From 9c16bcc8a5e929beabf1f06754196dbfe43b906d Mon Sep 17 00:00:00 2001 From: atom0s Date: Fri, 25 Mar 2022 18:49:50 -0700 Subject: [PATCH] API: PE32 Adjusted FindPattern to return a long instead of uint. Default return is now -1. API: PE36 Adjusted FindPattern to return a long instead of uint. Default return is now -1. Unpackers: Updated all usages of FindPattern to reflect new API change. --- Steamless.API/PE32/Pe32Helpers.cs | 6 +++--- Steamless.API/PE64/Pe64Helpers.cs | 6 +++--- Steamless.Unpacker.Variant20.x86/Main.cs | 2 +- Steamless.Unpacker.Variant21.x86/Main.cs | 8 ++++---- Steamless.Unpacker.Variant30.x64/Main.cs | 10 ++++++---- Steamless.Unpacker.Variant30.x86/Main.cs | 7 ++++--- Steamless.Unpacker.Variant31.x64/Main.cs | 9 +++++---- Steamless.Unpacker.Variant31.x86/Main.cs | 9 +++++---- 8 files changed, 31 insertions(+), 26 deletions(-) diff --git a/Steamless.API/PE32/Pe32Helpers.cs b/Steamless.API/PE32/Pe32Helpers.cs index f6c9f34..81ecd7d 100644 --- a/Steamless.API/PE32/Pe32Helpers.cs +++ b/Steamless.API/PE32/Pe32Helpers.cs @@ -99,7 +99,7 @@ namespace Steamless.API.PE32 /// /// /// - public static uint FindPattern(byte[] data, string pattern) + public static long FindPattern(byte[] data, string pattern) { try { @@ -123,11 +123,11 @@ namespace Steamless.API.PE32 return (uint)x; } - return 0; + return -1; } catch { - return 0; + return -1; } } } diff --git a/Steamless.API/PE64/Pe64Helpers.cs b/Steamless.API/PE64/Pe64Helpers.cs index 516ef65..ee98c7e 100644 --- a/Steamless.API/PE64/Pe64Helpers.cs +++ b/Steamless.API/PE64/Pe64Helpers.cs @@ -99,7 +99,7 @@ namespace Steamless.API.PE64 /// /// /// - public static uint FindPattern(byte[] data, string pattern) + public static long FindPattern(byte[] data, string pattern) { try { @@ -123,11 +123,11 @@ namespace Steamless.API.PE64 return (uint)x; } - return 0; + return -1; } catch { - return 0; + return -1; } } } diff --git a/Steamless.Unpacker.Variant20.x86/Main.cs b/Steamless.Unpacker.Variant20.x86/Main.cs index 656686c..bf2d540 100644 --- a/Steamless.Unpacker.Variant20.x86/Main.cs +++ b/Steamless.Unpacker.Variant20.x86/Main.cs @@ -109,7 +109,7 @@ namespace Steamless.Unpacker.Variant20.x86 var bind = f.GetSectionData(".bind"); // Attempt to locate the known v2.0 signature.. - return Pe32Helpers.FindPattern(bind, "53 51 52 56 57 55 8B EC 81 EC 00 10 00 00 BE") > 0; + return Pe32Helpers.FindPattern(bind, "53 51 52 56 57 55 8B EC 81 EC 00 10 00 00 BE") != -1; } catch { diff --git a/Steamless.Unpacker.Variant21.x86/Main.cs b/Steamless.Unpacker.Variant21.x86/Main.cs index df10f41..dc17a28 100644 --- a/Steamless.Unpacker.Variant21.x86/Main.cs +++ b/Steamless.Unpacker.Variant21.x86/Main.cs @@ -111,7 +111,7 @@ namespace Steamless.Unpacker.Variant21.x86 var bind = f.GetSectionData(".bind"); // Attempt to locate the known v2.x signature.. - return Pe32Helpers.FindPattern(bind, "53 51 52 56 57 55 8B EC 81 EC 00 10 00 00 C7") > 0; + return Pe32Helpers.FindPattern(bind, "53 51 52 56 57 55 8B EC 81 EC 00 10 00 00 C7") != -1; } catch { @@ -300,15 +300,15 @@ namespace Steamless.Unpacker.Variant21.x86 { // Scan for the needed data by a known pattern for the block of offset data.. var drmpOffset = Pe32Helpers.FindPattern(this.SteamDrmpData, "8B ?? ?? ?? ?? ?? 