horsicq / die-engine Goto Github PK

DIE engine

License: MIT License

QMake 25.61% Batchfile 8.25% C++ 44.18% C 1.31% Shell 12.22% Dockerfile 0.32% M4 1.18% CMake 6.92%

binary-analysis disassembler elf entropy hacktoberfest hacktoberfest22 program-analysis reverse-engineering signature unpacker yara

die-engine's Introduction

About Me

C/C++
Python
Assembler
Reverse engineering

🔭 I’m currently working on https://github.com/horsicq/Detect-It-Easy

🌱 I’m currently learning: ELF

🤔 I’m looking for help with translation:

📫 How to reach me: e-mail: [email protected] TG: @horsicq Twitter: @horsicq

My current projects:

Detect It Easy is a program for determining types of files for Windows, Linux and MacOS.
XAPKDetector is Android/APK/DEX detector for Windows, Linux and MacOS.
XOpcodeCalc is Opcode calculator for Windows, Linux and MacOS.
PDBRipper is an utility for extract an information from PDB-files for Windows.
XNTSV is a program for detailed viewing of system structures for Windows.
XELFViewer is a ELF file viewer/editor for Windows, Linux and MacOS.
XPEViewer is a PE file viewer/editor for Windows, Linux and MacOS.
XMachOViewer is a MachO file viewer/editor for Windows, Linux and MacOS.
Nauz File Detector is a portable linker/compiler/packer identifier utility for Windows, Linux and MacOS.
x64dbg Plugin Manager for Windows.
Plugin for x64dbg: Strings
Plugin for x64dbg: Linker/Compiler/Tool detector.
Plugin for x64dbg: PE viewer.

Special Thanks

PELock Software Protection & Reverse Engineering

die-engine's People

Contributors

Stargazers

Watchers

Forkers

hypn0chka changbiao wyrover milesbench ferventcoder backtrackcroot shib79 ezhangle isbtech yang123vc azispratama92 idone charygao alxchk nevinhappy fjh658 0spar brucehe1026 peterg75 sandsmark yahohao techlord-rce shiftwinting ohmygodlin xdnice kufan crazywolf2014 thiagoolmarques primekun sun221 dekoder asuralove woozoo86 labsrs-ref ming-hai zhxhdreams struce2 obaby ucifs tarekali asdlei99 progray y11en yizhimanpadewoniu haidragon wgwjifeng robot0x agileehsan pombredanne emtee40 guai0212 lsj8924 vamuvetv ccliuyang kulim13 zanzo420 spnow bks1000 shield-endpoint scitxw sunjini modulexcite reversetools hex55 nh-live arcanedr pynpy xiaoshzx jimpeter521 raimundojimenez 3453-315h goofwear besimbicer89 formylover revspbird en1s0o lfyg mycopy wolingzong zevfung adam84luong feygon exgile a-u-k-r-e-i-z-i fcccode nogas cybertoxin midi-in asuradoll leejh1994 sneak71 jeffli678 julien-addrea empty2081 jilvan1234 xhackff xhackin9 dotkt ryanbekabe panli77

die-engine's Issues

Unable to run static scan on in-memory data

With the following code:

            SpecAbstract::SCAN_OPTIONS pScanOptions = {};
            QFile file(sFileName);
            if (!file.open(QIODevice::ReadOnly)) {
              return;
            }
            QByteArray fileContents = file.readAll();
            file.close();

            SpecAbstract::SCAN_RESULT scanResult = StaticScan::processMemory(fileContents.data(), fileContents.size(), &pScanOptions);
            for (int i = 0; i < scanResult.listRecords.size(); ++i) {
              qDebug("(%d) (%s) (%s)", i,
                     scanResult.listRecords[i].sInfo.toLatin1().data(),
                     SpecAbstract::recordNameIdToString(scanResult.listRecords[i].name).toLatin1().data());
            }

I get the following output:

