示例#1
0
        /// <summary>
        /// Gets the SteamStub header size from the given file.
        /// </summary>
        /// <param name="f"></param>
        /// <returns></returns>
        private uint GetHeaderSize(Pe64File f)
        {
            // Obtain the bind section data..
            var bind = f.GetSectionData(".bind");

            // Attempt to locate the known v3.x signature..
            var varient = Pe64Helpers.FindPattern(bind, "E8 00 00 00 00 50 53 51 52 56 57 55 41 50");

            if (varient == 0)
            {
                return(0);
            }

            // Attempt to determine the varient version..
            var offset = Pe64Helpers.FindPattern(bind, "48 8D 91 ?? ?? ?? ?? 48"); // 3.0

            if (offset == 0)
            {
                offset = Pe64Helpers.FindPattern(bind, "48 8D 91 ?? ?? ?? ?? 41"); // 3.1
            }
            // Ensure a pattern was found..
            if (offset == 0)
            {
                return(0);
            }

            // Read the header size.. (The header size is only 32bit!)
            return((uint)Math.Abs(BitConverter.ToInt32(bind, (int)offset + 3)));
        }
示例#2
0
        /// <summary>
        /// Processing function called when a file is being unpacked. Allows plugins to check the file
        /// and see if it can handle the file for its intended purpose.
        /// </summary>
        /// <param name="file"></param>
        /// <returns></returns>
        public override bool CanProcessFile(string file)
        {
            try
            {
                // Load the file..
                var f = new Pe64File(file);
                if (!f.Parse())
                {
                    this.Log("Can't parse as PE64", LogMessageType.Warning);
                    return(false);
                }
                if (!f.IsFile64Bit())
                {
                    this.Log("Is not 64bit", LogMessageType.Warning);
                    return(false);
                }
                if (!f.HasSection(".bind"))
                {
                    this.Log("Missing bind section", LogMessageType.Warning);
                    return(false);
                }

                // Check for the known 3.0 header sizes..
                var headerSize = this.GetHeaderSize(f);
                return(headerSize == 0xB0 || headerSize == 0xD0);
            }
            catch (Exception e)
            {
                this.Log(e.ToString(), LogMessageType.Warning);
                return(false);
            }
        }
示例#3
0
        /// <summary>
        /// Application entry point.
        /// </summary>
        /// <param name="args"></param>
        private static void Main(string[] args)
        {
            // Print the application header..
            PrintHeader();

            // Parse the command line arguments..
            Arguments = new List<string>();
            Arguments.AddRange(Environment.GetCommandLineArgs());

            // Ensure a file was given..
            if (args.Length == 0 || string.IsNullOrEmpty(args[0]))
            {
                PrintHelp();
            }
            else
            {
                // Load the file and ensure it is valid..
                var file = new Pe64File(args[0]);
                if (!file.Parse() || file.IsFile32Bit() || !file.HasSection(".bind"))
                    return;

                // Build a list of known unpackers within our local source..
                var unpackers = (from t in Assembly.GetExecutingAssembly().GetTypes()
                                 from a in t.GetCustomAttributes(typeof(SteamStubUnpackerAttribute), false)
                                 select t).ToList();

                // Print out the known unpackers we found..
                Output("Found the following unpackers (internal):", ConsoleOutputType.Info);
                foreach (var attr in unpackers.Select(unpacker => (SteamStubUnpackerAttribute)unpacker.GetCustomAttributes(typeof(SteamStubUnpackerAttribute), false).FirstOrDefault()))
                    Output(string.Format(" >> Unpacker: {0} - by: {1}", attr.Name, attr.Author), ConsoleOutputType.Custom, ConsoleColor.Yellow);
                Console.WriteLine();

                // Process function to try and handle the file..
                Func<bool> processed = () =>
                    {
                        // Obtain the .bind section data..
                        var bindSectionData = file.GetSectionData(".bind");

                        // Attempt to process the file..
                        return (from unpacker in unpackers
                                let attr = (SteamStubUnpackerAttribute)unpacker.GetCustomAttributes(typeof(SteamStubUnpackerAttribute), false).FirstOrDefault()
                                where attr != null
                                where Helpers.FindPattern(bindSectionData, attr.Pattern) != 0
                                select Activator.CreateInstance(unpacker) as SteamStubUnpacker).Select(stubUnpacker => stubUnpacker.Process(file)).FirstOrDefault();
                    };

