├── My project ├── - ├── Settings.settings ├── Application.Designer.vb ├── Application.myapp ├── AssemblyInfo.vb ├── Resources.Designer.vb ├── Settings.Designer.vb └── Resources.resx ├── pic1.jpg ├── presentation.jpg ├── thanks-to.md ├── App.config ├── README.md ├── .github └── FUNDING.yml ├── LICENSE.md ├── FindEXEC.sln ├── FindEXEC.vbproj └── BinariesSorter.vb /My project/-: -------------------------------------------------------------------------------- 1 | 2 | -------------------------------------------------------------------------------- /pic1.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/DosX-dev/FindEXEC/HEAD/pic1.jpg -------------------------------------------------------------------------------- /presentation.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/DosX-dev/FindEXEC/HEAD/presentation.jpg -------------------------------------------------------------------------------- /thanks-to.md: -------------------------------------------------------------------------------- 1 | Any help is welcome :) 2 | ---------------------- 3 | * Hors ([GitHub](https://github.com/horsicq)) 4 | * Acessors ([GitHub](https://github.com/acessors)) 5 | -------------------------------------------------------------------------------- /App.config: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | -------------------------------------------------------------------------------- /My project/Settings.settings: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | -------------------------------------------------------------------------------- /My project/Application.Designer.vb: -------------------------------------------------------------------------------- 1 | '------------------------------------------------------------------------------ 2 | ' 3 | ' This code was generated by a tool. 4 | ' Runtime Version:4.0.30319.42000 5 | ' 6 | ' Changes to this file may cause incorrect behavior and will be lost if 7 | ' the code is regenerated. 8 | ' 9 | '------------------------------------------------------------------------------ 10 | 11 | Option Strict On 12 | Option Explicit On 13 | 14 | -------------------------------------------------------------------------------- /My project/Application.myapp: -------------------------------------------------------------------------------- 1 | 2 | 3 | false 4 | false 5 | 0 6 | true 7 | 0 8 | 2 9 | true 10 | 11 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # 💾 FindEXEC — the best sorting tool for software reversers 2 | 3 | ✨ **This program will be useful if you have to reverse a huge amount of binary files.** 4 | 5 | Put this script in a folder with lots of .EXE/.DLL files and it will sort them into categories: NET / Native. 6 | The script will search for binary files and categorize them. 7 | 8 | Use hotkey {H} for getting help 9 | 10 | Currently supports: **[VB NET, C#, JScript, Delphi] (NET)** | **[C++, C, VB4-6] (NATIVE)** and detects **UPX** 11 | 12 | **Did you like _FindEXEC_ ? Put a _star_ 🌟! :)** 13 | 14 | Download link - https://github.com/DosX-dev/FindEXEC/releases/tag/Windows 15 | 16 | ![Scr1](https://raw.githubusercontent.com/DosX-dev/FindEXEC/main/pic1.jpg) 17 | 18 | ![Scr2](https://raw.githubusercontent.com/DosX-dev/FindEXEC/main/presentation.jpg) 19 | -------------------------------------------------------------------------------- /.github/FUNDING.yml: -------------------------------------------------------------------------------- 1 | # These are supported funding model platforms 2 | 3 | github: # Replace with up to 4 GitHub Sponsors-enabled usernames e.g., [user1, user2] 4 | patreon: # Replace with a single Patreon username 5 | open_collective: # Replace with a single Open Collective username 6 | ko_fi: # Replace with a single Ko-fi username 7 | tidelift: # Replace with a single Tidelift platform-name/package-name e.g., npm/babel 8 | community_bridge: # Replace with a single Community Bridge project-name e.g., cloud-foundry 9 | liberapay: # Replace with a single Liberapay username 10 | issuehunt: # Replace with a single IssueHunt username 11 | otechie: # Replace with a single Otechie username 12 | lfx_crowdfunding: # Replace with a single LFX Crowdfunding project-name e.g., cloud-foundry 13 | custom: ['https://kay-software.ru/content/donate'] # Replace with up to 4 custom sponsorship URLs e.g., ['link1', 'link2'] 14 | -------------------------------------------------------------------------------- /LICENSE.md: -------------------------------------------------------------------------------- 1 | MIT License 2 | 3 | Copyright (c) 2023 DosX 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in all 13 | copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 | SOFTWARE. 22 | -------------------------------------------------------------------------------- /FindEXEC.sln: -------------------------------------------------------------------------------- 1 | 2 | Microsoft Visual Studio Solution File, Format Version 12.00 3 | # Visual Studio Version 17 4 | VisualStudioVersion = 17.3.32922.545 5 | MinimumVisualStudioVersion = 10.0.40219.1 6 | Project("{F184B08F-C81C-45F6-A57F-5ABD9991F28F}") = "FindEXEC", "FindEXEC.vbproj", "{AF075D7B-7AD1-48A8-93EE-8202BA2D4EEC}" 7 | EndProject 8 | Global 9 | GlobalSection(SolutionConfigurationPlatforms) = preSolution 10 | Debug|Any CPU = Debug|Any CPU 11 | Release|Any CPU = Release|Any CPU 12 | EndGlobalSection 13 | GlobalSection(ProjectConfigurationPlatforms) = postSolution 14 | {AF075D7B-7AD1-48A8-93EE-8202BA2D4EEC}.Debug|Any CPU.ActiveCfg = Debug|Any CPU 15 | {AF075D7B-7AD1-48A8-93EE-8202BA2D4EEC}.Debug|Any CPU.Build.0 = Debug|Any CPU 16 | {AF075D7B-7AD1-48A8-93EE-8202BA2D4EEC}.Release|Any CPU.ActiveCfg = Release|Any CPU 17 | {AF075D7B-7AD1-48A8-93EE-8202BA2D4EEC}.Release|Any CPU.Build.0 = Release|Any CPU 18 | EndGlobalSection 19 | GlobalSection(SolutionProperties) = preSolution 20 | HideSolutionNode = FALSE 21 | EndGlobalSection 22 | GlobalSection(ExtensibilityGlobals) = postSolution 23 | SolutionGuid = {F97ECA08-14BB-41ED-B712-E1DC7CD66CD1} 24 | EndGlobalSection 25 | EndGlobal 26 | -------------------------------------------------------------------------------- /My project/AssemblyInfo.vb: -------------------------------------------------------------------------------- 1 | Imports System 2 | Imports System.Reflection 3 | Imports System.Runtime.InteropServices 4 | 5 | ' Общие сведения об этой сборке предоставляются следующим набором 6 | ' набора атрибутов. Измените значения этих атрибутов, чтобы изменить сведения, 7 | ' связанные со сборкой. 8 | 9 | ' Проверьте значения атрибутов сборки 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 'Следующий GUID служит для идентификации библиотеки типов, если этот проект будет видимым для COM 21 | 22 | 23 | ' Сведения о версии сборки состоят из следующих четырех значений: 24 | ' 25 | ' Основной номер версии 26 | ' Дополнительный номер версии 27 | ' Номер сборки 28 | ' Редакция 29 | ' 30 | ' Можно задать все значения или принять номера сборки и редакции по умолчанию 31 | ' используя "*", как показано ниже: 32 | ' 33 | 34 | 35 | 36 | -------------------------------------------------------------------------------- /My project/Resources.Designer.vb: -------------------------------------------------------------------------------- 1 | '------------------------------------------------------------------------------ 2 | ' 3 | ' This code was generated by a tool. 4 | ' Runtime Version:4.0.30319.42000 5 | ' 6 | ' Changes to this file may cause incorrect behavior and will be lost if 7 | ' the code is regenerated. 