mirror of
https://github.com/atom0s/Steamless.git
synced 2024-12-19 23:07:41 +01:00
Unpacker v2.0 (x86) - Add support for multiple variants of the header.
Unpacker v2.0 (x86) - Fix and rename some of the fields of the stub header. Unpacker v2.0 (x86) - Add error message for unsupported header sizes to help collect samples.
This commit is contained in:
atom0s
parent
411f4f711c
commit
65b5644afe
3 changed files with 72 additions and 21 deletions
|
|
@ -25,35 +25,69 @@
|
|||
|
||||
namespace Steamless.Unpacker.Variant20.x86.Classes
|
||||
{
|
||||
using System;
|
||||
using System.Runtime.InteropServices;
|
||||
|
||||
/// <summary>
|
||||
/// SteamStub DRM Variant 2.0 Header
|
||||
///
|
||||
/// Size: 856 bytes
|
||||
/// </summary>
|
||||
[StructLayout(LayoutKind.Sequential)]
|
||||
public struct SteamStub32Var20Header
|
||||
public struct SteamStub32Var20_856_Header
|
||||
{
|
||||
public uint XorKey1; // Xor key used to encode the header data.
|
||||
public uint XorKey2; // Xor key used to encode the header data.
|
||||
public uint GetModuleHandleA_idata; // The address of GetModuleHandleA inside of the .idata section.
|
||||
public uint GetProcAddress_idata; // The address of GetProcAddress inside of the .idata section.
|
||||
public uint GetModuleHandleW_idata; // The address of GetModuleHandleW inside of the .idata section.
|
||||
public uint GetProcAddress_bind; // The address of the .bind sections custom GetProcAddress instance.
|
||||
public uint Flags; // Protection flags used with the file.
|
||||
public uint Unknown0000; // Unknown (Was 0xEC227021 when testing.) (Only used if (Flags & 0x10) is set. Used in part of a hash check.)
|
||||
public uint XorKey1; // Xor key used to encode the header data.
|
||||
public uint XorKey2; // Xor key used to encode the header data.
|
||||
public uint GetModuleHandleA_idata; // The address of GetModuleHandleA inside of the .idata section.
|
||||
public uint GetProcAddress_idata; // The address of GetProcAddress inside of the .idata section.
|
||||
public uint GetModuleHandleW_idata; // The address of GetModuleHandleW inside of the .idata section.
|
||||
public uint Flags; // Protection flags used with the file.
|
||||
public uint Unknown0000; // Unknown (Used as part of a hash check when (Flags & 0x10) is set.)
|
||||
public uint BindSectionVirtualAddress; // The virtual address to the .bind section.
|
||||
public uint BindSectionCodeSize; // The size of the code stub inside of the .bind section.
|
||||
public uint ValidationHash; // Hash that is calculated based on the .bind code section and .bind stub header data. (Only used if (Flags & 1) is set.)
|
||||
public uint OEP; // The original file OEP to be invoked after the stub has finished.
|
||||
public uint CodeSectionVirtualAddress; // The virtual address to the code section. (.text) (Was 0x0401000 when testing. Possibly original OEP?)
|
||||
public uint CodeSectionSize; // The size of the code section.
|
||||
public uint CodeSectionXorKey; // The starting key to xor decode against. (Only used if (Flags & 4) is set.)
|
||||
public uint SteamAppID; // The steam application id of the packed file.
|
||||
public uint BindSectionCodeSize; // The size of the code stub inside of the .bind section.
|
||||
public uint BindSectionHash; // Hash that is calculated based on the .bind code section and .bind stub header data. (Only used if (Flags & 1) is set.)
|
||||
public uint OEP; // The original file OEP to be invoked after the stub has finished.
|
||||
public uint CodeSectionVirtualAddress; // The virtual address to the code section. (.text)
|
||||
public uint CodeSectionSize; // The size of the code section.
|
||||
public uint CodeSectionXorKey; // The starting key to xor decode against. (Only used if (Flags & 4) is set.)
|
||||
public uint SteamAppId; // The steam application id of the packed file.
|
||||
|
||||
[MarshalAs(UnmanagedType.ByValArray, SizeConst = 0x0C)]
|
||||
[MarshalAs(UnmanagedType.ByValArray, SizeConst = 0x08)]
|
||||
public byte[] SteamAppIDString; // The SteamAppID of the packed file, in string format.
|
||||
|
||||
[MarshalAs(UnmanagedType.ByValArray, SizeConst = 0x36C)]
|
||||
[MarshalAs(UnmanagedType.ByValArray, SizeConst = 0x314)]
|
||||
public byte[] StubData; // Misc stub data, such as strings, error messages, etc.
