├── release_version.txt ├── CMakeLists.txt ├── samples ├── C │ ├── build_win32.bat │ ├── build_gcc.sh │ └── simple.c ├── VB.NET │ ├── FormMain.vb │ └── FormMain.Designer.vb └── VB6 │ ├── Module1.bas │ └── Form1.frm ├── src ├── include │ ├── die.def │ └── die.h ├── CMakeLists.txt ├── global.h └── lib │ ├── CMakeLists.txt │ ├── die_lib.h │ └── die_lib.cpp ├── res ├── resource.rc ├── resource.rc.in └── windows.manifest.xml ├── LICENSE ├── .gitmodules ├── .github └── workflows │ ├── checkLinux.yml │ └── builder.yml └── README.md /release_version.txt: -------------------------------------------------------------------------------- 1 | 0.1.0 2 | -------------------------------------------------------------------------------- /CMakeLists.txt: -------------------------------------------------------------------------------- 1 | cmake_minimum_required(VERSION 3.10) 2 | option(DIE_BUILD_AS_STATIC "Build DieLib as a static library (instead of shared)" OFF) 3 | project(dielib) 4 | add_subdirectory(src) 5 | -------------------------------------------------------------------------------- /samples/C/build_win32.bat: -------------------------------------------------------------------------------- 1 | set VS_PATH="C:\Program Files (x86)\Microsoft Visual Studio 12.0" 2 | 3 | call %VS_PATH%\VC\bin\vcvars32.bat 4 | 5 | cl.exe /c simple.c /D_USING_V110_SDK71_ /GS- /Oi- /I "../../include" 6 | link.exe simple.obj die.lib /SUBSYSTEM:CONSOLE,5.01 7 | del /s simple.obj -------------------------------------------------------------------------------- /src/include/die.def: -------------------------------------------------------------------------------- 1 | LIBRARY die.dll 2 | 3 | EXPORTS 4 | DIE_LoadDatebaseA 5 | DIE_LoadDatebaseW 6 | DIE_FreeMemoryA 7 | DIE_FreeMemoryW 8 | DIE_ScanFileA 9 | DIE_ScanFileW 10 | DIE_ScanMemoryA 11 | DIE_ScanMemoryW 12 | DIE_ScanFileExA 13 | DIE_ScanFileExW 14 | DIE_ScanMemoryExA 15 | DIE_ScanMemoryExW 16 | DIE_VB_ScanFile -------------------------------------------------------------------------------- /samples/C/build_gcc.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | FILE=/usr/lib/libdie.so 4 | if test -f "$FILE"; then 5 | gcc ./simple.c -o simple -I ../../src/include/ -l:libdie.so 6 | else 7 | echo "libdie.so is not installed or cannot be found in /usr/lib directory" 8 | echo "please run 'gcc ./simple.c -o simple -I ../../src/include/ -L -l:libdie.so'" 9 | exit 1 10 | fi 11 | -------------------------------------------------------------------------------- /samples/C/simple.c: -------------------------------------------------------------------------------- 1 | #include 2 | #include "die.h" 3 | 4 | int main(int argc, char* argv[]) 5 | { 6 | char *pszFileName="C:\\Windows\\notepad.exe"; 7 | //char *pszDatabase = "C:\\db"; 8 | char *pszDatabase = "$data/db"; 9 | char *pszResult=0; 10 | 11 | pszResult=DIE_ScanFileA(pszFileName, DIE_DEEPSCAN | DIE_HEURISTICSCAN | DIE_RECURSIVESCAN, pszDatabase); 12 | printf("%s",pszResult); 13 | 14 | DIE_FreeMemoryA(pszResult); 15 | 16 | return 0; 17 | } 18 | 19 | -------------------------------------------------------------------------------- /res/resource.rc: -------------------------------------------------------------------------------- 1 | #include 2 | 3 | IDI_ICON1 ICON DISCARDABLE "main.ico" 4 | 5 | CREATEPROCESS_MANIFEST_RESOURCE_ID RT_MANIFEST "windows.manifest.xml" 6 | VS_VERSION_INFO VERSIONINFO 7 | FILEVERSION 0,1,0,0 8 | PRODUCTVERSION 0,1,0,0 9 | FILEFLAGSMASK 0x3fL 10 | #ifdef _DEBUG 11 | FILEFLAGS VS_FF_DEBUG 12 | #else 13 | FILEFLAGS 0x0L 14 | #endif 15 | FILEOS VOS__WINDOWS32 16 | FILETYPE VFT_DLL 17 | FILESUBTYPE 0x0L 18 | BEGIN 19 | BLOCK "StringFileInfo" 20 | BEGIN 21 | BLOCK "040904b0" 22 | BEGIN 23 | VALUE "CompanyName", "ntinfo\0" 24 | VALUE "FileDescription", "Detect It Easy library\0" 25 | VALUE "FileVersion", "0.1.0.0\0" 26 | VALUE "LegalCopyright", "horsicq@gmail.com\0" 27 | VALUE "OriginalFilename", "dielib.exe\0" 28 | VALUE "ProductName", "dielib\0" 29 | VALUE "ProductVersion", "0.1.0.0\0" 30 | END 31 | END 32 | BLOCK "VarFileInfo" 33 | BEGIN 34 | VALUE "Translation", 0x0409, 1200 35 | END 36 | END 37 | /* End of Version info */ 38 | 39 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | MIT License 2 | 3 | Copyright (c) 2019-2025 hors 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in all 13 | copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 | SOFTWARE. 22 | -------------------------------------------------------------------------------- /src/CMakeLists.txt: -------------------------------------------------------------------------------- 1 | cmake_minimum_required(VERSION 3.10) 2 | 3 | find_package(QT NAMES Qt6 Qt5 REQUIRED COMPONENTS Core) 4 | #find_package(Qt4 4.8.6 REQUIRED QtCore QtScript) 5 | #find_package(Qt4 4.8.7 REQUIRED QtCore QtScript) 6 | 7 | if(${QT_VERSION_MAJOR} EQUAL 5) 8 | find_package(Qt5 REQUIRED COMPONENTS Script) 9 | find_package(Qt5 REQUIRED COMPONENTS Concurrent) 10 | endif() 11 | 12 | if(${QT_VERSION_MAJOR} GREATER_EQUAL 6) 13 | find_package(Qt${QT_VERSION_MAJOR} REQUIRED COMPONENTS Qml) 14 | find_package(Qt${QT_VERSION_MAJOR} REQUIRED COMPONENTS Concurrent) 15 | endif() 16 | 17 | include(../dep/build_tools/cmake/deploy.cmake) 18 | file (STRINGS ${PROJECT_SOURCE_DIR}/release_version.txt X_PROJECT_VERSION) 19 | 20 | project(die_lib VERSION ${X_PROJECT_VERSION} LANGUAGES CXX) 21 | 22 | set(X_COMPANYNAME "ntinfo") 23 | set(X_PROJECTNAME "dielib") 24 | set(X_MAINTAINER "horsicq@gmail.com") 25 | set(X_DESCRIPTION "Detect It Easy library") 26 | set(X_HOMEPAGE "https://github.com/horsicq/die_library") 27 | set(X_ORIGINAL_FILENAME "dielib") 28 | 29 | deploy_init() 30 | 31 | add_subdirectory(../dep/XCapstone/x86 XCapstone) 32 | add_subdirectory(../dep/XArchive XArchive) 33 | add_subdirectory(lib dielib) 34 | -------------------------------------------------------------------------------- /samples/VB.NET/FormMain.vb: -------------------------------------------------------------------------------- 1 | Imports System.Runtime.InteropServices 'for DllImport() 2 | Imports System.Text 3 | 4 | Public Class FormMain 5 | 7 | Shared Function DIE_VB_ScanFile(lpFileName As String, nFlags As Integer, lpDataBase As String, lpBuffer As String, nBufferSize As Integer) As Integer 8 | End Function 9 | 10 | Private Sub FormMain_Load(sender As Object, e As EventArgs) Handles MyBase.Load 11 | TextBoxFileName.Text = "C:\Windows\notepad.exe" 12 | TextBoxDataBase.Text = "$app/db" 13 | End Sub 14 | Private Sub ButtonScan_Click(sender As Object, e As EventArgs) Handles ButtonScan.Click 15 | Dim sFileName As String = TextBoxFileName.Text 16 | Dim sDataBase As String = TextBoxDataBase.Text 17 | Dim nBufferSize = 10000 18 | Dim sBuffer As String 19 | sBuffer = Space$(nBufferSize) 20 | Dim nResult As Integer = DIE_VB_ScanFile(sFileName, 