8 | ' 9 | '------------------------------------------------------------------------------ 10 | 11 | Option Strict On 12 | Option Explicit On 13 | 14 | 15 | Namespace My.Resources 16 | 17 | 'This class was auto-generated by the StronglyTypedResourceBuilder 18 | 'class via a tool like ResGen or Visual Studio. 19 | 'To add or remove a member, edit your .ResX file then rerun ResGen 20 | 'with the /str option, or rebuild your VS project. 21 | '''

22 | ''' A strongly-typed resource class, for looking up localized strings, etc. 23 | '''

24 | _ 28 | Friend Module Resources 29 | 30 | Private resourceMan As Global.System.Resources.ResourceManager 31 | 32 | Private resourceCulture As Global.System.Globalization.CultureInfo 33 | 34 | '''

35 | ''' Returns the cached ResourceManager instance used by this class. 36 | '''

49 | ''' Overrides the current thread's CurrentUICulture property for all 50 | ''' resource lookups using this strongly typed resource class. 51 | '''

52 | _ 53 | Friend Property Culture() As Global.System.Globalization.CultureInfo 54 | Get 55 | Return resourceCulture 56 | End Get 57 | Set(ByVal value As Global.System.Globalization.CultureInfo) 58 | resourceCulture = value 59 | End Set 60 | End Property 61 | End Module 62 | End Namespace 63 | -------------------------------------------------------------------------------- /My project/Settings.Designer.vb: -------------------------------------------------------------------------------- 1 | '------------------------------------------------------------------------------ 2 | ' 3 | ' This code was generated by a tool. 4 | ' Runtime Version:4.0.30319.42000 5 | ' 6 | ' Changes to this file may cause incorrect behavior and will be lost if 7 | ' the code is regenerated. 8 | ' 9 | '------------------------------------------------------------------------------ 10 | 11 | Option Strict On 12 | Option Explicit On 13 | 14 | 15 | Namespace My 16 | 17 | _ 20 | Partial Friend NotInheritable Class MySettings 21 | Inherits Global.System.Configuration.ApplicationSettingsBase 22 | 23 | Private Shared defaultInstance As MySettings = CType(Global.System.Configuration.ApplicationSettingsBase.Synchronized(New MySettings), MySettings) 24 | 25 | #Region "My.Settings Auto-Save Functionality" 26 | #If _MyType = "WindowsForms" Then 27 | Private Shared addedHandler As Boolean 28 | 29 | Private Shared addedHandlerLockObject As New Object 30 | 31 | _ 32 | Private Shared Sub AutoSaveSettings(ByVal sender As Global.System.Object, ByVal e As Global.System.EventArgs) 33 | If My.Application.SaveMySettingsOnExit Then 34 | My.Settings.Save() 35 | End If 36 | End Sub 37 | #End If 38 | #End Region 39 | 40 | Public Shared ReadOnly Property [Default]() As MySettings 41 | Get 42 | 43 | #If _MyType = "WindowsForms" Then 44 | If Not addedHandler Then 45 | SyncLock addedHandlerLockObject 46 | If Not addedHandler Then 47 | AddHandler My.Application.Shutdown, AddressOf AutoSaveSettings 48 | addedHandler = True 49 | End If 50 | End SyncLock 51 | End If 52 | #End If 53 | Return defaultInstance 54 | End Get 55 | End Property 56 | End Class 57 | End Namespace 58 | 59 | Namespace My 60 | 61 | _ 64 | Friend Module MySettingsProperty 65 | 66 | _ 67 | Friend ReadOnly Property Settings() As Global.FindEXEC.My.MySettings 68 | Get 69 | Return Global.FindEXEC.My.MySettings.Default 70 | End Get 71 | End Property 72 | End Module 73 | End Namespace 