QIODevice::seek (QBuffer): The device is not open
QIODevice::seek (QBuffer): The device is not open
QIODevice::seek (QBuffer): The device is not open
QIODevice::seek (QBuffer): The device is not open
QIODevice::seek (QBuffer): The device is not open
QIODevice::seek (QBuffer): The device is not open
QIODevice::seek (QBuffer): The device is not open
QIODevice::seek (QBuffer): The device is not open
QIODevice::seek (QBuffer): The device is not open
QIODevice::seek (QBuffer): The device is not open
QIODevice::seek (QBuffer): The device is not open
QIODevice::seek (QBuffer): The device is not open
QIODevice::seek (QBuffer): The device is not open
QIODevice::seek (QBuffer): The device is not open
QIODevice::seek (QBuffer): The device is not open
QIODevice::seek (QBuffer): The device is not open (repeated many more times)
(0) () (Unknown)

However, with the following:

            SpecAbstract::SCAN_OPTIONS pScanOptions = {};
            SpecAbstract::SCAN_RESULT scanResult = {};
            StaticScan staticScan;
            staticScan.setData(sFileName, &pScanOptions, &scanResult);
            staticScan.process();
            staticScan.stop();

            for (int i = 0; i < scanResult.listRecords.size(); ++i) {
              qDebug("(%d) (%s) (%s)", i,
                     scanResult.listRecords[i].sInfo.toLatin1().data(),
                     SpecAbstract::recordNameIdToString(scanResult.listRecords[i].name).toLatin1().data());
            }

I get

Import hash: 6dc0ba9c9 1a6ff5f
KERNEL32.DLL LoadLibraryA
KERNEL32.DLL GetProcAddress
KERNEL32.DLL VirtualProtect
KERNEL32.DLL VirtualAlloc
KERNEL32.DLL VirtualFree
KERNEL32.DLL ExitProcess
advapi32.dll RegCloseKey
comctl32.dll ImageList_Add
gdi32.dll SaveDC
oleaut32.dll VariantCopy
user32.dll GetDC
version.dll VerQueryValueA
=====================================================================
Import hash: 7bc87a20
KERNEL32.DLL LoadLibraryA
KERNEL32.DLL GetProcAddress
KERNEL32.DLL VirtualProtect
KERNEL32.DLL VirtualAlloc
KERNEL32.DLL VirtualFree
KERNEL32.DLL ExitProcess
Import hash: 6e41b036
advapi32.dll RegCloseKey
Import hash: 4024bd8d
comctl32.dll ImageList_Add
Import hash: b6bee3d3
gdi32.dll SaveDC
Import hash: f6fecd5
oleaut32.dll VariantCopy
Import hash: 3ca3511b
user32.dll GetDC
Import hash: 6b623ce5
version.dll VerQueryValueA
SIGNATURE SCAN: Linker: Turbo linker()[]
SIGNATURE SCAN: Packer: UPX(0.81-3.81+)[exe]
SIGNATURE SCAN: Packer: Generic()[]
SIGNATURE SCAN: Certificate: Windows Authenticode(2.0)[PKCS #7]
CONST SCAN: Packer: UPX(2.90-3.XX)[exe]
CONST SCAN: Packer: NsPack()[]
RESOURCES SCAN: Library: Visual Component Library()[]
QSet()
(0) (I386, 32-bit, GUI) (Windows)
(1) () (Turbo linker)
(2) () (Borland Object Pascal(Delphi))
(3) () (Object Pascal(Delphi))
(4) () (Visual Component Library)
(5) () (Borland Delphi)
(6) (PKCS #7) (Windows Authenticode)
(7) (NRV2E_LE32,brute) (UPX)

Now my C++ may not be the sharpest but I would expect the same results for both approaches. Is there something I'm doing wrong?

Search for printable strings

What is the option (if any?) to search only for real, printable strings?

for the moment tools searches some strange strings, eg:

what?

Edit build_console_lin.sh: Set PATH for QMAKE

run build_console_lin.sh ( bash -x build_console_lin.sh )

What's it? you can write normal documentation not for aliens

Create release source code with full submodules's source

Hello! I should create this issue long time ago but i forgot about this.
Debian packaging has a tool called uscan which allows maintainer download new release's source code from github to build new version. However, it doesn't have something like git clone --recursive to get all source code from all submodules. So it would be nice if you can do that in next release.

