示例#1
0
        /// <summary>
        /// Processing function called when a file is being unpacked. Allows plugins to check the file
        /// and see if it can handle the file for its intended purpose.
        /// </summary>
        /// <param name="file"></param>
        /// <returns></returns>
        public override bool CanProcessFile(string file)
        {
            try
            {
                // Load the file..
                var f = new Pe32File(file);
                if (!f.Parse())
                {
                    this.Log("Failed to parse PE", LogMessageType.Information);
                    return(false);
                }
                if (f.IsFile64Bit())
                {
                    this.Log("Is not 32bit", LogMessageType.Information);
                    return(false);
                }
                if (!f.HasSection(".bind"))
                {
                    this.Log("No bind section", LogMessageType.Information);
                    return(false);
                }

                // Check for the known 3.0 header sizes..
                var headerSize = this.GetHeaderSize(f);
                return(headerSize == 0xB0 || headerSize == 0xD0);
            }
            catch (Exception e)
            {
                this.Log(e.ToString(), LogMessageType.Warning);
                return(false);
            }
        }
示例#2
0
文件: Main.cs 项目: clayne/Steamless
        /// <summary>
        /// Processing function called when a file is being unpacked. Allows plugins to check the file
        /// and see if it can handle the file for its intended purpose.
        /// </summary>
        /// <param name="file"></param>
        /// <returns></returns>
        public override bool CanProcessFile(string file)
        {
            try
            {
                // Load the file..
                var f = new Pe32File(file);
                if (!f.Parse() || f.IsFile64Bit() || !f.HasSection(".bind"))
                {
                    return(false);
                }

                // Obtain the bind section data..
                var bind = f.GetSectionData(".bind");

                // Attempt to locate the known v1.x signature..
                var variant = Pe32Helpers.FindPattern(bind, "60 81 EC 00 10 00 00 BE ?? ?? ?? ?? B9 6A");
                if (variant == -1)
                {
                    return(false);
                }

                return(true);
            }
            catch
            {
                return(false);
            }
        }
示例#3
0
        /// <summary>
        /// Processing function called when a file is being unpacked. Allows plugins to check the file
        /// and see if it can handle the file for its intended purpose.
        /// </summary>
        /// <param name="file"></param>
        /// <returns></returns>
        public override bool CanProcessFile(string file)
        {
            try
            {
                // Load the file..
                var f = new Pe32File(file);
                if (!f.Parse())
                {
                    this.Log("Failed to parse PE", LogMessageType.Information);
                    return(false);
                }
                if (f.IsFile64Bit())
                {
                    this.Log("Is not 32bit", LogMessageType.Information);
                    return(false);
                }
                if (!f.HasSection(".bind"))
                {
                    this.Log("No bind section", LogMessageType.Information);
                    return(false);
                }

                // Obtain the bind section data..
                var bind = f.GetSectionData(".bind");
                // Attempt to locate the known v2.x signature..
                return(Pe32Helpers.FindPattern(bind, "53 51 52 56 57 55 8B EC 81 EC 00 10 00 00 C7") > 0);
            }
            catch (Exception e)
            {
                this.Log(e.ToString(), LogMessageType.Warning);
                return(false);
            }
        }
示例#4
0
        /// <summary>
        /// Processing function called when a file is being unpacked. Allows plugins to check the file
        /// and see if it can handle the file for its intended purpose.
        /// </summary>
        /// <param name="file"></param>
        /// <returns></returns>
        public override bool CanProcessFile(string file)
        {
            try
            {
                // Load the file..
                var f = new Pe32File(file);
                if (!f.Parse() || f.IsFile64Bit() || !f.HasSection(".bind"))
                {
                    return(false);
                }

                // Obtain the bind section data..
                var bind = f.GetSectionData(".bind");

                // Attempt to locate the known v3.x signature..
                var varient = Pe32Helpers.FindPattern(bind, "E8 00 00 00 00 50 53 51 52 56 57 55 8B 44 24 1C 2D 05 00 00 00 8B CC 83 E4 F0 51 51 51 50");
                if (varient == 0)
                {
                    return(false);
                }

                // Version patterns..
                var varientPatterns = new List <KeyValuePair <string, int> >
                {
                    new KeyValuePair <string, int>("55 8B EC 81 EC ?? ?? ?? ?? 53 ?? ?? ?? ?? ?? 68", 0x10),                    // v3.1     [Original version?]
                    new KeyValuePair <string, int>("55 8B EC 81 EC ?? ?? ?? ?? 53 ?? ?? ?? ?? ?? 8D 83", 0x16),                 // v3.1.1   [Newer, 3.1.1? (Seen 2015?)]
                    new KeyValuePair <string, int>("55 8B EC 81 EC ?? ?? ?? ?? 56 ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 8D", 0x10)      // v3.1.2   [Newer, 3.1.2? (Seen late 2017.)]
                };

                var  headerSize = 0;
                uint offset     = 0;
                foreach (var p in varientPatterns)
                {
                    offset = Pe32Helpers.FindPattern(bind, p.Key);
                    if (offset <= 0)
                    {
                        continue;
                    }

                    headerSize = BitConverter.ToInt32(bind, (int)offset + p.Value);
                    break;
                }

