From 0ad40aeabd30d1fa80c83d95622f310bae3e4a81 Mon Sep 17 00:00:00 2001 From: atom0s Date: Thu, 24 Mar 2022 00:58:32 -0700 Subject: [PATCH] API: PE32 - Fix SizeOfImage alignment. API: PE64 - Fix SizeOfImage alignment. Unpacker: v20.x86 - Fix SizeOfImage alignment. Unpacker: v21.x86 - Fix SizeOfImage alignment. Unpacker: v30.x64 - Fix incorrect TlsOepRva being stored and used. Unpacker: v30.x64 - Fix incorrect TlsOepRva calculations when reading payload and SteamDRMP.dll. Unpacker: v31.x64 - Fix incorrect TlsOepRva being stored and used. Unpacker: v31.x64 - Fix incorrect TlsOepRva calculations when reading payload and SteamDRMP.dll. --- Steamless.API/PE32/Pe32File.cs | 2 +- Steamless.API/PE64/Pe64File.cs | 2 +- Steamless.Unpacker.Variant20.x86/Main.cs | 2 +- Steamless.Unpacker.Variant21.x86/Main.cs | 2 +- Steamless.Unpacker.Variant30.x64/Main.cs | 6 +++--- Steamless.Unpacker.Variant30.x86/Main.cs | 6 +++--- Steamless.Unpacker.Variant31.x64/Main.cs | 6 +++--- Steamless.Unpacker.Variant31.x86/Main.cs | 6 +++--- 8 files changed, 16 insertions(+), 16 deletions(-) diff --git a/Steamless.API/PE32/Pe32File.cs b/Steamless.API/PE32/Pe32File.cs index c49098d..1d849dc 100644 --- a/Steamless.API/PE32/Pe32File.cs +++ b/Steamless.API/PE32/Pe32File.cs @@ -328,7 +328,7 @@ namespace Steamless.API.PE32 // Update the size of the image.. var ntHeaders = this.NtHeaders; - ntHeaders.OptionalHeader.SizeOfImage = this.Sections.Last().VirtualAddress + this.Sections.Last().VirtualSize; + ntHeaders.OptionalHeader.SizeOfImage = (uint)this.GetAlignment(this.Sections.Last().VirtualAddress + this.Sections.Last().VirtualSize, this.NtHeaders.OptionalHeader.SectionAlignment); this.NtHeaders = ntHeaders; } diff --git a/Steamless.API/PE64/Pe64File.cs b/Steamless.API/PE64/Pe64File.cs index 19e8164..366e0a2 100644 --- a/Steamless.API/PE64/Pe64File.cs +++ b/Steamless.API/PE64/Pe64File.cs @@ -331,7 +331,7 @@ namespace Steamless.API.PE64 // Update the size of the image.. var ntHeaders = this.NtHeaders; - ntHeaders.OptionalHeader.SizeOfImage = this.Sections.Last().VirtualAddress + this.Sections.Last().VirtualSize; + ntHeaders.OptionalHeader.SizeOfImage = (uint)this.GetAlignment(this.Sections.Last().VirtualAddress + this.Sections.Last().VirtualSize, this.NtHeaders.OptionalHeader.SectionAlignment); this.NtHeaders = ntHeaders; } diff --git a/Steamless.Unpacker.Variant20.x86/Main.cs b/Steamless.Unpacker.Variant20.x86/Main.cs index 3c29fe1..656686c 100644 --- a/Steamless.Unpacker.Variant20.x86/Main.cs +++ b/Steamless.Unpacker.Variant20.x86/Main.cs @@ -324,7 +324,7 @@ namespace Steamless.Unpacker.Variant20.x86 var ntHeaders = this.File.NtHeaders; var lastSection = this.File.Sections[this.File.Sections.Count - 1]; ntHeaders.OptionalHeader.AddressOfEntryPoint = this.File.GetRvaFromVa(this.StubHeader.OEP); - ntHeaders.OptionalHeader.SizeOfImage = lastSection.VirtualAddress + lastSection.VirtualSize; + ntHeaders.OptionalHeader.SizeOfImage = this.File.GetAlignment(lastSection.VirtualAddress + lastSection.VirtualSize, this.File.NtHeaders.OptionalHeader.SectionAlignment); this.File.NtHeaders = ntHeaders; // Write the NT headers to the file.. diff --git a/Steamless.Unpacker.Variant21.x86/Main.cs b/Steamless.Unpacker.Variant21.x86/Main.cs index b6fc477..df10f41 100644 --- a/Steamless.Unpacker.Variant21.x86/Main.cs +++ b/Steamless.Unpacker.Variant21.x86/Main.cs @@ -451,7 +451,7 @@ namespace Steamless.Unpacker.Variant21.x86 var lastSection = this.File.Sections[this.File.Sections.Count - 1]; var originalEntry = BitConverter.ToUInt32(this.PayloadData.Skip(this.SteamDrmpOffsets[2]).Take(4).ToArray(), 0); ntHeaders.OptionalHeader.AddressOfEntryPoint = this.File.GetRvaFromVa(originalEntry); - ntHeaders.OptionalHeader.SizeOfImage = lastSection.VirtualAddress + lastSection.VirtualSize; + ntHeaders.OptionalHeader.SizeOfImage = this.File.GetAlignment(lastSection.VirtualAddress + lastSection.VirtualSize, this.File.NtHeaders.OptionalHeader.SectionAlignment); this.File.NtHeaders = ntHeaders; // Write the NT headers to the file.. diff --git a/Steamless.Unpacker.Variant30.x64/Main.cs b/Steamless.Unpacker.Variant30.x64/Main.cs index 0ef140c..79a440a 100644 --- a/Steamless.Unpacker.Variant30.x64/Main.cs +++ b/Steamless.Unpacker.Variant30.x64/Main.cs @@ -233,7 +233,7 @@ namespace Steamless.Unpacker.Variant30.x64 // Tls was valid for the real oep.. this.TlsAsOep = true; - this.TlsOepRva = fileOffset; + this.TlsOepRva = this.File.GetRvaFromVa(this.File.TlsCallbacks[0]); return true; } @@ -246,7 +246,7 @@ namespace Steamless.Unpacker.Variant30.x64 private bool Step2() { // Obtain the payload address and size.. - var payloadAddr = this.File.GetFileOffsetFromRva(this.TlsAsOep ? this.TlsOepRva : this.File.NtHeaders.OptionalHeader.AddressOfEntryPoint - this.StubHeader.BindSectionOffset); + var payloadAddr = this.File.GetFileOffsetFromRva(this.TlsAsOep ? this.TlsOepRva - this.StubHeader.BindSectionOffset : this.File.NtHeaders.OptionalHeader.AddressOfEntryPoint - this.StubHeader.BindSectionOffset); var payloadSize = (this.StubHeader.PayloadSize + 0x0F) & 0xFFFFFFF0; // Do nothing if there is no payload.. @@ -296,7 +296,7 @@ namespace Steamless.Unpacker.Variant30.x64 try { // Obtain the SteamDRMP.dll file address and data.. - var drmpAddr = this.File.GetFileOffsetFromRva(this.TlsAsOep ? this.TlsOepRva : this.File.NtHeaders.OptionalHeader.AddressOfEntryPoint - this.StubHeader.BindSectionOffset + this.StubHeader.DRMPDllOffset); + var drmpAddr = this.File.GetFileOffsetFromRva(this.TlsAsOep ? this.TlsOepRva - this.StubHeader.BindSectionOffset + this.StubHeader.DRMPDllOffset : this.File.NtHeaders.OptionalHeader.AddressOfEntryPoint - this.StubHeader.BindSectionOffset + this.StubHeader.DRMPDllOffset); var drmpData = new byte[this.StubHeader.DRMPDllSize]; Array.Copy(this.File.FileData, (long)drmpAddr, drmpData, 0, drmpData.Length); diff --git a/Steamless.Unpacker.Variant30.x86/Main.cs b/Steamless.Unpacker.Variant30.x86/Main.cs index c206fb2..c64772d 100644 --- a/Steamless.Unpacker.Variant30.x86/Main.cs +++ b/Steamless.Unpacker.Variant30.x86/Main.cs @@ -238,7 +238,7 @@ namespace Steamless.Unpacker.Variant30.x86 // Tls was valid for the real oep.. this.TlsAsOep = true; - this.TlsOepRva = fileOffset; + this.TlsOepRva = this.File.GetRvaFromVa(this.File.TlsCallbacks[0]); return true; } @@ -251,7 +251,7 @@ namespace Steamless.Unpacker.Variant30.x86 private bool Step2() { // Obtain the payload address and size.. - var payloadAddr = this.File.GetFileOffsetFromRva(this.TlsAsOep ? this.TlsOepRva : this.File.NtHeaders.OptionalHeader.AddressOfEntryPoint - this.StubHeader.BindSectionOffset); + var payloadAddr = this.File.GetFileOffsetFromRva(this.TlsAsOep ? this.TlsOepRva - this.StubHeader.BindSectionOffset : this.File.NtHeaders.OptionalHeader.AddressOfEntryPoint - this.StubHeader.BindSectionOffset); var payloadSize = (this.StubHeader.PayloadSize + 0x0F) & 0xFFFFFFF0; // Do nothing if there is no payload.. @@ -301,7 +301,7 @@ namespace Steamless.Unpacker.Variant30.x86 try { // Obtain the SteamDRMP.dll file address and data.. - var drmpAddr = this.File.GetFileOffsetFromRva(this.TlsAsOep ? this.TlsOepRva : this.File.NtHeaders.OptionalHeader.AddressOfEntryPoint - this.StubHeader.BindSectionOffset + this.StubHeader.DRMPDllOffset); + var drmpAddr = this.File.GetFileOffsetFromRva(this.TlsAsOep ? this.TlsOepRva - this.StubHeader.BindSectionOffset + this.StubHeader.DRMPDllOffset : this.File.NtHeaders.OptionalHeader.AddressOfEntryPoint - this.StubHeader.BindSectionOffset + this.StubHeader.DRMPDllOffset); var