More metadata in command line output

Would it be possible to add more metadata to the output of diec.sh? In particular, it would be great if the "Type" field (from the GUI) was added so we could see, for example, that a PE is of type GUI or DLL.

Building 64bit version from source does not contain the executables

I have been trying to build the application from source but for some reason I am unable to get the exes created so far only this gets added to the zip file:

Qt5Core.dll
Qt5Gui.dll
Qt5Network.dll
Qt5OpenGL.dll
Qt5Script.dll
Qt5ScriptTools.dll
Qt5Svg.dll
Qt5Widgets.dll
db
imageformats
info
lang
listoffiles.txt
msvcp140.dll
msvcp140_1.dll
platforms
qss
vcruntime140.dll
vcruntime140_1.dll

Running the script for the win_64bit version ends up creating a zip file with no executable. I am using VS Community 2019, QT 5.15.2, and 7 zip. The scripts have the variables set correctly as well, not sure what could be causing this or where to look.

Die corrupts input binary when working with overlay

Used this tool:

Opened some exe inside it
Clicked "Overlay" button
CTRL+A
CTRL+D
save

Result: input file is corrupted, saved file is different after each save

Expected behaviour:

input file stays same
overlay file written in correct way

Input file:
test1.zip

Import/export display error

vs later export function name supports UTF-8.

TestDLL.zip
export name: u8"Test😂测试" Hex:"54657374F09F9882E6B58BE8AF95"

Strings filter is slow in case you have 100K lines

In case your binary has 100 000 strings the searchbox edit works prerry slow...
It takes seconds between type in new char and then filter out

Proposal is to either do general speed up or 2nd option - filter strings only after user stops type in the chars...

Test provided on Win7x64, DiE ver 3.06 (latest release to the moment)

Visual Studio 2019 16.6.0 error C2039

in new update Visual Studio 2019 16.6.0 compiler gives error

DIE-engine/die_source/scan.cpp

Line 200 in 7811e53

nfd_options.bRecursive=pOptions->bScanRecursiveNFD;

..\scan.cpp(200): error C2039: "bRecursive": is not a member of "SpecAbstract::SCAN_OPTIONS".

there was no error in the previous version Visual Studio 2019 16.5.5

Please release appimage

An .appimage as one file would be good to have.
Also it might solve the dependency problem on Ubuntu 18

Feature request: imphash for Import hash in hash widget

Just like the title, i think import hash can be useful sometime and it worth to be at Hash widget :D

Lead a broken heart an let the engine die. GO

Originally posted by @GetWithTheProgram in ChAlIg/I-dont-belong-here#1

Update issue: 201-> 202

Check for update lead to this page: http://ntinfo.biz/index.php/detect-it-easy

and it shows :

Forbidden
You don't have permission to access /index.php/detect-it-easy on this server.
Server unable to read htaccess file, denying access to be safe

Additionally, a 403 Forbidden error was encountered while trying to use an ErrorDocument to handle the request.

Search for strings window issue

While playing with strings searching window I"ve encountered some strange issue
if you leave just "C Strings" after some previous search - it ignores your request and does nothing

Please validate that this checkbox is active or maybe it depends on other checkboxes?

Limit of 50000 strings

There is a very annoying error box when searching for Strings, eg:

I propose either to remove it out completely
or
2) add an option into Settings dialog.

what if for some reason I need ALL the strings out of binary...

Missing libQt5OpenGL.so.5 on Ubuntu 20.04

Running die.sh on Ubuntu 20.04 results in:

./base/die: error while loading shared libraries: libQt5OpenGL.so.5: cannot open shared object file: No such file or directory

Running sudo apt install libqt5opengl5 takes care of the problem. Perhaps you can bundle the missing library?

Thanks!

MacOS Language not Changing

When I open up DIE on MacOS, it only is in Chinese. I've tried to change it in settings; however, it doesn't change.

I just opened it up for the first time on my Mac. See screenshot.
I try changing the language to English. See screenshot.
I restarted the app, and it didn't change. see screenshot.

build_mac only builds debug apps but refers to release versions

How do I control this behaviour?

sh build_mac.sh attempts to build a debug version, but many things fail because the script (and some other dependencies) are hard-coded for the release version.