74 | -------------------------------------------------------------------------------- /FindEXEC.vbproj: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | Debug 6 | AnyCPU 7 | {AF075D7B-7AD1-48A8-93EE-8202BA2D4EEC} 8 | Exe 9 | FindEXEC.Module1 10 | FindEXEC 11 | FindEXEC 12 | 512 13 | Console 14 | v4.7.2 15 | true 16 | true 17 | 18 | 19 | AnyCPU 20 | true 21 | full 22 | true 23 | true 24 | bin\Debug\ 25 | FindEXEC.xml 26 | 42016,41999,42017,42018,42019,42032,42036,42020,42021,42022 27 | 28 | 29 | AnyCPU 30 | pdbonly 31 | false 32 | true 33 | true 34 | bin\Release\ 35 | FindEXEC.xml 36 | 42016,41999,42017,42018,42019,42032,42036,42020,42021,42022 37 | 38 | 39 | On 40 | 41 | 42 | Binary 43 | 44 | 45 | Off 46 | 47 | 48 | On 49 | 50 | 51 | 52 | 53 | 54 | 55 | 56 | 57 | 58 | 59 | 60 | 61 | 62 | 63 | 64 | 65 | 66 | 67 | 68 | 69 | 70 | 71 | 72 | 73 | 74 | 75 | True 76 | Application.myapp 77 | 78 | 79 | True 80 | True 81 | Resources.resx 82 | 83 | 84 | True 85 | Settings.settings 86 | True 87 | 88 | 89 | 90 | 91 | VbMyResourcesResXFileCodeGenerator 92 | Resources.Designer.vb 93 | My.Resources 94 | Designer 95 | 96 | 97 | 98 | 99 | MyApplicationCodeGenerator 100 | Application.Designer.vb 101 | 102 | 103 | SettingsSingleFileGenerator 104 | My 105 | Settings.Designer.vb 106 | 107 | 108 | 109 | 110 | -------------------------------------------------------------------------------- /My project/Resources.resx: -------------------------------------------------------------------------------- 1 | 2 | 3 | 62 | 63 | 64 | 65 | 66 | 67 | 68 | 69 | 70 | 71 | 72 | 73 | 74 | 75 | 76 | 77 | 78 | 79 | 80 | 81 | 82 | 83 | 84 | 85 | 86 | 87 | 88 | 89 | 90 | 91 | 92 | 93 | 94 | 95 | 96 | 97 | 98 | 99 | 100 | 101 | 102 | 103 | 104 | 105 | 106 | text/microsoft-resx 107 | 108 | 109 | 2.0 110 | 111 | 112 | System.Resources.ResXResourceReader, System.Windows.Forms, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089 113 | 114 | 115 | System.Resources.ResXResourceWriter, System.Windows.Forms, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089 116 | 117 | -------------------------------------------------------------------------------- /BinariesSorter.vb: -------------------------------------------------------------------------------- 1 | '' MADE WITH <3 BY DOSX 2 | '' Coded by DosX 3 | '' GitHub: https://github.com/DosX-dev 4 | 5 | '' Attention! This is old legacy code. It doesn't work well. And I'm too lazy to fix it. Keep in mind :( 6 | 7 | Imports System.IO 8 | Imports System.Runtime.InteropServices 9 | Imports System.Text 10 | Imports System.Threading 11 | 12 | Module Module1 13 | 14 | ' ======================== 15 | Const STD_OUTPUT_HANDLE As Integer = -11 16 | Const ENABLE_VIRTUAL_TERMINAL_PROCESSING As UInteger = 4 17 | 18 | Private Function GetStdHandle(ByVal nStdHandle As Integer) As IntPtr 19 | End Function 20 | 21 | Private Function GetConsoleMode(ByVal hConsoleHandle As IntPtr, ByRef lpMode As UInteger) As Boolean 22 | End Function 23 | 24 | Private Function SetConsoleMode(ByVal hConsoleHandle As IntPtr, ByVal dwMode As UInteger) As Boolean 25 | End Function 26 | Const _UnderLine As String = ChrW(27) & "[4m" ' Underline text format 27 | Const _ResetUnderLine As String = ChrW(27) & "[0m" ' Underline reset 28 | Sub UpgradeConsole() 29 | Dim ConFormatHandle = GetStdHandle(STD_OUTPUT_HANDLE) 30 | Dim ConMode As UInteger 31 | GetConsoleMode(ConFormatHandle, ConMode) 32 | ConMode = ConMode Or ENABLE_VIRTUAL_TERMINAL_PROCESSING 33 | SetConsoleMode(ConFormatHandle, ConMode) 34 | End Sub 35 | Sub ClrOut(Text As String, Color1 As ConsoleColor, Color2 As ConsoleColor, NewLine As Boolean) ' Custom colored output 