Exemplo n.º 1
0
        /// <summary>
        /// Step #1
        ///
        /// Read, decode and validate the SteamStub DRM header.
        /// </summary>
        /// <returns></returns>
        private bool Step1()
        {
            // Obtain the header size..
            var headerSize = this.GetHeaderSize(this.File);

            // Obtain the DRM header data..
            var fileOffset = this.File.GetFileOffsetFromRva(this.File.NtHeaders.OptionalHeader.AddressOfEntryPoint);
            var headerData = new byte[headerSize];

            Array.Copy(this.File.FileData, (long)(fileOffset - headerSize), headerData, 0, headerSize);

            // Xor decode the header data..
            this.XorKey     = SteamStubHelpers.SteamXor(ref headerData, headerSize);
            this.StubHeader = Pe64Helpers.GetStructure <SteamStub64Var30Header>(headerData);

            // Validate the structure signature..
            if (this.StubHeader.Signature == 0xC0DEC0DE)
            {
                return(true);
            }

            // Try again using the Tls callback (if any) as the OEP instead..
            if (this.File.TlsCallbacks.Count == 0)
            {
                return(false);
            }

            // Obtain the DRM header data..
            fileOffset = this.File.GetRvaFromVa(this.File.TlsCallbacks[0]);
            fileOffset = this.File.GetFileOffsetFromRva(fileOffset);
            headerData = new byte[headerSize];
            Array.Copy(this.File.FileData, (long)(fileOffset - headerSize), headerData, 0, headerSize);

            // Xor decode the header data..
            this.XorKey     = SteamStubHelpers.SteamXor(ref headerData, headerSize);
            this.StubHeader = Pe64Helpers.GetStructure <SteamStub64Var30Header>(headerData);

            // Validate the structure signature..
            if (this.StubHeader.Signature != 0xC0DEC0DE)
            {
                return(false);
            }

            // Tls was valid for the real oep..
            this.TlsAsOep  = true;
            this.TlsOepRva = this.File.GetRvaFromVa(this.File.TlsCallbacks[0]);

            // Is the TlsCallback replacing the OEP..
            if (this.StubHeader.HasTlsCallback != 1 || this.File.TlsCallbacks[0] == 0)
            {
                return(true);
            }

            // Rebuild the file Tls callback information..
            return(this.RebuildTlsCallbackInformation());
        }
Exemplo n.º 2
0
        /// <summary>
        /// Step #1
        ///
        /// Read, decode and validate the SteamStub DRM header.
        /// </summary>
        /// <returns></returns>
        private bool Step1()
        {
            // Obtain the DRM header data..
            var fileOffset = this.File.GetFileOffsetFromRva(this.File.NtHeaders.OptionalHeader.AddressOfEntryPoint);
            var headerData = new byte[0xF0];

            Array.Copy(this.File.FileData, (long)(fileOffset - 0xF0), headerData, 0, 0xF0);

            // Xor decode the header data..
            this.XorKey     = SteamStubHelpers.SteamXor(ref headerData, 0xF0);
            this.StubHeader = Pe64Helpers.GetStructure <SteamStub64Var31Header>(headerData);

            // Validate the header signature..
            if (this.StubHeader.Signature == 0xC0DEC0DF)
            {
                return(true);
            }

            // Try again using the Tls callback (if any) as the OEP instead..
            if (this.File.TlsCallbacks.Count == 0)
            {
                return(false);
            }

            // Obtain the DRM header data..
            fileOffset = this.File.GetRvaFromVa(this.File.TlsCallbacks[0]);
            fileOffset = this.File.GetFileOffsetFromRva(fileOffset);
            headerData = new byte[0xF0];
            Array.Copy(this.File.FileData, (long)(fileOffset - 0xF0), headerData, 0, 0xF0);

            // Xor decode the header data..
            this.XorKey     = SteamStubHelpers.SteamXor(ref headerData, 0xF0);
            this.StubHeader = Pe64Helpers.GetStructure <SteamStub64Var31Header>(headerData);

            // Validate the header signature..
            if (this.StubHeader.Signature != 0xC0DEC0DF)
            {
                return(false);
            }

            // Tls was valid for the real oep..
            this.TlsAsOep  = true;
            this.TlsOepRva = fileOffset;
            return(true);
        }
Exemplo n.º 3
0
        /// <summary>
        /// Step #1
        ///
        /// Read, decode and validate the SteamStub DRM header.
        /// </summary>
        /// <returns></returns>
        private bool Step1()
        {
            // Obtain the header size..
            var headerSize = this.GetHeaderSize(this.File);

            // Obtain the DRM header data..
            var fileOffset = this.File.GetFileOffsetFromRva(this.File.NtHeaders.OptionalHeader.AddressOfEntryPoint);
            var headerData = new byte[headerSize];

            Array.Copy(this.File.FileData, (long)(fileOffset - headerSize), headerData, 0, headerSize);

            // Xor decode the header data..
            this.XorKey     = SteamStubHelpers.SteamXor(ref headerData, headerSize);
            this.StubHeader = Pe64Helpers.GetStructure <SteamStub64Var30Header>(headerData);