0, sDataBase, sBuffer, nBufferSize - 1) 21 | sBuffer = sBuffer.Substring(0, nResult) 22 | RichTextBoxResult.Text = sBuffer 23 | 24 | End Sub 25 | End Class 26 | -------------------------------------------------------------------------------- /res/resource.rc.in: -------------------------------------------------------------------------------- 1 | #include 2 | 3 | IDI_ICON1 ICON DISCARDABLE "main.ico" 4 | 5 | CREATEPROCESS_MANIFEST_RESOURCE_ID RT_MANIFEST "windows.manifest.xml" 6 | VS_VERSION_INFO VERSIONINFO 7 | FILEVERSION @PROJECT_VERSION_MAJOR@,@PROJECT_VERSION_MINOR@,@PROJECT_VERSION_PATCH@,0 8 | PRODUCTVERSION @PROJECT_VERSION_MAJOR@,@PROJECT_VERSION_MINOR@,@PROJECT_VERSION_PATCH@,0 9 | FILEFLAGSMASK 0x3fL 10 | #ifdef _DEBUG 11 | FILEFLAGS VS_FF_DEBUG 12 | #else 13 | FILEFLAGS 0x0L 14 | #endif 15 | FILEOS VOS__WINDOWS32 16 | FILETYPE VFT_DLL 17 | FILESUBTYPE 0x0L 18 | BEGIN 19 | BLOCK "StringFileInfo" 20 | BEGIN 21 | BLOCK "040904b0" 22 | BEGIN 23 | VALUE "CompanyName", "@X_COMPANYNAME@\0" 24 | VALUE "FileDescription", "@X_DESCRIPTION@\0" 25 | VALUE "FileVersion", "@PROJECT_VERSION_MAJOR@.@PROJECT_VERSION_MINOR@.@PROJECT_VERSION_PATCH@.0\0" 26 | VALUE "LegalCopyright", "@X_MAINTAINER@\0" 27 | VALUE "OriginalFilename", "@X_ORIGINAL_FILENAME@.exe\0" 28 | VALUE "ProductName", "@X_PROJECTNAME@\0" 29 | VALUE "ProductVersion", "@PROJECT_VERSION_MAJOR@.@PROJECT_VERSION_MINOR@.@PROJECT_VERSION_PATCH@.0\0" 30 | END 31 | END 32 | BLOCK "VarFileInfo" 33 | BEGIN 34 | VALUE "Translation", 0x0409, 1200 35 | END 36 | END 37 | /* End of Version info */ 38 | 39 | -------------------------------------------------------------------------------- /src/global.h: -------------------------------------------------------------------------------- 1 | // copyright (c) 2019-2023 hors 2 | // 3 | // Permission is hereby granted, free of charge, to any person obtaining a copy 4 | // of this software and associated documentation files (the "Software"), to deal 5 | // in the Software without restriction, including without limitation the rights 6 | // to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 7 | // copies of the Software, and to permit persons to whom the Software is 8 | // furnished to do so, subject to the following conditions: 9 | 10 | // The above copyright notice and this permission notice shall be included in all 11 | // copies or substantial portions of the Software. 12 | 13 | // THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 14 | // IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 15 | // FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 16 | // AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 17 | // LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 18 | // OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 19 | // SOFTWARE. 20 | // 21 | 22 | #ifndef GLOBAL_H 23 | #define GLOBAL_H 24 | 25 | #define X_APPLICATIONNAME "DIE-library" 26 | #define X_APPLICATIONVERSION "0.01" 27 | #define X_ORGANIZATIONNAME "NTInfo" 28 | #define X_ORGANIZATIONDOMAIN "ntinfo.biz" 29 | 30 | #endif // GLOBAL_H 31 | -------------------------------------------------------------------------------- /res/windows.manifest.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | true 23 | 24 | 25 | 26 | 27 | 28 | 29 | 30 | 31 | 32 | 33 | 34 | 35 | -------------------------------------------------------------------------------- /samples/VB6/Module1.bas: -------------------------------------------------------------------------------- 1 | Attribute VB_Name = "Module1" 2 | Option Explicit 3 | 4 | Global abort As Boolean 5 | 6 | Private Declare Function lstrlenW Lib "kernel32" (ByVal lpString As Long) As Long 7 | Private Declare Sub CopyMemory Lib "kernel32" Alias "RtlMoveMemory" (pDest As Any, pSrc As Any, ByVal ByteLen As Long) 8 | 9 | 'Return 0 to Abort, 1 to continue 10 | Function DIE_VB_CALLBACK(ByVal curSigName As Long, ByVal curSigindex As Long, ByVal maxSigs As Long) As Long 11 | 12 | On Error Resume Next 13 | Dim sz As Long, curSig As String 14 | 15 | Form1.pb.Max = maxSigs 16 | Form1.pb.Value = curSigindex 17 | 18 | If curSigName <> 0 Then 19 | sz = lstrlenW(curSigName) 20 | If sz > 0 And sz < 2000 Then 21 | curSig = String(sz, 0) 22 | CopyMemory ByVal StrPtr(curSig), ByVal curSigName, sz 23 | Form1.lblSig = Replace(curSig, Chr(0), Empty) 24 | End If 25 | End If 26 | 27 | DoEvents 28 | DIE_VB_CALLBACK = IIf(abort, 0, 1) 29 | 30 | End Function 31 | 32 | 33 | Function GetParentFolder(path) As String 34 | Dim tmp() As String, ub As String 35 | tmp = Split(path, "\") 36 | ub = tmp(UBound(tmp)) 37 | GetParentFolder = Replace(Join(tmp, "\"), "\" & ub, "") 38 | End Function 39 | 40 | Function FileExists(path As String) As Boolean 41 | On Error GoTo hell 42 | 43 | If Len(path) = 0 Then Exit Function 44 | If Right(path, 1) = "\" Then Exit Function 45 | If Dir(path, vbHidden Or vbNormal Or vbReadOnly Or vbSystem) <> "" Then FileExists = True 46 | 47 | Exit Function 48 | hell: FileExists = False 49 | End Function 50 | 51 | Function FolderExists(path As String) As Boolean 52 | On Error GoTo hell 53 | Dim tmp As String 54 | tmp = path & "\" 55 | If Len(tmp) = 1 Then Exit Function 56 | If Dir(tmp, vbDirectory) <> "" Then FolderExists = True 57 | Exit Function 58 | hell: 59 | End Function 60 | 61 | 62 | -------------------------------------------------------------------------------- /.gitmodules: -------------------------------------------------------------------------------- 1 | [submodule "Formats"] 2 | path = Formats 3 | url = https://github.com/horsicq/Formats.git 4 | [submodule "die_script"] 5 | path = dep/die_script 6 | url = https://github.com/horsicq/die_script.git 7 | [submodule "XArchive"] 8 | path = dep/XArchive 9 | url = https://github.com/horsicq/XArchive.git 10 | [submodule "Detect-It-Easy"] 11 | path = dep/Detect-It-Easy 12 | url = https://github.com/horsicq/Detect-It-Easy.git 13 | [submodule "build_tools"] 14 | path = dep/build_tools 15 | url = https://github.com/horsicq/build_tools 16 | [submodule "XCapstone"] 17 | path = dep/XCapstone 18 | url = https://github.com/horsicq/XCapstone 19 | [submodule "XDEX"] 20 | path = dep/XDEX 21 | url = https://github.com/horsicq/XDEX 22 | [submodule "XPDF"] 23 | path = dep/XPDF 24 | url = https://github.com/horsicq/XPDF 25 | [submodule "dep/Detect-It-Easy"] 26 | path = dep/Detect-It-Easy 27 | url = https://github.com/horsicq/Detect-It-Easy 28 | [submodule "dep/build_tools"] 29 | path = dep/build_tools 30 | url = https://github.com/horsicq/build_tools 31 | [submodule "dep/die_script"] 32 | path = dep/die_script 33 | url = https://github.com/horsicq/die_script 34 | [submodule "dep/Formats"] 35 | path = dep/Formats 36 | url = https://github.com/horsicq/Formats 37 | [submodule "dep/XArchive"] 38 | path = dep/XArchive 39 | url = https://github.com/horsicq/XArchive 