1........8365\")) {\r\n if (PE.compareOverlay(\"09050000\")) {\r\n sVersion = \"5.2.2\";\r\n bDetected = true;\r\n }\r\n }\r\n if (PE.compareEP(\"6a..6a..6a..e8$$$$$$$$558bec837d....75..e8$$$$$$$$558bec83ec..8365....8365....a1\")) {\r\n if (PE.compareOverlay(\"09050000\")) {\r\n sVersion = \"5.2.4\";\r\n bDetected = true;\r\n }\r\n }\r\n if (bDetected) {\r\n var _sVersion = PE.getVersionStringInfo(\"ThinAppVersion\");\r\n if (_sVersion) {\r\n sVersion = _sVersion;\r\n }\r\n }\r\n\r\n return result();\r\n}\r\n" }, { "path": "db/PE/protector_UG2002_Cruncher.2.sg", "content": "// Detect It Easy: detection rule file\r\n// Author: horsicq \r\n\r\nmeta(\"protector\", \"UG2002 Cruncher\");\r\n\r\nfunction detect() {\r\n if (PE.compareEP(\"60E8........5D81ED........E80D................................58\")) {\r\n sVersion = \"0.3b3\";\r\n bDetected = true;\r\n }\r\n\r\n return result();\r\n}\r\n" }, { "path": "db/PE/protector_UPX_Protector.2.sg", "content": "// Detect It Easy: detection rule file\r\n// Author: horsicq \r\n\r\nmeta(\"protector\", \"UPX Protector\");\r\n\r\nfunction detect() {\r\n if (PE.compareEP(\"EB..........8A064688074701DB75078B1E83EEFC11DB\")) {\r\n sVersion = \"1.0X\";\r\n bDetected = true;\r\n }\r\n\r\n return result();\r\n}\r\n" }, { "path": "db/PE/protector_UPolyX.2.sg", "content": "// Detect It Easy: detection rule file\r\n// Author: horsicq \r\n\r\nmeta(\"protector\", \"UPolyX\");\r\n\r\nfunction detect() {\r\n if (PE.compareEP(\"81FD00FBFFFF83D1..8D142F83FDFC76..8A02428807474975\")) {\r\n sVersion = \"0.X\";\r\n bDetected = true;\r\n } else if (PE.compareEP(\"E2..FF..0000000000000000000000000000\")) {\r\n sVersion = \"0.1\";\r\n bDetected = true;\r\n } else if (PE.compareEP(\"558BEC..00BD46008B..B9..00000080....51\")) {\r\n sVersion = \"0.5\";\r\n bDetected = true;\r\n } else if (PE.compareEP(\"BB........83EC04891C24..B9..0000008033\")) {\r\n sVersion = \"0.5\";\r\n bDetected = true;\r\n } else if (PE.compareEP(\"E8000000005983C10751C3C3\")) {\r\n sVersion = \"0.5\";\r\n bDetected = true;\r\n } else if (PE.compareEP(\"EB01C3\")) {\r\n sVersion = \"0.5\";\r\n bDetected = true;\r\n } else if (PE.compareEP(\"83EC0489..2459....000000\")) {\r\n sVersion = \"0.5\";\r\n bDetected = true;\r\n }\r\n\r\n return result();\r\n}\r\n" }, { "path": "db/PE/protector_UltraPro.2.sg", "content": "// Detect It Easy: detection rule file\r\n// Author: horsicq \r\n\r\nmeta(\"protector\", \"UltraPro\");\r\n\r\nfunction detect() {\r\n if (PE.compareEP(\"A1........85C00F853B0600005556C705........01000000FF15\")) {\r\n sVersion = \"1.0\";\r\n bDetected = true;\r\n } else if (PE.compareEP(\"60E8070000006168....4000C383042418C32083B8ED2037EFC6B979379E61\")) {\r\n sVersion = \"0.75\";\r\n bDetected = true;\r\n } else if (PE.compareEP(\"83EC04C7042400......C300....000000000000000000000000....001000000002000001\")) {\r\n sVersion = \"1.03-1.10\";\r\n bDetected = true;\r\n }\r\n\r\n return result();\r\n}\r\n" }, { "path": "db/PE/protector_VBox.2.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"protector\", \"VBox\");\n\nfunction detect() {\n if (PE.compareEP(\"ff7424..ff7424..ff7424..68........68........68........68........ff15\")) {\n if (PE.isLibraryPresent(\"vboxp410.dll\")) {\n sVersion = \"4.10\";\n bDetected = true;\n }\n }\n\n if (PE.findSignature(PE.getEntryPointOffset(), 0x1000, \"558bec83c4..5657be........8b45..8946..ff75..8f46..8b45..8946..56\") !== -1) {\n sVersion = \"4.20\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/PE/protector_VCasm-Protector.2.sg", "content": "// Detect It Easy: detection rule file\r\n// Author: horsicq \r\n\r\nmeta(\"protector\", \"VCasm-Protector\");\r\n\r\nfunction detect() {\r\n if (PE.compareEP(\"558BEC6AFF68........68........64A1000000005064892500000000E803000000\")) {\r\n sVersion = \"1.0X\";\r\n bDetected = true;\r\n } else if (PE.compareEP(\"EB..'[VProtect]'\")) {\r\n if (PE.compareEP(\"..0A\")) {\r\n sVersion = \"1.0e\";\r\n } else if (PE.compareEP(\"..0B\")) {\r\n sVersion = \"1.1-1.2\";\r\n } else {\r\n sVersion = \"1.X\";\r\n }\r\n bDetected = true;\r\n }\r\n\r\n return result();\r\n}\r\n" }, { "path": "db/PE/protector_VMProtect.2.sg", "content": "// Detect It Easy: detection rule file\r\n// Authors: ajax, hypn0, DosX\r\n\r\n// https://vmpsoft.com/\r\nmeta(\"protector\", \"VMProtect\");\r\n\r\nfunction detect() {\r\n if (PE.isNet()) return; // Native files only\r\n\r\n var nNumberOfSections = PE.getNumberOfSections();\r\n\r\n var sVMPSectionName;\r\n\r\n for (var i = nNumberOfSections - 1; i >= 0; i--) {\r\n if (i == PE.getRelocsSection() || i == PE.getResourceSection()) {\r\n continue;\r\n }\r\n\r\n if (PE.getSectionName(i)) {\r\n sVMPSectionName = PE.getSectionName(i);\r\n\r\n if (i > 0 &&\r\n sVMPSectionName == \".vmp0\") {\r\n bDetected = true;\r\n\r\n break;\r\n } else if (i > 1 &&\r\n (sVMPSectionName.substr(sVMPSectionName.length - 1) == \"1\")) {\r\n var sCollision = PE.getSectionNameCollision(\"0\", \"1\");\r\n\r\n if (PE.isSectionNamePresent(sCollision + \"1\")) {\r\n bDetected = true;\r\n\r\n break;\r\n }\r\n } else if (i > 2 &&\r\n (sVMPSectionName.substr(sVMPSectionName.length - 1) == \"2\")) {\r\n var sCollision = PE.getSectionNameCollision(\"1\", \"2\");\r\n\r\n if (PE.isSectionNamePresent(sCollision + \"1\") &&\r\n PE.isSectionNamePresent(sCollision + \"0\")) {\r\n bDetected = true;\r\n\r\n break;\r\n }\r\n } else if (i > 3 &&\r\n (sVMPSectionName.substr(sVMPSectionName.length - 1) == \"3\")) {\r\n var sCollision = PE.getSectionNameCollision(\"2\", \"3\");\r\n\r\n if (PE.isSectionNamePresent(sCollision + \"2\") &&\r\n PE.isSectionNamePresent(sCollision + \"1\") &&\r\n PE.isSectionNamePresent(sCollision + \"0\")) {\r\n bDetected = true;\r\n\r\n break;\r\n }\r\n }\r\n }\r\n\r\n break;\r\n }\r\n\r\n if (bDetected) {\r\n if (PE.is64()) {\r\n sVersion = \"2.XX-3.XX\";\r\n }\r\n\r\n if (sVMPSectionName) {\r\n if (sVMPSectionName.substr(sVMPSectionName.length - 1) == \"0\") {\r\n sOptions = \"min protection\";\r\n }\r\n }\r\n\r\n if (PE.isImportPositionHashPresent(-1, 0x1ff3103f)) {\r\n sVersion = \"1.70\";\r\n } else if (PE.isImportPositionHashPresent(-1, 0x0c16df2d)) {\r\n sVersion = \"1.70\";\r\n sOptions = \"max protection\";\r\n } else if (PE.isImportPositionHashPresent(-1, 0x9d12b153)) {\r\n sVersion = \"2.0.3-2.13\";\r\n } else if (PE.isImportPositionHashPresent(-1, 0x1e5500c1)) {\r\n sVersion = \"3.0.0\";\r\n } else if (PE.isImportPositionHashPresent(-1, 0xc5fb6a4b)) {\r\n sVersion = \"3.0.9\";\r\n } else if (PE.isImportPositionHashPresent(-1, 0x5caa99c7)) {\r\n sVersion = \"3.2.0-3.5.0\";\r\n }\r\n }\r\n\r\n var bEnableNewEngine = true; // Need more researches\r\n\r\n if (bEnableNewEngine && !bDetected && PE.isDeepScan()) {\r\n var da = \"\",\r\n das = \"\",\r\n res = 0,\r\n jmp = 0;\r\n\r\n var ep = PE.OffsetToVA(PE.getEntryPointOffset()),\r\n count = 0;\r\n\r\n while (das.substr(0, das.indexOf('+')) != \"MOV EDX, DWORD PTR [EAX*4 \" &&\r\n das.substr(0, das.indexOf('+')) != \"MOV EBX, DWORD PTR [EAX*4 \" &&\r\n das.substr(0, das.indexOf('+')) != \"MOV ECX, DWORD PTR [EAX*4 \" && count < 1000) {\r\n count++;\r\n\r\n var byte = PE.readByte(PE.VAToOffset(ep)),\r\n da = PE.getDisasmString(ep),\r\n das = da;\r\n\r\n if (da.indexOf(' ') != -1) {\r\n da = da.substr(0, da.indexOf(' '));\r\n }\r\n\r\n var fresh = 0;\r\n if ((byte == 0xFF && da == \"JMP\") || ((byte == 0xC3 || byte == 0xC2) && da == \"RET\")) {\r\n fresh = 1;\r\n break;\r\n }\r\n\r\n if (byte == 0xFF && da == \"CALL\") break;\r\n\r\n if (da.indexOf(' ') != -1)\r\n da = da.substr(0, da.indexOf(' '));\r\n\r\n\r\n if (da == \"CLC\" || da == \"CMC\") { res++; }\r\n if (da == \"PUSHFD\") { res++; }\r\n if (da == \"PUSHAL\") { res++; }\r\n if (da == \"XOR\") { res++; }\r\n if (da == \"NEG\" || da == \"NOT\") { res++; }\r\n if (da == \"SAR\" || da == \"SAL\") { res++; }\r\n if (da == \"JMP\" || da == \"CALL\") { jmp++; }\r\n if (da == \"BT\" || da == \"BTR\" || da == \"BTS\" || da == \"BTC\") { res++; }\r\n if (da == \"BSF\" || da == \"BSR\" || da == \"BSWAP\") { res++; }\r\n if (da == \"ROL\" || da == \"ROR\" || da == \"RCL\" || da == \"RCR\") { res++; }\r\n\r\n ep = PE.getDisasmNextAddress(ep);\r\n }\r\n\r\n if (res > 10 && count < 200) {\r\n if (fresh == 1) { sVersion = \"new\"; } else { sVersion = \"old\"; }\r\n sOptions = \"DS\";\r\n bDetected = true;\r\n }\r\n }\r\n\r\n\r\n // packer detection\r\n var kernel32Count = 0;\r\n for (var i = 0; i < PE.getNumberOfImports(); i++) {\r\n if (PE.getImportLibraryName(i) === \"KERNEL32.dll\") {\r\n kernel32Count++;\r\n }\r\n\r\n if (kernel32Count >= 2) {\r\n if (PE.is64() && PE.compare(\"4D 5A ?? 00 ?? 00 00 00 04 00 ?? 00 FF FF 00 00 B8 00 00 00 00 00 00 00 40 00 ?? 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 ?? ?? ?? 0E ?? B4 09 CD 21 B8 01 4C CD\")) {\r\n bDetected = true;\r\n sOptions = sOptions.append(\"packed\");\r\n }\r\n\r\n break;\r\n }\r\n }\r\n\r\n return result();\r\n}\r\n\r\nfunction detectVmp(sSectionName) {\r\n if (PE.section[sSectionName]) {\r\n var nCharacteristics = PE.section[sSectionName].Characteristics;\r\n if (nCharacteristics == 0x60000060 ||\r\n nCharacteristics == 0xE0000060 ||\r\n nCharacteristics == 0xE0000040 ||\r\n nCharacteristics == 0x68000060 ||\r\n nCharacteristics == 0xe2000060)\r\n return true;\r\n }\r\n\r\n return false;\r\n}\r\n\r\nfunction detectVmp2() {\r\n if (PE.section.length > 7) {\r\n var nCount = 5,\r\n nResource = PE.getResourceSection(),\r\n nRelocs = PE.getRelocsSection();\r\n\r\n if (nResource > PE.section.length - nCount)\r\n nCount++;\r\n\r\n if (nRelocs > PE.section.length - nCount)\r\n nCount++;\r\n\r\n\r\n var nDetectCount = 0,\r\n nLastVMPSection = 0;\r\n\r\n for (var nSection = PE.section.length - nCount; nSection < PE.section.length; nSection++) {\r\n if (nSection == nResource || nSection == nRelocs)\r\n continue;\r\n\r\n if (PE.section[nSection].FileSize == 0 && PE.section[nSection].FileOffset == 0)\r\n nDetectCount++;\r\n\r\n if (PE.section[nSection].FileSize != 0 && PE.section[nSection].FileOffset != 0)\r\n nLastVMPSection = nSection;\r\n }\r\n\r\n if (nDetectCount >= 3) {\r\n if (PE.getEntryPointSection() == nLastVMPSection) {\r\n if (PE.section[nLastVMPSection].Characteristics == 0xE0000060) {\r\n if (PE.calculateEntropy(PE.section[nLastVMPSection].FileOffset, PE.section[nLastVMPSection].FileSize) > 7.6) {\r\n return true;\r\n }\r\n } else if (PE.section[nLastVMPSection].Characteristics & 0x20000000) { // Fix sent Deniskore\r\n var nSectionOffset = PE.section[nLastVMPSection].FileOffset,\r\n nSectionSize = PE.section[nLastVMPSection].FileSize,\r\n nOffset = nSectionOffset,\r\n nSize = nSectionSize,\r\n nCount = 0,\r\n nSignatureOffset = 0;\r\n\r\n while (nSize > 0) {\r\n nSignatureOffset = PE.findSignature(nOffset, nSize, \"9c8d64\");\r\n if (nSignatureOffset == -1)\r\n break;\r\n nCount++;\r\n nOffset = nSignatureOffset + 3;\r\n nSize = nSectionSize - (nSignatureOffset - nSectionOffset);\r\n if (nCount >= 2) {\r\n return true;\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n\r\n return false;\r\n}\r\n\r\n/* function detect_old() {\r\n if (PE.section[\".vmp0\"] && (PE.compareEP(\"68........E9\") || PE.compareEP(\"68........E8\"))) {\r\n sVersion = \"1.60-2.05\";\r\n bDetected = true;\r\n } else if (detectVmp(\".vmp0\") || detectVmp(\".vmp1\") || detectVmp(\".vmp2\")) {\r\n bDetected = true;\r\n } else if (PE.compareEP(\"54c70424........9c60c74424..........c64424....887424..60\")) {\r\n sVersion = \"2.06\";\r\n bDetected = true;\r\n } else if (PE.compareEP(\"e8$$$$$$$$e9$$$$$$$$880424881c24c70424........9ce8\")) {\r\n sVersion = \"2.07\";\r\n bDetected = true;\r\n } else if (PE.compareEP(\"9ce8$$$$$$$$e8$$$$$$$$c74424..........e9$$$$$$$$e8$$$$$$$$c74424..........526068\")) {\r\n sVersion = \"2.12-13\";\r\n bDetected = true;\r\n } else if (PE.compareEP(\"9c9cc74424..........9cc74424..........9c528d6424..e9\")) {\r\n sVersion = \"2.12-13\";\r\n bDetected = true;\r\n } else if (PE.compareEP(\"68........e8$$$$$$$$41574150448ac350410f96c057415148c7c7\")) {\r\n sVersion = \"3.0X\";\r\n bDetected = true;\r\n } else {\r\n var collision = PE.getSectionNameCollision(\"0\", \"1\");\r\n\r\n if (collision) {\r\n if (PE.compareEP(\"68........E9\") || PE.compareEP(\"68........E8\")) {\r\n sVersion = \"1.X\";\r\n bDetected = true;\r\n } else if (PE.compareEP(\"9cE9\") || PE.compareEP(\"9cFF\")) {\r\n sVersion = \"2.X\";\r\n bDetected = true;\r\n } else if (detectVmp(collision + \"0\") && detectVmp(collision + \"1\")) {\r\n bDetected = true;\r\n }\r\n }\r\n if (!bDetected && detectVmp2()) {\r\n sVersion = \"2.X\";\r\n bDetected = true;\r\n }\r\n }\r\n\r\n if (bDetected) {\r\n if (PE.section.length < 3 || (PE.section.length == 3 && PE.section[0].FileSize == 0)) {\r\n bDetected = false;\r\n }\r\n }\r\n} */\r\n" }, { "path": "db/PE/protector_VMProtect_NET.2.sg", "content": "// Detect It Easy: detection rule file\n\n// Author: DosX\n// E-Mail: collab@kay-software.ru\n// GitHub: https://github.com/DosX-dev\n// Telegram: @DosX_dev\n\n// https://vmpsoft.com/\nmeta(\"protector\", \"VMProtect\");\n\nfunction detect() {\n\n if (PE.isNet() &&\n PE.isNetGlobalCctorPresent() &&\n PE.getNumberOfSections() >= 3 &&\n PE.isNetObjectPresent(\"SuppressIldasmAttribute\") &&\n PE.isNetObjectPresent(\"kernel32\") &&\n PE.isNetObjectPresent(\"get_IsAttached\") &&\n PE.isNetObjectPresent(\"OpCodes\")) {\n\n const\n chunk = \"%% %% %% %% %% %% %% %% 00\", // chunk size is 8 bytes\n scanBytes = PE.getSize() - PE.getOverlaySize();\n\n var globalBigPattern = \"00\";\n\n for (var i = 0; i < 12; i++) {\n globalBigPattern += chunk;\n }\n\n var firstSection = PE.section[0];\n\n if (PE.isSignaturePresent(firstSection.FileOffset, scanBytes, \"'' 00\" + chunk) &&\n PE.isSignaturePresent(firstSection.FileOffset, scanBytes, globalBigPattern)) {\n sVersion = \"3.X\";\n bDetected = true;\n }\n\n\n if (bDetected) {\n if (PE.isSignaturePresent(firstSection.FileOffset, scanBytes, generateUnicodeSignatureMask(\"Program will be terminated.\"))) { // Unicode [global] string\n sOptions = \"Resources protection\";\n }\n\n var sectionNameCollision = PE.getSectionNameCollision(\"0\", \"1\");\n\n if (sectionNameCollision === \".vmp\") {\n sVersion = \"2.X-3.X\";\n } else if (sectionNameCollision) {\n sOptions += (sOptions.length != 0 ? \" + \" : \"\") + \"Custom sections\";\n }\n\n bDetected = bDetected && !PE.isNetObjectPresent(\"VMProtect\"); // fake signature\n }\n }\n\n return result();\n}\n\nfunction generateUnicodeSignatureMask(inputString) {\n var output = \"\";\n for (var c = 0; c < inputString.length; c++) { output += (c != 0 ? \"00\" : \"\") + \"'\" + inputString[c] + \"'\"; }\n return output;\n}\n\n// Hello Ivan Permyakov and thanks for your contribution to Open Source!" }, { "path": "db/PE/protector_VaySoft_PDF2EXE.2.sg", "content": "// Detect It Easy: detection rule file\n// Author: A.S.L \n\nmeta(\"protector\", \"VaySoft PDF to EXE Converter\");\n\nfunction detect() {\n if (PE.compareEP(\"558BECB9\")) {\n if (PE.compareOverlay(\"255B484220322A\")) {\n sOptions = \"PDF Adv.Xor Ovl.\";\n sVersion = \"6.82\";\n bDetected = true;\n }\n }\n\n return result();\n}" }, { "path": "db/PE/protector_VbsToExe.1.sg", "content": "// Detect It Easy: detection rule file\r\n// Author: horsicq \r\n// sign by A.S.L - asl@onet.eu\r\n// fixed by adoxa\r\n\r\nmeta(\"protector\", \"Vbs To Exe\");\r\n\r\nfunction detect() {\r\n if (PE.resource[\"D\"]) {\r\n if (PE.compare(\"'2edecompile'\", PE.resource[\"D\"].Offset + 2)) {\r\n sVersion = \"2.0.2.0\";\r\n bDetected = true;\r\n } else if (PE.resource[\"D\"].Size == 14 &&\r\n PE.isResourceNamePresent(\"B\") &&\r\n PE.isResourceNamePresent(\"F\") &&\r\n PE.isResourceNamePresent(\"I\") &&\r\n PE.isResourceNamePresent(\"N\") &&\r\n PE.isResourceNamePresent(\"O\")) {\r\n sVersion = \"2.0.2.0\";\r\n bDetected = true;\r\n }\r\n if (bDetected) {\r\n if (PE.isResourceNamePresent(\"P\")) {\r\n sOptions = \"Protected\";\r\n }\r\n }\r\n }\r\n\r\n sLang = \"VBScript\";\r\n\r\n return result();\r\n}\r\n" }, { "path": "db/PE/protector_Virbox.2.sg", "content": "// Detect It Easy: detection rule file\n// Author: Vito <@ScalletaZ>\n\nmeta(\"protector\", \"Virbox\");\n\nfunction detect() {\n if (PE.compare(\"'SENS'\", 40)) {\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/PE/protector_XCR.2.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"protector\", \"XCR\");\n\nfunction detect() {\n if (PE.compareEP(\"9371..EB$$EB$$8BD878$$EB$$9C33C0EB$$74$$EB$$6079..EB$$E8$$$$$$$$83C4..E8$$$$$$$$8D05........EB$$5D85ED75\")) {\n sVersion = \"0.13\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/PE/protector_Xenocode_Postbuild.2.sg", "content": "// Detect It Easy: detection rule file\r\n// Author: horsicq \r\n\r\nmeta(\"protector\", \"Xenocode Postbuild\");\r\n\r\nfunction detect() {\r\n if (PE.isNetObjectPresent(\"Xenocode.Client.Attributes.AssemblyAttributes\")) {\r\n sVersion = \"2.X-3.X\";\r\n bDetected = true;\r\n } else if (PE.isSectionNamePresent(\".xcpad\") && PE.compareOverlay(\"'xvm'0001\")) {\r\n bDetected = true;\r\n }\r\n\r\n return result();\r\n}\r\n" }, { "path": "db/PE/protector_XerinFuscator.2.sg", "content": "// Detect It Easy: detection rule file\n\n// Author: DosX\n// E-Mail: collab@kay-software.ru\n// GitHub: https://github.com/DosX-dev\n// Telegram: @DosX_dev\n\nmeta(\"protector\", \"XerinFuscator\");\n\nfunction detect() {\n if (PE.isNet()) {\n if (PE.isNetObjectPresent(\"XerinAtrribute\")) { // At[rr]ibute <- developer mistake\n const\n sectionToCheck = PE.section[0].Name === \".text\" ? PE.section[0] : PE.section[1],\n versionStringOffset = PE.findString(sectionToCheck.FileOffset, sectionToCheck.FileSize, \"XerinFuscator v\");\n\n if (versionStringOffset != -1) {\n sVersion = PE.getString(versionStringOffset + 15, 0x15);\n bDetected = true;\n\n if (PE.isNetObjectPresent(\"Xerin.Runtime\")) sOptions = \"XVM\";\n }\n } else {\n if (PE.isNetUStringPresent(\"C# version only supports level 1 and 3\") && PE.getNumberOfSections() > 1 && PE.section[0].Name !== \".text\") {\n bDetected = true;\n }\n\n if (!bDetected && PE.isSectionNamePresent(\".Xerin\")) {\n sVersion = \"Legacy\";\n bDetected = true;\n }\n }\n }\n\n return result();\n}" }, { "path": "db/PE/protector_Xtreamlok.2.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"protector\", \"Xtreamlok (SoftWrap)\");\n\nfunction detect() {\n if (PE.compareEP(\"9090eb$$525351565755e8000000005d81ed........e8$$$$$$$$6a..e9\")) {\n sVersion = \"1.X-3.X\";\n bDetected = true;\n } else if (PE.compareEP(\"90eb$$525351565755e8000000005d81ed........e8$$$$$$$$6a..e9\")) {\n sVersion = \"1.X-3.X\";\n bDetected = true;\n } else if (PE.compareEP(\"909090eb$$525351565755e8000000005d81ed........e8$$$$$$$$6a..e9\")) {\n sVersion = \"1.X-3.X\";\n bDetected = true;\n } else if (PE.compareEP(\"eb$$525351565755e8000000005d81ed........e8$$$$$$$$6a..e9\")) {\n sVersion = \"1.X-3.X\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/PE/protector_Yano.2.sg", "content": "// Detect It Easy: detection rule file\r\n// Author: horsicq \r\n\r\n// https://yano.informer.com/\r\nmeta(\"protector\", \"Yano\");\r\n\r\nfunction detect() {\r\n if (PE.isNetObjectPresent(\"YanoAttribute\")) {\r\n sVersion = \"1.X\";\r\n bDetected = true;\r\n }\r\n\r\n return result();\r\n}\r\n" }, { "path": "db/PE/protector_Yodas_Protector.2.sg", "content": "// Detect It Easy: detection rule file\r\n// Author: horsicq \r\n\r\nmeta(\"protector\", \"Yoda's Protector\");\r\n\r\nfunction detect() {\r\n if (PE.compareEP(\"558BEC535657E8$$$$$$$$E8$$$$$$$$33C064FF30648920CCC3\")) {\r\n sVersion = \"1.01\";\r\n bDetected = true;\r\n } else if (PE.compareEP(\"E8$$$$$$$$BB........E8$$$$$$$$E8$$$$$$$$33c064ff306489204bccc3\") && PE.section[PE.nLastSection].Name !== \".inq\") {\r\n sVersion = \"1.02-1.03\";\r\n bDetected = true;\r\n }\r\n\r\n return result();\r\n}\r\n" }, { "path": "db/PE/protector_Yummy_Game_SoftwareShield.2.sg", "content": "// Detect It Easy: detection rule file\n// Author: Levis \n\nmeta(\"protector\", \"Yummy Game SoftwareShield\");\n\nfunction detect() {\n if (PE.compareEP(\"31C0E9B9FFFFFFC3\")) {\n sVersion = \"5.X\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/PE/protector_Zprotect.2.sg", "content": "// Detect It Easy: detection rule file\r\n// Author: horsicq \r\n\r\nmeta(\"protector\", \"Zprotect\");\r\n\r\nfunction detect() {\r\n if (PE.section.length > 3) {\r\n if (PE.section[0].FileOffset == 0 && PE.section[0].FileSize == 0) {\r\n if (!PE.isDosStubPresent()) {\r\n if (PE.compare(\"6B65726E656C33322E646C6C000000005669727475616C416C6C6F6300000000\", PE.section[1].FileOffset)) {\r\n sVersion = \"1.X\";\r\n bDetected = true;\r\n } else if ((PE.getEntryPointSection() == 1) && (PE.calculateEntropy(PE.section[2].FileOffset, PE.section[2].FileSize) > 7.6)) {\r\n sVersion = \"1.X\";\r\n bDetected = true;\r\n }\r\n }\r\n }\r\n }\r\n if (PE.compareEP(\"e8$$$$$$$$87..248d..........87..24e9$$$$$$$$60e9$$$$$$$$54e9\")) {\r\n bDetected = true;\r\n }\r\n\r\n // TODO EP NFD\r\n\r\n return result();\r\n}\r\n" }, { "path": "db/PE/protector_bambam.2.sg", "content": "// Detect It Easy: detection rule file\r\n// Author: horsicq \r\n\r\nmeta(\"protector\", \"bambam\");\r\n\r\nfunction detect() {\r\n if (PE.compareEP(\"6A14E89A050000....5368........E86CFDFFFF\")) {\r\n sVersion = \"0.01\";\r\n bDetected = true;\r\n } else if (PE.compareEP(\"4d5a90eb$$52e9$$$$$$$$eb$$64a1........eb$$8b48......eb$$05........eb$$668138\")) {\r\n sVersion = \"0.1\";\r\n bDetected = true;\r\n } else if (PE.getNumberOfImports() === 0 && PE.isImportPositionHashPresent(0, 0xb5b153cd)) {\r\n bDetected = true;\r\n }\r\n\r\n if (bDetected && !PE.isSectionNamePresent(\".bedrock\")) {\r\n sOptions = \"modified\";\r\n }\r\n\r\n return result();\r\n}\r\n" }, { "path": "db/PE/protector_beria.2.sg", "content": "// Detect It Easy: detection rule file\r\n// Author: horsicq \r\n\r\nmeta(\"protector\", \"Beria\");\r\n\r\nfunction detect() {\r\n if (PE.compareEP(\"83EC18538B1D0030....555657683007000033ED55FFD38BF03BF5740D89AE20070000E8880F0000EB0233F66A105589353040....FFD38BF03BF57409892EE83CFEFFFFEB0233F66A18558935D843....FFD38BF0\")) {\r\n sVersion = \"0.07\";\r\n bDetected = true;\r\n }\r\n\r\n return result();\r\n}\r\n" }, { "path": "db/PE/protector_eXPressor.2.sg", "content": "// Detect It Easy: detection rule file\r\n// Author: horsicq \r\n\r\n// https://www.cgsoftlabs.ro/express.html\r\nmeta(\"protector\", \"eXPressor\");\r\n\r\nfunction detect() {\r\n if (PE.compareEP(\"E935140000E931130000E998120000E9EF0C0000E94213\")) {\r\n sVersion = \"1.0\";\r\n } else if (PE.compareEP(\"E915130000E9F0120000E958120000E9AF0C0000E9AE02\")) {\r\n sVersion = \"1.1\";\r\n } else if (PE.compareEP(\"558BEC81EC....0000535657EB0C'ExPr-v.1.2.'\")) {\r\n sVersion = \"1.2\";\r\n } else if (PE.compareEP(\"558BEC83EC..535657EB0C'ExPr-v.1.3.'\")) {\r\n sVersion = \"1.3\";\r\n } else if (PE.compareEP(\"558BEC83EC..535657EB0C'ExPr-v.1.4.'\")) {\r\n sVersion = \"1.4\";\r\n } else if (PE.compareEP(\"8BEC83EC..5356578365....F3EB0C'eXPr-v.1.4.'\")) {\r\n sVersion = \"1.4\";\r\n } else if (PE.compareEP(\"558BEC83EC..5356578365..00F3EB0C'eXPr-v.1.4.'00\")) {\r\n sVersion = \"1.4.5.X\";\r\n } else if (PE.compareEP(\"558BEC81EC........53565783A5..........F3EB0C'eXPr-v.1.5.'00\")) {\r\n sVersion = \"1.5.0.X\";\r\n } else if (PE.compareEP(\"558BEC81EC........53565783A5..........F3EB0C'eXPr-v.1.6.'\")) {\r\n sVersion = \"1.6\";\r\n } else if (PE.compareEP(\"..68........E8$$$$$$$$....81EC........53565783A5..........F3EB0C'eXPr-v.1.6.'\")) {\r\n sVersion = \"1.6\";\r\n } else if (PE.compareEP(\"6a..68........E8$$$$$$$$....81EC........53565783A5..........F3EB0C'eXPr-v.1.6.'\")) {\r\n sVersion = \"1.6\";\r\n } else if (PE.compareEP(\"6a..6a..6a..6a..68........E8$$$$$$$$....81EC........53565783A5..........F3EB0C'eXPr-v.1.6.'\")) {\r\n sVersion = \"1.6\";\r\n } else if (PE.compareEP(\"EB0168EB01........83EC0C535657EB01..833D........007408EB01E9E956010000EB02\")) {\r\n bDetected = true;\r\n } else if (PE.compareEP(\"68########eb$$eb$$558bec83ec..535657eb$$833d..........74\")) {\r\n sVersion = \"1.6.1\";\r\n } else if (PE.compareEP(\"68........C3\")) {\r\n if (PE.section.length >= 3 && PE.section[0].FileSize == 0 && PE.section[2].Name == \".code\") {\r\n sVersion = \"1.5-1.6\";\r\n }\r\n }\r\n\r\n bDetected = bDetected || Boolean(sVersion);\r\n\r\n return result();\r\n}\r\n" }, { "path": "db/PE/protector_hmimys_Protect.2.sg", "content": "// Detect It Easy: detection rule file\r\n// Author: horsicq \r\n\r\nmeta(\"protector\", \"hmimys Protect\");\r\n\r\nfunction detect() {\r\n if (PE.compareEP(\"5E83C664AD50AD5083EE6CAD50AD50AD50AD50AD50E8\")) {\r\n sVersion = \"0.1\";\r\n bDetected = true;\r\n } else if (PE.compareEP(\"E8BA000000..00000000....00..............00......0000....00......00......00......00......00......00..00000000000000......000000000000000000......00......000000000000000000\")) {\r\n sVersion = \"1.0\";\r\n bDetected = true;\r\n } else if (PE.compareEP(\"ba........ffe2ba........b8........890283c2..b8........890283c2..ffe2\")) {\r\n sVersion = \"0.1\";\r\n bDetected = true;\r\n }\r\n\r\n return result();\r\n}\r\n" }, { "path": "db/PE/protector_iPB_Protect.2.sg", "content": "// Detect It Easy: detection rule file\r\n// Author: horsicq \r\n\r\nmeta(\"protector\", \"iPB Protect\");\r\n\r\nfunction detect() {\r\n if (PE.compareEP(\"558BEC6AFF68'KCUF'68'TIHS'64A100000000\")) {\r\n sVersion = \"0.1.3-0.1.7\";\r\n bDetected = true;\r\n }\r\n\r\n return result();\r\n}\r\n" }, { "path": "db/PE/protector_kkryptor.2.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"protector\", \"k.kryptor\");\n\nfunction detect() {\n if (PE.compareEP(\"eb$$60e8........5e8d....b9........4933c05102....d3c04979..33....5900\")) {\n sVersion = \"3\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/PE/protector_tElock.2.sg", "content": "// Detect It Easy: detection rule file\r\n// Author: horsicq \r\n\r\nmeta(\"protector\", \"tElock\");\r\n\r\nfunction detect() {\r\n if (PE.compareEP(\"668BC08D2424EB01EB60EB01EB9CE8000000005E83C6508BFE68\")) {\r\n sVersion = \"0.41X\";\r\n bDetected = true;\r\n } else if (PE.compareEP(\"C1EE00668BC9EB01EB60EB01EB9CE8000000005E83C6\")) {\r\n switch (PE.readByte(PE.getEntryPointOffset() + 22)) {\r\n case 0x52: sVersion = \"0.4X\"; break;\r\n case 0x5E: sVersion = \"0.5X\"; break;\r\n }\r\n bDetected = true;\r\n } else if (PE.compareEP(\"E90000000060E8000000005883C008\")) {\r\n sVersion = \"0.60\";\r\n bDetected = true;\r\n } else if (PE.compareEP(\"60E8....0000C383\")) {\r\n switch (PE.readWord(PE.getEntryPointOffset() + 2)) {\r\n case 0x10BD: sVersion = \"0.70\"; break;\r\n case 0x10ED: sVersion = \"0.71\"; break;\r\n case 0x1144: sVersion = \"0.71b2\"; break;\r\n case 0x1148: sVersion = \"0.71b7\"; break;\r\n case 0x11F9: sVersion = \"0.80\"; break;\r\n default: sVersion = \"0.7X-0.84\";\r\n }\r\n bDetected = true;\r\n } else if (PE.compareEP(\"60E802000000CD20E8000000005E2BC9587402\")) {\r\n sVersion = \"0.85f\";\r\n bDetected = true;\r\n } else if (PE.compareEP(\"....E802000000E800E8000000005E2B\")) {\r\n sVersion = \"0.90\";\r\n bDetected = true;\r\n } else if (PE.compareEP(\"E9....FFFF\")) {\r\n if (PE.compareEP(\"E97EE9\")) {\r\n sVersion = \"0.92a\";\r\n bDetected = true;\r\n } else if (PE.compareEP(\"E9D5E4\")) {\r\n sVersion = \"0.95\";\r\n bDetected = true;\r\n } else if (PE.compareEP(\"E959E4\")) {\r\n sVersion = \"0.96\";\r\n bDetected = true;\r\n } else if (PE.compareEP(\"E925E4\")) {\r\n sVersion = \"0.98b1\";\r\n bDetected = true;\r\n } else if (PE.compareEP(\"E91BE4\")) {\r\n sVersion = \"0.98b2\";\r\n bDetected = true;\r\n } else if (PE.compareEP(\"E999D7\")) {\r\n sVersion = \"0.98 Special Build\";\r\n bDetected = true;\r\n } else if (PE.compareEP(\"E95EDF\")) {\r\n sVersion = \"0.99\";\r\n bDetected = true;\r\n } else if (PE.compareEP(\"E93FDF\")) {\r\n sVersion = \"0.99c\";\r\n bDetected = true;\r\n } else if (PE.compareEP(\"E9E5E2\")) {\r\n sVersion = \"1.00\";\r\n bDetected = true;\r\n }\r\n } else if (PE.compareEP(\"668bc08d2424609ce8000000005dd14d\")) {\r\n sVersion = \"0.35\";\r\n bDetected = true;\r\n }\r\n\r\n return result();\r\n}\r\n" }, { "path": "db/PE/rar.6.sg", "content": "// Detect It Easy: detection rule file\r\n// Author: Jason Hood \r\n\r\nincludeScript(\"rar-file\");\r\n\r\nfunction detect() {\r\n detect_RAR(0);\r\n\r\n return result();\r\n}\r\n" }, { "path": "db/PE/sfx_12Ghosts_Zip2.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\n// https://12ghosts-zip.apponic.com/\nmeta(\"sfx\", \"12Ghosts Zip2\");\n\nfunction detect() {\n if (PE.compareEP(\"E8$$$$$$$$558BEC83EC..A1........8365....8365....5357BF........3BC7BB........74\")) {\n if (PE.isSignaturePresent(PE.getOverlayOffset(), 0x1000, \"'BZh91'\")) {\n sOptions = \"BZIP2\";\n sVersion = \"8.0\";\n bDetected = true;\n }\n }\n\n return result();\n}" }, { "path": "db/PE/sfx_7z.1.sg", "content": "// Detect It Easy: detection rule file\r\n// Author: horsicq \r\n\r\nmeta(\"sfx\", \"7-Zip\");\r\n\r\nfunction detect() {\r\n if (PE.compareOverlay(\"';!@Install@!UTF-8!'\")) {\r\n sType = \"installer\";\r\n var sManifest = PE.getManifest();\r\n var aVersion = sManifest.match(/(\\n?)version=\"(.*?)\"/);\r\n if (aVersion) {\r\n sVersion = aVersion[2];\r\n if (aVersion[1]) {\r\n sOptions = \"new\";\r\n }\r\n } else if (aVersion = sManifest.match(/Archive v(\\d.*?)<\\/desc/)) {\r\n sVersion = aVersion[1];\r\n }\r\n bDetected = true;\r\n } else if (PE.compareOverlay(\"'7z'BCAF271C\")) {\r\n bDetected = true;\r\n } else if (PE.compareOverlay(\"efbbbf';!@Install@!UTF-8!'\")) {\r\n sType = \"installer\";\r\n bDetected = true;\r\n }\r\n\r\n if (bDetected) {\r\n if (PE.getVersionStringInfo(\"InternalName\") == \"7z.sfx\" || PE.getVersionStringInfo(\"InternalName\") == \"7zS2.sfx\") {\r\n sVersion = PE.getVersionStringInfo(\"FileVersion\");\r\n if (!sVersion) {\r\n sVersion = PE.getFileVersion().replace(/\\.0\\.0$/, \"\");\r\n }\r\n }\r\n\r\n if (!sVersion && PE.section[\".rdata\"]) {\r\n var nVersionOffset = PE.findString(PE.section[\".rdata\"].FileOffset, PE.section[\".rdata\"].FileSize, \"7-Zip version:\");\r\n if (nVersionOffset != -1) {\r\n sVersion = PE.getString(nVersionOffset + 16, 4);\r\n }\r\n }\r\n }\r\n\r\n return result();\r\n}\r\n" }, { "path": "db/PE/sfx_ARJSFX.1.sg", "content": "// Detect It Easy: detection rule file\r\n// Author: horsicq \r\n\r\nmeta(\"sfx\", \"ARJSFX\");\r\n\r\nfunction detect() {\r\n if (PE.compareEP(\"a1........c1e0..a3........575133c0bf........b9........3bcf76..2bcffcf3aa595f64678b16....8b42..a3\")) {\r\n if (PE.compareOverlay(\"c0ab........60ea\")) {\r\n sName += \"32\";\r\n bDetected = true;\r\n }\r\n } else if (PE.compareEP(\"64a1........558bec6a..68........68........50648925........83ec..5356578965..ff15\")) {\r\n if (PE.compareOverlay(\"60ea\")) {\r\n bDetected = true;\r\n } else {\r\n for (var i = 0; i < PE.resource.length; i++) {\r\n if (PE.resource[i].Type == 730) { // ARJDATA\r\n bDetected = true;\r\n break;\r\n }\r\n }\r\n }\r\n } else if (PE.compareEP(\"558bec83c4..e8$$$$$$$$e8........6a..e8........8905........e8........8905\")) {\r\n for (var i = 0; i < PE.resource.length && !bDetected; i++) {\r\n if (PE.resource[i].Type == 1001) {\r\n if (PE.compare(\"60ea\", PE.getResourceOffsetByNumber(i))) {\r\n bDetected = true;\r\n }\r\n }\r\n }\r\n }\r\n\r\n return result();\r\n}\r\n" }, { "path": "db/PE/sfx_ARQ.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"sfx\", \"ARQ\");\n\nfunction detect() {\n if (PE.compareOverlay(\"67570402\")) {\n if (PE.compareEP(\"558bec6a..68........68........64a1........50648925........83....5356578965..ff15\")) {\n bDetected = true;\n } else if (PE.compareEP(\"64a1........558bec6a..68........68........50648925........83ec..5356578965..ff15\")) {\n bDetected = true;\n }\n }\n\n return result();\n}" }, { "path": "db/PE/sfx_Abbyy_Lingvo.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"sfx\", \"Abbyy Lingvo\");\n\nfunction detect() {\n if (PE.compareEP(\"558bec6a..68........68........64a1........50648925........83c4..5356578965..ff15\")) {\n if (PE.compare(\"'ArcUpdateABBYY'00\", PE.getSize() - 15)) {\n bDetected = true;\n }\n }\n\n return result();\n}" }, { "path": "db/PE/sfx_Active_Delivery.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"sfx\", \"Active Delivery\");\n\nfunction detect() {\n if (PE.compareEP(\"64a1........558bec6a..68........68........50648925........83ec605356578965..ff15\") &&\n PE.section[\"actdlvry\"] && PE.compare(\"'AD01'\", PE.section[\"actdlvry\"].FileOffset)) {\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/PE/sfx_Cab.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: Jason Hood \n\nmeta(\"sfx\", \"Microsoft Cabinet\");\n\nfunction detect() {\n var overlayOffset = PE.getOverlayOffset();\n\n if (PE.compareOverlay(\"'wextract'\", 16)) {\n // The version is probably for what's being installed, not what's doing\n // the installing; it does seem, though, the raw product version is for\n // the installer itself. Take a punt, anyway.\n overlayOffset = PE.findSignature(overlayOffset - 0xE00, 0xE00, \"BD04EFFE00000100\");\n\n if (overlayOffset !== -1) {\n overlayOffset += 16;\n sVersion = PE.readWord(overlayOffset + 2) + \".\" + PE.readWord(overlayOffset) + \".\" +\n PE.readWord(overlayOffset + 6) + \".\" + PE.readWord(overlayOffset + 4);\n }\n bDetected = true;\n } else if (/sfxcab/.test(PE.getManifest())) {\n var rsrcSection = PE.section[\".rsrc\"];\n\n // There's two version resources, locate the second.\n if (rsrcSection) {\n var overlayOffset = rsrcSection.FileOffset + rsrcSection.VirtualSize;\n\n overlayOffset = PE.findSignature(overlayOffset - 0x600, 0x600, \"BD04EFFE00000100\");\n if (overlayOffset !== -1) {\n overlayOffset += 8;\n sVersion = PE.readWord(overlayOffset + 2) + \".\" + PE.readWord(overlayOffset) + \".\" +\n PE.readWord(overlayOffset + 6) + \".\" + PE.readWord(overlayOffset + 4);\n }\n }\n bDetected = true;\n } else if (/wextract/i.test(PE.getVersionStringInfo(\"InternalName\"))) {\n sVersion = PE.getFileVersion().trim();\n bDetected = true;\n } else if (PE.compareEP(\"558bec81ec........535657ff15........a3........ff15........a1........6625....3d\") && PE.compare(\"'MSCF'00000000\", 0x5000)) {\n bDetected = true;\n } else if (PE.compareEP(\"6a..68........e8........66813d............75..a1........81b8................75..\") && PE.compareOverlay(\"'MSCF'00000000\")) {\n bDetected = true;\n } else if (PE.compareEP(\"e9$$$$$$$$558bec81ec........830d..........5356576a..33dbbf........68........895d..881d\")) {\n bDetected = true;\n }\n\n if (PE.getNumberOfResources() > 0) {\n if (PE.compare(\"'MSCF'00000000\", PE.getResourceNameOffset(\"CABINET\"))) {\n bDetected = true;\n }\n\n if (PE.compare(\"'MSCF'00000000\", PE.getResourceNameOffset(\"IDR_CABFILE\"))) {\n bDetected = true;\n }\n\n }\n\n return result();\n}" }, { "path": "db/PE/sfx_Chilkat_ZIP_Self-Extractor.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"sfx\", \"Chilkat ZIP Self-Extractor\");\n\nfunction detect() {\n if (PE.compareEP(\"558bec6a..68........68........64a1........50648925........83ec..5356578965..ff15\") && PE.compareOverlay(\"07d26cbf2159abaa0100000000\")) {\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/PE/sfx_CoffeeCup_SFX.2.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"sfx\", \"CoffeeCup\");\n\nfunction detect() {\n if (PE.compareEP(\"558bec83c4..33c08945..b8........e8........33c05568........64ff306489206a..68........6a\") && PE.compareOverlay(\"'MPU'00\")) {\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/PE/sfx_DelZip_SFX.2.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"sfx\", \"DelZip\");\n\nfunction detect() {\n if (PE.compareEP(\"558bec83c4..33c08945..b8........e8........33c05568........64ff306489206a..68........6a\") && PE.compareOverlay(\"'MPV'\")) {\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/PE/sfx_Dimd_SFX.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"sfx\", \"Dimd\");\n\nfunction detect() {\n if (PE.compareEP(\"558bec6a..68........68........64a1........50648925........83ec..5356578965..ff15\")) {\n if (PE.compareOverlay(\"........'DIMDMSCF'\")) {\n sOptions = \"CAB SFX\";\n bDetected = true;\n }\n }\n\n return result();\n}" }, { "path": "db/PE/sfx_Envoy_Packager.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"sfx\", \"Envoy Packager\");\n\nfunction detect() {\n if (PE.compareEP(\"64a1........558bec6a..68........68........50648925........83ec..5356578965..ff15\") && PE.compareOverlay(\"b297e169\")) {\n sOptions = \"1994 by Novell, Inc.\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/PE/sfx_GZip.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"sfx\", \"GZip\");\n\nfunction detect() {\n if (PE.compareEP(\"558bec6a..68........68........64a1........50648925........83....5356578965\")) {\n for (var i = 0; i < PE.resource.length && !bDetected; i++) {\n if (PE.compare(\"1f8b08\", PE.resource[i].Offset)) {\n bDetected = true;\n }\n }\n } else if (PE.compareEP(\"64a1........558bec6a..68........68........50648925........83ec..5356578965..ff15\")) {\n if (PE.compareOverlay(\"1f8b08\")) {\n bDetected = true;\n }\n }\n\n return result();\n}" }, { "path": "db/PE/sfx_GkSetup.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"sfx\", \"GkSetup SFX\");\n\nfunction detect() {\n if (PE.findString(PE.getOverlayOffset(), Math.min(0x300, PE.getOverlaySize()), \"/SFX\") != -1) {\n if (PE.compareEP(\"e9$$$$$$$$5351525589e583ec..b8........e8........a1........83c0..24..31d229c489e18b1d\")) {\n sOptions = \"1998 by Gero Kuehn\";\n bDetected = true;\n } else if (PE.compareEP(\"5668........33f668........56ff15........56ff15........a3........e8........85c074..a1\")) {\n sOptions = \"1999 by Gero Kuehn\";\n bDetected = true;\n }\n } else if (PE.compareOverlay(\"'2.00'\")) {\n if (PE.compareEP(\"5633f656ff15........a3........e8........85c074..a1........8b40..48\")) {\n sVersion = \"2.0\";\n bDetected = true;\n }\n }\n\n return result();\n}" }, { "path": "db/PE/sfx_INFTool.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"sfx\", \"INFTool\");\n\nfunction detect() {\n if (PE.compareEP(\"558bec83c4..e8$$$$$$$$e8........6a..e8........8905........e8........8905........c705\")) {\n if (PE.findString(0, PE.getOverlayOffset(), \"INFTool.pkg\") !== -1) {\n bDetected = true;\n }\n }\n\n return result();\n}" }, { "path": "db/PE/sfx_KRZIP_SFX.2.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"sfx\", \"KRZIP\");\n\nfunction detect() {\n if (PE.compareEP(\"558bec83c4..53565733c08945..b8........e8........33c05568........64ff30648920a1........8378\")) {\n if (PE.compareOverlay(\"''\")) {\n sOptions = \"by Kryloff Technologies, Inc.\";\n bDetected = true;\n }\n }\n\n return result();\n}" }, { "path": "db/PE/sfx_LZH_SFX.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"sfx\", \"LZH SFX\");\n\nfunction detect() {\n if (PE.compareEP(\"64a1........558bec6a..68........68........50a1........648925........8b0d\") &&\n (PE.compareOverlay(\"....'-lh5-'\") || PE.compareOverlay(\"........'-lh7-'\"))) {\n sVersion = \"2.60.w32.0031\";\n sOptions = \"by Yoshi 1991 / mH 1995 / Micco 1997-99\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/PE/sfx_Lyme_SFX.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"sfx\", \"Lyme SFX\");\n\nfunction detect() {\n if (PE.compareEP(\"558bec6a..68........68........64a1........50648925........83ec..5356578965..ff15\") && PE.compareOverlay(\"789c\")) {\n sOptions = \"zlib\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/PE/sfx_MP-ZipTool.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"sfx\", \"MP-ZipTool SFX32\");\n\nfunction detect() {\n if (PE.compareEP(\"558bec83c4..33c08945..b8........e8........33c05568........64ff306489206a..68........6a\")) {\n if (PE.compareOverlay(\"'MPU'0d\")) {\n bDetected = true;\n }\n }\n\n return result();\n}" }, { "path": "db/PE/sfx_MPQ.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"sfx\", \"Blizzard MPQ\");\n\nfunction detect() {\n if (PE.compareEP(\"558bec6a..68........68........64a1........50648925........83c4..5356578965..ff15\")) {\n if (PE.compareOverlay(\"'MPQ'1a20\")) {\n bDetected = true;\n }\n }\n\n return result();\n}" }, { "path": "db/PE/sfx_NanoZip.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: LinXP\n\nmeta(\"sfx\", \"NanoZip\");\n\nfunction detect() {\n if (PE.compareEP(\"60be........8dbe........5789e58d9c24........31c05039dc75\") && PE.compareOverlay(\"AE01'NanoZip 0.09 alpha'\")) {\n sVersion = \"0.09a\";\n sOptions = \"nz_w32c.sfx\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/PE/sfx_PKSFX.1.sg", "content": "// Detect It Easy: detection rule file\r\n// Author: horsicq \r\n\r\nmeta(\"sfx\", \"PKSFX\");\r\n\r\nfunction detect() {\r\n if (PE.compareEP(\"558bec6a..68........68........64a100000000506489250000000083c4..535657\")) {\r\n if (PE.compareOverlay(\"'PK'090a\")) {\r\n sVersion = \"2.50\";\r\n bDetected = true;\r\n }\r\n }\r\n\r\n return result();\r\n}\r\n" }, { "path": "db/PE/sfx_Paquet.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"sfx\", \"Paquet\");\n\nfunction detect() {\n if (PE.compareEP(\"558bec81c4........53565733c08985........8985........e8........e8\")) {\n if (PE.compareOverlay(\"04'PBG'\")) {\n sVersion = \"1.5, 1998 by Guillaume Di Giusto\";\n bDetected = true;\n }\n }\n\n return result();\n}" }, { "path": "db/PE/sfx_Quantum.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"sfx\", \"Quantum\");\n\nfunction detect() {\n if (PE.compareEP(\"64a1........558bec6a..68........68........50648925........83ec..5356578965..ff15\")) {\n for (var i = 0; i < PE.resource.length; i++) {\n if (PE.compare(\"'DS'00\", PE.resource[i].Offset)) {\n bDetected = true;\n break;\n }\n }\n }\n\n return result();\n}" }, { "path": "db/PE/sfx_SZDD.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"sfx\", \"SZDD\");\n\nfunction detect() {\n if (PE.compareEP(\"558bec6a..68........68........64a1........50648925........83c4..5356578965..ff15\")) {\n for (var i = 0; i < PE.resource.length; i++) {\n if (PE.resource[i].Type == 2128) { // FILE\n if (PE.compare(\"'SZDD'\", PE.resource[i].Offset)) {\n bDetected = true;\n break;\n }\n }\n }\n } else if (PE.compareEP(\"a1........c1e0..a3........575133c0bf........b9........3bcf76..2bcffcf3aa595f\")) {\n for (var i = 0; i < PE.resource.length; i++) {\n if (PE.resource[i].Type == \"RT_RCDATA\") {\n if (PE.compare(\"'SZDD'\", PE.resource[i].Offset)) {\n sOptions = \"1997 by Khaled Mardam-Bey\";\n bDetected = true;\n break;\n }\n }\n }\n } else if (PE.compareEP(\"64a1........558bec6a..68........68........50648925........83ec..5356578965..ff15\")) {\n for (var i = 0; i < PE.resource.length; i++) {\n if (PE.resource[i].Type == \"RT_RCDATA\") {\n if (PE.compare(\"'SZDD'\", PE.resource[i].Offset)) {\n sOptions = \"1997 by Klever Co.\";\n bDetected = true;\n break;\n }\n }\n }\n }\n\n return result();\n}" }, { "path": "db/PE/sfx_Squeez_SFX.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"sfx\", \"Squeez SFX\");\n\nfunction detect() {\n if (PE.compareEP(\"558bec6a..68........68........64a1........50648925........83ec..5356578965..33db895d..6a..ff15\")) {\n if (PE.compareOverlay(\"'SQ5SFX'\")) {\n sVersion = \"6.0.0.0\";\n bDetected = true;\n }\n }\n\n return result();\n}" }, { "path": "db/PE/sfx_WinACE.1.sg", "content": "// Detect It Easy: detection rule file\r\n// Author: horsicq \r\n\r\nmeta(\"sfx\", \"WinACE\");\r\n\r\nfunction detect() {\r\n if (/WinACE|UNACE/i.test(PE.getVersionStringInfo(\"InternalName\"))) {\r\n sVersion = PE.getVersionStringInfo(\"FileVersion\");\r\n bDetected = true;\r\n }\r\n\r\n return result();\r\n}\r\n" }, { "path": "db/PE/sfx_WinIMP.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"sfx\", \"WinIMP\");\n\nfunction detect() {\n if (PE.compareEP(\"51526a..2eff15........506a..6a..2eff15........50e8........502eff15........5a59c3\")) {\n if (PE.compareOverlay(\"'IMP'0a\")) {\n sOptions = \"1999 by Technelysium Pty Ltd\";\n bDetected = true;\n }\n }\n\n return result();\n}" }, { "path": "db/PE/sfx_WinImage.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"sfx\", \"WinImage\");\n\nfunction detect() {\n if (PE.compareEP(\"64a1........558bec6a..68........68........50a1........648925........8b0d........83ec..89018b15\")) {\n if (PE.compareOverlay(\"'RsDl'\")) {\n sOptions = \"1998 by Gilles Vollant\";\n bDetected = true;\n } else if (PE.compare(\"'WSfxPK'0304\", PE.getOverlayOffset() + 0xC)) {\n sVersion = \"0.90\";\n sOptions = \"1993-97 by Gilles Vollant\";\n bDetected = true;\n }\n }\n\n return result();\n}" }, { "path": "db/PE/sfx_WinPatch.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"sfx\", \"WinPatch Apply Program by Artistry, Inc.\");\n\nfunction detect() {\n if (PE.compareEP(\"558bec6a..68........68........64a1........50648925........83....535657\")) {\n if (PE.compareOverlay(\"'@Daisy@Lucy@xyzzy@'................1f8b08\")) {\n sOptions = \"1996-1998 (gzip)\";\n bDetected = true;\n } else if (PE.compareOverlay(\"'@Daisy@Lucy@xyzzy@'1f8b08\")) {\n sOptions = \"1996-1998 (gzip)\";\n bDetected = true;\n }\n }\n\n return result();\n}" }, { "path": "db/PE/sfx_WinRAR.1.sg", "content": "// Detect It Easy: detection rule file\r\n// Author: horsicq \r\n\r\nmeta(\"sfx\", \"WinRAR\");\r\n\r\nfunction detect() {\r\n if (PE.isNet()) return; // Doesn't support .NET\r\n\r\n var isPkOverlay = PE.compareOverlay(\"'PK'\");\r\n\r\n if (isPkOverlay || PE.compareOverlay(\"'Rar!'\")) {\r\n if (PE.resource[\"STARTDLG\"] && PE.resource[\"LICENSEDLG\"] || PE.resource[\"INSTALL\"] && PE.resource[\"SETUP\"]) {\r\n if (isPkOverlay) {\r\n sOptions = \"ZIP\";\r\n }\r\n\r\n bDetected = true;\r\n }\r\n }\r\n if (PE.compareEP(\"e8$$$$$$$$53bb........e8........85c074..33d28a1083fa..75..40eb\")) {\r\n if (PE.compareOverlay(\"'Rar!'1a\")) {\r\n bDetected = true;\r\n }\r\n }\r\n\r\n return result();\r\n}\r\n" }, { "path": "db/PE/sfx_WinZip.1.sg", "content": "// Detect It Easy: detection rule file\r\n// Author: horsicq \r\n\r\nmeta(\"sfx\", \"WinZip\");\r\n\r\nfunction detect() {\r\n if (PE.compareEP(\"ff15........b1..380874..b1..4080....74..380874..4080....75..80....74..4033\")) {\r\n sVersion = \"6.X\";\r\n bDetected = true;\r\n } else if (PE.compareEP(\"53ff15........b3..38..74..80c3..4033d28a083aca74..3acb74..408a083aca75\")) {\r\n if (PE.findSignature(PE.getOverlayOffset(), Math.min(255, PE.getOverlaySize()), \"504b0304\") != -1) {\r\n sVersion = \"2.2\";\r\n } else if (PE.compareEP(\"8A48014033D23ACA740A3ACB74068A4801\", 16)) {\r\n sVersion = \"8.X\";\r\n }\r\n bDetected = true;\r\n } else if (PE.compareEP(\"53ff15........b3..38..74..80c3..8a48..4033d23aca74..3acb74..8a48..40\")) {\r\n sVersion = \"8.X\";\r\n bDetected = true;\r\n } else if (PE.compareEP(\"e8$$$$$$$$558bec83ec..a1........8365....8365....5357bf........3bc7bb........74..85c374..f7d0\")) {\r\n for (var i = 0; i < PE.resource.length && !bDetected; i++) {\r\n if (PE.resource[i].Type != \"RT_DIALOG\") {\r\n if (PE.findSignature(PE.resource[i].Offset, Math.min(PE.resource[i].Size, 0x1100), \"'PK'0304\") != -1) {\r\n bDetected = true;\r\n }\r\n }\r\n }\r\n if (PE.isSectionNamePresent(\"_winzip_\")) {\r\n bDetected = true;\r\n }\r\n }\r\n if (PE.isSectionNamePresent(\"_winzip_\")) {\r\n if (PE.findSignature(PE.getSectionFileOffset(PE.getSectionNumber(\"_winzip_\")), 0x1000, \"'PK'0304\") != -1) {\r\n sVersion = \"3.1\";\r\n bDetected = true;\r\n }\r\n }\r\n\r\n return result();\r\n}\r\n" }, { "path": "db/PE/sfx_ZipCentral_SFX.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"sfx\", \"ZipCentral SFX-32\");\n\nfunction detect() {\n if (PE.compareEP(\"558BEC83C4..33C089....B8........e8........33c05568........64....64....6a\")) {\n if (PE.compareOverlay(\"'MPV*'\")) {\n sVersion = \"2.0\";\n sOptions = PE.getGeneralOptions();\n bDetected = true;\n }\n }\n\n return result();\n}" }, { "path": "db/PE/sfx_Zip_SFX.2.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"sfx\", \"Zip SFX\");\n\nfunction detect() {\n if (PE.compareEP(\"558bec6a..68........68........64a1........50648925........83....5356578965..ff15\")) {\n if (PE.findSignature(PE.getOverlayOffset(), Math.min(255, PE.getOverlaySize()), \"'PK'0304\") != -1) {\n bDetected = true;\n }\n } else if (PE.compareEP(\"558bec83c4..b8........e8........33c05568........64ff30648920e8\")) {\n if (PE.resource.length) {\n if (PE.resource[0].Type == 784) { // ZIP\n bDetected = true;\n }\n }\n } else if (PE.compareEP(\"e8$$$$$$$$8bff558bec83ec..a1........8365....8365....5357bf........bb\")) {\n if (PE.compareOverlay(\"'PK'0304\")) {\n sOptions = \"by Intel\";\n bDetected = true;\n }\n }\n if (PE.compareEP(\"558bec83c4..5356e8$$$$$$$$e8........6a..e8........8905........e8........8905\")) {\n if (PE.compareOverlay(\"'PK'0304\")) {\n sOptions = \"by C.Ghisler & Co.\";\n bDetected = true;\n }\n }\n if (PE.compareEP(\"558becb8........e8........5356be........578d45..5633db5053ff15........85c00f84\")) {\n if (PE.findSignature(PE.getOverlayOffset(), 0x1000, \"'PK'0304\") != -1) {\n sOptions = \"by Symantec\";\n bDetected = true;\n }\n }\n if (PE.compareEP(\"83ec..5657ff15........8bf08d4424..50c74424..........ff15........8a068b3d........3c..75..56ffd7\")) {\n if (PE.compareOverlay(\"'PK'0304\")) {\n sName = \"SymW32SFX\";\n sOptions = \"by Symantec\";\n bDetected = true;\n }\n }\n if (PE.compareEP(\"558bec83ec..565733ffff15........8bf0897d..8d45..50ff15........8a063c..75..56ff15\")) {\n if (PE.compareOverlay(\"'PK'0304\")) {\n sName = \"Symantec EasyZIP SFX\";\n bDetected = true;\n }\n }\n if (PE.compareEP(\"558bec83ec..56ff15........8bf08a003c..75..84c074..803e..74..46803e..75..803e..75..46eb\")) {\n if (PE.findSignature(PE.getOverlayOffset(), 0x2000, \"'PK'0304\") != -1) {\n sOptions = \"Squeez SFX by SpeedProject 1995-1998\";\n bDetected = true;\n }\n }\n if (PE.compareEP(\"6a..33c0505050ff15........50e8$$$$$$$$55b8........8bece8........53b9........5657be\")) {\n if (PE.compareOverlay(\"'PK'0304\")) {\n sOptions = \"EasyZIP SFX by AKSoft 1995-1996\";\n bDetected = true;\n }\n }\n\n return result();\n}" }, { "path": "db/PE/sfx_rar.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"sfx\", \"RAR\");\n\nfunction detect() {\n if (PE.compareEP(\"558bec83c4..535657e8........e8........33c05568........64ff30648920e8\")) {\n for (var i = 0; i < PE.resource.length && !bDetected; i++) {\n if (PE.compare(\"'rar!'\", PE.resource[i].Offset)) {\n bDetected = true;\n }\n }\n }\n\n return result();\n}" }, { "path": "db/PE/sign_tool_Windows_Authenticode.7.sg", "content": "// Detect It Easy: detection rule file\r\n// Author: horsicq \r\n// Rewritten by: DosX\r\n\r\nmeta(\"sign tool\", \"Windows Authenticode\");\r\n\r\nfunction detect() {\r\n if (PE.isSigned()) {\r\n sVersion = \"2.0\";\r\n sOptions = \"PKCS #7\";\r\n bDetected = true;\r\n\r\n if (!PE.compareOverlay(\"00020200\", 0x04)) {\r\n sOptions = sOptions.append(\"after overlay\");\r\n }\r\n }\r\n\r\n return result();\r\n}\r\n" }, { "path": "db/PE/tool_AHTeam_UPX_Mutanter.2.sg", "content": "// Detect It Easy: detection rule file\n// Author: KDSS-Research \n\nmeta(\"tool\", \"AHTeam UPX Mutanter\");\n\nfunction detect() {\n if (PE.compareEP(\"94 bc 61 62 4d 00 b9 .. 00 00 00 80 34 0c .. e2\")) {\n sOptions = \"Method 2\";\n bDetected = true;\n }\n if (PE.compareEP(\"94 bc .. b9 4d 00 b9 .. 00 00 00 80 34 0c .. e2\")) {\n sOptions = \"Method 1\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/PE/tool_Microsoft_VisualStudio_NET.6.sg", "content": "// Detect It Easy: detection rule file\n\n// Author: DosX\n// E-Mail: collab@kay-software.ru\n// GitHub: https://github.com/DosX-dev\n// Telegram: @DosX_dev\n\nmeta(\"tool\", \"Microsoft Visual Studio\");\n\nfunction detect() {\n if (PE.isNet() && PE.isSignatureInSectionPresent(0, \"590100'KMicrosoft.VisualStudio.Editors.SettingsDesigner.SettingsSingleFileGenerator'\")) {\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/PE/tool_UPX-Patcher.6.sg", "content": "// Detect It Easy: detection rule file\n\n// Author: DosX\n// E-Mail: collab@kay-software.ru\n// GitHub: https://github.com/DosX-dev\n// Telegram: @DosX_dev\n\n// https://github.com/DosX-dev/UPX-Patcher\nmeta(\"tool\", \"UPX-Patcher\");\n\nfunction detect() {\n var dosxSection = PE.section[\".dosx\"],\n fishSectionByIndex = dosxSection ? PE.section[dosxSection + 1] : undefined;\n\n if (PE.getNumberOfSections() > 2 &&\n fishSectionByIndex && dosxSection &&\n fishSectionByIndex.Name === \".fish\") {\n bDetected = true;\n\n var is64 = PE.is64();\n\n if (!PE.isDll()) {\n if (PE.compareEP(is64 ?\n \"53\" : // push rbx (x64)\n \"55\" // push ebp (x86)\n )) {\n sOptions = (is64 ? \"x64\" : \"x86\") + \" mode\"; // Custom EP\n } else {\n bDetected = false;\n }\n }\n }\n\n return result();\n}" }, { "path": "db/PE/tool_UPXFreak.2.sg", "content": "// Detect It Easy: detection rule file\r\n// Author: horsicq \r\n\r\nmeta(\"tool\", \"UPXFreak\");\r\n\r\nfunction detect() {\r\n if (PE.compareEP(\"BE........83C601FFE60000\")) {\r\n sVersion = \"0.1\";\r\n bDetected = true;\r\n }\r\n\r\n return result();\r\n}\r\n" }, { "path": "db/PE/tool_UPX_Inliner.2.sg", "content": "// Detect It Easy: detection rule file\r\n// Author: horsicq \r\n\r\nmeta(\"tool\", \"UPX Inliner\");\r\n\r\nfunction detect() {\r\n if (PE.compareEP(\"9C60E8000000005DB8........2D........2BE88DB5D5FEFFFF8B0683F8007411\")) {\r\n sVersion = \"1.0\";\r\n bDetected = true;\r\n }\r\n\r\n return result();\r\n}\r\n" }, { "path": "db/PE/tool_UPX_Modifier.2.sg", "content": "// Detect It Easy: detection rule file\r\n// Author: horsicq \r\n\r\nmeta(\"tool\", \"UPX Modifier\");\r\n\r\nfunction detect() {\r\n if (PE.compareEP(\"50BE........8DBE........5783CD\")) {\r\n sVersion = \"0.1X\";\r\n bDetected = true;\r\n }\r\n\r\n return result();\r\n}\r\n" }, { "path": "db/PE/tool_UPX_lock.2.sg", "content": "// Detect It Easy: detection rule file\r\n// Author: horsicq \r\n\r\nmeta(\"tool\", \"UPX lock\");\r\n\r\nfunction detect() {\r\n if (PE.compareEP(\"60E8000000005D81ED........60E82B030000\")) {\r\n sVersion = \"1.0-1.2\";\r\n bDetected = true;\r\n }\r\n\r\n return result();\r\n}\r\n" }, { "path": "db/PE/tool_UPX_scrambler.2.sg", "content": "// Detect It Easy: detection rule file\r\n// Author: horsicq \r\n\r\nmeta(\"tool\", \"UPX Scrambler\");\r\n\r\nfunction detect() {\r\n if (PE.compareEP(\"E8000000005983C10751C3C3BE........83EC04893424B9800000008136........50B80400000050033424585883E903E2E9EBD6\")) {\r\n sVersion = \"3.06\";\r\n bDetected = true;\r\n } else if (PE.compareEP(\"66C705........7507E9..FEFFFF00\")) {\r\n bDetected = true;\r\n } else if (PE.compareEP(\"9061BE........8DBE........5783CDFF\")) {\r\n sVersion = \"1.X\";\r\n bDetected = true;\r\n } else if (PE.compareEP(\"9061BE........8DBE........c787................5783CDFF\")) {\r\n sVersion = \"1.X\";\r\n bDetected = true;\r\n }\r\n\r\n return result();\r\n}\r\n" }, { "path": "db/PE/tool_UnoPiX.2.sg", "content": "// Detect It Easy: detection rule file\r\n// Author: horsicq \r\n\r\nmeta(\"tool\", \"UnoPiX\");\r\n\r\nfunction detect() {\r\n if (PE.compareEP(\"60E8070000006168........C383042418C3\")) {\r\n sVersion = \"0.75\";\r\n bDetected = true;\r\n }\r\n\r\n if (PE.nLastSection >= 2) {\r\n var nVirtualSize = PE.section[PE.nLastSection].VirtualSize;\r\n if (nVirtualSize == 0x1000) {\r\n if (nVirtualSize == PE.section[PE.nLastSection].FileSize) {\r\n var nFlags = PE.section[PE.nLastSection].Characteristics;\r\n if (nFlags == 0xe0000040 && !PE.section[PE.nLastSection].Name && PE.getMajorLinkerVersion() == 0 && PE.getMinorLinkerVersion() == 0) {\r\n sVersion = \"0.94\";\r\n bDetected = true;\r\n }\r\n }\r\n }\r\n }\r\n\r\n return result();\r\n}\r\n" }, { "path": "db/PE/tool_XVolkolak.6.sg", "content": "// Detect It Easy: detection rule file\n\n// Author: DosX\n// E-Mail: collab@kay-software.ru\n// GitHub: https://github.com/DosX-dev\n// Telegram: @DosX_dev\n\n// https://n10info.blogspot.com/2018/03/xvolkolak-010.html\nmeta(\"tool\", \"XVolkolak\");\n\nfunction detect() {\n if (PE.isNet()) return; // Doesn't support .NET\n\n var xvlkSectionsCounter = 0,\n resourceSectionsCounter = 0,\n isRwxSectionPresent = false;\n\n for (var i = 0; i < PE.getNumberOfSections(); i++) {\n var sectionToCheck = PE.section[i];\n\n if (sectionToCheck.Name === \".xvlk\") {\n xvlkSectionsCounter++;\n\n if (sectionToCheck.Characteristics & 0xe0000020) {\n isRwxSectionPresent = true;\n }\n } else if (/rsrc/i.test(sectionToCheck.Name)) {\n resourceSectionsCounter++;\n }\n }\n\n if (isRwxSectionPresent && xvlkSectionsCounter >= 2 && PE.getNumberOfSections() === (xvlkSectionsCounter + resourceSectionsCounter)) {\n sOptions = \"unpacked\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db/PE/tool_de4dot.6.sg", "content": "// Detect It Easy: detection rule file\n\n// Author: DosX\n// E-Mail: collab@kay-software.ru\n// GitHub: https://github.com/DosX-dev\n// Telegram: @DosX_dev\n\nmeta(\"tool\", \"de4dot\");\n\nfunction detect() {\n if (PE.isNet()) {\n if (PE.isNetObjectPresent(\"smethod_0\") && (\n PE.isNetObjectPresent(\"GClass0\") || (\n PE.isNetObjectPresent(\"Class0\") && PE.isNetObjectPresent(\"Class1\")\n )\n )) {\n bDetected = true;\n sOptions = \"deobfuscated\";\n }\n }\n\n return result();\n}" }, { "path": "db/PE/zip.6.sg", "content": "// Detect It Easy: detection rule file\r\n// Author: Jason Hood \r\n\r\nincludeScript(\"zip-file\");\r\n\r\nfunction detect() {\r\n detect_Zip(0);\n\n return result();\n}" }, { "path": "db/PNG/_PNG.0.sg", "content": "// Detect It Easy: detection rule file\r\n// Author: horsicq \r\n\r\nmeta(\"format\", \"PNG\");\r\n\r\nfunction detect() {\r\n sName = PNG.getFileFormatName();\r\n sVersion = PNG.getFileFormatVersion();\r\n sOptions = PNG.getFileFormatOptions();\r\n \r\n if (sName) {\r\n bDetected = true;\r\n }\r\n\r\n return result();\r\n}\r\n" }, { "path": "db/PNG/_init", "content": "// Detect It Easy: DiE-JS framework file\r\n// Don't change anything unless you're sure about what you're doing\r\n\r\nvar File = PNG;\r\nvar X = PNG;" }, { "path": "db/PYC/_PYC.0.sg", "content": "// Detect It Easy: detection rule file\r\n// Author: horsicq \r\n\r\nmeta(\"format\", \"PYC\");\r\n\r\nfunction detect() {\r\n sName = PYC.getFileFormatName();\r\n sVersion = PYC.getFileFormatVersion();\r\n sOptions = PYC.getFileFormatOptions();\r\n\r\n bDetected = true;\r\n\r\n return result();\r\n}\r\n" }, { "path": "db/PYC/_init", "content": "// Detect It Easy: DiE-JS framework file\n// Don't change anything unless you're sure about what you're doing\n\nvar File = PYC;\nvar X = PYC;" }, { "path": "db/PYC/packer_UPP.1.sg", "content": "// Detect It Easy: detection rule file\r\n// Author: horsicq \r\n\r\n// https://github.com/KatzenTechnologies/UPP\r\ninit(\"packer\", \"UPP\");\r\n\r\nfunction detect() {\r\n if (PYC.isConstPresent(\"UPP!1.10\")) {\r\n sVersion = \"1.10\";\r\n bDetected = true;\r\n }\r\n\r\n return result();\r\n}\r\n" }, { "path": "db/QtFramework", "content": "// Detect It Easy: DiE-JS framework file\n// Don't change anything unless you're sure about what you're doing\n\n// Qt is tested twice - as a library and as a compiler (to distinguish C from C++). Detect it once here.\n// Coauthor: sendersu\n\nvar aQt, ownName;\n\nif (typeof aQt === \"undefined\" && typeof PE !== \"undefined\") {\n ownName = PE.getFileBaseName() + \".\" + PE.getFileCompleteSuffix();\n aQt = PE.isLibraryPresentExp(/^Qt(\\d)?Core(d?)(\\d)?/i);\n //special case - check own name\n if (!aQt) {\n aQt = ownName.match(/^Qt(\\d)?Core(d?)(\\d)?/i)\n if (aQt)\n aQt[0] = ownName;\n }\n}" }, { "path": "db/RAR/_RAR.0.sg", "content": "// Detect It Easy: detection rule file\r\n// Author: horsicq \r\n\r\nmeta(\"format\", \"RAR\");\r\n\r\nfunction detect() {\r\n if (RAR.isVerbose()) {\r\n sName = RAR.getFileFormatName();\r\n sVersion = RAR.getFileFormatVersion();\r\n sOptions = RAR.getFileFormatOptions();\r\n \r\n if (sName) {\r\n bDetected = true;\r\n }\r\n }\r\n\r\n return result();\r\n}\r\n" }, { "path": "db/RAR/_init", "content": "// Detect It Easy: DiE-JS framework file\r\n// Don't change anything unless you're sure about what you're doing\r\n\r\nvar File = RAR;\r\nvar X = RAR;" }, { "path": "db/RosASM", "content": "// Detect It Easy: DiE-JS framework file\r\n// Don't change anything unless you're sure about what you're doing\r\n\r\n// RosASM's PE DOS stub is tested twice - once to detect RosASM as a compiler and again\r\n// to prevent being detected as a linker (RosASM has no linker). Detect it once here.\r\n\r\nvar bRosASM;\r\nif (typeof bRosASM === \"undefined\") {\r\n bRosASM = false;\r\n if (PE.compare(\"'RosAsm Assembler'\", 0xb0)) {\r\n bRosASM = true;\r\n } else if (PE.compare(\"'MZ'90000300000004000000ffff0000b8000000000000004000000000000000000000000000000000000000000000000000000000000000........800000000e1fba0e00b409cd21b8014ccd21'This program cannot be run in DOS mode\\r\\n$'000000000000000000\")) {\r\n bRosASM = true;\r\n }\r\n}" }, { "path": "db/SpASM", "content": "// Detect It Easy: DiE-JS framework file\r\n// Don't change anything unless you're sure about what you're doing\r\n\r\n// SpASM's PE DOS stub is tested twice - once to detect SpASM as a compiler and\r\n// again to prevent being detected as a linker (SpASM has no linker). Detect it\r\n// once here.\r\n\r\nvar bSpASM;\r\nif (typeof bSpASM === \"undefined\") {\r\n bSpASM = PE.compare(\"'MZ'80000000000004000000ffff0000b800000000000000400000000000000000000000000000000000000000000000000000000000000007786c16800000000e1fba0e00b409cd21b8014ccd21'Spindoz 32 spit PEfile made wizz SpAsm Assembler.$'\");\r\n}" }, { "path": "db/TASM32", "content": "// Detect It Easy: DiE-JS framework file\r\n// Don't change anything unless you're sure about what you're doing\r\n\r\n// TASM32 uses TLINK32 (Turbo Linker), which is the same linker used by\r\n// Borland C++ and Delphi. The TASM32 script runs after the Borland script\r\n// so that bBorlandC is available for exclusion.\r\n\r\nvar bTASM32;\r\nif (typeof bTASM32 === \"undefined\") {\r\n bTASM32 = false;\r\n\r\n if (PE) {\r\n // TLINK32 leaves a characteristic DOS stub:\r\n // \"This program must be run under Win32\\r\\n$\" at file offset 0x50.\r\n // The four wildcard bytes cover the version-specific field.\r\n if (PE.compare(\"'This program must be run under Win'....0D0A24..00\", 0x50)) {\r\n // Exclude Borland C++ (same linker, but has a distinct runtime stub\r\n // or C++-hook marker at the entry point detected by bBorlandC).\r\n if (!bBorlandC) {\r\n // Exclude Delphi / C++ Builder: both embed PACKAGEINFO and/or\r\n // DVCLAL resources, and Delphi uses a TLS directory.\r\n if (!PE.resource[\"PACKAGEINFO\"] && !PE.resource[\"DVCLAL\"]) {\r\n bTASM32 = true;\r\n }\r\n }\r\n }\r\n }\r\n}\r\n" }, { "path": "db/ZIP/_ZIP.0.sg", "content": "// Detect It Easy: detection rule file\r\n// Author: horsicq \r\n\r\nmeta(\"format\", \"ZIP\");\r\n\r\nfunction detect() {\r\n if (ZIP.isVerbose()) {\r\n sName = ZIP.getFileFormatName();\r\n sVersion = ZIP.getFileFormatVersion();\r\n sOptions = ZIP.getFileFormatOptions();\r\n \r\n if (sName) {\r\n bDetected = true;\r\n }\r\n }\r\n\r\n return result();\r\n}\r\n" }, { "path": "db/ZIP/_init", "content": "// Detect It Easy: DiE-JS framework file\r\n// Don't change anything unless you're sure about what you're doing\r\n\r\nvar File = ZIP;\r\nvar X = ZIP;" }, { "path": "db/_db_caching", "content": "// Detect It Easy: DiE-JS framework file\n// Don't change anything unless you're sure about what you're doing\n\n// Author: DosX\n// E-Mail: collab@kay-software.ru\n// GitHub: https://github.com/DosX-dev\n// Telegram: @DosX_dev\n\nfunction _forceCaching(fn) {\n var cacheStore = {};\n\n return function () {\n var args = Array.prototype.slice.call(arguments),\n key = JSON.stringify(args);\n\n if (cacheStore.hasOwnProperty(key)) {\n return cacheStore[key];\n }\n\n return cacheStore[key] = fn.apply(this, arguments);\n };\n}\n\n\nvar useBetaDieEngineCachingTechology = true;\n\nif (useBetaDieEngineCachingTechology) {\n var classNames = [\n \"Amiga\", \"APK\", \"Archive\", \"Binary\", \"COM\", \"DEX\", \"DOS4G\", \"DOS16M\",\n \"ELF\", \"IPA\", \"JAR\", \"LE\", \"LX\", \"MACH\", \"MACHOFAT\", \"MSDOS\", \"NE\", \"NPM\", \"PDF\", \"PE\", \"ZIP\"\n ];\n\n var methodsToWrap = [\n \"isSignaturePresent\",\n \"isSignatureInSectionPresent\",\n \"findSignature\",\n \"compare\",\n \"findString\"\n ];\n\n for (var i = 0; i < classNames.length; i++) {\n var className = classNames[i];\n\n try {\n if (typeof this[className] === \"object\" || typeof this[className] === \"function\") {\n var cls = this[className];\n\n for (var j = 0; j < methodsToWrap.length; j++) {\n var methodName = methodsToWrap[j];\n if (typeof cls[methodName] === \"function\") {\n cls[methodName] = _forceCaching(cls[methodName]);\n }\n }\n }\n } catch (e) {\n _error(e.message);\n }\n }\n\n try {\n if (typeof this.PE !== \"undefined\" && typeof this.PE.isNetObjectPresent === \"function\") {\n this.PE.isNetObjectPresent = _forceCaching(this.PE.isNetObjectPresent);\n }\n } catch (e) {\n _error(e.message);\n }\n}" }, { "path": "db/_debug", "content": "// Detect It Easy: DiE-JS framework file\n// Don't change anything unless you're sure about what you're doing\n\n// Debugging functions to help with development\n\n// Author: DosX\n// E-Mail: collab@kay-software.ru\n// GitHub: https://github.com/DosX-dev\n// Telegram: @DosX_dev\n\n// Just a debug function\nfunction _debug(messageText) {\n messageText = \"-> \" + messageText;\n _log(\"Debug: \" + messageText);\n _setResult(\"dev-output\", messageText, \"\", \"\");\n}\n\n// Handle exceptions and log them\nfunction _error(exceptionText) {\n var exceptionText = \"Error: \" + exceptionText;\n\n if (sName) {\n exceptionText += \", last define() is '\" + sName + \"' with type '\" + sType + \"'\";\n }\n\n _log(\"Exception: \" + exceptionText);\n throw exceptionText;\n}" }, { "path": "db/_init", "content": "// Detect It Easy: DiE-JS framework file\n// Don't change anything unless you're sure about what you're doing\n\nincludeScript(\"_debug\");\nincludeScript(\"_runtime_helpers\");\nincludeScript(\"language\");\n\nvar bDetected,\n sType,\n sName,\n sVersion,\n sOptions,\n sLang,\n sLangVersion;\n\n/**\n * Initializes the detection process with the given parameters.\n *\n * @param {string} sType - The type of the item to detect.\n * @param {string} sName - The name of the item to detect.\n * @param {string} [sVersion] - The version of the item to detect. Optional.\n * @param {string} [sOptions] - Additional options for detection. Optional.\n * @param {string} [sLang] - The programming language of the item to detect. Optional.\n * @param {string} [sLangVersion] - The version of the programming language. Optional.\n */\nfunction meta(\n sTypeInput, // (*) type\n sNameInput, // (*) name\n sVersionInput, // version\n sOptionsInput, // options\n sLangInput, // language\n sLangVersionInput // language version\n) {\n if (!sTypeInput) _error(\"No input detection type.\");\n\n sType = sTypeInput;\n sName = sNameInput ? sNameInput : String();\n\n sVersion = sVersionInput ? sVersionInput : String();\n sOptions = sOptionsInput ? sOptionsInput : String();\n sLang = sLangInput ? sLangInput : String();\n sLangVersion = sLangVersionInput ? sLangVersionInput : String();\n\n bDetected = false;\n}\n\nfunction init() { meta.apply(null, arguments); }\n\n\n/**\n * Processes the detection result and resets the detection variables.\n *\n * If a detection has been made (bDetected is true), this function sets the result\n * using the _setResult function with the provided type, name, version, and options.\n * After setting the result, it resets the detection flag (bDetected) to false.\n *\n * Regardless of whether a detection was made, it resets the sName, sVersion, and sOptions\n * variables to empty strings.\n */\nfunction result() {\n if (bDetected) {\n sVersion = sVersion ? sVersion : String();\n sOptions = sOptions ? sOptions : String();\n\n if (sName) {\n _setResult(sType, sName, sVersion, sOptions);\n\n if (sLang) {\n if (sLangVersion) {\n _setLang(sLang, sLangVersion);\n } else {\n _setLang(sLang);\n }\n }\n } else {\n _error(\"No input detection name.\");\n }\n }\n\n sName = sVersion = sOptions = sLang = sLangVersion = '';\n\n var resultValue = bDetected;\n\n bDetected = false;\n\n return resultValue;\n}" }, { "path": "db/_runtime_helpers", "content": "// Detect It Easy: DiE-JS framework file\n// Don't change anything unless you're sure about what you're doing\n\n/**\n * Attaches new strings to `this`, separating everything with a comma and no space.\n * @param {String...} the open list of strings to append.\n */\nString.prototype.append = function () {\n var str = String(this);\n var separator = \", \";\n\n if (arguments.length > 0) {\n if (str.length > 0) {\n str += separator;\n }\n str += Array.prototype.join.call(arguments, separator);\n }\n\n return str;\n}\n\n\n/**\n * Append a string with a custom separator.\n * @param {String} stringToAppend - String to append.\n * @param {String} [separator=\", \"] - Separator string.\n * @returns {String} The new string.\n * @global\n * @example\n * sOptions = sOptions.appendS(\"debug\",\"::\");\n */\nString.prototype.appendS = function (stringToAppend, separator) {\n var str = String(this);\n var sep = (typeof separator === \"string\") ? separator : \", \";\n\n if (stringToAppend) {\n if (str.length > 0) {\n str += sep;\n }\n str += stringToAppend;\n }\n\n return str;\n}\n\n\nString.prototype.addIfNone = function (substring) {\n var str = String(this);\n\n if (substring && str.indexOf(substring) < 0) {\n str += substring;\n }\n\n return str;\n}\n\n\n// Some ECMA6 functions that should be removed if DIE transitions to it\nif(!String.prototype.startsWith) String.prototype.startsWith = function (s, min) {\n // the default case-sensitive version of startsWith\n var m = (typeof min == \"number\") ? Math.min(s.length, min) : 0;\n if (s.length > this.length - m) return false;\n return this.slice(m, s.length) == s;\n}\n\nString.prototype.startsWithCI = function (s, min) {\n // case-insensitive version of startsWith\n // the built-in clearly just checks for arguments length instead of max being undefined, so we copy that...\n if(arguments.length < 2) return this.toLowerCase().startsWith(s.toLowerCase());\n else return this.toLowerCase().startsWith(s.toLowerCase(), min);\n}\n\nif(!String.prototype.endsWith) String.prototype.endsWith = function (s, max) {\n // the default case-sensitive version of endsWith\n var m = (typeof max == \"number\") ? Math.min(this.length, max) : this.length;\n if (s.length > m) return false; if(!s.length) return true;\n return this.slice(m - s.length, m) == s;\n}\n\nString.prototype.endsWithCI = function (s, max) {\n // the case-insensitive version of endsWith\n // the built-in clearly just checks for arguments length instead of max being undefined, so we copy that...\n if(arguments.length < 2) return this.toLowerCase().endsWith(s.toLowerCase());\n else return this.toLowerCase().endsWith(s.toLowerCase(), max);\n}\n\nif (!String.prototype.repeat) String.prototype.repeat = function (num) {\n if (typeof num !== \"number\") return this;\n var s = this; for (var i = 1; i < num; i++) s += this; return s;\n}\n\n/**\n * Pad the start of a line with spaces or the character given.\n * @param {String or Number} The width desired.\n * @param {Number} [nPad=\" \"] The padding string. Loops.\n * @returns {String} The new string.\n * @global\n * @example\n * var a = 12; ...; if(\"aba12\" === a.padStart(5,\"ab\")) ...\n */\nif (!String.prototype.padStart) String.prototype.padStart = function (targetLength, padString) {\n var s = this.valueOf();\n\n targetLength >>= 0; // truncate if number or convert non-number to 0;\n padString = String(padString || ' ');\n\n if (s.length >= targetLength) {\n return String(s);\n }\n\n targetLength -= s.length;\n if (targetLength > padString.length) {\n padString += padString.repeat(Math.ceil(targetLength / padString.length));\n // append to original to ensure we are longer than needed\n }\n\n return padString.slice(0, targetLength) + String(s);\n}\n\nif (!Number.prototype.padStart) Number.prototype.padStart = function (targetLength, padString) {\n var s = this.valueOf().toString();\n\n targetLength >>= 0; // truncate if number or convert non-number to 0;\n padString = String(padString || ' ');\n\n if (s.length >= targetLength) return s;\n\n targetLength -= s.length;\n if (targetLength > padString.length) {\n padString += padString.repeat(Math.ceil(targetLength / padString.length));\n // append to original to ensure we are longer than needed\n }\n\n return padString.slice(0, targetLength) + s;\n}\n\nif(!Number.prototype.clamp) Number.prototype.clamp = function (min, max) { return Math.min(Math.max(this, min), max) }\n\nif(!String.prototype.replaceAll) String.prototype.replaceAll = function (s, r) {\n if (typeof s != 'string' || typeof r != 'string') return '?' + s;\n var o = '';\n for (var i = 0; i < this.length; i++) {\n if (this.slice(i, i + s.length) == s) { o += r; i += s.length - 1 } else o += this[i];\n }\n return o;\n}\n\nif (!Array.prototype.includes) { Array.prototype.includes = function (searchElement, fromIndex) {\n if (this == null) throw new TypeError('\"this\" is null or not defined');\n var o = Object(this);\n var len = o.length >>> 0;\n if (len === 0) return false;\n\n var n = fromIndex | 0;\n var k = Math.max(n >= 0 ? n : len - Math.abs(n), 0);\n\n while (k < len) {\n var element = o[k];\n if (element === searchElement || (typeof element === 'number' && typeof searchElement === 'number' && isNaN(element) && isNaN(searchElement))) {\n return true;\n }\n k++;\n }\n return false;\n };\n}\n\nif (!String.prototype.includes) String.prototype.includes = function (search, start) {\n if (typeof start !== 'number') start = 0;\n if (start + search.length > this.length) return false;\n return this.indexOf(search, start) !== -1;\n };\n" }, { "path": "db/archive-file", "content": "// Detect It Easy: DiE-JS framework file\r\n// Don't change anything unless you're sure about what you're doing\r\n\r\n// Common routines for handling archives.\r\n\r\nmeta(\"archive\");\r\n\r\nvar Archive = {\r\n nFiles: 0, // number of files in archive\r\n nDirs: 0, // number of directories in archive\r\n nSize: 0, // total unpacked size of all files\r\n nPacked: 0, // total packed size of all files\r\n\r\n // Add an entry, updating the counts and sizes.\r\n add: function(nSize, nPacked, bDir) {\r\n if (bDir) {\r\n this.nDirs++;\r\n } else {\r\n this.nFiles++;\r\n this.nSize += nSize;\r\n this.nPacked += nPacked;\r\n }\r\n },\r\n\r\n // Return the contents according to what was found - \"P%,F files,D dirs\".\r\n contents: function() {\r\n var sContents = \"\";\r\n if (this.nSize != 0) {\r\n sContents = (this.nPacked / this.nSize * 100).toFixed(1) + \"%\";\r\n }\r\n if (this.nFiles != 0) {\r\n sContents = sContents.append(this.nFiles + (this.nFiles == 1 ? \" file\" : \" files\"));\r\n }\r\n if (this.nDirs != 0) {\r\n sContents = sContents.append(this.nDirs + (this.nDirs == 1 ? \" dir\" : \" dirs\"));\r\n }\r\n return sContents;\r\n }\r\n}" }, { "path": "db/arj", "content": "// Detect It Easy: DiE-JS framework file\r\n// Don't change anything unless you're sure about what you're doing\r\n\r\n// Detect an ARJ archive.\r\n// Info from http://www.fileformat.info/format/arj/corion.htm\r\nincludeScript(\"archive-file\");\r\nsName = \"ARJ\";\r\n\r\nfunction detect_ARJ(bFile, bShowOptions) {\r\n var nOffset, nSize;\r\n if (bFile) {\r\n nOffset = 0;\r\n nSize = File.getSize();\r\n } else {\r\n nOffset = File.getOverlayOffset() + 8;\r\n nSize = File.getOverlaySize();\r\n }\r\n if (nSize >= 64) {\r\n if (File.compare(\"60EA\", nOffset)) {\r\n sVersion = File.readByte(nOffset + 5);\r\n bDetected = true;\r\n }\r\n if (bDetected && bShowOptions) {\r\n // Options\r\n switch (File.readByte(nOffset + 7)) // Host OS\r\n {\r\n case (0):\r\n sOptions = sOptions.append(\"MS-DOS\");\r\n break;\r\n case (1):\r\n sOptions = sOptions.append(\"PRIMOS\");\r\n break;\r\n case (2):\r\n sOptions = sOptions.append(\"UNIX\");\r\n break;\r\n case (3):\r\n sOptions = sOptions.append(\"AMIGA\");\r\n break;\r\n case (4):\r\n sOptions = sOptions.append(\"MAC-OS\");\r\n break;\r\n case (5):\r\n sOptions = sOptions.append(\"OS/2\");\r\n break;\r\n case (6):\r\n sOptions = sOptions.append(\"APPLE GS\");\r\n break;\r\n case (7):\r\n sOptions = sOptions.append(\"ATARI ST\");\r\n break;\r\n case (8):\r\n sOptions = sOptions.append(\"NeXT\");\r\n break;\r\n case (9):\r\n sOptions = sOptions.append(\"VAX VMS\");\r\n break;\r\n }\r\n if (File.readByte(nOffset + 8) & 0x01) // password\r\n {\r\n sOptions = sOptions.append(\"encrypted\");\r\n }\r\n\r\n switch (File.readByte(nOffset + 9)) // Compression method\r\n {\r\n case (0):\r\n sOptions = sOptions.append(\"stored\");\r\n break;\r\n case (1):\r\n sOptions = sOptions.append(\"compressed most\");\r\n break;\r\n case (2):\r\n sOptions = sOptions.append(\"compressed\");\r\n break;\r\n case (3):\r\n sOptions = sOptions.append(\"compressed faster\");\r\n break;\r\n case (4):\r\n sOptions = sOptions.append(\"compressed fastest\");\r\n break;\r\n }\r\n }\r\n }\r\n}" }, { "path": "db/bytecodeparsers", "content": "// Detect It Easy: DiE-JS framework file\n// Don't change anything unless you're sure about what you're doing\n\n// Author: Kae \n\n/* A collection of binary (bytecodes, disassemblers) parsers intended for sanity checks.\nEach parser must have these parameters (len optional):\n {UInt} [p=0] - pointer (file offset) from where to begin\n {Int} [len=BCParseUntilReasonable] - either the block length or one of the constants above. Not all parsers will support all constants (EoF is implied anyway, and there may not be end markers in a format) but the ToReasonable must be present.\nIt must return a list [n, e, 0, ...] where:\n - n: BCInvalidFormat, or the first value is the number of commands parsed,or the number of notes read. If n is BCInvalidFormat, the other return list values may be absent;\n - e: -1 or the position after the end marker;\n - 0: [reserved]\n - any custom useful data, such as tags, may be added as well (values [3...]).\n*/\n/* beautify ignore:start */\n\n//Put these in the length parameter when you're unsure how long the tested block is\nBCParseToReasonable = 0; // the default idea of the parser\nBCParseToEoF = -1; // physical file end\nBCParseToEndMarker = -2; // logical block end (like an end-block bytecode, RET in disassembly...)\nBCInvalidFormat = -1;\n\nconst debug = 0;\n\n\n// -= PC98xx MUAP parsing =-\n\n function MUAP98CmdStr(ch, o, recurse) {\n if (typeof recurse != 'number') recurse = 0; if (recurse > 2) return '…';\n const\n C = [/*0~2: FM:*/'FM1: ', 'FM2: ', 'FM3: ', /*3~5:*/'SSGA: ', 'SSGB: ', 'SSGC: ',\n /*6~8,11~17: FM:*/'FM4: ', 'FM5: ', 'FM6: ', /*9,10:*/'RHY: ', 'PCM: ',\n 'FM7: ',/*12~14: either YM3438 or YM2203*/'FM8: ', 'FM9: ', 'FM10: ', 'FM11: ', 'FM12: '],\n notes = ['C#', 'D', 'D#', 'E', 'F', 'F#', 'G', 'G#', 'A', 'A#', 'B', 'C'],\n c = X.U8(o), cht = ch == 9 ? 'rhy' : ch == 10 ? 'pcm' : 3 <= ch && ch <= 5 ? 'ssg' : 'fm',\n ifop = ['=', '>', '<', '!=' /*the rest always denote FP*/];\n var t;\n if (cht == 'fm' && c < 0x40)\n return C[ch] + 'note \"' + Hex(c) + '\" ' + notes[c % 12] + (1 + Util.divu64(c, 12)) + ' ~' + X.U8(o + 1);\n else if (cht == 'ssg' && c < 0x10)\n return C[ch] + 'key-on \"' + Hex(c) + '\" ' + ' ~' + X.U8(o + 1);\n else switch (c) {\n case 0xFF: return C[ch] + 'rest'; case 0xFE: return C[ch] + 'reset & play'; case 0xFD: return C[ch] + 'reset & stop';\n case 0xFC: return '-= ' + C[ch] + 'End. =-';\n case 0xFB: return C[ch] + \"wait on '\";\n case 0xFA: return C[ch] + (ch == 9 || ch == 10 ? 'x9 nop' : '3ch 4harm play ' + outArray(X.readBytes(o + 1, 8), 16));\n case 0xF9: return C[ch] + (ch == 9 || ch == 10 ? 'rhy cmd end' : 'same freq play');\n case 0xF8: return C[ch] + 'add freq ' + outArray(X.readBytes(o + 1, 3), 16);\n case 0xF7: return C[ch] + 'loop @' + Hex(o - X.I16(o + 1)) + ' x' + Hex(X.U8(o + 3));\n case 0xF6: return C[ch] + (cht == 'ssg' ? 'noise freq ' : 'pan ') + Hex(X.U8(o + 1));\n case 0xF5: return C[ch] + 'Timer-A tempo ' + Hex(X.U16(o + 1));\n case 0xF4: return C[ch] + 'set length ' + Hex(X.U8(o + 1)) + ', ratio ' + Hex(X.U8(o + 2));\n case 0xF3: return 'wait all channels';\n case 0xF2: return C[ch] + (ch == 9 || ch == 10 ? 'DSP mode, level, delay' + outArray(X.readBytes(o + 1, 3), 16) :\n cht == 'ssg' ? 'set start decay data' + outArray(X.readBytes(o + 1, 3), 16) : 'nop');\n case 0xF1: return C[ch] + 'R' + Hex(X.U8(o + 1)) + ' = ' + Hex(X.U8(o + 2));\n case 0xF0: return C[ch] + (ch == 9 || ch == 10 ? 'Rhythm Key On ' : 'set system detune ') + Hex(X.U8(o + 1));\n case 0xEF: return C[ch] + (ch == 9 || ch == 10 ? 'Rhythm Dump ' : 'hard LFO speed ') + Hex(X.U8(o + 1));\n case 0xEE: return C[ch] + (ch == 9 || ch == 10 ? 'Rhythm pan/vol ' : 'hard LFO AMD,PMD,AMon') + outArray(X.readBytes(o + 1, 2), 16);\n case 0xED: return C[ch] + (ch == 9 || ch == 10 ? 'x2 nop' : '3ch 4harm mode ' + outArray(X.readBytes(o + 1, 2), 16));\n case 0xEC: return C[ch] + 'key display mask on/off & colour ' + Hex(X.U8(o + 1));\n case 0xEB: return C[ch] + (ch == 9 || ch == 10 ? 'PCM Tone ' : cht == 'ssg' ? 'mixer mode ' : 'tone ') + Hex(X.U8(o));\n case 0xEA: return C[ch] + '@jump ' + Hex(o + X.I16(o + 1));\n case 0xE9: return C[ch] + '@call ' + Hex(o + X.I16(o + 1)) + ' (\"' + MUAP98CmdStr(ch, o + X.I16(o + 1), recurse + 1) + '\"...)';\n case 0xE8: return C[ch] + '@ret';\n case 0xE7: return C[ch] + 'Source Line symbolic info ' + Hex(X.U16(o + 1));\n case 0xE6: return C[ch] + (ch == 9 || ch == 10 || cht == 'ssg' ? 'x27 nop' : 'USR Tone');\n case 0xE5: return C[ch] + 'Play Stack init';\n case 0xE4: return C[ch] + '@if x' + ((X.U8(o + 1) & 0xF) - 6) + ' ' + ifop[X.U8(o + 1) >> 4] + ' ' + X.U8(o + 2)\n + ' jump ' + Hex(t = o + 2 + X.I16(o + 3)) + ' (\"' + MUAP98CmdStr(ch, t, recurse + 1) + '\"...)';\n case 0xE3: return C[ch] + '@if x' + ((X.U8(o + 1) & 0xF) - 6) + ' ' + ifop[X.U8(o + 1) >> 4] + ' ' + X.U8(o + 2)\n + ' call ' + Hex(t = o + 2 + X.I16(o + 3)) + ' (\"' + MUAP98CmdStr(ch, t, recurse + 1) + '\")...';\n case 0xE2: return C[ch] + 'change vol data ' + Hex(X.U8(o + 1));\n case 0xE1: return C[ch] + 'tie';\n case 0xE0: return C[ch] + 'loopcnt clear';\n case 0xDF: return C[ch] + 'slur';\n case 0xDE: return C[ch] + 'set ratio ' + Hex(X.U8(o + 1));\n case 0xDD: return C[ch] + 'cmt len ' + Hex(X.U8(o + 1));\n case 0xDC: return C[ch] + 'init Skip_data ' + outArray(X.readBytes(o + 1, 3), 16);\n case 0xDB: return C[ch] + 'cmt: ' + Hex(X.U8(o + 1)) + ' ' + Hex(X.U8(o + 2)) + ': \"' + X.SC(o + 4, X.U8(o + 3), 'SJIS') + '\"';\n case 0xDA: return C[ch] + 'set X: ' + outArray(X.readBytes(o + 1, 3), 16);\n case 0xD9: return C[ch] + 'set LFO pars. ' + outArray(X.readBytes(o + 1, 6), 16);\n case 0xD8: return C[ch] + 'LFO start(p,a)/stop ' + Hex(X.U8(o + 1)); //LFO start(pmd,amd)/stop\n case 0xD7: return C[ch] + 'vol += ' + Hex(X.U8(o + 1));\n case 0xD6: return C[ch] + 'vol -= ' + Hex(X.U8(o + 1));\n case 0xD5: return C[ch] + (ch == 9 || ch == 10 ? 'PCM play ' : cht == 'ssg' ? 'Start vol/Attack rate ' : 'x3 nop ') + X.U16(o);\n case 0xD4: return C[ch] + (ch == 9 || ch == 10 ? 'PCM addr ' + X.U32(o + 1) : 'x5 nop');\n case 0xD3: var t = (X.U8(o + 1) & 0xF) - 6; return C[ch] + '@if ' + (t >= 0 ? 'x' + t : 'lpcnt') + ' ' + ifop[X.U8(o + 1) >> 4] + ' ' + X.U8(o + 2)\n + ' exit ' + Hex(o + 5 + X.U16(o + 3));\n case 0xD2: return C[ch] + 'Play Stack +1';\n case 0xD1: return C[ch] + 'fade out';\n case 0xD0: return C[ch] + 'ssg||pcm ' + Hex(X.U8(o + 1));\n case 0xCF: return C[ch] + 'channel change ' + Hex(X.U8(o + 1));\n case 0xCE: return C[ch] + (ch == 9 || ch == 10 ? 'set last tone,vol,pan' : cht == 'ssg' ? 'set last tone,vol' : '?? FM: CEh ??');\n default: return C[ch] + 'unk. cmd ' + Hex(c);\n }\n}\n\n/** Packen/ぱっくん Software MUAP98/みゅあっぷ Object bytecode detector. If < 0, consider invalid.\n * The custom data returned is the comment field or \"\".\n */\nfunction parseMUAP98(p, len, ch) {\n len = len || BCParseToReasonable; p = p || 0;\n const p0 = p,\n max = (len == BCParseToReasonable) ? Math.min(0x10000, X.Sz(), p + 0x400) :\n (len == BCParseToEoF || len == BCParseToEndMarker) ? Math.min(0x10000, X.Sz()) : p + len;\n var cht = (ch == 9) ? 'rhy' : ch == 10 ? 'pcm' : 3 <= ch && ch <= 5 ? 'ssg' : 'fm',\n c, notes = 0, stop = false, cmtlen = -1, cmt = \"\", /*stack depths:*/ lpd = 1, calld = ifd = mp = ic = 0;\n var visited = [];\n for (var i = p0; i < max; i++) visited[i] = false;\n function re(p, t) { if (debug > 1) _l2r('muap98', p, 'ch' + ch + ': ' + t); return [BCInvalidFormat, p, 0]; }\n while (p0 <= p && p < max && !stop) {\n if (ifd < 0) sus++;\n visited[p] = true; if (p > mp) mp = p;\n //_log(Hex(p,4)+': '+MUAP98CmdStr(ch,p));\n c = X.U8(p);\n if (c < 0x40) {\n if (c > 15 && cht == 'ssg') return re(p, '!badSSGnote');\n if (!X.U8(p + 1)) ic++; //actually happens...\n notes++; p += 2;\n }\n else if (c < 0xCE) return re(p, '!badcmd' + Hex(c));\n else switch (c) {\n case 0xFF: p++; break; //keyoff and rest for note length\n case 0xFE: lpd = 0; p++; break; //reset & restart\n case 0xFD: p++; stop = true; break; //reset & stop playback\n case 0xFC: stop = true; p++; if (mp < p) mp = p; break; //channel end playback\n case 0xFB: p++; break; /*wait on '*/\n case 0xF9: if (ch != 9) notes++; p++; break; //FM/SSG: same frequency play; RHY/PCM: rhythm cmd end\n case 0xF8: p += 4; break; //add frequency\n case 0xF7: t = p - X.I16(p + 1); if (!isWithin(t, 0x18, max) || Math.abs(t - p) < 2) return re(p, 'loop@' + Hex(t));\n if (!isWithin(t, p0, max)) sus++; p += 4; break; //loop N times\n case 0xF6: p += 2; break; //pan\n case 0xF5: if (!isWithin(X.U16(p + 1), 0x10, 0xFFF/*dox: C18 max*/)) return re(p, '!badtempo'); //Timer-A tempo\n p += 3; break;\n case 0xF4: p += 3; break; //length/ratio change\n case 0xF3: p++; break; //wait all channels: 小節位置を調整する。演奏しているチャネル全てにこのデータが来るまで待機する。\n case 0xF2: p += 4; break; //RHY/PCM: DSP mode, level, delay; FM/SSG: a 4-byte nop\n case 0xF1: p += 3; break; //set reg data\n case 0xF0: //set system detune; RHY/PCM: Rhythm Key on\n if (ch == 9 || ch == 10) { notes++; if (!X.U8(p + 1)) re(p, 'RHY F0: 0') }\n p += 2; break;\n case 0xDF/*slur*/: case 0xD2/*Play Stack +1*/: case 0xD1/*fade out*/: p++; break;\n case 0xFA: p += 9; break; // 3ch 4harm play; RHY/PCM: a 9-byte nop\n case 0xEF: p += 2; break; //hard LFO speed; RHY/PCM: Rhythm Dump\n case 0xEE: p += 3; break; //hard LFO AMD, PMD, AMon; RHY/PCM: set Rhythm pan/vol\n case 0xED: p += 2; break; //3ch 4harm mode; RHY/PCM: a 2-byte nop\n case 0xEC: p += 2; break; //key display mask on/off & colour\n case 0xEB: p += 2; break; //tone number change\n case 0xEA: //@jump, @call\n t = p + X.I16(p + 1); if (!isWithin(t, 0x18, max) || Math.abs(t - p) < 2) return re(p, '!' + MUAP98CmdStr(ch, p, 1));\n if (t < p0) ic++; if (visited[t]) stop = true; p = t; break;\n case 0xE9:\n t = p + X.I16(p + 1); if (!isWithin(t, 0x18, max) || Math.abs(t - p) < 2) return re(p, '!' + MUAP98CmdStr(ch, p, 1));\n if (t < p0) ic++; calld++; p += 3; break;\n case 0xE8: calld--; if (calld < 0) return re(p, '!RetW/oSub'); p++; break; //@ret\n case 0xE7: p += 3; break; //Source Line symbolic information\n case 0xE6:\n /* if(cht == 'fm') { TODO } */ p += 27; break; //FM: set USR Tone parameter; SSG, RHY, PCM: a 27-byte nop\n case 0xE5: p++; break; //Play Stack init\n case 0xE4: case 0xE3: //if @jump, if @call\n t = p + 2 + X.I16(p + 3); if (!isWithin(t, 0x18, max) || Math.abs(t - p) < 2 || (X.U8(p + 1) >> 4) > 3) return re(p, '!' + MUAP98CmdStr(ch, p, 1));\n if (t < p0) ic++;\n if (c == 0xE3) calld++; if (c == 0xE4) { if (visited[t]) stop = true; p = t } else p += 5; break;\n case 0xE2: p += 2; break; //change vol data\n case 0xE1: p++; break; //tie\n case 0xE0: lpd = 0; p++; break; //loop ctr clear\n case 0xDE: p += 2; break; //change ratio only\n case 0xDD: cmtlen = X.U8(p + 1); p += 2; break; //doesn't seem to be of any use...\n case 0xDC: p += 4; break; //init Skip_data\n case 0xDB: cmt = cmt.appendS(X.SC(p + 4, X.U8(p + 3), 'SJIS'), ' / '); p += X.U8(p + 3) + 4; break;\n case 0xDA: p += 4; break; //set X Value\n case 0xD9: p += 7; break; //set LFO parameters\n case 0xD8: p += 2; break; //LFO start(pmd,amd)/stop\n case 0xD7: case 0xD6: p += 2; break; //increase/decrease vol\n case 0xD5: p += 3; if (ch == 9 || ch == 10) notes++; break; //SSG: Start vol/Attack rate; RHY/PCM: PCM play; FM: a 3-byte nop\n case 0xD4: p += 5; break; //RHY/PCM: set PCM address; FM/SSG: a 5-byte nop\n case 0xD3: p += 5; break; //@if... exit current loop\n case 0xD0: re(p, 'ssg/pcm:' + Hex(X.U8(p + 1))); p += 2; break; //SSG||PCM mode\n case 0xCF:\n ch = X.U8(p + 1); cht = (ch == 9) ? 'rhy' : ch == 10 ? 'pcm' : 3 <= ch && ch <= 5 ? 'ssg' : 'fm';\n p += 2; break; //send channel change\n case 0xCE: p++; break; //SSG:set last mixer mode, vol, env; RHY/PCM:set last tone/vol/pan (from before sfx)\n }\n }\n return [notes, p, 0, cmt, mp, ic];\n}\n\n\n// -= MDX/MXDRV command explainer, useful for loggers =-\n\nfunction MDXCmdStr(ch, o) {\n const C = ['A', 'B', 'C', 'D', 'E', 'F', 'G', 'H', 'P', 'Q', 'R', 'S', 'T', 'U', 'V', 'W'];\n const notes = ['D#', 'E', 'F', 'F#', 'G', 'G#', 'A', 'A#', 'B', 'B#', 'C', 'C#', 'D']; var c = X.U8(o);\n if (c < 0x80) return C[ch] + ': rest ' + (c + 1);\n else if (c <= 0xDF) {\n c -= 0x80;\n if (ch > 8) return C[ch] + ': smp#' + c;\n else return C[ch] + ': ' + notes[c % 12] + (Util.divu64(c, 12)) + ' ~' + (X.U8(o + 1) + 1);\n }\n else switch (c) {\n case 0xFF: return C[ch] + ': bpm ' + X.U8(o + 1); case 0xFE: return C[ch] + ': R ' + YM2151RegStr(X.U8(o + 1), X.U8(o + 2));\n case 0xFD: return C[ch] + ': voicedata ' + X.U8(o + 1); case 0xFC: return C[ch] + ': pan ' + X.U8(o + 1);\n case 0xFB: if (X.U8(o + 1) & 0x80) return C[ch] + ': @vol ' + (X.U8(o + 1) & 0x7F); else return C[ch] + ': vol ' + X.U8(o + 1);\n case 0xFA: return C[ch] + ': vol-'; case 0xF9: return C[ch] + ': vol+';\n case 0xF8: return C[ch] + ': staccato ' + X.U8(o + 1); case 0xF7: return C[ch] + ': legato';\n case 0xF6: return C[ch] + ': rep.' + X.U8(o + 1) + ' [' + (X.U8(o + 2) ? '/' + X.U8(o + 2) : '') + '...';\n case 0xF5: return C[ch] + ': ...]rep.,ret→' + Hex(o + X.I16(o + 1, _BE));\n case 0xF4: return C[ch] + ': .../rep.esc→' + Hex(o + X.I16(o + 1, _BE));\n case 0xF3: return C[ch] + ': detune ' + X.I16(o + 1, _BE) / 0x40;\n case 0xF2: return C[ch] + ': portamento ' + X.I16(o + 1, _BE) / 0x4000 + ' ↓';\n case 0xF1: if (X.U8(o + 1)) return C[ch] + ': loop from ' + Hex(o + 3 + X.I16(o + 1, _BE)) + '.'; else return C[ch] + ' ends.';\n case 0xF0: return C[ch] + ': delay key-on ' + X.U8(o + 1); case 0xEF: return C[ch] + ': sync send on ch' + X.U8(o + 1);\n case 0xEE: return C[ch] + ': sync wait on ch' + X.U8(o + 1); case 0xED: return C[ch] + ': noise/smp freq ' + X.U8(o + 1);\n case 0xEC: if (X.U8(o + 1) == 0x80) return C[ch] + ': pitch LFO off';\n else if (X.U8(o + 1) == 0x81) return C[ch] + ': pitch LFO on';\n else return C[ch] + ': LFO pitch wf ' + X.U8(o + 1) + ' freq ' + X.U16(o + 2, _BE) + ' amp ' + X.U16(o + 4, _BE);\n case 0xEB: if (X.U8(o + 1) == 0x80) return C[ch] + ': vol LFO off';\n else if (X.U8(o + 1) == 0x81) return C[ch] + ': vol LFO on';\n else return C[ch] + ': LFO vol wf ' + X.U8(o + 1) + ' freq ' + X.U16(o + 2, _BE) + ' amp ' + X.U16(o + 4, _BE);\n case 0xEA: if (X.U8(o + 1) == 0x80) return C[ch] + ': OPM LFO off';\n else if (X.U8(o + 1) == 0x81) return C[ch] + ': OPM LFO on';\n else return C[ch] + ': LFO OPM syn/wf ' + X.U8(o + 1) + ' lfrq ' + X.U8(o + 2) + ' PMD ' + X.U8(o + 3) + ' AMD ' + X.U8(o + 4) + ' P/AMS ' + X.U8(o + 5);\n case 0xE9: return C[ch] + ': LFO key-on dly ' + X.U8(o + 1); case 0xE8: return C[ch] + ': PCM8 on';\n case 0xE7: return C[ch] + ': Fadeout' + (X.U8(o + 1) == 1 ? '' : Hex(X.U8(o + 1))) + ' spd ' + X.U8(o + 2);\n default: return C[ch] + ': unknown command ' + Hex(X.U8(o));\n }\n}\n\n\n// -= Yamaha YM2151 FM Operator Type-M (OPM) related functionality =-\n\nfunction isYM2151Reg(a) {\n//The OPM doesn't use these registers so we break off if we hit one:\n return [0, 2, 3, 4, 5, 6, 7, 9, 0xA, 0xB, 0xC, 0xD, 0xE, 0x10,\n 0x13, 0x15, 0x16, 0x17, 0x1A, 0x1C, 0x1D, 0x1E, 0x1F].indexOf(a) < 0;\n}\n\nfunction YM2151RegStr(a, b) {\n //from https://retrocdn.net/images/9/9c/YM2151_Application_Manual.pdf\n // & https://cx5m.file-hunter.com/fmunit.htm - this one contains errors!\n if (!isYM2151Reg(a)) return '!bad#' + Hex(a);\n if (a == 1) if ((b & 2) == b) return 'LFOR'; else return 'TEST' + Bin(b);\n if (a == 8) return 'keyon ch' + (b & 7) + ' slot' + Bin((b >> 3) & 0xF);\n if (a == 0xF) return 'noise' + ['off', 'on'][b >> 7] + ' freq' + Hex(b >> 0x1F);\n if (a == 0x11) return 'CLKA MSB freq' + Hex(b);\n if (a == 0x12) return 'CLKA LSB freq' + Hex(b & 3);\n if (a == 0x13) return 'CLKB freq' + Hex(b);\n if (a == 0x14) return 'Clk CSM' + (b >> 7) + ' FResetBA' + Bin((b >> 4) & 3, 2)\n + ' IRQEnBA' + Bin((b >> 2) & 3, 2) + ' LoadBA' + Bin(b & 3, 2);\n if (a == 0x18) return 'LowOscFreq ' + Hex(b);\n if (a == 0x19) return ['Amp', 'Phase'][b >> 7] + 'Mod depth' + Hex(b & 0x7F);\n if (a == 0x1B) return 'LFOWave ctl' + (b >> 6) + ' ' + ['saw', 'sqr', 'tri', 'noise'][b & 3];\n if (a <= 0x27) return 'Ch ' + (a & 0x7) + ' ctl ' + (b & 0x80 ? 