mirrors/Steamless
1
0
Fork 0
mirror of https://github.com/atom0s/Steamless.git synced 2024-12-19 23:07:41 +01:00
Code Issues Activity

API: PE32 Adjusted FindPattern to return a long instead of uint. Default return is now -1.

Browse source 
API: PE36 Adjusted FindPattern to return a long instead of uint. Default return is now -1.
Unpackers: Updated all usages of FindPattern to reflect new API change.
This commit is contained in:
atom0s 2022-03-25 18:49:50 -07:00
parent d3a9dad663
commit 9c16bcc8a5
No known key found for this signature in database
GPG key ID: 37D5FD3494D79AF8
8 changed files with 31 additions and 26 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
Steamless.API/PE32/Pe32Helpers.cs
View file

@ -99,7 +99,7 @@ namespace Steamless.API.PE32
/// <param name="data"></param> /// <param name="data"></param>
/// <param name="pattern"></param> /// <param name="pattern"></param>
/// <returns></returns> /// <returns></returns>
public static uint FindPattern(byte[] data, string pattern) public static long FindPattern(byte[] data, string pattern)
{ {
try try
{ {
@ -123,11 +123,11 @@ namespace Steamless.API.PE32
return (uint)x; return (uint)x;
} }
return 0; return -1;
} }
catch catch
{ {
return 0; return -1;
} }
} }
} }

6
Steamless.API/PE64/Pe64Helpers.cs
View file

@ -99,7 +99,7 @@ namespace Steamless.API.PE64
/// <param name="data"></param> /// <param name="data"></param>
/// <param name="pattern"></param> /// <param name="pattern"></param>
/// <returns></returns> /// <returns></returns>
public static uint FindPattern(byte[] data, string pattern) public static long FindPattern(byte[] data, string pattern)
{ {
try try
{ {
@ -123,11 +123,11 @@ namespace Steamless.API.PE64
return (uint)x; return (uint)x;
} }
return 0; return -1;
} }
catch catch
{ {
return 0; return -1;
} }
} }
} }

2
Steamless.Unpacker.Variant20.x86/Main.cs
View file

@ -109,7 +109,7 @@ namespace Steamless.Unpacker.Variant20.x86
var bind = f.GetSectionData(".bind"); var bind = f.GetSectionData(".bind");
// Attempt to locate the known v2.0 signature.. // Attempt to locate the known v2.0 signature..
return Pe32Helpers.FindPattern(bind, "53 51 52 56 57 55 8B EC 81 EC 00 10 00 00 BE") > 0; return Pe32Helpers.FindPattern(bind, "53 51 52 56 57 55 8B EC 81 EC 00 10 00 00 BE") != -1;
} }
catch catch
{ {

8
Steamless.Unpacker.Variant21.x86/Main.cs
View file

@ -111,7 +111,7 @@ namespace Steamless.Unpacker.Variant21.x86
var bind = f.GetSectionData(".bind"); var bind = f.GetSectionData(".bind");
// Attempt to locate the known v2.x signature.. // Attempt to locate the known v2.x signature..
return Pe32Helpers.FindPattern(bind, "53 51 52 56 57 55 8B EC 81 EC 00 10 00 00 C7") > 0; return Pe32Helpers.FindPattern(bind, "53 51 52 56 57 55 8B EC 81 EC 00 10 00 00 C7") != -1;
} }
catch catch
{ {
@ -300,15 +300,15 @@ namespace Steamless.Unpacker.Variant21.x86
{ {
// Scan for the needed data by a known pattern for the block of offset data.. // Scan for the needed data by a known pattern for the block of offset data..
var drmpOffset = Pe32Helpers.FindPattern(this.SteamDrmpData, "8B ?? ?? ?? ?? ?? 89 ?? ?? ?? ?? ?? 8B ?? ?? ?? ?? ?? 89 ?? ?? ?? ?? ?? 8B ?? ?? ?? ?? ?? 89 ?? ?? ?? ?? ?? 8B ?? ?? ?? ?? ?? 89 ?? ?? ?? ?? ?? 8B ?? ?? ?? ?? ?? 89 ?? ?? ?? ?? ?? 8D ?? ?? ?? ?? ?? 05"); var drmpOffset = Pe32Helpers.FindPattern(this.SteamDrmpData, "8B ?? ?? ?? ?? ?? 89 ?? ?? ?? ?? ?? 8B ?? ?? ?? ?? ?? 89 ?? ?? ?? ?? ?? 8B ?? ?? ?? ?? ?? 89 ?? ?? ?? ?? ?? 8B ?? ?? ?? ?? ?? 89 ?? ?? ?? ?? ?? 8B ?? ?? ?? ?? ?? 89 ?? ?? ?? ?? ?? 8D ?? ?? ?? ?? ?? 05");
if (drmpOffset == 0) if (drmpOffset == -1)
{ {
// Fall-back pattern scan for certain files that fail with the above pattern.. // Fall-back pattern scan for certain files that fail with the above pattern..
drmpOffset = Pe32Helpers.FindPattern(this.SteamDrmpData, "8B ?? ?? ?? ?? ?? 89 ?? ?? ?? ?? ?? 8B ?? ?? ?? ?? ?? 89 ?? ?? ?? ?? ?? 8B ?? ?? ?? ?? ?? 89 ?? ?? ?? ?? ?? 8B ?? ?? ?? ?? ?? 89 ?? ?? ?? ?? ?? 8B"); drmpOffset = Pe32Helpers.FindPattern(this.SteamDrmpData, "8B ?? ?? ?? ?? ?? 89 ?? ?? ?? ?? ?? 8B ?? ?? ?? ?? ?? 89 ?? ?? ?? ?? ?? 8B ?? ?? ?? ?? ?? 89 ?? ?? ?? ?? ?? 8B ?? ?? ?? ?? ?? 89 ?? ?? ?? ?? ?? 8B");
if (drmpOffset == 0) if (drmpOffset == -1)
{ {
// Fall-back pattern (2).. (Seen in some v2 variants.) // Fall-back pattern (2).. (Seen in some v2 variants.)
drmpOffset = Pe32Helpers.FindPattern(this.SteamDrmpData, "8B ?? ?? ?? ?? ?? 89 ?? ?? ?? ?? ?? 8B ?? ?? ?? ?? ?? A3 ?? ?? ?? ?? 8B ?? ?? ?? ?? ?? A3 ?? ?? ?? ?? 8B ?? ?? ?? ?? ?? A3 ?? ?? ?? ?? 8B"); drmpOffset = Pe32Helpers.FindPattern(this.SteamDrmpData, "8B ?? ?? ?? ?? ?? 89 ?? ?? ?? ?? ?? 8B ?? ?? ?? ?? ?? A3 ?? ?? ?? ?? 8B ?? ?? ?? ?? ?? A3 ?? ?? ?? ?? 8B ?? ?? ?? ?? ?? A3 ?? ?? ?? ?? 8B");
if (drmpOffset == 0) if (drmpOffset == -1)
return false; return false;
// Use fallback offsets if this worked.. // Use fallback offsets if this worked..