40 | [submodule "dep/XCapstone"] 41 | path = dep/XCapstone 42 | url = https://github.com/horsicq/XCapstone 43 | [submodule "dep/XDEX"] 44 | path = dep/XDEX 45 | url = https://github.com/horsicq/XDEX 46 | [submodule "dep/XPDF"] 47 | path = dep/XPDF 48 | url = https://github.com/horsicq/XPDF 49 | [submodule "dep/XOptions"] 50 | path = dep/XOptions 51 | url = https://github.com/horsicq/XOptions 52 | [submodule "dep/XExtractor"] 53 | path = dep/XExtractor 54 | url = https://github.com/horsicq/XExtractor 55 | [submodule "dep/XScanEngine"] 56 | path = dep/XScanEngine 57 | url = https://github.com/horsicq/XScanEngine 58 | [submodule "dep/XDisasmCore"] 59 | path = dep/XDisasmCore 60 | url = https://github.com/horsicq/XDisasmCore.git 61 | [submodule "dep/XStaticUnpacker"] 62 | path = dep/XStaticUnpacker 63 | url = https://github.com/horsicq/XStaticUnpacker 64 | -------------------------------------------------------------------------------- /src/include/die.h: -------------------------------------------------------------------------------- 1 | #ifndef DIELIB_H 2 | #define DIELIB_H 3 | 4 | #ifdef _WIN32 5 | #include 6 | #endif 7 | 8 | // flags 9 | #define DIE_DEEPSCAN 0x00000001 10 | #define DIE_HEURISTICSCAN 0x00000002 11 | #define DIE_ALLTYPESSCAN 0x00000004 12 | #define DIE_RECURSIVESCAN 0x00000008 13 | #define DIE_VERBOSE 0x00000010 14 | #define DIE_AGGRESSIVESCAN 0x00000020 15 | #define DIE_RESULTASXML 0x00010000 16 | #define DIE_RESULTASJSON 0x00020000 17 | #define DIE_RESULTASTSV 0x00040000 18 | #define DIE_RESULTASCSV 0x00080000 19 | 20 | #ifdef __cplusplus 21 | extern "C" { 22 | #endif 23 | 24 | char *DIE_ScanFileA(char *pszFileName, unsigned int nFlags, char *pszDatabase); 25 | wchar_t *DIE_ScanFileW(wchar_t *pwszFileName, unsigned int nFlags, wchar_t *pwszDatabase); 26 | char *DIE_ScanMemoryA(char *pMemory, int nMemorySize, unsigned int nFlags, char *pszDatabase); 27 | wchar_t *DIE_ScanMemoryW(char *pMemory, int nMemorySize, unsigned int nFlags, wchar_t *pwszDatabase); 28 | int DIE_LoadDatabaseA(char *pszDatabase); 29 | int DIE_LoadDatabaseW(wchar_t *pwszDatabase); 30 | char *DIE_ScanFileExA(char *pszFileName, unsigned int nFlags); 31 | wchar_t *DIE_ScanFileExW(wchar_t *pwszFileName, unsigned int nFlags); 32 | char *DIE_ScanMemoryExA(char *pMemory, int nMemorySize, unsigned int nFlags); 33 | wchar_t *DIE_ScanMemoryExW(char *pMemory, int nMemorySize, unsigned int nFlags); 34 | void DIE_FreeMemoryA(char *pszString); 35 | void DIE_FreeMemoryW(wchar_t *pwszString); 36 | 37 | #ifdef _WIN32 38 | int __stdcall DIE_VB_ScanFile(wchar_t *pwszFileName, unsigned int nFlags, wchar_t *pwszDatabase, wchar_t *pwszBuffer, int nBufferSize); 39 | 40 | // Define callback function type for progress reporting and scan control 41 | // Return Value 0 - Abort the scanning process. 1 - Continue the scanning process. 42 | typedef int(__stdcall *DIE_VB_CALLBACK)(wchar_t *curSigName, int curSigindex, int maxSigs); 43 | int __stdcall DIE_VB_ScanFileCallback(wchar_t *pwszFileName, unsigned int nFlags, wchar_t *pwszDatabase, wchar_t *pwszBuffer, int nBufferSize, 44 | DIE_VB_CALLBACK pfnCallback); 45 | 46 | #endif 47 | 48 | #ifdef UNICODE 49 | #define DIE_ScanFile DIE_ScanFileW 50 | #define DIE_ScanMemory DIE_ScanMemoryW 51 | #define DIE_LoadDatabase DIE_LoadDatabaseW 52 | #define DIE_ScanFileEx DIE_ScanFileExW 53 | #define DIE_ScanMemoryEx DIE_ScanMemoryExW 54 | #define DIE_FreeMemory DIE_FreeMemoryW 55 | #else 56 | #define DIE_ScanFile DIE_ScanFileA 57 | #define DIE_ScanMemory DIE_ScanMemoryA 58 | #define DIE_LoadDatabase DIE_LoadDatabaseA 59 | #define DIE_ScanFileEx DIE_ScanFileExA 60 | #define DIE_ScanMemoryEx DIE_ScanMemoryExA 61 | #define DIE_FreeMemory DIE_FreeMemoryA 62 | #endif 63 | 64 | #ifdef __cplusplus 65 | } 66 | #endif 67 | 68 | #endif // DIELIB_H 69 | -------------------------------------------------------------------------------- /.github/workflows/checkLinux.yml: -------------------------------------------------------------------------------- 1 | # This starter workflow is for a CMake project running on multiple platforms. There is a different starter workflow if you just want a single platform. 2 | # See: https://github.com/actions/starter-workflows/blob/main/ci/cmake-single-platform.yml 3 | name: Check CMake on Linux 4 | 5 | on: 6 | workflow_dispatch: 7 | release: 8 | types: [created] 9 | schedule: 10 | - cron: '0 0 * * MON' 11 | 12 | jobs: 13 | build: 14 | runs-on: ${{ matrix.os }} 15 | 16 | strategy: 17 | fail-fast: false 18 | matrix: 19 | os: [ubuntu-latest] 20 | build_type: [Release] 21 | c_compiler: [gcc, clang, cl] 22 | include: 23 | - os: ubuntu-latest 24 | c_compiler: gcc 25 | cpp_compiler: g++ 26 | - os: ubuntu-latest 27 | c_compiler: clang 28 | cpp_compiler: clang++ 29 | exclude: 30 | - os: ubuntu-latest 31 | c_compiler: cl 32 | 33 | steps: 34 | - uses: actions/checkout@v4 35 | with: 36 | submodules: recursive 37 | 38 | - name: Set reusable strings 39 | # Turn repeated input strings (such as the build output directory) into step outputs. These step outputs can be used throughout the workflow file. 40 | id: strings 41 | shell: bash 42 | run: | 43 | echo "build-output-dir=${{ github.workspace }}/build" >> "$GITHUB_OUTPUT" 44 | 45 | - name: Install Qt (Ubuntu) 46 | if: matrix.os == 'ubuntu-latest' 47 | run: | 48 | sudo apt-get update 49 | sudo apt-get install qtbase5-dev qtscript5-dev qttools5-dev-tools libqt5svg5-dev qtchooser qt5-qmake build-essential -y 50 | 51 | - name: Configure CMake 52 | # Configure CMake in a 'build' subdirectory. `CMAKE_BUILD_TYPE` is only required if you are using a single-configuration generator such as make. 53 | # See https://cmake.org/cmake/help/latest/variable/CMAKE_BUILD_TYPE.html?highlight=cmake_build_type 54 | run: > 55 | cmake -B ${{ steps.strings.outputs.build-output-dir }} 56 | -DCMAKE_CXX_COMPILER=${{ matrix.cpp_compiler }} 57 | -DCMAKE_C_COMPILER=${{ matrix.c_compiler }} 58 | -DCMAKE_BUILD_TYPE=${{ matrix.build_type }} 59 | -S ${{ github.workspace }} 60 | 61 | - name: Build 62 | # Build your program with the given configuration. Note that --config is needed because the default Windows generator is a multi-config generator (Visual Studio generator). 63 | run: cmake --build ${{ steps.strings.outputs.build-output-dir }} --config ${{ matrix.build_type }} 64 | 65 | - name: Test 66 | working-directory: ${{ steps.strings.outputs.build-output-dir }} 67 | # Execute tests defined by the CMake configuration. Note that --build-config is needed because the default Windows generator is a multi-config generator (Visual Studio generator). 