36 | Console.BackgroundColor = Color1 : Console.ForegroundColor = Color2 37 | If NewLine Then 38 | Console.WriteLine(Text) 39 | Else 40 | Console.Write(Text) 41 | End If 42 | Console.ResetColor() 43 | End Sub 44 | Sub EndOfColoredText() ' Console window resizing fix 45 | ClrOut(".", Console.BackgroundColor, Console.BackgroundColor, True) 46 | End Sub 47 | 48 | Sub RemoveLastText(_Lenght) 49 | Try 50 | Console.Write(Space(10)) 51 | Dim Len = Console.CursorLeft - _Lenght - 10 52 | Console.SetCursorPosition(Len, Console.CursorTop) 53 | Console.Write(Space(Len)) ' Remove {StartupText} 54 | Console.SetCursorPosition(Len, Console.CursorTop) 55 | Catch ex As Exception : End Try 56 | End Sub 57 | ' ======================== 58 | 59 | ReadOnly InfoBorder = $" +----------------------------+{vbCrLf} %TEXT%{vbCrLf} +----------------------------+" 60 | Dim Dirs As String() = {"exec-sorted\NET\DLL"}, 61 | ConsoleTitleDefault As String = Console.Title, 62 | NETStat As Integer = 0, NATIVEStat As Integer = 0, EXECount As Integer = 0, 63 | SelectedDirectory As String, 64 | IsEnd As Boolean = False ' Indicates whether the program has completed it's work 65 | Sub Main() 66 | UpgradeConsole() 67 | ClrOut(" 68 | _ 69 | _______ _ |_| _______ _ _ _______ ________ 70 | |_|_|_|_| |_| ______ ___|_| |_|_|_|_| |_|_ _|_| |_|_|_|_| /_|_|_|_/ 71 | |_|____ _ |_|_|_|\ _/_|_|_| |_|____ |_|_|_| |_|____ |_| 72 | |_|_|_| |_| |_| |_| |_| |_| |_|_|_| _|_|_ |_|_|_| |_| 73 | |_| |_| |_| |_| |_|___|_| |_|______ _|_| |_|_ |_|______ |_|_____ 74 | |_| |_| |_| |_| \_|_|_| |_|_|_|_| |_| |_| |_|_|_|_| \_|_|_|_\ 75 | ", ConsoleColor.Black, ConsoleColor.Cyan, True) 76 | ClrOut(" [?] GitHub of FindEXEC: ", ConsoleColor.Black, ConsoleColor.Gray, False) 77 | ClrOut($"{_UnderLine}https://github.com/DosX-dev/FindEXEC{_ResetUnderLine}", ConsoleColor.Black, ConsoleColor.Blue, False) : EndOfColoredText() 78 | 79 | Dim StartupText = " [~] Select a directory... " 80 | ClrOut(StartupText, ConsoleColor.Black, ConsoleColor.Yellow, False) 81 | 82 | Dim SelectDirectory = New Windows.Forms.FolderBrowserDialog 83 | SelectDirectory.Description = "Select a folder for sorting binary files." 84 | SelectDirectory.SelectedPath = Path.GetDirectoryName(Process.GetCurrentProcess().MainModule.FileName) ' Default directory 85 | 86 | If SelectDirectory.ShowDialog() = Windows.Forms.DialogResult.OK Then 87 | NETStat = 0 : NATIVEStat = 0 : EXECount = 0 88 | Dim _Main = New Thread(AddressOf LetsWork) : _Main.Start(SelectDirectory.SelectedPath) ' Let's work! 89 | Else 90 | ClrOut("Abort", ConsoleColor.Black, ConsoleColor.Red, True) 91 | End 92 | End If 93 | 94 | Dim CurTaskLength = StartupText.Length 95 | RemoveLastText(StartupText.Length) 96 | 97 | Do 98 | Dim StatCommand = Console.ReadKey(True) 99 | If IsEnd Then 100 | End 101 | Else 102 | Console.Write(Space(70)) 103 | RemoveLastText(70) 104 | If Not Console.CursorLeft > 0 Then 105 | Select Case StatCommand.Key 106 | Case ConsoleKey.H ' Help 107 | ClrOut(InfoBorder.Replace("%TEXT%", "{H} - Help | {S} - Statistics"), 108 | ConsoleColor.Black, 109 | ConsoleColor.Gray, True) 110 | Case ConsoleKey.S ' Statistics 111 | ClrOut(InfoBorder.Replace("%TEXT%", $"PE files detected => {EXECount & vbCrLf} | NATIVE => {NATIVEStat & vbCrLf} | NET => {NETStat}"), 112 | ConsoleColor.Black, 113 | ConsoleColor.Gray, True) 114 | End Select 115 | 116 | End If 117 | End If 118 | Loop 119 | End Sub 120 | Sub LetsWork(DirectoryPath) 121 | SelectedDirectory = DirectoryPath 122 | 123 | Console.Write($" [!] Output directory: ") 124 | ClrOut($"{SelectedDirectory}\{_UnderLine}exec-sorted{_ResetUnderLine}", ConsoleColor.Black, ConsoleColor.White, False) : EndOfColoredText() 