/// <summary>
/// Processing function called when a file is being unpacked. Allows plugins to check the file
/// and see if it can handle the file for its intended purpose.
/// </summary>
/// <param name="file"></param>
/// <returns></returns>
public override bool CanProcessFile(string file)
{
try
{
// Load the file..
var f = new Pe32File(file);
if (!f.Parse())
{
this.Log("Failed to parse PE", LogMessageType.Information);
return(false);
}
if (f.IsFile64Bit())
{
this.Log("Is not 32bit", LogMessageType.Information);
return(false);
}
if (!f.HasSection(".bind"))
{
this.Log("No bind section", LogMessageType.Information);
return(false);
}
// Check for the known 3.0 header sizes..
var headerSize = this.GetHeaderSize(f);
return(headerSize == 0xB0 || headerSize == 0xD0);
}
catch (Exception e)
{
this.Log(e.ToString(), LogMessageType.Warning);
return(false);
}
}
/// <summary>
/// Processing function called when a file is being unpacked. Allows plugins to check the file
/// and see if it can handle the file for its intended purpose.
/// </summary>
/// <param name="file"></param>
/// <returns></returns>
public override bool CanProcessFile(string file)
{
try
{
// Load the file..
var f = new Pe32File(file);
if (!f.Parse() || f.IsFile64Bit() || !f.HasSection(".bind"))
{
return(false);
}
// Obtain the bind section data..
var bind = f.GetSectionData(".bind");
// Attempt to locate the known v1.x signature..
var variant = Pe32Helpers.FindPattern(bind, "60 81 EC 00 10 00 00 BE ?? ?? ?? ?? B9 6A");
if (variant == -1)
{
return(false);
}
return(true);
}
catch
{
return(false);
}
}
/// <summary>
/// Processing function called when a file is being unpacked. Allows plugins to check the file
/// and see if it can handle the file for its intended purpose.
/// </summary>
/// <param name="file"></param>
/// <returns></returns>
public override bool CanProcessFile(string file)
{
try
{
// Load the file..
var f = new Pe32File(file);
if (!f.Parse())
{
this.Log("Failed to parse PE", LogMessageType.Information);
return(false);
}
if (f.IsFile64Bit())
{
this.Log("Is not 32bit", LogMessageType.Information);
return(false);
}
if (!f.HasSection(".bind"))
{
this.Log("No bind section", LogMessageType.Information);
return(false);
}
// Obtain the bind section data..
var bind = f.GetSectionData(".bind");
// Attempt to locate the known v2.x signature..
return(Pe32Helpers.FindPattern(bind, "53 51 52 56 57 55 8B EC 81 EC 00 10 00 00 C7") > 0);
}
catch (Exception e)
{
this.Log(e.ToString(), LogMessageType.Warning);
return(false);
}
}
/// <summary>
/// Processing function called when a file is being unpacked. Allows plugins to check the file
/// and see if it can handle the file for its intended purpose.
/// </summary>
/// <param name="file"></param>
/// <returns></returns>
public override bool CanProcessFile(string file)
{
try
{
// Load the file..
var f = new Pe32File(file);
if (!f.Parse() || f.IsFile64Bit() || !f.HasSection(".bind"))
{
return(false);
}
// Obtain the bind section data..
var bind = f.GetSectionData(".bind");
// Attempt to locate the known v3.x signature..
var varient = Pe32Helpers.FindPattern(bind, "E8 00 00 00 00 50 53 51 52 56 57 55 8B 44 24 1C 2D 05 00 00 00 8B CC 83 E4 F0 51 51 51 50");
if (varient == 0)
{
return(false);
}
// Version patterns..
var varientPatterns = new List <KeyValuePair <string, int> >
{
new KeyValuePair <string, int>("55 8B EC 81 EC ?? ?? ?? ?? 53 ?? ?? ?? ?? ?? 68", 0x10), // v3.1 [Original version?]
new KeyValuePair <string, int>("55 8B EC 81 EC ?? ?? ?? ?? 53 ?? ?? ?? ?? ?? 8D 83", 0x16), // v3.1.1 [Newer, 3.1.1? (Seen 2015?)]
new KeyValuePair <string, int>("55 8B EC 81 EC ?? ?? ?? ?? 56 ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 8D", 0x10) // v3.1.2 [Newer, 3.1.2? (Seen late 2017.)]
