mirror of
https://github.com/atom0s/Steamless.git
synced 2024-12-28 23:37:41 +01:00
Unpacker v2.0 (x86) - Add support for multiple variants of the header.
Unpacker v2.0 (x86) - Fix and rename some of the fields of the stub header. Unpacker v2.0 (x86) - Add error message for unsupported header sizes to help collect samples.
This commit is contained in:
parent
411f4f711c
commit
65b5644afe
3 changed files with 72 additions and 21 deletions
|
@ -25,13 +25,47 @@
|
||||||
|
|
||||||
namespace Steamless.Unpacker.Variant20.x86.Classes
|
namespace Steamless.Unpacker.Variant20.x86.Classes
|
||||||
{
|
{
|
||||||
|
using System;
|
||||||
using System.Runtime.InteropServices;
|
using System.Runtime.InteropServices;
|
||||||
|
|
||||||
/// <summary>
|
/// <summary>
|
||||||
/// SteamStub DRM Variant 2.0 Header
|
/// SteamStub DRM Variant 2.0 Header
|
||||||
|
///
|
||||||
|
/// Size: 856 bytes
|
||||||
/// </summary>
|
/// </summary>
|
||||||
[StructLayout(LayoutKind.Sequential)]
|
[StructLayout(LayoutKind.Sequential)]
|
||||||
public struct SteamStub32Var20Header
|
public struct SteamStub32Var20_856_Header
|
||||||
|
{
|
||||||
|
public uint XorKey1; // Xor key used to encode the header data.
|
||||||
|
public uint XorKey2; // Xor key used to encode the header data.
|
||||||
|
public uint GetModuleHandleA_idata; // The address of GetModuleHandleA inside of the .idata section.
|
||||||
|
public uint GetProcAddress_idata; // The address of GetProcAddress inside of the .idata section.
|
||||||
|
public uint GetModuleHandleW_idata; // The address of GetModuleHandleW inside of the .idata section.
|
||||||
|
public uint Flags; // Protection flags used with the file.
|
||||||
|
public uint Unknown0000; // Unknown (Used as part of a hash check when (Flags & 0x10) is set.)
|
||||||
|
public uint BindSectionVirtualAddress; // The virtual address to the .bind section.
|
||||||
|
public uint BindSectionCodeSize; // The size of the code stub inside of the .bind section.
|
||||||
|
public uint BindSectionHash; // Hash that is calculated based on the .bind code section and .bind stub header data. (Only used if (Flags & 1) is set.)
|
||||||
|
public uint OEP; // The original file OEP to be invoked after the stub has finished.
|
||||||
|
public uint CodeSectionVirtualAddress; // The virtual address to the code section. (.text)
|
||||||
|
public uint CodeSectionSize; // The size of the code section.
|
||||||
|
public uint CodeSectionXorKey; // The starting key to xor decode against. (Only used if (Flags & 4) is set.)
|
||||||
|
public uint SteamAppId; // The steam application id of the packed file.
|
||||||
|
|
||||||
|
[MarshalAs(UnmanagedType.ByValArray, SizeConst = 0x08)]
|
||||||
|
public byte[] SteamAppIDString; // The SteamAppID of the packed file, in string format.
|
||||||
|
|
||||||
|
[MarshalAs(UnmanagedType.ByValArray, SizeConst = 0x314)]
|
||||||
|
public byte[] StubData; // Misc stub data, such as strings, error messages, etc.
|
||||||
|
}
|
||||||
|
|
||||||
|
/// <summary>
|
||||||
|
/// SteamStub DRM Variant 2.0 Header
|
||||||
|
///
|
||||||
|
/// Size: 952 bytes
|
||||||
|
/// </summary>
|
||||||
|
[StructLayout(LayoutKind.Sequential)]
|
||||||
|
public struct SteamStub32Var20_952_Header
|
||||||
{
|
{
|
||||||
public uint XorKey1; // Xor key used to encode the header data.
|
public uint XorKey1; // Xor key used to encode the header data.
|
||||||
public uint XorKey2; // Xor key used to encode the header data.
|
public uint XorKey2; // Xor key used to encode the header data.
|
||||||
|
@ -40,10 +74,10 @@ namespace Steamless.Unpacker.Variant20.x86.Classes
|
||||||
public uint GetModuleHandleW_idata; // The address of GetModuleHandleW inside of the .idata section.