68 | # See https://cmake.org/cmake/help/latest/manual/ctest.1.html for more detail 69 | run: ctest --build-config ${{ matrix.build_type }} 70 | -------------------------------------------------------------------------------- /samples/VB.NET/FormMain.Designer.vb: -------------------------------------------------------------------------------- 1 | 2 | Partial Class FormMain 3 | Inherits System.Windows.Forms.Form 4 | 5 | 6 | Protected Overrides Sub Dispose(ByVal disposing As Boolean) 7 | Try 8 | If disposing AndAlso components IsNot Nothing Then 9 | components.Dispose() 10 | End If 11 | Finally 12 | MyBase.Dispose(disposing) 13 | End Try 14 | End Sub 15 | 16 | Private components As System.ComponentModel.IContainer 17 | 18 | 19 | Private Sub InitializeComponent() 20 | Me.ButtonScan = New System.Windows.Forms.Button() 21 | Me.TextBoxFileName = New System.Windows.Forms.TextBox() 22 | Me.RichTextBoxResult = New System.Windows.Forms.RichTextBox() 23 | Me.TextBoxDataBase = New System.Windows.Forms.TextBox() 24 | Me.SuspendLayout() 25 | ' 26 | 'ButtonScan 27 | ' 28 | Me.ButtonScan.Location = New System.Drawing.Point(513, 12) 29 | Me.ButtonScan.Name = "ButtonScan" 30 | Me.ButtonScan.Size = New System.Drawing.Size(76, 46) 31 | Me.ButtonScan.TabIndex = 0 32 | Me.ButtonScan.Text = "Scan" 33 | Me.ButtonScan.UseVisualStyleBackColor = True 34 | ' 35 | 'TextBoxFileName 36 | ' 37 | Me.TextBoxFileName.Location = New System.Drawing.Point(12, 12) 38 | Me.TextBoxFileName.Name = "TextBoxFileName" 39 | Me.TextBoxFileName.Size = New System.Drawing.Size(495, 20) 40 | Me.TextBoxFileName.TabIndex = 1 41 | ' 42 | 'RichTextBoxResult 43 | ' 44 | Me.RichTextBoxResult.Location = New System.Drawing.Point(12, 64) 45 | Me.RichTextBoxResult.Name = "RichTextBoxResult" 46 | Me.RichTextBoxResult.Size = New System.Drawing.Size(495, 240) 47 | Me.RichTextBoxResult.TabIndex = 3 48 | Me.RichTextBoxResult.Text = "" 49 | ' 50 | 'TextBoxDataBase 51 | ' 52 | Me.TextBoxDataBase.Location = New System.Drawing.Point(12, 38) 53 | Me.TextBoxDataBase.Name = "TextBoxDataBase" 54 | Me.TextBoxDataBase.Size = New System.Drawing.Size(495, 20) 55 | Me.TextBoxDataBase.TabIndex = 4 56 | ' 57 | 'FormMain 58 | ' 59 | Me.AutoScaleDimensions = New System.Drawing.SizeF(6.0!, 13.0!) 60 | Me.AutoScaleMode = System.Windows.Forms.AutoScaleMode.Font 61 | Me.ClientSize = New System.Drawing.Size(601, 318) 62 | Me.Controls.Add(Me.TextBoxDataBase) 63 | Me.Controls.Add(Me.RichTextBoxResult) 64 | Me.Controls.Add(Me.TextBoxFileName) 65 | Me.Controls.Add(Me.ButtonScan) 66 | Me.Name = "FormMain" 67 | Me.Text = "DIE" 68 | Me.ResumeLayout(False) 69 | Me.PerformLayout() 70 | 71 | End Sub 72 | 73 | Friend WithEvents ButtonScan As Button 74 | Friend WithEvents TextBoxFileName As TextBox 75 | Friend WithEvents RichTextBoxResult As RichTextBox 76 | Friend WithEvents TextBoxDataBase As TextBox 77 | End Class 78 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # DiE (Detect It Easy) Library Documentation 2 | 3 | ## Overview 4 | 5 | The DiE (Detect It Easy) library is an open-source project designed to provide a flexible and efficient way to detect packers, cryptors, and compilers in executable files. This documentation will guide you through the process of setting up and using the library. 6 | 7 | ## Table of Contents 8 | 9 | 1. [Prerequisites](#prerequisites) 10 | 2. [Installation](#installation) 11 | 3. [Building the Project](#building-the-project) 12 | 4. [Python Binding](#python-binding) 13 | 5. [Rust Binding](#rust-binding) 14 | 6. [License](#license) 15 | 16 | ## Prerequisites 17 | 18 | Before building the DiE library, ensure you have the following dependencies installed: 19 | 20 | - **Qt**: The Qt framework is required for building the project. 21 | - **CMake**: CMake is used for managing the build process. 22 | - **Compiler**: A C++ compiler compatible with your operating system (e.g., GCC, Clang, MSVC). 23 | 24 | ## Installation 25 | 26 | 1. **Clone the repository**: 27 | 28 | git clone --recursive https://github.com/horsicq/die_library.git && 29 | cd die_library 30 | 31 | ## Building the Project 32 | 33 | ### Linux 34 | 35 | 1. **Install Qt and CMake**: 36 | 37 | For Debian 10 (Buster) and Ubuntu 18.04 (Bionic Beaver) and earlier: 38 | sudo apt-get update 39 | sudo apt-get install qt5-default cmake build-essential 40 | 41 | For Debian 11 (Bullseye) and Ubuntu 20.04 (Focal Fossa) and later: 42 | sudo apt-get update 43 | sudo apt-get install qtbase5-dev qtchooser qt5-qmake qtbase5-dev-tools qtscript5-dev 44 | 45 | 2. **Create a build directory**: 46 | 47 | mkdir build 48 | cd build 49 | 50 | 3. **Generate Makefiles using CMake**: 51 | 52 | cmake .. 53 | 54 | 4. **Build the project**: 55 | 56 | make 57 | 58 | ### Windows 59 | 60 | 1. **Install Qt and CMake**: 61 | - Download and install Qt from [Qt's official website](https://www.qt.io/download). 62 | - Download and install CMake from [CMake's official website](https://cmake.org/download/). 63 | 64 | 2. **Create a build directory**: 65 | 66 | mkdir build 67 | cd build 68 | 69 | 3. **Generate Visual Studio project files using CMake**: 70 | 71 | cmake .. -G "Visual Studio 16 2019" 72 | 73 | 4. **Build the project**: 74 | Open the generated `.sln` file in Visual Studio and build the solution. 75 | 76 | ### macOS 77 | 78 | 1. **Install Qt and CMake**: 79 | 80 | brew install qt cmake 81 | 82 | 2. **Create a build directory**: 83 | 84 | mkdir build 85 | cd build 86 | 87 | 3. **Generate Makefiles using CMake**: 88 | 89 | cmake .. 90 | 91 | 4. **Build the project**: 92 | 93 | make 94 | 95 | ## Python Binding 96 | 97 | To build the Python binding for the DiE library, refer to the [die-python](https://github.com/elastic/die-python) repository. 98 | 99 | ## Rust Binding 100 | 101 | To build the Rust binding for the DiE library, refer to the [die-rust](https://github.com/elastic/die-rust) repository. 102 | 103 | ## License 104 | 105 | The DiE library is released under the MIT License. See the [LICENSE](LICENSE) file for more details. 106 | 107 | --- 108 | 109 | For further assistance, please refer to the issues section on the [GitHub repository](https://github.com/horsicq/die_library/issues) or contact the maintainers. 