'R' : '') + (b & 0x40 ? 'L' : '') + ' FB' + ((b >> 3) & 7) + ' con' + (b & 7);\n if (a <= 0x2F) {\n o = ((b >> 4) & 7);\n return 'KC/prep note-on ch' + (a & 0x7) + ' '\n + (o ? ['C#', 'D', 'D#', '', 'E', 'F', 'F#', '', 'G', 'G#', 'A', '', 'A#', 'B', 'C', ''][b & 0xF] + o : '--');\n }\n if (a <= 0x37) return 'KF/prep p.bend ch' + (a & 0x7) + ' kf' + (b >> 2);\n if (a <= 0x3F) return 'ModSensy. ch' + (a & 0x7) + ' phase' + ((b >> 4) & 7) + ' amp' + (b & 3);\n if (a <= 0x47) return 'OP1 ch' + (a & 0x7) + ' dt1:' + ((b >> 4) & 7) + ' mul' + (b & 0xF);\n if (a <= 0x4F) return 'OP3 ch' + (a & 0x7) + ' dt1:' + ((b >> 4) & 7) + ' mul' + (b & 0xF);\n if (a <= 0x57) return 'OP2 ch' + (a & 0x7) + ' dt1:' + ((b >> 4) & 7) + ' mul' + (b & 0xF);\n if (a <= 0x5F) return 'OP4 ch' + (a & 0x7) + ' dt1:' + ((b >> 4) & 7) + ' mul' + (b & 0xF);\n if (a <= 0x67) return 'OP1 ch' + (a & 0x7) + ' TL' + (b & 0x7F);\n if (a <= 0x6F) return 'OP3 ch' + (a & 0x7) + ' TL' + (b & 0x7F);\n if (a <= 0x77) return 'OP2 ch' + (a & 0x7) + ' TL' + (b & 0x7F);\n if (a <= 0x7F) return 'OP4 ch' + (a & 0x7) + ' TL' + (b & 0x7F);\n if (a <= 0x87) return 'OP1 ch' + (a & 0x7) + ' KeyScl' + (b >> 6) + ' atk' + (b & 0x1F);\n if (a <= 0x8F) return 'OP3 ch' + (a & 0x7) + ' KeyScl' + (b >> 6) + ' atk' + (b & 0x1F);\n if (a <= 0x97) return 'OP2 ch' + (a & 0x7) + ' KeyScl' + (b >> 6) + ' atk' + (b & 0x1F);\n if (a <= 0x9F) return 'OP4 ch' + (a & 0x7) + ' KeyScl' + (b >> 6) + ' atk' + (b & 0x1F);\n if (a <= 0xA7) return 'OP1 ch' + (a & 0x7) + ' AMS' + ['off', 'on'][b >> 7] + ' dcy1R:' + (b & 0x1F);\n if (a <= 0xAF) return 'OP3 ch' + (a & 0x7) + ' AMS' + ['off', 'on'][b >> 7] + ' dcy1R:' + (b & 0x1F);\n if (a <= 0xB7) return 'OP2 ch' + (a & 0x7) + ' AMS' + ['off', 'on'][b >> 7] + ' dcy1R:' + (b & 0x1F);\n if (a <= 0xBF) return 'OP4 ch' + (a & 0x7) + ' AMS' + ['off', 'on'][b >> 7] + ' dcy1R:' + (b & 0x1F);\n if (a <= 0xC7) return 'OP1 ch' + (a & 0x7) + ' dt2:' + (b >> 6) + ' dcy2R:' + (b & 0x1F);\n if (a <= 0xCF) return 'OP3 ch' + (a & 0x7) + ' dt2:' + (b >> 6) + ' dcy2R:' + (b & 0x1F);\n if (a <= 0xD7) return 'OP2 ch' + (a & 0x7) + ' dt2:' + (b >> 6) + ' dcy2R:' + (b & 0x1F);\n if (a <= 0xDF) return 'OP4 ch' + (a & 0x7) + ' dt2:' + (b >> 6) + ' dcy2R:' + (b & 0x1F);\n if (a <= 0xE7) return 'OP1 ch' + (a & 0x7) + ' dcy2L:' + (b >> 4) + ' rel:' + (b & 0xF);\n if (a <= 0xEF) return 'OP3 ch' + (a & 0x7) + ' dcy2L:' + (b >> 4) + ' rel:' + (b & 0xF);\n if (a <= 0xF7) return 'OP2 ch' + (a & 0x7) + ' dcy2L:' + (b >> 4) + ' rel:' + (b & 0xF);\n return 'OP4 ch' + (a & 0x7) + ' dcy2L:' + (b >> 4) + ' rel:' + (b & 0xF);\n}\n\n/** OPM/YM2151 register log detector. If <= 0, consider invalid.\n * no custom data or end marker to be expected.\n */\nfunction parseYM2151RegLog(p, len) {\n //ref https://retrocdn.net/images/9/9c/YM2151_Application_Manual.pdf\n len = len || BCParseToReasonable; p = p || 0;\n var max = (len == BCParseToEoF) ? X.Sz() : Math.min(X.Sz(), p + 0x2000),\n notes = 0, ic = 0, confirmed = false,\n v = [0, 0, 0, 0, 0], chinits = [],\n r, x;\n for(var i=0; i < 8; chinits[i++]=0);\n function re(p, t) { if(debug>1)_l2r('opm', p, t); return [BCInvalidFormat,p,0]; }\n function iC() { if(debug>0)_l2r('opm', p-2, Hex(r)+' - '+Hex(x)+': invalid value'); ic++; }\n while(!X.U8(p) && p < 0x800) p++; //skip zeroes unless too many\n if(!X.U8(p)) return [BCInvalidFormat,p,0]; //sanity, heuristics, just reasonable they'd cut off the meaningless zeroes\n while (p < max && ic < 10) {\n r = X.U8(p++); if (!r) continue; x = X.U8(p++);\n if (!isYM2151Reg(r)) iC();\n if(debug>1)_logIt(YM2151RegStr(r,x));\n/* The working YM2151 regs are:\n 01: TEST | 08: x111 1222: (SM)KON, CH № | 0F: 1xx2 2222: NE, NFRQ\n 10: CLKA1 | 11: xxxx xx11: CLKA2 | 12: CLKAB\n 14: 1x22 3344: CSM, FLAG RESET B&A, IRQ-EN B&A, LOAD B&A\n 18: LFRQ | 19: PMD/AMD | 1B: 11xx xx22: CT, W | 20~27: 1122 23333: RL, FB, CONECT\n 28~2F: x111 2222: KC { OCT, NOTE } | 30~37: 1111 11xx: KF | 38~3F: x111 xx22: PMS, AMS\n 40~5F: x111 2222: DT1, MUL | 60~7F: x111 1111: TL | 80~9F: 11x2 2222: KS, AR\n A0~BF: 1xx2 2222: AMS-EN, D1R | C0~DF: 11x2 2222: DT2, D2R | E0~FF: 1111 2222: D1L, RR\n*/\n if (r <= 0x27) {\n if (r == 1) { if (x & 0xFD) break; }\n else if (r == 8) {\n if (x & 0x78) { notes += bitCount((x >> 3) & 0xF); v[0]++; }\n else if (x & 0x80) iC();\n // TODO check if the notes played are initialised properly. It won't sound right if not so expect goodness!\n // if(chinits[r & 7] > 5) chok[r & 7]++ // adapt to bitCount!\n }\n else if (r == 0xF) { if (x & 0x60) iC(); }\n else if (r == 0x11) { if (x > 3) iC(); }\n else if (r == 0x14) { if (x & 0x40) iC(); }\n else if (r == 0x1B) { if (x & 0x3C) iC(); }\n }\n else if (r <= 0x2F) { if ((x & 0x80) || [3,7,0xB,0xF].indexOf(x&0xF) >= 0) iC(); }\n else if (r <= 0x37) {} //{ if (x & 3) iC(); } // should be a filter but some tunes want it that way\n else if (r <= 0x3F) { if (x & 0x8C) iC(); }\n else if (r <= 0x7F) { if (x & 0x80) iC(); v[1]++; chinits[r & 7]++; } // TL set\n else if (r <= 0x9F) { if (x & 0x20) iC(); v[2]++; chinits[r & 7]++; } // KS/AR set\n else if (r <= 0xBF) { if (x & 0x60) iC(); v[3]++; chinits[r & 7]++; } // AMS/D1R set\n else if (r <= 0xDF) { if (x & 0x20) iC(); v[4]++; chinits[r & 7]++; } // DT2/D2R set\n else { v[4]++; chinits[r & 7]++; } // D1L/RR set\n\n if(!confirmed) \n if(p > 0x1000)\n if (ic >= 40 || notes < 20 || v[0] < 24 || v[1] < 24 || v[2] < 24 || v[3] < 24 || v[4] < 24)\n return [BCInvalidFormat]; // false positives can be pretty long!\n else confirmed = true\n }\n var chok = 0; for (var i=0; i < 8; i++) if (chinits[i] > 5) chok++;\nif(debug>0)_logIt(outArray([notes, v, chok, p], 16))\n if (confirmed && chok > 0) return [notes, p, chok];\n return [BCInvalidFormat, p, chok];\n}\n\n\n\n// -= Yamaha YM2612(OPN2) related functionality =-\n\nfunction isYM2612Reg(a) {\n//The OPN2 doesn't have these registers:\n return !( a < 0x22 || a == 0x23 || a > 0xB7/*B6*/ || isWithin(a, 0x2C,0x2F)\n// || (isWithin(a, 0x30, 0xAF) && (a & 3) == 3) // per-op registers from 3x to Ax must not have x3,x7, xB, xF. Some files do tho'.\n );\n}\n\n/** Mega Drive GYM bytecode detector. Returns BCInvalidFormat in resut[0] if invalid;\n * no custom data or end marker to be expected.\n */\nfunction parseMDGYM(p, len) {\n //ref https://plutiedev.com/ym2612-registers\n //& https://github.com/ValleyBell/libvgm/blob/master/player/gymplayer.cpp\n len = len || BCParseToReasonable; p = p || 0;\n var tmr; if(debug>0){ tmr = new CheckpointTimer(); tmr.init(300); }\n var max = (len == BCParseToEoF) ? X.Sz() : Math.min(X.Sz(), p+0x2000),\n notes = 0, v = [0, 0, 0, 0, 0], ir = 0, //notes, validation, invalid registers\n c, r, x, doPSGFreq2nd = false;\n function re(p, t) { if (debug>0)_l2r('gym', p, t); return [BCInvalidFormat, p, 0]; }\n while(!X.U8(p) && p < 0x800) p++; //skip zeroes unless too many\n while (p < max && ir < 10) switch (c = X.U8(p++)) {\n case 0: doPSGFreq2nd = false; break;\n case 1: case 2: r = X.U8(p++); if(c == 2 && r < 0x21) return;\n x = X.U8(p++); if (!isYM2612Reg(r)) { ir++; if(debug>0)_l2r('gym',p-2,c + ': R ' + Hex(r)) }\n if (r == 0x28 && (x >> 4)) { notes += bitCount(x >> 4); if(debug>0)_l2r('gym',p-2,'#') }\n else if (r == 0x2A) v[4]++; //PCM\n else if ((r & 0xF0) == 0x30) { v[0]++; if(debug>0)_l2r('gym',p-2,'ML/DT') } // MUL/DT set\n else if ((r & 0xF0) == 0x40 && X.U8(p) > 0) { v[1]++; if(debug>0)_l2r('gym',p-2,'TL') } // TL set\n else if ((r & 0xF0) == 0x50) { v[2]++; if(debug>0)_l2r('gym',p-2,'AR/RS') } // AR/RS set\n else if ((r & 0xF0) == 0x60) { v[3]++; if(debug>0)_l2r('gym',p-2,'DR/AM') }// DR/AM set\n else if(debug>0)_l2r('gym',p-2,c+': R '+Hex(r))\n // can't check other reg pushes for validity\n break;\n case 3: r = X.U8(p++); if(debug>0)_l2r('gym',p-2,'PSG');\n if(r & 0x80) doPSGFreq2nd = (!(r&0x10) && r < 0xE0);\n else if(doPSGFreq2nd && r < 0x40) doPSGFreq2nd = false;\n else return [BCInvalidFormat, p, 0];\n break;\n default: return re(p-1, '!cmd' + Hex(c));\n }\nif(debug>0)tmr.next('GYM: end of tested area @'+Hex(p)+' ir='+ir)\nif(debug>0)_l2r('gym',p,outArray([notes, v], 16));\n if ((!notes || v[0] < 8 || v[1] < 8 || v[2] < 8 || v[3] < 8) && v[0]+v[1]+v[2]+v[3]+v[4] < 100) return [BCInvalidFormat, p, 0];\n return [notes, p, 0];\n}\n\n\n// -= AdLib/Sound Blaster YM3812/OPL2 related functionality =-\n\n//ref https://web.archive.org/web/20050205055453/http://www.gamedev.net/reference/articles/article446.asp\n\n//The AdLib/OPL2 uses these registers:\nfunction isYM3812Reg(a) {\n return isWithinRanges(a, [1,2,3,4,8,0xBD, [0x20,0x35]])\n || ( isWithinRanges(a, [[0x40,0x55], [0x60,0x75], [0x80,0x95], [0xE0,0xF5]] ) && [6,7,14,15].indexOf(a & 0x1F) < 0\n || isWithinRanges(a, [[0xA0,0xA8], [0xB0,0xB8], [0xC0,0xC8]]));\n}\n\nvar __adlibnote = []; for(var _0=0; _0 < 9; _0++) __adlibnote.push([-1,-1,-1]); //channel: key-on, octave, F-num\n\nfunction YM3812CmdStr(o, recurse) {\n const\n C = ['1.1:','2.1:','3.1:', '1.2:','2.2:','3.2:','!6:','!7:', '4.1:','5.1:','6.1:', '4.2:','5.2:','6.2:','!E:','!F:',\n '7.1:','8.1:','9.1:', '7.2:','8.2:','9.2:'],\n wf = ['sine', '/ ̄\\\\_', '/ ̄\\\\/ ̄\\\\', '/|_/|_'],\n //notes = ['C#', 'D', 'D#', 'E', 'F', 'F#', 'G', 'G#', 'A', 'A#', 'B', 'C'], //TODO? parse the F-number\n c = X.U8(o);\n var t;\n if (c >= 0xE0) return C[c & 0x1F] + 'wf ' + wf[X.U8(o + 1)];\n else if (c >= 0xC0) return ((c & 0xF) + 1) + ':fb/conn' + Hex(X.U8(o + 1));\n else if (c == 0xBD) return 'AMdepth/VD/Rhy ' + Hex(X.U8(o + 1));\n else if (c >= 0xB0) return ((c & 0xF) + 1) + 'oct/F_msb/key-on ' + Hex(X.U8(o + 1));\n else if (c >= 0xA0) return ((c & 0xF) + 1) + 'F_lsb ' + Hex(X.U8(o + 1));\n else if (c >= 0x80) return C[c & 0x1F] + 'S/R ' + Hex(X.U8(o + 1));\n else if (c >= 0x60) return C[c & 0x1F] + 'A/D ' + Hex(X.U8(o + 1));\n else if (c >= 0x40) return C[c & 0x1F] + 'level ' + Hex(X.U8(o + 1));\n else if (c >= 0x20) return C[c & 0x1F] + 'AM/vib/envgen/keyscale/MFmul ' + Hex(X.U8(o + 1));\n else if (c == 8) return 'CSM/keysplit ' + Hex(X.U8(o + 1));\n else if (c == 4) return 'tmrctl ' + Hex(X.U8(o + 1));\n else if (c == 3) return 'tmr2 ' + Hex(X.U8(o + 1));\n else if (c == 2) return 'tmr1 ' + Hex(X.U8(o + 1));\n else if (c == 4) return 'test/wfctl ' + Hex(X.U8(o + 1));\n}\n\n/** AdLib/OPL2 bytecode detector. If <= 0, consider invalid.\n * no custom data or end marker to be expected.\n */\nfunction parseYM3812RegLog(p, len) {\n len = len || BCParseToReasonable; p = p || 0;\n var max = (len == BCParseToEoF) ? X.Sz() - 2 : Math.min(X.Sz() - 2, p + 0x2000),\n notes = 0, v = [0, 0, 0, 0],\n c, r, x, tmr;\n if(debug>0){ tmr = new CheckpointTimer(); tmr.init(300); }\n function re(p, t) { if(debug>1)_l2r('adlib',p,t); return [BCInvalidFormat, p, 0]; }\n while(!X.U8(p) && p < 0x800) p++; //skip zeroes unless too many\n if(!X.U8(p)) return [BCInvalidFormat,p,0]; //sanity, heuristics, just reasonable they'd cut off the meaningless zeroes\n while (p < max) {\n r = X.U8(p++); x = X.U8(p++); if (!isYM3812Reg(r)) return re(p - 2, 'R ' + Hex(r) + ' : '+Hex(x));\n if (r == 0x28 && (x >> 4)) notes += bitCount(x >> 4);\n if ((r & 0xF0) == 0x30) v[0]++; // MUL/DT set\n if ((r & 0xF0) == 0x40 && X.U8(p) > 0) v[1]++; // TL set\n if ((r & 0xF0) == 0x50) v[2]++; // AR/RS set\n if ((r & 0xF0) == 0x60) v[3]++; // DR/AM set\n }\n if(debug>0) tmr.next('OPM chiptune: end of parsed data');\n if(debug>0)_logIt(outArray([notes, v, p], 16))\n if (!notes || v[0] < 24 || v[1] < 24 || v[2] < 24 || v[3] < 24) return [BCInvalidFormat, p, 0];\n return [notes, p, 0];\n}\n\n/* beautify ignore:end */" }, { "path": "db/cab", "content": "// Detect It Easy: DiE-JS framework file\r\n// Don't change anything unless you're sure about what you're doing\r\n\r\n// Detect a Cab archive.\r\n// Author: Jason Hood \r\n\r\nincludeScript(\"archive-file\");\r\nsName = \"Microsoft Cabinet File\";\r\n\r\nfunction detect_Cab(nOffset, nSize) {\r\n if (nSize > 48) {\r\n if (File.compare(\"'MSCF'00000000\", nOffset)) {\r\n bDetected = true;\r\n sVersion = File.readByte(nOffset + 0x19) + \".0\" + File.readByte(nOffset + 0x18);\r\n var nFilesOffset = nOffset + File.readDword(nOffset + 0x10);\r\n var nFiles = File.readWord(nOffset + 0x1C);\r\n var nPacked = File.readDword(nOffset + 8);\r\n if (File.readByte(nOffset + 0x1E) & 4) {\r\n nOffset += File.readDword(nOffset + 0x24) + 4;\r\n }\r\n switch (File.readByte(nOffset + 0x2A) & 15) {\r\n case 1:\r\n sOptions = sOptions.append(\"MSZip\");\r\n break;\r\n case 2:\r\n sOptions = sOptions.append(\"Quantum\");\r\n break;\r\n case 3:\r\n sOptions = sOptions.append(\"LZX\");\r\n break;\r\n }\r\n // Packed size is not stored directly, so assume the first\r\n // folder's data is first and just skip the names.\r\n nPacked -= File.readDword(nOffset + 0x24);\r\n while (nFiles--) {\r\n Archive.add(File.readDword(nFilesOffset), nPacked,\r\n File.readByte(nFilesOffset + 14) & 16);\r\n nFilesOffset = File.findByte(nFilesOffset + 16, 256, 0) + 1;\r\n nPacked = 0;\r\n }\r\n sOptions = sOptions.append(Archive.contents());\r\n\r\n return 1;\r\n }\r\n }\r\n\r\n return 0;\r\n}" }, { "path": "db/chunkparsers", "content": "// Detect It Easy: DiE-JS framework file\n// Don't change anything unless you're sure about what you're doing\n\n// Various systems' DOS chunk format parser functions.\n// They return info or the number -1 if it's not the right format.\n// Author: Kaens (TG @kaens)\n/* beautify ignore:start */\n\nincludeScript(\"read\");\n\n/**\n * If it's an Amiga hunk file, parses it and tries to be strict in case of garbage past EoF.\n * @param {Int} baseofs - base offset from which to start parsing\n * @returns {Array} [nTotalSize,aBlockInfo,c] where:\n * - nTotalSize: -1 if the file is not an Atari DOS \"binary save\", otherwise the total expected size (including baseofs);\n * - aBlockInfo: an Array with separate block types, offsets, and sizes, its length reflecting the number of hunks\n */\nfunction parseAmigaHunks(baseofs) {\n //TODO check types, check reslibs, break off if invalid\n if (typeof baseofs === \"undefined\") baseofs = 0;\n if (!X.c(\"000003F3\", baseofs)) return [-1, []]; //is it an Amiga hunk file?\n var p = baseofs + 4, x = sz = i = reslibs = 0, info = [], load = true;\n //library strings:\n while (p < X.Sz()) {\n x = X.U32(4, _BE); p += 4; if (!reslibs && x) load = false; if (x) reslibs++; else break; p += 4 * x;\n }\n var hunks = X.U32(p + 8, _BE) - X.U32(p + 4, _BE) + 1; p += 12;\n //sOption(hunks+' hunks')\n for (i = 0; i < hunks && p < X.Sz(); i++, p += 4) {\n //traverse hunks:\n var t = X.U32(p, _BE), add = (t >> 30) == 3 ? 4 : 0; t &= 0x3FFFFFFF; t <<= 2; t += add;\n //_log('@'+Hex(p)+' hunk#'+i+' = '+Hex(t));\n info.push([0/*TODO*/, sz, t]); sz += t;\n }\n sz += p;\n if (!info.length) return [-1, []]; else return [sz, info];\n}\n\n/**\n * If it's an Atari DOS block file, parses it and tries to be strict in case of garbage past EoF.\n * @param {Int} [baseofs] - base offset from which to start parsing\n * @returns {Array} [nTotalSize,aBlockInfo] where:\n * - nTotalSize: -1 if the file is not an Atari DOS \"binary save\", otherwise the total expected size (including baseofs);\n * - aBlockInfo: an Array of arrays with each block's offsets and sizes, its length reflecting the number of blocks\n*/\nfunction parseAtariBinary(baseofs) {\n if (typeof baseofs !== \"number\") baseofs = 0;\n if (!X.c(\"FFFF\", baseofs) || X.Sz() < baseofs + 6) return [-1, []];\n var hksz = 0,\n RAM = [],\n hkinfo = [],\n p = 2 + baseofs;\n while (p + 4 <= X.Sz() && p < 65520) {\n var ptr = X.U16(p);\n if (!hkinfo.length && ptr == 0xFFFF) { p += 2; ptr = X.U16(p); } // the subsequent blocks don't have to have a sig\n var eptr = X.U16(p + 2); if (eptr < ptr || (ptr <= 0xD7FF && eptr >= 0xD000)) break;\n//_l2r('atrbin',p,'@'+Hex(ptr)+':'+outArray(hkinfo,16))\n hksz = eptr + 1 - ptr; if (p + hksz > X.Sz()) if (!hkinfo.length) break;\n if (!hksz) break;\n RAM.push(ptr, hksz); if (findIntersections(RAM, true).length) break;\n p += 4; hkinfo.push([p, hksz]); p += hksz;\n }\n if (!hkinfo.length) return [-1, []]; else return [p, hkinfo];\n}" }, { "path": "db/duration", "content": "// Detect It Easy: DiE-JS framework file\r\n// Don't change anything unless you're sure about what you're doing\r\n\r\n// Convert a time in seconds to a string:\r\n// less than 10 seconds: N.NNs\r\n// less than a minute: NN.Ns\r\n// otherwise: NmNNs\r\n// Author: Jason Hood \r\n\r\nfunction duration(nSeconds) {\r\n if (nSeconds < 60) {\r\n return nSeconds.toFixed(nSeconds < 10 ? 2 : 1) + \"s\";\r\n }\r\n nSeconds = Math.round(nSeconds);\r\n return Math.floor(nSeconds / 60) + \"m\" +\r\n (\"0\" + Math.floor(nSeconds % 60)).slice(-2) + \"s\";\r\n}" }, { "path": "db/language", "content": "// Detect It Easy: DiE-JS framework file\n// Don't change anything unless you're sure about what you're doing\n\n// Author: DosX\n// E-Mail: collab@kay-software.ru\n// GitHub: https://github.com/DosX-dev\n// Telegram: @DosX_dev\n\nfunction _isLangPresent(languageName) {\n return _isResultPresent(\"language\", languageName) || _isResultPresent(\"~language\", languageName);\n}\n\nfunction _isLangDetected() {\n return _getNumberOfResults(\"language\") || _getNumberOfResults(\"~language\");\n}\n\nfunction _setLang(languageName, version) {\n // if \"C/C++\" already detected\n if (_isLangPresent(\"C/C++\") && (languageName == \"C\" || languageName == \"C++\")) {\n _removeResult(\"language\", \"C/C++\");\n }\n\n // if \"C\" or \"C++\"\" detected\n if (languageName == \"C/C++\" && (_isLangPresent(\"C\") || _isLangPresent(\"C++\"))) {\n return null;\n }\n\n // False-positive detection of C\n if (_isLangPresent(\"C\") && languageName !== \"C\") {\n _removeResult(\"language\", \"C\");\n }\n\n // False-positive detection of C++\n if (_isLangPresent(\"C++\") && languageName !== \"C++\") {\n _removeResult(\"language\", \"C++\");\n }\n\n // If the language already detected\n if (_isLangDetected() && (languageName == \"C/C++\" || languageName == \"C++\" || languageName == \"C\")) {\n return null;\n }\n\n if (File.isVerbose() && !_isLangPresent(languageName)) {\n var isHeurResult = (version == \"HEUR\");\n\n _setResult((isHeurResult ? \"~\" : \"\") + \"language\", languageName, (version && !isHeurResult ? version : \"\"), \"\");\n }\n\n}" }, { "path": "db/python", "content": "// Detect It Easy: DiE-JS framework file\n// Don't change anything unless you're sure about what you're doing\n\n// Author: DosX\n// E-Mail: collab@kay-software.ru\n// GitHub: https://github.com/DosX-dev\n// Telegram: @DosX_dev\n\nfunction getPythonVersionByDll(dllFileName) { // python = 💩\n var version = \"\";\n\n var startIndex = dllFileName.indexOf(\"python\");\n if (startIndex !== -1) {\n startIndex += 6;\n var endIndex = dllFileName.indexOf(\".\", startIndex);\n if (endIndex === -1) {\n endIndex = dllFileName.length;\n }\n version = dllFileName.substring(startIndex, endIndex);\n }\n\n if (version !== \"\") {\n if (version.length === 1) {\n return version + \".0\";\n } else if (version.length === 2) {\n return version[0] + \".\" + version[1];\n } else {\n return version[0] + \".\" + version.substring(1);\n }\n } else {\n return null;\n }\n}" }, { "path": "db/rar-file", "content": "// Detect It Easy: DiE-JS framework file\r\n// Don't change anything unless you're sure about what you're doing\r\n\r\n// Detect a RAR archive.\r\n// Author: Jason Hood \r\n\r\nincludeScript(\"archive-file\");\r\nsName = \"RAR\";\r\n\r\nfunction detect_RAR(bFile) {\r\n var nOffset, nSize;\r\n\r\n if (bFile) {\r\n nOffset = 0;\r\n nSize = File.getSize();\r\n } else {\r\n nOffset = File.getOverlayOffset();\r\n nSize = File.getOverlaySize();\r\n }\r\n\r\n if (nSize >= 64) {\r\n if (File.compare(\"'Rar!'1A07\", nOffset)) {\r\n switch (File.readByte(nOffset + 6)) {\r\n case 0:\r\n sVersion = \"4\";\r\n break;\r\n case 1:\r\n sVersion = \"5\";\r\n break;\r\n }\r\n\r\n bDetected = true;\r\n } else if (File.compare(\"'RE~^'\", nOffset)) {\r\n sVersion = \"1.4\";\r\n bDetected = true;\r\n }\r\n\r\n if (sVersion == \"4\") {\r\n\r\n var nOptions = File.readByte(nOffset + 10);\r\n\r\n if (nOptions & 8) {\r\n sOptions = \"solid\";\r\n }\r\n\r\n if (nOptions & 0x80) {\r\n sOptions += (sOptions !== String() ? \", \" : \"\") + \"encrypted\";\r\n } else {\r\n var nDelta = 0;\r\n\r\n nOffset += 7 + File.readWord(nOffset + 12);\r\n while (File.readByte(nOffset + 2) != 0x74) {\r\n nDelta = File.readWord(nOffset + 5) + File.readDword(nOffset + 7);\r\n\r\n if (!nDelta) {\r\n break;\r\n }\r\n\r\n nOffset += nDelta;\r\n }\r\n\r\n while (File.readByte(nOffset + 2) == 0x74) {\r\n var nLen = File.readDword(nOffset + 7);\r\n Archive.add(File.readDword(nOffset + 11), nLen,\r\n (File.readByte(nOffset + 3) & 0xE0) == 0xE0);\r\n nDelta = File.readWord(nOffset + 5) + nLen;\r\n if (!nDelta) {\r\n break;\r\n }\r\n\r\n nOffset += nDelta;\r\n }\r\n\r\n sOptions = sOptions.append(Archive.contents());\r\n }\r\n }\r\n }\r\n}" }, { "path": "db/read", "content": "// Detect It Easy: DiE-JS framework file\n// Don't change anything unless you're sure about what you're doing\n// If you want to change the style, please consider yourself unsure!\n\n// Supplemental read functions. Also common wrappers for info output, array processors, comparers, search algos, logging.\n// Author: Kaens (TG @kaens)\n\n/* beautify ignore:start */\n\n// don't make the following var or const; they need to be global constants\n_BE = true; _LE = false; // endianness for read_int16+\n// little-endian = reversed notation (Intel, ZX Spectrum),\n// big-endian = direct notation (TCP/IP, Motorola, Amiga)\n// For the BitReader Object, BE is MSB and LE is LSB (intuitively)\nCS_ALL = true; CS_BEST = false; // charStat needall\nFINT_QUICK = FINT_FAST = FINT_1 = FXSEC1 = true; // findIntersections: find just one for the speed's sake\nTOEOF = -1; // use for the size parameter in findSignature\n\n// The encoding tables start with 7F, not 80! 7F is undefined in many charsets but it's good to have something\n// The N(on)B(reakable)SP(ace) and S(oft)HY(phen) are kept as actual A0 and AD characters in this file \nCP437 = \"⌂\"+\n\t\"ÇüéâäàåçêëèïîìÄÅÉæÆôöòûùÿÖÜ¢£¥₧ƒ\"+\n\t\"áíóúñѪº¿⌐¬½¼¡«»░▒▓│┤╡╢╖╕╣║╗╝╜╛┐\"+\n\t\"└┴┬├─┼╞╟╚╔╩╦╠═╬╧╨╤╥╙╘╒╓╫╪┘┌█▄▌▐▀\"+\n\t\"αßΓπΣσµτΦΘΩδ∞φε∩≡±≥≤⌠⌡÷≈°∙·√ⁿ²■ \";\nCP866 = \"⌂\"+ //DOS Cyrillic\n\t'АБВГДЕЖЗИЙКЛМНОПРСТУФХЦЧШЩЪЫЬЭЮЯ'+\n\t'абвгдежзийклмноп░▒▓│┤╡╢╖╕╣║╗╝╜╛┐'+\n\t'└┴┬├─┼╞╟╚╔╩╦╠═╬╧╨╤╥╙╘╒╓╫╪┘┌█▄▌▐▀'+\n\t'рстуфхцчшщъыьэюяЁёЄєЇїЎў°∙·√№¤■ ';\nCP1251 = \"⌂\"+\n\t\"ЂЃ‚ѓ„…†‡€‰Љ‹ЊЌЋЏђ‘’“”•–—・™љ›њќћџ\"+\n\t\" ЎўЈ¤Ґ¦§Ё©Є«¬­®Ї°±Ііґµ¶·ё№є»јЅѕї\"+\n\t\"АБВГДЕЖЗИЙКЛМНОПРСТУФХЦЧШЩЪЫЬЭЮЯ\"+\n\t\"абвгдежзийклмнопрстуфхцчшщъыьэюя\";\nCP1252 = \"⌂\"+ //aka. Western aka. ISO-8859-1\n\t\"€・‚ƒ„…†‡ˆ‰Š‹Œ・Ž・・‘’“”•–—˜™š›œ・žŸ\"+\n\t\" ¡¢£¤¥¦§¨©ª«¬・®¯°±²³´µ¶·¸¹º»¼½¾¿\"+\n\t\"ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞß\"+\n\t\"àáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ\";\nKOI8R = \"⌂\"+ //aka. RFC 1489, Morse code based\n\t'─│┌┐└┘├┤┬┴┼▀▄█▌▐░▒▓⌠■∙√≈≤≥ ⌡°²·÷'+\n\t'═║╒ё╓╔╕╖╗╘╙╚╛╜╝╞╟╠╡Ё╢╣╤╥╦╧╨╩╪╫╬©'+\n\t'юабцдефгхийклмнопярстужвьызшэщчъ'+\n\t'ЮАБЦДЕФГХИЙКЛМНОПЯРСТУЖВЬЫЗШЭЩЧЪ';\nJISX0201 = \"⌂\"+\n\t\"→-‚ƒ„…†‡ˆ‰Š‹Œ↑Ž³™‘’“”•–—˜™š›œ¢žŸ\"+ //decided to mix it with cp1252\n\t\"→。「」、・ヲァィゥェォャュョッーアイウエカキクケコサシスセソタ\"+\n\t\"チツテトナニヌネノハヒフヘホマミムメモヤユヨラリルレロワン゙゚\"+\n\t\"àáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ\";\nCPAmiga = \"⫽\"+ // alternatively, \"▒\"\n\t\"абвгдежзийклмнопрстуфхцчшщъыьэюя\"+ //0x80~0x9F display Cyrillics, just to fill the void\n\t\" ¡¢£¤¥¦§¨©ª«¬–®¯°±²³´µ¶·¸¹º»¼½¾¿\"+ // Filling the void is important because we still want to see\n\t\"ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞß\"+ // differences in neighbouring values, for non-reading purposes\n\t\"àáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ\";\nCPRISCOS = \"⌂\"+\n\t\"€Ŵŵ◰﯀Ŷŷ�⇦⇨⇩⇧…™‰•‘’‹›“”„–—−Œœ†‡fifl\"+\n\t\" ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿\"+\n\t\"ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞß\"+\n\t\"àáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ\";\nCPATASCII = ['▶',\n\t'🖤','├','▊','┘','┤','┐','╱','╲','◤','▛','◥','▙','▟','▆',' ̄',\n\t'▜','♣','┌','─','┼','◘','▀','▐','┬','┴','▐','└','\\n','↑','↓','←','→',\n\t'█','!','”','#','$','%','&','’','(',')','*','+',',','ー','.',\n\t'/','𝟶','𝟷','𝟸','𝟹','𝟺','𝟻','𝟼','𝟽','𝟾','𝟿',':',';','<','=','>','?',\n\t'@','𝙰','𝙱','𝙲','𝙳','𝙴','𝙵','𝙶','𝙷','𝙸','𝙹','𝙺','𝙻','𝙼','𝙽','𝙾',\n\t'𝙿','𝚀','𝚁','𝚂','𝚃','𝚄','𝚅','𝚆','𝚇','𝚈','𝚉','【','\\\\','】','^','_',\n\t'♦','𝚊','𝚋','𝚌','𝚍','𝚎','𝚏','𝚐','𝚑','𝚒','𝚓','𝚔','𝚕','𝚖','𝚗','𝚘',\n\t'𝚙','𝚚','𝚛','𝚜','𝚝','𝚞','𝚟','𝚠','𝚡','𝚢','𝚣','♠','-','↰','◁','▷']; //arrow up then NW (🢰) not included for UTF limitations\nCPAtariST = \"⌂\"+\n\t\"ÇüéâäàåçêëèïîìÄÅÉæÆôöòûùÿÖÜ¢£¥ßƒ\"+\n\t\"áíóúñѪº¿⌐¬½¼¡«»ãõØøœŒÀÃÕ¨´†¶©®™\"+\n\t\"ijIJאבגדהוזחטיכלמנסעפצקרשתןךםףץ§∧∞\"+\n\t\"αβΓπΣσµτΦΘΩδ∮φ∈∩≡±≥≤⌠⌡÷≈°∙·√ⁿ²³¯\";\nCPFullCPETshifted = [ //all 256 ch. Commodore PET 2001 version. PETSCII UNSHIFTED and 8032 are different.\n\t// Multiple rather approximate values, until Unicode fonts catch up; ref.Wiki\n\t// It's an array because of unicode shenanigans representing some characters with multiple codepoints\n\"\\x00\",\"\\x01\",\"_\",\"⛔️\",\"\\x04\",\"⚪\",\"\\x06\",\"🔔\",\"⇪\",\"\\t\",\"\\x0A\",\"↘\",\"⇪\",\"\\x0D\",\"↘️\",\"💥\",\n\"\\x10\",\"⬇️\",\"↩️\",\"⇱\",\"⌫\",\"🗑️\",\"🗯️\",\"\\x17\",\"⇆\",\"↟\",\"?\",\"⎋\",\"🟥\",\"➡️\",\"🟩\",\"🟦\",\n\" \", \"!\", \"\\\"\", \"#\", \"$\", \"%\", \"&\", \"'\", \"(\", \")\", \"*\", \"+\", \",\", \"-\", \".\", \"/\",\n\"0\", \"1\", \"2\", \"3\", \"4\", \"5\", \"6\", \"7\", \"8\", \"9\", \":\", \";\", \"<\", \"=\", \">\", \"?\",\n\"@\", \"A\", \"B\", \"C\", \"D\", \"E\", \"F\", \"G\", \"H\", \"I\", \"J\", \"K\", \"L\", \"M\", \"N\", \"O\",\n\"P\", \"Q\", \"R\", \"S\", \"T\", \"U\", \"V\", \"W\", \"X\", \"Y\", \"Z\", \"[\", \"\\\\\", \"]\", \"↑\", \"←\",\n\" \", \"!\", \"\\\"\", \"#\", \"$\", \"%\", \"&\", \"'\", \"(\", \")\", \"*\", \"+\", \",\", \"-\", \".\", \"/\",\n\"0\", \"1\", \"2\", \"3\", \"4\", \"5\", \"6\", \"7\", \"8\", \"9\", \":\", \";\", \"<\", \"=\", \">\", \"▧\", \n\"\\x80\", \"🟣\", \"💥\", \"🚀\", \"🕶️\", \"[F1]\", \"[F3]\", \"[F5]\", \"[F7]\", \"[F2]\", \"[F4]\", \"[F6]\", \"[F8]\", \"↵\", \"⇪\", \"🕶️\",\n\"⬛️\", \"⬆️\", \"↪️\", \"🗑\", \"🗯\", \"🟫\", \"🌸\",\"🧪\" , \"⚫️\", \"🟢\", \"🔷\", \"🔳\", \"🟪\", \"⬅️\", \"🟨\", \"🧪\",\n\"\\xA0\", \"▌\", \"▄\", \"▔\", \"▁\", \"▏\", \"░\", \"▕\", \"▄\", \"▒\", \"▕\", \"├\", \"▗\", \"└\", \"┐\", \"▂\",\n\"┌\", \"┴\", \"┬\", \"┤\", \"▎\", \"▍\", \"▕\", \"▔\", \"▔\", \"▃\", \"✓\", \"▖\", \"▝\", \"┘\", \"▘\", \"▚\",\n\"─\", \"a\", \"b\", \"c\", \"d\", \"e\", \"f\", \"g\", \"h\", \"i\", \"j\", \"k\", \"l\", \"m\", \"n\", \"o\",\n\"p\", \"q\", \"r\", \"s\", \"t\", \"u\", \"v\", \"w\", \"x\", \"y\", \"z\", \"┼\", \"▏\", \"│\", \"▓\", \"█\",\n\"\\xA0\", \"▌\", \"▄\", \"▔\", \"▁\", \"▏\", \"░\", \"▕\", \"▄\", \"▒\", \"▕\", \"├\", \"▗\", \"└\", \"┐\", \"▂\",\n\"┌\", \"┴\", \"┬\", \"┤\", \"▎\", \"▍\", \"▕\", \"▔\", \"▔\", \"▃\", \"✓\", \"▖\", \"▝\", \"┘\", \"▘\", \"▚\"];\nCPSpeccy = ['©', //too SPECIAL with all the tokens-for-characters, gotta use an array\n\t' ',' ▀','▀ ','▀▀',' ▄',' █','▀▄','▄█', '▄ ','▄▀','█ ','█▀','▄▄','▄█','█▄','██', //80~F\n\t'𝘼','𝘽','𝘾','𝘿','𝙀','𝙁','𝙂','𝙃','𝙄','𝙅','𝙆','𝙇','𝙈','𝙉','𝙊','𝙋', //90~F\n\t'𝙌','𝙍','𝙎','𝚉𝚇¹²⁸','⏯︎','𝚁𝙽𝙳','𝙸𝙽𝙺𝙴𝚈$','π', '𝙵𝙽 ','𝙿𝙾𝙸𝙽𝚃 ','𝚂𝙲𝚁𝙴𝙴𝙽$ ','𝙰𝚃𝚃𝚁 ','𝙰𝚃 ','𝚃𝙰𝙱 ','𝚅𝙰𝙻$ ','𝙲𝙾𝙳𝙴' , //A0~F\n\t'𝚅𝙰𝙻 ','𝙻𝙴𝙽 ','𝚂𝙸𝙽 ','𝙲𝙾𝚂 ','𝚃𝙰𝙽 ','𝙰𝚂𝙽 ','𝙰𝙲𝚂 ','𝙰𝚃𝙽 ', '𝙻𝙽 ','𝙴𝚇𝙿 ','𝙸𝙽𝚃 ','𝚂𝚀𝚁 ','𝚂𝙶𝙽 ','𝙰𝙱𝚂 ','𝙿𝙴𝙴𝙺 ','𝙸𝙽 ', //B0~F\n\t'𝚄𝚂𝚁 ','𝚂𝚃𝚁$ ','𝙲𝙷𝚁$ ','𝙽𝙾𝚃 ','𝙱𝙸𝙽 ','𝙾𝚁 ','𝙰𝙽𝙳 ','≤', '≥','≠','𝙻𝙸𝙽𝙴 ','𝚃𝙷𝙴𝙽 ','𝚃𝙾 ','𝚂𝚃𝙴𝙿 ','𝙳𝙴𝙵 𝙵𝙽 ','𝙲𝙰𝚃 ', //C0~F\n\t'𝙵𝙾𝚁𝙼𝙰𝚃 ','𝙼𝙾𝚅𝙴 ','𝙴𝚁𝙰𝚂𝙴 ','𝙾𝙿𝙴𝙽 # ','𝙲𝙻𝙾𝚂𝙴 # ','𝙼𝙴𝚁𝙶𝙴 ','𝚅𝙴𝚁𝙸𝙵𝚈 ', '𝙱𝙴𝙴𝙿 ','𝙲𝙸𝚁𝙲𝙻𝙴 ','𝙸𝙽𝙺 ','𝙿𝙰𝙿𝙴𝚁 ','𝙵𝙻𝙰𝚂𝙷 ','𝙱𝚁𝙸𝙶𝙷𝚃 ','𝙸𝙽𝚅𝙴𝚁𝚂𝙴 ','𝙾𝚅𝙴𝚁 ','𝙾𝚄𝚃 ', //D0~F\n\t'𝙻𝙿𝚁𝙸𝙽𝚃 ','𝙻𝙻𝙸𝚂𝚃 ','𝚂𝚃𝙾𝙿 ','𝚁𝙴𝙰𝙳 ','𝙳𝙰𝚃𝙰 ','𝚁𝙴𝚂𝚃𝙾𝚁𝙴 ','𝙽𝙴𝚆 ', '𝙱𝙾𝚁𝙳𝙴𝚁 ','𝙲𝙾𝙽𝚃𝙸𝙽𝚄𝙴 ','𝙳𝙸𝙼 ','𝚁𝙴𝙼 ','𝙵𝙾𝚁 ','𝙶𝙾 𝚃𝙾 ','𝙶𝙾 𝚂𝚄𝙱 ','𝙸𝙽𝙿𝚄𝚃 ','𝙻𝙾𝙰𝙳 ', //E0~F\n\t'𝙻𝙸𝚂𝚃 ','𝙻𝙴𝚃 ','𝙿𝙰𝚄𝚂𝙴 ','𝙽𝙴𝚇𝚃 ','𝙿𝙾𝙺𝙴 ','𝙿𝚁𝙸𝙽𝚃 ','𝙿𝙻𝙾𝚃 ', '𝚁𝚄𝙽 ','𝚂𝙰𝚅𝙴 ','𝚁𝙰𝙽𝙳𝙾𝙼𝙸𝚉𝙴 ','𝙸𝙵 ','𝙲𝙻𝚂','𝙳𝚁𝙰𝚆 ','𝙲𝙻𝙴𝙰𝚁 ','𝚁𝙴𝚃𝚄𝚁𝙽', '𝙲𝙾𝙿𝚈']; //F0~F\n\nChars0to1F = \"・☺☻♥♦♣♠•◘○◙♂♀♪♫☼▶◀↕‼¶§▬↨↑↓→←∟↔▲▼\"; //#0 is a small dot from Japanese; could've used ␀ but readability\nChars0to1FLF = \"・☺☻♥♦♣♠•◘○\\x0A♂♀♪♫☼▶◀↕‼¶§▬↨↑↓→←∟↔▲▼\";\nChars0to1FCRLF = \"・☺☻♥♦♣♠•◘○\\x0A♂♀\\x0D♫☼▶◀↕‼¶§▬↨↑↓→←∟↔▲▼\";\nChars0to1FSpeccy = \"\\x00\\x01\\x02\\x03\\x04\\x05,📝︎///⬅➡⬇⬆⌫\\x0A№\\x0F\\x10\\x11\\x12\\x13\\x14\\x15\\x16\\x17\\x18\\x19\\x1A\\x1B\\x1C\\x1D\\x1E\\x1F\"; //not mixing...\nChars0to1FATASCII = \"♥├◨┘┤┐/╲◢▗◣▝▘ ̄▂▖♣┌─┼•▄▎┬┴▌└␛↑↓←→\";\nChars0to1FATASCII2 = \"áùÑÉçôòì£ïüäöúóöÜâûîéèñêȧàȦ␛↑↓←→\";\nChars0to1FATASCII_PL = \"ŹąźćŚėöÖ£üߣłŃÓ√ĘśäÜĆĄŻÄż␛↑↓←→\";\nChars0to1FAtariX = \"áùÑÉçôòì£ïüäÖúóöÜâûîéèñêȧàȦË↑↓←→\";\nChars0to1FPETSCII = \"\\x00\\x01_⛔️\\x04⚪\\x06🔔⇪\\t\\x0A↘⇪\\x0D↘️💥\\x10↓🔲⇱⌫🗑️🗯️\\x17⇆↟?⎋🟥→🟩🟦\"; //took the ctrl codes that meant something for each char\n\n/**\n * Decode a 1-byte-per-character encoding from a byte array using the 129-byte-long table given,\n * as well as a table to display the first 32 characters.\n * @param {number[]} ansi - an array of uint8 (returned by readBytes).\n * @param {string[]} dectbl - a decoding table[0x81], String or Array; just make a const here in db/read for that\n * @param {boolean} [zstop = true] - whether to stop reading on 0 (ASCIIZ behaviour)\n * @param {string[]} [tbl01F = Chars0to1FCRLF] - which table to use for the first 32 characters\n * @returns {String} a string value usable with js, or an empty line if the decoding table wasn't found.\n * @example\n * 𝑓([7, 0x7F, 0, 0x32], true, Chars0to1FSpeccy, CPSpeccy]) === \"📝︎©\" (\"2\" will be lost)\n * @example\n * 𝑓(\"\\x07\\x7F\\x00\\x32\", false, Chars0to1FSpeccy, CPSpeccy]) === \"📝︎© 2\"\n */\nfunction decEncoding(ansi, dectbl, zstop, tbl01F) {\n\tif(typeof dectbl === 'undefined') return '';\n\tif(typeof zstop === 'undefined') zstop = true;\n\tif(dectbl.length > 129) { // full 256-byte tables :) Nothing fancy, no control bytes.\n\t\tvar s = \"\"; for(var i=0; i < ansi.length; i++) { if(!ansi[i] && zstop) break; else s += dectbl[ansi[i]] } return s\n\t}\n\n\tif(typeof tbl01F === 'undefined')\n\t\tif(dectbl == CPSpeccy) tbl01F = Chars0to1FSpeccy;\n\t\telse if(dectbl == CPATASCII) tbl01F = Chars0to1FATASCII;\n\t\telse tbl01F = Chars0to1FCRLF;\n\tvar s = \"\", bit8 = 0;\n\tfor(var i=0; i < ansi.length; i++) {\n\t\tif (!ansi[i] && zstop) break;\n\t\telse if(ansi[i] < 0x80)\n\t\t\tswitch(ansi[i]) { // 7-bit variation processing\n\t\t\tcase 0x0E: if(dectbl == JISX0201 || dectbl == KOI8R) bit8 = 0x80;\n\t\t\t\telse s += tbl01F[0xE]; break;\n\t\t\tcase 0x0F: if(dectbl == JISX0201 || dectbl == KOI8R) bit8 = 0;\n\t\t\t\telse s += tbl01F[0xF]; break;\n\t\t\tcase 0x5C: if(dectbl == JISX0201) s += '¥'; else s += '\\\\'; break;\n\t\t\tcase 0x5E: if(dectbl == CPSpeccy) s += '↑'; else s += '^'; break;\n\t\t\tcase 0x60: if(dectbl == CPSpeccy) s += '£'; else if(dectbl == CPPETSCIIshifted) s += ' '; else s += '`'; break;\n\t\t\tcase 0x7B: if(dectbl == CPATASCII)\n\t\t\t\tif(tbl01F == Chars0to1FATASCII2) s += 'Ä';\n\t\t\t\telse if(tbl01F == Chars0to1FATASCII_PL) s += ' '; //the Poles didn't need the spades without the other 3 :D\n\t\t\t\t\telse s += '♠';\n\t\t\t\telse s += '{'; break;\n\t\t\tcase 0x7D: if(dectbl == CPATASCII) s += '↖'; else s += '}'; break; //arrow N-NW (🢰) not included for UTF limitations\n\t\t\tcase 0x7E: if(dectbl == JISX0201) s += '‾'; else if(dectbl == CPATASCII) s += '◀'; else s += '~'; break;\n\t\t\tcase 0x7F:\n\t\t\t\tif(dectbl != JISX0201) s += dectbl[0]; else s += String.fromCharCode(bit8+ansi[i]); break;\n\t\t\tdefault:\n\t\t\t\tif(!bit8 && ansi[i] >= 0 && ansi[i] < 0x20) s += tbl01F[ansi[i]];\n\t\t\t\telse s += String.fromCharCode(bit8+ansi[i]);\n\t\t\t}\n\t\telse s += dectbl[ansi[i]-0x7F];\n\t}\n\treturn s;\n}\n\n\n/**\n * Decode a 1-byte encoding from file using the 129-byte-long table given, as well as a table to display\n * the first 32 characters. Analogous to decEncoding but reads the file directly.\n * @param {number} ofs - the offset to start from.\n * @param {number} len - the amount of bytes to read.\n * @param {string[]} dectbl - a decoding table[0x81[, String or Array; just make a const here in db/read for that\n * @param {boolean} [zstop = true] - whether to stop reading on 0 (ASCIIZ behaviour)\n * @param {array} [tbl01F = Chars0to1FCRLF] - which table to use for the first 32 characters\n * @returns {string} a string value usable with js, or an empty line if the decoding table wasn't found.\n */\nfunction decAnsi(ofs, len, dectbl, zstop, tbl01F) {\n\treturn decEncoding(X.readBytes(ofs,len), dectbl, zstop, tbl01F);\n}\n\n\n/**\n * Checks for whether a value fits the limits using <=, as opposed to isInside.\n * @param {number} a - the value to check.\n * @param {number} mina\n * @param {number} maxa\n * @returns {boolean}\n * @example\n * 𝑓(20, 10, 40) === true; 𝑓(20,10,20) === true\n */\nfunction isWithin(a, mina, maxa) {\n\treturn mina <= a && a <= maxa;\n}\n\n/**\n * Checks for whether a value fits the limits using <, as opposed to isWithin. Useful for floats.\n * @param {number} a - the value to check.\n * @param {number} mina\n * @param {number} maxa\n * @returns {boolean}\n * @example\n * 𝑓(20.1, 10.0, 40.0) === true; 𝑓(20.1, 10.0, 20.0) === false\n */\nfunction isInside(a, mina, maxa) {\n\treturn mina < a && a < maxa;\n}\n\n\n/**\n * isWithin but for a list of ranges. Useful for heuristic byte-has-a-possible-value checks\n * @param {Array} a - Can contain either values like [min,max] or singular values to compare (strictly) against\n * @returns {boolean}\n */\nfunction isWithinRanges(a, rr) {\n\tif (isNaN(a) || !Array.isArray(rr)) return;\n\tvar i = 0, found = false;\n\tfor (; i < rr.length; i++) {\n\t\tif (Array.isArray(rr[i])) {\n\t\t\tif (!rr[i].length) return;\n\t\t\tif (rr[i].length > 1) { if (rr[i][0] <= a && a <= rr[i][1]) { found = true; break } }\n\t\t\telse if (a === rr[i][0]) { found = true; break }\n\t\t}\n\t\telse if (a === rr[i]) { found = true; break}\n\t}\n\treturn found\n}\n\n/**\n * Derive a string hexadecimal value, zero-padded.\n * @param {number} a - the numerical value.\n * @param {number} [padz=2] - how many characters to zero-pad to.\n * @returns {string} The hex value, capital letters A~F, ending with \"h\".\n */\nfunction Hex(a, padz) {\n\tif(typeof a === 'undefined') return \"!Hex(\"+a+\")\";\n\tif(typeof padz === 'undefined') padz = 2;\n\tvar minus=\"\"; if(a<0) { a = -a; minus = \"-\" }\n\tvar r = a.toString(16).toUpperCase(); var pads=\"\";\n\tif(r.length < padz) pads = Array(1 + padz - r.length).join('0');\n\treturn minus+pads+r+\"h\";\n}\n\n\n/**\n * Derive a string binary value, zero-padded.\n * @param {number} a - the numerical value.\n * @param {number} [padz=4] - how many characters to zero-pad to.\n * @returns {string} The bin value, characters '0' or '1', ending with \"b\".\n */\nfunction Bin(a, padz) {\n\tif(typeof a === 'undefined') return \"!Bin(\"+a+\")\";\n\tif(typeof padz === 'undefined') padz = 4;\n\tvar minus = \"\"; if(a < 0) { a = -a; minus = \"-\" }\n\tvar r = a.toString(2); var pads=\"\";\n\tif(r.length < padz) pads = Array(1 + padz - r.length).join('0');\n\treturn minus+pads+r+\"b\";\n}\n\n\n/**\n * Derive a string octal value, zero-padded.\n * @param {number} a - the numerical value.\n * @param {number} [padz=3] - how many characters to zero-pad to.\n * @returns {string} The octal value, characters 0~7, ending with \"o\".\n */\nfunction Oct(a, padz) {\n\tif(typeof a === 'undefined') return \"!Oct(\"+a+\")\";\n\tif(typeof padz === 'undefined') padz = 3;\n\tvar minus = \"\"; if(a < 0) { a = -a; minus = \"-\" }\n\tvar r = a.toString(8); var pads=\"\";\n\tif(r.length < padz) pads = Array(1 + padz - r.length).join('0');\n\treturn minus+pads+r+\"o\";\n}\n\n\n/**\n * Read a variable-length quantity, an unsigned integer like in MIDI files, from the file.\n * @param {number} ofs - the offset to start from.\n * @returns {Array} [length,value] - if length (in physical bytes) = 0, the value had a problem.\n * @example\n * //For file containing '81 80 01 81 83 7F':\n * 𝑓(0) === 0x4001; 𝑓(3) === 0x41FF\n**/\nfunction readVarUInt(ofs) {\n\tif(ofs < 0 || ofs >= File.getSize()) return [0,0];\n\tvar t = 0, wb = 1, r = 1, o = ofs;\n\tvar b = X.U8(o++); t = (t << 7) | (b&0x7F);\n\tvar b_ = b; while(b_) { b_ >>= 1; wb++ }\n\tfor(; r < 16 && (b&0x80); r++) { b = X.U8(o++); t = (t << 7) | (b&0x7F); }\n\tif(wb > 64) return [0,0xFFFFFFFFFFFFFFFF]; // sizeof(target) in bits. A 64bit value should be enough, right?\n\telse if(b&0x80) return [0,-1]; //EOF\n\telse return [r,t];\n}\n\n\nfunction readFloat80(ofs, e) {\n if (e != _BE) e = _LE;\n\n // Normalize into little-endian order\n var b = [];\n if (e == _LE) {\n for (var i = 0; i < 10; i++) b[i] = X.U8(ofs + i);\n } else {\n for (var i = 0; i < 10; i++) b[9 - i] = X.U8(ofs + i);\n }\n\n // Mantissa: 8 bytes, little-endian\n var mantissa = 0;\n for (var i = 0; i < 8; i++) {\n mantissa += b[i] * Math.pow(256, i);\n }\n\n // Exponent+sign: 2 bytes, little-endian\n var expWord = b[8] + (b[9] << 8);\n var sign = (expWord & 0x8000) ? -1 : 1;\n var exponent = expWord & 0x7FFF;\n\n if (exponent === 0 && mantissa === 0) return 0.0;\n if (exponent === 0x7FFF) {\n if (mantissa === 0) return sign * Infinity;\n return NaN;\n }\n\n // Bias 16383\n var eVal = exponent - 16383;\n\n // Integer bit is explicit (bit 63 of mantissa)\n var intBit = Math.floor(mantissa / Math.pow(2, 63));\n var frac = (mantissa % Math.pow(2, 63)) / Math.pow(2, 63);\n\n return sign * (intBit + frac) * Math.pow(2, eVal);\n}\n\n\n/**\n * This object facilitates reading a file as a sequence of bits\n * @constructor {number} [nOffset = 0] - initialise: provide the file offset\n * @param {number} nBits - bits to read, autolimits to 32 (so read little by little!)\n * @returns {number} read value as integer, -1 if EoF reached\n * @example\n * var bits = new BitReader(10); // First create an instance with the file object\n * var value = bits.read(5); // Then call the readBits method with the number of bits you want\n * bits.init(10); // Or put the reader towards a different place\n * p = bits.offset; // Receive the current bit-file offset\n * bits.seek(10); // Set the bit-file's offset, in bytes, without changing state\n * bits.bseek(14); // Set the bit-file's offset in bits\n * bits.consume(2); // Skip some bytes without changing state\n**/\nfunction BitReader(nOffset, nEndian) {\n\tthis.n = 0; // the number of bits in the buffer\n\tthis.buf = 0; // the bit buffer\n\tthis.offset = nOffset ? nOffset : 0; // the file offset\n\tthis.endian = nEndian ? nEndian : _LE; // for different mechanics of bitstreaming; ogg/flac use _BE\n\n\t// Change the pointer, which will reinit the reader, but not the logger\n\tthis.init = function(nOffset) { this.ofs = nOffset ? nOffset : 0; this.n = this.buf = 0 }\n\n\t// Read b bits from the file\n\tthis.read = function(nBits) {\n\t\tif(nBits > 64) nBits = 64; if(nBits < 0) return 0;\n\t\tif(this.endian === _LE) {\n\t\t\twhile(this.n < nBits) { // while the buffer is not enough\n\t\t\t\tthis.buf |= Util.shlu64(File.read_uint8(this.offset++),this.n); // read a byte and append it to the buffer\n\t\t\t\tthis.n += 8; // increase the bit number by 8\n\t\t\t}\n\t\t\tvar v = this.buf & (Util.shlu64(1,nBits) - 1); // extract the desired bits from the buffer\n\t\t\tthis.buf = Util.shru64(this.buf,nBits); // shift the buffer to the right\n\t\t} else {\n\t\t\twhile(this.n < nBits) {\n\t\t\t\tthis.buf = Util.shlu64(this.buf,8) | File.read_uint8(this.offset++); // shift the buffer to the left and append a byte\n\t\t\t\tthis.n += 8;\n\t\t\t}\n\t\t\tvar v = Util.shru64(this.buf,this.n - nBits); // extract the desired bits from the most significant part of the buffer\n\t\t\tthis.buf &= Util.shru64((Util.shlu64(1,this.n)-1),nBits); // clear the extracted bits from the buffer\n\t\t}\n\t\tthis.n -= nBits; // decrease the bit number by b\n\t\treturn v; // return the value even if the file is exhausted\n\t}\n\n\t// Skip some bytes without changing state:\n\tthis.consume = function(nBytes) { this.offset += nBytes; }\n\n\t// Set the bit-file's offset, in bytes, without changing state:\n\tthis.seek = function(nOfs) { this.offset = nOfs; }\n\n\t// Set the bit-file's offset in bits:\n\tthis.bseek = function(nOfs) { this.offset = nOfs - (nOfs%8); this.buf = this.n = 0; this.read(nOfs%8); }\n}\n\n\n/**\n * Count set bits in an integer.\n * @param {number} n\n */\nfunction bitCount(n) {\n\tvar c = 0; n = !!n; while(n) { if(n&1) c++; n >>= 1 } return c;\n}\n\n/**\n * Check a file slice for being all one of a lineup of specified characters.\n * @param {number} ofs - the offset to start from.\n * @param {number} len - the amount of bytes to check.\n * @param {Array | number} [bl = 0x00] - the list of possible uint8 codes, or just one uint8.\n * @returns {number} - offset if a byte in the slice doesn't belong to the list. If you go beyond EoF or all good, -1.\n * @example\n * //For '00 01 02 01' at offset 6 in the file:\n * 𝑓(6, 4, [0,1]) === 8; 𝑓(6, 4, 1) === 6\n */\nfunction firstNotOf(ofs, len, bl) {\n\tif(ofs+len > X.Sz()) return -1; var c = i = 0;\n\tif(Array.isArray(bl)) {\n\t\tfor(i = 0; i < bl.length; i++) if(typeof bl[i] !== 'number' || bl[i] < 0 || bl[i] % 1 != 0) break; \n\t\tif(i < bl.length) throw new Error('firstNotOf cannot parse: '+outArray(bl));\n\t}\n\telse if(typeof bl === 'number' && bl > 0 && (bl % 1) == 0 || typeof bl === 'string') bl = [bl]; else bl = [0];\n\tlen = Math.min(len, X.Sz()-ofs);\n\t// and now test the slice\n\tfor(i = 0; i < len; i++) if(!bl.includes(X.U8(ofs+i))) break;\n\treturn i < len? ofs+i : -1;\n}\n\n//A subcase of firstNotOf for whether a slice is all zeroes.\nfunction isAllZeroes(ofs, len) { return firstNotOf(ofs, len) < 0 }\n\n\n/**\n * If the string was too long and has been read incompletely, adds an ellipsis after the last\n * complete word, to avoid cut-off words. If `space characters' are not detected,\n * replaces the last character with an ellipsis. Does NOT do the trim() unless the whole string fits the limit.\n * Mostly usable for lengthy multiline comments/messages.\n * @param {string} a - the original incomplete string.\n * @param {number} trim - the buffer size; if a.length == trim, we decide it was cropped.\n * @param {number} [mintrim = 78] - don't try searching for spaces below this point.\n * @returns {string} - the resulting string.\n * @example\n * // Full string fits the limits, no need to search for a good cut-off place, and it's trimmed for pretty:\n * 𝑓(\" 12345 7890, 34 678. 1 3'56789\", 35, 15) === \"12345 7890, 34 678. 1 3'56789\"\n * @example\n * // The length is a full match, but it might be trimmed right along that length, so a good cut-off place is found:\n * 𝑓(\" 12345 7890, 34 678. 1 3'56789\", 30, 15) === \" 12345 7890, 34 678. 1 3…\"\n * @example\n * // The length is a full match and last 5 characters don't have spaces, so it's treated as trimmed but it's not cut:\n * 𝑓(\" 12345 7890, 34 678. 1 3'56789\", 30, 25) === \" 12345 7890, 34 678. 1 3'56789…\"\n * @example\n * // Just another example of a well-trimmed line, in which you need a lot less info that it has to offer:\n * 𝑓(\" 12345 7890, 34 678. 1 3'56789\", 16, 10).trim() === \"12345 7890, 34…\"\n */\nfunction addEllipsis(a, trim, mintrim) {\n\tif(!trim) trim = 0xA0;\n\tif(!mintrim) mintrim = 78; if(a.length < trim || mintrim > trim) return a.trim();\n\tconst spaces = \" .,:;!\\\\/'\\\"=&\\x09\\x0D\\x0A\\x1A\\x26。、。,,・\";\n\tvar i = trim, c = 0, ci = -1;\n\twhile(i >= mintrim && c < 2) {\n\t\tif(spaces.indexOf(a[i]) >= 0) { c++; while(spaces.indexOf(a[i]) >= 0) i--; if(ci < 0) ci = i+1 }\n\t\twhile(spaces.indexOf(a[i]) < 0 && i >= 0) i--\n\t}\n\tif((i < mintrim && c < 2) //we conclude this language doesn't really have that many spaces...\n\t || !c) //...or none at all in the trimmable slice...\n\t\treturn a.slice(0,trim)+'…';\n\telse //this language has some spaces, and we can use the last one to trim\n\t\treturn a.slice(0,Math.max(ci),mintrim)+'…';\n}\n\n\n/**\n * sOptions.appendS a string (optionally prefixed) if the space-trimmed string is not empty.\n * @param {variant} a - the string to output (safe to accidentally drop a non-string in)\n * @param {String} [prefix=''] - what to put in front of the output string\n * @param {String} [suffix=''] - what to put after the output string\n * @param {String} [sep=', '] - what to put between the previous string and this addition\n * @example\n * //for sOptions === ' ch:2':\n * 𝑓('hello world ', 'msg:\"', '\"', ', '); //sOptions === 'ch:2, msg:\"hello world\\\"'\n */\nfunction sOptionT(a, prefix, suffix, sep) {\n if (typeof prefix === 'undefined') prefix = \"\"; if (typeof suffix === 'undefined') suffix = \"\";\n if (typeof sep === 'undefined') sep = ', ';\n if ((\"\"+a).trim() != \"\") sOptions = sOptions.appendS(prefix+(\"\"+a).trim()+suffix, sep);\n}\n\n\n/**\n * sOptions.appendS a string (optionally prefixed) if the string is not empty.\n * @param {variant} a - the string to output (safe to accidentally drop a non-string in)\n * @param {string} [prefix = ''] - what to put in front of the output string\n * @param {string} [suffix = ''] - what to put after the output string\n * @param {string} [sep = ', '] - what to put between the previous string and this addition\n * @example\n * //for sOptions === ' ch:2':\n * 𝑓('hello world ', 'msg:\"', '\"', ', ') === 'ch:2, msg:\"hello world\\\"'\n */\nfunction sOption(a, prefix, suffix) {\n if (typeof prefix === 'undefined') prefix = \"\"; if (typeof suffix === 'undefined') suffix = \"\";\n if (typeof sep === 'undefined') sep = ', ';\n if ((\"\"+a) != \"\") sOptions = sOptions.appendS(prefix+(\"\"+a)+suffix, sep);\n}\n\n\n/**\n * A more verbose (but still concise) way of outputting the calculated size(s), derived using different algorithms,\n * taking into account and visualising the difference from the actual file size.\n * If some of the reported sizes match, the value will only be displayed once.\n * It's still a good idea to add \"/malformed!short\" to the version string — it's visible without isVerbose.\n * @param {...number} sizes - numerical values\n * @example\n * // If a file is 100 bytes long:\n * outSz(90,100,105) === \"90(+10)/100/105(-5!)\"\n * // The \"!)\" thus indicates the file is too short compared to the algorithmic estimation.\n */\nfunction outSz() { if(!arguments.length || typeof arguments[0] === 'undefined') return \"?\";\n\tvar sizes = [], origs = [];\n\tfor(i = 0; i < arguments.length; i++)\n\t if(arguments[i] >= 0) if(!origs.length || origs.indexOf(arguments[i]) < 0) {\n\t\torigs.push(arguments[i]);\n\t\tsizes.push(\n\t\t\targuments[i] < X.Sz() ? arguments[i]+\"(+\"+(X.Sz()-arguments[i])+\")\"\n\t\t : arguments[i] > X.Sz() ? arguments[i]+\"(-\"+(arguments[i]-X.Sz())+\"!)\"\n\t\t : arguments[i]\n\t\t)\n\t } else; else sizes.push(\"?\");\n\treturn sizes.join(\"/\");\n}\n\n\n/**\n * Converts an array to a better-looking line than the usual flat thing DiE's _log would output.\n * @param {Array} a - Array to process consisting of any information including arrays\n * @param {Int} [base = 10] - If an integer value is found, in which base to display it\n * @param {Int} [zeropad] - If an integer value is found, how many zeroes to pad it with (smart by default)\n * @returns {String} A beautiful output!\n * @example\n * 𝑓([ 1, [5, [10,30]], [[23],'test'] ], 2) == \"[0001, [0101, [1010, 11110]], [[10111], \"test\"]]\"\n * 𝑓([ 1, [5, [10,30]], [[23],'test'] ], 2, 8) == \"[00000001, [00000101, [00001010, 00011110]], [[00010111], \"test\"]]\"\n * 𝑓([ 1, [5, [10,30]], [[23],'test'] ], 16) == \"[01, [05, [0A, 1E]], [[17], \"test\"]]\"\n */\nfunction outArray(a,base,pad) {\n\tif(typeof base !== 'number' || base % 1 !== 0) base = 10;\n\tif(typeof pad !== 'number' || pad % 1 !== 0) //not integer\n\t\tif(typeof pad === 'undefined') switch(base) {\n\t\t\tcase 8: pad = 3; break; case 16: pad = 2; break; case 2: pad = 4; break; default: pad = 0\n\t\t}\n\tif(typeof a === 'number') return a.toString(base).toUpperCase().padStart(pad,'0');\n\tif(typeof a === 'string') return '\"'+a+'\"';\n\tfor(var i=0, s = []; i < a.length; i++) {\n\t\tif(Array.isArray(a[i])) s.push(outArray(a[i],base,pad)); else\n\t\t\tif(typeof a[i] === 'number' && a[i] % 1 === 0) //integer\n\t\t\t\ts.push(a[i].toString(base).toUpperCase().padStart(pad,'0'));\n\t\t\telse if(typeof a[i] === 'string') s.push('\"'+a[i]+'\"');\n\t\t\telse s.push(a[i]);\n\t}\n\treturn '['+s.join(', ')+']'; // put '[ ' and ' ]' for an even more spaced output\n}\n\n//_l2r('WELP','tests','A:'+outArray(X.readBytes(0,5),16)+' B:'+outArray([...Array(5)].map((_, i) => X.U8(i)),16))\n\n\n/**\n * A shorthand for the situation where you compare the file suffix to what you'd expect.\n * Use as the option to Binary.isHeuristicScan().\n * @param {String} a - the expected file suffix, case-insensitive, no heading period unlike Python\n * @returns {bool} if a match is reached\n */\nfunction extIs(a) { return File.getFileSuffix().toLowerCase() == a.toLowerCase() }\n\n\n/**\n * slashTag formats a string in a way that's useful when a tag has two versions (for ex. in different languages).\n * It will either show both with \"/\" in between, or one of them if the other one's an empty string, or an empty string if both are empty.\n * @param {String} a - the first of the two\n * @param {String} b - the second of the two\n * @returns {String}\n*/\nfunction slashTag(a, b) {\n\tif(a == b) return a;\n\telse if(a != \"\" && b == \"\")\n\t\treturn a;\n\telse if(a == \"\" && b != \"\")\n\t\treturn b;\n\telse if(a != \"\" && b != \"\")\n\t\treturn a+\"/\"+b;\n\telse return \"\";\n}\n\n\n/**\n * createOrderlyHuffmanTable is just for detections but it does return the table for further checks. Or it returns false.\n * @param {Array} lent - the lengths table\n * @param {string} btl - bit table length\n * @param {BitReader} br - a BitReader object pointing somewhere at the right position for this. The provided BitReader WILL change state.\n * @returns {Array | false}\n*/\nfunction createOrderlyHuffmanTable(lent, btl, br) {\n\tvar md = 32, Md = reall = code = 0; var _t = [], fi = [], li = [], ni = [];\n\tfor(i = 0; i < 33; i++) fi[i] = 0xFFFF;\n\tfor(i = 0; i < btl; i++) { len = lent[i]; if(len) {\n\t\tif(len < md) md = len; if(len > Md) Md = len;\n\t\tif(fi[len] == 0xFFFF) { fi[len] = li[len] = i } else { ni[li[len]] = i; li[len] = i } reall++ } }\n\tif(!Md) return false;\n\tfor(d = md; d <= Md; d++) {\n\t\tif(fi[d] != 0xFFFF) ni[li[d]] = btl;\n\t\tfor(i = fi[d]; i < btl; i = ni[i]) {\n\t\t\t//insert HuffmanCode:\n\t\t\tvar j = 0, le = _t.length;\n\t\t\tfor(var cb = d; cb >= 0; cb--) {\n\t\t\t\tvar cob = (cb && ( ( (code>>(Md-d)) >> (cb-1) ) & 1 ) ) ? 1 : 0;\n\t\t\t\tif(j != le) {\n\t\t\t\t\tif(!cb || (!_t[j][0] && !_t[j][1])) return false; //[0] is left, [1] is right, [2] is value\n\t\t\t\t\tif(!_t[j][cob]) _t[j][cob] = j = le; else j = _t[j][cob];\n\t\t\t\t} else {\n\t\t\t\t\t_t.push([ (cb&&!cob)?le+1:0, (cb&&cob)?le+1:0, cb?0:i ]);\n\t\t\t\t\tj++; le++\n\t\t\t\t} }\n\t\t\tcode += 1 << (Md-d) } }\n\treturn _t;\n}\n\n\n/**\n * Outputs time in seconds as short human-readable, with a \"h:mm:ss\" alternative when < 1 day.\n * Millenia, centuries and years as sidereal years, a \"month\" duration is 1/12 of such year.\n * @param {number} s - seconds\n * @returns {string}\n * @example\n * 𝑓(123456789) === \"31Y10M4w21h33m9s\"; 𝑓(1234567) === \"2w6h56m7s\"; 𝑓(12345) === \"3:25:45\"\n */\nfunction secondsToTimeStr(s) {\n\tconst mul = [/*millenia*/315581497635,/*centuries*/3155814976,/*yrs*/31558150,/*mns*/2629846,/*wks*/604800,86400,3600,60];\n\tvar r = \"\", ss = s%mul[7], mm = Util.div64(s%mul[6],mul[7]), hh = Util.div64(s%mul[5],mul[6]),\n\tdd = Util.div64(s%mul[4],mul[5]), ww = Util.div64(s%mul[3],mul[4]), mn = Util.div64(s%mul[2],mul[3]),\n\tyy = Util.div64(s%mul[1],mul[2]), cc = Util.div64(s%mul[0],mul[1]), mi = Util.div64(s,mul[0]);\n\tif(s < 86400) { r = mm.padStart(2,'0')+\":\"+ss.padStart(2,'0'); if(hh) r = hh+\":\"+r; return r }\n\tif(ss) r = ss+\"s\"+r; if(mm) r = mm+\"m\"+r; if(hh) r = hh+\"h\"+r; if(dd) r = dd+\"d\"+r; if(ww) r = ww+\"w\"+r;\n\tif(mn) r = mn+\"M\"+r; if(yy) r = yy+\"Y\"+r; if(cc) r = cc+\"C\"+r; if(mi) r = mi+\"Mil\"+r; return r\n}\n\n\n/**\n * Examines a sequence and gives a generalised idea of what sort of characters a string is (mostly) made of.\n * Parse the result using indexOf.\n * Could be useful for validating structured files with human-filled fields.\n * @param {String/Number[]} s - your string in question, or a List of charcodes.\n * @param {Boolean} [needall=CS_BEST] - if true, you have \"allascallt allnum\" for a line of spaces, else just \"allt \".\n * @returns {String} - at least one or a combo of these, optional prefix \"all\" (otherwise treat as \"mostly\"):\n * '?': wrong type; 'empty': 0 length; '00': zeroes; 't ': tabs/spaces; 'ctl': 0-1Fh & 7Fh; 'num': numerical;\n * 'asc': 20h-7Eh; 'xsc': zeroes+tabs+♫+FFh+crlf+ascii; 'foreign': 00,t, ,crlf, 80h+; 'any': decision cannot be made.\n * @example\n * 𝑓(\"-123 456.789\") === \"allnum\"; 𝑓(\"-123 456.789\", CS_ALL) === \"allnumallascallxscallforeign\"\n */\n/* beautify preserve:start */\nfunction charStat() {\n\tif(!arguments.length) return \"?\";\n\tif(typeof arguments[0] === \"undefined\" || typeof arguments[0] === \"number\") return \"?\";\n\tstr = arguments[0];\n\tif(arguments.length < 2) needall = false; else needall = !!arguments[1];\n\tif(str == \"\" || str == []) return \"empty\";\n\tvar i, s = [], c = [ /*[0]00*/0, /*[1]t */0, /*[2]asc*/0, /*[3]xsc*/0, /*[4]num*/0,\n\t /*[5]ctl*/0, /*[6]foreign*/0 ], o = [0,0,0,0,0,0,0,0];\n\tif(typeof str === \"string\") for(i = 0; i < str.length; i++) s.push(str.charCodeAt(i)); else s = str;\n\tfor(i=0;i 0x7F) c[6]++\n\t} for(i = 0; i < c.length; i++) o[i] = Util.div64(c[i]*100,s.length);\n\tr = \"\";\n\t//_log((typeof str)+\" \"+s+\" {\"+c+\"} <\"+o+\">\")\n\tif(!needall) {\n\t\tif(o[0] > 70) { if(o[0] === 100) r += \"all\"; r += \"00\" }\n\t\telse if(o[1] > 70) { if(o[1] === 100) r += \"all\"; r += \"t \" }\n\t\telse if(o[4] > 70) { if(o[4] === 100) r += \"all\"; r += \"num\"; }\n\t\telse if(o[2] > 70) { if(o[2] === 100) r += \"all\"; r += \"asc\"; }\n\t\telse if(o[3] > 70) { if(o[3] === 100) r += \"all\"; r += \"xsc\"; }\n\t\telse if(o[5] > 70) { if(o[5] === 100) r += \"all\"; r += \"ctl\"; }\n\t\telse if(o[6] > 70) { if(o[6] === 100) r += \"all\"; r += \"foreign\"; }\n\t} else {\n\t\tif(o[0] > 70) { if(o[0] === 100) r += \"all\"; r += \"00\"; }\n\t\tif(o[1] > 70) { if(o[1] === 100) r += \"all\"; r += \"t \"; }\n\t\tif(o[4] > 70) { if(o[4] === 100) r += \"all\"; r += \"num\"; }\n\t\tif(o[2] > 70) { if(o[2] === 100) r += \"all\"; r += \"asc\"; }\n\t\tif(o[3] > 70) { if(o[3] === 100) r += \"all\"; r += \"xsc\"; }\n\t\tif(o[5] > 70) { if(o[5] === 100) r += \"all\"; r += \"ctl\"; }\n\t\tif(o[6] > 70) { if(o[6] === 100) r += \"all\"; r += \"foreign\"; }\n\t} \n\tif(r == \"\") return \"any\"+o; else return r;\n}\n\n\n// PATCHING FUNCTIONALITY; promised to become native\n// May be useful in some ugly cases for quickly pre-processing the file contents which are then detected.\nvar patcheddata = [];\nfunction rpU8(adr) { //read patched data or passthrough, U8\n\tfor(var i=0; i < patcheddata.length; i++) if(patcheddata[i][0] == adr) return patcheddata[i][1];\n\treturn X.U8(adr)\n}\nfunction rpU16be(adr) { //read patched data or passthrough, U16 BE\n\treturn (rpU8(adr) << 8) | rpU8(adr+1)\n}\nfunction rpU32be(adr) { //read patched data or passthrough, U32 BE\n\treturn (rpU8(adr) << 24) | (rpU8(adr+1) << 16) | (rpU8(adr+2) << 8) | rpU8(adr+3)\n}\nfunction wpU8(adr,val) { //add to patches, U8\n\tfor(var i=0; i < patcheddata.length; i++)\n\t\tif(patcheddata[i][0] == adr) { patcheddata[i][1] = val; return }\n\tpatcheddata.push([adr,val])\n}\nfunction wpU16be(adr,val) { //add to patches, U16 BE\n\twpU8(adr,(val>>8)&0xFF); wpU8(adr+1,val&0xFF)\n}\nfunction wpU32be(adr,val) { //add to patches, U32 BE\n\twpU8(adr,(val>>24)&0xFF); wpU8(adr+1,(val>>16)&0xFF);\n\twpU8(adr+2,(val>>8)&0xFF); wpU8(adr+3,val&0xFF)\n}\nfunction patchLength() { return patcheddata.length }\nfunction patchClear() { patcheddata = [] }\n\n\n/**\n * Discovers gaps in an unsorted array of pairs of [offset, length], with a minimum-to-report gap as optional parameter.\n * Useful for extra checks in file resource formats, without signatures but not sparse, so you can tell whether the resource blocks have no spaces in-between and don't overlap, using this and findIntersections.\n * @param {Array of arrays[2]} lst - List to process consisting of ranges\n * @param {UInt} [mingap=1] - Minimum gap, default to at least 1 byte between the ranges. Change for aligned data\n * @returns {Array of arrays[2]} Sorted list of gap ranges in the same format\n * @example\n * // We have data defined in 10..20, 25..30, 40..50:\n * 𝑓([ [10,10], [25,5], [40,10] ]) === [ [20,5], [30,10] ] \n */\nfunction findGaps(lst, mingap) {\n\tvar i, r = []; /* tests for input typing follow */ if(!Array.isArray(lst) || lst.length < 2) return r;\n\tfor(i = 0; i < lst.length; i++) if(!Array.isArray(lst[i]) || lst[i].length != 2\n\t\t|| typeof lst[i][0] !== 'number' || typeof lst[i][1] !== 'number') return r;\n\tif(typeof mingap !== 'number') mingap = 1;\n\tfunction sf(a, b) { if(a[0] != b[0]) return a[0]-b[0]; else return a[1]-b[1] }\n\tvar a = lst.sort(sf);\n\tfor(i = 1; i < a.length; i++)\n\t\tif((t=a[i-1][0]+a[i-1][1]) < a[i][0] && a[i][0]-t-mingap >= 0) r.push([t, a[i][0]-t])\n\treturn r;\n}\n\n\n/**\n * Discovers intersections in an unsorted array of pairs of [offset, length], considering all possible pairs.\n * Useful for extra checks in file resource formats, without signatures but not sparse, so you can tell whether the resource blocks don't overlap and have no spaces in-between, using this and findGaps.\n * @param {Array of arrays[2]} lst - List to process consisting of ranges defined as [offset,length]\n * @param {Boolean} [detectone=false] - Stop searching after finding even one intersection\n * @returns {Array of arrays[2]} Sorted list of intersection ranges in the same format; if length > 0, intersection present\n * @example\n * 𝑓([ [10,20], [15,10], [23,30] ]) = [[15,10], [23,2], [23,7]]\n * 𝑓([ [10,20], [15,10], [23,30] ], true) = [[15,10]]\n */\nfunction findIntersections(lst,detectone) {\n\tvar i, t, r = []; /* tests for input typing follow */ if(!Array.isArray(lst) || lst.length < 2) return r;\n\tfor(i=0; i < lst.length; i++) if(!Array.isArray(lst[i]) || lst[i].length != 2\n\t\t|| typeof lst[i][0] !== 'number' || typeof lst[i][1] !== 'number') return r;\n\tfunction sf(a, b) { if(a[0] != b[0]) return a[0]-b[0]; else return a[1]-b[1] }\n\tvar a = lst.sort(sf); var found = false;\n\tfor(i=1; i < a.length && !found; i++)\n\t\tfor(j=0; j < i && !found; j++)\n\t\t\tif((t=a[j][0]+a[j][1]) > a[i][0]) { if(detectone) found = true;\n//_log(' item#'+j+' ['+lst[j][0]+' -> '+lst[j][1]+'] intersects with item#'+i+' ['+lst[i][0]+' -> '+lst[i][1]+']')\n\t\t\t\tr.push([a[i][0], a[i][0]+a[i][1] <= t ? a[i][1] : t-a[i][0]])\n\t\t\t}\n\treturn r.sort(sf);\n}\n\n\n/**\n * Finds several signatures one after the other, using an array of pairs of [signature, range] and starting from a specified offset. The range to search across is in the 0-th element of aList.\n * @param {UInt} nOffset - Where to start searching from (or 0 if bad data).\n * @param {UInt} nLength - Maxlength: the same as in findSignature. (It has to be at least the length of the signature.)\n * @param {Array of arrays[2]} aList - List to process consisting of pairs of [signature, range].\n * @param {UInt} [nStep=1] - In case subsequent searches fail, skip this many bytes before searching for more (this handles alignments too). If 0, stop if not found immediately.\n * @returns -1 if not found, offset otherwise.\n * @example\n * //on your common Windows EXE file:\n * 𝑓(0, 0x400, [ [\"'MZ'\",0], [\"'PE'0000\",0x200] ])\n */\nfunction findMultiple(nOffset, nLength, aList, nStep) {\n\tvar r, lst = aList || [], ofs = ofs0 = nOffset || 0, max = Math.min(X.Sz(), ofs+(nLength||0)), st = nStep || 1;\n\tif(!lst.length) return -1;\n\tfor(i = 0; i < lst.length && ofs <= max; i++) {\n\t\tif(ofs >= max) return -1;\n\t\tr = X.fSig(ofs, lst[i][1], lst[i][0]);\n//_l2r('FMP',ofs,'['+i+'] st:'+st+' max:'+Hex(max)+' r '+lst[i][0]+' ~ '+Hex(lst[i][1])+' = '+Hex(r));\n\t\tif(r < 0) { if(!st) return -1; ofs0 += st; ofs = ofs0; i = -1; }\n\t\telse { ofs = r+lst[i][1]; if(!i) ofs0 = r; }\n\t}\n\treturn ofs0;\n}\n\n// Heuristic considerations for whether the sample name will be interesting enough to an average user.\n//\n// The optional \"ctx\" is context, an array of other sample names (or other tokens) known so far.\n// For example, if the file's just starting and you're on the fence whether \"loop\" is good to know or not,\n// it'll give you the chance to put it there just in case, but not if the other names are \"boring\" or \"useless\".)\n// Try not to use it but also feel free to use it! Fun takes priority.\n//\n// Please add conditions liberally!\nfunction funSampleName(n, ctx) {\n\tvar fun = 1, bore = 0; //by default, we're curious about the new line just a little\n\tn = n.toString();\n\tif(n.trim() == '') return false;\n\tif(n.endsWithCI('.wav') || n.endsWithCI('.smp') || n.endsWithCI('.ins') || n.endsWithCI('.iff')) bore++;\n\tif(n.startsWithCI('ST-') || n.startsWithCI('df0:')) bore++;\n\tif(/^\\d+$/.test(n)) bore++;\n\tif(n.startsWith('#')) fun += 5;\n\tif(/^\\s*(unnamed|dr[u]?m\\d*|loop\\s*\\d*|strings?\\s*\\d*|bass\\s*\\d*|guitar\\s*\\d*|snare\\s*\\d*|piano)\\s*$/i.test(n)\n\t|| /^\\s*(trumpet\\s*\\d*|bells\\s*|synth\\s*[0-9iv]*|shaker|banjo|lead|syn\\d+|\\w*\\s*hihat|organ\\s*\\d*)\\s*$/i.test(n)\n\t|| /^\\s*(voice\\s*\\d+|crash|cymbal\\s*\\d*|wonderpad\\s*[0-9iv]+|tambourine\\s*[0-9iv]*|tamb\\d+)\\s*$/i.test(n)\n\t|| /^\\s*((hard|echo)\\s?tom|splash|cymbhit|orchm(in|aj)|orch\\s?hit|chimes?|kick|scratch)\\s*$/i.test(n)\n\t|| /^\\s*((ghost\\s?|brass\\s?)pad\\s*(min|maj|\\(sus4\\))?|blip|bleep|hhc|hho|clv|bd|sd|pad)\\s*$/i.test(n)\n\t|| /^\\s*(m(aj|in)or\\s*[0-9iv]*|sawsynth|synbrass|hihat\\sclosed)\\s*$/i.test(n))\n\t\tbore++;\n//_setResult('fsn',n,'fun='+fun+' bore='+bore,'')\n\treturn fun > bore;\n}\n\n\nconst b64Chars = \"ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/\";\n\nfunction toBase64(buf) {\n\tvar r = '', i = 0, indexOfLastCompleteTriple = buf.length - (buf.length%3);\n\tfor (i = 0; i < indexOfLastCompleteTriple; i += 3) {\n\t\tr += b64Chars[buf[i] >> 2];\n\t\tr += b64Chars[((buf[i] & 3) << 4) | ((buf[i+1] & 0xF0) >> 4)];\n\t\tr += b64Chars[((buf[i+1] & 0xF) << 2) | ((buf[i+2] & 0xC0) >> 6)];\n\t\tr += b64Chars[buf[i+2] & 0x3F]\n\t}\n\tif (i < buf.length) {\n\t\tvar i1 = buf[i], i2 = (i+1 < buf.length) ? buf[i+1] : 0;\n\t\tr += b64Chars[i1 >> 2];\n\t\tr += b64Chars[((i1 & 0x03) << 4) | ((i2 & 0xF0) >> 4)];\n\t\tif (i+1 < buf.length) {\n\t\t\tr += b64Chars[((i2 & 0x0F) << 2)];\n\t\t}\n\t\telse r += '=';\n\t\tr += '=';\n\t}\n\treturn r\n}\n\n\n// A simple array1's contents == array2's contents? kinda thing, goes deep\nfunction compareArrays(arr1, arr2) {\n\tvar l = Math.min(arr1.length, arr2.length);\n\tif (arr1.length+arr2.length == 0) return true; \n\tif (l == 0 || arr1.length != arr2.length) return false;\n\tfor (var i = 0; i < l; ++i) {\n\t\tif (Array.isArray(arr1[i])) { // an element of arr1 is an Array too?\n\t\t\tif (!Array.isArray(arr2[i])) return false;\n\t\t\tif (!compareArrays(arr1[i], arr2[i])) return false; // go deeper\n\t\t}\n\t\telse if (Array.isArray(arr2[i])) return false;\n\t\telse if (arr1[i] !== arr2[i]) return false;\n\t}\n\treturn true\n}\n\n\n// Simply plops the buffer contents into the log stream with a suitable MIME header\nfunction _logBase64(buf) {\n\tvar fn = File.getFileBaseName()+'.'+File.getFileCompleteSuffix();\n\t_log('MIME-Version: 1.0\\nContent-Type: application/octet-stream; name=\"'+fn+'.dec\"\\n'+\n\t'Content-Transfer-Encoding: base64\\nContent-Disposition: attachment; filename=\"'+fn+'.dec\"\\n');\n\t_log(buf);\n}\n\n// Same but no header and in hex\nfunction _logHex(buf) {\n\tvar o = ''; for(i=0; i < buf.length; i++) {\n\t\tif(!(i % 16)) o += (i? ' |\\n': '')+i.toString(16).padStart(6,'0')+' |'; if(!(i % 8)) o += ' ';\n\t\to += ' '+buf[i].toString(16).padStart(2,'0');\n\t}\n\t_log('-8<---'); _log(o); _log('--->8-')\n}\n\n// Same but as text put through CP866 for clarity of eyeballing.\n// That is, the zeros are spaces, and the control characters and i18n are mapped to an old DOS encoding that has all the characters.\nfunction _logText(buf) {\n\t_log('-8<---['+(typeof buf)+' '+(buf.length)+' bytes]---');\n\tif(typeof buf === 'object') {\n\t\tvar bf = buf, i = 0; for(; i < buf.length; i++) if(bf[i] == 0) bf[i] = 0x20\n\t}\n\t_log(decEncoding((typeof buf === 'undefined'? X.readBytes(0,X.Sz(),true): bf), CP866, Chars0to1F));\n\t_log('--->8-')\n}\n\n\n// Debug logger to results.\nfunction _l2r(name, pos, issue) { _setResult('debug', issue, '@'+Hex(pos), name) }\n\n\n// Returns the current line of the callee (ie. where you call this function from)\nfunction _currentLine() {\n\tconst e = new Error();\n\tconst stackLine = e.stack.split(\"\\n\")[1];\n\tconst match = stackLine.match(/:(\\d+)?$/);\n\treturn match ? parseInt(match[1], 10) : null;\n}\n\n// Simply logs the calling function and the current line. All hail the printf debugging!\nfunction _logIt(msg) {\n\tif (typeof msg === \"undefined\") msg = \"\";\n\tconst callerLine = new Error().stack.split(\"\\n\")[1] || \"\",\n\t\tfnmatch = callerLine.match(/^(\\w+)@/), // extract function name\n\t\tfnName = fnmatch ? fnmatch[1] : \"\",\n\t\tlineMatch = callerLine.match(/:(\\d+)(?!.*:)/),\n\t\tlineNum = lineMatch ? lineMatch[1] : \"?\";\n\t_log(fnName + (lineNum == \"?\" ? \"\" : \": \" + lineNum) + (!msg.length ? \"\" : \": \" + msg));\n}\n\n/** A class that'll help profile overly long scripts until Qt offers better tools!\n * Counts timings between the timer.next calls, outputs if too many milliseconds passed.\n * @example\n * var timer = new CheckpointTimer();\n * timer.init(100);\n * heavycode1();\n * timer.next('after heavycode1:');\n * heavycode2();\n * timer.next('after heavycode2:')\n*/\nfunction CheckpointTimer() {\n\tthis.last = 0;\n\tthis.min = 100; // milliseconds\n\n\tthis.init = function(min) {\n\t\tthis.last = new Date().getTime();\n\t\tif (typeof min == 'number' && min >= 0) this.min = min;\n\t}\n\n\tthis.next = function(msg) {\n\t\tvar now = new Date().getTime();\n\t\tvar delta = now - this.last;\n\t\tif (delta >= this.min) _setResult('prof', msg, '', delta + \" ms passed. \"\n\t\t\t+(X.isOverlay()?' overlay':'')+(X.isResource()?' resource':'')+(X.isFilePart()?' file_part':'')+\" Hex at [0]: \"\n\t\t\t+X.getSignature(0,32));\n\t\tthis.last = now;\n\t}\n}\n\n/* beautify ignore:end */" }, { "path": "db/shell-script", "content": "// Detect It Easy: DiE-JS framework file\r\n// Don't change anything unless you're sure about what you're doing\r\n\r\n// Retrieve the interpreter from a #! script.\r\n\r\nvar sInterpreter;\r\nif (typeof sInterpreter === \"undefined\") {\r\n sInterpreter = \"\";\r\n var sLine = Binary.getString(0);\r\n // Make the expression a little easier to deal with by translating\r\n // something like \"/usr/bin/env perl\" to just \"/usr/bin/perl\".\r\n sLine = sLine.replace(/\\/env\\s+/, \"/\");\r\n var aMatch = sLine.match(/#!.*\\/(.+?)(?:\\.exe)?\\s/);\r\n if (aMatch) {\r\n sInterpreter = aMatch[1];\r\n }\r\n}\r\n\r\n// Check for a particular interpreter.\r\nfunction isInterpreter(sString) {\r\n if (sInterpreter == sString) {\r\n // Found it, so blank it out to stop \"script.2\" picking it up again.\r\n sInterpreter = \"\";\r\n return 1;\r\n }\r\n return 0;\r\n}" }, { "path": "db/soundchips", "content": "// Detect It Easy: DiE-JS framework file\n// Don't change anything unless you're sure about what you're doing\n\n// Author: Kae \n// Provides user-readable lists, aid for logging, info useful for statistical/sanity-based detection I guess?\n\n// The following is a list of popular sound chips and their aliases in single strings separated by \", \"\nSoundChips = [\n 'AY-3-8910, AY8910, PSG',\n 'AY8930',\n 'AY-3-8912',\n 'AY-3-8913',\n 'YM2149, SSG',\n 'YM6630, Sunsoft 5B',\n 'YM3439, SSGC',\n 'YMZ284, SSGL',\n 'YMZ294, SSGLP',\n 'YMZ705, SSGS',\n 'YM2151, OPM, IC101, #IT-21-51-00', //FM-chip\n 'YM3012, IC102, #IT-30-12-00', //stereo DAC\n 'YM2148, IC103, #IT-21-46-00', //MIDI handling\n 'YM22702, IC104, #IT-22-70-20', //ROM\n 'YM2164, OPP',\n 'SN76489, DCSG',\n 'SN76489A',\n 'SN76496',\n 'YM3526, OPL',\n 'YM3812, OPL2',\n 'YMF262, OPL3',\n 'YMF278, OPL4',\n 'YM2413, OPLL',\n 'Konami VRC7', //only used for audio in \"Lagrange Point\"\n 'Y8950, MSX-AUDIO',\n 'YM2203, OPN',\n 'YM2608, OPNA',\n 'YM2612, OPN2',\n 'YM2610, OPNB',\n 'YM2610B',\n 'NEC D7759, uPD7759',\n 'NEC D7759C',\n 'Sharp LR35902, DMG-CPU, GameBoy DMG',\n 'Hudson Soft HuC6280',\n 'Ricoh 2A03, RP2A03, NES APU',\n 'Namco C140',\n 'Namco C219',\n 'Ensoniq ES5506',\n 'Ensoniq ES5505'\n];\n" }, { "path": "db/vgmcodingutils", "content": "// Detect-It-Easy signature file\n// Various parser helpers from vgmstream, modified for DiE.\n// Author: Kaens (TG @kaens)\n/* beautify ignore:start */\n\nincludeScript(\"read\");\n\n/** Read values from an 'old' XMA2 RIFF \"XMA2\" chunk (XMA2WAVEFORMAT), starting from an offset *after* chunk type+size.\n * Useful as custom X360 headers commonly have it lurking inside.\n * @param Int p - offset\n * @return [channels, sample rate, loop flag, raw samples, start loop sample, end loop sample]\n */\n\nfunction xma2_parse_xma2_chunk(p) {\n //ref vgmstream coding_utils.c\n var hkver = X.U8(p), strm = X.U8(p+1), lpst = X.U32(p+4, _BE), lped = X.U32(p+8, _BE),\n lp = X.U8(p+3) > 0 || lped, sr = X.U32(p+0xC, _BE),\n smp = X.U32(p+(hkver == 3 ? 0x14 : 0x1C), _BE),\n ch = 0, ofs = hkver == 3? 0x20 : 0x28;\n for(var i=0; i < strm; i++) ch += X.U8(p+ofs+i*4);\n return [ch, sr, lp, smp, lpst, lped]\n}\n\n/** Read values from a 'new' XMA2 RIFF \"fmt\" chunk (XMA2WAVEFORMATEX), starting from an offset *after* chunk type+size.\n * Useful as custom X360 headers commonly have it lurking inside. Only parses the extra data (before is a normal WAVEFORMATEX).\n * @param Int p - offset\n * @param Int e - endianness\n * @return [loop flag, samples, start loop sample, end loop sample]\n */\nfunction xma2_parse_fmt_chunk_extra(p, e) {\n var smp = X.U32(p+0x18, e), lpst = X.U32(p+0x28, e), lped = X.U32(p+0x2C, e), lp = X.U8(p+0x30) || lped;\n //source bugfix:\n if(lpst+128-512 == 0 && lped+128-512+256 >= smp+128-512) lp = false;\n return [lp, smp, lpst, lped]\n}\n\n/* beautify ignore:end */\n" }, { "path": "db/wxWidgets", "content": "// Detect It Easy: DiE-JS framework file\r\n// Don't change anything unless you're sure about what you're doing\r\n\r\n// wxWidgets is tested twice - as a library and as a compiler (to distinguish C\r\n// from C++). Detect it once here.\r\n\r\nvar aWx;\r\nif (typeof aWx === \"undefined\") {\r\n aWx = PE.isLibraryPresentExp(/^wx.*?(univ)?(\\d+)(u)?(d)?/i);\r\n if (!aWx) {\r\n if (PE.isResourceNamePresent(\"WXWINDOWMENU\")) {\r\n aWx = 1;\r\n }\r\n }\r\n}" }, { "path": "db/zip-file", "content": "// Detect It Easy: DiE-JS framework file\r\n// Don't change anything unless you're sure about what you're doing\r\n\r\n// Detect a zip archive.\r\n// Author: Jason Hood \r\n\r\nincludeScript(\"archive-file\");\r\nsName = \"Zip\";\r\n\r\nfunction detect_Zip(bFile) {\r\n var nOffset = 0;\r\n if (bFile) {\r\n // Don't know what this is, but I happened to have a file that started\r\n // with it.\r\n if (File.compare(\"'PK00'\")) {\r\n nOffset = 4;\r\n }\r\n if (Binary.compare(\"'PK'0708\", nOffset)) {\r\n sOptions = \"extended\";\r\n bDetected = true;\r\n return;\r\n }\r\n } else {\r\n if (File.compareOverlay(\"'PK'0304\")) {\r\n nOffset = File.getOverlayOffset();\r\n } else {\r\n var nSize = File.getSize();\r\n if (nSize < 64) {\r\n return;\r\n }\r\n nSize -= 11;\r\n nOffset = nSize;\r\n if (!File.compare(\"'PK'0506'\", nOffset)) {\r\n if (nSize < 4096) {\r\n nOffset = 0;\r\n } else {\r\n nOffset -= 4096;\r\n nSize = 4096;\r\n }\r\n nOffset = File.findSignature(nOffset, nSize, \"'PK'0506\");\r\n if (nOffset == -1) {\r\n return;\r\n }\r\n var nBase = File.readDword(nOffset + 16);\r\n nOffset -= File.readDword(nOffset + 12);\r\n if (!File.compare(\"'PK'0102\", nOffset)) {\r\n return;\r\n }\r\n nOffset += File.readDword(nOffset + 0x2a) - nBase;\r\n }\r\n }\r\n }\r\n\r\n if (File.compare(\"'PK'0304\", nOffset)) {\r\n bDetected = true;\r\n\r\n if (File.findString(nOffset, 0x40, \"META-INF/MANIFEST.MF\") != -1) {\r\n sOptions = sOptions.append(\"JAR\"); // Java archive\r\n }\r\n\r\n if (File.findString(nOffset, 0x40, \"classes.dex\") != -1) {\r\n sOptions = sOptions.append(\"APK\"); // Android application package file\r\n }\r\n\r\n var nVer = 0;\r\n\r\n var bEncrypted = 0;\r\n do {\r\n var v = File.readByte(nOffset + 4);\r\n if (v > nVer) {\r\n nVer = v;\r\n }\r\n if (!bEncrypted && (File.readByte(nOffset + 6) & 1)) {\r\n bEncrypted = 1;\r\n }\r\n var nPacked = File.readDword(nOffset + 0x12);\r\n var nName = File.readWord(nOffset + 0x1A);\r\n Archive.add(File.readDword(nOffset + 0x16), nPacked,\r\n nPacked == 0 && File.readByte(nOffset + 0x1E + nName - 1) == 0x2F);\r\n nOffset += 0x1E + nName + File.readWord(nOffset + 0x1C) + nPacked;\r\n } while (File.compare(\"'PK'0304\", nOffset));\r\n\r\n if (bEncrypted) {\r\n sOptions = \"encrypted\";\r\n }\r\n sOptions = sOptions.append(Archive.contents());\r\n\r\n sVersion = (nVer / 10).toFixed(1);\r\n }\r\n}" }, { "path": "db/zlib", "content": "// Detect It Easy: DiE-JS framework file\n// Don't change anything unless you're sure about what you're doing\n\n// Detect a ZLIB.\n// Author: LinXP\n\nfunction detect_zlib(bFile, nOffset) {\n var sInfo = \"ZLIB compression\";\n if (bFile.compare(\"7801\", nOffset)) {\n if (bFile.isVerbose()) { sInfo += \" fastest\" }\n sOptions = sOptions.append(sInfo);\n return true;\n } else if (bFile.compare(\"785E\", nOffset)) {\n if (bFile.isVerbose()) { sInfo += \" fast\" }\n sOptions = sOptions.append(sInfo);\n return true;\n } else if (bFile.compare(\"789C\", nOffset)) {\n if (bFile.isVerbose()) { sInfo += \" normal\" }\n sOptions = sOptions.append(sInfo);\n return true;\n } else if (bFile.compare(\"78DA\", nOffset)) {\n if (bFile.isVerbose()) { sInfo += \" best\" }\n sOptions = sOptions.append(sInfo);\n return true;\n }\n}" }, { "path": "db_compress.cmd", "content": ":: Detect It Easy databases compressor for Windows (NTFS)\n:: Coded by DosX, https://github.com/DosX-dev\n\n@echo off\n\ncall :compact_it \"db\"\ncall :compact_it \"db_extra\"\ncall :compact_it \"db_custom\"\ncall :compact_it \"dbs_min\"\n\nexit /b 0\n\n:compact_it\nset \"path_to_dir=%~1\"\nif not exist \"%path_to_dir%\" (\n echo \"%path_to_dir%\" not found!\n exit /b 1\n)\npushd \"%path_to_dir%\"\n\"%windir%\\system32\\compact.exe\" \"*\" /C /S /F /I /A /Q /EXE:LZX >nul\nif \"%errorlevel%\" == \"0\" (\n echo [V] \"%path_to_dir%\" compressed!\n) else (\n echo [X] \"%path_to_dir%\" unable to compress!\n)\npopd\nset \"path_to_dir=\"\n\nexit /b 0" }, { "path": "db_custom/.vscode/about.txt", "content": "This directory is responsible for correct recognition of *.sg files by Visual Studio Code. You can delete it if you don't need it." }, { "path": "db_custom/.vscode/settings.json", "content": "{\n \"files.associations\": {\n \"*.sg\": \"javascript\"\n }\n}" }, { "path": "db_extra/.vscode/about.txt", "content": "This directory is responsible for correct recognition of *.sg files by Visual Studio Code. You can delete it if you don't need it." }, { "path": "db_extra/.vscode/settings.json", "content": "{\n \"files.associations\": {\n \"*.sg\": \"javascript\"\n }\n}" }, { "path": "db_extra/COM/packer_packers.2.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"packer\", \"Packer\");\n\nfunction detect() {\n if (Binary.compare(\"bf....be....b9....fdf3a5fceb$$8bf7bf....adad8be8b2..e9\")) {\n sOptions = \"by B. Vorontsov\";\n bDetected = true;\n } else if (Binary.compare(\"565056fd8bfc83ef..b9....be....f3a447ffe7\")) {\n sOptions = \"1997 by CyberWare\";\n bDetected = true;\n } else if (Binary.compare(\"be....bd....558bce8d72..bf....d1e9fd57f3a58d75..fcf9bf....c3\")) {\n sOptions = \"1997 by JES //CORE\";\n bDetected = true;\n } else if (Binary.compare(\"be....bd....558bce8d72..bf....d1e9fd57f3a58d75..fcf98bfdc3\")) {\n sVersion = \"1.2b\";\n sOptions = \"1997 by JES //CORE\";\n bDetected = true;\n } else if (Binary.compare(\"508cc890ba....05....3b06....72..b4..ba....cd21b8....cd21\")) {\n sOptions = \"1996 by LostSoul\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db_extra/COM/patcher_patchers.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"patcher\", \"Patcher\");\n\nfunction detect() {\n if (Binary.compare(\"bc....8cc88ec08ed8fcbe....b9....8ae180e4..ac32c48844..e2\")) {\n sName = \"Patch engine\";\n sOptions = \"by SoNiC //UTG\";\n bDetected = true;\n } else if (Binary.compare(\"e9$$$$b80300cd10b409ba....cd21e8$$$$1eb8....8ed833c98a0e....fec95133d2fec68916....b4..b2..cd21\")) {\n sName = \"ByteHunter patch engine\";\n sOptions = \"by nOP & THE_q //Phrozen Crew\";\n bDetected = true;\n } else if (Binary.compare(\"e9$$$$0e588ec08ed88d16....68....9d9c582d....72..33dbb9\")) {\n sName = \"GPatch\";\n sVersion = \"1.2b\"\n sOptions = \"by JES //C.O.R.E. team\";\n bDetected = true;\n } else if (Binary.compare(\"e9$$$$0e588ec08ed8e8$$$$68....9d9c582d....73..8d3e....fbc3\")) {\n sName = \"GPatch\";\n sVersion = \"1.0c\"\n sOptions = \"by JES //C.O.R.E. team\";\n bDetected = true;\n } else if (Binary.compare(\"e9$$$$e8$$$$50558becc746......5d0733ffb9....fcb8....f3abc3\")) {\n sName = \"Cracker\";\n sOptions = \"by NightIce //ByTe Enf0rcerZ\";\n bDetected = true;\n } else if (Binary.compare(\"eb$$c8......e8$$$$6a..07bf....268a1d263a1d74..268a1db8....99e8....f7d0f7d2b9\")) {\n sName = \"AutoCRK\";\n sVersion = \"1.2x (uncrypted)\";\n sOptions = \"1995 by MACHiNE GUNgsTeR //BANG!\";\n bDetected = true;\n } else if (Binary.compare(\"eb$$8bfc83ef..83ec..be....b9....57f3a45fffe7\")) {\n sName = \"AutoCRK\";\n sVersion = \"1.2x (crypted)\";\n sOptions = \"1995 by MACHiNE GUNgsTeR //BANG!\";\n bDetected = true;\n } else if (Binary.compare(\"c8......e8$$$$6a..07bf....268a1d263a1d74..268a1db8....99\")) {\n sName = \"AutoCRK\";\n sVersion = \"1.15\";\n sOptions = \"1995 by MACHiNE GUNgsTeR //BANG!\";\n bDetected = true;\n } else if (Binary.compare(\"e9$$$$ba....8bda438a2780fc..75..e8....3c..74..2e8b1e....83fb..75..e9\")) {\n sName = \"CRK2COM\";\n sVersion = \"1.10b\";\n sOptions = \"1993\";\n bDetected = true;\n } else if (Binary.compare(\"'/MG/'eb$$c8......e8$$$$6a..07bf....268a1d263a1d74..268a1db8....99\")) {\n sName = \"AutoCRK\";\n sVersion = \"1.20\";\n sOptions = \"by MACHiNE GUNgsTeR //BANG!\";\n bDetected = true;\n } else if (Binary.compare(\"e9$$$$e8$$$$bb....b9....8a0734..880743e2..c3\")) {\n sName = \"Crack Engine\";\n sVersion = \"0.2\";\n sOptions = \"by Prizna //PSP\";\n bDetected = true;\n } else if (Binary.compare(\"'SNT'1af8b409ba....cd2133f6bd....b8....ba....cd21a3....72..33c933d28bd8\")) {\n sName = \"SNT patch\";\n sOptions = \"//SNT\";\n bDetected = true;\n } else if (Binary.compare(\"eb$$0e1fb409ba....cd21be....e8....803e......74..b4..ba....cd21eb..b4..ba....cd21b8....cd21\")) {\n sOptions = \"by WOLVERiNE\";\n bDetected = true;\n } else if (Binary.compare(\"bc....5406b8....cd21891e....8c06....b8....ba....cd21b8....ba....cd21071eb9....ba....b7..b8....cd10\")) {\n sOptions = \"by Randall Flagg of Razor 1911\";\n bDetected = true;\n } else if (Binary.compare(\"e9$$$$b8....cd10ba....e8....ba....b8....cd2173..ba....e8....ba....e8....b44ccd2193ba....e8\")) {\n sOptions = \"by Nostromo\";\n bDetected = true;\n } else if (Binary.compare(\"e9$$$$ba....b409cd21c706........c706........c706........c706........be....33c98a0e....80f9..74..5651\")) {\n sName += \" #1\";\n sOptions = \"by Drink Or Die (Dark Knight)\";\n bDetected = true;\n } else if (Binary.compare(\"e9$$$$ba....b409cd2133c0cd16b4..33dbcd10feccb2..cd10c706........c706........c706........c706\")) {\n sName += \" #2\";\n sOptions = \"by Dark Knight\";\n bDetected = true;\n } else if (Binary.compare(\"b409ba....eb$$cd21b409ba....eb$$cd21b409ba....eb$$cd21b409ba....eb\")) {\n sOptions = \"by Mr. KIM\";\n bDetected = true;\n } else if (Binary.compare(\"9090ba....8bfab409cd21c606......ba....b8....cd2172..93b8....33c933d2cd2172\")) {\n sOptions = \"by SkorpyoN Team\";\n bDetected = true;\n } else if (Binary.compare(\"9090ba....b409cd21b401cd1674..33c0cd1633c0cd163c..0f84\")) {\n sOptions = \"by +DzA kRAker\";\n bDetected = true;\n } else if (Binary.compare(\"9090ba....8bfab409cd21b401cd1674..33c0cd1633c0cd163c..75\")) {\n sOptions = \"by +DzA kRAker\";\n bDetected = true;\n } else if (Binary.compare(\"ba....b409cd21ba....b409cd21ba....b8....cd21ba....0f82....a3....ba....b409cd218b1e\")) {\n sName = \"MkPatch\";\n sVersion = \"1.0\";\n sOptions = \"by eGIS!\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db_extra/ELF/protector_ELFCrypt.2.sg", "content": "// Detect It Easy: detection rule file\n\nmeta(\"protector\", \"ELFCrypt\");\n\nfunction detect() {\n if (ELF.compareEP(\"eb0206c6609cbe\")) {\n sVersion = \"1.0\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db_extra/MSDOS/cryptor_Cryptors.2.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"cryptor\", \"Cryptor\");\n\nfunction detect() {\n if (MSDOS.compareEP(\"b2..33f6b9....2e30144649e3..eb..b8....ffe0\")) {\n sOptions = \"by Rainor'99\";\n bDetected = true;\n } else if (MSDOS.compareEP(\"1e8ccb8edbbb....8177......8177......8177......8177......8177......1f0eeb\")) {\n sOptions = \"by Papaev V.V., Moscow\";\n bDetected = true;\n } else if (MSDOS.compareEP(\"50e8$$$$5b9c5825....509d8ccb81c3....81eb....53bb....53cb\")) {\n sOptions = \"1990-92 by Sergdesign\";\n bDetected = true;\n } else if (MSDOS.compareEP(\"81c3....eb$$85fa85e8eb$$81c3....eb$$bb....81eb....81c3....f981e9....39f5ba....81ea....85de\")) {\n sOptions = \"by eGIS! //CORE\";\n bDetected = true;\n } else if (MSDOS.compareEP(\"bd....8cdb83c3..8cd805....8ed88ec033ffbe....b9....ba....0bc975..0bd274..4ae8....eb..561e\")) {\n sOptions = \"1994 by FalCoN\";\n bDetected = true;\n } else if (MSDOS.compareEP(\"e9$$$$e8$$$$bf....e9$$$$31d2eb$$eb$$e9$$$$8edae9$$$$e8$$$$8715e9$$$$52eb$$31f6e8$$bb....eb$$8737e9$$$$56e9$$$$e9$$$$e8$$$$bf....bb....2e8a1789d8\")) {\n sOptions = \"by Matrix Technologies\";\n bDetected = true;\n } else if (MSDOS.compareEP(\"e9$$$$eb$$bf....e9$$$$29f6e8$$$$e9$$$$8edee8$$$$8735e8$$$$56e9$$$$e9$$$$31ede9$$$$bb....e9$$$$e8$$$$e9$$$$e8$$$$e9$$$$e9$$$$e8$$$$e8$$$$e8$$$$872f\")) {\n sOptions = \"by Matrix Technologies\";\n bDetected = true;\n } else if (MSDOS.compareEP(\"e8$$$$33ed83ed..2ed0....5e0e8bfe81e7....f7df03fe2e893526a1....8ec0263b06....74..f92eff35\")) {\n sOptions = \"by DREAMMASTER\";\n bDetected = true;\n } else if (MSDOS.compareEP(\"eb$$e8$$$$eb$$e4210c..e62133c08ed80e50558becc746......5dfa8f06....8f06....fb9c580d....509d\")) {\n sOptions = \"by RaZoR 1911\";\n bDetected = true;\n } else if (MSDOS.compareEP(\"e9$$$$e80000fa9cfc505393584c4c3bc35b74..9de8....32e480c4..3065..47e2\")) {\n sName += ' N1';\n sOptions = \"by ZeroCoder //XG\";\n bDetected = true;\n } else if (MSDOS.compareEP(\"3beb81c5....fc23eb13ec85fd1e0e33e985ee01ed23ee1f0e81d1....84e931dd073efe0e....e9\")) {\n sOptions = \"1996 by RAM Scanner //CiD\";\n bDetected = true;\n } else if (MSDOS.compareEP(\"b8....15....72..d4..8ac4..c3....8ed8b9....f7d32e871e....ff77..ff378becc747......8c0f\")) {\n sOptions = \"by Thunderbyte\";\n bDetected = true;\n } else if (MSDOS.compareEP(\"b8....15....72..d4..8ac4..c3..8ed8b9....f7d32e871e....ff77..ff378becc747......8c0f\")) {\n sOptions = \"by Thunderbyte\";\n bDetected = true;\n } else if (MSDOS.compareEP(\"2e8c1e....2e8e06....33ff33f6b9....0e1f030e....f3a406b8....500e07cb\")) {\n sOptions = \"1994 by Paragon Technology Systems\";\n bDetected = true;\n } else if (MSDOS.compareEP(\"87dbb8....15....72$$8cd315....72..d4..8ac483c3..8ed8b9....f7d32e87\")) {\n sOptions = \"1997 by Thunderbyte\";\n bDetected = true;\n } else if (MSDOS.compareEP(\"50e8$$$$5b83c3..1e06530e1f83c3..90b0..b9....2e3007fec043e2\")) {\n sOptions = \"by Dr. Motorhead\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db_extra/MSDOS/packer_FCP_IV.2.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"packer\", \"protector\");\n\nfunction detect() {\n if (MSDOS.compareEP(\"bc....c3\") && MSDOS.compare(\"'FCP/IV'\", MSDOS.getEntryPointOffset() - 6)) {\n sOptions = \"by FCP/IV\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db_extra/PE/archive_Resources.6.sg", "content": "// Detect It Easy: detection rule file\n// Author: Jason Hood , based on an idea by hypn0\n\nmeta(\"archive\", \"Resources\");\n\nfunction detect() {\n if (PE.getAddressOfEntryPoint() == 0) {\n bDetected = true;\n for (var i = 0; i <= PE.nLastSection && !bDetected; i++) {\n // IMAGE_SCN_MEM_EXECUTE | IMAGE_SCN_CNT_CODE\n if (PE.section[i].Characteristics & 0x20000020) {\n bDetected = false;\n }\n }\n }\n\n return result();\n}" }, { "path": "db_extra/PE/compiler_EP.MSC.4.sg", "content": "// Detect It Easy: detection rule file\n\nmeta(\"compiler\", \"EP:Microsoft C/C++\");\n\nfunction detect() {\n if (PE.compareEP(\"64a100000000558bec6aff68........68........506489250000000083ec..5356578965\")) {\n sVersion = \"3.0-5.0\";\n bDetected = true;\n } else if (PE.compareEP(\"64a100000000558bec6aff68........68........508b45..6489250000000083ec..85c05356578965\")) {\n sVersion = \"3.10\";\n bDetected = true;\n } else if (PE.compareEP(\"535657bb........8b7c....553bfb75..011d\")) {\n sVersion = \"3.0-3.10\";\n bDetected = true;\n } else if (PE.compareEP(\"53b8........8b5c....565785db5575..833d..........75..33c0\")) {\n sVersion = \"3.0-5.0\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db_extra/PE/compiler_EP.MSVC.4.sg", "content": "// Detect It Easy: detection rule file\n\nmeta(\"compiler\", \"Microsoft Visual C/C++\");\n\nfunction detect() {\n if (PE.compareEP(\"8bff558bec837d....75..e8........ff75..8b4d..8b55..e8\")) {\n sVersion = \"2008-2010\";\n } else if (PE.compareEP(\"8bff558bec83ec..538b5d..83fb..75..5657e8$$$$$$$$8bff558bec83ec..a1........8365....8365....5357bf........bb........3bc7\")) {\n sVersion = \"2010, 10\";\n } else if (PE.compareEP(\"8bff558bec837d....0f84........ff75..ff75..e8........59595d\")) {\n sVersion = \"2010, 10 (30319, 40219)\";\n } else if (PE.compareEP(\"837c24....8b4424..a3........75..68........6a\")) {\n sVersion = \"2010, 10 (40219)\";\n } else if (PE.compareEP(\"558bec8b45..83f8..75..68........ff15\")) {\n sVersion = \"2010, 10 (40219)\";\n } else if (PE.compareEP(\"8bff558bece8$$$$$$$$8bff558bec83ec..c745..........c745..........813d\")) {\n sVersion = \"2008, 9.0\";\n } else if (PE.compareEP(\"8bff558bec83ec..837d....75..5657e8........b8........be........8bf8\")) {\n sVersion = \"2008 SP1\";\n } else if (PE.compareEP(\"8bff558bece8........5de9\")) {\n sVersion = \"2008 SP1\";\n } else if (PE.compareEP(\"8bff558bec837d....75..e8........8b45..508b4d..518b55..52e8\")) {\n sVersion = \"2008\";\n sOptions = \"MSVCRTD\";\n } else if (PE.compareEP(\"e8$$$$$$$$8bff558bec83ec..a1........8365....8365....5357bf........bb........3bc7\")) {\n sVersion = \"2008-2010\";\n } else if (PE.compareEP(\"e8$$$$$$$$8bff558bec83ec..a1........8365....8365....57bf........3bc7\")) {\n sVersion = \"2005-2010\";\n } else if (PE.compareEP(\"e8$$$$$$$$8bff558bec83ec..a1........8365....8365....5657bf........be........3bc7\")) {\n sVersion = \"2010, 10.10\";\n } else if (PE.compareEP(\"8bff558bec837d....75..e8........5de9........8bff55\")) {\n sOptions = \"Patched\"; // ~~~~\n } else if (PE.compareEP(\"558bec6a..68........68........64a100000000506489250000000083ec..5356578965\")) {\n sVersion = \"6.0 (1720-9782)\";\n } else if (PE.compareEP(\"558bec538b5d..568b75..85f6578b7d\")) {\n sVersion = \"2002 (2148)\";\n } else if (PE.compareEP(\"558bec538b5d..568b75..578b7d..85f675\")) {\n sVersion = \"6.0 (1720-8966)\";\n } else if (PE.compareEP(\"8b4424..83e8..74..4875..8b4424..50a3........ff15\")) {\n sVersion = \"2003, 7.1 (3077)\";\n } else if (PE.compareEP(\"558bec8b45..83f8..56570f84........33ff3bc7\")) {\n sVersion = \"2003, 7.1 (3052)\";\n } else if (PE.compareEP(\"558bec518b45..8945..837d....74..837d\")) {\n sVersion = \"2002\";\n } else if (PE.compareEP(\"558bec568b75..83fe..74..83fe..75..a1\")) {\n sVersion = \"2002\";\n } else if (PE.compareEP(\"6a..68........e8........bf........8bc7e8........8965..8bf4893e56ff\")) {\n sVersion = \"2003, 7.1 (3052-9782)\";\n } else if (PE.compareEP(\"6a..68........e8........66813d............75..a1\")) {\n sVersion = \"2002\";\n } else if (PE.compareEP(\"6a..68........e8........33c0408945..8b75..33ff\")) {\n sVersion = \"2003\";\n } else if (PE.compareEP(\"8bff558bec538b5d..568b75..85f6578b7d\")) {\n sVersion = \"2003\";\n } else if (PE.compareEP(\"fff589e566f7c6....80c3..80eb..81ec........66c1eb..6689ed\")) {\n sVersion = \"2003\";\n sOptions = \"Driver\";\n } else if (PE.compareEP(\"6689ff5589e581ec........814d..........0f82........538d45\")) {\n sVersion = \"2003\";\n sOptions = \"Driver\";\n } else if (PE.compareEP(\"8bff558bec837d....75..e8........5de9\")) {\n sVersion = \"2005\";\n } else if (PE.compareEP(\"8bff558bec8b45..83e8..566a..5e0f84\")) {\n sVersion = \"2003-2005\";\n } else if (PE.compareEP(\"8bff558bec8b45..5633f64685c0\")) {\n sVersion = \"2005\";\n } else if (PE.compareEP(\"8bff558beca1........85c0b9........74..3bc175..a1\")) {\n sVersion = \"2005\";\n sOptions = \"Driver\";\n } else if (PE.compareEP(\"8bff558bec83ec..53568b75..8b46..5733ff897d\")) {\n sVersion = \"2005\";\n sOptions = \"Driver\";\n } else if (PE.compareEP(\"e8$$$$$$$$558bec83ec..a1........8365....8365....5357\")) {\n sVersion = \"2005\";\n } else if (PE.compareEP(\"e8$$$$$$$$8bff558bec83ec..a1........85c074..3d........75..568d\")) {\n sVersion = \"2005\";\n } else if (PE.compareEP(\"5355568b74....85f657b8........75..8b0d\")) {\n sVersion = \"5.0\";\n } else if (PE.compareEP(\"558bec6a..68........68........64a100000000506489250000000083c4..535657\")) {\n sVersion = \"5.0-6.0 (1720-9049)\";\n } else if (PE.compareEP(\"535657bb........8b7c....553bfb74..85ff\")) {\n sVersion = \"3.10\";\n } else if (PE.compareEP(\"558bec837d....0f84........ff75..ff75..ff75..e8........83c4\")) {\n sVersion = \"2012\";\n } else if (PE.compareEP(\"8bff558bec837d....74..8b55..51e8$$$$$$$$8bff558bec83ec..a1........33c58945..5633f657\")) {\n sVersion = \"2013, 12.1 (40116)\";\n } else if (PE.compareEP(\"558bec837d....75..e8$$$$$$$$558bec83ec..8365....8365....a1........5657bf........be........3bc7\")) {\n sVersion = \"2013\";\n } else if (PE.compareEP(\"8bff558bec83ec..a1........33c58945..568b75..5783fe\")) {\n sVersion = \"2013\";\n } else if (PE.compareEP(\"558bec837d....75..e8$$$$$$$$558bec83ec..a1........8365....8365....5357bf........3bc7bb\")) {\n sVersion = \"2005\";\n } else if (PE.compareEP(\"558bec837d....75..e8$$$$$$$$558bec83ec..a1........8365....8365....5657bf........be........3bc7\")) {\n sVersion = \"2012, update 4\";\n } else if (PE.compareEP(\"8bff558bec837d....75..e8$$$$$$$$8bff558bec83ec..a1........8365....8365....57bf........3bc7\")) {\n sVersion = \"2005 (50727)\";\n } else if (PE.compareEP(\"8b4424..83e8..74..4875..568b7424..56ff15\")) {\n sVersion = \"2005 (50727.1)\";\n } else if (PE.compareEP(\"837c24....75..e8$$$$$$$$8bff558bec83ec..a1........85c0\")) {\n sVersion = \"2005 (50727)\";\n } else if (PE.compareEP(\"8bff56e8........85c07c..e8$$$$$$$$e8$$$$$$$$8bff558bec83ec..a1........8365....8365....57bf........3bc7\")) {\n sVersion = \"2005 (50727)\";\n } else if (PE.compareEP(\"558bece8$$$$$$$$558bec83ec..c745..........c745..........813d\")) {\n sVersion = \"2005 (50727)\";\n } else if (PE.compareEP(\"558bec81ec........8b45..89..........83............0f84........83\")) {\n sVersion = \"6.0\";\n } else if (PE.compareEP(\"558bec51c745..........837d....75..833d..........75..33c0e9\")) {\n sVersion = \"6.0 (1720-8799)\";\n } else if (PE.compareEP(\"558bec83ec..8365....5356578b3d........6a..5933c0\")) {\n sVersion = \"6.0 (8168)\";\n sOptions = \"Driver\";\n } else if (PE.compareEP(\"558bec83ec..5356578b3d........8d45..33db\")) {\n sVersion = \"6.0 (1720)\";\n sOptions = \"Driver\";\n } else if (PE.compareEP(\"558bec81ec........837d....75..8d85........c785\")) {\n sVersion = \"6.0 (1735)\";\n } else if (PE.compareEP(\"8b4424..5383f8..5674..33c93bc10f84........83f8..0f84........6a..585e5b\")) {\n sVersion = \"6.0 (8168-8797)\";\n } else if (PE.compareEP(\"837c24....8b4424..a3........c705................75..e8........b8........c2\")) {\n sVersion = \"2008, SP1\";\n } else if (PE.compareEP(\"8bff558bec837d....75..e8$$$$$$$$8bff558bec83ec..a1........8365....8365....5357bf........bb........3bc7\")) {\n sVersion = \"2008, SP1 (21022, 30729)\";\n } else if (PE.compareEP(\"8bff558bec837d....0f84........ff75..8b4d..8b55..e8........595d\")) {\n sVersion = \"2008 (21022)\";\n } else if (PE.compareEP(\"837c24....0f84$$$$$$$$e8$$$$$$$$558bec83ec..a1........8365....8365....5357bf........3bc7\")) {\n sVersion = \"2005\";\n } else if (PE.compareEP(\"837c24....75..e8$$$$$$$$558bec83ec..a1........8365....8365....5357bf........3bc7\")) {\n sVersion = \"2005\";\n } else if (PE.compareEP(\"e8$$$$$$$$558bec83ec..8365....8365....a1........5657bf........be........3bc7\")) {\n sVersion = \"2013-2017\";\n } else if (PE.compareEP(\"8bff558bec837d....75..e8$$$$$$$$8bff558bec83ec..8365....8365....a1........5657bf........be........3bc7\")) {\n sVersion = \"2017, 15.0 (24610)\";\n } else if (PE.compareEP(\"e8$$$$$$$$8bff558bec83ec..8365....8365....a1........5657bf........be........3bc7\")) {\n sVersion = \"2017, 15.0\";\n } else if (PE.compareEP(\"e8$$$$$$$$8b0d........5657bf........be........3bcf74..85ce75..e8\")) {\n sVersion = \"2017, 15.5-6\";\n } else if (PE.compareEP(\"5355568b7424..85f657b8........74..8b7c24..8b5c24..83fe..74\")) {\n sVersion = \"1997, 5.XX\";\n } else if (PE.compareEP(\"535657bb........8b7c24..553bfb0f85........011d\")) {\n sVersion = \"3.1\";\n }\n\n bDetected = bDetected || Boolean(sVersion) || Boolean(sOptions);\n\n if (sVersion) sVersion += \", by EP\";\n\n return result();\n}" }, { "path": "db_extra/PE/cryptor_3dcrypter.2.sg", "content": "// Detect It Easy: detection rule file\n\nmeta(\"cryptor\", \"3dCrypter\");\n\nfunction detect() {\n if (PE.compareEP(\"684c124000e8eeffffff0000000000003000000038000000000000003848ee54\")) {\n sVersion = \"mod Zion-92\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db_extra/PE/cryptor_404crypter.1.sg", "content": "// Detect It Easy: detection rule file\n\nmeta(\"cryptor\", \"404Crypter\");\n\nfunction detect() {\n if (PE.isNET()) {\n if (PE.isNetObjectPresent(\"Z.resources\") && PE.isNetObjectPresent(\"First\")) {\n bDetected = true;\n }\n }\n\n return result();\n}" }, { "path": "db_extra/PE/cryptor_ABC_Cryptor.2.sg", "content": "// Detect It Easy: detection rule file\n\nmeta(\"cryptor\", \"ABC Cryptor\");\n\nfunction detect() {\n if (PE.compareEP(\"68FF6424F0685858585890FFD4508B40F205B095F6950F850181BBFF\")) {\n sVersion = \"1.0\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db_extra/PE/cryptor_AR_Crypt_Private.2.sg", "content": "// Detect It Easy: detection rule file\n\nmeta(\"cryptor\", \"AR Crypt Private\");\n\nfunction detect() {\n if (PE.compareEP(\"b8........5033c0c3\") && PE.compareEP(\"b8########6033db33c9b8........3d........74\")) {\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db_extra/PE/cryptor_Aase_Crypter.2.sg", "content": "// Detect It Easy: detection rule file\n\nmeta(\"cryptor\", \"Aase Crypter\");\n\nfunction detect() {\n if (PE.compareEP(\"558BEC83C4F053B8A03E0010E893DEFFFF68F8420010E879DFFFFF6800430010\")) {\n sVersion = \"1.0\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db_extra/PE/cryptor_AcidCrypt.2.sg", "content": "// Detect It Easy: detection rule file\n\nmeta(\"cryptor\", \"AcidCrypt\");\n\nfunction detect() {\n if (PE.compareEP(\"60B9........BA........BE........0238404E75FA8BC28A1832DFC0CB\")) {\n bDetected = true;\n } else if (PE.compareEP(\"BE........0238404E75FA8BC28A1832DFC0CB\")) {\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db_extra/PE/cryptor_AlmafuerteCrypter.1.sg", "content": "// Detect It Easy: detection rule file\n\nmeta(\"cryptor\", \"AlmafuerteCrypter\");\n\nfunction detect() {\n if (PE.compareEP(\"649068f4134000e8ecffffff000000003000000040000000000000003b2d72e4\")) {\n sVersion = \"mod Zion-92\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db_extra/PE/cryptor_Anslym_Crypter.2.sg", "content": "// Detect It Easy: detection rule file\n\nmeta(\"cryptor\", \"Anslym Crypter\");\n\nfunction detect() {\n if (PE.compareEP(\"558BEC83C4F05356B838170510E85A45FBFF33C05568211C051064FF30648920\")) {\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db_extra/PE/cryptor_App_Encryptor.2.sg", "content": "// Detect It Easy: detection rule file\n\nmeta(\"cryptor\", \"App Encryptor\");\n\nfunction detect() {\n if (PE.compareEP(\"60E8000000005D81ED1F1F4000B97B0900008DBD671F40008BF7AC\")) {\n bDetected = true;\n } else if (PE.compareEP(\"E997000000'\\r\\nSilent Team App Protector'\")) {\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db_extra/PE/cryptor_BasicCrypt1.1.sg", "content": "// Detect It Easy: detection rule file\n\nmeta(\"cryptor\", \"BasicCrypt\");\n\nfunction detect() {\n if (PE.compareEP(\"68b0114000e88bfbffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f4010000641b400000000000308c4000408c4000980b000000904000b41040\")) {\n sOptions = \"sudo\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db_extra/PE/cryptor_BopCrypt.2.sg", "content": "// Detect It Easy: detection rule file\n\nmeta(\"cryptor\", \"BopCrypt\");\n\nfunction detect() {\n if (PE.compareEP(\"60BD........E8....0000\")) {\n sVersion = \"1.00\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db_extra/PE/cryptor_ChainskiCrypter.1.sg", "content": "// Detect It Easy: detection rule file\n\nmeta(\"cryptor\", \"ChainskiCrypter\");\n\nfunction detect() {\n if (PE.isNetObjectPresent(\"Chainski\")) {\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db_extra/PE/cryptor_CodeCrypter.2.sg", "content": "// Detect It Easy: detection rule file\n\nmeta(\"cryptor\", \"CodeCrypter\"); // ???????????