                // Ensure valid data was found..
                if (offset == 0 || headerSize == 0)
                {
                    return(false);
                }

                return(headerSize == 0xF0);
            }
            catch
            {
                return(false);
            }
        }
示例#5
0
        /// <summary>
        /// Processing function called when a file is being unpacked. Allows plugins to check the file
        /// and see if it can handle the file for its intended purpose.
        /// </summary>
        /// <param name="file"></param>
        /// <returns></returns>
        public override bool CanProcessFile(string file)
        {
            try
            {
                // Load the file..
                var f = new Pe32File(file);
                if (!f.Parse() || f.IsFile64Bit() || !f.HasSection(".bind"))
                {
                    return(false);
                }

                // Obtain the bind section data..
                var bind = f.GetSectionData(".bind");

                // Attempt to locate the known v3.x signature..
                var varient = Pe32Helpers.FindPattern(bind, "E8 00 00 00 00 50 53 51 52 56 57 55 8B 44 24 1C 2D 05 00 00 00 8B CC 83 E4 F0 51 51 51 50");
                if (varient == 0)
                {
                    return(false);
                }

                // Attempt to determine the varient version..
                int headerSize;
                var offset = Pe32Helpers.FindPattern(bind, "55 8B EC 81 EC ?? ?? ?? ?? 53 ?? ?? ?? ?? ?? 68");
                if (offset == 0)
                {
                    offset = Pe32Helpers.FindPattern(bind, "55 8B EC 81 EC ?? ?? ?? ?? 53 ?? ?? ?? ?? ?? 8D 83");
                    if (offset == 0)
                    {
                        return(false);
                    }

                    headerSize = BitConverter.ToInt32(bind, (int)offset + 22);
                }
                else
                {
                    headerSize = BitConverter.ToInt32(bind, (int)offset + 16);
                }

                return(headerSize == 0xF0);
            }
            catch
            {
                return(false);
            }
        }
示例#6
0
        /// <summary>
        /// Processing function called when a file is being unpacked. Allows plugins to check the file
        /// and see if it can handle the file for its intended purpose.
        /// </summary>
        /// <param name="file"></param>
        /// <returns></returns>
        public override bool CanProcessFile(string file)
        {
            try
            {
                // Load the file..
                var f = new Pe32File(file);
                if (!f.Parse() || f.IsFile64Bit() || !f.HasSection(".bind"))
                {
                    return(false);
                }

                // Check for the known 3.0 header sizes..
                var headerSize = this.GetHeaderSize(f);
                return(headerSize == 0xB0 || headerSize == 0xD0);
            }
            catch
            {
                return(false);
            }
        }
示例#7
0
文件: Main.cs 项目: clayne/Steamless
        /// <summary>
        /// Processing function called when a file is being unpacked. Allows plugins to check the file
        /// and see if it can handle the file for its intended purpose.
        /// </summary>
        /// <param name="file"></param>
        /// <returns></returns>
        public override bool CanProcessFile(string file)
        {
            try
            {
                // Load the file..
                var f = new Pe32File(file);
                if (!f.Parse() || f.IsFile64Bit() || !f.HasSection(".bind"))
                {
                    return(false);
                }

                // Obtain the bind section data..
                var bind = f.GetSectionData(".bind");

                // Attempt to locate the known v2.0 signature..
                return(Pe32Helpers.FindPattern(bind, "53 51 52 56 57 55 8B EC 81 EC 00 10 00 00 BE") != -1);
            }
            catch
            {
                return(false);
            }
        }
示例#8
0
        /// <summary>
        /// Application entry point.
        /// </summary>
        /// <param name="args"></param>
        private static void Main(string[] args)
        {
            // Override the assembly resolve event for this application..
            AppDomain.CurrentDomain.AssemblyResolve += CurrentDomainOnAssemblyResolve;

            // Print the application header..
            PrintHeader();

            // Parse the command line arguments..
            Arguments = new List <string>();
            Arguments.AddRange(Environment.GetCommandLineArgs());