            // Validate the structure signature..
            return(this.StubHeader.Signature == 0xC0DEC0DE);
        }
Exemplo n.º 4
0
        private void TextBox1DragDrop(object sender, DragEventArgs e)
        {
            try
            {
                Array arrayyy = (Array)e.Data.GetData(DataFormats.FileDrop);
                if (arrayyy != null)
                {
                    string text = arrayyy.GetValue(0).ToString();
                    int    num  = text.LastIndexOf(".", StringComparison.Ordinal);
                    if (num != -1)
                    {
                        string text2 = text.Substring(num);
                        text2 = text2.ToLower();
                        if (text2 == ".exe" || text2 == ".dll")
                        {
                            Activate();
                            ExePath     = text;
                            label2.Text = "Status : Exe Loaded";
                            int num2 = text.LastIndexOf("\\", StringComparison.Ordinal);
                            if (num2 != -1)
                            {
                                DirectoryName = text.Remove(num2, text.Length - num2);
                            }
                            if (DirectoryName.Length == 2)
                            {
                                DirectoryName += "\\";
                            }
                        }
                    }
                }
            }
            catch
            {
            }
            this.FileData = File.ReadAllBytes(ExePath);
            if (IntPtr.Size == 4)
            {
                this.NtHeaders32 = new NativeApi32.ImageNtHeaders32();
                this.DosHeader32 = new NativeApi32.ImageDosHeader32();
                this.DosHeader32 = Pe32Helpers.GetStructure <NativeApi32.ImageDosHeader32>(this.FileData);
                this.NtHeaders32 = Pe32Helpers.GetStructure <NativeApi32.ImageNtHeaders32>(this.FileData, this.DosHeader32.e_lfanew);
                int num = NtHeaders32.FileHeader.NumberOfSections;
                for (var x = 0; x < num; x++)
                {
                    var section = Pe32Helpers.GetSection(this.FileData, x, this.DosHeader32, this.NtHeaders32);
                    if (section.SectionName.Equals(".bxpck"))
                    {
                        var sectionData = new byte[this.GetAlignment(section.SizeOfRawData, this.NtHeaders32.OptionalHeader.FileAlignment)];
                        Array.Copy(this.FileData, section.PointerToRawData, sectionData, 0, section.SizeOfRawData);
                        string filename = DirectoryName + "\\" + Path.GetFileNameWithoutExtension(ExePath) + "-Unpacked" + Path.GetExtension(ExePath);

                        int firstIndex = GetNthIndex(sectionData, 0x5A, 1);
                        if (sectionData[firstIndex - 1] == 0x4D)
                        {
                            File.WriteAllBytes(filename, sectionData.Skip(firstIndex - 1).ToArray());
                            label3.Text += (firstIndex - 1).ToString("X");
                        }
                        else
                        {
                            int secondIndex = GetNthIndex(sectionData, 0x5A, 2);
                            if (sectionData[secondIndex - 1] == 0x4A)
                            {
                                File.WriteAllBytes(filename, sectionData.Skip(secondIndex - 1).ToArray());
                                label3.Text += (secondIndex - 1).ToString("X");
                            }
                            else
                            {
                                int lastIndex = GetNthIndex(sectionData, 0x4D, 3);
                                if (sectionData[lastIndex - 1] == 0x4D)
                                {
                                    File.WriteAllBytes(filename, sectionData.Skip(lastIndex - 1).ToArray());
                                    label3.Text += (lastIndex - 1).ToString("X");
                                }
                                else
                                {
                                }
                            }
                        }
                        goto sucess;
                    }
                }
            }
            else
            {
                this.DosHeader64 = new NativeApi64.ImageDosHeader64();
                this.NtHeaders64 = new NativeApi64.ImageNtHeaders64();
                this.DosHeader64 = Pe64Helpers.GetStructure <NativeApi64.ImageDosHeader64>(this.FileData);
                this.NtHeaders64 = Pe64Helpers.GetStructure <NativeApi64.ImageNtHeaders64>(this.FileData, this.DosHeader64.e_lfanew);
                for (var x = 0; x < this.NtHeaders64.FileHeader.NumberOfSections; x++)
                {
                    var section = Pe64Helpers.GetSection(this.FileData, x, this.DosHeader64, this.NtHeaders64);
                    if (section.SectionName.Equals(".bxpck"))
                    {
                        var sectionData = new byte[this.GetAlignment(section.SizeOfRawData, this.NtHeaders64.OptionalHeader.FileAlignment)];
                        Array.Copy(this.FileData, section.PointerToRawData, sectionData, 0, section.SizeOfRawData);
                        string filename = DirectoryName + "\\" + Path.GetFileNameWithoutExtension(ExePath) + "-Unpacked" + Path.GetExtension(ExePath);
                        File.WriteAllBytes(filename, sectionData.Skip(182).ToArray());
                        goto sucess;
                    }
                }
            }
            MessageBox.Show("BoxedAppPacker section not found (.bxpck) ! ", "Error", MessageBoxButtons.OK, MessageBoxIcon.Error);
sucess:
            label2.Text = "Status : Success ! ";
        }