\n\nfunction detect() {\n if (PE.compareEP(\"5058535B90BB........FFE390CCCCCC558BEC5DC3\")) {\n sVersion = \"0.31\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db_extra/PE/cryptor_Crypter.2.sg", "content": "// Detect It Easy: detection rule file\n\nmeta(\"cryptor\", \"Crypter\"); // ????????????\n\nfunction detect() {\n if (PE.compareEP(\"68FF6424F06858585858FFD4508B40F205B095F6950F850181BBFF68\")) {\n sVersion = \"3.1\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db_extra/PE/cryptor_Cryptic.2.sg", "content": "// Detect It Easy: detection rule file\n\nmeta(\"protector\", \"Cryptic\");\n\nfunction detect() {\n if (PE.compareEP(\"B8........BB........B900100000BA........03D803C803D13BCA74068031..41EBF6FFE3\")) {\n sVersion = \"2.0\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db_extra/PE/cryptor_DCrypt_Private.2.sg", "content": "// Detect It Easy: detection rule file\n\nmeta(\"cryptor\", \"DCrypt Private\");\n\nfunction detect() {\n if (PE.compareEP(\"B9........E8000000005868........83E80B0F1800D00048E2FBC3\")) {\n sVersion = \"0.9b\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db_extra/PE/cryptor_DataAnubis.1.sg", "content": "// Detect It Easy: detection rule file\n\nmeta(\"cryptor\", \"DataAnubis\");\n\nfunction detect() {\n if (PE.isNetObjectPresent(\"_Lambda$__R20-1\") && PE.isNetObjectPresent(\"_Lambda$__R97-1\")) {\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db_extra/PE/cryptor_Fly-Crypter.2.sg", "content": "// Detect It Easy: detection rule file\n\nmeta(\"cryptor\", \"Fly-Crypter\");\n\nfunction detect() {\n if (PE.compareEP(\"53565755BB2C....44BE00304444BF20....44807B28007516833F0074118B1789D033D289178B\")) {\n sVersion = \"1.0\";\n bDetected = true;\n } else if (PE.compareEP(\"558BEC83C4F053B818224444E87FF7FFFFE80AF1FFFFB809000000E85CF1FFFF8BD885DB7505\")) {\n sVersion = \"1.0\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db_extra/PE/cryptor_FreeCryptor.2.sg", "content": "// Detect It Easy: detection rule file\n\nmeta(\"cryptor\", \"FreeCryptor\");\n\nfunction detect() {\n if (PE.compareEP(\"8B0424409083C007803890907402EBFF\")) {\n if (PE.compareEP(\"68\", 16)) {\n sVersion = \"0.1 build 001\";\n } else if (PE.compareEP(\"9068\", 16)) {\n sVersion = \"0.1 build 002\";\n }\n bDetected = true;\n } else if (PE.compareEP(\"33D2901E68........0FA01F8B029050548F0290908E642408FFE2585033D25283F8019B408A10891424\")) {\n sVersion = \"0.2 build 002\";\n bDetected = true;\n } else if (PE.compareEP(\"90909b591e909b9033d29b68........9b9b0fa01f8b0a9b51548f0290909b\")) {\n sVersion = \"0.3 build 3\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db_extra/PE/cryptor_INCrypter.2.sg", "content": "// Detect It Easy: detection rule file\n\nmeta(\"cryptor\", \"INCrypter\");\n\nfunction detect() {\n if (PE.compareEP(\"6064A1300000008B400C8B400C8D5820C70300000000E8000000005D81ED\")) {\n sVersion = \"0.3\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db_extra/PE/cryptor_Open_Source_Code_Crypter.2.sg", "content": "// Detect It Easy: detection rule file\n\nmeta(\"cryptor\", \"Open Source Code Crypter\"); // ????????\n\nfunction detect() {\n if (PE.compareEP(\"558BECB9090000006A006A004975F9535657B8........E828F8FFFF33C05568\")) {\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db_extra/PE/cryptor_STUD.2.sg", "content": "// Detect It Easy: detection rule file\n\nmeta(\"cryptor\", \"ScanTime UnDetectable\");\n\nfunction detect() {\n if (PE.compareEP(\"682C114000E8F0FFFFFF00000000000030000000380000000000000037BB71ECA4E1984C9BFE8F0FFA6A07F6\")) {\n sVersion = \"RC4 1.0\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db_extra/PE/cryptor_SexCrypt.2.sg", "content": "// Detect It Easy: detection rule file\n// Author: DosX\n// E-Mail: collab@kay-software.ru\n// GitHub: https://github.com/DosX-dev\n\nmeta(\"cryptor\", \"sex\");\n\nfunction detect() {\n if (PE.isSignatureInSectionPresent(0, \"'SexCrypt'....324485..4202....3842849322100493..7726374558429100005400000000002900390045....049003200539......44..000000219840\"))\n bDetected = true;\n\n return result();\n}" }, { "path": "db_extra/PE/cryptor_Sexe_Crypter.2.sg", "content": "// Detect It Easy: detection rule file\n\nmeta(\"cryptor\", \"Sexe Crypter\");\n\nfunction detect() {\n if (PE.compareEP(\"558BEC83C4EC53565733C08945ECB8........E830FAFFFF33C05568........64FF306489\")) {\n sVersion = \"1.1\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db_extra/PE/cryptor_Simple_UPX_Cryptor.2.sg", "content": "// Detect It Easy: detection rule file\n\nmeta(\"cryptor\", \"Simple UPX Cryptor\");\n\nfunction detect() {\n if (PE.compareEP(\"60B8........B9....0000803408..E2FA6168........C3\")) {\n if (PE.compareEP(\"1800\", 7)) {\n sOptions = \"multi layer encryption\";\n } else if (PE.compareEP(\"01\", 8)) {\n sOptions = \"single layer encryption\";\n }\n sVersion = \"30.4.2005\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db_extra/PE/cryptor_The_Best_Cryptor.2.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"cryptor\", \"The Best Cryptor by FsK\");\n\nfunction detect() {\n if (PE.findSignature(PE.getSize() - 0x100, 0x100, \"8b042483e8..68........ffd0b8........3d..............30..40eb..b8........3d..............30..40eb\") != -1) {\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db_extra/PE/cryptor_ass-crypter.2.sg", "content": "// Detect It Easy: detection rule file\n\nmeta(\"cryptor\", \"ass-crypter\");\n\nfunction detect() {\n if (PE.compareEP(\"558BEC83C4EC53........8945ECB898400010E8ACEAFFFF33C055687851001064........206A0A6888510010A1E097001050E8D8EAFFFF8BD853A1E097001050E812EBFFFF8BF853A1E097001050E8DCEAFFFF8B\")) {\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db_extra/PE/cryptor_darkeye.1.sg", "content": "// Detect It Easy: detection rule file\n\nmeta(\"cryptor\", \"DarkEye\");\n\nfunction detect() {\n if (PE.isNetObjectPresent(\"BasicCryptorFromDebil\")) {\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db_extra/PE/cryptor_njCrypter.2.sg", "content": "// Detect It Easy: detection rule file\n// Author: KDSS-Research & ILK\n// i like coffee\n\nmeta(\"cryptor\", \"njCrypter\");\n\nfunction detect() {\n if (PE.isNET()) {\n bDetected = true;\n if (validateReferences(\n isPositive = true,\n references = [\n \"System.IO\",\n \"System.Security.Cryptography\",\n \"System.Text\",\n \"System.Reflection\",\n \"Stub\",\n \"cMain\",\n \"Decrypt\",\n \"bSalt\"\n ]\n )) {\n bDetected = false;\n return null; // end\n }\n }\n\n return result();\n}\n\n\n// validateReferences by DosX\nfunction validateReferences(isPositive, references) {\n for (var i = 0; i < references.length; i++) {\n var sign = \"00'\" + references[i] + \"'00\";\n if (isPositive == true) {\n if (!PE.isSignatureInSectionPresent(0, sign)) {\n return true;\n }\n } else { // negative\n if (PE.isSignatureInSectionPresent(0, sign)) {\n return true;\n }\n }\n }\n return false;\n}" }, { "path": "db_extra/PE/cryptor_unknown_malware_cryptor.2.sg", "content": "// Detect It Easy: detection rule file\n\nmeta(\"cryptor\", \"Unknown malware cryptor\");\n\nfunction detect() {\n if (PE.compareEP(\"51578bcf47fc5f5955eb\")) {\n sVersion = \"AA\";\n bDetected = true;\n } else if (PE.compareEP(\"558bec81c4........565753508d8424........ff15\")) {\n sVersion = \"AB\";\n bDetected = true;\n } else if (PE.compareEP(\"833d..........e9$$$$$$$$0f85........5058807c\")) {\n sVersion = \"AC\";\n bDetected = true;\n } else if (PE.compareEP(\"833d..........75$$ff35........e8$$$$$$$$558bec81ec\")) {\n sVersion = \"AC\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db_extra/PE/cryptors_1.2.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"cryptor\", \"Unknown cryptor\");\n\nfunction detect() {\n if (PE.compareEP(\"bb........8b338b4b..b8........eb$$31064975..83c3..833b..75..eb$$9b\")) {\n sName = \"Cryptor by Merix //UCF\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db_extra/PE/cryptors_2.2.sg", "content": "// Detect It Easy: detection rule file\n\nmeta(\"cryptor\", \"unknwown cryptor\"); // ????????????\n\nfunction detect() {\n if (PE.compareEP(\"909090909090609ce8000000005dd14d..816d..........d709d8ab\")) {\n sOptions = \"by TMG\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db_extra/PE/insatller_Avast_installer.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"installer\", \"Avast installer\");\n\nfunction detect() {\n bDetected = PE.compareEP(\"e8$$$$$$$$8bff558bec83ec..a1........8365....8365....5357bf........bb........3bc7\") && PE.compareOverlay(\"'ASWsetupFPkgFil3'\");\n\n return result();\n}" }, { "path": "db_extra/PE/installer_Adobe_Flash_Player_installer.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"installer\", \"Adobe Flash Player\");\n\nfunction detect() {\n if (PE.compareEP(\"e8$$$$$$$$8bff558bec83ec..a1........8365....8365....5357bf........bb........3bc7\")) {\n for (var i = 0; i < PE.getNumberOfResources() && !bDetected; i++) {\n if (PE.resource[i].Type == \"RT_RCDATA\") {\n if (PE.compare(\"02010000\", PE.resource[i].Offset)) {\n bDetected = true;\n }\n }\n }\n }\n\n return result();\n}" }, { "path": "db_extra/PE/installer_Blizzard_PrePatch.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"installer\", \"Blizzard PrePatch\");\n\nfunction detect() {\n if (PE.compareEP(\"558bec6a..68........68........64a100000000506489250000000083ec..5356578965\")) {\n if (PE.compareOverlay(\"'MPQ'1a\")) {\n sVersion = \"2.XX\";\n bDetected = true;\n }\n } else if (PE.compareEP(\"e8$$$$$$$$e8$$$$$$$$a1........85c075..538b1d........5657be........bf........8d6424\")) {\n if (PE.compareOverlay(\"'MPQ'1a\")) {\n sVersion = \"2.70\";\n bDetected = true;\n }\n }\n\n return result();\n}" }, { "path": "db_extra/PE/installer_Box_Stub.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"installer\", \"Box Stub\");\n\nfunction detect() {\n if (PE.compareEP(\"e8$$$$$$$$8bff558bec83ec..a1........8365....8365....5357bf........bb........3bc774..85c374\")) {\n if (PE.findSignature(PE.getOverlayOffset(), Math.min(0x110, PE.getOverlaySize()), \"'7z'bcaf\") !== -1) {\n sOptions = \"7zip\";\n bDetected = true;\n }\n }\n\n return result();\n}" }, { "path": "db_extra/PE/installer_BulletProofSoft_installer.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"installer\", \"BulletProofSoft\");\n\nfunction detect() {\n if (PE.compareEP(\"558bec6a..68........68........64a100000000506489250000000083ec..5356578965\")) {\n if (PE.compareOverlay(\"1f8b08\", 0x3000)) {\n bDetected = true;\n }\n }\n\n return result();\n}" }, { "path": "db_extra/PE/installer_DockerDesktopInstaller.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: A.S.L. 2022.01.30\n// Exeinfo Pe - don't detect this big file over 500 MB\n\nmeta(\"installer\", \"Docker Desktop Installer .NET sfx 7zip\");\n\nfunction detect() {\n if (PE.isNET()) {\n if ((PE.isNetObjectPresent(\"Docker Desktop Installer\")) &&\n (PE.getAddressOfEntryPoint() == 0x400000) // EP=0000\n && (PE.section[\".rsrc\"].FileSize > 0x01000000)) // over 400 MB\n {\n sVersion = \"4.x\";\n bDetected = true;\n }\n }\n\n return result();\n}" }, { "path": "db_extra/PE/installer_Enigma_Installer.1.sg", "content": "// Detect It Easy: detection rule file\n// sign by A.S.L - asl@onet.eu - 21.06.2015\nmeta(\"installer\", \"Enigma\");\n\nfunction detect() {\n for (var i = 0; i < PE.resource.length; i++) {\n if (PE.resource[i].Name == '/CFG/CONFIG') {\n if (PE.resource[i + 1].Name == '/CFG/PRIVACY_POLICY') {\n bDetected = 2;\n break;\n }\n }\n }\n\n // MS C++ v9.0 stub and Resources found\n if (PE.compareEP(\"E8....0100E9\") && (bDetected == 2)) {\n bDetected = true;\n sVersion = \"v1.0\";\n }\n\n return result();\n}" }, { "path": "db_extra/PE/installer_Hamrick_Software_installer.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: A.S.L \n\nmeta(\"installer\", \"Hamrick Software - VueScan Installer\");\n\nfunction detect() {\n if (PE.compareOverlay(\"BDA6EEE9F9EDEFEDE5ED\")) {\n if (PE.compareEP(\"E8....0000\")) {\n bDetected = true;\n } else if (PE.compareEP(\"4883ec..e8$$$$$$$$48895c24..55488bec4883ec..488b05........48bb................483bc375..33c0\")) {\n bDetected = true;\n }\n }\n\n return result();\n}" }, { "path": "db_extra/PE/installer_Kingsoft_Installer.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: A.S.L 2024.10.28\n\nmeta(\"installer\", \"Kingsoft\");\n\nfunction detect() {\n if (PE.compareEP(\"E8\") || PE.compareEP(\"60\")) { // MSV C++ or UPX\n if (PE.compareOverlay(\"'zzd.'\")) {\n sOptions = \"7z archive\";\n bDetected = true;\n }\n }\n\n return result();\n}" }, { "path": "db_extra/PE/installer_QT_installer.1.sg", "content": "// Detect It Easy: detection rule file\n\nmeta(\"installer\", \"QT installer\");\n\nfunction detect() {\n if (PE.compareOverlay(\"'qres'\")) {\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db_extra/PE/installer_SHIROUZU_Hiroaki_installer.1.sg", "content": "// Detect It Easy: detection rule file format\n// Author: A.S.L. 2025.06.15\n// Exeinfo Pe - don't detect this installer\n\nmeta(\"installer\", \"SHIROUZU Hiroaki and FastCopy Lab Installer 1996-2024\");\n\nfunction detect() {\n if (PE.compareEP(\"E8....0000E9\")) {\n if (PE.compareOverlay(\"0A'======================================================================'0A'IP2:'\")) {\n sVersion = \"5.X - .zlib ovl\";\n bDetected = true;\n }\n }\n\n return result();\n}\n" }, { "path": "db_extra/PE/installer_Store_Installer.1.sg", "content": "// Detect It Easy: detection rule file\n\nmeta(\"installer\", \"Store Installer\");\n\nfunction detect() {\n if (PE.isNET()) {\n if (PE.getVersionStringInfo(\"InternalName\") == \"StoreInstaller.exe\") {\n sVersion = PE.getVersionStringInfo(\"FileVersion\");\n bDetected = true;\n }\n }\n\n return result();\n}\n" }, { "path": "db_extra/PE/installer_TrueCrypt-VeraCrypt_installer.1.sg", "content": "// Detect It Easy: detection rule file format\n// Author: A.S.L. 2019.05 updated 2025.01.31\n\nmeta(\"installer\", \"TrueCrypt or VeraCrypt installer\");\n\nfunction detect() {\n if (PE.compareEP(\"E8....0000E9\") && PE.compareOverlay(\"..'CINSTRT'\")) {\n sVersion = \"1.X-7.X\";\n bDetected = true;\n } else {\n // VeraCrypt only, TrueCrypt closed\n if (PE.compareEP(\"558BEC83EC0C56\") && PE.compareOverlay(\"'VCINSTRT'\")) {\n sVersion = \"1.26 2025\";\n bDetected = true;\n }\n }\n\n return result();\n}" }, { "path": "db_extra/PE/joiner_Anskya_Binder.2.sg", "content": "// Detect It Easy: detection rule file\n\nmeta(\"joiner\", \"Anskya Binder\");\n\nfunction detect() {\n if (PE.compareEP(\"BE........BB........33ED83EE04392E7411\")) {\n sVersion = \"1.1\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db_extra/PE/joiner_Blade_Joiner.1.sg", "content": "// Detect It Easy: detection rule file\n\nmeta(\"joiner\", \"Blade Joiner\");\n\nfunction detect() {\n if (PE.compareEP(\"558BEC81C4E4FEFFFF53565733C08945F08985\")) {\n sVersion = \"1.5\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db_extra/PE/joiner_DJoin.1.sg", "content": "// Detect It Easy: detection rule file\n\nmeta(\"joiner\", \"DJoin\");\n\nfunction detect() {\n if (PE.compareEP(\"C605........00C605........00................00........00..........00\")) {\n sVersion = \"0.7 public\";\n sOptions = \"RC4 encryption\";\n bDetected = true;\n } else if (PE.compareEP(\"C605........00................00........00..........00\")) {\n sVersion = \"0.7 public\";\n sOptions = \"xor encryption\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db_extra/PE/joiner_ExeJoiner.1.sg", "content": "// Detect It Easy: detection rule file\n\nmeta(\"joiner\", \"ExeJoiner\");\n\nfunction detect() {\n if (PE.compareEP(\"68........6804010000E83903000005........C6005C680401000068\")) {\n sVersion = \"1.0\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db_extra/PE/keygen_keygens.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"keygen\", \"Keygen\");\n\nfunction detect() {\n if (PE.compareEP(\"6a..e8........a3........c705................c705................c705................c705................c705................a1........a3........6a..ff35........e8........a3........a3........68\")) {\n sOptions = \"by Dimedrol //CORE\";\n bDetected = true;\n } else if (PE.compareEP(\"606a..e8........a3........6a..6a..6a..e8........506a..e8........50\")) {\n sOptions = \"by promethee //ECLIPSE\";\n bDetected = true;\n } else if (PE.compareEP(\"6a..e8........a3........68........6a..6a..6a..6a..68........6a..6a..6a..68........6a..6a..6a..6a..e8........a3........6a\")) {\n sOptions = \"by Duelist //CORE\";\n bDetected = true;\n } else if (PE.compareEP(\"6a..e8........a3........6a..68........6a..6a..50e8........50e8........c3\")) {\n sOptions = \"2000 by Duelist //CORE\";\n bDetected = true;\n } else if (PE.compareEP(\"6a..e8........a3........33c066b8....6a..68........6a..50ff35........e8........e8........c8......53575633c0668b45..663d....75..eb\")) {\n sOptions = \"by //oDDiTy\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db_extra/PE/library_DS.Flexlm.4.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"library\");\n\nfunction detect() {\n var nSize = PE.isOverlayPresent() ? PE.getOverlayOffset() : PE.getSize();\n\n if (nSize > 50000000)\n nSize = 50000000;\n\n var nOffset = PE.findSignature(0, nSize, \"'@(#) F'\");\n if (nOffset != -1) {\n sName = File.cleanString(PE.getString(nOffset, 200).match(/\\w\\S*/i));\n sVersion = File.cleanString(PE.getString(nOffset, 200).match(/\\d\\S*/i));\n\n if (sVersion && sVersion.length < 32) {\n bDetected = true;\n }\n }\n\n return result();\n}" }, { "path": "db_extra/PE/library_DS.RLM.4.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"library\", \"Reprise License Manager (RLM)\");\n\nfunction detect() {\n // I'm (adoxa) guessing these don't occur in the overlay, so don't search it (avoid wasting time on big installers).\n var nSize = PE.isOverlayPresent() ? PE.getOverlayOffset() : PE.getSize();\n\n if (nSize > 50000000)\n nSize = 50000000;\n\n var nOffset = PE.findString(0, nSize, \"Reprise License Manager (RLM)\");\n if (nOffset !== -1) {\n sVersion = PE.getString(nOffset, 200).match(/\\d\\S*\\w/i);\n bDetected = true;\n nOffset = PE.findSignature(0, nSize, \"44894c24..4c894424..48895424..48894c24..b8........e8........482be0488b05........4833c448898424........48c78424................48c78424................48c78424................c74424..........c74424..........488b8424........4805........48894424..c74424..........c74424..........c74424..........c78424................4883bc24..........74..488b8424........c7\");\n //v8.0-9.1 x64\n if (nOffset !== -1) {\n sOptions = \"rlm_pubkey at \" + nOffset;\n }\n }\n\n return result();\n}" }, { "path": "db_extra/PE/packer_BobPack.2.sg", "content": "// Detect It Easy: detection rule file\n\nmeta(\"packer\", \"BobPack\");\n\nfunction detect() {\n if (PE.compareEP(\"60E8000000008B0C2489CD83E90681ED........E83D0000008985........89C2B85D0A00008D0408E8E40000008B700401D6E876000000E851010000E80101\")) {\n sVersion = \"1.00\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db_extra/PE/packer_Feokt.2.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"packer\", \"Feokt run-time\");\n\nfunction detect() {\n if (PE.compareEP(\"8925........bf........31c0b9........29f9fcf3aa9bdbe350669bd93c249b\")) {\n sOptions = \"by Max Feoktistov\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db_extra/PE/packer_IMPostor_Pack.2.sg", "content": "// Detect It Easy: detection rule file\n\nmeta(\"packer\", \"IMPostor Pack\");\n\nfunction detect() {\n if (PE.compareEP(\"BE........83C601FFE600000000....000000000000000000......00..02....00100000000200\")) {\n sVersion = \"1.0\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db_extra/PE/packer_Native_UD_Packer.2.sg", "content": "// Detect It Easy: detection rule file\n\nmeta(\"packer\", \"Native UD Packer\");\n\nfunction detect() {\n if (PE.compareEP(\"31C031DB31C9EB0E6A006A006A006A00FF15........FF15........89C768\")) {\n sVersion = \"1.1\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db_extra/PE/packer_TomatoX.2.sg", "content": "// Detect It Easy: detection rule file\n// Author: KDSS-Research\n\nmeta(\"packer\", \"TomatoX\");\n\nfunction detect() {\n if (PE.isSectionNamePresent(\".tomato\")) {\n bDetected = true;\n }\n return result();\n}" }, { "path": "db_extra/PE/packer_bbfb.2.sg", "content": "// Detect It Easy: detection rule file\n// Author: sendersu\n/*\nIf errors pls contact sendersu on cracklab.team\n*/\n\n// https://www.flashbackrecorder.com/\n\nmeta(\"packer\", \"Blueberry/FLASHBACK\");\n\nfunction detect() {\n if (PE.findString(0, PE.getSize(), \"BB FlashBack Movie\") != -1) {\n if (PE.compare(\"'FBPE'\", PE.getSize() - 4)) {\n bDetected = true;\n }\n\n sVersion = PE.getFileVersion();\n }\n\n return result();\n}" }, { "path": "db_extra/PE/patcher_Patch.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"patcher\", \"Patch\");\n\nfunction detect() {\n if (PE.compareEP(\"e8$$$$$$$$558bec81c4........5657536a..e8........a3........c745..........6a..68........6a..e8\")) {\n for (var i = 0; i < PE.resource.length; i++) {\n if (PE.resource[i].Type == \"RT_RCDATA\") {\n if (PE.compare(\"a28ff4c4\", PE.resource[i].Offset)) {\n sVersion = \"2.0\";\n bDetected = true;\n break;\n }\n }\n }\n }\n\n return result();\n}" }, { "path": "db_extra/PE/protection_DS.Key-Lok_II_dongle.5.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"protection\", \"Key-Lok II dongle reference\");\n\nfunction detect() {\n // I'm (adoxa) guessing these don't occur in the overlay, so don't search it (avoid wasting time on big installers).\n var nOffset = 0;\n var endOffset = PE.isOverlayPresent() ? PE.getOverlayOffset() : PE.getSize();\n while (true) {\n nOffset = PE.findString(nOffset, endOffset - nOffset, \"\\\\.\\\\\");\n if (nOffset == -1) break;\n nOffset += 4;\n if (PE.compare(\"'KeyDongle_0'\", nOffset)) {\n bDetected = true;\n break;\n }\n }\n\n return result();\n}" }, { "path": "db_extra/PE/protection_DS.Novex_dongle.4.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"protection\", \"Novex/Guardant dongle reference\");\n\nfunction detect() {\n // I'm (adoxa) guessing this don't occur in the overlay, so don't search it (avoid wasting time on big installers).\n if (PE.findString(0, PE.isOverlayPresent() ? PE.getOverlayOffset() : PE.getSize(), \"\\\\\\\\.\\\\NVKEY\") != -1) {\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db_extra/PE/protection_DS.Rockey4_dongle.5.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"protection\", \"Rockey4 dongle reference\");\n\nfunction detect() {\n // I'm (adoxa) guessing these don't occur in the overlay, so don't search it (avoid wasting time on big installers).\n var nOffset = 0;\n var endOffset = PE.isOverlayPresent() ? PE.getOverlayOffset() : PE.getSize();\n while (true) {\n nOffset = PE.findString(nOffset, endOffset - nOffset, \"\\\\.\\\\\");\n if (nOffset == -1) break;\n nOffset += 4;\n if (PE.compare(\"'ROCKEY'\", nOffset) ||\n PE.compare(\"'rockey'\", nOffset)) {\n bDetected = true;\n break;\n }\n }\n\n return result();\n}" }, { "path": "db_extra/PE/protection_DS.Wizzkey_dongle.5.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"protection\", \"Wizzkey dongle reference\");\n\nfunction detect() {\n // I'm (adoxa) guessing this doesn't occur in the overlay, so don't search it (avoid wasting time on big installers).\n if (PE.findString(0, PE.isOverlayPresent() ? PE.getOverlayOffset() : PE.getSize(), \"\\\\\\\\.\\\\WIZZKEYRL\") != -1) {\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db_extra/PE/protector_ARM_Protector.2.sg", "content": "// Detect It Easy: detection rule file\n\nmeta(\"protector\", \"ARM Protector\");\n\nfunction detect() {\n if (PE.compareEP(\"E8040000008360EB0C5DEB05\")) {\n switch (PE.readDword(PE.nEP + 42)) {\n case 0xAB3: sVersion = \"0.5\"; break;\n case 0xBA1: sVersion = \"0.6\"; break;\n default:\n sVersion = \"0.1b-0.3b\";\n }\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db_extra/PE/protector_ASPR_Stripper.2.sg", "content": "// Detect It Easy: detection rule file\n\nmeta(\"protector\", \"ASPR Stripper\");\n\nfunction detect() {\n if (PE.compareEP(\"BB........E9........609CFCBF........B9........F3AA9D61C3558BEC\")) {\n sVersion = \"2.X\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db_extra/PE/protector_Adept_Protector.2.sg", "content": "// Detect It Easy: detection rule file\n\nmeta(\"protector\", \"Adept Protector\");\n\nfunction detect() {\n if (PE.isNET()) {\n var nOffset = PE.findString(PE.section[0].FileOffset, PE.section[0].FileSize, \"ByAdeptProtector\");\n if (nOffset != -1) {\n if (PE.compare(\"'Smashed'\", nOffset - 7)) {\n sOptions = \"Evaluation\";\n } else if (PE.compare(\"'STAThreadAttribute'\", nOffset + 17)) {\n sVersion = \"2.1\";\n }\n\n bDetected = true;\n }\n }\n\n return result();\n}" }, { "path": "db_extra/PE/protector_Alex_Protector.2.sg", "content": "// Detect It Easy: detection rule file\n\nmeta(\"protector\", \"Alex Protector\");\n\nfunction detect() {\n if (PE.compareEP(\"60E8000000005D81ED06104000E824000000\")) {\n sVersion = \"1.0\";\n bDetected = true;\n } else if (PE.compareEP(\"60E801000000C783C40433C9E8010000006883C404E8010000006883C404\")) {\n sVersion = \"0.4 beta 1\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db_extra/PE/protector_Alloy.2.sg", "content": "// Detect It Easy: detection rule file\n\nmeta(\"protector\", \"Alloy\");\n\nfunction detect() {\n if (PE.compareEP(\"9C60E802......33C08BC483C004938BE38B5BFC81EB........87DD6A0468001000006800..00006A00FF95........0B\")) {\n sVersion = \"4.x\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db_extra/PE/protector_Apex-c.2.sg", "content": "// Detect It Easy: detection rule file\n\nmeta(\"protector\", \"Apex-c\");\n\nfunction detect() {\n if (PE.compareEP(\"68........B9FFFFFF0001D0F7E2720148E2F7B9FF0000008B34248036FD46E2FAC3\")) {\n sVersion = \"BLT Apex 4.0\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db_extra/PE/protector_BitShape_PE_Crypt.2.sg", "content": "// Detect It Easy: detection rule file\n\nmeta(\"protector\", \"BitShape PE Crypt\");\n\nfunction detect() {\n if (PE.compareEP(\"60E8000000005D81ED........B97B0900008DBD........8BF7AC\")) {\n sVersion = \"1.5\";\n bDetected = true;\n } else if (PE.compareEP(\"E8000000005B83EB05EB04'RND!'EB02CD20EB\")) {\n sVersion = \"1.0-1.02\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db_extra/PE/protector_BlindSpot.2.sg", "content": "// Detect It Easy: detection rule file\n\nmeta(\"protector\", \"BlindSpot\");\n\nfunction detect() {\n if (PE.compareEP(\"558BEC81EC500200008D85B0FEFFFF5356A3........578D85B0FDFFFF680001000033F65056FF15........5668800000006A0356568D85B0FDFFFF680000008050FF15........56566800080000508945FCFF15\")) {\n sVersion = \"1.00\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db_extra/PE/protector_Break_Into_Pattern.2.sg", "content": "// Detect It Easy: detection rule file\n\nmeta(\"protector\", \"Break-Into-Pattern\");\n\nfunction detect() {\n if (PE.compareEP(\"E9$$$$$$$$EB14\")) {\n sVersion = \"0.1\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db_extra/PE/protector_CDS_SS.2.sg", "content": "// Detect It Easy: detection rule file\n\nmeta(\"protector\", \"CDS SS\");\n\nfunction detect() {\n if (PE.compareEP(\"60E8000000005D81ED........FF742420E8D30300000BC00F84130300008985........668CD8A804740CC785\")) {\n sVersion = \"1.0 beta1\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db_extra/PE/protector_CodeSafe.2.sg", "content": "// Detect It Easy: detection rule file\n\nmeta(\"protector\", \"CodeSafe\");\n\nfunction detect() {\n if (PE.compareEP(\"83EC10535657E8C40100\", 23)) {\n sVersion = \"2.0\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db_extra/PE/protector_DEF.2.sg", "content": "// Detect It Easy: detection rule file\n\nmeta(\"protector\", \"DEF\");\n\nfunction detect() {\n if (PE.compareEP(\"BE........6A..59807E070074118B460C05........8B56103010404A75FA83C628E2E4\")) {\n sVersion = \"1.0\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db_extra/PE/protector_DirTy_CrYpt0r.2.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"protector\", \"DirTy CrYpt0r\");\n\nfunction detect() {\n if (PE.compareEP(\"b8........32dbfec33018403d........7e..68........e8\")) {\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db_extra/PE/protector_EP.2.sg", "content": "// Detect It Easy: detection rule file\n\nmeta(\"protector\", \"EP\"); // ?????????????\n\nfunction detect() {\n if (PE.compareEP(\"5083C0178BF09733C033C9B124AC86C4ACAA86C4AAE2F600B8400003003C40D2338B661450708B8D3402448B1810487003BA\")) {\n sVersion = \"1.0\";\n bDetected = true;\n } else if (PE.compareEP(\"6A..60E90101\")) {\n sVersion = \"2.0\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db_extra/PE/protector_EXECrypt.2.sg", "content": "// Detect It Easy: detection rule file\n\nmeta(\"protector\", \"EXECrypt\");\n\nfunction detect() {\n if (PE.compareEP(\"909060E8000000005D81ED........B91500000083C10483C101EB05EBFE83C756EB00EB00\")) {\n sVersion = \"1.0\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db_extra/PE/protector_EXERefactor.2.sg", "content": "// Detect It Easy: detection rule file\n\nmeta(\"protector\", \"EXERefactor\");\n\nfunction detect() {\n if (PE.compareEP(\"558BEC81EC900B0000535657E9588C0100'USCATION'\")) {\n sVersion = \"0.1\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db_extra/PE/protector_Embed_PE.2.sg", "content": "// Detect It Easy: detection rule file\n\nmeta(\"protector\", \"Embed PE\");\n\nfunction detect() {\n if (PE.compareEP(\"83EC506068........E8....0000\")) {\n switch (PE.readWord(PE.nEP + 10)) {\n case 0x992F:\n sVersion = \"1.13\";\n break;\n case 0xFFCB:\n sVersion = \"1.24\";\n break;\n default:\n sVersion = \"1.X\";\n break;\n }\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db_extra/PE/protector_EncryptPE.2.sg", "content": "// Detect It Easy: detection rule file\n\nmeta(\"protector\", \"EncryptPE\");\n\nfunction detect() {\n if (PE.compareEP(\"609C64FF3500000000E8\")) {\n switch (PE.readDword(PE.nEP + 10)) {\n case 0x179:\n sVersion = \"1.2003.3.18-1.2003.5.18\";\n break;\n case 0x17a:\n sVersion = \"2.2004.6.16-2.2006.6.30\";\n break;\n case 0x173:\n sVersion = \"2.2006.7.10-2.2006.10.25\";\n break;\n case 0x21b:\n sVersion = \"2.2007.04.11\";\n break;\n }\n\n bDetected = true;\n }\n // else if (PE.compareEP(\"807c24....0f85........60be........8dbe........5783cd..eb\")) {\n // sOptions = \"Delphi file protected\";\n // bDetected = true;\n // }\n\n return result();\n}" }, { "path": "db_extra/PE/protector_ExeSafeguard.2.sg", "content": "// Detect It Easy: detection rule file\n\nmeta(\"protector\", \"ExeSafeguard\");\n\nfunction detect() {\n if (PE.isSignatureInSectionPresent(PE.nLastSection, \"C05DEB4EEB47DF694E58DF5974F3EB01DF75EE9A599C81C1E2FFFFFFEB01DF9DFFE1E851E8EBFFFFFF\")) {\n sVersion = \"1.0\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db_extra/PE/protector_ExeSmasher.2.sg", "content": "// Detect It Easy: detection rule file\n\nmeta(\"protector\", \"ExeSmasher\");\n\nfunction detect() {\n if (PE.compareEP(\"9CFE03..60BE........8DBE..10FFFF5783CDFFEB10\")) {\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db_extra/PE/protector_Exe_Locker.2.sg", "content": "// Detect It Easy: detection rule file\n\nmeta(\"protector\", \"Exe Locker\");\n\nfunction detect() {\n if (PE.compareEP(\"E800000000608B6C242081ED05000000\")) {\n sVersion = \"1.0\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db_extra/PE/protector_FakeNinja.2.sg", "content": "// Detect It Easy: detection rule file\n\nmeta(\"protector\", \"FakeNinja\");\n\nfunction detect() {\n if (PE.compareEP(\"64A118000000EB02C3118B4030EB010F0FB6400283F80174FEEB01E890C0FFFFEB03BDF4B564A1300000000\")) {\n sVersion = \"2.8\";\n sOptions = \"Anti-Debug\";\n bDetected = true;\n } else if (PE.compareEP(\"BA........FFE2........FF35........E840\")) {\n sVersion = \"2.8\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db_extra/PE/protector_FixupPak.2.sg", "content": "// Detect It Easy: detection rule file\n\nmeta(\"protector\", \"FixupPak\");\n\nfunction detect() {\n if (PE.compareEP(\"55E8000000005D81ED....0000BE00..000003F5BA0000....2BD58BDD33C0AC3C00743D3C01740E\")) {\n sVersion = \"1.20\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db_extra/PE/protector_Fuck_n_Joy.2.sg", "content": "// Detect It Easy: detection rule file\n\nmeta(\"protector\", \"Fuck n Joy\");\n\nfunction detect() {\n if (PE.compareEP(\"60E8000000005D81ED........FF742420E88C0200000BC00F842C0100008985\")) {\n sVersion = \"1.0c\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db_extra/PE/protector_Fusion.2.sg", "content": "// Detect It Easy: detection rule file\n\nmeta(\"protector\", \"Fusion\");\n\nfunction detect() {\n if (PE.compareEP(\"68........68........E80903000068........E8C7020000\")) {\n sVersion = \"1.0\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db_extra/PE/protector_GuardantStealth.2.sg", "content": "// Detect It Easy: detection rule file\n\nmeta(\"protector\", \"Guardant Stealth\");\n\nfunction detect() {\n if (PE.getNumberOfImports() == 1) {\n if (PE.getImportLibraryName(0) == \"NOVEX32.dll\") {\n bDetected = true;\n }\n }\n\n return result();\n}" }, { "path": "db_extra/PE/protector_ICrypt.2.sg", "content": "// Detect It Easy: detection rule file\n\nmeta(\"protector\", \"ICrypt\");\n\nfunction detect() {\n if (PE.compareEP(\"558BEC83C4EC53565733C08945ECB8703B0010E83CFAFFFF33C055686C3C00\")) {\n sVersion = \"1.0\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db_extra/PE/protector_ID_Application_Protector_NoNamePacker.2.sg", "content": "// Detect It Easy: detection rule file\n\nmeta(\"protector\", \"ID Application Protector (NoNamePacker)\");\n\nfunction detect() {\n if (PE.compareEP(\"60E8000000005D81ED........B9........81E9........89EA81C2........8D3A89FE31C0E9D3020000CCCCCCCCE9CA020000'C:\\\\Windows\\\\SoftWareProtector\\\\'\")) {\n sVersion = \"1.2\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db_extra/PE/protector_KGCrypt.2.sg", "content": "// Detect It Easy: detection rule file\n\nmeta(\"protector\", \"KGCrypt\");\n\nfunction detect() {\n if (PE.compareEP(\"E8........5D81ED........64A1........84C074..64A1........0BC074\")) {\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db_extra/PE/protector_MZ-Crypt.2.sg", "content": "// Detect It Easy: detection rule file\n\nmeta(\"protector\", \"MZ-Crypt\");\n\nfunction detect() {\n if (PE.compareEP(\"60E8000000005D81ED251440008BBD771440008B8D7F144000EB28837F1C07751E8B770C03B57B14\")) {\n sVersion = \"1.0\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db_extra/PE/protector_Minke.2.sg", "content": "// Detect It Easy: detection rule file\n\nmeta(\"protector\", \"Minke\");\n\nfunction detect() {\n if (PE.compareEP(\"558BEC83C4F053..........10E87AF6FFFFBE........33C05568........64FF30648920E8FAF8FFFFBA\")) {\n sVersion = \"1.0.1\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db_extra/PE/protector_Morphine.2.sg", "content": "// Detect It Easy: detection rule file\n\nmeta(\"protector\", \"Morphine\");\n\nfunction detect() {\n if (PE.compareEP(\"FF25........8BC0FF25........8BC0\")) {\n sVersion = \"1.2-1.3\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db_extra/PE/protector_NecroVM.Virt.2.sg", "content": "// Detect It Easy: detection rule file\n// NecroVM by DosX\n\nfunction detect() {\n if (PE.isNet()) {\n if (PE.getString(0x2e, 13) == \"It's NecroVM!\" &&\n PE.isSignatureInSectionPresent(0, \"5F00'VmLoad'00'mscorlib'\")) {\n\n var nOffset = PE.findString(0x1f0, 16, \"v\"),\n version = \"\";\n\n if (nOffset != -1) {\n version = PE.getString(nOffset + 1, 0x1ff - nOffset);\n }\n _setResult(\"packer\", \"NecroVM Compressor\", version, \"LZMAT\");\n return \"\"; // There is no point in analyzing anything further\n }\n\n const references = [\"System.Reflection\", \"System.Security.Cryptography\", \"System.Runtime.InteropServices\"];\n for (var i = 0; i < references.length; i++)\n if (!PE.isSignatureInSectionPresent(0, \"00'\" + references[i] + \"'00\")) // 00'keyValue'00\n return \"\";\n\n const vmCore = \"NecroVM.Runtime\"; // Virtual machine namespace\n\n if (PE.isSignatureInSectionPresent(0, \"50??'\" + vmCore + \"'\") && PE.isNetObjectPresent(vmCore) && // check for core\n PE.isSignatureInSectionPresent(0, \"'info'00'flags'00'nativeEntry'00'nativeSizeOfCode'\")) {\n\n if (PE.isSignatureInSectionPresent(0, \"0005'_'00'_'00\")) // code isolation\n _setResult(\"protection\", \"NecroVM Code Container\", \"\", \"\");\n\n if (PE.isSignatureInSectionPresent(0, \"2000690073002000740061006d00700065007200650064002e00\")) // check for anti-tamper\n _setResult(\"protection\", \"NecroVM Anti-Tamper\", \"\", \"\");\n\n var options = \"Virtualization\"\n\n if (PE.isSignatureInSectionPresent(0, \"00'm_1'\")) {\n options += \" + Obfuscation\"\n }\n\n _setResult(\"protector\", \"NecroVM\", \"2.X\", options);\n }\n }\n\n return result();\n}" }, { "path": "db_extra/PE/protector_NoodleCrypt.2.sg", "content": "// Detect It Easy: detection rule file\n\nmeta(\"protector\", \"NoodleCrypt\");\n\nfunction detect() {\n if (PE.compareEP(\"EB019AE8..000000EB019AE8....0000EB019AE8....0000EB01\")) {\n sVersion = \"2.0\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db_extra/PE/protector_PE-Admin.2.sg", "content": "// Detect It Easy: detection rule file\n\nmeta(\"protector\", \"PE-Admin\");\n\nfunction detect() {\n if (PE.compareEP(\"609C64FF3500000000E879010000900000000000000000000000................0000000000000000000000000000000000000000\")) {\n sVersion = \"1.0\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db_extra/PE/protector_PENightMare.2.sg", "content": "// Detect It Easy: detection rule file\n\nmeta(\"protector\", \"PENightMare\");\n\nfunction detect() {\n if (PE.compareEP(\"60E9........EF4003A7078F071C375D43A704B92C3A\")) {\n sVersion = \"2 Beta\";\n bDetected = true;\n } else if (PE.compareEP(\"60E8000000005DB9........8031154181F9\")) {\n sVersion = \"1.3\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db_extra/PE/protector_PE_Quake.2.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"protector\", \"PE Quake\");\n\nfunction detect() {\n if (PE.compareEP(\"e8$$$$$$$$5d81ed........8d75..56ff55..8db5........5650ff55..8985........6a..68\")) {\n sVersion = \"0.06\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db_extra/PE/protector_Pe123.2.sg", "content": "// Detect It Easy: detection rule file\n\nmeta(\"protector\", \"Pe123\");\n\nfunction detect() {\n if (PE.compareEP(\"8BC0609CE801000000C353E87200000050E81C0300008BD8FFD35BC3\")) {\n sVersion = \"2006.4.12\";\n bDetected = true;\n } else if (PE.compareEP(\"8BC0EB013460EB012A9CEB02EAC8E80F000000EB033D2323EB014AEB015BC3\")) {\n sVersion = \"2006.4.4\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db_extra/PE/protector_PolyEnE.2.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"protector\", \"PolyEnE\");\n\nfunction detect() {\n if (PE.compareEP(\"6083ec..c70424........5868........8b0c2483c4..fff051ff15........50eb\")) {\n bDetected = true;\n } else if (PE.compareEP(\"6068........8b04..83c4..83ec..c70424........595051ff15........eb\")) {\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db_extra/PE/protector_PwdProtect.2.sg", "content": "// Detect It Easy: detection rule file\n// Made by KDSS-Research\n\nmeta(\"protector\", \"PwdProtect\");\n\nfunction detect() {\n if (PE.isSectionNamePresent(\".pwdprot\")) {\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db_extra/PE/protector_QQProtect.2.sg", "content": "// Detect It Easy: detection rule file\n\n// Author: DosX\n// E-Mail: collab@kay-software.ru\n// GitHub: https://github.com/DosX-dev\n// Telegram: @DosX_dev\n\ninit(\"protector\", \"QQProtect\");\n\nfunction detect() {\n if (PE.isResourceNamePresent(\"QQPROTECT\")) {\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db_extra/PE/protector_Sepanta.2.sg", "content": "// Detect It Easy: detection rule file\n// Author: sendersu\n// If errors pls contact sendersu on cracklab.team\n\nmeta(\"protector\", \"Sepanta\");\n\nfunction detect() {\n if (PE.isOverlayPresent()) {\n if (PE.findString(PE.getOverlayOffset(), 4096, \"\") != -1 ||\n PE.findString(PE.getOverlayOffset(), 4096, \"\") != -1) {\n bDetected = true;\n }\n }\n\n return result();\n}" }, { "path": "db_extra/PE/protector_Soft_Defender.2.sg", "content": "// Detect It Easy: detection rule file\n\nmeta(\"protector\", \"Soft Defender\");\n\nfunction detect() {\n if (PE.compareEP(\"74$$74$$78$$68A2AF470159E8\")) { // 07 1F 0F\n bDetected = true;\n\n if (PE.compareEP(\"BA010000\", 72)) {\n sVersion = \"1.0-1.1\";\n } else if (PE.compareEP(\"BE010000\", 73)) {\n sVersion = \"1.12\";\n } else {\n sVersion = \"1.X\";\n }\n }\n\n return result();\n}" }, { "path": "db_extra/PE/protector_TheHypers.2.sg", "content": "// Detect It Easy: detection rule file\n\nmeta(\"protector\", \"TheHypers\");\n\nfunction detect() {\n if (PE.compareEP(\"558BEC83EC148BFCE8$$$$$$$$5EE80D000000'kernel32.dll'00\")) {\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db_extra/PE/protector_WinKript.2.sg", "content": "// Detect It Easy: detection rule file\n\nmeta(\"protector\", \"WinKript\");\n\nfunction detect() {\n if (PE.compareEP(\"33C08BB8........8B90........85FF74..33C950EB..8A0439C0C8..34..880439413BCA72..58\")) {\n sVersion = \"1.0\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db_extra/PE/protector_Wind_of_Crypt.2.sg", "content": "// Detect It Easy: detection rule file\n\nmeta(\"protector\", \"Wind of Crypt\");\n\nfunction detect() {\n if (PE.compareEP(\"558BEC83C4EC53........8945ECB8........E828EAFFFF33C05568\")) {\n sVersion = \"1.0\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db_extra/PE/protector_Xtreme-Protector.2.sg", "content": "// Detect It Easy: detection rule file\n\nmeta(\"protector\", \"Xtreme-Protector\");\n\nfunction detect() {\n if (PE.compareEP(\"B8........B9........5051E805000000E94A010000608B7424248B7C2428FCB2808A0646880747BB0200000\")) {\n sVersion = \"1.06\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db_extra/PE/protector_muckis_protector.2.sg", "content": "// Detect It Easy: detection rule file\n\nmeta(\"protector\", \"mucki's protector\");\n\nfunction detect() {\n if (PE.compareEP(\"BE........B9........8A06F6D0880646E2F7E9\")) {\n bDetected = true;\n } else if (PE.compareEP(\"E8240000008B4C240CC70117000100C781B80000000000000031C0894114894118806A00\")) {\n sVersion = \"II\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db_extra/PE/sfx_ADS_Self_Extractor.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"sfx\", \"ADS Self-Extractor\");\n\nfunction detect() {\n if (PE.compareEP(\"e8$$$$$$$$8bff558bec83ec..a1........8365....8365....5357bf........bb........3bc774\")) {\n bDetected = PE.compareOverlay(\"7b00320030003700320036003300370037002d00\");\n } else if (PE.compareEP(\"558bec6a..68........68........64a1........50648925........83ec..5356578965..ff15\")) {\n bDetected = PE.findSignature(PE.getOverlayOffset(), Math.min(0x100, PE.getOverlaySize()), \"7b00320030003700320036003300370037002d00\") !== -1;\n }\n\n return result();\n}" }, { "path": "db_extra/PE/sfx_CipherWall.1.sg", "content": "// Detect It Easy: detection rule file\n\nmeta(\"sfx\", \"CipherWall\");\n\nfunction detect() {\n if (PE.compareEP(\"9061BE........8DBE0000FEFFC787C0200200\")) {\n sVersion = \"1.5\";\n switch (PE.getEPSignature(19, 14)) {\n case \"0B6E5B9B5783CDFFEB0E90909090\":\n sOptions = \"Decryptor Console\";\n break;\n case \"F989C76A5783CDFFEB0E90909090\":\n sOptions = \"Decryptor GUI\";\n break;\n }\n\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db_extra/PE/tool_UPX_shit.2.sg", "content": "// Detect It Easy: detection rule file\n\nmeta(\"tool\", \"UPX shit\");\n\nfunction detect() {\n if (PE.compareEP(\"E2FA94FFE06100000000000000\")) {\n sVersion = \"0.0.1\";\n bDetected = true;\n } else if (PE.compareEP(\"94BC......00B9..00000080340C..E2FA94FFE061\")) {\n sVersion = \"0.0.1\";\n bDetected = true;\n } else if (PE.compareEP(\"B8....4300B915000000803408..E2FAE9D6FFFFFF\")) {\n sVersion = \"0.06\";\n bDetected = true;\n } else if (PE.compareEP(\"E8000000005E83C614AD89C7AD89C1AD300747E2FBADFFE0C3\")) {\n sVersion = \"0.1\";\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db_extra/PE/tool_UPXcrypter.2.sg", "content": "// Detect It Easy: detection rule file\n\nmeta(\"tool\", \"UPXcrypter\");\n\nfunction detect() {\n if (PE.compareEP(\"BF......0081FF......007410812F..00000083C704BB05....00FFE3BE......00FFE600000000\")) {\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db_extra/PE/virus_Win9x_CIH.1.sg", "content": "// Detect It Easy: detection rule file\n// Author: hypn0 \n\nmeta(\"virus\", \"Win9x.CIH\");\n\nfunction detect() {\n if (PE.compareEP(\"558d4424f833db648703e8000000005b8d4b425150500f014c24fe5b83c31cfa\")) {\n bDetected = true;\n }\n\n return result();\n}" }, { "path": "db_extra/about.txt", "content": "\"db_extra\" contains detection rules and scripts that were not approved for inclusion in the main database.\nSome of these rules may trigger only a few positive detections across the entire internet.\n\nUsing this default database is NOT RECOMMENDED as it is not optimized or actively maintained." }, { "path": "dbs_min/db/.vscode/about.txt", "content": "This directory is responsible for correct recognition of *.sg files by Visual Studio Code. You can delete it if you don't need it." }, { "path": "dbs_min/db/.vscode/settings.json", "content": "{\n \"files.associations\": {\n \"*.sg\": \"javascript\"\n }\n}" }, { "path": "dbs_min/db/ACE", "content": "function detect_ACE(e){var i,e=e?(i=0,File.getSize()):(i=File.getOverlayOffset(),File.getOverlaySize())\nif(48X.Sz()?o.addIfNone(\"!short\"):o)&&(sVersion=sVersion.appendS(\"/malformed\"+o,\"/\")),X.isVerbose()&&(sOptionT(addEllipsis(meta),'info:\"','\"'),sOption(outSz(d),\"sz:\"))}else if(X.c(\"'AT8X'\")&&isWithin(t0p=X.U32(28),36,64)&&X.c(\"0000\",t0p+4)&&isWithin(t0sz=X.U32(t0p),(t0hdsz=X.U32(t0p+20))+X.U32(t0p+t0hdsz),4096)&&isWithin(t0sec=X.U16(t0p+10),1,40)&&X.U32(t0p+t0hdsz)==8+8*t0sec){if(sName=\"Atari VAPI/ATX disk image (.ATX)\",sVersion=\"v\"+X.U16(4),bDetected=1,X.isVerbose()){for(a=0,d=t0p,sec=0;a<40&&d'\")&&X.c(\"''\",(S=X.U16(17,_LE))-8))sName=\"Bally Arcade/Astrocade BASIC tape (.BIN)\",bDetected=1,X.isVerbose()&&sOption(outSz(S),\"sz:\")\nelse if(X.c(\"0E0000800E..FFFE........FFFFFFFF020000000200..FFFFFFFFFE\")&&0<=[31,47].indexOf(X.U8(5))&&0<=[31,127].indexOf(X.U8(353)))sName=\"Casio Loopy (big-endian) cartridge (.BIN)\",bDetected=1\nelse if(X.c(\"4C....4C....01'CBM::::::::'\")&&X.c(\"FF\",13118)&&X.c(\"FF\",14720))sName=\"Commodore Plus/4 cartridge (.BIN)\",bDetected=1\nelse if(X.c(\"000003\",8)&&X.c(\"'DMC '\",256)&&X.c(\"' GM 00000000-00'\",352))sName=\"AtGames/中娛/愛勝 Firecore digital media cartridge (.BIN)\",bDetected=1\nelse if(X.c(\"F50400\")&&X.c(\"04\",2048)&&X.c(\"8383\",2056)&&4096==F.Sz())sName=\"Entex Adventure Vision cartridge (.BIN)\",bDetected=1\nelse if(!X.c(\"55..40..40....00\")&&!X.c(\"5512521252B0\")||X.U8(1)!=X.U8(3)||8192!=X.Sz()&&16384!=X.Sz())if(X.c(\"BBA56EB3E9C5A7A4CCB3D7B2CFA8CEA5CCAAA3A46FB1EFB9BBA56EB3E9C569B6E6A6F4A5F3A6CFA456A675A47BB5'r(vereese gnniee)rB'A1CFA4D5B2B6C442A1CFA473BDB6C4CEA9F3A7EFA7BBA56EB3E9C5ECAD6CA97BB5A1A65DB370AD57A4EFB96EB3E9C5BAAAEAC277A950BBD1B8A3B0EAC277A9'rTdamera kybU inet diMrceoeltcorinscC ro.pa dnF nuethcE tnreatniemtnC ro.pA llr gith seresvrde .iLecsn esip reimttde'002E\",8192)||X.c(\"1E00E32AE401E501 E601E7011B48E801 E901EAC401300EEB 01B426ECEED26401 EF26F00108604E30 F201F301F4010128\"))sName=\"Funtech Super Acan cartridge (.BIN)\",bDetected=1\nelse if(!(X.c(\"AA04FFFF68FF\")||X.c(\"AA4E840D196900\")||X.c(\"AA544E85706A90\")||X.c(\"AA54E9A7640202\")||X.c(\"AAC0BA69004DCC\")||X.c(\"AA694169146914\"))||!isWithin(X.Sz(),8192,32768)||4095&X.Sz())if(X.c(\"'ZPJ'\")&&X.c(\"0003....0003\",24)&&\"allnum\"==charStat(X.SA(3,3))&&charStat(X.SA(6,13),!0).indexOf(!1)){if(sName=\"Konami Picno image (.BIN)\",bDetected=1,sOption(charStat(X.SA(3,3))),X.isVerbose()){for(u=X.SA(3,13);u.length&&\"+\"==u[u.length-1];)u=u.slice(0,u.length-1)\nsOption(u)}}else if(X.c(\"'Copyright LeapFrog '00..01010000000080\",256))sName=\"Leapfrog Leapster Learning Game System image (.BIN)\",bDetected=1,sVersion=X.fSig(1,4096,\"'Lil ducked. The jet zipped past her head. Dust flew, Lil sneezed, and Leap turned red. Then Lil got up, about to yell. Leap gasped, \\\"Look, Lil! Your tooth! It fell!\\\"'\")?\"Approved Content\":\"unapproved content\"\nelse if(7&X.Sz()||!(0<=(u=X.fSig(0,4096,\"1FA6DEBACC137D74\")))||7&u){if(X.c(\"00000000'Root-CPCA00000108-CP00000110'00000000000000000000000000000000000000000000000000000000000000000000000000\",10324))sName=\"iQue (N64 for China) CMD (.CMD)\",bDetected=1\nelse if(X.c(\"803712400000000F80....00000014\")&&X.c(\"AD0000\",4112)&&X.c(\"FF\",4126))sName=\"iQue (N64 for China) Z64 image (.Z64)\",bDetected=1\nelse if(X.c(\"'C64 CARTRIDGE '\")&&64<=(d=X.U32(16,_BE))&&X.c(\"'CHIP'\",d)){for(bDetected=1,sName=\"Commodore 64 cartridge (.CRT)\",sVersion=\"v\"+X.U8(20)+\".\"+X.U8(21).padStart(2,\"0\"),o=\"\";dX.Sz()){if(d+16+D<=X.Sz()){d+=D+16,o=o.addIfNone(\"!badchunk\")\ncontinue}!X.isVerbose()&&d+h>X.Sz()&&(o=o.addIfNone(\"!short\"))}d+=h}if(\"\"!=o&&(sVersion=sVersion.appendS(\"malformed\"+o,\"/\")),X.isVerbose()){switch(sOption(X.SC(32,32,\"Shift_JIS\")),X.U16(22,_BE)){case 0:U=\"normal cartridge\"\nbreak\ncase 1:U=\"Action Replay\"\nbreak\ncase 2:U=\"KCS Power Cartridge\"\nbreak\ncase 3:U=\"Final Cartridge III\"\nbreak\ncase 4:U=\"Simons Basic\"\nbreak\ncase 5:U=\"Ocean type 1\"\nbreak\ncase 6:U=\"Expert Cartridge\"\nbreak\ncase 7:U=\"Fun Play, Power Play\"\nbreak\ncase 8:U=\"Super Games\"\nbreak\ncase 9:U=\"Atomic Power\"\nbreak\ncase 10:U=\"Epyx Fastload\"\nbreak\ncase 11:U=\"Westermann Learning\"\nbreak\ncase 12:U=\"Rex Utility\"\nbreak\ncase 13:U=\"Final Cartridge I\"\nbreak\ncase 14:U=\"Magic Formel\"\nbreak\ncase 15:U=\"C64 Game System/System 3\"\nbreak\ncase 16:U=\"WarpSpeed\"\nbreak\ncase 17:U=\"Dinamic\"\nbreak\ncase 18:U=\"Zaxxon, Super Zaxxon (SEGA)\"\nbreak\ncase 19:U=\"Magic Desk/Domark/HES Australia\"\nbreak\ncase 20:U=\"Super Snapshot 5\"\nbreak\ncase 21:U=\"Comal-80\"\nbreak\ncase 22:U=\"Structured Basic\"\nbreak\ncase 23:U=\"Ross\"\nbreak\ncase 24:U=\"Dela EP64\"\nbreak\ncase 25:U=\"Dela EP7x8\"\nbreak\ncase 26:U=\"Dela EP256\"\nbreak\ncase 27:U=\"Rex EP256\"\nbreak\ncase 28:U=\"Mikro Assembler\"\nbreak\ncase 29:U=\"reserved\"\nbreak\ncase 30:U=\"Action Replay 4\"\nbreak\ncase 31:U=\"StarDOS\"\nbreak\ncase 32:U=\"EasyFlash\"\nbreak\ndefault:U=\"?\"}sOption(\"hw.type: \"+U+\" /EXROM:\"+(X.U8(24)?\"inactive\":\"active\")+\" /GAME:\"+(X.U8(25)?\"inactive\":\"active\")+\" sz:\"+outSz(d))}}}else sName=\"Microsoft MSX tape image (.CAS)\",bDetected=1\nelse sName=\"Hartung Game Master cartridge (.BIN)\",bDetected=1\nelse sName=\"Epoch ゲームポケコン/Game Pocket Computer cartridge (.BIN)\",bDetected=1\nif(!bDetected&&(function(){if(!(X.Sz()<204800)&&X.c(\"0100\",82)&&isWithin(n=X.U8(0),1,63)){c=X.SC(1,n,\"CP1252\")\nvar e=charStat(c,!0)\nif(!(e.indexOf(\"allxsc\")<0)&&n==X.U8(1144)&&c==X.SC(1145,X.U8(1144),\"CP1252\")){var e=X.U32(64,_BE),a=X.U32(68,_BE)\nif(isWithin(e,204800,2097152)&&(!a||12*e/512==a)&&(a||!X.U32(76,_BE))){switch(S=84+e+X.U32(68,_BE),discszt=Util.divu64(e,1024)+\"k\",X.U8(80)){case 0:discszt+=\" GCR CLV ssdd\"\nbreak\ncase 1:discszt+=\" GCR CLV dsdd\"\nbreak\ncase 2:discszt+=\" MFM CAV dsdd\"\nbreak\ncase 3:discszt+=\" MFM CAV dshd\"\nbreak\ndefault:discszt+=\" unk.type\"}return 1}}}})()&&(sName=\"Apple DiskCopy 4.2 disk image (.DC42)\",sVersion=discszt,bDetected=1,X.isVerbose())&&(sOption(c),sOption(outSz(S),\"sz:\")),!bDetected)if(X.c(\"'ACT Apricot disk image'1A04\")&&isAllZeroes(24,88)){sName=\"Jonathan Marsters's ACT/Apricot PC ApriDisk image (.DSK)\",bDetected=1\nvar g=sec=0,E=!1,O=by=\"\"\nfor(d=128;dsec&&(sec=u),(u=X.U16(d+14)+1)>g&&(g=u)\nbreak\ncase 3810328578:O=X.SA(d+z,h)\nbreak\ncase 3810328579:by=X.SA(d+z,h)\nbreak\ndefault:E=!0}if(E)break\nif(d+=z+h,3810328578==k)break}X.isVerbose()?(sOption(O),sOption(by,\"by: \"),sOption(\"cyl:\"+g+\" sec:\"+sec+\" sz:\"+outSz(d))):d>X.Sz()&&(sVersion=\"malformed!short\")}else(X.c(\"'EXTENDED CPC DSK File'0D0A'Disk-Info'0D0A\")||X.c(\"'MV - CPCEMU Disk-File'0D0A'Disk-Info'0D0A\")||X.c(\"'MV - CPC'\"))&&isWithin(a=X.U8(48),20,84)&&isWithin(sd=X.U8(49),1,2)&&X.c(\"'Track-Info'0D0A000000\",256)&&(sName=\"Amstrad CPC disk image (.DSK)\",bDetected=1,X.c(\"'E'\")?(trksz=0,sVersion=\"extended\"):trksz=X.U16(50)+1,X.isVerbose())&&(sOption(X.SA(34,14)),sOption(\"trk:\"+a+(trksz?\" trksz:\"+trksz:\"\")+\" sides:\"+sd))\nif(!bDetected&&(function(){if(X.c(\"'EALIB'\")){p=X.U16(5)\nd=7\nfor(var e=0;eX.U32(8)&&X.U32(8)<=X.Sz()&&(sName=\"FCSX zlib format (.FCS)\",bDetected=1,X.isVerbose())&&(sOptions=\"Zlib @10h, unp.sz:\"+X.U32(4)+\" sz:\"+outSz(X.U32(8))),(function(){var e,a,s,r,i,t,c\nreturn!X.c(\"00000000\")||(e=X.U32(4),a=X.U32(8),s=X.U32(12),r=X.U32(16),i=X.U32(20),t=X.U32(24),c=X.U32(28),[16,48,144].indexOf(e)<0)||r*i*t*c!=s||(S=a+s)>X.Sz()||a<32?void 0:!(16==e&&!isWithin(s,524288,745472)||48==e&&!isWithin(s,1441792,3145728)||144==e&&!isWithin(s,1179648,1310720))&&(info=(info=\"disc:\"+(16==e?\"640/720k\":48==e?\"1.44M\":144==e?\"1.2M\":\"?\")+\" (\"+(s/1024).toFixed(1)+\"k)\").append(\"hd:\"+t+\" cyl:\"+c+\" sec:\"+i+\" sz:\"+outSz(S)),1)})()&&(sName=\"EPSON's PC-98 disk image (.FDI)\",bDetected=1,X.isVerbose())&&sOption(info),bDetected||(X.c(\"EB0A9090'IPL1'0000001EA08405B48ECD1BA8\",4096)&&X.c(\"E9D102' NEC 'CADFB0BFC5D9BADDCBDFADB0C08CC592E8836683428358834E8B4E93AE8381836A8385815B8376838D834F8389838020CADEB0BCDEAEDD' 2.'....' Copyright (C) NEC Corporation 1985,'\",5120)?(sName=\"NEC PS-98 hard disk image (.HDI)\",bDetected=1):((X.c(\"EB1C904E\")||X.c(\"EB2790B1\")||X.c(\"EB279028\")||X.c(\"EB3C9027\")||X.c(\"EB3C904E\"))&&X.c(\"000401010002C000D004FE0200080002000000\",11)||X.c(\"EB..90\")&&1261568==X.Sz())&&(sName=\"NEC PC-98 disk image (.HDM)\",bDetected=1)),(function(){if(!(X.Sz()<273)){for(var e=0,a=0;a<15;++a){if(a<9&&X.U8(a)<32)return\ne+=X.U8(a)}if((e=105+257*e&65535)==X.U16(15))if(S=X.U16(11),addr=X.U16(9),alsz=X.U16(13),!(!isWithin(alsz,256,65280)||!isWithin(S,256,65280)||addr<16384||65536X.Sz()&&(sVersion=\"malformed!short\")),!bDetected)if(X.c(\"'HXCPICFE'\")&&isWithin(i=X.U8(10),1,2)&&isWithin(baud=1e3*X.U16(12),15e4,3e6)&&(t=X.U8(17))<=1){if(sName=\"HxC PIC/HFE disk image (.HFE)\",sVersion=\"rev.\"+X.U8(8),bDetected=1,X.isVerbose()){var B=[\"ISO IBM MFM\",\"Amiga MFM\",\"ISO IBM FM\",\"emulated FM\",\"unk.\"],L=[\"IBM PC DD\",\"IBM PC HD\",\"Atari ST DD\",\"Atari ST HD\",\"Amiga DD\",\"Amiga HD\",\"Amstrad CPC DD\",\"generic Shugart DD\",\"IBM PC ED\",\"MSX2 DD\",\"Commodore 64 DD\",\"emulated Shugart\"],a=X.U8(9),v=X.U8(16),u=X.U8(11),S=512,W=0\nfor(d=512,trkenc=3>7\nif(p&=127,!isWithin(p,0,79))return\nvar l=X.U8(e+14)\nif(!isWithin(l,1,10))return\nfor(a=a||S,A||(0==d&&sus++,128&X.U8(e)&&sus++),f=0;f<195;f++){if(u=X.U8(e+15+f),k[f]&u)return\nk[f]|=u}firstNotOf(e+220,11,[32,255])<0&&(t[0]+=10),firstNotOf(e+232,4,[255])<0&&(t[0]+=4),255==X.U8(e+250)&&t[0]++,255==X.U8(e+251)&&t[0]++,C.push(X.SA(e+1,10).trim()+\":\"+b[d]),21==d&&(subdir++,u=512*(l+10*(S+2*p))+1,X.U8(u))&&C.push(\"/\"+X.SA(u,10)+\"...\"),s||(e+=256)}else end=!0\n9<++_sec&&(_sec=0,1==++_side)&&(_side=0,_trk++),e=512*(_sec+10*(_side+2*_trk))}return 5a[0]&&(a=arguments[s])\nreturn a}(i,t,c,n)[1]+\"/\"+(a?\"DS\":\"SS\"),1)}}}if(!bDetected&&_()&&(sName=\"ZX Microdrive cartridge image (.MDR)\",bDetected=1,X.isVerbose())&&(sOption(name),sOption((X.isDeepScan()?\"blks:\"+blk+\" \":\"\")+\"sz:\"+outSz(S))),!bDetected&&G()&&(sName=\"Miles Gordon Technology floppy image (.MGT,.SAD)\",sVersion=sv,bDetected=1,X.isVerbose())&&(sOption((subdir?\"≈\":\"\")+(A-erased-subdir)+(erased?\"+\"+erased+\" erased\":\"\")+(subdir?\"+\"+subdir+\"subdirs\":\"\"),\"files:\"),A&&sOption(\"(\"+addEllipsis(C.join(\"; \"))+\")\"),sus)&&sOption(\"possibly malformed (level \"+sus+\")\"),!bDetected)if(X.c(\"'NES'1A\")&&15>4)+(240&flg7),fvsunisystem=0<(1&flg7),fplaychoice10=0<(2&flg7),fv20_=8==(12&flg7),fv20=!1,szprgmsb=16384*((15&flg9)<<8),szchrmsb=8192*((240&flg9)<<4),ex=region=tv=\"\",S=16+trainer+szprg+szprgmsb+szchr+szchrmsb,fv20=fv20_?S>4,2&flg7){case 0:sVersion+=\" #NES/Famicom/Dendy\"\nbreak\ncase 1:switch(sVersion+=\" #Nintendo Vs. System (\",15&flg13){case 0:sVersion+=\"RP2C03B)\"\nbreak\ncase 1:sVersion+=\"RP2C03G)\"\nbreak\ncase 2:sVersion+=\"RP2C04-0001)\"\nbreak\ncase 3:sVersion+=\"RP2C04-0002)\"\nbreak\ncase 4:sVersion+=\"RP2C04-0003)\"\nbreak\ncase 5:sVersion+=\"RP2C04-0004)\"\nbreak\ncase 6:sVersion+=\"RC2C03B)\"\nbreak\ncase 7:sVersion+=\"RC2C03C)\"\nbreak\ncase 8:sVersion+=\"RC2C05-01)\"\nbreak\ncase 9:sVersion+=\"RC2C05-02)\"\nbreak\ncase 10:sVersion+=\"RC2C05-03)\"\nbreak\ncase 11:sVersion+=\"RC2C05-04)\"\nbreak\ncase 12:sVersion+=\"RC2C05-05)\"\nbreak\ndefault:sVersion+=\"unk.PPU)\"}break\ncase 2:sVersion+=\" #Nintendo Playchoice 10\"\nbreak\ndefault:switch(15&flg13){case 0:sVersion+=\" #NES/Famicom/Dendy\"\nbreak\ncase 1:sVersion+=\" #Nintendo Vs. System\"\nbreak\ncase 2:sVersion+=\" #Nintendo Playchoice 10\"\nbreak\ncase 3:sVersion+=\" #Famiclone+DecimalMode\"\nbreak\ncase 4:sVersion+=\" #NES/Famicom+EPSM/plug-through\"\nbreak\ncase 5:sVersion+=\" #V.R. VT01 red/cyan\"\nbreak\ncase 6:sVersion+=\" #V.R. Technology VT02\"\nbreak\ncase 7:sVersion+=\" #V.R. Technology VT03\"\nbreak\ncase 8:sVersion+=\" #V.R. Technology VT09\"\nbreak\ncase 9:sVersion+=\" #V.R. Technology VT32\"\nbreak\ncase 10:sVersion+=\" #V.R. Technology VT369\"\nbreak\ncase 11:sVersion+=\" #UMC UM6578\"\nbreak\ncase 12:sVersion+=\" #Famicom Network System\"\nbreak\ndefault:sVersion+=\" #(reserved)\"}}switch(3&flg12){case 0:region=\"NA/JP/SK/TW: NTSC NES\"\nbreak\ncase 1:region=\"WE/AU: Licenced PAL NES\"\nbreak\ncase 2:region=\"Multiple\"\nbreak\ndefault:region=\"EU/RU/ZH/IN/AF: Dendy\"}switch(63&flg15){case 0:break\ncase 1:ex=\"Std. Sontrollers\"\nbreak\ncase 2:ex=\"NES Four Score/Satellite + 2 Std. Controllers\"\nbreak\ncase 3:ex=\"Famicom 4P Adapter\"\nbreak\ncase 4:ex=\"Vs. System (1P via $4016)\"\nbreak\ncase 5:ex=\"Vs. System (1P via $4017)\"\nbreak\ncase 6:ex=\"(obsolete MAME behaviour)\"\nbreak\ncase 7:ex=\"Vs. Zapper\"\nbreak\ncase 8:ex=\"Zapper ($4017)\"\nbreak\ncase 9:ex=\"2 Zappers\"\nbreak\ncase 10:ex=\"Bandai Hyper Shot Lightgun\"\nbreak\ncase 11:ex=\"Power Pad Side A\"\nbreak\ncase 12:ex=\"Power Pad Side B\"\nbreak\ncase 13:ex=\"Family Trainer Side A\"\nbreak\ncase 14:ex=\"Family Trainer Side B\"\nbreak\ncase 15:ex=\"Arkanoid Vaus Controller (NES)\"\nbreak\ncase 16:ex=\"Arkanoid Vaus Controller (Famicom)\"\nbreak\ncase 17:ex=\"2 Vaus Controllers + Famicom Data Recorder\"\nbreak\ncase 18:ex=\"Konami Hyper Shot Controller\"\nbreak\ncase 19:ex=\"Coconuts Pachinko Controller\"\nbreak\ncase 20:ex=\"Exciting Boxing Punching Bag (Blowup Doll)\"\nbreak\ncase 21:ex=\"Jissen Mahjong Controller\"\nbreak\ncase 22:ex=\"Party Tap\"\nbreak\ncase 23:ex=\"Oeka Kids Tablet\"\nbreak\ncase 24:ex=\"Sunsoft Barcode Battler\"\nbreak\ncase 25:ex=\"Miracle Piano Keyboard\"\nbreak\ncase 26:ex=\"Pokkun Moguraa (Whack-a-Mole Mat & Mallet)\"\nbreak\ncase 27:ex=\"Top Rider (Inflatable Bicycle)\"\nbreak\ncase 28:ex=\"Double-Fisted\"\nbreak\ncase 29:ex=\"Famicom 3D System\"\nbreak\ncase 30:ex=\"Doremikko Keyboard\"\nbreak\ncase 31:ex=\"R.O.B. Gyro Set\"\nbreak\ncase 32:ex='Famicom Data Recorder (\"silent\" keyboard)'\nbreak\ncase 33:ex=\"ASCII Turbo File\"\nbreak\ncase 34:ex=\"IGS Storage Battle Box\"\nbreak\ncase 35:ex=\"Family BASIC Keyboard + Famicom Data Recorder\"\nbreak\ncase 36:ex=\"Dongda PEC-586 Keyboard\"\nbreak\ncase 37:ex=\"Bit Corp. Bit-79 Keyboard\"\nbreak\ncase 38:ex=\"Subor Keyboard\"\nbreak\ncase 39:ex=\"Subor Keyboard + Mouse (3x8-bit)\"\nbreak\ncase 40:ex=\"Subor Keyboard + Mouse (24-bit)\"\nbreak\ncase 41:ex=\"SNES Mouse ($4017.d0)\"\nbreak\ncase 42:ex=\"Multicart\"\nbreak\ncase 43:ex=\"2 SNES Controllers\"\nbreak\ncase 44:ex=\"RacerMate Bicycle\"\nbreak\ncase 45:ex=\"U-Force\"\nbreak\ncase 46:ex=\"R.O.B. Stack-Up\"\nbreak\ncase 47:ex=\"City Patrolman Lightgun\"\nbreak\ncase 48:ex=\"Sharp C1 Cassette Interface\"\nbreak\ncase 49:ex=\"Std. Controller w/swapped ←→/↑↓/BA\"\nbreak\ncase 50:ex=\"Excalibor Sudoku Pad\"\nbreak\ncase 51:ex=\"ABL Pinball\"\nbreak\ncase 52:ex=\"Golden Nugget Casino extra buttons\"\nbreak\ndefault:ex=\"(unknown)\"}S=16+trainer+szprg+szprgmsb+szchr+szchrmsb}else{switch(sVersion=12&flg7||!X.c(\"0000 0000\",12)?4==(12&flg7)?\"archaic iNES\":\"iNES v0.7 or archaic\":\"iNES\",szprgram=(szprgram=8192*X.U8(8))||8192,3&(flg10=X.U8(10))){case 0:tv=\"NTSC\"\nbreak\ncase 2:tv=\"PAL\"\nbreak\ndefault:tv=\"NTSC/PAL\"}fbusconflicts=X.c(\"0000 0000\",X.Sz()-4)?(fprgram=0<(16&flg10),0<(32&flg10)):fprgram=!1,region=\"n/a\"}X.isVerbose()&&(sOption(tv,\"tv: \"),sOption(region,\"region: \"),sOption(mapper,\"mapper: \"),sOption(ex,\"expansion: \"),fplaychoice10&&sOption(\"PlayChoice-10\"),trainer&&sOption(\"trainer\"),fstorage&&sOption(\"battery-backed RAM\"),sOption(outSz(S),\"sz:\"))}else if(X.c(\"'MNIB-1541-RAW'..000002..04..06..08..0A\"))bDetected=1,sVersion=\"v\"+X.U8(13),sName=\"Markus Brenner's MNIB/Peter Rittwage's C64PP NIBTools disk image (.NIB)\"\nelse if(X.c(\"01'CD001'01''\",339968))p=X.c(\"'NERO'\",X.Sz()-8)?1:X.c(\"'NER5'\",X.Sz()-12)?2:0,sName=(p?\"Nero AG's \":\"\")+\"optical disc image (.NRG)\",p&&(sVersion=\"Nero AG/v\"+p),X.isVerbose()&&(sOptions=X.SA(340008,32).trim()),bDetected=1\nelse if(X.c(\"0D04..00'host_date='\")&&X.fSig(0,128,\"'KryoFlux DiskSystem'\"))sName=\"SPS's KryoFlux DiskSystem disk sector (.RAW)\",bDetected=1\nelse if(X.c(\"'CAPS'0000000C1CD573BA'DATA'\")&&X.c(\"'PACK'\",X.U32(16,_BE)+20)&&(sName=\"SPS's KryoFlux CT Raw disk image (.RAW)\",bDetected=1,X.isVerbose())){for(d=12,a=unpsz=0;dX.Sz()||655364=S+4){for(f=0;f>=3:r=2,e=16;e<688;e+=4){var i=X.U32(e)\nif(i){if(!X.c(\"'TRK'\",i))return\nvar t=0\nfor(q=i+4;tX.Sz())return\nS=a+mtdsz}return 1}})()){sName=\"SuperCard Pro disk image (.SCP)\",bDetected=1\nvar M,y,I=(I=X.U8(3))?\"v\"+(I>>4)+\" rev.\"+(15&I):\"v.?\",P=X.U8(4),B=(X.U8(5),X.U8(6)),L=X.U8(7),i=(r=X.U8(8),1&r?4&r?\"360\":\"300\":\"300/360\"),v=8&r?\"normalised\":\"preservation\",t=16&r?\"read/write\":\"read-only\",H=32&r,K=X.U8(10)?1==X.U8(10)?\"bottom\":\"top\":\"double\"\nif(H&&(I=\"app v\"+(X.U8(S+40)>>4)+\".\"+(15&X.U8(S+40))+\"h/w v\"+(X.U8(S+41)>>4)+\".\"+(15&X.U8(S+41)),X.c(\"'FPCS'\",S+44)||(I+=\"/malformed!noendtag\"),S+=48),sVersion=I,X.isVerbose()){switch(15&P){case 0:y=\"CBM\"\nbreak\ncase 1:y=\"Amiga\"\nbreak\ncase 2:y=\"Apple ][\"\nbreak\ncase 3:y=\"Atari ST\"\nbreak\ncase 4:y=\"Atari 800\"\nbreak\ncase 5:y=\"Mac 800\"\nbreak\ncase 6:y=\"360k/720k\"\nbreak\ncase 7:y=\"1.44M\"\nbreak\ndefault:y=\"unk.\"}switch(P>>4){case 0:M=\"Commodore\"\nbreak\ncase 1:M=\"Atari\"\nbreak\ncase 2:M=\"Apple\"\nbreak\ncase 3:M=\"PC\"\nbreak\ncase 4:M=\"Tandy\"\nbreak\ncase 5:M=\"Texas Inst.\"\nbreak\ncase 6:M=\"Roland\"\nbreak\ncase 8:M=\"(other)\"\nbreak\ndefault:M=\"unk.\"}sOption(\"type \"+y+\" by \"+M),sOption(\"trk:\"+B+\"-\"+L+\" side:\"+K),sOption(t),sOption(v,\"quality:\"),sOption(i,\"\",\" rpm\"),sOption(outSz(S),\"sz:\")}}if(!bDetected)if(X.c(\"EC..A50000\")&&X.c(\"EC00\",256)&&X.c(\"55AA55AA55AA55AAFFFFFFFFFFFFFFFF0000\",272)&&X.c(\"FFFFFFFFFFFFFFFF FFFFFFFFFFFFFFFF\",1024)&&X.c(\"4199015564F0FFFF 201B0C824118EA61 F00107F60301EE1B 0C834118EA617001 07760301EE15140500\",17968))sName=\"GamePark GP32 SmartMedia card (.SMC)\",bDetected=1\nelse if(X.c(\"'RSY'000300\")){if(sName=\"Jorge 'Ijor' Cwik's Pasti disk image (.STX)\",bDetected=1,sVersion=\"v3\"+(2==X.U8(11)?\" new\":0==X.U8(11)?\" old\":\"\"),X.isVerbose()){for(sOption(X.U8(10),\"trk.total:\"),f=0,d=16;fX.Sz()||charStat(X.readBytes(d,4),1).indexOf(\"allxsc\")<0||k.length<2||k.toUpperCase()!=k)break\nd+=8,\"CRTR\"===k&&sOption(X.SA(d,32),\"in:\"),d+=h}S=d,sOption(outSz(S),\"sz:\")}}else if(/^C64S?\\s*tape.*file/.test(X.SA(0,32))){if(sName=\"C64 cassette tape (.T64)\",bDetected=1,sVersion=\"v\"+X.U8(32)+\".\"+X.U8(33).padStart(2,\"0\"),X.isVerbose()){for(var A=[],j=X.U16(34,_LE),J=X.U16(36,_LE),f=0;fX.Sz()&&(sVersion+=\"/malformed!short\")}else if(X.c(\"'ZXTape!'1A\")){sVersion=\"v\"+X.U8(8)+\".\"+X.U8(9).padStart(2,\"0\"),bDetected=1\nvar Y=end=!1,e=0,o=\"\",c=\"\",x=\"\",$=\"\",Q=\"\",ee=\"\",ae=\"\",se=\"\",re=\"\",ie=\"\",O=\"\",U=\"\",te=\"\",C=[],ce=[\"B\",\"N\",\"S\",\"C\"]\nfor(d=10;!end&&d>8)<0)break\nswitch(d+=6,k){case 0:info=info.appendS(X.SA(d,h),\"/\")\nbreak\ncase 1:man=man.appendS(X.SA(d,h),\" \")\nbreak\ncase 5:switch(gear=\"Acorn \",X.U8(d)>>4){case 0:gear+=\"BBC Model A\"\nbreak\ncase 1:gear+=\"Electron\"\nbreak\ncase 2:gear+=\"BBC Model B\"\nbreak\ncase 3:gear+=\"BBC Master\"\nbreak\ncase 4:gear+=\"Atom\"}switch(15&X.U8(d)){case 0:kb=\"any\"\nbreak\ncase 1:kb=\"target PC\"\nbreak\ncase 2:kb=\"host PC\"}break\ncase 9:c=X.SA(d,h)\nbreak\ncase 257:case 258:case 259:case 260:case 272:case 273:case 274:case 275:case 276:case 277:case 278:case 279:case 288:case 305:P=P.addIfNone(\"#tape\")\nbreak\ncase 304:switch(X.U8(d)){case 0:u=\"unit\"\nbreak\ncase 1:u=\"tape\"\nbreak\ncase 2:u=\"disc\"\nbreak\ncase 3:u=\"vtape\"\nbreak\ncase 4:u=\"cartridge\"}1X.Sz()&&(o=o.addIfNone(\"!short\")),\"\"!=o&&(sVersion=sVersion.appendS(\"/malformed\"+o,\"/\"))}if(!bDetected&&(function(){if(X.c(\"'IWAD'\")||X.c(\"'PWAD'\")){var e=0,a=_LE\nif((lumpn=X.I32(4,a))<0||lumpn>X.I32(4,_BE)){if(!(0<(lumpn=X.I32(4,_BE))))return\ne++,a=_BE}var s=0,r=X.I32(8,a),i=r\nif(isWithin(r,12,X.Sz())){e++\nfor(var t=[],c=Math.min(lumpn,64);sX.Sz())return\nvar n=X.I32(i,a),o=X.I32(i+4,a)\nif(n<0||o<0||!isWithin(n,12,X.Sz()))return\nX.c(\"'ENDOFWAD'\",i+8)&&e++,t.push([n,o,X.readBytes(i+8,8)])}for(t=t.sort(function(e,a){return e[0]-a[0]}),s=0;st[s+1][0])return}return I=2<=e?\"Atari Jaguar\":\"PC\",1}}})()&&(sName=\"iD Software's Where's All the Data resource pack (.WAD)\",bDetected=1,sVersion=X.c(\"'I'\")?\"initial\":\"patch\",sVersion+=\"#\"+I),!bDetected&&X.c(\"'WOZ'..FF0A0D0A ........ 'INFO'\")&&isWithin(X.U8(3),49,50)){for(sName=\"Apple II Applesauce disk image (.WOZ)\",sVersion=\"v\"+X.SA(3,1),d=12,meta=o=\"\";dX.Sz()?o.addIfNone(\"!short\"):o)&&(sVersion=sVersion.appendS(\"/malformed\"+o,\"/\")),X.isVerbose()&&(sOptionT(addEllipsis(meta),'info:\"','\"'),sOption(outSz(d),\"sz:\"))}return!bDetected&&(function(){if((extIs(\"z80\")||extIs(\"slt\"))&&!(X.Sz()<1380)){nv=0,co=!0,joystick=U=\"\"\nconst k=X.U8(12)\n255==k&&(k=1)\nvar e=X.U16(6),a=128&X.U8(37),s=30\nif(e)switch(nv=1,U=\"ZX Spectrum 48k\",co=0<(32&k),X.U8(29)>>6&&3){case 0:joystick=\"cursor\"\nbreak\ncase 1:joystick=\"Kempston\"\nbreak\ncase 2:joystick=\"SinclairI2-L\"\nbreak\ncase 3:joystick=\"SinclairI2-R\"}else{switch(xblk=X.U16(30)){case 23:nv=2\nbreak\ncase 54:case 55:nv=3\nbreak\ndefault:return}switch(s+=xblk+2,nv){case 2:switch(X.U8(29)>>6&&3){case 0:joystick=\"cursor\"\nbreak\ncase 1:joystick=\"Kempston\"\nbreak\ncase 2:joystick=\"SinclairI2-L\"\nbreak\ncase 3:joystick=\"SinclairI2-R\"}break\ncase 3:switch(X.U8(29)>>6&&3){case 0:joystick=\"cursor\"\nbreak\ncase 1:joystick=\"Kempston\"\nbreak\ncase 3:joystick=\"SinclairI2-R\"\nbreak\ncase 2:joystick=X.c(\"030F0308 03040302 0301\",64)?\"Sinclair2-L\":\"custom\"}break\ndefault:return}var r=X.U8(34),i=X.U8(83)\nif(r<7)switch(nv){case 2:switch(r){case 0:U=\"ZX Spectrum \"+(a?\"16k\":\"48k\")\nbreak\ncase 1:U=\"ZX Spectrum \"+(a?\"16\":\"48\")+\"k & Interface1\"\nbreak\ncase 2:U=\"ZX Spectrum \"+(a?\"16\":\"48\")+\"k & SamRam\"\nbreak\ncase 3:U=\"ZX Spectrum \"+(a?\"+2\":\"128k\")\nbreak\ncase 4:U=\"ZX Spectrum \"+(a?\"+2\":\"128k\")+\" & Interface1\"\nbreak\ndefault:return}break\ncase 3:var t=[\"MGT EPSON DISCiPLE\",\"MGT HP DISCiPLE\",\"MGT +D\"],i=[0,1,16].indexOf(i)\nswitch(r){case 0:U=\"ZX Spectrum \"+(a?\"16k\":\"48k\")\nbreak\ncase 1:U=\"ZX Spectrum \"+(a?\"16\":\"48\")+\"k & Interface1\"\nbreak\ncase 2:U=\"ZX Spectrum \"+(a?\"16\":\"48\")+\"k & SamRam\"\nbreak\ncase 3:if(i<0)return\nU=\"ZX Spectrum \"+(a?\"16\":\"48\")+\"k & \"+t[i]+\" MGT\"\nbreak\ncase 4:U=\"ZX Spectrum \"+(a?\"+2\":\"128k\")\nbreak\ncase 5:U=\"ZX Spectrum \"+(a?\"+2\":\"128k\")+\" & Interface1\"\nbreak\ncase 6:if(i<0)return\nU=\"ZX Spectrum \"+(a?\"+2\":\"128k\")+\" & \"+t[i]+\" MGT\"\nbreak\ndefault:return}break\ndefault:return}else switch(r){case 7:case 8:U=\"ZX Spectrum \"+(a?\"+2A\":\"+3\")\nbreak\ncase 9:U=\"Pentagon 128+\"\nbreak\ncase 10:U=\"Scorpion ZS-256\"\nbreak\ncase 11:U=\"Didaktik-Kompakt\"\nbreak\ncase 12:U=\"ZX Spectrum +2\"\nbreak\ncase 13:U=\"ZX Spectrum +2A\"\nbreak\ncase 14:U=\"Timex Sinclair TC-2048\"\nbreak\ncase 15:U=\"Timex Sinclair TC-2068\"\ncase 128:U=\"Timex Sinclair TS-2068\"\nbreak\ndefault:return}68&X.U8(37)?U+=\" + Fuller Box\":4&X.U8(37)&&(U+=\" + Melodik\")}if(pgs=[],co){var c=1==nv?49152:16384\nfor(d=s,f=unpsz=0;dX.Sz()||1=b+d)return!1\ni++}else switch(f[j][2]){case 16:if(!i)return!1\ns.read(2)\nbreak\ncase 17:for(t=s.read(3)+3;t;t--);break\ncase 18:for(t=s.read(7)+11;t;t--);break\ndefault:return!1}if(s.offset>X.Sz())return!1}a=2,c=!0}}else{s.init(e)\nvar n=s.read(8),p=(n|=s.read(8)<<8,s.read(8))\nif(n!=(65535^(p|=s.read(8)<<8)))return 0\nif(s.consume(n),s.offset>X.Sz())return!1\nc&&(a=1)}}while(!c)\nreturn!(1==a&&s.offset>=X.Sz())&&a}function checkZlib(e){if(e+6>X.Sz())return!1\nvar s=X.U8(e++)\nif(8!=(15&s)||112<(240&s))return!1\nvar a=2,r=X.U8(e++)\nif(32&r){if(e+8>6],0))}function detect(){if(bad=\"\",10<=X.Sz()&&X.c(\"1FA1\")&&checkDeflate(2)&&(sName=\"Gzip hack: Quasijarus Strong Compression (Z.)\",bDetected=1),!bDetected&&X.c(\"1F8B\")){switch(method=X.U8(2)){case 0:sVersion=\"store\",bad=bad.addIfNone(\"!badalgo\")\nbreak\ncase 1:sVersion=\"compress\",bad=bad.addIfNone(\"!badalgo\")\nbreak\ncase 2:sVersion=\"pack\",bad=bad.addIfNone(\"!badalgo\")\nbreak\ncase 3:sVersion=\"lz\",bad=bad.addIfNone(\"!badalgo\")\nbreak\ncase 8:sVersion=\"deflate\"\nbreak\ndefault:return!1}if(f=X.U8(3),fs=[],1&f&&fs.push(\"ASCII_FLAG\"),2&f&&fs.push(\"HEADER_CRC\"),4&f&&fs.push(\"EXTRA_FIELD\"),8&f&&fs.push(\"ORIG_NAME\"),16&f&&fs.push(\"COMMENT\"),32&f&&fs.push(\"ENCRYPTED\"),192&f&&fs.push(\"RESERVED\"),(ts=X.I32(5,_LE))<=0)return!1\nif(X.isVerbose()){switch(X.U8(8)){case 2:sOption(\"best\")\nbreak\ncase 4:sOption(\"fast\")}switch(X.U8(9)){case 0:s=\"FAT FS (MS-DOS, OS/2, NT/Win32\"\nbreak\ncase 1:s=\"Amiga\"\nbreak\ncase 2:s=\"(Open)VMS\"\nbreak\ncase 3:s=\"Unix\"\nbreak\ncase 4:s=\"VM/CMS\"\nbreak\ncase 5:s=\"Atari TOS\"\nbreak\ncase 6:s=\"HPFS (OS/2, NT)\"\nbreak\ncase 7:s=\"Macintosh\"\nbreak\ncase 8:s=\"Z-System\"\nbreak\ncase 9:s=\"CP/M\"\nbreak\ncase 10:s=\"TOPS-20\"\nbreak\ncase 11:s=\"NTFS (NT)\"\nbreak\ncase 12:s=\"QDOS\"\nbreak\ncase 13:s=\"Acorn RISCOS\"\nbreak\ncase 255:s=\"unknown OS\"\nbreak\ndefault:s=\"?\"}sOption(s,\"OS code:\")}p=10,4&f&&(p+=4+X.U16(p+2,_LE)),8&f&&(s=X.SA(p,1024),p+=s.length+1,X.isVerbose())&&sOption(s,'filename:\"','\"'),16&f&&(s=X.SA(p,1024),p+=s.length+1,X.isVerbose())&&sOptionT(s,\"cmt:\"),2&f&&(p+=2),checkDeflate(p)?(sName=\"GZIP (.gz)\",bDetected=1,X.isVerbose()&&sOption(X.U32(X.Sz()-4,_LE),\"unp.sz:\")):X.isHeuristicScan()&&(sName=\"GZIP (.gz)\",bDetected=1)}if(!bDetected&&X.isDeepScan()&&X.isHeuristicScan()&&7'0A\")){bDetected=1\nfor(var e=8;e>12&15\nbreak\ncase 2:case 4:sVersion=(e/100).toFixed(2)}bDetected=1}return result()}includeScript(\"cab\"),meta(\"archive\",\"CAB\")" }, { "path": "dbs_min/db/Binary/archive_DAA.1.sg", "content": "function detect(){return Binary.compare(\"'DAA'0000000000000000000000004C\")&&(bDetected=1),result()}meta(\"archive\",\"Direct Access Archive (.DAA)\")" }, { "path": "dbs_min/db/Binary/archive_DCP.1.sg", "content": "function detect(){var e\nreturn Binary.compare(\"DE AD C0 DE 4A 55 4E 4B\")&&(e=Binary.getString(58,5).trim(),/^[12]\\d{3}$/.test(e))&&(sVersion=e,bDetected=1),result()}meta(\"archive\",\"DCP\")" }, { "path": "dbs_min/db/Binary/archive_DXA.1.sg", "content": "function detect(){return Binary.compare(\"f70ee9a\")?(sOptions=\"Arcanum Knights\",sVersion=\"xored\",bDetected=1):Binary.compare(\"e94c..69\")&&(sOptions=\"Labyrinth of Touhou 2\",sVersion=\"xored\",bDetected=1),result()}meta(\"archive\",\"DXA\")" }, { "path": "dbs_min/db/Binary/archive_DatPack.1.sg", "content": "function detect(){return Binary.compare(\"07'DatPack'f75b3500e701\")&&(bDetected=1),result()}meta(\"archive\",\"DatPack\")" }, { "path": "dbs_min/db/Binary/archive_DotBundle.sg", "content": "function detect(){return Binary.compare(\"3C70726F6A6563743E0D0A20203C6D61696E65786520706174683D\")&&(bDetected=1),result()}meta(\"archive\",\"DotBundle Project\")" }, { "path": "dbs_min/db/Binary/archive_EdgeDataPak.1.sg", "content": "function detect(){return Binary.compare(\"'.EDP'0001\")&&(bDetected=1),result()}meta(\"archive\",\"EdgeDataPak (.EDP)\")" }, { "path": "dbs_min/db/Binary/archive_Flatpak.1.sg", "content": "function detect(){var e\nreturn Binary.compare(\"66 6C 61 74 70 61 6B\")&&(e=Binary.getString(24,33).trim(),/^[a-zA-Z0-9\\/._-]{33}/.test(e))&&(X.isVerbose()&&(sVersion=e),bDetected=1),result()}meta(\"archive\",\"Flatpak\")" }, { "path": "dbs_min/db/Binary/archive_GhidraZipFile.1.sg", "content": "function detect(){return Binary.compare(\"aced000577..2e30212634e92c200000000100\")&&(sOptions=File.cleanString(Binary.getString(20)),bDetected=1),result()}meta(\"archive\",\"Ghidra Zip File\")" }, { "path": "dbs_min/db/Binary/archive_GodotPCK.1.sg", "content": "function detect(){return Binary.compare(\"'GDPC'0100000003000000..000000\")&&(bDetected=1),result()}meta(\"archive\",\"Godot Pack\")" }, { "path": "dbs_min/db/Binary/archive_HIP.1.sg", "content": "function detect(){return Binary.compare(\"'HIPA'00000000'PACK'00000090\")&&(sVersion=Binary.getString(88)).match(/^[A-Za-z]{3}\\s[A-Za-z]{3}\\s\\d{1,2}\\s\\d{2}:\\d{2}:\\d{2}\\s\\d{4}$/)&&(sVersion=\"Build date: \"+sVersion,bDetected=1),result()}meta(\"archive\",\"HIP archive\")" }, { "path": "dbs_min/db/Binary/archive_IFP.1.sg", "content": "function detect(){var e\nreturn Binary.compare(\"'ANP3'\")&&(e=Binary.getString(3,1).trim(),/^[0-9]{1}/.test(e))&&(X.isVerbose()&&(sVersion=e),bDetected=1),result()}meta(\"archive\",\"Animation file\")" }, { "path": "dbs_min/db/Binary/archive_IPW.1.sg", "content": "function detect(){return Binary.compare(\"'DT1'00c3030000\")&&(bDetected=1),result()}meta(\"archive\",\"Peril WAD\")" }, { "path": "dbs_min/db/Binary/archive_InnoSetup.1.sg", "content": "function detect(){return Binary.compare(\"'idska32'1a\")&&(bDetected=1),result()}meta(\"archive\",\"Inno Setup\")" }, { "path": "dbs_min/db/Binary/archive_JAM.1.sg", "content": "function detect(){return bDetected=Binary.compare(\"'LJAM'0000000002000000\"),result()}meta(\"archive\",\"JAM\")" }, { "path": "dbs_min/db/Binary/archive_LAB.1.sg", "content": "function detect(){return Binary.compare(\"'LABN'00000100\")&&(bDetected=1),result()}meta(\"archive\",\"LucasArts Binary Archive\")" }, { "path": "dbs_min/db/Binary/archive_LRZ.1.sg", "content": "function detect(){if(9<=Binary.getSize()&&Binary.compare(\"'LRZI'\")){switch(bDetected=1,sVersion=Binary.read_uint8(4)+\".\"+Binary.read_uint8(5),Binary.read_uint8(49)){case 3:break\ncase 4:sOption(\"BZIP2\")\nbreak\ncase 5:sOption(\"LZO\")\nbreak\ncase 6:sOption(\"LZMA\")\nbreak\ncase 7:sOption(\"GZIP\")\nbreak\ncase 8:sOption(\"ZPAQ\")\nbreak\ndefault:bDetected=0}switch(Binary.read_uint8(22)){case 0:break\ncase 1:sOption(\"encrypted\")\nbreak\ndefault:bDetected=0}switch(Binary.read_uint8(21)){case 0:break\ncase 1:sOption(\"md5\")\nbreak\ndefault:bDetected=0}}return result()}meta(\"archive\",\"Long Range ZIP (.LRZ)\")" }, { "path": "dbs_min/db/Binary/archive_LZOP.1.sg", "content": "function detect(){return 9<=Binary.getSize()&&(bDetected=Binary.compare(\"89'LZO'000D0A1A0A\")),result()}meta(\"archive\",\"LZOP compressed data\")" }, { "path": "dbs_min/db/Binary/archive_MCS.1.sg", "content": "function detect(){var e\nreturn Binary.compare(\"'AHFFMACS0200'\")&&(e=Binary.getString(15,12).trim(),/^[A-Z/!]{12}/.test(e))&&(X.isVerbose()&&(sOptions=e),bDetected=!0),result()}meta(\"archive\",\"MCS\")" }, { "path": "dbs_min/db/Binary/archive_MS-WIM.1.sg", "content": "function detect(){if(9<=Binary.getSize())if(Binary.compare(\"'MSWIM'000000\")){switch(Binary.isVerbose()&&(sOptions=\"{\"+Binary.read_UUID(24)+\"}\"),bDetected=1,Binary.read_uint16(18)){case 0:sOption(\"No compression\")\nbreak\ncase 2:sOption(\"XPRESS compression\")\nbreak\ncase 4:sOption(\"LZX compression\")\nbreak\ncase 8:sOption(\"LZMS compression\")\nbreak\ndefault:bDetected=0}sOption(\"Part Number:\"+Binary.read_uint16(40)+\"/\"+Binary.read_uint16(42))}else Binary.compare(\"'WLPWM'000000\")&&(sName+=\", wimlib\",bDetected=1)\nreturn result()}meta(\"archive\",\"Windows Imaging Format (.WIM)\")" }, { "path": "dbs_min/db/Binary/archive_MWD.1.sg", "content": "function detect(){var t\nreturn Binary.compare(\"44 41 57 4D\")&&(t=Binary.getString(24,29).trim(),/^[A-Z][a-z]+, \\d{1,2}(?:st|nd|rd|th) [A-Z][a-z]+ \\d{4}$/.test(t))&&(sOptions=\"Creation date: \"+t,bDetected=1),result()}meta(\"archive\",\"Medievil WAD\")" }, { "path": "dbs_min/db/Binary/archive_P2L.1.sg", "content": "function detect(){var e\nreturn Binary.compare(\"'PSMLST PSM'\")&&(e=Binary.getString(11,4).trim(),/^[0-9\\.]{4}$/.test(e))&&(sVersion=e,bDetected=1),result()}meta(\"archive\",\"PSM Soundsystem (.P2L)\")" }, { "path": "dbs_min/db/Binary/archive_PAK.1.sg", "content": "function detect(){var e\nreturn Binary.compare(\"'DPAK'0000010018000000\")?(sVersion=\"Lego Creator\",bDetected=1):Binary.compare(\"'PACK'7faf000080\")?bDetected=1:Binary.compare(\"'RWPACK'0000000080\")?(sOptions=\"PAK Compiler (Raymond Wilson 2008)\",bDetected=1):Binary.compare(\"'MUDGE4'2e30\")&&(e=(sVersion=Binary.getString(8)).match(/(\\d{2})\\/(\\d{2})\\/(\\d{4}).*Copyright\\s+(.+?)(?:\\x00|$)/i))&&(sVersion=e[1]+\"/\"+e[2]+\"/\"+e[3]+\", \"+e[4].trim(),bDetected=1),result()}meta(\"archive\",\"PAK\")" }, { "path": "dbs_min/db/Binary/archive_PBP.1.sg", "content": "function detect(){var t\nreturn Binary.compare(\"00 50 42 50\")&&(t=Binary.getString(41,3).trim(),/^[A-Z]{3}/.test(t))&&(X.isVerbose()&&(sOptions=t),bDetected=1),result()}meta(\"archive\",\"PlayStation Update Package\")" }, { "path": "dbs_min/db/Binary/archive_PEA.1.sg", "content": "function detect(){if(10<=Binary.getSize()&&Binary.compare(\"EA\")&&Binary.compare(\"0000'POD'00\",10)&&(sVersion=\"v\"+Binary.read_uint8(1)+\".\"+Binary.read_uint8(2),bDetected=1)&&Binary.isVerbose())switch(Binary.read_uint8(3)){case 0:sOption(\"NOALGO\")\nbreak\ncase 1:sOption(\"ADLER32\")\nbreak\ncase 2:sOption(\"CRC32\")\nbreak\ncase 3:sOption(\"CRC64\")\nbreak\ncase 16:sOption(\"MD5\")\nbreak\ncase 17:sOption(\"RIPEMD160\")\nbreak\ncase 18:sOption(\"SHA1\")\nbreak\ncase 19:sOption(\"SHA256\")\nbreak\ncase 20:sOption(\"SHA512\")\nbreak\ncase 21:sOption(\"WHIRLPOOL\")\nbreak\ncase 22:sOption(\"SHA3_256\")\nbreak\ncase 23:sOption(\"SHA3_512\")\nbreak\ncase 24:sOption(\"BLAKE2S\")\nbreak\ncase 25:sOption(\"BLAKE2B\")\nbreak\ndefault:bDetected=0}return result()}meta(\"archive\",\"PeaZip (.PEA)\")" }, { "path": "dbs_min/db/Binary/archive_PKG.1.sg", "content": "function detect(){var e\nreturn Binary.compare(\"7F 50 4B 47\")&&(e=Binary.getString(48,48).trim(),/^[A-Z0-9]{6,7}-[A-Z0-9]{9}_00-[A-Z0-9]{16,18}$/.test(e))&&(X.isVerbose()&&(sOptions=\"ContentID: \"+e),bDetected=1),result()}meta(\"archive\",\"System Software Update Packages\")" }, { "path": "dbs_min/db/Binary/archive_PSARC.1.sg", "content": "function detect(){return Binary.compare(\"50534152000100037a6c6962\")&&(sVersion=\"1.3\",sOptions=\"zlib\",bDetected=1),result()}meta(\"archive\",\"PSARC\")" }, { "path": "dbs_min/db/Binary/archive_PUP.1.sg", "content": "function detect(){return Binary.compare(\"'SCEUF'0000....000000\")?(sVersion=\"PS3/PS Vita\",bDetected=1):Binary.compare(\"'SLB2'..0000000000....02\")&&(sVersion=\"PS4/PS5\",bDetected=1),result()}meta(\"archive\",\"PlayStation Update Package\")" }, { "path": "dbs_min/db/Binary/archive_RVZ.1.sg", "content": "function detect(){var e\nreturn Binary.compare(\"'RVZ'\")&&(e=Binary.getString(88,6).trim(),/^[A-Z0-9]{6}$/.test(e))&&(X.isVerbose()&&(sOptions=\"GameID: \"+e),bDetected=1),result()}meta(\"archive\",\"RVZ\")" }, { "path": "dbs_min/db/Binary/archive_STK.1.sg", "content": "function detect(){var e\nreturn 64 X.Sz()) return -1\n for (var n = 0; n < s; n++)r = r >> 8 ^ z[255 & r ^ X.U8(e + n)]\n return r\n } function r(e, s, r) { return void 0 === File.crc16 ? d(e, s, r) : (_log(\"Please remove the CRC16 implementation from archives.ancient.sg!\"), File.crc16(e, s, r)) } var s = found = !1\n function e() {\n if (!(!X.c(\"1F1E\") && !X.c(\"1F1F\") || X.Sz() < 6)) {\n if (old = X.c(\"1F1F\")) unpsz = X.U16(2, _LE) << 16 | X.U16(4, _LE)\n else if (unpsz = X.U32(2, _BE), !(t = X.U8(6)) || 24 < t || 6 + t > X.Sz()) return\n if (!(unpsz > u || old && !unpsz)) {\n if (old) {\n var e = 6, o = [], c = X.U16(e, _LE)\n if (e += 2, 1024 <= c) return\n for (i = 0; i < c; i++)(t = X.U8(e++)) < 255 ? o[i] = t : (o[i] = X.U16(e, _LE), e += 2)\n var a = !0\n return function e(s, r, n) { a && (c < s ? a = !1 : o[s] ? 24 < ++r || (e(s + o[s], r, n <<= 1), c <= s + 1) ? a = !1 : e(s + o[s + 1], r, 1 | n) : r || (a = !1)) }(0, 0, 0), a\n } return 1\n }\n }\n } function n() {\n var r, s = X.U32(0, _BE), e = X.readBytes(0, 3), n = X.SA(0, 4)\n if ((function () {\n if (134810120 <= s && s <= 134810126 && 134810121 != s) return gen = 2\n if (8 <= (255 & s) && (255 & s) <= 14 && e[0] != e[1] && e[0] != e[2] && e[1] != e[2]) return gen = 1\n switch (n.slice(0, 3)) {\n case \"1AM\": return gen = 3, 1\n case \"2AM\": return gen = 6, 1\n }switch (n) {\n case \"S300\": return gen = 3, 1\n case \"S310\": return gen = 4, 1\n case \"S400\": return gen = 5, 1\n case \"S401\": return gen = 6, 1\n case \"S403\": case \"Z&G!\": case \"ZULU\": return gen = 7, 1\n case \"S404\": case \"AYS!\": return gen = 8, 1\n default: return\n }\n })()) return r = [], sz = unpsz = -1, 2 != gen || o() || (gen = 1), o() ? (names = [[\"?\", \"?\"], [\"SC\", \"v2.69-81\"], [\"SC\", \"v2.92-99\"], [\"S300\", \"v3.00\"], [\"S310\", \"v3.10-11b\"], [\"S400\", \"pre-v4.00\"], [\"S401\", \"v4.01\"], [\"S403\", \"v4.02a\"], [\"S404\", \"v4.10\"]][gen], 1) : void 0\n function t(e) {\n for (var s = 0; s < 4; s++) {\n if (r[s] = e >> 24, r[s] < 8 || 14 < r[s]) return\n e <<= 8\n }\n } function o() {\n switch (gen) {\n case 1: if (p = 18, X.Sz() < p) return\n for (r[0] = s, i = 1; i < 3; i++)if (r[i] = X.U8(i + 15), r[i] < 4 || 7 < r[i]) return\n var e = X.U32(4, _BE)\n if (!e) return\n if (!(unpsz = X.U32(8, _BE)) || e > unpsz || 1048576 < unpsz) return\n if (!(sz = X.U32(12, _BE)) || sz > e) return\n break\n case 2: t(s)\n case 4: case 5: case 6: if (p = 12, X.Sz() < p) return\n if (!(unpsz = X.U32(4, _BE))) return\n if (sz = X.U32(8, _BE)) break\n return\n case 3: if (p = 16, X.Sz() < p) return\n if (t(X.U32(4, _BE)), !(unpsz = X.U32(8, _BE))) return\n if (sz = X.U32(12, _BE)) break\n return\n case 7: case 8: if (p = 16, X.Sz() < p + 2) return\n if (!(unpsz = X.U32(8, _BE))) return\n if ((sz = X.U32(12, _BE) + 2) < 2) return\n break\n default: return\n }return !((sz += p) > X.Sz() || sz > u || unpsz > u)\n }\n } return (function (e) {\n if (found) return 1\n if (!(4 <= e || s || X.c(\"'XPKF'\", 0) && X.Sz() < 44 || (sz = X.U32(4, _BE), type = X.SA(8, 4), unpsz = X.U32(12, _BE), !sz) || !unpsz || sz > u || unpsz > u || (flags = X.U8(32), xhdrs = 1 & flags, haspass = 2 & flags, hdrsz = 4 & flags ? 38 + X.U16(36, _BE) : 36, 0 + sz + 8 > X.Sz()))) {\n for (cccc = [[/ACCA/, \"André Osterhues's Code Compression Algorithm (XPK-ACCA.)\"], [/ARTM/, \"Arithmetic encoding compressor (XPK-ARTM.)\"], [/BLZW/, \"LZW-compressor by Bryan Ford (XPK-BLZW.)\"], [/BZIP/, \"bzip by Julian Seward (XPK-BZIP.\"], [/BZP2/, \"bzip2 by Julian Sadler (XPK-BZP2.)\"], [/CBR[01]/, \"RLE-compressor by Bilbo 1st of Hypenosis (XPK-CBR0.,XPK-CBR1.)\"], [/CRM2/, \"Crunch-Mania by Thomas Schwarz, LZH-mode (XPK-CRM2.)\"], [/CRMS/, \"Crunch-Mania by Thomas Schwarz, sampled LZH-mode (XPK-CRMS.)\"], [/CYB[12]/, \"XpkCybPrefs container by Alexis Nasr (XPK-CYB1.,XPK-CYB2.)\"], [/GZIP/, \"DEFLATE by Jean-loup Gailly (XPK-GZIP.)\"], [/DLTA/, \"Delta encoding by Stephan Fuhrmann (XPK-DLTA.)\"], [/FAST/, \"Fast LZ77 compressor by Christian von Roques (XPK-FAST.)\"], [/FBR2/, \"FBR2 CyberYAFA compressor (XPK-FBR2.)\"], [/FRLE/, \"RLE-compressor by Jorma Oksanen (XPK-FRLE.)\"], [/HFMN/, \"Huffman compressor (XPK-HFMN.)\"], [/HUFF/, \"Huffman compressor by Marc Zimmermann (XPK-HUFF.)\"], [/ILZR/, \"Incremental Lempel-Ziv-Renau compressor (XPK-ILZR.)\"], [/IMPL/, \"File Imploder by Peter Struijk (XPK-IMPL.)\"], [/LHLB/, \"LZRW-compressor by Gunther Nikl (XPK-LHLB.)\"], [/LIN1/, \"LIN1 LINO packer (XPK-LIN1.)\"], [/LIN3/, \"LIN3 LINO packer (XPK-LIN3.)\"], [/LIN2/, \"LIN2 LINO packer (XPK-LIN2.)\"], [/LIN4/, \"LIN4 LINO packer (XPK-LIN4.)\"], [/LZBS/, \"LZBS CyberYAFA compressor (XPK-LZBS.)\"], [/LZCB/, \": LZ-compressor (XPK-LZCB.)\"], [/LZW2/, \"LZW2 CyberYAFA compressor (XPK-LZW2.)\"], [/LZW3/, \"LZW3 CyberYAFA compressor (XPK-LZW3.)\"], [/LZW4/, \"LZW4 CyberYAFA compressor (XPK-LZW4.)\"], [/LZW5/, \"LZW5 CyberYAFA compressor (XPK-LZW5.)\"], [/ELZX/, \"LZX-compressor by Piotr Kasprzyk (XPK-ELZX.)\"], [/SLZX/, \"LZX-compressor with delta encoding by Piotr Kasprzyk (XPK-SLZX.)\"], [/MASH/, \"LZRW-compressor by Zdenek Kabelac (XPK-MASH.)\"], [/NONE/, \"Null compressor by Dirk Stöcker (XPK-NONE.)\"], [/NUKE/, \"LZ77-compressor by Christian von Roques (XPK-NUKE.)\"], [/DUKE/, \"LZ77-compressor by Christian von Roques, with delta encoding (XPK-DUKE.)\"], [/PWPK/, \"Power Peak's PowerPacker by Nico François (XPK-PWPK.)\"], [/PPMQ/, \"PPM compressor by Charles Bloom (XPK-PPMQ.)\"], [/(FRHT|RAKE)/, \"LZ77-compressor (XPK-FRHT.,XPK-RAKE.)\"], [/RDCN/, \"Ross data compression (XPK-RDCN.)\"], [/RLEN/, \"RLE-compressor (XPK-RLEN.)\"], [/SDHC/, \"Sample delta Huffman compressor (XPK-SDHC.)\"], [/SHR[I3]/, \"LZ-compressor with arithmetic encoding by Matthias Meixner (XPK-SHR3.,XPK-SHRI)\"], [/SLZ3/, \"SLZ3 CyberYAFA compressor by Niels Fröhling (XPK-SLZ3.)\"], [/SMPL/, \"Huffman compressor with delta encoding (XPK-SMPL.)\"], [/SQSH/, \"Squash compressor for sampled sounds by John Hendrikx (XPK-SQSH.)\"], [/SASC/, \"LZ-compressor with arithmetic and delta encoding (XPK-SASC.)\"], [/SHSC/, \"Context modeling compressor by Peter Kunath (XPK-SHSC.)\"], [/TDCS/, \"LZ77-compressor by Niels Fröhling (XPK-TDCS.)\"], [/ZENO/, \"LZW-compressor (XPK-ZENO.)\"], [/BLFH/, \"Blowfish encryption by Bruce Schneider (XPK-BLFH.)\"], [/BZIP/, \"Encapsulated Bzip v1 (XPK-BZIP.)\"], [/CAST/, \"CAST encryption by Dirk Pauli (XPK-CAST.)\"], [/ENCO/, \"Unsafe encryption (XPK-ENCO.)\"], [/DHUF/, \"Huffman compressor (lost) (XPK-DHUF.)\"], [/DMCB/, \"68881/2 fp-based arithmetic compressor (XPK-DMCB.)\"], [/DMCD/, \"68881/2 fp-based arithmetic compressor (XPK-DMCD.)\"], [/DMCI/, \"Arithmetic compressor (lost) (XPK-DMCI.)