How Can I Unpack?!

HI, I have an .exe file that your app detected it is packed as below:

PE: protector: SafeNet Sentinel LDK(-)[-]
PE: compiler: Borland Delphi(-)[-]
PE: linker: Turbo Linker(2.25*,Delphi)[EXE32,signed]

How can I unpack it?!

Thank you

Missing xpdf.h

Commit: 99d20cdafeaf37bbc42c27eac52350b11266922f in Formats/

In file included from ../die-source/SpecAbstract/specabstract.h:34,
                 from ../die-source/SpecAbstract/specabstract.cpp:21:
../die-source/Formats/xformats.h:37:10: fatal error: xpdf.h: No such file or directory
 #include "xpdf.h"
          ^~~~~~~~
compilation terminated.

Version 3.02 does not open in macOS 11.3.1

Hey there,

When opening version 3.02 in macOS 11.3.1 I am greeted with the following error:

The problem happens with the dmg as well as zip asset. Version 3.01 however, works just fine.

Thanks for all the hard work with this excellent tool.

Sorting by percentage is wrong

It seems to be sorted by string instead of float

Crypto pattern searching looks very slow

on big files (50-100 MB) it took very long time to scan for crypto sigs...

questions:
does the tool use multi-threads to speed up the search?
what kind of algo does it use to search sigs
does it use any of the industrial mentioned here https://en.wikipedia.org/wiki/String-searching_algorithm
eg: Boyer–Moore

I understand the term "slow" is very relative, but even on my modern machine (multicore, multi threaded) it takes 5..10 minutes to complete this action)

Purebasic Compiler information missing

portable sample:
https://www.horstmuc.de/win64/qsel64.zip

die_win32_portable_3.00.zip is reported as trojan

When scanning die_win32_portable_3.00.zip Widows defender on Win 10 2004 reports Trojan:Win32/Wacatac.C!ml in die_win32_portable/die.exe

die_win32_portable_2.05.zip doesn't report any trojan

DIEC_mac -database specification

I am running DIEC_mac and can only make it read the db when the db is in the CWD as the DIEC_mac binary. I have tried as many ways as I can think of to specify the db path using the -database option and it never works. Please advise, examples below:

DIEC_mac * -database:/Volumes/BIGSTORE/development/Detect-It-Easy/
DIEC_mac * -database:/Volumes/BIGSTORE/development/Detect-It-Easy/db/*
DIEC_mac * -database:/Volumes/BIGSTORE/development/Detect-It-Easy/db

always with the same results, note the Invalid Signatures Database... maybe I am missing something simple...

Number of files: 3

PE: Nothing found PE: Nothing found PE: Nothing found Invalid signatures database! Please download signatures from https://github.com/horsicq/Detect-It-Easy/tree/master/db and put it to the application path.

Close button not working in MIME section. Requests.

Problem: When the mime button is pressed, the "close" button function does not work.
Request 1: Text search box in Hex property can be added.
Request 2: Byte per line option can be added in Hex section.
OS: Windows 10 2004 build.
DIE Version: 3.01b

Console version improvements

Console version or diec has only some basic functionality in comparison to GUI version
IMO, needs improvements to match GUI version.

diec -de mydll.dll
Total 7.7776: packed
0|PE Header|0|4096|6.83707: packed
1|Section(1)['UPX1']|1024|465920|7.79049: packed
2|Section(2)['.rsrc']|466944|5120|4.47426: not packed
3|Overlay|472064|512|0.156521: not packed

[Request] AppImage Version Command line Argument

Can you please add a command line argument like -v output v3.02 to quickly show the current version from the terminal.
Thanks

What Linux OS is the prebuilt package is for?

asking as it can't run @ubuntu 16.04:

./stuff/die: /lib/x86_64-linux-gnu/libm.so.6: version `GLIBC_2.27' not found (required by ./stuff/die)

Issues with URL links in About window

these 2 having issues...

created PR to mitigate the issue
#49

Linker unknown

NFD is more verbose:

sample:
https://github.com/FreeTubeApp/FreeTube

Column is fixed in Memory Map

Minor issue - please add column movier into the Memory Map dialog:

sometimes section names are long and they are printed as "..." - no very convenient not having option to wider the column!