89 ?? ?? ?? ?? ?? 8B ?? ?? ?? ?? ?? 89 ?? ?? ?? ?? ?? 8B ?? ?? ?? ?? ?? 89 ?? ?? ?? ?? ?? 8B ?? ?? ?? ?? ?? 89 ?? ?? ?? ?? ?? 8B ?? ?? ?? ?? ?? 89 ?? ?? ?? ?? ?? 8D ?? ?? ?? ?? ?? 05"); - if (drmpOffset == 0) + if (drmpOffset == -1) { // Fall-back pattern scan for certain files that fail with the above pattern.. drmpOffset = Pe32Helpers.FindPattern(this.SteamDrmpData, "8B ?? ?? ?? ?? ?? 89 ?? ?? ?? ?? ?? 8B ?? ?? ?? ?? ?? 89 ?? ?? ?? ?? ?? 8B ?? ?? ?? ?? ?? 89 ?? ?? ?? ?? ?? 8B ?? ?? ?? ?? ?? 89 ?? ?? ?? ?? ?? 8B"); - if (drmpOffset == 0) + if (drmpOffset == -1) { // Fall-back pattern (2).. (Seen in some v2 variants.) drmpOffset = Pe32Helpers.FindPattern(this.SteamDrmpData, "8B ?? ?? ?? ?? ?? 89 ?? ?? ?? ?? ?? 8B ?? ?? ?? ?? ?? A3 ?? ?? ?? ?? 8B ?? ?? ?? ?? ?? A3 ?? ?? ?? ?? 8B ?? ?? ?? ?? ?? A3 ?? ?? ?? ?? 8B"); - if (drmpOffset == 0) + if (drmpOffset == -1) return false; // Use fallback offsets if this worked.. diff --git a/Steamless.Unpacker.Variant30.x64/Main.cs b/Steamless.Unpacker.Variant30.x64/Main.cs index d544050..79fd7cd 100644 --- a/Steamless.Unpacker.Variant30.x64/Main.cs +++ b/Steamless.Unpacker.Variant30.x64/Main.cs @@ -100,15 +100,17 @@ namespace Steamless.Unpacker.Variant30.x64 // Attempt to locate the known v3.x signature.. var variant = Pe64Helpers.FindPattern(bind, "E8 00 00 00 00 50 53 51 52 56 57 55 41 50"); - if (variant == 0) return 0; + if (variant == -1) + return 0; // Attempt to determine the variant version.. var offset = Pe64Helpers.FindPattern(bind, "48 8D 91 ?? ?? ?? ?? 48"); // 3.0 - if (offset == 0) + if (offset == -1) offset = Pe64Helpers.FindPattern(bind, "48 8D 91 ?? ?? ?? ?? 41"); // 3.1 // Ensure a pattern was found.. - if (offset == 0) return 0; + if (offset == -1) + return 0; // Read the header size.. (The header size is only 32bit!) return (uint)Math.Abs(BitConverter.ToInt32(bind, (int)offset + 3)); @@ -220,7 +222,7 @@ namespace Steamless.Unpacker.Variant30.x64 // Find the XOR key from within the function.. var res = Pe64Helpers.FindPattern(data, "48 81 EA ?? ?? ?? ?? 8B 12 81 F2"); - if (res == 0) + if (res == -1) return false; // Decrypt and recalculate the true OEP address.. diff --git a/Steamless.Unpacker.Variant30.x86/Main.cs b/Steamless.Unpacker.Variant30.x86/Main.cs index c64772d..8355478 100644 --- a/Steamless.Unpacker.Variant30.x86/Main.cs +++ b/Steamless.Unpacker.Variant30.x86/Main.cs @@ -99,15 +99,16 @@ namespace Steamless.Unpacker.Variant30.x86 // Attempt to locate the known v3.x signature.. var variant = Pe32Helpers.FindPattern(bind, "E8 00 00 00 00 50 53 51 52 56 57 55 8B 44 24 1C 2D 05 00 00 00 8B CC 83 E4 F0 51 51 51 50"); - if (variant == 0) return 0; + if (variant == -1) + return 0; // Attempt to determine the variant version.. uint headerSize; var offset = Pe32Helpers.FindPattern(bind, "55 8B EC 81 EC ?? ?? ?? ?? 