\"], [/DMCU/, \"68881/2 fp-based arithmetic compressor (XPK-DMCU.)\"], [/FEAL/, \"FEAL-N encryption by Christian von Roques (XPK-FEAL.)\"], [/IDEA/, \"IDEA encryption (XPK-IDEA.)\"], [/L2XZ/, \"LZMA2 compressor (XPK-L2XZ.)\"], [/LZ40/, \"LZ4 compressor (XPK-LZ40.)\"], [/LZMA/, \"LZMA2 compressor (XPK-LZMA.)\"], [/NUID/, \"IDEA encryption + NUKE (XPK-NUID.)\"], [/SHID/, \"IDEA encryption + SHRI (XPK-SHID.)\"], [/TLTA/, \"TLTA encoder (lost) (XPK-TLTA.)\"]], found = -1, i = 0; i < cccc.length && found < 0; i++)cccc[i][0].test(type) && (found = i)\n if (!(found < 0)) {\n if (a = a.appendS(cccc[found][1], \"/n\"), X.Sz() < 36) o = o.addIfNone(\"!short\")\n else {\n for (c = 0, i = 0; i < 36; i++)c ^= X.U8(0 + i)\n c && (o = o.addIfNone(\"!badhdr\"))\n } return sz += 8, 1\n }\n } s = !0\n })() ? (sName = X.isVerbose() ? \"Amiga eXtended PacKer Format container by Dirk Stöcker et al. (XPKF.)\" : \"XPK container (XPKF.)\", sVersion = sversion + (\"\" != o ? \"malformed\" + o : \"\"), bDetected = 1, X.isVerbose() && (sOptions = a + \"; payload at:\" + Hex(hdrsz) + \" unp.sz:\" + unpsz + \" sz:\" + outSz())) : 4 < X.Sz() && X.c(\"'ACCA'\") ? _setResult(\"archive\", \"André Osterhues's Code Compression Algorithm (ACCA.)\", \"\", \"\") : 2 < X.Sz() && X.c(\"FF1F\") && _setResult(\"archive\", \"Compact by Colin L. McMaster (.C)\", \"\", \"\"), X.Sz() < 3 || !X.c(\"1F9D\") || (t = X.U8(2), sversion = 128 & t ? \"new\" : \"old\", (t &= 127) < 9) || 16 < t || _setResult(\"archive\", \"Compress by Spencer Thomas (.Z)\", sversion, \"\"), !bDetected && (function () {\n if (!(X.Sz() < 20) && (X.c(\"'CrM!'\") || X.c(\"'CrM2'\") || X.c(\"'Crm!'\") || X.c(\"'Crm2'\") || X.c(\"18051973\") || X.c(\"'CD'B3B9\") || X.c(\"'DCS!'\") || X.c(\"'Iron'\") || X.c(\"'MSS!'\") || X.c(\"'mss!'\")) && (unpsz = X.U32(6, _BE)) && !(unpsz > u) && !((sz = X.U32(10, _BE) + 14) < 15 || sz > X.Sz() || sz > u)) {\n switch (hdr = X.SA(0, 4)) {\n case \"\u0018\u0005\u0019s\": case \"CD³¹\": case \"Iron\": case \"MSS!\": hdr = \"CrM2\"\n break\n case \"mss!\": hdr = \"Crm2\"\n break\n case \"DCS!\": hdr = \"CrM!\"\n }var e = \"m\" == hdr[2], s = \"2\" == hdr[3]\n return sversion = [\"std\", \"std sampled\", \"LZH\", \"LZH sampled\"][(s ? 2 : 0) + (e ? 1 : 0)], 1\n }\n })() && (sName = \"Crunch-Mania by Thomas Schwarz (CRM.)\", sVersion = sversion, X.isVerbose() && (sOptions = \"unp.sz:\" + unpsz + \" sz:\" + outSz()), bDetected = 1), !bDetected && (function () {\n if (X.c(\"'DMS!'\") && !(X.Sz() < 56) && !(6 < X.U16(50, _BE))) {\n o = \"\", d(4, 50, 0) != X.U16(54, _BE) && (o = o.addIfNone(\"!badhdr\"))\n var e = X.U16(10, _BE)\n if (!(32 & e)) {\n sversion = \"\", 2 & e && (sversion = \"obfuscated\"), p = 56\n for (var s = tsz = acsz = lasttrksz = trks = mintrk = prevtrk = 0, r = [0, 0, 256, 16384, 16384, 4096, 8192]; p + 20 < X.Sz();) {\n if (!X.c(\"'TR'\", p)) return\n if ((ctrk = X.U16(p + 2, _BE)) < prevtrk) break\n if (X.isDeepScan() && d(p, 18, 0) != X.U16(p + 18, _BE)) {\n o = o.addIfNone(\"!badtrkhdr\")\n break\n } var n = X.U8(p + 13)\n if (6 < n) return\n var s = Math.max(s, r[n]), t = X.U8(p, 12), n = ((2 <= n && n <= 4 || 5 <= n && 4 & t) && (tsz = Math.max(tsz, X.U16(p + 8, _BE))), X.U16(p + 6, _BE))\n if (p + 20 + n > X.Sz()) return\n if (X.isAggressiveScan() && d(p + 20, n, 0) != X.U16(p + 16, _BE)) {\n o = o.addIfNone(\"!badtrkcrc\")\n break\n } if (ctrk < 80 && (ctrk >= trks && (lasttrksz = X.U16(p + 10, _BE)), mintrk > ctrk && (mintrk = ctrk), ctrk > trks && (trks = ctrk), prevtrk = ctrk), p += n + 20, acsz += n, p > X.Sz()) {\n o = o.addIfNone(\"!short\")\n break\n } if (79 <= ctrk && ctrk < 32768) break\n if (o) break\n } e = 16 & e ? 22528 : 11264\n return mintrk >= trks && (o = o.addIfNone(\"!badtrknum\")), unpsz = (trks - mintrk) * e + lasttrksz, sz = p, (o = sz > u ? o.addIfNone(\"!badcalcsize\") : o) && (sversion += \"/malformed\" + o), 1\n }\n }\n })() && (sName = \"Disk Masher System (DMS.)\", sVersion = sversion, X.isVerbose() && (sOptions = \"unp.sz:\" + unpsz + \" sz:\" + outSz(sz)), bDetected = 1), !bDetected && (function () {\n if (X.c(\"1F9E\") || X.c(\"1F9F\")) {\n var e = X.c(\"1F9E\")\n if (a = sversion = \"\", e) {\n if (2 < X.Sz()) {\n for (var s = [0, 0, 1, 3, 8, 12, 42, 16], r = [], n = btl = k = 0, e = new BitReader(2); n < 8; n++)for (; k < s[n]; k++)r[btl++] = n + 1\n if (!(s = createOrderlyHuffmanTable(r, btl, e))) return\n } sversion = \"v1.x = gzip v0.5\"\n } else {\n if (X.Sz() < 5) return\n if (32768 & (t = X.U16(2, _LE))) return\n if (192 & (t2 = X.U8(4))) return\n for (var s = [1 & t, t >> 1 & 3, t >> 3 & 7, t >> 6 & 15, t >> 10, t2], i = 62, n = 0; n < 6; n++)i -= s[n]\n var o = 256, c = 7\n for (n = 0; n < 6; n++)o -= s[n] << c--\n if (o < i || 2 * i < o) return\n createOrderlyHuffmanTable() || (sversion = \"v2.x\")\n } return 1\n }\n })() && (sName = \"Freeze/Melt by Leonid A. Broukhis (.F,.lzc)\", sVersion = sversion, bDetected = 1), !bDetected && (function () {\n switch (hdr = X.SA(0, 4)) {\n case \"ATN!\": case \"EDAM\": case \"IMP!\": case \"M.H.\": add = 7\n break\n case \"BDPI\": add = 1768\n break\n case \"CHFI\": add = 4068\n break\n case \"RDC9\": case \"Dupa\": case \"FLT!\": case \"PARA\": add = 0\n break\n default: return\n }if (unpsz = X.U32(4, _BE), sz = X.U32(8, _BE), sversion = \"\", !(!unpsz || !sz || 1 & sz || sz < 12 || sz + 50 > X.Sz() || unpsz > u || sz > u)) { if (X.isDeepScan()) { for (crc = X.U32(sz + 46, _BE), i = 0; i < sz + 46; i += 2)add += X.U16(i, _BE); (4294967295 & add) != crc && (sversion = \"malformed!CRC\") } return sz += 50, 1 }\n })() && (sName = \"File Imploder by Peter Struijk (FImp.)\", sVersion = sversion, X.isVerbose() && (sOptions = \"unp.sz:\" + unpsz + \" sz:\" + outSz()), bDetected = 1), !bDetected && (function () {\n if (!(X.Sz() < 12) && /[\\x01\\x02\\x03]LOB/.test(X.SA(0, 4))) {\n var e = X.U8(0)\n if ((method = X.U8(4)) && !(6 < method) && (unpsz = 0, 1 !== e || (unpsz = File.read_uint24(5, _BE)) && !(unpsz > u))) {\n if (sz = 12 + X.U32(8, _BE), 2 === method) {\n var s = 2\n for (i = 0; i < s; i += 2) {\n if (sz + s > X.Sz()) return\n if (t1 = X.U8(sz + i), t2 = X.U8(sz + i + 1), t1 != t2 && 1024 < (s = s < (t1 = t1 < t2 ? t2 : t1) + i + 4 ? t1 + i + 4 : s)) return\n } sz += s\n } return sversion = [\"BMC: RLE\", \"HUF: Huffman\", \"LZW: 12-bit fixed code\", \"LZB: 9 to 12-bit fixed LZW\", \"MSP: LZ variant\", \"MSS: LZSS variant\"][method - 1] + [\"\", \"/double\", \"/triple\"][e - 1] + (sz > X.Sz() ? \"/malformed!short\" : \"\"), 1\n }\n }\n })() && (sName = \"LOB's File Compressor aka. Multipak (LOB.)\", sVersion = sversion, X.isVerbose() && (sOptions = (unpsz ? \"unp.sz:\" + unpsz + \" \" : \"\") + \"sz:\" + outSz()), bDetected = 1), bDetected || ((function () {\n if (X.c(\"'ziRCONia'0E00\") && !(X.Sz() < 24)) {\n var e = X.U16(12, _LE), s = X.U32(18, _LE)\n if (!((unpsz = X.U32(14, _LE)) > u || s + 4 * e > X.Sz())) {\n for (o = \"\", sz = 0, i = 0; i < e; i++) {\n var r = X.U32(s + 4 * i, _LE)\n if (r + 20 > X.Sz()) return\n r = r + X.U32(r + 4, _LE) + 8 * X.U16(r + 12, _LE) + 20\n sz < r && (sz = r)\n } return 1\n }\n }\n })() ? (sName = \"Music Module Compressor by Emmanuel 'Zirconia' Giasson (MMCMP.)\", nV = X.U16(10, _LE).toString(16).toUpperCase(), sVersion = \"v\" + nV[0] + \".\" + nV.slice(1, 3), X.isVerbose() && (sOptions = \"unp.sz:\" + unpsz + \" sz:\" + outSz()), bDetected = 1) : X.c(\"'MMS '00\") && (sName = \"C(ompression)KIT by Mad Man Software (C4-,C4A,C`A)\", bDetected = 1)), !bDetected && e() && (sName = \"Pack (.z)\", old && (sVersion = \"old\"), X.isVerbose() && (sOptions = \"unp.sz:\" + unpsz), bDetected = 1), !bDetected && (function () {\n if (!(X.Sz() < 16) && (X.c(\"'PP11'\") || X.c(\"'PP20'\") || X.c(\"'PX20'\") || X.c(\"'CHFC'\") || X.c(\"'DEN!'\") || X.c(\"'DXS9'\") || X.c(\"'H.D.'\") || X.c(\"'RVV!'\"))) {\n var e = !1\n if (sversion = \"\", X.c(\"'PX20'\")) {\n if (X.Sz() < 18) return\n e = !0, sversion = \"obfuscated\"\n } e = X.U32(e ? 6 : 4, _BE)\n return 151587081 == e || 151652874 == e || 151653131 == e || 151653388 == e || 151653389 == e ? !(X.isDeepScan() && (t = X.U32(X.Sz() - 4, _BE), !(unpsz = t >> 8) || unpsz > u || 32 <= (255 & t))) : void 0\n }\n })() ? (sName = \"Power Peak's PowerPacker by Nico François (PP.)\", sVersion = sversion, X.isDeepScan() && X.isVerbose() && (sOptions = \"unp.sz:\" + unpsz), bDetected = 1) : !bDetected && X.c(\"'SFHD'\") ? _setResult(\"archive\", \"PowerPlayer Music Cruncher by Stephan Fuhrmann (PMC.)\", \"v1.0\", \"lh.library-based, unp.sz:\" + X.U32(4, _BE) + \" sz:\" + outSz(X.U32(8, _BE) + 12)) : !bDetected && X.c(\"'SFCD'\") && _setResult(\"archive\", \"PowerPlayer Music Cruncher by Stephan Fuhrmann (PMC.)\", \"v2.x\", \"LZRW-compressor, unp.sz:\" + X.U32(4, _BE) + \" sz:\" + outSz(X.U32(8, _BE) + 12)), !bDetected && (function () {\n var e, s\n return !(!(X.c(\"'RNC'01\") || X.c(\"'RNC'02\") || X.c(\"'...'01\")) || (unpsz = X.U32(4, _BE), sz = X.U32(8, _BE), !unpsz) || !sz || unpsz > u || sz > u) && (e = !1, sversion = \"\", X.c(\"'RNC'01\") ? X.Sz() <= 18 ? sversion = \"old\" : (s = X.U8(18), 128 & X.U8(sz + 11) ? !(3 & s) && 124 & s && X.Sz() >= sz + 18 && (File.isHeuristicScan() || X.isDeepScan() && r(18, sz, 0) == X.U16(14, _BE)) ? (sversion = \"new\", e = !0) : sversion = \"old\" : sversion = \"new\") : X.c(\"'RNC'02\") ? X.Sz() <= 18 ? sversion = \"old\" : (s = X.U8(18), 128 & X.U8(sz + 10) ? 48 != (48 & s) && X.Sz() >= sz + 18 && (File.isHeuristicScan() || X.isDeepScan() && r(18, sz, 0) == X.U16(14, _BE)) ? (sversion = \"new\", e = !0) : sversion = \"old\" : sversion = \"new\") : X.c(\"'...'01\") && (version = \"new\"), s = \"o\" == sversion[0] ? 12 : 18, o = \"\", s + sz > X.Sz() && (o = \"!short\"), X.isDeepScan() && \"n\" == sversion[0] && !e && r(18, sz, 0) != X.U16(14, _BE) && (o = o.addIfNone(\"!badcrc\")), sz += s, o && (sversion += \"/malformed\" + o), 1)\n })() ? (sName = \"Rob Northen Compressor (RNC\" + X.U8(3) + \".)\", sVersion = sversion, X.isDeepScan() && X.isVerbose() && (sOptions = \"unp.sz:\" + unpsz + \" sz:\" + sz), bDetected = 1) : !bDetected && File.isHeuristicScan() && 4 <= X.Sz() && X.c(\"1FA0\") && _setResult(\"archive\", \"SCO Compress LZH (SCO.)\", \"\", \"\"), !bDetected && X.c(\"'SQSH'\") && (sName = \"Squash compressor by John Hendrikx (SQSH.)\", sOption = \"12-bit LZW\", bDetected = 1), !bDetected && n() && (sName = \"StoneCracker by Jouni 'Mr. Spiv' Korhonen (\" + names[0] + \".)\", sVersion = names[1], bDetected = 1, X.isVerbose()) && (sOptions = (0 <= unpsz ? \"unp.sz:\" + unpsz + \" \" : \"\") + (0 <= sz ? \"sz:\" + outSz() : \"\")), bDetected || X.Sz() < 12 || !X.c(\"'TPWM'\") || !(unpsz = X.U32(4, _BE)) || unpsz > u || (sName = \"Turbo Packer by Wolfgang Meyerle (TPWM.)\", X.isVerbose() && (sOptions = \"unp.sz:\" + unpsz), bDetected = 1), bDetected || !X.c(\"'Vice'\") && (!X.c(\"'Vic2'\") || (unpsz = X.U32(4), sz = 12 + X.U32(8, _BE), !unpsz) || unpsz > u || sz < 1036 || sz > u) || (sName = \"Huffman compressor with RLE (\" + X.SA(0, 4) + \".)\", bDetected = 1, X.isVerbose() && 50 == X.U8(3) && (sOptions = \"unp.sz:\" + unpsz + \" sz:\" + sz)), result()\n} meta(\"archive\", \"\"), debug = 0" }, { "path": "dbs_min/db/Binary/archive_btoa.1.sg", "content": "function detect(){return\"'xbtoa Begin'\"==Binary.getString(0,11)&&(bDetected=1),result()}meta(\"archive\",\"btoa\")" }, { "path": "dbs_min/db/Binary/archive_cad.DWG.1.sg", "content": "function detect(){if(9<=Binary.getSize())switch(bDetected=1,Binary.getString(0,6)){case\"AC1001\":sVersion=\"R2.22\"\nbreak\ncase\"AC1002\":sVersion=\"R2.50\"\nbreak\ncase\"AC1003\":sVersion=\"R2.60\"\nbreak\ncase\"AC1004\":sVersion=\"R9\"\nbreak\ncase\"AC1006\":sVersion=\"R10\"\nbreak\ncase\"AC1009\":sVersion=\"R11/12\"\nbreak\ncase\"AC1012\":sVersion=\"R13\"\nbreak\ncase\"AC1014\":sVersion=\"R14\"\nbreak\ncase\"AC1015\":sVersion=\"R2000\"\nbreak\ncase\"AC1018\":sVersion=\"R2004\"\nbreak\ncase\"AC1021\":sVersion=\"R2007\"\nbreak\ncase\"AC1024\":sVersion=\"R2010\"\nbreak\ncase\"AC1027\":sVersion=\"R2013\"\nbreak\ncase\"AC1032\":sVersion=\"R2018\"\nbreak\ndefault:return}return result()}meta(\"archive\",\"AutoCAD Drawing (.DWG)\")" }, { "path": "dbs_min/db/Binary/archive_gp7bank.1.sg", "content": "function detect(){return!!(X.c(\"'AMARCHIVE'..000000\")&&X.c(\"'Samples.xml'00\",37)&&X.c(\"'=(_wcsz=X.U32(0,_LE))&&X.c(\"00 02 02 00 30\",4)){if(_wcp=9,!((_wca=X.U8(_wcp++))<128))if(128<_wca)for(_wcc=128^_wca,_wci=_wca=0;_wci<_wcc;_wci++)_wca=(_wca<<8)+X.U8(_wcp++)\nelse _wca=-1\nif(0<_wca&&_wca+_wcp<=_wcsz&&X.c(\"06 09 2A 86 48 86 F7 0D 01 07 02\",_wcp))return!0}return!1}function detect(){if(!isWinCert()){var e,t,es,rs,G=0,Y=0,l=0,U=0,j=0,i=0,E=0,k=0,K=-1,F=\"\",p=\"\",_=\"\",r=\"\",a=\"\",c=\"\",O=\"\"\nif(X.c(\"'[1tracker module]'0D0A\"))sName=\"Shiru's 1tracker module (.1TM)\",bDetected=1,0<=(j=X.fStr(1,64,\"Engine=\"))&&(i=X.fStr(j+7,64,\".\"),sVersion=\"for \"+X.SA(j+7,i-j-7)),X.isVerbose()&&(0<=(j=X.fStr(i,128,\"Title=\"))&&(i=X.fSig(j+6,64,\"0D0A\"),sOption(X.SA(j+6,i-j-6))),0<=(j=X.fStr(i,128,\"Author=\"))&&(i=X.fSig(j+7,64,\"0D0A\"),sOption(X.SA(j+7,i-j-7),\"by: \")),0<=(j=X.fStr(i,128,\"Speed=\")))&&(i=X.fSig(j+7,64,\"0D0A\"),sOption(X.SA(j+7,i-j-7),\"spd:\"))\nelse if(X.c(\"'_A2module_'\")&&isWithin(nV=X.U8(14),1,14))bDetected=1,bad=!1,sName=\"subz3ro's AdLib Tracker II module (.A2M)\",sVersion=\"/┤DLiB TR/┤CK3R ][ v\"+nV,ptn=X.U8(15),(bad=!ptn||64ptn)&&(ptn=E)\nif(G=asg1+300,apn1=X.fSig(asg1,1024,\"'APN1'\"),ch=ptn_=-1,0ch&&(ch=ch_),G+=16+4*ch_*X.U16(G+2,_BE)\nK=G}else bad=bad.addIfNone(\"!noptns\");(bad=16ptn)&&(ptn=E)\nfor(ch=-1,ptns=[],Y=0,G=308;Y<255;Y++)(ch_=X.U16(G,_BE))>ch&&(ch=ch_),ptnsz=ch_*X.U16(G+2,_BE),G+=4,ptnsz&&((E=X.SC(G,12,\"CP437\").trim()).length&&\"Empty\"!=E&&ptns.push(E),G+=12+4*ptnsz)\nK=G,(bad=16d3&&(d3=d2)\nif((G=d3)=2662+2048*X.U8(35)){if(sName=\"Electronic Arts' ASYLUM Music Format module (.AMF)\",bDetected=1,sVersion=\"v\"+X.SA(21,3),X.isVerbose()){spd0=X.U8(32),bpm0=X.U8(33),smp=X.U8(34),ptn=X.U8(35),ord=X.U8(36)\nvar G=294,B=0\nfor(smps=[],Y=0;Y>5,sch=1+(31&X.U8(9)),smp=X.U8(10),ptn=X.U16(11),ord=X.U16(13),vmch=X.U8(15),xtra=X.U16(16),G=xtra+18,S=[],Y=B=0;Ymptn&&(mptn=E)\nfor(mptn++,G+=2*ord,Y=0;Y>8)+\".\"+(255&bpm0),spd0=Math.max(1,X.U8(G++)),G+=3,flg=X.U16(G),G+=2):(bpm0=Math.max(32,X.U8(G++)),spd0=Math.max(1,X.U8(G++)),flg=X.U8(G++)),ch=flg>>6&1?\"2\":\"1\",linfreqtbl=64&flg?\" lnr.freq.tbl.\":\"\",midiused=128&flg?\" MIDI used\":\"\",sOptionT(F),inss=[],smps=[],S=[],B=allsmpcsz=smp=shd=0,Y=0;YX.Sz()&&(bad=bad.addIfNone(\"!short\")),Y=0;Yptn&&(ptn=o)\nbreak\ncase\"WLEN\":for(Y=0;Y>2;Y+=4)X.U32(G+Y,_BE)&&ins++}G+=hksz}sOptionT(E),sOptionT(p,\"by: \"),sOptionT(d,\"on: \"),sOption(id,\"in: \"),sOption(addEllipsis(_.trim(),160)),sOption(\"ch:\"+ch+\" ord:\"+ord+\" ptn:\"+ptn+\" ins:\"+ins+\" sz:\"+outSz(G))}}else if(X.c(\"'ADRVPACK'\"))sName=\"Petter A. Urkedal's AProSys module (.APS)\",bDetected=1\nelse if(X.c(\"'ARP.'\"))sName=\"Major Tom's Player 2 module (.ARP)\",bDetected=1\nelse if(X.c(\"'ACTIONAMICS SOUND TOOL'\",62))sName=\"Michael Kleps's Actionamics Sound Tool module (.AST)\",bDetected=1,sVersion=\"v\"+X.SA(86,3)\nelse if(X.c(\"08'AST '\")&&isWithin(X.U8(9),4,8)&&X.U16(10)<=1001){if(sName=\"Patrice 'Cagliostro' Bouchand's All Sound Tracker module (.AST)\",sVersion=\"v\"+X.SA(5,4),bDetected=1,X.isVerbose()){for(L=X.U16(10),a=X.SC(12,L+1,\"CP850\"),G=13+L,s=\"\",Y=0;Y>3\nbreak\ncase\"BLOK\":ptn++\nbreak\ncase\"INST\":ins++\nbreak\ncase\"SAMP\":smp++}G+=hksz}sOption(\"ord:\"+ord+\" ptn:\"+ptn+(ins?\" syn:\"+ins:\"\")+(smp?\" smp:\"+smp:\"\")+\" sz:\"+outSz(K))}}else if(X.c(\"'BBSONG'00'0001'00\")){sName=\"Shiru's Beepola module (.BBSONG)\",bDetected=1\nvar is=!(G=12)\nfor(ord=orn=ptn=svgptn=svgwarp=phains=0,bad=F=auth=engine=\"\";G=X.Sz());){if(58!=X.U8(G++)){G--\nbreak}switch(E=X.SA(G,254),G+=E.length+1,E){case\"INFO\":for(;GX.Sz()&&(bad=bad.addIfNone(\"!short\")),fl>>=1,ins++\nfl=X.U32(G),G+=4\nfor(trk=0,trkend=!1,Y=0;Y<32;Y++){if(1&fl)for(trk++,trkend=!1,q=0;G>=1}trkend||(bad=bad.addIfNone(\"!short\"),G=-1)}}else bad=bad.addIfNone(\"!badtags\")\n\"\"!=bad&&(sVersion=sVersion.appendS(\"malformed\"+bad,\"/\")),sOptionT(F),sOptionT(author,\"by: \"),sOption(\"spd:\"+spd+(X.isDeepScan()?\" trk:\"+trk+\" ins:\"+ins+\" sz:\"+outSz(G):\"\"))}}else if(384'1ADEE0\")&&(!X.U8(19)&&X.c(\"'CUD-FM-File - SEND A POSTCARD -'\",1537)||X.U8(19)&&X.c(\"'YsComp'07'CUD1997'1A04\",32)))sName=\"Daniel Eshcbach/CUD's Boom Tracker 4 module (.CFF)\",sVersion=\"v\"+X.U8(16),bDetected=1,X.U8(19)&&(sVersion+=\"/LZW-packed\"),X.isVerbose()&&sOption(outSz(32+X.U16(17)),\"sz:\")\nelse if(X.c(\"'CHIPv1.0'\")){for(sName=\"Dmitry 'Alone Coder' Bystrov's Chip Tracker module (.CHI)\",bDetected=1,sVersion=\"v\"+X.SA(5,1),bad=\"\",X.Sz()<=256&&(bad=bad.addIfNone(\"!badsz\")),ptn=smp=0,tempo=X.U8(40),ord=X.U8(41)+1,lp=X.U8(48),Y=0;Yptn&&(ptn=G),31msgp&&(msgp=E),Y+=2\nK=X.fSig(msgp,TOEOF,\"FFFF\")+2,bDetected=1,bad=0,sName=\"Jens Christian 'JCH/Vibrants' Huus's Edlib Tracker module (.D00,.D01)\",sVersion=\"v\"+X.U8(7),(bad=1X.Sz()?bad.addIfNone(\"!short\"):bad)&&(sVersion=sVersion.appendS(\"malformed\"+bad,\"/\")),X.isVerbose()&&(F=X.SA(16,44).trim(),sOption(F),sOption(titles.join(\"; \"),F||1!=F.length?\"\":\"songs:\"),\"\"!=F||titles.length||sOptionT(X.SA(216,28)),1>4)+\".\"+(15&nV),co=X.U8(26),sVersion!=X.SA(20,4).toLowerCase()&&(sVersion+='/\"'+X.SA(20,4)+'\"'),co&&(sVersion=sVersion.appendS(\"co.ptn\",\"/\")),X.isVerbose()){for(sOptionT(decAnsi(610,32,CPAmiga,!0)),r=[],ch=X.U8(25),ord=X.U8(47)+1,ptn=X.U8(46)+1,smp=A=0,Y=0;Y<31;Y++)(slen=X.U32(176+4*Y,_BE))&&(smp++,A+=slen)\nfor(Y=0;Y<31;Y++)r.push(decAnsi(642+30*Y,30,CPAmiga,!0).trim())\nif(K=1572,co)for(Y=0;YX.Sz()&&!X.isVerbose()&&(sVersion=sVersion.appendS(\"malformed!short\",\"/\")),sOptionT(addEllipsis(r.filter(funSampleName).join(\" \"),256,160),'by/msg: \"','\"'),sOption(\"ord:\"+ord+\" ptn:\"+ptn+\" smp:\"+smp+\" sz:\"+outSz(K))}}else if(X.c(\"000003F3\")&&X.c(\"70FF'NuUNCLEART'\",32)&&X.U8(20)&&X.U32(44,_BE)&&X.U32(48,_BE)&&X.U32(56,_BE)){if(sName=\"Dave 'Uncle Tom' Lowe module (.DL)\",bDetected=1,X.isVerbose()){if(smpip=32+X.U32(60,_BE),smpiep=32+X.U32(64,_BE),smp=smpiep?Math.floor((smpiep-smpip)/14):0,F=X.SA(32+X.U32(80,_BE),256),auth=X.SA(32+X.U32(84,_BE),256),cmt=X.SA(32+X.U32(88,_BE),256),loadsz=32+X.U32(92,_BE),K=32+X.U32(96,_BE),sza=Hex(X.Sz()-K),smpsz=32+X.U32(100,_BE),songsz=32+X.U32(104,_BE),sfx=32+X.U32(108,_BE),k=1,d1=32+X.U32(76,_BE))for(a1=d1;;){if(a1+=16,!(d1=X.U32(a1,_BE)))break\nif(!(d1-=X.U8(a1+3)))break\nk++}sOptionT(F),1>1\nbreak\ncase\"PATT\":var ns=nV<3?9:8\nfor(u=G,ptn=X.U16(u),trk=X.U8(u+2),u+=3,32<(ch=(ch=trk)<1?1:ch)&&(ch=32),Y=0;Ymptn&&(mptn=E)\nfor(ord=X.U8(38),ptn=X.U8(40),G=X.U16(176)<<4,inss=[],mp=0,Y=ins=0;Ymp&&(mp=Q+X.U16(G+38))\nG=176+2*X.U8(39)+2*ptn-2,G=X.U16(G)<<4,G+=2+X.U16(X.U16(G)),K=Math.max(mp,G),sOptionT(X.SC(4,32,\"CP437\")),sOption(addEllipsis(inss.filter(funSampleName).join(\" \"),160),'ins/msg:\"','\"'),sOption(\"ord:\"+(rord==ord?\"\":rord+\"/\")+ord+\" ptn:\"+(mptn==ptn?\"\":mptn+\"/\")+ptn+\" ins:\"+ins+\" sz:\"+outSz(K))}}else if(X.c(\"'RIFF'........'DSMFSONG'\")&&X.U16(54)<=128&&X.U16(56)<=128&&X.U16(60)<=256&&X.U16(62)<=16){if(sName=\"Carlos Hasan's Digital Sound Interface Kit module (.DSM)\",bDetected=1,sVersion=\"RIFF\",X.isVerbose()){for(sOptionT(X.SC(20,28,\"CP437\")),K=X.U32(4)+8,G=12,smp=0;GX.Sz()&&(sVersion+=\"/malformed!badchunk\"),sOption(\"ch:\"+Math.max(1,X.U16(62))+\" spd0:\"+X.U8(66)+\" bpm0:\"+X.U8(67)+\" ord:\"+X.U16(56)+\"(\"+X.U16(52)+\"-\"+X.U16(54)+\") ptn:\"+X.U16(60)+\" smp:\"+X.U16(58)+\"/\"+smp+\" sz:\"+outSz(K))}}else if(X.c(\"'DSm'1A20\"))sName=\"The Loom Syndicate's Dynamic Studio module (.DSM)\",bDetected=1,X.isVerbose()&&(sOptionT(X.SA(5,20)),sOptionT(X.SA(25,20),\"by: \"))\nelse if(X.c(\"'DSFmt1'0D0A\"))sName=\"Audio Simulation's DreamStation module (.DSS)\",bDetected=1,sVersion=\"v1.0\",X.isVerbose()&&4<=(pt=(pt=X.fSig(0,TOEOF,\"F0E40001\")+4)<4?X.fSig(0,TOEOF,\"F0E40000\")+4:pt)&&(pa=X.fSig(pt,TOEOF,\"0D0A\"),E=X.SA(pt,pa-pt),pa+=2,pc=X.fSig(pa,TOEOF,\"0D0A\"),p=X.SA(pa,pc-pa),pc+=2,_=X.SA(pc,X.Sz()-pc),sOption(E),sOption(p,\"by: \"),sOption(_))\nelse if(X.c(\"'DS2F0'....'Default'\"))sName=\"Audio Simulation's DreamStation II module (.DS2)\",bDetected=1,sVersion=\"v2\",X.isVerbose()&&(ts=X.U8(98),E=X.SA(99,ts),pa=98+ts+1,as=X.U8(pa),p=X.SA(pa+1,as),pc=pa+as+1,cs=X.U8(pc),_=X.SA(pc+1,cs),sOption(E),sOption(p,\"by: \"),sOption(_))\nelse if(X.c(\"'MMU2'00\"))sName=\"Great Valley Products' Digital Sound Studio module (.DSS)\",bDetected=1,sVersion=\"v1-3.0\",X.isVerbose()&&(sOptionT(X.SA(10,32)),sOption(\"ord:\"+X.I16(1436,_BE)))\nelse if(X.c(\"'DTL'00\")&&X.c(\"0000001000\",22))sName=\"Larry Tipton's Drum Traker module (.DTL)\",bDetected=1,X.isVerbose()&&sOptionT(X.SA(4,20))\nelse if(X.c(\"'D.T.'00\"))0<=(sv=[\"S.Q.\",\"VERS\"].indexOf(X.SA(42,4)))&&(sName=\"Softjee's Digital Tracker module (.DTM)\",bDetected=1,X.isVerbose())&&(0==sv?sOptionT(X.SA(22,20)):sOptionT(X.SA(22,24)))\nelse if(X.c(\"'DeFy DTM'\"))sName=\"DeFy AdLib Tracker module (.DTM)\",bDetected=1,sVersion=\"v\"+X.SA(9,3),X.isVerbose()&&(sOptionT(X.SA(13,20)),sOptionT(X.SA(33,20),\"by: \"))\nelse if(X.c(\"'SONG'........'NAME'\"))sName=\"Horst Beham Jr.'s DigiTrekker module (.DTM)\",bDetected=1,X.isVerbose()&&sOptionT(X.SA(16,20))\nelse if(X.c(\"48E7F1FE610000964CDF7F8F'NuH'E70010610000'$L'DF0800'NuH'E7F1FE610001844CDF7F8F'NuH'E70010610000'NL'DF0800'NuG'FAFFC651EB05',Q'EB05'PQ'EB05'tQ'EB059833FC000F00DFF09633FC00FF00DFF09E33FC000000DFF0A833FC000000DFF0B833FC000000DFF0C833FC000000DFF0D8'NuG'FAFF80177C00010524177C00010548177C0001056C177C00010590'NuG'FAFF'bJ+'00BA670E'S+'00B96608177C000600B9'Nu`'0003180006\"))sName=\"David Whittaker's SFX module (.DW)\",bDetected=1\nelse if(X.c(\"' PWD'03\")&&X.c(\"'Master'\",14))sName=\"Daniel Werner/ExperimentalScene's DarkWave Studio module (.DWP)\",bDetected=1\nelse if(X.c(\"'EASO'\"))sName=\"Morten Grouleff's EarAche module (.EA,.EAS)\",bDetected=1\nelse if(X.c(\"'FORM'.... ....'EMODEMIC'\")&&X.c(\"'PATT'\",pt=20+X.U32(16,_BE))&&X.c(\"'8SMP'\",q=pt+8+X.U32(pt+4,_BE))){for(sName=\"Bo Lincoln's Quadra Composer module (.EMOD)\",bDetected=1,sVersion=\"v\"+X.U16(20,_BE),(smp=X.U8(63))&&(smps=[]),K=X.U32(4,_BE)+8,Y=A=0,G=64;Y\"===(E=X.SA(22,20))?\"\":E),smp&&sOptionT(addEllipsis(smps.join(\" \"),192,160),'smp/msg: \"','\"'),smps=void 0,sOption(\"bpm:\"+X.U8(62)+\" ord:\"+ord+\" ptn:\"+ptn+\" smp:\"+smp+\" sz:\"+outSz(K)))}else if(X.c(\"'E.M.S. V6.0'..00010000\")&&isWithin(X.U8(11),49,54))sName=\"Sean 'Odie' Connolly's Electronic Music System module (.EMS)\",bDetected=1,sVersion=\"v6.\"+X.SA(10,2),X.isVerbose()&&(a1=X.U32(14,_BE),a2=X.U32(18,_BE),a3=X.U32(22,_BE),G=lb0=34,G+=a1,lb4=G,G+=a2,lb8=G,G+=a3,insp=G,K=G+X.U32(30,_BE),sOption(\"sz:\"+outSz(K)))\nelse if(X.c(\"'ENF '....'scor'\")){for(sName=\"Musitek SmartScore Extended Notation Format sheet music (.ENF)\",bDetected=1,G=6,staf=brln=0,hkhd=\"dumm\";Gmp&&(mp=ordp),(ptnp=G+X.U16(G+2))>mp&&(mp=ptnp),(smpp=G+X.U16(G+4))>mp&&(mp=smpp),(ornp=G+X.U16(G+6))>mp&&(mp=ornp),(svd=ofs+X.U16(G+6))>mp&&(mp=svd),KX.Sz())return!1\nord=lp=xpos=ptn=0\nfor(G=ordp;Gptn&&(ptn=o),ord++}if(254mp-ofs&&(mp=ofs+E),E<30)return!1\nif(1==k&&mp>X.Sz())return!1\nif(notes=-1,GX.Sz()&&!X.isVerbose()){bad+=\"!short\"\nbreak}}bad&&(sVersion=sVersion.appendS(\"malformed\"+bad,\"/\")),X.isVerbose()&&(sOptionT(F),sOptionT(by,\"by: \"),sOptionT(txt),sOption((1X.U16(47)){if(bDetected=1,nV=X.U8(49),sName=\"Daniel Potter/Digital Infinity's Farandole Composer module (.FAR)\",sVersion=\"v\"+(nV>>4)+\".\"+(15&nV),ch=X.readBytes(50,16).filter(function(s){return 1==s}).length,X.isVerbose()){for(sOptionT(X.SC(4,40,\"CP437\")),msgsz=X.U16(96),r=[],Y=0,G=98;Y>3]&1<<(7&Y)&&smp++\nfor(Y=0;Y>6,smpp=X.U32(32,_BE),smpsz=X.U32(36,_BE),smp=wf=0,sszs=[],G=40,Y=0;Y<10;Y++,G+=6)(E=X.U16(G,_BE)<<1)&&smp++,sszs.push(E)\nfor(Y=10;Y<90;Y++)sszs.push(X.U8(G++)<<1)\nfor(Y=89;10<=Y&&!sszs[Y];Y--);wf=Y-9,sszs=void 0,sOption(\"ord:\"+ord+\" ptn:\"+ptn+\" smp:\"+smp+\" wf:\"+wf+\" sz:\"+outSz(smpp+smpsz))}}else if(X.c(\"'FC14'\")&&192>6,smpp=X.U32(32,_BE),wfp=X.U32(36,_BE),smp=10,rsmp=msmp=wf=0,sszs=[],G=40,Y=0;Y<10;Y++,G+=6)sszs.push(X.U16(G,_BE)<<1)\nfor(K=0,Y=10;Y<90;Y++)K+=E=X.U8(G++)<<1,sszs.push(E)\nfor(Y=89;10<=Y&&!sszs[Y];Y--);for(wf=Y-9,K+=X.U32(36,_BE),G=smpp,Y=0;Y<10;Y++)if(rsmp++,sszs[Y]&&X.c(\"'SSMP'\")){for(mszs=[],G+=4,msmp++,smp--,rsmp--,l=0;l<20;l++,G+=20)mszs.push(X.U16(G+4,_BE)<<1)\nfor(l=0;l<20;l++)mszs[l]&&rsmp++\nsmp++}sszs=void 0,mszs=void 0,sOption(\"ord:\"+ord+\" ptn:\"+ptn+\" smp:\"+rsmp+(smp!=rsmp?\"(\"+smp+\")\":\"\")+(msmp?\" ssmp:\"+msmp:\"\")+\" wf:\"+wf+\" sz:\"+outSz(K))}}else if(X.c(\"'FMK!'\")&&244==X.U8(60)&&isWithin(X.U8(61),1,2)){if(sName=\"Sami Wilenius's FM-Kingtracker module (.FMK)\",sVersion=[,\"v1.00~03\",\"v1.06+\"][X.U8(61)],bDetected=1,X.isVerbose()){for(text=!0,Y=0;Y<56;Y++)if(X.U8(Y+4)<32){text=!1\nbreak}text&&(sOptionT(X.SA(4,28)),sOptionT(X.SA(32,28),\"by: \")),sOption(\"ord:\"+X.U8(74)+\" ptn:\"+X.U8(76)+\" ins:\"+X.U8(75))}}else if(X.c(\"'FMTracker'....'The FM Tracker!'\"))sName=\"Davey W. Taylor's FM Tracker module (.FMT)\",bDetected=1,sVersion=\"v\"+X.U8(9)+\".\"+X.U8(10),X.isVerbose()&&sOptionT(X.SA(31,32))\nelse if(X.c(\"'JSR_FMT~\"))sName=\"Jean-Sebastien 'XorJS' Royer's FM-Tracker module (.FMT)\",bDetected=1\nelse if(X.c(\"'FMTRK'1A\"))sName=\"Morten Stenshorne/Sagitta Software's FM Tracker module (.FMT)\",bDetected=1,X.isVerbose()&&sOptionT(X.SA(16,32))\nelse if(X.c(\"000003F3\")&&X.U8(20)&&X.c(\"70FF4E75'F.PLAYER'\",32)&&X.I32(64,_BE)){if(sName=\"Paul van der Valk's Future Player module (.FP)\",bDetected=1,X.isVerbose()){for(sOptionT(X.SA(X.I32(44,_BE)+32,256)),k=1,G=72;(E=X.U32(G,_BE))&&k++,G+=8,E;);1=82+32*X.U8(5)+4*X.U8(80)){if(sName=\"Jörg W.Schmidt/MAXON's Face the Music module (.FTM)\",sVersion=\"v\"+X.U8(4),bDetected=1,X.isVerbose()){for(smp=X.U8(5),msr=X.U16(6,_BE),bpm0=(1766278.163/X.U16(8,_BE)).toFixed(0),fl=X.U8(13),fx=X.U8(80),gvol0=X.U8(12),G=82+32*smp,realsmp=0,Y=0;Yptn&&(ptn=pt),G+=2\nptn++,nn=4==v?5:4,songsz=718+smprecs*smpinfosz+ptn*rows*trk*nn,K=songsz+smpsz,statln=\"trk:\"+trk+\" ord:\"+ord+\" ptn:\"+ptn+\" smp:\"+smp+(lp?\" lp:\"+lp:\"\")+\" sz:\"+outSz(K)}else{for(E=X.SA(8,32).trim(),d=X.U16(202,_BE)+\"-\"+X.U8(201).padStart(2,\"0\")+\"-\"+X.U8(200).padStart(2,\"0\"),_=X.SA(40,160).trim(),tracker=X.SA(204,24),pn=songhk=spd=bpm=ord=lp=mptn=ptn=ins=smp=trk=0,K=-1,xc=[],v<6&&(spd=X.U16(228,_BE),bpm=X.U16(230,_BE));pn\"==(e=decEncoding(e,CP437,!0,Chars0to1F)))?\"\":e}sName=\"Hudson Entertainment System multitrack tune (.HES)\",bDetected=1,sVersion=\"v\"+X.U8(4),startsong=X.U8(5),reqaddr=X.U16(6),dtsz=X.U32(20),dtaddr=X.U32(24),X.isVerbose()&&(E=p=_=\"\",G=64,32<=X.U8(G)&&(sOptionT(fs()),sOptionT(fs(),\"by:\"),sOptionT(fs())),sOption(\"from:\"+startsong+\" sz:\"+outSz(dtaddr+dtsz)))}else if(X.c(\"'GTI5'\"))sName=\"Lasse 'Faust' Öörni's GoatTracker 2 Instrument (.INS)\",bDetected=1\nelse if(X.c(\"'ISM!V1.2'\"))sName=\"Hans Bergstedt's Sound Invasion Music System/In Stereo! module (.IS)\",bDetected=1,sVersion=\"v\"+X.SA(5,3),X.isVerbose()&&sOptionT(X.SA(36,25))\nelse if(X.c(\"'IS20DF10STBL'\"))sName=\"Hans Bergstedt's Sound Invasion Music System/In Stereo! module (.IS20)\",bDetected=1,sVersion=\"v2.0\"\nelse if(X.c(\"'IXS!'\"))sName=\"Sahara Surfers' iXalance module (.IXS)\",bDetected=1,sVersion=\"compressed\",X.isVerbose()&&(sOptionT(X.SA(24,32)),sOption(outSz(56+X.U32(16)),\"sz:\"))\nelse if((X.c(\"'MUSE'DEADBEAF\")||X.c(\"'MUSE'DEADBABE\"))&&X.U32(16)+24==X.U32(8))sName=\"Jazz Jackrabbit 2 container (.J2B)/Galaxy Sound System module\",sVersion=\"compressed\",bDetected=1,X.isVerbose()&&sOption(\"sz:\"+X.U32(8))\nelse if(X.c(\"'NuJ.FLOGEL'\",34))sName=\"Janko Mrsic-Flogel's module (.JMF)\",bDetected=1,X.isVerbose()&&(E=X.SA(84,256),pn=84+E.length+1,p=X.SA(pn,256),pn+=p.length+1,_=X.SA(pn,256),sOptionT(E),sOptionT(p,\"by: \"),sOptionT(_))\nelse if(X.c(\"2B7C.... ........ 2B7C.... ........ 2B7C.... ........ 2B7C.... ........ 303C00FF 32004EB9 ........ 4E75\")&&46<=X.I32(2,_BE)){if(sName=\"Steve Turner's module (.JPO)\",bDetected=1,X.isVerbose()){for(ofs=X.U32(2,_BE),p1=G=X.U32(18,_BE)-ofs+46,d1=10;G<=Math.min(X.Sz(),1048576)&&61695!=(E=X.U16(G,_BE));)G+=2,(d0=E)>d1&&(d1=d0)\nfor(0<(K=X.fSig(p1+d1,TOEOF,\"FF\"))&&K++,G=X.U32(10,_BE)-ofs+46,k=0;G>2)-1,smpsz=X.U32(d0+4,_BE),1>1)+(1&steps),packed=X.readBytes(G,slen),G+=slen,s=_=0;s>4)&&(G++,notes++),2&bits&&G++,4&bits&&(ctl=X.U8(G++),14<=v)&&(bits|=-8&ctl),8&bits&&(G+=2),128&bits&&G++,1&s&&_++\nif(maxwt=0,12<=v)for(maxwt=X.U8(G++),Y=0;Y>4,Y+=40,smp=synsmp=smpsz=0,d7=3;d3;d3--,Y+=58)(E=X.U32(Y,_BE))?E>d7&&(d7=E,smpsz+=X.U16(Y+4,_BE)<<1,smp++):synsmp++\nsteps=X.U32(48,_BE)-X.U32(44,_BE)>>2,K=songsz+smpsz,1X.Sz()){bad+=\"!short\"\nbreak}}bad&&(sVersion=sVersion.appendS(\"malformed\"+bad,\"/\")),X.isVerbose()&&(sOptionT(F),sOptionT(by,\"by: \"),sOptionT(txt),sOption(outSz(K),\"sz:\"))}else if(X.c(\"'SMF2CLIP'\"))sName=\"MIDI Clip File (.midi2)\",sVersion=\"v2.0\",bDetected=1\nelse if(X.c(\"'MKJamz'\"))sName=\"MK-Jamz module (.MKJ)\",bDetected=1\nelse if(X.c(\"'MLEDMODL'000000\")&&X.c(\"'VERS'\",X.U32(8,_BE)+12)){for(sName=\"Musicline Editor module (.ML)\",bDetected=1,G=4,_=E=\"\",ch=smp=ins=ptn=k=0;G>8)+\".\"+((240&v)>>4)+(15&v)\nbreak\ncase\"TUNE\":for(k++,E=E.appendS(X.SC(G,hksz,\"CP1252\").trim(),\"; \"),tmp0=X.U16(G+32,_BE),spd0=X.U8(G+34,_BE),groove=X.U8(G+35,_BE),ch=X.U8(G+39),chsz=0,hksz=40,Y=0;Y=(K=X.U32(4,_BE)+8)){if(sName=\"Multi-track Container module (.MTC)\",bDetected=1,X.isVerbose()){for(name=auth=_=\"\",G=8,k=0;G>4)+\".\"+(15&v),X.isVerbose()){for(sOptionT(X.SA(4,20)),trk=X.U16(24),ptn=X.U8(26),ord=X.U8(27)+1,csz=X.U16(28),nos=X.U8(30),bpt=X.U8(32),smpsz=0,Y=88;Y<88+37*nos;Y+=37)smpsz+=X.U32(Y)\npxc=194+37*nos+192*trk+32*(ptn+1)*2,_=X.SA(pxc,csz),K=pxc+csz+smpsz,_.length\"),sOptionT(_),sOption(\"trk:\"+(trk+1)+\" ord:\"+(ord+1)+\" ptn:\"+(ptn+1)+\" smp:\"+nos+\" sz:\"+outSz(K))}}else if(X.c(\"'MT20'\")&&388<=X.Sz()&&2==X.U8(9)&&X.U16(112)<64&&X.U16(106)<=256){for(sName=\"MadTracker 2 module (.MT2)\",nV=X.U8(8),bDetected=1,sVersion=\"v\"+X.U8(9)+\".\"+nV.toString(16).padStart(2,\"0\"),bad=\"\",ord=X.U16(106),loop=X.U16(108),ptn=X.U16(110),trk=X.U16(112),flags=X.U32(118),ins=X.U16(122),smp=X.U16(124),hasdrums=0!=X.U16(382),dptn=hasdrums?X.U16(384):0,G=388+(hasdrums?274:0),addp=G+X.U32(G-4),r=\"\",vst2=0,igskip=0,smpszs=[],insszs=[],inss=[],smps=[],extsmp=[];Gaddp)bad=bad.addIfNone(\"!badaddsz\")\nelse if(G>X.Sz())bad=bad.addIfNone(\"!short\")\nelse{for(Y=0;Y>=1)<0&&(fl=-fl)}if(G>X.Sz())bad=bad.addIfNone(\"!short\")\nelse for(Y=0;Y<255;Y++)!r&&inss.length<3&&\"\"!=(E=X.SC(G,32,\"CP1252\")).trim()&&inss.push(E),32==(dtlen=X.U32(G+32))&&(dtlen+=396),1X.Sz())bad=bad.addIfNone(\"!short\")\nelse{for(Y=0;Y<256;Y++)r||(E=X.SA(G,32),YX.Sz())bad=bad.addIfNone(\"!short\")\nelse for(Y=0;Y=X.U16(6))sName=\"idSoft's DOOM music module (.MUS)\",bDetected=1,X.isVerbose()&&sOption(outSz(X.U16(4)),\"sz:\")\nelse if(X.c(\"'MXM'00\")&&isWithin(X.U32(4),1,256)&&X.U32(8)=hksz?-1:X.I32(pn+4*Y,_LE))<0&&(curtime=12e4),playtime+=curtime/1e3\nbreak\ncase\"auth\":apn=0,g=X.SC(pn,256,\"UTF8\"),apn+=g.length+1,p=X.SC(pn+apn,256,\"UTF8\"),apn+=p.length+1,_=X.SC(pn+apn,256,\"UTF8\"),apn+=_.length+1,_+=\", rip: \"+X.SC(pn+apn,256,\"UTF8\")\nbreak\ncase\"taut\":if(X.isDeepScan())for(apn=0;apnk&&(k=d3,ord=d6),(X.c(\"2000\",12)||X.c(\"FE\",14))&&(k=7),d1=256,Gptn&&(ptn=E),G+=4\nif(G>1\nbreak\ncase\"PAOR\":tracker=X.SC(G,hksz,\"CP850\")\nbreak\ncase\"END \":end=1}if(G+=hksz,end)break}\"\"!=bad&&(sVersion=sVersion.appendS(\"malformed\"+bad,\"/\")),X.isVerbose()&&(sOptionT(F),sOption(tracker,\"in: \"),sOption(\"trk:\"+trk+\" ord:\"+ord+\" ptn:\"+ptn+\" smp:\"+smp+\" sz:\"+outSz(X.U32(4)+8)))}else if(X.c(\"'PLM'1A..10\")&&isWithin(ch=X.U8(54),1,32)&&X.Sz()>=4*((smp=X.U8(92))+(ptn=X.U8(93))+(ord=X.U16(94,_LE)))&&firstNotOf(60,32,[0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15])<0){for(sName=\"Alex 'Statix' Evans' Disorder Tracker 2 module (.PLM)\",bDetected=1,G=X.U8(4),ofs=rsmp=0,rptn=[],ptns=[],smps=[],mp=[0,\"unk\"],bad=\"\",Y=0;Ymp[0]&&(mp=[E,\"ptn\"]),(E=X.SC(E+7,25,\"CP437\").trim()).length&&ptns.push(E)\nfor(Y=0;Ymp[0]&&(mp=[E,\"smp\"]),E&&(X.c(\"'PLS'1A\",E)||(bad=bad.addIfNone(\"!badsmpsig:\"+X.SA(E,4))),isWithin(X.I8(E+50),-1,15)||(bad=bad.addIfNone(\"!badsmppan\")),64X.Sz()&&(bad=bad.addIfNone(\"!short\")),K=Math.max(mp[0],G),mp[1]){case\"ptn\":K=mp[0]+X.U32(mp[0],_LE)\nbreak\ncase\"smp\":K=mp[0]+X.U8(mp[0]+4)+X.U32(mp[0]+67,_LE)}bad.length&&(sVersion=sVersion.appendS(\"malformed\"+bad,\"/\")),X.isVerbose()&&(sOptionT(X.SC(6,48,\"CP437\")),sOption(addEllipsis(smps.filter(funSampleName).join(\" \"),224),'smp/msg:\"','\"'),sOption(\"ch:\"+X.U8(54)+\" bpm0:\"+X.U8(58)+\" spd0:\"+X.U8(59)+\" ord:\"+ord+\" ptn:\"+(rptn!=ptn?rptn+\"/\":\"\")+ptn+\" smp:\"+(rsmp!=smp?rsmp+\"/\":\"\")+smp+\" sz:\"+outSz(K)))}else if(X.c(\"'PLX'\")&&X.U8(3)<=2&&X.U8(4)&&X.U16(7)>3)&&sOption(k,\"×\"),d3=X.U32(44,_BE),d0=X.U32(48,_BE),ins=d3-d2>>6,d3=ins,synsmp=0,smp=0,B=0,d7=3;d3;)(ts=X.U32(d2,_BE))?ts>10,sOption(\"ptn:\"+ptn+\" ins:\"+ins+\" smp:\"+smp+\" syn.smp:\"+synsmp+\" songsz:\"+songsz+\" sz:\"+outSz(K))}}else if(X.c(\"'PSF'\")){if(0<(nV=X.U8(3))){switch(bDetected=1,sName=\"Neil Corlett's Portable Sound Format module (.\",nV){case 1:sName+=\"PSF,.PSF1,.MINIPSF,.MINIPSF1)\",sVersion=\"Playstation\"\nbreak\ncase 2:case 3:sName+=\"PSF2,.MINIPSF2)\",sVersion=\"Playstation 2\"\nbreak\ncase 17:sName+=\"SSF,.MINISSF)\",sVersion=\"Saturn\"\nbreak\ncase 18:sName+=\"DSF,.MINIDSF)\",sVersion=\"Dreamcast\"\nbreak\ncase 33:sName+=\"USF,.MINIUSF)\",sVersion=\"Ultra64\"\nbreak\ncase 34:sName+=\"GSF,.MINIGSF)\",sVersion=\"Gameboy\"\nbreak\ncase 35:sName+=\"SNSF,.MINISNSF)\",sVersion=\"Super Nintendo\"\nbreak\ncase 36:sName+=\"2SF,.MINI2SF)\",sVersion=\"Nintendo DS\"\nbreak\ncase 37:sName+=\"NCSF,.MININCSF)\",sVersion=\"Nintendo DS Nitro Sound\"\nbreak\ncase 65:sName+=\"QSF,.MINIQSF)\",sVersion=\"Capcom Q-Sound\"\nbreak\ndefault:sName+=\"*SF,.MINI*SF)\",sVersion=\"unk.console\"}if(sVersion=\"v\"+Hex(nV)+\" \"+sVersion,X.isVerbose())if(ptags=X.U32(8,_LE)+21,sig2=!1,(sig2=21X.Sz())bad=bad.addIfNone(\"!short\")\nelse for(Y=0;Y<255&&GX.Sz())bad=bad.addIfNone(\"!short\")\nelse for(Y=0;Y<256;Y++)(E=X.U8(G++))&&(\"\"!=(E=X.SC(G,128,\"CP1252\").trim())&&vsts.push(E),G+=128,E=X.I32(G),G+=4+4*E)\nfor(m=[],Y=0;Y<128;Y++)(E=X.U8(G++))&&mach++,m[Y]=E\nE=oldt=0\nfor(Y=0;Y<128;Y++)if(m[Y]){for(E=X.I32(G+8),G+=12,tn=X.SA(8===E?G+256:G,16),tpn=8===E?X.SA(G,256):\"\",ts=tn+tpn,nonascii=!1,q=0;qX.Sz()&&(bad=bad.addIfNone(\"!short\")),(G+=1275)>X.Sz()&&(bad=bad.addIfNone(\"!noP0\")),(G+=64)>X.Sz()&&(bad=bad.addIfNone(\"!noP1\")),Gj+maxdesc&&(i=j+maxdesc,cutoff=!0),tmp=X.readBytes(j,i-j),Y=0;desc.lengthX.Sz());)ins++,16==nV?G+=11:33==nV?(nmlen=X.U8(G++),insns.push(X.SA(G,nmlen)),G+=nmlen,rm=X.U8(G),riff=128&rm,(midi=7==(7&rm))?G+=7:G+=24,riff&&(G+=X.U16(G)+2)):bad=bad.addIfNone(\"!badver\")\nif(ord=X.U8(G++),G+=ord,(!ord||128X.Sz()&&(bad=bad.addIfNone(\"!short\"))\nif(mptn)for(G=mptn,end=!1;!end&&G>1,tagdata=!1,E=p=d=\"\",next=0,Y=0;Y>> Chunk Start <<<'00\",9)){if(sName=\"Eduard Müller's Renoise module (.RNS)\",bDetected=1,sV=X.SA(3,4),sVersion=\"v\"+sV,sV<\"05\"?sVersion+=\"/RN<1.1.1\":\"05\"===sV?sVersion+=\"/RN1.1.1\":sV<\"015\"?sVersion+=\"/RN<1.2.7\":\"015\"===sV?sVersion+=\"/RN1.2.7\":sV<\"018\"?sVersion+=\"/RN<1.5.2\":\"018\"===sV?sVersion+=\"/RN1.5.2\":sVersion+=\"/RN>1.5.2\",X.isVerbose())for(G=9;G>> Chunk Start <<<'00\",G);){if(G+=20,X.c(\"'Header V00 '00\",G)){sOptionT(X.SC(G+20,20,\"CP1252\")),sOptionT(X.SC(G+40,20,\"CP1252\"),\"by: \"),sOptionT(X.SC(G+60,20,\"CP1252\"),\"style: \")\nbreak}if(X.c(\"'Header V01 '00\",G)){G+=20,K=X.U32(G),sOptionT(X.SC(G+4,K,\"CP1252\")),G+=K+4,K=X.U32(G),sOptionT(X.SC(G+4,K,\"CP1252\"),\"by: \"),G+=K+4,K=X.U32(G),sOptionT(X.SC(G+4,K,\"CP1252\"),\"style: \")\nbreak}if(X.c(\"Header V02 '00\",G)){G+=20,K=X.U32(G),sOptionT(X.SC(G+4,K,\"CP1252\")),G+=K+4,K=X.U32(G),sOptionT(X.SC(G+4,K,\"CP1252\"),\"by: \"),G+=K+4,K=X.U32(G),sOptionT(X.SC(G+4,K,\"CP1252\"),\"style: \"),G+=K+4+5,K=X.U32(G),sOptionT(X.SC(G+4,K,\"CP1252\"))\nbreak}if(-1==(G=X.fSig(G+1,TOEOF,\"''>>> Chunk End <<<'00\")))break\nG+=20}}else if(extIs(\"xrns\")&&X.c(\"'PK'0304\"))sName=\"Eduard Müller's Renoise module (.XRNS)\",sType=\"~audio\",sVersion=\"xml\",bDetected=1\nelse if(extIs(\"xrdp\")&&0<=X.fStr(0,256,\"X.Sz()||X.U32(24)>X.Sz())&&(bad+=\"!short\"),X.U32(16)>X.Sz()-7&&(bad+=\"!badmetadata\"),bad.length&&(sVersion+=\"/malformed\"+bad),X.isVerbose())switch(p=_=s=g=ti=y=\"\",nv){case 0:case 1:case 2:0<(G=X.U32(16))&&sOptionT(X.SC(G,64,\"Shift_JIS\").replace(\"\\\\\",\"¥\")),(pk=X.U32(12))&&(sVersion+=\" compressed\",sOption(\"Please send this file over Telegram to @kaens, the detection author! It's unique and needs research\"))\nbreak\ncase 3:if(6<(ptags=X.U32(16))&&X.c(\"'[S98]'\",ptags)){for(ptags+=5,bUTF8=X.c(\"EFBBBF\",ptags),tags=bUTF8?X.SC(ptags,512,\"UTF8\"):X.SC(ptags,512,\"Shift_JIS\"),tagl=tags.split(\"\\n\"),Y=0;Y\"'!=tagr&&(E=tagr.substr(1,tagr.length-2))\nbreak\ncase\"AUTHOR\":'\"\"'!=tagr&&(p=tagr.substr(1,tagr.length-2))\nbreak\ncase\"DATE\":'\"\"'!=tagr&&(dt=tagr.substr(1,tagr.length-2))\nbreak\ncase\"TYPE\":sVersion=\"t.\"+tagr\nbreak\ncase\"TIME\":tm=tagr}bad&&(sVersion+=\"/malformed\"),sOption(E),sOption(p,\"by: \"),sOption(dt,\"'\"),sOption(tm,\"len: \"),E=parseAtariBinary(G+2),sOption(E[1].length,\"binblks:\"),sOption(outSz(E[0]),\"sz:\")}}else if(X.c(\"'SC68 Music-file / (c) (BeN)jamin Gerard / SasHipA-Dev '00'SC68'........'SCFN'\")){if(sName=\"SC 68000 programmatic chiptune (.SC68)\",bDetected=1,X.isVerbose()){for(hdrl=X.SA(0,256).length+1,G=hdrl,cp=p=E=\"\",P=\"\",df=-1,k=0,ef=!1,mn=[];Gk&&(bad=bad.addIfNone(\"!badstartsong\")),dataOfs=X.U16(6,_BE),(1==v2&&118!=dataOfs||2==v2&&124!=dataOfs)&&(bad=bad.addIfNone(\"!baddatap\")),loadAddr=X.U16(8,_BE),\"R\"==v1&&isWithin(loadAddr,1,2023)&&(bad=bad.addIfNone(\"!badloadp\")),initAddr=X.U16(10,_BE),\"R\"!=v1||isWithinRanges(initAddr,[[2024,40959],[49152,53247]])||(bad=bad.addIfNone(\"!badinitp\")),flags=X.U16(118,_BE),\"R\"==v1&&flags>>1&1&&0>1:(!(3<=v2)||1&(a2=X.U8(122))||isWithinRanges(a2,[[0,65],[128,223]])||sidn++,!(4<=v2)||1&(a3=X.U8(123))||a2==a3||isWithinRanges(a3,[[0,65],[128,223]])||sidn++)\nvar W=[0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]\nswitch(flags>>4&3){case 1:W[0]=1\nbreak\ncase 2:W[0]=2\nbreak\ncase 3:W[0]=3}if(3<=v2)switch(flags>>6&3){case 1:W[1]=1\nbreak\ncase 2:W[1]=2\nbreak\ncase 3:W[1]=3\nbreak\ndefault:W[1]=W[0]}if(78==v2)for(Y=2,q=124;Y>4&3){case 1:W[Y]=1\nbreak\ncase 2:W[Y]=2\nbreak\ncase 3:W[Y]=3\nbreak\ndefault:W[Y]=W[0]}else if(4<=v2)switch(flags>>8&3){case 1:W[2]=1\nbreak\ncase 2:W[2]=2\nbreak\ncase 3:W[2]=3\nbreak\ndefault:W[2]=W[0]}for(1>2){case 1:sVersion+=\"/PAL\"\nbreak\ncase 2:sVersion+=\"/NTSC\"\nbreak\ncase 3:sVersion+=\"/PAL&NTSC\"}0\"==(E=X.SC(22,32,\"CP1252\"))&&(E=\"\"),sOptionT(E),\"\"==(p=X.SC(54,32,\"CP1252\"))&&(p=\"\"),sOptionT(p,\"by: \"),\"\"==(_=X.SC(86,32,\"CP1252\"))&&(_=\"\"),sOptionT(_))}else if(X.c(\"00 FF00FF00 9100FF00 FF008000 92..00967F 01\",7)&&X.c(\"9908\",5442))sName=\"Tony 'Nissimo' Willams' Sound Images module (.SIG)\",sVersion=\"gen.2\",bDetected=1\nelse if(X.c(\"0100FEFF09000000'ALIM3'\"))sName=\"Ruben Ramos 'baktery' Salvador's Skale Tracker module (.SKM)\",bDetected=1,X.isVerbose()&&sOptionT(X.SA(25))\nelse if(X.c(\"'mptn&&(mptn=E+1)\nordc++,ords.push(q),G++}for(ch=3,ordc==6*k?(sVersion+=\" stereo\",ch=6):ordc!=3*k&&(bad=bad.addIfNone(\"!badordcnt\")),bad.length&&(sVersion=sVersion.appendS(\"malformed\"+bad,\"/\")),ins=2<=nV?X.U8(G++):31,inss=[],Y=0;Y>1)\nfor(Y=0;Y<(1==nV?0:2==nV?3:4);Y++)G+=1+2*X.U8(G)\nfor(ptn=X.U8(G++),Y=0;YX.Sz()&&(sVersion+=\"malformed\"),X.isVerbose()&&(start=X.U16(6,_LE),loop=X.U16(8,_LE),delay=X.U16(10,_LE),sOption(\"len:\"+Hex(len)+\" start:\"+Hex(start)+\" loop:\"+Hex(loop)+\" delay:\"+delay))\nelse if(X.c(\"'RJP'3.'SMOD'\"))sName=\"Richard Joseph's module (.SNG)\",bDetected=1,sVersion=\"v\"+X.SA(3,1)\nelse if(X.c(\"'SYNC'\")||X.c(\"'SYNB'\"))sName=\"Synder SNG-player module (.SNG)\",bDetected=1,sVersion=\"ver.\"+X.SA(3,1),X.isVerbose()&&sOption(X.SA(16,512))\nelse if(X.c(\"'SYND'....'S0'\"))sName=\"Synder Tracker module (.SNG)\",bDetected=1,sVersion=\"ver.\"+X.SA(3,1)\nelse if(X.c(\"'SYND'\")||X.c(\"'SYNF'\")||X.c(\"'SYNH'\"))sName=\"Synder SNG-player Stereo module (.SNG)\",bDetected=1,sVersion=\"ver.\"+X.SA(3,1),X.isVerbose()&&sOption(X.SA(16,512))\nelse if(isWithin(E=(X.U8(0)+1<<4)+(X.U8(1)+1<<7)+869,870,X.Sz())&&(/df\\d:/.test(X.SA(E,4))||/[sS]amples/.test(X.SA(E,7)))){if(sName=\"AJ [Activas]'s ZoundMonitor module (.SNG + Samples/)\",bDetected=1,X.isVerbose()){for(ptn=X.U8(1)+1,ord=X.U8(3)+1,spd=X.U8(4),G=5,smp=0;G<815;G+=54)X.U8(G+4)&&smp++\nsOption(\"spd:\"+spd+\" ord:\"+ord+\" ptn:\"+ptn+\" smp:\"+smp+\" len \"+secondsToTimeStr(1+Util.divu64(spd*ord*32,50))+\" sz:\"+outSz(E+101))}}else if(X.c(\"'RJP'3. 0000 0000\"))sName=\"Richard Joseph's module instruments (.INS)\",bDetected=1,sVersion=\"v\"+X.SA(3,1)\nelse if(X.c(\"'SNES-SPC700 Sound File Data'\")){if(sName=\"Nintendo SNES SPC chiptune (.SPC)\",bDetected=1,sVersion=\"v0.\"+X.U8(36),X.isVerbose()){if(id666inhdr=26==X.U8(35),g=_=p=E=\"\",dumper=\"\",emu=\"\",preferBin=!1,id666inhdr){switch(E=X.SA(46,32),g=X.SA(78,32),dumper=X.SA(110,16),dumpdate=X.SA(158,11),48<=(emu=X.U8(210))&&emu<=57&&(emu-=48),emu){case 1:emu=\"ZSNES\"\nbreak\ncase 2:emu=\"Snes9x\"\nbreak\ncase 3:emu=\"ZST2SPC\"\nbreak\ncase 4:emu=\"ETC\"\nbreak\ncase 5:emu=\"SNEShout\"\nbreak\ncase 6:emu=\"ZSNESW\"\nbreak\ndefault:emu=\"\"}_=X.SA(126,32),slen=X.SA(169,3),lp=X.SA(172,4),(slen+lp+dumpdate).length<5?(chnDis=X.U8(209),bin=1==chnDis&&\"\"==emu||preferBin):p=/[0-9/]*/.test(slen+lp+dumpdate)?(songlen=Number(slen),X.SA(177,32)):(bin=!0,songlen=X.U8(169)<<16+X.U8(170)<<8+X.U8(171),X.SA(176,32))}else E=X.SA(48,20)\nsOption(E),sOption(g,\"for: \"),sOption(p,\"by: \"),sOption(_),\"\"!=emu&&(sVersion+=\" \"+emu)}}else if(X.c(\"'STK1.0SONG'\")&&0<=[1,2,3].indexOf(X.U8(52))&&X.U8(53)<=X.U8(58)&&X.U8(54)<=X.U8(53)&&X.U8(56)<=63&&X.U8(57)<=5){switch(sName=\"Julien 'Targhan' Nevo's STarKos module (.SKS)\",bDetected=1,bad=\"\",X.U8(57)){case 0:hz=13\nbreak\ncase 1:hz=25\nbreak\ncase 2:hz=50\nbreak\ncase 3:hz=100\nbreak\ncase 4:hz=150\nbreak\ncase 5:hz=300\nbreak\ndefault:hz=0,bad=bad.addIfNone(\"!badRepFreq\")}for(\"-\"!=(xpos=X.I8(55).toString())[0]&&(xpos=\"+\"+xpos),spd0=X.U8(56),ord=1+X.U16(58),ptn=-1,rows=ptnxpos=0,G=60,Y=0;Y<4*ord;Y++)Y%4==3?rows+=X.U8(G)+1:(E=X.U8(G),ptn>1&&ptnxpos++),G+=2\nptn++,insns=[]\nfor(ins=0;GX.Sz()?bad.addIfNone(\"!short\"):bad)&&(sVersion=sVersion.appendS(\"malformed\"+bad,\"/\")),X.isVerbose()&&(sOptionT(X.SA(20,32)),sOptionT(X.SA(10,10),\"by: \"),sOption(\"spd0:\"+spd0+(\"+0\"!=xpos?\" xpos:\"+xpos:\"\")+\" ord:\"+ord+\" ptn:\"+ptn+\"+\"+sptn+\" ins:\"+ins+(ptnxpos?\" ptn.xpos:\"+ptnxpos:\"\")+\" smp.ch:\"+X.U8(52)+\" rep.freq:\"+hz+\"Hz loop:\"+(X.U8(54)?Hex(X.U8(54))+\"-\":\"\")+Hex(X.U8(53))+(X.isDeepScan()?\" notes:\"+notecnt:\" rows:\"+rows)+\" sz:\"+G))}else if(!X.U8(0)&&X.c(\"'SK10'\",128)&&0<=[1,2,3].indexOf(X.U8(134))&&0<=[13,25,50,100,150,300].indexOf(X.U16(135))&&X.U16(24)==X.U16(64)){for(sName=\"STarKos module (.BIN)\",sVersion=\"compiled/ofs:80h\",bDetected=1,crc=0,Y=0;Y<67;Y++)crc+=X.U8(Y);(crc&=65535)!=X.U16(67)&&(sVersion+=\"/malformed!badCRC\"),X.isVerbose()&&(sOption(X.SA(1,8).trim()+\".\"+X.SA(9,3).trim()),sOption(X.U16(135)+\"Hz\"),sOption(Hex(X.U16(132)),\"base:\"),sOption(outSz(X.U24(64)+188),\"sz:\"))}else X.c(\"'Nu!SOPROL!'\",34)&&(sName=\"Holger Gehrmann's Sound Programming Language/SOPROL module (.SPL)\",bDetected=1,X.isVerbose())&&(E=X.SA(88,256),p=X.SA(88+E.length+1,256),_=X.SA(88+E.length+p.length+2,256),sOptionT(E),sOptionT(p,\"by: \"),sOptionT(_))\nif(/SPM[\\x01-\\x02]/.test(X.SA(0,4))&&(sName=\"Emmanuel Marty & Michael Lavaire's Stonetracker module (.SPM)\",sVersion=\"v\"+X.U8(3),bDetected=1,X.isVerbose())&&sOptionT(decAnsi(4,32,CPAmiga)),/SPS[\\x01-\\x02]{2}/.test(X.SA(0,5))&&X.c(\"'psn'\",6+32*(smp=X.U8(5)))){if(sName=\"Emmanuel Marty & Michael Lavaire's Stonetracker sample bank (.SPS)\",sVersion=\"v\"+X.U8(3),bDetected=1,X.isVerbose()){for(Y=smpsz=0,smps=[];Y>8*Y&255\nsVersion+=\"v\"+aV.join(\".\")\nbreak\ncase\"BVER\":if((nB=X.U32(G,_LE))!=nV){for(aV=[],Y=0;Y<4;Y++)aV[3-Y]=nB>>8*Y&255\nsVersion+=\"/v\"+aV.join(\".\")}break\ncase\"NAME\":E=X.SA(G,hksz)\nbreak\ncase\"BPM \":bpm=X.U32(G,_LE)\nbreak\ncase\"SPED\":spd=X.U32(G,_LE)\nbreak\ncase\"TIME\":tme=X.U32(G,_LE)\nbreak\ncase\"SNAM\":blk++\nbreak\ncase\"PDTA\":ptn++}G+=hksz}sOptionT(E),0maxlen&&(unplen=maxlen),done=!1,ofs=0,left=unplen;!done&&o=j?(E+=X.SA(G+o,j),o+=j,left-=j):done=!0\nbreak\ncase 1:if(j=X.U8(G+o),o++,dw=X.SA(G+o,4),o+=4,left>=4*j&&o=4*j&&o=j?left-=j:done=!0\nbreak\ncase-1:done=!0\nbreak\ndefault:sVersion+=\"/malformed\",done=!0}}else F=X.SC(G+o,hksz,\"CP1252\")\nbreak\ncase-1:ch=X.I32(G,_BE)\nbreak\ncase-2:1024<(len=X.I32(G,_BE))&&(len=\"malformed\")\nbreak\ncase-3:case-4:case-5:break\ncase-7:extsmp=!0\nbreak\ncase 10:case 11:case 12:pro=!0\nbreak\ncase-6:bpm=Math.round(1.24*Math.min(X.I32(G,_BE),800))\nbreak\ncase-12:hksz=0\nbreak\ncase-10:case-11:case-13:case-14:case-15:case-17:case-18:case-19:case-20:case-21:hksz+=X.I32(G,_BE)\nbreak\ndefault:_l2r(\"symmod\",G,hkhd+\"/\"+hkhx+\" (\"+Hex(hksz,8)+\"): ?!?!?!?!?!\")}G+=hksz}sOption(F),sOption(\"ch:\"+ch+\" bpm:\"+bpm+\" len:\"+len+(done?\"sz:\"+outSz(G):\"\")),extsmp&&sOption(\"extsmp\"),pro&&(sVersion+=\"/Pro\")}}else if(X.c(\"'Synth'\")&&!X.c(\"'esi'\",5))sName=\"C. 'Mr Soundwave' Herbst & B. MIkic/BrainTrace Design's Synthesis module (.SYN)\",bDetected=1,X.c(\"'Synth'\",7950)?(sVersion=\"v\"+X.SA(7955,3),X.isVerbose()&&(sOptionT(X.SA(7986,27)),sOptionT(X.SA(8014,256)))):(sVersion=\"v\"+X.SA(5,3),X.isVerbose()&&(sOptionT(X.SA(36,27)),sOptionT(X.SA(64,256))))\nelse if(X.c(\"'SYNTRACKER-SONG:'00\"))sName=\"Bastian 'flink'/'twiCe' Spiegel's SynTracker module (.SYNMOD)\",bDetected=1,X.isVerbose()&&(t1=X.SC(20,32,\"CP1252\"),sOptionT(t1,\"title/inst: \"),t2=X.SC(52,32,\"CP1252\"),sOptionT(t2),t3=X.SC(84,32,\"CP1252\"),sOptionT(t3))\nelse if(X.c(\"'T0AST'\")){function a(){if(1==nV)G=474\nelse{if(2!=nV)return\nG=842}if(drummode=X.U8(G++),chipmode=X.U8(G++),chs=X.U8(G++),ch=0,16>7&15)).padStart(2,\"0\")+\"-\"+(d1>>11&31).padStart(2,\"0\"),d2=\"20\"+(127&d2).padStart(2,\"0\")+\"-\"+(1+(d2>>7&15)).padStart(2,\"0\")+\"-\"+(d2>>11&31).padStart(2,\"0\"),auth=decEncoding(k.slice(19,82),CP1251),F=decEncoding(k.slice(83,148),CP1251),cmt=decEncoding(k.slice(147,532),CP1251),Y=ptn=0;Yptn&&(ptn=k[Y+531]+1);(K=2244057==n?G:-1)<0&&(sVersion=sVersion.appendS(\"malformed:\"+Hex(n),\"/\")),sOptionT(F),sOptionT(auth,\"by: \"),sOptionT(cmt),sOption(\"on: \"+d1+(d1!=d2?\" to \"+d2:\"\")),sOption(\"spd:\"+spd1+\"/\"+spd2+\" ord:\"+(lp?lp+\"-\":\"\")+ord+\" ptn:\"+ptn+\" intlv:\"+intlv+\" saves:\"+saves+(X.isDeepScan()?\" sz:\"+outSz(K):\"\"))}}else if(902<=X.Sz()&&isWithin(X.U8(37),1,4)&&0<(bin=parseAtariBinary())[0]&&X.c(\"0E158D\",6)&&X.c(\"8D150E\",26)&&X.U16(29)==bin[1][0][1]&&(X.c(\"'TMC SONG FILE 2.0'\",9)||X.c(\"D4CDC3A0 D3CFCEC7A0 C6C9CCC5A0 B2AEB0\",9))){for(sName=\"Marcin 'Jaskier' Lewandowski's Theta Music Composer (.TM2)\",sVersion=\"v2.0\",bDetected=1,bad=\"\",ins=0,p0=65536,G=134;G<262&&!((E=(X.U8(G+640)<<8|X.U8(G))-X.U16(2)+6)<0);G++)0E&&(p0=E),255!=X.U8(E)&&ins++):bad=bad.addIfNone(\"!badinsp\"))\nfor(ptn=0,G=262;G<518&&!((E=(X.U8(G+256)<<8|X.U8(G))-X.U16(2)+6)<0);G++)0E&&(p0=E),255!=X.U8(E)&&ptn++):bad=bad.addIfNone(\"!badptnp\"))\nfor(ord=(p0-902)/17,G=902,pt=-1;G=pt&&(pt=X.U8(q)+1)\nif(isWithin(X.U8(G+16),65,127)&&(bad=bad.addIfNone(\"!badord\")),X.I8(G+16)<=0)break}if(bad.length&&(sVersion=sVersion.appendS(\"malformed\"+bad,\"/\")),X.isVerbose()){for(G=38,E=\"\";G<134;G+=32)E=E.appendS(decAnsi(G,32,CPATASCII,0,Chars0to1FATASCII).trim(),\" | \")\nsOption(E),E=(E=X.U8(31))?isWithin(E,1,63)?\"stereo\":isWithin(E,64,127)?\"RMT stereo\":\"quadro\":\"mono\",sOption(\"ch:\"+E+\" spd0:\"+X.U8(36)+\" ticks:\"+X.U8(37)+\" ord:\"+ord+\" ptn:\"+ptn+(pt!=ptn?\"/\"+pt:\"\")+\" ins:\"+ins+\" sz:\"+outSz(bin[0]))}}else if(X.c(\"0000050F0000050F0000050F0000050F0000050F0000050F0000050F0000050F0000050F0000050F0000050F0000050F\",20)&&X.c(\"FFFF001000000030000000\",385))sName=\"N.J. Luuring Jr.'s The Musical Enlightenment module (.TME)\",bDetected=1\nelse if(12288<=X.Sz()&&X.c(\"'TRK01/TV.ES.'\")){if(sName=\"Adam Davidson & Ramjet & Toxic Volume's RamTracker module (.TRK)\",bDetected=1,X.isVerbose()){for(sOptionT(X.SC(15,32,\"CP850\")),sOptionT(X.SC(47,32,\"CP850\"),\"by: \"),G=1107,ptn=-1,ord=0;!(254<=(E=X.U8(G++))||G>X.Sz());)ord++,ptn>bw+1,G=8;Gmptn&&(mptn=E)\nif(G+=2,E=0,1==bw)for(;55537!=X.U16(G,_BE)&&GE&&(E=q),(q=X.U8(G++))>E&&(E=q)\nelse for(;55537!=(q=X.U16(G,_BE))&&GE&&(E=q)\nptnp=G,ptn=G-pp-2>>bw+5,K=G+=2+(E+1<<2),G=o=k=0,a2=pp+2\ns:for(;G32*X.U8(47)+80){for(sName=\"Marc 'MAS' Schallehn's UltraTracker module (.ULT)\",bDetected=1,nV=X.U8(14)-48,sVersion=\"v\"+[\"<1.4\",\"1.4\",\"1.5\",\"1.6\"][nV-1],bad=\"\",msgn=X.U8(47),G=48+32*msgn,smp=X.U8(G++),smpsz=0,smps=[],Y=0;YX.Sz()&&(bad=bad.addIfNone(\"!short\")),K=G+smpsz,\"\"!=bad&&(sVersion=sVersion.appendS(\"/malformed\"+bad,\"/\")),X.isVerbose()){for(sOptionT(X.SC(15,32,\"CP437\")),specialmsg=23==msgn&&297221==K&&7==ch&&20==ord&&29==ptn&&17==smp&&1572==notes,G=48,Y=0,r=[];Yptn&&(ptn=E+1)\nd1=\"20\"+(127&d1).padStart(2,\"0\")+\"-\"+(1+(d1>>7&15)).padStart(2,\"0\")+\"-\"+(d1>>11&31).padStart(2,\"0\"),d2=\"20\"+(127&d2).padStart(2,\"0\")+\"-\"+(1+(d2>>7&15)).padStart(2,\"0\")+\"-\"+(d2>>11&31).padStart(2,\"0\")}else d1=d2=spd1=spd2=intlv=saves=\"?\",lp=0\nauth=decEncoding(k.slice(39,103),CP1251),F=decEncoding(k.slice(103,167),CP1251),cmt=decEncoding(k.slice(167,551),CP1251),K=7231953==n?G:-1,sOptionT(F),sOptionT(auth,\"by: \"),sOptionT(cmt),sOption(\"on: \"+d1+(d1!=d2?\" to \"+d2:\"\")),sOption(\"spd:\"+spd1+\"/\"+spd2+\" ord:\"+(lp?lp+\"-\":\"\")+ord+\" ptn:\"+ptn+\" intlv:\"+intlv+\" saves:\"+saves+\" sz:\"+outSz(K))}}else if(X.c(\"'Vgm '\")&&X.Sz()>=(eof=X.U32(4)+4)&&(nV=X.U32(8))&&nV<768&&(!X.U32(20)||X.c(\"'Gd3 '\",X.U32(20)+20))){if(bDetected=1,bad=\"\",nV=1e3*(nV>>12)+100*(nV>>8&15)+10*(nV>>4&15)+(15&nV),sName=\"Video Game Music chiptune stream (.VGM)\",eoh=X.U32(52)+52,(nV<150||52==eoh)&&(eoh=64),150<=nV&&eoh<64&&(bad=\"!dataofs\"),sVersion=\"v\"+(nV/100).toFixed(2),X.isVerbose()){if(tags=[],20<(gd3p=X.U32(20,_LE)+20)&&\"Gd3 \"===X.SA(gd3p,4)){for(sVersion+=\"/Gd3 v\"+X.readBytes(gd3p+4,4).join(\"\")/100,taglen=X.U32(gd3p+8,_LE),(gd3p+=12)+taglen>X.Sz()&&(bad=bad.addIfNone(\"!tagsz\")),Y=0;Y<11&&gd3p<=X.Sz();)0<=(tpos=X.fSig(gd3p,TOEOF,\"0000\"))?(tags[Y]=X.SU16(gd3p,taglen),gd3p+=2*tags[Y].length+2):(tags[Y]=\"\",gd3p+=2),Y++\nY<11?bad=bad.addIfNone(\"!tagnum\"):tagn=Math.max(0,Y-1),sOption(slashTag(tags[0],tags[1])),sOption(slashTag(tags[6],tags[7]),\"by: \"),sOption(slashTag(tags[2],tags[3]),\"for: \"),sOption(slashTag(tags[4],tags[5]),\"on: \"),sOption(tags[8],\"date: \"),sOption(tags[9],\"ripper: \"),sOption(tags[10],\"notes: \")}for((smp=X.U32(24))||(bad=bad.addIfNone(\"!badlen\")),lp=X.U32(28)+28,lpsmp=X.U32(32),(lp>=eof||lpsmp>smp)&&(lp=0,bad=bad.addIfNone(\"!badloop\")),rate=X.U32(36),100=eoh||xhdr&&chips[Y][0]>xhdr);Y++)if(clk=X.U32(chips[Y][0]),b30=Util.shru64(clk,30),b31=b30>>1,b30&=1,clk&=1073741823,!(nVX.Sz()){bad=bad.addIfNone(\"!short\")\nbreak}if(ihdsz=(ihdsz=X.U32(G))||263,instp=X.U8(G+26),(inst=X.SC(G+4,22,\"CP437\").trim()).length&&insns.push(inst),smpn=X.U16(G+27),smphdsz=X.U32(G+29),1==madewith?(madewith|=16,245==ihdsz?(mVlsw=\"1.00.00.A5\",tracker=\"ModPlug Tracker 1.0 alpha\"):263==ihdsz?(mVlsw=\"1.00.00.B3\",tracker=\"ModPlug Tracker 1.0 beta\"):madewith=16):smpn||(263==ihdsz&&!smphdsz&&2&madewith?madewith|=16:29!=ihdsz&&512&madewith?madewith&=-513:160&madewith&&33!=ihdsz&&(madewith=0),33!=ihdsz?madewith&=~J:40X.Sz()){bad=bad.addIfNone(\"!short\")\nbreak}260<=V&&(sflags=[])\nvar Us=0\nif(smpn){for(anyInsSmp=!0,midichecks&&(madewith&=-260),263==ihdsz&&!instp||(madewith&=~J),16&madewith||!(madewith&J)||(4&vef||255!=vls||255!=vle)&&(4&pef||255!=pls||255!=ple)||(madewith=-3&madewith|16),l=0;l>1):slen,G+=40,160&madewith&&258&madewith&&!(16&madewith)&&(22<$||C.slice($).indexOf(\" \")<0)&&(madewith=-33&madewith|144),3==(3&I)&&2&madewith&&(madewith|=4)}smpsz+=Us,260<=V&&(X.c(\"'OggS'\",G)&&(isOXM=!0),G+=Us)}}if(!smpReserved&&2&madewith&&-1>8)+\".\"+(255&V)+bad+(anyADPCM?\"/ADPCMpacked\":\"\")}else if(X.c(\"'FORM' 0000000E 'XDIRINFO' 00000002 .... 'CAT ' ........ 'XMIDFORM' ........ 'XMID'\"))bDetected=1,sName=\"Extended MIDI chiptune (.XMI,.C55,.PCS)\",X.isVerbose()&&(1<(k=X.U8(20))&&sOption(k,\"×\"),sOption(outSz(30+X.U32(26,_BE)),\"sz:\"))\nelse if(X.c(\"'ofTAZ!'\"))sName=\"Davey W. Taylor's Extra Simple Music module (.XSM)\",bDetected=1\nelse if(/YM\\d!/.test(X.SA(0,4))||X.c(\"'YM3b!'\")||/YMT\\dLeOnArD!/.test(X.SA(0,12))||X.c(\"'MIX1LeOnArD!'\")){switch(bDetected=1,bad=\"\",frm=smp=voc=loop=ddn=0,sName=\"ST-Sound chiptune stream (.YM)\",sV=X.SA(0,4).replace(/!/g,\"\")){case\"YM1\":sVersion=\"YM1\"\nbreak\ncase\"YM2\":sVersion=\"MADMAX specific\"\nbreak\ncase\"YM3\":sVersion=\"YM-Atari\"\nbreak\ncase\"YM3b\":sVersion=\"YM-Atari+loopinfo\",loop=X.U32(X.Sz()-4,_LE)\nbreak\ncase\"YM4\":sVersion=\"YM-Atari extended\"\nbreak\ncase\"YM5\":case\"YM6\":sVersion=\"Generic YM2149 extended\"\nbreak\ncase\"MIX1\":sVersion=\"Atari Remix digital\"\nbreak\ncase\"YMT1\":case\"YMT2\":sVersion=\"YM-Tracker\"}if(0<=[\"YM2\",\"YM3\",\"YM3b\"].indexOf(sV)&&(frm=Util.divu64(X.Sz()-4,14)),0<=[\"YM5\",\"YM6\",\"YMT1\",\"YMT2\",\"MIX1\"].indexOf(sV)){if(\"LeOnArD!\"!=X.SA(4,8)&&(bad=bad.addIfNone(\"!badsig\")),0<=[\"YM6!\",\"YMT1\",\"YMT2\"].indexOf(sV)&&\"End!\"!=X.SA(X.Sz()-4)&&(bad=bad.addIfNone(\"!badfilesz\")),0<=[\"YM5\",\"YM6\"].indexOf(sV)){for(ddn=X.U16(20,_BE),loop=X.U32(28,_BE),G=X.U16(32,_BE)+34,Y=0;Y=X.Sz()){bad=bad.addIfNone(\"!tooshort\")\nbreak}}else if(\"MIX1\"===sV)for(G=24,smp=X.U32(16,_BE),mixblk=X.U32(20,_BE),Y=0;Y=X.Sz()?bad=bad.addIfNone(\"!nodata\"):(E=G,0<=(t_=X.fSig(G,TOEOF,\"00\")-G)&&(G+=t_+1,p=G,a_=X.fSig(G,TOEOF,\"00\")-G,G+=a_+1,_=G,c_=X.fSig(G,TOEOF,\"00\")-G,G+=c_+1,0<=[\"YM5\",\"YM6\"].indexOf(sV))&&(X.c(\"'End!'\",G+((frm=X.U32(12,_BE))<<4))||(bad=bad.addIfNone(\"!badframes\"),sOption(\"frm/frames: \"+(frm<<4)+\"/\"+(X.Sz()-G-4))))),X.isVerbose()&&(sOptionT(X.SA(E,t_)),sOptionT(X.SA(p,a_),\"by: \"),sOptionT(X.SA(_,c_)))}X.isVerbose()&&(voc&&sOption(voc,\"voc:\"),smp&&sOption(outSz(G+smp),\"sz:\"),ddn&&sOption(ddn,\"digidrums:\"),frm)&&sOption(\"len:\"+frm+\" sz:\"+outSz(G+(frm<<4)+4)),\"\"!=bad&&(sVersion=sVersion.appendS(\"malformed\"+bad,\"/\"))}else if(X.c(\"'YMST'\")&&(sName=\"Nicolas 'Mr.Styckx' Pomarede's MYST ST-YM module (.YMST,.YM)\",bDetected=1,X.isVerbose())){for(Y=0,G=4;Y<48&&(G+=8,X.U16(G-8,_BE));Y++);E=G,0<=(t_=X.fSig(G,TOEOF,\"00\")-G)&&(G+=t_+1,p=G,a_=X.fSig(G,TOEOF,\"00\")-G,G+=a_+1,_=G,c_=X.fSig(G,TOEOF,\"00\")-G,X.isVerbose())&&(sOptionT(X.SA(E,t_)),sOptionT(X.SA(p,a_),\"by: \"),sOptionT(X.SA(_,c_)))}if(!bDetected&&(function(){if(X.c(\"'ZXAYAMAD'\")&&!(3X.Sz()))){for(titles=[],Y=0;YX.Sz()))){for(titles=[],Y=0;Y>4){case 0:X.isHeuristicScan()||(s=!0)\nbreak\ncase 1:if(!t[b-16])return\nG++,notes++\nbreak\ncase 2:break\ncase 3:t[b-48]=!0,G+=11\nbreak\ncase 5:break\ncase 6:G++}}if(!X.isHeuristicScan()){if(!s&&e>8)+\".\"+(255&nV),\"\"!=bad&&(sVersion+=\"/malformed\"+bad),X.isVerbose())&&(tp&&sOptionT(addEllipsis(X.SC(tp,256,\"CP437\"))),ap&&sOptionT(addEllipsis(X.SC(ap,256,\"CP437\")),\"by: \"),cp&&sOptionT(addEllipsis(X.SC(cp,256,\"CP437\"))),257<=nV&&255==X.U8(K)&&K++,sOption(\"ch:\"+ch+\" ins:\"+ins+\" sz:\"+outSz(K))),!bDetected&&(function(){if(!(X.Sz()<90||!X.c(\"02011313 1412010B\")||1X.Sz()?void 0:1}})()&&(sName=\"Oregan Developments' Digital Symphony module (.DSYM)\",sVersion=\"v\"+X.U8(8),bDetected=1,X.isVerbose())&&(sOptionT(F),sOption(\"ch:\"+ch+\" ord:\"+ord+\" ptn:\"+ptn+\" smp:\"+smp)),!bDetected&&(function(){if(!(!X.c(\"'DFM'1A\")||1=regcmdcnt);)creg=(128&E)<<1|regmap[127&E],reginit[creg]=!0,261==creg&&(opl3en=X.U8(G+1)),G+=2\nreginit[261]&&1&opl3en&&(hw=2)}-1===(hw=[\"YM3812 (OPL2)\",\"YM3812 (Dual OPL2)\",\"YMF262 (OPL3)\"].indexOf(hw))&&(hw=\"YMF262(portshift)\")}return 1}})()&&(sName=\"DOSBox Raw OPL chiptune (.DRO)\",sVersion=sVersion.appendS(hw,\"#\"),bDetected=1,X.isVerbose())&&sOption(\"len: \"+secondsToTimeStr(Util.divu64(lenMS+500,1e3))+\" via: \"+db+\" packed:\"+co+\" sz:\"+outSz(dtofs+dtsz)),!bDetected&&(function(){if(!(X.Sz()<2303)&&X.c(\"'Funk'\")&&(K=X.U32(8),isWithin(K,2303,1048576))){switch(E=X.U32(4),sV=X.SA(12,4),bad=\"\",sus=0,sversion=/F2\\d\\d/.test(sV)?\"R2 GOLD \"+(1980+(E>>9&127))+\"-\"+(E>>5&15).padStart(2,\"0\")+\"-\"+(31&E).padStart(2,\"0\")+\" \":\"R1\",/F[2vk]\\d\\d/.test(sV)?ch=X.SA(14,2):(sversion+=\"b\",ch=8,sus++),E>>20&15){case 1:case 2:E=\"IBM\"\nbreak\ncase 3:E=\"Intel 386\"\nbreak\ncase 4:E=\"Intel 486\"\nbreak\ncase 5:E=\"Pentium\"\nbreak\ncase 6:E=\"Linux\"\nbreak\ncase 7:E=\"FreeBSD\"\nbreak\ncase 8:E=\"N/A\"\nbreak\ndefault:E=\"unk.system\"}switch(sversion+=\"#\"+E,E>>16&15){case 0:E=\"SB 2.0\"\nbreak\ncase 1:E=\"SB Pro\"\nbreak\ncase 2:E=\"GUS+ch.pan\"\nbreak\ncase 3:E=\"SB compatible\"\nbreak\ncase 4:E=\"SB 16\"\nbreak\ncase 5:E=\"GUS\"\nbreak\ncase 6:E=\"conversion\"\nbreak\ncase 7:E=\"Pro Audio Spectrum\"\nbreak\ncase 8:E=\"Voxware /dev/dsp 8 bit\"\nbreak\ncase 9:E=\"Voxware /dev/dsp 16 bit\"\nbreak\ncase 15:E=\"unk.soundcard\"\nbreak\ndefault:E=\"soundcard N/A\"}for(sversion+=\":\"+E,!X.isVerbose()&&X.Sz()ptn&&(ptn=E)\nfor(ptn++,255!=(lp=X.U8(16))&&lp>ord&&(bad+=\"!badloop\"),smp=sus=0,smps=[],Y=400;Y<2239;Y+=32){if(!isWithin(X.U8(Y),1,79))return\nif(X.U32(Y+24)&&smp++,charStat(X.readBytes(Y+1,19),1).indexOf(\"allasc\")<0&&sus++,3>=1)>>6,bpm&=63,bpm=Z?125-bpm:125+bpm,sOptionT(addEllipsis(smps.filter(funSampleName).join(\" \")),'smp/msg:\"','\"'),sOption(\"ch:\"+ch+\" bpm0:\"+bpm+\" ord:\"+(255!=lp?lp+\"~\":\"\")+ord+\" ptn:\"+ptn+\" smp:\"+smp+\" \"+bits+\"bit sz:\"+outSz(K))),!bDetected&&(function(){if(X.c(\"'PRT'\")&&isWithin(ins=X.U8(64),1,64)&&isWithin(nV=X.U8(3),10,50)&&(!(nV<30)||(ptn=[X.U8(61)])[0]&&(ord=[X.U8(62)])[0]&&!((lp=[X.U8(60)])[0]>ord[0]))&&(k=1,G=90,ptnp=[],k=30<=nV?X.U8(G++):k)){30<=nV&&(ord=[],lp=[],ptn=[])\nvar s,e=[]\nfor(Y=0;YG}})()&&(sName=\"Manfred 'Pink' Linzner's PreTracker module (.PRT)\",bDetected=1,sVersion=nV<25?\"v<0.3\":25==nV?\"v0.3~0.866\":26==nV?\"v0.87~0.92\":isWithin(nV,27,29)?\"v.[0.93~1.5)\":30==nV?\"v1.5+\":\"v.TODO\",X.isVerbose())&&(sOptionT(X.SA(20,20)),1=ord)return\nlp=31&E}break}if(!isWithin(f,-36,36)||100=ptn&&(ptn=c+1)}if(ord){for(q=X.U16(r),smp=q-r>>1,G=r;G>1,G=i;GE&&(tmp[0]=E),tmp[1]<1&&(tmp[1]=E),l=0;l<3;l++,G+=2){if(!isWithin(E=X.U16(G),n,m))return\nd.includes(E)||d.push(E)}}if(d.sort(function(s,e){return s-e}),Util.divu64(d[0]-n,7)==ptn){for(Y=1;Y>12,wtv=4095&cwtv,fmtv=X.U16(42),gvol=X.U8(48),spd=X.U8(49),tmp=X.U8(50),mvol=X.U8(51),uc=X.U8(52),usept=0<(X.U8(53)&&252),r2=X.U16(54),special=X.U16(62),ch=4,Y=0;Y<32;Y++)255!=X.U8(64+Y)&&(ch=Y+1)\nswitch(E=Hex(cwtv),sv=E.substr(1,1)+\".\"+E.substr(2,2).padStart(2,\"0\"),tv){case 520&tv:tracker=\"Akord\"\nbreak\ncase 1:X.c(\"'SCLUB2.0'\",54)?tracker=\"Sound Club 2\":4896!=cwtv||special||15&ord||uc||-81&fl||!usept?4896!=cwtv||special||uc||fl||usept?4896!=cwtv||special||uc||8!=fl||usept?(ss=!0,4896==cwtv?tracker=\"Psi's Scream Tracker 3.20-21\":(tracker=\"Psi's Scream Tracker\",fmttrkstr=!0)):tracker=\"J.Lim's Impulse Tracker < 1.03\":tracker=64==gvol&&48==mvol?\"PlayerPRO\":\"Velvet Studio\":(tracker=mvol?(lswv=\"1.16\",\"ModPlug Tracker/OpenMPT 1.17\"):(lswv=\"1.00.00.A0\",\"ModPlug Tracker 1.0 alpha\"),keepmidims=trknc=!0)\nbreak\ncase 2:fmttrkstr=8211!=cwtv,tracker=fmttrkstr?\"Imago Orpheus\":\"PlayerPRO\",trknc=!0\nbreak\ncase 3:tracker=13088==cwtv?\"Impulse Tracker 1.03\":532>8)+\".\"+(255&wtv).toString(16).padStart(2,\"0\"),trknc=!0\nbreak\ncase 4:var s,e\ntracker=16640==cwtv?\"BeRoTracker\":(isSchism=!0,(s=(e=734016+(wtv<4095?wtv-80:r2))-(365*(t=Util.div64(1e4*e+14780,3652425))+Util.div64(t,4)-Util.div64(t,100)+Util.div64(t,400)))<0&&(s=e-(365*--t+Util.div64(t,4)-Util.div64(t,100)+Util.div64(t,400))),e=Util.div64(100*s+52,3060),\"Schism Tracker \"+(t+Util.div64(e+2,12)).padStart(4,\"0\")+\"-\"+((e+2)%12+1).padStart(2,\"0\")+\"-\"+(s-Util.div64(306*e+5,10)+1).padStart(2,\"0\")),trknc=!0\nbreak\ncase 5:cwtv>>8==87?(tracker=\"NESMusa\",fmttrkstr=!0):r2||16!=uc||1==X.U8(65)?tracker=21575!=cwtv?(19464192<=(v=wtv<<16)&&(v|=r2),\"OpenMPT \"+(lswv=(t=v.toString(16).toUpperCase().padStart(7,\"0\")).slice(0,1)+\".\"+t.slice(1,3)+\".\"+t.slice(3,5)+\".\"+t.slice(5,7))):\"Dumbo's Graoumf Tracker\":(tracker=\"Liquid Tracker\",fmttrkstr=!0)\nbreak\ncase 6:tracker=\"BeRoTracker\"\nbreak\ncase 7:tracker=\"BeRo's CreamTracker\"\nbreak\ndefault:51712==cwtv&&(tracker=\"Camoto\")}var t\nif(!(2<=sus)){for(fmttrkstr&&(tracker+=\" \"+sv),charset=\"\"!=lswv?\"CP1252\":\"CP437\",G=96+ord+2*smp,max=K=0,Y=0;Ymax&&(max=r,K=max+X.U16(r))}if(K%16&&(K+=16-K%16),usept){var i=!1\nfor(G+=2*ptn,Y=0;YX.Sz()?bad=bad.addIfNone(\"!short\"):(P=X.U8(si),A=X.U32(si+16),\"\"!=(E=X.SC(si+48,28,charset).trim())&&smps.push(E),P<2&&(A&&(anysmp=!0,I=X.U8(31),anyADPCM||4!=X.U8(si+20)||6&I||(anyADPCM=!0)),gus|=X.U16(si+40)),1===X.U8(si)&&(sofs=X.U16(si+14)<<4)>max&&(4&I&&(A*=2),max=sofs,Kseqr)return\nY|=1\nbreak\ncase\"PATT\":Y|=16\nbreak\ncase\"MACR\":Y|=256,mcr=X.U8(G+8)\nbreak\ndefault:if(Y<17)return\neof=1}return K=G,1}})()&&(sName=\"Tero 'kometbomb' Lindeman's ProtoTracker module (.SONG)\",bDetected=1,sVersion=sVersion=\"v\"+v,X.isVerbose())&&(sOption(F),sOption(\"trk:\"+trk+(fxc?\" fx:\"+fxc:\"\")+(mcr?\" mcr:\"+mcr:\"\")+\" sz:\"+outSz(K))),!bDetected&&(function(){if(X.c(\"'+SNT'\")){for(Y=smp=0,G=4;Y<32;Y++){if(7>=1)f&U&&G++}var i\nfor(Y=0;Y>=1)f&U&&(G+=4)}return 1}}function n(){switch(X.U8(G++)){case 1:if(1X.Sz()||1&G||(songp=G+8,!X.c(\"'mdt'\",G))||((G+=X.I32(G+4,_BE))>X.Sz()||1&G)||!X.c(\"'msm'\",G)||(G+=X.I32(G+4,_BE))>2,songsz=songp-8,k=X.I16(songp+4,_BE)-X.I16(songp+2,_BE)>>2,G=X.I16(songp,_BE),ord=X.I16(songp+6,_BE)-G-X.I32(songp+G+12,_BE),!1)||(sName=\"Anders 'Zonix' 0land's Music & Player module (.HOT)\",bDetected=1,sVersion=\"v\"+X.SA(3,1),X.isVerbose()&&(1ord))&&trk&&ptn&&isWithin(ins,1,256)&&spd0&&tmp0){if(titlesz=X.U16(G,_LE),titlep=G+2,G+=2+titlesz,s<258?(origssz=X.U16(G,_LE),origsp=G+2,G=p1=G+2+origssz,G=origsp+origssz):origssz=0,cmtsz=X.U16(G,_LE),cmtp=G+2,G+=2+cmtsz,6<=s&&(G=(G+=256<=s?2*ord:ord)+3*ch),smps=[],inss=[],smpsz=0,6<=s){for(Y=0;YX.Sz())){for(k=1,seqtest=X.fSig(seqp+18+9,TOEOF,\"0000000000 FFFF\")-seqp;32X.Sz())return\nif(!X.c(\"FFFF\",G-2)&&1<++once)return\nif(Gn)return}isFLT8=r&&8==chn\nwowsmpsz\nif((maybeWOW=restartpos?!1:maybeWOW)||(wowsmpsz=0),2<=i&&(tracker+=\"/Audio Sculpture\"),ord=X.U8(950)){if(ol=X.readBytes(952,128),128=ptn&&(ptn=m+1,Y=iptn&&(iptn=ptn+1)}var s=-2&X.Sz(),f=(wowsmpsz&&wowsmpsz+t+8*ptn*256==s?h(t+4*ptn*256)<16&&(chn=8):ptn!=optn&&64ptn&&t+a+iptn*chn*256==s&&(ptn=iptn),maybeWOW&&8===chn&&(tracker=\"Mod's Grave\",isGenericMCh=!0),(restartpos>=ord||120==restartpos&&4===chn)&&(restartpos=0),!0)\nleftPan=extPan=maxPan=0\nif(!isNoiseTracker){for(isNoiseTracker=isMdKd&&!hasEmptySmpwVol&&!hasLongSmp,G=t,m=0;mmaxPan&&(maxPan=b),b<128?leftPan=!0:143=ord&&(tracker=\"Sami 'Psi/Future Crew' Tammilehto's Scream Tracker\"),!((K=t+ptn*chn*256)>X.Sz())){G=20,smp=0,songsz=K,ib=0,smps=[]\nfor(var U=0;G<950;G+=30)isHMNT||(E=X.readBytes(G,22,!0),(E=decEncoding(E,CPAmiga).trim()).length&&smps.push(E)),(a=2*X.U16(G+22,_BE))&&smp++,X.c(\"'ADPCM'\",K)&&(U++,a=5+(a+1>>1)+16),K+=a\nif(X.c(\"8BBEB4BA 8BADBEBC B4BAAD\",K)){for(var u=[];K=ord)){G=22\nvar s=ib=0\nsmp=synwf=0,smps=[]\nfor(var e=0;e<31;G+=30,++e)if(X.U8(G)){\"\"!=(E=X.SC(G,20,\"IBM850\").trim())&&\"\u0001\"!=E&&smps.push(E)\nvar t=2*X.U16(G+22,_BE)\nif(s+=t,240&X.U8(G+24)&&ib++,64t&&ib++,40=synwf&&(synwf=t+1)}for(ptn=0,G=958,ord=X.U8(956),e=0;eptn)return\nreturn K=1468+64*ptn*4+smpsz,1}})()&&(sName=tracker+\" module (.ST26,.ICE)\",sVersion=\"v2.6\",bDetected=1,X.isVerbose())&&(sOptionT(decAnsi(0,20,CPAmiga)),sOptionT(addEllipsis(smps.join(\" \"),128),'smps/msg:\"','\"'),sOption(\"ord:\"+ord+\" ptn:\"+ptn+\" smp:\"+smp+\" sz:\"+K)),!bDetected&&(function(){if(X.c(\"'MVM'00\")&&X.U8(4)&&X.U8(5)&&!(1e4mach||n>mach||i==n)return\nt=t.filter(function(){return t.indexOf(i)<0&&t.indexOf(n)<0})}return t.length?void 0:1}})()&&(sName=\"Gargaj/Conspiracy's MVX Module (.MVM)\",bDetected=1,X.isVerbose())&&sOption(\"bpm0:\"+X.U8(4)+\" ticks:\"+X.U8(5)+\" rows:\"+X.U32(6)+\" machines:\"+mach),!bDetected&&(function(){if(/MED[\\x02-\\x04]/.test(X.SA(0,4))){switch(nV=X.U8(3)){case 2:sVersion=\"v1.12\"\nbreak\ncase 3:sVersion=\"v2.00\"\nbreak\ncase 4:sVersion=\"v2.10+\"}if(k=1,G=K=ptn=ord=trk=midi=syhy=smp=realsmp=0,smps=[],cs=bad=\"\",!(nV<3)){var s=X.U8(4)\nfor(G=5;s;){if(1&s)for(var e=X.U8(G++);e;)smp+=1&e,e>>=1\ns>>=1}for(Y=0;Yptn)return\nfor(extsmp=!(8&X.U8(G+3)),tmp0=X.U16(G,_BE)+\"//\"+X.U16(G+4,_BE),G+=26,Y=0;Y<16;Y++)if(64X.Sz())return\nfunction t(){var s=X.U32(G,_BE)\nG+=4\nfor(var e=0;e<32;e++)2147483648&(s=s<0?-s:s)&&(midi++,G++),s<<=1}for(3===nV&&(t(),t()),Y=0;YX.Sz()&&(bad=\"!short\"),1}})()&&(sName=\"OctaMED module (.MED)\",bDetected=1,\"\"!=bad&&(sVersion+=\"/malformed\"+bad),X.isVerbose())){for(sOptionT(cs);\"\"==smps[smps.length];)delete smps[smps.length]\nsmps.length&&sOption(\"[\"+smps.join(\",\")+\"]\",\"smps:\"),sOption(\"ord:\"+ord+\" ptn:\"+ptn+\" smp:\"+smp+(realsmp!=smp?\"(\"+realsmp+\")\":\"\")+(extsmp?\"(ext.)\":\"\")+(syhy?\" synth+hybrid:\"+syhy:\"\")+(midi?\" midi:\"+midi:\"\")+\" trk:\"+trk+\" tmp0:\"+tmp0+\" mvol:\"+mvol+\" sz:\"+outSz(K))}if(!bDetected&&(function(){if(X.c(\"'MMD'\")&&!((nV=X.U8(3)-48)<0||3X.Sz()||(sec=G=0,(sngp=X.U32(G+8,_BE))<52)||4294966535X.Sz()||(pj=X.U32(pj,_BE))>X.Sz()||(pj=nV<1?X.U8(pj+4):X.U16(pj+4,_BE))>ch&&(ch=pj)\nif(nV<2){if(ord[0]=X.U16(G+2,_BE),256X.Sz())continue\nfor(playseqtp=X.U32(G+4,_BE),nplayseq=X.U16(G+18,_BE),secs=[],l=0;lX.Sz())){k=Y+1\nbreak}sngp=X.U32(expp,_BE)}return 63<(smp=X.U8(G+283))?void 0:1}}})()&&(sName=C,sVersion=sversion,bDetected=1,X.isVerbose())&&(\"\"!=songname&&\"\"!=songname&&sOption(songname),sOptionT(anno),sOptionT(iinfo,\"ins0:\"),1>7,s>>4&7){case 0:spd=\"50Hz\"\nbreak\ncase 1:spd=\"100Hz\"\nbreak\ncase 2:spd=\"150Hz\"\nbreak\ncase 3:spd=\"200Hz\"\nbreak\ndefault:bad++,spd=\"?Hz\"}if(999<(ord=4095&X.U16(6,_BE))&&bad++,(!ord||1024=ord&&bad++:chn=4+(X.U8(8)>>2),!(1X.Sz()&&bad++,1}}})()&&(\"ahx\"===fmt?(sName=\"Abyss' Highest eXperience module (.AHX)\",sVersion=X.U8(3)?\"v2.0+\":\"v1.00~1.27\"):sName=\"Hively Tracker module (.HVL)\",bDetected=1,bad&&(sVersion+=\"/malformed\"+bad),X.isVerbose())){for(\"\"!=F&&sOption(F),sub&&sOption(sub,\"×\"),n=0,G=14+2*sub+8*ord,_=trk*trl,trk0saved||(_+=trl),hp=!1,Y=0;Y<_;Y++)(note=X.U8(G+3*Y)>>2)&&n++,60X.Sz())return\ne=Math.max(e,E),t=Math.min(t,E),ptn.includes(E)||ptn.push(E)}if(!(t%2||2\"+Hex(q))}G+=hksz+align*(1&hksz)}return!(K>2,k=d0/3,a1=G=songp,d5=0;d0--;)for(G=songp+X.U32(a1,_BE),a1+=4;Gd5&&(d5=E)\nfor(K=songp+d5;135!=(E=X.U8(K++)););return 1}}}}}})()&&(sName=\"Rob Hubbard ST module (.RHO)\",sVersion=\"v1.1\",bDetected=1,X.isVerbose())&&(1X.Sz()||(orntp=X.U16(6,_LE))>X.Sz()||64!=X.U16(smptp,_LE)||64!=X.U16(orntp,_LE))){for(ptn=0,Y=0;Y=X.Sz()){if(!X.isHeuristicScan())return\nbad=\"/malformed!short\"}return K=l+2,delay=X.U8(0),loop=X.U8(1),1}}})()&&(sName=\"A.'Andrew Strikes Code' Sendetskii/Power of Sound's ASC/Advanced Sound Master module (.ASC)\",sVersion=\"v1.x-2.x\"+bad,bDetected=1,X.isVerbose())&&(8<(pt=X.fSig(8,128,\"'ASM COMPILATION OF '\")+19)&&(pa=X.fSig(pt+19,32,\"' BY '\"),sOptionT(X.SA(pt,pa-pt)),sOptionT(X.SA(pa+4,20),\"by: \")),sOption(\"ord:\"+ord+\" ptn:\"+ptn+\" delay:\"+delay+\" loop:\"+loop+\" sz:\"+outSz(K))),!bDetected&&(function(){if(!(X.Sz()<8||(ptntp=X.U16(1,_LE),ord=X.U8(7),ptntp-ord!=8&&ptntp-ord!=71)||(smptp=X.U16(3,_LE))>X.Sz()||(orntp=X.U16(5,_LE))>X.Sz()||64!=X.U16(smptp,_LE)||64!=X.U16(orntp,_LE))){for(ptn=0,Y=0;Y=X.Sz()){if(!X.isHeuristicScan())return\nbad=\"/malformed!short\"}return K=l+2,delay=X.U8(0),1}}})()&&(bDetected=1,sVersion=\"v0.x\"+bad,sName=\"Andrei 'Andrew Strikes Code' Sendetskii/Titus's Advanced Sound Master module (.AS0)\",X.isVerbose())&&(7<(pt=X.fSig(7,128,\"'ASM COMPILATION OF '\")+19)&&(pa=X.fSig(pt+19,32,\"' BY '\"),sOptionT(X.SA(pt,pa-pt)),sOptionT(X.SA(pa+4,18),\"by: \")),sOption(\"ord:\"+ord+\" ptn:\"+ptn+\" delay:\"+delay+\" sz:\"+outSz(K))),!bDetected&&(function(){if(!(X.Sz()<296)){G=41\nvar s,e=X.U16(5),t=X.U16(G-2)-e\nfor(Y=0;Y<14;Y++){if((s=X.U16(G)-e)-t<6||(s-t-2)%4||s>X.Sz())return\nG+=2,t=s}for(t=X.U16(G)-e,G+=2,Y=0;Y<15;Y++){if((s=X.U16(G)-e)-t<3||s>X.Sz()||s-t!=2+X.U8(t+1))return\nG+=2,t=s}for(K=s+2+X.U8(s+1),t=X.U16(G)-e,G+=2,Y=1;Y<96;Y++){if((s=X.U16(G)-e)-t<3||s>X.Sz())return\nG+=2,t=s}if(ord=X.U8(G++),!((lp=X.U8(G++))>ord)){for(Y=0;Y>4)+\".\"+(15&X.U8(4)),X.isVerbose())&&(dly=X.U8(0),ptn=X.U8(293),lp=X.U8(294),sOptionT(X.SA(7,32)),sOption(\"ord:\"+(0X.Sz())){for(B=smp=0,Y=0;Y<15;Y++)if(255!=X.U8(32+32*Y)){if(sn=X.readBytes(32+32*Y,24),charStat(sn,CS_ALL).indexOf(\"xsc\")<0)return\nif(slen=X.U16(56+32*Y,_BE)<<1,lp=X.U16(58+32*Y,_BE),lpl=X.U16(58+32*Y,_BE),T=X.U16(62+32*Y,_BE),lpl>slen||lp-1>slen||lpl-1>slen)return\nif(96ptn&&(ptn=G)\nreturn K+=48*ptn,1}}})()&&(bDetected=1,sName=\"Brian Postma's SoundMon module (.BP)\",sVersion=old?\"old\":\"v\"+X.SA(28,1),\"\"!=(bad=X.Sz()B)&&(ord=X.U8(111))&&!(40ptn&&(ptn=pt)}return ptn++,(U=1024*ptn)+204>X.Sz()?void 0:(K=smpdescs+U+204,1)}}})()&&(sName=\"Andreas Fuchs's FuchsTracker module (.FUCHS)\",bDetected=1,X.isVerbose())&&sOption(\"ord:\"+ord+\" ptn:\"+ptn+\" smp:\"+smp+\" sz:\"+outSz(K)),!bDetected&&(function(){if(!(X.Sz()<444)&&X.c(\"000000\",240)){for(smps=[],U=G=l=B=0;U<15;U++,G+=16){if(8388607<(o=X.U32(G,_BE))||1&o)return\nif(65535<(j=X.U16(G+4,_BE)<<1))return\nif(X.U8(G+6))return\nif(64j)return\nif(1&X.U16(G+14,_BE))return\nB+=j,j&&smps.push([o,j])}if(!(B<=4)){for(smps.sort(function(s,e){return s[0]-e[0]}),U=0;Usmps[U+1][0])return\nif(ord=X.U8(243),isWithin(ord,1,100)){for(ptn=0,ords=[],Y=0;Y<100;Y++){if(1023&(G=X.U16(244+2*Y,_BE)))return\nY>=10)>ptn&&63!=G&&(ptn=G)}if(!(64<++ptn||(m=notes=badnotes=badled=0,end=!1,nps=[],(G=444)+1024*ptn>Math.min(X.Sz(),65532)))){for(Y=0;Yord+1)return}if(16ptn&&(ptn=E)\nif(!(ptn<1||(ptnp=G+ofs,(ptn1=oldp=X.U16(ptnp))>X.Sz()))){for(Y=0;GX.Sz())return\nif(Y&&256X.Sz())return\nfor(;G=X.Sz())){for(numofpos=X.U8(1),loop=X.U8(2),j1=65535,Y=l=0;Y<16;Y++){if((Q=X.U16(3+2*Y))>X.Sz())return\nif(lX.Sz())return\nop&&j1>op&&(j1=op)}if(!(j1<103||l<103||65534X.Sz()||l+3*X.U8(l)+2!=j1)){for(Y=l=0;Y<16;Y++){if((op=X.U16(35+2*Y,_LE))>X.Sz())return\nlX.Sz()+1)){for(l=99;l<=ptntp&&X.U8(l)<255;)l++\nreturn l+1==ptntp?(ord=l-99,!(loop>ord)):void 0}}}})()&&(sName=\"Golden Disk ProTracker module (.PT1)\",sVersion=\"v1.x/compiled\",bDetected=1,X.isVerbose())&&(sOptionT(X.SA(69,30)),sOption(\"tempo:\"+tempo+\" ord:\"+ord+\" len:\"+len)),!bDetected&&(function(){if(!(X.Sz()<132)&&(tmp=X.U8(0),isWithin(tmp,2,15))){var s=X.Sz()+512*X.isHeuristicScan()\nif(ord=X.U8(1),lp=X.U8(2),!(!ord||lp>ord||131+ord>s-2)&&(smp0=X.U16(3),!((orn0=X.U16(67))-smp0>s+2||orn0mps&&(mps=E),E&&(smp++,!isWithin(E,101,s-2)))return\nfor(mp=0;Y<48;Y++,G+=2)if((E=X.U16(G))>mp&&(mp=E),E&&++orn<=2&&!isWithin(E,Math.max(mps,orn0),s))return\nfor(G=131,ptn=Y=0;Y<=255;Y++,G++){if(G>X.Sz()-2)return\nif(255==(o=X.U8(G)))break\no>ptn&&(ptn=o)}if(ptn++,G++,ord==Y&&ptnp==G){for(rptn=0;G\"),sOption(\"tmp:\"+tmp+\" ord:\"+(lp?lp+\"-\":\"\")+ord+\" ptn:\"+ptn+\" smp:\"+smp+\" orn:\"+orn+\" sz:\"+outSz(K))),!bDetected&&ks(0)&&(sName=\"Golden Disk ProTracker module (.PT3)\",sVersion=sv,bDetected=1,tsmode=5<=nv&&(32!=X.U8(98)||X.c(\"'Vortex Tra'\",K)||X.c(\"'ProTracker 3'\",K)),X.isVerbose()&&(info1=\"tmp0:\"+tmp0+\" ord:\"+(lp?lp+\"-\":\"\")+ord+\" ptn:\"+(rptn!=ptn?rptn+\"/\":\"\")+ptn+\" smp:\"+(rsmp!=smp?smp+\"/\":\"\")+rsmp+\" orn:\"+(rorn!=orn?rorn+\"/\":\"\")+orn+\" notes:\"+notes),sz1=K,ord1=ord,tmp1=tmp0,(tsmode=!tsmode||ks(K)&&ord1==ord&&tmp1==tmp0?tsmode:!1)&&(E=X.fSig(K,512,\"'02TS'\"))>K&&X.SA(E-6,4)===X.SA(E-12,4)&&(sz1==X.U16(E-8,_LE)?(sVersion+=\"[TurboSound:\"+X.SA(E-6,4)+\"]\",K=E+4):7<=nv?sVersion+=\"/TurboSound\":bad=bad.addIfNone(\"badTSver\")),bad.length&&(sVersion=sVersion.appendS(\"malformed\"+bad,\"/\")),X.isVerbose())){switch(X.c(\"'by \",63)&&(sOptionT(decAnsi(30,32,CPSpeccy)),sOptionT(decAnsi(66,32,CPSpeccy),\"by: \")),sOptionT(tracker,\"in: \"),ttn){case 0:sOption(\"tuning 0: 1625000Hz PT3.3\")\nbreak\ncase 1:sOption(\"tuning 1: Sound Tracker\")\nbreak\ncase 2:sOption(\"tuning 2: ASM/PSC 1.75MHz\")\nbreak\ncase 3:sOption(\"tuning 3: RS 1625000Hz\")\nbreak\ncase 4:sOption(\"tuning 4: Ivan Roshchin's Natural Cmaj/Am\")\nbreak\ndefault:sOption(\"tuning \"+ttn+\"/custom\")}sOption((tsmode?\"chip#1: \":\"\")+info1),tsmode&&sOption(\"chip#2: ptn:\"+(rptn!=ptn?rptn+\"/\":\"\")+ptn+\" smp:\"+(rsmp!=smp?smp+\"/\":\"\")+rsmp+\" orn:\"+(rorn!=orn?rorn+\"/\":\"\")+orn+\" notes:\"+notes),sOption(outSz(K),\"sz:\")}if(bDetected||!Fs(1)&&!Fs(0)||(sName=\"Viktor 'KVA' Kuźmin's Pro Sound Creator module (.PSC)\",sVersion=sv+\"/compiled\",bDetected=1,X.isVerbose()&&(ftitle&&sOptionT(decAnsi(25,20,CPSpeccy,!1,Chars0to1FSpeccy)),fby&&sOptionT(decAnsi(49,20,CPSpeccy,!1,Chars0to1FSpeccy),\"by: \"),sOption(\"ord:\"+(0=X.Sz()||X.U16(146)<=X.U16(82))){for(G=212,ptn=0;G<468&&Gord)){var e=X.U16(ptnp)-(6*ptn+ptnp+2)\nif(!(e<0||X.U16(82)-e>=X.Sz()||ptnp>=X.U16(82)-e||X.U16(146)-e>=X.Sz())){var t=65535,r=0,i=0\nfor(G=82;G<146;G+=2)i=Math.max(i,X.U16(G))\nfor(;G<212;G+=2)t=Math.min(t,X.U16(G)),r=Math.max(r,X.U16(G))\nreturn i-e>=Math.min(65534,X.Sz())||s<=t-e||s<=r-e||i<=ptnp||i+3+5*(X.U8(i-e+2)+1)!=t?void 0:!((K=i+3+2*(X.U8(i-e+2)+1)-e)ord)&&ord){var t=X.U16(3,_LE)\nif(isWithin(t,e+2+2*ord,s)){var r=X.U16(5,_LE)\nif(isWithin(r,10,s)){var i=X.U16(7,_LE)\nif(isWithin(i,10,s)&&!((K=i+30)>X.Sz())){var n=[],a=[]\nfor(Y=0;Y=K))&&(Y=postp-membase,b=X.U8(Y))){for(ord=0,ptn=0;b;){if(K<=Y+7)return\nord++,ptn<(E=127&b)&&(ptn=E),Y+=2,b=X.U8(Y),ptn<(E=127&b)&&(ptn=E),Y+=2,b=X.U8(Y),ptn<(E=127&b)&&(ptn=E),Y+=3,b=X.U8(Y)}if(ptn++,(G=X.U16(smptp-membase+2))-ptntp==2*ptn&&(G=12,(len=Y+7)==K)){for(E=X.U16(12),Y=1;Y<=orntp-smptp>>1;Y++){if(G+=2,(j3=X.U16(G))-E!=98&&(1337!=K||10!=ord||11!=ptn))return\nE=j3}for(Y=1;Y<=ptntp-orntp>>1;Y++){if(G+=2,(j3=X.U16(G))-E!=34)return\nE=j3}return 1}}})()&&(sName=\"Jiří 'George' Koudelka's Scalex Qjeta Tracker module (.SQT)\",sVersion=\"compiled\",bDetected=1,sOption(\"ord:\"+ord+\" ptn:\"+ptn+\" sz:\"+outSz(K))),!bDetected&&X.isDeepScan()&&(function(){if(!(X.Sz()<6||0==(tempo=X.U8(0))||32X.Sz()||(orntp=X.U16(3,_LE))<126||orntp>X.Sz()||(ptntp=X.U16(5,_LE))<126||ptntp>X.Sz()||(ord=X.U8(postp)+1,0==(j2=ptntp-orntp)))){if(fID=!1,0X.Sz())){for(;l;){if(l--,0X.Sz()||X.U8(j1-1)<255)){for(bad=0;;){if(131<=X.U8(j1)<=142&&j1++,65535<++j1)return\nif(j1>X.Sz()){if(X.isHeuristicScan()){bad=1\nbreak}return}if(255==X.U8(j1)||j1==X.Sz())break}return len=255==X.U8(j1)?j1+1:X.Sz(),fID&&\"SOUND TRACKER COMPILATION OF \"!=X.SA(ptntp-55,29)&&\"KSA SOFTWARE COMPILATION OF \"!=X.SA(ptntp-55,28)?void 0:1}}}})()&&(sName=\"Jarosław 'BZYK' Burczyński's Sound Tracker module (.STC,.ZXS)\",sVersion=\"v1.x\",bDetected=1,bad&&(sVersion+=\"/malformed\"+bad),K=X.U16(25,_LE),i_d=X.SA(7,18),r=0<=[\"SONG BY ST COMPILE\",\"SONG BY MB COMPILE\",\"SONG BY ST-COMPILE\",\"SOUND TRACKER v1.1\",\"S.T.FULL EDITION \",\"SOUND TRACKER v1.3\"].indexOf(i_d)?\"\":i_d,K!=X.Sz()&&(K=len,X.isVerbose()&&sOption(\"ord:\"+ord+\" ptn:\"+ptn),32<=(255&K)<=127)&&(r+=String.fromCharCode(255&K),32<=K>>8<=127)&&(r+=String.fromCharCode(K>>8)),X.isVerbose())&&(sOptionT(r,\"msg: \"),sOption(\"ord:\"+ord+\" ptn:\"+ptn+\" sz:\"+outSz(K))),!bDetected&&X.isDeepScan()&&ss()&&(sName=\"S.T. Music's Recompiler v2 rebuilt STC module (.ST3)\",sVersion=\"v3.0\",bDetected=1,bad&&!X.isVerbose()&&(sVersion+=\"/malformed\"+bad),X.isVerbose())&&(fID&&(sOptionT(decAnsi(9,55,CPSpeccy,!1,Chars0to1FSpeccy)),X.c(\"'KSA SOFTWARE COMPILATION OF '\",9)||sOption(X.SA(9,28),\"in: \")),sOption(\"ord:\"+ord+\" ptn:\"+ptn+\" smp:\"+smp+\" delay:\"+X.U8(0)+\" @\"+Hex(base)+\" sz:\"+outSz(K))),!bDetected&&X.isDeepScan()&&(function(){if(!((a0=X.fSig(0,65535,\"41FA.... ....FFD4 43FA.... 228841FA ....D1E8 FFD843FA\"))<0||1&a0||a0>X.Sz())&&(bad=\"\",G=X.U16(a0+2,_BE),!((msgp=a0+G+2)X.Sz()))&&!((playp=X.fSig(a0+16,a0+msgp-6,\"4E7548E7FFFE\"))<0||1&playp)&&(smpd=X.U16(a0+2+G-2,_BE),ordp=X.U16(a0+2+G-6,_BE),ptnp=X.U16(a0+2+G-10,_BE),smpd)&&ordp&&ptnp&&!(a0+2+G+smpd>X.Sz()||a0+2+G+ordp>X.Sz()||smpd<=ordp&&1!=smpd)){if(ptn=ordp-ptnp>>6,ord=0,smps=[],1==smpd){if(ord++,(pt=a0+2+G+ordp)+4>X.Sz())return K=pt,1\nfor(pt+=4,E=1,K=ordp-ptnp;EX.Sz()||!E)return 1\nK+=4}K-=4,ord--}else{if(ord=smpd-ordp>>2,smpd+=a0+2+G,sdsz=X.U16(smpd+2,_BE),smp=sdsz>>5,smpd+sdsz>X.Sz()||sdsz%32)return\nif(!sdsz)for(;;sdsz+=32){if(sdsz+36>X.Sz())return\nif(stp=X.U32(smpd+sdsz+4,_BE),U=X.U32(smpd+sdsz+8,_BE),endp=X.U32(smpd+sdsz+12,_BE),stp>U||U>=endp)break\nsmp++,\"\"!=(E=decAnsi(smpd+sdsz+16,16,CPAmiga).trim())&&smps.push(E)}for(mendp=0,Y=0;Ymendp&&(mendp=endp),\"\"!=(E=decAnsi(smpd+32*Y+16,16,CPAmiga))&&smps.push();(K=smpd+sdsz+4+mendp)>X.Sz()&&(bad=bad.addIfNone(\"!short\"))}return 1}})()&&(sName=\"SIDMon module (.SID1,.SMN,.SID)\",sVersion=\"v1\",bDetected=1,\"\"!=bad&&(sVersion=sVersion.appendS(\"malformed\"+bad,\"/\")),X.isVerbose())&&(\"SID-MON BY R.v.VLIET (c) 1988\"!=(E=decAnsi(msgp,256,CPAmiga).trim())&&sOptionT(E),sOptionT(addEllipsis(smps.join(\",\"),200),\"smps:\"),sOption(\"ord:\"+ord+\" ptn:\"+ptn+\" smp:\"+smp+\" sz:\"+outSz(K))),!bDetected&&(function(){if(!(X.Sz()<90)&&X.c(\"'SIDMON II - THE MIDI VERSION'\",58)&&(ord=X.U8(2)+1,spd0=X.U8(3),smp=X.U16(4,_BE),ofs=58+X.U32(6,_BE),songlenlen=X.U32(10,_BE),90==(ofs+=songlenlen))){for(G=14,Y=0;Y<10;Y++){if(1048575<(E=X.U32(G,_BE))||!E)return\nswitch(Y){case 0:var s=[ofs,E]\nbreak\ncase 1:if(E!=s[1])return\nvar e=[ofs,E]\nbreak\ncase 2:if(E!=e[1])return\nbreak\ncase 3:if(E%32)return\nbreak\ncase 7:if(E!=smp)return\nvar t=[ofs,E]\nbreak\ncase 8:trk=E>>1\nbreak\ncase 9:var r=[ofs,E]}if(G+=4,(ofs+=E)>X.Sz())return}for(1&(ofs=r[0]+r[1])&&ofs++,smpsz=0,smps=[],G=t[0];G>=6,1}})()&&(sName=\"SIDMon II module (.SID2)\",bDetected=1,X.isVerbose())&&(sOptionT(X.SA(7,32)),sOptionT(X.SA(39,32),\"in: \"),sOptionT(addEllipsis(smps.join(\",\"),256),'smp/msg:\"','\"'),sOption(\"trk:\"+trk+\" ord:\"+ord+\" smp:\"+smp+\" sz:\"+outSz(K))),!bDetected&&(function(){if(!(X.Sz()<17||31<(smp=X.U16(0,_BE))||(ordp=X.U32(2,_BE))<8*smp+2||128<(ptndp=X.U32(6,_BE))-ordp||255!=X.U8(ptndp-1)||65535<(smpdp=X.U32(10,_BE))||ptndp<=ordp+1||smpdp<=ordp||ordp>X.Sz()||ptndp>X.Sz())){for(l=B=0;lA)return\nif((lsz=X.U16(8*l+20,_BE)<<1)>A+2||lst+lsz>A+2||lst&&lsz<=2)return\nif((lst||2=ptn&&(ptn=E+1)}return K=B+smpdp,1}}})()&&(sName=\"Digital Illusions Creative Entertainment packed module (.DI)\",bDetected=1,K>X.Sz()&&!X.isVerbose()&&(sVersion=\"malformed!short\"),X.isVerbose())&&sOption(\"ord:\"+(ptndp-ordp-1)+\" ptn:\"+ptn+\" smp:\"+smp+\" sz:\"+outSz(K)),!bDetected&&(function(){if(X.c(\"'IM10'\",60)&&!(256X.Sz())){for(inss=[],smps=[],smp=Y=0;Y>1,rho=rhy=0\nvar r=oldrhy=0,i=16777215\nif(0=rhy&&E<128&&(rhy=E+1),rho++\nif(0X.Sz())&&(bad=bad.addIfNone(\"!extrapOOB\"+Hex(extra)))\nelse bad=bad.addIfNone(\"!\"+Hex(extra)+\" out of \"+Hex(extrap-1))\nreturn 1}function n(s,e){return 13*ch?void 0:(bad=sus?\"suspicious\"+sus:\"\",1)}})()&&(sName=\"Packen/ぱっくん Software MUAP98/みゅあっぷ Object chiptune (.O,.OX+TONES.DTA)\",bDetected=1,bad.length&&(sVersion=bad),X.isVerbose())&&(sOptionT(r),sOption(\"ch:\"+ch+(X.isDeepScan()?\" notes:\"+notes+\" sz:\"+outSz(K):\"\"))),!bDetected&&X.isDeepScan()&&(function(){if(X.c(\"6000.... 6000.... 6000.... 6000.... 6000.... 41FA.... ........ 4E7541FA\")){for(a2=64,d4=8;9240!=X.U16(a2,_BE)&&(a2+=2,--d4););if(d4){for(smp=d3=X.U8(a2-1)+1,a2=54,d4=5;16890!=X.U16(a2,_BE)&&(a2+=2,--d4););if(d4){a2+=2,a4=a2,d4=a2+X.U16(a2,_BE)+2,53756==X.U16(a4+2,_BE)&&(d4+=64),a3=d4-2,d5=0,a2=a3\ndo{if(65536<(d1=X.U32(a3,_BE)))return}while(d1+=6,d5+=d1,a3+=d1,--d3)\nif(20081==X.U16(a3,_BE)){a3=0,a0=130+a3,d0=10\ndo{if(16875==X.U16(a0,_BE)){a0+=2\nbreak}}while(a0+=2,--d0)\nif(d0){for(d1=0,d2=X.U16(a0,_BE),a3+=d2;a3+=18,d1++,X.U16(a3,_BE););d2=a2-a3\ndo{if(132!=(b=X.U8(a3))&&133!=b){if(a3++,--d2<0)break}else d0++,a3++,d2--}while(0<=d2)\nreturn songsz=d4,K=d4+d5,steps=d0,k=d1,1}}}}}})()&&(sName=\"Rob Hubbard's module (.RH)\",sVersion=\"v1.4\",bDetected=1,X.isVerbose())&&(1=ord&&(bad=bad.addIfNone(\"!badloop\")),!(charStat(X.readBytes(0,12),1).indexOf(\"allxsc\")<0))){for(G=80,Y=mp=0;Ymp&&(mp=pt)}if(!(Y=X.Sz()))){for(Y=0;Ymsmpp&&(msmpp=smpp,mssz=A),smp++}for(Y=0;YX.Sz()?(K=-1,bad=bad.addIfNone(\"!short\")):K=Math.max(msmpp+mssz,G),1):void 0}}}function e(s){for(var e=!0;G+4X.Sz())return}while([17914,17401,16889].indexOf(E>>16)<0)\nfor(initp=G-2,a0+=284,d1=0;d1<128;d1++){if(X.c(\"7F7F7F7F\",a0)||X.c(\"FFFF\",a0))return\na0+=2}k=IntAddress=0,Twin=!1\ndo{if(E=X.U16(G,_BE),(G+=2)>X.Sz())return}while([28672,29184].indexOf(E)<0)\nif(28672===E)k=1\nelse{for(;!k&&G>3):X.c(\"43EA\",G)?(E=X.I16(G+2,_BE),k=X.I16(E,_BE)-E>>3):G+=2}if(!k||G>=X.Sz())return}return 1})()&&(sName=\"Sean Conran module (.SCR)\",sVersion=\"v1.2\",bDetected=1,Twin&&(sVersion+=\"/Megatwins\"),X.isVerbose())&&1X.Sz())&&(a0=a1=a3=d1+2,!((d1=X.I16(6,_BE))<=0||1&d1||d1>X.Sz()))&&!((d1=X.I16(12,_BE))<=0||1&d1||d1>X.Sz())&&X.c(\"3F006100\",a1)&&X.c(\"3D7C\",a1+6)&&X.c(\"41FA\",a1+12)){for(d0=127;d0;){if(X.c(\"D040D040 D04041FA\",a0)){a0+=8,a1=a0+X.I16(a0,_BE)\nbreak}if(a0+=2,!--d0||a0>X.Sz())return}k=0\ns:for(;;){for(d2=4;d2;){if(d0=64512&X.U16(a1,_BE),(a1+=2)>X.Sz())return\nif(d0){k--\nbreak s}d2--}k++}for(k++,d5=d6=0,d0=128;d0;){if(E=X.U16(a0,_BE),(a0+=2)>X.Sz())return\nif(16890===E)break\nd0--}if(d0){for(smpi1=a0+X.U16(a0,_BE),a0=12+X.I16(12,_BE),d0=128;d0&&(d0--,!X.c(\"D040D040 41FA\",a0));)if((a0+=2)>X.Sz())return\nfor((!d0||(a0+=6,1&(d0=X.I16(a0,_BE)))||(a0+=d0,X.I16(a0,_BE)))&&(a0=0),smpi2=a0,a0=smpi1;;){if(d0=X.U32(a0,_BE),(a0+=4)>X.Sz())return\nif(!d0)break\nif(d0>>16){a0-=4\nbreak}}if(a0-=8,smp1=a0-smpi1>>2,d0=smpi2){for(a0=d0;;){if(d0=X.U32(a0,_BE),(a0+=4)>X.Sz())return\nif(!d0)break\nif(d0>>16){a0+=4\nbreak}}a0-=8,smp2=a0-smpi2>>2}else smp2=0\nd3=smp1,a2=smpi1+X.I32(smpi1,_BE),d1=X.I32(a2,_BE),d2=X.U16(a2+8,_BE),Y=d4=0\ndo{if(++Y===smp1)break\nif((a2=smpi1+X.I32(smpi1+(Y<<2),_BE))<20||a2>X.Sz())return\nif(d4=X.I32(a2,_BE),!(d1>d4)){if(d1!=d4)d6=d4!=X.I32(a2+4,_BE)?X.U16(a2+10,_BE):0,d5=X.U16(a2+8,_BE)\nelse if(d5=X.U16(a2+8,_BE),d2>d5)continue\nd1=d4,d2=d5}}while(YX.Sz())return\nif(d4=X.I32(a2,_BE),!(d1>d4)){if(d1!=d4)d6=d4!=X.I32(a2+4,_BE)?X.U16(a2+10,_BE):0,d5=X.U16(a2+8,_BE)\nelse if(d5=X.U16(a2+8,_BE),d2>d5)continue\nd1=d4,d2=d5}}while(YX.Sz()){if(!X.isHeuristicScan())return\nbad=!0}return 47===X.U8(s)?(K=s+1,songsz=K-smpsz):(K=s,bad=!0),1}})()&&(sName=\"Andrew Parton's module (.BYE)\",sVersion=\"v1.2\",bDetected=1,bad&&(sVersion+=\"/malformed\"),X.isVerbose())&&sOption(\"smp:\"+smp+\" songsz:\"+songsz+\" smpsz:\"+smpsz+\" sz:\"+outSz(K)),!bDetected&&X.isDeepScan()&&(function(){for(Y=G=0;Y<4;Y++){if(!X.c(\"6000\",G))return\nif(G+=2,(d2=X.I16(G,_BE))<=0||1&d2)return\nG+=2}if(X.c(\"6000\",G)){if(G+=2,(d2=X.I16(G,_BE))<=0||1&d2)return\nif(G+=2,!X.c(\"6000\",G))return\nif(G+=2,(d2=X.I16(G,_BE))<=0||1&d2)return\nif(G+=d2,!X.c(\"48E7FFFE 6100\",G))return\nif(G=(G+=6)+X.I16(G,_BE),!X.c(\"4DF9 00DFF000\",G))return\nsV=\"new\"}else{if(!X.c(\"303C0000 662233C0\",G))return\nsV=\"old\"}if(\"new\"===sV){for(a2=special=28,a0=X.I16(2,_BE),F=X.SA(special,X.fStr(special,a0-a2,\" \")-a2).trim();E=X.U16(a0,_BE),a0+=2,17914!=E||a0>X.Sz(););if(a2=a0,(a0+=X.I16(a0,_BE))>X.Sz()-2){if(!X.isHeuristicScan())return\nbad=!0}d0=X.I16(a0,_BE),k=d0>>2,a0+=d0+X.I16(a0-2,_BE)\ndo{if(a0>X.Sz()-2){if(!X.isHeuristicScan())return\nbad=!0}}while(E=X.I16(a0,_BE),a0+=2,1010!=E)\nK=a0,a='title: \"'+F+'\" sz:'+outSz(K)}else{for(special=0,a2=16,a0=2,a0+=X.U16(a0,_BE);E=X.I16(a0,_BE),a0+=2,6512!=E||a0>X.Sz(););for(a1=a0-4,a1+=X.I16(a1,_BE);E=X.I16(a0,_BE),a0+=2,16890!=E||a0>X.Sz(););for(a0+=X.I16(a0,_BE),k=a1-a0>>4;E=X.U16(a2,_BE),a2+=2,49916!=E||a0>X.Sz(););for(a2+=4,smpip=a2+X.U16(a2,_BE);E=X.U16(a2,_BE),a2+=2,18426!=E||a0>X.Sz(););for(a0=a2,a2+=X.U16(a2,_BE),songsz=a2;E=X.U16(a0,_BE),a0+=2,18938!=E||a0>X.Sz(););for(;E=X.U16(a0,_BE),a0+=2,18938!=E||a0>X.Sz(););for(a0+=X.U16(a0,_BE),smp=(a0-smpip)/44,d1=0,a1=smpip,a3=21747;0<=(d2=X.I32(a1+32,_BE))&&d1<=d2&&(d1=d2,a3=a1),a1+=44,a0>a1;);d0=X.U16(a3+40,_BE),d1+=d0+d0,smpsz=d1,K=songsz+smpsz,a=\"smp:\"+smp+\" songsz:\"+Hex(songsz)+\" smpsz:\"+Hex(smpsz)+\" sz:\"+outSz(K)}return 1})()&&(sName=\"Ashley Hogg's module (.ASH)\",sVersion=sV,bDetected=1,bad&&(sVersion+=\"/malformed\"),X.isVerbose())&&(1X.Sz()){if(X.isHeuristicScan()){bad=!0\nbreak}return}}while(!X.c(\"102F00\",K+G-3))\nreturn K+=G,ord=Math.floor((K-G)/100),1}})()&&(sName=\"Cinemaware module (.CIN)\",bDetected=1,bad&&(sVersion=\"malformed\"),X.isVerbose())&&sOption(\"ord:\"+ord+\" sz:\"+outSz(K)+\" (sans ext.samples)\"),!bDetected&&(function(){if(!(X.Sz()<3e3)){if(X.c(\"6000.... 6000\")||X.c(\"4EF9.... ....4EF9\")||X.c(\"4EB9.... ....4EF9\")){G=8\nfor(var s=!1;X.c(\"42280030 42280031 42280032\",G)&&(s=!0),G+=2,!s&&G<408;);}if(s){if(X.isVerbose()){for(G=q=d0=d5=0,d7=2048,org=0,smpi=0,songst=0,bad=!1;d7&&GX.Sz())return bad=!0,1\nfor(smp=synsmp=0,G=smpi;!X.U32(G+28,_BE);G+=32)a2=X.U32(G,_BE)-org,2===(a24=X.U16(a2+4,_BE))||16===a24?smp++:synsmp++}return 1}}})()&&(sName=\"Ivo Zoer & Ron Klaren's CustomMade module (.CM)\",bDetected=1,X.isVerbose())&&(1>16)){if(fmt=1,X.U32(24,_BE)){for(k=0,G=X.U16(0,_BE);G>=2}else fmt=0,k=X.I16(2,_BE)-8>>5\nfor(bad=\"\",K=0,a1=d2;a1d2?E:d2)>K&&(K=d2),a2+=6\nreturn K>X.Sz()&&(bad=bad.addIfNone(\"!short\")),a2>=X.Sz()?bad=bad.addIfNone(\"!badsmpinfo\"):K+=254,1}})()&&(sName='Dave \"Uncle Art\" Lowe New module (.DLN)',bDetected=1,sVersion=\"f.\"+fmt,\"\"!=bad&&(sVersion+=\"/malformed\"+bad),X.isVerbose())&&(1>=9:d6=8,ruch=d6,d1=X.I16(a0,_BE),songsz=d2=d1<d2&&(d2=d0,d5=X.U16(a0+d4-2,_BE)),a0X.Sz())return bad=bad.addIfNone(\"!short\"),1\nK=G+=A}for(Y=0;Ysofs+E&&(minpp=sofs+E)\nif(G>X.Sz()){bad=bad.addIfNone(\"!short\")\nbreak}k++}return 1}}}}}}})()&&(sName=\"David Whittaker's module (.DW)\",sVersion=old?\"old\":\"new\",bDetected=1,\"\"!=bad&&(sVersion+=\"/malformed\"+bad),X.isVerbose())&&(1>=2,smp=d1,d1=X.I32(a1-4,_BE)-org,K=d0+d1,smpsz=K-songsz,a1=songpos,a2=a1+len,ptn=0;E=X.U8(a1),ptn>31)return\nif(d1=(t_=d1)+1&4294967294,a1=32+d1,X.c(\"'SNX1'\",a1)){if(a1+=4,(d1=X.U32(a1,_BE))>>31)return\na1+=4,d1=d1+1&4294967294,a1+=d1}else format=\"Electronic Arts' Simple Musical Score\"\ninsinfp=a1,realsmp=[],ins=0\ndo{if(!X.c(\"'INS1'\",a1))return\nif(a1+=4,(d1=X.U32(a1,_BE))>>31)return\nif(a1+=4,63<(d1=d1+1&4294967294)>>24)return\nif(X.U8(a1+1))return}while(realsmp.push(X.U8(a1)),a1+=d1,ins++,!X.c(\"'TRAK'\",a1))\nfor(K=a1,trk=0;KX.Sz())return\nif(-1!=X.I16(d2,_BE)){if(X.I32(d2,_BE)||X.I16(d2+4,_BE))return\nif(E=X.U8(d2+6),!isWithin(E,128,130))return}d1--}0<(K=X.fSig(d2,512,\"FFFF\"))&&(K+=2),fmt=1,ext=\"tiny\"}else{for(d3=20,d1=4;d1;){if((d2=X.I32(a0,_BE))<=0||1&d2)return\na0+=4,d3+=d2,d1--}if(d3>=X.Sz())return\nfor(a0+=4,d1=4;d1;){if(!(32768&(E=X.U16(a0,_BE))))return\nif(65535!=E&&132>16)return\na0+=X.I32(a1,_BE),a1+=4,d1--}if(!X.U8(a0))return\nif(0<(K=X.fSig(a0,512,\"0000\"))){for(;a0X.Sz()&&(bad=bad.addIfNone(\"!short\")),G=i+X.I16(i+6,_BE),ptn=0;Gptn&&(ptn=d1)\nfor(ptn++,X.I16(G,_BE)||(G+=2),X.I16(G,_BE)!=ptn&&(bad=bad.addIfNone(\"!badptn\")),q=a0+32,smp=d1=X.I16(q,_BE),q+=16,d7=0;d1&&qX.Sz())){a2=X.I32(4,_BE),d6=d7=0,d0=X.I16(36,_BE)\ndo{if(a1>X.Sz())return}while(a1=X.I16(a2,_BE),a2+=2,226===X.U8(a1)&&(128&X.U8(a1+1)?d7++:d6++),0<=--d0)\nreturn d7>=d6?void 0:(ptn=X.I16(40,_BE)+1,smp=X.I16(50,_BE),a0=X.I32(24,_BE)+10*smp,smpsz=X.I32(a0-10,_BE)+2*X.I16(a0-6,_BE),K=s+smpsz,k=X.I16(48,_BE),1)}}})()&&(sName=\"Jochen 'Mad Max' Hippel's module (.HIPC)\",sVersion=\"packed\",bDetected=1,X.isVerbose())&&(1X.Sz()||a1>X.Sz())return\nif(128!=d1&&(E=X.I16(a1,_BE),a1+=2,16890===E)&&0<=(d2=X.I16(a1,_BE))&&!(1&d2)&&(a0=a1+d2),X.c(\"'MMME'\",a0)){d0=2\nbreak}if(X.c(\"'TFMX'\",a0)){if(512<=X.I16(a0+4,_BE))d0=0\nelse if(X.I16(a0+16,_BE)){for(d0=X.I16(a0+4,_BE),a1=a0+32,d6=d7=0;226===X.U8(a1)&&(128&X.U8(a1+1)?d6++:d7++),a1+=64,0<=--d0;);d0=d6>d7?2:5}else d0=0\nbreak}if(X.c(\"'COSO'\",a0)){if(!X.I16(a0+48))return\nif(!X.I32(a0+24))return\nif(X.c(\"'TFMX'\",a0+32)){a2=a0+X.I32(a0+4,_BE),d6=d7=0,d0=X.I16(a0+36,_BE)\ndo{if(X.I16(a0+64,_BE)?(a1=a0+X.I16(a2,_BE),a2+=2):(a1=a0+X.I32(a2,_BE),a2+=4),a1>X.Sz())return}while(226===X.U8(a1)&&(128&X.U8(a1+1)?d7++:d6++),0<=--d0)\nd0=d7>=8,G=a1+1,r=[];E&&G>=8,G=a1+1,r=[];E&&GX.Sz())return\nB+=j}return 255<(ord=X.U16(6+40*smp,_BE))?void 0:(ptns=6+40*smp+2,!(255<(ptn=X.U16(ptns+6*ord,_BE)))&&(ptn0=X.U32(ptns+2,_BE),ptns+=6*ord,trkdtsz=X.U32(ptns-4,_BE)-ptn0,addlns=4*X.U8(ptns-5)*8,K=ptns+2+2*ptn+B+trkdtsz+addlns,1))}})()&&(sName=\"JamCracker/Pro module (.JAM,.JC)\",bDetected=1,bad=\"\",X.isHeuristicScan()&&(K+19==X.Sz()&&(sVersion=\"v1.0a (Xag)\",X.isVerbose()&&sOptionT(X.SA(K,19)),K+=19),X.c(\"'BeEp'\")||(bad=bad.addIfNone(\"!badsig\"))),\"\"!=(bad=K>X.Sz()?bad.addIfNone(\"!short\"):bad)&&(sVersion=sVersion.appendS(\"malformed\"+bad,\"/\")),X.isVerbose())&&sOption(\"ord:\"+ord+\" ptn:\"+ptn+\" smp:\"+smp+\" sz:\"+outSz(K)),!bDetected&&X.isHeuristicScan()&&(function(){if(2==X.U16(0,_LE)&&X.c(\"00FF01FF02FF03FF04FF05FF06FF07FF08FF09FF0AFFFD00\",54)&&!(!(seqt=X.U16(4,_LE))||seqt<30||seqt>=X.Sz()||!(inst=X.U16(6,_LE))||inst<=seqt||inst>=X.Sz())){for(ins=X.Sz()-inst>>4,mptn=65535,ch=0,trk=[],Y=0;Y<11;Y++)if(G=X.U16(10+2*Y,_LE),trk[Y]=G){if(ch++,G<=seqt||G>=inst)return\nG>1,Y=0;Y<5;Y++)if(trk[Y]){if(G=X.U16(seqt+2*Y,_LE),65023!=X.U16(G-1,_LE))return\nif(G<=seqt||G>=inst)return}return Y=X.U16(2,_LE),tmr=(1193810/(Y||65535)).toFixed(2),1}})()&&(sName=\"Johannes Bjerregaard Adlib module (.JBM)\",bDetected=1,X.isVerbose())&&sOption(\"tmr:\"+tmr+\" ch:\"+ch+\" ptn:\"+ptn+\" ins:\"+ins),!bDetected&&(function(){if(X.c(\"'SONG'\",60)&&660ptn&&(ptn=E)\nptn++,K=ordp+130+1024*ptn+smpsz,31==msmp&&(K+=6),(lp=X.U8(ordp+1))>ord&&(sVersion=sVersion.appendS(\"malformed!badloop\",\"/\")),sOption(\"tmp0:\"+tmp0+\" ord:\"+ord+\" ptn:\"+ptn+\" smp:\"+smp+(lp?\" loop:\"+lp:\"\")+\" sz:\"+outSz(K))}if(!bDetected&&(function(){if(fmt=\"\",smp=smpp=0,K=-1,k=1,X.c(\"6000\")){G=0,d1=3\ndo{if(!X.c(\"6000\",G))return\nif((E=X.I16(G+2,_BE))<=0||E%2)return}while(G+=4,d1--)\nif(G=p0=6+X.I16(6,_BE),X.c(\"4A406B00\",G)){if(!X.c(\"000641FA\",G+4))return\nif(G=(G+=8)+(X.I16(G,_BE)+4),!X.c(\"00017FFF\",G))return\nfmt=\"second\"\nvar s=G=p0+8+X.I16(p0+8,_BE)\nfor(G+=8,k=0,d2=X.I32(G+10,_BE);G=X.Sz())););if(G>X.Sz())return\nif(K=G,G=s,d1=X.U32(G,_BE),(d2=X.U32(G+18,_BE))<=d1)G+=d1\nelse if(d3=d2-X.I32(G+22,_BE),35944==(K=d2+d3+G)&&--k,K>X.Sz())return}else{if(G-=4,X.c(\"C0FC\",G))G+=2\nelse for(Y=0;Y<16&&GX.Sz())return\nfor(mulu=X.I16(G,_BE),q=(G+=800)+900;GX.Sz())return\nfor(fmt=\"old\",G=p0;G=X.Sz())););if(G>X.Sz())return\nfor(K=G,G=10+X.I16(10,_BE);GX.Sz()||!X.c(\"'FORM' 00?????? '8SVXVHDR'\",G))return\nfor(;G=X.Sz())););if(G>X.Sz())return\nK=G,fmt=\"harald\"}else{if(512<(G=X.U16(0,_BE))||G<4||G%2)return\nfor(G+=2,Y=2;Y>=1,1==--k||!X.c(\"0000\",d3-6)&&X.c(\"7F00\",d3-4)||k--,smp0p=X.U16(G,_BE)\nvar t=hi=X.U24(smp0p+15,_BE)\nfor(smp=A=0;GX.Sz())return\nif(smp++,pp=X.U16(G,_BE),t>(sofs=X.U24(pp+15,_BE))&&(t=sofs),hi<=sofs&&(hi=sofs,A=X.I16(pp+18,_BE),X.c(\"'BODY'\",sofs-8)||(sofs=X.U32(pp+20,_BE))>hi&&(hi=sofs,A=2*X.U16(pp+24,_BE))),hi>X.Sz())return\npptrks&&(trks=k_)\nif(1024!=U&&0!=trks&&!(1536+192*trks+192>X.Sz())){for(U=0;U<=trks;U++)for(j=0;j<64;j++)if(36X.Sz())&&(sVersion=\"malformed!short\"),!bDetected&&(function(){if(trk=X.U16(0,_BE),d2=X.U16(2,_BE),d3=X.U16(4,_BE),smp=X.U16(6,_BE),G=8,trk&&!(4>16||!E)return\ntrks.push(E),mpptn&&(ptn=l)}if(ptn++,!((tempo=X.U8(64))<3||30smplm||smpst<49152||smplm<49152)return\nif((smplp<49152||smplp>smplm||smpst>smplp||49152ord&&(ord=Y),ptn.indexOf(o)<0&&ptn.push(o)}if(ord++,ptn=ptn.length,nonz=!1,!((lp=X.U8(1))>ord)){for(smp=opl=smpsz=0,Y=0;Y<32;Y++){if(X.U8(2+13*Y+12)||X.U32(418+16*Y)||X.U8(930+13*Y+12))return\nvar s=X.U32(418+16*Y+4),e=X.U32(418+16*Y+8),t=X.U32(418+16*Y+12)\nif(1048575ptnend&&(ptnend=G+M),i=0;GX.Sz());){for(a1=2;a1<=46&&!(!(E=X.U16(a1,_BE))||1&E||E>X.Sz()||d0<=E);a1+=2);if(a1<48)break\nfmt=3840==(3840&X.U16(E,_BE))?2:1\nbreak}if(!fmt){if(X.I16(0,_BE)||X.I16(128,_BE)||!X.c(\"00000CBE\",132)||!X.c(\"000308BE\",3254)||!X.c(\"000309BE\",3258))return\nfmt=3}if(smpsz=smp=0,k=1,3==fmt){if((K=X.U32(2234,_BE)+2)<2236||K>X.Sz())return\nfor(t0=X.U32(0,_BE),Y=4;Y<128;Y+=4){if(t1=X.U32(Y,_BE),(E=t1-t0)<0)return\nsmpsz+=E,E&&smp++,t0=t1}if(smpsz+=128,7382==K&&19290==smpsz)k=16\nelse for(k=0,a1=1726;d0=X.U32(a1,_BE),a1+=4,65280!