/// <summary>
/// Gets the SteamStub header size from the given file.
/// </summary>
/// <param name="f"></param>
/// <returns></returns>
private uint GetHeaderSize(Pe64File f)
{
// Obtain the bind section data..
var bind = f.GetSectionData(".bind");
// Attempt to locate the known v3.x signature..
var varient = Pe64Helpers.FindPattern(bind, "E8 00 00 00 00 50 53 51 52 56 57 55 41 50");
if (varient == 0)
{
return(0);
}
// Attempt to determine the varient version..
var offset = Pe64Helpers.FindPattern(bind, "48 8D 91 ?? ?? ?? ?? 48"); // 3.0
if (offset == 0)
{
offset = Pe64Helpers.FindPattern(bind, "48 8D 91 ?? ?? ?? ?? 41"); // 3.1
}
// Ensure a pattern was found..
if (offset == 0)
{
return(0);
}
// Read the header size.. (The header size is only 32bit!)
return((uint)Math.Abs(BitConverter.ToInt32(bind, (int)offset + 3)));
}
/// <summary>
/// Processing function called when a file is being unpacked. Allows plugins to check the file
/// and see if it can handle the file for its intended purpose.
/// </summary>
/// <param name="file"></param>
/// <returns></returns>
public override bool CanProcessFile(string file)
{
try
{
// Load the file..
var f = new Pe64File(file);
if (!f.Parse())
{
this.Log("Can't parse as PE64", LogMessageType.Warning);
return(false);
}
if (!f.IsFile64Bit())
{
this.Log("Is not 64bit", LogMessageType.Warning);
return(false);
}
if (!f.HasSection(".bind"))
{
this.Log("Missing bind section", LogMessageType.Warning);
return(false);
}
// Check for the known 3.0 header sizes..
var headerSize = this.GetHeaderSize(f);
return(headerSize == 0xB0 || headerSize == 0xD0);
}
catch (Exception e)
{
this.Log(e.ToString(), LogMessageType.Warning);
return(false);
}
}
/// <summary>
/// Application entry point.
/// </summary>
/// <param name="args"></param>
private static void Main(string[] args)
{
// Print the application header..
PrintHeader();
// Parse the command line arguments..
Arguments = new List<string>();
Arguments.AddRange(Environment.GetCommandLineArgs());
// Ensure a file was given..
if (args.Length == 0 || string.IsNullOrEmpty(args[0]))
{
PrintHelp();
}
else
{
// Load the file and ensure it is valid..
var file = new Pe64File(args[0]);
if (!file.Parse() || file.IsFile32Bit() || !file.HasSection(".bind"))
return;
// Build a list of known unpackers within our local source..
var unpackers = (from t in Assembly.GetExecutingAssembly().GetTypes()
from a in t.GetCustomAttributes(typeof(SteamStubUnpackerAttribute), false)
select t).ToList();
// Print out the known unpackers we found..
Output("Found the following unpackers (internal):", ConsoleOutputType.Info);
foreach (var attr in unpackers.Select(unpacker => (SteamStubUnpackerAttribute)unpacker.GetCustomAttributes(typeof(SteamStubUnpackerAttribute), false).FirstOrDefault()))
Output(string.Format(" >> Unpacker: {0} - by: {1}", attr.Name, attr.Author), ConsoleOutputType.Custom, ConsoleColor.Yellow);
Console.WriteLine();
// Process function to try and handle the file..
Func<bool> processed = () =>
{
// Obtain the .bind section data..
var bindSectionData = file.GetSectionData(".bind");
// Attempt to process the file..
return (from unpacker in unpackers
let attr = (SteamStubUnpackerAttribute)unpacker.GetCustomAttributes(typeof(SteamStubUnpackerAttribute), false).FirstOrDefault()
where attr != null
where Helpers.FindPattern(bindSectionData, attr.Pattern) != 0
select Activator.CreateInstance(unpacker) as SteamStubUnpacker).Select(stubUnpacker => stubUnpacker.Process(file)).FirstOrDefault();
};
// Process the file..
if (!processed())
{
Console.WriteLine();
Output("Failed to process file.", ConsoleOutputType.Error);
}
}
// Pause the console so newbies can read the results..