110 | -------------------------------------------------------------------------------- /src/lib/CMakeLists.txt: -------------------------------------------------------------------------------- 1 | cmake_minimum_required(VERSION 3.10) 2 | 3 | project(die LANGUAGES CXX) 4 | 5 | set(CMAKE_AUTOUIC ON) 6 | set(CMAKE_AUTOMOC ON) 7 | set(CMAKE_AUTORCC ON) 8 | set(CMAKE_INCLUDE_CURRENT_DIR ON) 9 | set(CMAKE_CXX_STANDARD 11) 10 | set(CMAKE_CXX_STANDARD_REQUIRED ON) 11 | 12 | message(${PROJECT_SOURCE_DIR}) 13 | 14 | if(WIN32) 15 | add_definitions(-DWIN32) 16 | if(${QT_VERSION_MAJOR} LESS 5) 17 | set (CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} /Zc:wchar_t-") 18 | set (CMAKE_CXX_FLAGS_DEBUG "${CMAKE_CXX_FLAGS_DEBUG} /Zc:wchar_t-") 19 | set (CMAKE_CXX_FLAGS_RELEASE "${CMAKE_CXX_FLAGS_RELEASE} /Zc:wchar_t-") 20 | set (CMAKE_CXX_FLAGS_MINSIZEREL "${CMAKE_CXX_FLAGS_MINSIZEREL} /Zc:wchar_t-") 21 | endif() 22 | else() 23 | add_definitions(-fPIC) 24 | endif() 25 | 26 | add_definitions( 27 | -DQT_DEPRECATED_WARNINGS 28 | -DLIB_SOURCE_LIBRARY 29 | -DUSE_DEX 30 | -DUSE_PDF 31 | -DUSE_ARCHIVE 32 | -DUSE_YARA 33 | ) 34 | 35 | include(${CMAKE_CURRENT_LIST_DIR}/../../dep/die_script/die_script.cmake) 36 | include(GNUInstallDirs) 37 | 38 | set(PROJECT_SOURCES 39 | ${DIE_SCRIPT_SOURCES} 40 | die_lib.cpp 41 | die_lib.h 42 | ) 43 | 44 | if(DIE_BUILD_AS_STATIC) 45 | message(STATUS "Building DieLib as static") 46 | add_library(die STATIC 47 | ${PROJECT_SOURCES} 48 | ) 49 | else() 50 | message(STATUS "Building DieLib as shared") 51 | add_library(die SHARED 52 | ${PROJECT_SOURCES} 53 | ) 54 | endif() 55 | 56 | set(CMAKE_WINDOWS_EXPORT_ALL_SYMBOLS ON) 57 | 58 | target_link_libraries(die PRIVATE bzip2) 59 | target_link_libraries(die PRIVATE lzma) 60 | target_link_libraries(die PRIVATE zlib) 61 | target_link_libraries(die PRIVATE ppmd) 62 | target_link_libraries(die PRIVATE capstone_x86) 63 | 64 | if(${QT_VERSION_MAJOR} EQUAL 4) 65 | target_link_libraries(die PRIVATE Qt4::QtCore) 66 | target_link_libraries(die PRIVATE Qt4::QtScript) 67 | target_link_libraries(die PRIVATE Qt4::Concurrent) 68 | endif() 69 | 70 | if(${QT_VERSION_MAJOR} EQUAL 5) 71 | target_link_libraries(die PRIVATE Qt${QT_VERSION_MAJOR}::Core) 72 | target_link_libraries(die PRIVATE Qt${QT_VERSION_MAJOR}::Script) 73 | target_link_libraries(die PRIVATE Qt${QT_VERSION_MAJOR}::Concurrent) 74 | endif() 75 | 76 | if(${QT_VERSION_MAJOR} GREATER_EQUAL 6) 77 | target_link_libraries(die PRIVATE Qt${QT_VERSION_MAJOR}::Core) 78 | target_link_libraries(die PRIVATE Qt${QT_VERSION_MAJOR}::Qml) 79 | target_link_libraries(die PRIVATE Qt${QT_VERSION_MAJOR}::Concurrent) 80 | endif() 81 | 82 | if(WIN32) 83 | target_link_libraries(die PRIVATE Wintrust) 84 | target_link_libraries(die PRIVATE Crypt32) 85 | target_link_libraries(die PRIVATE comsuppwd) 86 | endif() 87 | 88 | if(WIN32) 89 | install (TARGETS die DESTINATION "./") 90 | install (DIRECTORY ../../dep/Detect-It-Easy/db DESTINATION "./") 91 | install (FILES ../include/die.h DESTINATION "./include" OPTIONAL) 92 | deploy_qt() 93 | deploy_msvc() 94 | else() 95 | install (TARGETS die DESTINATION ${CMAKE_INSTALL_LIBDIR}) 96 | install (DIRECTORY ../../dep/Detect-It-Easy/db DESTINATION "${CMAKE_INSTALL_LIBDIR}/dielib" OPTIONAL) 97 | install (FILES ../include/die.h DESTINATION "${CMAKE_INSTALL_INCLUDEDIR}/dielib" OPTIONAL) 98 | endif() 99 | -------------------------------------------------------------------------------- /src/lib/die_lib.h: -------------------------------------------------------------------------------- 1 | /* Copyright (c) 2019-2024 hors 2 | * 3 | * Permission is hereby granted, free of charge, to any person obtaining a copy 4 | * of this software and associated documentation files (the "Software"), to deal 5 | * in the Software without restriction, including without limitation the rights 6 | * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 7 | * copies of the Software, and to permit persons to whom the Software is 8 | * furnished to do so, subject to the following conditions: 9 | * 10 | * The above copyright notice and this permission notice shall be included in all 11 | * copies or substantial portions of the Software. 12 | * 13 | * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 14 | * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 15 | * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 16 | * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 17 | * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 18 | * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 19 | * SOFTWARE. 20 | */ 21 | #ifndef DIE_LIB_H 22 | #define DIE_LIB_H 23 | 24 | #include "die_script.h" 25 | #include "scanitemmodel.h" 26 | #ifdef Q_OS_WIN32 27 | #include 28 | #include 29 | #endif 30 | 31 | #if defined(LIB_SOURCE_LIBRARY) 32 | #define LIB_SOURCE_EXPORT Q_DECL_EXPORT 33 | #else 34 | #define LIB_SOURCE_EXPORT Q_DECL_IMPORT 35 | #endif 36 | 37 | #ifdef Q_OS_WIN32 38 | typedef int(__stdcall *DIE_VB_CALLBACK)(wchar_t *curSigName, int curSigindex, int maxSigs); 39 | #endif 40 | 41 | class DIE_lib { 42 | public: 43 | DIE_lib(); 44 | ~DIE_lib(); 45 | 46 | char *scanFileA(char *pszFileName, unsigned int nFlags, char *pszDatabase); 47 | wchar_t *scanFileW(wchar_t *pwszFileName, unsigned int nFlags, wchar_t *pwszDatabase); 48 | char *scanMemoryA(char *pMemory, int nMemorySize, unsigned int nFlags, char *pszDatabase); 49 | wchar_t *scanMemoryW(char *pMemory, int nMemorySize, unsigned int nFlags, wchar_t *pwszDatabase); 50 | int loadDatabaseA(char *pszDatabase); 51 | int loadDatabaseW(wchar_t *pwszDatabase); 52 | char *scanFileExA(char *pszFileName, unsigned int nFlags); 53 | wchar_t *scanFileExW(wchar_t *pwszFileName, unsigned int nFlags); 54 | char *scanMemoryExA(char *pMemory, int nMemorySize, unsigned int nFlags); 55 | wchar_t *scanMemoryExW(char *pMemory, int nMemorySize, unsigned int nFlags); 56 | void freeMemoryA(char *pszString); 57 | void freeMemoryW(wchar_t *pwszString); 58 | #ifdef Q_OS_WIN32 59 | int VB_ScanFile(wchar_t *pwszFileName, unsigned int nFlags, wchar_t *pwszDatabase, wchar_t *pwszBuffer, int nBufferSize); 60 | int VB_ScanFileCallback(wchar_t *pwszFileName, unsigned int nFlags, wchar_t *pwszDatabase, wchar_t *pwszBuffer, int nBufferSize, DIE_VB_CALLBACK pfnCallback); 61 | #endif 62 | 63 | private: 64 | bool _loadDatabase(QString sDatabase); 65 | QString _scanFileEx(QString sFileName, quint32 nFlags); 66 | QString _scanMemoryEx(char *pMemory, int nMemorySize, quint32 nFlags); 67 | QString _scanFile(QString sFileName, quint32 nFlags, QString sDatabase); 68 | QString _scanMemory(char *pMemory, int nMemorySize, quint32 nFlags, QString sDatabase); 69 | 70 | private: 71 | static DiE_Script *g_pDieScript; 72 | std::shared_ptr m_App; 73 | }; 74 | 75 | #endif // DIE_LIB_H 76 | -------------------------------------------------------------------------------- /.github/workflows/builder.yml: -------------------------------------------------------------------------------- 1 | # This starter workflow is for a CMake project running on multiple platforms. There is a different starter workflow if you just want a single platform. 