1
0
Fork 0
mirror of https://github.com/atom0s/Steamless.git synced 2024-12-28 23:37:41 +01:00

Fixed a small bug with TLS callback parsing in the 64bit PE parser.

Added TLS callback support for the 3.0 64bit unpacker.
This commit is contained in:
atom0s 2019-05-28 19:11:29 -07:00
parent a0f856a050
commit 5a10c527e2
4 changed files with 33 additions and 9 deletions

View file

@ -148,7 +148,7 @@ namespace Steamless.API.PE64
var count = 0;
while (true)
{
var callback = BitConverter.ToUInt64(this.FileData, (int)addr + (count * 4));
var callback = BitConverter.ToUInt64(this.FileData, (int)addr + (count * 8));
if (callback == 0)
break;

View file

@ -36,5 +36,5 @@ using System.Runtime.InteropServices;
[assembly: AssemblyCulture("")]
[assembly: ComVisible(false)]
[assembly: Guid("56c95629-3b34-47fe-b988-04274409294f")]
[assembly: AssemblyVersion("1.0.0.2")]
[assembly: AssemblyFileVersion("1.0.0.2")]
[assembly: AssemblyVersion("1.0.0.3")]
[assembly: AssemblyFileVersion("1.0.0.3")]

View file

@ -210,7 +210,31 @@ namespace Steamless.Unpacker.Variant30.x64
this.StubHeader = Pe64Helpers.GetStructure<SteamStub64Var30Header>(headerData);
// Validate the structure signature..
return this.StubHeader.Signature == 0xC0DEC0DE;
if (this.StubHeader.Signature == 0xC0DEC0DE)
return true;
// Try again using the Tls callback (if any) as the OEP instead..
if (this.File.TlsCallbacks.Count == 0)
return false;
// Obtain the DRM header data..
fileOffset = this.File.GetRvaFromVa(this.File.TlsCallbacks[0]);
fileOffset = this.File.GetFileOffsetFromRva(fileOffset);
headerData = new byte[headerSize];
Array.Copy(this.File.FileData, (long)(fileOffset - headerSize), headerData, 0, headerSize);
// Xor decode the header data..
this.XorKey = SteamStubHelpers.SteamXor(ref headerData, headerSize);
this.StubHeader = Pe64Helpers.GetStructure<SteamStub64Var30Header>(headerData);
// Validate the structure signature..
if (this.StubHeader.Signature != 0xC0DEC0DE)
return false;
// Tls was valid for the real oep..
this.TlsAsOep = true;
this.TlsOepRva = fileOffset;
return true;
}
/// <summary>
@ -222,7 +246,7 @@ namespace Steamless.Unpacker.Variant30.x64
private bool Step2()
{
// Obtain the payload address and size..
var payloadAddr = this.File.GetFileOffsetFromRva(this.File.NtHeaders.OptionalHeader.AddressOfEntryPoint - this.StubHeader.BindSectionOffset);
var payloadAddr = this.File.GetFileOffsetFromRva(this.TlsAsOep ? this.TlsOepRva : this.File.NtHeaders.OptionalHeader.AddressOfEntryPoint - this.StubHeader.BindSectionOffset);
var payloadSize = (this.StubHeader.PayloadSize + 0x0F) & 0xFFFFFFF0;
// Do nothing if there is no payload..
@ -272,7 +296,7 @@ namespace Steamless.Unpacker.Variant30.x64
try
{
// Obtain the SteamDRMP.dll file address and data..
var drmpAddr = this.File.GetFileOffsetFromRva(this.File.NtHeaders.OptionalHeader.AddressOfEntryPoint - this.StubHeader.BindSectionOffset + this.StubHeader.DRMPDllOffset);
var drmpAddr = this.File.GetFileOffsetFromRva(this.TlsAsOep ? this.TlsOepRva : this.File.NtHeaders.OptionalHeader.AddressOfEntryPoint - this.StubHeader.BindSectionOffset + this.StubHeader.DRMPDllOffset);
var drmpData = new byte[this.StubHeader.DRMPDllSize];
Array.Copy(this.File.FileData, (long)drmpAddr, drmpData, 0, drmpData.Length);

View file

@ -36,5 +36,5 @@ using System.Runtime.InteropServices;
[assembly: AssemblyCulture("")]
[assembly: ComVisible(false)]
[assembly: Guid("03621ead-77a7-4208-afdf-4b8292230a71")]
[assembly: AssemblyVersion("1.0.0.1")]
[assembly: AssemblyFileVersion("1.0.0.1")]
[assembly: AssemblyVersion("1.0.0.2")]
[assembly: AssemblyFileVersion("1.0.0.2")]