drmpData = new byte[this.StubHeader.DRMPDllSize]; Array.Copy(this.File.FileData, drmpAddr, drmpData, 0, drmpData.Length); diff --git a/Steamless.Unpacker.Variant31.x64/Main.cs b/Steamless.Unpacker.Variant31.x64/Main.cs index ee52e38..51bb5f0 100644 --- a/Steamless.Unpacker.Variant31.x64/Main.cs +++ b/Steamless.Unpacker.Variant31.x64/Main.cs @@ -229,7 +229,7 @@ namespace Steamless.Unpacker.Variant31.x64 // Tls was valid for the real oep.. this.TlsAsOep = true; - this.TlsOepRva = fileOffset; + this.TlsOepRva = this.File.GetRvaFromVa(this.File.TlsCallbacks[0]); return true; } @@ -242,7 +242,7 @@ namespace Steamless.Unpacker.Variant31.x64 private bool Step2() { // Obtain the payload address and size.. - var payloadAddr = this.File.GetFileOffsetFromRva(this.TlsAsOep ? this.TlsOepRva : this.File.NtHeaders.OptionalHeader.AddressOfEntryPoint - this.StubHeader.BindSectionOffset); + var payloadAddr = this.File.GetFileOffsetFromRva(this.TlsAsOep ? this.TlsOepRva - this.StubHeader.BindSectionOffset : this.File.NtHeaders.OptionalHeader.AddressOfEntryPoint - this.StubHeader.BindSectionOffset); var payloadSize = (this.StubHeader.PayloadSize + 0x0F) & 0xFFFFFFF0; // Do nothing if there is no payload.. @@ -292,7 +292,7 @@ namespace Steamless.Unpacker.Variant31.x64 try { // Obtain the SteamDRMP.dll file address and data.. - var drmpAddr = this.File.GetFileOffsetFromRva(this.TlsAsOep ? this.TlsOepRva : this.File.NtHeaders.OptionalHeader.AddressOfEntryPoint - this.StubHeader.BindSectionOffset + this.StubHeader.DRMPDllOffset); + var drmpAddr = this.File.GetFileOffsetFromRva(this.TlsAsOep ? this.TlsOepRva - this.StubHeader.BindSectionOffset + this.StubHeader.DRMPDllOffset : this.File.NtHeaders.OptionalHeader.AddressOfEntryPoint - this.StubHeader.BindSectionOffset + this.StubHeader.DRMPDllOffset); var drmpData = new byte[this.StubHeader.DRMPDllSize]; Array.Copy(this.File.FileData, (long)drmpAddr, drmpData, 0, drmpData.Length); diff --git a/Steamless.Unpacker.Variant31.x86/Main.cs b/Steamless.Unpacker.Variant31.x86/Main.cs index d5e2308..4869895 100644 --- a/Steamless.Unpacker.Variant31.x86/Main.cs +++ b/Steamless.Unpacker.Variant31.x86/Main.cs @@ -234,7 +234,7 @@ namespace Steamless.Unpacker.Variant31.x86 // Tls was valid for the real oep.. this.TlsAsOep = true; - this.TlsOepRva = fileOffset; + this.TlsOepRva = this.File.GetRvaFromVa(this.File.TlsCallbacks[0]); return true; } @@ -247,7 +247,7 @@ namespace Steamless.Unpacker.Variant31.x86 private bool Step2() { // Obtain the payload address and size.. - var payloadAddr = this.File.GetFileOffsetFromRva(this.TlsAsOep ? this.TlsOepRva : this.File.NtHeaders.OptionalHeader.AddressOfEntryPoint - this.StubHeader.BindSectionOffset); + var payloadAddr = this.File.GetFileOffsetFromRva(this.TlsAsOep ? this.TlsOepRva - this.StubHeader.BindSectionOffset : this.File.NtHeaders.OptionalHeader.AddressOfEntryPoint - this.StubHeader.BindSectionOffset); var payloadSize = (this.StubHeader.PayloadSize + 0x0F) & 0xFFFFFFF0; // Do nothing if there is no payload.. @@ -297,7 +297,7 @@ namespace Steamless.Unpacker.Variant31.x86 try { // Obtain the SteamDRMP.dll file address and data.. - var drmpAddr = this.File.GetFileOffsetFromRva(this.TlsAsOep ? this.TlsOepRva : this.File.NtHeaders.OptionalHeader.AddressOfEntryPoint - this.StubHeader.BindSectionOffset + this.StubHeader.DRMPDllOffset); + var drmpAddr = this.File.GetFileOffsetFromRva(this.TlsAsOep ? this.TlsOepRva - this.StubHeader.BindSectionOffset + this.StubHeader.DRMPDllOffset : this.File.NtHeaders.OptionalHeader.AddressOfEntryPoint - this.StubHeader.BindSectionOffset + this.StubHeader.DRMPDllOffset); var drmpData = new byte[this.StubHeader.DRMPDllSize]; Array.Copy(this.File.FileData, drmpAddr, drmpData, 0, drmpData.Length);