2 | # See: https://github.com/actions/starter-workflows/blob/main/ci/cmake-single-platform.yml 3 | name: Builder 4 | 5 | on: 6 | workflow_dispatch: 7 | release: 8 | types: [created] 9 | schedule: 10 | - cron: '0 0 * * MON' 11 | 12 | env: 13 | SRC_PATH: ${{ github.workspace }}/src 14 | SRC_PATH_WIN: ${{ github.workspace }}\src 15 | RELEASE_PATH: ${{ github.workspace }}/src/release 16 | 17 | jobs: 18 | build-windows-32: 19 | runs-on: windows-2022 20 | steps: 21 | - uses: actions/checkout@v4 22 | with: 23 | submodules: 'recursive' 24 | path: ${{ env.SRC_PATH }} 25 | 26 | - name: Setup MSVC 27 | uses: ilammy/msvc-dev-cmd@v1 28 | with: 29 | arch: x86 30 | 31 | - name: Install Qt 32 | uses: jurplel/install-qt-action@v4 33 | with: 34 | version: '5.15.2' 35 | host: 'windows' 36 | target: 'desktop' 37 | arch: 'win32_msvc2019' 38 | dir: ${{ github.workspace }} 39 | modules: qtscript 40 | 41 | - name: Build 42 | shell: cmd 43 | working-directory: ${{ env.SRC_PATH }} 44 | run: | 45 | call "C:\Program Files (x86)\Microsoft Visual Studio\2019\Enterprise\VC\Auxiliary\Build\vcvarsall.bat" x86 46 | mkdir tmp_build 47 | cd tmp_build 48 | cmake -DCMAKE_BUILD_TYPE=MinSizeRel -DCMAKE_PREFIX_PATH="${{ github.workspace }}\Qt\5.15.2\msvc2019" -G "NMake Makefiles" .. 49 | nmake 50 | cpack -G ZIP 51 | 52 | - name: Upload Release as Download 53 | uses: softprops/action-gh-release@v2 54 | env: 55 | RELEASE_TOKEN: ${{ secrets.RELEASE_TOKEN }} 56 | with: 57 | tag_name: Beta 58 | draft: false 59 | prerelease: true 60 | files: | 61 | ${{ env.SRC_PATH }}/tmp_build/packages/*.zip 62 | 63 | build-windows-64: 64 | runs-on: windows-2022 65 | steps: 66 | - uses: actions/checkout@v4 67 | with: 68 | submodules: 'recursive' 69 | path: ${{ env.SRC_PATH }} 70 | 71 | - name: Setup MSVC 72 | uses: ilammy/msvc-dev-cmd@v1 73 | with: 74 | arch: x64 75 | 76 | - name: Install Qt 77 | uses: jurplel/install-qt-action@v4 78 | with: 79 | version: '5.15.2' 80 | host: 'windows' 81 | target: 'desktop' 82 | arch: 'win64_msvc2019_64' 83 | dir: ${{ github.workspace }} 84 | modules: qtscript 85 | 86 | - name: Build 87 | shell: cmd 88 | working-directory: ${{ env.SRC_PATH }} 89 | run: | 90 | call "C:\Program Files (x86)\Microsoft Visual Studio\2019\Enterprise\VC\Auxiliary\Build\vcvarsall.bat" x64 91 | mkdir tmp_build 92 | cd tmp_build 93 | cmake -DCMAKE_BUILD_TYPE=MinSizeRel -DCMAKE_PREFIX_PATH="${{ github.workspace }}\Qt\5.15.2\msvc2019_64" -G "NMake Makefiles" .. 94 | nmake 95 | cpack -G ZIP 96 | 97 | - name: Upload Release as Download 98 | uses: softprops/action-gh-release@v2 99 | env: 100 | RELEASE_TOKEN: ${{ secrets.RELEASE_TOKEN }} 101 | with: 102 | tag_name: Beta 103 | draft: false 104 | prerelease: true 105 | files: | 106 | ${{ env.SRC_PATH }}/tmp_build/packages/*.zip 107 | 108 | 109 | -------------------------------------------------------------------------------- /samples/VB6/Form1.frm: -------------------------------------------------------------------------------- 1 | VERSION 5.00 2 | Object = "{831FDD16-0C5C-11D2-A9FC-0000F8754DA1}#2.0#0"; "MSCOMCTL.OCX" 3 | Begin VB.Form Form1 4 | Caption = "DieLib vb6 Sample" 5 | ClientHeight = 4680 6 | ClientLeft = 60 7 | ClientTop = 345 8 | ClientWidth = 9330 9 | LinkTopic = "Form1" 10 | ScaleHeight = 4680 11 | ScaleWidth = 9330 12 | StartUpPosition = 2 'CenterScreen 13 | Begin VB.CommandButton cmdScan 14 | Caption = "Scan" 15 | Height = 375 16 | Left = 6960 17 | TabIndex = 5 18 | Top = 60 19 | Width = 855 20 | End 21 | Begin VB.TextBox txtFile 22 | Height = 315 23 | Left = 660 24 | OLEDropMode = 1 'Manual 25 | TabIndex = 4 26 | Top = 60 27 | Width = 6075 28 | End 29 | Begin VB.TextBox Text1 30 | Height = 3435 31 | Left = 180 32 | MultiLine = -1 'True 33 | ScrollBars = 3 'Both 34 | TabIndex = 2 35 | Top = 1080 36 | Width = 8895 37 | End 38 | Begin MSComctlLib.ProgressBar pb 39 | Height = 255 40 | Left = 180 41 | TabIndex = 1 42 | Top = 480 43 | Width = 9015 44 | _ExtentX = 15901 45 | _ExtentY = 450 46 | _Version = 393216 47 | Appearance = 1 48 | End 49 | Begin VB.CommandButton cmdAbort 50 | Caption = "Abort" 51 | Height = 375 52 | Left = 8040 53 | TabIndex = 0 54 | Top = 60 55 | Width = 975 56 | End 57 | Begin VB.Label lblSig 58 | Height = 255 59 | Left = 240 60 | TabIndex = 6 61 | Top = 780 62 | Width = 8895 63 | End 64 | Begin VB.Label Label1 65 | Caption = "Scan" 66 | Height = 255 67 | Left = 120 68 | TabIndex = 3 69 | Top = 120 70 | Width = 495 71 | End 72 | End 73 | Attribute VB_Name = "Form1" 74 | Attribute VB_GlobalNameSpace = False 75 | Attribute VB_Creatable = False 76 | Attribute VB_PredeclaredId = True 77 | Attribute VB_Exposed = False 78 | 79 | Const DIE_DEEPSCAN = &H1 80 | Const DIE_HEURISTICSCAN = &H2 81 | Const DIE_ALLTYPESSCAN = &H4 82 | Const DIE_RECURSIVESCAN = &H8 83 | Const DIE_VERBOSE = &H10 84 | Const DIE_AGGRESSIVESCAN = &H20 85 | Const DIE_RESULTASXML = &H10000 86 | Const DIE_RESULTASJSON = &H20000 87 | Const DIE_RESULTASTSV = &H40000 88 | Const DIE_RESULTASCSV = &H80000 89 | 90 | Private hDieDll As Long 91 | Private dieDB As String 92 | 93 | 'http://ntinfo.biz/ 94 | 'https://github.com/horsicq/die_library 95 | Private Declare Function DIE_VB_ScanFile Lib "die.dll" Alias "_DIE_VB_ScanFile@20" ( _ 96 | ByVal fileName As Long, ByVal flags As Long, ByVal db As Long, _ 97 | ByVal buf As Long, ByVal bufSz As Long) As Long 98 | 99 | Private Declare Function DIE_VB_ScanFileCallback Lib "die.dll" Alias "_DIE_VB_ScanFileCallback@24" ( _ 100 | ByVal fileName As Long, ByVal flags As Long, ByVal db As Long, _ 101 | ByVal buf As Long, ByVal bufSz As Long, ByVal pfnCallback As Long) As Long 102 | 103 | Private Declare Function LoadLibrary Lib "kernel32" Alias "LoadLibraryA" (ByVal lpLibFileName As String) As Long 104 | Private Declare Function SetDllDirectoryA Lib "kernel32" (ByVal lpPathName As String) As Long 105 | 106 | Private Sub cmdAbort_Click() 107 | abort = True 108 | End Sub 109 | 110 | Private Sub Form_Load() 111 | txtFile = "C:\Windows\explorer.exe" 112 | End Sub 113 | 114 | Function initDie() As Boolean 115 | 116 | Dim dll As String 117 | 118 | If hDieDll <> 0 Then 119 | initDie = True 120 | Exit Function 121 | End If 122 | 123 | dieDB = App.path & "\db" 124 | dll = App.path & "\die.dll" 125 | 126 | If Not FileExists(dll) Then 127 | dll = App.path & "\..\die.dll" 128 | If Not FileExists(dll) Then 129 | dll = App.path & "\..\..\die.dll" 130 | If Not FileExists(dll) Then 131 | Text1 = "die.dll not found: " & dll 132 | Exit Function 133 | End If 134 | End If 135 | End If 136 | 137 | If Not FolderExists(dieDB) Then 138 | dieDB = App.path & "\..\db" 139 | If Not FolderExists(dieDB) Then 140 | dieDB = App.path & "\..\..