1
0
Fork 0
mirror of https://github.com/atom0s/Steamless.git synced 2024-12-28 23:37:41 +01:00

Unpacker v2.0 (x86) - Add support for multiple variants of the header.

Unpacker v2.0 (x86) - Fix and rename some of the fields of the stub header.
Unpacker v2.0 (x86) - Add error message for unsupported header sizes to help collect samples.
This commit is contained in:
atom0s 2022-09-23 16:00:33 -07:00
parent 411f4f711c
commit 65b5644afe
No known key found for this signature in database
GPG key ID: 37D5FD3494D79AF8
3 changed files with 72 additions and 21 deletions

View file

@ -25,13 +25,47 @@
namespace Steamless.Unpacker.Variant20.x86.Classes namespace Steamless.Unpacker.Variant20.x86.Classes
{ {
using System;
using System.Runtime.InteropServices; using System.Runtime.InteropServices;
/// <summary> /// <summary>
/// SteamStub DRM Variant 2.0 Header /// SteamStub DRM Variant 2.0 Header
///
/// Size: 856 bytes
/// </summary> /// </summary>
[StructLayout(LayoutKind.Sequential)] [StructLayout(LayoutKind.Sequential)]
public struct SteamStub32Var20Header public struct SteamStub32Var20_856_Header
{
public uint XorKey1; // Xor key used to encode the header data.
public uint XorKey2; // Xor key used to encode the header data.
public uint GetModuleHandleA_idata; // The address of GetModuleHandleA inside of the .idata section.
public uint GetProcAddress_idata; // The address of GetProcAddress inside of the .idata section.
public uint GetModuleHandleW_idata; // The address of GetModuleHandleW inside of the .idata section.
public uint Flags; // Protection flags used with the file.
public uint Unknown0000; // Unknown (Used as part of a hash check when (Flags & 0x10) is set.)
public uint BindSectionVirtualAddress; // The virtual address to the .bind section.
public uint BindSectionCodeSize; // The size of the code stub inside of the .bind section.
public uint BindSectionHash; // Hash that is calculated based on the .bind code section and .bind stub header data. (Only used if (Flags & 1) is set.)
public uint OEP; // The original file OEP to be invoked after the stub has finished.
public uint CodeSectionVirtualAddress; // The virtual address to the code section. (.text)
public uint CodeSectionSize; // The size of the code section.
public uint CodeSectionXorKey; // The starting key to xor decode against. (Only used if (Flags & 4) is set.)
public uint SteamAppId; // The steam application id of the packed file.
[MarshalAs(UnmanagedType.ByValArray, SizeConst = 0x08)]
public byte[] SteamAppIDString; // The SteamAppID of the packed file, in string format.
[MarshalAs(UnmanagedType.ByValArray, SizeConst = 0x314)]
public byte[] StubData; // Misc stub data, such as strings, error messages, etc.
}
/// <summary>
/// SteamStub DRM Variant 2.0 Header
///
/// Size: 952 bytes
/// </summary>
[StructLayout(LayoutKind.Sequential)]
public struct SteamStub32Var20_952_Header
{ {
public uint XorKey1; // Xor key used to encode the header data. public uint XorKey1; // Xor key used to encode the header data.
public uint XorKey2; // Xor key used to encode the header data. public uint XorKey2; // Xor key used to encode the header data.
@ -40,10 +74,10 @@ namespace Steamless.Unpacker.Variant20.x86.Classes
public uint GetModuleHandleW_idata; // The address of GetModuleHandleW inside of the .idata section. public uint GetModuleHandleW_idata; // The address of GetModuleHandleW inside of the .idata section.
public uint GetProcAddress_bind; // The address of the .bind sections custom GetProcAddress instance. public uint GetProcAddress_bind; // The address of the .bind sections custom GetProcAddress instance.
public uint Flags; // Protection flags used with the file. public uint Flags; // Protection flags used with the file.
public uint Unknown0000; // Unknown (Was 0xEC227021 when testing.) (Only used if (Flags & 0x10) is set. Used in part of a hash check.) public uint Unknown0000; // Unknown (Used as part of a hash check when (Flags & 0x10) is set.)
public uint BindSectionVirtualAddress; // The virtual address to the .bind section. public uint BindSectionVirtualAddress; // The virtual address to the .bind section.
public uint BindSectionCodeSize; // The size of the code stub inside of the .bind section. public uint BindSectionCodeSize; // The size of the code stub inside of the .bind section.
public uint ValidationHash; // Hash that is calculated based on the .bind code section and .bind stub header data. (Only used if (Flags & 1) is set.) public uint BindSectionHash; // Hash that is calculated based on the .bind code section and .bind stub header data. (Only used if (Flags & 1) is set.)
public uint OEP; // The original file OEP to be invoked after the stub has finished. public uint OEP; // The original file OEP to be invoked after the stub has finished.
public uint CodeSectionVirtualAddress; // The virtual address to the code section. (.text) (Was 0x0401000 when testing. Possibly original OEP?) public uint CodeSectionVirtualAddress; // The virtual address to the code section. (.text) (Was 0x0401000 when testing. Possibly original OEP?)
public uint CodeSectionSize; // The size of the code section. public uint CodeSectionSize; // The size of the code section.

View file

@ -196,7 +196,24 @@ namespace Steamless.Unpacker.Variant20.x86
this.XorKey = SteamStubHelpers.SteamXor(ref headerData, (uint)headerData.Length, 0); this.XorKey = SteamStubHelpers.SteamXor(ref headerData, (uint)headerData.Length, 0);
// Create the stub header.. // Create the stub header..
this.StubHeader = Pe32Helpers.GetStructure<SteamStub32Var20Header>(headerData); switch (structSize)
{
case 856:
this.StubHeader = Pe32Helpers.GetStructure<SteamStub32Var20_856_Header>(headerData);
break;
case 952:
this.StubHeader = Pe32Helpers.GetStructure<SteamStub32Var20_952_Header>(headerData);
break;
default:
{
this.Log("", LogMessageType.Error);
this.Log($"Invalid/unknown variant header size: {structSize}", LogMessageType.Error);
this.Log("Please report this issue on Steamless' GitHub issue tracker!", LogMessageType.Error);
this.Log("Be sure to include a copy of this games .exe file you are trying to unpack!", LogMessageType.Error);
this.Log("", LogMessageType.Error);
return false;
}
}
return true; return true;
} }

View file

@ -36,5 +36,5 @@ using System.Runtime.InteropServices;
[assembly: AssemblyCulture("")] [assembly: AssemblyCulture("")]
[assembly: ComVisible(false)] [assembly: ComVisible(false)]
[assembly: Guid("4f11f26d-2946-467f-a4e9-9e2a619a1fd3")] [assembly: Guid("4f11f26d-2946-467f-a4e9-9e2a619a1fd3")]
[assembly: AssemblyVersion("1.0.0.1")] [assembly: AssemblyVersion("1.0.0.2")]
[assembly: AssemblyFileVersion("1.0.0.1")] [assembly: AssemblyFileVersion("1.0.0.2")]