                // Process the file..
                if (!processed())
                {
                    Console.WriteLine();
                    Output("Failed to process file.", ConsoleOutputType.Error);
                }
            }

            // Pause the console so newbies can read the results..
            Console.WriteLine();
            Console.WriteLine("Press any key to exit...");
            Console.ReadKey();
        }
示例#4
0
        /// <summary>
        /// Processing function called when a file is being unpacked. Allows plugins to check the file
        /// and see if it can handle the file for its intended purpose.
        /// </summary>
        /// <param name="file"></param>
        /// <returns></returns>
        public override bool CanProcessFile(string file)
        {
            try
            {
                // Load the file..
                var f = new Pe64File(file);
                if (!f.Parse() || !f.IsFile64Bit() || !f.HasSection(".bind"))
                {
                    return(false);
                }

                // Obtain the bind section data..
                var bind = f.GetSectionData(".bind");

                // Attempt to locate the known v3.x signature..
                var varient = Pe64Helpers.FindPattern(bind, "E8 00 00 00 00 50 53 51 52 56 57 55 41 50");
                if (varient == 0)
                {
                    return(false);
                }

                // Attempt to determine the varient version..
                var offset = Pe64Helpers.FindPattern(bind, "48 8D 91 ?? ?? ?? ?? 48"); // 3.0
                if (offset == 0)
                {
                    offset = Pe64Helpers.FindPattern(bind, "48 8D 91 ?? ?? ?? ?? 41"); // 3.1
                }
                if (offset == 0)
                {
                    offset = Pe64Helpers.FindPattern(bind, "48 C7 84 24 ?? ?? ?? ?? ?? ?? ?? ?? 48"); // 3.1.2
                    if (offset > 0)
                    {
                        offset += 5;
                    }
                }

                // Ensure a pattern was found..
                if (offset == 0)
                {
                    return(false);
                }

                // Read the header size.. (The header size is only 32bit!)
                var headerSize = Math.Abs(BitConverter.ToInt32(bind, (int)offset + 3));

                // Check for the known 3.1 header size..
                return(headerSize == 0xF0);
            }
            catch
            {
                return(false);
            }
        }
        /// <summary>
        /// Processes the given file in attempt to unpack the Steam Stub variant 4.
        /// </summary>
        /// <param name="file"></param>
        /// <returns></returns>
        public override bool Process(Pe64File file)
        {
            Program.Output("File is packed with SteamStub Variant #4!", ConsoleOutputType.Info);

            // Store the file object being processed..
            this.File = file;

            // Step #1 - Read the steam stub header.
            Program.Output("Info: Unpacker Stage #1", ConsoleOutputType.Custom, ConsoleColor.Magenta);
            if (!this.Step1())
            {
                return(false);
            }

            // Step #2 - Read the payload.
            Program.Output("Info: Unpacker Stage #2", ConsoleOutputType.Custom, ConsoleColor.Magenta);
            if (!this.Step2())
            {
                return(false);
            }

            // Step #3 - Read the SteamDRMP.dll file.
            Program.Output("Info: Unpacker Stage #3", ConsoleOutputType.Custom, ConsoleColor.Magenta);
            if (!this.Step3())
            {
                return(false);
            }

            // Step #4 - Read the code section.
            Program.Output("Info: Unpacker Stage #4", ConsoleOutputType.Custom, ConsoleColor.Magenta);
            if (!this.Step4())
            {
                return(false);
            }

            // Step #5 - Save the file.
            Program.Output("Info: Unpacker Stage #5", ConsoleOutputType.Custom, ConsoleColor.Magenta);
            if (!this.Step5())
            {
                return(false);
            }

            Program.Output("Processed the file successfully!", ConsoleOutputType.Success);

            return(true);
        }
示例#6
0
        /// <summary>
        /// Processing function called when a file is being unpacked. Allows plugins to check the file
        /// and see if it can handle the file for its intended purpose.
        /// </summary>
        /// <param name="file"></param>
        /// <returns></returns>
        public override bool CanProcessFile(string file)
        {
            try
            {
                // Load the file..
                var f = new Pe64File(file);
                if (!f.Parse() || !f.IsFile64Bit() || !f.HasSection(".bind"))
                {
                    return(false);
                }