53 ?? ?? ?? ?? ?? 68"); - if (offset == 0) + if (offset == -1) { offset = Pe32Helpers.FindPattern(bind, "55 8B EC 81 EC ?? ?? ?? ?? 53 ?? ?? ?? ?? ?? 8D 83"); - if (offset == 0) + if (offset == -1) return 0; headerSize = (uint)BitConverter.ToInt32(bind, (int)offset + 22); diff --git a/Steamless.Unpacker.Variant31.x64/Main.cs b/Steamless.Unpacker.Variant31.x64/Main.cs index 51bb5f0..6b4151e 100644 --- a/Steamless.Unpacker.Variant31.x64/Main.cs +++ b/Steamless.Unpacker.Variant31.x64/Main.cs @@ -108,13 +108,14 @@ namespace Steamless.Unpacker.Variant31.x64 // Attempt to locate the known v3.x signature.. var variant = Pe64Helpers.FindPattern(bind, "E8 00 00 00 00 50 53 51 52 56 57 55 41 50"); - if (variant == 0) return false; + if (variant == -1) + return false; // Attempt to determine the variant version.. var offset = Pe64Helpers.FindPattern(bind, "48 8D 91 ?? ?? ?? ?? 48"); // 3.0 - if (offset == 0) + if (offset == -1) offset = Pe64Helpers.FindPattern(bind, "48 8D 91 ?? ?? ?? ?? 41"); // 3.1 - if (offset == 0) + if (offset == -1) { offset = Pe64Helpers.FindPattern(bind, "48 C7 84 24 ?? ?? ?? ?? ?? ?? ?? ?? 48"); // 3.1.2 if (offset > 0) @@ -122,7 +123,7 @@ namespace Steamless.Unpacker.Variant31.x64 } // Ensure a pattern was found.. - if (offset == 0) + if (offset == -1) return false; // Read the header size.. (The header size is only 32bit!) diff --git a/Steamless.Unpacker.Variant31.x86/Main.cs b/Steamless.Unpacker.Variant31.x86/Main.cs index 4869895..67148cd 100644 --- a/Steamless.Unpacker.Variant31.x86/Main.cs +++ b/Steamless.Unpacker.Variant31.x86/Main.cs @@ -108,7 +108,8 @@ namespace Steamless.Unpacker.Variant31.x86 // Attempt to locate the known v3.x signature.. var variant = Pe32Helpers.FindPattern(bind, "E8 00 00 00 00 50 53 51 52 56 57 55 8B 44 24 1C 2D 05 00 00 00 8B CC 83 E4 F0 51 51 51 50"); - if (variant == 0) return false; + if (variant == -1) + return false; // Version patterns.. var variantPatterns = new List> @@ -119,11 +120,11 @@ namespace Steamless.Unpacker.Variant31.x86 }; var headerSize = 0; - uint offset = 0; + long offset = 0; foreach (var p in variantPatterns) { offset = Pe32Helpers.FindPattern(bind, p.Key); - if (offset <= 0) + if (offset == -1) continue; headerSize = BitConverter.ToInt32(bind, (int)offset + p.Value); @@ -131,7 +132,7 @@ namespace Steamless.Unpacker.Variant31.x86 } // Ensure valid data was found.. - if (offset == 0 || headerSize == 0) + if (offset == -1 || headerSize == 0) return false; return headerSize == 0xF0;