./configure does not honor the prefix

If I run

./configure --prefix=/opt/root
make install -j$(nproc)

I get this output:

cd build_libs/ && ( test -e Makefile || /usr/lib64/qt5/bin/qmake -o Makefile /home/user/Programming/updater/DIE-engine/build_libs/build_libs.pro -spec linux-g++ ) && make -f Makefile install
make[1]: Entering directory '/home/user/Programming/updater/DIE-engine/build_libs'
cd ../XArchive/ && ( test -e Makefile || /usr/lib64/qt5/bin/qmake -o Makefile /home/user/Programming/updater/DIE-engine/XArchive/XArchive.pro -spec linux-g++ ) && make -f Makefile install
make[2]: Entering directory '/home/user/Programming/updater/DIE-engine/XArchive'
cd 3rdparty/bzip2/ && ( test -e Makefile || /usr/lib64/qt5/bin/qmake -o Makefile /home/user/Programming/updater/DIE-engine/XArchive/3rdparty/bzip2/bzip2.pro -spec linux-g++ ) && make -f Makefile install
make[3]: Entering directory '/home/user/Programming/updater/DIE-engine/XArchive/3rdparty/bzip2'
make[3]: Nothing to be done for 'install'.
make[3]: Leaving directory '/home/user/Programming/updater/DIE-engine/XArchive/3rdparty/bzip2'
cd 3rdparty/lzma/ && ( test -e Makefile || /usr/lib64/qt5/bin/qmake -o Makefile /home/user/Programming/updater/DIE-engine/XArchive/3rdparty/lzma/lzma.pro -spec linux-g++ ) && make -f Makefile install
make[3]: Entering directory '/home/user/Programming/updater/DIE-engine/XArchive/3rdparty/lzma'
make[3]: Nothing to be done for 'install'.
make[3]: Leaving directory '/home/user/Programming/updater/DIE-engine/XArchive/3rdparty/lzma'
cd 3rdparty/zlib/ && ( test -e Makefile || /usr/lib64/qt5/bin/qmake -o Makefile /home/user/Programming/updater/DIE-engine/XArchive/3rdparty/zlib/zlib.pro -spec linux-g++ ) && make -f Makefile install
make[3]: Entering directory '/home/user/Programming/updater/DIE-engine/XArchive/3rdparty/zlib'
make[3]: Nothing to be done for 'install'.
make[3]: Leaving directory '/home/user/Programming/updater/DIE-engine/XArchive/3rdparty/zlib'
make[2]: Leaving directory '/home/user/Programming/updater/DIE-engine/XArchive'
cd ../XCapstone/ && ( test -e Makefile || /usr/lib64/qt5/bin/qmake -o Makefile /home/user/Programming/updater/DIE-engine/XCapstone/XCapstone.pro -spec linux-g++ ) && make -f Makefile install
make[2]: Entering directory '/home/user/Programming/updater/DIE-engine/XCapstone'
cd 3rdparty/Capstone/ && ( test -e Makefile || /usr/lib64/qt5/bin/qmake -o Makefile /home/user/Programming/updater/DIE-engine/XCapstone/3rdparty/Capstone/Capstone.pro -spec linux-g++ ) && make -f Makefile install
make[3]: Entering directory '/home/user/Programming/updater/DIE-engine/XCapstone/3rdparty/Capstone'
make[3]: Nothing to be done for 'install'.
make[3]: Leaving directory '/home/user/Programming/updater/DIE-engine/XCapstone/3rdparty/Capstone'
cd 3rdparty/Capstone/x86/ && ( test -e Makefile || /usr/lib64/qt5/bin/qmake -o Makefile /home/user/Programming/updater/DIE-engine/XCapstone/3rdparty/Capstone/x86/x86.pro -spec linux-g++ ) && make -f Makefile install
make[3]: Entering directory '/home/user/Programming/updater/DIE-engine/XCapstone/3rdparty/Capstone/x86'
make[3]: Nothing to be done for 'install'.
make[3]: Leaving directory '/home/user/Programming/updater/DIE-engine/XCapstone/3rdparty/Capstone/x86'
make[2]: Leaving directory '/home/user/Programming/updater/DIE-engine/XCapstone'
cd ../XCppfilt/ && ( test -e Makefile || /usr/lib64/qt5/bin/qmake -o Makefile /home/user/Programming/updater/DIE-engine/XCppfilt/XCppfilt.pro -spec linux-g++ ) && make -f Makefile install
make[2]: Entering directory '/home/user/Programming/updater/DIE-engine/XCppfilt'
cd 3rdparty/cppfilt/ && ( test -e Makefile || /usr/lib64/qt5/bin/qmake -o Makefile /home/user/Programming/updater/DIE-engine/XCppfilt/3rdparty/cppfilt/cppfilt.pro -spec linux-g++ ) && make -f Makefile install
make[3]: Entering directory '/home/user/Programming/updater/DIE-engine/XCppfilt/3rdparty/cppfilt'
