C# protection, packer, and archive scanning library. This currently compiles as a library so it can be used in any C# application. Two reference applications called ProtectionScan
and ExtractionTool
are also included to demonstrate the abilities of the library. For an example of a program implementing the library, see MPF.
The following non-project libraries (or ports thereof) are used for file handling:
The following projects have influenced this library:
Please visit our sibling project, DRML, the DRM Library for a more in-depth look at some of the protections detected.
For the most recent stable build, download the latest release here: Releases Page
For the latest WIP build here: Rolling Release
NOTE: If you used the executable information printing functionality in previous releases, that has been extracted as a separate program and included in the SabreTools.Serialization repository. It was formerly included there as a reference program but has since been renamed to InfoPrint. This was done to ensure that the latest information printing would be available instead of waiting for it to bubble up to BinaryObjectScanner.
Binary Object Scanner strives to have both full compatibility for scanning across .NET versions as well as across OSes. Unfortunately, this is not always the case. Please see the below list for known compatibility issues.
SharpCompress
support limitationsSharpCompress
support limitationsSharpCompress
support limitationsOpenMcdf
support limitationsSharpCompress
support limitationsSharpCompress
support limitationsSharpCompress
support limitationsBelow is a list of protections detected by BinaryObjectScanner. The two columns explain what sort of checks are performed to determine how the protection is detected. Generally speaking, it's better to have a content check than a path check.
Protection Name | Content Check | Path Check | Notes |
---|---|---|---|
3PLock | True | False | |
321Studios Online Activation | True | False | |
ActiveMARK | True | False | Version 5 unconfirmed²; version finding incomplete |
AegiSoft License Manager | True | True | |
Alpha-DVD | False | True | Unconfirmed¹ |
Alpha-ROM | True | False | |
Armadillo | True | False | |
Bitpool | False | True | |
ByteShield | True | True | |
C-Dilla License Management Solution / CD-Secure / CD-Compress | True | True | |
Cactus Data Shield | True | True | |
CD-Cops / DVD-Cops | True | True | Partially unconfirmed² |
CD-Guard | True | True | |
CD-Lock | True | True | |
CD-Protector | False | True | |
CD-X | False | True | Unconfirmed¹ |
CDSHiELD SE | True | False | |
Cenga ProtectDVD | True | True | |
Channelware | True | True | Version finding and detection of later versions unimplemented |
ChosenBytes CodeLock | True | True | Partially unconfirmed² |
copy-X | True | True | |
CopyKiller | True | True | |
CopyLok/CodeLok | True | False | |
CrypKey | True | True | |
Cucko (EA Custom) | True | False | Does not detect all known cases |
Denuvo Anti-Cheat/Anti-Tamper | True | True | |
DigiGuard | True | True | |
Dinamic Multimedia Protection/LockBlocks | False | True | LockBlocks needs manual confirmation of the presence of 2 rings |
DiscGuard | True | True | Partially unconfirmed² |
DVD-Movie-PROTECT | False | True | Unconfirmed¹ |
DVD Crypt | False | True | Unconfirmed¹ |
EA Anti Cheat | True | True | |
EA Protections | True | False | Including EA CDKey and EA DRM. |
Easy Anti-Cheat | True | True | |
Engine32 | True | False | |
True | False | Disabled due to overly-broad checks | |
Executable-Based Online Registration | True | False | Possibly too broad |
Freelock | False | True | |
Games for Windows - Live | True | True | |
Gefest Protection System | True | False | |
Hexalock AutoLock | True | True | |
Impulse Reactor / Stardock Product Activation | True | True | |
IndyVCD | False | True | Unconfirmed¹ |
INTENIUM Trial & Buy Protection | True | False | |
JoWood X-Prot (v1/v2) / Xtreme-Protector | True | False | |
Kalypso Launcher | True | True | |
True | True | Existing checks found to actually be indicators of OpenMG, not key2Audio specifically. | |
Key-Lock (Dongle) | True | False | Unconfirmed¹ |
LabelGate CD | True | True | Currently only LabelGate CD2 is detected. |
LibCrypt | True | False | Separate subfile scan only |
LaserLok | True | True | |
MediaCloQ | True | True | |
MediaMax CD3 | True | True | |
MGI Registration | True | False | |
NEAC Protect | True | True | |
nProtect GameGuard | True | True | |
nProtect KeyCrypt | True | True | |
OpenMG | True | True | |
Origin | True | True | |
phenoProtect | False | False | Text file check only |
PlayJ | True | True | |
ProtectDISC / VOB ProtectCD/DVD | True | True | |
Protect DVD-Video | False | True | Unconfirmed¹ |
PlayStation Anti-modchip | True | False | En/Jp, not "Red Hand"; PSX executables only |
Rainbow Sentinel | True | True | |
RealArcade | True | True | |
Ring PROTECH / ProRing | True | True | Partially unconfirmed² |
RipGuard | True | True | Partially unconfirmed² |
Roxxe | True | False | |
SafeDisc / SafeCast | True | True | Can't distinguish between some versions of SafeDisc and SafeCast |
SafeLock | False | True | |
SecuROM | True | True | v8.x and White Label detected partially² |
SmartE | True | True | |
SoftLock | True | True | |
SolidShield | True | True | Some Wrapper v1 not detected² |
StarForce | True | False | Partially unconfirmed², commented out issue with protect.exe false positives |
Steam | True | True | |
SVKP (Slovak Protector) | True | True | |
Sysiphus / Sysiphus DVD | True | False | |
TAGES | True | True | Partially unconfirmed² |
Themida/WinLicense/Code Virtualizer | True | False | Only certain products/versions currently detected |
False | True | Existing checks found to actually be indicators of copy-X, rather than some Tivola-specific ring protection. | |
TZCopyProtection | False | True | Partially unconfirmed² |
Uplay | True | True | |
Windows Media Data Session DRM | True | True | |
Winlock | False | True | |
WTM CD Protect | True | True | |
XCP | True | True | |
Zzxzz | False | True |
¹ - This means that I have not obtained one or more samples to ensure that either the original check from BurnOut or information found online is correct.