\db" 141 | If Not FolderExists(dieDB) Then 142 | Text1 = "db not found: " & dieDB 143 | Exit Function 144 | End If 145 | End If 146 | End If 147 | 148 | SetDllDirectoryA GetParentFolder(dll) 149 | hDieDll = LoadLibrary(dll) 150 | 151 | If hDieDll <> 0 Then initDie = True 152 | 153 | End Function 154 | 155 | Private Sub cmdScan_Click() 156 | 157 | Dim exe As String 158 | 159 | abort = False 160 | 161 | If Not initDie() Then 162 | Text1 = "Could not initDie()" 163 | Exit Sub 164 | End If 165 | 166 | exe = txtFile 167 | If Not FileExists(exe) Then 168 | Text1 = "File not found: " & exe 169 | Exit Sub 170 | End If 171 | 172 | flags = DIE_ALLTYPESSCAN Or DIE_VERBOSE 173 | buf = String(2000, Chr(0)) 174 | 175 | Text1 = "Starting die scan" 176 | v = DIE_VB_ScanFileCallback(StrPtr(exe), flags, StrPtr(dieDB), StrPtr(buf), Len(buf), AddressOf DIE_VB_CALLBACK) 177 | 178 | a = InStr(buf, Chr(0)) 179 | If a > 0 Then buf = Left(buf, a - 1) 180 | buf = Replace(buf, vbLf, vbCrLf) 181 | Text1 = buf 182 | 183 | pb.Value = 0 184 | lblSig.Caption = Empty 185 | 186 | End Sub 187 | 188 | Private Sub txtFile_OLEDragDrop(Data As DataObject, Effect As Long, Button As Integer, Shift As Integer, X As Single, Y As Single) 189 | On Error Resume Next 190 | Dim f As String 191 | f = Data.Files(1) 192 | If FileExists(f) Then txtFile = f 193 | End Sub 194 | -------------------------------------------------------------------------------- /src/lib/die_lib.cpp: -------------------------------------------------------------------------------- 1 | /* Copyright (c) 2019-2025 hors 2 | * 3 | * Permission is hereby granted, free of charge, to any person obtaining a copy 4 | * of this software and associated documentation files (the "Software"), to deal 5 | * in the Software without restriction, including without limitation the rights 6 | * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 7 | * copies of the Software, and to permit persons to whom the Software is 8 | * furnished to do so, subject to the following conditions: 9 | * 10 | * The above copyright notice and this permission notice shall be included in all 11 | * copies or substantial portions of the Software. 12 | * 13 | * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 14 | * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 15 | * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 16 | * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 17 | * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 18 | * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 19 | * SOFTWARE. 20 | */ 21 | #include "die_lib.h" 22 | 23 | #ifdef __cplusplus 24 | extern "C" { 25 | #endif 26 | 27 | namespace QCoreAppDLL { 28 | static int argc = 1; 29 | static char arg0[] = "die.dll"; 30 | static char *argv[] = {arg0, nullptr}; 31 | static std::shared_ptr pApp = nullptr; 32 | static std::mutex pApp_mutex; 33 | } // namespace QCoreAppDLL 34 | 35 | static void StaticDeletePointer(void *p) 36 | { 37 | if (p) { 38 | delete p; 39 | p = nullptr; 40 | } 41 | } 42 | #ifdef Q_OS_WIN32 43 | bool _scanEngineCallback(const QString &sCurrentSignature, qint32 nNumberOfSignatures, qint32 nCurrentIndex, void *pUserData) 44 | { 45 | wchar_t *bBuffer = new wchar_t[sCurrentSignature.size() + 1]; 46 | 47 | XBinary::_toWCharArray(sCurrentSignature, bBuffer); 48 | 49 | return ((DIE_VB_CALLBACK)pUserData)(bBuffer, nCurrentIndex, nNumberOfSignatures); 50 | } 51 | #endif 52 | 53 | LIB_SOURCE_EXPORT char *DIE_ScanFileA(char *pszFileName, unsigned int nFlags, char *pszDatabase) 54 | { 55 | return DIE_lib().scanFileA(pszFileName, nFlags, pszDatabase); 56 | } 57 | 58 | LIB_SOURCE_EXPORT wchar_t *DIE_ScanFileW(wchar_t *pwszFileName, unsigned int nFlags, wchar_t *pwszDatabase) 59 | { 60 | return DIE_lib().scanFileW(pwszFileName, nFlags, pwszDatabase); 61 | } 62 | 63 | LIB_SOURCE_EXPORT char *DIE_ScanMemoryA(char *pMemory, int nMemorySize, unsigned int nFlags, char *pszDatabase) 64 | { 65 | return DIE_lib().scanMemoryA(pMemory, nMemorySize, nFlags, pszDatabase); 66 | } 67 | 68 | LIB_SOURCE_EXPORT wchar_t *DIE_ScanMemoryW(char *pMemory, int nMemorySize, unsigned int nFlags, wchar_t *pwszDatabase) 69 | { 70 | return DIE_lib().scanMemoryW(pMemory, nMemorySize, nFlags, pwszDatabase); 71 | } 72 | 73 | LIB_SOURCE_EXPORT int DIE_LoadDatabaseA(char *pszDatabase) 74 | { 75 | return DIE_lib().loadDatabaseA(pszDatabase); 76 | } 77 | 78 | LIB_SOURCE_EXPORT int DIE_LoadDatabaseW(wchar_t *pwszDatabase) 79 | { 80 | return DIE_lib().loadDatabaseW(pwszDatabase); 81 | } 82 | 83 | LIB_SOURCE_EXPORT char *DIE_ScanFileExA(char *pszFileName, unsigned int nFlags) 84 | { 85 | return DIE_lib().scanFileExA(pszFileName, nFlags); 86 | } 87 | 88 | LIB_SOURCE_EXPORT wchar_t *DIE_ScanFileExW(wchar_t *pwszFileName, unsigned int nFlags) 89 | { 90 | return DIE_lib().scanFileExW(pwszFileName, nFlags); 91 | } 92 | 93 | LIB_SOURCE_EXPORT char *DIE_ScanMemoryExA(char *pMemory, int nMemorySize, unsigned int nFlags) 94 | { 95 | return DIE_lib().scanMemoryExA(pMemory, nMemorySize, nFlags); 96 | } 97 | 98 | LIB_SOURCE_EXPORT wchar_t *DIE_ScanMemoryExW(char *pMemory, int nMemorySize, unsigned int nFlags) 99 | { 100 | return DIE_lib().scanMemoryExW(pMemory, nMemorySize, nFlags); 101 | } 102 | 103 | LIB_SOURCE_EXPORT void DIE_FreeMemoryA(char *pszString) 104 | { 105 | DIE_lib().freeMemoryA(pszString); 106 | } 107 | 108 | LIB_SOURCE_EXPORT void DIE_FreeMemoryW(wchar_t *pwszString) 109 | { 110 | DIE_lib().freeMemoryW(pwszString); 111 | } 112 | #ifdef Q_OS_WIN32 113 | LIB_SOURCE_EXPORT int __stdcall DIE_VB_ScanFile(wchar_t *pwszFileName, unsigned int nFlags, wchar_t *pwszDatabase, wchar_t *pwszBuffer, int nBufferSize) 114 | { 115 | return DIE_lib().VB_ScanFile(pwszFileName, nFlags, pwszDatabase, pwszBuffer, nBufferSize); 116 | } 117 | #endif 118 | #ifdef Q_OS_WIN32 119 | LIB_SOURCE_EXPORT int __stdcall DIE_VB_ScanFileCallback(wchar_t *pwszFileName, unsigned int nFlags, wchar_t *pwszDatabase, wchar_t *pwszBuffer, int nBufferSize, 120 | DIE_VB_CALLBACK pfnCallback) 121 | { 122 | return DIE_lib().VB_ScanFileCallback(pwszFileName, nFlags, pwszDatabase, pwszBuffer, nBufferSize, pfnCallback); 123 | } 124 | #endif 125 | 126 | #ifdef __cplusplus 127 | } 128 | #endif 129 | 130 | DIE_lib::DIE_lib() 131 | { 132 | #ifndef QT_DEBUG 133 | qputenv("QT_LOGGING_RULES", "qt.*=false"); 134 | #endif 135 | std::lock_guard scope_guard(QCoreAppDLL::pApp_mutex); 136 | if (!QCoreAppDLL::pApp) { 137 | QCoreAppDLL::pApp = std::shared_ptr(new QCoreApplication(QCoreAppDLL::argc, QCoreAppDLL::argv), StaticDeletePointer); 138 | } 139 | 140 | m_App = QCoreAppDLL::pApp; 141 | 142 | if (!g_pDieScript) { 143 | g_pDieScript = new DiE_Script; 144 | } 145 | // QCoreAppDLL::pApp->exec(); 146 | } 147 | 148 | DIE_lib::~DIE_lib() 149 | { 150 | } 151 | 152 | DiE_Script *DIE_lib::g_pDieScript = nullptr; 153 | 154 | char *DIE_lib::scanFileA(char *pszFileName, unsigned int nFlags, char *pszDatabase) 155 | { 156 | QString sResult = _scanFile(pszFileName, nFlags, pszDatabase); 157 | 158 | QByteArray baResult = sResult.toUtf8(); 159 | 160 | char *bBuffer = new char[baResult.size() + 1]; 161 | 162 | XBinary::_copyMemory(bBuffer, baResult.data(), baResult.size()); 163 | bBuffer[baResult.size()] = 0; 164 | 165 | return bBuffer; 166 | } 167 | 168 | wchar_t *DIE_lib::scanFileW(wchar_t *pwszFileName, unsigned int nFlags, wchar_t *pwszDatabase) 169 | { 170 | QString sResult = _scanFile(XBinary::_fromWCharArray(pwszFileName, -1), nFlags, XBinary::_fromWCharArray(pwszDatabase, -1)); 171 | 172 | wchar_t *bBuffer = new wchar_t[sResult.size() + 1]; 173 | 