=X.U16(d0,_BE)&&(k++,a1>1,Y=X.U16(2,_BE);Y>16),s.push(65535&a2),t(\"33FC0001\"),a2+=4,rel=X.U32(a2,_BE),r(\"41F9\"),s.push(a2>>16),s.push(65535&a2),d1=X.I32(a2,_BE),r(\"B1FC\"),d0=X.U32(a2,_BE),k=d0=d0-d1>>4,r(\"41F9\"),s.push(a2>>16),s.push(65535&a2),r(\"B1FC\"),s.push(a2>>16),s.push(65535&a2),r(\"303C\"),t(\"48E7FFFE ........ 6100\"),s.push(a2>>16),s.push(65535&a2),r(\"41F9\"),s.push(a2>>16),s.push(65535&a2),d2=X.U32(a2,_BE),r(\"B1FC\"),d3=X.U32(a2,_BE),(d3=d4=d3-d2)%24)\nif(d3=Util.divu64(d3,24),e){if(e=(d4+=4)%24,d4=Util.divu64(d4,24),e)return i(\"@d436 error 5\"),0\nif(d3=d4,X.c(\"4654443C\",2008))for(a3=1904,d4=2;0<=d4;d4--)a3-=4,wpU32be(a3+4,rpU32be(a3))}if(s.push(d3>>16),s.push(65535&d3),r(\"4BF9\"),d5=rpU32be(a2)-rel,a2>X.Sz())return i(\"@d464 a2 too high\"),0\nif(X.isDeepScan()){s.push(d5>>16),s.push(65535&d5),s.push(0),a5=20178,s.push(a5>>16),s.push(65535&a5),a3=(s[0]<<16)+s[1]\ns:for(;a3>16!=223&&(wpU32be(a3,a3_-rel),a3+=4)\nbreak\ncase 13305:a3+=2,(a3_=rpU32be(a3))>>16==223||wpU32be(a3,a3_-rel),a3+=4,(a3_=rpU32be(a3))>>16!=223&&(wpU32be(a3,a3_-rel),a3+=4)\nbreak\ndefault:if((a3+=2)>=d5)break s}if(d4=d3,a2=(s[10]<<16)+s[11],a2=rpU32be(a2),a2_=rpU32be(a2)-rel,wpU32be(a2,a2_),d2=a2_,d5=a2_+2*rpU32be(a2+4),a2+=24,a2_=rpU32be(a2),128<(d3-=2))return i(\"@d51a badsmp:\"+Hex(d3)),0\nfor(;0<=d3;)a2_-=rel,wpU32be(a2,a2_),d5<=a2_&&(d5=a2_+2*rpU32be(a2+4)),d2>a2_&&(d2=a2_),a2+=24,a2_=rpU32be(a2),d3--\nif(s.push(a2>>16),s.push(65535&a2),a2=rpU32be((s[4]<<16)+s[5]),a3=(s[6]<<16)+s[7],a3_=rpU32be(a3),d3=Util.divu64(a3_-a2,24),s.push(d3),smp=d3+d4,d4=d3,a2_=rpU32be(a2),128 80h\"),0\nfor(;0a2_&&(d2=a2_),a2+=24,a2_=rpU32be(a2),d4--\nfor(a2>(s[19]<<16)+s[20]&&(s[19]=a2>>16,s[20]=65535&a2),d0<<=2,a2=rpU32be((s[2]<<16)+s[3]),a2_=rpU32be(a2),d3=0;4294967295!=a2_&&d3d3){if(d5>X.Sz())return i(\"@d5ce error 1C\"),0\nfor(a2=d2,a1=(s[19]<<16)+s[20];rpU16be(a1)==d0&&(a1+=6,wpU32be(a1,rpU32be(a1)-rel)),(a1+=2)!=a2&&a1X.Sz())return i(\"@d5ee error 1C\"),0\nfor(a2=d3;a2>16&&(a1+=6,a1_=rpU32be(a1)-rel,wpU32be(a1,a1_),d3K&&(K=a3),a3>X.Sz())return\nif(X.c(\"FF02\",a3+6))k++\nelse{if((E=X.U32(a3+2,_BE))>X.Sz())return\nsmp++,d3+=E,d0X.Sz()||K>X.Sz()?void 0:(smpsz=d3,1)}})()&&(sName=\"Michel Pernot's Silmarils module (.MOK)\",bDetected=1,bad=\"\",33\")),\"\"!=(bad=3232\"):bad)&&(sVersion=sVersion.appendS(\"malformed\"+bad,\"/\")),X.isVerbose())&&(1=ord||1<(looping=X.U8(24))))){for(nV=X.U16(6),G=156,K=-1,bad=\"\",maxptn=maxtrk=64,maxtml=128,ptn=X.U32(G),trk=X.U32(G+4),G+=8,1<=nV&&(maxptn=X.I32(G),maxtrk=X.I32(G+4),maxtml=X.I32(G+8),G+=12),G+=16*maxptn+maxtrk*maxtml,trks=[],Y=0;Y<64;Y++)\"\"!=(E=X.SA(G,64).trim())&&trks.push(E),G+=64\nfor(ptns=[],Y=0;Y<64;Y++)\"\"!=(E=X.SA(G,64).trim())&&ptns.push(E),G+=64\nif(ins=X.U32(G),!((G+=4)>X.Sz())){for(inss=[],totalops=0,Y=0;YX.Sz()&&(bad=bad.addIfNone(\"!short\")),1}}})()&&(sName=\"Buzzic module (.buz2)\",bDetected=1,sVersion=\"v2.\"+nV.padStart(2,\"0\"),X.isVerbose())&&sOption(\"bpm:\"+bpm+\" trk:\"+trk+\" ptn:\"+ptn+\" ins:\"+ins+\" g.vol:\"+Math.round(100*gvol)+\"% ops:\"+totalops+\" sz:\"+outSz(K)),!bDetected&&(function(){if(X.c(\"000200\")&&X.c(\"FF000F\",X.U16(4,_BE)+1)){for(K=X.U16(16,_BE)+2,Y=10,oldp=X.U16(8,_BE);Y<32;Y+=2)if(16!=Y){if((G=X.U16(Y,_BE))<=oldp||G+1>X.Sz())return\nif(!X.c(\"FF\",G+1))return\noldp=G}return 1}})()&&(sName=\"Infogrames (RobHubbard2) module (.DUM&.INS)\",bDetected=1,X.isVerbose())&&sOption(outSz(K),\"sz:\"),!bDetected&&(function(){if(X.c(\"6000\")&&!((d2=X.U16(2,_BE))<=0||d2%2)){for(a1=2,a0=4,Y=0;Y<3;Y++){if(!X.c(\"6000\",a0))return\nif(E=X.U16(a0+2,_BE),a0+=4,E<=0||E%2)return}if(a1+=d2,X.c(\"6000\",a0)){for(Y=0;Y<3;Y++){if(!X.c(\"6000\",a0))return\nif(E=X.U16(a0+2,_BE),a0+=4,E<=0||E%2)return}if(X.c(\"6000\",a0))return}else{if(!X.c(\"6100\",a1))return\na1+=4}return X.c(\"41F9\",a1)?(a1+=6,!!X.c(\"43F9\",a1)):void 0}})()&&(sName=\"M.Cannon & J.Dunn's Special FX module (.JD)\",bDetected=1),!bDetected&&(function(){if(!(X.Sz()<2300)&&(X.c(\"00000000\")||X.c(\"0101\")||X.c(\"00000101\")||X.c(\"6000\"))){for(var s=0,e=140,t=X.Sz()-4;s=X.Sz())){for(;0X.Sz()&&(bad=bad.addIfNone(\"!short\"),a=2),!(a=a||(K=e,n)?a:1))for(;t>=3),0X.Sz()||a0%2||(a0+=X.U16(a0,_BE))%2||!X.c(\"005800B0\",a0+4)||(sName=\"Tronic Delta Packer module (.DP)\",bDetected=1,sOption(\"in:TronicTracker(?)\")),!bDetected&&(function(){if(X.U16(0)&&(smp=X.U8(2))&&!((ord=X.U8(3))<2||!(d2=smpsz=X.U32(4,_BE))||d2%2||d2>X.Sz()||524288d2)return\nif(64X.Sz()||d2!=d0+X.I32(a0-16,_BE)?void 0:(K=a0+smpsz,1)}}})()&&(sName=\"Andrew Bailey & David Hanlon's Digital Sonix & Chrome module (.DSC)\",bDetected=1,X.isVerbose())&&(1mtln&&(mtln=tln),dur>mdur&&(mdur=dur),G+=15,insev+=E=X.U16(G),G+=2+14*E+15,volev+=E=X.U16(G),G+=2+6*E+15,pitev+=E=X.U16(G),G+=2+6*E}return K=G,1}}})()&&(sName=\"Ad Lib's AdLib Visual Composer pianoroll (.ROL)\",bDetected=1,X.isVerbose())&&(\"\\\\roll\\\\default\"!=(_=X.SA(4,40))&&sOption(_),sOption(\"ch:\"+(ch!=voices?ch+\"/\":\"\")+voices+\" rhythm:\"+X.U16(44)+\"/\"+X.U16(46)+\" bpm0:\"+bpm0.toFixed(1)+\" len:\"+mdur+\" notes:\"+notev+\" ins.ev:\"+insev+\" ins.ev:\"+insev+\" vol.ev:\"+volev+\" pitchev:\"+pitev+\" sz:\"+outSz(K))),!bDetected&&(function(){if(!(X.Sz()<428)&&X.c(\"'GYMX'\")){for(Y=4;Y<424;Y++)if(isWithin(X.U8(Y),1,10)||isWithin(X.U8(Y),14,31))return\nreturn(unpsz=X.U32(424))<=2&&parseMDGYM(428,X.isDeepScan()?BCParseToEoF:BCParseToReasonable)<=0?void 0:1}})()&&(sName=\"Sega Genesis/Mega Drive YM2612 chiptune (.GYM)\",bDetected=1,unpsz<=2&&(sVersion=sVersion.append(\"unpacked\")),X.isVerbose())&&(sOptionT(X.SC(4,32,\"CP1252\")),sOptionT(X.SC(36,32,\"CP1252\"),\"for: \"),sOptionT(X.SC(68,32,\"CP1252\"),\"at: \"),sOptionT(X.SC(100,32,\"CP1252\"),\"emu: \"),sOptionT(X.SC(132,32,\"CP1252\"),\"by: \"),sOptionT(X.SC(164,256,\"CP1252\")),2=p1)){var s=G\nfor(E=Math.min(X.Sz(),131072);G=X.Sz()||E<=G)&&(fmt=\"old\",X.c(\"177C0000\",G-8)&&(fmt=\"new\",G-=6),X.c(\"00BFE001\",G-6))){if(G=base,k=1,d0=0,X.c(\"1740\",G+6)||X.c(\"1740\",G+4)){for(;G=songsz)););}else{for(G=base+2;GK||d2%2||1023&(d2-=704)||(ptn=d2>>=10,d2--,G=444,X.U8(G))||(ord=d1=X.I8(G+1))<0)){for(G+=4,d2<<=10,d3=0;d1;G+=2,d1--){if(1023&(E=X.I16(G,_BE)))return\nd3d3;)d4=X.U32(a3,_BE),a3+=d4,d3+=d4,smp++\nif(k=1,nv=0,sv=\"\",X.U32(28,_BE))switch(K){case 95960:k=2\ncase 54544:sv=\"v4.0\"\nbreak\ncase 81906:sv=\"v5.0\"}else switch(K){case 126446:k=3,sv=\"v3.0\"\nbreak\ncase 136612:k=2,sv=\"v3.0\"\nbreak\ncase 154704:k=2\ncase 103808:sv=\"v3.2\"}for(G=64,ptn=0;G<576;G+=2)X.U16(G,_BE)&&ptn++\nreturn 1}})()&&(sName=\"Holger Gehrmann's Soundcontrol module (.SCT)\",sVersion=sv,bDetected=1,X.isVerbose())&&(sOptionT(F),1X.Sz())){for(lastfound=!(k=16),G=19;4<=G;G--){if(15<(E=X.U8(G)))return\n!lastfound&&E&&(k=G-4,lastfound=!0)}for(m=X.U32(20,_BE),G=24;G<276;G+=4){if(2097152<(E=X.U32(G,_BE))||KE&&(m=E)}if(276==m){if(X.isDeepScan()){for(G=276,smp=smpsz=0;G>=2,smpp[d1]=G,d4=X.U16(G+2,_BE)<<1,smpsz+=d4-38,smp++,G+=d4):G+=2}if(!smp||32>4,r=(1&X.U8(G))<<4|X.U8(G+1)>>4\nif(12X.Sz()||E%2)return\nif(E=X.I16(6,_BE)+6,X.c(\"49FA....1940....4E75 43FA.... 49FA.... 41FA.... 45FA\",E)&&X.c(\"'FORM'66\",E+28)&&(E=X.I16(10,_BE)+10,X.c(\"49FA....4CFA00FF\",E))&&X.c(\"103A.... 660C 1940.... 6100... .6000\",E+10)&&X.c(\"2A4C DAD8 22CD 2A4C DAD8 22CD 2A4C DAD8 22CD\",E+52)&&(E=X.I16(14,_BE)+14,X.c(\"70002A7C 00DFF0A8 3A803B40\",E))&&X.c(\"1A801B40 00011B40 00021B40\",E+26)&&(initp=X.I16(2,_BE)+2,X.c(\"43FA....49FA....41FA....45FA\",initp))&&X.c(\"'FORM'66\",initp+18)){for(a0=0,G=initp;G>3,G=a0,smp=0;GX.Sz())){for(a0=0;G>=2,1}}}})()&&(sName=\"Illusions/Microdeal Quartet module (SQT.)\",sVersion=\"PSG synth\",bDetected=1,X.isVerbose())&&(1ped0||lp0>ped0)return\nif(G=16+12*k,!X.c(\"'OVTB'\",G))return\nif(ord=X.I32(G+4,_BE),ped0>ord)return\nif(G+=24+(ord<<4),!X.c(\"'NTBL'\",G-16))return\nif(ntbl=X.I32(G-12,_BE),G+=ntbl<<2,!X.c(\"'INST'\",G-8))return\nfor(ptn=Util.divu64(ntbl,16),ins=X.I32(G-4,_BE),inss=[],Y=0;YX.Sz()||!X.c(\"00000028\",G))return\nif(spd0=X.U16(G+40,_BE),irqps0=X.U16(G+50,_BE),lp0=X.U16(G+48,_BE),!isWithin(spd0,2,16)||!isWithin(irqps0,16,120))return;(1==(k=(X.I32(G+4,_BE)-40)/12)||X.I16(G+60,_BE)<0)&&(k=1)\nvar s=[0]\nfor(Y=0;Y<8;Y++){if(E=X.I32(G,_BE),G+=4,E<=0||E%2||EX.Sz())return\nfor(Y=0;Y>2,d0=X.I32(l+4,_BE),d1=2*X.I16(l+2,_BE)+d0,smp=1;Yd1&&(d1=d4),smp++)\nfor(songsz=d0-s,K=d1-s,Y=0;Y<262144&&!X.c(\"4E75\",Y-2);Y+=2);return specialmsg=\"\",2!=(d1=X.U8(Y-3))&&(specialmsg=X.SC(Y,256,CPAmiga)),1}}}}}}}}})()&&(sName=\"Jeroen 'WAVE' Tel's module (.JT)\",bDetected=1,X.isVerbose())&&(\"\"!=specialmsg&&sOption(specialmsg),1X.Sz())&&X.c(\"FFFFFFFF00000000\",smpp+204)&&212==X.U32(smpp+68,_BE)){for(smp=0,G=smpp+72,Y=0;Y<16&&G=ptn&&o<254)return\nif(o<128&&!(E=X.U8(241+Y)))return\nif(15A)return\nif([1048575,15794175,4294967295].indexOf(slpe)<0&&(slpe>A||slpeord||(ord++,1<(floop=X.U32(36516))))){for(Y=0;YMath.min(X.Sz(),18944))return\nif(1trk)return\nvar e=X.I8(G+130)\nif(e<0&&-e>trk)return\ne=X.U8(G+131)\nif(127trk)return\ne||susv++,t||susv++\ne=X.U8(G+133)\nif(3trk)return\ns=X.I8(G+140)\nif(s<0&&-s>trk)return\nt=X.U8(G+141),e=X.U8(G+142),s=X.U8(G+143)\nif(127trk)return\ne=X.I8(G+145)\nif(e<0&&e>trk)return\ns=X.U8(G+146),t=X.U8(G+147)\nif(1273*ins)){for(Y=18948;Y<20100;Y++)if(127ptn)return 0ord||(ord++,1<(floop=X.U32(37028))))){for(Y=0;YMath.min(X.Sz(),18944))return\nif(1trk)return\nvar e=X.I8(G+130)\nif(e<0&&-e>trk)return\ne=X.U8(G+131)\nif(127trk)return\ne||susv++,t||susv++\ne=X.U8(G+133)\nif(3trk)return\ns=X.I8(G+140)\nif(s<0&&-s>trk)return\nt=X.U8(G+141),e=X.U8(G+142),s=X.U8(G+143)\nif(127trk)return\ne=X.I8(G+145)\nif(e<0&&e>trk)return\ns=X.U8(G+146),t=X.U8(G+147)\nif(127trk||t<0&&-t>trk)return}if(!(susv>3*ins)){for(Y=19460;Y<20612;Y++)if(127ptn)return 0X.Sz()&&(vd=-1,sus++),241!=X.U8(vd-2)&&241!=X.U8(vd-3)&&(vd=-1,sus++),G+=2),X.c(\"0014\",G)||X.c(\"0022\",G)){if(m=Math.min(1048575,X.Sz()-2),crypt)K=X.fSig(ofs+20,m,\"'protected by cryptmdx v1.00 (c)1995 H.Yano'00\")+43,usedch=ch,bpm0=0\nelse{var e=chn=oldchn=X.U16(G,_BE)+ofs\nif(!isWithin(chn,G,m))return s(chn,\"!chn\"+Hex(G)+\"-\"+Hex(m)),0\nch=(chn-ofs-2)/2,usedch=[0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],notes=vdn=mp=0,vds=[]\nvar t=bpm0=-1,r=[],i=[0,1]\nif(X.isDeepScan())for(visited=[],Y=0;Ymp&&(mp=G),U==ch?chn=isWithin(vd,oldchn+2,X.Sz())?vd:m:(chn=X.U16(G,_BE)+ofs,isWithin(chn,oldchn+2,m)&&(241==X.U8(chn-2)||241==X.U8(chn-3))||(chn=oldchn,usedch[U-1]=!1),isWithin(chn,oldchn+2,m)||(s(chn,\"!p=\"+Hex(G)+\",ch[\"+U+\"] not between \"+Hex(oldchn+2)+\" and \"+Hex(m)),sus+=2),241!=X.U8(chn-2)&&241!=X.U8(chn-3)&&(bad=bad.addIfNone(\"!badchnend@\"+Hex(chn-2)+\"=\"+Hex(X.U24(chn-3,_BE))),X.isDeepScan()||sus++))\nvar n=clk=0\nif(X.isDeepScan())for(t=oldchn,stop=!1;!stop&&t!=chn&&tmp&&(mp=t)\nvar a=X.U8(t++)\nif(a<128)clk+=a+1\nelse if(a<=223)n++,notes++,usedch[U-1]=!0,clk+=X.U8(t++)+1\nelse switch(a){case 255:bpm0<0&&(bpm0=X.U8(t)),t++\nbreak\ncase 254:p=X.U8(t),b=X.U8(t+1),isYM2151Reg()?8==p&&200&b?(n++,notes++,usedch[7&b]=!0):isWithin(p,96,127)&&(i[0]=!0):(sus++,bad=bad.addIfNone(\"!OPMreg@\"+Hex(t-2))),t+=2\nbreak\ncase 253:E=X.U8(t++),vds.indexOf(E)<0&&vds.push(E)\nbreak\ncase 252:t++\nbreak\ncase 251:E=X.U8(t++),isWithin(E,22,127)&&(bad=bad.addIfNone(\"!FB@\"+Hex(t-2)+\"=\"+Hex(E)),sus++),i[0]=1\nbreak\ncase 250:case 249:case 247:case 238:case 232:break\ncase 248:(E=X.U8(t++))||(bad=bad.addIfNone(\"!F8@\"+Hex(t-1)),sus++)\nbreak\ncase 246:X.U8(t+1)?t++:t+=2\nbreak\ncase 245:246!=X.U8(t+X.I16(t,_BE)-1)&&(bad=bad.addIfNone(\"!F5→F6@\"+Hex(t)),sus++),t+=2\nbreak\ncase 244:245!=X.U8(t+X.I16(t,_BE)+1)&&(bad=bad.addIfNone(\"!F4→F5@\"+Hex(t)),sus++),t+=2\nbreak\ncase 243:case 242:t+=2\nbreak\ncase 241:X.U8(t)?(r[U]=t+2+X.I16(t,_BE),isWithin(r[U],e,m)||(bad=bad.addIfNone(\"!loopOOB@\"+Hex(t-1)),sus++),visited[r[U]]?(stop=!0,t+=2):t=r[U]):t++,0mp&&(mp=t)}if(n&&(usedch[U-1]=!0),oldchn=chn,8mp&&(mp=G)\no.sort(function(s,e){return s-e}),vds.length&&(bad+=\"!missingInst\"+outArray(vds,16)),K=mp+27}K=X.isDeepScan()?mp:-1,vd==X.Sz()&&(K=vd)}return 1}}}})()&&(sName=\"Konami's X68k Music Data eXtended module (.MDX)\",bDetected=1,\"\"!=pdxfn&&(sVersion=sVersion.appendS(\"+ \"+pdxfn,\" \")),9smp||1048576<(A=X.U32(t+50))||64A||X.U32(t+61)>A){e=!0\nbreak}t+=65}}smps=[]\nvar r=0\nfor(rsmp=0,Y=0;Ytrkc&&(trkc=E)\nfor(Y=0;Yrptn&&(rptn=e[Y]+1)\nif(e=void 0,!(rptn>ptn||(lp=X.U8(G++))>=ord)){if(bpm=X.U16(G),G+=2,4&s&&(bpm=5*bpm/2),128&s&&(G+=512),16&s&&(G+=576),32&s?(actch=X.U16(G)<<16,G+=2):actch=-1,trk=0,2&s)for(;trkA+2)return\nsmpsz+=A}if(!(smpsz<=4)){ord=X.SA(1,1)<\"4\"?(X.U8(5)>>1)-1:X.U8(5),G=16+16*smp\nvar s=X.U32(8,_BE),e=X.U32(12,_BE),t=X.U32(16,_BE),r=0\nif(G!=e&&(s-=r=e-G,e-=r,t-=r),isWithin(s,G,X.Sz())&&isWithin(e,G,X.Sz())&&isWithin(t,G,X.Sz())){for(Y=G=0;YG&&(G=Q-r,A=X.U16(24+16*Y,_BE))}return K=4+t+G+(A<<1),1}}}})()&&(sName=\"Jarno 'Guru' Paananen's The Player module (.\"+X.SA(0,2)+\"X,.\"+X.SA(0,4)+\")\",sVersion=\"v\"+X.SA(1,1)+\".\"+X.SA(2,2),bDetected=1,X.isVerbose())&&sOption(\"ord:\"+ord+\" ptn:\"+ptn+\" smp:\"+smp+\" sz:\"+outSz(K)),!bDetected&&Vs()&&(sName=\"Jarno 'Guru' Paananen's The Player module (.P\"+sv[0]+\"X,.P\"+sv[0]+sv[2]+\"A)\",sVersion=\"v\"+sv+\"A\",bDetected=1,dtsmp&&(sVersion=sVersion.appendS(\"deltasmp\",\"/\")),pksmp&&(sVersion=sVersion.appendS(\"packedsmp\",\"/\")),X.isVerbose())&&sOption(\"ord:\"+ord+\" ptn:\"+(mptn!=ptn?mptn+\"/\":\"\")+ptn+\" smp:\"+smp+(0K&&(K=E)\nif(!(((K+=64)-6800)%3)){if(k=11792==K?5:10112==K?3:1,ptn=Util.divu64(Util.divu64(K-6800,3),X.U8(41)+1),bad=\"\",1024bpm&&(mbpm=bpm),Mbpm(endpos=X.U32(G+96)))return\nif((looppos=X.U32(G+104))>endpos)return\nif(!isWithin(E=X.U16(G+146),1,16))return\nif(ch=ptn||!X.U16(o+2)||-121&X.U16(o+2))return\n\"Empty\"!==(E=X.SC(G+114,32,\"CP1250\"))&&\"\"!==E.trim()&&titles.push(E.trim()),ord.push(endpos)}for(G+=64*ptn*5,Y=0;YX.Sz()?void 0:(G+=256,1)}})()&&(sName=\"Reinier 'Rhino' van Vliet's Jaytrax/Syntrax module (.JXS)\",sVersion=\"v.\"+X.U32(0),bDetected=1,X.isVerbose())&&(1startpos?\"(\"+looppos+\"-)\":\"\")+endpos,sOption(\"ch:\"+ch+\" bpm:\"+mbpm+(mbpm!=Mbpm?\"-\"+Mbpm:\"\")+\" ord:\"+ord+\" ptn:\"+ptn+\" ins:\"+ins+\" smp:\"+smp+\" sz:\"+outSz(G))),!bDetected&&(function(){if(33==X.U8(0)&&128==X.U8(9)&&(ord=X.U16(1))&&(ins=X.U16(3))&&(smp=X.U16(5))&&!(smp>ins)&&(ptn=X.U16(7))&&isWithin(mvol=X.U8(10),1,32)&&isWithin(spd=X.U8(11),1,32)&&isWithin(tmp=X.U8(12),32,160)&&!(charStat(X.readBytes(13,26),1).indexOf(\"allxsc\")<0)){for(G=39;G<103;G++)if(64=ptn)return\nif(255==X.U8(G-1)){var s\nfor(rins=0,rsmp=0,bad=\"\",Y=0;YX.U8(G+2)||X.U8(G+3)>X.U8(G+4))return\nG+=5+3*X.U8(G)}rins++}}for(Y=smpsz=0;Y>2|s[1]>>4\nif(63&s[0]&&(notes++,debug)&&e>msmp&&(bad=bad.addIfNone(\"!missingsmp#\"+e)),!1&s[1]){k++\nbreak}}while((a0+=3)slen+2&&(S(42+30*U,\"!smp \"+U+\" LpLen \"+sll+\" > sSz \"+slen),bad=bad.addIfNone(\"!sLpLen>sSz\")),slen&&sls>=slen&&(S(46+30*U,\"!smp \"+U+\" LpStart \"+sls+\" >= sSz \"+slen),bad=bad.addIfNone(\"!sLpStart>=sSz\")),sls&&!sll&&(S(42+30*U,\"!smp \"+U+\" LpStart \"+sls+\" LpSz 0\"),bad=bad.addIfNone(\"!sLpStart0LpSz\")),sls&&!slen&&(S(46+30*U,\"!smp \"+U+\" LpStart \"+sls+\" sSz 0\"),bad=bad.addIfNone(\"!sLpStart0SSz\"))}if(B<8||!allvols)return S(20,\"!smps too small or no smpvols\"),0\nif(!(128<(ord=X.U8(470))||220<(restartp=X.U8(471)))){for(restartp&&!/jjk55/.test(X.SA(0,6))||(restartp=120),bpm0=125,120!=restartp&&(bpm0=(88672375/(6100*(240-restartp))).toFixed(2),r=1=badptn&&(badptn=ptn+1),k&&ord_++}if(ord_++,(songszoffptn=600+1024*offptn)>X.Sz())return S(songszoffptn,\"!patterns cut off\"),0\nfor(e=tnDxx=notes=0,Y=0;Y>4),p=((15&k[0])<<8)+k[1],d=15&k[2]\nif(0<=usedptns.indexOf(Y)&&(15=offptn&&64Math.max(512,128*ptn))return S(\"!badbytes:\"+e),0\nnDxx&&nDxx<3&&(r=6),tnDxx+=nDxx}if(tnDxx>ptn+32&&6==r&&(r=5),X.isDeepScan())switch(r){case 0:tracker=\"Karsten Obarski's Ultimate ST 1.0~21\"\nbreak\ncase 1:tracker=\"Karsten Obarski's Ultimate ST 1.8~2.0\"\nbreak\ncase 2:tracker=\"The Exterminator's ST 2.0 / D.O.C.'s ST II\"\nbreak\ncase 3:tracker=\"Il Scuro/Defjam's ST III / Alpha Flight ST IV / D.O.C.'s' ST IV / VI\"\nbreak\ncase 4:tracker=\"D.O.C.'s' ST IX\"\nbreak\ncase 5:tracker=\"Tip/The New Masters' Master ST 1.0\"\nbreak\ncase 6:tracker=\"D.O.C.'s ST 2.0~2\"\nbreak\ndefault:tracker=\"???\"}K=600+1024*ptn+B\nvar c=Math.abs(K-X.Sz()),m=Math.abs(ord-ord_),f=ord||1e-4,l=0\nreturn(20X.Sz()&&l++,restartp||l++,ord&&ord_&&!(badptn>ptn+2)||l++,.8X.Sz()&&(bad=bad.addIfNone(\"!short\")),l&&(bad=bad.addIfNone(\"!sus+\"+l)),1)}}function b(s){for(var e=0,t=0;tord)||(smpp=X.U32(6))>X.Sz())){for(G=10,Y=0;Y=ptn)return\nfor(ptnpt=G,G+=4*ptn,Y=smpsz=0;Ysmpp-3)return\nif(ptnend=Y>=ptn-1?smpp:ptnp+X.U32(ptnpt+4*Y+4),!isWithin(ptnend-G,3,4096))return\nfor(i=0;GX.Sz()||16384E&&(p0=E)}}if(!ins)return s(p0,\"!0inst\"),0\nif([0,9].indexOf(15&X.U8(166))<0)return s(p0,\"!0ptnptr\"),0\nfor(ptn=t0=0,G=166;G<294;G++){if(E=(X.U8(G+128)<<8)+X.U8(G)-X.U16(2)+6,p0>E&&(p0=E),E<0||E<=t0)return s(E,\"!-ptnptr\"),0\nif((t0=E)&&!isWithin(E,416,bin[1][0][1]+6))return s(E,\"!ptnptr\"),0\nE&&255!=X.U8(E)&&ptn++}for(ord=p0-422>>4,G=423,pt=-1,ic=0;G=pt&&(pt=X.U8(G)+1))\nreturn 1}})()&&(sName=\"Marcin 'Jaskier' Lewandowski's Theta Music Composer module (.TMC,.TM4,.TM8)\",sVersion=\"v1.x\",bDetected=1,ic&&(sVersion=sVersion.appendS(\"malformed!\"+ic+\"ptns\",\"/\")),X.isVerbose())&&(sOption(decAnsi(6,30,CPATASCII,Chars0to1FATASCII_PL)),sOption(\"spd0:\"+spd0+\" ticks:\"+ticks+\" ord:\"+ord+\" ptn:\"+(pt!=ptn?pt+\"/\":\"\")+ptn+\" ins:\"+ins+\" sz:\"+outSz(bin[0]))),!bDetected&&gs()&&(sName=\"Radik 'Raster' Štěrba's Raster Music Tracker module (.RMT)\",sVersion=\"v\"+v,bDetected=1,X.isVerbose())&&(1r[0]&&(r[0]=e[Y],r[1]=e[Y+16])\nif((lastsmpend=(r[0]+16<<8)+(r[1]<<8))!=s)return n(\"PTFault: last smp end \"+Hex(lastsmpend)+\" != \"+Hex(s)),0\nfor(notes=ic=0,Y=0;Yptn&&(ptn=pt)\nif(ic>ptn<<2)return n(\"PTFault: \"+ic+\" bad notes\"),0\nfor(Y=8096;Y<8128;Y++)e[Y]&&e[Y]<26&&(e[Y]+=96)\nreturn a=decEncoding(e.slice(8096,8112),CPAmiga),composer=decEncoding(e.slice(8112,8128),CPAmiga),e=void 0,1}function i(s){return t[R++]=X.U8(s),3X.Sz())||1&s||1&e||1&t?void 0:X.c(\"014F\",s-2)&&X.c(\"014F\",e-2)&&X.c(\"014F\",t-2)&&(K=t,E=\"\",X.Sz()>t&&0<(G=X.fSig(t,4096,\"00\")-t+1)&&(E=decAnsi(t,G,CPFullCPETshifted,!0).trim(),K+=G),1)})()&&(sName=\"COMPUTE!'s Enhanced SidPlayer tune (.MUS+.STR+.WDS)\",bDetected=1,X.isVerbose())&&sOption((E.length?'\"'+addEllipsis(E,256,160)+'\"':\"\").append(\"sz:\"+outSz(K))),!bDetected&&As()&&(sName=\"Ultima 6 Adlib module (.M)\",sOption(\"unpsz:\"+unpsz+\" sz:\"+outSz(K)),bDetected=1),!bDetected&&(function(){if(isWithin(X.U16(0,_BE),4,16)&&isWithin(X.U16(2,_BE),8,32)&&isWithin(X.U16(4,_BE),4,48)&&isWithin(X.U8(6),1,4)&&X.c(\"0400000000\",7)&&(X.c(\"'WT'\",12)||!X.U32(12,_BE))&&isWithin(X.U8(23),3,119)&&!(76<(E=X.U32(24,_BE))||3&E)){K=16\nvar s=Math.min(X.Sz(),65535)\nfor(k=0,G=28;G=ord||charStat(X.readBytes(768,128),1).indexOf(\"allasc\")<0)){for(K=16384,Y=0;Y<8;Y++){if(X.U8(192+4*Y))return\nif(!isWithin(X.U8(192+4*Y+1),128,192))return\nif(!isWithin(bnk=X.U8(192+4*Y+2),88,95))return\nif(!isWithin(sec=X.U8(192+4*Y+3),1,128))return\nX.U16(192+4*Y)\nvar s=sec<<8\nbnk&=7,K+=s}if(!(K>X.Sz())){for(K+=1024,F=X.SC(257,30,\"CP1251\").trim(),Y=smp=0;Y<16;Y++)if(1ptn&&(ptn=X.U8(G+1))}for(ptn++,ord=G-16>>3,d2=G,G=4112+48*ptn;G=ptn&&(ptn=o+1)}for(ord_<0&&(ord_=1),G=smp=Y=0;Y<31;Y++,G+=8)(A=X.U16(G,_BE))&&(smp++,B+=A)\nfor(B<<=1,G=382,Y=m=0;Y<4*s;Y++,G+=2)m=Math.max(m,X.U16(G,_BE))\nif(G+=m,1==ptn)for(E=X.U16(G-2,_BE),G+=2;G sz\"),0\nw+=ofs,142!=(y=X.U8(w))&&9 sz\"),0\nw+=ofs,(y=X.U8(w))||z++,142!=y&&9 sz\"),0\nw+=ofs,(y=X.U8(w))||z++,142!=y&&9>=1,s=ordp,!((smp=ordp-smpp)<=0||64>=2,e=X.U16(6),ord=e-s-1,isWithin(ord,1,256))&&!(X.Sz()<12+ord+1+36*smp+34*orn+3-1)){for(n=(r=6)+2*orn+4*smp,p=X.Sz()+1-n,(n+=186)>X.Sz()+1-ord-1-3&&(n=X.Sz()+1-ord-1-3)%2&&--n;rX.Sz()+1-ord-1-3)){for(var p=X.Sz()+1-n,d=0,c=0;c=12+2*orn&&!((r-2*orn)%6)}function l(s){var e=X.U8(s),s=X.U8(s+1)\nif(!(32X.Sz()&&!X.isVerbose()&&(bad+=\"!short\"),bad.length&&(sversion=sversion.appendS(\"malformed\"+bad+(sus?\"sus\"+sus:\"\"),\"/\")),_setResult(\"~audio\",\"Konami's MXDRV PCM resource (.PDX)\",sversion,X.isVerbose()?\"entries:\"+en+\" sz:\"+outSz(K):\"\")),X.Sz()<12||X.U32(0,_LE)||!(numnotes=X.U32(4,_LE))||8192X.Sz()?\"no panning effects\":\"\",_setResult(\"~audio\",\"Ken Silverman's Digital Music module (.KDM)\",sversion,X.isVerbose()?\"trk:\"+numtracks+\" notes:\"+numnotes:\"\")),(function(){if(!(X.Sz()<111104||63<(lp=X.U8(0)))){for(ptn=0,Y=1;Y<100;Y++){if(31<(pt=X.U8(Y)))return\npt>ptn&&(ptn=pt)}if(ptn++,tmp=X.U8(100),(ord=X.U8(101))&&!(100ord)){for(F=X.readBytes(102,28),Y=0;Y<28;Y++)if(F[Y]<32||127ptn&&(ptn=pt)}for(ptn++;G<166;G++){var s=X.U8(G)\nif(s<4||64X.Sz()-10?void 0:X.c(\"4BFA.... 08AD 0000\",Z+2))&&_setResult(\"~audio\",\"Jeroen 'WAVE' Tel & Charles Deenen's Maniacs of Noise module (.MON)\",\"\",\"\"),(function(){if(!(X.Sz()<128)){for(oldp=smp=0,Y=0;Y<128;Y+=8){if((G=X.U16(Y,_BE))>X.Sz())return\nif(G){if(GX.Sz())return\nfor(s+=pcnum=X.U32(G),G+=4+4*pcnum,pbnum=X.U32(G),pbs+=pbnum,G+=4+5*pbnum,cn=0;cn<7;cn++)ccnum=X.U32(G),ccs+=ccnum,G+=4+4*ccnum}if(G>X.Sz())return}if(!(!notes||ccs>50*notes||pbs>3*notes||s>3*notes||maxtimeX.Sz()||1048576<(size=X.U32(G))||(G+=4+size)>X.Sz())){if(spsize=X.U32(G),G+=4,spsize<8192){for(Y=G+4,q=4*X.U32(G),E=Math.min(X.Sz,G+4+q);Yptn&&(ptn=E)\nif(!(32K&&(K=sz1),1max&&(e=X.U32(si+16),4&X.U8(si+31)&&(e*=2),max=s,KX.Sz())return X.isHeuristicScan()&&(bad=bad.addIfNone(\"!badptnp\"),1)\nX.U16(G)===ptnsz&&(fmt=0)}for(Y=0,G=ptntp;YX.Sz()&&X.isHeuristicScan())return bad=bad.addIfNone(\"!badptnp\"),1\nif(0==fmt&&2112X.Sz()&&e++,2X.Sz())return\nq=X.readBytes(e+32,26,!0),\"\"!=(q=decEncoding(q,CP437,!1).trim())&&insnlst.push(q),KX.Sz()&&(bad=bad.addIfNone(\"!short\")),q=X.readBytes(e+20,26,!0),\"\"!=(q=decEncoding(q,CP437,!1).trim())&&smpnlst.push(q),KX.Sz())return\nKG+8*T&&G+8*T<=minp&&(G+=2+8*T,r)&&!T&&(tracker=4&special?\"UNMO3 <= 2.4.0.1\":\"UNMO3\")):r&&special<=1&&!X.U16(G)&&(tracker=\"UNMO3 <= 2.4\",G+=2)\nvar m=0\nif((128&flags||8&special)&&(G+=4896),G>X.Sz())return\nfor(var f=hasPluginChunks=hasMPTM=!1;G+9X.Sz()||G>=msgofs)break\nG+=8+hksz}535!==cwtv||512!==cmwt||nreserved||f||(tracker=hasMPTM||0X.Sz())bad=bad.addIfNone(\"!short\")\nelse{X.c(\"'IMPS'\",p[Y])||(bad=bad.addIfNone(\"!badsmp\"))\nvar u=X.U8(p[Y]+18),z=X.U8(p[Y]+46),E=X.U32(p[Y]+48),k=X.U32(p[Y]+72)\nif(S={ofs:0,slen:0,bits:2&u?16:8,chn:1,en:\"LE\",codec:\"sPCM\",bps:0,length:0},G=k,S.ofs=k,S.slen=E,64===z)G+=12\nelse if(128===z)e=readVarUInt(G),extsmp.push(X.SA(G+1,e[1])),G+=e[0]+e[1]\nelse if(X.c(\"'fLaC'\",k))S.codec=\"FLAC\"\nelse if(X.c(\"'OggS'\",k))S.codec=\"Ogg\"\nelse{switch(S.codec=1&z?\"sPCM\":\"uPCM\",4&u&&532<=cwtv&&(S.chn=2),8&u?S.codec=4&z?\"IT215\":\"IT214\":2&u||255!=z?(2&z&&(S.en=\"BE\"),4&z&&(S.codec=\"dPCM\"),8&z&&(S.codec=\"8d16\")):S.codec=\"ADPCM\",S.codec){case\"sPCM\":case\"uPCM\":case\"dPCM\":case\"fPCM\":case\"MT2\":case\"fPCM15\":case\"fPCM23\":case\"fPCMn\":case\"sPCMn\":S.bps=S.bits\nbreak\ncase\"8d16\":S.bps=16\nbreak\ncase\"ADPCM\":S.bps=4\nbreak\ncase\"uLaw\":case\"aLaw\":S.bps=8\nbreak\ndefault:S.bps=0}S.bps?(S.length=E*S.chn*(S.bps>>3),G+=S.length):b=!0,Ss[Y]=S}K<(t=tX.Sz())){X.U16(e,_LE)\nvar F=X.U16(e+2,_LE)\nif(e+=4,!(!F||1024X.Sz())){G=e+4\nfor(var _,O=[],B=0;BX.Sz()){_=3599,bad=bad.addIfNone(\"!short\")\nbreak}clen=Math.min(g,32768>>(S.bits>>4))\nvar D=defW\nfor(bit_buf=v=0;clen&&GdefW){bad=bad.addIfNone(\"!badITsmp\"),g=0\nbreak}if(A=R(D),topbit=1<=topbit+lowerB&&A<=topbit+upperB){D<=(A-=topbit-1+lowerB)&&A++,D=A\ncontinue}}else if(A&topbit){D=1+(255&A)\ncontinue}clen--,g--}}else readdef=10,_log(\"IT @\"+Hex(G)+\" malformed sample?\")\nG>X.Sz()&&(bad=bad.addIfNone(\"!short\"))}}}else\"FLAC\"!==S.codec&&\"Ogg\"!==S.codec&&(\"AMS\"===S.codec&&1==S.chn?(sOption(\"\\n!!! Please send this file to the detector dev!!! Poor fella hasn't any to test on\"),l=X.U32(G+4,_LE),X.U8(G+8),S.length=l+9):\"8d16\"===S.codec&&1==S.chn&&16==S.bps?sOption(\"\\n!!! Please send this file to the detector dev!!! Poor fella hasn't any to test on\"):\"MDL\"===S.codec&&1==S.chn&&S.bps<=16?(l=X.U32(G),S.length=4+l):\"DMF\"===S.codec&&1==S.chn&&S.bps<=16?sOption(\"\\n!!! Please send this file to the detector dev!!! Poor fella hasn't any to test on\"):\"uLaw\"!==S.codec&&\"aLaw\"!==S.codec||16!=S.bps||(S.length=S.slen*S.chn))\nKX.Sz())break\nswitch(G+=6,e){case\"...C\":var C=0\nswitch(M){case 2:C=X.U16(G,_LE)\nbreak\ncase 3:C=X.U24(G,_LE)\nbreak\ncase 4:C=X.U32(G,_LE)\nbreak\ndefault:C=X.U8(G)}C>ch&&(ch=C)\nbreak\ncase\".VWC\":A=0\nswitch(M){case 1:A=X.U8(G)\nbreak\ncase 2:A=X.U16(G,_LE)\nbreak\ncase 3:A=X.U24(G,_LE)\nbreak\ncase 8:A=X.U64(G,_LE)\nbreak\ndefault:A=X.U32(G,_LE)}A&&(mVcw=i(A.toString(16).toUpperCase().padStart(7,\"0\")))\nbreak\ncase\"VWSL\":A=0\nswitch(M){case 1:A=X.U8(G)\nbreak\ncase 2:A=X.U16(G,_LE)\nbreak\ncase 3:A=X.U24(G,_LE)\nbreak\ncase 8:A=X.U64(G,_LE)\nbreak\ndefault:A=X.U32(G,_LE)}A&&(mVlsw=i(A.toString(16).toUpperCase().padStart(7,\"0\")))\nbreak\ncase\"AUTH\":auth=X.SC(G,M,\"UTF8\")}G+=M}K>1:e>>2,i=0;i>1),fes=0,2&flagbyte&&(fes=I(32)),hasstartpos=4&hd,hassz=8&hd,hasid=idbytes,hasdesc=128&hd,hasmap=hasid||hasstartpos||hassz||hasdesc,4&flagbyte&&(e=I(16),G+=e*(twochar?2:1)),8&flagbyte&&(G+=5),entries=I(64),hasmap&&(e=I(64)),G>X.Sz())?void 0:(rposMapBegin=hasmap?e:G-posstart,1)})()&&(hasmap||fes))for(G=posstart+rposMapBegin,Y=0;Y>12){case 0:f?tracker=\"BeRoTracker\":532!==cwtv||512!==cmwt||9!==flags||special||X.U16(62)||ins||ptn+1!==ord||128!==gvol||100!==mvol||1!==spd||128!==sep||pwd||msglen||msgofs||nreserved?532!==cwtv||512!==cmwt||X.U16(62)||nreserved?532===cwtv&&532===cmwt&&\"CHBI\"===sreserved?tracker=\"ChibiTracker\":532===cwtv&&532===cmwt&&special<=1&&!pwd&&!nreserved&&4==(4262&flags)&&1>8)+\".\"+(255&cwtv).toString(16).padStart(2)):tracker=\"Unknown\":(mVlsw=\"1.00.00.A5\",tracker=\"ModPlug Tracker 1.00a5\",0):tracker=\"OpenSPC conversion\"\nbreak\ncase 1:var x,P,y=4095&cwtv\ntracker=y<=80?\"Schism Tracker 0.\"+y.toString(16):((P=(y=734016+(y<4095?y-80:nreserved))-(365*(x=Util.div64(1e4*y+14780,3652425))+Util.div64(x,4)-Util.div64(x,100)+Util.div64(x,400)))<0&&(P=y-(365*--x+Util.div64(x,4)-Util.div64(x,100)+Util.div64(x,400))),y=Util.div64(100*P+52,3060),\"Schism Tracker \"+(x+Util.div64(y+2,12)).padStart(4,\"0\")+\"-\"+((y+2)%12+1).padStart(2,\"0\")+\"-\"+(P-Util.div64(306*y+5,10)+1).padStart(2,\"0\"))\nbreak\ncase 4:tracker=\"pyIT \"+((3840&cwtv)>>8)+\".\"+(255&cwtv).toString(16)\nbreak\ncase 6:tracker=\"BeRoTracker\"\nbreak\ncase 7:tracker=32767===cwtv&&533===cmwt?\"munch.py\":\"ITMCK \"+(cwtv>>8&15)+\".\"+(cwtv>>4&15)+\".\"+(15&cwtv)\nbreak\ncase 13:tracker=56043==cwtv?\"spc2it\":53710==cwtv?\"itwriter\":\"unknown\"}}}\"?\"!=mVlsw?(charset=\"CP1252\",sV=\"?\"==mVcw?mVlsw:mVcw!=mVlsw?\"cw:\"+mVcw+\"/lsw:\"+mVlsw:mVcw):(charset=\"CP437\",\"?\"!=mVcw&&(sV=mVcw))\nvar H=0\nfor(Y=0;YX.Sz()-2)return d(\"!badptnp+\"+Hex(ptnp)),0\nif((lp=X.U8(s+102))>ord-1)return d(\"!badlp\"),0\nfor(orn=smp=mp=0,s||(ptnp0=ptnp),G=s+105;Gptn&&(ptn=o/3)}if(ptn++,!Y||Y!=ord)return d(\"!realord:\"+Y+\" != ord:\"+ord),0\nfor(E=X.readBytes(s,10),tracker=\"\",nv=0<=charStat(E,1).indexOf(\"allasc\")?\"ProTracker\"==(E=decEncoding(E,CPSpeccy))?(tracker=\"Pro Tracker\",sv=\"v\"+X.SA(s+11,4).trim(),X.U8(s+13)-48):(sv=\"Vortex Tra\"==E?(tracker=\"Vortex Tracker ][\",\"v\"+X.SA(s+18,4).trim()):(tracker='\"'+X.SA(s,14)+'\"',\"v3.x\"),7):(tracker=\"hacked Pro Tracker\",sv=\"v3.x\",7),Y=notes=0;Y<3*ptn&&Gs&&!isWithin(y,ptnp,e)&&(bad=bad.addIfNone(\"!badsmp\")),t.push(k))):k<32?(E+=2,k=X.U8(E++),y=X.U16(105+k)+s,t.indexOf(k)<0&&(y>s&&!isWithin(y,ptnp,e)&&(bad=bad.addIfNone(\"!badsmp\")),t.push(k))):k<64||(k<80?(k&=15,r.indexOf(k)<0&&(r.push(k),mp<(y=X.U16(s+169+2*k)+s))&&(mp=y)):k<176?(notes++,eol=!0):176!=k&&(177==k?a+=X.U8(E++):k<192?E+=2:192==k?eol=!0:k<208||(208==k?eol=!0:k<240?(k=(31&k)<<1,y=X.U16(s+105+k)+s,t.indexOf(k)<0&&(y>s&&!isWithin(y,ptnp,e)&&(bad=bad.addIfNone(\"!badsmp1\")),t.push(k))):(k&=15,r.indexOf(k)<0&&(r.push(k),mp<(y=X.U16(s+169+2*k)))&&(mp=y),k=X.U8(E++),y=X.U16(s+105+k)+s,t.indexOf(k)<0&&(y>s&&!isWithin(y,ptnp,e)&&(bad=bad.addIfNone(\"!badsmp2\")),t.push(k))))))\nif(a++,E+=z,z=0,256Math.min(i+64,X.Sz()-5)||e<=n||e<=a||n-a<8||(n-a)%6!=2)){for(G=t+4,smp=0;GX.Sz())){if(0=ord)return\nlp=X.U8(G-1)\nbreak}ptn=Math.max(ptn,X.U8(G-1)+1)}return K=G+3,dly=X.U8(73),ftitle=0<=charStat(X.readBytes(0,24),!0).indexOf(\"allasc\"),fby=0<=charStat(X.readBytes(46,23),!0).indexOf(\"allasc\"),1}}}}}}function ss(){if(!(X.Sz()<8||(orntp=X.U16(5))>X.Sz()-6||(ptntp=X.U16(7),(j1=ptntp-orntp)<=0)||(smptp=X.U16(3),(j2=orntp-smptp)<=0)||(ordp=X.U16(1),(j3=smptp-ordp)>X.Sz())||(j4=ordp-9)<=0)){if(j4%130){if(j4<55||(j4-55)%130)return\nfID=!0}else fID=!1\nif(smp=X.U8(smptp),isWithin(smp,1,16)&&(G=130*smp+9+(fID?55:0),ordp==G)&&(ord=X.U8(G))){for(ptn=Y=0;YX.Sz()&&(bad=bad.addIfNone(\"!short\")),!(65536>7,G=t;Gd0){if(smp||(d5=E),E<=d5&&(d5=a4=E),smp++,(G+=10)>a4)break}else synsmp++,G+=10\nfor(Y=smp+synsmp,K=0,G=smpp;Y--&&GX.Sz()))for(;Y<60;Y++)if(X.c(\"47FA....D7FA\",s+2*Y))return ofsdiff=s+2*(Y+1)+X.I16(s+2*Y+2,_BE),1}})()&&(s=modp+1,!(10<(k=X.U8(s++)+1)))){for(spd0=X.U8(s++),spds=[],Y=0;Y<10;Y++)E=X.U8(s++),spds.indexOf(E)<0&&spds.push(E)\ns++\nvar e=ofsdiff+X.U32(s,_BE),t=ofsdiff+X.U32(s+4,_BE),r=(Math.abs(e-t),[]),i=[],n=[]\nfor(Y=0,ord=[],s+=620;Y>1\nif(!(s>X.Sz())){for(ordp=s,otsz=Math.min(e,t)-s>>1,Y=0;Y=X.Sz()||s+63>=msmpp)break\nif(255!=d)if(a){if((a+=ofsdiff)>X.Sz())break\naMsmpp&&aX.Sz())){var S=G,U=Math.min(196608+S,X.Sz())\nfor(l+=S,b+=S,f+=S,len=0>2,128)\nvar u=X.U32(l,_BE)-512+S\nif(pt=ptn,(trkst=u-f>>4)<0&&(trkst=0),s<0)switch(Math.max(b,l,mip)){case b:K=b+4*ins\nbreak\ncase mip:for(G=mip;G=trkst))&&(d[Y]!=c[Y]||d[Y]||d[Y+1]);Y++);return k=k||1,1}}}function Vs(){if(!(X.Sz()<7)&&(z=sig=X.c(\"'P50A'\")||X.c(\"'P60A'\")||X.c(\"'P61A'\")?4:0,smpp=X.U16(z,_BE)+z,ptn=X.U8(z+2))&&!(127X.Sz())&&(pksmp&&(z+=4),!(smppX.Sz()))){smpsz=notes=0\nvar s=vols=0\nfor(Y=0,G=z+4;Ysmp)return\nvar e=128&X.U8(G+2)\nif(15<(127&X.U8(G+2))||64smpp)return\nif(Y=mptn=0,(function(){for(;255!=(E=X.U8(z+4+6*smp+8*ptn+Y))&&Y<128;Y++){if(E>ptn-1)return\nE>mptn&&(mptn=E)}return 1})())v=6\nelse{if(!(function(){for(;255!=(E=X.U8(z+4+6*smp+8*ptn+Y))&&Y<128;Y++){if(E%2||E>2*ptn)return\nE>mptn&&(mptn=E)}return mptn>>=1,1})())return\nv=5}if(Y&&128!=Y){if(ord=Y,mptn++,6==v)if(t())sv=\"6.0\"\nelse{if(!(function(){for(Y=ord+z+5+6*smp+8*ptn;Ysmp)return\nY+=2\ncontinue\ncase 112:if((31&X.U8(Y+1))>smp)return\nY+=1\ncontinue\ncase 224:Y+=2\ncontinue\ncase 96:Y+=1\ncontinue}if(128==(128&E)){if((E<<4&16|X.U8(Y+1)>>4)>smp)return\nY+=3}else{if((E<<4&16|X.U8(Y+1)>>4)>smp)return\nY+=2}}return 1})())return\nsv=\"6.1\"}else t()&&(sv=\"5.0\")\nreturn 1}}}function t(){for(Y=ord+z+5+6*smp+8*ptn;Y>4)>smp)return\n2<=E&¬es++,Y+=2}return 0X.Sz()||eX.Sz()||t>X.Sz()||r>X.Sz()?void 0:1}}function As(){if(!(X.Sz()<421)&&isWithin(unpsz=X.U16(0),782,2849)&&X.c(\"00000007\",2)){var s,e,t=0,r=Math.min(X.Sz(),unpsz),i=new BitReader(4),n=!1,a=0,o=9,p=258,d=[],c=defdictsz=4096,m=[],f=258\nfor(Y=0;Y=unpsz)return\nl[t++]=255&e\nbreak\ncase 257:n=!0\nbreak\ndefault:S=b=void 0\nfor(var b=e=unpsz)return\nl[t++]=255&d.pop()}else{for(;d.length;){if(t>=unpsz)return\nl[t++]=s,d.pop()}if(e!=p)return}f>1),t*i)))),result())}meta(\"audio\",\"Interplay ACM waveform audio (.ACM)\")" }, { "path": "dbs_min/db/Binary/audio_ADX.1.sg", "content": "function detect(){if(!X.c(\"8000\"))return!1\nif(!isWithin(p=X.U16(2,_BE)+4,20,X.Sz()))return!1\nif(!X.c(\"'(c)CRI'\",p-6))return!1\nif(fmt=X.U8(4),[2,3,4].indexOf(fmt)<0)return!1\nif(X.U8(5)%18||4!=X.U8(6))return!1\nif(8<(ch=X.U8(7)))return!1\nswitch(nV=X.U8(18),bDetected=1,sVersion=\"\",nV){case 3:sVersion=\"v3\"\nbreak\ncase 4:sVersion=\"v4\"\nbreak\ncase 5:sVersion=\"v4NL\"}switch(fmt){case 2:sVersion+=\" fixed-coefficient\"\nbreak\ncase 4:sVersion+=\" exponential-scale\"}return 0maxb)&&(malformed+=\"!badblksz\"),br=new BitReader(p+10,_BE),rate=br.read(20),ch=1+br.read(3),bps=1+br.read(5),smp=br.read(36),smplen=smp/rate\nbreak\ncase 1:hk=\"PADDING\"\nbreak\ncase 2:switch(hk=\"APP\",s=File.read_ansiString(p,4)){case\"ATCH\":hk+=\":Flacfile\"\nbreak\ncase\"BSOL\":hk+=\":beSolo\"\nbreak\ncase\"BUGS\":hk+=\":Bugs Player\"\nbreak\ncase\"Cues\":hk+=\":GoldWave\"\nbreak\ncase\"Fica\":hk+=\":CUE Splitter\"\nbreak\ncase\"Ftol\":hk+=\":flac-tools\"\nbreak\ncase\"MOTB\":hk+=\":MOTB MetaCzar\"\nbreak\ncase\"MPSE\":hk+=\":MP3 Stream Editor\"\nbreak\ncase\"MuML\":hk+=\":MusicML\"\nbreak\ncase\"RIFF\":hk+=\":Sound Devices RIFF c.s\"\nbreak\ncase\"SFFL\":hk+=\":Sound Font FLAC\"\nbreak\ncase\"SONY\":hk+=\":Sony Creative Software\"\nbreak\ncase\"SQEZ\":hk+=\":flacsqueeze\"\nbreak\ncase\"TtWv\":hk+=\":TwistedWave\"\nbreak\ncase\"UITS\":hk+=\":UITS Embedding tools\"\nbreak\ncase\"aiff\":hk+=\":FLAC AIFF c.s\"\nbreak\ncase\"imag\":hk+=\":flac-image file\"\nbreak\ncase\"peem\":hk+=\":Parseable Embedded Extensible Metadata\"\nbreak\ncase\"qfst\":hk+=\":QFLAC Studio\"\nbreak\ncase\"riff\":hk+=\":FLAC RIFF c.s (OpenMPT?)\"\nbreak\ncase\"tune\":hk+=\":TagTuner\"\nbreak\ncase\"w64 \":hk+=\":FLAC Wave64 chunks\"\nbreak\ncase\"xbat\":hk+=\":XBAT\"\nbreak\ncase\"xbat\":hk+=\":xmcd\"\nbreak\ndefault:hk+=\":<\"+s+\">\"}break\ncase 3:hk=\"SEEKTABLE\",seekt=p,hk+=\"#\"+Math.floor(mdsz,18)\nbreak\ncase 4:hk=\"VORBIS_COMMENT\"\nbreak\ncase 5:for(hk=\"CUESHEET\",xa=xna=0,trkn=File.read_uint8(p+395),u=p+396,i=0;i>3),sz>3),sz>8,sOption(\"ch:\"+e+\" len \"+secondsToTimeStr(t)+\" s/r:\"+X.U32(12)+\"Hz \"+[\"not looped\",\"looped\"][+(0!=X.U32(32))]+\" sz:\"+outSz(X.U32(4)))),result()}meta(\"audio\",\"Nintendo DS RIFF IMA-ADPCM stream (.STRM,.BIN,.LBIN)\")" }, { "path": "dbs_min/db/Binary/audio_SOU.1.sg", "content": "function detect(){return Binary.compare(\"'SOU'2000000000\")&&(bDetected=1),result()}meta(\"audio\",\"SOU\")" }, { "path": "dbs_min/db/Binary/audio_STRM.1.sg", "content": "function detect(){if(!(!X.c(\"'STRM'FE\")&&!X.c(\"'STRM'FF\")||X.U8(4)==X.U8(5)||X.U8(5)<254)&&X.c(\"'HEAD'\",16)){var e,t,U=255==X.U8(4)?_LE:_BE,o=16+X.U32(20,U)\nif(!(1X.Sz()))if(X.c(\"'DATA'\",o)&&X.U32(40,U)==o+8&&X.U32(8,U)==o+X.U32(o+4,U))return bDetected=1,sVersion=[\"PCM8s\",\"PCM16\",\"IMA-ADPCM\"][X.U8(24)]+\"/\"+(U==_LE?\"le\":\"be\"),X.isVerbose()&&(e=X.U8(26),t=(X.U32(36,U)/X.U16(28,U)).toFixed(0),sOption(\"ch:\"+e+\" len \"+secondsToTimeStr(t)+\" s/r:\"+X.U16(28,U)+\"Hz \"+[\"not looped\",\"looped\"][X.U8(25)]+\" sz:\"+outSz(X.U32(o+4,U)+o))),result()}}meta(\"audio\",\"Nintendo DS multi-channel stream (.STRM)\")" }, { "path": "dbs_min/db/Binary/audio_STRM.2.sg", "content": "function detect(){if(X.c(\"'STRM'E8030000\")&&X.U32(16)&&!(X.U32(24)<31)&&(sz=X.U32(16))==X.U32(24)){if(bDetected=1,X.isVerbose()){var e=Math.min(sz,X.Sz()),s=X.U32(8),r=0\nif(X.isDeepScan())for(p=30;p>4&4095,i=X.U32(p+2,_BE)>>5&8191\nif(4095!=t||i<=8)break\np+=i}p\",sV=nV.toString(16).padStart(4,\"0\"),sVersion=\"v\"+sV[1]+\".\"+sV.slice(2,4),bn=sz=-1,extended=z=!1,p=26,rate=Hz=bps=bCodec=0,info=[];p<(X.isDeepScan()?X.Sz():65535)&&!z;){switch(bst=p,bhd=X.U8(p++),bn++,bsz=X.U24(p),p+=3,at=\"\",bhd){case 0:info.push(at+\"EoF\"),p-=3,z=!0\nbreak\ncase 1:extended||(rate=1e6/(256-X.U8(p)),Hz=rate<1e5?Math.round(rate)+\"Hz\":(rate/1e3).toFixed(1)+\"kHz\",bCodec=X.U8(p+1)),info.push(at+\"audio data in \"+codec+\" at \"+Hz),p+=bsz\nbreak\ncase 2:p+=bsz\nbreak\ncase 3:len=X.U16(p)+1,rate=1e6/(256-X.U8(p+2)),Hz=rate<1e5?Math.round(rate)+\"Hz\":(rate/1e3).toFixed(1)+\"kHz\",info.push(at+\"silence (\"+(len/rate).toFixed(2)+\" sec at \"+Hz+\")\"),p+=bsz\nbreak\ncase 4:info.push(at+\"marker #\"+X.U16(p)),p+=bsz\nbreak\ncase 5:s=X.SA(p,bsz),p+=bsz,info.push(at+'\"'+s+'\"')\nbreak\ncase 6:n=X.U16(p),p+=bsz,info.push(at+(65535==n?\"infinite\":n)+\" repeats { \")\nbreak\ncase 7:info.push(at+\"end repeat }\")\nbreak\ncase 8:extended||(chn=X.U8(p+3)+1,rate=256e6/(chn*(65536-X.U16(p))),Hz=rate<1e5?Math.round(rate)+\"Hz\":(rate/1e3).toFixed(1)+\"kHz\",bCodec=X.U8(p+2)),extended=!0,p+=bsz,info.push(at+\"set to \"+e(bCodec)+\" at \"+Hz+\", \"+chn+\"chn\")\nbreak\ncase 9:nV<274&&(bad=bad.addIfNone(\"!badver\")),(rate=X.U32(p))||(bad=bad.addIfNone(\"!badrate@\"+Hex(bst))),z=!0\nbreak\ndefault:bad=bad.addIfNone(\"!invalidblock@\"+Hex(bst)),z=!0}p==X.Sz()&&(z=!0),X.isDeepScan()&&(p>X.Sz()?bad=bad.addIfNone(\"!short\"):sz=p)}return bDetected=1,\"\"!=bad&&(sVersion=sVersion.appendS(\"malformed\"+addEllipsis(bad,128,64),\"/\")),X.isVerbose()&&(sOption(addEllipsis(info.join(\"; \"),512,256)),sOption(outSz(sz),\"sz:\")),result()}meta(\"audio\",\"Creative (Sound Blaster) Voice waveform (.VOC)\")" }, { "path": "dbs_min/db/Binary/audio_WAV.1.sg", "content": "function detect(){var e,s,a=12,i=_BE,r=[],o=[],n=cue=0,c=nRate=nChannels=nBPS=0,V=-1,b=-1,k=0,S=0,t=4,C=\"\",A=\"\",M=\"\",l=\"\",P=\"\",u=\"\",d=\"\",I=\"\",D=[!1,!1,!1]\nif(!(X.Sz()<36)){if(X.c(\"'RIFF'........'WAVE'\"))i=_LE\nelse{if(!X.c(\"'RIFX'........'WAVE'\"))return\ni=_BE}if(!((b=8+X.U32(4,i))<12)){for(b-8>=X.Sz()&&X.c(\"'NXBF'\",36)&&(b=X.Sz());a>2==X.U32(48,i)?b=X.Sz():X.Sz()-b-16<=2304&&X.c(\"'cont'\",b)&&(b+=8+X.U32(b+4,i))\nbreak\ncase 18:sVersion=\"Videologic Mediaspace ADPCM\"\nbreak\ncase 19:sVersion=\"Sierra ADPCM\"\nbreak\ncase 20:sVersion=\"Antex G.723 ADPCM\"\nbreak\ncase 21:sVersion=\"DSP Solutions DIGISTD\"\nbreak\ncase 22:sVersion=\"DSP Solutions DIGIFIX\"\nbreak\ncase 23:sVersion=\"Dialogic OKI ADPCM\"\nbreak\ncase 24:sVersion=\"Media Vision ADPCM\"\nbreak\ncase 25:sVersion=\"HP CU\"\nbreak\ncase 26:sVersion=\"HP Dynamic Voice\"\nbreak\ncase 32:sVersion=4==nBPS?\"Yamaha AICA ADPCM\":\"Yamaha ADPCM\"\nbreak\ncase 33:sVersion=\"SONARC Speech Compression\"\nbreak\ncase 34:sVersion=\"DSP Group True Speech\"\nbreak\ncase 35:sVersion=\"Echo Speech Corp.\"\nbreak\ncase 36:sVersion=\"Virtual Music Audiofile AF36\"\nbreak\ncase 37:sVersion=\"Audio Processing Tech.\"\nbreak\ncase 38:sVersion=\"Virtual Music Audiofile AF10\"\nbreak\ncase 39:sVersion=\"Aculab Prosody 1612\"\nbreak\ncase 40:sVersion=\"Merging Tech. LRC\"\nbreak\ncase 48:sVersion=\"Dolby AC2\"\nbreak\ncase 49:sVersion=\"Microsoft GSM610\"\nbreak\ncase 50:sVersion=\"MSN Audio\"\nbreak\ncase 51:sVersion=\"Antex ADPCM\"\nbreak\ncase 52:sVersion=\"Control Resources VQLPC\"\nbreak\ncase 53:sVersion=\"DSP Solutions DIGIREAL\"\nbreak\ncase 54:sVersion=\"DSP Solutions DIGIADPCM\"\nbreak\ncase 55:sVersion=\"Control Resources CR10\"\nbreak\ncase 56:sVersion=\"Natural MicroSystems VBX ADPCM\"\nbreak\ncase 57:sVersion=\"Crystal Semiconductors IMA ADPCM\"\nbreak\ncase 58:sVersion=\"Echo Speech ECHOSC3\"\nbreak\ncase 59:sVersion=\"Rockwell ADPCM\"\nbreak\ncase 60:sVersion=\"Rockwell DIGITALK\"\nbreak\ncase 61:sVersion=\"Xebec Multimedia\"\nbreak\ncase 64:sVersion=\"Antex G.721 ADPCM\"\nbreak\ncase 65:sVersion=\"Antex G.728 CELP\"\nbreak\ncase 66:sVersion=\"Microsoft MSG723\"\nbreak\ncase 67:sVersion=\"IBM AVC ADPCM\"\nbreak\ncase 69:sVersion=\"ITU-T G.726\"\nbreak\ncase 80:sVersion=\"Microsoft MPEG\"\nbreak\ncase 81:sVersion=\"RT23 or PAC\"\nbreak\ncase 82:sVersion=\"InSoft RT24\"\nbreak\ncase 83:sVersion=\"InSoft PAC\"\nbreak\ncase 85:sVersion=\"MP3\"\nbreak\ncase 89:sVersion=\"Cirrus\"\nbreak\ncase 96:sVersion=\"Cirrus Logic\"\nbreak\ncase 97:sVersion=\"ESS Tech. PCM\"\nbreak\ncase 98:sVersion=\"Voxware Inc.\"\nbreak\ncase 99:sVersion=\"Canopus ATRAC\"\nbreak\ncase 100:sVersion=\"APICOM G.726 ADPCM\"\nbreak\ncase 101:sVersion=\"APICOM G.722 ADPCM\"\nbreak\ncase 102:sVersion=\"Microsoft DSAT\"\nbreak\ncase 103:sVersion=\"Microsoft DSAT-DISPLAY\"\nbreak\ncase 105:sVersion=4==nBPS?\"XBOX IMA ADPCM\":\"Voxware Byte Aligned\",b-8==X.Sz()?b-=8:b-4==X.Sz()?b-=4:b+8==X.Sz()&&(b+=8)\nbreak\ncase 112:sVersion=\"Voxware ACB\"\nbreak\ncase 113:sVersion=\"Voxware AC10\"\nbreak\ncase 114:sVersion=\"Voxware AC16\"\nbreak\ncase 115:sVersion=\"Voxware AC20\"\nbreak\ncase 116:sVersion=\"Voxware MetaVoice\"\nbreak\ncase 117:sVersion=\"Voxware MetaSound\"\nbreak\ncase 118:sVersion=\"Voxware RT29HW\"\nbreak\ncase 119:sVersion=\"Voxware VR12\"\nbreak\ncase 120:sVersion=\"Voxware VR18\"\nbreak\ncase 121:sVersion=\"Voxware TQ40\"\nbreak\ncase 122:sVersion=extIs(\"med\")?4==nBPS?\"4-bit MS-IMA ADPCM\":3==nBPS?\"3-bit MS-IMA ADPCM\":\"Voxware SC3/med\":\"Voxware SC3\"\nbreak\ncase 123:sVersion=\"Voxware SC3\"\nbreak\ncase 128:sVersion=\"Soundsoft\"\nbreak\ncase 129:sVersion=\"Voxware TQ60\"\nbreak\ncase 130:sVersion=\"Microsoft MSRT24\"\nbreak\ncase 131:sVersion=\"AT&T G.729A\"\nbreak\ncase 132:sVersion=\"Motion Pixels MVI-MV12\"\nbreak\ncase 133:sVersion=\"DataFusion G.726\"\nbreak\ncase 134:sVersion=\"DataFusion GSM610\"\nbreak\ncase 136:sVersion=\"Iterated Systems Audio\"\nbreak\ncase 137:sVersion=\"Onlive\"\nbreak\ncase 138:sVersion=\"Multitude, Inc. FT SX20\"\nbreak\ncase 139:sVersion=\"Infocom IT’S A/S G.721 ADPCM\"\nbreak\ncase 140:sVersion=\"Convedia G729\"\nbreak\ncase 141:sVersion=\"Congruency, Inc. (not specified)\"\nbreak\ncase 145:sVersion=\"Siemens SBC24\"\nbreak\ncase 146:sVersion=\"Sonic Foundry Dolby AC3 APDIF\"\nbreak\ncase 147:sVersion=\"MediaSonic G.723\"\nbreak\ncase 148:sVersion=\"Aculab Prosody 8kbps\"\nbreak\ncase 151:sVersion=\"ZyXEL ADPCM\"\nbreak\ncase 152:sVersion=\"Philips LPCBB\"\nbreak\ncase 153:sVersion=\"Studer Professional Audio Packed\"\nbreak\ncase 160:sVersion=\"Maiden PhonyTalk\"\nbreak\ncase 161:sVersion=\"Racal Recorder GSM\"\nbreak\ncase 162:sVersion=\"Racal Recorder G720.a\"\nbreak\ncase 163:sVersion=\"Racal G723.1\"\nbreak\ncase 164:sVersion=\"Racal Tetra ACELP\"\nbreak\ncase 176:sVersion=\"NEC AAC NEC Corporation\"\nbreak\ncase 255:sVersion=\"AAC\"\nbreak\ncase 256:sVersion=\"Rhetorex ADPCM\"\nbreak\ncase 257:sVersion=\"IBM u-Law\"\nbreak\ncase 258:sVersion=\"IBM a-Law\"\nbreak\ncase 259:sVersion=\"IBM ADPCM\"\nbreak\ncase 273:sVersion=\"Vivo G.723\"\nbreak\ncase 274:sVersion=\"Vivo Siren\"\nbreak\ncase 288:sVersion=\"Philips Speech Processing CELP\"\nbreak\ncase 289:sVersion=\"Philips Speech Processing GRUNDIG\"\nbreak\ncase 291:sVersion=\"Digital G.723\"\nbreak\ncase 293:sVersion=\"Sanyo LD ADPCM\"\nbreak\ncase 304:sVersion=\"Sipro Lab ACEPLNET\"\nbreak\ncase 305:sVersion=\"Sipro Lab ACELP4800\"\nbreak\ncase 306:sVersion=\"Sipro Lab ACELP8V3\"\nbreak\ncase 307:sVersion=\"Sipro Lab G.729\"\nbreak\ncase 308:sVersion=\"Sipro Lab G.729A\"\nbreak\ncase 309:sVersion=\"Sipro Lab Kelvin\"\nbreak\ncase 310:sVersion=\"VoiceAge AMR\"\nbreak\ncase 320:sVersion=\"Dictaphone G.726 ADPCM\"\nbreak\ncase 336:sVersion=\"Qualcomm PureVoice\"\nbreak\ncase 337:sVersion=\"Qualcomm HalfRate\"\nbreak\ncase 341:sVersion=\"Ring Zero Systems TUBGSM\"\nbreak\ncase 352:sVersion=\"Microsoft Audio1\"\nbreak\ncase 353:sVersion=\"Windows Media Audio V2 V7 V8 V9 / DivX audio (WMA) / Alex AC3 Audio\"\nbreak\ncase 354:sVersion=\"Windows Media Audio Professional V9\"\nbreak\ncase 355:sVersion=\"Windows Media Audio Lossless V9\"\nbreak\ncase 356:sVersion=\"WMA Pro over S/PDIF\"\nbreak\ncase 368:sVersion=\"UNISYS NAP ADPCM\"\nbreak\ncase 369:sVersion=\"UNISYS NAP ULAW\"\nbreak\ncase 370:sVersion=\"UNISYS NAP ALAW\"\nbreak\ncase 371:sVersion=\"UNISYS NAP 16K\"\nbreak\ncase 372:sVersion=\"MM SYCOM ACM SYC008 SyCom Technologies\"\nbreak\ncase 373:sVersion=\"MM SYCOM ACM SYC701 G726L SyCom Technologies\"\nbreak\ncase 374:sVersion=\"MM SYCOM ACM SYC701 CELP54 SyCom Technologies\"\nbreak\ncase 375:sVersion=\"MM SYCOM ACM SYC701 CELP68 SyCom Technologies\"\nbreak\ncase 376:sVersion=\"Knowledge Adventure ADPCM\"\nbreak\ncase 384:sVersion=\"Fraunhofer IIS MPEG2AAC\"\nbreak\ncase 400:sVersion=\"Digital Theater Systems DTS DS\"\nbreak\ncase 512:sVersion=\"Creative Labs ADPCM\"\nbreak\ncase 514:sVersion=\"Creative Labs FASTSPEECH8\"\nbreak\ncase 515:sVersion=\"Creative Labs FASTSPEECH10\"\nbreak\ncase 528:sVersion=\"UHER ADPCM\"\nbreak\ncase 533:case 534:sVersion=\"Ulead DV ACM\"\nbreak\ncase 544:sVersion=\"Quarterdeck Corp.\"\nbreak\ncase 560:sVersion=\"I-Link VC\"\nbreak\ncase 576:sVersion=\"Aureal Semiconductor Raw Sport\"\nbreak\ncase 577:sVersion=\"ESST AC3\"\nbreak\ncase 592:sVersion=\"Interactive Products HSX\"\nbreak\ncase 593:sVersion=\"Interactive Products RPELP\"\nbreak\ncase 608:sVersion=\"Consistent CS2\"\nbreak\ncase 624:sVersion=\"ATRAC3/Sony SCX\"\nbreak\ncase 625:sVersion=\"Sony SCY\"\nbreak\ncase 626:sVersion=\"Sony ATRAC3\"\nbreak\ncase 627:sVersion=\"Sony SPC\"\nbreak\ncase 640:sVersion=\"TELUM Telum Inc.\"\nbreak\ncase 641:sVersion=\"TELUMIA Telum Inc.\"\nbreak\ncase 645:sVersion=\"Norcom Voice Systems ADPCM\"\nbreak\ncase 768:b-8==X.Sz()&&(b-=8),sVersion=4==nBPS&&nBlockSize==1024*nChannels&&12==b&&1==nChannels?\"DVI IMA\":\"Fujitsu FM TOWNS SND\"\nbreak\ncase 769:case 770:case 771:case 772:case 773:case 774:case 775:case 776:sVersion=\"Fujitsu (not specified)\"\nbreak\ncase 848:sVersion=\"Micronas Semiconductors, Inc. Development\"\nbreak\ncase 849:sVersion=\"Micronas Semiconductors, Inc. CELP833\"\nbreak\ncase 1024:sVersion=\"Brooktree Digital\"\nbreak\ncase 1025:sVersion=\"Intel Music Coder (IMC)\"\nbreak\ncase 1026:sVersion=\"Ligos Indeo Audio\"\nbreak\ncase 1104:sVersion=\"QDesign Music\"\nbreak\ncase 1280:sVersion=\"On2 VP7 On2 Technologies\"\nbreak\ncase 1281:sVersion=\"On2 VP6 On2 Technologies\"\nbreak\ncase 1365:sVersion=\"Level-5 4-bit ADPCM\"\nvar p=b+4*(X.U16(22,i)-1)\np>3)/nRate/nChannels*1e4)/10,V=new Date(s).toISOString().substr(11,8))\nbreak\ncase\"cue\":for(var E=a+4,f=\"\",R=0;EX.Sz())return}r+=e}if(datap){var c=nRate=nChannels=nBPS=0,o=-1,p=8+X.U32(4,a),f=xsz=chlo=chtp=0\nif(iswem=extIs(\"wem\")||extIs(\"bnk\"),info=[],lp=prefetch=!1,xma2p)c=357,info=xma2_pase_xma2_chunk(xma2p),nChannels=info[0],nRate=info[1],lp=info[2],f=info[3]\nelse{if(n<16)return\nc=X.U16(fmtp,_LE),nChannels=X.U16(fmtp+2,_LE),nRate=X.U32(fmtp+4,_LE),nBlockSize=X.U16(fmtp+12,_LE),nBPS=X.U16(fmtp+14,_LE),6==(xsz=16>8&15,chlo>>=12)}switch(358==c&&(info=xma2_parse_fmt_chunk_extra(r,_BE),lp=info[0],f=info[1]),smplp&&34<=i&&1==X.U32(r+28)&&0==X.U32(r+40)&&(lp=!0),c){case 1:sVersion=\"older Wwise, PCM\",prefetch=1\nbreak\ncase 2:sVersion=\"newer Wwise IMA:platform ADPCM\",prefetch=1,xsz==12+46*nChannels?sVersion+=\":DSP+coefs\":10==xsz&&wiihp?sVersion+=\":WiiH_DSP\":nBlockSize==260*nChannels&&(sVersion+=\":PTADPCM\")\nbreak\ncase 105:sVersion=\"older Wwise IMA\",prefetch=1\nbreak\ncase 353:sVersion=\"Microsoft WMAv2\",prefetch=1\nbreak\ncase 354:sVersion=\"Microsoft WMAPro\",prefetch=1\nbreak\ncase 357:sVersion=\"Microsoft XMA2\",prefetch=1\nbreak\ncase 358:sVersion=\"fmt-chunk Microsoft XMA2\",prefetch=1\nbreak\ncase 12345:sVersion=\"Opus NX\",prefetch=1\nbreak\ncase 12352:sVersion=\"Opus\",prefetch=1\nbreak\ncase 12353:sVersion=\"Wwise 2019.2.3 Opus_WEM/WW\",prefetch=1\nbreak\ncase 33553:sVersion=\"Wwise 2019.1 PTADPCM\",prefetch=1\nbreak\ncase 43712:sVersion=\"AAC\"\nbreak\ncase 65520:sVersion=\"DSP\",prefetch=1\nbreak\ncase 65531:sVersion=\"HEVAG\"\nbreak\ncase 65532:sVersion=\"ATRAC9\",prefetch=1\nbreak\ncase 65534:sVersion=\"PCM for Wwise Authoring\",prefetch=1\nbreak\ncase 65535:sVersion=\"Vorbis\",prefetch=1\nbreak\ndefault:return void(iswem&&_setResult(\"audio\",\"Wwise: unknown format \",Hex(c,4),\"\"))}if(datap+t>X.Sz()){if(datap+t<20480&&65536>>19&3\nif(1==e)return null\n1>>17&3\nif(0==a)return null;--a\nvar i=r>>>12&15\nif(0==i||15==i)return null;--i\nvar t,s,o,u,l=r>>>10&3\nreturn 3==l?null:(t=r>>>9&1,r=r>>>6&3,i=2==e?this.aRatev1[14*a+i]:this.aRatev2[14*(2==a)+i],l=this.aFreq[3*e+l],s=2==a?384/l:1==a||2==e?1152/l:576/l,-(o=1)==(u=Binary.findString(n,40,\"Xing\"))&&(u=Binary.findString(n,40,\"Info\"),o=0),-1!=u&&1&X.U8(u+7)?(s*=X.U32(u+8,_BE),n=o?-1:-2):X.c(\"'VBRI'\",n+32)?(s*=X.U32(u+46,_BE),n=-1):n+=2==a?4*Math.floor(12e3*i/l+t):Math.floor(125*i*s+t),[this.aVersion[e],this.aLayer[a],i,l,this.aCh[r],s,n])}}\nfunction detect(){if(128<=X.Sz()){X.c(\"'TAG'\",X.Sz()-128)&&(sOptions=\"ID3v1\")\nvar n=0,r=0\nX.c(\"'ID3'\")?(n=X.U8(6)<<21|X.U8(7)<<14|X.U8(8)<<7|X.U8(9),n+=10,\"\"==sOptions?sOptions=\"ID3v2\":sOptions+=\"&2\",r=1):X.c(\"'WAVEfmt '........55\",8)&&(n=Binary.findString(50,50,\"data\")+8)\nvar e=null,a=MP3.header(n)\nif(null==a&&(r&&(n=Binary.findSignature(n,768,\"FFFB\"),a=MP3.header(n)),null==a))return\"\"\nif(0>8&255|(255&v)<<8).toString(16))\nbreak\ncase 108:for(tag=\"actors\",q=p+2;qX.Sz()?void 0:(sz=p,sVersion=200==idx?\"easyRPG\"+(v.length?\" v\"+v.slice(0,4):\"\"):\"RPG_RT\",1)}}})()&&(sName=\"RPGMaker 2000/2003 save data (.LSD)\",bDetected=1,bad.length&&(sVersion=sVersion.appendS(\"malformed\"+bad,\"/\")),X.isVerbose())&&(sOption(\"on: \"+dt.slice(0,19)),sOption(heronm+\" lv.\"+herolv+\" \"+herohp+\"HP\",\"preview: \"),0<=ch1fsi&&sOption(ch1fs),0<=ch2fsi&&sOption(ch2fs),0<=ch3fsi&&sOption(ch3fs),0<=ch4fsi&&sOption(ch4fs),sOption(info,\"info: \"),sOption(outSz(sz),\"sz:\")),!bDetected&&(function(){if(s()&&X.c(\"0A\")&&(bad=\"\",X.c(\"'LcfMapTree'\",1))&&(i=readVarUInt(11),isWithin(i[0],1,5))){for(p=11+i[0]+1,len=i[1],title=\"\",maps=[],idx=i=0;p=len)break\nif(idx=readVarUInt(p),!isWithin(idx[0],1,3))return\nif(p+=idx[0],idx=idx[1],sz=readVarUInt(p),!isWithin(sz[0],1,5)||!sz[1])return\np+=sz[0],sz=sz[1],1===idx&&(t=X.SC(p,sz,\"SJIS\"),title.length?maps.push(aid+\".\"+t):title=t),p+=sz}for(i=0;iX.Sz()?void 0:1}})()&&(sName=\"RPGMaker 2000/2003 map tree data (.LMT)\",bDetected=1,bad.length&&(sVersion=sVersion.appendS(\"malformed\"+bad,\"/\")),X.isVerbose())&&(sOption(\"for: \"+title),sOption(addEllipsis(maps.join(\"\\r\"),49152),len+\" maps:\"),sOption(outSz(sz),\"sz:\")),!bDetected&&(function(){if(s()&&X.c(\"0B\")&&X.c(\"0B\",12)&&(bad=\"\",X.c(\"'LcfDataBase'\",1))){var e=[]\nfor(chars=[],idx=i=0,p=12;pX.Sz()?void 0:1}})()&&(sName=\"RPGMaker 2000/2003 map unit (.LMU)\",bDetected=1,bad.length&&(sVersion=sVersion.appendS(\"malformed\"+bad,\"/\")),X.isVerbose())&&(0<=id&&sOption(id,\"id:\"),bgf&&sOption(bg,'bg:\"','\"'),sOption(outSz(sz),\"sz:\")),result()}meta(\"game\")" }, { "path": "dbs_min/db/Binary/data_overlay_null_padding.1.sg", "content": "function detect(){if(!Binary.isOverlay())return result()\nvar e=Binary.getSize()\nBinary.isZeroFilled(0,e)&&_setResult(\"overlay\",\"null padding\",\"\",\"\")}" }, { "path": "dbs_min/db/Binary/data_overlays.6.sg", "content": "function detect(){var e\nreturn Binary.isOverlay()&&(Binary.compare(\"'aWAW'\")?(sName=\"CreateInstall data\",bDetected=1):Binary.compare(\"';!@Install@!UTF-8!'\")?(sName=\"7-zip Installer data\",bDetected=1):Binary.compare(\"00'TMSAMVOH'\")?(sName=\"ActiveMark protector data\",bDetected=1):Binary.compare(\"....................'MSCF'00\")?(sName=\"Actual Installer data\",bDetected=1):Binary.compare(\"'10JP'\")?(sName=\"Adveractive Installer data\",bDetected=1):Binary.compare(\"'EWETAR DATA FILE!! VER 1.00 <<<>>>'\")?(sName=\"Aeco Systems installer data\",bDetected=1):Binary.compare(\"c0ab........60ea\")?(sName=\"ARJSFX32 data\",bDetected=1):Binary.compare(\"67570402\")?(sName=\"ARQ archive\",bDetected=1):Binary.compare(\"0b0bafaf0b0ba4\")?(sName=\"AutoPlay Media Studio installer data\",bDetected=1):Binary.compare(\"'wwgT)'\")||Binary.compare(\"..120100....0000\")?(sName=\"ClickTeam installer data\",bDetected=1):Binary.compare(\"'CK16'\")?(sName=\"CrypKey Installer archive\",bDetected=1):Binary.compare(\"........'DIMDMSCF'\")?(sName=\"Dimd SFX data\",sOptions=\"CAB\",bDetected=1):Binary.compare(\"'[metadata]'\")?(sName=\"distutils installer data\",bDetected=1):Binary.compare(\"b297e169\")?(sName=\"Envoy Packager data\",bDetected=1):Binary.compare(\"'EPSF'\")?(sName=\"Eschalon Installer archive\",bDetected=1):Binary.compare(\"........'SPIS'1a'LH5'\")?(sName=\"GPInstall data\",sOptions=\"SPIS LH5\",bDetected=1):Binary.compare(\"'zlb'1A\")||Binary.compare(\"'idska32'1A\")?(sName=\"Inno Setup Installer data\",bDetected=1):Binary.compare(\"'Inno Setup Messages'\")?(sName=\"Inno Setup uninstall data\",bDetected=1):Binary.compare(\"'1CNT'\")?(sName=\"LucasArts Update Installer data\",bDetected=1):Binary.compare(\"'MPU'0d\")?(sName=\"MP-ZipTool SFX32 data\",bDetected=1):Binary.compare(\"'MPQ'1a20\")?(sName=\"MPQ archive\",bDetected=1):Binary.compare(\"'PK??NOS_PO'\")||Binary.compare(\"'NOS_PO'\")?(sName=\"NOS Installer data\",bDetected=1):Binary.compare(\"970300000201\")?(sName=\"Pantaray QSetup data\",sVersion=\"10.X\",bDetected=1):Binary.compare(\"370700000201\")?(sName=\"Pantaray QSetup data\",sVersion=\"11.X\",bDetected=1):Binary.compare(\"04'PBG'\")?(sName=\"Paquet archive\",bDetected=1):Binary.compare(\"'PB'................................'7z'\")?(sName=\"Paquet Builder\",sOptions=\"7zip\",bDetected=1):Binary.compare(\"'qres'\")?(sName=\"QT installer data\",bDetected=1):Binary.compare(\"4B2A9A\")||Binary.compare(\"4B2A84\")?(sName=\"RTPatch archive\",bDetected=1):Binary.compare(\"e0e0e1e1e2e2e3e3e4e4e5e5e6e6e7e7\")?(sName=\"Setup Factory installer data\",sVersion=\"8.X, 9.X\",bDetected=1):Binary.compare(\"e0e1e2e3e4e5e6\")?(sName=\"Setup Factory installer data\",sVersion=\"4.X, 5.X\",bDetected=1):Binary.compare(\"67155234ff4d3642\")?(sName=\"STATICSUP installer data\",bDetected=1):Binary.compare(\"'ESIV'\")||Binary.compare(\"'SIVM'\",61440)?(sName=\"Vise Installer data\",bDetected=1):Binary.compare(\"'RsDl'\")?(sName=\"WinImage SFX data\",bDetected=1):Binary.compare(\"'IMP'0a\")?(sName=\"IMP archive\",bDetected=1):Binary.compare(\"'@Daisy@Lucy@xyzzy@'................1f8b08\")||Binary.compare(\"'@Daisy@Lucy@xyzzy@'1f8b08\")?(sName=\"WinPatch Apply Program data\",sOptions=\"gzip\",bDetected=1):Binary.compare(\"'***messages***'\")?(sName=\"WinRAR Installer data\",bDetected=1):Binary.compare(\"fffe2a002a002a006d0065007300730061006700650073002a002a002a00\")?(sName=\"WinRAR Installer data\",sVersion=\"5.X\",bDetected=1):Binary.compare(\"'MPV*'\")?(sName=\"ZipCentral SFX-32 data\",bDetected=1):Binary.compare(\"'[20/20]'\")?(sName=\"PCInstall data\",bDetected=1):Binary.compare(\"'ISSetupStream'\")?(sName=\"InstallShield data\",sVersion=\"18.X\",bDetected=1):Binary.compare(\"'FWS'\")||Binary.compare(\"'CWS'\")?(sName=\"Adobe Flash\",bDetected=1):Binary.compare(\"'Smart Install Maker v'\")?(sName=\"Smart Install Maker data\",sVersion=Binary.getString(Binary.getOverlayOffset()+23),bDetected=1):Binary.compare(\"....0000dcedbd\")?(sName=\"PackageForTheWeb data\",sOptions=\"InstallShield\",bDetected=1):Binary.compare(\"'00000000000000BD00000000000000010000000000000001'\",6560)?(sName=\"Autodesk Self-Extract data\",bDetected=1):Binary.compare(\"c0dececb8d8d8d8d\")?(sName=\"Ghost Installer archive\",sOptions=\"xored MSCF, mask: 8D\",bDetected=1):Binary.compare(\"02060a0405fd59\")?(sName=\"CreateInstall data\",sVersion=\"2003.3.5\",bDetected=1):Binary.compare(\"'RWMV'\")?(sName=\"VMWare Installation Launcher data\",bDetected=1):Binary.compare(\"........'GRCSETUPINFORMATION'\")?(sName=\"Codegear Installer data\",bDetected=1):Binary.compare(\"'xvm'0003\")?(sName=\"Spoon Studio data\",bDetected=1):Binary.compare(\"2f30ee1f5e4ee51e\")?(sName=\"Advanced Installer data\",sOptions=\"MS Compound-like format\",bDetected=1):Binary.compare(\"'^OPT'\")?-1!=(e=Binary.findString(Binary.getOverlayOffset(),80,\"^ARC\"))&&Binary.compare(\"1f8b08\",e+4)&&(sName=\"Adobe SVG Installer\",sOptions=\"gzip\",bDetected=1):Binary.compare(\"07d26cbf2159abaa0100000000\")?(sName=\"Chilkat ZIP Self-Extractor data\",bDetected=1):Binary.compare(\"'IST'00\")?(sName=\"Dolphin Virtual Machine data\",sVersion=\"5.0\",bDetected=1):Binary.compare(\"'@._P-DATA_.@'\")?(sName=\"CodeFusion Wizard data\",bDetected=1):Binary.compare(\"'ASWsetupFPkgFil3'\")?(sName=\"avast! Antivirus installer data\",bDetected=1):Binary.compare(\"5b3e\")?-1!=(e=Binary.findSignature(Binary.getOverlayOffset(),1280,\"'PK'0304\"))&&(sName=\"InstallAnywhere data\",sOptions=\"zip\",bDetected=1):Binary.compare(\"........efbeadde'NullsoftInst'\")?(sName=\"NSIS data\",bDetected=1):Binary.compare(\"................fec1cd666ebccf01fec1cd666ebccf0100..............78da\")?(sName=\"Internet Download Manager installer data\",sOptions=\"zlib\",bDetected=1):Binary.compare(\"d513e4e801000000\")?(sName=\"Install4j installer data\",bDetected=1):Binary.compare(\"efbbbf';!@Install@!UTF-8!'\")?(sName=\"7-zip Installer data\",bDetected=1):Binary.compare(\"'UM'030a00\")?(sName=\"Sony Windows installer data\",bDetected=1):Binary.compare(\"7b00320030003700320036003300370037002d00\")||-1!=Binary.findSignature(Binary.getOverlayOffset(),Math.min(256,Binary.getOverlaySize()),\"7b00320030003700320036003300370037002d00\")?(sName=\"ADS Self Extractor data\",bDetected=1):Binary.compare(\"276327631226097513180178\")?(sName=\"Chaos Software installer data\",bDetected=1):Binary.compare(\"'OWS9G1'\",11)?(sName=\"Gentee installer data\",bDetected=1):Binary.compare(\"'SQ5SFX'\")?(sName=\"Squeez SFX data\",bDetected=1):Binary.compare(\"'Inno Setup Setup Data'\")?(sName=\"Inno Setup data\",bDetected=1):-1!=Binary.findSignature(Binary.getOverlayOffset(),Math.min(256,Binary.getOverlaySize()),\"'MSCF00000000'\")?(sName=\"CAB archive\",bDetected=1):-1!=Binary.findSignature(Binary.getOverlayOffset(),Math.min(256,Binary.getOverlaySize()),\"'ISc('\")?(sName=\"InstallShield archive\",bDetected=1):Binary.compare(\"'ExcelsiorII1'\")?(sName=\"Excelsior installer data\",bDetected=1):Binary.compare(\"'InstallShield'00\")?(sName=\"InstallShield data\",sOptions=\"2.X-3.X\",bDetected=1):Binary.compare(\"'wwwwI'874712\")?(sName=\"Multimedia Fusion installer data\",bDetected=1):Binary.compare(\"'PIMPFILE'00\")?(sName=\"PIMP installer data\",bDetected=1):Binary.compare(\"'tiz1'........78da\")?(sName=\"Tarma installer data\",sOptions=\"zlib\",bDetected=1):Binary.compare(\"'XXataDfOnigeB'\")?(sName=\"I-D Media installer data\",bDetected=1):Binary.compare(\"'This is the end of the executable'\")?(sName=\"SwiftView installer data\",bDetected=1):Binary.compare(\"1f8b08\",12288)?(sName=\"BulletProofSoft installer data\",sOptions=\"gzip\",bDetected=1):Binary.compare(\"'AddD'03\")?(sName=\"SecuROM data\",e=Binary.getOverlayOffset(),sVersion=Binary.getString(e+8),bDetected=1):Binary.compare(\"'NB02'\")?(sName=\"CodeView 3.14 debug information\",bDetected=1):Binary.compare(\"'NB09'\")?(sName=\"CodeView 4.10 debug information\",bDetected=1):Binary.compare(\"'NB11'\")?(sName=\"CodeView 5.0 debug information\",bDetected=1):Binary.compare(\"'NB10'\")?(sName=\"PDB 2.0 file link\",bDetected=1):Binary.compare(\"'RSDS'\")?(sName=\"PDB 7.0 file link\",bDetected=1):Binary.compare(\"'[(*|*)]MZ'\")?(sName=\"Mioplanet installer executable+data\",bDetected=1):Binary.compare(\"'MPV'\")?(sName=\"DelZip SFX data\",bDetected=1):Binary.compare(\"'MPU'00\")?(sName=\"CoffeeCup SFX data\",bDetected=1):Binary.compare(\"''\")?(sName=\"KRZIP archive\",bDetected=1):Binary.compare(\"..........87000001........5d0000800000\")?(sName=\"Smart Install Maker data\",bDetected=1):Binary.compare(\"'RS'\")?(sName=\"AOLSetup data\",bDetected=1):Binary.compare(\"'TGCF'\")?(sName=\"Setup-Specialist archive\",bDetected=1):Binary.compare(\"a3484bbe986c4aa9\")?(sName=\"AutoIt compiled script\",sVersion=\"2.XX-3.XX\",bDetected=1):Binary.compare(\"'MSCF'00000000\")?(sName=\"CAB archive\",bDetected=1):Binary.compare(\"'PK'0304\")?(sName=\"ZIP archive\",bDetected=1):Binary.compare(\"'$_BIM_CONFIG_START_$\")?(sName=\"Bytessence Install Maker data\",bDetected=1):Binary.compare(\"........'.eh_frame'00\")?(sName=\"BitRock installer data\",bDetected=1):Binary.compare(\"09050000\")?(sName=\"ThinApp data\",bDetected=1):Binary.compare(\"BDA6EEE9F9EDEFEDE5ED\")?(sName=\"Hamrick Software XOR-ed ZIP\",bDetected=1):Binary.compare(\"000000000000000038e8020000000000\")?(sName=\"Box Stub installer data\",bDetected=1):Binary.compare(\"a7870800\")||Binary.compare(\"a7870800\")?(sName=\"Install Factory data\",bDetected=1):Binary.compare(\"a6d6b210\")?(sName=\"Sax Software archive\",bDetected=1):Binary.compare(\"'Win_Sfx_For_Windows_'\")?(sName=\"XZIP-SFX data\",sOptions=\"by Netzip\",bDetected=1):\"[GeneralOptions]\"==X.SU16(2,16)?(sName=\"Advanced Installer data\",bDetected=1):Binary.compare(\"d90e0100889f\")&&(sName=\"Winlicense xored EXE (0xC5 xor mask)\",bDetected=1)),result()}meta(\"data\",\"\")" }, { "path": "dbs_min/db/Binary/debug_data_debugData.1.sg", "content": "function detect(){var r=Binary.getSize()\nif(21243===Binary.readWord(0))return a=Binary.readByte(2),e=Binary.readByte(3),a=(10*(a>>4)+(15&a)).toString(),e=(10*(e>>4)+(15&e)).toString(),_setResult(sType,\"Borland\",e+\".\"+a,\"TDS\"+(Binary.readWord(14)?\" \"+Binary.readWord(14)+\" symbols\":\"\")),!0\nif(Binary.compare(\"'FB09'\"))return _setResult(sType,\"Borland\",\"\",\"Delphi TDS\"),!0\nif(Binary.compare(\"'FB0A'\"))return _setResult(sType,\"Borland\",\"\",\"C++ TDS\"),!0\nvar e=Binary.readDword(r-4)\nif(16>2)){for(;a>0&&sOption(\"hiDef\"),(128&a)>>2&&sOption(\"compressed\"),!Binary.getSize()==Binary.read_uint32(5))&&sOption(\"wrong size!\")}else Binary.compare(\"'WBND'\")?(bDetected=1,sName=\"Microsoft XACT Wave Bank (.XWB)\"):Binary.compare(\"'SDBK'\")?(bDetected=1,sName=\"Microsoft XACT Sound Bank (.XSB)\"):Binary.compare(\"'XGSF'\")&&(bDetected=1,sName=\"Microsoft XACT Global Settings File (.XGS)\")\nreturn result()}meta(\"format\",\"\")" }, { "path": "dbs_min/db/Binary/format_OBC.1.sg", "content": "function detect(){var t\nreturn Binary.compare(\"'OBC Copyright MDO'20\")&&(t=Binary.getString(18,5).trim(),/^[12]\\d{3}$/.test(t))&&(sVersion=t,sOptions=File.cleanString(Binary.getString(84,14)),bDetected=1),result()}meta(\"format\",\"Compiled DEV7 object (.OBC)\")" }, { "path": "dbs_min/db/Binary/format_OpenSSH.1.sg", "content": "function detect(){return Binary.compare(\"2d2d2d2d2d424547494e20'OPENSSH PRIVATE KEY'2d2d2d2d2d\")&&(bDetected=1),result()}meta(\"format\",\"OpenSSH Private Key\")" }, { "path": "dbs_min/db/Binary/format_P7X.1.sg", "content": "function detect(){return Binary.compare(\"'PKCX0'82\")&&(sOptions=\"PKCX0\",bDetected=1),result()}meta(\"format\",\"P7X\")" }, { "path": "dbs_min/db/Binary/format_PAT.1.sg", "content": "function detect(){return Binary.compare(\"000000..00000..10000\")&&(bDetected=1),result()}meta(\"format\",\"Gimp Pattern\")" }, { "path": "dbs_min/db/Binary/format_PDB.1.sg", "content": "function detect(){if(Binary.compare(\"'BSJB'0100\")?(sVersion=\"1.0\",bDetected=1):Binary.compare(\"'Microsoft C/C++ program database 2.00\\r\\n'1A4A470000\")?(sVersion=\"2.0\",bDetected=1):Binary.compare(\"'Microsoft C/C++ MSF 7.00\\r\\n'1A4453000000\")&&(sVersion=\"7.0\",bDetected=1),bDetected){var r,e={\"'$'11'@P:Microsoft.VisualBasic'00\":\"VB.NET\",\"%%%%%%%%%%'.cs'00\":\"C#\",\"'$'11'@P:FSharp.Core'00\":\"F#\",\"'std::'%%%%%%\":\"C++\"}\nfor(r in e)if(Binary.isSignaturePresent(0,9437184,r)){sLang=e[r]\nbreak}}return result()}meta(\"format\",\"Microsoft Program Database (.PDB)\")" }, { "path": "dbs_min/db/Binary/format_PEM.1.sg", "content": "function detect(){return Binary.compare(\"2d2d2d2d2d424547494e20'CERTIFICATE'2d2d2d2d2d\")?(sVersion=\"Certificate\",bDetected=1):Binary.compare(\"2d2d2d2d2d424547494e20'PRIVATE KEY'2d2d2d2d2d\")?(sVersion=\"Private Key\",bDetected=1):Binary.compare(\"2d2d2d2d2d424547494e20'RSA PRIVATE KEY'2d2d2d2d2d\")?(sVersion=\"RSA Private Key\",bDetected=1):Binary.compare(\"2d2d2d2d2d424547494e20'ENCRYPTED PRIVATE KEY'2d2d2d2d2d\")?(sVersion=\"Encrypted Private Key\",bDetected=1):Binary.compare(\"2d2d2d2d2d424547494e20'PUBLIC KEY'2d2d2d2d2d\")?(sVersion=\"Public Key\",bDetected=1):Binary.compare(\"2d2d2d2d2d424547494e20'CERTIFICATE REQUEST'2d2d2d2d2d\")?(sVersion=\"Certificate Signing Request (CSR)\",bDetected=1):Binary.compare(\"2d2d2d2d2d424547494e20'PKCS7'2d2d2d2d2d\")?(sVersion=\"PKCS7/CMS Message\",bDetected=1):Binary.compare(\"2d2d2d2d2d424547494e20'X509 CRL'2d2d2d2d2d\")&&(sVersion=\"Certificate Revocation List (CRL)\",bDetected=1),result()}meta(\"format\",\"Privacy-Enhanced Mail (.PEM)\")" }, { "path": "dbs_min/db/Binary/format_PGP.1.sg", "content": "function detect(){return Binary.compare(\"2d2d2d2d2d424547494e20'PGP'205349474e41545552452d2d2d2d2d\")&&(bDetected=1),result()}meta(\"format\",\"GPG\")" }, { "path": "dbs_min/db/Binary/format_POL.1.sg", "content": "function detect(){return Binary.compare(\"5052656701000000\")&&(bDetected=1),result()}meta(\"format\",\"Registry Policy File\")" }, { "path": "dbs_min/db/Binary/format_PRI.1.sg", "content": "function detect(){return Binary.compare(\"'mrm_pri2'00000100\")&&(bDetected=1),result()}meta(\"format\",\"PRI\")" }, { "path": "dbs_min/db/Binary/format_PS-X.1.sg", "content": "function detect(){var e\nreturn Binary.compare(\"'PS-X EXE'\")&&(e=Binary.getString(76,48).trim())&&(X.isVerbose()&&(sOptions=\"Region: \"+e),bDetected=1),result()}meta(\"format\",\"PlayStation executable (PS1)\")" }, { "path": "dbs_min/db/Binary/format_PSM2CFG.1.sg", "content": "function detect(){var t\nreturn Binary.compare(\"'PSM2CFG'\")&&(t=Binary.getString(17,4).trim(),/^[0-9\\.]{4}$/.test(t))&&(sVersion=t,bDetected=1),result()}meta(\"format\",\"PSM2CFG\")" }, { "path": "dbs_min/db/Binary/format_RARREG.1.sg", "content": "function detect(){return Binary.compare(\"'RAR registration data'0d0a\")&&(bDetected=1),result()}meta(\"format\",\"RAR registration data (.RARREG)\")" }, { "path": "dbs_min/db/Binary/format_RCK.1.sg", "content": "function detect(){return Binary.compare(\"'RKET'00000000\")&&(bDetected=1),result()}meta(\"format\",\"RCK\")" }, { "path": "dbs_min/db/Binary/format_RCO.1.sg", "content": "function detect(){return Binary.compare(\"0050524600010000\")&&(bDetected=1),result()}meta(\"format\",\"Resource Container (.RCO)\")" }, { "path": "dbs_min/db/Binary/format_RGS.1.sg", "content": "function detect(){return Binary.compare(\"'HKCR'0d0a7b0d0a09\")&&(sVersion=\"Windows Registry Script\",bDetected=1),result()}meta(\"format\",\"InstallShield\")" }, { "path": "dbs_min/db/Binary/format_RedShirt.1.sg", "content": "function detect(){return Binary.compare(\"'REDSHIRT'00\")?(sVersion=\"v1.0\",bDetected=1):Binary.compare(\"'REDSHRT2'00\")&&(sVersion=\"v2.0\",bDetected=1),result()}meta(\"format\",\"RedShirt\")" }, { "path": "dbs_min/db/Binary/format_SDI.1.sg", "content": "function detect(){return Binary.compare(\"'$SDI0001'0000000000000000\")&&(bDetected=1),result()}meta(\"format\",\"System Deployment Image (.SDI)\")" }, { "path": "dbs_min/db/Binary/format_SFK.1.sg", "content": "function detect(){return Binary.compare(\"'SFPK'0100000040\")&&(bDetected=1),result()}meta(\"format\",\"SFK\")" }, { "path": "dbs_min/db/Binary/format_SHBIN.1.sg", "content": "function detect(){var t\nreturn Binary.compare(\"'DVLB'\")&&(t=Binary.getString(12,4).trim(),/^[A-Z]{4}/.test(t))&&(X.isVerbose()&&(sOptions=t),bDetected=1),result()}meta(\"format\",\"Shader Binary\")" }, { "path": "dbs_min/db/Binary/format_SLN.1.sg", "content": "function detect(){var t\nreturn Binary.compare(\"efbbbf0d0a'Microsoft Visual Studio Solution File'\")&&(t=Binary.getString(59,5).trim(),/^\\d+\\.\\d{2}$/.test(t))&&(sVersion=t,bDetected=1),result()}meta(\"format\",\"Visual Studio solution file\")" }, { "path": "dbs_min/db/Binary/format_SLNX.1.sg", "content": "function detect(){return Binary.compare(\"''0d0a2020\")&&(bDetected=1),result()}meta(\"format\",\"SLNX\")" }, { "path": "dbs_min/db/Binary/format_SSHPublicKey.1.sg", "content": "function detect(){return Binary.compare(\"'ssh-ed25519'20\")?(sOptions=\"ed25519\",bDetected=1):Binary.compare(\"'ssh-rsa'20\")&&(sOptions=\"RSA\",bDetected=1),result()}meta(\"format\",\"SSH Public Key\")" }, { "path": "dbs_min/db/Binary/format_SystemErr.1.sg", "content": "function detect(){var t\nreturn Binary.compare(\"'System_Err'\")&&(t=Binary.getString(11,32).trim(),/^[ A-Za-z0-9\\-\\:\\\\\\.]{1,}$/.test(t))&&(X.isVerbose()&&(sOptions=t),bDetected=1),result()}meta(\"format\",\"System_Err\")" }, { "path": "dbs_min/db/Binary/format_TLB.1.sg", "content": "function detect(){return Binary.compare(\"'MSFT'020001000000000009040000\")&&(bDetected=1),result()}meta(\"format\",\"Microsoft Type Library\")" }, { "path": "dbs_min/db/Binary/format_TOT.1.sg", "content": "function detect(){var r\nreturn Binary.compare(\"?? ** 00'\")&&Binary.isSignaturePresent(0,32,\"00 00 '(c)'\")&&(bDetected=1,-1!==(r=Binary.findSignature(0,64,\"'Version ' %% 2E %%\"))&&(sVersion=Binary.getString(r+8,4)),-1!==(r=Binary.findSignature(0,64,\"'19' %% %%\")))&&(sVersion+=(sVersion?\", \":\"\")+Binary.getString(r,4)),result()}meta(\"format\",\"TOT\")" }, { "path": "dbs_min/db/Binary/format_TPU.1.sg", "content": "function detect(){return Binary.compare(\"'TPUQ'00000000\")&&(bDetected=1),result()}meta(\"format\",\"Turbo Pascal Unit (.TPU)\")" }, { "path": "dbs_min/db/Binary/format_UCM.1.sg", "content": "function detect(){return Binary.compare(\"'UCM1'02000000\")&&(sVersion=\"1.0\",sOptions=Binary.getString(8),bDetected=1),result()}meta(\"format\",\"UCM\")" }, { "path": "dbs_min/db/Binary/format_UPC.1.sg", "content": "function detect(){var t\nreturn Binary.compare(\"'UPC'\")&&(t=Binary.getString(13,3).trim(),/^[A-Z]{3}$/.test(t))&&(X.isVerbose()&&(sOptions=t),bDetected=1),result()}meta(\"format\",\"UPC\")" }, { "path": "dbs_min/db/Binary/format_UPF.1.sg", "content": "function detect(){var t\nreturn Binary.compare(\"'UPF'\")&&(t=Binary.getString(13,3).trim(),/^[A-Z]{3}$/.test(t))&&(X.isVerbose()&&(sOptions=t),bDetected=1),result()}meta(\"format\",\"UPF\")" }, { "path": "dbs_min/db/Binary/format_UPI.1.sg", "content": "function detect(){var t\nreturn Binary.compare(\"'UPI'\")&&(t=Binary.getString(13,3).trim(),/^[A-Z]{3}$/.test(t))&&(X.isVerbose()&&(sOptions=t),bDetected=1),result()}meta(\"format\",\"UPI\")" }, { "path": "dbs_min/db/Binary/format_VDI.1.sg", "content": "function detect(){if(512<=Binary.getSize()&&Binary.compare(\"7F10DABE\",64)){sVersion=\"v\"+Binary.read_uint16(68)+\".\"+Binary.read_uint16(70)\nvar i=Binary.getString(0).match(/<<< (.*?)\\ >>>/)\nif(i&&(sOptions='\"'+sOptions.append(i[1])+'\"',bDetected=1),bDetected&&Binary.isVerbose()){switch(Binary.read_uint16(76)){case 1:sOption(\"Normal dynamically\")\nbreak\ncase 2:sOption(\"Preallocated fixed size\")\nbreak\ncase 3:sOption(\"Dynamically growing for undo/commit changes\")\nbreak\ncase 4:sOption(\"Dynamically growing for differencings\")}sOption(\"Size:\"+Binary.bytesCountToString(Binary.read_uint64(368)))}}return result()}meta(\"format\",\"Virtual Disk Image (.VDI)\")" }, { "path": "dbs_min/db/Binary/format_VM2.1.sg", "content": "function detect(){return Binary.compare(\"'Sony PS2 Memory Card Format 1.2.0.0'000000000000020200100000\")&&(sVersion=\"1.2.0.0\",bDetected=1),result()}meta(\"format\",\"PS2 Memory Card\")" }, { "path": "dbs_min/db/Binary/format_VTF.1.sg", "content": "function detect(){return Binary.compare(\"'VTF'0007000000\")&&(bDetected=1),result()}meta(\"format\",\"Valve Texture\")" }, { "path": "dbs_min/db/Binary/format_VVD.1.sg", "content": "function detect(){return Binary.compare(\"'IDSV'04000000\")&&(bDetected=1),result()}meta(\"format\",\"VVD\")" }, { "path": "dbs_min/db/Binary/format_W3D.1.sg", "content": "function detect(){return Binary.compare(\"'IFX'000800000011000000\")&&(bDetected=1),result()}meta(\"format\",\"Shockwave 3D\")" }, { "path": "dbs_min/db/Binary/format_WASM.1.sg", "content": "function detect(){return Binary.compare(\"00'asm'010000000\")&&(bDetected=1),result()}meta(\"format\",\"WebAssembly (.WASM)\")" }, { "path": "dbs_min/db/Binary/format_WBFS.1.sg", "content": "function detect(){return Binary.compare(\"'WBFS'00....000915000001000000\")&&(sOptions=File.cleanString(Binary.getString(512,6)),bDetected=1),result()}meta(\"format\",\"Wii Backup File System\")" }, { "path": "dbs_min/db/Binary/format_XBE.1.sg", "content": "function detect(){return Binary.compare(\"'XBEH'000000000000000000000000\")&&(sOptions=\"unsigned\",bDetected=1),result()}meta(\"format\",\"Xbox Executable (.XBE)\")" }, { "path": "dbs_min/db/Binary/format_XBF.1.sg", "content": "function detect(){var t\nreturn Binary.compare(\"'XBF'\")&&(t=Binary.getString(68,32).trim(),/^[A-Z0-9]{32}/.test(t))&&(X.isVerbose()&&(sOptions=t),bDetected=1),result()}meta(\"format\",\"XBF\")" }, { "path": "dbs_min/db/Binary/format_XCG.1.sg", "content": "function detect(){var t\nreturn Binary.compare(\"'xcg File'\")&&(t=Binary.getString(9,4).trim(),/^[0-9/.]{4}$/.test(t))&&(sVersion=t,bDetected=1),result()}meta(\"format\",\"XCG (Graphics)\")" }, { "path": "dbs_min/db/Binary/format_XCI.1.sg", "content": "function detect(){var t\nreturn Binary.compare(\"'xci File'\")&&(t=Binary.getString(9,4).trim(),/^[0-9/.]{4}$/.test(t))&&(sVersion=t,bDetected=1),result()}meta(\"format\",\"XCI\")" }, { "path": "dbs_min/db/Binary/format_XCR.1.sg", "content": "function detect(){var t\nreturn Binary.compare(\"'xcr File'\")&&(t=Binary.getString(9,4).trim(),/^[0-9/.]{4}$/.test(t))&&(sVersion=t,bDetected=1),result()}meta(\"format\",\"XCR\")" }, { "path": "dbs_min/db/Binary/format_XCS.1.sg", "content": "function detect(){var t\nreturn Binary.compare(\"58 43 53\")&&(t=Binary.getString(4,2).trim(),/^[A-Z]{2}$/.test(t))&&(sVersion=t,bDetected=1),result()}meta(\"format\",\"XPAT Compiled Script (.XCS)\")" }, { "path": "dbs_min/db/Binary/format_XDelta.1.sg", "content": "function detect(){return Binary.compare(\"d6c3c4000502\")&&(bDetected=1),result()}meta(\"format\",\"XDelta\")" }, { "path": "dbs_min/db/Binary/format_XEX.1.sg", "content": "function detect(){return Binary.compare(\"'XEX2'000000..00\")&&(bDetected=1),result()}meta(\"format\",\"Xbox Executable File (.XEX)\")" }, { "path": "dbs_min/db/Binary/format_ZZDATA.1.sg", "content": "function detect(){return Binary.compare(\"'DIRINFO'000000000000000000\")&&(sVersion=\"CD-I\",bDetected=1),result()}meta(\"format\",\"ZZDATA\")" }, { "path": "dbs_min/db/Binary/format_ZinsSAV.1.sg", "content": "function detect(){return Binary.compare(\"'ZinsSAV'000001\")&&(bDetected=1),result()}meta(\"format\",\"Captain Zins Save\")" }, { "path": "dbs_min/db/Binary/format_bin.AAALogo.1.sg", "content": "function detect(){return 90<=Binary.getSize()&&Binary.compare(\"2CA46774\")&&(bDetected=1),result()}meta(\"format\",\"AAA Logo\")" }, { "path": "dbs_min/db/Binary/format_bin.COL.1.sg", "content": "function detect(){var e=0,r=[],t=0,a=\"\"\nfor(p=0;pX.Sz()){if(!X.c(\"'COLL'\",--p))break\na=a.addIfNone(\"!badchunk\")}if(e=8+X.U32(p+4,_LE),p+e>X.Sz())return\nvar i=X.SA(p+8,8)\nif(!i.length)break\nif(charStat(i,1).indexOf(\"allasc\")<0)return\nr.push(X.SA(p+8,8))}if(t)return a.length&&(sVersion=sVersion.appendS(\"malformed\"+a,\"/\")),X.isVerbose()&&(sOption(addEllipsis(r.join(\",\"))),sOption(outSz(p),\"sz:\")),bDetected=1,result()}meta(\"format\",\"RenderWare collision data (.COL)\")" }, { "path": "dbs_min/db/Binary/format_bin.GuitarPro.1.sg", "content": "function detect(){if(31X.Sz())return\nvar m=X.SA(z,4),b=(X.U16(z+4,_BE),X.U32(z+6,_BE))\nif(!isWithin(b,z,X.Sz())||!/\\w{3,}/.test(m)||0<=_.indexOf(b))return\n_.push(b),OX.Sz())return\nb=X.U32(z,_BE),X.U8(z+4),X.U24(z+5,_BE)\nif(!isWithin(b,z,X.Sz())||0<=_.indexOf(b))return\n_.push(b),Of||X.fSig(f,i,\"0d0a'ANNIVERSARY'\")>f||X.fSig(f,i,\"0d0a'CALADRURI'\")>f||X.fSig(f,i,\"0d0a'CALURI'\")>f||X.fSig(f,i,\"0d0a'CLIENTPIDMAP'\")>f||X.fSig(f,i,\"0d0a'FBURL'\")>f||X.fSig(f,i,\"0d0a'GENDER'\")>f||X.fSig(f,i,\"0d0a'PRONOUNS'\")>f||X.fSig(f,i,\"0d0a'KIND'\")>f||X.fSig(f,i,\"0d0a'MEMBER'\")>f||X.fSig(f,i,\"0d0a'RELATED'\")>f||X.fSig(f,i,\"0d0a'XML'\")>f)&&(a=4),(+S<(a=X.fSig(f,i,\"0d0a'CATEGORIES:'\")>f||X.fSig(f,i,\"0d0a'CLASS:'\")>f||X.fSig(f,i,\"0d0a'IMPP'\")>f||X.fSig(f,i,\"0d0a'NAME'\")>f||X.fSig(f,i,\"0d0a'NICKNAME'\")>f||X.fSig(f,i,\"0d0a'PRODID'\")>f||X.fSig(f,i,\"0d0a'PROFILE'\")>f||X.fSig(f,i,\"0d0a'SORT-STRING'\")>f?Math.max(a,3):a)||4==a&&\"4.0\"==S&&(X.fSig(f,i,\"0d0a'LABEL'\")>f||X.fSig(f,i,\"0d0a'SORT-STRING'\")>f))&&sOption(\"version-incompatible fields\"),sOption(outSz(d),\"sz:\")),result()}meta(\"format\",\"vCard/Virtual Contact File (.VCF,.vcard)\")" }, { "path": "dbs_min/db/Binary/format_bin.WindowsIconCacheDB.1.sg", "content": "function detect(){if(20<=Binary.getSize()&&Binary.compare(\"..000000'Win4'\"))switch(bDetected=1,Binary.read_uint16(12)){case 6e3:sOption(\"Vista (Build 6000)\")\nbreak\ncase 6001:sOption(\"Vista (Build 6001)\")\nbreak\ncase 7600:sOption(\"Windows 7 (Build 7600)\")\nbreak\ncase 7601:sOption(\"Windows 7 (Build 6701)\")\nbreak\ncase 10586:sOption(\"Windows 10 (Build 10586)\")\nbreak\ndefault:sOption(\"Unknown version\")}return result()}meta(\"format\",\"Windows IconCacheDB\")" }, { "path": "dbs_min/db/Binary/format_database.SQLite.1.sg", "content": "function detect(){if(Binary.compare(\"'SQLite format 3'00\")){bDetected=1\nvar e=Binary.read_uint32(68,_BE),a=Binary.read_uint32(96,_BE),r=Binary.read_uint32(24,_BE),t=a/1e6>>0,i=(a-1e6*t)/1e3>>0\nswitch(sVersion=t+\".\"+i+\".\"+(a-1e6*t-1e3*i>>0),Binary.read_uint32(56,_BE)){case 1:sOption(\"UTF-8\")\nbreak\ncase 2:sOption(\"UTF-16LE\")\nbreak\ncase 3:sOption(\"UTF-16BE\")\nbreak\ndefault:return}e&&Binary.isVerbose()&&sOption(\"AppID: \"+e),r&&Binary.isVerbose()&&sOption(\"Changes: \"+r)}return result()}meta(\"format\",\"SQLite 3 database (.SQLITE)\")" }, { "path": "dbs_min/db/Binary/format_databases.1.sg", "content": "function detect(){return Binary.compare(\"00010000'Standard Jet DB'00\")&&(sName=\"Microsoft Access database (.MDB)\",bDetected=1),!bDetected&&(function(){switch(nv=X.U8(0),v5=!1,nv){case 2:sv=\"FoxBase 1.0\"\nbreak\ncase 3:sv=\"FoxBase 2.x / dBASE III, no memo file\"\nbreak\ncase 4:sv=\"dBASE IV, no memo file\"\nbreak\ncase 5:sv=\"dBASE V, no memo file\"\nbreak\ncase 7:sv=\"VISUAL OBJECTS v1.x for dBase III, no memo file\"\nbreak\ncase 48:sv=\"Visual FoxPro (possibly with DBC)\"\nbreak\ncase 49:sv=\"Visual FoxPro with auto increment\"\nbreak\ncase 50:sv=\"Visual FoxPro with varchar/varbinary\"\nbreak\ncase 67:sv=\"dBASE IV SQL Table, no memo file / Flagship .dbv memo var size\"\nbreak\ncase 100:sv=\"dBASE IV SQL System, no memo file\"\nbreak\ncase 131:sv=\"FoxBase 2.x / dBASE III+ with memo file\"\nbreak\ncase 135:sv=\"VisualObjects 1.x with memo file\"\nbreak\ncase 139:sv=\"dBASE IV with memo file\"\nbreak\ncase 140:sv=\"dBASE V with memo file\"\nbreak\ncase 142:sv=\"dBASE IV with SQL table\"\nbreak\ncase 179:sv=\".dbv with memo table\"\nbreak\ncase 203:sv=\"dBASE IV SQL Table with memo file\"\nbreak\ncase 229:sv=\"Clipper SIX with memo file\"\nbreak\ncase 245:sv=\"FoxPro 2 with memo file\"\nbreak\ncase 251:sv=\"FoxPro 2, no memo file\"\nbreak\ndefault:return}if(2==nv){if(!(recc=X.U16(1)))return\nif(!(recsz=X.U16(6)))return\nhdrsz=521,rectp=8,enc=\"IBM437\"}else{if((y=X.U8(1))<80?y+=2e3:y+=1900,m=X.U8(2),d=X.U8(3),X.c(\"000000\",1))upd=\"never\"\nelse{if(!isWithin(y,1970,2100)||!isWithin(m,1,12)||!isWithin(d,1,31))return\nupd=y+\"-\"+m.padStart(2,\"0\")+d.padStart(2,\"0\")}if(!(recc=X.U32(4)))return\nif(hdrsz=X.U16(8),recsz=X.U16(10),hdrsz<32||!recsz)return\nif(res0=X.U24(12),res1=X.readBytes(15,13),res2=X.U32(28),0<=[4,140].indexOf(nv))rectp=68,enc=\"CP\"+X.SA(34,3),isWithin(t=X.SA(37,1),\"0\",\"9\")&&(enc+=t),\"CPKOI8\"==enc&&(enc+=X.SA(38,1)),v5=!0\nelse switch(rectp=32,X.U8(29)){case 2:enc=\"CP850\"\nbreak\ncase 3:enc=\"CP1252\"\nbreak\ncase 4:enc=\"CP10000\"\nbreak\ncase 100:enc=\"CP852\"\nbreak\ncase 101:enc=\"CP865\"\nbreak\ncase 102:enc=\"CP866\"\nbreak\ncase 103:enc=\"IBM861\"\nbreak\ncase 106:enc=\"IBM737\"\nbreak\ncase 107:enc=\"IBM857\"\nbreak\ncase 150:enc=\"CP10007\"\nbreak\ncase 151:enc=\"CP10029\"\nbreak\ncase 152:enc=\"CP10006\"\nbreak\ncase 200:enc=\"CP1250\"\nbreak\ncase 201:enc=\"CP1251\"\nbreak\ncase 202:enc=\"CP1254\"\nbreak\ncase 203:enc=\"CP1253\"\nbreak\ndefault:enc=\"IBM437\"}}for(validC=[\"C\",\"N\",\"L\",\"D\",\"M\",\"F\",\"B\",\"G\",\"P\",\"Y\",\"T\",\"I\",\"V\",\"X\",\"@\",\"O\",\"+\",\"0\"],fldc=0,totalfldsz=1,p=rectp,old=[0,1];13!=X.U8(p)&&pfldsz)return\nfldc++,p+=2==nv?16:v5?48:32,0<=charStat(e.slice(0,e.indexOf(0)),1).indexOf(\"foreign\")&&\"IBM437\"==enc&&(enc=\"CP1251\")}if(totalfldsz-recsz==0){if(del=0,X.isDeepScan())for(p=hdrsz,i=0;ip+hksz){bad=bad.addIfNone(\"!short\")\nbreak}switch(shd){case\"INFO\":var e=X.U16(q,_BE),a=X.U16(q+2,_BE),n=X.U16(q+6,_LE),m=X.U8(q+8)\nemaxh&&(maxh=a),nmaxdpi&&(maxdpi=n),mmaxgm&&(maxgm=m)\nbreak\ncase\"INCL\":break\ncase\"TXTa\":case\"TXTz\":X.isVerbose()&&(sOptions=sOptions.addIfNone(\"text&layoutinfo,\"))}(q+=ssz)%2&&q++}break\ndefault:bad=bad.addIfNone(\"!badchunk<\"+hkhd+\">@\"+Hex(p-8))}(p+=hksz)%2&&p++}}return sOptions.length&&\",\"==sOptions[sOptions.length-1]&&(sOptions=sOptions.slice(0,sOptions.length-1)),bDetected=1,\"\"!=bad&&(sVersion=sVersion.appendS(\"malformed\"+addEllipsis(bad,128,64),\"/\")),X.isVerbose()&&(X.isDeepScan()&&(sOption((minw!=i?\"[\"+minw+\"~\"+i+\"]\":minw)+\"×\"+(minh!=maxh?\"[\"+minh+\"~\"+maxh+\"]\":minh)),sOption(mindpi!=maxdpi?\"[\"+mindpi+\"~\"+maxdpi:mindpi,\"\",\"dpi\"),sOption(\"gamma \"+(mingm!=maxgm?\"[\"+(mingm/10).toFixed(1)+\"~\"+(maxgm/10).toFixed(1)+\"]\":(mingm/10).toFixed(1)))),sOption(outSz(sz),\"sz:\")),result()}meta(\"format\",\"DjVu document (.DJVU)\")" }, { "path": "dbs_min/db/Binary/format_doc.HLP.1.sg", "content": "function detect(){return Binary.compare(\"3f5f0300\")&&(bDetected=1),result()}meta(\"format\",\"MS Help\")" }, { "path": "dbs_min/db/Binary/format_doc.PDF.1.sg", "content": "function detect(){if(/^\\%PDF-\\d+\\.\\d+/.test(File.read_ansiString(0,10))){sVersion=File.getString(5,3),bDetected=1\nvar t=0\nfor(i=8;i<15;i++)128&File.read_uint8(i)&&t++\nt&&(sOptions=\"binary data\")}return result()}meta(\"format\",\"PDF\")" }, { "path": "dbs_min/db/Binary/format_doc.RTF.1.sg", "content": "function detect(){if(/^{\\\\rtf1?/.test(File.read_ansiString(0,6))){bDetected=1\nfor(var e=4;eFile.getSize()){sVersion+=\"!short\"\nbreak}switch(e+=8,hkhd){case\"IEND\":i=!0\nbreak\ncase\"IHDR\":s=File.read_uint32(e,_BE),h=File.read_uint32(e+4,_BE),a=1<=Binary.readDword(2)){switch(Binary.readDword(14)){case 40:sVersion=\"3\"\nbreak\ncase 108:sVersion=\"4\"\nbreak\ncase 124:sVersion=\"5\"}if(sVersion){switch(Binary.readDword(30)){case 1:case 2:sOptions=\"RLE\"\nbreak\ncase 4:sOptions=\"JPEG\"\nbreak\ncase 5:sOptions=\"PNG\"}(nHeight=~~Binary.readDword(22))<0&&(nHeight=-nHeight,sOptions=sOptions.append(\"top-down\")),sOptions=sOptions.append(Binary.readDword(18)+\"x\"+nHeight,Binary.readWord(28)+\"bpp\")}bDetected=1}return result()}meta(\"image\",\"Windows Bitmap\")" }, { "path": "dbs_min/db/Binary/image_CUR.1.sg", "content": "function detect(){if(40<=X.Sz()&&X.c(\"00000200\")){var s,n,r=X.U16(4),t=0,i=0,e=0,p=6+16*r\nif(6===p||p>X.Sz())return!1\nfor(var o=0;oX.Sz()-22)return!1\np+=sz_\nvar u=X.U8(6+16*o)\nt=File.getSize()){a+=\"!short\"\nbreak}if(44==l){if(imgs++,!File.read_uint16(p+4)||!File.read_uint16(p+6)){a+=\"!badimg\"\nbreak}for(p+=8,e=File.read_uint8(p++),p++,128&e&&(r=1<<1+(7&e),p+=3*r,_log(\" local palettes skipped @\"+Hex(p))),s=File.read_uint8(p++);s&&p=File.getSize()){a+=\"!short\"\nbreak}}}59!=l&&(a+=\"!badEoS\"),imgs?(1X.Sz())return!1\nfor(var n,r,e,a=0,s=0,c=0,_=68719476735,o=68719476735,u=68719476735,f=0;fX.Sz()-22)return!1\nif(i+=sz_,0===n){var h=X.U32(18+16*f,_LE)\nif(X.c(\"89'PNG\\r\\n'1A0A........'IHDR'\",h))n=X.I32(h+16,_BE),r=X.I32(h+20,_BE)\nelse{if(!X.c(\"28000000\",h))return!1\nn=Math.abs(X.I32(h+4,_LE)),r=Math.abs(X.I32(h+8,_LE))}}else r=X.U8(7+16*f)\n_=Math.min(n,_),o=Math.min(r,o),u=Math.min(e,u),a=Math.max(n,a),s=Math.max(r,s),c=Math.max(e,c)}if(!a||!s)return!1\nsOption((_!=a||o!=s?_+\"x\"+o+\" ~ \":\"\")+a+\"x\"+s),sOption((u!=c?u+\"~\":\"\")+c+\"bpp\"),1sz&&(sz=t+Binary.read_uint64(p+8))\nsOption(\"sz:\"+outSz(sz))}}else Binary.compare(\"734213004D00\")&&(bDetected=1,sName=\"Basis Universal GPU Texture (.BASIS)\",Binary.isVerbose())\nreturn result()}meta(\"image\",\"\")" }, { "path": "dbs_min/db/Binary/image_LBM.1.sg", "content": "function detect(){if(File.compare(\"'FORM'\")&&(File.compare(\"'ILBM'\",8)||File.compare(\"'PBM '\",8))){for(sz=File.read_uint32(4,_BE)+8,File.getSize()>3&&(s++,e+=\"!bpline\"+p+\">3&&sOption(p,\"scanline:\"),sOption(r+\"x\"+o,\"res:\",\" dpi\"),X.U16(70)*X.U16(72)&&sOption(X.U16(70)+\"x\"+X.U16(72),\"screen:\"),i||sOption(128+(n*t*u>>3),\"sz:\")),bDetected=1}return result()}meta(\"image\",\"ZSoft PiCture eXchange file (.PCX)\")" }, { "path": "dbs_min/db/Binary/image_PSD.1.sg", "content": "function detect(){if(32<=Binary.getSize()&&Binary.compare(\"'8BPS'\")){switch(bDetected=1,File.read_uint16(4,_BE)){case 1:sName+=\" (.PSD)\",sVersion=\"v1.0\"\nbreak\ncase 2:sName+=\" BIG (.PSB)\",sVersion=\"v2.0\"\nbreak\ndefault:bDetected=0}var e=Binary.read_uint16(12,_BE),a=Binary.read_uint32(14,_BE),t=Binary.read_uint32(18,_BE),i=Binary.read_uint16(22,_BE),n=Binary.read_uint16(24,_BE)\nswitch(sOption(t+\"x\"+a),n){case 0:sOption(\"Bitmap\")\nbreak\ncase 1:sOption(\"Gray-scale\")\nbreak\ncase 2:sOption(\"Indexed\")\nbreak\ncase 3:sOption(\"RGB\")\nbreak\ncase 4:sOption(\"CMYK\")\nbreak\ncase 7:sOption(\"Multichannel\")\nbreak\ncase 8:sOption(\"Duotone\")\nbreak\ncase 9:sOption(\"Lab\")\nbreak\ndefault:bDetected=0}sOption(e*i+\"-bit\")}return result()}meta(\"image\",\"Adobe Photoshop\")" }, { "path": "dbs_min/db/Binary/image_PVR.1.sg", "content": "function detect(){return 52<=Binary.getSize()&&Binary.compare(\"'PVR'03\")&&(bDetected=1,sName=\"PowerVR PVR texture (.PVR)\",Binary.isVerbose())&&(sOption(Binary.read_uint32(24)+\"x\"+Binary.read_uint32(28)),sOption([\"PVRTC 2bpp RGB\",\"PVRTC 2bpp RGBA\",\"PVRTC 4bpp RGB\",\"PVRTC 4bpp RGBA\",\"PVRTC-II 2bpp\",\"PVRTC-II 4bpp\",\"ETC1\",\"BC1\\\\DXT1\",\"DXT2\",\"BC2\\\\DXT3\",\"DXT4\",\"BC3\\\\DXT5\",\"BC4\",\"BC5\",\"BC6\",\"BC7\",\"UYVY\",\"YUY2\",\"BW1bpp\",\"R9G9B9E5 Shared Exponent\",\"RGBG8888\",\"GRGB8888\",\"ETC2 RGB\",\"ETC2 RGBA\",\"ETC2 RGB A1\",\"EAC R11\",\"EAC RG11\",\"ASTC_4x4\",\"ASTC_5x4\",\"ASTC_5x5\",\"ASTC_6x5\",\"ASTC_6x6\",\"ASTC_8x5\",\"ASTC_8x6\",\"ASTC_8x8\",\"ASTC_10x5\",\"ASTC_10x6\",\"ASTC_10x8\",\"ASTC_10x10\",\"ASTC_12x10\",\"ASTC_12x12\",\"ASTC_3x3x3\",\"ASTC_4x3x3\",\"ASTC_4x4x3\",\"ASTC_4x4x4\",\"ASTC_5x4x4\",\"ASTC_5x5x4\",\"ASTC_5x5x5\",\"ASTC_6x5x5\",\"ASTC_6x6x5\",\"ASTC_6x6x6\"][Binary.read_uint64(8)]),Binary.read_uint32(16)?sOption(\"Linear RGB\"):sOption(\"Standard RGB\")),result()}meta(\"image\",\"\")" }, { "path": "dbs_min/db/Binary/image_QOI.1.sg", "content": "function detect(){if(14<=Binary.getSize()&&Binary.compare(\"'qoif'\")){switch(bDetected=1,sOptions=sOptions.append(Binary.read_uint32(4,_BE)+\"x\"+Binary.read_uint32(8,_BE)),File.read_uint8(12)){case 3:sOption(\"RGB\")\nbreak\ncase 4:sOption(\"RGBA\")\nbreak\ndefault:return}switch(File.read_uint8(13)){case 0:sOption(\"sRGB with linear alpha\")\nbreak\ncase 1:sOption(\"all channels linear\")\nbreak\ndefault:return}}return result()}meta(\"image\",\"Quite OK Image (.QOI)\")" }, { "path": "dbs_min/db/Binary/image_SMDH.1.sg", "content": "function detect(){return Binary.compare(\"'SMDH'00000000\")&&(bDetected=1),result()}meta(\"image\",\"SMDH\")" }, { "path": "dbs_min/db/Binary/image_TGA.1.sg", "content": "function detect(){if(X.Sz()<18)return!1\nbad=\"\"\nvar e=X.U8(0),s=X.U8(1),a=0,r=X.U8(2),o=X.U8(16),n=\"\",t=\"none\"\nif((o<1||17<=o)&&24!=o&&32!=o)return!1\nswitch(r){case 1:if(!s)return\nn=\"pseudo\",X.isVerbose()&&sOption(\"colormap\")\nbreak\ncase 2:X.isVerbose()&&sOption(\"RGB\"),a=\"24bit\"\nbreak\ncase 3:X.isVerbose()&&sOption(\"monochrome\")\nbreak\ncase 9:if(!s)return\nt=\"rle\",n=\"pseudo\",X.isVerbose()&&sOption(\"RLE colormap\")\nbreak\ncase 10:t=\"rle\",X.isVerbose()&&sOption(\"RLE RGB\"),a=\"24bit\"\nbreak\ncase 11:t=\"rle\",X.isVerbose()&&sOption(\"RLE monochrome\")\nbreak\ncase 32:if(!s)return\nt=\"hdr\",n=\"pseudo\",X.isVerbose()&&sOption(\"H/d/RLE colormap\")\nbreak\ncase 33:if(!s)return\nt=\"hdrq\",n=\"pseudo\",X.isVerbose()&&sOption(\"H/d/RLE 4-pass colormap\")\nbreak\ndefault:return}var f=0,u=X.U16(3),c=X.U16(5),b=X.U8(7),d=X.U16(8),U=X.U16(10),l=X.U16(12),m=X.U16(14),S=X.U8(17)\nif(!l||!m||4096X.Sz())return\nif(p=18,e&&X.SC(p,e,\"CP437\"),p+=e,s)switch(a>6==2?2:1\nif(\"hdr\"!=t&&\"hdrq\"!=t){for(var O=0;Ol&&(base++,ofs=base),p>X.Sz()){if(!X.isHeuristicScan())return\nbad=bad.addIfNone(\"!short\")}return ea=0,X.isHeuristicScan()&&(sigsz=15,found=!1,ext=X.fSig(p,4096,\"'TRUEVISION-XX.'00\"),(found=k(ext)?!0:found)||(sigsz=18,k(ext=X.fSig(p,4096,\"'TRUEVISION-XFILE.'00\"))&&(found=!0)),found||k(ext=X.fSig(X.Sz()-20,21,\"'TRUEVISION-XFILE.'00\"))&&(found=!0),found)?(sVersion=sV,p=ext+sigsz):sVersion=\"v1.X\",X.isVerbose()&&(sOption(l+\"x\"+m+\" (\"+d+\",\"+U+\")\"),sOption(o,\"bpp:\"),o<24&&sOption(a,\"colours:\"),ea&&(sOption(gamma,\"gamma:\"),sOptionT(auth,\"by:\"),sOption(timestamp,\"on:\"),sOption(sw,\"in:\"),sOption(xmsg,'msg:\"','\"')),\"rle\"==t&&!X.isDeepScan()||sOption(outSz(p),\"sz:\")),bad&&(sVersion+=\"/malformed\"+bad),bDetected=1,result()}function k(e){if(!(e<=p)){ea=X.U32(e-8),esz=X.U16(ea)\nvar s=X.U32(e-4)\nif(!(p>e-8||ea&&p>ea||s&&p>s||(s||ea)&&ea==s||ea&&ea+esz>e||s&&ea&&eas)){if(ea?(sV=495==esz?\"v2.0\":\"v2.X\",auth=X.SC(ea+2,41,\"CP437\"),xmsg=X.SC(ea+43,324,\"CP437\"),timestamp=X.U16(ea+371)+\"-\"+X.U16(ea+369)+\"-\"+X.U16(ea+367)+\" \"+X.U16(ea+373)+\":\"+X.U16(ea+375)+\":\"+X.U16(ea+377),sw=X.SC(ea+426,41,\"CP437\").trim()+\" v\"+Math.floor(X.U16(ea+467)/100).toString()+\".\"+(X.U16(ea+467)%100).toString()+X.SC(ea+469,1,\"CP437\"),gamma=(X.U16(ea+478)/X.U16(ea+480)).toFixed(1)):sV=\"v2.X\",s){var a=X.U16(s),r=10*a+2\nif(eea)return\nfor(i=0;iBinary.getSize()&&(e=Binary.getSize()),Binary.isSignaturePresent(0,e,n)||e!=Binary.getSize())return Binary.isSignaturePresent(Binary.getSize()-e,e,n)}meta(\"protector\",\"javascript-obfuscator\")" }, { "path": "dbs_min/db/Binary/rom_32X.1.sg", "content": "function detect(){return Binary.compare(\"'SEGA SSF '\",256)&&(bDetected=1),result()}meta(\"rom\",\"Mega Drive (Mega Everdrive extensions)\")" }, { "path": "dbs_min/db/Binary/script_text.Shell.1.sg", "content": "function detect(){return isInterpreter(\"sh\")&&(bDetected=1),result()}meta(\"script\",\"Shell\"),includeScript(\"shell-script\")" }, { "path": "dbs_min/db/Binary/shellcode.pe_to_shellcode.1.sg", "content": "function detect(){bDetected=0\nvar B=[\"4D5A4552E8000000005B4883EB09534881C3\",\"4D5A4552E8000000005883E8095005\",\"558BEC51518D45F85350E8AA0100005984C0750883C8FFE9A400000056578B7D08B84D5A00006639070F858C0000008B773C03F7813E50450000757F8D86A000000033DB391875046AFDEB71FF76345750E8FB00000083C40C84C075046AFCEB5C399E80000000742357FFB684000000FFB680000000FF75FCFF75F8E86F00000083C41484C075046AFBEB318D86C0000000391874095750E82800000059598B4628B90020000003C766854E167408536A0157FFD0EB07FFD0EB036AFE585F5E5BC9C204008B44240456578B7C24108B008B74380C85F674128B0E85C9740C6A006A0157FFD183C60475EE5FB0015EC3538B5C241855568B7424185703F3EB3C03C350FF5424188BE885ED74408B7E1003FBEB1F79050FB7C1EB058D430203C185C074295055FF54242085C0741F890783C7048B0F85C975DB83C6148B460C85C075BD85F60F95C05F5E5D5BC332C0EBF78B4424045355568B08034C241457EB478B410483F808723F8D68F8D1ED6A005B74320FB7545908668BC266C1E80C6685C074216683F803752B8B44241881E2FF0F00002B44241C03D6035424180102433BDD72CE0349048B3185F675B3B0015F5E5D5BC332C0EBF7565768029FE66AE88B0100008BF05985F67431688DBDC13F56E87C0000008BF8595985FF741E68FF1F7CC956E869000000595985C0740D8B4C240C894104B0018939EB0232C05F5EC353568B74240C83CAFF8A1E84DB743B8A7C24105784FF750A8D43BF3C19770380C3206A085F8BCA0FBEC3D1E933C28BD181F22083B8ED24010F44D1D0FB83EF0175E3468A1E84DB75CB5FF7D25E8BC25BC351515355568B742418B84D5A00005766390675618B463C8B44307885C074568B54301C33FF8B4C30188954241C8B5430208B443024894C241085C974388D1C328D2C308B4C241C0FB745006A018D048103C6894424188B0303C650E84FFFFFFF59593B44242074164783C50283C3043B7C241072CE33C05F5E5D5B5959C38B4424148B0003C6EBEF56578B7C240C83CAFF33F60FB7076685C0745B5355807C2418000FB7C8894C241475108D41BF6683F819770783C120894C2414668B5C24146A085D8BC233CAD1E88BD081F22083B8ED80E1010F44D066D1EB66895C241483ED0174068B4C2414EBD9460FB704776685C075A95D5BF7D25F8BC25EC364A1300000005356578B780C83C7148B37EB288D46F885C074258B581885DB741E8378300074126A00FF7030E85AFFFFFF59593B442410740C8B363BF775D433C05F5E5BC38BC3EBF800000000000000\",\"4D5A4552E800000000594883E909488BC14805\",\"56488BF44883E4F04883EC20E805000000488BE65EC348895C2408574883EC30488BF9488D4C2420E83702000084C0750883C8FFE9BD000000B84D5A00006639070F85AA00000048635F3C4803DF813B504500000F8597000000488D8BB0000000833900750AB8FDFFFFFFE9860000004C8B4330488BD7E86201000084C07507B8FCFFFFFFEB6F83BB9000000000742A0F28442420488D4C2420488B93900000004C8BC7660F7F442420E89300000084C07507B8FBFFFFFFEB3C488D8BD00000008339007408488BD7E8330000008B4328B9002000004803C766854B16740E4533C0488BCF418D5001FFD0EB09FFD0EB05B8FEFFFFFF488B5C24404883C4305FC348895C2408574883EC208B01488BFA488B5C10184885DB741B4C8B0B4D85C974134533C0488BCF418D500141FFD14883C30875E5488B5C2430B0014883C4205FC3488BC44889580848896810488970184889782041564883EC208BDA498BF04903D84C8BF1EB4A8BC84803CE41FF16488BE84885C074628B7B104803FEEB2679050FB7D1EB07488D56024803D14885D27447488BCD41FF56084885C0743B4889074883C708488B0F4885C975D24883C3148B430C85C075AF4885DB0F95C0488B5C2430488B6C2438488B742440488B7C24484883C420415EC332C0EBE148895C240848897C2410448B09498BD84C03CA4C8BDA33FF458B114585D27459418379040872F1418B51044C8BC74883EA0848D1EA7435430FB74C41080FB7C166C1E80C6685C074236683F80A752681E1FF0F0000498BC34103CA482BC34903CB49FFC04801014C3BC272CB418B41044C03C8EBA332C0EB02B001488B5C2408488B7C2410C348895C24084889742410574883EC20488BD9B9029FE66AE8FD010000488BF84885C07432BA8DBDC13F488BC8E893000000488BF04885C0741DBAFF1F7CC9488BCFE87E0000004885C0740B48894308B001488933EB0232C0488B5C2430488B7424384883C4205FC3448A09448ADA4C8BD14183C8FFEB414584DB750C418D41BF3C1977044180C120BA08000000418BC8410FBEC14133C0D1E9448BC14181F02083B8ED2401440F44C141D0F94883EA0175DB49FFC2458A0A4584C975BA41F7D0418BC0C3488BC448895808488968104889701848897820415441564157B84D5A0000448BFA4C8BC16639010F85870000004863413C8B8C088800000085C97478498D040833FF8B68184885ED746A448B4820448B50244D03C8448B601C4D03D0410FB702458B194D03D883CAFF498D3484EB2741BE080000008BCA0FBEC333C2D1E98BD181F22083B8ED24010F44D1D0FB4983EE0175E249FFC3418A1B84DB75D2F7D2413BD7742D48FFC74983C2024983C104483BFD72A833C0488B5C2420488B6C2428488B742430488B7C2438415F415E415CC3428B04064903C0EBDC48895C240848897C2410440FB7094183C8FF33FF8ADA448BD74C8BD9EB4684DB750F418D41BF6683F8197705664183C120BA08000000418BC8410FB7C14133C0D1E9448BC14181F02083B8ED2401440F44C16641D1E94883EA0175DA49FFC2470FB70C53664585C975B4488B5C240841F7D0488B7C2410418BC0C348895C240848896C24104889742418574883EC2065488B0425600000008BE9488B78184883C720488B1F483BDF7430488D43F04885C07427488B70304885F6741E488B48604885C9740B33D2E834FFFFFF3BC57405488B1BEBD0488BC6EB0233C0488B5C2430488B6C2438488B7424404883C4205FC300000000000000000000000000\"],C=Binary.getSize()\n16384]*>/im.test(e)&&(bDetected=1),sLang=\"HTM\",result()}meta(\"source\",\"HTML\")" }, { "path": "dbs_min/db/Binary/source_text.Pascal.1.sg", "content": "function detect(){var e=Binary.getHeaderString()\nreturn/^\\s*program\\s.