|
public uint GetModuleHandleW_idata; // The address of GetModuleHandleW inside of the .idata section.
|
||||||
public uint GetProcAddress_bind; // The address of the .bind sections custom GetProcAddress instance.
|
public uint GetProcAddress_bind; // The address of the .bind sections custom GetProcAddress instance.
|
||||||
public uint Flags; // Protection flags used with the file.
|
public uint Flags; // Protection flags used with the file.
|
||||||
public uint Unknown0000; // Unknown (Was 0xEC227021 when testing.) (Only used if (Flags & 0x10) is set. Used in part of a hash check.)
|
public uint Unknown0000; // Unknown (Used as part of a hash check when (Flags & 0x10) is set.)
|
||||||
public uint BindSectionVirtualAddress; // The virtual address to the .bind section.
|
public uint BindSectionVirtualAddress; // The virtual address to the .bind section.
|
||||||
public uint BindSectionCodeSize; // The size of the code stub inside of the .bind section.
|
public uint BindSectionCodeSize; // The size of the code stub inside of the .bind section.
|
||||||
public uint ValidationHash; // Hash that is calculated based on the .bind code section and .bind stub header data. (Only used if (Flags & 1) is set.)
|
public uint BindSectionHash; // Hash that is calculated based on the .bind code section and .bind stub header data. (Only used if (Flags & 1) is set.)
|
||||||
public uint OEP; // The original file OEP to be invoked after the stub has finished.
|
public uint OEP; // The original file OEP to be invoked after the stub has finished.
|
||||||
public uint CodeSectionVirtualAddress; // The virtual address to the code section. (.text) (Was 0x0401000 when testing. Possibly original OEP?)
|
public uint CodeSectionVirtualAddress; // The virtual address to the code section. (.text) (Was 0x0401000 when testing. Possibly original OEP?)
|
||||||
public uint CodeSectionSize; // The size of the code section.
|
public uint CodeSectionSize; // The size of the code section.
|
||||||
|
|
|
@ -196,7 +196,24 @@ namespace Steamless.Unpacker.Variant20.x86
|
||||||
this.XorKey = SteamStubHelpers.SteamXor(ref headerData, (uint)headerData.Length, 0);
|
this.XorKey = SteamStubHelpers.SteamXor(ref headerData, (uint)headerData.Length, 0);
|
||||||
|
|
||||||
// Create the stub header..
|
// Create the stub header..
|
||||||
this.StubHeader = Pe32Helpers.GetStructure<SteamStub32Var20Header>(headerData);
|
switch (structSize)
|
||||||
|
{
|
||||||
|
case 856:
|
||||||
|
this.StubHeader = Pe32Helpers.GetStructure<SteamStub32Var20_856_Header>(headerData);
|
||||||
|
break;
|
||||||
|
case 952:
|
||||||
|
this.StubHeader = Pe32Helpers.GetStructure<SteamStub32Var20_952_Header>(headerData);
|
||||||
|
break;
|
||||||
|
default:
|
||||||
|
{
|
||||||
|
this.Log("", LogMessageType.Error);
|
||||||
|
this.Log($"Invalid/unknown variant header size: {structSize}", LogMessageType.Error);
|
||||||
|
this.Log("Please report this issue on Steamless' GitHub issue tracker!", LogMessageType.Error);
|
||||||
|
this.Log("Be sure to include a copy of this games .exe file you are trying to unpack!", LogMessageType.Error);
|
||||||
|
this.Log("", LogMessageType.Error);
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
|
|
|
@ -36,5 +36,5 @@ using System.Runtime.InteropServices;
|
||||||
[assembly: AssemblyCulture("")]
|
[assembly: AssemblyCulture("")]
|
||||||
[assembly: ComVisible(false)]
|
[assembly: ComVisible(false)]
|
||||||
[assembly: Guid("4f11f26d-2946-467f-a4e9-9e2a619a1fd3")]
|
[assembly: Guid("4f11f26d-2946-467f-a4e9-9e2a619a1fd3")]
|
||||||
[assembly: AssemblyVersion("1.0.0.1")]
|
[assembly: AssemblyVersion("1.0.0.2")]
|
||||||
[assembly: AssemblyFileVersion("1.0.0.1")]
|
[assembly: AssemblyFileVersion("1.0.0.2")]
|
Loading…
Reference in a new issue