                // Check for the known 3.0 header sizes..
                var headerSize = this.GetHeaderSize(f);
                return(headerSize == 0xB0 || headerSize == 0xD0);
            }
            catch
            {
                return(false);
            }
        }
示例#7
0
 /// <summary>
 /// 
 /// </summary>
 /// <param name="file"></param>
 /// <returns></returns>
 public abstract bool Process(Pe64File file);
示例#8
0
 /// <summary>
 ///
 /// </summary>
 /// <param name="file"></param>
 /// <returns></returns>
 public abstract bool Process(Pe64File file);
示例#9
0
        /// <summary>
        /// Application entry point.
        /// </summary>
        /// <param name="args"></param>
        private static void Main(string[] args)
        {
            // Print the application header..
            PrintHeader();

            // Parse the command line arguments..
            Arguments = new List <string>();
            Arguments.AddRange(Environment.GetCommandLineArgs());

            // Ensure a file was given..
            if (args.Length == 0 || string.IsNullOrEmpty(args[0]))
            {
                PrintHelp();
            }
            else
            {
                // Load the file and ensure it is valid..
                var file = new Pe64File(args[0]);
                if (!file.Parse() || file.IsFile32Bit() || !file.HasSection(".bind"))
                {
                    return;
                }

                // Build a list of known unpackers within our local source..
                var unpackers = (from t in Assembly.GetExecutingAssembly().GetTypes()
                                 from a in t.GetCustomAttributes(typeof(SteamStubUnpackerAttribute), false)
                                 select t).ToList();

                // Print out the known unpackers we found..
                Output("Found the following unpackers (internal):", ConsoleOutputType.Info);
                foreach (var attr in unpackers.Select(unpacker => (SteamStubUnpackerAttribute)unpacker.GetCustomAttributes(typeof(SteamStubUnpackerAttribute), false).FirstOrDefault()))
                {
                    Output(string.Format(" >> Unpacker: {0} - by: {1}", attr.Name, attr.Author), ConsoleOutputType.Custom, ConsoleColor.Yellow);
                }
                Console.WriteLine();

                // Process function to try and handle the file..
                Func <bool> processed = () =>
                {
                    // Obtain the .bind section data..
                    var bindSectionData = file.GetSectionData(".bind");

                    // Attempt to process the file..
                    return((from unpacker in unpackers
                            let attr = (SteamStubUnpackerAttribute)unpacker.GetCustomAttributes(typeof(SteamStubUnpackerAttribute), false).FirstOrDefault()
                                       where attr != null
                                       where Helpers.FindPattern(bindSectionData, attr.Pattern) != 0
                                       select Activator.CreateInstance(unpacker) as SteamStubUnpacker).Select(stubUnpacker => stubUnpacker.Process(file)).FirstOrDefault());
                };

                // Process the file..
                if (!processed())
                {
                    Console.WriteLine();
                    Output("Failed to process file.", ConsoleOutputType.Error);
                }
            }

            // Pause the console so newbies can read the results..
            Console.WriteLine();
            Console.WriteLine("Press any key to exit...");
            Console.ReadKey();
        }
示例#10
0
        /// <summary>
        /// Processes the given file in attempt to unpack the Steam Stub variant 4.
        /// </summary>
        /// <param name="file"></param>
        /// <returns></returns>
        public override bool Process(Pe64File file)
        {
            Program.Output("File is packed with SteamStub Variant #4!", ConsoleOutputType.Info);

            // Store the file object being processed..
            this.File = file;

            // Step #1 - Read the steam stub header.
            Program.Output("Info: Unpacker Stage #1", ConsoleOutputType.Custom, ConsoleColor.Magenta);
            if (!this.Step1())
                return false;

            // Step #2 - Read the payload.
            Program.Output("Info: Unpacker Stage #2", ConsoleOutputType.Custom, ConsoleColor.Magenta);
            if (!this.Step2())
                return false;

            // Step #3 - Read the SteamDRMP.dll file.
            Program.Output("Info: Unpacker Stage #3", ConsoleOutputType.Custom, ConsoleColor.Magenta);
            if (!this.Step3())
                return false;

            // Step #4 - Read the code section.
            Program.Output("Info: Unpacker Stage #4", ConsoleOutputType.Custom, ConsoleColor.Magenta);
            if (!this.Step4())
                return false;

            // Step #5 - Save the file.
            Program.Output("Info: Unpacker Stage #5", ConsoleOutputType.Custom, ConsoleColor.Magenta);
            if (!this.Step5())
                return false;

            Program.Output("Processed the file successfully!", ConsoleOutputType.Success);

            return true;
        }