10
Steamless.Unpacker.Variant30.x64/Main.cs
View file

@ -100,15 +100,17 @@ namespace Steamless.Unpacker.Variant30.x64
// Attempt to locate the known v3.x signature.. // Attempt to locate the known v3.x signature..
var variant = Pe64Helpers.FindPattern(bind, "E8 00 00 00 00 50 53 51 52 56 57 55 41 50"); var variant = Pe64Helpers.FindPattern(bind, "E8 00 00 00 00 50 53 51 52 56 57 55 41 50");
if (variant == 0) return 0; if (variant == -1)
return 0;
// Attempt to determine the variant version.. // Attempt to determine the variant version..
var offset = Pe64Helpers.FindPattern(bind, "48 8D 91 ?? ?? ?? ?? 48"); // 3.0 var offset = Pe64Helpers.FindPattern(bind, "48 8D 91 ?? ?? ?? ?? 48"); // 3.0
if (offset == 0) if (offset == -1)
offset = Pe64Helpers.FindPattern(bind, "48 8D 91 ?? ?? ?? ?? 41"); // 3.1 offset = Pe64Helpers.FindPattern(bind, "48 8D 91 ?? ?? ?? ?? 41"); // 3.1
// Ensure a pattern was found.. // Ensure a pattern was found..
if (offset == 0) return 0; if (offset == -1)
return 0;
// Read the header size.. (The header size is only 32bit!) // Read the header size.. (The header size is only 32bit!)
return (uint)Math.Abs(BitConverter.ToInt32(bind, (int)offset + 3)); return (uint)Math.Abs(BitConverter.ToInt32(bind, (int)offset + 3));
@ -220,7 +222,7 @@ namespace Steamless.Unpacker.Variant30.x64
// Find the XOR key from within the function.. // Find the XOR key from within the function..
var res = Pe64Helpers.FindPattern(data, "48 81 EA ?? ?? ?? ?? 8B 12 81 F2"); var res = Pe64Helpers.FindPattern(data, "48 81 EA ?? ?? ?? ?? 8B 12 81 F2");
if (res == 0) if (res == -1)
return false; return false;
// Decrypt and recalculate the true OEP address.. // Decrypt and recalculate the true OEP address..

