mirror of
https://github.com/atom0s/Steamless.git
synced 2024-12-28 23:37:41 +01:00
Fixed a small bug with TLS callback parsing in the 64bit PE parser.
Added TLS callback support for the 3.0 64bit unpacker.
This commit is contained in:
parent
a0f856a050
commit
5a10c527e2
4 changed files with 33 additions and 9 deletions
|
@ -148,7 +148,7 @@ namespace Steamless.API.PE64
|
|||
var count = 0;
|
||||
while (true)
|
||||
{
|
||||
var callback = BitConverter.ToUInt64(this.FileData, (int)addr + (count * 4));
|
||||
var callback = BitConverter.ToUInt64(this.FileData, (int)addr + (count * 8));
|
||||
if (callback == 0)
|
||||
break;
|
||||
|
||||
|
|
|
@ -36,5 +36,5 @@ using System.Runtime.InteropServices;
|
|||
[assembly: AssemblyCulture("")]
|
||||
[assembly: ComVisible(false)]
|
||||
[assembly: Guid("56c95629-3b34-47fe-b988-04274409294f")]
|
||||
[assembly: AssemblyVersion("1.0.0.2")]
|
||||
[assembly: AssemblyFileVersion("1.0.0.2")]
|
||||
[assembly: AssemblyVersion("1.0.0.3")]
|
||||
[assembly: AssemblyFileVersion("1.0.0.3")]
|
|
@ -210,7 +210,31 @@ namespace Steamless.Unpacker.Variant30.x64
|
|||
this.StubHeader = Pe64Helpers.GetStructure<SteamStub64Var30Header>(headerData);
|
||||
|
||||
// Validate the structure signature..
|
||||
return this.StubHeader.Signature == 0xC0DEC0DE;
|
||||
if (this.StubHeader.Signature == 0xC0DEC0DE)
|
||||
return true;
|
||||
|
||||
// Try again using the Tls callback (if any) as the OEP instead..
|
||||
if (this.File.TlsCallbacks.Count == 0)
|
||||
return false;
|
||||
|
||||
// Obtain the DRM header data..
|
||||
fileOffset = this.File.GetRvaFromVa(this.File.TlsCallbacks[0]);
|
||||
fileOffset = this.File.GetFileOffsetFromRva(fileOffset);
|
||||
headerData = new byte[headerSize];
|
||||
Array.Copy(this.File.FileData, (long)(fileOffset - headerSize), headerData, 0, headerSize);
|
||||
|
||||
// Xor decode the header data..
|
||||
this.XorKey = SteamStubHelpers.SteamXor(ref headerData, headerSize);
|
||||
this.StubHeader = Pe64Helpers.GetStructure<SteamStub64Var30Header>(headerData);
|
||||
|
||||
// Validate the structure signature..
|
||||
if (this.StubHeader.Signature != 0xC0DEC0DE)
|
||||
return false;
|
||||
|
||||
// Tls was valid for the real oep..
|
||||
this.TlsAsOep = true;
|
||||
this.TlsOepRva = fileOffset;
|
||||
return true;
|
||||
}
|
||||
|
||||
/// <summary>
|
||||
|
@ -222,7 +246,7 @@ namespace Steamless.Unpacker.Variant30.x64
|
|||
private bool Step2()
|
||||
{
|
||||
// Obtain the payload address and size..
|
||||
var payloadAddr = this.File.GetFileOffsetFromRva(this.File.NtHeaders.OptionalHeader.AddressOfEntryPoint - this.StubHeader.BindSectionOffset);
|
||||
var payloadAddr = this.File.GetFileOffsetFromRva(this.TlsAsOep ? this.TlsOepRva : this.File.NtHeaders.OptionalHeader.AddressOfEntryPoint - this.StubHeader.BindSectionOffset);
|
||||
var payloadSize = (this.StubHeader.PayloadSize + 0x0F) & 0xFFFFFFF0;
|
||||
|
||||
// Do nothing if there is no payload..
|
||||
|
@ -272,7 +296,7 @@ namespace Steamless.Unpacker.Variant30.x64
|
|||
try
|
||||
{
|
||||
// Obtain the SteamDRMP.dll file address and data..
|
||||
var drmpAddr = this.File.GetFileOffsetFromRva(this.File.NtHeaders.OptionalHeader.AddressOfEntryPoint - this.StubHeader.BindSectionOffset + this.StubHeader.DRMPDllOffset);
|
||||
var drmpAddr = this.File.GetFileOffsetFromRva(this.TlsAsOep ? this.TlsOepRva : this.File.NtHeaders.OptionalHeader.AddressOfEntryPoint - this.StubHeader.BindSectionOffset + this.StubHeader.DRMPDllOffset);
|
||||
var drmpData = new byte[this.StubHeader.DRMPDllSize];
|
||||
Array.Copy(this.File.FileData, (long)drmpAddr, drmpData, 0, drmpData.Length);
|
||||
|
||||
|
|
|
@ -36,5 +36,5 @@ using System.Runtime.InteropServices;
|
|||
[assembly: AssemblyCulture("")]
|
||||
[assembly: ComVisible(false)]
|
||||
[assembly: Guid("03621ead-77a7-4208-afdf-4b8292230a71")]
|
||||
[assembly: AssemblyVersion("1.0.0.1")]
|
||||
[assembly: AssemblyFileVersion("1.0.0.1")]
|
||||
[assembly: AssemblyVersion("1.0.0.2")]
|
||||
[assembly: AssemblyFileVersion("1.0.0.2")]
|
Loading…
Reference in a new issue