            // Ensure a file was given..
            if (args.Length == 0 || string.IsNullOrEmpty(args[0]))
            {
                PrintHelp();
            }
            else
            {
                // Load the file and ensure it is valid..
                var file = new Pe32File(args[0]);
                if (!file.Parse() || file.IsFile64Bit() || !file.HasSection(".bind"))
                {
                    return;
                }

                // Build a list of known unpackers within our local source..
                var unpackers = (from t in Assembly.GetExecutingAssembly().GetTypes()
                                 from a in t.GetCustomAttributes(typeof(SteamStubUnpackerAttribute), false)
                                 select t).ToList();

                // Print out the known unpackers we found..
                Output("Found the following unpackers (internal):", ConsoleOutputType.Info);
                foreach (var attr in unpackers.Select(unpacker => (SteamStubUnpackerAttribute)unpacker.GetCustomAttributes(typeof(SteamStubUnpackerAttribute)).FirstOrDefault()))
                {
                    Output($" >> Unpacker: {attr?.Name} - by: {attr?.Author}", ConsoleOutputType.Custom, ConsoleColor.Yellow);
                }
                Console.WriteLine();

                // Process function to try and handle the file..
                Func <bool> processed = () =>
                {
                    // Obtain the .bind section data..
                    var bindSectionData = file.GetSectionData(".bind");

                    // Attempt to process the file..
                    return((from unpacker in unpackers
                            let attr = (SteamStubUnpackerAttribute)unpacker.GetCustomAttributes(typeof(SteamStubUnpackerAttribute)).FirstOrDefault()
                                       where attr != null
                                       where Helpers.FindPattern(bindSectionData, attr.Pattern) != 0
                                       select Activator.CreateInstance(unpacker) as SteamStubUnpacker).Select(stubUnpacker => stubUnpacker.Process(file)).FirstOrDefault());
                };

                // Process the file..
                if (!processed())
                {
                    Console.WriteLine();
                    Output("Failed to process file.", ConsoleOutputType.Error);
                }
            }

            // Pause the console so newbies can read the results..
            Console.WriteLine();
            Console.WriteLine("Press any key to exit...");
            Console.ReadKey();
        }
示例#9
0
        /// <summary>
        /// Application entry point.
        /// </summary>
        /// <param name="args"></param>
        private static void Main(string[] args)
        {
            // Override the assembly resolve event for this application..
            AppDomain.CurrentDomain.AssemblyResolve += CurrentDomainOnAssemblyResolve;

            // Print the application header..
            PrintHeader();

            // Parse the command line arguments..
            Arguments = new List<string>();
            Arguments.AddRange(Environment.GetCommandLineArgs());

            // Ensure a file was given..
            if (args.Length == 0 || string.IsNullOrEmpty(args[0]))
            {
                PrintHelp();
            }
            else
            {
                // Load the file and ensure it is valid..
                var file = new Pe32File(args[0]);
                if (!file.Parse() || file.IsFile64Bit() || !file.HasSection(".bind"))
                    return;

                // Build a list of known unpackers within our local source..
                var unpackers = (from t in Assembly.GetExecutingAssembly().GetTypes()
                                 from a in t.GetCustomAttributes(typeof(SteamStubUnpackerAttribute), false)
                                 select t).ToList();

                // Print out the known unpackers we found..
                Output("Found the following unpackers (internal):", ConsoleOutputType.Info);
                foreach (var attr in unpackers.Select(unpacker => (SteamStubUnpackerAttribute)unpacker.GetCustomAttributes(typeof(SteamStubUnpackerAttribute)).FirstOrDefault()))
                    Output($" >> Unpacker: {attr?.Name} - by: {attr?.Author}", ConsoleOutputType.Custom, ConsoleColor.Yellow);
                Console.WriteLine();

                // Process function to try and handle the file..
                Func<bool> processed = () =>
                    {
                        // Obtain the .bind section data..
                        var bindSectionData = file.GetSectionData(".bind");

                        // Attempt to process the file..
                        return (from unpacker in unpackers
                                let attr = (SteamStubUnpackerAttribute)unpacker.GetCustomAttributes(typeof(SteamStubUnpackerAttribute)).FirstOrDefault()
                                where attr != null
                                where Helpers.FindPattern(bindSectionData, attr.Pattern) != 0
                                select Activator.CreateInstance(unpacker) as SteamStubUnpacker).Select(stubUnpacker => stubUnpacker.Process(file)).FirstOrDefault();
                    };

                // Process the file..
                if (!processed())
                {
                    Console.WriteLine();
                    Output("Failed to process file.", ConsoleOutputType.Error);
                }
            }

            // Pause the console so newbies can read the results..
            Console.WriteLine();
            Console.WriteLine("Press any key to exit...");
            Console.ReadKey();
        }