7
Steamless.Unpacker.Variant30.x86/Main.cs
View file

@ -99,15 +99,16 @@ namespace Steamless.Unpacker.Variant30.x86
// Attempt to locate the known v3.x signature.. // Attempt to locate the known v3.x signature..
var variant = Pe32Helpers.FindPattern(bind, "E8 00 00 00 00 50 53 51 52 56 57 55 8B 44 24 1C 2D 05 00 00 00 8B CC 83 E4 F0 51 51 51 50"); var variant = Pe32Helpers.FindPattern(bind, "E8 00 00 00 00 50 53 51 52 56 57 55 8B 44 24 1C 2D 05 00 00 00 8B CC 83 E4 F0 51 51 51 50");
if (variant == 0) return 0; if (variant == -1)
return 0;
// Attempt to determine the variant version.. // Attempt to determine the variant version..
uint headerSize; uint headerSize;
var offset = Pe32Helpers.FindPattern(bind, "55 8B EC 81 EC ?? ?? ?? ?? 53 ?? ?? ?? ?? ?? 68"); var offset = Pe32Helpers.FindPattern(bind, "55 8B EC 81 EC ?? ?? ?? ?? 53 ?? ?? ?? ?? ?? 68");
if (offset == 0) if (offset == -1)
{ {
offset = Pe32Helpers.FindPattern(bind, "55 8B EC 81 EC ?? ?? ?? ?? 53 ?? ?? ?? ?? ?? 8D 83"); offset = Pe32Helpers.FindPattern(bind, "55 8B EC 81 EC ?? ?? ?? ?? 53 ?? ?? ?? ?? ?? 8D 83");
if (offset == 0) if (offset == -1)
return 0; return 0;
headerSize = (uint)BitConverter.ToInt32(bind, (int)offset + 22); headerSize = (uint)BitConverter.ToInt32(bind, (int)offset + 22);

9
Steamless.Unpacker.Variant31.x64/Main.cs
View file

@ -108,13 +108,14 @@ namespace Steamless.Unpacker.Variant31.x64
// Attempt to locate the known v3.x signature.. // Attempt to locate the known v3.x signature..
var variant = Pe64Helpers.FindPattern(bind, "E8 00 00 00 00 50 53 51 52 56 57 55 41 50"); var variant = Pe64Helpers.FindPattern(bind, "E8 00 00 00 00 50 53 51 52 56 57 55 41 50");
if (variant == 0) return false; if (variant == -1)
return false;
// Attempt to determine the variant version.. // Attempt to determine the variant version..
var offset = Pe64Helpers.FindPattern(bind, "48 8D 91 ?? ?? ?? ?? 48"); // 3.0 var offset = Pe64Helpers.FindPattern(bind, "48 8D 91 ?? ?? ?? ?? 48"); // 3.0
if (offset == 0) if (offset == -1)
offset = Pe64Helpers.FindPattern(bind, "48 8D 91 ?? ?? ?? ?? 41"); // 3.1 offset = Pe64Helpers.FindPattern(bind, "48 8D 91 ?? ?? ?? ?? 41"); // 3.1
if (offset == 0) if (offset == -1)
{ {
offset = Pe64Helpers.FindPattern(bind, "48 C7 84 24 ?? ?? ?? ?? ?? ?? ?? ?? 48"); // 3.1.2 offset = Pe64Helpers.FindPattern(bind, "48 C7 84 24 ?? ?? ?? ?? ?? ?? ?? ?? 48"); // 3.1.2
if (offset > 0) if (offset > 0)
@ -122,7 +123,7 @@ namespace Steamless.Unpacker.Variant31.x64
} }
// Ensure a pattern was found.. // Ensure a pattern was found..
if (offset == 0) if (offset == -1)
return false; return false;
// Read the header size.. (The header size is only 32bit!) // Read the header size.. (The header size is only 32bit!)

9
Steamless.Unpacker.Variant31.x86/Main.cs
View file

@ -108,7 +108,8 @@ namespace Steamless.Unpacker.Variant31.x86
// Attempt to locate the known v3.x signature.. // Attempt to locate the known v3.x signature..
var variant = Pe32Helpers.FindPattern(bind, "E8 00 00 00 00 50 53 51 52 56 57 55 8B 44 24 1C 2D 05 00 00 00 8B CC 83 E4 F0 51 51 51 50"); var variant = Pe32Helpers.FindPattern(bind, "E8 00 00 00 00 50 53 51 52 56 57 55 8B 44 24 1C 2D 05 00 00 00 8B CC 83 E4 F0 51 51 51 50");
if (variant == 0) return false; if (variant == -1)
return false;
// Version patterns.. // Version patterns..
var variantPatterns = new List<KeyValuePair<string, int>> var variantPatterns = new List<KeyValuePair<string, int>>
@ -119,11 +120,11 @@ namespace Steamless.Unpacker.Variant31.x86
}; };
var headerSize = 0; var headerSize = 0;
uint offset = 0; long offset = 0;
foreach (var p in variantPatterns) foreach (var p in variantPatterns)
{ {
offset = Pe32Helpers.FindPattern(bind, p.Key); offset = Pe32Helpers.FindPattern(bind, p.Key);
if (offset <= 0) if (offset == -1)
continue; continue;
headerSize = BitConverter.ToInt32(bind, (int)offset + p.Value); headerSize = BitConverter.ToInt32(bind, (int)offset + p.Value);
@ -131,7 +132,7 @@ namespace Steamless.Unpacker.Variant31.x86
} }
// Ensure valid data was found.. // Ensure valid data was found..
if (offset == 0 || headerSize == 0) if (offset == -1 || headerSize == 0)
return false; return false;
return headerSize == 0xF0; return headerSize == 0xF0;