Detect middleware and apis too?

[mirh]

https://github.com/SteamDatabase/FileDetectionRuleSets
https://old.reddit.com/r/ghidra/comments/cgo9yf/dumping_com_objects/

In particular the later thing was making me wonder if parsing the executables/dlls for some given strings (that would correspond to the CoCreateInstance or `LoadLibrary' calls) couldn't be way more comprehensive.
E.g. there are games like Mass Effect 2 shipping 100% dead openal dlls (because the devs were completely clueless about what they were even doing), and even runtime checks could be unreliable given dsound.dll would also load mmvdevapi/wasapi after XP.

[vetleledaal]

Parsing IAT/LoadLibrary/CoCreateInstance might be beyond the scope of this project, given that games are typically compressed or packed^{[citation needed]}, which would decrease the success rate.

Regardless, adding FileDetectionRuleSets seems fine. This would also suffer from detecting dead DLLs, but that seems like a decent compromise.

I don't have much free time to actually implement it, but feel free to submit a PR. Preferably it would all be contained within the main .py file, to reduce friction for people that just download that script.

Addendum: Detecting middleware and whatever is all good in my book, I just had to pick a name for the project.

[mirh]

I suppose there's no end to man madness, though I really would not say that most games are packed.
Even in the scrambled (well at least enough that ghidra was missing half of the functions) origin drmed ME2 executable I could still easily search for 3fcc0139b584a44fba35aa8172b8a09b, i.e. CLSID_DirectSound8 in little-endian.
I'll grant to you that I don't really know how/if the same principle could apply to LoadLibrary though.