};
var headerSize = 0;
uint offset = 0;
foreach (var p in varientPatterns)
{
offset = Pe32Helpers.FindPattern(bind, p.Key);
if (offset <= 0)
{
continue;
}
headerSize = BitConverter.ToInt32(bind, (int)offset + p.Value);
break;
}
// Ensure valid data was found..
if (offset == 0 || headerSize == 0)
{
return(false);
}
return(headerSize == 0xF0);
}
catch
{
return(false);
}
}
/// <summary>
/// Processing function called when a file is being unpacked. Allows plugins to check the file
/// and see if it can handle the file for its intended purpose.
/// </summary>
/// <param name="file"></param>
/// <returns></returns>
public override bool CanProcessFile(string file)
{
try
{
// Load the file..
var f = new Pe32File(file);
if (!f.Parse() || f.IsFile64Bit() || !f.HasSection(".bind"))
{
return(false);
}
// Obtain the bind section data..
var bind = f.GetSectionData(".bind");
// Attempt to locate the known v3.x signature..
var varient = Pe32Helpers.FindPattern(bind, "E8 00 00 00 00 50 53 51 52 56 57 55 8B 44 24 1C 2D 05 00 00 00 8B CC 83 E4 F0 51 51 51 50");
if (varient == 0)
{
return(false);
}
// Attempt to determine the varient version..
int headerSize;
var offset = Pe32Helpers.FindPattern(bind, "55 8B EC 81 EC ?? ?? ?? ?? 53 ?? ?? ?? ?? ?? 68");
if (offset == 0)
{
offset = Pe32Helpers.FindPattern(bind, "55 8B EC 81 EC ?? ?? ?? ?? 53 ?? ?? ?? ?? ?? 8D 83");
if (offset == 0)
{
return(false);
}
headerSize = BitConverter.ToInt32(bind, (int)offset + 22);
}
else
{
headerSize = BitConverter.ToInt32(bind, (int)offset + 16);
}
return(headerSize == 0xF0);
}
catch
{
return(false);
}
}
/// <summary>
/// Processing function called when a file is being unpacked. Allows plugins to check the file
/// and see if it can handle the file for its intended purpose.
/// </summary>
/// <param name="file"></param>
/// <returns></returns>
public override bool CanProcessFile(string file)
{
try
{
// Load the file..
var f = new Pe32File(file);
if (!f.Parse() || f.IsFile64Bit() || !f.HasSection(".bind"))
{
return(false);
}
// Check for the known 3.0 header sizes..
var headerSize = this.GetHeaderSize(f);
return(headerSize == 0xB0 || headerSize == 0xD0);
}
catch
{
return(false);
}
}
/// <summary>
/// Processing function called when a file is being unpacked. Allows plugins to check the file
/// and see if it can handle the file for its intended purpose.
/// </summary>
/// <param name="file"></param>
/// <returns></returns>
public override bool CanProcessFile(string file)
{
try
{
// Load the file..
var f = new Pe32File(file);
if (!f.Parse() || f.IsFile64Bit() || !f.HasSection(".bind"))
{
return(false);
}
// Obtain the bind section data..
var bind = f.GetSectionData(".bind");
// Attempt to locate the known v2.0 signature..
return(Pe32Helpers.FindPattern(bind, "53 51 52 56 57 55 8B EC 81 EC 00 10 00 00 BE") != -1);
}
catch
{
return(false);
}
}
/// <summary>
/// Application entry point.
/// </summary>
/// <param name="args"></param>
private static void Main(string[] args)
{
// Override the assembly resolve event for this application..
AppDomain.CurrentDomain.AssemblyResolve += CurrentDomainOnAssemblyResolve;
// Print the application header..
PrintHeader();
// Parse the command line arguments..