*\\s*uses\\s/im.test(e)&&(bDetected=1),sLang=\"Pascal\",result()}meta(\"source\",\"Pascal\")" }, { "path": "dbs_min/db/Binary/source_text.XML.1.sg", "content": "function detect(){var e=Binary.getHeaderString()\nreturn/^(?:\\xef\\xbb\\xbf)?<\\?xml/.test(e)&&((e=e.match(/version=\"(.*?)\"/))&&(sVersion=e[1]),bDetected=1),result()}meta(\"source\",\"XML\")" }, { "path": "dbs_min/db/Binary/source_text.c.1.sg", "content": "function detect(){var e=Binary.getHeaderString()\nif((/^#ifndef (\\w+).*\\s+^#define \\1/m.test(e)||/#\\s*pragma (?:once|hdrstop)/.test(e))&&(sOptions=\"header\",bDetected=1),/^(?:class\\b|virtual\\b|public:|private:|template\\b)/m.test(e))/\\sdef\\s/.test(e)||(sName=\"C++\",bDetected=1)\nelse{var t=e.match(/^#include [\"<].*?[>\"]/gm)\nif(t){bDetected=1\nfor(var s=0;s@1Fq1Fx0F6,00F7,b(F8ZRu(XP2FzE,@r42fzWBxG!='\")&&(sOptions=\"1997 by GyikSoft\",bDetected=1),result()}meta(\"converter\",\"COM2TXT\")" }, { "path": "dbs_min/db/COM/converter_COMT.1.sg", "content": "function detect(){return Binary.compare(\"'ENC.COM.B&F='\")&&(sVersion=\"0.1d\",sOptions=\"(com2text) by Alex Pruss\",bDetected=1),result()}meta(\"converter\",\"COMT\")" }, { "path": "dbs_min/db/COM/converter_CRX2COM.1.sg", "content": "function detect(){return Binary.compare(\"e9$$$$8b1e....c1....81c3....e8....b4..ba....cd21bb....e8....b4..ba....cd21b8....ba....cd2173\")&&(bDetected=1),result()}meta(\"converter\",\"CRX2COM\")" }, { "path": "dbs_min/db/COM/converter_E2C.1.sg", "content": "function detect(){return Binary.compare(\"be....bf....b9....57f3a5c3\")?(sVersion=\"1.00-1.02\",bDetected=1):Binary.compare(\"be....bf....b9....fc57f3a5c3\")&&(sVersion=\"1.02a\",bDetected=1),result()}meta(\"converter\",\"E2C (EXE2COM) by The DoP\")" }, { "path": "dbs_min/db/COM/converter_EXE2COM.1.sg", "content": "function detect(){return Binary.compare(\"e9$$$$bf....be....a5a48cda83c2..50b9....ad970115e2\")?(sVersion=\"1.0\",sOptions=\"by D'B\",bDetected=1):Binary.compare(\"e9$$$$e800005b508cc005....8b0e....03c889....8b0e\")?(sVersion=\"1.0\",sOptions=\"by Microsoft\",bDetected=1):Binary.compare(\"b3..b9....33d2be....8bfeac32c3aa434932e403d0e3..eb..3b16....75..be....8bc6b1..d3e88cdb03c30344..a3....8cc805\")?(sOptions=\"CRC check\",bDetected=1):Binary.compare(\"e8$$$$bf....be....a5a48cda83c2..0116....81c2....8ed2bc....eb\")?(sOptions=\"by //ViP\",bDetected=1):Binary.compare(\"e9$$$$bf....be....a5a48cda83c2..50b4..bb....cd21580116....81c2....8ed2\")?(sOptions=\"0-Relocs by dR.No //ViP\",bDetected=1):Binary.compare(\"e9$$$$bf....be....a5a48cda83c2..0116....81c2....8ed2bc....eb..ea\")?(sOptions=\"0-Relocs by Sage //UCF\",bDetected=1):Binary.compare(\"e9$$$$e800005b81eb....8db7....bf....b9....f3a58db7....538ccf83c7..ad\")?(sVersion=\"2.0\",sOptions=\"by Paul Shpilsher\",bDetected=1):Binary.compare(\"e9$$$$8cca81c2....3b16....76..ba....b409cd21cd20\")?(sOptions=\"generic, type 1\",bDetected=1):Binary.compare(\"be....8b043d....74..ba....b409cd21cd208bc6b1..d3e88cdb03c303....a3....8cc805....a3....8b44\")?(sOptions=\"by RaskY\",bDetected=1):Binary.compare(\"bf....be....b9....fcf3a4068ccb83c3..011e....011e....b9....8b54..03d381c2....8ec28b3c\")||Binary.compare(\"bf....be....b9....fcf3a48ccb011e....011e....eb00bf....be....b9....bb....bd....fa\")?(sVersion=\"1.0\",sOptions=\"by Milkov\",bDetected=1):Binary.compare(\"eb$$be....8bc6b1..d3e88cdb03c30344..89048cc805....8be88b44..b1..d3e803c50344..bb....8b1f\")?(sOptions=\"by JauMing Tseng\",bDetected=1):Binary.compare(\"e8$$$$bf....be....a5a48cda83c2..50b4..bb....cd21b9....ad970115e2\")?(sVersion=\"1.0d\",sOptions=\"1994 by D'B\",bDetected=1):Binary.compare(\"e9$$$$92be....bf....fca5a48ccb83c3..b9....ad97011de2\")?(sOptions=\"1996 by EM-Phaser\",bDetected=1):Binary.compare(\"b430cd213c..73..33c00650cb\")?(sOptions=\"by JVP\",bDetected=1):Binary.compare(\"bf....be....b9....f3a48cd805....0344..8ccb9305....8be60364..8b4c..e3..5f5a\")?(sName=\"CC\",sVersion=\"2.61 beta\",sOptions=\"EXE2COM\",bDetected=1):Binary.compare(\"e8$$$$bf....be....a5a48cda83c2..50b4..bb....cd21580116....81c2....8ed2bc....eb\")?(sOptions=\"by unknown\",bDetected=1):Binary.compare(\"e9$$$$e9$$$$8cca81c2....3b16....76..ba....b409cd21cd20\")?(sOptions=\"generic, type 2\",bDetected=1):Binary.compare(\"be....8b043d4d5a74$$8bc6b1..d3e88cdb03c30344..a3....8cc8\")&&(sOptions=\"by BuZZ Soft\",bDetected=1),result()}meta(\"converter\",\"EXE2COM\")" }, { "path": "dbs_min/db/COM/converter_EXETools_EXE2COM.1.sg", "content": "function detect(){return Binary.compare(\"e9$$$$e800005d8bcd83ed..bf....be....2bcff3a4b9....be....03f5e3..8cdb035e..ad8bf8011de2\")?(sVersion=\"2.0, 2.1\",bDetected=1):Binary.compare(\"68....68....68....68....68....68....5fbe....b9....f3a4c3\")&&(sOptions=\"com header from EXETools 2.1\",bDetected=1),result()}meta(\"converter\",\"EXETools EXE2COM\")" }, { "path": "dbs_min/db/COM/converter_FIXCRK.1.sg", "content": "function detect(){return Binary.compare(\"'ROMANOID'32e4b0..cd104c5abf....c606......bd....e8....c606......bf....bd....e8....bd....c606......bf\")&&(sOptions=\"by romanoid\",bDetected=1),result()}meta(\"converter\",\"FIXCRK\")" }, { "path": "dbs_min/db/COM/converter_FromBAT.1.sg", "content": "function detect(){return Binary.compare(\"e9$$$$be....bf....bb....c604..b9....fe04803c..77..c644....b80629cd21be....3c..74..8a04880743e2\")&&(sOptions=\"1991 by Clockwork Software\",bDetected=1),Binary.compare(\"e9$$$$fcbe....bf....bb....c604..b9....fe04803c..77..c644....b80629cd21be....3c..74..8a04880743e2\")&&(sName=\"BatchMaster\",sOptions=\"1993 by Clockwork Software\",bDetected=1),result()}meta(\"converter\",\"FromBAT\")" }, { "path": "dbs_min/db/COM/converter_MAKEBOO.1.sg", "content": "function detect(){return Binary.compare(\"'XPHPD[0GG0G,0G51G31GB'27'(G+(G:u'27'0g?(G>(GE1G@arwIV_F*=US@<1|_,5wXNg-7muTu(4'\")&&(sOptions=\"executable2text\",bDetected=1),result()}meta(\"converter\",\"MAKEBOO\")" }, { "path": "dbs_min/db/COM/converter_NetCode.1.sg", "content": "function detect(){return Binary.compare(\"'T_OOWW3=XXWX5 2PY5w3P_-l.P-KD1Ep-OLPZ-pJP-pw40PQX5fsPu'\")?(sVersion=\"1.11\",sOptions=\"by JauMing Tseng //Nide\",bDetected=1):Binary.compare(\"':?7%00%CCPY-@=PZ5+\")&&(sVersion=\"1.40\",sOptions=\"by JauMing Tseng //Nide\",bDetected=1),result()}meta(\"converter\",\"NetCode\")" }, { "path": "dbs_min/db/COM/converter_NetRun.1.sg", "content": "function detect(){return Binary.compare(\"'XPPPYZIQD[L-f6-g41GDSXu'17'@,~P^P_O,!(GU(GZ(Gnu5'\")&&(sVersion=\"3.10\",bDetected=1),result()}meta(\"converter\",\"NetRun\")" }, { "path": "dbs_min/db/COM/converter_TurboBAT.1.sg", "content": "function detect(){return Binary.compare(\"ba....b4..909006b8....8ec0b9....268a26....80e4..26a0....24..3ac4\")?(sVersion=\"3.10\",bDetected=1):Binary.compare(\"e9$$$$fcbd....8b6e..8b66..8b5e..b4..cd21a1....8946..b8....50c646....8b5e..ffe3\")?bDetected=1:Binary.compare(\"9090909090909006b8....8ec0b9....268a26....80e4..26a0....24..3ac474..26a0....24\")?(sOptions=\"unregistered\",bDetected=1):Binary.compare(\"ba....b4..cd2106b8....8ec0b9....268a26....80e4..26a0....24..3ac474..26a0....24\")&&(sVersion=\"3.16-9u\",bDetected=1),result()}meta(\"converter\",\"TurboBAT\")" }, { "path": "dbs_min/db/COM/converter_Vacsina.4.sg", "content": "function detect(){return Binary.compare(\"e9$$$$e8....5b508cc005....8b0e....894f..8b0e....03c8894f..8b0e....894f..8b0e....03c8894f..8b3e....8b16\")&&(bDetected=1),result()}meta(\"converter\",\"Vacsina EXE2COM\")" }, { "path": "dbs_min/db/COM/converter_XCK2COM.1.sg", "content": "function detect(){return Binary.compare(\"e9$$$$be....e8....ad89c15156e8....be....e8\")&&(bDetected=1),result()}meta(\"converter\",\"XCK2COM\")" }, { "path": "dbs_min/db/COM/cryptor_Anti-Lamer_Cryptor.2.sg", "content": "function detect(){return Binary.compare(\"e9$$$$fa8cd3ba....8ed233d28ed38bdafb33c08ec026f716....eb\")&&(sVersion=\"1.0\",sOptions=\"1999 by Ozzman //iHC\",bDetected=1),result()}meta(\"cryptor\",\"Anti-Lamer Cryptor\")" }, { "path": "dbs_min/db/COM/cryptor_CSCRYPT.2.sg", "content": "function detect(){return Binary.compare(\"e9$$$$e8000059eb$$cceb$$e4..bb....ba....eb$$81eb....0c..2bcb\")&&(sVersion=\"3.30\",sOptions=\"by Christian Schwarz\",bDetected=1),result()}meta(\"cryptor\",\"CSCRYPT\")" }, { "path": "dbs_min/db/COM/cryptor_EXINCT.2.sg", "content": "function detect(){return Binary.compare(\"e8$$$$ba....b8....cd218bd8b8....33c933d2cd2191b4..cd218bdc8b072d....89078bf05603f183ee..8904\")&&(sOptions=\"by Razor 1911\",bDetected=1),result()}meta(\"cryptor\",\"EXINCT\")" }, { "path": "dbs_min/db/COM/cryptor_J0B_cryptor.2.sg", "content": "function detect(){return(Binary.compare(\"e9$$$$fabe....8d0e....2bcee8$$$$5051ba....8bda301cac32c35183c4..b9\")||Binary.compare(\"e9$$$$be....e8$$$$5052ac8a26....28e00ac0\"))&&(sOptions=\"1996\",bDetected=1),result()}meta(\"cryptor\",\"J0B cryptor\")" }, { "path": "dbs_min/db/COM/cryptor_PU-Cryptor.2.sg", "content": "function detect(){return Binary.compare(\"e9$$$$fce8$$$$068cc8a3....b0..bf....b9....263005fec047e2\")?(sOptions=\"1994\",bDetected=1):Binary.compare(\"e9$$$$fcb0..bf....b9....300547e2\")?(sOptions=\"1992\",bDetected=1):(Binary.compare(\"e9$$$$fcb0..bf....b9....263005fec047e2\")||Binary.compare(\"e9$$$$fcbc....e8$$$$068cc8a3....b0..bf....b9....263005fec047e2\")||Binary.compare(\"e9$$$$bc....fce8$$$$068cc8a3....b0..bf....b9....263005fec047e2\"))&&(sOptions=\"1994\",bDetected=1),result()}meta(\"cryptor\",\"PU-Cryptor\")" }, { "path": "dbs_min/db/COM/cryptor_Phrozen_Crew_cryptor.2.sg", "content": "function detect(){return Binary.compare(\"e9$$$$eb$$be....8b3c83ef..578bf781c6....83c6..bf....a5a55f83ef..5733f6bd....33c9300a414f8bf175..5f83ff..74\")&&(sOptions=\"1998\",bDetected=1),result()}meta(\"cryptor\",\"Phrozen Crew cryptor\")" }, { "path": "dbs_min/db/COM/cryptor_SDW.2.sg", "content": "function detect(){return Binary.compare(\"e9$$$$545b3bdc75..eb$$9c5b81cb....539d9c5825....75..e8\")?(sVersion=\"1.7X\",sOptions=\"by MANtiC0RE\",bDetected=1):Binary.compare(\"e9$$$$545b3bdc75..eb$$9c5b81cb....539d9c5825....74..50584c4c5b33c3\")?(sVersion=\"1.78\",sOptions=\"by MANtiC0RE\",bDetected=1):Binary.compare(\"e9$$$$ac2d....04..89c5e8....f514..f9362633f6\")?(sVersion=\"1.79\",sOptions=\"by MANtiC0RE\",bDetected=1):Binary.compare(\"e9$$$$e9$$$$e4..e8....e4..e9$$$$26fb78\")?(sVersion=\"1.7\",sOptions=\"by MANtiC0RE\",bDetected=1):(Binary.compare(\"b8....bd....2e8a76..80f6..80ee..2e8876..83c5..4874..eb\")||Binary.compare(\"be....31d281c2....2e8034..83ee..83c2..74..31c005....50c3\"))&&(sVersion=\"1.80\",sOptions=\"by MANtiC0RE\",bDetected=1),result()}meta(\"cryptor\",\"Shadow Com Cryptor (SDW)\")" }, { "path": "dbs_min/db/COM/cryptor_Sydex.2.sg", "content": "function detect(){return Binary.compare(\"eb$$ba....b8....bb....33ed8bf8434f505952494748542053..4445582c..414c4c\")||Binary.compare(\"e9$$$$ba....b8....bb....33ed8bf8434f505952494748542053..4445582c..414c4c\")?(sOptions=\"1987 by Sydex and C.P.Guzis\",bDetected=1):Binary.compare(\"e9$$$$33c09e8bd88bc88bd08be88bf08bf88cc88ed88ec08ed08d26....8d36\")&&(sOptions=\"1986,1987 by Sydex and C.P.Guzis\",bDetected=1),result()}meta(\"cryptor\",\"Sydex cryptor\")" }, { "path": "dbs_min/db/COM/cryptor_UComCry.1.sg", "content": "function detect(){return Binary.compare(\"e9$$$$6006fae4640c40e664b8....8ec026c706\")&&(sOptions=\"by UniquE\",bDetected=1),result()}meta(\"cryptor\",\"UComCry\")" }, { "path": "dbs_min/db/COM/cryptor_USCC.2.sg", "content": "function detect(){return Binary.compare(\"e9$$$$60bb....b9....300f43e2\")&&(sVersion=\"1.4\",sOptions=\"by UniquE\",bDetected=1),result()}meta(\"cryptor\",\"Shitty COM Cryptor\")" }, { "path": "dbs_min/db/COM/cryptor_cryptors.2.sg", "content": "function detect(){var e\nreturn Binary.compare(\"e9$$$$60c704....c644....b9....bf....ac32018bd64a\")?(sVersion=\"0.04\",sOptions=\"by SkullC0DEr\",bDetected=1):Binary.compare(\"e9$$$$60c704....c644....e8$$$$5f83c7..33dbb9....8a043201\")?(sName=\"crypt 95-97\",sOptions=\"type 2 by SkullC0DEr\",bDetected=1):Binary.compare(\"e800005dbf....e8$$$$fa065733ff57078d76..b9....8004..46e2\")?(sOptions=\"by Synopsis\",bDetected=1):Binary.compare(\"eb$$fdbf....ba....33c01e8ed8a3....1fb1..525e3bfa74..ac3205aae2..eb\")?(sOptions=\"by Min-Jei-Chen\",bDetected=1):Binary.compare(\"e8$$$$eb$$8cca8eda8ec2be....bf....b9....eb$$ad2ea3....2e3136....8bc18bdef7e3eb$$2e3106....2e3116....2ea1....abe2\")?(sOptions=\"by PHOENiX\",bDetected=1):Binary.compare(\"5053515756b8....508bf0b9....b0..8bfe0004f71404..46e2\")?(sOptions=\"by FalCoN'AleX\",bDetected=1):Binary.compare(\"40429c58f6c4..74..eb....b4..be....bf....b9....68....68....68....57f3a4c3\")?(sOptions=\"by Terrible BloodSucker //FDs Group\",bDetected=1):Binary.compare(\"e9$$$$e80000fa9cfc505393584c4c3bc35b74..9de8....32e480c4..3065..47e2\")?(sName+=\" N1\",sOptions=\"by ZeroCoder //XG\",bDetected=1):Binary.compare(\"be....b9....ac03d8e2..81fb....74..cd19be....8bfeb9....8a26....ac32c1aae2\")?(sOptions=\"by Kai\",bDetected=1):Binary.compare(\"eb$$c606......f873..e9$$$$be....bf....0633c08ec0bb....fa268b07268917a3\")?(sName+=\" N2\",sOptions=\"by ZeroCoder //XG\",bDetected=1):Binary.compare(\"e9$$$$e800002e9c589e72..fa9cfc505393584c4c3bc35b74..9de8....32e480c4\")?(sOptions=\"by Digital Information Pirates Group (DiPG)\",bDetected=1):Binary.compare(\"'PHROZEN'fa'CREW'0d....fbfdbe....ac300481fe....77..94\")?(sOptions=\"by Phrozen Crew\",bDetected=1):Binary.compare(\"0e1fb9....be....80....301c46e2..eb\")?(sOptions=\"by Dwolf //ROK\",bDetected=1):Binary.compare(\"2e8036....28eb00c3\")?(sName+=\" #2\",sOptions=\"by Misha\",bDetected=1):Binary.compare(\"be....e8$$$$5d8bce8d72..bf....fd5747acaa86c4ac32c4aae2..8d75..fcf98d7e..c3\")?(sOptions=\"by TGT\",bDetected=1):Binary.compare(\"e9$$$$33dbb9....d1e941b8....8b97....33c28987....924343e2..68....c3\")?(sOptions=\"by hijaq\",bDetected=1):Binary.compare(\"e9$$$$0e179c58f6c4..75..b9....b8....2bc8bf....be....8a0551b9....8ae0862432c44ee2..88054759e2..e9\")?(sOptions=\"1996 by WildRover\",bDetected=1):Binary.compare(\"668d3e....66b9........678137....6683c7..e2..e9\")?(sOptions=\"by PCY group\",bDetected=1):Binary.compare(\"e9$$$$66b8........66a3....be....8bfeb9....fcad35....f7d0abe2..68....c3\")?(sOptions=\"by Evil Genius //rPG\",bDetected=1):Binary.compare(\"e9$$$$9cfafc1e06bb....b44acd21b448bb....cd218ec0be....b9....51bf....57f3a5061fb9....5e8bfe\")?(sOptions=\"by AliS S0fT //VCrT\",bDetected=1):Binary.compare(\"eb$$e8$$$$eb$$e4210c..e62133c08ed80e50558becc746......5dfa8f06....8f06....fb9c580d....509d\")?(sVersion=\"#2\",sOptions=\"by RAZOR 1911\",bDetected=1):Binary.compare(\"'SNOWPANTHER'e9$$$$................8db7....bf....b9....f3a58db7....538ccf83c7..ad09c074..91ad\")?(sName+=\" #1\",sOptions=\"by Snow Panther //DTG\",bDetected=1):Binary.compare(\"fcbe....bf....b9....90ba....c606......90ac0fb61e....03da8a2732c4aafe06....803e......75..c606\")?(sOptions=\"by pASkuda\",bDetected=1):Binary.compare(\"e9$$$$50538bdc8cd0bc....8ed49090909090909090909090909090909033e48ed4bc....909090909090909090909090909090908ed08be35b58c606\")?(sOptions=\"by Crack Soft\",bDetected=1):Binary.compare(\"e9$$$$16179c58f6c4..74..faeb..e8$$$$58\")?(sVersion=\"1.0\",sOptions=\"1999 by Alex\",bDetected=1):Binary.compare(\"e8$$$$33ed83ed..2ed0....5e0e8bfe81e7....f7df03fe2e893526a1....8ec0263b06....74..f92eff35\")?(sOptions=\"by DREAMMASTER\",bDetected=1):Binary.compare(\"b8....ffe0\")?(e=Binary.readWord(1)-256,Binary.compare(\"be....8be88bd88bf883c5..908bd04a5287d687fe5981e9....52\",e)&&(sOptions=\"by BlackLight, MANtiCORE\",bDetected=1)):Binary.compare(\"'FALCON//TULACREW'0d....e9$$$$be....b9....33c0f7d03004eb..04..32e046e2\")?(sOptions=\"by FALCON //UCL\",bDetected=1):Binary.compare(\"bb....b9....be....301c02df86df46e2\")?(sName+=\" #1\",sOptions=\"by dR.No\",bDetected=1):Binary.compare(\"be....b9....b8....bb....33c34086c44b86fb93300446e2\")?(sName+=\" #2\",sOptions=\"by dR.No\",bDetected=1):Binary.compare(\"a3....eb$$5351525756b9....fa8bdc8cd2bc....03e1d1e94c4c5886e9d3c033c186e9f7d050e2\")?(sOptions=\"by venus soft.\",bDetected=1):Binary.compare(\"e9$$$$3aac....3a29fc1aa8....80cd..1e0e0e1f0726fe06....ba....be....81f6....80f9\")?(sName+=\" #1\",sOptions=\"by LiGHt DRUiD //SOS\",bDetected=1):Binary.compare(\"e9$$$$fd1e0e81de....89f63bf23aaf....03f423f61bf40a2d80f9..18dd0e071f03f433f081e6\")?(sName+=\" #2\",sOptions=\"by LiGHt DRUiD //SOS\",bDetected=1):Binary.compare(\"fcbe....8bfeac3206....8006......84c0aa75..be....e8\")?(sOptions=\"by Sludge Vohaul //DAT\",bDetected=1):Binary.compare(\"'[HPA]'b5..8bf98be9be....57f3a4c3\")?(sOptions=\"by Hungarian Pirates Alliance [HPA]\",bDetected=1):Binary.compare(\"bc....bb....b4..cd21bb....b9....8037..43e2..b409ba....cd21b8....cd21891e\")?(sOptions=\"by .EXEcutor //SOS\",bDetected=1):Binary.compare(\"e9$$$$e800005b8bcc8cd2fa33c08ec08ed0bc....588947..90588947..900e8bc305....508ed28be1fb\")?(sOptions=\"1998 by Demon Magister Protection\",bDetected=1):Binary.compare(\"eb$$2ea3....8cc82e0306....502eff36....cb\")?(sOptions=\"1991 by YMI\",bDetected=1):Binary.compare(\"53515256570633c08ec0fa26a1....268b16....fb075052b8....06508cca33c08ec058fa26a3....268916....fb07\")?(sOptions=\"1991 by Elisoft\",bDetected=1):Binary.compare(\"b8....5650c3\")?(e=Binary.readWord(1)-256,Binary.compare(\"bf....8bdeb9....8b0533c689074747434346e2..c3\",e)&&(sOptions=\"by PC0R$AiR //UCL\",bDetected=1)):Binary.compare(\"908cc8515a54e9$$$$36c0e0..eb$$eb$$6a..e8$$$$58eb$$e8$$$$58eb$$e8$$$$eb$$2eeb$$eb$$665eeb$$eb$$7c\")||Binary.compare(\"0f011e....fbe9$$$$e90000c0c3..f8eb$$6a..c0e9..e800000f23dae8000059665e36e8\")?(sName=\"Rowdy's Strong Protection {MtE}\",bDetected=1):Binary.compare(\"fa499033c0fbe9$$$$e800005eeb\")?(sName=\"Rowdy's Strong Protection\",bDetected=1):Binary.compare(\"e9$$$$5060bf....c706........c605..e8....5e5681c6....b9....5756ffe7\")?(sOptions=\"1998 by StrangeLion\",bDetected=1):Binary.compare(\"e8$$$$5f87f757b9....ac34..aae2..c3\")?(sName=\"Wumpus soft lab cryptor\",bDetected=1):Binary.compare(\"e8$$$$5eb9....ac32c12e8844..e2..e9\")?(sOptions=\"by MXL //RIP\",bDetected=1):Binary.compare(\"e9$$$$8d36....fd8d0e....81e9....d1e9add1c835....8944..e2..ff26\")?(sOptions=\"1989 by Sydex\",bDetected=1):Binary.compare(\"e9$$$$bb....b4..b0..8b0e....8a1728c230e28857..43fec0e2\")?(sOptions=\"1999 by SLine\",bDetected=1):Binary.compare(\"'(C)1997'00'by'00'PSH'0d0a..005b..3139287a..2850..81c6....33db8bfeb9....ad35\")?(sOptions=\"1997 by PSH\",bDetected=1):Binary.compare(\"e9$$$$bf....be....b9....b0..2e8a1c32c132d82e881d4647e2..e9\")?(sName=\"SAGE-crypt\",bDetected=1):Binary.compare(\"e9$$$$fcb0..bf....b9....263005fec047e2..b9....be....e8\")?(sName=\"PU-Disk encryption\",sOptions=\"1992\",bDetected=1):Binary.compare(\"e9$$$$bb....8a073c..74..e8$$$$50515234..3c..74..b4..8ad0cd21e9\")?(sOptions=\"1999 by Leon\",bDetected=1):Binary.compare(\"fa'SNOW'fa'PANTHER'fabc....bf....8bf7b9....b3..ac34..d2c02ac3d2c832c3fec3aae2\")?(sName+=\" #2\",sOptions=\"by Snow Panther //DTG\",bDetected=1):Binary.compare(\"e9$$$$c704....c644....b9....5683c6..8bfeb2..b6..ac32c202d6aae2..c3\")?(sOptions=\"1997 by Ment0R //UCL\",bDetected=1):Binary.compare(\"eb$$bb....8b0f03d981c3....8be38cc88ed88ec08ed0b8....ba....cd21b3..ccb3..cc\")?(sOptions=\"1993 by The Shadow Lord\",bDetected=1):Binary.compare(\"eb$$ccbe....bb....b2..bf....cc8b0d8bc103c7cc05....83c7..8be0cc\")?(sOptions=\"by The Shadow Lord\",bDetected=1):Binary.compare(\"eb$$bb....001f4beb$$001f4beb\")?(sName=\"Crypt.Trivial.173\",sOptions=\"1998 by SMT\",bDetected=1):Binary.compare(\"'SFINKS_SOFT___'fafcb430cd21fb33c0502ec606......0783e9..3be175..26c706........b9\")?(sOptions=\"by SFINKS SOFT\",bDetected=1):Binary.compare(\"e8$$$$1e33c08ed8f716....eb$$f716....1f5ebf....57b9....ac34..aae2\")?(sOptions=\"by R!SC\",bDetected=1):Binary.compare(\"e9$$$$6033edbe....b4..bd....bf....ac32c4aa80c4..fec43bf575..33c0b9....f3ab61bf....ffe7\")?(sOptions=\"by DarkGrey //DSA\",bDetected=1):Binary.compare(\"'(C)1997'00'by'00'PSH'............................bc....6081c6....33db8bfeb9....ad35....c1c0..03d8abe2\")?(sOptions=\"1997 by PSH\",bDetected=1):Binary.compare(\"eb$$bf....33dbba....fcbe....8bcfccad\")?(sName+=\" #3\",sOptions=\"by Misha /ACE\",bDetected=1):Binary.compare(\"e9$$$$061e33c08ed8be....8904be....89041e071fb8....bf....268905be....b9....8a04263205\")&&(sOptions=\"by SafeSoft\",bDetected=1),result()}meta(\"cryptor\",\"Cryptor\")" }, { "path": "dbs_min/db/COM/driver_DIGPAK.1.sg", "content": "function detect(){return Binary.compare(\"e9$$$$8cc88ed88ec0e8$$$$1e56be....33c08ed8c5340bf674\")?(sOptions=\"1992 by The Audio Solutions\",bDetected=1):Binary.compare(\"e9$$$$8cc88ed88ec0c706........c706........c706........b8....50e8$$$$558bec061e5657fc\")&&(sOptions=\"1991 by The Audio Solutions\",bDetected=1),result()}meta(\"driver\",\"DIGPAK\")" }, { "path": "dbs_min/db/COM/driver_MIDPAK.1.sg", "content": "function detect(){return Binary.compare(\"e9$$$$bb....d1ebd1ebd1ebd1eb43b8....cd21fa8cc88ed0bc....fb8ed88ec0c706\")&&(sOptions=\"1992 by The Audio Solutions\",bDetected=1),result()}meta(\"driver\",\"MIDPAK\")" }, { "path": "dbs_min/db/COM/immunizer_ARF_AV_Inject.1.sg", "content": "function detect(){return Binary.compare(\"e9$$$$b8....50558bec83c4..061e90c746......c746......c646....c746......c746......8b5e..8dbf....b9\")&&(sVersion=\"2.4\",sOptions=\"1995 by ARF Enterprises\",bDetected=1),result()}meta(\"immunizer\",\"ARF/AV Inject\")" }, { "path": "dbs_min/db/COM/immunizer_CPAV.1.sg", "content": "function detect(){return Binary.compare(\"e9$$$$e9$$$$e8$$$$5b81eb....5051525657558beb2ec686......268e06....061fb9....bf....8bc7fcf2ae26803d..75\")&&(sVersion=\"1993\",bDetected=1),result()}meta(\"immunizer\",\"Central Point Anti-Virus immunizer\")" }, { "path": "dbs_min/db/COM/immunizer_F-XLOCK.1.sg", "content": "function detect(){return Binary.compare(\"e8$$$$505351521e8e1e....33db8b07433d....74..75..43833f..75..4343\")&&(sVersion=\"1.16\",bDetected=1),result()}meta(\"immunizer\",\"F-XLOCK\")" }, { "path": "dbs_min/db/COM/immunizer_IMMUN.1.sg", "content": "function detect(){return Binary.compare(\"e9$$$$5053515256571e06e8....5e81ee....2e8936....8bfe81c7....2e8b1d2bfb83c7..81ef....8befb430cd21\")&&(sVersion=\"1.2r\",sOptions=\"1993 by J.Bleuel\",bDetected=1),result()}meta(\"immunizer\",\"IMMUN\")" }, { "path": "dbs_min/db/COM/immunizer_TAV.1.sg", "content": "function detect(){return Binary.compare(\"e9$$$$e9$$$$e800005b81eb....5051525657558beb2ec686......268e06....061f\")&&(sOptions=\"by CARMEL Software Engineering\",bDetected=1),result()}meta(\"immunizer\",\"Turbo Anti-Virus\")" }, { "path": "dbs_min/db/COM/immunizer_VSS.1.sg", "content": "function detect(){return Binary.compare(\"e9$$$$e8$$$$5b81eb....1e065051525354555657061e8bebb430cd2186e03d....73..e9\")&&(sVersion=\"1993 by Ralph Roth\",bDetected=1),result()}meta(\"immunizer\",\"Viren Schutz Schild\")" }, { "path": "dbs_min/db/COM/other_XLOADER.2.sg", "content": "function detect(){return Binary.compare(\"fc8cdb33c08ec0b8....26a3....268c0e....5052faba....b0..ee42ec\")&&(sVersion=\"2.00\",sOptions=\"by CyberMan + ST!LLS0N\",bDetected=1),result()}meta(\"other\",\"XLOADER\")" }, { "path": "dbs_min/db/COM/other_integrity_checker.1.sg", "content": "function detect(){return Binary.compare(\"e9$$$$505351521ea1....8ed829db43833f..75..434389dab8....cd211fb9....ba....72..89c3b4..cd21\")&&(sOptions=\"1990-92 by D.A. Martynoff\",bDetected=1),result()}meta(\"other\",\"integrity checker\")" }, { "path": "dbs_min/db/COM/packer_4kZIP.2.sg", "content": "function detect(){return Binary.compare(\"fcb1..e8$$$$8736....b8....d3e0482306....66d32e....280e....77..506633c0ac8a0e....80c1..66d3e0\")&&(sOptions=\"by pascal //Digital Nightmare\",bDetected=1),result()}meta(\"packer\",\"4kZIP\")" }, { "path": "dbs_min/db/COM/packer_AVPACK.2.sg", "content": "function detect(){return Binary.compare(\"eb$$8cda0316....3916....73..b409ba....cd21c3\")&&(sVersion=\"1.22\",sOptions=\"Andrei Volkov\",bDetected=1),result()}meta(\"packer\",\"AVPACK\")" }, { "path": "dbs_min/db/COM/packer_COMPACK.2.sg", "content": "function detect(){return Binary.compare(\"BE....E8....5D83C5..55505351520E070E1F8BCE8D72..BF....D1E9FD57F3A5\")?(sVersion=\"4.5\",bDetected=1):Binary.compare(\"BE....E8....5D83C5..55505351520E070E1F8D72..bf....b9....90fd57f3a58d75..fcf98bfdc3\")?(sVersion=\"4.5?\",bDetected=1):Binary.compare(\"BE....E8....5D83C5..555053510E070E1F8BCE8D72..BF....D1E9FD57F3A5\")?(sVersion=\"5.1\",bDetected=1):Binary.compare(\"BE....E8....5D83C5..550e1f0e07505351528bce8d72..bf....d1e9fd57f3a58d75..fcf98bfdc3\")?(sVersion=\"4.5\",bDetected=1):Binary.compare(\"be....0e530e520e070e1fe800005d8bce8d72..bf....d1e9fd57f3a58d75..fcf98d7e..c3\")||Binary.compare(\"be....505351520e070e1fe800005d8bce8d72..bf....d1e9fd57f3a58d75..fcf98d7e..c3\")?(sVersion=\"4.4\",sOptions=\"1990\",bDetected=1):Binary.compare(\"BE....E8....5D83C5..558bce8d72..bf....d1e9fd57f3a58d75..fcf98bfdc3\")&&(sVersion=\"4.5?\",bDetected=1),result()}meta(\"packer\",\"COMPACK\")" }, { "path": "dbs_min/db/COM/packer_Cheat_packer.2.sg", "content": "function detect(){return Binary.compare(\"eb$$b9....ba....bf....bb....b8....be....83ec..8becfc8866..32e48976..8bf703c18bf83bfe76..fd574e4f\")&&(sOptions=\"1993 by TWIN of TRSi\",bDetected=1),result()}meta(\"packer\",\"Cheat packer\")" }, { "path": "dbs_min/db/COM/packer_Compressor.2.sg", "content": "function detect(){return Binary.compare(\"eb$$8cc8488ec026813e........72..05....8ec0be....ba....33ffb9....b0..f3aa\")&&(sVersion=\"1.0\",bDetected=1),result()}meta(\"packer\",\"Compressor\")" }, { "path": "dbs_min/db/COM/packer_CyberWare_Packer.2.sg", "content": "function detect(){return Binary.compare(\"565056fd8bfc83ef..b9....be....fea447ffe7\")&&(sOptions=\"1997\",bDetected=1),result()}meta(\"packer\",\"CyberWare Packer\")" }, { "path": "dbs_min/db/COM/packer_Diet.2.sg", "content": "function detect(){return Binary.compare(\"bf....3bfc72$$fdbe....b9....f3a5fc8bf7bf....adad8be8b2..e9\")?(sVersion=\"1.00\",sOptions=\"modified\",bDetected=1):Binary.compare(\"bf....3bfc72$$be....b9....fdf3a5fc8bf7bf....adad8be8b2..e9\")?(sVersion=\"1.00, 1.00d\",bDetected=1):Binary.compare(\"......bf....b9....3bfc72$$fdf3a5fc8bf7bf....adad8be8b2..e9\")?(sVersion=\"1.02b, 1.10a\",bDetected=1):Binary.compare(\"......bf....b9....3bfc72$$31dbeb$$fdf3a5fc8bf7bf....adad8be8b2..e9\")?(sVersion=\"1.20\",bDetected=1):Binary.compare(\"f99ceb$$55061e575652515350e8$$$$59b1..d3e98cc803c18ed88ec0\")&&(sVersion=\"1.44/1.45\",bDetected=1),result()}meta(\"packer\",\"Diet\")" }, { "path": "dbs_min/db/COM/packer_EXC.2.sg", "content": "function detect(){return Binary.compare(\"e9$$$$e8$$$$5f81fc....72..8745..a3....8a45..a2....fc8db5....bd....8cca\")&&(sVersion=\"1.0.0\",sOptions=\"by Kris Heidenstrom\",bDetected=1),result()}meta(\"packer\",\"EXC\")" }, { "path": "dbs_min/db/COM/packer_ICE.1.sg", "content": "function detect(){return Binary.compare(\"eb$$be....8bfe8b0e....8b16....b8....50fcad33c2ab8bd0e2\")&&(sVersion=\"1.0\",bDetected=1),result()}meta(\"packer\",\"ICE\")" }, { "path": "dbs_min/db/COM/packer_LGLZ.2.sg", "content": "function detect(){return Binary.compare(\"bf....3bfc72$$be....b9....fdf3a4fc8bf746bf....e8\")&&(sVersion=\"1.03/04\",sOptions=\"1996\",bDetected=1),result()}meta(\"packer\",\"LGLZ\")" }, { "path": "dbs_min/db/COM/packer_PKLITE.2.sg", "content": "function detect(){return Binary.compare(\"B8....BA....3bc473..8bc42d....25....8bf8b9....be....fcf3a58bd8b1..d3eb8cd903d95333db53cb\")?(sVersion=\"1.12, 1.20\",bDetected=1):Binary.compare(\"B8....BA....3bc473..8bc42d....9025....8bf8b9....90be....fcf3a58bd8b1..d3eb8cd903d95333db53cb\")?(sVersion=\"1.15\",bDetected=1):Binary.compare(\"50B8....BA....3bc473..8bc42d....25....8bf8b9....be....fcf3a58bd8b1..d3eb8cd903d95333db53cb\")?(sVersion=\"1.50\",bDetected=1):Binary.compare(\"B8....BA....8cdb03d83b1e....73..83eb..fa8ed3bc....fb83eb..8ec353b9....33ff57be....fcf3a5cb\")?(sVersion=\"1.00, 1.03\",sOptions=\"exe2com\",bDetected=1):Binary.compare(\"ba....a1....2d....8ccb81c3....3bc377..05....3bc377..b4..ba....cd21cd20\")?(sVersion=\"1.00c\",bDetected=1):Binary.compare(\"ba....b8....05....3b06....73..2d....fa8ed0fb2d....8ec050b9....33ff57be....fcf3a5cb\")?(sVersion=\"1.1X\",bDetected=1):Binary.compare(\"B8....BA....3bc473..8bc42d....25....8bf8b9....be....fcf3a58bd8b1\")&&(sVersion=\"1.12, 1.15, 1.20\",bDetected=1),result()}meta(\"packer\",\"PKLITE\")" }, { "path": "dbs_min/db/COM/packer_PRO-PACK.2.sg", "content": "function detect(){return Binary.compare(\"83ec..8becbe....fce8....05....8bc8e8....8bd003c605....8bf8e8....ad88....32e489....8bf703c18bf83bfe76\")?(sVersion=\"2.08-2.19\",bDetected=1):Binary.compare(\"83ec..8becbe....fce8....05....8bc8e8....8bd003c605....8bf8e8....8946..895e..ad8866..32e48976..8bf703c18bf83bfe76\")?(sVersion=\"2.08-2.19\",sOptions=\"-m1, locked\",bDetected=1):Binary.compare(\"be....fce8....05....8bc8e8....8bd003c605....8bf883c6..ad32e48bee8bf703c18bf83bfe76\")?(sVersion=\"2.14\",sOptions=\"-m2\",bDetected=1):Binary.compare(\"be....fce8....05....8bc8e8....8bd003c605....8bf8e8....5350ad32e48bee8bf703c18bf83bfe76\")&&(sVersion=\"2.08-2.19\",sOptions=\"-m2\",bDetected=1),result()}meta(\"packer\",\"PRO-PACK\")" }, { "path": "dbs_min/db/COM/packer_SCRE2B.2.sg", "content": "function detect(){return Binary.compare(\"8cda0116....ff2e....00\")&&(sVersion=\"1.02\",sOptions=\"by Graeme W. McRae\",bDetected=1),result()}meta(\"packer\",\"SCRE2B\")" }, { "path": "dbs_min/db/COM/packer_SCRNCH.2.sg", "content": "function detect(){return Binary.compare(\"eb$$bb....b44acd2181eb....73..ba....b9....e9\")?(sVersion=\"1.02\",sOptions=\"1988 by Graeme W. McRae\",bDetected=1):Binary.compare(\"bb....b44acd2181eb....73..ba....b9....e9$$$$0e1fb440bb....cd21b8....cd21\")?(sVersion=\"1.00\",sOptions=\"1988 by Graeme W. McRae\",bDetected=1):Binary.compare(\"bb....b44acd2181eb....73..ba....b9....e9$$$$b440bb....cd21b8....cd21\")&&(sVersion=\"1.01\",sOptions=\"1988 by Graeme W. McRae\",bDetected=1),result()}meta(\"packer\",\"SCRNCH\")" }, { "path": "dbs_min/db/COM/packer_SHRINK.2.sg", "content": "function detect(){return Binary.compare(\"509cfcbe....bf....57b9....f3a48b0e....be....bf....f3a4c3\")&&(sVersion=\"1.0\",sOptions=\"by Thomas G. Hanlin\",bDetected=1),result()}meta(\"packer\",\"SHRINK\")" }, { "path": "dbs_min/db/COM/packer_Scramb.2.sg", "content": "function detect(){return(Binary.compare(\"e9$$$$e8$$$$5b0e1f81eb....8bc305....508bc803d12bfac3\")||Binary.compare(\"e9$$$$e8....5b0e1f81eb....8bc305....508bc803d12bfac3\"))&&(sVersion=\"1.20\",sOptions=\"by B.U.G.\",bDetected=1),result()}meta(\"packer\",\"Scramb\")" }, { "path": "dbs_min/db/COM/packer_Six-2-Four.2.sg", "content": "function detect(){return Binary.compare(\"'[ESP]'b5..8bf98be9be....57f3a4c3\")?(sVersion=\"1.1\",sOptions=\"Boogie //ESP\",bDetected=1):Binary.compare(\"'PULP'83c4..fcbf....be....b5..57f3a5c3\")&&(sVersion=\"1.0\",sOptions=\"Kimmy //Pulp\",bDetected=1),result()}meta(\"packer\",\"Six-2-Four\")" }, { "path": "dbs_min/db/COM/packer_TPACK.2.sg", "content": "function detect(){return Binary.compare(\"03'TUSCON'030d0a005868....60e9\")?(sVersion=\"0.5c\",sOptions=\"1996 by Max //TUSCON\",bDetected=1):Binary.compare(\"68....fd60be....bf....b9....f3a48bf7bf....fc46e9\")&&(sVersion=\"0.55c\",sOptions=\"1996 by Max //TUSCON\",bDetected=1),result()}meta(\"packer\",\"TPACK\")" }, { "path": "dbs_min/db/COM/packer_Triplex.2.sg", "content": "function detect(){return Binary.compare(\"bd....be....5553525a5b505351520e1f0e078bce8d72..bf....d1e9fd57f3a5\")&&(sOptions=\"1994\",bDetected=1),result()}meta(\"packer\",\"Triplex\")" }, { "path": "dbs_min/db/COM/packer_UPX.2.sg", "content": "function detect(){return Binary.compare(\"b9....be....bf....fdf3a4fcf7e19387f783ee..19ed57\")?(sVersion=\"0.50\",sOptions=\"dos/com\",bDetected=1):Binary.compare(\"81fc....77..cd20b9....be....bf....bb....fdf3a4fc87f783ee\")?(sVersion=\"0.81-1.20\",sOptions=\"dos/com\",bDetected=1):Binary.compare(\"b9....be....bf....bd....fdf3a4fcf7e19387f783c6..57e9\")&&(sVersion=\"0.30-0.40\",sOptions=\"dos/com\",bDetected=1),result()}meta(\"packer\",\"UPX\")" }, { "path": "dbs_min/db/COM/packer_X-PACK.2.sg", "content": "function detect(){return Binary.compare(\"bd....be....bf....b8....99fcfa33c9e9$$$$8bd9ffd5\")&&(sOptions=\"by Jari Kytojoki\",bDetected=1),result()}meta(\"packer\",\"X-PACK\")" }, { "path": "dbs_min/db/COM/packer_XE.2.sg", "content": "function detect(){return Binary.compare(\"be....56bf....b9....fc56f3a55fe9\")&&(sVersion=\"1.42\",bDetected=1),result()}meta(\"packer\",\"XE\")" }, { "path": "dbs_min/db/COM/packer_XPACK.2.sg", "content": "function detect(){return Binary.compare(\"e9$$$$fa8bece8....06bf....57e8....06b8....50be....bf....cb\")?(sVersion=\"1.67\",bDetected=1):Binary.compare(\"e9$$$$fa8bece8....fb06bf....57e8....06b8....50be....bf....cb\")?(sVersion=\"1.67.1\",bDetected=1):Binary.compare(\"e9$$$$8cc805....8ec0bf....8bf7fcb9....f3a506b8....50cb\")?(sVersion=\"1.65\",bDetected=1):Binary.compare(\"e9$$$$8cc8a3....05....8ec0bf....8bf7fcb9....f3a506b8....50cb\")&&(sVersion=\"1.4\",bDetected=1),result()}meta(\"packer\",\"XPACK/LZCOM\")" }, { "path": "dbs_min/db/COM/packer_aPACK.2.sg", "content": "function detect(){return Binary.compare(\"be....bf....8bcffc57f3a4c3\")?(sVersion=\"0.98-0.99 small\",bDetected=1):Binary.compare(\"8cc880c4..8ec0fcb9....be....8bfe57f3a55fbe....0668....1e078ed8cb\")?(sVersion=\"0.82b-0.94b\",bDetected=1):Binary.compare(\"8cc805....8ec0598ed051be....bf....5057fcb2..bd....50a4ffd5\")?(sVersion=\"0.61\",bDetected=1):Binary.compare(\"8cc805....8ec0598ed051be....bf....5057fcb6..bd....ffd5\")?(sVersion=\"0.58-0.74\",bDetected=1):Binary.compare(\"8cc880c4..8ec0fcb9....be....8bfe57f3a55fbe....06ba....521e078ed8cb\")&&(sVersion=\"0.82-0.94\",bDetected=1),result()}meta(\"packer\",\"aPACK\")" }, { "path": "dbs_min/db/COM/packer_com_RLE_packer.2.sg", "content": "function detect(){return Binary.compare(\"60be....bf....8b0e....f3a4be....bf....57b9....f3a4c3\")?(sOptions=\"by NOP/PC\",bDetected=1):Binary.compare(\"fc8cc833ff05....8ec006be....b9....57f3a40e07cb\")&&(bDetected=1),result()}meta(\"packer\",\"com RLE packer\")" }, { "path": "dbs_min/db/COM/packer_envelope.2.sg", "content": "function detect(){return Binary.compare(\"60ba....3bd472$$be....8bfeb9....bb....fcad33c343abe2\")&&(sOptions=\"by ROWDY, St.Petersburg\",bDetected=1),result()}meta(\"packer\",\"envelope\")" }, { "path": "dbs_min/db/COM/protector_ABK-Scrambler.2.sg", "content": "function detect(){return Binary.compare(\"b430cd2186e03d....73..cd209c06b8....50cf\")&&(bDetected=1),result()}meta(\"protector\",\"ABK-Scrambler\")" }, { "path": "dbs_min/db/COM/protector_ACE_Scrambler.2.sg", "content": "function detect(){return(Binary.compare(\"2c..fec024..34..fec824..34..bb....0c..eb$$24..0c..81eb....f6d8eb$$2c..fec0ffe3\")||Binary.compare(\"24..0c..f6d8eb$$fec8bb....04..0c..f6d804..fec0f6d881eb....24..f6d8fec034..0c..04..2c..ffe3\")||Binary.compare(\"34..fec834..0c..24..04..fec0bb....0c..2c..0c..81eb....eb$$fec0f6d82c..fec0f6d80c..ffe3\")||Binary.compare(\"24..fec82c..bb....fec8f6d8eb$$04..81eb....0c..fec0fec80c..34..ffe3\")||Binary.compare(\"24..eb$$04..bb....f6d834..fec8fec0eb$$0c..81eb....34..24..34..eb$$ffe3\")||Binary.compare(\"34..fec804..24..0c..04..bb....0c..04..f6d881eb....0c..fec8f6d824..0c..ffe3\")||Binary.compare(\"f6d834..2c..bb....0c..34..fec004..34..fec004..81eb....2c..34..24..eb$$04..2c..04..ffe3\")||Binary.compare(\"fec0eb$$24..34..bb....f6d834..fec024..fec0f6d834..81eb....f6d80c..eb$$04..ffe3\"))&&(sOptions=\"1996\",bDetected=1),result()}meta(\"protector\",\"A.C.E. Scrambler\")" }, { "path": "dbs_min/db/COM/protector_AVAST-Protect.2.sg", "content": "function detect(){return Binary.compare(\"eb$$8cc82e0306....502eff36....cb\")&&(sOptions=\"1999 by P.Baudis\",bDetected=1),result()}meta(\"protector\",\"AVAST-Protect\")" }, { "path": "dbs_min/db/COM/protector_AdFlt.2.sg", "content": "function detect(){return Binary.compare(\"68....9c0fa00fa860fd6a..0fa1be....ad6664ff36....648b16....643106....6664ff36....648916....adff36\")?(sVersion=\"2.0\",sOptions=\"by EliCZ\",bDetected=1):Binary.compare(\"9c0fa06660fd6a..0fa1be....ad6664ff36....648b16....668f06....643106....6664ff36....648916....668f06....adff36\")&&(sOptions=\"by EliCZ\",bDetected=1),result()}meta(\"protector\",\"AdFlt\")" }, { "path": "dbs_min/db/COM/protector_Adys_COM-Scrambler.2.sg", "content": "function detect(){return Binary.compare(\"33c08ed88ec0fcfabe....8bfead2ea3....ad2ea3....b8....ab8cc8ab\")&&(sOptions=\"1993\",bDetected=1),result()}meta(\"protector\",\"Ady`s COM-Scrambler\")" }, { "path": "dbs_min/db/COM/protector_Anti-hack_encryption_system.2.sg", "content": "function detect(){return Binary.compare(\"eb$$bd....33c08ec026c706........268c0e....8b46..26a3....268c0e....0e07\")&&(sOptions=\"by Rezaul Kabir //Shuvro\",bDetected=1),result()}meta(\"protector\",\"Anti-hack encryption system\")" }, { "path": "dbs_min/db/COM/protector_BIN-Lock.2.sg", "content": "function detect(){return Binary.compare(\"eb$$31c08ec026c706........268c0e....26c706........268c0e....2ec706........2e8c0e....cccd01eb\")&&(sVersion=\"1.00\",sOptions=\"by Hit-BBS Programmers crew\",bDetected=1),result()}meta(\"protector\",\"BIN-Lock\")" }, { "path": "dbs_min/db/COM/protector_Best_Protection_Kit-B.2.sg", "content": "function detect(){return Binary.compare(\"eb$$fc8c06....e421a2....b0..e621fb33c08ed08be0be....8d3e....b9\")?(sOptions=\"1993 by Eric Zmiro\",bDetected=1):Binary.compare(\"eb$$fc8c06....e421a2....b0..e621fbf433c08ed08be0be....8d3e....b9\")&&(sOptions=\"1992 by Eric Zmiro\",bDetected=1),result()}meta(\"protector\",\"Best Protection Kit-B\")" }, { "path": "dbs_min/db/COM/protector_BinCOD.2.sg", "content": "function detect(){return Binary.compare(\"e9$$$$60fa6a000726ff36....26ff36....26c706........26c706........fbb9....bf....03f9ac\")&&(sVersion=\"1.1\",sOptions=\"by SierraMan\",bDetected=1),result()}meta(\"protector\",\"BinCOD\")" }, { "path": "dbs_min/db/COM/protector_Budokan.1.sg", "content": "function detect(){return Binary.compare(\"bf....b9....8bc1fd3305abe2..e9\")&&(sOptions=\"by Electronic Arts, Inc.\",bDetected=1),result()}meta(\"protector\",\"Budokan\")" }, { "path": "dbs_min/db/COM/protector_C-crypt.2.sg", "content": "function detect(){return Binary.compare(\"e9$$$$e800005d83ed..55d9d09c5825....509d5057bf....b0..aa5f58665166b9........cc\")&&(sVersion=\"1.02\",sOptions=\"by De'FeinD //uCT\",bDetected=1),result()}meta(\"protector\",\"C-crypt\")" }, { "path": "dbs_min/db/COM/protector_CC#3.2.sg", "content": "function detect(){return Binary.compare(\"e9$$$$e800005d33db8bc3bf....893f81c3....532eff36....1f1e568d76..8bfbb9....f2a4c6\")&&(sOptions=\"by ZeroCoder //XG\",bDetected=1),result()}meta(\"protector\",\"CC#3\")" }, { "path": "dbs_min/db/COM/protector_CC.2.sg", "content": "function detect(){return Binary.compare(\"b8....ba....3be073..b409ba....cd21b8....cd218bdc81eb....83e3..fcbe....8bfbb9....f3a48bc3b1..d3e88cc903c15033c050cb\")?(sVersion=\"1.0\",sOptions=\"1991 by B.Vorontsov\",bDetected=1):Binary.compare(\"ba....b430cd213c..73..33c00650cbb9....b8....eb$$05....fc80c4..eb\")?(sVersion=\"2.61 Beta\",sOptions=\"by UniHackers\",bDetected=1):Binary.compare(\"e9$$$$b9....be....8bfe5156b4..ac32c4c0c4..02e1aae2..bf....5e59f3a4be....56c3\")?(sVersion=\"1.01\",sOptions=\"by B.Vorontsov\",bDetected=1):Binary.compare(\"bf....be....b9....fdf3a5fc8bf7bf....adad8be8b2..e9\")&&(sVersion=\"1998\",sOptions=\"by B.Vorontsov\",bDetected=1),result()}meta(\"protector\",\"CC\")" }, { "path": "dbs_min/db/COM/protector_CC286.2.sg", "content": "function detect(){return Binary.compare(\"e9$$$$eb$$e800005d81ed....eb$$bf....eb$$b0..eb$$e664eb$$b0..eb$$aaeb$$4f8d9e....eb$$538bdf\")&&(sVersion=\"2.1\",sOptions=\"by Dark Stalker //UCF\",bDetected=1),result()}meta(\"protector\",\"CC286x2\")" }, { "path": "dbs_min/db/COM/protector_CCC.2.sg", "content": "function detect(){return(Binary.compare(\"e9$$$$e800005b8b4c..501736890e....8b47..1347..3347..2b47..36a3....83c6..b9....8b7f..037f..ac363006\")||Binary.compare(\"e9$$$$e800005b8b4c..501736890e....8b47..3347..36a3....83c6..b9....8b7f..037f..ac363006\"))&&(sOptions=\"by ZeroCoder //XG\",bDetected=1),result()}meta(\"protector\",\"CCC\")" }, { "path": "dbs_min/db/COM/protector_CHECKPRG.2.sg", "content": "function detect(){return Binary.compare(\"33c0be....8bd8b9....bf....ba....474a74..ac320503d8e2\")&&(sOptions=\"1992 by Jordi Mas Hernandez\",bDetected=1),result()}meta(\"protector\",\"CHECKPRG\")" }, { "path": "dbs_min/db/COM/protector_CNT.2.sg", "content": "function detect(){return Binary.compare(\"'CNT'58e8$$$$5e8b4c..bf....ac3306....3306\")&&(sOptions=\"by C0NTRiVER\",bDetected=1),result()}meta(\"protector\",\"CNT\")" }, { "path": "dbs_min/db/COM/protector_COM-Protect.2.sg", "content": "function detect(){return Binary.compare(\"e9$$$$8b1e....83eb..b8....5053b430cd215b9ceb\")?(sOptions=\"1995 by Mr.Wicked\",bDetected=1):Binary.compare(\"e9$$$$565699521fe8....5d8d86....0e508f06....8f06....83c6..565f0e1fb9....b8....a3\")?(sOptions=\"1994 by SiAC\",bDetected=1):Binary.compare(\"2e8006......eb00c3\")&&(sOptions=\"1994 by Misha //UCF\",bDetected=1),result()}meta(\"protector\",\"COM-Protect\")" }, { "path": "dbs_min/db/COM/protector_COM-Protection.2.sg", "content": "function detect(){return Binary.compare(\"e9$$$$eb$$86c08ec086dbeb$$05....87db8b2e....97eb$$aaaaeb$$aaaaeb$$bb....03ddb9....03cd87cbb8\")&&(sOptions=\"by JAM //UCF\",bDetected=1),result()}meta(\"protector\",\"COM-Protection\")" }, { "path": "dbs_min/db/COM/protector_COMCRYPT.2.sg", "content": "function detect(){return Binary.compare(\"e9$$$$b9....be....89f70e1f0e07bb....fcad31d8abe2\")?(sOptions=\"1997 by HPA\",bDetected=1):Binary.compare(\"e9$$$$eb$$5053575152061e572e8b36....81c6....8a5c..2e881e....8a5c\")?(sVersion=\"1.0b\",bDetected=1):Binary.compare(\"e9$$$$b9....be....89f7fcac04..aae2..b8....bf....abb0..aab8....5033c0c3\")?(sOptions=\"1997 by HPA\",bDetected=1):Binary.compare(\"b8....ffe0\")&&Binary.compare(\"bb....b9....33c02e802f..43e2\",Binary.readWord(1)-256)&&(sOptions=\"by Stone\",bDetected=1),result()}meta(\"protector\",\"ComCrypt\")" }, { "path": "dbs_min/db/COM/protector_COMPROTECT.2.sg", "content": "function detect(){return Binary.compare(\"b8....15....72..8ac4bb....50515253555657061e50b8....58eb\")&&(sVersion=\"2.10\",sOptions=\"1988-95 by Ralph Roth\",bDetected=1),result()}meta(\"protector\",\"COMPROTECT (RCP)\")" }, { "path": "dbs_min/db/COM/protector_COP.2.sg", "content": "function detect(){return Binary.compare(\"bf....be....b9....ac3206....aae2\")&&(sVersion=\"1.0\",sOptions=\"by Jack A. Orman\",bDetected=1),result()}meta(\"protector\",\"COP\")" }, { "path": "dbs_min/db/COM/protector_CodeLock.2.sg", "content": "function detect(){return Binary.compare(\"e9$$$$bb....535856535981e9....31ff575a5dbe....e9\")?(sVersion=\"4.0\",sOptions=\"1993 by Dr. Detergent\",bDetected=1):Binary.compare(\"e9$$$$b430cd213c037d$$068e06....061f31c0505e565fae\")&&(sVersion=\"3.0\",sOptions=\"1993 by Dr. Detergent\",bDetected=1),result()}meta(\"protector\",\"CodeLock\")" }, { "path": "dbs_min/db/COM/protector_Codesafe.2.sg", "content": "function detect(){return Binary.compare(\"e9$$$$5033c08ec02ef606......74..26ff36....061e07e8....07268f06....fb2e8c1e....26ff36....268f06\")&&(sOptions=\"by EliaShim Ltd\",bDetected=1),result()}meta(\"protector\",\"Codesafe\")" }, { "path": "dbs_min/db/COM/protector_ComProt.2.sg", "content": "function detect(){return Binary.compare(\"e9$$$$e800005e8bee81ed....8db6....b9....f61446e2\")&&(sVersion=\"1.0b\",bDetected=1),result()}meta(\"protector\",\"ComProt\")" }, { "path": "dbs_min/db/COM/protector_ComProtector.2.sg", "content": "function detect(){return Binary.compare(\"e9$$$$b9....bb....bf....2e8a0734..fec8c0c0..2e88052e000d2e002d4743e2\")?(sVersion=\"1.0\",sOptions=\"1998 by Marco Ruhmann\",bDetected=1):Binary.compare(\"e9$$$$b9....e800005b83c3..90fa8bd48be133c02e030e....2ec007..0f23f82e2b0e....2e300f0f23d8\")&&(sVersion=\"1.1\",sOptions=\"1998 by Marco Ruhmann\",bDetected=1),result()}meta(\"protector\",\"ComProtector\")" }, { "path": "dbs_min/db/COM/protector_Comlock.2.sg", "content": "function detect(){return Binary.compare(\"e9$$$$eb$$bb....be....81c6....03f3bf....b9....f3a42e8a87....be....8bc82e300446ffc0e2\")||Binary.compare(\"e9$$$$eb$$bb....be....81c6....03f3bf....b9....f3a42e8a87....be....8bcb2e300446fec0e2\")?(sVersion=\"0.10\",bDetected=1):Binary.compare(\"e9$$$$eb$$bb....be....81c6....03f3bf....b9....f3a42e8a87....8bcbbe....2e3004fec046e2\")&&(sVersion=\"0.1X\",bDetected=1),result()}meta(\"protector\",\"Comlock by Trouble Makers\")" }, { "path": "dbs_min/db/COM/protector_CrAcKeR.2.sg", "content": "function detect(){return Binary.compare(\"eb$$be....8bfe5633c0be....ac02e081fe....72..5eac34..aa81fe....72\")&&(sVersion=\"0.2a\",sOptions=\"by Deu$\",bDetected=1),result()}meta(\"protector\",\"CrAcKeR\")" }, { "path": "dbs_min/db/COM/protector_Crack2EXE.1.sg", "content": "function detect(){return Binary.compare(\"b9....bf....8035..47e2..be....8034..46803c..75..be....e8....be....e8....be....e8....bd\")?(sName+=\"/486\",sVersion=\"0.02 Alfa\",sOptions=\"1996 by Professor Nimnul\",bDetected=1):Binary.compare(\"b9....bf....8035..47e2..d7aa6de9\")&&(sVersion=\"0.02\",sOptions=\"(crypted) 1996 by Professor Nimnul\",bDetected=1),result()}meta(\"protector\",\"Crack2exe\")" }, { "path": "dbs_min/db/COM/protector_CryptCom.2.sg", "content": "function detect(){return Binary.compare(\"e9$$$$be....56b9....c704....c644....8134....4646e2..31f631c9c3\")?(sVersion=\"2.0\",sOptions=\"by Nowhere Man\",bDetected=1):Binary.compare(\"bf....57be....90b9....f3a4c3\")&&(sVersion=\"1.1\",sOptions=\"by Frank Baumgartner\",bDetected=1),result()}meta(\"protector\",\"CryptCom\")" }, { "path": "dbs_min/db/COM/protector_Crypto-King.2.sg", "content": "function detect(){return Binary.compare(\"bf....be....57b9....f3a4c3\")&&(sVersion=\"1.08\",bDetected=1),result()}meta(\"protector\",\"Crypto-King\")" }, { "path": "dbs_min/db/COM/protector_DCFR.2.sg", "content": "function detect(){return Binary.compare(\"b8....ba....3bc4eb$$72$$5250b9....bb....8b0733c140890743e2\")&&(sVersion=\"0.0.4\",bDetected=1),result()}meta(\"protector\",\"DCFR\")" }, { "path": "dbs_min/db/COM/protector_DS-CRP.2.sg", "content": "function detect(){var e\nreturn Binary.compare(\"b8....50c3\")&&(e=Binary.readWord(1)-256+8,Binary.compare(\"e800005d81ed....9c32e4509d9c5880e4..80fc..74..b4..509d9c5880e4..74..9deb\",e)&&(sVersion=\"1.30\"),sOptions=\"by Dark Stalker //UCF\",bDetected=1),result()}meta(\"protector\",\"DS-CRP\")" }, { "path": "dbs_min/db/COM/protector_Deeper.2.sg", "content": "function detect(){return Binary.compare(\"90e9$$$$e8000059fa8bdc36c747......36837f....75..fb66fafb8be981ed....81e9....be....8dbe....668b05668904\")&&(sVersion=\"1.0c\",bDetected=1),Binary.compare(\"90e9$$$$e80000fa8bdc36c747......36837f....75..fb598be981ed....81e9....be....8dbe....668b05668904\")&&(sVersion=\"1.0a\",bDetected=1),result()}meta(\"protector\",\"Deeper\")" }, { "path": "dbs_min/db/COM/protector_E2C-Scrambler.2.sg", "content": "function detect(){return Binary.compare(\"e9$$$$fabc....c1ea..8ccd03ea8ec5bf....be....b9....bb....fdac320702c1d2c002c5aa4381fb....75..bb....e2\")&&(sOptions=\"1999 by Amokk //FTW\",bDetected=1),result()}meta(\"protector\",\"E2C-Scrambler\")" }, { "path": "dbs_min/db/COM/protector_E2C1.2.sg", "content": "function detect(){return Binary.compare(\"bc....33c050b8....50ba....b8....cd21b8....cd21bf....be....b9....9081ff....74..8a050204aa46e2..eb\")&&(sOptions=\"1990 by Erik Labs\",bDetected=1),result()}meta(\"protector\",\"E2C protection\")" }, { "path": "dbs_min/db/COM/protector_EPW.2.sg", "content": "function detect(){return Binary.compare(\"e9$$$$06571e565552515350bb....81c3....2e8b078ccb03c305....50b8....50cb\")&&(sVersion=\"1.2\",sOptions=\"by Aland D. Jones\",bDetected=1),result()}meta(\"protector\",\"EPW\")" }, { "path": "dbs_min/db/COM/protector_EXETools.2.sg", "content": "function detect(){return Binary.compare(\"68....68....68....be....bf....57b9....f3a4c3\")?(sVersion=\"2.1 /E\",bDetected=1):Binary.compare(\"e9$$$$e800005d8bcd83ed..bf....be....2bcff3a4b9....be....03f5\")?(sVersion=\"2.1\",bDetected=1):Binary.compare(\"68....bf....8bf757b9....51b4..ac32c4c0c4..02e102f0aae2..33c0595e5f57eb\")?(sVersion=\"2.0\",bDetected=1):Binary.compare(\"68....68....68....be....bf....57b9....f3a4c3\")&&(sVersion=\"2.1 /E\",bDetected=1),result()}meta(\"protector\",\"EXETools by Dismember\")" }, { "path": "dbs_min/db/COM/protector_Encriptor.2.sg", "content": "function detect(){return Binary.compare(\"eb$$b9....be....bf....acd0c8aae2..be....bf....acaa\")&&(sVersion=\"1.00c\",sOptions=\"by Dark Stalker //UCF\",bDetected=1),result()}meta(\"protector\",\"Encriptor\")" }, { "path": "dbs_min/db/COM/protector_Entropy_Coder.2.sg", "content": "function detect(){return Binary.compare(\"be....bf....b9....fdf3a447fcffe7\")&&(sOptions=\"by Sergey Lukashev\",bDetected=1),result()}meta(\"protector\",\"Entropy Coder\")" }, { "path": "dbs_min/db/COM/protector_ExOM.2.sg", "content": "function detect(){return Binary.compare(\"'EXOM'fabd....ffe5\")&&(sVersion=\"0.0X\",sOptions=\"by Abdelaziz BELBACHiR\",bDetected=1),result()}meta(\"protector\",\"ExOM\")" }, { "path": "dbs_min/db/COM/protector_FCRYPT.2.sg", "content": "function detect(){return Binary.compare(\"e9$$$$505351be....bf....8befb9....fcacd0c032c1d0c032c1aae2..595b58ffe5\")&&(sVersion=\"2.10b\",sOptions=\"1992-93 by Chip & Dale SoftGroup\",bDetected=1),result()}meta(\"protector\",\"FCRYPT\")" }, { "path": "dbs_min/db/COM/protector_GOAT.2.sg", "content": "function detect(){return(Binary.compare(\"5156505253813c....75$$424a81c3....8bdb595e585a5bb4..ba....cd21b8....cd21474f\")||Binary.compare(\"50565351b8....807c....74$$8bc0585e5b59b4..ba....cd21b8....cd21474f4154\")||Binary.compare(\"56515052807c....75$$81c2....8bc05e59585ab4..ba....cd21b8....cd21474f4154\"))&&(sOptions=\"1996 by Martin Overton\",bDetected=1),result()}meta(\"protector\",\"GOAT\")" }, { "path": "dbs_min/db/COM/protector_Guardian_Angel.2.sg", "content": "function detect(){return Binary.compare(\"e9$$$$06fcbe....eb$$ba....eb$$eb$$eb$$8a04eb$$eb$$eb$$d0c8eb$$2ad0eb$$32c6eb$$d1c2eb$$8804eb$$eb$$eb$$4681fe....74\")||Binary.compare(\"e9$$$$06fcbe....8be8e4210c..eb$$e6218bc5ba....8be8e4210c..eb$$e6218bc58a0ceb\")||Binary.compare(\"e9$$$$06fcbb....eb$$eb$$eb$$b9....8be8e42102..eb$$e6218bc58a17eb\")||Binary.compare(\"e9$$$$06fcbb....8be8e4210c..eb$$e6218bc5ba....eb$$eb$$eb$$8a0f\")||Binary.compare(\"e9$$$$06fcbe....eb$$......eb$$8a..8be8e4210c..eb$$e6218bc5fe\")?(sVersion=\"1.0\",bDetected=1):Binary.compare(\"e9$$$$06fcbf....8be8e4210c..eb$$e6218bc5bb....eb$$8a05eb$$eb$$eb$$fe\")?(sVersion=\"1.0\",sOptions=\"registered\",bDetected=1):Binary.compare(\"e9$$$$e800005d81ed....9c588bc825....509d9c5825....3d....75..eb\")?(sVersion=\"1.0b\",bDetected=1):Binary.compare(\"e9$$$$06fcbb....eb$$ba....eb$$eb\")&&(sVersion=\"1.0\",bDetected=1),result()}meta(\"protector\",\"Guardian Angel\")" }, { "path": "dbs_min/db/COM/protector_HDKPROTC.2.sg", "content": "function detect(){return Binary.compare(\"e9$$$$4851442ea1....2d....8bd805....8bf0bf....b9....f3a48bcbd1e9b8....8bf08bf8066a..07268b2e\")&&(sVersion=\"1.1\",bDetected=1),result()}meta(\"protector\",\"HDKPROTC\")" }, { "path": "dbs_min/db/COM/protector_HackStop.2.sg", "content": "function detect(){return Binary.compare(\"fabe....ffe6\")?(sVersion=\"1.17cr\",bDetected=1):Binary.compare(\"fabd....ffe5\")?(sVersion=\"1.13cs\",bDetected=1):Binary.compare(\"fabb....ffe3\")&&(sVersion=\"1.14s\",bDetected=1),result()}meta(\"protector\",\"HackStop\")" }, { "path": "dbs_min/db/COM/protector_IntroC0der.1.sg", "content": "function detect(){return Binary.compare(\"be....b9....8bfeac32c1d2c032c5aae2\")&&(sOptions=\"1995 by SkullC0der\",bDetected=1),result()}meta(\"protector\",\"IntroC0der\")" }, { "path": "dbs_min/db/COM/protector_Keygen_crypt.2.sg", "content": "function detect(){return Binary.compare(\"e9$$$$e800005d8d7e..575eb9....ad35....abe2\")&&(sVersion=\"1.00\",sOptions=\"by Majestic\",bDetected=1),result()}meta(\"protector\",\"KeyGen Crypt\")" }, { "path": "dbs_min/db/COM/protector_Khrome_Crypt.2.sg", "content": "function detect(){return Binary.compare(\"b9....b8....eb$$05....fc80c4..eb$$eb$$f4\")&&(sVersion=\"0.3\",sOptions=\"1997 by Teraphy\",bDetected=1),result()}meta(\"protector\",\"Khrome Crypt\")" }, { "path": "dbs_min/db/COM/protector_LAME_GG.2.sg", "content": "function detect(){return Binary.compare(\"e9$$$$e8$$$$5eb9....314c..33c08ee003c605....faeb$$648b1e....899c....648b1e....899c....64a3....648c0e\")&&(sOptions=\"1999\",bDetected=1),result()}meta(\"protector\",\"LAME GG (PROPHECY protection)\")" }, { "path": "dbs_min/db/COM/protector_LAMPROT.2.sg", "content": "function detect(){return Binary.compare(\"e9$$$$8b0e....be....bf....f3a4b9....bb....8a0734..880743e2..33c033c933db33d233ff33f668....c3\")&&(sOptions=\"by gds //FH\",bDetected=1),result()}meta(\"protector\",\"LAMPROT\")" }, { "path": "dbs_min/db/COM/protector_Lock-Master.2.sg", "content": "function detect(){return Binary.compare(\"e9$$$$eb$$31c0061e502d....501f0726ff77..26ff77..8f87....8f87....ffb7....ffb7....585b29c353bb....5a1f07\")&&(sVersion=\"9.0\",sOptions=\"by Andrew Kacy\",bDetected=1),result()}meta(\"protector\",\"Lock-Master\")" }, { "path": "dbs_min/db/COM/protector_MASK.2.sg", "content": "function detect(){return Binary.compare(\"e8$$$$5557cd03fc4d41534bfa8bec836e....8b6e..fb49e8....5b81eb....50d6515256\")?(sVersion=\"2.0\",sOptions=\"1995 by JosB M. L. Lopes.\",bDetected=1):Binary.compare(\"e8$$$$5557cd03fc4d41534bfa8bec8346....ff76..5d49e8....5b81eb....50d6515256\")?(sVersion=\"2.4\",sOptions=\"1995 by JosB M. L. Lopes.\",bDetected=1):Binary.compare(\"e8$$$$5557cd03fc4d41534bfd50fa8bc4f7dcbc....9449fbd651521f5256\")?(sVersion=\"2.5\",sOptions=\"1995 by JosB M. L. Lopes.\",bDetected=1):Binary.compare(\"e8$$$$5557cd03fc4d41534bfa8bec836e....ff76..5d49e800005b81eb\")&&(sVersion=\"2.3\",sOptions=\"1995 by JosB M. L. Lopes.\",bDetected=1),result()}meta(\"protector\",\"MASK\")" }, { "path": "dbs_min/db/COM/protector_MCLock.2.sg", "content": "function detect(){return(Binary.compare(\"e9$$$$909090fa29c08ec026c606......26c606......268c0e....26c606......26c606......268c0e....fbcd01\")||Binary.compare(\"e9$$$$eb00e9$$$$909090fa29c08ec026c606......26c606......268c0e....26c606......26c606......268c0e....fbcd01\"))&&(sVersion=\"1.2, 1.3\",bDetected=1),result()}meta(\"protector\",\"MCLock\")" }, { "path": "dbs_min/db/COM/protector_MESS.2.sg", "content": "function detect(){return Binary.compare(\"....................b9....f326ace3..eb$$ba....b409cd21cd20\")&&(sVersion=\"1.07\",bDetected=1),result()}meta(\"protector\",\"MESS\")" }, { "path": "dbs_min/db/COM/protector_MSCC.2.sg", "content": "function detect(){return Binary.compare(\"e9$$$$0e07be....bf....b9....f3a4b9....be....accc9803d8e2\")&&(sVersion=\"1.0a\",sOptions=\"1997 by Mad $cientist\",bDetected=1),result()}meta(\"protector\",\"MSCC\")" }, { "path": "dbs_min/db/COM/protector_MegaShield.2.sg", "content": "function detect(){return Binary.compare(\"90b8....e72133d252be....bd....b9....ad03d0d3c233c2d3ca2bd0e2\")&&(sVersion=\"1.01a\",sOptions=\"by t-REX //PSA\",bDetected=1),result()}meta(\"protector\",\"MegaShield\")" }, { "path": "dbs_min/db/COM/protector_Microxor.2.sg", "content": "function detect(){return Binary.compare(\"e8$$$$bf....5e57b9....300ca4e2..c3\")&&(sOptions=\"2000 by Jibz\",bDetected=1),result()}meta(\"protector\",\"MiCRoXoR\")" }, { "path": "dbs_min/db/COM/protector_NH.2.sg", "content": "function detect(){return Binary.compare(\"be....bf....57b9....f3a4c3\")&&(bDetected=1,sOptions=\"by MANtiC0RE\"),result()}meta(\"protector\",\"NH\")" }, { "path": "dbs_min/db/COM/protector_NoAV.2.sg", "content": "function detect(){return Binary.compare(\"e9$$$$68....60be....66b8........668706....b9....51c1e9..41be....5156bf....e8\")&&(sOptions=\"by VAG\",bDetected=1),result()}meta(\"protector\",\"NoAV\")" }, { "path": "dbs_min/db/COM/protector_Nodebug.2.sg", "content": "function detect(){return Binary.compare(\"e8$$$$b430cd21b4..03f897d6405e50978b4d..ac32c1aae2\")&&(sVersion=\"1.0 part 1\",sOptions=\"by JVP\",bDetected=1),result()}meta(\"protector\",\"Nodebug\")" }, { "path": "dbs_min/db/COM/protector_PCOM.2.sg", "content": "function detect(){return Binary.compare(\"be....b9....2e8a0434..2e880446e2\")&&(sVersion=\"2.8b2, 2.8b3 -e -i\",sOptions=\"1999\",bDetected=1),result()}meta(\"protector\",\"PCOM\")" }, { "path": "dbs_min/db/COM/protector_PCRYPT.2.sg", "content": "function detect(){return Binary.compare(\"'PCRYPT'ff'v3.51'00e9\")&&(sVersion=\"3.51\",sOptions=\"1997 by MERLiN //DTG\",bDetected=1),result()}meta(\"protector\",\"PCRYPT\")" }, { "path": "dbs_min/db/COM/protector_PCVault-Protect.2.sg", "content": "function detect(){return Binary.compare(\"be....fcac3c..75..e9....ac3c..74..e9....eb\")&&(sOptions=\"1993 by E. Johnson\",bDetected=1),result()}meta(\"protector\",\"PCVault-Protect\")" }, { "path": "dbs_min/db/COM/protector_PROTECT.2.sg", "content": "function detect(){var e=Math.min(65536,Binary.getSize())\nreturn-1!=Binary.findSignature(0,e,\"0c02e9......e421e9......88e0..........eb....e621e9......88c4........e9......e621eb\")?(sVersion=\"5.5\",bDetected=1):-1!=Binary.findSignature(0,e,\"e42150e9......e621e9......58e621e9......b0ffeb\")||Binary.compare(\"e9$$$$ba....81f2\")||Binary.compare(\"e9$$$$bb....81c3....eb\")||Binary.compare(\"e9$$$$be....81ee....bb....d1cb8b04\")||Binary.compare(\"e9$$$$bf....81ef....eb\")||Binary.compare(\"e9$$$$be....81ee....bb....d1cb8b04\")||Binary.compare(\"e9$$$$bf....81f7\")||Binary.compare(\"e9$$$$ba....81c2....eb\")||Binary.compare(\"e9$$$$bd....81f5....eb\")||Binary.compare(\"e9$$$$bd....d1cd\")||Binary.compare(\"e9$$$$bb....81f3\")?(sVersion=\"5.0\",bDetected=1):Binary.compare(\"e9$$$$1efd2efe\")?(sVersion=\"5.5\",bDetected=1):Binary.compare(\"e9$$$$e800005d81ed....33c08ed88bf0bf....b9....fcf3a5fd87fe8cc08ed833c08ec04f4f\")?(sVersion=\"4.0\",bDetected=1):Binary.compare(\"e9$$$$1eb430cd213c..73..cd20be....e8....e8....1f8cd88ec0\")?(sVersion=\"6.0\",bDetected=1):Binary.compare(\"e8$$$$501e060e550e1f33c08ec0fafc26a1....5026a1....50\")?(sVersion=\"3.0/3.1\",bDetected=1):Binary.compare(\"b8....50b8....50e9$$$$c606......eb$$8cc6060b01c3\")?(sVersion=\"2.0\",sOptions=\"1993\",bDetected=1):Binary.compare(\"b8....50e9$$$$c606......eb$$8cc6060701c3eb\")&&(sVersion=\"1.0\",sOptions=\"1993\",bDetected=1),result()}meta(\"protector\",\"PROTECT! COM\")" }, { "path": "dbs_min/db/COM/protector_PTP.2.sg", "content": "function detect(){return Binary.compare(\"'PTP50'fafafcb430cd21fb585c582bc05257502ec606\")?(sVersion=\"5.0\",bDetected=1):Binary.compare(\"'PTP40'fafafcb430cd21fb585c582bc05257502ec606\")&&(sVersion=\"4.0\",bDetected=1),result()}meta(\"protector\",\"PTP\")" }, { "path": "dbs_min/db/COM/protector_PassCOM.2.sg", "content": "function detect(){return Binary.compare(\"e9$$$$be....bf....b9....8ae1ac32c402e1aae2..68....c3\")&&(sVersion=\"2.0\",bDetected=1),result()}meta(\"protector\",\"PassCOM\")" }, { "path": "dbs_min/db/COM/protector_Propellerhead_encryption.2.sg", "content": "function detect(){return Binary.compare(\"e9$$$$b430cd2180fc..72..90e9....90bb....81c3....53b0..04..51b9....e9\")&&(sOptions=\"1997\",bDetected=1),result()}meta(\"protector\",\"Propellerhead encryption\")" }, { "path": "dbs_min/db/COM/protector_ProtEXE.2.sg", "content": "function detect(){return Binary.compare(\"e9$$$$9c5053515256571e0655fabe....8a64..8b54..8bda81c3....8c4f..908b0f894c..8a4f..884c..8bfe8bca83e9..fcac\")&&(sVersion=\"3.0\",sOptions=\"1996\",bDetected=1),result()}meta(\"protector\",\"ProtEXE (com)\")" }, { "path": "dbs_min/db/COM/protector_R-Crypt.2.sg", "content": "function detect(){return Binary.compare(\"e9$$$$68....60bf....b9....b0..2e3005fec047e2..61c706........c606\")?(sVersion=\"0.91\",bDetected=1):Binary.compare(\"e9$$$$68....60bf....b9....b0..2e300547fec0e2..61c706........c606\")?(sVersion=\"0.93\",bDetected=1):Binary.compare(\"e9$$$$bf....57b9....c705....c645....8135....4747e2..33ffc3\")&&(sVersion=\"0.92\",bDetected=1),result()}meta(\"protector\",\"R-Crypt\")" }, { "path": "dbs_min/db/COM/protector_RCC.2.sg", "content": "function detect(){var e\nreturn Binary.compare(\"fabc....ffe4\")?(e=Binary.readWord(2)-256,Binary.compare(\"83c4..bc....60e8$$$$e8$$$$50b8....58eb\",e)&&(sVersion=\"0.51/386\",bDetected=1)):Binary.compare(\"90bd....ffe5\")?(e=Binary.readWord(2)-256,Binary.compare(\"faf7dc87ec83c4..81c4....f7dc83ec..87ecbc....50535251061eb9....b0..e6\",e)&&(sVersion=\"1.08h\",bDetected=1)):Binary.compare(\"fcbe....bf....5657b9....f3a55e5f33db33d2\")?(sVersion=\"1.08h\",bDetected=1):Binary.compare(\"e9$$$$9c505351525657551e06fcb8....cd21\")&&(sName=\"RCC/286\",sVersion=\"1.10\",bDetected=1),result()}meta(\"protector\",\"RCC II\")" }, { "path": "dbs_min/db/COM/protector_RSCC.2.sg", "content": "function detect(){return Binary.compare(\"b1..32ff82c7..b2..b5..b3..81c2....d0c203d133d1f7d232d13097\")?(sVersion=\"1.03\",bDetected=1):Binary.compare(\"....82........81......32..80....2b..81\")||Binary.compare(\"....80........81......30..80....30..80\")||Binary.compare(\"32ed80c5..b2..b6..29ff81cf....32c980\")||Binary.compare(\"29ff81f7....33d281f2....31c981c9....f81015a64975..fa53f889ea8944\")||Binary.compare(\"2aed80cd..28c982c1..2ad282ca..bb....81c2....f7da03d102d128174383\")||Binary.compare(\"28ed82cd..2aff82cf..32db80f3..b1..33c081c0....05....d0c033c1f7d002c1f83187\")?(sVersion=\"1.04\",bDetected=1):Binary.compare(\"30c982f1..29d281ca....be....32ed82f5..81c2....d0c2f7da33d1\")||Binary.compare(\"32ff82c7..b3..30ed80c5..b1..f88197........4343e2\")?(sVersion=\"1.03\",bDetected=1):Binary.compare(\"f5bb....b8....bf....2e8037..81ff....4374..4875..90b5..1f9b\")?(sVersion=\"1.20\",bDetected=1):Binary.compare(\"33d281f2....2bdb81f3....b9....3197....83c3..497f..2a142cca3aca\")?(sVersion=\"1.04\",bDetected=1):Binary.compare(\"2bc981c1....29d281f2....33db81c3....81c2....291783c3..497f..ab\")||Binary.compare(\"b9....2bdb81cb....f880b7......434975..55fc532245..ef57f9\")?(sVersion=\"1.03\",bDetected=1):(Binary.compare(\"bf....8bf7b9....b4..8a0532c480c4..aae2\")||Binary.compare(\"b9....be....8bfeadd1c034..86c42ae003c7abe2\")||Binary.compare(\"fc50be....bf....57b9....f3a4c3\")||Binary.compare(\"eb$$fcbe....bf....57b9....f3a4bf....be....b9....c3\"))&&(sVersion=\"1.0X\",sOptions=\"mutated COM like RSCC\",bDetected=1),result()}meta(\"protector\",\"RSCC\")" }, { "path": "dbs_min/db/COM/protector_SCC.2.sg", "content": "function detect(){return Binary.compare(\"fd53565b0fa1be....ad648b16....643106....648916....adff36....643306\")&&(sOptions=\"by The Cleric //LZ0\",bDetected=1),result()}meta(\"protector\",\"SCC\")" }, { "path": "dbs_min/db/COM/protector_SCRAM.2.sg", "content": "function detect(){return Binary.compare(\"'SCRAM'b430cd213c..77..cd20bc....b9....8bfcb2..584cf6d82ac2d2c8feca32d181ff....73..eb\")&&(sVersion=\"0.8a1\",sOptions=\"1997 by bushwoelie & ACP\",bDetected=1),result()}meta(\"protector\",\"SCRAM!\")" }, { "path": "dbs_min/db/COM/protector_Scrambler.2.sg", "content": "function detect(){return Binary.compare(\"eb$$fafc31ff8ec726ff36....26ff36....8d36....b9....f3a4b9....cd00\")&&(sVersion=\"1.00\",bDetected=1),result()}meta(\"protector\",\"Scrambler\")" }, { "path": "dbs_min/db/COM/protector_Scrypt!.2.sg", "content": "function detect(){return Binary.compare(\"e9$$$$e8$$$$e800005a5f578bf78bce33dbb7..acfec0f6d032c7aa86fb43c1c3..331e....331e....331e....331e\")?(sVersion=\"0.4\",sOptions=\"by DarkGrey //DTG\",bDetected=1):Binary.compare(\"e9$$$$e8$$$$5d81ed....b9....be....03f58bfeb4..ac32c4f6d4aae2\")&&(sVersion=\"0.4\",sOptions=\"1998 by DarkGrey //DTG\",bDetected=1),result()}meta(\"protector\",\"Scrypt!\")" }, { "path": "dbs_min/db/COM/protector_Scrypt.2.sg", "content": "function detect(){return Binary.compare(\"e9$$$$e800005d8d5e..eb$$53eb$$66bd........e9$$$$b8....eb$$cc\")&&(sVersion=\"1.0\",sOptions=\"1998 by hijaq //BAC\",bDetected=1),result()}meta(\"protector\",\"SCRYPT\")" }, { "path": "dbs_min/db/COM/protector_SelfCrypt.2.sg", "content": "function detect(){return Binary.compare(\"8cc88ed833ffbe....bb....8a048a1132c288043c..74..4683ff..7d..47eb\")?(sOptions=\"1999 by MCS\",bDetected=1):(Binary.compare(\"e8$$$$eb$$8cca8eda8ec2be....bf....b9....2ec706........31c0ada3....3136....8bc18bdef7e33106....3116....a1....abe2\")||Binary.compare(\"e8$$$$eb$$8cca8eda8ec2be....bf....b9....ad2ea3....2e3136....8bc18bdef7e32e3106....2e3116....2ea1....abe2\"))&&(sVersion=\"1994 by PHOENiX\",bDetected=1),result()}meta(\"protector\",\"SelfCrypt\")" }, { "path": "dbs_min/db/COM/protector_SelfProtect386.2.sg", "content": "function detect(){return Binary.compare(\"'=SYRIUS=DIRE=SERVICE='071a\")&&(bDetected=1),result()}meta(\"protector\",\"SelfProtect386\")" }, { "path": "dbs_min/db/COM/protector_SnoopStop.2.sg", "content": "function detect(){return Binary.compare(\"90e9$$$$eb$$55e80000598be981ed....66608d9e....8d8e....2bcb2e8a0734..34..34..fec0f6d0\")&&(sVersion=\"1.15\",sOptions=\"1998 by Trills and Technologies\",bDetected=1),result()}meta(\"protector\",\"SnoopStop\")" }, { "path": "dbs_min/db/COM/protector_SoftGuard.1.sg", "content": "function detect(){return Binary.compare(\"e9$$$$8cc88ed88c06....8cc73bc774..8bfc368b052ea3....368b45..2ea3....a1....a3....a1....a3....a1....b1\")&&(sOptions=\"1984-86\",bDetected=1),result()}meta(\"protector\",\"Softguard\")" }, { "path": "dbs_min/db/COM/protector_Steplock.2.sg", "content": "function detect(){return Binary.compare(\"e9$$$$0e1fb9....030e....be....d204282c46e2\")&&(sVersion=\"1.00A\",sOptions=\"by Morten Pedersens\",bDetected=1),result()}meta(\"protector\",\"Steplock\")" }, { "path": "dbs_min/db/COM/protector_TCEC.2.sg", "content": "function detect(){return Binary.compare(\"1aff5fb9....f326ace3..eb\")&&(sVersion=\"3.60\",sOptions=\"by ThE CLERiC! //LZ0, EVD\",bDetected=1),result()}meta(\"protector\",\"TCEC\")" }, { "path": "dbs_min/db/COM/protector_UnPackStop.2.sg", "content": "function detect(){var e\nreturn Binary.compare(\"68....c3\")&&(e=Binary.readWord(1)-256,Binary.compare(\"8bc450be....bf....eb$$b8....501f58eb\",e))&&(sVersion=\"0.95\",sOptions=\"by Szaszi (Szabo Laszlo)\",bDetected=1),result()}meta(\"protector\",\"UnPackStop\")" }, { "path": "dbs_min/db/COM/protector_UniCrypt.1.sg", "content": "function detect(){return Binary.compare(\"8cc805....50b8....50cb\")&&(sVersion=\"1.01\",sOptions=\"1998 by V.Slinchuk\",bDetected=1),result()}meta(\"protector\",\"UniCrypt\")" }, { "path": "dbs_min/db/COM/protector_Venus.2.sg", "content": "function detect(){return Binary.compare(\"b9....fa8bdc8cd2bc....03e1d1e94c4c5886e9d3c033c186e9f7d050e2\")&&(bDetected=1),result()}meta(\"protector\",\"Venus crypt\")" }, { "path": "dbs_min/db/COM/protector_XORCOPY.2.sg", "content": "function detect(){return Binary.compare(\"e9$$$$b8....bb....ba....3107434039d375..c606......c606......c606......31c031db31d2e9\")&&(sVersion=\"1.0\",sOptions=\"1995 by DeiMoS\",bDetected=1),result()}meta(\"protector\",\"XORCOPY\")" }, { "path": "dbs_min/db/COM/protector_XcomOR.2.sg", "content": "function detect(){return Binary.compare(\"'MMX'e8$$$$83c5..8306......b8....5050ffe0\")?(sVersion=\"0.XX\",bDetected=1):Binary.compare(\"'MMX'668136............eb$$668136............eb\")?(sVersion=\"0.99i, 0.99h\",bDetected=1):Binary.compare(\"'MMX'b409ba....cd21e8$$$$1e6a..1f8136........8136........8b1e....a1....501f813f....75\")?bDetected=1:Binary.compare(\"'MMX'b8....ba....87ecbc....eb$$50b409cd2187e533edeb$$4f030de8\")?(sName=\"XcomOR/486 by madmax\",bDetected=1):Binary.compare(\"'MMX'b8....ba....87ecbc....eb$$50b409cd2187e533ede8$$$$1e6a..1f\")?(sVersion=\"0.99f\",bDetected=1):Binary.compare(\"e8$$$$8006......b4..5050c3bf....57bb....8b4d..81\")?(sVersion=\"0.99a\",bDetected=1):Binary.compare(\"'MMX'eb$$4feb$$8b0dba....83c2..90eb\")&&(bDetected=1),result()}meta(\"protector\",\"XcomOR by madmax\")" }, { "path": "dbs_min/db/COM/protector_XoReR.2.sg", "content": "function detect(){return Binary.compare(\"e9$$$$ba....b9....51b0..e660fab430cd213c..73..33c00650cbbf....8b36....59e2\")?(sVersion=\"2.l\",sOptions=\"by dR.No //ViP\",bDetected=1):Binary.compare(\"e9$$$$be....8bfeb9....33db80c3..ac32c3aae2\")?(sVersion=\"1.0\",sOptions=\"by dR.No //ViP\",bDetected=1):Binary.compare(\"e9$$$$b8....e721b8....cd21b430cd218b2e....8b1e....bf....b9....b430cd2132..73..be....bf....b9....fcac300547e2\")?(sVersion=\"1.0 [2nd pass]\",sOptions=\"by dR.No //ViP\",bDetected=1):Binary.compare(\"e9$$$$ba....b9....51b8....e721b430cd213c..73..33c00650cb\")&&(sVersion=\"2.0\",sOptions=\"1998 by dR.No //ViP\",bDetected=1),result()}meta(\"protector\",\"XoReR\")" }, { "path": "dbs_min/db/COM/protector_XorCom.2.sg", "content": "function detect(){return Binary.compare(\"e9$$$$fcbe....bf....57b9....ac34..aae2..c3\")&&(sVersion=\"1.0\",sOptions=\"by tFF\",bDetected=1),result()}meta(\"protector\",\"XorCom\")" }, { "path": "dbs_min/db/COM/protector_aPatch.2.sg", "content": "function detect(){return Binary.compare(\"e8$$$$fde8$$$$ffc75e83ee..e8$$$$5d8176......c646....eb\")&&(sVersion=\"0.05-0.33\",bDetected=1),result()}meta(\"protector\",\"aPatch\")" }, { "path": "dbs_min/db/COM/protector_acBBS_protection.2.sg", "content": "function detect(){return Binary.compare(\"e9$$$$bf....b9....870581f0....86e0faeb$$e8$$$$501e33c08ed8eb$$8706....eb$$8706....8706....1f58c3\")&&(sOptions=\"1994 by p.q.\",bDetected=1),result()}meta(\"protector\",\"acBBS protection p1\")" }, { "path": "dbs_min/db/COM/protector_com-crypt.2.sg", "content": "function detect(){return Binary.compare(\"b8....ffe0\")?(sOffset=Binary.readWord(1),Binary.compare(\"5756bf....b8....abb8....abb0..aa89feb9....31dbad01c329cb89d8abe2\",sOffset-256)?(sOptions=\"by BlackLight, MANtiCORE\",bDetected=1):Binary.compare(\"be....562ec704....2ec744......2ec644....b9....8a0434..880446\",sOffset-256)&&(sName=\"com-crypt on BASIC\",sOptions=\"by BlackLight, MANtiCORE\",bDetected=1)):Binary.compare(\"e8$$$$b7..538b4f..8a47..c0c8..880743e2\")&&(sOptions=\"by Frenzy\",bDetected=1),result()}meta(\"protector\",\"com-crypt\")" }, { "path": "dbs_min/db/COM/protector_fds-cp.2.sg", "content": "function detect(){return Binary.compare(\"8cca2e8916....b4..8b2e....8b1e....8edaa3....8c06....891e....892e....eb\")&&(sVersion=\"0.04a\",bDetected=1),result()}meta(\"protector\",\"fds-cp\")" }, { "path": "dbs_min/db/COM/protector_mCrypt.2.sg", "content": "function detect(){return Binary.compare(\"e9$$$$1e06be....bf....b9....0e1f0e07e8$$$$33c0fa5083c4..83ec..58fb0bc075..c3\")&&(sVersion=\"0.1a\",sOptions=\"1998 by //UFO CREW\",bDetected=1),result()}meta(\"protector\",\"mCrypt\")" }, { "path": "dbs_min/db/COM/protector_protection.2.sg", "content": "function detect(){return Binary.compare(\"33db9090b9....fcad03d8e2..b9....be....8bfefcad33c3ab43e2\")&&(sOptions=\"by ROWDY, St.Petersburg\",bDetected=1),result()}meta(\"protector\",\"protection\")" }, { "path": "dbs_min/db/COM/protector_spirit.2.sg", "content": "function detect(){return Binary.compare(\"e9$$$$b430cd21f6d12ea6e8....b462cd21e8....3636fb969034..c3\")?(sVersion=\"1.X\",bDetected=1):(Binary.compare(\"e9$$$$aee8$$$$e4210c..fbe62190b8....fb5026509087c1\")||Binary.compare(\"e9$$$$369f9f1c..e9$$$$e8$$$$e421f80c..e6218d06....fc505089c1fb\")||Binary.compare(\"e9$$$$f8d72606b435cd2107e8$$$$1c..1c..33d226f6da12ddfcf905....f8f5f6ea\"))&&(sVersion=\"1.5\",bDetected=1),result()}meta(\"protector\",\"$pirit\")" }, { "path": "dbs_min/db/COM/protector_sticker.2.sg", "content": "function detect(){return Binary.compare(\"be....8bc6b1..d3e88cdb03c30344..a3....8cc805....a3....8b44..b1..d3e8\")&&(sOptions=\"1994 by TigraSoft\",bDetected=1),result()}meta(\"protector\",\"sticker\")" }, { "path": "dbs_min/db/COM/protector_x3.2.sg", "content": "function detect(){return(Binary.compare(\"e8$$$$5ebf....57b9....ac34..aae2..c3\")||Binary.compare(\"ba....2e408b142633f6402681c6....2e1ad3\"))&&(sVersion=\"1.4\",sOptions=\"by MANtiC0RE\",bDetected=1),result()}meta(\"protector\",\"x3\")" }, { "path": "dbs_min/db/COM/self-displayer_ACiDDRAW.1.sg", "content": "function detect(){return(Binary.compare(\"e9$$$$b8....cd10b4..b9....cd10e8....ba....90e8....3d....75..e9....3d....75..e9....3d....75..e9....3d....75..eb\")||Binary.compare(\"eb$$b8....cd10b4..b9....cd10e8....ba....90e8....3d....75..e9....3d....75..e9....3d....75..e9....3d....75..eb\"))&&(sVersion=\"1.2\",bDetected=1),result()}meta(\"self-displayer\",\"ACiDDRAW\")" }, { "path": "dbs_min/db/COM/self-displayer_ANS2ALL.1.sg", "content": "function detect(){return Binary.compare(\"e9$$$$e8$$$$b8....cd103c..75..80fb..73..58b8....cd21fcb8....8ec0be....bf....b9....f3a4fa\")&&(sVersion=\"1.3\",sOptions=\"by ZeroCoder //XG\",bDetected=1),Binary.compare(\"e9$$$$2bc9b6..b2..b7..b4..cd212ad22af6b7..b4..cd10b6..32d2b7..b4..cd101e33c050\")&&(sOptions=\"by ZeroCoder //XG\",bDetected=1),result()}meta(\"self-displayer\",\"ANS2ALL\")" }, { "path": "dbs_min/db/COM/self-displayer_ASC2COM.1.sg", "content": "function detect(){return Binary.compare(\"e9$$$$e8$$$$33c0cd333d....75..c606......b8....cd338916....c3\")?(sVersion=\"2.02\",sOptions=\"1992 by MorganSoft\",bDetected=1):Binary.compare(\"e8$$$$e8$$$$b401b7..b9....cd10c3f8bb....8b073d....75..c3\")?(sVersion=\"1.10B\",sOptions=\"1989 by MorganSoft\",bDetected=1):Binary.compare(\"e9$$$$e8$$$$50535157bb....803f..74..33c98a0f438bfbb8....e3\")?(sVersion=\"2.01 Compressed\",sOptions=\"1992 by MorganSoft\",bDetected=1):Binary.compare(\"e9$$$$e8$$$$e8$$$$b4..b7..b9....cd10c3\")&&(sOptions=\"1989 by MorganSoft\",bDetected=1),result()}meta(\"self-displayer\",\"ASC2COM\")" }, { "path": "dbs_min/db/COM/self-displayer_DOC2COM.1.sg", "content": "function detect(){return Binary.compare(\"fc8b0e....498b36....8bfeac3204aae2\")&&(sOptions=\"by Jerry DePyper\",bDetected=1),result()}meta(\"self-displayer\",\"DOC2COM\")" }, { "path": "dbs_min/db/COM/self-displayer_DOC2PAGE.1.sg", "content": "function detect(){return Binary.compare(\"e9$$$$fc8a0e....32ede3..bf....b0..f3ae74..e8....ba....cd21ba....cd21e9\")&&(sOptions=\"by Th. Edel\",bDetected=1),result()}meta(\"self-displayer\",\"DOC2PAGE\")" }, { "path": "dbs_min/db/COM/self-displayer_GTXT.1.sg", "content": "function detect(){return Binary.compare(\"bb....b4..b1..8a070ac074..247f3c..75..438a070ac0\")&&(sVersion=\"1.1\",sOptions=\"by EGans 05/08/86\",bDetected=1),result()}meta(\"self-displayer\",\"GTXT\")" }, { "path": "dbs_min/db/COM/self-displayer_HYPDOC.1.sg", "content": "function detect(){return Binary.compare(\"e9$$$$e8....e8....e8....2ec606......2ec606......b9....2e8a26....b0..e8....2ec606......2ec606......2e8b3e....0e07\")&&(sVersion=\"1.0\",bDetected=1),result()}meta(\"self-displayer\",\"HYPDOC\")" }, { "path": "dbs_min/db/COM/self-displayer_List.1.sg", "content": "function detect(){return Binary.compare(\"bc....1e2bc0508926....b430cd213c\")?(sOptions=\"by Vernon D. Buerg\",bDetected=1):Binary.compare(\"bc....1e2bc0508926....e8$$$$b430cd213c\")?(sVersion=\"6.00\",sOptions=\"1985 by Vernon D. Buerg\",bDetected=1):Binary.compare(\"bc....1e2bc0508926....b430cd21a2\")&&(sVersion=\"6.2a\",sOptions=\"1987 by Vernon D. Buerg\",bDetected=1),result()}meta(\"self-displayer\",\"List\")" }, { "path": "dbs_min/db/COM/self-displayer_MakeRead.1.sg", "content": "function detect(){return Binary.compare(\"e9$$$$c706........c606......c606......e8....bf....893e....bf....893e....b4..b0..0106....578bc78b3e....fcab\")&&(sVersion=\"1.8\",sOptions=\"1987\",bDetected=1),result()}meta(\"self-displayer\",\"MakeRead\")" }, { "path": "dbs_min/db/COM/self-displayer_ONLINE-HELP.1.sg", "content": "function detect(){return Binary.compare(\"e9$$$$8cc805....2ea3....be....ac3c..74..72..3c..72..3c..77..4e33c033dbba....8a1c80eb..80fb..77\")&&(sOptions=\"1990 by Clockwork Software\",bDetected=1),result()}meta(\"self-displayer\",\"ONLINE-HELP\")" }, { "path": "dbs_min/db/COM/self-displayer_PFL2COM.1.sg", "content": "function detect(){return Binary.compare(\"eb$$be....bf....53bb....8a1780fa..74..80fa..75..c706\")&&(sOptions=\"by C.P.White 1987-90\",bDetected=1),result()}meta(\"self-displayer\",\"PFL2COM\")" }, { "path": "dbs_min/db/COM/self-displayer_RELETTER.1.sg", "content": "function detect(){return Binary.compare(\"e9$$$$bc....bf....bb....8a0784c075..e9....438a073c..74..3c..74..89da438a073c..74\")&&(sVersion=\"1.0\",sOptions=\"1993 by Hans J. Baer\",bDetected=1),result()}meta(\"self-displayer\",\"RELETTER\")" }, { "path": "dbs_min/db/COM/self-displayer_SHOWV20.1.sg", "content": "function detect(){return Binary.compare(\"e9$$$$b8....2b06....a3....e8$$$$bf....cd1125....3d....74..bf....893e....c3\")&&(sName+=\"V20\",sOptions=\"1992-93 by Simple Software Co.\",bDetected=1),Binary.compare(\"e9$$$$b8....2b06....a3....e8$$$$50a0....a2....58c3\")&&(sOptions=\"1992-93 by Simple Software Co.\",bDetected=1),result()}meta(\"self-displayer\",\"SHOW\")" }, { "path": "dbs_min/db/COM/self-displayer_TXT2COM.1.sg", "content": "function detect(){return Binary.compare(\"e8$$$$c706........803e......75..8d36....e8....e8....e8....e8....e8....ffa7\")||Binary.compare(\"e9$$$$c706........803e......75..8d36....e8....e8....e8....e8....e8....ffa7\")?(sVersion=\"1.1\",sOptions=\"1987 by Keith P. Graham\",bDetected=1):Binary.compare(\"8d26....e8$$$$b4..cd103c..74..c706........c706........3c..74..3c..74..8d16....b409cd21cd20c706\")&&(sVersion=\"2.06\",sOptions=\"1989 by Keith P. Graham\",bDetected=1),result()}meta(\"self-displayer\",\"TXT2COM\")" }, { "path": "dbs_min/db/COM/self-displayer_TXTmaker.1.sg", "content": "function detect(){return Binary.compare(\"eb$$b4..33dbcd1080fc..74..b0..eb$$b44ccd21\")&&(sVersion=\"1.22\",sOptions=\"1991 by Jack A. Orman\",bDetected=1),result()}meta(\"self-displayer\",\"TXTmaker\")" }, { "path": "dbs_min/db/COM/self-displayer_Txt2Exe.1.sg", "content": "function detect(){return Binary.compare(\"bf....033e....b9....2b0e....d1e9b8....f3abb4..cd1030e4a3....b8....cd10b8....8a1e....cd10\")&&(sVersion=\"3.1b\",sOptions=\"2001 by BlackLight\",bDetected=1),result()}meta(\"self-displayer\",\"Txt2Exe\")" }, { "path": "dbs_min/db/COM/self-displayer_readme.com.1.sg", "content": "function detect(){return Binary.compare(\"bb....b8....cd21be....fcbf....f6c2..74..f6c2..74..bf....ac3c..74..b4\")&&(bDetected=1),result()}meta(\"self-displayer\",\"README.COM\")" }, { "path": "dbs_min/db/COM/sfx_LHA.1.sg", "content": "function detect(){return Binary.compare(\"eb$$fcbc....8cc805....8ec0eb$$bb....e8....061fb430cd218bd81e3c..72..368e06....33c08bf8b9....f2aeae\")?(sVersion=\"2.05L, 2.10-2.13, 2.55\",bDetected=1):Binary.compare(\"eb$$00fcbc....8cc805....8ec0eb$$bb....e8....061fb430cd218bd81e3c..72..368e06....33c08bf8b9....f2aeae\")&&(sVersion=\"2.13S\",bDetected=1),result()}meta(\"sfx\",\"LHA SFX\")" }, { "path": "dbs_min/db/COM/sfx_PKZip.1.sg", "content": "function detect(){return Binary.compare(\"b9....bf....2bcf32c0f3aab430cd21a3....8da5....8926....b8....e8\")&&(sVersion=\"2.04g\",bDetected=1),Binary.compare(\"b9....bf....2bcf32c0f3aa8da5....83e4..8926....b430cd21a3....8cd8\")&&(sVersion=\"2.50\",sOptions=\"1999 by PKWARE Inc.\",bDetected=1),result()}meta(\"sfx\",\"PKZip mini-sfx\")" }, { "path": "dbs_min/db/COM/simple_ansi_viewer.1.sg", "content": "function detect(){return Binary.compare(\"b8....bb....b9....0e1fba....cd21b8004ccd21\")&&(bDetected=1),result()}meta(\"self-displayer\",\"simple ANSI viewer\")" }, { "path": "dbs_min/db/COM/simple_self-displayer.1.sg", "content": "function detect(){return Binary.compare(\"b8....8ec0b4..b9....cd102bc92bffb8....51b9....f3ab59be....2bdb2bed2bd28bfdac\")&&(bDetected=1),result()}meta(\"self-displayer\",\"simple self-displayer\")" }, { "path": "dbs_min/db/COM/virus.1.sg", "content": "function detect(){return Binary.compare(\"e9$$$$fa8bece800005b81eb....2ef687......74..8db7....bc....31343124464c75\")?(sName=\"Cascade.1701\",bDetected=1):Binary.compare(\"e9$$$$89e5fae800005b81eb....2ef687......74..8db7....bc....31343124464c75\")&&(sName=\"Cascade.1704\",bDetected=1),result()}meta(\"virus\",\"\")" }, { "path": "dbs_min/db/CurIcoBPP", "content": "function getCurIcoBPP(r){var a=0\nreturn r=Binary.readDword(r+12),40==Binary.readDword(r)?a=Binary.readWord(r+14):Binary.compare(\"89'PNG\\r\\n'1A0A\",r)&&(a=32),a}" }, { "path": "dbs_min/db/DEX/_DEX.0.sg", "content": "function detect(){return DEX.isVerbose()&&(sName=DEX.getOperationSystemName(),sVersion=DEX.getOperationSystemVersion(),sOptions=DEX.getOperationSystemOptions(),bDetected=1),result()}meta(\"operation system\",\"Android\")" }, { "path": "dbs_min/db/DEX/_DEX2.0.sg", "content": "function detect(){return sName=DEX.getFileFormatName(),sVersion=DEX.getFileFormatVersion(),sOptions=DEX.getFileFormatOptions(),bDetected=1,result()}meta(\"format\",\"DEX\")" }, { "path": "dbs_min/db/DEX/_init", "content": "var File=DEX,X=DEX" }, { "path": "dbs_min/db/DEX/compiler_dexlib2.4.sg", "content": "function detect(){return 237496182==DEX.getMapItemsHash()&&(bDetected=1),result()}meta(\"compiler\",\"dexlib2\")" }, { "path": "dbs_min/db/DEX/library_UnicomSDK.4.sg", "content": "function detect(){return bDetected=DEX.isDexItemStringPresent(\"Lcom/unicom/dcLoader/Utils;\"),result()}meta(\"library\",\"UnicomSDK\")" }, { "path": "dbs_min/db/DEX/obfuscator_ProGuard.2.sg", "content": "function detect(){return bDetected=DEX.isDexItemStringPresent(\"Lcom/google/android/gms/common/ProGuardCanary;\"),result()}meta(\"obfuscator\",\"ProGuard\")" }, { "path": "dbs_min/db/DEX/protector_AESObfuscator.2.sg", "content": "function detect(){return bDetected=DEX.isDexStringPresent(\"AESObfuscator.java\"),sLang=\"Java\",result()}meta(\"protector\",\"AESObfuscator\")" }, { "path": "dbs_min/db/DEX/protector_APKProtect.2.sg", "content": "function detect(){return bDetected=DEX.isDexStringPresent(\"APKProtect\"),result()}meta(\"protector\",\"APKProtect\")" }, { "path": "dbs_min/db/DEX/protector_AlibabaProtection.2.sg", "content": "function detect(){return bDetected=DEX.isDexItemStringPresent(\"Lcom/ali/mobisecenhance/StubApplication;\"),result()}meta(\"protector\",\"AlibabaProtection\")" }, { "path": "dbs_min/db/DEX/protector_AllatoriObfuscator.2.sg", "content": "function detect(){return bDetected=DEX.isDexStringPresent(\"ALLATORIxDEMO\"),sVersion=bDetected?\"Demo\":\"\",result()}meta(\"protector\",\"Allatori\")" }, { "path": "dbs_min/db/DEX/protector_ApkEncryptor.2.sg", "content": "function detect(){return bDetected=DEX.isDexItemStringPresent(\"Lcn/beingyi/sub/utils/Native;\"),result()}meta(\"protector\",\"ApkEncryptor\")" }, { "path": "dbs_min/db/DEX/protector_AppSolid.2.sg", "content": "function detect(){return bDetected=DEX.isDexItemStringPresent(\"Lweb/apache/sax/app;\"),result()}meta(\"protector\",\"AppSolid\")" }, { "path": "dbs_min/db/DEX/protector_BaiduProtection.2.sg", "content": "function detect(){return bDetected=DEX.isDexItemStringPresent(\"Lcom/baidu/protect/StubApplication;\"),result()}meta(\"protector\",\"BaiduProtection\")" }, { "path": "dbs_min/db/DEX/protector_BangcleProtection.2.sg", "content": "function detect(){return bDetected=DEX.isDexStringPresent(\"apkFilePath\"),result()}meta(\"protector\",\"BangcleProtection\")" }, { "path": "dbs_min/db/DEX/protector_EasyProtector.2.sg", "content": "function detect(){return bDetected=DEX.isDexStringPresent(\"com.easyprotector.android\"),result()}meta(\"protector\",\"EasyProtector\")" }, { "path": "dbs_min/db/DEX/protector_Jiagu.2.sg", "content": "function detect(){return bDetected=DEX.isDexStringPresent(\"/.jiagu\"),result()}meta(\"protector\",\"Jiagu\")" }, { "path": "dbs_min/db/DEX/protector_Kiwi.2.sg", "content": "function detect(){return bDetected=DEX.isDexStringPresent(\"Kiwi__Version__Obfuscator\"),result()}meta(\"protector\",\"Allatori\")" }, { "path": "dbs_min/db/DEX/protector_LIAPP.2.sg", "content": "function detect(){return bDetected=DEX.isDexItemStringPresent(\"Lcom/lockincomp/liapp/LiappClassLoader;\"),result()}meta(\"protector\",\"LIAPP\")" }, { "path": "dbs_min/db/DEX/protector_MedusaH.2.sg", "content": "function detect(){return bDetected=DEX.isDexItemStringPresent(\"Lcom/seworks/medusah/MedusahDex;\"),result()}meta(\"protector\",\"Medusah\")" }, { "path": "dbs_min/db/DEX/protector_ModGuard.2.sg", "content": "function detect(){return DEX.isDexStringPresent(\"ModGuard - Protect Your Piracy v1.2 by ill420smoker\")?sVersion=\"v1.2\":DEX.isDexStringPresent(\"ModGuard - Protect Your Piracy v1.3 by ill420smoker\")&&(sVersion=\"v1.3\"),result()}meta(\"protector\",\"ModGuard\")" }, { "path": "dbs_min/db/DEX/protector_NQShield.2.sg", "content": "function detect(){return bDetected=DEX.isDexItemStringPresent(\"Lcom/nqshield/Common;\"),result()}meta(\"protector\",\"NQShield\")" }, { "path": "dbs_min/db/DEX/protector_NagaPTProtection.2.sg", "content": "function detect(){return bDetected=DEX.isDexStringPresent(\"LIBRARY_DDOG\")||DEX.isDexStringPresent(\"LIBRARY_FDOG\"),result()}meta(\"protector\",\"NagaPTProtection\")" }, { "path": "dbs_min/db/DEX/protector_PangXie.2.sg", "content": "function detect(){return bDetected=DEX.isDexStringPresent(\"PangXie\")||DEX.isDexStringPresent(\"nsecure\"),result()}meta(\"protector\",\"Jiagu\")" }, { "path": "dbs_min/db/DEX/protector_QDBH.2.sg", "content": "function detect(){return bDetected=DEX.isDexStringPresent(\"/qdbh\"),result()}meta(\"protector\",\"QDBH\")" }, { "path": "dbs_min/db/DEX/protector_SecNeo.2.sg", "content": "function detect(){return bDetected=DEX.isDexItemStringPresent(\"Lcom/secneo/apkwrapper/ApplicationWrapper;\"),result()}meta(\"protector\",\"SecNeo\")" }, { "path": "dbs_min/db/DEX/protector_TencentProtection.2.sg", "content": "function detect(){return bDetected=DEX.isDexItemStringPresent(\"Lcom/tencent/StubShell/TxAppEntry;\"),result()}meta(\"protector\",\"TencentProtection\")" }, { "path": "dbs_min/db/DEX/protector_VDog.2.sg", "content": "function detect(){return bDetected=DEX.isDexItemStringPresent(\"Lcom/vdog/Common;\"),result()}meta(\"protector\",\"Vdog\")" }, { "path": "dbs_min/db/DEX/protector_Yidun.2.sg", "content": "function detect(){return bDetected=DEX.isDexItemStringPresent(\"La/_;\"),result()}meta(\"protector\",\"Yidun\")" }, { "path": "dbs_min/db/DEX/tool_ApkToolPlus.6.sg", "content": "function detect(){return bDetected=DEX.isDexItemStringPresent(\"Lcom/linchaolong/apktoolplus/jiagu/utils/ApkToolPlus;\"),result()}meta(\"tool\",\"ApkToolPlus\")" }, { "path": "dbs_min/db/DOS16M/_DOS16M.0.sg", "content": "function detect(){return DOS16M.isVerbose()&&(sName=DOS16M.getOperationSystemName(),sVersion=DOS16M.getOperationSystemVersion(),sOptions=DOS16M.getOperationSystemOptions(),bDetected=1),result()}meta(\"operation system\",\"DOS16M\")" }, { "path": "dbs_min/db/DOS16M/_init", "content": "var File=DOS16M,X=DOS16M" }, { "path": "dbs_min/db/DOS16M/compiler_Watcom.2.sg", "content": "function detect(){return bDetected=1,result()}meta(\"compiler\",\"Watcom C\")" }, { "path": "dbs_min/db/DOS4G/_DOS4G.0.sg", "content": "function detect(){return DOS4G.isVerbose()&&(sName=DOS4G.getOperationSystemName(),sVersion=DOS4G.getOperationSystemVersion(),sOptions=DOS4G.getOperationSystemOptions(),bDetected=1),result()}meta(\"operation system\",\"DOS4G\")" }, { "path": "dbs_min/db/DOS4G/_init", "content": "var File=DOS4G,X=DOS4G" }, { "path": "dbs_min/db/DOS4G/compiler_Watcom.2.sg", "content": "function detect(){return bDetected=1,result()}meta(\"compiler\",\"Watcom C\")" }, { "path": "dbs_min/db/ELF/Borland_Kylix.4.sg", "content": "function detect(){return(ELF.isSectionNamePresent(\"borland.ressym\")||ELF.isSectionNamePresent(\"borland.reshash\")||ELF.isSectionNamePresent(\"borland.resdata\")||ELF.isSectionNamePresent(\"borland.resspare\"))&&(bDetected=1),sLang=\"Pascal/C/C++\",result()}meta(\"compiler\",\"Borland Kylix\")" }, { "path": "dbs_min/db/ELF/Free_Pascal.4.sg", "content": "function detect(){var e,t,i,c\nreturn ELF.compareEP(\"5989e38d44....83e4..8915........a3........890d........891d........e8........8925........31ede8........c3\")?(sVersion=\"2.6.0\",bDetected=1):ELF.compareEP(\"31ED5989E3\")||ELF.isSectionNamePresent(\".fpc.resources\")?bDetected=1:ELF.isSectionNamePresent(\".fpcdata\")?(bDetected=1,e=ELF.getSectionNumber(\".fpcdata\"),t=ELF.getSectionFileOffset(e),0<(i=ELF.getSectionFileSize(e))&&-1!=(c=ELF.findString(t,4,\"FPC \"))&&(sVersion=ELF.getString(c+4))):ELF.isSectionNamePresent(\".data\")&&(e=ELF.getSectionNumber(\".data\"),t=ELF.getSectionFileOffset(e),256<=(i=ELF.getSectionFileSize(e)))&&-1!=(c=ELF.findString(t+i-256,256,\"FPC \"))&&(sVersion=ELF.getString(c+4),bDetected=1),sLang=\"Pascal\",result()}meta(\"compiler\",\"Free Pascal\")" }, { "path": "dbs_min/db/ELF/HP_C++.4.sg", "content": "function detect(){return ELF.isSectionNamePresent(\".HP.init\")&&(bDetected=1),sLang=\"C++\",result()}meta(\"compiler\",\"HP C++\")" }, { "path": "dbs_min/db/ELF/IBM_AIX_kernel_loader.4.sg", "content": "function detect(){return 4<=ELF.getNumberOfPrograms()&&ELF.getProgramFileSize(1)<=256&&-1!=ELF.findString(ELF.getProgramFileOffset(1),Math.min(256,ELF.getProgramFileSize(1)),\"IBM,RPA-Client-Config\")&&(bDetected=1),-1!=ELF.findString(ELF.getProgramFileOffset(0),Math.min(256,ELF.getProgramFileSize(0)),\"PowerPC\")&&(sVersion=\"PowerPC\"),result()}meta(\"boot\",\"IBM AIX kernel loader\")" }, { "path": "dbs_min/db/ELF/Oracle_Solaris_Studio.4.sg", "content": "function getOSSVersion(){var e=ELF.getSectionNumber(\".comment\")\nif(-1!=e){var t=ELF.getSectionFileOffset(e),e=ELF.getSectionFileSize(e),n=ELF.findString(t,e,\"Sun WorkShop\")\nif(-1!=n)return ELF.getString(n+13,100)\nif(-1!=(n=ELF.findString(t,e,\"acomp: Sun C\")))return ELF.getString(n+13,100)\nif(-1!=ELF.findString(t,e,\"SUNWCC.h\"))return\"5.X\"}return\"\"}function detect(){var e\nreturn ELF.compareEP(\"bc1020..e003....1300....e022....a203a0..1300....e222....1300....e222....a52c20..a404a0..a40440122700....e804....80a520\")&&(ELF.isSectionNamePresent(\".SUNW_version\")&&(bDetected=1),e=getOSSVersion())&&(bDetected=1,sVersion=e),sLang=\"C/C++\",result()}meta(\"compiler\",\"Oracle Solaris Studio\")" }, { "path": "dbs_min/db/ELF/_ELF.0.sg", "content": "function detect(){return ELF.isVerbose()&&(sName=ELF.getOperationSystemName(),sVersion=ELF.getOperationSystemVersion(),sOptions=ELF.getOperationSystemOptions(),bDetected=1),result()}meta(\"operation system\",\"Unix\")" }, { "path": "dbs_min/db/ELF/_init", "content": "var File=ELF,X=ELF" }, { "path": "dbs_min/db/ELF/compiler_DMD.4.sg", "content": "function getVersion(){var e=ELF.getSectionNumber(\".comment\")\nif(-1!=e){e=ELF.findString(ELF.getSectionFileOffset(e),ELF.getSectionFileSize(e),\"DMD v\")\nif(-1!=e)return ELF.getString(e+5,20)}return \"\"}function detect(){var e=getVersion()\nreturn e&&(bDetected=1,sVersion=e),sLang=\"D\",result()}meta(\"compiler\",\"DMD\")" }, { "path": "dbs_min/db/ELF/compiler_FASM.4.sg", "content": "function detect(){if(0==ELF.getElfHeader_shstrndx()&&0==ELF.getElfHeader_shnum()&&ELF.getElfHeader_shentsize()){sVersion=\"1.X\",bDetected=1\nfor(var e=0;ei[n])return t\nif(r[n]>16&255)+\".\"+(e>>8&255)+\".