² - This is the same as ¹, but only for a subset of the checks.
Below is a list of executable packers detected by BinaryObjectScanner. The three columns explain what sort of checks are performed to determine how the protection is detected as well as if the contents can be extracted.
Protection Name | Content Check | Path Check | Extractable | Notes |
---|---|---|---|---|
.NET Reactor | Yes | No | No | |
7-zip SFX | Yes | No | Yes | |
Advanced Installer / Caphyon Advanced Installer | Yes | No | No | |
ASPack | Yes | No | No | |
AutoPlay Media Studio | Yes | No | No | |
CExe | Yes | No | Yes | |
dotFuscator | Yes | No | No | |
Embedded Archive | Yes | No | Yes | Not technically a packer |
Embedded Executable | Yes | No | Yes | Not technically a packer |
EXE Stealth | Yes | No | No | |
Gentee Installer | Yes | No | No | |
HyperTech CrackProof | Yes | No | No | |
Inno Setup | Yes | No | No | |
InstallAnywhere | Yes | No | No | |
Installer VISE | Yes | No | No | |
Intel Installation Framework | Yes | No | No | |
Microsoft CAB SFX | Yes | No | No | |
NeoLite | Yes | No | No | Only confirmed to detect version 2.X |
NSIS | Yes | No | No | |
PECompact | Yes | No | No | |
PEtite | Yes | No | No | |
Setup Factory | Yes | No | No | |
Shrinker | Yes | No | No | |
UPX and UPX (NOS Variant) | Yes | No | No | |
WinRAR SFX | Yes | No | Yes | |
WinZip SFX | Yes | No | Yes | |
WISE Installer | Yes | No | Yes |
Below is a list of game engines detected by BinaryObjectScanner. The two columns explain what sort of checks are performed to determine how the protection is detected. Generally speaking, it's better to have a content check than a path check.
Protection Name | Content Check | Path Check | Notes |
---|---|---|---|
RenderWare | Yes | No |
Below is a list of container formats that are supported in some way:
Format Name | Information Printing | Detection | Extraction | Notes |
---|---|---|---|---|
7-zip archive | No | Yes | Yes | Via SharpCompress |
AACS Media Key Block | Yes | Yes | N/A | BluRay and HD-DVD variants detected |
BD+ SVM | Yes | Yes | N/A | |
BFPK custom archive format | Yes | Yes | Yes | |
bzip2 archive | No | Yes | Yes | Via SharpCompress |
Compound File Binary (CFB) | Yes* | Yes | Yes | Via OpenMcdf , only CFB common pieces printable |
gzip archive | No | Yes | Yes | Via SharpCompress |
Half-Life Game Cache File (GCF) | Yes | Yes | Yes | |
Half-Life Level (BSP) | Yes | Yes | Yes | |
Half-Life Package File (PAK) | Yes | Yes | Yes | |
Half-Life Texture Package File (WAD3) | Yes | Yes | Yes | |
Half-Life 2 Level (VBSP) | Yes | Yes | Yes | |
INI configuration file | No | No | No | Used in other detections currently |
InstallShield Archive V3 (Z) | No | Yes | Yes | Via UnshieldSharp |
InstallShield CAB | Yes | Yes | Yes | Via UnshieldSharp |
Linear Executable | No | No | No | Skeleton only |
Link Data Security encrypted file | No | Yes | No | |
Microsoft cabinet file | Yes | Yes | Yes* | Via libmspack4n , Windows x86 only, .NET Framework 4.5.2 and above |
Microsoft LZ-compressed files | No | Yes | Yes | |
MoPaQ game data archive (MPQ) | No | Yes | Yes* | Via StormLibSharp , Windows x86 only, .NET Framework 4.5.2 and above |
MS-DOS Executable | Yes | Yes | No | Incomplete |
New Exectuable | Yes | Yes | No | Incomplete |
Nintendo 3DS cart image | Yes | Yes | No | |
Nintendo CIA archive | Yes | Yes | No | |
Nintendo DS/DSi cart image | Yes | Yes | No | |
NovaLogic Game Archive Format (PFF) | Yes | Yes | Yes | |
PKZIP and derived files (ZIP, etc.) | No | Yes | Yes | Via SharpCompress |
PlayJ audio file (PLJ) | Yes* | Yes | No | Undocumented file format, many fields printed |
Portable Executable | Yes | Yes | No* | Some packed executables are supported |
Quantum archive (Q) | Yes | No | No | |
RAR archive (RAR) | No | Yes | Yes | Via SharpCompress |
SGA game archive | Yes | Yes | Yes | |
StarForce Filesystem file (SFFS) | No | Yes | No | Skeleton only |
Tape archive (TAR) | No | Yes | Yes | Via SharpCompress |
Valve Package File (VPK) | Yes | Yes | Yes | |
XBox Package File (XZP) | Yes | Yes | Yes | |
xz archive (XZ) | No | Yes | Yes | Via SharpCompress |
Contributions to the project are welcome. Please follow the current coding styles and please do not add any keys or legally dubious things to the code. Thank you to all of the testers, particularly from the MPF project who helped get this rolling.
I want to give a special thanks to TheRogueArchivist who has gone above and beyond helping both fix existing checks as well as add new ones.