From 5a10c527e2cebe937ec18d9ed7908a0406a6ff99 Mon Sep 17 00:00:00 2001
From: atom0s <atom0s@live.com>
Date: Tue, 28 May 2019 19:11:29 -0700
Subject: [PATCH] Fixed a small bug with TLS callback parsing in the 64bit PE
 parser. Added TLS callback support for the 3.0 64bit unpacker.

---
 Steamless.API/PE64/Pe64File.cs                |  2 +-
 Steamless.API/Properties/AssemblyInfo.cs      |  4 +--
 Steamless.Unpacker.Variant30.x64/Main.cs      | 32 ++++++++++++++++---
 .../Properties/AssemblyInfo.cs                |  4 +--
 4 files changed, 33 insertions(+), 9 deletions(-)

diff --git a/Steamless.API/PE64/Pe64File.cs b/Steamless.API/PE64/Pe64File.cs
index d02ae11..8388560 100644
--- a/Steamless.API/PE64/Pe64File.cs
+++ b/Steamless.API/PE64/Pe64File.cs
@@ -148,7 +148,7 @@ namespace Steamless.API.PE64
                 var count = 0;
                 while (true)
                 {
-                    var callback = BitConverter.ToUInt64(this.FileData, (int)addr + (count * 4));
+                    var callback = BitConverter.ToUInt64(this.FileData, (int)addr + (count * 8));
                     if (callback == 0)
                         break;
 
diff --git a/Steamless.API/Properties/AssemblyInfo.cs b/Steamless.API/Properties/AssemblyInfo.cs
index 617283d..fe32d12 100644
--- a/Steamless.API/Properties/AssemblyInfo.cs
+++ b/Steamless.API/Properties/AssemblyInfo.cs
@@ -36,5 +36,5 @@ using System.Runtime.InteropServices;
 [assembly: AssemblyCulture("")]
 [assembly: ComVisible(false)]
 [assembly: Guid("56c95629-3b34-47fe-b988-04274409294f")]
-[assembly: AssemblyVersion("1.0.0.2")]
-[assembly: AssemblyFileVersion("1.0.0.2")]
\ No newline at end of file
+[assembly: AssemblyVersion("1.0.0.3")]
+[assembly: AssemblyFileVersion("1.0.0.3")]
\ No newline at end of file
diff --git a/Steamless.Unpacker.Variant30.x64/Main.cs b/Steamless.Unpacker.Variant30.x64/Main.cs
index aa5a5dc..285497b 100644
--- a/Steamless.Unpacker.Variant30.x64/Main.cs
+++ b/Steamless.Unpacker.Variant30.x64/Main.cs
@@ -210,7 +210,31 @@ namespace Steamless.Unpacker.Variant30.x64
             this.StubHeader = Pe64Helpers.GetStructure<SteamStub64Var30Header>(headerData);
 
             // Validate the structure signature..
-            return this.StubHeader.Signature == 0xC0DEC0DE;
+            if (this.StubHeader.Signature == 0xC0DEC0DE)
+                return true;
+
+            // Try again using the Tls callback (if any) as the OEP instead..
+            if (this.File.TlsCallbacks.Count == 0)
+                return false;
+
+            // Obtain the DRM header data..
+            fileOffset = this.File.GetRvaFromVa(this.File.TlsCallbacks[0]);
+            fileOffset = this.File.GetFileOffsetFromRva(fileOffset);
+            headerData = new byte[headerSize];
+            Array.Copy(this.File.FileData, (long)(fileOffset - headerSize), headerData, 0, headerSize);
+
+            // Xor decode the header data..
+            this.XorKey = SteamStubHelpers.SteamXor(ref headerData, headerSize);
+            this.StubHeader = Pe64Helpers.GetStructure<SteamStub64Var30Header>(headerData);
+
+            // Validate the structure signature..
+            if (this.StubHeader.Signature != 0xC0DEC0DE)
+                return false;
+
+            // Tls was valid for the real oep..
+            this.TlsAsOep = true;
+            this.TlsOepRva = fileOffset;
+            return true;
         }
 
         /// <summary>
@@ -222,7 +246,7 @@ namespace Steamless.Unpacker.Variant30.x64
         private bool Step2()
         {
             // Obtain the payload address and size..
-            var payloadAddr = this.File.GetFileOffsetFromRva(this.File.NtHeaders.OptionalHeader.AddressOfEntryPoint - this.StubHeader.BindSectionOffset);
+            var payloadAddr = this.File.GetFileOffsetFromRva(this.TlsAsOep ? this.TlsOepRva : this.File.NtHeaders.OptionalHeader.AddressOfEntryPoint - this.StubHeader.BindSectionOffset);
             var payloadSize = (this.StubHeader.PayloadSize + 0x0F) & 0xFFFFFFF0;
 
             // Do nothing if there is no payload..
@@ -272,7 +296,7 @@ namespace Steamless.Unpacker.Variant30.x64
             try
             {
                 // Obtain the SteamDRMP.dll file address and data..
-                var drmpAddr = this.File.GetFileOffsetFromRva(this.File.NtHeaders.OptionalHeader.AddressOfEntryPoint - this.StubHeader.BindSectionOffset + this.StubHeader.DRMPDllOffset);
+                var drmpAddr = this.File.GetFileOffsetFromRva(this.TlsAsOep ? this.TlsOepRva : this.File.NtHeaders.OptionalHeader.AddressOfEntryPoint - this.StubHeader.BindSectionOffset + this.StubHeader.DRMPDllOffset);
                 var drmpData = new byte[this.StubHeader.DRMPDllSize];
                 Array.Copy(this.File.FileData, (long)drmpAddr, drmpData, 0, drmpData.Length);
 
@@ -301,7 +325,7 @@ namespace Steamless.Unpacker.Variant30.x64
                 return false;
             }
         }
-        
+
         /// <summary>
         /// Step #4
         /// 
diff --git a/Steamless.Unpacker.Variant30.x64/Properties/AssemblyInfo.cs b/Steamless.Unpacker.Variant30.x64/Properties/AssemblyInfo.cs
index 3d54c5d..5279978 100644
--- a/Steamless.Unpacker.Variant30.x64/Properties/AssemblyInfo.cs
+++ b/Steamless.Unpacker.Variant30.x64/Properties/AssemblyInfo.cs
@@ -36,5 +36,5 @@ using System.Runtime.InteropServices;
 [assembly: AssemblyCulture("")]
 [assembly: ComVisible(false)]
 [assembly: Guid("03621ead-77a7-4208-afdf-4b8292230a71")]
-[assembly: AssemblyVersion("1.0.0.1")]
-[assembly: AssemblyFileVersion("1.0.0.1")]
\ No newline at end of file
+[assembly: AssemblyVersion("1.0.0.2")]
+[assembly: AssemblyFileVersion("1.0.0.2")]
\ No newline at end of file