/// <summary>
/// Detailed client analysis.
/// </summary>
/// <param name="data">Client data.</param>
protected override void Analyze( byte[] data )
{
_SpyInfo = null;
_FileNameHashFunctionAddress = 0;
int send = 0;
int recieve = 0;
for ( int i = 0; i < data.Length; i++ )
{
if ( send == 0 && CheckArray( data, i, Statics.EnhancedSendSignature ) )
send = i;
if ( recieve == 0 && CheckArray( data, i, Statics.EnhancedRecieveSignature ) )
recieve = i;
if ( _FileNameHashFunctionAddress == 0 && CheckArray( data, i, Statics.FileNameSignature ) )
_FileNameHashFunctionAddress = i + 1;
}
if ( recieve != 0 )
recieve += ImageBase + 0x25;
if ( send != 0 )
send += ImageBase;
_SpyInfo = new SpyInfo( recieve, 3, 5, send, 3, 2 );
}
/// <summary>
/// Detailed client analysis.
/// </summary>
/// <param name="data">Client data.</param>
protected override void Analyze(byte[] data)
{
_SpyInfo = null;
_DebugProtectionAddress1 = 0;
_DebugProtectionAddress2 = 0;
int send = 0;
int recieve = 0;
for (int i = 0; i < data.Length; i++)
{
if (send == 0 && CheckArray(data, i, Statics.SendSignature))
{
send = i;
}
if (recieve == 0 && CheckArray(data, i, Statics.RecieveSignature))
{
recieve = i;
}
if (_DebugProtectionAddress1 == 0 && CheckArray(data, i, Statics.DebugProtectionSignature1))
{
_DebugProtectionAddress1 = i + 17;
}
if (_DebugProtectionAddress2 == 0 && CheckArray(data, i, Statics.DebugProtectionSignature2))
{
_DebugProtectionAddress2 = i + 13;
}
}
if (recieve != 0)
{
recieve += ImageBase;
}
if (send != 0)
{
send += ImageBase;
}
if (_DebugProtectionAddress1 != 0)
{
_DebugProtectionAddress1 += ImageBase;
}
if (_DebugProtectionAddress2 != 0)
{
_DebugProtectionAddress2 += ImageBase;
}
_SpyInfo = new SpyInfo(recieve, 7, 6, send, 5, 2);
}
/// <summary>
/// Detailed client analysis.
/// </summary>
/// <param name="data">Client data.</param>
protected override void Analyze(byte[] data)
{
_SpyInfo = null;
_FileNameHashFunctionAddress = 0;
int send = 0;
int recieve = 0;
for (int i = 0; i < data.Length; i++)
{
if (send == 0 && CheckArray(data, i, Statics.EnhancedSendSignature))
{
send = i;
}
if (recieve == 0 && CheckArray(data, i, Statics.EnhancedRecieveSignature))
{
recieve = i;
}
if (_FileNameHashFunctionAddress == 0 && CheckArray(data, i, Statics.FileNameSignature))
{
_FileNameHashFunctionAddress = i + 1;
}
}
if (recieve != 0)
{
recieve += ImageBase + 0x25;
}
if (send != 0)
{
send += ImageBase;
}
_SpyInfo = new SpyInfo(recieve, 3, 5, send, 3, 2);
}
/// <summary>
/// Detailed client analysis.
/// </summary>
/// <param name="data">Client data.</param>
protected override void Analyze( byte[] data )
{
_SpyInfo = null;
_DebugProtectionAddress1 = 0;
_DebugProtectionAddress2 = 0;
int send = 0;
int recieve = 0;
for ( int i = 0; i < data.Length; i++ )
{
if ( send == 0 && CheckArray( data, i, Statics.SendSignature ) )
send = i;
if ( recieve == 0 && CheckArray( data, i, Statics.RecieveSignature ) )
recieve = i;
if ( _DebugProtectionAddress1 == 0 && CheckArray( data, i, Statics.DebugProtectionSignature1 ) )
_DebugProtectionAddress1 = i + 17;
if ( _DebugProtectionAddress2 == 0 && CheckArray( data, i, Statics.DebugProtectionSignature2 ) )
_DebugProtectionAddress2 = i + 13;
}
if ( recieve != 0 )
recieve += ImageBase;
if ( send != 0 )
send += ImageBase;
if ( _DebugProtectionAddress1 != 0 )
_DebugProtectionAddress1 += ImageBase;
if ( _DebugProtectionAddress2 != 0 )
_DebugProtectionAddress2 += ImageBase;
_SpyInfo = new SpyInfo( recieve, 7, 6, send, 5, 2 );
}
