Check .data/DATA sections for ASPack as well (#340)

Also add some comments regarding ASProtect.

Author: TheRogueArchivist

BinaryObjectScanner/Packer/ASPack.cs

@@ -7,6 +7,7 @@
 namespace BinaryObjectScanner.Packer
 {
     // TODO: Add extraction
+    // TODO: Research and add support for ASProtect. It seems to be an additional layer of protection for ASPack, making detecting it separately more difficult. 
     public class ASPack : IExtractableExecutable<PortableExecutable>
     {
         /// <inheritdoc/>
@@ -35,6 +36,16 @@ public class ASPack : IExtractableExecutable<PortableExecutable>
                     return match;
             }
 
+            // Get the .data/DATA section, if it exists
+            var dataSectionRaw = pex.GetFirstSectionData(".data") ?? pex.GetFirstSectionData("DATA");
+            if (dataSectionRaw != null)
+            {
+                var matchers = GenerateMatchers();
+                var match = MatchUtil.GetFirstMatch(file, dataSectionRaw, matchers, includeDebug);
+                if (!string.IsNullOrEmpty(match))
+                    return match;
+            }
+
             return null;
         }
 
@@ -552,6 +563,38 @@ private static List<ContentMatchSet> GenerateMatchers()
                     0x1C, 0x00
                 }, "ASPack 2.x (without Poly) -> Solodovnikov Alexey"),
 
+                // Commented out due to "ASPack 2.1" getting detected before this. More research is needed.
+                // Based on detection rules from https://github.com/x64dbg/yarasigs/blob/master/Old_Internal_PEiD.yara
+                /* new(new byte?[]
+                {
+                    0x60, 0xE8, 0x03, 0x00, 0x00, 0x00, 0xE9, 0xEB,
+                    0x04, 0x5D, 0x45, 0x55, 0xC3, 0xE8, 0x01, 0x00, 
+                    0x00, 0x00, 0xEB, 0x5D, 0xBB, 0xED, 0xFF, 0xFF, 
+                    0xFF, 0x03, 0xDD, 0x81, 0xEB, 0x00, null, null,
+                    null, 0x80, 0x7D, 0x4D, 0x01, 0x75, 0x0C, 0x8B, 
+                    0x74, 0x24, 0x28, 0x83, 0xFE, 0x01, 0x89, 0x5D,
+                    0x4E, 0x75, 0x31, 0x8D, 0x45, 0x53, 0x50, 0x53, 
+                    0xFF, 0xB5, null, 0x09, 0x00, 0x00, 0x8D, 0x45,
+                    0x35, 0x50, 0xE9, 0x82, 0x00, 0x00, 0x00, 0x00,
+                    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+                    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+                    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, null,
+                    0x00, 0x00, 0x00, 0x00, 0xB8, 0xF8, 0xC0, 0xA5,
+                    0x23, 0x50, 0x50, 0x03, 0x45, 0x4E, 0x5B, 0x85,
+                    0xC0, 0x74, 0x1C, 0xEB, 0x01, 0xE8, 0x81, 0xFB, 
+                    0xF8, 0xC0, 0xA5, 0x23, 0x74, 0x35, 0x33, 0xD2,
+                    0x56, 0x6A, 0x00, 0x56, 0xFF, 0x75, 0x4E, 0xFF,
+                    0xD0, 0x5E, 0x83, 0xFE, 0x00, 0x75, 0x24, 0x33,
+                    0xD2, 0x8B, 0x45, 0x41, 0x85, 0xC0, 0x74, 0x07,
+                    0x52, 0x52, 0xFF, 0x75, 0x35, 0xFF, 0xD0, 0x8B,
+                    0x45, 0x35, 0x85, 0xC0, 0x74, 0x0D, 0x68, 0x00,
+                    0x80, 0x00, 0x00, 0x6A, 0x00, 0xFF, 0x75, 0x35,
+                    0xFF, 0x55, 0x3D, 0x5B, 0x0B, 0xDB, 0x61, 0x75,
+                    0x06, 0x6A, 0x01, 0x58, 0xC2, 0x0C, 0x00, 0x33, 
+                    0xC0, 0xF7, 0xD8, 0x1B, 0xC0, 0x40, 0xC2, 0x0C, 
+                    0x00
+                }, "ASProtect SKE 2.x -> Solodovnikov Alexey"), */
+
                 #endregion
 
                 #region 2.xx (Long)