make[3]: Nothing to be done for 'install'.
make[3]: Leaving directory '/home/user/Programming/updater/DIE-engine/XCppfilt/3rdparty/cppfilt'
make[2]: Leaving directory '/home/user/Programming/updater/DIE-engine/XCppfilt'
make[1]: Leaving directory '/home/user/Programming/updater/DIE-engine/build_libs'
cd console_source/ && ( test -e Makefile || /usr/lib64/qt5/bin/qmake -o Makefile /home/user/Programming/updater/DIE-engine/console_source/console_source.pro -spec linux-g++ ) && make -f Makefile install
make[1]: Entering directory '/home/user/Programming/updater/DIE-engine/console_source'
make[1]: Nothing to be done for 'install'.
make[1]: Leaving directory '/home/user/Programming/updater/DIE-engine/console_source'
cd gui_source/ && ( test -e Makefile || /usr/lib64/qt5/bin/qmake -o Makefile /home/user/Programming/updater/DIE-engine/gui_source/gui_source.pro -spec linux-g++ ) && make -f Makefile install
make[1]: Entering directory '/home/user/Programming/updater/DIE-engine/gui_source'
make[1]: Nothing to be done for 'install'.
make[1]: Leaving directory '/home/user/Programming/updater/DIE-engine/gui_source'
cd lite_source/ && ( test -e Makefile || /usr/lib64/qt5/bin/qmake -o Makefile /home/user/Programming/updater/DIE-engine/lite_source/lite_source.pro -spec linux-g++ ) && make -f Makefile install
make[1]: Entering directory '/home/user/Programming/updater/DIE-engine/lite_source'
make[1]: Nothing to be done for 'install'.
make[1]: Leaving directory '/home/user/Programming/updater/DIE-engine/lite_source'
bash -x /home/user/Programming/updater/DIE-engine/install.sh
+ '[' -z '' ']'
+ case "$-" in
+ __lmod_vx=x
+ '[' -n x ']'
+ set +x
Shell debugging temporarily silenced: export LMOD_SH_DBG_ON=1 for this output (/usr/share/lmod/lmod/init/bash)
Shell debugging restarted
+ unset __lmod_vx
+ export X_SOURCE_PATH=/home/user/Programming/updater/DIE-engine
+ X_SOURCE_PATH=/home/user/Programming/updater/DIE-engine
+ cp -f /home/user/Programming/updater/DIE-engine/build/release/die /usr/bin/
cp: cannot create regular file '/usr/bin/die': Permission denied
+ cp -f /home/user/Programming/updater/DIE-engine/build/release/diec /usr/bin/
cp: cannot create regular file '/usr/bin/diec': Permission denied
+ cp -f /home/user/Programming/updater/DIE-engine/LINUX/die.desktop /usr/share/applications/
cp: cannot create regular file '/usr/share/applications/die.desktop': Permission denied
+ cp -Rf /home/user/Programming/updater/DIE-engine/LINUX/hicolor/ /usr/share/icons/
cp: cannot create regular file '/usr/share/icons/hicolor/16x16/apps/die.png': Permission denied
cp: cannot create directory '/usr/share/icons/hicolor/20x20': Permission denied
cp: cannot create regular file '/usr/share/icons/hicolor/24x24/apps/die.png': Permission denied
cp: cannot create regular file '/usr/share/icons/hicolor/256x256/apps/die.png': Permission denied
cp: cannot create regular file '/usr/share/icons/hicolor/32x32/apps/die.png': Permission denied
cp: cannot create regular file '/usr/share/icons/hicolor/48x48/apps/die.png': Permission denied
+ cp -Rf /home/user/Programming/updater/DIE-engine/XStyles/qss/ /usr/lib/die/
cp: cannot create directory '/usr/lib/die/': Permission denied
+ cp -Rf /home/user/Programming/updater/DIE-engine/Detect-It-Easy/info/ /usr/lib/die/
cp: cannot create directory '/usr/lib/die/': Permission denied
+ cp -Rf /home/user/Programming/updater/DIE-engine/Detect-It-Easy/db/ /usr/lib/die/
cp: cannot create directory '/usr/lib/die/': Permission denied
+ mkdir -p /usr/lib/die/signatures
mkdir: cannot create directory ‘/usr/lib/die’: Permission denied
+ cp -f /home/user/Programming/updater/DIE-engine/signatures/crypto.db /usr/lib/die/signatures/
cp: cannot create regular file '/usr/lib/die/signatures/': No such file or directory
make: *** [Makefile:588: install_target] Error 1