|
||||
}
|
||||
|
||||
/// <summary>
|
||||
/// SteamStub DRM Variant 2.0 Header
|
||||
///
|
||||
/// Size: 952 bytes
|
||||
/// </summary>
|
||||
[StructLayout(LayoutKind.Sequential)]
|
||||
public struct SteamStub32Var20_952_Header
|
||||
{
|
||||
public uint XorKey1; // Xor key used to encode the header data.
|
||||
public uint XorKey2; // Xor key used to encode the header data.
|
||||
public uint GetModuleHandleA_idata; // The address of GetModuleHandleA inside of the .idata section.
|
||||
public uint GetProcAddress_idata; // The address of GetProcAddress inside of the .idata section.
|
||||
public uint GetModuleHandleW_idata; // The address of GetModuleHandleW inside of the .idata section.
|
||||
public uint GetProcAddress_bind; // The address of the .bind sections custom GetProcAddress instance.
|
||||
public uint Flags; // Protection flags used with the file.
|
||||
public uint Unknown0000; // Unknown (Used as part of a hash check when (Flags & 0x10) is set.)
|
||||
public uint BindSectionVirtualAddress; // The virtual address to the .bind section.
|
||||
public uint BindSectionCodeSize; // The size of the code stub inside of the .bind section.
|
||||
public uint BindSectionHash; // Hash that is calculated based on the .bind code section and .bind stub header data. (Only used if (Flags & 1) is set.)
|
||||
public uint OEP; // The original file OEP to be invoked after the stub has finished.
|
||||
public uint CodeSectionVirtualAddress; // The virtual address to the code section. (.text) (Was 0x0401000 when testing. Possibly original OEP?)
|
||||
public uint CodeSectionSize; // The size of the code section.
|
||||
public uint CodeSectionXorKey; // The starting key to xor decode against. (Only used if (Flags & 4) is set.)
|
||||
public uint SteamAppID; // The steam application id of the packed file.
|
||||
|
||||
[MarshalAs(UnmanagedType.ByValArray, SizeConst = 0x0C)]
|
||||
public byte[] SteamAppIDString; // The SteamAppID of the packed file, in string format.
|
||||
|
||||
[MarshalAs(UnmanagedType.ByValArray, SizeConst = 0x36C)]
|
||||
public byte[] StubData; // Misc stub data, such as strings, error messages, etc.
|
||||
}
|
||||
}
|
||||
|
|
@ -196,7 +196,24 @@ namespace Steamless.Unpacker.Variant20.x86
|
|||
this.XorKey = SteamStubHelpers.SteamXor(ref headerData, (uint)headerData.Length, 0);
|
||||
|
||||
// Create the stub header..
|
||||
this.StubHeader = Pe32Helpers.GetStructure<SteamStub32Var20Header>(headerData);
|
||||
switch (structSize)
|
||||
{
|
||||
case 856:
|
||||
this.StubHeader = Pe32Helpers.GetStructure<SteamStub32Var20_856_Header>(headerData);
|
||||
break;
|
||||
case 952:
|
||||
this.StubHeader = Pe32Helpers.GetStructure<SteamStub32Var20_952_Header>(headerData);
|
||||
break;
|
||||
default:
|
||||
{
|
||||
this.Log("", LogMessageType.Error);
|
||||
this.Log($"Invalid/unknown variant header size: {structSize}", LogMessageType.Error);
|
||||
this.Log("Please report this issue on Steamless' GitHub issue tracker!", LogMessageType.Error);
|
||||
this.Log("Be sure to include a copy of this games .exe file you are trying to unpack!", LogMessageType.Error);
|
||||
this.Log("", LogMessageType.Error);
|
||||
return false;
|
||||
}
|
||||
}
|
||||
|
||||
return true;
|
||||
}
|
||||
|
|
|
|||
|
|
@ -36,5 +36,5 @@ using System.Runtime.InteropServices;
|
|||
[assembly: AssemblyCulture("")]
|
||||
[assembly: ComVisible(false)]
|
||||
[assembly: Guid("4f11f26d-2946-467f-a4e9-9e2a619a1fd3")]
|
||||
[assembly: AssemblyVersion("1.0.0.1")]
|
||||
[assembly: AssemblyFileVersion("1.0.0.1")]
|
||||
[assembly: AssemblyVersion("1.0.0.2")]
|
||||
[assembly: AssemblyFileVersion("1.0.0.2")]
|
||||
Loading…
Reference in a new issue