\"+(255&e)}function detect(){return MACH.isLibraryPresent(\"QtCore\")&&(sVersion=getVersion(),bDetected=1),result()}meta(\"library\",\"QT\")" }, { "path": "dbs_min/db/MACH/library_WebKit.3.sg", "content": "function detect(){return MACH.isLibraryPresent(\"WebKit\")&&(bDetected=1),result()}meta(\"library\",\"WebKit\")" }, { "path": "dbs_min/db/MACH/library_java.3.sg", "content": "function detect(){return(MACH.isLibraryPresent(\"libjava.dylib\")||MACH.isLibraryPresent(\"libjvm.dylib\"))&&(bDetected=1),sLang=\"Java\",result()}meta(\"library\",\"Java Runtime\")" }, { "path": "dbs_min/db/MACH/packer_UPX.2.sg", "content": "function detect(){var e\nreturn 2==MACH.getNumberOfSections()&&-1!=(e=MACH.findString(0,MACH.getSize(),\"$Id: UPX\"))&&(sVersion=MACH.getString(e+9,4),bDetected=1),result()}meta(\"packer\",\"UPX\")" }, { "path": "dbs_min/db/MACH/packer_Virbox.2.sg", "content": "function detect(){return-1!=MACH.getSectionNumber(\"__vdata\")&&(sVersion=\"Virbox Protector\",bDetected=1),result()}meta(\"packer\",\"Virbox\")" }, { "path": "dbs_min/db/MACHOFAT/_MACHOFAT.0.sg", "content": "function detect(){return MACHOFAT.isVerbose()&&(sName=MACHOFAT.getOperationSystemName(),sVersion=MACHOFAT.getOperationSystemVersion(),sOptions=MACHOFAT.getOperationSystemOptions(),bDetected=1),result()}meta(\"operation system\",\"macOS\")" }, { "path": "dbs_min/db/MACHOFAT/_init", "content": "var File=MACHOFAT,X=MACHOFAT" }, { "path": "dbs_min/db/MACHOFAT/converter_lipo.2.sg", "content": "function detect(){return bDetected=1,result()}meta(\"converter\",\"lipo\")" }, { "path": "dbs_min/db/MFC", "content": "var aMFC\naMFC||!PE||(aMFC=PE.isLibraryPresentExp(/^MFC(\\d+?)(u?)(d?)\\.dll/i))||PE.section[\".data\"]&&PE.isSignatureInSectionPresent(PE.section[\".data\"].Number,\"'CMFCComObject'\")&&(aMFC=1)" }, { "path": "dbs_min/db/MSDOS/ACE.6.sg", "content": "function detect(){return detect_ACE(0),result()}includeScript(\"ACE\")" }, { "path": "dbs_min/db/MSDOS/Adys_COM2EXE.1.sg", "content": "function detect(){return MSDOS.compare(\"'Ady'27\",28)&&(bDetected=1),result()}meta(\"converter\",\"Ady`s COM2EXE\")" }, { "path": "dbs_min/db/MSDOS/Adys_Glue.2.sg", "content": "function detect(){return MSDOS.compareEP(\"2E........0E1FBF....33DB33C0AC\")?(sVersion=\"1.10\",bDetected=1):MSDOS.compareEP(\"2E8C06....0E0733C08ED8BE....BF....FCB9....56F3A51E075F\")&&(sVersion=\"0.10\",bDetected=1),result()}meta(\"protector\",\"Ady`s Glue\")" }, { "path": "dbs_min/db/MSDOS/Anti-hack_encryption_system.2.sg", "content": "function detect(){return MSDOS.compareEP(\"eb$$bd....33c08ec026c706........268c0e....8b46..26a3....268c0e....0e07\")&&(sOptions=\"by Rezaul Kabir //Shuvro\",bDetected=1),result()}meta(\"protector\",\"Anti-hack encryption system\")" }, { "path": "dbs_min/db/MSDOS/Aztec_C-86.4.sg", "content": "function detect(){return MSDOS.compareEP(\"bd....85ed75..8cdd2e8c1e....8b1e....2bdd81fb....76..8d9e....8cc02bd8b4..cd21bb....8ec5\")?(sVersion=\"3.40\",sOptions=\"1988\",bDetected=1):MSDOS.compareEP(\"bd....85ed75..b8....e9....2e8c1e....8ec5268c1e....bd....83c5..d1ddb1..d3ed81e5....8cc2\")?(sVersion=\"3.40b\",sOptions=\"1986\",bDetected=1):MSDOS.compareEP(\"bd....85ed75..8cdd8b1e....2bdd81fb....76..8d9e....8cc02bd8b4..cd21bb....8ec5268c1e....b1..d3e3\")||MSDOS.compareEP(\"bd....85ed75..b8....50e8....8ec5268c1e....bd....83c5..d1ddb1..d3ed81e5....8cc203ea268b1e....d3eb\")||MSDOS.compareEP(\"bd....85ed75..b8....509a........8ec5268c1e....bd....83c5..d1ddb1..d3ed81e5....8cc203ea268b1e....d3eb\")||MSDOS.compareEP(\"bd....85ed75..b0..e9....2e8c1e....8ec5268c1e....bd....83c5..d1ddb1..d3ed81e5....8cc203ea268b1e....d3eb\")?(sVersion=\"5.2a\",sOptions=\"1992\",bDetected=1):(MSDOS.compareEP(\"b8....8ed82e80........ba....75..e8....3d....75..e9$$$$8cc38edb2e891e....be....8a0c80f9..74..80f9..7e\")||MSDOS.compareEP(\"eb$$3d....74..eb$$2ec606......502e891e....2e890e....2e8916....8cd82ea3....8cc02ea3....2e8936\"))&&(sVersion=\"3.20X\",bDetected=1),result()}meta(\"compiler\",\"Aztec C-86\")" }, { "path": "dbs_min/db/MSDOS/BlackWolf_Protection.2.sg", "content": "function detect(){return MSDOS.compareEP(\"061e0e0e071fbe....b9....871481c2....53e8\")&&(sOptions=\"1996 by p.q.\",bDetected=1),result()}meta(\"protector\",\"BlackWolf Protection\")" }, { "path": "dbs_min/db/MSDOS/Black_fist.2.sg", "content": "function detect(){return MSDOS.compareEP(\"eb$$061ee8....1f072ea1....2e8b1e....8cd12e2b0e....fa8ed1fb5053cb\")&&(sOptions=\"1993\",bDetected=1),result()}meta(\"packer\",\"BlacK FiST\")" }, { "path": "dbs_min/db/MSDOS/Borland_C.4.sg", "content": "function detect(){var e,D=0\nreturn MSDOS.compareEP(\"FB\")&&(D=1),MSDOS.compareEP(\"BA....2E8916....B430CD218B2E02008B1E2C008EDA\",D)?(e=MSDOS.readWord(MSDOS.getEntryPointOffset(D+1)),D=MSDOS.addressToOffset(e),bDetected=1):MSDOS.compareEP(\"8CCA2E8916....B430CD218B2E02008B1E2C008EDAA3\")&&(e=MSDOS.readWord(MSDOS.getEntryPointOffset(22)),D=MSDOS.addressToOffset(0,e-120),bDetected=1),-1!=(D=MSDOS.findString(D,64,\" - Copyright \"))&&(sVersion=MSDOS.getString(D+13,4),MSDOS.compare(\"43\",D-1)?(sName=\"Turbo C\",\"(c) \"==sVersion&&(sVersion=MSDOS.getString(D+17,4))):MSDOS.compare(\"'Turbo'\",D-9)?sName=\"Turbo C/C++\":\"1991\"==sVersion?sVersion=\"3.1\":\"1994\"==sVersion&&(sVersion=\"4.X\"),bDetected=1),MSDOS.compareEP(\"b4..cd103c..74..b8....cd10ba....2e8916....8b2e....8b1e....8eda8c06....891e....892e....a1\")||MSDOS.compareEP(\"ba....2e8916....b430cd218b2e....8b1e....8edaa3....8c06....891e....892e....e8\")?(sVersion=\"1991\",bDetected=1):MSDOS.compareEP(\"ba....2e8916....b430cd218b2e....8b1e....8edaa3....8c06....891e....892e....c43e....8bc78bd8\")?(sVersion=\"1988\",bDetected=1):MSDOS.compareEP(\"BA....2E89......B4..CD218B......8B......8EDAA3....8C......89......89......C7..........E8....C4......8bc78bd8b9....26........75\")||MSDOS.compareEP(\"BA....2E89......B4..CD218B......8B......8EDAA3....8C......89......89......8cd22bea8b3e....81ff....73..bf....893e....b1\")?(sName=\"Turbo C\",sVersion=\"1988\",bDetected=1):MSDOS.compareEP(\"BA....2E89......B4..CD218B......8B......8EDAA3....8C......89......53E8....0733FF2BDB8BC3B9....FCF2AEE3..4326......75..80\")?(sName=\"Turbo C\",sVersion=\"1990\",bDetected=1):MSDOS.compareEP(\"FBBA....2E89......B430CD218B......8B......8EDAA3....8C......89......89......C706........E8....C4......8BC78BD8B9....2681\")||MSDOS.compareEP(\"FB8cca2E89......B430CD218B......8B......8EDAA3....8C......89......89......C706........E8....C4......8BC78BD8B9....2681\")||MSDOS.compareEP(\"BA....2E89......B430CD218B......8B......8EDAA3....8C......89......89......C706........8ec333c0b9....8bf88bd82681......75\")?(sName=\"Turbo C\",sVersion=\"1987\",bDetected=1):MSDOS.compareEP(\"8cca2E89......B430CD218B......8B......8EDAA3....8C......89......89......C706\")?(sName=\"Turbo C\",sVersion=\"1988\",bDetected=1):MSDOS.compareEP(\"8cca2E89......B430CD218B......8B......8EDAA3....8C......89......89......E8\")?(sName=\"Turbo C\",sVersion=\"1990\",bDetected=1):MSDOS.compareEP(\"8cd8bb....8edb8cd38bccfa8e16....bc....fbe8....fa8ed38be1fbea\")&&(sName=\"Turbo C\",sVersion=\"1988\",bDetected=1),sLang=-1!==sName.indexOf(\"C++\")?\"C\":\"C++\",result()}meta(\"compiler\",\"Borland C/C++\")" }, { "path": "dbs_min/db/MSDOS/Borland_Pascal.4.sg", "content": "function detect(){if(MSDOS.compareEP(\"9AFFFF00009AFFFF00005589E531C09AFFFF0000\")?(sVersion=\"7.0*\",bDetected=1):MSDOS.compareEP(\"B8....BB....8ED08BE38CD88EC00E1FA1....25....A3....E8....833E......75\")?(sVersion=\"7.0*\",sOptions=\"Protected Mode\",bDetected=1):MSDOS.compareEP(\"B8....8ED88C......8CD38CC02BD88BC405....C1....03D8B4..CD210E\")?(sVersion=\"7.0*\",bDetected=1):MSDOS.compareEP(\"9a########ba....8eda8c06....33ed8bc405....b1..d3e88cd203c2a3....a3\")?(sVersion=\"7.0\",bDetected=1):MSDOS.compareEP(\"9a########ba....8eda8c06....33ede8....e8....8bc405....b1..d3e88cd203c2a3....a3....0306....a3....a3....a3....a3....8e06....26a1....a3....c706\")?(sVersion=\"6.0\",bDetected=1):MSDOS.compareEP(\"9a########06ba....8eda268b3e....8ec25b8bef83ed..1eb8....8ed8b9....2bc8d1e1\")||MSDOS.compareEP(\"9a########ba....8eda8c06....8bc405....a3....8c16....05....b1..d3e88cd203c2a3....a3\")||MSDOS.compareEP(\"9a########ba....8edae8....8c06....33ed8bc405....b1..d3e88cd203c2c706\")||MSDOS.compareEP(\"9a########5589e50ee8$$$$5589e583ec..31c0\")?(sVersion=\"6.0-7.0\",bDetected=1):MSDOS.compareEP(\"9a########ba....8eda8c06....8bc405....b1..d3e88cd203c2a3....a3....26a1....2d....a3....c706\")?(sVersion=\"4.0-6.0\",sOptions=\"1987\",bDetected=1):MSDOS.compareEP(\"9a########54583bc475..9c585080cc..509d9c589d80e4..75..bb....e8....b8....cd21ba....8eda\")?(sVersion=\"6.0-7.0\",sOptions=\"1992 by Borland & Eagle Performance Software\",bDetected=1):(MSDOS.compareEP(\"9a........5589e5bf....0e57e8$$$$f9\")||MSDOS.compareEP(\"9a########b8....8ed88c06....cb\")||MSDOS.compareEP(\"9a########ba....8eda8c06....b430cd2186c43d....73..0e1f\")||MSDOS.compareEP(\"31ed9a########2e8e1e....b451cd21891e....803e......74..f706........74..e8\"))&&(sName=\"Turbo Pascal\",sVersion=\"6.0-7.0\",bDetected=1),MSDOS.compareEP(\"9a########f860f972..8bdc36c51f83c3..807f....74..807f\"))sName=\"Turbo Pascal\",sVersion=\"6.0-7.0\",bDetected=1\nelse if(MSDOS.compareEP(\"9A0000\")){var e=MSDOS.readWord(MSDOS.getEntryPointOffset(3)),e=MSDOS.addressToOffset(e)\nif(-1!=(e=MSDOS.findSignature(e,Math.min(1024,MSDOS.getSize()-e),\"'Portions Copyr ight (c) 1983,9'..' Borland'\"))){switch(MSDOS.getString(e+29,1)){case\"0\":sVersion=\"5.0\",sName=\"Turbo Pascal\"\nbreak\ncase\"1\":sVersion=\"6.0\",sName=\"Turbo Pascal\"\nbreak\ncase\"2\":sVersion=\"7.0\"}bDetected=1}}return sLang=\"Pascal\",result()}meta(\"compiler\",\"Borland Pascal\")" }, { "path": "dbs_min/db/MSDOS/Borland_RTM.0a.sg", "content": "function getBLVersion(){var e=\"\",r=MSDOS.findString(0,MSDOS.getSize(),\"RTM loader version\")\nreturn e=-1!=r?(e=MSDOS.getString(r+19)).substr(0,e.indexOf(\" \")):e}function detect(){var e\nreturn MSDOS.compareEP(\"b8....8ed8b8....bb....8ed08be38926....0626......8ec0263b......74..e9\")&&(sVersion=\"1.0-1.5\",bDetected=1),bDetected&&(e=getBLVersion())&&(sVersion=e),result()}meta(\"extender\",\"Borland RTM DPMI loader\")" }, { "path": "dbs_min/db/MSDOS/Borland_TDS.5.sg", "content": "function detect(){var e,t\nreturn MSDOS.compareOverlay(\"FB52\")&&(t=MSDOS.getOverlayOffset(),e=MSDOS.readByte(t+2),t=MSDOS.readByte(t+3),e=(10*(e>>4)+(15&e)).toString(),t=(10*(t>>4)+(15&t)).toString(),sVersion=t+\".\"+e,sOptions=\"TDS\",bDetected=1),result()}meta(\"debug\",\"Borland TLINK Symbol Table Present\")" }, { "path": "dbs_min/db/MSDOS/Borland_TLINK.5.sg", "content": "function detect(){var e=MSDOS.readWord(30)\nreturn 251==(255&e)&&(sVersion=((e>>8)/16).toFixed(1),bDetected=1),result()}meta(\"linker\",\"Borland TLINK\")" }, { "path": "dbs_min/db/MSDOS/CSCRYPT_Pro.2.sg", "content": "function detect(){return MSDOS.compareEP(\"8d36....565f81ef....b8....81ef....81c0....81f7....2e2935474781c6....e9\")&&(sVersion=\"3.30/386\",sOptions=\"1995-97 by Christian Schwarz\",bDetected=1),result()}meta(\"protector\",\"CSCRYPT Pro\")" }, { "path": "dbs_min/db/MSDOS/Concurrent_Small_C.4.sg", "content": "function detect(){return MSDOS.compareEP(\"b8....8ed826a1....2d....80fc..72..9090b8....b1..d3e0fa8cdb8ed38be050fbb8....2d....d3e08bd8fec7fec73b..72..9090\")&&(sVersion=\"1.0\",sOptions=\"1996 by Andy Yuen\",bDetected=1),sLang=\"C\",result()}meta(\"compiler\",\"Concurrent Small C\")" }, { "path": "dbs_min/db/MSDOS/CopyQM_SFX.1.sg", "content": "function detect(){return MSDOS.compareEP(\"e9$$$$b8....8ec0a1....26a3....268c1e\")&&MSDOS.compareOverlay(\"'TX'\")&&(sVersion=\"3.24\",sOptions=\"1996 by Sydex\",bDetected=1),result()}meta(\"sfx\",\"CopyQM SFX\")" }, { "path": "dbs_min/db/MSDOS/Crypt_(Dismember).2.sg", "content": "function detect(){return MSDOS.compareEP(\"1E8CDA83....8EDA8EC2BB....BA....85D274..B4..33FF33F6B9....AC32C4C0....02..2E........AAE2\")?(sVersion=\"1.3\",bDetected=1):MSDOS.compareEP(\"0E179C58F6....74..E9....1EB0..E6..8CDA83....8EDA8EC2BB....BA....85D274..B4..33FF33F6B9\")||MSDOS.compareEP(\"0E179C58F6....74..EB$$b0..e6..33c9e2..b430cd213c..73..33c00650cb\")?(sVersion=\"1.7\",bDetected=1):(MSDOS.compareEP(\"fa061e8cdd83c5..2e012e....2e012e....e8....e8....1f072e8e16....2e8b26....fb2eff2e\")||MSDOS.compareEP(\"e9$$$$bf....8bf7acad918ae157ac32c4f6d0d0c412e1aae2\"))&&(sVersion=\"2.0\",bDetected=1),result()}meta(\"cryptor\",\"Cryptor by Dismember\")" }, { "path": "dbs_min/db/MSDOS/Crypt_(LightShow).2.sg", "content": "function detect(){return MSDOS.compareEP(\"e9$$$$eb$$8cc8fa8ed0bc....fb8cc0bb....83e8..8ed833f64b8ccd8cc02ea3....33c08ec026a1....2ea3....26a1\")?(sVersion=\"1.21\",bDetected=1):MSDOS.compareEP(\"eb$$8cc883e8..8ed833f68ccb8cc02ea3....2bc08ec08bf8b9....26ff36....26ff36....26894d..26895d..b9\")?(sVersion=\"1.15\",bDetected=1):MSDOS.compareEP(\"e9$$$$eb$$8cc8fa8ed0bc....8cc0bb....83e8..8ed833f64b8ccd8cc02ea3....5333c08ec0268c0e....26c706........1f\")?(sVersion=\"1.20\",bDetected=1):MSDOS.compareEP(\"eb$$8cc8fa8ed0bc....fb8cc0bb....83e8..8ed833f64b8ccd8cc02ea3....33c08ec026a1....2ea3....26a1\")?bDetected=1:MSDOS.compareEP(\"eb$$2e8b36....2e8974..8ccb8cc02e8944..2bc08ec08ed88bf82e8b4c..81c1....6a..ff36....ff36....894d..895d\")&&(sVersion=\"1.11\",sOptions=\"1994\",bDetected=1),result()}meta(\"protector\",\"Crypt by LightShow //ECLIPSE\")" }, { "path": "dbs_min/db/MSDOS/DAEMON_Protect.2.sg", "content": "function detect(){return MSDOS.compareEP(\"60609C8CC932C9E30C520F014C24FE5A83C20C8B1A9D61\")&&(sVersion=\"0.6.7\",bDetected=1),result()}meta(\"protector\",\"DAEMON Protect\")" }, { "path": "dbs_min/db/MSDOS/DOS32_loader.0a.sg", "content": "function detect(){return MSDOS.compareEP(\"8cd88ccb2bd88bc4b1..d3e803d843b4..cd218e06....8cd80e1fa3....a3....a3....fc33c033ffeb\")&&(sVersion=\"3.3\",sOptions=\"1995 by Adam Seychell\",bDetected=1),result()}meta(\"loader\",\"DOS32 loader\")" }, { "path": "dbs_min/db/MSDOS/DOS_16M.0a.sg", "content": "function detect(){return MSDOS.compareEP(\"bf....8ed781c4....be....2bf73689......8bc6b1..d3e04836a3....be....468936....8cc32bdef7dbb44acd21368c......1607fcbf....b9....2bcf33c0\")?(sOptions=\"1991 by Rational Systems, Inc.\",bDetected=1):MSDOS.compareEP(\"bf....8ec78ed7bc....368c......ff36....268f......be....ac8ad8b7..88388b3e....4f8ec726a1....36f726....4836a3....8e06....33c08bc8f7d18bf8f2ae26\")?(sOptions=\"1994 by Tenberry Software Inc.\",bDetected=1):MSDOS.compareEP(\"bf....8ec78ed7bc....368c1e....ff36....368f06....be....ac8ad8b7..88388b3e....4f8ec726a1....36f726....4836a3....8e06....33c08bc8f7d18bf8f2ae26\")?(sOptions=\"1995 by Tenberry Software\",bDetected=1):MSDOS.compareEP(\"bf....8ec78ed7bc....368c1e....ff36....368f06....be....ac8ad8b7..883816078b3e....4f8ec726a1....36f726....4836a3....8e06....33c08bc8f7d18bf8f2ae26\")?(sOptions=\"1994 by Rational Systems, Inc.\",bDetected=1):MSDOS.compareEP(\"bf....8ec78ed7bc....368c1e....1607be....ac98508b3e....4f8ec726a1....c1e0..4836a3....8e06....33c08bc8f7d18bf8f2ae26\")?(sOptions=\"1993 by Rational Systems, Inc.\",bDetected=1):MSDOS.compareEP(\"bf....8ed781c4....be....2bf7368926....368926....8bc6b1..d3e04836a3....be....468936....8cc32bdef7dbb4..cd21\")?(sOptions=\"1989 by Rational Systems, Inc.\",bDetected=1):MSDOS.compareEP(\"BF....8ED781C4....BE....2BF78BC6B1..D3E04836A3....368926....BE....468936....8CC32BDEF7DBB4..CD21368C\")&&(sOptions=\"1987-1992 by Rational Systems, Inc.\",bDetected=1),result()}meta(\"extender\",\"DOS/16M DOS Extender\")" }, { "path": "dbs_min/db/MSDOS/DOS_32A.0a.sg", "content": "function detect(){return MSDOS.compareEP(\"fb0e1f8c1e....8c06....8c16....26a1....a3....fce8....e8....e8....8cd0268b36....05\")?(sVersion=\"R9-07.0101.2011\",sOptions=\"1996-98, 2002 by Narech Koumar (Supernar Systems, Ltd.)\",bDetected=1):MSDOS.compareEP(\"0e1f8cc08cd3a3....2bd88bc4d1e8d1e8\")?(sVersion=\"R8-07.0101.0076\",sOptions=\"1996-98, 2002 by Narech Koumar (Supernar Systems, Ltd.)\",bDetected=1):MSDOS.compareEP(\"0e1f8c1e....8c06....8c16....26a1....a3....fbfce8\")&&(sVersion=\"04-20-06\",sOptions=\"1996-2006 by Narech Koumar (Supernar Systems, Ltd.)\",bDetected=1),result()}meta(\"extender\",\"DOS/32A DOS Extender\")" }, { "path": "dbs_min/db/MSDOS/Digital_Research_C.4.sg", "content": "function detect(){return MSDOS.compareEP(\"eb$$0e17bc....a1....8cdb0e1f891e....a3....8cc80306....a3....b9....2bdb8bf3bf....8cc803050306\")&&(sVersion=\"1.1\",sOptions=\"1983\",bDetected=1),sLang=\"C\",result()}meta(\"compiler\",\"Digital Research C\")" }, { "path": "dbs_min/db/MSDOS/Disk_eXPress.1.sg", "content": "function detect(){return MSDOS.compareOverlay(\"be9b8710415302\")&&MSDOS.compareEP(\"fca3....891e....49890e....bb....8c1f83e4..8967..b8....50\")&&(sOptions=\"1991-93 by Albert J. Shan\",bDetected=1),result()}meta(\"sfx\",\"Disk eXPress\")" }, { "path": "dbs_min/db/MSDOS/EMMXXXX0_check.0a.sg", "content": "function detect(){return MSDOS.compareEP(\"b8....cd213c..73..0e1fba....b409cd210633c050cb8cd88ccbfabc....8ed3fbfc8ec3bf....be....b9....fc\")&&(bDetected=1),result()}meta(\"extender\",\"EMMXXXX0 check by Symantec\")" }, { "path": "dbs_min/db/MSDOS/EXETools_COM2EXE.1.sg", "content": "function detect(){return MSDOS.compareEP(\"e800005d83ed..8cda2e8996....83c2..8eda8ec22e0196....60bb....ba....85d274..b4..33ff33f6b9....ac\")&&(bDetected=1),result()}meta(\"converter\",\"EXETools COM2EXE\")" }, { "path": "dbs_min/db/MSDOS/EXE_Manager.2.sg", "content": "function detect(){return MSDOS.compareEP(\"b4301e06cd212ea3....bf....b9....33c02e....47e2..2e3b06....74..b8....cd1033c050cb\")?(sVersion=\"3.0\",sOptions=\"1994 by Solar Designer\",bDetected=1):MSDOS.compareEP(\"1e54583bc475..b43006cd212ea3....bf....8befb9....33c02e030547e2\")&&(sVersion=\"4.0\",sOptions=\"1996 by Solar Designer\",bDetected=1),result()}meta(\"protector\",\"EXE Manager\")" }, { "path": "dbs_min/db/MSDOS/EXE_Packer.2.sg", "content": "function detect(){return(MSDOS.compareEP(\"1E068CC383....2E........B9....8CC88ED88BF14E8BFE\")||MSDOS.compareEP(\"EB$$1E068CC383....0E1F011E....011E....BE....B9....FCAD3BC174\"))&&(sVersion=\"7.0\",bDetected=1),result()}meta(\"packer\",\"EXE Packer\")" }, { "path": "dbs_min/db/MSDOS/EXE_encryption.2.sg", "content": "function detect(){return MSDOS.compareEP(\"501e068cc88ed88ec0e8....5b81eb....2ae4be....03f3882446fec40ae475..8b87....ba....f7e28987\")&&(sOptions=\"1992 by E.Akulow\",bDetected=1),result()}meta(\"protector\",\"EXE encryption\")" }, { "path": "dbs_min/db/MSDOS/Eliashim's_CodeTrack.1.sg", "content": "function detect(){return MSDOS.compareEP(\"e9$$$$502e8c06....33c08ec02ef606......74..26ff36\")&&(bDetected=1),result()}meta(\"protector\",\"Eliashim's CodeTrack\")" }, { "path": "dbs_min/db/MSDOS/File_Shield.1.sg", "content": "function detect(){return MSDOS.compareEP(\"50b430cd213c..7d..e9....e8$$$$b8....bb....b9....ba....cd212ec706........81fb....75..2ec706........2e8916\")?(sVersion=\"1.2\",sOptions=\"by McAfee\",bDetected=1):MSDOS.compareEP(\"501eeb$$2ea1....2e8b1e....2e8b0e....ba....2e8916....e8$$$$535051cd12\")&&(sVersion=\"1.5\",sOptions=\"by McAfee\",bDetected=1),result()}meta(\"immunizer\",\"File Shield\")" }, { "path": "dbs_min/db/MSDOS/Fitted_Modula-2.4.sg", "content": "function detect(){return MSDOS.compareEP(\"9a########558bec2e8e1e....a1....d1c873..8be55dca0000\")&&(sVersion=\"2.0a\",sOptions=\"1988\",bDetected=1),result()}meta(\"compiler\",\"Fitted Modula-2\")" }, { "path": "dbs_min/db/MSDOS/GFX_to_EXE.1.sg", "content": "function detect(){return MSDOS.compareEP(\"eb$$2ea1....3c..74..be....bd....8ccabf....83e7..bb....c1eb..03d32e8b1e....2e8b0e....8eda3c..75..30253c\")&&(sVersion=\"2.0\",sOptions=\"by t-Rex\",bDetected=1),result()}meta(\"converter\",\"GFX to EXE\")" }, { "path": "dbs_min/db/MSDOS/GamBit_Pro_Library.1.sg", "content": "function detect(){return MSDOS.compareEP(\"ba....2e8916....b430cd218b2e....8b1e....8edaa3....8c06\")&&MSDOS.compareOverlay(\"'RS'000102\")&&(sOptions=\"1994 by Nikita Ltd.\",bDetected=1),result()}meta(\"installer\",\"GamBit Pro Library\")" }, { "path": "dbs_min/db/MSDOS/GameWizard_DOS_Extender.0a.sg", "content": "function detect(){return MSDOS.compareEP(\"b430cd2186c43d....73..ba....e8....ba....b1..d3ea8cc803d08edafa8ed2bc....fb2e8916....2e8c06....368c0e....2e8c16....e8\")&&(bDetected=1),result()}meta(\"extender\",\"GameWizard DOS Extender\")" }, { "path": "dbs_min/db/MSDOS/Graphic_WorkShop.1.sg", "content": "function detect(){return MSDOS.compareEP(\"e9$$$$2ec706........b8....a9....74..25....bb....2bd8432e011e....e8\")&&(sVersion=\"6.0-7.1\",sOptions=\"by Alchemy Mindworks Inc.\",bDetected=1),result()}meta(\"self-displayer\",\"Graphic WorkShop\")" }, { "path": "dbs_min/db/MSDOS/Guardian_Angel.2.sg", "content": "function detect(){return(MSDOS.compareEP(\"068cc88ed88ec0fc......8be8e4210c..eb\")||MSDOS.compareEP(\"068CC88ED88EC0FCBF....EB\")||MSDOS.compareEP(\"068CC88ED88EC0FCBB....EB\")||MSDOS.compareEP(\"068CC88ED88EC0FCBE....EB\"))&&(sVersion=\"1.0\",bDetected=1),result()}meta(\"protector\",\"Guardian Angel\")" }, { "path": "dbs_min/db/MSDOS/H+BEDV_SelfCheck.1.sg", "content": "function detect(){return MSDOS.compareEP(\"1e0e1ffcbe....33d233dbb9....ac3287....3084....0294....80d6..fec3e2..3b16....75..b8....cd213d....8bc374..b430cd21ba\")?(sVersion=\"1.74-2.41\",sOptions=\"1993-94 by H+BEDV Datentechnik GmbH\",bDetected=1):MSDOS.compareEP(\"1e0e1fb8....cd213d....8bc374..b430cd21ba....3c..b8....72..fcbe....33d233dbb9....ac3287....3084....0294....80d6..fec3e2\")&&(sVersion=\"1.10\",sOptions=\"1993 by H+BEDV Datentechnik GmbH\",bDetected=1),result()}meta(\"immunizer\",\"H+BEDV SelfCheck\")" }, { "path": "dbs_min/db/MSDOS/Header_Changer.2.sg", "content": "function detect(){return MSDOS.compareEP(\"8cdb81c3....53bb....53501e068cdb81c3....53bb\")&&(sOptions=\"by Shay Lev Ary\",bDetected=1),result()}meta(\"other\",\"Header Changer\")" }, { "path": "dbs_min/db/MSDOS/Hi-Tech_C.4.sg", "content": "function detect(){return MSDOS.compareEP(\"fcba....b1..d3ea8cc803c28ed88ed0268b1e....4b2bd8b8....f7c3....75..d3e38bc38be0be....b9....2bce32c0\")&&(sVersion=\"3.06\",sOptions=\"1984-87 by HI-TECH Software\",bDetected=1),sLang=\"C\",result()}meta(\"compiler\",\"Hi-Tech C\")" }, { "path": "dbs_min/db/MSDOS/HyperLOCK_386.2.sg", "content": "function detect(){return MSDOS.compareEP(\"e9$$$$fabf....b0..b9....2e8a2581ff....72..2e3005472ac4\")&&(sVersion=\"1.00\",sOptions=\"1993 by Jayeson Lee-Steere\",bDetected=1),result()}meta(\"protector\",\"HyperLOCK 386\")" }, { "path": "dbs_min/db/MSDOS/IBM_PC_Pascal.4.sg", "content": "function detect(){return MSDOS.compareEP(\"b8....8ed88c06....fa8ed0268b1e....2bd881fb....7e..bb....d1e3\")?(sVersion=\"2.00\",sOptions=\"1984\",bDetected=1):MSDOS.compareEP(\"b8....8ed88bd08c06....268b1e....891e....2bd8f7c3....75..b1..d3e3\")?(sVersion=\"2.05\",sOptions=\"1987\",bDetected=1):MSDOS.compareEP(\"ba....b4..b0..8cc98ed9cd21\")?(sVersion=\"2.00\",sOptions=\"1984\",bDetected=1):MSDOS.compareEP(\"b8....8ed88c06....ba....d1eab9....2bcad1ea\")?(sVersion=\"1.00\",sOptions=\"1981\",bDetected=1):MSDOS.compareEP(\"2e8e1e....8cd08cdb2bc3d1e0\")&&(sVersion=\"2.02\",sOptions=\"1987\",bDetected=1),sLang=\"Pascal\",result()}meta(\"compiler\",\"IBM PC Pascal\")" }, { "path": "dbs_min/db/MSDOS/John_Socha_Library.3.sg", "content": "function detect(){return MSDOS.compareEP(\"bb....8edb2e891e....8d06....25....fa8ed38be0fb26a1....a3....b430cd21a2....8826....3c..73..8d16....b409cd2133c05006cb\")&&(sVersion=\"1986 Peter Norton Computing, Inc.\",bDetected=1),result()}meta(\"library\",\"John Socha Library\")" }, { "path": "dbs_min/db/MSDOS/Khrome_Crypt.2.sg", "content": "function detect(){return MSDOS.compareEP(\"B9....B8....EB..80....EB..EB..EB..66..........66\")&&(sVersion=\"0.3\",bDetected=1),result()}meta(\"protector\",\"Khrome Crypt\")" }, { "path": "dbs_min/db/MSDOS/LSI_C.4.sg", "content": "function detect(){return(MSDOS.compareEP(\"b8....8ed0bc....368c......b430cd2136......8a......32ff438e......161f33ffb9....32c0fceb\")||MSDOS.compareEP(\"b8....8ec00617bc....268c......b430cd2126a3....fcbe....8a0e....32edbf....f3a426......47\"))&&(bDetected=1),result()}meta(\"compiler\",\"LSI C-86\")" }, { "path": "dbs_min/db/MSDOS/L_O_V_E__FORTH.4.sg", "content": "function detect(){return MSDOS.compareEP(\"e9$$$$fc2e8c1e....8cc88ec08ed8bb....e8....bb....e8....bb....e8....bb....e8....8bec2b2e\")?(sVersion=\"1.29\",sOptions=\"1988-92 by Homer Seywerd, Wolodymyr R. Elehew and Peter Cav\",bDetected=1):MSDOS.compareEP(\"fcbb....e8$$$$8b8f....09c974..8cd88cda0387....0397....1e068ed88ec28bf98bf14f4efdf3a4\")&&(sVersion=\"1.20\",sOptions=\"1988-92 by Homer Seywerd, Wolodymyr R. Elehew and Peter Cav\",bDetected=1),result()}meta(\"compiler\",\"L.O.V.E. FORTH\")" }, { "path": "dbs_min/db/MSDOS/Lahey_Fortran.4.sg", "content": "function detect(){return MSDOS.compareEP(\"EA########dbe3fcb8....8ed88c06....54583bc474..c606......d92e....eb\")&&(sOptions=\"1984-91 by Lahey Computer Systems Inc.\",bDetected=1),sLang=\"Fortran\",result()}meta(\"compiler\",\"Lahey Fortran\")" }, { "path": "dbs_min/db/MSDOS/Lattice_C.4.sg", "content": "function detect(){return MSDOS.compareEP(\"fab8....8ed8b8....8ed0bc....90fb\")||MSDOS.compareEP(\"fab8....8ed8b8....8ed02e8b26....fbb8....a3....8c06....26a1....a3....be\")?(sVersion=\"3.0\",bDetected=1):MSDOS.compareEP(\"fab8....8ed8b8....8ed0b8....8be02e8c06....fbbb....b4..cd2173..e9\")||MSDOS.compareEP(\"fab8....8ed8b8....8ed0bc....fb8cd88cc92bc1b1..d3c0a3....8126........25....a3....33c0\")?(sVersion=\"3.00\",bDetected=1):MSDOS.compareEP(\"fab8....8ed8b8....8ed0bc....fbb8....a3....8c06....26a1....a3\")||MSDOS.compareEP(\"fab8....8ed8b8....8ed0b8....8be0fbbb....b4..cd21ba....72\")?(sVersion=\"2.00\",bDetected=1):MSDOS.compareEP(\"fab8....8ed8b8....8ed0bc....fbb430cd210ac075..b8....a3....8c06\")||MSDOS.compareEP(\"fa8cc78cd68bccba....8ec2268e16....bc....fb8ec75651501e06\")?(sVersion=\"2.1\",bDetected=1):MSDOS.compareEP(\"fcb8....8ed88926....8306......06fa8ed081c4....fbc706........c606......33c0a2....a2....b8....2d....a3....03c4\")?(sVersion=\"6.0\",bDetected=1):MSDOS.compareEP(\"fcb8....8ed88926....8306......fa8ed081c4....fbc706........b8....a3....a3....bb....2bd8\")?(sVersion=\"6.0\",MSDOS.compareEP(\"891e....03dc\",43)&&(sOptions=\"overlay\"),bDetected=1):MSDOS.compareEP(\"8cc88ed8ba....b409cd21b8....8ed8ba....b409cd21bb....8b178b4f..8ed9b409cd21b8....cd21cb\")?(sVersion=\"3.30\",sOptions=\"driver\",bDetected=1):MSDOS.compareEP(\"fa8cdeb9....8ed98926....8c16....8936....8bec8b46..a3....8b46..a3....fbfca1....0bc075..40a3....8cd8\")||MSDOS.compareEP(\"8bec8b5e..8b46..2ea3....2e891e....c746......8b46..8b5e..8cc78cd68bccba....8ec2268e16....bc....8bd0\")?(sVersion=\"3.00\",sOptions=\"overlay\",bDetected=1):MSDOS.compareEP(\"b8....8ed88ed0268b1e....2bd8f7c3....75..b1..d3e3eb..bb....8be3891e....b8....a3....0633c0508bec\")?(sVersion=\"1.00\",bDetected=1):MSDOS.compareEP(\"fab8....8ed88ed08c06....268b1e....2bd8f7c3....75..b1..d3e3eb..bb....8be3fb891e....b8....a3....0633c0508bec\")?(sVersion=\"1.02\",bDetected=1):MSDOS.compareEP(\"fc508cc00bc05874..b8....8ed88cc0a3....2906....8b1e....b4..cd2126a1....a3....8cc0a3....c706........268a1e\")||MSDOS.compareEP(\"eb$$fafcb8....8ed88cc0a3....2906....a3....c706........8b1e....b4..cd2126a1....a3....268a1e....26c606\")?(sVersion=\"3.30\",bDetected=1):MSDOS.compareEP(\"e8$$$$fc268b36....bf....2e8c06....8ec732c0b430cd21fc8cd93c..73..b0..26a2....33ed33db8edb8b07d1e8\")||MSDOS.compareEP(\"e8$$$$8cc78cd68bcc83c1..2e8c06....ba....8ec2268e16....bc....5651501e57b8....8ed833ff26f685......75\")?(sVersion=\"2.00\",bDetected=1):MSDOS.compareEP(\"fabe....8b14b8....8ed8b8....8ed0bc....8916....fbb430cd210ac075..b8....a3....8c06....803e......7c\")?(sVersion=\"2.1\",bDetected=1):MSDOS.compareEP(\"fafcb8....8ed88f06....8f06....8becc446..a3....8c06....8b46..2b46..a3....8b46..a3....8e46..8b5e..b8....8ed0\")?(sVersion=\"2.1\",sOptions=\"overlay\",bDetected=1):(MSDOS.compareEP(\"fab8....8ed8b8....8ed0b8....8be0fbbb....b44acd21ba....73..e9\")||MSDOS.compareEP(\"fab8....8ed8b8....8ed0bc....fb8c06....268e06....8c06....c706........b8....a3\"))&&(sVersion=\"2.1-3.0\",bDetected=1),sLang=\"C\",result()}meta(\"compiler\",\"Lattice C\")" }, { "path": "dbs_min/db/MSDOS/Logitech_Modula-2.4.sg", "content": "function detect(){return MSDOS.compareEP(\"8cdb83c3..8cc88ec0bf....33c0268a05473c..74..3c..74..03f08b0c03cb890ceb..26c5358cd903cb8ed983c7..eb..b8....03c350b8....5033c0\")&&(sVersion=\"3.00\",sOptions=\"Aug 1987\",bDetected=1),result()}meta(\"compiler\",\"Logitech Modula-2\")" }, { "path": "dbs_min/db/MSDOS/Meridian_Ada.4.sg", "content": "function detect(){return MSDOS.compareEP(\"b8....8ed89a........558bec5583ec..168d46..509a........894e..895e..83fb..75..83f9..75\")?(MSDOS.compareEP(\"9a\",43)?sVersion=\"1993\":MSDOS.compareEP(\"33c050ba....521ebe....569a\",43)&&(sVersion=\"1991\"),bDetected=1):(MSDOS.compareEP(\"b8....8ed89a########04..2bc0f3508a46..83e0\")||MSDOS.compareEP(\"b8....8ed89a########515006b8....8ec0b9....b8....8bf8fcf3ab075859cb\")||MSDOS.compareEP(\"b8....8ed89a########e8$$$$c8......57561eb8....8ed868....9a\")||MSDOS.compareEP(\"b8....8ed89a########8c06....8c16....8926....a1....a3....8b16....8916....8c06....9a\"))&&(sVersion=\"1988\",bDetected=1),result()}meta(\"compiler\",\"Meridian Adavantage ADA\")" }, { "path": "dbs_min/db/MSDOS/Meridian_Pascal.4.sg", "content": "function detect(){return MSDOS.compareEP(\"b8....501f9a########8926....8926....8c16....8c16....8c06....8c06....9a........c706\")&&(sOptions=\"1985-1988 by Meridian Software Systems, Inc.\",bDetected=1),MSDOS.compareEP(\"b8....8ed89a########8c06....8c16....8926....a1....a3....a1....a3....a1....a3\")?(sOptions=\"1985-1988 by Meridian Software Systems, Inc.\",bDetected=1):MSDOS.compareEP(\"b8....8ed89a########558bec5583ec..8c06....8c16....8926....cd..8946..f646\")&&(sOptions=\"1985 by Meridian Software Systems, Inc.\",bDetected=1),sLang=\"Pascal\",result()}meta(\"compiler\",\"Meridian Pascal\")" }, { "path": "dbs_min/db/MSDOS/MetaWare_High_C.4.sg", "content": "function detect(){return MSDOS.compareEP(\"b8....50b8....50cbeb$$bd....2e8e1e....26a1....a3....8cd805....268b1e....3bc376..2bd8b1..d3e3eb..26a3....938cc02bd8b44acd212bdb8cd8fa8ed08be3fbc706........c706\")?(sVersion=\"1983-1986\",bDetected=1):MSDOS.compareEP(\"eb$$33ed2e8e1e....26a1....a3....26a1....2d....bb....fa8ed08be3fbc706........c706........bb....3bc373..2bd8b1..d3e3011e....011e....2e8e1e....9c0654582bc4d1f8\")?(sVersion=\"1983-1988\",bDetected=1):MSDOS.compareEP(\"eb$$fa6633e42e8e16....bc....6633f66633ff6633c92e8e1e....be....2e8e06....bf....b9....e8\")?(sVersion=\"1983-1990\",bDetected=1):MSDOS.compareEP(\"eb$$bd....2e8e1e....26a1....a3....26a1....2d....bb....fa8ed08be3fbc706........c706........bb\")||MSDOS.compareEP(\"eb$$bd....2e8e1e....26a1....a3....268b......b1..4b891e....b8....05....3bc376..8bc3ba....2bc2d3e0\")?(sVersion=\"1983-1986\",bDetected=1):MSDOS.compareEP(\"eb$$bd....2e8e1e....268b1e....b1..4b891e....b8....05....3bc376..8bc350a3....a3....2bd8b1..d3c38cc12bc1\")&&(sVersion=\"1983-1985\",bDetected=1),sLang=\"C\",result()}meta(\"compiler\",\"MetaWare High C\")" }, { "path": "dbs_min/db/MSDOS/MetaWare_Professional_Pascal.4.sg", "content": "function detect(){return MSDOS.compareEP(\"b8000050b8....50cbeb..e8....2bc050e8....c3....bd....2e8e\")||MSDOS.compareEP(\"eb$$bd....2e8e1e....26a1....a3....26a1....2d....bb....fa8ed08be3fb\")||MSDOS.compareEP(\"eb$$bd....2e8e1e....26a1....2d....bb....fa8ed08be3fb\")?(sVersion=\"1983-1986\",bDetected=1):MSDOS.compareEP(\"eb$$33ed2e8e1e....26a1....a3....8cd805....268b1e....3bc376..2bd8b1..d3e3eb\")&&(sVersion=\"1983-1988\",bDetected=1),sLang=\"Pascal\",result()}meta(\"compiler\",\"MetaWare Professional Pascal\")" }, { "path": "dbs_min/db/MSDOS/Micro_Focus_Cobol.4.sg", "content": "function detect(){return MSDOS.compareEP(\"e9$$$$e9$$$$e8....8edac606......b8....0306....8ed28be08c0e....4a8bc28706....2bd0e8\")&&(sVersion=\"1981, 1985 by Micro Focus Ltd\",bDetected=1),MSDOS.compareEP(\"e8....51e8$$$$8bf0e8$$$$061e5657558bece8....72..a1....8be55d5f5e1f07c3\")&&(sVersion=\"4.5\",bDetected=1),sLang=\"Cobol\",result()}meta(\"compiler\",\"Micro Focus Cobol\")" }, { "path": "dbs_min/db/MSDOS/Micro_Focus_DOS_extender.0a.sg", "content": "function detect(){return MSDOS.compareEP(\"eb$$b8....8ed854583bc475..0f01e0a8..74..e8....75..2e800e......eb..c8......0f014e..80\")&&(sVersion=\"1993 by Micro Focus Ltd\",bDetected=1),result()}meta(\"extender\",\"Micro Focus DOS Extender\")" }, { "path": "dbs_min/db/MSDOS/Microsoft_Basic.4.sg", "content": "function detect(){return MSDOS.compareEP(\"eb$$0e1fb8....e8....8eda938a170ad274..b4..cd2143eb..b8....cd21\")?(sVersion=\"7.10\",bDetected=1):(MSDOS.compareEP(\"9a########591fa1....1e510e1ffc3d....74..e9....b430cd213c..73..e9$$$$ba....0e1fb409cd21b8....cd21\")||MSDOS.compareEP(\"e9$$$$8cc88ed8e8....8a170ad274..b4..cd2143eb..b2..b4..cd21\"))&&(sVersion=\"5.60\",sOptions=\"1986\",bDetected=1),sLang=\"Basic\",result()}meta(\"compiler\",\"Microsoft Basic\")" }, { "path": "dbs_min/db/MSDOS/Microsoft_C.4.sg", "content": "function detect(){return MSDOS.compareEP(\"b430cd213c..73..33c00650cbbf....8b36....2bf781fe....72..be....fa8ed781c4....fb73..161f\")?(sName+=\" Quick C\",sVersion=\"2.5X\",sOptions=\"1990\",bDetected=1):MSDOS.compareEP(\"fc8cc02ea3....8ed8a1....2ea3....2ea3....be....ac32e403f0c6....b8....8ec02680........75\")?(sName+=\" Quick C\",sVersion=\"2.51a\",sOptions=\"1990\",bDetected=1):MSDOS.compareEP(\"b430cd213c..73..b8....50e8....92b409cd21cd20bf\")||MSDOS.compareEP(\"b430cd213c..73..b8....50900ee8....92b409cd21cd20bf\")||MSDOS.compareEP(\"b430cd213c..73..b8....509a........92b409cd21cd20bf....8b36....2bf781fe....72..be....fa8ed781c4....fb73..33c050\")?(sName+=\" C/C++\",sVersion=\"1986\",bDetected=1):MSDOS.compareEP(\"b430cd213c..73..cd20bf....8b36....2bf776..8bc405....d1d8b1..d3e83bf072..8bf0fa8ed781c4....fb73\")?(sName+=\" Quick C\",sVersion=\"1987-89\",bDetected=1):MSDOS.compareEP(\"bf....8b36....2bf781fe....72..be....fa8ed781c4....fb73..e9....81e4....3689......3689......8bc6b1\")?(sName+=\" C/C++\",sVersion=\"1985\",bDetected=1):MSDOS.compareEP(\"fab8....8ed88ed0268b1e....2bd8f7c3....75..b1..d3e3eb..bb....8be3fb891e....b8....a3....0633c0508bec\")?(sName+=\" C/C++\",sVersion=\"1.04\",bDetected=1):MSDOS.compareEP(\"b430cd213c..73..cd20bf....8b36....2bf781fe....72..be....fa8ed781c4....fb73\")&&(sName+=\" Quick C\",MSDOS.compareEP(\"81\",54)?(sVersion=\"1.0\",sOptions=\"1987\"):MSDOS.compareEP(\"83\",54)?(sVersion=\"2.00\",sOptions=\"1989\"):MSDOS.compareEP(\"8b\",54)&&(sVersion=\"2.X\",sOptions=\"1989\"),bDetected=1),result()}meta(\"compiler\",\"Microsoft\")" }, { "path": "dbs_min/db/MSDOS/Microsoft_C_Library.3.sg", "content": "function detect(){return MSDOS.compareEP(\"fa8cc78cd68bccba....8ec2268e16....bc....fb8ec75651501e062e8c06....b8....8ed8e8....b8....8ec08cc8262b06....26a3....803e\")?(sVersion=\"1986\",bDetected=1):MSDOS.compareEP(\"bf....8b36....2bf781fe....72..be....fa8ed781c4....fb73..161f0ee8....33c0500ee8....b8....cd21\")?(sVersion=\"1985\",bDetected=1):MSDOS.compareEP(\"061e33c08ed88b1e....a1....8ec0268b47..3d....75..ba....1f07e9....1f07be....ac0ac074..e8....72\")&&(sName+=\" (possibly)\",sVersion=\"1986\",bDetected=1),result()}meta(\"library\",\"Microsoft C Library\")" }, { "path": "dbs_min/db/MSDOS/Microsoft_Fortran.4.sg", "content": "function detect(){return MSDOS.compareEP(\"b430cd213c..73..9a########558becb8....501eb8....50b8....509a\")&&(sVersion=\"1987\",bDetected=1),sLang=\"Fortran\",result()}meta(\"compiler\",\"Microsoft Fortran\")" }, { "path": "dbs_min/db/MSDOS/Microsoft_Quick_Basic.4.sg", "content": "function detect(){return MSDOS.compareEP(\"1e071e2e8e1e....b430cd2150812e........8b36....ad91ade3..3d....72..3d....73..ba....eb..0bc075..c706........c706........33c99a\")?bDetected=1:MSDOS.compareEP(\"e9$$$$8cda83c2..8edaa1....0e1ffc3d....74..e9....b430cd213c..73..e9$$$$ba....0e1fb409cd21b8....cd21\")?(sVersion=\"2.0\",bDetected=1):MSDOS.compareEP(\"9a########591fa1....1e510e1ffc\")?(sVersion=\"3.0\",bDetected=1):MSDOS.compareEP(\"eb$$0e1fb8....509a........8eda938a170ad274..b4..cd2143eb\")?(sVersion=\"4.5\",bDetected=1):MSDOS.compareEP(\"9a########591fa0....1e51063c..74\")?(sVersion=\"1.0\",bDetected=1):MSDOS.compareEP(\"bf....a1....2ea3....2bc73d....72..b8....fa8ed781c4....fb969f2e8826....9683e4\")?(sVersion=\"4.0\",bDetected=1):MSDOS.compareEP(\"9a########06ba....8eda268b3e....8ec257b9....be....bf....0e1ffcf3a4b1\")?(sVersion=\"1.0\",bDetected=1):MSDOS.compareEP(\"b8....8ed88c06....fa8ed0bc....fbb430cd21a3....3c..75..06b4..cd218c06....b9\")&&(sVersion=\"4.X\",bDetected=1),sLang=\"Basic\",result()}meta(\"compiler\",\"Microsoft Quick Basic\")" }, { "path": "dbs_min/db/MSDOS/Microsoft_Quick_Pascal.4.sg", "content": "function detect(){return MSDOS.compareEP(\"b0..9a########50b430cd213c..73..cd20b8....8ed88c06....c706........8c0e....58545b3bdc74..0ac074..be....e8....32c0e9\")&&(sVersion=\"1.0-1.08\",sOptions=\"1989\",bDetected=1),sLang=\"Pascal\",result()}meta(\"compiler\",\"Microsoft QuickPascal\")" }, { "path": "dbs_min/db/MSDOS/Microsoft_RTL.3.sg", "content": "function detect(){return MSDOS.compareEP(\"b430cd213c..73..cd208cc18cd32bd981c3....b4..cd2172..8cd6bf....2bf7b1..d3e6fa8ed703e6fb\")?bDetected=1:MSDOS.compareEP(\"1e068cc88ed88cc0a3....83c0..a3....b430cd213c..73..b8....8ed8b8....ea........e8....e8....e8....8e\")?(sVersion=\"1992\",bDetected=1):MSDOS.compareEP(\"b430cd213c..73..cd20bf....b8....03c405....b1..d3e88bf0fa8ed781c4....fb73..161f9a........33c0509a\")?(sVersion=\"1987\",bDetected=1):MSDOS.compareEP(\"2e8c06....2e8c1e....bb....8edb1ee8....1f8b1e....0bdb74..8cd18bd4fa8ed3bc....fb5351521ee8....1f5a\")||MSDOS.compareEP(\"2e8c1e....bb....8edb1ee8....1f8b1e....0bdb74..8cd18bd4fa8ed3bc....fb5351521ee8....1f5a\")||MSDOS.compareEP(\"1eb8....8ed8b430cd213c..73..ba....e8....0633c050cb\")||MSDOS.compareEP(\"1e069a########502e8c06....2ea1....2e0b06....75..26a1....2ea3....26a1....2ea3....58cb\")?(sVersion=\"1990\",bDetected=1):MSDOS.compareEP(\"b8....cd212e8816....b2..b8....cd21b4..cd218edbb8....83e8..8ec033f633ffb9....fcf3a5bb\")||MSDOS.compareEP(\"b4..cd218edbb8....83e8..8ec033f633ffb9....fcf3a5bb\")?(sVersion=\"1992\",bDetected=1):MSDOS.compareEP(\"8cd03d....75..8cd83d....75..8ccab8....e8....e9....8cdb8ccab8....e8....eb..908cd83d\")?(sVersion=\"1990\",bDetected=1):MSDOS.compareEP(\"b430cd213c..73..cd20bf....8b36....2bf781fe....72..be....fa8ed781c4....fb73..161f\")?(sVersion=\"1988\",bDetected=1):(MSDOS.compareEP(\"b4..cd213c..73..33c00650cb86e03d....b0..72..bf....8b36....2bf781fe....72..be\")||MSDOS.compareEP(\"bf....8edffa8ed781c4....fb33dbb8....cd210bdb74..881e....883e....8816....8836....b8\"))&&(sVersion=\"1992\",bDetected=1),result()}meta(\"library\",\"Microsoft RTL\")" }, { "path": "dbs_min/db/MSDOS/Microsoft_RTL_(Clipper).3.sg", "content": "function detect(){return MSDOS.compareEP(\"e8$$$$1e06fc8cc88ed88c06....b430cd2186e0a3....e8....891e....890e....b8....bb....e8....071fc3\")&&(sVersion=\"1988\",bDetected=1),result()}meta(\"library\",\"Microsoft RTL (CLIPPER 5.01)\")" }, { "path": "dbs_min/db/MSDOS/MultiLoop_Protection.2.sg", "content": "function detect(){return MSDOS.compareEP(\"1e06b8....8ec0b0..b9....be....2e300404..46e2\")&&(sOptions=\"1992 by J&A\",bDetected=1),result()}meta(\"protector\",\"MultiLoop Protection\")" }, { "path": "dbs_min/db/MSDOS/Netware_loader.1.sg", "content": "function detect(){return MSDOS.compareEP(\"e9$$$$b8....cd213c..72..a1....3d....75..a1....3d....75..e9$$$$1e8cc88ed833c08ec0268b1e....891e\")&&(bDetected=1),result()}meta(\"loader\",\"Netware loader\")" }, { "path": "dbs_min/db/MSDOS/PDC_Prolog.4.sg", "content": "function detect(){return MSDOS.compareEP(\"b8....8ed88cc6bb....8ec3bb....268b178ec6b9....8bdad3eb8cd003d88cc02bd843b44acd2173..b0..b44ccd21\")&&(sOptions=\"1992 by Prolog Development Center\",bDetected=1),sLang=\"Visual Prolog\",result()}meta(\"compiler\",\"PDC Prolog\")" }, { "path": "dbs_min/db/MSDOS/PK_sig.1.sg", "content": "function detect(){return MSDOS.compareEP(\"c706....'PK'8cd805....50b8....50cb\")&&(bDetected=1),result()}meta(\"other\",\"PK signature\")" }, { "path": "dbs_min/db/MSDOS/PROPACK_SFX.1.sg", "content": "function detect(){return MSDOS.compareEP(\"558bec83ec..8c5e..e8....be....e8....b80030cd21ba....0e3c..72..a1....8ec033ff33c0b9....f2aeae75..fec0af75..5a8bd7061f\")&&(sVersion=\"2.18\",bDetected=1),result()}meta(\"sfx\",\"PROPACK SFX\")" }, { "path": "dbs_min/db/MSDOS/Pacific_C.4.sg", "content": "function detect(){return(MSDOS.compareEP(\"fcb8....8ed826a1....488bd881eb....ba....3bd372..8bda2bc3b9....d3e048488ed38be0\")||MSDOS.compareEP(\"fcc516....b8....8ed88ed0268b1e....4b2bd8b8....f7c3\")||MSDOS.compareEP(\"fc8d16....b8....8ed826a1....488bd881eb....ba....3bd372..8bda2bc3b9....d3e048488ed38be0\"))&&(sVersion=\"7.51\",sOptions=\"1984-91 by HI-TECH Software\",bDetected=1),sLang=\"C\",result()}meta(\"compiler\",\"Pacific C\")" }, { "path": "dbs_min/db/MSDOS/Panda_immunizer.1.sg", "content": "function detect(){return MSDOS.compareEP(\"e8$$$$5d81ed....2e8c8e....2e8c86....fc268e06....33ff32c0b9....f2ae26803d..75..83c7..2e89be\")&&(sOptions=\"by Panda Software\",sVersion=\"2.10s\",bDetected=1),result()}meta(\"immunizer\",\"Artemis Professional\")" }, { "path": "dbs_min/db/MSDOS/Pascal_MT+86.4.sg", "content": "function detect(){return MSDOS.compareEP(\"e8$$$$8cc82e0306....2e0306....2e0306....2e0306....3b06....76..2ea1....2d....2ea3....3d....7f..1ee8\")?(sVersion=\"3.1\",sOptions=\"1982 by Digital Research, Inc.\",bDetected=1):MSDOS.compareEP(\"e8$$$$8cc82e0306....2e0306....2e0306....2e0306....3b06....76..1ee8\")&&(sVersion=\"3.01\",sOptions=\"1982 by Digital Research, Inc.\",bDetected=1),sLang=\"Pascal\",result()}meta(\"compiler\",\"Pascal/MT+86\")" }, { "path": "dbs_min/db/MSDOS/Phar_Lap.0a.sg", "content": "function detect(){return MSDOS.compareEP(\"eb$$8cd88ec0b8....8ed8c706........b8....2d....3bc476..c706........8f06....8f06....58a3....a3....a3....8cd88d1e....8ed0\")?(sVersion=\"1986-93 (C5S2S2P6)\",bDetected=1):MSDOS.compareEP(\"eb$$8cd88ec0b8....8ed8bb....8cc02bd881c3....b44acd2173..e9....8d06....05....8cdb8ed38be0fcb8....8ec033c033db33c9\")?(sVersion=\"1986-91 (C5S2S2PJ)\",bDetected=1):MSDOS.compareEP(\"b8....50b8....50cb\")?(sVersion=\"1986-91 (C3S2S2P8)\",bDetected=1):MSDOS.compareEP(\"eb$$bd....2e8e1e....26a1....a3....268b1e....b1..8cdab8....05....3bc376..8bc32bc23d....76..b8....d3e0bb....891e....c706\")||MSDOS.compareEP(\"eb$$33ed2e8e1e....26a1....a3....8d06....a3....9d06....a3....8d06....a3....8cd88d1e....8ed08be3bb....26891e....8cc02bd8\")?(sVersion=\"1986-89 (C5S2S2P6)\",bDetected=1):MSDOS.compareEP(\"eb$$33ed2e8e1e....26a1....a3....268b1e....b1..4b891e....b8....05....3bc376..8bc3ba....2bc2d3e0c706........c706\")?(sVersion=\"1986-89 (C5S2S2P7)\",bDetected=1):MSDOS.compareEP(\"b8....8ed8b8....cd21a3....3c..7d..b4..ba....8edaba....cd2106b8....50cb\")&&(sVersion=\"1986-89 (C5S2S2PN)\",bDetected=1),result()}meta(\"extender\",\"Phar Lap DOS Extender\")" }, { "path": "dbs_min/db/MSDOS/RAR.6.sg", "content": "function detect(){detect_RAR(0)}includeScript(\"rar-file\")" }, { "path": "dbs_min/db/MSDOS/REC_small.1.sg", "content": "function detect(){return MSDOS.compareEP(\"8cd81ee8$$$$83c0..5fb9....81ef....87ef408ed82bdbb2..0017424383fb..75..e2\")?(sVersion=\"1.2\",sOptions=\"by Ralf Roth\",bDetected=1):MSDOS.compareEP(\"8cd81ee8$$$$5d83c0..81ed....b9....408ed82bdbb2..0017fec24383fb..75..e2\")?(sVersion=\"1.01\",sOptions=\"by Ralf Roth\",bDetected=1):MSDOS.compareEP(\"8cd81ee8000083c0..5db9....81ed....408ed82bdbb2..0017fec24383fb..75..e2\")?(sVersion=\"1.02\",sOptions=\"by Ralf Roth\",bDetected=1):MSDOS.compareEP(\"b9....8cd883c0..fa8bdc8cd7bc....44408ed02be4b2..8bec0056..424483fc..75..e2\")&&(sVersion=\"1.05\",sOptions=\"by Ralf Roth\",bDetected=1),result()}meta(\"protector\",\"REC.small\")" }, { "path": "dbs_min/db/MSDOS/REC_small_AV.1.sg", "content": "function detect(){return MSDOS.compareEP(\"eb$$8cd81ee8$$$$83c0..5fb9....81ef....87ef408ed82bdbb2..0017424383fb..75..e2\")?(sVersion=\"1.03\",sOptions=\"by Ralf Roth\",bDetected=1):MSDOS.compareEP(\"eb$$8cd81ee8$$$$83c0..5fb9....81ef....87ef408ed82bdbb2..001702d34383fb..75..e2\")&&(sVersion=\"4.01\",sOptions=\"by Ralf Roth\",bDetected=1),result()}meta(\"immunizer\",\"REC.small\")" }, { "path": "dbs_min/db/MSDOS/RLE_com-packer.2.sg", "content": "function detect(){return MSDOS.compareEP(\"60be....bf....8b0e....f3a4be....bf....57b9....f3a4c3\")&&(sOptions=\"by NOP/PC\",bDetected=1),result()}meta(\"packer\",\"RLE com-packer\")" }, { "path": "dbs_min/db/MSDOS/RM_FORTRAN.4.sg", "content": "function detect(){return MSDOS.compareEP(\"fc1eb8....8ed89a........81ec....8becc706........c706........33ffbe....b8....8ec0b9....f3a5897e..b8....ab8cdb8ec3bb\")&&(bDetected=1),sLang=\"Fortran\",result()}meta(\"compiler\",\"RM/FORTRAN\")" }, { "path": "dbs_min/db/MSDOS/RTLink_VM_Manager.0a.sg", "content": "function detect(){return MSDOS.compareEP(\"9a########1e069a........2e8c06....8cc88ed852ba....b0..9a........5afcb8....2b06....d1e0\")&&(bDetected=1),result()}meta(\"extender\",\".RTLink VM Manager\")" }, { "path": "dbs_min/db/MSDOS/RTPatch_SFX.1.sg", "content": "function detect(){return MSDOS.compareEP(\"e8$$$$8ccb8edb8c06....a3....8cc00106....0106....fd26a1....bb....b1..d3eb2bc38ec0bf....83e7..8bf7b9....d1e9f3a5fc\")&&(sVersion=\"3.20\",bDetected=1),result()}meta(\"sfx\",\"RTPatch SFX\")" }, { "path": "dbs_min/db/MSDOS/Realia_Cobol.4.sg", "content": "function detect(){return MSDOS.compareEP(\"9a########9a########3c..75..8ed38be22bdb2bd2cb\")&&(sVersion=\"4.X\",sOptions=\"1984-92 by Realia, Inc.\",bDetected=1),sLang=\"Cobol\",result()}meta(\"compiler\",\"Realia Cobol\")" }, { "path": "dbs_min/db/MSDOS/Realia_SPITBOL.4.sg", "content": "function detect(){return MSDOS.compareEP(\"2e8c1e....fc8ccaa1....0e1ffe06....a3....0116....b9....be....ad0bc074..03c28944..e2..8e06....bf....b1..b0..f3ae\")&&(sVersion=\"3.6\",sOptions=\"1983-84 by Realia, Inc.\",bDetected=1),result()}meta(\"compiler\",\"Realia SPITBOL\")" }, { "path": "dbs_min/db/MSDOS/SHOW_IT.1.sg", "content": "function detect(){return MSDOS.compareEP(\"bf....32db2e8a150ad274..b4..cd214780fa..75..fec380fb..75..32db53b4..cd16b4..cd165b75\")&&(sVersion=\"1.2\",sOptions=\"converted to exe\",bDetected=1),result()}meta(\"self-displayer\",\"SHOW IT\")" }, { "path": "dbs_min/db/MSDOS/Self_UnStuffer.2.sg", "content": "function detect(){return MSDOS.compareEP(\"86e303e9ace3$$1000e3$$00e40ec400e3\")&&MSDOS.compareOverlay(\"0101'Aladdin'\")&&(sVersion=\"1.1\",sOptions=\"by Aladdin Systems, Inc.\",bDetected=1),result()}meta(\"sfx\",\"Self UnStuffer\")" }, { "path": "dbs_min/db/MSDOS/Small_C.4.sg", "content": "function detect(){return MSDOS.compareEP(\"b8....8ed826a1....2d....80fc..72..b8....b1..d3e0fa8cdb8ed38be050fbb8....2d....d3e08bd8fec73bdc72..b8....50e8\")?(sVersion=\"2.2\",sOptions=\"1982-88 by J. E. Hendrix\",bDetected=1):MSDOS.compareEP(\"b8....8ed826a1....2d....3d....72..b8....b1..d3e0fa8cdb8ed38be050fbb8....2d....d3e08bd881c3....3bdc72..b8....cd21\")&&(sVersion=\"2.1\",sOptions=\"1982-88 by J. E. Hendrix\",bDetected=1),sLang=\"C\",result()}meta(\"compiler\",\"Small C\")" }, { "path": "dbs_min/db/MSDOS/StonyBrook_Pascal.4.sg", "content": "function detect(){return MSDOS.compareEP(\"31ED9A........5589E581EC....B8....0E509A........BE....1E0EBF....1E071FFC\")?(sVersion=\"7.0\",bDetected=1):MSDOS.compareEP(\"31ed9a........5589e5b8....50ff1e\")?(sVersion=\"6.13\",bDetected=1):MSDOS.compareEP(\"31ed9a........5589e581ec....16078dbe....b9....31c0fcf3ab1e07\")?(sVersion=\"6.12\",bDetected=1):MSDOS.compareEP(\"31ed9a........5589e59a........c706........c706........e8\")?(sVersion=\"6.1G\",bDetected=1):MSDOS.compareEP(\"31ed9a........5589e583ec..9a........9a\")&&(sVersion=\"6.14\",bDetected=1),sLang=\"Pascal\",result()}meta(\"compiler\",\"StonyBrook Pascal+\")" }, { "path": "dbs_min/db/MSDOS/Sydex_SFX.1.sg", "content": "function detect(){return MSDOS.compareEP(\"b8....8ec0b430cd2186e0ba....3d....72..a1....26a3....bf....8a1d32ff47883926893e....268c1e....8cd88cc3\")&&(sOptions=\"1994 by Sydex, Inc.\",bDetected=1),MSDOS.compareEP(\"b8....8ec0e8....ba....3d....b8....72..e8....26a3....26890e....268916....8cd88cc381c3....2bd88ec0b4..cd21\")&&MSDOS.compareOverlay(\"'SXD'00\")&&(sOptions=\"1997 by Sydex, Inc.\",bDetected=1),result()}meta(\"sfx\",\"Sydex SFX\")" }, { "path": "dbs_min/db/MSDOS/Topspeed_Modula.4.sg", "content": "function detect(){return MSDOS.compareEP(\"e90000fc2bedbc....b8....8ed88c06....26a1....a3....54583bc4b8....75..b430cd213c..74..3c..77..b8....8cdbe8....86c4a3....8e06\")?(sVersion=\"2.0\",bDetected=1):MSDOS.compareEP(\"1eba....8eda8b0e....8b36....ff36....5053a1....48ba....8eda890e....8936....a3....c706........2ea1....a3\")||MSDOS.compareEP(\"1eba....8eda8b0e....8b36....ff36....50a1....48ba....8eda890e....8936....a3....58c706........c706\")||MSDOS.compareEP(\"1eba....8eda8b0e....8b36....ff36....50a1....48ba....8eda890e....8936....a3....c706........58c706\")||MSDOS.compareEP(\"fc1eba....8eda8b0e....8b36....ff36....50a1....ba....8eda890e....8936....a3....58c706........c706\")?(sName+=\" RTL\",sOptions=\"1989 by JPI\",bDetected=1):MSDOS.compareEP(\"ea########2e8c1e....fc2ef706........74..e8....eb..b8....ba....0e1fcd212bc02ef706........74\")?(sVersion=\"2.0\",sOptions=\"by JPI\",bDetected=1):MSDOS.compareEP(\"ea########2e8c1e....fc2bc08cd3ba....8ec2bf....b9....f3ab423bd372..508becffe0\")?(sVersion=\"1.17\",sOptions=\"by JPI\",bDetected=1):MSDOS.compareEP(\"ea########8cdb2e8e1e....891e....fc2ef706........74..2bc02e8e1e....ff36....8cd3ba....8ec2bf....b9....f3ab423b..72\")&&(sOptions=\"by JPI\",bDetected=1),sLang=\"Modula\",result()}meta(\"compiler\",\"Topspeed Modula\")" }, { "path": "dbs_min/db/MSDOS/UR_FORTH.4.sg", "content": "function detect(){return MSDOS.compareEP(\"fc2e8c06....2e8e1e....e8$$$$b430cd213c..73..e8\")&&(sVersion=\"1.03\",sOptions=\"1986-88 by Laboratory Microsystems, Inc.\",bDetected=1),result()}meta(\"compiler\",\"UR/FORTH\")" }, { "path": "dbs_min/db/MSDOS/Unknown_cryptors.2.sg", "content": "function detect(){return MSDOS.compareEP(\"fa8cde8ccf8edf8ec783c7..bb....8b1f83c3..b1..d3eb2bfbe8\")?(sVersion=\"#01\",bDetected=1):MSDOS.compareEP(\"e9$$$$b9....b3..be....bf....acfec332c3aae2\")?(sVersion=\"#02\",sOptions=\"exe 0-relocs crypt\",bDetected=1):MSDOS.compareEP(\"3ec606......90eb$$2e8a36....8ec08cd8be....bf....2e033e....26a3....26893e....26a3....26c706........0e07\")?(sVersion=\"#03\",bDetected=1):MSDOS.compareEP(\"9090e9$$$$8cd88be8b8....8be08ccb8edb8ec3bf....892de8....8cc88ed88ec01e33db8edbbb....81eb....8b071f1ebb\")?(sVersion=\"#04\",bDetected=1):MSDOS.compareEP(\"eb$$be....bf....2e89352eff26\")?(sOptions=\"protector\",sVersion=\"#05\",bDetected=1):MSDOS.compareEP(\"bf....b8....fa8ed08be7fb1e1eb8....0e500e501efc8cd08ec0be....8cc806b9....578ed8f3a5cb\")?(sOptions=\"Russ\",sVersion=\"#06\",bDetected=1):MSDOS.compareEP(\"........0e1f8b0e....8bf14e89f78cdb031e....8ec3fdf3a453b8....50cb\")?(sOptions=\"Aidstest\",sVersion=\"#07\",bDetected=1):MSDOS.compareEP(\"e9$$$$e8$$$$bb....e8$$$$29c9e8$$$$e8$$$$e9$$$$8ed9e9$$$$870feb$$e8$$$$eb$$51eb$$eb$$29dbe8$$$$bf....e9$$$$e8$$$$871de8$$$$53eb$$b3..b7..bf....2e8a05\")?(sOptions=\"by Matrix Technologies\",sVersion=\"#08\",bDetected=1):MSDOS.compareEP(\"bd....50060ee8$$$$065733ff570e1f07be....b9....8004..46e2..b1..ac268a1d04..aa80eb..885c..e2\")?(sOptions=\"SYN!\",sVersion=\"#09\",bDetected=1):MSDOS.compareEP(\"e9$$$$eb$$bf....e9$$$$26f6e8$$$$e9$$$$8edee8$$$$8735e8$$$$56e9\")?(sOptions=\"by Matrix Technologies\",sVersion=\"#10\",bDetected=1):MSDOS.compareEP(\"b3..060e1f8b0e....8bf14e89f78cdb031e....8ec3fdf3a453b8....50cb\")?(sOptions=\"Aidstest\",sVersion=\"#11\",bDetected=1):MSDOS.compareEP(\"e8$$$$eb$$8cca8eda8ec2be....bf....b9....2ec706........31c0ada3....3136....8bc18bdef7e33106....3116....a1....abe2\")&&(sVersion=\"#12\",bDetected=1),result()}meta(\"cryptor\",\"Unknown cryptor\")" }, { "path": "dbs_min/db/MSDOS/Upper_Deck_Forth.4.sg", "content": "function detect(){return MSDOS.compareEP(\"fc2e8c06....b8....cd213c..73..b4..2e8e1e....ba....cd212eff36....33c050cb\")&&(sVersion=\"2.00\",sOptions=\"1990, 1991 by Upper Deck Systems\",bDetected=1),result()}meta(\"compiler\",\"Upper Deck Forth\")" }, { "path": "dbs_min/db/MSDOS/Visual_Cobol.4.sg", "content": "function detect(){return MSDOS.compareEP(\"9a########061fbe....b9....ac3cff75..e2..ad8ed88b0e....8ed08be1eb\")&&(sVersion=\"3.3\",sOptions=\"1993 by mbp Software & Systems\",bDetected=1),sLang=\"Cobol\",result()}meta(\"compiler\",\"Visual COBOL (XO)\")" }, { "path": "dbs_min/db/MSDOS/WWPACK_mutator.2.sg", "content": "function detect(){return MSDOS.compareEP(\"8cc981c1....51b9....510606b1..51b1..8cd383eb..5351fc8cd5b8....8cca03d0be....33ff4d8ec58edab1..f3a54a4879\")?(sVersion=\"1.0\",sOptions=\"by Barthazi Andras\",bDetected=1):MSDOS.compareEP(\"8cc981c1....51b9....5106068ccab8....03d0b1..518cd383eb..53b1..51fc8cd5be....33ff4d8ec58eda4ab9....50\")?(sOptions=\"by MR WiCKED\",bDetected=1):MSDOS.compareEP(\"81ce....1bf78a....80fa..2a95....fc03f633f281e6....1e10ea0e1f00d20e0732b4....21da2efe06\")?(sOptions=\"1996 by van Hauser\",bDetected=1):MSDOS.compareEP(\"8ccab8....03d08cc981c1....51b9....510606b1..518cd383eb..53b1..51fc8cd5be....33ff4d8ec58eda4ab9....50\")||MSDOS.compareEP(\"8cd383eb..8cc981c1....51b9....510606b1..51fc8cd5b1..5351b8....8cca\")||MSDOS.compareEP(\"8cc981c1....51b9....51b1..068cd30651b1..b8....8cca03d0fc\")||MSDOS.compareEP(\"8cc981c1....51b9....510606fc8cd5b1..51b1..8cd383eb..5351\")||MSDOS.compareEP(\"8cc981c1....51b9....fc8cd5510606b1..51b1..8cd383eb..5351\")?(sVersion=\"3.04a\",sOptions=\"by Boogie\",bDetected=1):MSDOS.compareEP(\"f9be....81ee....2e80b4......eb\")?(sVersion=\"1.1c\",bDetected=1):MSDOS.compareEP(\"061e0e0e071fb430cd2186e03d....73..cd20eb$$eb$$5055528cd2fa50b8....58eb\")?(sOptions=\"REC by R0SE\",bDetected=1):MSDOS.compareEP(\"8cc98cd383eb..81c1....51b9....510606b1..518ccafc8cd5b1..5351b8\")?(sVersion=\"1.0\",sOptions=\"by Barthazi Andras\",bDetected=1):MSDOS.compareEP(\"......81......2e80..\")&&(sOptions=\"by unknown\",bDetected=1),result()}meta(\"protector\",\"WWPACK mutation engine\")" }, { "path": "dbs_min/db/MSDOS/Whitesmiths_C.4.sg", "content": "function detect(){return MSDOS.compareEP(\"be....8cd18cd83bc175..a3....e9....8bde8a0f81e1....03d9d1e941ff3783eb..e2..8bf48cd936890e....8cd18ed98c06....8c06\")?(sVersion=\"3.3\",sOptions=\"1988 by Whitesmiths, Ltd. and Cosmic, Sarl\",bDetected=1):MSDOS.compareEP(\"be....8cdb8cd03bc374..8a0c81e1....03f1d1e941ff3483ee..e2..8bf4b9....8ed9\")&&(sVersion=\"3.2\",sOptions=\"1987 by Whitesmiths, Ltd\",bDetected=1),sLang=\"C\",result()}meta(\"compiler\",\"Whitesmiths C (dos86)\")" }, { "path": "dbs_min/db/MSDOS/Window_book.1.sg", "content": "function detect(){return MSDOS.compareEP(\"e9$$$$e8$$$$fc5e8cda8b1e....bd....8edd8ec5b9....bf....2bcf33c02ea3....41d1e9f3ab891e....8916....8ec2bb....03dd\")?-1!=MSDOS.findSignature(MSDOS.getOverlayOffset(),2e3,\"1a1a7bf7\")&&(sVersion=\"4.20\",bDetected=1):MSDOS.compareEP(\"e9$$$$e8$$$$fc5e8cdaa1....bd....8edd8ec5a3....b9....bf....2bcf33c02ea3....d1e9f3ab8916....8ec2bb....a1....03c7\")&&-1!=MSDOS.findSignature(MSDOS.getOverlayOffset(),2e3,\"1a1a7bf7\")&&(bDetected=1),result()}meta(\"other\",\"Window book\")" }, { "path": "dbs_min/db/MSDOS/Wizardy_protection.1.sg", "content": "function detect(){return MSDOS.compareEP(\"2eff16....e9\")&&(bDetected=1),result()}meta(\"protector\",\"Wizardy protection\")" }, { "path": "dbs_min/db/MSDOS/WordPerfect_EXEPack.2.sg", "content": "function detect(){return MSDOS.compareEP(\"958cc005....0e1fa3....0306....8ec08b0e....8bf94f8bf7fdf3a48b16....50b8....50cb\")&&(bDetected=1),result()}meta(\"packer\",\"WordPerfect EXEPack\")" }, { "path": "dbs_min/db/MSDOS/XOPEN+_Protection.2.sg", "content": "function detect(){return MSDOS.compareEP(\"8cca8cdd8eda81ea....8916....ba....8eddea\")&&(sOptions=\"1994\",bDetected=1),result()}meta(\"protector\",\"XOPEN+ Protection\")" }, { "path": "dbs_min/db/MSDOS/Zbikowski_C.4.sg", "content": "function detect(){return(MSDOS.compareEP(\"ba....8cd32bdab1..d3e3fa8ed203e3fbfc8b1e....8bc32bc2a9....74..8bda80c7..33c0eb..b1..d3e02d....36a3\")||MSDOS.compareEP(\"ba....8cd32bdab1..d3e3fa8ed203e3fbbe....8b1e....36891e....33ff8bc70bdb74..b9....8ec3f2ae\"))&&(sOptions=\"1983 by Mark Zbikowski (Microsoft Corp.)\",bDetected=1),sLang=\"C\",result()}meta(\"compiler\",\"Zbikowski C\")" }, { "path": "dbs_min/db/MSDOS/Zip.6.sg", "content": "function detect(){detect_Zip(0)}includeScript(\"zip-file\")" }, { "path": "dbs_min/db/MSDOS/Zortech(Symantec)_C.4.sg", "content": "function detect(){return MSDOS.compareEP(\"fafcb8....8ed88c......268b......891e....8bd82b1e....891e....268b1e....2bd881fb....72..bb....8bd003d342b1..d3e38ed08be381eb....80ff..73..ba....e9....fbb430cd21a3\")?(sVersion=\"2.10 - 3.0r1*, 4.0\",bDetected=1):MSDOS.compareEP(\"fafcb8....8ed88ed08ec0bc....33c050e8....eb\")?(sVersion=\"2.10 - 3.0r1, 4.0\",bDetected=1):MSDOS.compareEP(\"fafcb8....8ed0bc....b8....8ed88c06....660fb7c066c1e0..ba\")||MSDOS.compareEP(\"fafcb8....8ed88ed0bc....2e8c06....33d21e2e8e1e....be....8a0e....32ede3\")||MSDOS.compareEP(\"fafcb8....8ed8bb....81c3....8ed08be3fb8becbe....268a0c4632ed8bd9\")?(sVersion=\"3.0\",sOptions=\"1991\",bDetected=1):MSDOS.compareEP(\"fafcb8....8ed88ed0bc....b4..cd214b891e....8cc0a3....b8....cd21\")||MSDOS.compareEP(\"fafcb8....8ed833c08ed88bf8bb....b9....b8....8905\")?(sVersion=\"2.10 - 3.0r1, 4.0\",bDetected=1):MSDOS.compareEP(\"fab8....8ed8a3....8c06....268b......891e....8bd82b1e....891e....268b......891e....2bd881fb....72..bb....8bd003d34289\")?(sVersion=\"2.0\",bDetected=1):MSDOS.compareEP(\"fab8....8ed88c06....268b1e....891e....8bd82b1e....891e....268b1e....2bd881fb....72..bb....8bd0\")?(sVersion=\"2.00\",sOptions=\"1989 by Walter Bright\",bDetected=1):MSDOS.compareEP(\"fab8....dbe38ed88c06....8bd82b1e....891e....268b1e....2bd881fb....72..bb....8bd003d342b1..d3e38ed08be381eb....81fb....77\")||MSDOS.compareEP(\"eb$$fab8....05....b9....d3e88cc903c18ed88c06....268b1e....891e....8bd82b1e....891e....268b1e....2bd8\")?(sVersion=\"4.0\",bDetected=1):(MSDOS.compareEP(\"e8$$$$fc06b8....cd21bf....8cc98ed9be....b9....f3\")||MSDOS.compareEP(\"fafcb8....8ed8bb....81c3....8ed08be38becfb8cc0a3....be....268b04a3....8b36\")||MSDOS.compareEP(\"fafcb8....8ed88c06....8ed0bc....fbba....e8....b8....cd2186c4\"))&&(bDetected=1),sLang=\"C\",result()}meta(\"compiler\",\"Zortech/Symantec C\")" }, { "path": "dbs_min/db/MSDOS/Zurenava_DOS_Extender.0a.sg", "content": "function detect(){return MSDOS.compareEP(\"be....bf....b9....56fcf3a55fe9\")&&(sVersion=\"0.45\",bDetected=1),result()}meta(\"extender\",\"Zurenava DOS Extender\")" }, { "path": "dbs_min/db/MSDOS/_LE.0.sg", "content": "function detect(){return MSDOS.isLE()&&(bDetected=1),result()}meta(\"type\",\"LE\")" }, { "path": "dbs_min/db/MSDOS/_LX.0.sg", "content": "function detect(){return MSDOS.isLX()&&(bDetected=1),result()}meta(\"type\",\"LX\")" }, { "path": "dbs_min/db/MSDOS/_MSDOS.0.sg", "content": "function detect(){return MSDOS.isVerbose()&&(sName=MSDOS.getOperationSystemName(),sVersion=MSDOS.getOperationSystemVersion(),sOptions=MSDOS.getOperationSystemOptions(),\"Unknown\"===sName&&(sName=\"DOS-like\"),bDetected=1),result()}meta(\"operation system\",\"MS-DOS\")" }, { "path": "dbs_min/db/MSDOS/_NE.0.sg", "content": "function detect(){return MSDOS.isNE()&&(bDetected=1),result()}meta(\"type\",\"NE\")" }, { "path": "dbs_min/db/MSDOS/_init", "content": "var File=MSDOS,X=MSDOS\nMSDOS.getBaseOffset=function(e){return 0==arguments.length&&(e=0),(MSDOS.readWord(8)<<4)+e},MSDOS.addressToOffset=function(e,t){return 1==arguments.length&&(t=0),t+=e<<4,MSDOS.getBaseOffset(1048575&t)},MSDOS.AddressToOffset=function(){MSDOS.addressToOffset.apply(this,arguments)},MSDOS.getEntryPointOffset=function(e){return 0==arguments.length&&(e=0),MSDOS.addressToOffset(MSDOS.readWord(22),MSDOS.readWord(20))+e},MSDOS.getNEOffset=function(e){return 0==arguments.length&&(e=0),MSDOS.readDword(60)+e}" }, { "path": "dbs_min/db/MSDOS/anti-tracing_add-on.1.sg", "content": "function detect(){return MSDOS.compareEP(\"fc33d28ec2bf....abab8ccb33ff81eb....53bb....531e0733dbcb\")&&(bDetected=1),result()}meta(\"protector\",\"anti-tracing add-on\")" }, { "path": "dbs_min/db/MSDOS/compiler_ASIC-Basic.4.sg", "content": "function detect(){return(MSDOS.compareEP(\"b8....8ed88ec033dbb4..cd108916....cc901ebf....8cc82d....8ed833c98a0e....83f9..72..b9....26be....fc\")||MSDOS.compareEP(\"b8....8ed88ec033dbb4..cd108916....1ebf....8cc82d....8ed833c98a0e....83f9..72..b9....26be....fc\"))&&(sVersion=\"5.0\",sOptions=\"1994 by David Visti of 80_20 Software\",bDetected=1),result()}meta(\"compiler\",\"ASIC-Basic\")" }, { "path": "dbs_min/db/MSDOS/compiler_Ada89.4.sg", "content": "function detect(){return MSDOS.compareEP(\"e9$$$$8cda8cc939d173$$1e0e1fb4..b0..ba....cd21b4..b0..ba....cd211f8cd9b8....8b1e....8ed88ec0\")&&(sOptions=\"1989 by RR Software, Inc.\",bDetected=1),result()}meta(\"compiler\",\"Ada89\")" }, { "path": "dbs_min/db/MSDOS/compiler_ApBasic.4.sg", "content": "function detect(){return MSDOS.compareEP(\"eb$$8cc02ea3....268b36....8cc88ed88ec08cc82e0106....2e0106....2ea1....2e8b16....33db2e\")?(sVersion=\"1.2\",sOptions=\"1987-89 by Comptech Software, Inc.\",bDetected=1):MSDOS.compareEP(\"eb$$8cc02ea3....268b36....8cc88ed88ec08cc82e0106....2e0106....e8....2ea1....2e8b16....33db2e\")&&(sOptions=\"1991 by Comptech Software, Inc.\",bDetected=1),result()}meta(\"compiler\",\"ApBasic\")" }, { "path": "dbs_min/db/MSDOS/compiler_BAT2EXEC.4.sg", "content": "function detect(){return MSDOS.compareEP(\"eb$$fcbd....8b....8b......8b......b44acd21a1....8986....8b9e....ffe3\")?(sVersion=\"1.5\",bDetected=1):MSDOS.compareEP(\"fcbd....8b....8b......8b......b44acd21a1....8986....8b9e....ffe3\")&&(sVersion=\"1.2\",bDetected=1),result()}meta(\"compiler\",\"BAT2EXEC\")" }, { "path": "dbs_min/db/MSDOS/compiler_BSTAR_FORTH.4.sg", "content": "function detect(){return MSDOS.compareEP(\"e9$$$$8c0e....8c0e....a1....a3....e8....a3....a1....a3....e8....a3....a1....a3....e8....e8....8b0e....e3..1e8e06....a1\")&&(sVersion=\"0.0\",bDetected=1),result()}meta(\"compiler\",\"BSTAR_FORTH(16)\")" }, { "path": "dbs_min/db/MSDOS/compiler_BatLite.4.sg", "content": "function detect(){return MSDOS.compareEP(\"eb$$e8....bb....8bf3031e....891e....81fb....73..bb....8bfb891e....031e....81c3....8be3b1..d3eb43\")&&(sOptions=\"1991-95 by Pieter A. Hintjens (COM2EXE converted)\",bDetected=1),result()}meta(\"compiler\",\"BatLite\")" }, { "path": "dbs_min/db/MSDOS/compiler_BetterBASIC.4.sg", "content": "function detect(){return MSDOS.compareEP(\"e9$$$$fa2ec706........2e8c1e....b8....05....b1..d3e805....bb....83c3..d3eb8cc98ed1bc....2ec706........03c88ed903cb8ec1\")&&(sOptions=\"1984-86 by Summit Software Technology Inc.\",bDetected=1),result()}meta(\"compiler\",\"BetterBASIC\")" }, { "path": "dbs_min/db/MSDOS/compiler_CII-C.4.sg", "content": "function detect(){return(MSDOS.compareEP(\"eb$$dbe3fcb8....8ed88c06....26a1....3b06....76..2b06....8cdf81c7....3bf873..8bc7be....3bf0\")||MSDOS.compareEP(\"dbe3fcb8....8ed88c06....26a1....3b06....76..2b06....be....3bf073..2bc63b06....72..3b06\")||MSDOS.compareEP(\"eb$$dbe3fcb8....8ed88c06....26a1....3b06....76..2b06....be....3bf073..2bc63b06....72..3b06\")||MSDOS.compareEP(\"eb$$dbe3fcb8....8ed88c06....9c58a9....75..26a1....3b06....76..2b06....8cdf81c7....3bf8\"))&&(bDetected=1),sLang=\"C\",result()}meta(\"compiler\",\"CII-C\")" }, { "path": "dbs_min/db/MSDOS/compiler_Easy!-C.4.sg", "content": "function detect(){return MSDOS.compareEP(\"9c55568ccd83c5..8db6....56be....56cb\")&&(sOptions=\"1993 by Flight Technologys\",bDetected=1),sLang=\"C\",result()}meta(\"compiler\",\"Easy!-C\")" }, { "path": "dbs_min/db/MSDOS/compiler_GRASP.4.sg", "content": "function detect(){return MSDOS.compareEP(\"8cd88ec0b8....8ed88c06....8c16....8926....26a1....3b06....77..e9....2b06....8cdf81c7....3bf873..8bc7\")?(sVersion=\"4.00e - 5.0\",sOptions=\"1993 by John Bridges\",bDetected=1):MSDOS.compareEP(\"8cd88ec0b8....8ed88c06....26a1....3b06....77..e9....2b06....8cdf81c7....3bf873..8bc7\")&&(sVersion=\"4.0b\",sOptions=\"1991 by John Bridges\",bDetected=1),result()}meta(\"compiler\",\"GRASP Interpreter\")" }, { "path": "dbs_min/db/MSDOS/compiler_MegaBasic.4.sg", "content": "function detect(){return MSDOS.compareEP(\"e9$$$$1eff36....ff36....8cc88ed88ec02e8f06....2e8f06....2e8f06....2e8c0e....b430cd213c..ba....73..e8....2eff36....33c050cb\")&&(sVersion=\"4.00\",sOptions=\"1991-94 by Kristofer Sweger\",bDetected=1),sLang=\"Basic\",result()}meta(\"compiler\",\"MegaBasic\")" }, { "path": "dbs_min/db/MSDOS/compiler_MegaBasic1.4.sg", "content": "function detect(){return MSDOS.compareEP(\"e9$$$$b9....33f633ff1607fcf3a5368c1e....a1....161fa3....e8....bc....b430cd21a2....0ac074..86e0\")?(sVersion=\"5.40\",sOptions=\"1985-87 by Christopher Cochran\",bDetected=1):MSDOS.compareEP(\"e8$$$$b8....cd21360806....84c074..8bf886e08bd0d40a86c4360906....86c48ac48ae6d50a\")?(sVersion=\"5.812\",sOptions=\"1994 by Christopher Cochran\",bDetected=1):MSDOS.compareEP(\"e8$$$$b430cd21360806....0ac074..86e08bd0d40a86c4360906....86c48ac48ae6d50a\")?(sVersion=\"5.73\",sOptions=\"1992 by Christopher Cochran\",bDetected=1):(MSDOS.compareEP(\"e9$$$$b9....33f633ff1607fcf3a5368c1e....161fe8....bc....b430cd21a2....0ac074..86e0\")||MSDOS.compareEP(\"e9$$$$b9....33f633ff1607fcf3a5268c1e....161fe8....bc....0e1fba....b8....cd21ba....b8\"))&&(sOptions=\"1985 by Christopher Cochran\",bDetected=1),sLang=\"Basic\",result()}meta(\"compiler\",\"MegaBasic\")" }, { "path": "dbs_min/db/MSDOS/compiler_PCC.4.sg", "content": "function detect(){return MSDOS.compareEP(\"e9$$$$368c1e....a1....8cd32bc377..e9....483d....72..b8....b1..d3e03bc473..e9....368b1e....36031e....83c3..3be375..8be0368926....b430cd213c..72..36c606......c606\")?(sVersion=\"1.2\",sOptions=\"by Mark DeSmet (C Ware Corporation)\",bDetected=1):MSDOS.compareEP(\"e9$$$$368c1e....a1....8cd32bc377..e9....483d....72..b8....b1..d3e03bc473..e9....368b1e....36031e....83c3..3be375..8be0368926....b430cd213c..72..36c606......36a2....c606\")?(sVersion=\"3.X\",sOptions=\"1984-86 by Mark DeSmet (C Ware Corporation)\",bDetected=1):MSDOS.compareEP(\"e9$$$$368c1e....a1....8cd32bc377..e9....483d....72..b8....b1..d3e03bc473..e9....8be0c606......c606......b9....be....468a84....3c..74..3c..75..b8....50\")?(sVersion=\"2.X\",sOptions=\"1984-86 by Mark DeSmet (C Ware Corporation)\",bDetected=1):MSDOS.compareEP(\"e9$$$$368c1e....a1....36a3....a1....8cd32bc377..e9....483d....72..b8....b1..d3e03bc473..e9....368b1e....36031e....83c3..3be375..8be0368926\")&&(sVersion=\"3.1\",sOptions=\"1984-86 by Mark DeSmet (C Ware Corporation)\",bDetected=1),sLang=\"C\",result()}meta(\"compiler\",\"PCC (DeSmet C)\")" }, { "path": "dbs_min/db/MSDOS/compiler_Power_C.4.sg", "content": "function detect(){return MSDOS.compareEP(\"b8....05....b1..d3e88cca03c28b0e....8cdb8ed8891e....890e....8ec0ba....1e8cc88ed8b8....cd21588ed8bf....33c0\")&&(sVersion=\"2.0.X\",sOptions=\"1989-91 by Mix Software\",bDetected=1),sLang=\"C\",result()}meta(\"compiler\",\"Power C\")" }, { "path": "dbs_min/db/MSDOS/compiler_SP-FORTH.4.sg", "content": "function detect(){return MSDOS.compareEP(\"b8....8ed88bec81c5....c746......e8$$$$8b46..25....0d....cd218b46..83ed..8946..c3\")&&(sVersion=\"2.5.13\",bDetected=1),MSDOS.compareEP(\"b8....8ed88bec81c5....c746......e8$$$$e8$$$$8bc583ed..8946..c3\")&&(sVersion=\"2.5.X\",sOptions=\"1994\",bDetected=1),result()}meta(\"compiler\",\"SP-FORTH\")" }, { "path": "dbs_min/db/MSDOS/compiler_Symantec_BASIC.4.sg", "content": "function detect(){return MSDOS.compareEP(\"e8$$$$1e060e1f9a........8c06....33c08ec026a1....a3....26a1....a3....ba....b0..9a........fa26c706........268c0e....fb071fc3\")&&(sVersion=\"1.1a\",sOptions=\"1993\",bDetected=1),sLang=\"Basic\",result()}meta(\"compiler\",\"Symantec BASIC\")" }, { "path": "dbs_min/db/MSDOS/compiler_Topspeed_C.4.sg", "content": "function detect(){return(MSDOS.compareEP(\"8cc1e3$$1eba....8eda8b0e....8b36....ff36....50a1....ba....8eda890e....8936....a3....58\")||MSDOS.compareEP(\"8cc1e3$$1eba....8eda8b0e....8b36....ff36....50a1....48ba....8eda890e....8936....a3....c706........58\"))&&(sVersion=\"2.0\",sOptions=\"1989 by JPI\",bDetected=1),sLang=\"C\",result()}meta(\"compiler\",\"Topspeed C\")" }, { "path": "dbs_min/db/MSDOS/compiler_Turbo_Basic.4.sg", "content": "function detect(){return(MSDOS.compareEP(\"2E8C......2EC706........E8....E8\")||MSDOS.compareEP(\"faba....8ec28ed2bc....fb8bfc32edbe....8a0e....8bc12bf94f81e7....268c1e....8be78ec2fcf3a48eda8bf7bb....9150\"))&&(sVersion=\"1.0\",sOptions=\"1987\",bDetected=1),result()}meta(\"compiler\",\"Turbo Basic\")" }, { "path": "dbs_min/db/MSDOS/compiler_Turbo_Prolog.4.sg", "content": "function detect(){return MSDOS.compareEP(\"fab8....8ed8b8....a3....8ed0bc....fb8c06....268e06....8c06....b8....a3....9a\")&&(sVersion=\"2.0\",sOptions=\"1986-88\",bDetected=1),sLang=\"Prolog\",result()}meta(\"compiler\",\"Turbo Prolog\")" }, { "path": "dbs_min/db/MSDOS/compiler_WATCOM.4.sg", "content": "function detect(){var e,c\nreturn MSDOS.compareEP(\"E9....'WATCOM C'\")||MSDOS.isSignaturePresent(0,Math.min(2048,MSDOS.getSize()),\"'WATCOM C'\")?bDetected=1:MSDOS.isLE()?(c=MSDOS.getNEOffset(),e=MSDOS.readDword(c+128),c=MSDOS.readDword(c+28),MSDOS.compare(\"EB..'WATCOM C'\",e+c)&&(bDetected=1)):MSDOS.compareEP(\"e9$$$$fbb9....8ec126bb....83c3..80e3..26891e....268c1e....01e383c3..80e3..8ed189dc26891e....89dad1ea\")?(sName=\"Open Watcom C/C++16\",sVersion=\"2002 by Sybase, Inc.\",bDetected=1):MSDOS.compareEP(\"e9$$$$fbb9....8ec1bb....83c3..80e3..26891e....268c1e\")?(sName=\"Open Watcom C/C++16\",sVersion=\"1988-2002 by Sybase, Inc.\",bDetected=1):MSDOS.compareEP(\"8cd8bb....8edb8b1e....0bdb74..8cd18bd4fa8ed3bc....fb50535152a3....e8....5a595b580bdb74..fa8ed18be2fb\")?(sName+=\"/C++\",sVersion=\"1990 by WATCOM Systems Inc.\",bDetected=1):MSDOS.compareEP(\"eb$$2e8c06....2e8c16....2e8926....fa8cc88ed0bc....fb2ec706........b8....cd213c..72..2e830e......e8....8bd8\")?(sName+=\"/C++\",sVersion=\"1991 by WATCOM Systems Inc.\",bDetected=1):MSDOS.compareEP(\"eb$$2e8c06....2e8c16....2e8926....2ea1....2e0306....fa8ed0bc....fbb8....b1..d3e874..33c054593bcc75..9cb9\")?(sVersion=\"1992 by WATCOM Systems Inc.\",bDetected=1):MSDOS.compareEP(\"eb$$33ed2e8e1e....26a1....a3....8d06....a3....8d06....a3....8d06....a3....8cd88d1e....8ed08be3bb....26891e\")?(sName+=\" 386\",sVersion=\"1990 by WATCOM Systems Inc.\",bDetected=1):MSDOS.compareEP(\"eb$$2e8c06....2e8c16....2e8926....2ea3....2e8916....2e891e....fa8cc88ed0bc....fbe8....8bd8e8....2ea2....fa\")?(sVersion=\"1990 by WATCOM Systems Inc.\",bDetected=1):MSDOS.compareEP(\"faba....8eda8916....8c06....8c0e....b8....a3....b8....a3....8ed28be0fb0633c9518becbe....268b04a3....8ec28e1e\")?(sVersion=\"1988 by WATCOM Systems Inc.\",bDetected=1):MSDOS.compareEP(\"eb$$2e8c06....2e8c16....2e8926....2ea3....2e8916....2e891e....2e8c1e....fa8cc88ed0bc....fbe8....8bd8fa2e8e16\")?(sVersion=\"1992 by WATCOM Systems Inc.\",bDetected=1):MSDOS.compareEP(\"EB....00'*** NULL assignment detected'00'\")&&(sName=\"Open Watcom C/C++16\",sVersion=\"2.0\",bDetected=1),sLang=-1!==sName.indexOf(\"C++\")?\"C\":\"C++\",result()}meta(\"compiler\",\"WATCOM C\")" }, { "path": "dbs_min/db/MSDOS/compiler_WPFORTH.4.sg", "content": "function detect(){return MSDOS.compareEP(\"bd....bc....b8....0e5b81c3....8ed3ffe0\")&&(sVersion=\"1.0\",sOptions=\"1993 by Albert Chan\",bDetected=1),result()}meta(\"compiler\",\"WPFORTH\")" }, { "path": "dbs_min/db/MSDOS/compiler_djgpp.4.sg", "content": "function detect(){return MSDOS.compare(\"'go32stub'\",512)?(sVersion=\"2\",bDetected=1):MSDOS.isSignaturePresent(0,Math.min(8192,MSDOS.getSize()),\"'StubInfoMagic!!'\")&&(sVersion=\"1\",bDetected=1),result()}meta(\"compiler\",\"djgpp\")" }, { "path": "dbs_min/db/MSDOS/compiler_muLISP-87.4.sg", "content": "function detect(){return MSDOS.compareEP(\"e9$$$$eb$$8cc88ed88ed0bc....a3....b8....cd21891e....8c06....a0....5084c075..b8....8ec026803e......75..26c416....8cc1\")?(sName+=\"-87\",sOptions=\"1983-1989 by Soft Warehouse, Inc.\",bDetected=1):MSDOS.compareEP(\"e9$$$$eb$$8cc88ed88ed0bc....a3....b8....cd21891e....8c06....b8....cd21891e....8c06....ba....b8....cd21a0....5084c0\")&&(sName+=\"-90\",sOptions=\"1983-1990 by Soft Warehouse, Inc.\",bDetected=1),sLang=\"LISP\",result()}meta(\"compiler\",\"muLISP\")" }, { "path": "dbs_min/db/MSDOS/converter_EXE2COM.1.sg", "content": "function detect(){return MSDOS.compareEP(\"b3..b9....33d2be....8bfeac32c3aa494332e403d0e3..eb\")?(sVersion=\"9.50a\",bDetected=1):MSDOS.compareEP(\"e9$$$$92be....bf....fca5a48ccb83c3..b9....ad97011de2\")?(sOptions=\"1996 by EM-Phaser\",bDetected=1):MSDOS.compareEP(\"e9$$$$e9$$$$8cca81c2....3b16....76..ba....b409cd21cd20\")?(sOptions=\"generic, type 2\",bDetected=1):MSDOS.compareEP(\"e9$$$$bf....be....a5a48cda83c2..50b4..bb....cd21580116....81c2....8ed2\")&&(sOptions=\"0-Relocs by dR.No //ViP\",bDetected=1),result()}meta(\"converter\",\"EXE2COM\")" }, { "path": "dbs_min/db/MSDOS/converter_FromBAT.1.sg", "content": "function detect(){return MSDOS.compareEP(\"e9$$$$be....bf....bb....c604..b9....fe04803c..77..c644....b80629cd21be....3c..74..8a04880743e2\")&&(sOptions=\"1991 by Clockwork Software\",bDetected=1),result()}meta(\"converter\",\"FromBAT\")" }, { "path": "dbs_min/db/MSDOS/converter_GRABBER.1.sg", "content": "function detect(){return MSDOS.compareEP(\"e9$$$$fc8cdb8cc88ed8a3....8ec3891e....8b1e....b1..d3e383c3..b44acd2173..eb\")?(sVersion=\"6.30-6.31\",sOptions=\"1991 by G. A. Monroe\",bDetected=1):MSDOS.compareEP(\"eb$$fc8cdbb8....8ed8a3....8ec3891e....8b1e....b1..d3e383c3..b44acd2172..b8\")?(sVersion=\"6.32\",sOptions=\"1991 by G. A. Monroe\",bDetected=1):MSDOS.compareEP(\"e9$$$$fc8cdb8cc88ed88ec0891e....e8\")?(sVersion=\"3.70-3.87\",sOptions=\"1991 by G. A. Monroe\",bDetected=1):MSDOS.compareEP(\"eb$$fc8cdbb8....8ed88ec3891e....a3....8b1e....b1..d3e383c3..b44acd2173..b4\")&&(sVersion=\"3.91-3.94\",sOptions=\"1991-92 by G. A. Monroe\",bDetected=1),result()}meta(\"converter\",\"GRABBER\")" }, { "path": "dbs_min/db/MSDOS/converter_com2exe.2.sg", "content": "function detect(){return MSDOS.compareEP(\"b8....50c3\")?(sVersion=\"9.50\",bDetected=1):MSDOS.compareEP(\"16179c58f6c4..74..faeb\")?(sName=\"COM -> EXE\",sOptions=\"1993 by R.Roth\",bDetected=1):MSDOS.compareEP(\"fcbe....bf....b9....f3a568....c3\")?(sVersion=\"2.1\",sOptions=\"1997 by X-HACKS Group\",bDetected=1):MSDOS.compare(\"02000000fffff0fffeff....0001f0ff1c00000000000000\",8)?(sOptions=\"by Stefan Esser\",bDetected=1):MSDOS.compare(\"040000100010f0fffeff00000001f0ff..000000\",8)?(sOptions=\"by MasterBall Systems\",bDetected=1):MSDOS.compare(\"02000000fffff0fffeff00000001f0ff1c0000000000924b\",8)?(sOptions=\"by Tnarchistic KA0T\",bDetected=1):MSDOS.compare(\"0200....fffff0fffeff00000001f0ff1c00000000000000\",8)?(sOptions=\"by Fabrice Bellard\",bDetected=1):MSDOS.compare(\"02000000fffff0fffeff00000001f0ff1c00000020202020\",8)?(sOptions=\"by cINOgEN\",bDetected=1):MSDOS.compare(\"0500aaaafffff0fffeff00000001f0ff1c00000000000000\",8)?(sOptions=\"by COMSEC\",bDetected=1):MSDOS.compare(\"0400aaaaffff0000feff00000001f0ff4000000053545542\",8)?(sOptions=\"by DblStar Software\",bDetected=1):MSDOS.compare(\"0200aaaafffff0fffeff00000001f0ff0000454c49544500\",8)?(sOptions=\"by Elite x\",bDetected=1):MSDOS.compare(\"02000010fffff0fffeff00000001f0ff1c00000000000000\",8)?(sOptions=\"by HENDRX\",bDetected=1):MSDOS.compare(\"02000000fffff0fffeff00000001f0ff1c0000004d455353\",8)?(sOptions=\"MESS /E\",bDetected=1):MSDOS.compare(\"0200aaaafffff0ff000000000001f0ff1c00000050484158\",8)?(sOptions=\"by PHaX\",bDetected=1):MSDOS.compare(\"2000aa00ffffaaaa00aa00000001f0ff0000000000000000\",8)?(sOptions=\"SCRb2e\",bDetected=1):MSDOS.compare(\"02008f0daaaaf0fffeff00000001f0ff1c0000000000524f\",8)?(sOptions=\"by Rose\",bDetected=1):MSDOS.compare(\"0200d70dfffff0fffeff00000001f0ff1c00005472696c6c\",8)?(sOptions=\"by Trills nT\",bDetected=1):MSDOS.compare(\"02000000fffff0ff000000000001f0ff1c00000000000000\",8)?(sOptions=\"UNP x\",bDetected=1):MSDOS.compare(\"04000100fffff0fffeffaaaaaa0200001c000000aa020000\",8)?(sVersion=\"1.0\",sOptions=\"Comvert\",bDetected=1):MSDOS.compare(\"18000000fffff0fffeff00000001f0ff1c00000020202020\",8)?(sOptions=\"WWPACK\",bDetected=1):MSDOS.compare(\"0200....fffff0ff648400000001f0ff1c00000000000000\",8)&&(sOptions=\"by unknown\",bDetected=1),result()}meta(\"converter\",\"com2exe\")" }, { "path": "dbs_min/db/MSDOS/cryptor_EXE-Cryptor.2.sg", "content": "function detect(){return MSDOS.compareEP(\"e9$$$$1e062e8c06....fc0e1fe8$$$$8cc9bb....83c5..5e2ead1e2e81\")?(sOptions=\"1993-1995 by Rolle&Schild\",bDetected=1):MSDOS.compareEP(\"e9$$$$1e062e8c06....fc0e1ffa8bec8c4e..c746......fe0e\")?(sOptions=\"1993 by Rolle&Schild\",bDetected=1):MSDOS.compareEP(\"e9$$$$1e062e8c06....fc0e1ffa8bec8c4e..c746......fe0e....f972..ba....0e1fbb....8b0e\")?(sOptions=\"1992 by RKT-LANDMARK\",bDetected=1):MSDOS.compareEP(\"e9$$$$1e062e8c06....fc0e1f8926....8306......fa8c0e....fe0e....f972..ba....0e1fbb\")&&(sOptions=\"by RKT-LANDMARK\",bDetected=1),result()}meta(\"cryptor\",\"EXE-Cryptor\")" }, { "path": "dbs_min/db/MSDOS/cryptor_TUCCRYP.2.sg", "content": "function detect(){return MSDOS.compareEP(\"eb$$2e8c06....8cca8ec28edab4..ba....cd218cda2ea1....2bd08edabb....2e8b0e....b2..51b9....8a0732c28807fec280\")?(sVersion=\"2+\",sOptions=\"George Stark\",bDetected=1):MSDOS.compareEP(\"eb$$2e8c06....8cca8ec28edab4..ba....cd218cda2ea1....2bd08edabb....2ea1....ba....f7e28bc8\")&&(sName=\"TUC cryPack\",sVersion=\"1.0\",sOptions=\"George Stark\",bDetected=1),result()}meta(\"cryptor\",\"TUCCRYP\")" }, { "path": "dbs_min/db/MSDOS/cryptor_deep-CRyPTer.2.sg", "content": "function detect(){return MSDOS.compareEP(\"..E9....E8....598BE981......81......BE....8D......66....66....8D......8BD78BDF\")&&(sVersion=\"0.1c\",bDetected=1),result()}meta(\"cryptor\",\"deep-CRyPTer\")" }, { "path": "dbs_min/db/MSDOS/dos_extender.0a.sg", "content": "function detect(){return MSDOS.compareEP(\"0e1f8cc6b4..50bb....cd2173..58cd2172..03de8bebb8....cd21065356b8....cd2f0bc075\")?(sVersion=\"1991\",bDetected=1):MSDOS.compareEP(\"0e1f06b4..50bb....cd2173..58cd2172..8cc003d88bebb8....cd210653b8....cd2f0bc075\")&&(sVersion=\"1992\",bDetected=1),result()}meta(\"extender\",\"dos extender by Doug Huffman\")" }, { "path": "dbs_min/db/MSDOS/dos_extender1.0a.sg", "content": "function detect(){return MSDOS.compareEP(\"fafc0e1fe8....8cc0660fb7c066c1e0..6667a3........66b8........66c1e0..6667a3........66670905........66670905\")&&(sVersion=\"1994 by TRAN (Thomas Pytel)\",bDetected=1),result()}meta(\"extender\",\"DOS protected mode extender\")" }, { "path": "dbs_min/db/MSDOS/dos_extender2.0a.sg", "content": "function detect(){return MSDOS.compareEP(\"bc....bb....438cc02bd8b4..cd2173..9a........0e1feb\")?(sVersion=\"1986-90 by Ergo Computing, Inc.\",bDetected=1):MSDOS.compareEP(\"b8....8ed0bc....bb....8cc02bd843b4..cd21b8....8ed8c606......b8....8ed88cc0a3\")&&(sVersion=\"1986-91 by Ergo Computing, Inc.\",bDetected=1),result()}meta(\"extender\",\"DOS extender\")" }, { "path": "dbs_min/db/MSDOS/extender_Blinker.0a.sg", "content": "function detect(){return MSDOS.isNE()?MSDOS.compare(\"'BLINKER'\",MSDOS.getBaseOffset(24))&&(bDetected=1,0<(nOffset=MSDOS.getNEOffset(-4608)))&&-1!=(nOffset=MSDOS.findString(nOffset,4608,\"Blinker \"))&&(sVersion=MSDOS.getString(nOffset+8,4)):(MSDOS.compareEP(\"e8$$$$558bec5053515256571e06fc8cc88ed8e8....bf....8845..8c\")||MSDOS.compareEP(\"e8$$$$1e06fc8cc88ed8e8....bf....8845..8c1e....c41e....891d\"))&&(bDetected=1),result()}meta(\"extender\",\"Blinker\")" }, { "path": "dbs_min/db/MSDOS/extender_CWSDPMI.0a.sg", "content": "function detect(){return MSDOS.compareEP(\"8b2e....ba....8eda8c06....2bea8b3e....81c7....b1..d3ef473bef72..bf....3bef77..8bfd8bdfd3e7\")?(sVersion=\"0.90+ (r4)\",sOptions=\"1997 by Charles W. Sandmann\",bDetected=1):MSDOS.compareEP(\"e8$$$$8b2e....ba....8eda8c06....2bea8b3e....81c7....b1..d3ef473bef72..bf....3bef77..8bfd8bdfd3e7\")?(sVersion=\"0.90+ (6b)\",sOptions=\"2001 by Charles W. Sandmann\",bDetected=1):MSDOS.compareEP(\"ba....8eda8cd32bdac1e3..8ed203e38c06....fcb430cd213c0373..b0..ba....e9\")&&(sName+=\" (ELFstub)\",sVersion=\"1.00\",bDetected=1),result()}meta(\"extender\",\"CWSDPMI\")" }, { "path": "dbs_min/db/MSDOS/extender_CauseWay_DOS_Extender.6.sg", "content": "function detect(){return MSDOS.compareEP(\"fa161f26a1....83e8..8ed0fb061607be....8bfeb9....f3a407368c......8bd88cca3603......368b......fd8bc53d....76\")?(sVersion=\"3.1X-3.4X\",bDetected=1):MSDOS.compareEP(\"eb$$8be88cc60e1f8cc005....0106....b8....cd213c..73..b8....cd21803e......74..8cc005....0306....268b16....3bc273..8ec0a1....33ff\")&&(sVersion=\"2.64, 3.25\",bDetected=1),result()}meta(\"extender\",\"CauseWay DOS Extender\")" }, { "path": "dbs_min/db/MSDOS/extender_DOS32.0a.sg", "content": "function detect(){return MSDOS.compareEP(\"0e1ffc9c5b8bc380f4..509d9c583ae775..ba....b409cd21b44ccd218c06....26a1....a3\")?(sVersion=\"3.3\",sOptions=\"1995 by Adam Seychell\",bDetected=1):MSDOS.compareEP(\"0e1f068c06....26a1....a3....8ec06633ff6633c96649fc32c0f2ae26380575..83c7\")?(sVersion=\"3.0\",sOptions=\"by Adam Seychell\",bDetected=1):MSDOS.compareEP(\"0e1ffc9c5b8bc380f4..509d9c5838fc75..ba....b409cd21b44ccd21\")&&(sVersion=\"3.5c rev6\",sOptions=\"1995 by Adam Seychell\",bDetected=1),result()}meta(\"extender\",\"DOS32\")" }, { "path": "dbs_min/db/MSDOS/extender_DOS4G.0a.sg", "content": "function detect(){return MSDOS.isSignaturePresent(0,Math.min(1024,MSDOS.getSize()),\"'DOS/4G'\")?bDetected=1:(MSDOS.isSignaturePresent(0,Math.min(1024,MSDOS.getSize()),\"'DOS4GW'\")||MSDOS.isSignaturePresent(MSDOS.getNEOffset()-1024,1024,\"'dos4gw'\"))&&(sName+=\"W\",bDetected=1),result()}meta(\"extender\",\"DOS/4G\")" }, { "path": "dbs_min/db/MSDOS/extender_DOSX16.0a.sg", "content": "function detect(){return MSDOS.compareEP(\"eb$$b430cd213c0372..b8....ba....2bc2268b1e....2bd8b1..d3e08bc881fb....72..1e068eda8ec333f6\")?bDetected=1:MSDOS.compareEP(\"eb$$b430cd213c0372..b8....ba....2bc2268b1e....81eb....2bd8b1..d3e08bc881fb....72..1e068eda8ec333f6\")?(sVersion=\"type 1\",sOptions=\"CodeView\",bDetected=1):MSDOS.compareEP(\"eb$$b430cd213c0372..e8$$$$56571e060e1fb8....cd213c0372..77..80fc..72..b452cd2126a1....3d\")?(sVersion=\"type 2\",sOptions=\"CodeView\",bDetected=1):MSDOS.compareEP(\"eb$$8cc8fa8ed0bc....fb0e1f8c06....c406....a3....8c06....e8....b8....b1..d3e805....a3....e8\")?(sVersion=\"type 3\",sOptions=\"CodeView\",bDetected=1):MSDOS.compareEP(\"eb$$b8....8ed88c06....8ed0bc....50bb....b44acd21588ec0\")&&(sVersion=\"type 4\",bDetected=1),result()}meta(\"extender\",\"DOSX16\")" }, { "path": "dbs_min/db/MSDOS/extender_EMX.0a.sg", "content": "function detect(){return MSDOS.compareEP(\"b8....8ed88c06....e8....e8....e8....e8\")?(sVersion=\"0.8f-0.9d\",bDetected=1):MSDOS.compareEP(\"b8....8ed88cd88ed0bc....e8....3c..72..26a1\")&&(sVersion=\"0.8f\",bDetected=1),result()}meta(\"extender\",\"EMX DOS Extender\")" }, { "path": "dbs_min/db/MSDOS/extender_Go32Stub.0a.sg", "content": "function detect(){return MSDOS.compareEP(\"0e1f8c1e....8c06....fcb430cd21\")?(sVersion=\"2.0\",bDetected=1):(MSDOS.compareEP(\"68....1fbd....9081ed....8c06....fcb430cd21\")||MSDOS.compareEP(\"ba....8eda8cd32bdac1e3..8ed203e3bd....81ed....8c06....fcb430cd21\")||MSDOS.compareEP(\"fc0e1fb4..bb....b9....ba....cd21061e07bf....b9....30c0f3aa07e9\"))&&(sVersion=\"2.02T\",bDetected=1),result()}meta(\"extender\",\"Go32Stub DOS-Extender\")" }, { "path": "dbs_min/db/MSDOS/extender_PMODE.0a.sg", "content": "function detect(){return MSDOS.compare(\"'PMODE/W v'\",85)?(sVersion=MSDOS.getString(94,4),bDetected=1):MSDOS.compareEP(\"fc1607bf....8bf757b9....f3a5061e071f5fbe....060ea4ad8be8b2..1eb8....50cb\")&&(sVersion=\"1.12-1.33\",sOptions=\"1994-1997 by Daredevil and Tran.\",bDetected=1),result()}meta(\"extender\",\"PMODE/W\")" }, { "path": "dbs_min/db/MSDOS/extender_PRO32.0a.sg", "content": "function detect(){return MSDOS.compareEP(\"e8$$$$8cc82ea3....fa6633f68eeeb8....8ed8b9....66658b0466890483c6..e2..6633c0bb\")&&(sVersion=\"1.7\",sOptions=\"1996-99 by Dieter Pawelczak\",bDetected=1),result()}meta(\"extender\",\"PRO32 Protected Mode DOS Extender\")" }, { "path": "dbs_min/db/MSDOS/extender_RSX.0a.sg", "content": "function detect(){return MSDOS.compareEP(\"8cc2b8....8ed88ec08ed0bc....8916....e8....b44ccd21\")&&(bDetected=1),result()}meta(\"extender\",\"RSX DPMI DOS Extender\")" }, { "path": "dbs_min/db/MSDOS/extender_Stub-386.0a.sg", "content": "function detect(){return MSDOS.compareEP(\"0e1f8c06....b430cd213c..73..b8....eb..c606......c606......c606......c606......9a\")&&(sOptions=\"1997 by LADsoft\",bDetected=1),result()}meta(\"extender\",\"Stub-386 DPMI DOS Extender\")" }, { "path": "dbs_min/db/MSDOS/extender_TMTSTUB.0a.sg", "content": "function detect(){return MSDOS.compareEP(\"b462cd218bc38ccb538edb8c0e....8c0e....8c0e....2bd8bd....03ddc1e5..b44acd2173..ba....e9\")&&(sVersion=\"0.31\",sOptions=\"32bit WDOSX-based DOS-extender and loader by Rustam Gadeyev\",bDetected=1),result()}meta(\"extender\",\"TMTSTUB DOS Extender\")" }, { "path": "dbs_min/db/MSDOS/extender_WDOSX.0a.sg", "content": "function detect(){return MSDOS.compare(\"'WDOSX'\",52)&&(sVersion=MSDOS.getString(58,4),sOptions=\"1996-1999 by Michael Tippach\",bDetected=1),result()}meta(\"extender\",\"WDos/X\")" }, { "path": "dbs_min/db/MSDOS/extender_WDOSX32.0a.sg", "content": "function detect(){return MSDOS.compareEP(\"bc....fcbf....ba....e8....b8....abe8....ba....e8....b0..aabe....bf....89faac3c..75..e8....57444f53584c45\")&&(bDetected=1),result()}meta(\"extender\",\"WDOSX32\")" }, { "path": "dbs_min/db/MSDOS/extender_XMLOD.0a.sg", "content": "function detect(){return MSDOS.compareEP(\"8cd805....8ed88ed0bc....90908d06....ffd0\")?(sOptions=\"1991 by IGC, Inc.\",bDetected=1):MSDOS.compareEP(\"fa8cd805....8ed88ed0bc....90908d1e....c1eb..03c333f6268b5c\")&&(sVersion=\"1992\",bDetected=1),result()}meta(\"extender\",\"XMLOD DOS-Extender\")" }, { "path": "dbs_min/db/MSDOS/extender_Xtender.0a.sg", "content": "function detect(){return MSDOS.compareEP(\"0e1fe8$$$$e8$$$$b8....9c5b80e7..539d9c5980e5..80fd..74..4080cf..539d9c5980e5..74..40668bdc66\")&&(sVersion=\"1.04.36037\",sOptions=\"by vyc/sophtXS\",bDetected=1),result()}meta(\"extender\",\"Xtender DOS Extender\")" }, { "path": "dbs_min/db/MSDOS/immunizer_CPAV.1.sg", "content": "function detect(){return MSDOS.compareEP(\"e8$$$$5b81eb....50515256578beb1e2ec6........268e......061fb9....bf....8bc7eb\")&&(sVersion=\"1992-1993\",bDetected=1),result()}meta(\"immunizer\",\"Central Point Anti-Virus\")" }, { "path": "dbs_min/db/MSDOS/immunizer_F-XLOCK.1.sg", "content": "function detect(){return MSDOS.compareEP(\"505050535152561e8bdc8cd805....368947..36c747......8e1e....33db8b07433d....74..75..43833f..75..4343\")&&(sVersion=\"1.16\",bDetected=1),result()}meta(\"immunizer\",\"F-XLOCK\")" }, { "path": "dbs_min/db/MSDOS/immunizer_Oyster.1.sg", "content": "function detect(){return MSDOS.compareEP(\"061e55565752515350e8$$$$508cc805....8ed858c3\")&&(sVersion=\"3.01 1991-95 by BEST\",bDetected=1),result()}meta(\"immunizer\",\"Oyster\")" }, { "path": "dbs_min/db/MSDOS/immunizer_PGPROT.1.sg", "content": "function detect(){return MSDOS.compareEP(\"e9$$$$2ea3....2e8c1e....2e8c06....0e1f8cc00106....0106....26ff36....0732c033ffb9....f2ae26803d..75..47\")&&(bDetected=1),result()}meta(\"immunizer\",\"PGPROT Antivirus Vaccine\")" }, { "path": "dbs_min/db/MSDOS/immunizer_Palladix.1.sg", "content": "function detect(){return MSDOS.compareEP(\"2e8c1e....b8....cd2172..3c..72..b8....cd218cc08ed88bd3b8....cd218cc88ed8b8....ba....cc8cc88ed88ec0be....8bfe\")&&(bDetected=1),result()}meta(\"immunizer\",\"Palladix Virus Protector\")" }, { "path": "dbs_min/db/MSDOS/immunizer_TTW.1.sg", "content": "function detect(){return MSDOS.compareEP(\"ab33c08bd88bc889c28bf889c6db52..e9\")&&(sOptions=\"1994-95 by TTW Inc.\",bDetected=1),MSDOS.compareEP(\"d88b....c2....89c6071fcb\")&&(sOptions=\"1994-95 by TTW Inc.\",bDetected=1),result()}meta(\"immunizer\",\"TTW\")" }, { "path": "dbs_min/db/MSDOS/joiner_TurboChainer.1.sg", "content": "function detect(){return MSDOS.compareEP(\"ba....8eda8cd32bdad1e3d1e3d1e3d1e3fa8ed203e3fbb8....8ed81efc8d06....83c0..501ebe....8cc08ed8075f8b0c32ed5146f3a4591f\")&&(sVersion=\"1.03\",bDetected=1),result()}meta(\"joiner\",\"TurboChainer\")" }, { "path": "dbs_min/db/MSDOS/joiner_V-Load.1.sg", "content": "function detect(){return MSDOS.compareEP(\"33f62ef606......74..0e588bd881e3....75..b1..d3e02bf0d3ee065b0e582bc3b1..bb....8bd3d3eb81e2\")&&(sVersion=\"0.9c1\",bDetected=1),result()}meta(\"joiner\",\"V-Load\")" }, { "path": "dbs_min/db/MSDOS/library_ParsecCollection.1.sg", "content": "function detect(){return MSDOS.compareOverlay(\"0D0A41205041525345432050726F64756374696F6E\")&&(sOptions=\"EOF\",bDetected=1),result()}meta(\"library\",\"Parsec Collection\")" }, { "path": "dbs_min/db/MSDOS/loader_32stub.0a.sg", "content": "function detect(){return MSDOS.compareEP(\"8cc88ed88c1e....8c06....8c06....8c06....8bdc83c3..d1ebd1ebd1ebd1eb8cd003d82b1e....b8....cd21\")&&(sOptions=\"by Borland\",bDetected=1),result()}meta(\"loader\",\"32stub for PE files\")" }, { "path": "dbs_min/db/MSDOS/mbp_SHRINK.2.sg", "content": "function detect(){return MSDOS.compareEP(\"061e508cc005....2e0106....2e0106....8bd02e0306....2ea3....2e8b3e....8ed80355..8955..8b3d0bff74\")&&(sOptions=\"by mbp Software & Systems\",bDetected=1),result()}meta(\"packer\",\"mbp SHRINK\")" }, { "path": "dbs_min/db/MSDOS/other_AutoHack.1.sg", "content": "function detect(){return MSDOS.compareEP(\"0e1fb409ba....cd21fa8e06....be....8b0e....83f9..74..fdd1e1\")&&(bDetected=1),result()}meta(\"other\",\"AutoHack addition\")" }, { "path": "dbs_min/db/MSDOS/other_Coderunner.1.sg", "content": "function detect(){return MSDOS.compareEP(\"e9$$$$e8$$$$fc5e8cdaa1....bd....8edd8ec5a3....b9....bf....2bcf33c02ea3....41d1e9f3ab8916\")||MSDOS.compareEP(\"e9$$$$e8$$$$fc5e8cda8b1e....bd....8edd8ec5b9....bf....2bcf33c02ea3....41d1e9f3ab891e\")?(sOptions=\"1989 by Micro Systems Software, Inc.\",bDetected=1):MSDOS.compareEP(\"e9$$$$e8$$$$fc5e8cdaa1....bd....8edd8ec5a3....b9....bf....2bcf33c02ea3....d1e9f3ab8916\")&&(sOptions=\"1992 by OP\",bDetected=1),result()}meta(\"other\",\"CodeRunneR\")" }, { "path": "dbs_min/db/MSDOS/other_DemoMaker.2.sg", "content": "function detect(){return MSDOS.compareEP(\"be....ad8ed833f6b8....8ec0bf....b9....ac3c..75..3a0474..e2..b8....8ed8b409ba....cd21b8....cd21\")&&(sVersion=\"1.55\",sOptions=\"1993-94 by R.Janorkar\",bDetected=1),result()}meta(\"other\",\"DemoMaker\")" }, { "path": "dbs_min/db/MSDOS/overlay_overlays.6.sg", "content": "function detect(){if(MSDOS.compareOverlay(\"....'-lh'..2d\")||MSDOS.compareOverlay(\"....'-lz'..2d\"))switch(sName=\"LHA archive\",MSDOS.readByte(MSDOS.getOverlayOffset()+5)){case 48:case 49:case 50:case 51:case 52:case 53:case 54:case 100:case 115:bDetected=1}else MSDOS.compareOverlay(\"60ea\")?(sName=\"ARJ archive\",bDetected=1):MSDOS.compareOverlay(\"'ZOO'............'Archive'\")?(bDetected=1,sName=\"ZOO archive\"):MSDOS.compareOverlay(\"4c0103\")?(bDetected=1,sName=\"COFF executable\"):MSDOS.compareOverlay(\"0101'Aladdin'\")?(sName=\"Self UnStuffit data\",sVersion=\"1.1\",sOptions=\"by Aladdin Systems, Inc.\",bDetected=1):MSDOS.compareOverlay(\"7f'ELF'010101\")?(sName=\"ELF executable\",bDetected=1):MSDOS.compareOverlay(\"................'BSA'\")?(sName=\"BSN archive\",bDetected=1):MSDOS.compareOverlay(\"'W4'\")?(sName=\"W4 executable\",bDetected=1):MSDOS.compareOverlay(\"fef2fc\")?(sName=\"FOXPRO archive\",bDetected=1):MSDOS.compareOverlay(\"'SXD'00\")?(sName=\"Sydex archive\",bDetected=1):MSDOS.compareOverlay(\"'RS'000102\")?(sName=\"GamBit Pro Library archive\",bDetected=1):MSDOS.compareOverlay(\"'PK'0304\")&&(sName=\"ZIP archive\",bDetected=1)\nreturn result()}meta(\"overlay\",\"\")" }, { "path": "dbs_min/db/MSDOS/packer_32LiTe.2.sg", "content": "function detect(){return MSDOS.compareEP(\"1E060E1F0E07BE....BF....8BCFFC57F3A48CC80106....C333FF\")&&(bDetected=1),result()}meta(\"packer\",\"32LiTe\")" }, { "path": "dbs_min/db/MSDOS/packer_AINEXE.2.sg", "content": "function detect(){return MSDOS.compareEP(\"a1....2d....8ed0bc....8cd836a3....05....36a3....2ea1....8ad4b1..d2eafec9d3e08cd336\")?(sVersion=\"2.1\",bDetected=1):MSDOS.compareEP(\"0e07b9....be....33fffcf3a4a1....2d....8ed0bc....8cd836......05....36......2e\")?(sVersion=\"2.3\",bDetected=1):MSDOS.compareEP(\"a1....2d....8ed0bc....8cd836a3....05....36a3....2ea1....8ad4b1..d2ead3e08cd3368b2e....2e032e....fdfeca\")&&(sVersion=\"2.22\",bDetected=1),result()}meta(\"packer\",\"AINEXE\")" }, { "path": "dbs_min/db/MSDOS/packer_AVPACK.2.sg", "content": "function detect(){return MSDOS.compareEP(\"501E0E1F160733F68BFEB9....FCF3A506BB....53CB\")?