Console.WriteLine();
Console.WriteLine("Press any key to exit...");
Console.ReadKey();
}
/// <summary>
/// Processing function called when a file is being unpacked. Allows plugins to check the file
/// and see if it can handle the file for its intended purpose.
/// </summary>
/// <param name="file"></param>
/// <returns></returns>
public override bool CanProcessFile(string file)
{
try
{
// Load the file..
var f = new Pe64File(file);
if (!f.Parse() || !f.IsFile64Bit() || !f.HasSection(".bind"))
{
return(false);
}
// Obtain the bind section data..
var bind = f.GetSectionData(".bind");
// Attempt to locate the known v3.x signature..
var varient = Pe64Helpers.FindPattern(bind, "E8 00 00 00 00 50 53 51 52 56 57 55 41 50");
if (varient == 0)
{
return(false);
}
// Attempt to determine the varient version..
var offset = Pe64Helpers.FindPattern(bind, "48 8D 91 ?? ?? ?? ?? 48"); // 3.0
if (offset == 0)
{
offset = Pe64Helpers.FindPattern(bind, "48 8D 91 ?? ?? ?? ?? 41"); // 3.1
}
if (offset == 0)
{
offset = Pe64Helpers.FindPattern(bind, "48 C7 84 24 ?? ?? ?? ?? ?? ?? ?? ?? 48"); // 3.1.2
if (offset > 0)
{
offset += 5;
}
}
// Ensure a pattern was found..
if (offset == 0)
{
return(false);
}
// Read the header size.. (The header size is only 32bit!)
var headerSize = Math.Abs(BitConverter.ToInt32(bind, (int)offset + 3));
// Check for the known 3.1 header size..
return(headerSize == 0xF0);
}
catch
{
return(false);
}
}
/// <summary>
/// Processes the given file in attempt to unpack the Steam Stub variant 4.
/// </summary>
/// <param name="file"></param>
/// <returns></returns>
public override bool Process(Pe64File file)
{
Program.Output("File is packed with SteamStub Variant #4!", ConsoleOutputType.Info);
// Store the file object being processed..
this.File = file;
// Step #1 - Read the steam stub header.
Program.Output("Info: Unpacker Stage #1", ConsoleOutputType.Custom, ConsoleColor.Magenta);
if (!this.Step1())
{
return(false);
}
// Step #2 - Read the payload.
Program.Output("Info: Unpacker Stage #2", ConsoleOutputType.Custom, ConsoleColor.Magenta);
if (!this.Step2())
{
return(false);
}
// Step #3 - Read the SteamDRMP.dll file.
Program.Output("Info: Unpacker Stage #3", ConsoleOutputType.Custom, ConsoleColor.Magenta);
if (!this.Step3())
{
return(false);
}
// Step #4 - Read the code section.
Program.Output("Info: Unpacker Stage #4", ConsoleOutputType.Custom, ConsoleColor.Magenta);
if (!this.Step4())
{
return(false);
}
// Step #5 - Save the file.
Program.Output("Info: Unpacker Stage #5", ConsoleOutputType.Custom, ConsoleColor.Magenta);
if (!this.Step5())
{
return(false);
}
Program.Output("Processed the file successfully!", ConsoleOutputType.Success);
return(true);
}
/// <summary>
/// Processing function called when a file is being unpacked. Allows plugins to check the file
/// and see if it can handle the file for its intended purpose.
/// </summary>
/// <param name="file"></param>
/// <returns></returns>
public override bool CanProcessFile(string file)
{
try
{
// Load the file..
var f = new Pe64File(file);
if (!f.Parse() || !f.IsFile64Bit() || !f.HasSection(".bind"))
{
return(false);
}
// Check for the known 3.0 header sizes..
var headerSize = this.GetHeaderSize(f);
return(headerSize == 0xB0 || headerSize == 0xD0);
}
catch
{
return(false);
}
}
/// <summary> /// /// </summary> /// <param name="file"></param> /// <returns></returns> public abstract bool Process(Pe64File file);
/// <summary> /// /// </summary> /// <param name="file"></param> /// <returns></returns> public abstract bool Process(Pe64File file);
/// <summary>
/// Application entry point.