As you can see, it does not honor the install prefix.

Is there any way, I did miss that installs the files into the right directory? (/opt/root in my case) Furthermore I think this program often assumes it is installed into /usr/(local)

I recommend using 'dirname $0' to enable calling from other directories

When I use the absolute path to call the script in other directories, an error occurs:

[root@localhost test]# /srv/123/die_lin64_portable/diec.sh
/srv/123/die_lin64_portable/diec.sh: line 3: /home/test/base/diec: No such file or directory

So I changed the script to use an absolute path instead of the current working directory:

#!/bin/sh
export LD_LIBRARY_PATH="`dirname $0`/base:"
`dirname $0`/base/diec $*

Working now:

[root@localhost test]# pwd
/home/test
[root@localhost test]# /srv/123/die_lin64_portable/diec.sh -d -j /usr/bin/bash
{
    "detects": [
        {
            "name": "GLIBC",
            "options": "DYN AMD64-64",
            "string": "library: GLIBC(2.8)[DYN AMD64-64]",
            "type": "library",
            "version": "2.8"
        }
    ],
    "filetype": "ELF64"
}

Migrate to cmake

Migrate to cmake?

Error `Qt_5.15' not found but it is installed actually

I got this error while trying to run the gui version of DIEv3.00 on my linux machine:

./base/die: ./base/libQt5Core.so.5: version `Qt_5.15' not found (required by /usr/lib/libQt5OpenGL.so.5)

I have latest Qt5 libraries and ncurses libraries are installed

Can you provide linux .so

i cann't build so.please provide .so file in linux platform

diec status code is 0 even on error

Just noticed that if you run diec -j ./foo and foo file does not exist then you obtain Cannot find: ./foo but the exit code of diec is 0.

I expect the status code to be other than 0 because we have an error here.

Die can't parse PE binary

Yes, this is tricky, but still valid PE binary
pe1.zip

No PE found:

another tools reads it fine:

Non-translatable strings

Most of the DIE UI strings are translate-able with .po files - that's great.
But still there's some strings that not listed there so they are non-translateable.

DIE main screen:

PE Import screen:

Also some strings on PE Relocs, PE Debug screens.

MSI incorrect detection?

DIE/NFD:

this is probably correct:

sample file:
https://download.blender.org/release/Blender2.93/blender-2.93.4-windows-x64.msi

Crash when scanning

not sure if this is file specific (see below), or a general issue.
scanning crashes DIE:

sample use 0000 to unpack:
http://aalapshah.in/download/qipressportable_password0000.zip

Last built artifacts

Are there any chances to keep latest built artifacts?
I tried to find it here but failed
https://github.com/horsicq/DIE-engine/actions

change md5 as default hash type

DIE use md4 as default hash type.