174 | XBinary::_toWCharArray(sResult, bBuffer); 175 | 176 | return bBuffer; 177 | } 178 | 179 | char *DIE_lib::scanMemoryA(char *pMemory, int nMemorySize, unsigned int nFlags, char *pszDatabase) 180 | { 181 | QString sResult = _scanMemory(pMemory, nMemorySize, nFlags, pszDatabase); 182 | 183 | QByteArray baResult = sResult.toUtf8(); 184 | 185 | char *pBuffer = new char[baResult.size() + 1]; 186 | 187 | XBinary::_copyMemory(pBuffer, baResult.data(), baResult.size()); 188 | pBuffer[baResult.size()] = 0; 189 | 190 | return pBuffer; 191 | } 192 | 193 | wchar_t *DIE_lib::scanMemoryW(char *pMemory, int nMemorySize, unsigned int nFlags, wchar_t *pwszDatabase) 194 | { 195 | QString sResult = _scanMemory(pMemory, nMemorySize, nFlags, XBinary::_fromWCharArray(pwszDatabase, -1)); 196 | 197 | int nSize = (sResult.size() + 1) * 2; 198 | 199 | char *pBuffer = new char[nSize]; 200 | 201 | sResult.toWCharArray((wchar_t *)pBuffer); 202 | 203 | return (wchar_t *)pBuffer; 204 | } 205 | 206 | int DIE_lib::loadDatabaseA(char *pszDatabase) 207 | { 208 | return _loadDatabase(pszDatabase); 209 | } 210 | 211 | int DIE_lib::loadDatabaseW(wchar_t *pwszDatabase) 212 | { 213 | return _loadDatabase(XBinary::_fromWCharArray(pwszDatabase, -1)); 214 | } 215 | 216 | char *DIE_lib::scanFileExA(char *pszFileName, unsigned int nFlags) 217 | { 218 | QString sResult = _scanFileEx(pszFileName, nFlags); 219 | 220 | QByteArray baResult = sResult.toUtf8(); 221 | 222 | char *bBuffer = new char[baResult.size() + 1]; 223 | 224 | XBinary::_copyMemory(bBuffer, baResult.data(), baResult.size()); 225 | bBuffer[baResult.size()] = 0; 226 | 227 | return bBuffer; 228 | } 229 | 230 | wchar_t *DIE_lib::scanFileExW(wchar_t *pwszFileName, unsigned int nFlags) 231 | { 232 | QString sResult = _scanFileEx(XBinary::_fromWCharArray(pwszFileName, -1), nFlags); 233 | 234 | wchar_t *bBuffer = new wchar_t[sResult.size() + 1]; 235 | 236 | XBinary::_toWCharArray(sResult, bBuffer); 237 | 238 | return bBuffer; 239 | } 240 | 241 | char *DIE_lib::scanMemoryExA(char *pMemory, int nMemorySize, unsigned int nFlags) 242 | { 243 | QString sResult = _scanMemoryEx(pMemory, nMemorySize, nFlags); 244 | 245 | QByteArray baResult = sResult.toUtf8(); 246 | 247 | char *pBuffer = new char[baResult.size() + 1]; 248 | 249 | XBinary::_copyMemory(pBuffer, baResult.data(), baResult.size()); 250 | pBuffer[baResult.size()] = 0; 251 | 252 | return pBuffer; 253 | } 254 | 255 | wchar_t *DIE_lib::scanMemoryExW(char *pMemory, int nMemorySize, unsigned int nFlags) 256 | { 257 | QString sResult = _scanMemoryEx(pMemory, nMemorySize, nFlags); 258 | 259 | int nSize = (sResult.size() + 1) * 2; 260 | 261 | char *pBuffer = new char[nSize]; 262 | 263 | sResult.toWCharArray((wchar_t *)pBuffer); 264 | 265 | return (wchar_t *)pBuffer; 266 | } 267 | 268 | void DIE_lib::freeMemoryA(char *pszString) 269 | { 270 | delete[] pszString; 271 | } 272 | 273 | void DIE_lib::freeMemoryW(wchar_t *pwszString) 274 | { 275 | delete[] pwszString; 276 | } 277 | #ifdef Q_OS_WIN32 278 | int DIE_lib::VB_ScanFile(wchar_t *pwszFileName, unsigned int nFlags, wchar_t *pwszDatabase, wchar_t *pwszBuffer, int nBufferSize) 279 | { 280 | int nResult = 0; 281 | 282 | QString sResult = _scanFile(XBinary::_fromWCharArray(pwszFileName, -1), nFlags, XBinary::_fromWCharArray(pwszDatabase, -1)); 283 | 284 | if (sResult.size() < nBufferSize) { 285 | XBinary::_toWCharArray(sResult, pwszBuffer); 286 | nResult = sResult.size(); 287 | } 288 | 289 | return nResult; 290 | } 291 | #endif 292 | #ifdef Q_OS_WIN32 293 | int DIE_lib::VB_ScanFileCallback(wchar_t *pwszFileName, unsigned int nFlags, wchar_t *pwszDatabase, wchar_t *pwszBuffer, int nBufferSize, DIE_VB_CALLBACK pfnCallback) 294 | { 295 | int nResult = 0; 296 | 297 | QString sFileName = XBinary::_fromWCharArray(pwszFileName, -1); 298 | QString sDatabase = XBinary::_fromWCharArray(pwszDatabase, -1); 299 | 300 | XScanEngine::SCAN_OPTIONS scanOptions = XScanEngine::getDefaultOptions(nFlags); 301 | scanOptions.scanEngineCallback = _scanEngineCallback; 302 | scanOptions.pUserData = pfnCallback; 303 | 304 | DiE_Script dieScript; 305 | 306 | dieScript.loadDatabase(sDatabase, DiE_ScriptEngine::DT_MAIN); 307 | 308 | XScanEngine::SCAN_RESULT scanResult = dieScript.scanFile(sFileName, &scanOptions); 309 | ScanItemModel model(&scanOptions, &(scanResult.listRecords), 1); 310 | 311 | QString sResult = model.toString(); 312 | 313 | if (sResult.size() < nBufferSize) { 314 | XBinary::_toWCharArray(sResult, pwszBuffer); 315 | nResult = sResult.size(); 316 | } 317 | 318 | return nResult; 319 | } 320 | #endif 321 | bool DIE_lib::_loadDatabase(QString sDatabase) 322 | { 323 | bool bResult = false; 324 | 325 | if (g_pDieScript) { 326 | bResult = g_pDieScript->loadDatabase(sDatabase, DiE_ScriptEngine::DT_MAIN); 327 | } 328 | 329 | return bResult; 330 | } 331 | 332 | QString DIE_lib::_scanFileEx(QString sFileName, quint32 nFlags) 333 | { 334 | XScanEngine::SCAN_OPTIONS scanOptions = XScanEngine::getDefaultOptions(nFlags); 335 | 336 | DiE_Script dieScript = *g_pDieScript; 337 | 338 | XScanEngine::SCAN_RESULT scanResult = dieScript.scanFile(sFileName, &scanOptions); 339 | ScanItemModel model(&scanOptions, &(scanResult.listRecords), 1); 340 | 341 | return model.toString(); 342 | } 343 | 344 | QString DIE_lib::_scanMemoryEx(char *pMemory, int nMemorySize, quint32 nFlags) 345 | { 346 | XScanEngine::SCAN_OPTIONS scanOptions = XScanEngine::getDefaultOptions(nFlags); 347 | 348 | DiE_Script dieScript = *g_pDieScript; 349 | 350 | XScanEngine::SCAN_RESULT scanResult = dieScript.scanMemory(pMemory, nMemorySize, &scanOptions); 351 | ScanItemModel model(&scanOptions, &(scanResult.listRecords), 1); 352 | 353 | return model.toString(); 354 | } 355 | 356 | QString DIE_lib::_scanFile(QString sFileName, quint32 nFlags, QString sDatabase) 357 | { 358 | XScanEngine::SCAN_OPTIONS scanOptions = XScanEngine::getDefaultOptions(nFlags); 359 | DiE_Script dieScript; 360 | 361 | dieScript.loadDatabase(sDatabase, DiE_ScriptEngine::DT_MAIN); 362 | 363 | XScanEngine::SCAN_RESULT scanResult = dieScript.scanFile(sFileName, &scanOptions); 364 | ScanItemModel model(&scanOptions, &(scanResult.listRecords), 1); 365 | 366 | return model.toString(); 367 | } 368 | 369 | QString DIE_lib::_scanMemory(char *pMemory, int nMemorySize, quint32 nFlags, QString sDatabase) 370 | { 371 | XScanEngine::SCAN_OPTIONS scanOptions = XScanEngine::getDefaultOptions(nFlags); 372 | DiE_Script dieScript; 373 | 374 | dieScript.loadDatabase(sDatabase, DiE_ScriptEngine::DT_MAIN); 375 | 376 | XScanEngine::SCAN_RESULT scanResult = dieScript.scanMemory(pMemory, nMemorySize, &scanOptions); 377 | ScanItemModel model(&scanOptions, &(scanResult.listRecords), 1); 378 | 379 | return model.toString(); 380 | } 381 | --------------------------------------------------------------------------------