/// </summary>
/// <param name="args"></param>
private static void Main(string[] args)
{
// Print the application header..
PrintHeader();
// Parse the command line arguments..
Arguments = new List <string>();
Arguments.AddRange(Environment.GetCommandLineArgs());
// Ensure a file was given..
if (args.Length == 0 || string.IsNullOrEmpty(args[0]))
{
PrintHelp();
}
else
{
// Load the file and ensure it is valid..
var file = new Pe64File(args[0]);
if (!file.Parse() || file.IsFile32Bit() || !file.HasSection(".bind"))
{
return;
}
// Build a list of known unpackers within our local source..
var unpackers = (from t in Assembly.GetExecutingAssembly().GetTypes()
from a in t.GetCustomAttributes(typeof(SteamStubUnpackerAttribute), false)
select t).ToList();
// Print out the known unpackers we found..
Output("Found the following unpackers (internal):", ConsoleOutputType.Info);
foreach (var attr in unpackers.Select(unpacker => (SteamStubUnpackerAttribute)unpacker.GetCustomAttributes(typeof(SteamStubUnpackerAttribute), false).FirstOrDefault()))
{
Output(string.Format(" >> Unpacker: {0} - by: {1}", attr.Name, attr.Author), ConsoleOutputType.Custom, ConsoleColor.Yellow);
}
Console.WriteLine();
// Process function to try and handle the file..
Func <bool> processed = () =>
{
// Obtain the .bind section data..
var bindSectionData = file.GetSectionData(".bind");
// Attempt to process the file..
return((from unpacker in unpackers
let attr = (SteamStubUnpackerAttribute)unpacker.GetCustomAttributes(typeof(SteamStubUnpackerAttribute), false).FirstOrDefault()
where attr != null
where Helpers.FindPattern(bindSectionData, attr.Pattern) != 0
select Activator.CreateInstance(unpacker) as SteamStubUnpacker).Select(stubUnpacker => stubUnpacker.Process(file)).FirstOrDefault());
};
// Process the file..
if (!processed())
{
Console.WriteLine();
Output("Failed to process file.", ConsoleOutputType.Error);
}
}
// Pause the console so newbies can read the results..
Console.WriteLine();
Console.WriteLine("Press any key to exit...");
Console.ReadKey();
}
/// <summary>
/// Processes the given file in attempt to unpack the Steam Stub variant 4.
/// </summary>
/// <param name="file"></param>
/// <returns></returns>
public override bool Process(Pe64File file)
{
Program.Output("File is packed with SteamStub Variant #4!", ConsoleOutputType.Info);
// Store the file object being processed..
this.File = file;
// Step #1 - Read the steam stub header.
Program.Output("Info: Unpacker Stage #1", ConsoleOutputType.Custom, ConsoleColor.Magenta);
if (!this.Step1())
return false;
// Step #2 - Read the payload.
Program.Output("Info: Unpacker Stage #2", ConsoleOutputType.Custom, ConsoleColor.Magenta);
if (!this.Step2())
return false;
// Step #3 - Read the SteamDRMP.dll file.
Program.Output("Info: Unpacker Stage #3", ConsoleOutputType.Custom, ConsoleColor.Magenta);
if (!this.Step3())
return false;
// Step #4 - Read the code section.
Program.Output("Info: Unpacker Stage #4", ConsoleOutputType.Custom, ConsoleColor.Magenta);
if (!this.Step4())
return false;
// Step #5 - Save the file.
Program.Output("Info: Unpacker Stage #5", ConsoleOutputType.Custom, ConsoleColor.Magenta);
if (!this.Step5())
return false;
Program.Output("Processed the file successfully!", ConsoleOutputType.Success);
return true;
}
