Move Crunch to its own Packer, improve SmartE detection. #353
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
mnadareski
reviewed
Jan 14, 2025
Co-authored-by: Matt Nadareski <[email protected]>
mnadareski
reviewed
Jan 14, 2025
mnadareski
approved these changes
Jan 14, 2025
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
All SmartE games use the Crunch packer from BitArts, which is what the BITARTS string check was actually checking for. Some non-SmartE software is also packed with Crunch, so Crunch was moved to its own seperate packer check.
SmartE generates an executable stub when you run it, which has SmartE in the executable properties. Added a check for this in case someone wanted to manually scan a stub they generated.
A Yara/PEiD check exists that works for all known SmartE games except Dungeon Siege 1, doesn't have false positives on non-SmartE executables packed with Crunch, and is long enough that there's virtually no chance of a random false positive. This check was added to the SmartE protection scanning. Thus far, it always occurs on the last section, so that is the first check. Fallback checks for specific known named sections are also included.