In many times, people want to get md5 value. Also, the shape of md4 and md5 are similar, and someone maybe copy a md4 value rather than md5 value.
So is it possible to change md5 as default hash type?

Strings filtering issue in Strings window

what is the proper way to filter strings on the pattern

example:

if I put " pattern - all is fine
if I add "{
to pattern - strings are filtered out, expected to see those, which have pattern inside
eg:

Exceptions section is loading extremely slow

on 100 MB PE64 file it might take up to 1 minute on modern PC...
at the same time only 10-12% of CPU is being used, eg:

Consider some optimization like multi-threading and/or algo refactoring

THank you

build_tools dir is empty

build_tools\windows.cmd is not recognized as an internal or external command

Compilation overlap in lin64 build

I have built Qt5.6.3 on debian using source -> https://github.com/qt/qt5.git from commit 12fd0d5b9b486eaf80712d390265402a3bb06f0e. I checked out the modules I think DIE-engine required to build? qtsvg, qtxmlpatterns maybe?, qtscript. But when I tried installing DIE-engine it failed complaining about a missing header file for windows. I think there might be something wrong with the build script? I'm trying to install DIE in a headless VM running debian, which might be related but does not obviously appear to be relevant at this time.

root$ :/opt/DIE-engine# bash ./build_lin64.sh
Version: 2.06
rm -f moc__mainclass.cpp moc_scriptpe.cpp moc_scriptmsdos.cpp moc_scriptelf.cpp moc_scriptbinary.cpp moc_scan.cpp moc_pluginsscript.cpp moc_versionresource.cpp moc_pefile.cpp moc_msdosfile.cpp moc_elffile.cpp moc_textfile.cpp moc_binary.cpp moc_machfile.cpp moc_scriptmach.cpp moc_scripttext.cpp moc_scriptgeneric.cpp moc_singlefilescan.cpp
rm -f mainc.o _mainclass.o scriptpe.o scriptmsdos.o scriptelf.o scriptbinary.o scan.o utils.o pluginsscript.o versionresource.o pefile.o msdosfile.o elffile.o textfile.o binary.o machfile.o scriptmach.o scripttext.o scriptgeneric.o singlefilescan.o moc__mainclass.o moc_scriptpe.o moc_scriptmsdos.o moc_scriptelf.o moc_scriptbinary.o moc_scan.o moc_pluginsscript.o moc_versionresource.o moc_pefile.o moc_msdosfile.o moc_elffile.o moc_textfile.o moc_binary.o moc_machfile.o moc_scriptmach.o moc_scripttext.o moc_scriptgeneric.o moc_singlefilescan.o
rm -f *~ core *.core
g++ -c -pipe -Wno-missing-field-initializers -O2 -Wall -W -D_REENTRANT -fPIC -DDIE_CONSOLE -DQT_NO_DEBUG -DQT_SCRIPT_LIB -DQT_XML_LIB -DQT_CORE_LIB -I. -I../../../Qt5.6/include -I../../../Qt5.6/include/QtScript -I../../../Qt5.6/include/QtXml -I../../../Qt5.6/include/QtCore -I. -I../../../Qt5.6/mkspecs/linux-g++ -o mainc.o mainc.cpp
In file included from mainc.cpp:26:
../singlefilescan.h:12:10: fatal error: windows.h: No such file or directory
 #include <windows.h>
          ^~~~~~~~~~~
compilation terminated.
make: *** [Makefile:2290: mainc.o] Error 1

I know there's a __windows.h file in the root of DIE-engine's directory, maybe that's what it's looking for? If I include this file in the build it seems to compile correctly?
If I let it compile though, it eventually complains about a missing language directory? cp: cannot stat '/opt/DIE-engine/die_source/lang': No such file or directory. There is no lang folder in the die_source folder though? I must be missing something?

When I try running the precompiled release I get ./base/die: relocation error: ./base/die: symbol __cxa_throw_bad_array_new_length version Qt_5 not defined in file libQt5Gui.so.5 with link time reference. So maybe i'm missing another qt module anyway?