Arguments = new List <string>();
Arguments.AddRange(Environment.GetCommandLineArgs());
// Ensure a file was given..
if (args.Length == 0 || string.IsNullOrEmpty(args[0]))
{
PrintHelp();
}
else
{
// Load the file and ensure it is valid..
var file = new Pe32File(args[0]);
if (!file.Parse() || file.IsFile64Bit() || !file.HasSection(".bind"))
{
return;
}
// Build a list of known unpackers within our local source..
var unpackers = (from t in Assembly.GetExecutingAssembly().GetTypes()
from a in t.GetCustomAttributes(typeof(SteamStubUnpackerAttribute), false)
select t).ToList();
// Print out the known unpackers we found..
Output("Found the following unpackers (internal):", ConsoleOutputType.Info);
foreach (var attr in unpackers.Select(unpacker => (SteamStubUnpackerAttribute)unpacker.GetCustomAttributes(typeof(SteamStubUnpackerAttribute)).FirstOrDefault()))
{
Output($" >> Unpacker: {attr?.Name} - by: {attr?.Author}", ConsoleOutputType.Custom, ConsoleColor.Yellow);
}
Console.WriteLine();
// Process function to try and handle the file..
Func <bool> processed = () =>
{
// Obtain the .bind section data..
var bindSectionData = file.GetSectionData(".bind");
// Attempt to process the file..
return((from unpacker in unpackers
let attr = (SteamStubUnpackerAttribute)unpacker.GetCustomAttributes(typeof(SteamStubUnpackerAttribute)).FirstOrDefault()
where attr != null
where Helpers.FindPattern(bindSectionData, attr.Pattern) != 0
select Activator.CreateInstance(unpacker) as SteamStubUnpacker).Select(stubUnpacker => stubUnpacker.Process(file)).FirstOrDefault());
};
// Process the file..
if (!processed())
{
Console.WriteLine();
Output("Failed to process file.", ConsoleOutputType.Error);
}
}
// Pause the console so newbies can read the results..
Console.WriteLine();
Console.WriteLine("Press any key to exit...");
Console.ReadKey();
}
/// <summary>
/// Application entry point.
/// </summary>
/// <param name="args"></param>
private static void Main(string[] args)
{
// Override the assembly resolve event for this application..
AppDomain.CurrentDomain.AssemblyResolve += CurrentDomainOnAssemblyResolve;
// Print the application header..
PrintHeader();
// Parse the command line arguments..
Arguments = new List<string>();
Arguments.AddRange(Environment.GetCommandLineArgs());
// Ensure a file was given..
if (args.Length == 0 || string.IsNullOrEmpty(args[0]))
{
PrintHelp();
}
else
{
// Load the file and ensure it is valid..
var file = new Pe32File(args[0]);
if (!file.Parse() || file.IsFile64Bit() || !file.HasSection(".bind"))
return;
// Build a list of known unpackers within our local source..
var unpackers = (from t in Assembly.GetExecutingAssembly().GetTypes()
from a in t.GetCustomAttributes(typeof(SteamStubUnpackerAttribute), false)
select t).ToList();
// Print out the known unpackers we found..
Output("Found the following unpackers (internal):", ConsoleOutputType.Info);
foreach (var attr in unpackers.Select(unpacker => (SteamStubUnpackerAttribute)unpacker.GetCustomAttributes(typeof(SteamStubUnpackerAttribute)).FirstOrDefault()))
Output($" >> Unpacker: {attr?.Name} - by: {attr?.Author}", ConsoleOutputType.Custom, ConsoleColor.Yellow);
Console.WriteLine();
// Process function to try and handle the file..
Func<bool> processed = () =>
{
// Obtain the .bind section data..
var bindSectionData = file.GetSectionData(".bind");
// Attempt to process the file..
return (from unpacker in unpackers
let attr = (SteamStubUnpackerAttribute)unpacker.GetCustomAttributes(typeof(SteamStubUnpackerAttribute)).FirstOrDefault()
where attr != null
where Helpers.FindPattern(bindSectionData, attr.Pattern) != 0
select Activator.CreateInstance(unpacker) as SteamStubUnpacker).Select(stubUnpacker => stubUnpacker.Process(file)).FirstOrDefault();
};
// Process the file..
if (!processed())
{
Console.WriteLine();
Output("Failed to process file.", ConsoleOutputType.Error);
}
}
// Pause the console so newbies can read the results..
Console.WriteLine();
Console.WriteLine("Press any key to exit...");
Console.ReadKey();
}