125 | Console.WriteLine() 126 | 127 | For Each _CurDir In Dirs 128 | If Not Directory.Exists($"{SelectedDirectory}\{_CurDir}") Then 129 | Directory.CreateDirectory($"{SelectedDirectory}\{_CurDir}") 130 | End If 131 | Next 132 | 133 | Dim Counter = 0, 134 | GlobalCounter = 0, 135 | Files = Directory.GetFiles(SelectedDirectory) 136 | 137 | For Each CurFile In Files 138 | GlobalCounter += 1 139 | If Not CurFile = Process.GetCurrentProcess().MainModule.FileName Then 140 | Dim ExeData = File.ReadAllBytes(CurFile), 141 | Prefix = $"[{Int(GlobalCounter / Files.Length * 100)}%][{GlobalCounter}/{Files.Length}]", 142 | FileName = Path.GetFileName(CurFile), 143 | FileSize = {ExeData.Length \ 1024, "Kb"} 144 | 145 | Try 146 | 147 | Dim ProcText = {" Analyzing ", FileName, "...", "."} 148 | ClrOut(ProcText(0), ConsoleColor.DarkGray, ConsoleColor.White, False) 149 | ClrOut((_UnderLine & ProcText(1) & _ResetUnderLine), ConsoleColor.DarkGray, ConsoleColor.Gray, False) 150 | ClrOut(ProcText(2), ConsoleColor.DarkGray, ConsoleColor.White, False) 151 | ClrOut(ProcText(3), Console.BackgroundColor, Console.BackgroundColor, False) 152 | RemoveLastText(ProcText(0).Length + ProcText(1).Length + ProcText(2).Length + ProcText(3).Length) 153 | 154 | If IsBinaryEXE(ExeData) Then 155 | Counter += 1 156 | 157 | If FileSize(0) > 1023 Then 158 | FileSize = {FileSize(0) \ 1024, "Mb"} 159 | End If 160 | 161 | Console.Title = $"{Prefix} FindEXEC [{FileName}] [{FileSize(0)} {FileSize(1)}]" 162 | Dim NET_Info = IsNET(ExeData) 163 | If NET_Info(0) Then 164 | If NET_Info(2) = "EXE" Then 165 | Dim PathToSave = $"{SelectedDirectory}\exec-sorted\NET\{NET_Info(1)}_{FileName}" 166 | If Not File.Exists(PathToSave) Then 167 | File.Copy(CurFile, PathToSave) 168 | End If 169 | Else 170 | Dim PathToSave = $"{SelectedDirectory}\exec-sorted\NET\DLL\{NET_Info(1)}_{FileName}" 171 | If Not File.Exists(PathToSave) Then 172 | File.Copy(CurFile, PathToSave) 173 | End If 174 | End If 175 | ProcessLog(Prefix, FileName, ".NET", NET_Info(1).Replace("_", " "), True, NET_Info(2), IsIncludesPDB(ExeData)) 176 | NETStat += 1 177 | Else 178 | 179 | Dim NativeInfo = GuessNativeRuntime(ExeData), 180 | PathToSave = $"{SelectedDirectory}\exec-sorted\{IIf(NativeInfo IsNot "??", NativeInfo, "Unknown")}_{FileName}" 181 | 182 | If Not File.Exists(PathToSave) Then 183 | File.Copy(CurFile, PathToSave) 184 | End If 185 | ProcessLog(Prefix, FileName, "NATIVE", NativeInfo, False, NET_Info(2), IsIncludesPDB(ExeData)) 186 | NATIVEStat += 1 187 | End If 188 | EXECount += 1 189 | Else ' If file is not binary 190 | 191 | End If 192 | Catch Exc As Exception 193 | ClrOut($"Exception occurred: {_UnderLine & Exc.Message & _ResetUnderLine}", ConsoleColor.Black, ConsoleColor.Red, False) : EndOfColoredText() 194 | End Try 195 | End If 196 | Next 197 | Console.Title = ConsoleTitleDefault 198 | Console.WriteLine() 199 | ClrOut(" - - - ", ConsoleColor.Black, ConsoleColor.Yellow, False) 200 | ClrOut(" Files sorted! Press any key to exit... ", ConsoleColor.DarkGreen, ConsoleColor.White, False) 201 | ClrOut(" - - - ", ConsoleColor.Black, ConsoleColor.Yellow, True) 202 | 203 | IsEnd = True 204 | End Sub 205 | 206 | Sub ProcessLog(Prefix As String, FileName As String, Platform As String, Language As String, Detected As Boolean, FileProjectType As String, Optional PDB As Boolean = False) 207 | ClrOut($"{Prefix}", ConsoleColor.Black, ConsoleColor.DarkGray, False) 208 | ClrOut($" [{FileProjectType}] ", ConsoleColor.Black, ConsoleColor.Gray, False) 209 | ClrOut($"{FileName}", ConsoleColor.Black, ConsoleColor.DarkGray, False) 210 | Console.Write(" => ") 211 | ClrOut($"{Language} ", ConsoleColor.Black, ConsoleColor.Yellow, False) 212 | ClrOut($"({Platform})", ConsoleColor.Black, IIf(Detected, ConsoleColor.Green, ConsoleColor.Red), False) 213 | If PDB Then 214 | ClrOut(" {PDB}", ConsoleColor.Black, ConsoleColor.DarkGray, False) 215 | End If 216 | Console.WriteLine() 217 | End Sub 218 | Function IsIncludesPDB(ExeData) 219 | Dim InputData = Encoding.UTF8.GetString(ExeData).ToLower() 220 | If InputData.Contains(".pdb") Then 221 | Return True 222 | End If 223 | Return False 224 | End Function 225 | Function IsBinaryEXE(ExeData) 226 | Dim InputData = Encoding.UTF8.GetString(ExeData), 227 | TextSigns = ".dll,pe" 228 | 229 | For Each Sign In TextSigns.Split(","c) 230 | If Not InputData.ToLower().Contains(Sign) Then 231 | Return False 232 | End If 233 | Next 234 | 235 | If IndexOf(ExeData, {0, 3, 0}) = 3 Then ' Checking for "\x{00}\x{03}\x{00}" 236 | If InputData.Length > 700 Then 237 | If InputData.Substring(0, 2) = "MZ" Then ' Detect for DOS prefix 238 | Return True 239 | End If 240 | End If 241 | End If 242 | Return False 243 | End Function 244 | 245 | Function IsNET(ExeData) As Object() 246 | Dim FileProjectType = "BIN" 247 | 248 | ' \x{00}\x{00}PE\x{00}\x{00}<..ENTROPY (~238)..>H 249 | Dim HeaderShift = IndexOf(ExeData, ByteStr("{NUL}{NUL}PE{NUL}{NUL}")) ' Offset of 'PE' section; Skip [e_lfanew] 250 | If Not (Convert.ToChar(ExeData(HeaderShift + 238)) = "H"c AndAlso 251 | Convert.ToChar(ExeData(HeaderShift + 263)) = " "c AndAlso 252 | ExeData(HeaderShift + 239) = 0 AndAlso 253 | ExeData(HeaderShift + 249) = 0) Then 254 | Return {False, "NATIVE", FileProjectType} 255 | End If 256 | ' Legacy second char - Convert.ToChar(ExeData(HeaderShift + 96)) = "@"c 257 | 258 | '_CorExeMain - EXE; _CorDllMain - DLL 259 | Dim BinToLower = ToLowerInBinary(ExeData) 260 | If (IndexOf(BinToLower, ByteStr("{NUL}mscoree.dll")) OrElse 261 | IndexOf(BinToLower, ByteStr("{NUL}mscorlib.dll"))) AndAlso (IndexOf(ExeData, ByteStr("{NUL}System."))) Then 262 | 263 | If IndexOf(ExeData, ByteStr("{NUL}_CorExeMain")) Then 264 | FileProjectType = "EXE" ' .NET exe 265 | ElseIf IndexOf(ExeData, ByteStr("{NUL}_CorDllMain")) Then : FileProjectType = "DLL" ' .NET dll 266 | End If 267 | 268 | If Not FileProjectType = "BIN" Then 269 | If IndexOf(ExeData, ByteStr("{NUL}Microsoft.VisualBasic{NUL}")) AndAlso 270 | IndexOf(ExeData, ByteStr("{NUL}Microsoft.VisualBasic.CompilerServices{NUL}")) Then 271 | Return {True, "VB_NET", FileProjectType} 272 | ElseIf IndexOf(ExeData, ByteStr("{NUL}Microsoft.JScript{NUL}")) AndAlso 273 | IndexOf(ExeData, ByteStr("{NUL}Microsoft.JScript.Vsa{NUL}")) Then 274 | Return {True, "JScript", FileProjectType} 275 | ElseIf IndexOf(ExeData, ByteStr("{NUL}Borland.")) Then 276 | Return {True, "Delphi", FileProjectType} 277 | Else 278 | Return {True, "C#_or_IL", FileProjectType} 279 | End If 280 | End If 281 | End If 282 | Return {False, "NATIVE", FileProjectType} 283 | End Function 284 | Public Detects = {"msvcp50.dll=C++ (MS 1998)", "msvcp60.dll=С++ (MS 2000-2001)", ' Microsoft C++ Runtime 285 | "msvcp70.dll=С++ (MS 2002)", "msvcp71.dll=C++ (MS 2003)", 286 | "msvcp80.dll=C++ (MS 2005)", "msvcp90.dll=C++ (MS 2008)", 287 | "msvcp100.dll=C++ (MS 2010)", "msvcp110.dll=C++ (MS 2012)", 288 | "msvcp120.dll=C++ (MS 2013)", "msvcp130.dll=C++ (MS 2013)", 289 | "msvcp140.dll=C++ (MS 2015-2017)", "msvcp150.dll=C++ (MS 2017-2018)", 290 | "msvcp160.dll=C++ (MS 2019)", "msvcrt.dll=C++", "vcruntime140.dll=C++", 291 | "libgcj-13.dll=C++ (GCC)", "libgcc_s_dw2-1.dll=C++ (GCC)", ' GNU GCC (C++) 292 | "msys-1.0.dll=C++ (GCC)", "libgcj.dll=C++ (GCC)", "cyggcj.dll=C++ (GCC)", 293 | "msvcirt.dll=C++", ' Microsoft