1
0
Fork 0
mirror of https://github.com/atom0s/Steamless.git synced 2024-12-19 23:07:41 +01:00

Added SteamStub 2.x variant D0 (header size) support.

Fixed some issues with the 2.x disassembler using incorrect types.
Updated the SharpDisasm.dll file to latest version.
This commit is contained in:
atom0s 2018-06-25 12:15:38 -07:00
parent cdd3f56996
commit aed8a86020
6 changed files with 53 additions and 17 deletions

View file

@ -57,4 +57,34 @@ namespace Steamless.Unpacker.Variant20.x86.Classes
[MarshalAs(UnmanagedType.ByValArray, SizeConst = 0x31C)]
public byte[] StubData; // Misc stub data, such as strings, error messages, etc.
}
/// <summary>
/// SteamStub DRM Variant 2.0 Header (Header Size: 0xD0 Variant)
/// </summary>
[StructLayout(LayoutKind.Sequential)]
public struct SteamStub32Var20Header_D0Variant
{
public uint XorKey; // The base XOR key, if defined, to unpack the file with.
public uint GetModuleHandleA_idata; // The address of GetModuleHandleA inside of the .idata section.
public uint GetModuleHandleW_idata; // The address of GetModuleHandleW inside of the .idata section.
public uint GetProcAddress_idata; // The address of GetProcAddress inside of the .idata section.
public uint LoadLibraryA_idata; // The address of LoadLibraryA inside of the .idata section.
public uint BindSectionVirtualAddress; // The virtual address to the .bind section.
public uint BindStartFunctionSize; // The size of the start function from the .bind section.
public uint PayloadKeyMatch; // The key inside of the SteamDRMP.dll file that is matched to this structures data. (This matches the first 4 bytes of the payload data.)
public uint PayloadDataVirtualAddress; // The virtual address to the payload data.
public uint PayloadDataSize; // The size of the payload data.
public uint SteamAppID; // The steam application id of the packed file.
public uint Unknown0000; // Unknown
[MarshalAs(UnmanagedType.ByValArray, SizeConst = 0x08)]
public byte[] SteamAppIDString; // The SteamAppID of the packed file, in string format.
public uint SteamDRMPDllVirtualAddress; // The offset inside of the payload data holding the virtual address to the SteamDRMP.dll file data.
public uint SteamDRMPDllSize; // The offset inside of the payload data holding the size of the SteamDRMP.dll file data.
public uint XTeaKeys; // The offset inside of the payload data holding the address to the Xtea keys to decrypt the SteamDRMP.dll file.
[MarshalAs(UnmanagedType.ByValArray, SizeConst = 0x31C)]
public byte[] StubData; // Misc stub data, such as strings, error messages, etc.
}
}

View file

@ -186,9 +186,9 @@ namespace Steamless.Unpacker.Variant20.x86
if (BitConverter.ToUInt32(this.File.FileData, (int)fileOffset - 4) != 0xC0DEC0DE)
return false;
int structOffset;
int structSize;
int structXorKey;
uint structOffset;
uint structSize;
uint structXorKey;
// Disassemble the file to locate the needed DRM information..
if (!this.DisassembleFile(out structOffset, out structSize, out structXorKey))
@ -200,7 +200,12 @@ namespace Steamless.Unpacker.Variant20.x86
// Xor decode the header data..
this.XorKey = SteamStubHelpers.SteamXor(ref headerData, (uint)headerData.Length, (uint)structXorKey);
this.StubHeader = Pe32Helpers.GetStructure<SteamStub32Var20Header>(headerData);
// Determine how to handle the header based on the size..
if ((structSize / 4) == 0xD0)
this.StubHeader = Pe32Helpers.GetStructure<SteamStub32Var20Header_D0Variant>(headerData);
else
this.StubHeader = Pe32Helpers.GetStructure<SteamStub32Var20Header>(headerData);
return true;
}
@ -500,14 +505,14 @@ namespace Steamless.Unpacker.Variant20.x86
/// <param name="size"></param>
/// <param name="xorKey"></param>
/// <returns></returns>
private bool DisassembleFile(out int offset, out int size, out int xorKey)
private bool DisassembleFile(out uint offset, out uint size, out uint xorKey)
{
// Prepare our needed variables..
Disassembler disasm = null;
var dataPointer = IntPtr.Zero;
var structOffset = 0;
var structSize = 0;
var structXorKey = 0;
uint structOffset = 0;
uint structSize = 0;
uint structXorKey = 0;
// Determine the entry offset of the file..
var entryOffset = this.File.GetFileOffsetFromRva(this.File.NtHeaders.OptionalHeader.AddressOfEntryPoint);
@ -543,14 +548,14 @@ namespace Steamless.Unpacker.Variant20.x86
if (inst.Mnemonic == ud_mnemonic_code.UD_Imov && inst.Operands[0].Type == ud_type.UD_OP_MEM && inst.Operands[1].Type == ud_type.UD_OP_IMM)
{
if (structOffset == 0)
structOffset = inst.Operands[1].LvalSDWord - (int)this.File.NtHeaders.OptionalHeader.ImageBase;
structOffset = (uint)(inst.Operands[1].LvalUDWord - this.File.NtHeaders.OptionalHeader.ImageBase);
else
structXorKey = inst.Operands[1].LvalSDWord;
structXorKey = (uint)inst.Operands[1].LvalUDWord;
}
// Looks for: mov reg, immediate
if (inst.Mnemonic == ud_mnemonic_code.UD_Imov && inst.Operands[0].Type == ud_type.UD_OP_REG && inst.Operands[1].Type == ud_type.UD_OP_IMM)
structSize = inst.Operands[1].LvalSDWord * 4;
structSize = (uint)inst.Operands[1].LvalUDWord * 4;
}
offset = size = xorKey = 0;
@ -611,7 +616,7 @@ namespace Steamless.Unpacker.Variant20.x86
/// <summary>
/// Gets or sets the DRM stub header.
/// </summary>
private SteamStub32Var20Header StubHeader { get; set; }
private dynamic StubHeader { get; set; }
/// <summary>
/// Gets or sets the payload data.

View file

@ -36,5 +36,5 @@ using System.Runtime.InteropServices;
[assembly: AssemblyCulture("")]
[assembly: ComVisible(false)]
[assembly: Guid("a40154cd-a0fd-4371-8099-ce277e0989af")]
[assembly: AssemblyVersion("1.0.0.3")]
[assembly: AssemblyFileVersion("1.0.0.3")]
[assembly: AssemblyVersion("1.0.0.4")]
[assembly: AssemblyFileVersion("1.0.0.4")]

View file

@ -23,7 +23,8 @@
<Optimize>true</Optimize>
</PropertyGroup>
<ItemGroup>
<Reference Include="SharpDisasm">
<Reference Include="SharpDisasm, Version=1.0.0.0, Culture=neutral, processorArchitecture=MSIL">
<SpecificVersion>False</SpecificVersion>
<HintPath>.\SharpDisasm.dll</HintPath>
</Reference>
<Reference Include="System" />

View file

@ -37,5 +37,5 @@ using System.Windows;
[assembly: AssemblyCulture("")]
[assembly: ComVisible(false)]
[assembly: ThemeInfo(ResourceDictionaryLocation.None, ResourceDictionaryLocation.SourceAssembly)]
[assembly: AssemblyVersion("3.0.0.6")]
[assembly: AssemblyFileVersion("3.0.0.6")]
[assembly: AssemblyVersion("3.0.0.7")]
[assembly: AssemblyFileVersion("3.0.0.7")]