private ScanResult[] ScanAllNormal(Stream stream)
{
stream.Seek(0,SeekOrigin.Begin);
long section_offset = 0;
long section_size = 0;
long ep_offset = 0;
using (ExeReader reader = ExeReader.FromStream(stream,false))
{
uint ep_address = reader.NTHeaders.OptionalHeader.AddressOfEntryPoint;
Section section = reader.Sections.RVAToSection(ep_address);
uint delta = ep_address - section.TableEntry.VirtualAddress;
section_offset = section.TableEntry.PointerToRawData;
section_size = section.TableEntry.SizeOfRawData;
ep_offset = section_offset + delta;
}
stream.Seek(ep_offset,SeekOrigin.Begin);
byte[] buffer = new byte[max_sig_length];
int num_read = stream.Read(buffer,0,buffer.Length);
if (num_read < min_sig_length)
return null;
List<ScanResult> results = new List<ScanResult>();
List<Signature> signatures = new List<Signature>();
Match(buffer,num_read,0,ep_tree,signatures);
foreach(Signature signature in signatures)
{
byte[] data = new byte[signature.Pattern.Length];
Array.Copy(buffer,0,data,0,data.Length);
ScanResult result = new ScanResult() {
Offset = ep_offset,
Data = data,
Signature = signature
};
results.Add(result);
}
return results.ToArray();
}
private ScanResult[] ScanAllHardcore(Stream stream)
{
List<ScanResult> results = new List<ScanResult>();
var positions = Utils.IRange(0,stream.Length - min_sig_length);
foreach(long position in positions)
{
stream.Seek(position,SeekOrigin.Begin);
byte[] buffer = new byte[max_sig_length];
int num_read = stream.Read(buffer,0,buffer.Length);
if (num_read < min_sig_length)
return null;
List<Signature> signatures = new List<Signature>();
Match(buffer,num_read,0,non_ep_tree,signatures);
foreach(Signature signature in signatures)
{
byte[] data = new byte[signature.Pattern.Length];
Array.Copy(buffer,0,data,0,data.Length);
ScanResult result = new ScanResult() {
Offset = position,
Data = data,
Signature = signature
};
results.Add(result);
}
}
return results.ToArray();
}