C++ Library () 294 | "crtdll.dll=C", ' Microsoft C Runtime 295 | "vb40032.dll=VB4", ' Microsoft Visual Basic 4 296 | "msvbvm50.dll=VB5", ' Microsoft Visual Basic 5 297 | "msvbvm60.dll=VB6", ' Microsoft Visual Basic 6 298 | "upx0{NUL}{NUL}=UPX-Packed", ' UPX Packer 299 | "{NUL}.mpress1=MPRESS-Packed"} ' MSPRESS native packer 300 | Function ToLowerInBinary(ExeData) ' Change registry of all chars in Byte() to lower 301 | Dim ChangedData = ExeData 302 | For Each CurStr In "QWERTYUIOPASDFGHJKLZXCVBNM" 303 | ChangedData = ReplaceBytes(ChangedData, Encoding.UTF8.GetBytes(CurStr.ToString), Encoding.UTF8.GetBytes(CustomToLower(CurStr.ToString))) 304 | Next 305 | Return ChangedData 306 | End Function 307 | 308 | Function CustomToLower(InputData) ' Analog of ToLower() but faster (Only for ENG) 309 | Dim Result = InputData, 310 | UPP = "QWERTYUIOPASDFGHJKLZXCVBNM", 311 | DWN = "qwertyuiopasdfghjklzxcvbnm" 312 | 313 | For IndexToReplace = 0 To (UPP.Length - 1) 314 | Result = Result.Replace(UPP(IndexToReplace), DWN(IndexToReplace)) 315 | Next 316 | Return Result 317 | End Function 318 | 319 | Function GuessNativeRuntime(ExeData) 320 | Try 321 | Dim AssemblyData = ToLowerInBinary(ExeData) 322 | For Each SearchForSigns In Detects 323 | Dim SignAndRuntime = SearchForSigns.Split("=") 324 | Dim Sign = SignAndRuntime(0) 325 | Dim Runtime = SignAndRuntime(1) 326 | If IndexOf(AssemblyData, ByteStr($"{{NUL}}{Sign}{{NUL}}")) Then 327 | Return Runtime 328 | End If 329 | Next 330 | Return "??" 331 | Catch ex As Exception 332 | MsgBox(ex.Message, 16) 333 | End Try 334 | End Function 335 | 336 | Function ByteStr(InputStr As String) As Byte() ' {NUL} ==> \x{00} 337 | Return ReplaceBytes(Encoding.ASCII.GetBytes(InputStr), Encoding.ASCII.GetBytes("{NUL}"), {CByte(0)}) 338 | End Function 339 | Public Function ReplaceBytes(DataToChange As Byte(), ToFind As Byte(), ToReplace As Byte()) As Byte() 340 | Dim MatchStart As Integer = -1, 341 | MatchLength As Integer = 0 342 | 343 | Using MemWorker = New IO.MemoryStream 344 | For Index = 0 To DataToChange.Length - 1 345 | If DataToChange(Index) = ToFind(MatchLength) Then 346 | If MatchLength = 0 Then MatchStart = Index 347 | MatchLength += 1 348 | If MatchLength = ToFind.Length Then 349 | MemWorker.Write(ToReplace, 0, ToReplace.Length) 350 | MatchLength = 0 351 | End If 352 | Else 353 | If MatchLength > 0 Then 354 | MemWorker.Write(DataToChange, MatchStart, MatchLength) 355 | MatchLength = 0 356 | End If 357 | MemWorker.WriteByte(DataToChange(Index)) 358 | End If 359 | Next 360 | If MatchLength > 0 Then 361 | MemWorker.Write(DataToChange, DataToChange.Length - MatchLength, MatchLength) 362 | End If 363 | Dim RetVal(MemWorker.Length - 1) As Byte 364 | MemWorker.Position = 0 365 | MemWorker.Read(RetVal, 0, RetVal.Length) 366 | Return RetVal 367 | End Using 368 | End Function 369 | Public Function IndexOf(ByVal ArrayToSearchThrough As Byte(), ByVal PatternToFind As Byte()) As Integer 370 | If PatternToFind.Length > ArrayToSearchThrough.Length Then Return -1 371 | For Arr As Integer = 0 To ArrayToSearchThrough.Length - PatternToFind.Length - 1 372 | Dim Found As Boolean = True 373 | For Searcher As Integer = 0 To (PatternToFind.Length - 1) 374 | If ArrayToSearchThrough(Arr + Searcher) <> PatternToFind(Searcher) Then 375 | Found = False 376 | Exit For 377 | End If 378 | Next 379 | If Found Then 380 | Return Arr 381 | End If 382 | Next 383 | Return 0 384 | End Function 385 | End Module 386 | 387 | ' MADE WITH <3 BY DOSX 388 | ' Coded by https://github.com/DosX-dev 389 | ' Telegram: @DosX_Plus 390 | --------------------------------------------------------------------------------