(sVersion=\"1.20\",bDetected=1):(MSDOS.compareEP(\"EB$$501E0E1F160733F68BFEB9....FCF3A506BB....53CB\")||MSDOS.compareEP(\"e9$$$$8cda0316....8bda0316....3b16....76..ba....b409cd21cd208cd28bccfa8ed3bc....fb5251501e53b8\"))&&(bDetected=1),result()}meta(\"packer\",\"AVPACK\")" }, { "path": "dbs_min/db/MSDOS/packer_Amisetup.1.sg", "content": "function detect(){return MSDOS.compareEP(\"b8....50b8....501e8cc88ed8e8$$$$9c5b81e3....539d9c5b81e3....81fb....74..c3\")&&(sOptions=\"by Robert Muchsel\",bDetected=1),result()}meta(\"packer\",\"Amisetup loader\")" }, { "path": "dbs_min/db/MSDOS/packer_COMPACK.2.sg", "content": "function detect(){return MSDOS.compareEP(\"BE....E8....5D83....55505351520E070E1F8BCE\")?(sVersion=\"4.5\",bDetected=1):MSDOS.compareEP(\"BD....50068CCB03DD8CD24B8EDBBE....BF....8EC2B9....F3A54A4D75\")&&(sVersion=\"5.1\",bDetected=1),result()}meta(\"packer\",\"COMPACK\")" }, { "path": "dbs_min/db/MSDOS/packer_CRYPACK.2.sg", "content": "function detect(){return MSDOS.compareEP(\"EB..061E8CD805....8ED833DB0E0733FFBE....8A0726....32C48807473BFE\")&&(sVersion=\"3.0\",bDetected=1),result()}meta(\"packer\",\"CRYPACK\")" }, { "path": "dbs_min/db/MSDOS/packer_Compress-EXE.2.sg", "content": "function detect(){return MSDOS.compareEP(\"9c508cdb53530e1f83c3..33ff8ec38bd3015d..015d..b9....be....fc32e4ac3c..77\")&&(sVersion=\"1.0\",sOptions=\"1990 by W.ZhongHua\",bDetected=1),result()}meta(\"packer\",\"Compress-EXE\")" }, { "path": "dbs_min/db/MSDOS/packer_DIET.2.sg", "content": "function detect(){return MSDOS.compareEP(\"BF....3BFC72..B44CCD21BE....B9....FDF3A5FC\")?(sVersion=\"1.00/1.00d\",bDetected=1):MSDOS.compareEP(\"FC061E0E8CC801......BA....03............................00000000\")?(sVersion=\"1.00d\",bDetected=1):MSDOS.compareEP(\"fc061e0e8cc80106....ba....03c28bd805....8edb8ec033f633ffb9....f3a54b484a79..8ec38ed8be....ad8be8b2..ea\")?(sVersion=MSDOS.compareEP(\"64\",55)?\"1.10a/1.20\":\"1.00\",bDetected=1):MSDOS.compareEP(\"BE....BF....B9....3BFC72..B44CCD21FDF3A5FC\")?(sVersion=\"1.02b/1.10a/1.20\",bDetected=1):MSDOS.compareEP(\"F89C061E5756525153500EFC8CC8BA....03D052\")?(sVersion=\"1.44/1.45f\",bDetected=1):MSDOS.compareEP(\"F99CEB$$061e5756525153500efc8cc82e0106....ba....03c28bd805....8edb8ec033f633ff\")?(sVersion=\"1.43/1.44\",bDetected=1):MSDOS.compareEP(\"F99CEB$$061e5756525153500efc8cc8ba....03d052ba....52ba....03c28bd805....8edb\")?(sVersion=\"1.45f\",bDetected=1):MSDOS.compareEP(\"061e0efc8cc80106....ba....03c28bd805....8edb8ec033f633ffb9....f3a54b484a79\")?(sVersion=\"1.44b\",bDetected=1):MSDOS.compareEP(\"bd....1e068ccb03dd8cd24b8edbbe....bf....8ec2b9....f3a54a4d\")&&(sVersion=\"1.45d\",bDetected=1),result()}meta(\"packer\",\"DIET\")" }, { "path": "dbs_min/db/MSDOS/packer_DSHIELD.2.sg", "content": "function detect(){return MSDOS.compareEP(\"06E8....5E83EE..16179C58B9....25....2E\")&&(bDetected=1),result()}meta(\"packer\",\"DSHIELD\")" }, { "path": "dbs_min/db/MSDOS/packer_DexEXE.2.sg", "content": "function detect(){return MSDOS.compareEP(\"8b2e....2e8c0e....2e8c0e....83ed..8ed5bc....501eba....f91bea8ec58cc805....8ed80e06fc33f68bfe8adeb1..d3e2d2ebb8....74..b9....f3a5\")&&(sVersion=\"2.1\",sOptions=\"by Kaljevic Dejan\",bDetected=1),result()}meta(\"packer\",\"DexEXE\")" }, { "path": "dbs_min/db/MSDOS/packer_EXECUTRIX.2.sg", "content": "function detect(){return MSDOS.compareEP(\"e9$$$$0e1fa3....8c1e....8c1e....268b......89......8ccbb8....05....05....2bc3a3....8cd01e5b2bc3a3....b430cd21\")&&(sOptions=\"by Knowledge Dynamics Corp\",bDetected=1),result()}meta(\"packer\",\"EXECUTRIX-COMPRESSOR\")" }, { "path": "dbs_min/db/MSDOS/packer_EXEPACK.2.sg", "content": "function detect(){if(MSDOS.compareEP(\"8cc005....0e1fa3....0306....8ec08b0e....8bf94f8bf7fdf3a4\")){switch(MSDOS.readByte(18)<<8|MSDOS.readByte(20)){case 16:sVersion=\"3.65\"\nbreak\ncase 39184:sVersion=\"4.00\"\nbreak\ncase 5392:sVersion=\"4.03\"\nbreak\ncase 18:case 274:sVersion=\"4.06\"\nbreak\ncase 20:case 11536:case 31760:sVersion=\"4.00 - 4.06\"\nbreak\ncase 33808:sVersion=\"4.0x (possibly)\"}bDetected=1}else MSDOS.compareEP(\"428cc005....0e1fa3....0306....8ec08b0e....8bf94f8bf7fdf3a4\")||MSDOS.compareEP(\"..52428be88cc005....0e1fa3....0306....8ec0..0e....8bf94f8bf7fdf3a4\")?(0==MSDOS.readByte(18)&&16==MSDOS.readByte(20)&&(sVersion=\"3.65\"),bDetected=1):MSDOS.compareEP(\"8be88cc0......0e1fa3....0306....8ec08b0e........4f8bf7fdf3a4\")?(16==MSDOS.readByte(20)?sVersion=\"3.69\":0==MSDOS.readByte(18)&&18==MSDOS.readByte(20)&&(sVersion=\"5.31.009\"),bDetected=1):MSDOS.compareEP(\"8be88cc0......0e1fa3....0306....06b8....06008b....8bf7fdf3a450b8....50cb\")?(sVersion=\"5.31.009\",bDetected=1):MSDOS.compareEP(\"8bc6f7d0d3e88cda2bd073..8cd82bd2d3e003f08eda8bc7\")&&(sVersion=\"3.65\",bDetected=1)\nreturn result()}meta(\"packer\",\"EXEPACK\")" }, { "path": "dbs_min/db/MSDOS/packer_ExeLITE.2.sg", "content": "function detect(){return MSDOS.compareEP(\"fc8cc80106....ba....03c28bd805....8edb8ec033ff33f6b9....f3a5484b4a75..8ec38ed8be\")?(sVersion=\"1.00\",bDetected=1):MSDOS.compareEP(\"b8....bb....0e5a03c20e5053cb\")&&(bDetected=1),result()}meta(\"packer\",\"ExeLITE\")" }, { "path": "dbs_min/db/MSDOS/packer_LGLZ.2.sg", "content": "function detect(){return MSDOS.compareEP(\"fc1e060e8cc80106....ba....03c28bd805....8edb8ec033f633ffb9....f3a54b484a79..8ec38ed8be....ad95b2..ea\")&&(sVersion=\"1.04\",sOptions=\"by G.Lyapko\",bDetected=1),result()}meta(\"packer\",\"LGLZ\")" }, { "path": "dbs_min/db/MSDOS/packer_LZEXE.2.sg", "content": "function detect(){return MSDOS.compareEP(\"060e1f8b0e....8bf14e89f78cdb03......8ec3fdf3a453b8....50cb\")?(sVersion=\"0.91, 1.0\",bDetected=1):MSDOS.compareEP(\"060e1f8b0e....8bf14e89f78cdb03......8ec3b4..31edfdac01c5aae2\")?(sVersion=\"0.90\",bDetected=1):MSDOS.compareEP(\"50060e1f8b0e....8bf14e89f78cdb03......8ec3fdf3a453b8....50cb\")||MSDOS.compareEP(\"50060e1f8b36....83e6..8bfe8bced1e9418cdb031e....8ec3fdf3a553b8....50cb\")?(sVersion=\"0.91c\",bDetected=1):MSDOS.compareEP(\"50060e1f8b0e....8bf14e8cdb89f703......8ec3fdf3a4b8....5350cb\")?(sVersion=\"0.91\",sOptions=\"1990\",bDetected=1):MSDOS.compareEP(\"0e1f068b0e....8bf14e89f78cdb031e....8ec3fdf3a453b8....50cb\")?(sVersion=\"1.0\",bDetected=1):MSDOS.compareEP(\"0e1f8b0e....89ce504e8cdb0689f7031e....fd8ec3f3a453b8....50cb\")?(sVersion=\"?.?\",bDetected=1):MSDOS.compareEP(\"060e1f8b0e....8bf14e8bfe8cdb031e....8ec3fdf3a453b8....50cb\")||MSDOS.compareEP(\"060e1f8b0e....8bf14e89f78cdb031e....fd8ec3f3a453b8....50cb\")?(sVersion=\"1.0a\",bDetected=1):MSDOS.compareEP(\"8cd805....2e0106....2eff2e\")&&(sVersion=\"1.00a\",sOptions=\"suspicious, look like a trick\",bDetected=1),result()}meta(\"packer\",\"LZEXE\")" }, { "path": "dbs_min/db/MSDOS/packer_MSLite.1.sg", "content": "function detect(){return MSDOS.compareEP(\"538cd315....8beceb$$b8....ffe0\")&&(sVersion=\"2.3\",sOptions=\"1998 by A.Cheng //Mercury Soft\",bDetected=1),result()}meta(\"packer\",\"MSLite\")" }, { "path": "dbs_min/db/MSDOS/packer_Optlink.2.sg", "content": "function detect(){return MSDOS.compareEP(\"87c0eb$$fc8c..83c2..5216070e1f0116....0116....33f633ffb9....f3a506b8....50cb\")||MSDOS.compareEP(\"87c006571e56525153509cfc8cc283c2..16070e1f0116....0116....33f633ffb9....f3a506b8....50bd....cb\")||MSDOS.compareEP(\"87c0eb$$8cda83c2..5216070e1f0116....0116....33f633ffb9....f3a506b8....50cb\")||MSDOS.compareEP(\"87c0fc8cda83c2..16070e1f0116....0116....33f633ffb9....f3a506b8....50bd....cb\")?(sVersion=\"1.0\",bDetected=1):MSDOS.compareEP(\"87c0555657525153509cfc8cda83c2..16070e1f0116....0116....33f633ffb9....f3a506b8....50bd....cb\")?(sOptions=\"prepacked\",sVersion=\"1.0\",bDetected=1):MSDOS.compareEP(\"bf....8edffa8ed781c4....fbb430cd21a2....8826....3c..73..8d16....b409cd2133c05006cb\")?(sVersion=\"1.0\",bDetected=1):MSDOS.compareEP(\"87c08cda83c2..16070e1f0116....0116....33f633ffb9....f3a506b8....50bd....cb\")&&(bDetected=1),result()}meta(\"packer\",\"Optlink\")" }, { "path": "dbs_min/db/MSDOS/packer_PGMPAK.2.sg", "content": "function detect(){return MSDOS.compareEP(\"fa1e1750b430cd213c..73..b44ccd21fcbe....bf....e8....e8....bb....ba....8ac38bf3\")&&(sVersion=\"0.13\",bDetected=1),MSDOS.compareEP(\"1e1750b430cd213c..73..b44ccd21fcbe....bf....e8....e8....bb....ba....8ac38bf3\")&&(sVersion=\"0.15\",bDetected=1),result()}meta(\"packer\",\"PGMPAK\")" }, { "path": "dbs_min/db/MSDOS/packer_PKEXE.2.sg", "content": "function detect(){return MSDOS.compareEP(\"fa50535152565755061e8cc88bd88ed80106....0106....0306....33f68ec006e8\")&&(sOptions=\"1994 by D.Usov\",bDetected=1),result()}meta(\"packer\",\"PKEXE\")" }, { "path": "dbs_min/db/MSDOS/packer_PKLITE.2.sg", "content": "function detect(){var e\nreturn MSDOS.compare(\"'PKLITE'\",30)||MSDOS.compare(\"'PKlite'\",30)?(e=MSDOS.readByte(29),sVersion=(7&e)+\".\"+(\"0\"+MSDOS.readByte(28)).slice(-2),8&e&&(sOptions=\"Extra compression\"),16&e&&(sOptions=sOptions.append(\"Multi-segment file\")),bDetected=1):MSDOS.compareEP(\"1FB409BA....CD21B8....CD21\")?(sVersion=\"1.50\",sOptions=\"CRC check\",bDetected=1):MSDOS.compareEP(\"50B8....BA....05....3B060200\")?(sVersion=\"1.50\",bDetected=1):MSDOS.compareEP(\"B8....BA....05....3B060200\")?(sVersion=\"1.12-1.13\",bDetected=1):MSDOS.compareEP(\"b8....ba....05....2d....fa8ed0fb2d....8ec050b9....33ff57be....fc565706518cc88ec0\")?(sVersion=\"1.12\",sOptions=\"extra compression\",bDetected=1):MSDOS.compareEP(\"ba....b8....05....3B06....73..2d....fa8ed0fb2d....8ec050b9....33ff57be....fcf3a5cb\")||MSDOS.compareEP(\"b8....05....3B06....72..cd20b9....2d....8ed02d....8ec006ba....be....33ff571e571feb\")?(sVersion=\"1.1X\",bDetected=1):MSDOS.compareEP(\"B8....BA....3bc473..8bc42d....25....8bf8b9....be....fcf3a58bd8b1..d3eb8cd903d95333db53cb\")?(sVersion=\"1.12, 1.20\",bDetected=1):MSDOS.compareEP(\"50532b06....0a06....8b1e....5b58b8....ba....8cdb03d83b1e....73..83eb..fa8ed3bc....fb\")?(sVersion=\"1.05\",bDetected=1):MSDOS.compareEP(\"8cd805....ba....903b06....72..b409ba....cd21cd20\")?(sVersion=\"1.15\",bDetected=1):MSDOS.compareEP(\"B8....BA....8cdb03d83b1e....73..83eb..fa8ed3bc....fb83eb..8ec353b9....33ff57be....fcf3a5cb\")?(sVersion=\"1.03-1.05\",bDetected=1):MSDOS.compareEP(\"B8....BA....8cdb03d83b1e....73..83eb..fa8ed3bc....fb83eb..908ec353b9....33ff57be....90fcf3a5cb\")?(sVersion=\"1.03\",sOptions=\"type 2\",bDetected=1):MSDOS.compareEP(\"2e8c1e....8b1e....8cda81c2....3bda72..81eb....83eb..fa8ed3bc....fbfdbe....8bfe8ccab9....03d1\")?(sVersion=\"1.00c\",bDetected=1):MSDOS.compareEP(\"b8....ba....3b06....73..2d....8ed02d....518ec050b9....33ff57be....fcf3a5\")&&(sName+=\" [hacked] by Shay Lev Ary\",bDetected=1),result()}meta(\"packer\",\"PKLITE\")" }, { "path": "dbs_min/db/MSDOS/packer_PKTINY.2.sg", "content": "function detect(){return MSDOS.compareEP(\"2ec606......2ec606......2ec606......e9\")&&(sVersion=\"1.0\",sOptions=\"by Thomas Monkemeier\",bDetected=1),result()}meta(\"packer\",\"PKTINY\")" }, { "path": "dbs_min/db/MSDOS/packer_PMWLite.2.sg", "content": "function detect(){return MSDOS.compareEP(\"e8$$$$fc1633c033db8ec026c406....26813e........75..26813e........74..26891e....26891e....07c3\")&&(sVersion=\"1.33\",sOptions=\"by Daredevil & Tran\",bDetected=1),result()}meta(\"packer\",\"PMWLite\")" }, { "path": "dbs_min/db/MSDOS/packer_PRO-PACK.2.sg", "content": "function detect(){return MSDOS.compareEP(\"0e8cd38ec38cca8eda8b......8bf183....8bfed1..fdf3a553b8....508b\")?(sVersion=\"2.13-2.14\",bDetected=1):MSDOS.compareEP(\"8cd38ec38cca8eda8b0e....8bf183ee..8bfed1..fdf3a553b8....508b......cb\")&&(sVersion=\"2.08\",bDetected=1),result()}meta(\"packer\",\"PRO-PACK\")" }, { "path": "dbs_min/db/MSDOS/packer_Pack.2.sg", "content": "function detect(){return MSDOS.compareEP(\"eb$$2e8c1e....2e8c06....8cc383c3..2e891e....8cc88ed8505351525657061eb462cd212e891e....b4..33db4bcd21\")&&(sVersion=\"1.0\",sOptions=\"1987 by K.Kokkonen\",bDetected=1),result()}meta(\"packer\",\"Pack\")" }, { "path": "dbs_min/db/MSDOS/packer_Packers.2.sg", "content": "function detect(){return MSDOS.compareEP(\"fd1e0e81de....89f63bf23ab0....03f433f003f333f781d6....0e28de1a72..00d62250..1250..81e6....07\")?(sOptions=\"by mARQUIS dE sOIRPE //mDS/uCF\",bDetected=1):MSDOS.compareEP(\"e800005e83c6..90b9....8cd805....2ec43c8cc303d88ec326010583c6..e2\")&&(sName=\"relocation packer\",sOptions=\"by The DoP\",bDetected=1),result()}meta(\"packer\",\"Packer\")" }, { "path": "dbs_min/db/MSDOS/packer_RERP.2.sg", "content": "function detect(){return MSDOS.compareEP(\"fc1e068cc383c3..0e1fbe....b9....ad3bc175..ad3bc174..03c38ec0ad8bf826011deb\")&&(sVersion=\"0.02\",bDetected=1),result()}meta(\"packer\",\"RERP\")" }, { "path": "dbs_min/db/MSDOS/packer_RIXEPACK.2.sg", "content": "function detect(){return MSDOS.compareEP(\"eb$$fc2e8c1e....8cc88ed8a3....8cc34b8ec326031e....81eb....0306....05....3bc3\")&&(sOptions=\"1986, 1990 by RIX SoftWorks, Inc.\",bDetected=1),result()}meta(\"packer\",\"RIXEPACK\")" }, { "path": "dbs_min/db/MSDOS/packer_RJcrush.2.sg", "content": "function detect(){return MSDOS.compareEP(\"06FC8CC8BA....03D052BA....52BA....03C28BD805....8EDB8EC033F633FFB9\")&&(sVersion=\"1.00\",bDetected=1),result()}meta(\"packer\",\"RJcrush\")" }, { "path": "dbs_min/db/MSDOS/packer_Relpack.2.sg", "content": "function detect(){return MSDOS.compareEP(\"eb$$2e8c1e....2e8c06....8cc383c3..8cc88ed8be....fcad3d........ad3d........03c38ec0ad\")&&(sVersion=\"1.0\",sOptions=\"by TurboPower Software\",bDetected=1),result()}meta(\"packer\",\"Relpack\")" }, { "path": "dbs_min/db/MSDOS/packer_SCRNCH.2.sg", "content": "function detect(){return MSDOS.compareEP(\"eb$$bb....b44acd2181eb....73..ba....b9....e9$$$$0e1fb440bb....cd21b8....cd21\")&&(sVersion=\"1.02\",sOptions=\"by Graeme W. McRae\",bDetected=1),result()}meta(\"packer\",\"SCRNCH\")" }, { "path": "dbs_min/db/MSDOS/packer_SEA-AXE.2.sg", "content": "function detect(){return MSDOS.compareEP(\"fcbc....0e1fe8....26a1....8b1e....2bc38ec0b1..d3e38bcbbf....8bf7f3a5bf....0657cb\")?bDetected=1:MSDOS.compareEP(\"fcbc....0e1fa3....e8....a1....8b1e....2bc38ec0b1..d3e38bcbbf....8bf7f3a5bf....0657cb\")&&(sVersion=\"2.0\",bDetected=1),result()}meta(\"packer\",\"SEA-AXE\")" }, { "path": "dbs_min/db/MSDOS/packer_Scramb.2.sg", "content": "function detect(){return MSDOS.compareEP(\"e9$$$$e8$$$$5b0e1f81eb....8bc305....508bc803d12bfac3\")&&(sVersion=\"1.20\",bDetected=1),result()}meta(\"packer\",\"Scramb\")" }, { "path": "dbs_min/db/MSDOS/packer_Shrinker.2.sg", "content": "function detect(){return MSDOS.compareEP(\"bb....ba....81c3....b8....b1..d3e803c38cd9498ec12603......2bc872..fa8ed3bc....fb\")&&(sVersion=\"3.0\",sOptions=\"1997 by A.S.M.\",bDetected=1),result()}meta(\"packer\",\"Shrinker\")" }, { "path": "dbs_min/db/MSDOS/packer_TSCRUNCH.2.sg", "content": "function detect(){return MSDOS.compareEP(\"e9$$$$061e55575652515350161f0e078bf4bf....b9....fcf3a4b430cd213c0373..be....e9\")&&(sOptions=\"by Clarion software\",bDetected=1),result()}meta(\"packer\",\"TSCRUNCH\")" }, { "path": "dbs_min/db/MSDOS/packer_Tenth_Planet.2.sg", "content": "function detect(){return MSDOS.compareEP(\"50068cca8edabe....fcad95ad9303da8ec38b0c8bf14e8bfefdf3a4b8....0650cb\")&&(sOptions=\"1996\",bDetected=1),result()}meta(\"packer\",\"Tenth Planet Soft packer\")" }, { "path": "dbs_min/db/MSDOS/packer_TinyProg.2.sg", "content": "function detect(){return MSDOS.compareEP(\"e9$$$$eb$$83ec..83e4..8bec50be....0336....8cd28cd803....33c275..fc8ec233ff\")||MSDOS.compareEP(\"e8$$$$eb$$83ec..83e4..8bec50be....0336....8cd28cd803....33c275..fc8ec233ff\")?(sVersion=\"3.X\",bDetected=1):MSDOS.compareEP(\"eb$$83ec..83e4..8bec50be....0336....8cd28cd803....33c275..fc8ec233ff\")?(sVersion=\"3.X\",sOptions=\"modified\",bDetected=1):MSDOS.compareEP(\"83ec..83e4..8bec50be....0336....8cd28cd803....33c275..fc8ec233ff\")?(sVersion=\"3.X\",bDetected=1):MSDOS.compareEP(\"e9$$$$2ec606......e9$$$$83ec..83e4..8bec50be............8cd28cd803....33c275..fc8ec233ff\")&&(sVersion=\"3.X\",sOptions=\"modified\",bDetected=1),result()}meta(\"packer\",\"TinyProg\")" }, { "path": "dbs_min/db/MSDOS/packer_Tinyprot.2.sg", "content": "function detect(){return MSDOS.compareEP(\"061e575650535152bd....0e1f8cc005....8ec0be....8b44..8cc103c18944..06b8....cd21891e....8c06....b8....cd21891e....8c06....07ba....b8....45cd21cd01\")?bDetected=1:MSDOS.compareEP(\"18..00..eb$$83ec..83e4..8bec50be....0336....8cd28cd80344..33c275..fc\")&&(sVersion=\"1.0c-e\",sOptions=\"1996 by I.Hakszer\",bDetected=1),result()}meta(\"packer\",\"TinyProt\")" }, { "path": "dbs_min/db/MSDOS/packer_UCEXE.2.sg", "content": "function detect(){return MSDOS.compareEP(\"501e0e1ffc33f6e8....160733f633ffb9....f3a506b8....50cb\")?(sVersion=\"2.3\",sOptions=\"1996 by A.Cadach\",bDetected=1):MSDOS.compareEP(\"501e0e1ffc2bf6e8....16072bf68bfeb9....f3a406b8....50cb\")?(sVersion=\"2.4\",sOptions=\"1996 by A.Cadach\",bDetected=1):MSDOS.compareEP(\"501e0e1ffc160733f633ffb9....f3a506b8....50cb\")&&(sVersion=\"3.0\",sOptions=\"1996 by A.Cadach\",bDetected=1),result()}meta(\"packer\",\"UCEXE\")" }, { "path": "dbs_min/db/MSDOS/packer_UPX.2.sg", "content": "function getUPXVersion(e){var t=\"\",e=MSDOS.findString(0,e,\"$Id: UPX\")\nreturn t=-1!==e?MSDOS.getString(e+9,4):t}function detect(){return(sVersion=getUPXVersion(Math.min(8192,MSDOS.getSize())))?bDetected=1:(MSDOS.compareEP(\"..............fcb430cd213c03\")?(sVersion=\"3.X\",bDetected=1):MSDOS.compareEP(\"B9....BE....89F71EA9....8CC805....8ED805....8EC0FDF3A5FC2E........73..92AFAD0E0E\")?(sVersion=\"0.82\",bDetected=1):MSDOS.compareEP(\"8CCBB9....BE....89F71EA9....8D......8ED805....8EC0FDF3A5FC\")?(sVersion=\"0.20-0.60\",bDetected=1):MSDOS.isSignaturePresent(0,Math.min(128,MSDOS.getSize()),\"'UPX!'\")?bDetected=1:MSDOS.compareEP(\"f99cb9....be....89f71ea9....8cc805....8ed805....8ec0fdf3a5fc2e........73..92afad0e0e\")?(sVersion=\"?.??\",bDetected=1):MSDOS.compareEP(\"8ccb8dbf....57b9....ba....be....89f71e1ea9....8d87....8daf....8ed88ec5fdf3a5fc\")&&(sVersion=\"0.05\",bDetected=1),bDetected&&(sUPXVersion=getUPXVersion(MSDOS.getSize()))&&(sVersion=sUPXVersion)),result()}meta(\"packer\",\"UPX\")" }, { "path": "dbs_min/db/MSDOS/packer_WWPACK.2.sg", "content": "function detect(){return MSDOS.compare(\"'WWP'\",28)?(MSDOS.compareEP(\"B8....8CCA03D08CC981C1....51\")?MSDOS.compareEP(\"6A..06068CD383....536A..FC\",14)?(sVersion=\"3.00\",sOptions=\"Extractable\"):MSDOS.compareEP(\"33C9B1..510606BB....538CD3\",14)?(sVersion=\"3.02\",sOptions=\"Extractable\"):MSDOS.compareEP(\"BB....53\",20)?sVersion=\"3.03\":MSDOS.compareEP(\"B1..518CD3\",20)&&(sVersion=\"3.05c4\",sOptions=\"Modified\"):MSDOS.compareEP(\"BE....BA....BF....B9....8CCD8EDD81ED....06068BDD2BDA8BD3FC\")?(sVersion=\"3.00\",sOptions=\"Relocations pack\"):MSDOS.compareEP(\"BE....BF....B9....8CCD81ED....8BDD81EB....8BD3FCFA1E8EDB011533C02EAC\")?(sVersion=\"3.02\",sOptions=\"Relocations pack\"):MSDOS.compareEP(\"0305....B8....8CCA03D08CC981C1....51B9....510606B1..518CD3\")&&(sVersion=\"3.05c4\",MSDOS.compareEP(\"1A\",3)?sOptions=\"Extractable\":MSDOS.compareEP(\"1B\",3)&&(sOptions=\"Unextractable\"),MSDOS.compareEP(\"C0\",2)?sOptions=sOptions.append(\"Password check\",\"Virus shield\"):MSDOS.compareEP(\"80\",2)?sOptions=sOptions.append(\"Password check\"):MSDOS.compareEP(\"40\",2)&&(sOptions=sOptions.append(\"Virus shield\"))),bDetected=1):MSDOS.compareEP(\"BE....BF....B9....8CCD81ED....8BDD81EB....8BD3FCFA\")?(sVersion=\"3.04/3.05\",sOptions=\"Relocations pack\",bDetected=1):MSDOS.compareEP(\"b8....8cca03d08cc981c1....51b9....510606b1..518cd383eb..53b1\")?(sVersion=\"3.05beta P\",bDetected=1):MSDOS.compareEP(\"b8....8cca03d08cc981c1....51b9....510606fc8cd5b1..51b1..8cd3\")||MSDOS.compareEP(\"b8....8cca03d08cc981c1....51b9....510606b1..51fc8cd5b1..8cd3\")?(sVersion=\"3.0x P\",bDetected=1):MSDOS.compareEP(\"b8....8cca03d08cc981c1....51b9....510606bb....538cd383eb..53b1\")?(sVersion=\"3.03 PU\",bDetected=1):MSDOS.compareEP(\"b8....8cca03d08cc981c1....5133c9b1..510606bb....538cd383eb..53b1\")?(sVersion=\"3.02, 3.02a P\",bDetected=1):MSDOS.compareEP(\"b8....8cca03d0fc8cd58cc981c1....51b9....510606b1..51b1..8cd383eb..53514d\")?(sVersion=\"3.04 PR\",sOptions=\"Relocations pack\",bDetected=1):MSDOS.compareEP(\"fa1e8ed8b8....cd218ed98bd3b8....cd211fe800005a83c2..87d4ffe4\")?(sVersion=\"3.05 PU\",bDetected=1):MSDOS.compareEP(\"b8....8cca03d08cc981c1....516a..06068cd383eb..536a..fc8cd5be....33ff\")?(sVersion=\"3.0 P\",bDetected=1):MSDOS.compareEP(\"be....ba....bf....b9....8ccd8edd81ed....06068bdd2bda8bd3fc8ec3\")?(sVersion=\"3.0\",sOptions=\"Relocations pack\",bDetected=1):MSDOS.compareEP(\"ba....faf9............72..0633c98ec1bf....ab8bc6ab07e8....5a\")?(sVersion=\"3.03 PU\",sOptions=\"Relocations pack modified\",bDetected=1):MSDOS.compareEP(\"faba....f8bb....b9....73..0633c98ec1bf....ab8bc6ab07e8....5a\")?(sVersion=\"3.03 PU\",sOptions=\"Relocations pack\",bDetected=1):MSDOS.compareEP(\"b8....8cca03d08ccd81c5....55b9....510606b1..518cd383eb..53b1..51fc8cd5be....33ff\")&&(sVersion=\"3.05c PU\",bDetected=1),result()}meta(\"packer\",\"WWPACK\")" }, { "path": "dbs_min/db/MSDOS/packer_XPACK.2.sg", "content": "function detect(){return MSDOS.compareEP(\"8becfa33c08ed0bc....2e8f06....2e8f06....eb$$0ebb....535feb$$178be5fb48d1e8eb\")&&(sVersion=\"1.52\",bDetected=1),MSDOS.compareEP(\"e90000e9$$$$2ec706........8beceb$$2ec606......eb009a\")&&(sVersion=\"1.0j\",bDetected=1),MSDOS.compareEP(\"b8....15....8beceb$$b8....ffe0\")&&(sVersion=\"1.65, 1.66\",bDetected=1),MSDOS.compareEP(\"b8....15....813e........e8$$$$e8$$$$eb$$1e0e1f8beceb\")&&(sVersion=\"1.67.l\",bDetected=1),MSDOS.compareEP(\"b8....15....eb$$b8....ffe0\")&&(sVersion=\"1.67j\",bDetected=1),MSDOS.compareEP(\"8beceb$$b8....ffe0\")&&(sVersion=\"1.65b2\",bDetected=1),MSDOS.compareEP(\"e9$$$$8beceb$$b8....ffe0\")&&(sVersion=\"1.44\",bDetected=1),result()}meta(\"packer\",\"XPACK\")" }, { "path": "dbs_min/db/MSDOS/packer_ZIPSCRUB.2.sg", "content": "function detect(){return(MSDOS.compareEP(\"8cc88ed88cc381c3....891e....8bc30306....8ec08b0e....8bf14e8bfefdf3a450b8....50cb\")||MSDOS.compareEP(\"8cc88ed88cc381c3....8bc30306....8ec08b0e....8bf14e8bfefdf3a450b8....50cb\"))&&(bDetected=1),result()}meta(\"packer\",\"ZIPSCRUB relocations compressor\")" }, { "path": "dbs_min/db/MSDOS/packer_aPACK.2.sg", "content": "function detect(){return MSDOS.compareEP(\"1E068CCBBA....03DAFC33F633FF4B8EDB8D......8EC0B9....F3A54A75..8EC38ED833FFBE....05....0E50\")?(sVersion=\"0.90-0.99,XE_1.3-1.4\",bDetected=1):MSDOS.compareEP(\"1E068CCBBA....03DA8D87....FC33F633FF484B8EC08EDBB9....F3A54A75..8EC38ED833FFBE....05....0E50\")?(sVersion=\"0.82\",bDetected=1):MSDOS.compareEP(\"8cc88ed805....8ec050be....33fffcb2..bd....33c950a4ffd5\")?(sVersion=\"0.94\",sOptions=\"-m -d\",bDetected=1):MSDOS.compareEP(\"8cc880c4..8ec0fcb9....be....8bfe57f3a55fbe....06ba....521e078ed8cb\")?(sVersion=\"0.82-0.94\",sOptions=\"converted to exe\",bDetected=1):MSDOS.compareEP(\"1e060e1f0e07be....bf....8bcffc57f3a4c3\")?(sVersion=\"0.98, 0.99\",sOptions=\"-t\",bDetected=1):MSDOS.compareEP(\"1e068cc88ed805....8ec050be....33fffcb6..bd....ffd5\")?(sVersion=\"0.69-0.74\",sOptions=\"-t\",bDetected=1):MSDOS.compareEP(\"be....bf....8bcffc57f3a4c3\")?(sVersion=\"0.98-0.99 small\",bDetected=1):MSDOS.compareEP(\"1e068cc88ed805....8ec050be....33fffcb6..bd....8bde83e6..c1eb..8cd803c38ed8\")?(sVersion=\"0.73-0.74 big\",bDetected=1):MSDOS.compareEP(\"0e1f0e07be....bf....8bcffc57f3a4c3\")?(sVersion=\"0.98\",bDetected=1):MSDOS.compareEP(\"1e068cc88ed805....8ec050be....33fffcb2..bd....33c950a4\")?(sVersion=\"0.96\",sOptions=\"-m\",bDetected=1):MSDOS.compareEP(\"1e06ba....8ccb03dafc33f633ff4b8edb8d87....8ec0b9....f3a54a75..8ec38ed833ffbe....05....0e506a..cb\")?(sVersion=\"0.90-0.99\",bDetected=1):MSDOS.compareEP(\"8cc88ed805....8ec050be....33fffcb6..bd....ffd5\")?(sVersion=\"0.73-0.82\",sOptions=\"-d\",bDetected=1):MSDOS.compareEP(\"1e068cc88ed805....8ec0be....33fffcb6..bd....ffd5\")?(sVersion=\"0.58\",sOptions=\"type 2\",bDetected=1):MSDOS.compareEP(\"1e068cc88ed805....8ec050be....33fffc8cc82e0106....b2..bd....33c9\")&&(sVersion=\"0.98, 0.99\",sOptions=\"-m -h\",bDetected=1),result()}meta(\"packer\",\"aPACK\")" }, { "path": "dbs_min/db/MSDOS/patcher_Patchers.1.sg", "content": "function detect(){return MSDOS.compareEP(\"b409ba....cd21ba....cd21b8....ba....cd2173..b409ba....cd21ba....cd21cd20a3....b409ba....cd21\")?(sName=\"CrAcKeR\",sVersion=\"0.2a\",sOptions=\"by Deu$\",bDetected=1):MSDOS.compareEP(\"b409ba....eb$$cd21b409ba....eb$$cd21b409ba....eb$$cd21b409ba....eb\")&&(sOptions=\"by Mr. KIM\",bDetected=1),result()}meta(\"patcher\",\"Patcher\")" }, { "path": "dbs_min/db/MSDOS/protector_$pirit.2.sg", "content": "function detect(){return MSDOS.compareEP(\"E8....F9E8....B4..CD212D....13F2E8....2A01F5E9\")||MSDOS.compareEP(\"ACB4..CD2106B4..CD21079FE8....FC90\")||MSDOS.compareEP(\"123fe8$$$$e4..900c..36e6..ba....f9525289d126b8....36b5..3ecd16fd5a\")?(sVersion=\"1.5\",bDetected=1):MSDOS.compareEP(\"ac03d9e8$$$$e4..fb0c..fbe6..90ba....5252fd89d1b8....30ed2ecd16905a87d190b8....fb86cdf530ed3ecd16f95ac3\")?(sOptions=\"$UPD 2.1 1996 by Night $pirit\",bDetected=1):MSDOS.compareEP(\"1c..3a1fe8....f5e8....fde8....04..9035....f8f6dff9d0d5fdfbfcc3\")||MSDOS.compareEP(\"e8$$$$e4210c1ae6212eb9....2e51f85189c9f8b8....b5..2ecd163659fdfd87c986cd3eb5..2eb8....f9cd1659c3\")?bDetected=1:(MSDOS.compareEP(\"e8$$$$ba....f8ec0c..36eef5b8....50f950269089c128edf9b8....cd165887c1b8....f886e93e30ed36cd1658fdc3\")||MSDOS.compareEP(\"e8$$$$ba....fbec0c..eeb9....51512efd89c9fdb8....b5..3ecd165987c9b8....86e9b5..f8cd1659f9c3\")||MSDOS.compareEP(\"e8$$$$e4212e0c..e6212eb9....5151fd89c93eb5..fcb8....fbcd162e5987c926b8....fd\")||MSDOS.compareEP(\"e8$$$$26e421f80c..e621f98d1e....53365389d93e30edb8....cd165b\")||MSDOS.compareEP(\"91221db4..cd21d2d1e9$$$$b4..cd21a6e8\")||MSDOS.compareEP(\"b4..cd21b4..cd21e8$$$$ba....ec900c..26ee8d0e....51fd51\")||MSDOS.compareEP(\"95e8$$$$fbba....3eecfc0c..3eeefb8d0e....51512687c9b8....28ed26cd162e59fdfb87c9b8....fd88e9f8b5..cd1626592ec3\"))&&(sVersion=\"1.5\",bDetected=1),result()}meta(\"protector\",\"$pirit\")" }, { "path": "dbs_min/db/MSDOS/protector_ABKprot.2.sg", "content": "function detect(){return MSDOS.compareEP(\"B430CD2186E03D....73..9C8CC0065B595153BA....87F256CF0E1F0E07\")&&(sVersion=\"1.0\",bDetected=1),result()}meta(\"protector\",\"ABKprot\")" }, { "path": "dbs_min/db/MSDOS/protector_AEP.2.sg", "content": "function detect(){return MSDOS.compareEP(\"E8$$$$E4212EA3....33C08BD85DB9....50B8....E6210FA9E6..538BDFE42123D84B0FA14B66\")&&(sVersion=\"1.00\",bDetected=1),result()}meta(\"protector\",\"AEP\")" }, { "path": "dbs_min/db/MSDOS/protector_ALEC.2.sg", "content": "function detect(){return MSDOS.compareEP(\"c1ed..1346..2e391cb9....f981c1....bb....81c3....2ec007..431346..4975..8e0000d518de3701e2c8......330ce8\")||MSDOS.compareEP(\"b9....81c1....bb....81c3....71..908a24402e802f..4372..90\")?(sVersion=\"1.3\",sOptions=\"1996 by rANDOM //UCF\",bDetected=1):MSDOS.compareEP(\"b9....81c1....84221a24bf....81c7....2e3856..408422\")&&(sVersion=\"1.6\",sOptions=\"1996 by rANDOM //UCF\",bDetected=1),result()}meta(\"protector\",\"ALEC\")" }, { "path": "dbs_min/db/MSDOS/protector_ANTI-TRACE.2.sg", "content": "function detect(){return MSDOS.compareEP(\"2ec606......eb$$e9$$$$8cd805....50b8....5033c0cb\")&&(sVersion=\"1.0\",sOptions=\"by Oren Maurice\",bDetected=1),result()}meta(\"protector\",\"ANTI-TRACE\")" }, { "path": "dbs_min/db/MSDOS/protector_AVAST_CRC-Check.2.sg", "content": "function detect(){return MSDOS.compareEP(\"eb$$8cc82e0306....502eff36....CB\")&&(sVersion=\"7.70\",sOptions=\"1999\",bDetected=1),result()}meta(\"protector\",\"AVAST CRC-CHECK\")" }, { "path": "dbs_min/db/MSDOS/protector_Aluwain.2.sg", "content": "function detect(){return MSDOS.compareEP(\"8BEC1EE8....9D5E\")&&(sVersion=\"8.09\",bDetected=1),result()}meta(\"protector\",\"Aluwain\")" }, { "path": "dbs_min/db/MSDOS/protector_Anti-LAME.2.sg", "content": "function detect(){return MSDOS.compareEP(\"060e07bb....31c09090b9....268a0730e0268807fec443e2..078cc005....05....50b8....50b8....50c3\")&&(sOptions=\"by [ptPower\",bDetected=1),result()}meta(\"protector\",\"Anti-LAME\")" }, { "path": "dbs_min/db/MSDOS/protector_Antilame.2.sg", "content": "function detect(){return MSDOS.compareEP(\"fd2ad01e03fa33fe81d7....2efe06....12d30e0e0780f6..1f85fe33ff1216....b2..81d2....84e2ba....d1c232f7\")&&(sVersion=\"1.0b\",sOptions=\"by Phantomlord\",bDetected=1),result()}meta(\"protector\",\"Antilame\")" }, { "path": "dbs_min/db/MSDOS/protector_Bitlok.2.sg", "content": "function detect(){return MSDOS.compareEP(\"eb$$b430cd213c..72..2e8c1e....8cdb83c3..2e011e....0e1feb$$33c0eb$$bf....eb$$b9....eb$$51eb$$2bcf\")?(sVersion=\"3.1\",sOptions=\"by Yellow Rose Software Workgroup\",bDetected=1):MSDOS.compareEP(\"fa8ccc8ed4bc....9c51525657550e1f2e8c06....2ec606......0e07be....b9....b0..e3\")?(sName=\"BITLOK-7NT\",sVersion=\"11/13/93-04/22/95\",sOptions=\"by Mr. Lei (Yellow Rose Co.)\",bDetected=1):MSDOS.compareEP(\"fa8ccc8ed4bc....9c51525657550e1f2e8c06....0e07be....b9....b0..e3\")&&(sName=\"BITLOK-7NT\",sVersion=\"05/21/93\",sOptions=\"by Mr. Lei (Yellow Rose Co.)\",bDetected=1),result()}meta(\"protector\",\"BITLOK\")" }, { "path": "dbs_min/db/MSDOS/protector_Bunny.2.sg", "content": "function detect(){return MSDOS.compareEP(\"fae9$$$$8cc02ea3....8cd82ea3....8cd02ea3....8bc42ea3....8cc88ed88ec08ed0bc....e8\")&&(sVersion=\"4.1\",sOptions=\"1993 by M.Bunjes\",bDetected=1),result()}meta(\"protector\",\"Bunny\")" }, { "path": "dbs_min/db/MSDOS/protector_CC.2.sg", "content": "function detect(){return MSDOS.compareEP(\"b8....ba....3be073..b409ba....cd21b8....cd218bdc81eb....83e3..fcbe....8bfbb9....f3a48bc3b1..d3e88cc903c15033c050cb\")?(sVersion=\"1.0\",sOptions=\"1991 by B.Vorontsov\",bDetected=1):MSDOS.compareEP(\"ba....b430cd213c..73..33c00650cbb9....b8....eb$$05....fc80c4..eb\")&&(sVersion=\"2.61 Beta\",sOptions=\"by UniHackers\",bDetected=1),result()}meta(\"protector\",\"CC\")" }, { "path": "dbs_min/db/MSDOS/protector_CEPexe.2.sg", "content": "function detect(){return MSDOS.compareEP(\"8cdd0e070e1fbf....be....b9....fcf3a41f5f8f..8f....8f....8c....8f....8f....595f5e8cc88ec08ed8ea\")&&(bDetected=1),result()}meta(\"protector\",\"CEPexe\")" }, { "path": "dbs_min/db/MSDOS/protector_CERBERUS.2.sg", "content": "function detect(){return MSDOS.compareEP(\"9C2BED8C....8C....FAE4..88....1607BF....8EDD9BF5B9....FCF3A5\")&&(sVersion=\"2.0\",bDetected=1),result()}meta(\"protector\",\"CERBERUS\")" }, { "path": "dbs_min/db/MSDOS/protector_COMCRYPT.2.sg", "content": "function detect(){return MSDOS.compareEP(\"e9$$$$b9....be....89f70e1f0e07bb....fcad31d8abe2\")?bDetected=1:MSDOS.compareEP(\"e9$$$$eb$$5053575152061e572e8b36....81c6....8a5c..2e881e....8a5c\")&&(sVersion=\"1.0b\",bDetected=1),result()}meta(\"protector\",\"COMCRYPT\")" }, { "path": "dbs_min/db/MSDOS/protector_COMPROTECT.2.sg", "content": "function detect(){return MSDOS.compareEP(\"b8....15....72..8ac4bb....50515253555657061e50b8....58eb\")&&(sVersion=\"2.10\",sOptions=\"1988-95 by Ralph Roth (converted to exe)\",bDetected=1),result()}meta(\"protector\",\"COMPROTECT\")" }, { "path": "dbs_min/db/MSDOS/protector_CONVOY.2.sg", "content": "function detect(){return MSDOS.compareEP(\"e9$$$$2e8c06....2ea3....b8....cd2f3c..75..b8....ba....0e1fcd21b8....cd21\")?(sOptions=\"1993 by ELIAS Copy-Protection System\",bDetected=1):MSDOS.compareEP(\"e9$$$$2e8c06....2ea3....e8$$$$5056571e062e8b3e....2e8106........2e893e....0e0733c08ed833f6b9\")&&(sVersion=\"3.2\",sOptions=\"1993 by ELIAS Copy-Protection System\",bDetected=1),result()}meta(\"protector\",\"CONVOY++\")" }, { "path": "dbs_min/db/MSDOS/protector_CRYPTEXE.2.sg", "content": "function detect(){return MSDOS.compareEP(\"EB..8BDCEB..EA........01EA83FC..74..EB\")||MSDOS.compareEP(\"eb$$8bdceb$$bc....eb$$83fc..74..eb$$cd20eb$$8be3\")?(sVersion=\"1.04\",bDetected=1):MSDOS.compareEP(\"2e8c1e....eb$$fa50b8....58eb$$eb$$8bdceb$$bc....eb$$83fc..eb$$74..fa\")&&(sVersion=\"1.01b\",sOptions=\"1996 by DoP\",bDetected=1),result()}meta(\"protector\",\"CRYPTEXE\")" }, { "path": "dbs_min/db/MSDOS/protector_China Locker.2.sg", "content": "function detect(){return MSDOS.compareEP(\"e9$$$$fc2e891e....2e890e....2e8916....2e8936....2e893e....2e8c16....2e8926....2e8c1e....90909090\")&&(sVersion=\"1995.02.02\",sOptions=\"by China Locker Software\",bDetected=1),result()}meta(\"protector\",\"China Locker\")" }, { "path": "dbs_min/db/MSDOS/protector_Ciphator.2.sg", "content": "function detect(){return MSDOS.compareEP(\"9393E8$$$$586A..0E68....CF\")&&(sVersion=\"4.6\",bDetected=1),result()}meta(\"protector\",\"Ciphator\")" }, { "path": "dbs_min/db/MSDOS/protector_Codesafe.2.sg", "content": "function detect(){return MSDOS.compareEP(\"e9$$$$5033c08ec02ef606......74..26ff36....061e07e8....07268f06....fb2e8c1e....26ff36....268f06\")&&(sOptions=\"by EliaShim Ltd\",bDetected=1),result()}meta(\"protector\",\"Codesafe\")" }, { "path": "dbs_min/db/MSDOS/protector_ComProtector.2.sg", "content": "function detect(){return MSDOS.compareEP(\"E9....E8....5E8BEE81......8D......B9....F61446E2..4B\")?(sVersion=\"1.0b\",bDetected=1):MSDOS.compareEP(\"E9....B9....BB....BF....2E....34..FEC8C0....2E....2E....2E....4743E2\")&&(sVersion=\"1.0\",bDetected=1),result()}meta(\"protector\",\"ComProtector\")" }, { "path": "dbs_min/db/MSDOS/protector_ComprEXE.2.sg", "content": "function detect(){return MSDOS.compareEP(\"fc1e068cdd83c5..89e8ba....8b1e....29d3538ed88ec331f631ffb9....f3a540434a75..b8....50cb\")&&(sVersion=\"1.0\",sOptions=\"by Tom Torfs\",bDetected=1),result()}meta(\"protector\",\"ComprEXE\")" }, { "path": "dbs_min/db/MSDOS/protector_Copy_Protector.2.sg", "content": "function detect(){return(MSDOS.compareEP(\"2EA2....5351521E06B4..1E0E1FBA....CD211F\")||MSDOS.compareEP(\"E9....505351521E0657E8....5F83EF..B4..1E0E1F\"))&&(sVersion=\"2.0\",bDetected=1),result()}meta(\"protector\",\"Copy Protector\")" }, { "path": "dbs_min/db/MSDOS/protector_Copylock_PC.2.sg", "content": "function detect(){return(MSDOS.compareEP(\"0e1fb9....bf....8135....83c7..e2\")||MSDOS.compareEP(\"0e1f8c1e....8c06....1e07bf....33f6\")||MSDOS.compareEP(\"0e1fb9....bf........83c7..e2\")||MSDOS.compareEP(\"0e1fb9....bf............83c7..e2\")||MSDOS.compareEP(\"0e1f8cc0a3....90909090909090909090a1\"))&&(sOptions=\"1990 by Rob Northen Computing\",bDetected=1),result()}meta(\"protector\",\"Copylock PC\")" }, { "path": "dbs_min/db/MSDOS/protector_CrAcKeR.2.sg", "content": "function detect(){return MSDOS.compareEP(\"eb$$be....8bfe5633c0be....ac02e081fe....72..5eac34..aa81fe....72\")&&(sVersion=\"0.2a\",sOptions=\"by Deu$\",bDetected=1),result()}meta(\"protector\",\"CrAcKeR\")" }, { "path": "dbs_min/db/MSDOS/protector_CrackStop.2.sg", "content": "function detect(){return MSDOS.compareEP(\"B4..BB....B9....8BECCD21FAFC03....05....FFE0\")?(sVersion=\"1.X\",bDetected=1):MSDOS.compareEP(\"bd....be....ffe6\")&&(sVersion=\"1.0b\",bDetected=1),result()}meta(\"protector\",\"CrackStop\")" }, { "path": "dbs_min/db/MSDOS/protector_Cruncher.2.sg", "content": "function detect(){return MSDOS.compareEP(\"2E........2E......B430CD213C0373..BB....8EDB8D......B409CD210633C050CB\")&&(sVersion=\"1.0\",bDetected=1),result()}meta(\"protector\",\"Cruncher\")" }, { "path": "dbs_min/db/MSDOS/protector_CryExe.2.sg", "content": "function detect(){return MSDOS.compareEP(\"E9$$$$E9$$$$E9$$$$BB....E8$$$$31EDEB$$8EDDEB$$872FE8$$$$E8$$$$55E9$$$$E9$$$$31C0EB$$EB$$E8\")&&(sVersion=\"4.0\",bDetected=1),result()}meta(\"protector\",\"CryExe\")" }, { "path": "dbs_min/db/MSDOS/protector_CryptCom.2.sg", "content": "function detect(){return MSDOS.compareEP(\"e9$$$$be....56b9....c704....c644....8134....4646e2..31f631c9c3\")&&(sVersion=\"2.0\",sOptions=\"by Nowhere Man\",bDetected=1),result()}meta(\"protector\",\"CryptCom\")" }, { "path": "dbs_min/db/MSDOS/protector_CrypteXeC.2.sg", "content": "function detect(){return(MSDOS.compareEP(\"FD25....E8....3EBA....EC0C..26EE..B9....5151..87C9\")||MSDOS.compareEP(\"06b4..cd2107e8....acac3ee8....d7e9\"))&&(sVersion=\"1.01\",bDetected=1),result()}meta(\"protector\",\"CrypteXeC\")" }, { "path": "dbs_min/db/MSDOS/protector_Crypto-box.2.sg", "content": "function detect(){return MSDOS.compareEP(\"e9$$$$9c50520e538bec2e892e....1e06b8....8bf80e07b8....8ed82e8b1e....8b078bf0\")&&(bDetected=1),result()}meta(\"protector\",\"Crypto-box\")" }, { "path": "dbs_min/db/MSDOS/protector_DCREXE.2.sg", "content": "function detect(){return(MSDOS.compareEP(\"e8$$$$52e8$$$$5a83c2..ffe2\")||MSDOS.compareEP(\"e8$$$$53e8$$$$5b83c3..ffe3\"))&&(sVersion=\"2.0\",sOptions=\"by LuCe\",bDetected=1),result()}meta(\"protector\",\"DCREXE\")" }, { "path": "dbs_min/db/MSDOS/protector_DMC.2.sg", "content": "function detect(){return MSDOS.compareEP(\"e9$$$$2e8c16....2e8926....2ea3....8cc88ed0bc....2ea1....505351525657551e060e1f8c06....a1\")&&(sVersion=\"3.5\",sOptions=\"by Adlersparre & Associates\",bDetected=1),result()}meta(\"protector\",\"DMC\")" }, { "path": "dbs_min/db/MSDOS/protector_Deeper.2.sg", "content": "function detect(){return MSDOS.compareEP(\"90e9$$$$e8000059fa8bdc36c747......36837f....75..fb66fafb8be981ed....81e9....be....8dbe....668b05668904\")&&(sVersion=\"1.0c\",bDetected=1),MSDOS.compareEP(\"90e9$$$$e80000fa8bdc36c747......36837f....75..fb598be981ed....81e9....be....8dbe....668b05668904\")&&(sVersion=\"1.0a\",bDetected=1),result()}meta(\"protector\",\"Deeper\")" }, { "path": "dbs_min/db/MSDOS/protector_E-PROT.2.sg", "content": "function detect(){return MSDOS.compareEP(\"81f8....be....90bd....2e8076....454e75\")&&(sVersion=\"1.0.3\",sOptions=\"2000 by MasterBall Systems, Inc.\",bDetected=1),result()}meta(\"protector\",\"E-PROT 386+\")" }, { "path": "dbs_min/db/MSDOS/protector_EEXE.2.sg", "content": "function detect(){return MSDOS.compareEP(\"B430CD213C0373..BA1F000E1FB409CD21B8FF4CCD21\")?(sVersion=\"1.12\",sOptions=\"1994 by F.P.Budzyn\",bDetected=1):MSDOS.compareEP(\"b430cd213c..73..0e1fb409ba....cd21b8....cd21\")?(sOptions=\"1994 by F.P.Budzyn\",bDetected=1):MSDOS.compareEP(\"33c08ed806be....bf....b9....fcf3a5b4..cd21\")&&(sVersion=\"1.11\",sOptions=\"1994 by F.P.Budzyn\",bDetected=1),result()}meta(\"protector\",\"EEXE\")" }, { "path": "dbs_min/db/MSDOS/protector_EPW.2.sg", "content": "function detect(){return MSDOS.compareEP(\"06571e5655525153502e8c......8cc005....2ea3....8ed8a1\")?(sVersion=\"1.2\",bDetected=1):MSDOS.compareEP(\"06571E5655525153502E8C0608008CC083\")?(sVersion=\"1.30\",bDetected=1):MSDOS.compareEP(\"e9$$$$06571e565552515350bb....81c3....2e8b078ccb03c305....50b8....50cb\")&&(sVersion=\"1.20\",bDetected=1),result()}meta(\"protector\",\"EPW\")" }, { "path": "dbs_min/db/MSDOS/protector_ETS.1.sg", "content": "function detect(){return MSDOS.compareEP(\"60061eeb$$bf....8cc82e8985....2e8b8d....8ec02e8bbd....e8\")&&(sVersion=\"1.0\",sOptions=\"by Da BLoB / MAFiA\",bDetected=1),result()}meta(\"protector\",\"ETS (ENCRYPT THE SHiT)\")" }, { "path": "dbs_min/db/MSDOS/protector_EXE-Crypt.2.sg", "content": "function detect(){return MSDOS.compareEP(\"90eb$$2e8c......2e89......8cc88ed0bc....1e060e1f8cc005....8ec01ee8....1f8cc3be....2e8b......83....74\")&&(sVersion=\"1.00\",bDetected=1),result()}meta(\"protector\",\"EXE-Crypt\")" }, { "path": "dbs_min/db/MSDOS/protector_EXE-Protect.2.sg", "content": "function detect(){return MSDOS.compareEP(\"e800005d81ed....1e06..1fb4..8db6....b9....8a1446cd21909090\")&&(sOptions=\"by Phrozen Crew\",bDetected=1),result()}meta(\"protector\",\"EXE-Protect\")" }, { "path": "dbs_min/db/MSDOS/protector_EXEGUARD.2.sg", "content": "function detect(){return MSDOS.compareEP(\"BA....BF....EB$$E8$$$$53BB....EB$$EB$$5B0E075051535653BB....EB\")&&(sVersion=\"1.3\",bDetected=1),result()}meta(\"protector\",\"EXEGUARD\")" }, { "path": "dbs_min/db/MSDOS/protector_EXEHigh.2.sg", "content": "function detect(){return MSDOS.compareEP(\"8cca8b2e....8eda8c06....8cda2bea8b3e....81ff....73..bf....893e....81c7....033e....b1..d3ef47d3e7fa\")&&(sVersion=\"1.01\",sOptions=\"by NoddegamrA\",bDetected=1),result()}meta(\"protector\",\"EXEHigh\")" }, { "path": "dbs_min/db/MSDOS/protector_EXETools.2.sg", "content": "function detect(){return(MSDOS.compareEP(\"e800005d83ed..1e8cda83c2..8eda8ec2bb....ba....85d274..b4..33ff33f6b9....ac32c4c0c4\")||MSDOS.compareEP(\"68....68....68....be....bf....57b9....f3a4c3\"))&&(sVersion=\"2.1 /E\",bDetected=1),result()}meta(\"protector\",\"EXETools\")" }, { "path": "dbs_min/db/MSDOS/protector_Encriptor.2.sg", "content": "function detect(){return MSDOS.compareEP(\"EB..B9....BE....BF....ACD0C8AAE2..BE....BF....ACAA\")&&(sVersion=\"1.00c\",bDetected=1),result()}meta(\"protector\",\"Encriptor\")" }, { "path": "dbs_min/db/MSDOS/protector_Enkryptonator.2.sg", "content": "function detect(){return MSDOS.compareEP(\"1e1eb430cd21b4..3c..73..cd21be....e8....e8....e8....1f07e9\")&&(bDetected=1),result()}meta(\"protector\",\"Enkryptonator\")" }, { "path": "dbs_min/db/MSDOS/protector_ExeCode.2.sg", "content": "function detect(){return MSDOS.compareEP(\"E9$$$$FA8CC302DF5033C02E8C16....2E8926....8ED0BC....BE....B9....33FF2EC706........32DBB0..E664AC\")?(sVersion=\"1.0\",sOptions=\"1995 by Balazs Scheidler\",bDetected=1):MSDOS.compareEP(\"E9$$$$8be8ba....b409cd212ea1....8cc303c3b1..2e8b1e....f7c3....74..83c3..d3eb2e891e....be....bf....b9....f3a5\")&&(sVersion=\"1.0 unregistered\",sOptions=\"1995 by Balazs Scheidler\",bDetected=1),result()}meta(\"protector\",\"ExeCode\")" }, { "path": "dbs_min/db/MSDOS/protector_ExeLock.2.sg", "content": "function detect(){return MSDOS.compareEP(\"068CC88EC0BE....26....34..26....4681......75..40B3..B3..F3\")?(sVersion=\"1.0\",bDetected=1):MSDOS.compareEP(\"ba....bf....eb$$e8$$$$53bb....eb$$eb$$5beb$$0633c08ec0b8....26a3....268c0e....075052faba....b0..ee\")&&(sVersion=\"1.0X\",sOptions=\"by ST!LLS0N\",bDetected=1),result()}meta(\"protector\",\"EXELock666\")" }, { "path": "dbs_min/db/MSDOS/protector_FACRYPT.2.sg", "content": "function detect(){return MSDOS.compareEP(\"B9....B3..33D2BE....8BFEAC32C3AA494332E403D0E3\")&&(sVersion=\"1.0\",bDetected=1),result()}meta(\"protector\",\"FACRYPT\")" }, { "path": "dbs_min/db/MSDOS/protector_FSE.2.sg", "content": "function detect(){return MSDOS.compareEP(\"607d..7a..d1ce89f68bf601fb8bf731f781c7....f8f8\")?(sVersion=\"0.6\",bDetected=1):MSDOS.compareEP(\"60d1cef533de33c8c7c6....d1cee9$$$$fbf98bd029c131db\")||MSDOS.compareEP(\"607d..7a..d1ce89f68bf601fb8bf731f781c7....f8e8\")?(sVersion=\"0.6+\",bDetected=1):MSDOS.compareEP(\"60b3..b7..7e..f5d1c2fb81e9....c7c0....bd....81c5....d1ce33c4fd79..e9\")?(sVersion=\"0.5\",bDetected=1):MSDOS.compareEP(\"eb$$6025....eb$$eb$$8cc0fa66c1cc..eb$$44bc....eb$$2ea3....66c1cc..e9\")?(sVersion=\"0.4+\",bDetected=1):MSDOS.compareEP(\"60fff08fc603f6b1..b5..fff18fc2f8e9\")?(sVersion=\"0.55\",bDetected=1):MSDOS.compareEP(\"60cefd33db81c3....81f3....81c3....fd45eb\")?(sVersion=\"0.5c\",bDetected=1):MSDOS.compareEP(\"607c..79..81ef....cc7f..8bc82bc103d431db81c3....fb81ea....e9\")?(sVersion=\"0.5c02\",bDetected=1):MSDOS.compareEP(\"6033f131c731f78bd9be....d1cf31c1c7c3....d1c3fd8bf8fb33c7bf....d1c7\")?(sVersion=\"0.5c04\",bDetected=1):MSDOS.compareEP(\"60be....c7c5....c7c3....c7c2....81f2....2e319a....33d62e8bba....31ef\")?(sVersion=\"0.5s\",bDetected=1):MSDOS.compareEP(\"6031fbce29f6c7c7....d1c333dfe8....76..c8......e8\")?(sVersion=\"0.6\",bDetected=1):MSDOS.compareEP(\"60fdd1c3f533ebc7c3....87d389d79705....7c..e9\")||MSDOS.compareEP(\"6072..fbe9$$$$03cee9$$$$b9....d1c981f1....8bd9d1cf\")?(sVersion=\"0.61+\",bDetected=1):MSDOS.compareEP(\"6089f731fffbb8....03e9c7c1....47f9fceb\")||MSDOS.compareEP(\"60be....c7c3....2e3198....81c3....81c6....8bfe01df75..e9\")?(sVersion=\"0.62\",bDetected=1):MSDOS.compareEP(\"60fff08fc2f9bf....fb31da8bf42bdef5f971..03f0c7c3....87dd\")||MSDOS.compareEP(\"60c7c6....b8....bf....bb....2e81b1........81f6....81c3....81c7....05....75..543e51\")?(sVersion=\"0.63\",bDetected=1):(MSDOS.compareEP(\"60fc81f3....f5be....fde9$$$$2be84a8bd129d9\")||MSDOS.compareEP(\"6033d9c7c1....7c..c7c6....75..76..bd....2bcd31c2\")||MSDOS.compareEP(\"60c7c5....c7c6....bf....31f62e31ab\")||MSDOS.compareEP(\"60c7c7....c7c3....c7c5....2e31ab....2e31bb....81c5\"))&&(sVersion=\"0.5\",bDetected=1),result()}meta(\"protector\",\"FSE by ZeNiX Yang //pCE'98\")" }, { "path": "dbs_min/db/MSDOS/protector_GA-Header.2.sg", "content": "function detect(){return MSDOS.compareEP(\"8cd02ea3....2e8926....8cc88ed0bc....061e0e1fbe....b8....8ec0bf....b9\")&&(sVersion=\"1.00\",bDetected=1),result()}meta(\"protector\",\"GA-Header\")" }, { "path": "dbs_min/db/MSDOS/protector_GOAT.1.sg", "content": "function detect(){return sOptions=\"1996 by Martin Overton //ChekWARE\",(MSDOS.compareEP(\"5051568bc033c0904149813c....75..83f9..75..0bc033c058595eb8\")||MSDOS.compareEP(\"515056528bc233d2f7e04149813c....75..3d....73..0bc933d259585e5ab8\")||MSDOS.compareEP(\"1650525351564a33db74..434b813c....74..81f9....75..0bd2b8....8ed85e585a5b5917b8\"))&&(bDetected=1),result()}meta(\"protector\",\"GOAT\")" }, { "path": "dbs_min/db/MSDOS/protector_HACKSTOP.2.sg", "content": "function detect(){return MSDOS.compareEP(\"FABD....FFE56A49480C..E4..3F983F\")?(sVersion=\"1.00\",bDetected=1):MSDOS.compareEP(\"B430CD2186E03D....73..B42FCD21B0..B44CCD2150B8....58EB\")?(sVersion=\"1.10/1.11\",bDetected=1):MSDOS.compareEP(\"B430CD2186E03D000373..B42FCD21B42ACD21B42CCD21B0FFB44CCD2150B8....58EB\")?(sVersion=\"1.10p1\",bDetected=1):MSDOS.compareEP(\"B430CD2186E03D....73..B4..CD21B0..B44CCD2153BB....5BEB\")?(sVersion=\"1.11c\",bDetected=1):MSDOS.compareEP(\"B430CD2186E03D....73..B0..B4..CD2150B8....58EB$$EB$$b8....CD2150B2..B8....CD21\")?(sVersion=\"1.00\",bDetected=1):MSDOS.compareEP(\"521eb430cd2186e03d....73..cd200e1fb4..e8\")?(sVersion=\"1.11f-1.12s\",bDetected=1):MSDOS.compareEP(\"FABD....D4854E32EBEB\")?(sVersion=\"1.13\",bDetected=1):MSDOS.compareEP(\"fabd....ffe5\")?(sVersion=\"1.13cs\",sOptions=\"converted to exe\",bDetected=1):MSDOS.compareEP(\"52B8....1ECD2186E03D....73..CD200E1FB409E8....24..EA\")?(sVersion=\"1.13\",bDetected=1):MSDOS.compareEP(\"FABE....050C00071D4A461E16FDAC44........F16D84D33D....CFAFFB34DB33..........D0D6....92B4249E\")?(sVersion=\"1.17\",bDetected=1):MSDOS.compareEP(\"52BA....5AEB..9A........30CD21......FD02....CD200E1F52BA....5AEB\")?(sVersion=\"1.18\",bDetected=1):MSDOS.compareEP(\"52BA....5AEB..9A........30CD21......D602....CD200E1F52BA....5AEB\")?(sVersion=\"1.19s\",bDetected=1):MSDOS.compareEP(\"52B430CD2152FA..FB3D....EB..CD200E1FB409E8\")?(sVersion=\"1.11f\",sOptions=\"modified\",bDetected=1):MSDOS.compareEP(\"53bb....5beb$$eb$$9c1e52b430cd2186c43d....73..cd200e1f53bb....5beb\")?(sVersion=\"1.20\",bDetected=1):MSDOS.compareEP(\"1e52B8....cd2186c43d....73..cd2052ba....5aeb\")?(sVersion=\"1.18s\",bDetected=1):MSDOS.compareEP(\"5d1eb430cd2186e03d....73..cd200e1fb409e8\")?(sVersion=\"1.11gs\",bDetected=1):MSDOS.compareEP(\"e8$$$$3adb74..b8014ccd21eb..b430cd21fa8bec8b46..05....ffe0\")?(sVersion=\"1.17 regged\",bDetected=1):MSDOS.compareEP(\"521ee9$$$$0e1fb409e8$$$$5acd211f5a53bb....5beb$$eb$$e8$$$$e8$$$$52ba....5aeb\")?(sVersion=\"1.11f\",bDetected=1):MSDOS.compareEP(\"b8....521ecd2186e03d....73..cd200e1fb4..e8$$$$5acd211f5a53bb....5beb\")?(sVersion=\"1.12cs\",bDetected=1):MSDOS.compareEP(\"50b8....58eb$$eb$$9c1e52b430cd2186c43d....73..cd200e1f50\")?(sVersion=\"1.19/386\",bDetected=1):MSDOS.compareEP(\"9c5751e8$$$$e8$$$$5fb9....b8....2e87052e3185....47d1c8e2\")?(sVersion=\"1.20/386\",bDetected=1):MSDOS.compareEP(\"b430cd2186e03d....73..b0..b44ccd2150b8....58eb\")&&(sVersion=\"0.97.6-0.99b\",bDetected=1),result()}meta(\"protector\",\"HackStop\")" }, { "path": "dbs_min/db/MSDOS/protector_HASP.2.sg", "content": "function detect(){return(MSDOS.compareEP(\"e9$$$$e800005d81ed....2ea3....8cd82ea3....05....2ea3....2e0306....2ea3....2e833e......75..e8\")||MSDOS.compareEP(\"e9$$$$e800005d81ed....2ea3....8cd82ea3....83c0..2ea3....2e0306....2ea3....2e833e......75..e8\"))&&(bDetected=1),result()}meta(\"protector\",\"HASP Key Envelope\")" }, { "path": "dbs_min/db/MSDOS/protector_HEALTH.2.sg", "content": "function detect(){return MSDOS.compareEP(\"1EE8....2E8C06....2E893E....8BD7B8....CD218BD80E1FE8....0657A1....26\")&&(sVersion=\"5.1\",bDetected=1),result()}meta(\"protector\",\"HEALTH\")" }, { "path": "dbs_min/db/MSDOS/protector_HaSPeX-Protect.2.sg", "content": "function detect(){return MSDOS.compareEP(\"fa8cc88ed88cd38bd48ed0bc....b9....8bf44444fdad35....50eb\")&&(sOptions=\"1996\",bDetected=1),result()}meta(\"protector\",\"HaSPeX-Protect\")" }, { "path": "dbs_min/db/MSDOS/protector_Hardlock.2.sg", "content": "function detect(){return MSDOS.compareEP(\"2ec6........be....bf....b9....2ea1....d1e92e8b1d2e31052e030402e12bc6d0c403c34683ef\")&&(sOptions=\"dongle envelope by Aladdin\",bDetected=1),result()}meta(\"protector\",\"Hardlock\")" }, { "path": "dbs_min/db/MSDOS/protector_Inertia.2.sg", "content": "function detect(){return(MSDOS.compareEP(\"505351525657551e060eb8....500e5805....5031c050cb\")||MSDOS.compareEP(\"505351525657551e8cc88ed8be....8cc3011e....8cc92bcb83e9..33db8cc005....8ed8\"))&&(bDetected=1),result()}meta(\"protector\",\"Inertia encryption\")" }, { "path": "dbs_min/db/MSDOS/protector_Int01-Destroyer.2.sg", "content": "function detect(){return MSDOS.compareEP(\"fc33d28ec2bf....abab8cca33ff81ea....52ba....521e0733d2cb\")&&(sOptions=\"1994\",bDetected=1),result()}meta(\"protector\",\"Int01-Destroyer\")" }, { "path": "dbs_min/db/MSDOS/protector_Ironthorn.2.sg", "content": "function detect(){return MSDOS.compareEP(\"9ce80000581e5704..bf....5feb$$ffd0\")&&(sVersion=\"1.0:2000\",sOptions=\"modified HackStop 1.19 by ReDragon\",bDetected=1),result()}meta(\"protector\",\"Ironthorn\")" }, { "path": "dbs_min/db/MSDOS/protector_JAM.2.sg", "content": "function detect(){return MSDOS.compareEP(\"50061607BE....8BFEB9....FDFAF32EA5FB06BD....55CB\")&&(sVersion=\"2.21\",bDetected=1),result()}meta(\"protector\",\"JAM\")" }, { "path": "dbs_min/db/MSDOS/protector_JmCryptExe.2.sg", "content": "function detect(){return MSDOS.compareEP(\"e9$$$$e9$$$$1e068cd805....8ed88ec02e0106....2e0106....8be82ea1....2e8b0e\")?(sVersion=\"0.7i\",bDetected=1):MSDOS.compareEP(\"e9$$$$e9$$$$2e8c1e....e8$$$$530633db8ec3bb....268e47..bb....26813f....74..e9\")?(sVersion=\"0.7\",bDetected=1):MSDOS.compareEP(\"e9$$$$2e8c1e....8cc88ed806a1....8ec08b1e....b4..cd210773..e9\")&&(sVersion=\"0.7?\",bDetected=1),result()}meta(\"protector\",\"JmCryptExe\")" }, { "path": "dbs_min/db/MSDOS/protector_Joke.2.sg", "content": "function detect(){return MSDOS.compareEP(\"bb....e8....bd....2863..53454ee8....9893928a80....52cb\")&&(sOptions=\"by SEN\",bDetected=1),result()}meta(\"protector\",\"Joke fileheader\")" }, { "path": "dbs_min/db/MSDOS/protector_KeyMaker.2.sg", "content": "function detect(){return MSDOS.compareEP(\"fc0e1f8706....871e....870e....8716....8736....873e....872e....268b07a3....8cc0a3....8cc88ec08edaf3a5\")&&(sVersion=\"3.0\",sOptions=\"1998 by TIME Software\",bDetected=1),result()}meta(\"protector\",\"KeyMaker\")" }, { "path": "dbs_min/db/MSDOS/protector_Kvetch.2.sg", "content": "function detect(){return MSDOS.compareEP(\"bb....ba....0e1f068cd005....8ec00efc8bcbd1e133ffd1e18bf7d1e1f3a5b8....0650cb\")?(sVersion=\"1.X\",sOptions=\"1992 by Tal Nevo\",bDetected=1):MSDOS.compareEP(\"ba....bb....060e0e1f8cd005....8ec08bcbd1e1d1e1d1e133ff8bf7fcf3a506b8....50cb\")&&(sVersion=\"1.02c\",sOptions=\"1992 by Tal Nevo\",bDetected=1),result()}meta(\"protector\",\"Kvetch\")" }, { "path": "dbs_min/db/MSDOS/protector_LOCK.2.sg", "content": "function detect(){return MSDOS.compareEP(\"b430cd21faba....2e8006......80ea..2e8816....e8$$$$2ec606......fbbf....b9....0e072e8a0534..aae2\")&&(sVersion=\"1.1\",sOptions=\"by Psycho //ENiAC\",bDetected=1),result()}meta(\"protector\",\"LOCK\")" }, { "path": "dbs_min/db/MSDOS/protector_LOCK91.2.sg", "content": "function detect(){return MSDOS.compareEP(\"eb$$8cc88ed88ec08cd8a3....a1....2906....e421500c..24..e621e8\")&&(sOptions=\"dongle envelope\",bDetected=1),result()}meta(\"protector\",\"LOCK91\")" }, { "path": "dbs_min/db/MSDOS/protector_LamerStop.2.sg", "content": "function detect(){return MSDOS.compareEP(\"E8....05....CD2133C08EC026......2E......26......2E......BA....FA\")&&(sVersion=\"1.0c\",bDetected=1),result()}meta(\"protector\",\"LamerStop\")" }, { "path": "dbs_min/db/MSDOS/protector_LockTite+.2.sg", "content": "function detect(){return MSDOS.compareEP(\"8cc88ed88cc381c3....8bc30306....8ec08b0e....8bf14e8bfefdf3a450b8....50cb\")&&(bDetected=1),result()}meta(\"protector\",\"LockTite+\")" }, { "path": "dbs_min/db/MSDOS/protector_MEGALITE.2.sg", "content": "function detect(){return MSDOS.compareEP(\"B8....BA....05....3B2D73..72..B409BA....CD21CD90\")&&(sVersion=\"1.20a\",bDetected=1),result()}meta(\"protector\",\"MEGALITE\")" }, { "path": "dbs_min/db/MSDOS/protector_MESS.2.sg", "content": "function detect(){return MSDOS.compareEP(\"....................B9....F3..ACE3..EB..BA....B409CD21CD20..............................B430CD213C0277\")?(sVersion=\"1.07\",bDetected=1):MSDOS.compareEP(\"........FAB9....F326ACE3..EB$$1E0E1FBA....81EA....B409CD211FB44CCD21\")?(sVersion=\"1.20\",bDetected=1):MSDOS.compareEP(\"........FA545b3bdc75..eb$$9c5b81cb....5381e3....75..9d9c5825....75..1e0e1f\")?(sVersion=\"1.29\",bDetected=1):MSDOS.compareEP(\"........FAb9....f326ace3..eb$$1e0e1fba....b409cd211fb44ccd21\")?(sVersion=\"1.X\",bDetected=1):MSDOS.compareEP(\"'MESS'b9....83c4..f326ace3..eb$$ba....b409cd21cd20\")?(sVersion=\"1.07\",bDetected=1):MSDOS.compareEP(\"'MESS'fa545b3bdc75..eb$$9c5b81cb....539d9c5825....75..1e0e1fba....b409cd211f\")?(sVersion=\"1.25\",bDetected=1):MSDOS.compareEP(\"'MESS'b9....83c4..f326ace3..eb\")&&(sVersion=\"1.14\",bDetected=1),result()}meta(\"protector\",\"MESS\")" }, { "path": "dbs_min/db/MSDOS/protector_Maker.2.sg", "content": "function detect(){return MSDOS.compareEP(\"eb$$558bec9ceb$$505351525657061eb8....cd210653eb$$b8....cd2106531e1e0e1f8ccab1..eb\")&&(sVersion=\"3.0\",sOptions=\"1992 by PST\",bDetected=1),result()}meta(\"protector\",\"Maker (CDAT)\")" }, { "path": "dbs_min/db/MSDOS/protector_Mandrake.2.sg", "content": "function detect(){return MSDOS.compareEP(\"b8....8ed8b8....8ec0e8$$$$bb....b9....b8....2bc1568bf0268a3488305ee2..b4..b7..cd10\")&&(sOptions=\"by H.P.G. Soft\",bDetected=1),result()}meta(\"protector\",\"Mandrake\")" }, { "path": "dbs_min/db/MSDOS/protector_MutaWWP.2.sg", "content": "function detect(){return MSDOS.compareEP(\"e8$$$$5e8bd683ea..83c6..060e1e0e1f33ff8cd383eb..8ec3b9....f3a45805....500e5333c951cb\")&&(sVersion=\"1.0\",sOptions=\"by Stefan Esser\",bDetected=1),result()}meta(\"protector\",\"MutaWWP\")" }, { "path": "dbs_min/db/MSDOS/protector_Mutate.2.sg", "content": "function detect(){return MSDOS.compareEP(\"e8$$$$58e9$$$$2ec606......eb$$1eeb$$50eb$$33c0f872..eb\")?(sVersion=\"1.1 (16,20.05.1996)\",sOptions=\"1996 by PReDaToR 666\",bDetected=1):MSDOS.compareEP(\"33c0eb$$83e8..e9$$$$2e802e......eb$$1eeb$$50eb$$33c0f872..eb\")?(sVersion=\"1.1 (18.05.1996)\",sOptions=\"1996 by PReDaToR 666\",bDetected=1):MSDOS.compareEP(\"e9$$$$f8e9$$$$2e8006......eb$$1eeb$$50e9$$$$33c0f873..e9\")&&(sVersion=\"1.1 (20.05.1996)\",sOptions=\"1996 by PReDaToR 666\",bDetected=1),result()}meta(\"protector\",\"Mutate\")" }, { "path": "dbs_min/db/MSDOS/protector_NOCLIP.2.sg", "content": "function detect(){return MSDOS.compareEP(\"e9$$$$ff26....9c5053518cd8a3\")&&(sVersion=\"4.X\",sOptions=\"by TD Technologia Digital\",bDetected=1),result()}meta(\"protector\",\"NOCLIP\")" }, { "path": "dbs_min/db/MSDOS/protector_NOTA.2.sg", "content": "function detect(){return MSDOS.compareEP(\"eb$$061e33c08ed8be....0e07bf....b9....fcf3a41f8cd3be....8bd48ed6bc....8bf436c744......36c744......8ed38be2ba....e8\")&&(sVersion=\"1.1\",sOptions=\"1990 by Novitex\",bDetected=1),result()}meta(\"protector\",\"NOTA\")" }, { "path": "dbs_min/db/MSDOS/protector_NTShell.2.sg", "content": "function detect(){return MSDOS.compareEP(\"2e8c1e....8cca8eda8ec2fa8ed2bc....fbe80000eb$$b9....5e8bfeeb\")?(sVersion=\"4.0\",sOptions=\"by Mr. ZhouHui\",bDetected=1):MSDOS.compareEP(\"2e8c06....8cc88ed8fa8ed0bc....fbff36....268b1e....8ec333ffb9\")&&(sVersion=\"2.01\",sOptions=\"by Mr. ZhouHui\",bDetected=1),result()}meta(\"protector\",\"NTShell\")" }, { "path": "dbs_min/db/MSDOS/protector_Nodebug.2.sg", "content": "function detect(){return MSDOS.compareEP(\"fcbe....b9....31d22ead01c2e2\")&&(sVersion=\"1.0 part 2\",sOptions=\"by JVP\",bDetected=1),result()}meta(\"protector\",\"Nodebug\")" }, { "path": "dbs_min/db/MSDOS/protector_Novex.2.sg", "content": "function detect(){return MSDOS.compareEP(\"0e1f06b8....bb....0e07cd012ea1....263947..070675..2ec606......eb..06f8b8....cd212e891e....2e8c06....b8\")&&(bDetected=1),result()}meta(\"protector\",\"Novex Key Envelope\")" }, { "path": "dbs_min/db/MSDOS/protector_Overlay.2.sg", "content": "function detect(){return MSDOS.compareEP(\"fa8cc283c2..2e0116....8cc82bc22e8b0e....8bea8bf8be....8bc103c903c881c1....03c18ad983e3..2e0387\")&&(sVersion=\"3.0\",bDetected=1),result()}meta(\"protector\",\"Overlay\")" }, { "path": "dbs_min/db/MSDOS/protector_PACKWIN.2.sg", "content": "function detect(){return MSDOS.compareEP(\"8cc0fa8ed0bc....fb060e1f2e8b0e....8bf14e8bfe8cdb2e031e....8ec3fdf3a453b8....50cb\")&&(sVersion=\"1.0\",sOptions=\"by Yellow Rose\",bDetected=1),result()}meta(\"protector\",\"PACKWIN\")" }, { "path": "dbs_min/db/MSDOS/protector_PC-Guard.2.sg", "content": "function detect(){return MSDOS.compareEP(\"b8....fcfdb9....be....f82e180cf5fcfc74..fccc\")?(sVersion=\"3.05 PRO\",sOptions=\"1994/97 by Ceklic Blagoje //COMSEC\",bDetected=1):MSDOS.compareEP(\"2bdb81cb....f8fdbf....2bd281ca....f52e291dfcf7d3fdfccc\")?(sVersion=\"3.05\",sOptions=\"1994/97 by Ceklic Blagoje //COMSEC\",bDetected=1):(MSDOS.compareEP(\"bb....f5b9....fcfdbe....fdfc2e190cfcfdf8f7d9d1d9f8f8\")||MSDOS.compareEP(\"be....fcb9....fdf5f5ba....fc2e102cf8d1d1d1c9f7d9\")||MSDOS.compareEP(\"33db81c3....f8fdbe....f8f5fcba....f52e111cfcfd72\"))&&(sVersion=\"3.XX\",sOptions=\"by Ceklic Blagoje //COMSEC\",bDetected=1),result()}meta(\"protector\",\"PC-Guard\")" }, { "path": "dbs_min/db/MSDOS/protector_PCOM.2.sg", "content": "function detect(){return MSDOS.compareEP(\"be....b9....2e8a0434..2e880446e2\")&&(sVersion=\"2.8b2, 2.8b3 -e -i\",sOptions=\"1999\",bDetected=1),result()}meta(\"protector\",\"PCOM\")" }, { "path": "dbs_min/db/MSDOS/protector_PROTECT.2.sg", "content": "function detect(){for(var e,c=[0,0,0,0,0,0],r=0,a=MSDOS.OffsetToVA(MSDOS.getEntryPointOffset()),t=0;t<80;){t++\nvar s=MSDOS.readByte(MSDOS.VAToOffset(a))\nif(253!=s&&30!=s&&14!=s&&7!=s&&31!=s&&252!=s||(c[r]=s,r++),6==r)break\na=MSDOS.getDisasmNextAddress(a)}return(compareArrays([253,30,14,14,7,31],c)||compareArrays([253,30,14,7,14,31],c)||compareArrays([252,30,14,31,14,7],c)||compareArrays([252,30,14,14,31,7],c)||compareArrays([30,253,14,7,14,31],c)||compareArrays([30,253,14,14,7,31],c)||compareArrays([30,252,14,31,14,7],c)||compareArrays([30,252,14,14,31,7],c))&&(sVersion=\"5.5\",bDetected=1),MSDOS.compareEP(\"1e0e0e1f07\")||MSDOS.compareEP(\"1e0e0e071f\")||MSDOS.compareEP(\"1e0e1f0e07\")?186!=(e=MSDOS.readByte(MSDOS.getEntryPointOffset()+5))&&187!=e&&189!=e&&190!=e&&191!=e&&232!=e||(sVersion=\"5.0\",sOptions=\"type 1\",bDetected=1):MSDOS.compareEP(\"5053515657061e0e1f\")?(sVersion=\"5.0\",sOptions=\"type 2\",bDetected=1):MSDOS.compareEP(\"0e071e0e1f\")?186!=(e=MSDOS.readByte(MSDOS.getEntryPointOffset()+5))&&187!=e&&189!=e&&190!=e&&191!=e||(sVersion=\"4.1\",bDetected=1):MSDOS.compareEP(\"8cdb0e0e1f07b9....e800005e81c6....89f7ac34..aae2\")?(sVersion=\"4.0\",bDetected=1):MSDOS.compareEP(\"2ea3....8cd82ea3....8cc82ea3....2e892e....33c08ed8fafcbe....0e07\")?(sVersion=\"3.1\",bDetected=1):MSDOS.compareEP(\"2ea3....8cd82ea3....8cc82ea3....2e892e....33c08ec0fafc26a1....2ea3....26a1\")?(sVersion=\"3.0\",bDetected=1):MSDOS.compareEP(\"e8$$$$1e068cc88ed88ec0be....8bfeb9....ac\")?(sVersion=\"2.0\",bDetected=1):MSDOS.compareEP(\"e8$$$$1e068cc88ed88ec02ec606\")?(sVersion=\"1.0\",bDetected=1):MSDOS.compareEP(\"8cd805....50b8....501e068cda83c2..b9....be....0e1fad8bd8ad03c28ec0260117e2\")?(sOptions=\"relocpacker\",sVersion=\"1.0\",bDetected=1):MSDOS.compareEP(\"1eb430cd213c..73..cd20be....e8....e8\")&&(sVersion=\"6.0\",bDetected=1),result()}meta(\"protector\",\"PROTECT! EXE\"),includeScript(\"read\")" }, { "path": "dbs_min/db/MSDOS/protector_PVAC.2.sg", "content": "function detect(){return MSDOS.compareEP(\"33c08ed806be....bf....b9....fcf3a5bf....b2..fa8926....bc....8bf42e8a0402c2a3....a3....8cdb\")&&(sVersion=\"1.04\",sOptions=\"(1993) by Fernando Papa Budzyn\",bDetected=1),result()}meta(\"protector\",\"PVAC\")" }, { "path": "dbs_min/db/MSDOS/protector_PassEXE.2.sg", "content": "function detect(){return MSDOS.compareEP(\"061E0E0E071FBE....B9....871481......EB..C7......840087......FB1F584A\")&&(sVersion=\"2.0\",bDetected=1),result()}meta(\"protector\",\"PassEXE\")" }, { "path": "dbs_min/db/MSDOS/protector_Pksmart.2.sg", "content": "function detect(){return MSDOS.compareEP(\"ba....8cc88bc803c281c1....51b9....511e8cd38d6f..55b1..51fc4bbe....33ff8ed88ec3b1..f3a5484a79..0e078edb33f633ffcb\")&&(sVersion=\"1.0b\",sOptions=\"by Alex\",bDetected=1),result()}meta(\"protector\",\"Pksmart\")" }, { "path": "dbs_min/db/MSDOS/protector_ProtEXE.2.sg", "content": "function detect(){for(var e=MSDOS.getEntryPointOffset(),r=0;r<20;){switch(r++,MSDOS.readByte(e)){case 233:var c,e=32767<(c=MSDOS.readWord(e+1))?e-(65535-c)+2:e+c+3\nbreak\ncase 232:e=32767<(c=MSDOS.readWord(e+1))?e-(65535-c)+2:e+c+3\nbreak\ncase 235:e=127<(c=MSDOS.readByte(e+1))?e-(255-c)+1:e+c+2}var t=MSDOS.readByte(e)\nif((187==t||190==t||191==t)&&MSDOS.compare(\"0600\",e+1)){sVersion=\"3.10-3.11\",bDetected=1\nbreak}if(187!=t&&190!=t&&191!=t&&233!=t&&232!=t&&235!=t)break}return MSDOS.compareEP(\"9c9c5825....509d9c5825....3d....74..9c5825....0d....509d9c5825....74..ba....b0..eb\")?(sVersion=\"2.11\",bDetected=1):MSDOS.compareEP(\"9c505351525657551e06fcb8....cd2184c075..cd20a8..04..eb$$eb$$ba....ec0c..eb\")&&(sVersion=\"3.0\",sOptions=\"by T.Torfs\",bDetected=1),result()}meta(\"protector\",\"ProtEXE\")" }, { "path": "dbs_min/db/MSDOS/protector_Protector.2.sg", "content": "function detect(){return MSDOS.compareEP(\"'FCP/IV'bc....c3\",-6)&&(sOptions=\"by FCP/IV (Future Crew)\",bDetected=1),result()}meta(\"protector\",\"Protector\")" }, { "path": "dbs_min/db/MSDOS/protector_Quadru-Lock.2.sg", "content": "function detect(){return MSDOS.compareEP(\"9c508cda5252bb....8cc8488ed805....8ec0b9....8bf12bf38bfefdf3a44050ffd1\")&&(bDetected=1),result()}meta(\"protector\",\"Quadru-Lock\")" }, { "path": "dbs_min/db/MSDOS/protector_R-Crypt.2.sg", "content": "function detect(){return MSDOS.compareEP(\"e9$$$$68....60bf....b9....b0..2e3005fec047e2..61c706........c606\")&&(sVersion=\"0.91, 0.93\",bDetected=1),result()}meta(\"protector\",\"R-Crypt\")" }, { "path": "dbs_min/db/MSDOS/protector_REC.2.sg", "content": "function detect(){return MSDOS.compareEP(\"061eb430cd213c..73..33c00650cbbf....8b36....2bf781fe....eb$$52ba....5aeb\")?(sVersion=\"0.33-0.35\",bDetected=1):MSDOS.compareEP(\"061e52b8....1ecd2186e03d....73..cd200e1fb4..e8$$$$5acd21\")?(sVersion=\"0.24-0.32\",bDetected=1):MSDOS.compareEP(\"061eb430cd213c..73..33c00650cb\")?(sVersion=\"0.40c2\",bDetected=1):MSDOS.compareEP(\"061e53bb....5beb$$eb$$eb$$2ec606\")&&(sVersion=\"0.40.5, 0.40.6\",bDetected=1),result()}meta(\"protector\",\"REC\")" }, { "path": "dbs_min/db/MSDOS/protector_RHC.2.sg", "content": "function detect(){return MSDOS.compareEP(\"8cd8ba....8eda8ec2a3....b8....cd10b8....8ec0be....bb....b9....518bfbb9....b4..acabe2\")&&(sVersion=\"1.99.test\",sOptions=\"1999 by Rowdy\",bDetected=1),result()}meta(\"protector\",\"RHC\")" }, { "path": "dbs_min/db/MSDOS/protector_ROSETINY.2.sg", "content": "function detect(){return MSDOS.compareEP(\"e8$$$$53bb....5beb$$eb$$582d....50061e5751e8$$$$e8$$$$5fb9....b8....2e87052e3145..47d1c8e2\")?bDetected=1:MSDOS.compareEP(\"eb$$5053b430cd2186e03d....73..cd2006502bc08ec08506....b8....eb\")&&(sVersion=\"0.95\",bDetected=1),result()}meta(\"protector\",\"RoseTiny\")" }, { "path": "dbs_min/db/MSDOS/protector_SSI-Lock.2.sg", "content": "function detect(){return MSDOS.compareEP(\"1e0e1fba....b4..cd211f2bc00650cb\")?(sVersion=\"3.0 (overlay)\",sOptions=\"1991, 1992 by Software Security, Inc.\",bDetected=1):MSDOS.compareEP(\"2e8c06....2e8c1e....0e1f8c06....892e....893e....8936....8916....890e....891e....a3....9c5825....a3....fb0e1f\")&&(sVersion=\"3.0\",sOptions=\"1991, 1992 by Software Security, Inc.\",bDetected=1),result()}meta(\"protector\",\"SSI-Lock\")" }, { "path": "dbs_min/db/MSDOS/protector_Secure.2.sg", "content": "function detect(){var e\nreturn MSDOS.compareEP(\"8CC805....50B8....50B0..068CD20683....50B0..52FC508CD28CCDBB....03EB4A8EDD8EC24DB9....33FFBE....AD35....ABE2\")||MSDOS.compareEP(\"8CC805....50B8....50CB\")?(sVersion=\"2.1b\",bDetected=1):MSDOS.compareEP(\"e8$$$$fa4c904c81f3....56be....5eeb$$eb$$81f3....444490fb5bf7c2....eb$$53b9....eb\")?(sVersion=\"0.29\",bDetected=1):MSDOS.compareEP(\"e8\")&&(e=MSDOS.readWord(MSDOS.getEntryPointOffset()+1)+MSDOS.getEntryPointOffset()+3,-1!=MSDOS.findSignature(e,MSDOS.getSize()-e,\"2e8037..43e2f9\"))&&(sVersion=\"0.19\",bDetected=1),result()}meta(\"protector\",\"Secure\")" }, { "path": "dbs_min/db/MSDOS/protector_SelfChk.2.sg", "content": "function detect(){return MSDOS.compareEP(\"1e1eb430cd21b44c3c..73..cd21be....e8....e8....b8....1f07e9....0e0e1f07fcc3\")&&(sVersion=\"1.21\",sOptions=\"1999 by Tsahi Chitin\",bDetected=1),result()}meta(\"protector\",\"SelfChk\")" }, { "path": "dbs_min/db/MSDOS/protector_Shrink.2.sg", "content": "function detect(){return MSDOS.compareEP(\"509CFCBE....BF....57B9....F3A48B......BE....BF....F3A4C3\")?(sVersion=\"1.0\",bDetected=1):MSDOS.compareEP(\"E9....509CFCBE....8BFE8CC805....8EC00657B9\")&&(sVersion=\"2.0\",bDetected=1),result()}meta(\"protector\",\"Shrink\")" }, { "path": "dbs_min/db/MSDOS/protector_SnoopStop.2.sg", "content": "function detect(){return MSDOS.compareEP(\"..E9....EB..20......73..20....411A05\")&&(sVersion=\"1.15\",bDetected=1),result()}meta(\"protector\",\"SnoopStop\")" }, { "path": "dbs_min/db/MSDOS/protector_SuckStop.2.sg", "content": "function detect(){return MSDOS.compareEP(\"EB......BE....B430CD21EB..9B\")?(sVersion=\"1.11\",bDetected=1):MSDOS.compareEP(\"'KAOT'58eb$$be....b430cd21eb$$3c..77..cd204e75..6a..0e6a..fec3cf\")?(sVersion=\"1.11r\",sOptions=\"1997 by KA0T //N0Ps\",bDetected=1):MSDOS.compareEP(\"'KAOT'5ceb$$be....b430cd21eb$$3c..77..cd204e75..c706........1e6a..0fa1\")?(sVersion=\"1.10r\",sOptions=\"1997 by KA0T //N0Ps\",bDetected=1):MSDOS.compareEP(\"'KAOT'5ceb$$be....b430cd21eb$$3c..77..cd204e75..6a..0e6a..fec3cf\")?(sOptions=\"1997 by KA0T //N0Ps\",bDetected=1):MSDOS.compareEP(\"3a324a1d....fb37fb1d....1d....be....81ee....6a..593a32\")&&(sVersion=\"1.0\",sOptions=\"1997 by KA0T //N0Ps\",bDetected=1),result()}meta(\"protector\",\"SuckStop\")" }, { "path": "dbs_min/db/MSDOS/protector_TCEC.2.sg", "content": "function detect(){return MSDOS.compareEP(\"e4640c..e66466fae800005d81ed....b8....8bd48da6....b9....8bdc2ec00f..2e30072e000f44e2\")?(sVersion=\"3.59r5\",sOptions=\"by ThE CLERiC! //LZ0, EVD\",bDetected=1):MSDOS.compareEP(\"54434543b9....83c4..33c0509df326ace3..eb\")&&(sVersion=\"3.55\",sOptions=\"by ThE CLERiC! //LZ0, EVD\",bDetected=1),result()}meta(\"protector\",\"TCEC\")" }, { "path": "dbs_min/db/MSDOS/protector_TraceLock.2.sg", "content": "function detect(){return MSDOS.compareEP(\"1e06e8$$$$0e0e1f07b4..b9....be....8bfefcac32c4d2c802e1aae2..b8....35....8706....c3\")&&(sVersion=\"0.9\",bDetected=1),result()}meta(\"protector\",\"TraceLock\")" }, { "path": "dbs_min/db/MSDOS/protector_Trap.2.sg", "content": "function detect(){return MSDOS.compareEP(\"e800005b83c3..908bd3e8$$$$5b2e803f..74..90908bdab9....eb\")?(sVersion=\"1.21\",sOptions=\"by Christoph Gabler\",bDetected=1):MSDOS.compareEP(\"8cd0bb....8ed333c98ed0b9....eb$$e2..33d2\")?(sVersion=\"1.18\",sOptions=\"by Christoph Gabler\",bDetected=1):MSDOS.compareEP(\"8cd0bb....8ed333d28ed0b9....eb$$e2..33d2\")?(sVersion=\"1.X\",sOptions=\"by Christoph Gabler\",bDetected=1):MSDOS.compareEP(\"b9....eb$$e2$$eb..90cd20e2\")?(sVersion=\"1.15\",sOptions=\"by Christoph Gabler\",bDetected=1):MSDOS.compareEP(\"e800005b83c3..908bd3e8$$$$5b2e803f..74..90908bdab9....2ec0\")?(sVersion=\"1.20\",sOptions=\"1998 by Christoph Gabler\",bDetected=1):MSDOS.compareEP(\"05....eb$$bb....81ebfa..85f9eb$$eb$$39fbeb\")?(sVersion=\"1.22\",sOptions=\"by Christoph Gabler\",bDetected=1):MSDOS.compareEP(\"81ea....eb$$b9....81c1....39d0bb....85c3b9....f505....bb....ba....81c2\")?(sVersion=\"1.23\",sOptions=\"by Christoph Gabler\",bDetected=1):MSDOS.compareEP(\"eb$$39c281c3....eb$$81c3....39cc81ea....39e2b9....85da39e9eb\")?(sVersion=\"1.24\",sOptions=\"by Christoph Gabler\",bDetected=1):MSDOS.compareEP(\"8cd1ba....8ed233d28ed18bcaeb\")?(sVersion=\"1.13\",sOptions=\"by Christoph Gabler\",bDetected=1):MSDOS.compareEP(\"e8$$$$5d81ed....458cd68bfc0f23c70f23ceb0..e6..fa0e17\")?(sVersion=\"1.26b1\",sOptions=\"2000 by Christoph Gabler\",bDetected=1):MSDOS.compareEP(\"8cd1ba....8ed233d28ed18bcab9....eb\")&&(sVersion=\"1.14\",sOptions=\"by Christoph Gabler\",bDetected=1),result()}meta(\"protector\",\"Trap\")" }, { "path": "dbs_min/db/MSDOS/protector_Un2pack.2.sg", "content": "function detect(){return MSDOS.compareEP(\"9cba....2d....81e1....81f3....b4..9db8....ba....8cdb03d83b1e....73..83eb..fa8ed3bc\")&&(sVersion=\"2.0\",sOptions=\"1994 by The CCS-Productions\",bDetected=1),result()}meta(\"protector\",\"Un2pack\")" }, { "path": "dbs_min/db/MSDOS/protector_UnPackStop.2.sg", "content": "function detect(){var e\nreturn MSDOS.compareEP(\"3670..b8....81c0....bb....43e8....5f83c7..0e570656cbbe....eb\")?(sVersion=\"0.9X\",sOptions=\"by Szaszi (Szabo Laszlo)\",bDetected=1):MSDOS.compareEP(\"68....c3\")?(e=MSDOS.readWord(MSDOS.getEntryPointOffset()+1)-32,MSDOS.compare(\"bf....e2..a541b9....2e31154747e2\",e)?(sVersion=\"0.95\",sOptions=\"by Szaszi (Szabo Laszlo)\",bDetected=1):MSDOS.compare(\"b9....39fe2e31154747eb\",e)&&(sVersion=\"0.95 freeware\",sOptions=\"by Szaszi (Szabo Laszlo)\",bDetected=1)):MSDOS.compareEP(\"4e46555dbb....70..b8....81c0....4c44cd213efc268b2e....8ec5\")||MSDOS.compareEP(\"b8....40bb....4be8$$$$be....eb$$5f83c7..0e570656cb\")?(sVersion=\"0.94\",sOptions=\"by Szaszi (Szabo Laszlo)\",bDetected=1):MSDOS.compareEP(\"424a5159bb....4bb8....404a42cd2190fc\")&&(sVersion=\"0.96\",sOptions=\"by Szaszi (Szabo Laszlo)\",bDetected=1),result()}meta(\"protector\",\"UnPackStop\")" }, { "path": "dbs_min/db/MSDOS/protector_XDOC.2.sg", "content": "function detect(){return MSDOS.compareEP(\"2e8c16....eb00ea....ffff\")&&(sVersion=\"1.20\",bDetected=1),result()}meta(\"protector\",\"XDOC\")" }, { "path": "dbs_min/db/MSDOS/protector_aPatch.2.sg", "content": "function detect(){return MSDOS.compareEP(\"e8$$$$fde8$$$$ffc75e83ee..e8$$$$5d8176......c646....eb$$ffe5\")&&(sVersion=\"0.05-0.33\",bDetected=1),result()}meta(\"protector\",\"aPatch\")" }, { "path": "dbs_min/db/MSDOS/protector_cramble.2.sg", "content": "function detect(){return MSDOS.compareEP(\"E9....609CFC..................01..012A..FF\")&&(sVersion=\"0.2b3\",bDetected=1),result()}meta(\"protector\",\"cramble\")" }, { "path": "dbs_min/db/MSDOS/protector_iLUCRYPT.2.sg", "content": "function detect(){return MSDOS.compareEP(\"8becfac746......4c4cc3fbbf....b8....2e3105d1c84f\")?(sVersion=\"4.01X\",sOptions=\"by Christian Schwarz\",bDetected=1):MSDOS.compareEP(\"bf....b8....2e3105d1c84f81ff....73..b7..df53..961e\")&&(sVersion=\"4.017\",sOptions=\"by Christian Schwarz\",bDetected=1),result()}meta(\"protector\",\"iLUCRYPT\")" }, { "path": "dbs_min/db/MSDOS/protector_nbuild.2.sg", "content": "function detect(){return MSDOS.compareEP(\"B9....BB....C0....80....43E2\")&&(sVersion=\"1.0\",bDetected=1),result()}meta(\"protector\",\"nbuild\")" }, { "path": "dbs_min/db/MSDOS/runtime_VROOMM.4.sg", "content": "function detect(){return MSDOS.compareOverlay(\"46424f56\")&&(bDetected=1),result()}meta(\"runtime\",\"VROOMM (Virtual Real-time Object-Oriented Memory)\")" }, { "path": "dbs_min/db/MSDOS/self-displayer_ANS2ALL.1.sg", "content": "function detect(){return MSDOS.compareEP(\"eb$$be....bf....b9....8ccd81ed....8bdd83eb..8bd3fcfa909090909090\")&&(sVersion=\"0.9beta\",sOptions=\"by ZeroCoder //XG\",bDetected=1),result()}meta(\"self-displayer\",\"ANS2ALL\")" }, { "path": "dbs_min/db/MSDOS/self-displayer_GIFEXE.1.sg", "content": "function detect(){return MSDOS.compareEP(\"ba....2e8916....b430cd218b2e....8b1e....8edaa3....8c06\")&&MSDOS.compareOverlay(\"'GIF87a'\")&&MSDOS.isSignaturePresent(MSDOS.getSize()-6,6,\"'GIFEXE'\")&&(sVersion=\"1.0\",sOptions=\"1990, 1991 by Steve Enns and Dan Magosse\",bDetected=1),result()}meta(\"self-displayer\",\"GIFEXE\")" }, { "path": "dbs_min/db/MSDOS/self-displayer_RELETTER.1.sg", "content": "function detect(){return MSDOS.compareEP(\"e9$$$$bc....bf....bb....8a0784c075..e9....438a073c..74..3c..74..89da438a073c..74\")&&(sVersion=\"1.0\",sOptions=\"1993 by Hans J. Baer (converted to exe)\",bDetected=1),result()}meta(\"self-displayer\",\"RELETTER\")" }, { "path": "dbs_min/db/MSDOS/self-displayer_SimplyWare.1.sg", "content": "function detect(){var e\nreturn MSDOS.compareEP(\"b8....8ed88c06....fa8ed0bc....fbb430cd21a3....0650b434cd218c06....8bc3485b86df81fb\")&&(e=MSDOS.getOverlayOffset(),-1!=MSDOS.findSignature(e-4096,4096,\"'Simply Docs Viewer'\")?(sName=\"Simply Docs Viewer\",sVersion=\"3.0\",sOptions=\"1990-94 by SimpleWare\",bDetected=1):MSDOS.compareOverlay(\"'Simply Help!'\")&&(sName=\"Simply Help! TSR Viewer\",sOptions=\"1990-94 by SimpleWare\",bDetected=1)),result()}meta(\"self-displayer\",\"\")" }, { "path": "dbs_min/db/MSDOS/self-displayer_TXT2COM.1.sg", "content": "function detect(){return MSDOS.compareEP(\"e8$$$$c706........803e......75..8d36....e8....e8....e8....e8....e8....ffa7\")?(sVersion=\"1.1\",sOptions=\"1987 by Keith P. Graham\",bDetected=1):MSDOS.compareEP(\"8d26....e8$$$$b4..cd103c..74..c706........c706........3c..74..3c..74..8d16....b409cd21cd20c706\")&&(sVersion=\"2.06\",sOptions=\"1989 by Keith P. Graham\",bDetected=1),result()}meta(\"self-displayer\",\"TXT2COM + generic com2exe\")" }, { "path": "dbs_min/db/MSDOS/self-displayer_TXTmaker.1.sg", "content": "function detect(){return MSDOS.compareEP(\"eb$$b4..33dbcd1080fc..74..b0..eb$$b44ccd21\")&&(sVersion=\"1.22\",sOptions=\"1991 by Jack A. Orman\",bDetected=1),result()}meta(\"self-displayer\",\"TXTmaker\")" }, { "path": "dbs_min/db/MSDOS/self-displayer_Txt2Exe.1.sg", "content": "function detect(){return MSDOS.compareEP(\"8cc88ed88cc08ed0bc....b4..cd10a2....3c..74..268a1e....0e07\")&&(sVersion=\"4.01\",sOptions=\"1996 by Wang Lisan\",bDetected=1),result()}meta(\"self-displayer\",\"Txt2Exe\")" }, { "path": "dbs_min/db/MSDOS/self-displayer_self-displayer.1.sg", "content": "function detect(){return MSDOS.compareEP(\"b8....cd10b409ba....eb$$cd21b409ba....eb$$cd21b409ba....eb\")&&(sOptions=\"1997 //d4c\",bDetected=1),result()}meta(\"self-displayer\",\"Unknown\")" }, { "path": "dbs_min/db/MSDOS/sfx_ARC.1.sg", "content": "function detect(){return MSDOS.compareEP(\"8CC88CDB8ED88EC089......2BC3A3....89......BE....B9....BF....BA....FCAC32C28AD8\")?(sVersion=\"1.10\",sOptions=\"1986-89 by Wayne Chin and Vernon D. Buerg\",bDetected=1):MSDOS.compareEP(\"558bec83ec..32c02ea2....2ea2....2ea2....8cd78ec78d7e..be....fcac3c..74..3c..76..3c..75..ac\")||MSDOS.compareEP(\"558bec83ec..a1....2ea3....2ec606......8cd78ec78d7e..be....fcac3c..74..3c..76..3c..75..ac\")?(sOptions=\"1988-89 by NoGate Consulting\",bDetected=1):MSDOS.compareEP(\"bb....8edb8c06....c706........8cd02bc3b9....d3e003c4fa8ed38be0fb05....b9....d3e8408cd303c3a3\")&&(sVersion=\"7.1\",sOptions=\"1990 by System Enhancement Associates (SEA), Inc.\",bDetected=1),result()}meta(\"sfx\",\"ARC SFX\")" }, { "path": "dbs_min/db/MSDOS/sfx_ARJ.1.sg", "content": "function detect(){return MSDOS.compare(\"'RJSX'\",28)?(sVersion=\"old\",bDetected=1):MSDOS.isSignaturePresent(0,Math.min(1e3,MSDOS.getSize()),\"'aRJsfX'\")&&(bDetected=1),result()}meta(\"sfx\",\"ARJ\")" }, { "path": "dbs_min/db/MSDOS/sfx_ChSFX.1.sg", "content": "function getChSFXVersion(){var e=\"\",$=MSDOS.findString(0,Math.min(256,MSDOS.getSize()),\"ChSFX\")\nreturn e=-1!=$?(e=MSDOS.getString($+6)).replace(/\\s+$/,\"\"):e}function detect(){return(MSDOS.compareEP(\"ba....e8$$$$1e0e1fe8$$$$52568bf2fcb4..eb$$ac0ac075\")||MSDOS.compareEP(\"8d16....e8$$$$1e0e1fe8$$$$52568bf2fcb4..eb$$ac0ac075\"))&&(sVersion=getChSFXVersion(),bDetected=1),result()}meta(\"sfx\",\"CHZ SFX (ChSFX)\")" }, { "path": "dbs_min/db/MSDOS/sfx_EXARJ.1.sg", "content": "function detect(){return MSDOS.compareEP(\"fcbb....e8....b430cd218bd8063c..72..8e06....33c08bf8b9....f2aeae75..40af061f8bd775..e8\")&&(sOptions=\"1994 by Jakub Jelinek\",bDetected=1),result()}meta(\"sfx\",\"EXARJ small\")" }, { "path": "dbs_min/db/MSDOS/sfx_ICE.1.sg", "content": "function detect(){return MSDOS.compareEP(\"eb$$be....8bfe8b0e....8b16....b8....50fcad33c2ab8bd0e2\")&&(sVersion=\"1.0\",bDetected=1),result()}meta(\"sfx\",\"ICE SFX\")" }, { "path": "dbs_min/db/MSDOS/sfx_LH.1.sg", "content": "function detect(){return MSDOS.compare(\"'LH'27's SFX '\",36)&&(bDetected=1),result()}meta(\"sfx\",\"LH\")" }, { "path": "dbs_min/db/MSDOS/sfx_LHA.1.sg", "content": "function detect(){return MSDOS.compareEP(\"eb$$fcbc....8cc805....8ec0eb$$bb....e8....061fb430cd218bd81e3c..72..368e06....33c08bf8b9....f2aeae\")?(sVersion=\"2.05L, 2.10-2.13, 2.55\",bDetected=1):MSDOS.compareEP(\"eb$$fcbc....8cc805....8ec0e8....bb....e8....061fb430cd218bd81e3c..72..368e06....33c08bf8\")?(sVersion=\"2.13\",bDetected=1):MSDOS.compareEP(\"eb$$00fcbc....8cc805....8ec0eb$$bb....e8....061fb430cd218bd81e3c..72..368e06....33c08bf8b9....f2aeae\")?(sVersion=\"2.13S\",sOptions=\"converted to exe\",bDetected=1):MSDOS.compareEP(\"e9$$$$fcbc....8cc805....8ec0b8....cd21be....268816....26c706........ac\")&&(sVersion=\"1.13L\",sOptions=\"converted to exe\",bDetected=1),result()}meta(\"sfx\",\"LHA SFX\")" }, { "path": "dbs_min/db/MSDOS/sfx_LHarc.1.sg", "content": "function detect(){return MSDOS.compareEP(\"eb$$fcbc....bb....e8....8cc82e0306....8ed88ec005....2e3b06....76..bb....e9....bf....33d28bc2b9....d1e873..35....e2..abfec275..be....bf....b8....ba....2e3a24\")?(sVersion=\"1.13S, 1.13L\",bDetected=1):MSDOS.compareEP(\"e9$$$$fcbc....bb....e8....8cc805....8ec0b8....cd21be....268816....26c706........ace8....74..263a06\")?(sVersion=\"1.14c\",bDetected=1):MSDOS.compareEP(\"e9$$$$fcbc....e8....9090908cc805....8ec0b8....cd21be....268816....26c706........ace8....74..263a06\")?bDetected=1:MSDOS.compareEP(\"eb$$0d....fcbc....bb....e8....8cc82e0306....8ed88ec005....2e3b06....76..bb....e9\")&&(sVersion=\"1.14c\",bDetected=1),result()}meta(\"sfx\",\"LHarc SFX\")" }, { "path": "dbs_min/db/MSDOS/sfx_PKSFX.1.sg", "content": "function detect(){return MSDOS.compareEP(\"b430cd213c..73..cd20bf....8b36....2bf776..8bc405....d1d8b1..d3e83bf0\")&&MSDOS.compareOverlay(\"1a\")&&(sOptions=\"ARC\",bDetected=1),result()}meta(\"sfx\",\"PKSFX\")" }, { "path": "dbs_min/db/MSDOS/sfx_PKZIP-SFX.1.sg", "content": "function detect(){return MSDOS.compareEP(\"fc2e8c......a1....8ccb81c3....3bc372..2d....2d....fabc....8ed0fb2d....a3....8ec0e8....a1\")&&(sVersion=\"1.1(1989-90)\",bDetected=1),result()}meta(\"sfx\",\"PKZIP-SFX\")" }, { "path": "dbs_min/db/MSDOS/sfx_PKZIP_mini-sfx.1.sg", "content": "function detect(){return MSDOS.compareEP(\"b9....bf....2bcf32c0f3aab430cd21a3....8926....e8....b8....e8....e8\")&&(sVersion=\"2.04c(1992)\",bDetected=1),MSDOS.compareEP(\"b8....a3....bf....b9....2bcf32c0f3aab430cd21a3....a1....a3....e8....b8\")&&(sVersion=\"1.1(1990)\",bDetected=1),result()}meta(\"sfx\",\"PKZIP mini-sfx\")" }, { "path": "dbs_min/db/MSDOS/sfx_SFX.1.sg", "content": "function detect(){return MSDOS.compareEP(\"fc1e8a1e....16070e1f33d2e8....bd....885e..8f46..bf....33d28bc2b9....d1e873..35....e2..abfec275..be....e8\")&&(sVersion=\"3.33\",sOptions=\"(LHA archive) by LARC\",bDetected=1),result()}meta(\"sfx\",\"SFX\")" }, { "path": "dbs_min/db/MSDOS/sfx_ZOO.1.sg", "content": "function detect(){return MSDOS.compareEP(\"ba....2e8916....8b2e....8eda8c06....b8....8cda05....83c3..8ed28be0e8\")&&MSDOS.compareOverlay(\"'ZOO'............'Archive'\")&&(bDetected=1),result()}meta(\"sfx\",\"ZOO SFX\")" }, { "path": "dbs_min/db/MSDOS/unknown_immunizer.1.sg", "content": "function detect(){return MSDOS.compareEP(\"be....e9$$$$501e06b8....cd21fc80fc..75..3c..75..b4..cd213c\")?(sOptions=\"type 1\",bDetected=1):MSDOS.compareEP(\"be....8e06....8cdd31ff8bc7b9....f2aeae75..af061f\")&&(sOptions=\"type 2\",bDetected=1),result()}meta(\"immunizer\",\"unknown immunizer\")" }, { "path": "dbs_min/db/MSDOS/virus.1.sg", "content": "function detect(){return MSDOS.compareEP(\"e8....5e83ee..b8....cd213d....75..0e1f81c6....bf....b9....fcf3a4061f06b8....50cb\")?(sName=\"TaiPan.438\",bDetected=1):MSDOS.compareEP(\"e9$$$$9090be....8bfee8$$$$5081c7....b9....b8....902e31054790e2\")&&(sName=\"Burglar.1150\",bDetected=1),result()}meta(\"virus\",\"\")" }, { "path": "dbs_min/db/NE/_NE.0.sg", "content": "function detect(){return NE.isVerbose()&&(sName=NE.getOperationSystemName(),sVersion=NE.getOperationSystemVersion(),sOptions=NE.getOperationSystemOptions(),bDetected=1),result()}meta(\"operation system\",\"Windows\")" }, { "path": "dbs_min/db/NE/_init", "content": "var File=NE,X=NE" }, { "path": "dbs_min/db/NE/compiler_Borland_C++.1.sg", "content": "function detect(){return NE.compareEP(\"53510633c0509a........5807595b9a........0bc075..e9\")?(sOptions=\"1994 type 1\",bDetected=1):NE.compareEP(\"893e....56571e510656e3..1e33c050519a........91e3\")?(sOptions=\"1994 type 2\",bDetected=1):NE.compareEP(\"53510633c050e8....5807595b9a........0bc075..e9\")?(sOptions=\"1993 type 1\",bDetected=1):NE.compareEP(\"b8....8ed853510633c0509a........5807595b9a........0bc075..e9\")?(sOptions=\"1993 type 2\",bDetected=1):NE.compareEP(\"893e....56571e510656e3..1e33c05051900ee8....91e3\")&&(sOptions=\"1991\",bDetected=1),result()}meta(\"compiler\",\"Borland C++\")" }, { "path": "dbs_min/db/NE/compiler_Borland_Pascal.1.sg", "content": "function detect(){return NE.compareEP(\"9a........9a........9a........9a........9a........5589e56a..9a........ff36....bf....1e5768....9a\")&&(sVersion=\"7.1\",bDetected=1),result()}meta(\"compiler\",\"Borland Pascal\")" }, { "path": "dbs_min/db/NE/compiler_Watcom_C.1.sg", "content": "function detect(){return NE.compareEP(\"e9$$$$9a........0bc074..8c06....5756065352891e....8c06....2bc0509a\")||NE.compareEP(\"e9$$$$b9....51b9....51b9....51b9....5153508cd18bdc83c3..8cd2b8....ea\")||NE.compareEP(\"e9$$$$535152565706558becb9....51b9....51b9....51b9....5153508cd18bdc83c3..8cd2b8....9a\")?(sOptions=\"1991\",bDetected=1):NE.compareEP(\"e9$$$$9a........0bc075..e9....8c06....575606535253be....8936....8c1e....268a078804\")?(sOptions=\"1993\",bDetected=1):NE.compareEP(\"eb$$9a........09c075..e9....8c06....5756065352891e....8c06....29c0509a\")||NE.compareEP(\"eb$$5351525657065589e553508cd189e383c3..8cd23eb8....9a\")?(sName=\"Watcom C/C++16\",sOptions=\"1995\",bDetected=1):NE.compareEP(\"e9$$$$535152565706558bec53508cd18bdc83c3..8cd2b8\")?(sOptions=\"1992\",bDetected=1):NE.compareEP(\"eb$$535152565706558bec53508cd18bdc83c3..8cd2b8\")?(sName=\"Open Watcom C/C++16 for OS/2\",sOptions=\"2002\",bDetected=1):NE.compareEP(\"eb$$9a........0bc075$$8c06....575606535253be\")&&(sName=\"Open Watcom C/C++16 for Windows\",sOptions=\"2002\",bDetected=1),sLang=-1!==sName.indexOf(\"C++\")?\"C\":\"C++\",result()}meta(\"compiler\",\"Watcom C\")" }, { "path": "dbs_min/db/NE/game_engine_DirectorPlayer.1.sg", "content": "function detect(){return NE.compareOverlay(\"140002004d11650000000200c0252500\")&&(sVersion=\"1.0-3.0\",bDetected=1),result()}meta(\"game engine\",\"Director Player\")" }, { "path": "dbs_min/db/NE/installer_CoktelVisionInstaller.1.sg", "content": "function detect(){return NE.compareOverlay(\"65000300ea010400fa0c0300e6010400\")&&(bDetected=1),result()}meta(\"installer\",\"Coktel Vision\")" }, { "path": "dbs_min/db/NE/installer_Setup-Specialist.1.sg", "content": "function detect(){return NE.compareEP(\"eb$$53510633c0509a........5807595b9a........0bc075..e9\")?(sOptions=\"1995-1998 by Thilo-Alexander Ginkel\",bDetected=1):NE.compareEP(\"eb$$53510633c050900ee8....5807595b9a........0bc075..e9\")&&(sOptions=\"1995-1997 by Thilo-Alexander Ginkel\",bDetected=1),result()}meta(\"installer\",\"Setup-Specialist\")" }, { "path": "dbs_min/db/NE/library_MS_RTL.4.sg", "content": "function detect(){return NE.compareEP(\"fca3....891e....49890e....bb....8c1f83e4..8967..b8....508967..f7d0508967..8967..8926....1e68....1e68....9a\")?(sOptions=\"1990 type 1\",bDetected=1):NE.compareEP(\"558bec508bc416509a........5886e0a3....1e68....1e68....9a\")?(sOptions=\"1988 type 1\",bDetected=1):NE.compareEP(\"fc8926....8926....8c1e....49890e....a3....891e\")?(sOptions=\"1988 type 2\",bDetected=1):NE.compareEP(\"fc8926....49890e....a3....891e....1e68....1e68....9a\")?(sOptions=\"1988 type 3\",bDetected=1):NE.compareEP(\"c8......57561eb8....8ed89a\")?(sOptions=\"1990 type 2\",bDetected=1):NE.compareEP(\"c8......5756bb....8ec326a3....9a\")&&(sOptions=\"1990 type 3\",bDetected=1),result()}meta(\"library\",\"MS RTL\")" }, { "path": "dbs_min/db/NE/sfx_ARC_SFX.1.sg", "content": "function detect(){return NE.compareEP(\"a3....891e....890e....8b0e....bb....e8....72..8b0e....bb....e8....73..b9....890e....bb....e8\")&&(sOptions=\"1991 by SEA, Inc.\",bDetected=1),result()}meta(\"sfx\",\"ARC SFX\")" }, { "path": "dbs_min/db/NE/sfx_PKZIP-SFX.1.sg", "content": "function detect(){return NE.compareEP(\"fca3....891e....49890e....bb....8c1f83e4..8967..b8....508967..f7d0508967..8967..8926....508bc416509a\")&&(sOptions=\"1989-91 by PKWARE Inc.\",bDetected=1),result()}meta(\"sfx\",\"PKZIP-SFX\")" }, { "path": "dbs_min/db/NE/sfx_Sydex_SFX.1.sg", "content": "function detect(){return NE.compareEP(\"b8....8ec0e8....ba....3d....72..e8....26a3....26890e....268916....68....1ee8....83c4..ba....85c074\")&&(sOptions=\"1995 by Sydex, Inc.\",bDetected=1),result()}meta(\"sfx\",\"Sydex SFX\")" }, { "path": "dbs_min/db/NPM/_NPM.0.sg", "content": "function detect(){return NPM.isVerbose()&&(sType=\"operation system\",sName=NPM.getOperationSystemName(),sVersion=NPM.getOperationSystemVersion(),sOptions=NPM.getOperationSystemOptions(),bDetected=1),result()}meta(\"format\",\"NodeJS package\")" }, { "path": "dbs_min/db/NPM/_init", "content": "var File=NPM,X=NPM" }, { "path": "dbs_min/db/NPM/language_JavaScript.5.sg", "content": "function detect(){return NPM.isArchiveRecordPresentExp(\"(.*?).js\")&&(bDetected=1),result()}meta(\"language\",\"JavaScript\")" }, { "path": "dbs_min/db/NPM/language_TypeScript.5.sg", "content": "function detect(){return NPM.isArchiveRecordPresentExp(\"(.*?).ts\")&&(bDetected=1),result()}meta(\"language\",\"TypeScript\")" }, { "path": "dbs_min/db/NPM/package_PackageName.1.sg", "content": "function detect(){var e=NPM.getPackageJsonRecord(\"name\")\nreturn e&&(sName=e,sVersion=NPM.getPackageJsonRecord(\"version\"),bDetected=1),result()}meta(\"package\",\"\")" }, { "path": "dbs_min/db/PDF/_PDF.0.sg", "content": "function detect(){return sName=PDF.getFileFormatName(),sVersion=PDF.getFileFormatVersion(),sOptions=PDF.getFileFormatOptions(),bDetected=1,result()}meta(\"format\",\"PDF\")" }, { "path": "dbs_min/db/PDF/_init", "content": "var File=PDF,X=PDF" }, { "path": "dbs_min/db/PDF/converter_markdown-pdf.3.sg", "content": "function detect(){return PDF.compare(\"'%PDF-1.4'0A'1 0 obj'0A'<<'0A'/Title ('FEFF')'0A'/Creator ('FEFF')'0A'/Producer ('FEFF00'Q'00't'00' '00'5'00'.'00'5'00'.'00'1)'\")&&(sVersion=\"11.0.0\",bDetected=1),result()}meta(\"converter\",\"markdown-pdf\")" }, { "path": "dbs_min/db/PDF/converter_mdpdf.3.sg", "content": "function detect(){return PDF.compare(\"'%PDF-1.4'0A'%'D3EBE9E10A'1 0 obj'0A'<> '0D'endobj'\")&&_setResult(\"protector\",\"RTSN_secure\",\"1.0\",\"\")}meta(\"format\",\"pdf\")" }, { "path": "dbs_min/db/PDF/format_Tools.2.sg", "content": "function detect(){for(var e=PDF.getStringValuesByKey(\"/Creator\"),t=0;tr.VirtualSize)for(var t=(t=r.FileOffset+r.VirtualSize)+511&-512;!detect_Cab(t,r.FileSize,e)&&t>r.FileOffset&&!_isStop();)t-=512}return result()}includeScript(\"cab\")" }, { "path": "dbs_min/db/PE/Microsoft.6.sg", "content": "function detect(){var i=\"\",r=\"\",v=\"\",e=\"\",s=\"\",o=\"\",n=\"\",c=\"\",A=\"\",p=\"\",t=\"\",C=\"\",E=\"\",a=\"\",P=\"\",h=\"\",$=\"\",m=\"\",O=\"\",l=\"\",y=\"\"\nfunction R(){return PE.findString(PE.section[0].FileOffset,PE.getSize(),\".NETCoreApp,Version=v\")}function V(i){i=(i=(i=PE.getString(i).split(\"=\")[1])&&\"v\"!==i[0]&&7>> Update DIE Engine to 3.20 and higher for using Heuristic-analyzer by DosX <<<\"),!0)}function stubForWrongEnvironment(){return\"undefined\"==typeof PE?(stdout(\">>> Wrong environment! 'PE' is undefined. Check DIE-engine for correct installation <<<\"),!0):(PE.isHeuristicScan()&&PE.isVerbose()&&!_getNumberOfResults(\"operation system\")&&stdout(\">>> Script is running outside the environment! Are you in debug mode? <<<\"),!1)}function stdout(e){if(\"object\"==typeof console)console.warn(e)\nelse if(\"object\"==typeof File)_setResult(\"~warning\",e,\"\",\"\")\nelse{if(\"function\"!=typeof _error)throw e\n_error(e)}}function initializeCache(){var e,t={isArchX86:isArchX86,isCppClrLikeApp:isCppClrLikeApp,isVbNetStandardLibraryPresent:isVbNetStandardLibraryPresent,isJscriptNetStandardLibraryPresent:isJscriptNetStandardLibraryPresent,firstEpAsmInstruction:getFirstEpAsmInstruction,is64bit:PE.is64,isDotNet:PE.isNet,isDynamicLinkLibrary:PE.isDll,isNetGlobalCctorPresent:PE.isNetGlobalCctorPresent,isRichSignaturePresent:PE.isRichSignaturePresent,numberOfSections:PE.getNumberOfSections,numberOfRichIDs:PE.getNumberOfRichIDs,numberOfUnmanagedResources:PE.getNumberOfResources,numberOfUnmanagedImports:PE.getNumberOfImports,numberOfUnmanagedExports:PE.getNumberOfExports,indexOfImportsSection:PE.getImportSection,indexOfExportsSection:PE.getExportSection,nameOfNetAssemblyName:PE.getNetAssemblyName,nameOfNetModuleName:PE.getNetModuleName}\nfor(e in t){var i=t[e]\ni?PE_Cached[e]=i():stdout(\">>> PE API function '\"+e+\"' is undefined! <<<\")}}function unloadCache(){PE_Cached=void 0}function scanForObfuscations_NET(){log(logType.nothing,\"Scanning for obfuscation...\")\nvar e=\"\",t=!1,i=!1,i=(PE_Cached.isDynamicLinkLibrary||(PE_Cached.isVbNetStandardLibraryPresent?isAllNetReferencesMissing([\"Main\",\"main\",\"MAIN\",\"MyApplication\"])&&(i=!0):isAllNetReferencesMissing([\"Main\",\"main\",\"main@\",\"
$\",\"mainCRTStartup\",\"wWinMainCRTStartup\",\"_WinMainCRTStartup\"])&&(i=!0),i&&log(logType.net,'No \"Main\" method found')),i&&(e=\"Modified managed EP\"),!1),n=(!PE_Cached.isNetGlobalCctorPresent||PE_Cached.isCppClrLikeApp||isUnpackagedWindowsAppSdkLinked()||(log(logType.net,\"Global constructor detected!\"),i=!0),i&&(e=addOption(e,\"CLR constructor\")),!1),r=[\"~\",\"Strings\",\"US\",\"GUID\",\"Blob\"]\nif(!PE_Cached.isDynamicLinkLibrary&&1.0123456789\"\nif(PE_Cached.numberOfSections>(PE_Cached.isCppClrLikeApp?10:6)||!PE.section[\".text\"])o=!0\nelse for(var l=0;l'00**\")+8),m=!1\nif((PE.compare(\"00**00**00\",E)||PE.compare(\"00****00****00****00\",E)||PE.compare(\"00******00******00******00\",E)||PE.compare(\"00********00********00********00\",E)||PE.compare(\"00****00****00\",E)||PE.compare(\"00****00**00\",E)||PE.compare(\"00**00****00\",E))&&(log(logType.net,\"Short names detected! (mask)\"),m=!0),!m&&PE.compare(\"00**00\",E))for(var h=0,S=\"QWERTYUIOPASDFGHJKLZXCVBNMqwertyuiopasdfghjklzxcvbnm\",l=1;l\"),l=0;l nul\")||validateNetUnicodeString('/C ping 1.1.1.1 -n 1 -w 3000 > Nul & Del \"')||validateNetUnicodeString(P.ldloc_s+P.ldc_i4_0+P.ldloc_s+P.ldc_i4_0+P.ldelem_u4+P.ldloc_s+P.ldc_i4_0+P.ldelem_u4+P._unknown+P.stelem_i4+P.ldloc_s+P.ldc_i4_1+P.ldloc_s+P.ldc_i4_1+P.ldelem_u4+P.ldloc_s+P.ldc_i4_1+P.ldelem_u4+P._unknown+P.stelem_i4+P.ldloc_s+P.ldc_i4_2+P.ldloc_s+P.ldc_i4_2+P.ldelem_u4+P.ldloc_s+P.ldc_i4_2+P.ldelem_u4+P._unknown+P.stelem_i4+P.ldloc_s+P.ldc_i4_3+P.ldloc_s+P.ldc_i4_3+P.ldelem_u4+P.ldloc_s+P.ldc_i4_3+P.ldelem_u4+P._unknown+P.stelem_i4+P.ldloc_s+P.ldc_i4_4+P.ldloc_s+P.ldc_i4_4+P.ldelem_u4+P.ldloc_s+P.ldc_i4_4+P.ldelem_u4+P._unknown+P.stelem_i4)||validateNetByteCode(P.ldloc_s+P._unknown+P.shr_un+P.ldloc_s+P.ldc_i4_s+P.shl+P.or+P.stloc_s+P.ldloc_s+P._unknown+P.shr_un+P.ldloc_s+P.ldc_i4_s+P.shl+P.or+P.stloc_s+P.ldloc_s+P._unknown+P.shr_un+P.ldloc_s+P.ldc_i4_s+P.shl+P.or+P.stloc_s))&&(log(logType.net,\"Anti-tamper detected!\"),i=!0),i&&(e=addOption(e,\"Anti-tamper\")),!1),i=PE.findSignature(PE.getDosStubOffset()+PE.getDosStubSize(),PE.getSize()-PE.getOverlaySize(),\"00''00\"),O=(-1!==i&&-1!==(O=PE.findSignature(i+10,PE.getSize()-PE.getOverlaySize(),\"''\"))&&0!==PE.readByte(O+8)&&(log(logType.net,\"Fake detected! Offset: 0x\"+Number(O).toString(16)),p=!0),p&&(e=addOption(e,\"Fake .cctor name\")),!1),N=(-1===i&&(log(logType.net,\"It seems that the .cctor is missing. Bad PE format!\"),O=!0),O&&(e=addOption(e,\"Bad .cctor format\")),!1),w=[P.add,P.sub,P.mul,P.div,P.xor,P.shr,P.shl,P.or,P.not,P.and],V=[P.ldc_i4+P.ldc_i4+\"%s\"+P.stloc,P.ldc_i4+P.ldc_i4+\"%s\"+P.ldsfld,P.ldc_i4+P.ldc_i4+\"%s\"+P.ldc_i4+P.add,P.ldloc_1+P.ldc_i4+P.ldc_i4+\"%s\"+P.ldc_i4+P.ldc_i4,P.ldloc+P.ldc_i4+P.ldc_i4+P.ldc_i4+\"%s\"+P.stelem_i1,P.ldc_i4+P.ldc_i4+\"%s\"+P.br_s],A=0;A