/// <summary> /// Gets the SteamStub header size from the given file. /// </summary> /// <param name="f"></param> /// <returns></returns> private uint GetHeaderSize(Pe64File f) { // Obtain the bind section data.. var bind = f.GetSectionData(".bind"); // Attempt to locate the known v3.x signature.. var varient = Pe64Helpers.FindPattern(bind, "E8 00 00 00 00 50 53 51 52 56 57 55 41 50"); if (varient == 0) { return(0); } // Attempt to determine the varient version.. var offset = Pe64Helpers.FindPattern(bind, "48 8D 91 ?? ?? ?? ?? 48"); // 3.0 if (offset == 0) { offset = Pe64Helpers.FindPattern(bind, "48 8D 91 ?? ?? ?? ?? 41"); // 3.1 } // Ensure a pattern was found.. if (offset == 0) { return(0); } // Read the header size.. (The header size is only 32bit!) return((uint)Math.Abs(BitConverter.ToInt32(bind, (int)offset + 3))); }
/// <summary> /// Processing function called when a file is being unpacked. Allows plugins to check the file /// and see if it can handle the file for its intended purpose. /// </summary> /// <param name="file"></param> /// <returns></returns> public override bool CanProcessFile(string file) { try { // Load the file.. var f = new Pe64File(file); if (!f.Parse()) { this.Log("Can't parse as PE64", LogMessageType.Warning); return(false); } if (!f.IsFile64Bit()) { this.Log("Is not 64bit", LogMessageType.Warning); return(false); } if (!f.HasSection(".bind")) { this.Log("Missing bind section", LogMessageType.Warning); return(false); } // Check for the known 3.0 header sizes.. var headerSize = this.GetHeaderSize(f); return(headerSize == 0xB0 || headerSize == 0xD0); } catch (Exception e) { this.Log(e.ToString(), LogMessageType.Warning); return(false); } }
/// <summary> /// Application entry point. /// </summary> /// <param name="args"></param> private static void Main(string[] args) { // Print the application header.. PrintHeader(); // Parse the command line arguments.. Arguments = new List<string>(); Arguments.AddRange(Environment.GetCommandLineArgs()); // Ensure a file was given.. if (args.Length == 0 || string.IsNullOrEmpty(args[0])) { PrintHelp(); } else { // Load the file and ensure it is valid.. var file = new Pe64File(args[0]); if (!file.Parse() || file.IsFile32Bit() || !file.HasSection(".bind")) return; // Build a list of known unpackers within our local source.. var unpackers = (from t in Assembly.GetExecutingAssembly().GetTypes() from a in t.GetCustomAttributes(typeof(SteamStubUnpackerAttribute), false) select t).ToList(); // Print out the known unpackers we found.. Output("Found the following unpackers (internal):", ConsoleOutputType.Info); foreach (var attr in unpackers.Select(unpacker => (SteamStubUnpackerAttribute)unpacker.GetCustomAttributes(typeof(SteamStubUnpackerAttribute), false).FirstOrDefault())) Output(string.Format(" >> Unpacker: {0} - by: {1}", attr.Name, attr.Author), ConsoleOutputType.Custom, ConsoleColor.Yellow); Console.WriteLine(); // Process function to try and handle the file.. Func<bool> processed = () => { // Obtain the .bind section data.. var bindSectionData = file.GetSectionData(".bind"); // Attempt to process the file.. return (from unpacker in unpackers let attr = (SteamStubUnpackerAttribute)unpacker.GetCustomAttributes(typeof(SteamStubUnpackerAttribute), false).FirstOrDefault() where attr != null where Helpers.FindPattern(bindSectionData, attr.Pattern) != 0 select Activator.CreateInstance(unpacker) as SteamStubUnpacker).Select(stubUnpacker => stubUnpacker.Process(file)).FirstOrDefault(); }; // Process the file.. if (!processed()) { Console.WriteLine(); Output("Failed to process file.", ConsoleOutputType.Error); } } // Pause the console so newbies can read the results.. Console.WriteLine(); Console.WriteLine("Press any key to exit..."); Console.ReadKey(); }
/// <summary> /// Processing function called when a file is being unpacked. Allows plugins to check the file /// and see if it can handle the file for its intended purpose. /// </summary> /// <param name="file"></param> /// <returns></returns> public override bool CanProcessFile(string file) { try { // Load the file.. var f = new Pe64File(file); if (!f.Parse() || !f.IsFile64Bit() || !f.HasSection(".bind")) { return(false); } // Obtain the bind section data.. var bind = f.GetSectionData(".bind"); // Attempt to locate the known v3.x signature.. var varient = Pe64Helpers.FindPattern(bind, "E8 00 00 00 00 50 53 51 52 56 57 55 41 50"); if (varient == 0) { return(false); } // Attempt to determine the varient version.. var offset = Pe64Helpers.FindPattern(bind, "48 8D 91 ?? ?? ?? ?? 48"); // 3.0 if (offset == 0) { offset = Pe64Helpers.FindPattern(bind, "48 8D 91 ?? ?? ?? ?? 41"); // 3.1 } if (offset == 0) { offset = Pe64Helpers.FindPattern(bind, "48 C7 84 24 ?? ?? ?? ?? ?? ?? ?? ?? 48"); // 3.1.2 if (offset > 0) { offset += 5; } } // Ensure a pattern was found.. if (offset == 0) { return(false); } // Read the header size.. (The header size is only 32bit!) var headerSize = Math.Abs(BitConverter.ToInt32(bind, (int)offset + 3)); // Check for the known 3.1 header size.. return(headerSize == 0xF0); } catch { return(false); } }
/// <summary> /// Processes the given file in attempt to unpack the Steam Stub variant 4. /// </summary> /// <param name="file"></param> /// <returns></returns> public override bool Process(Pe64File file) { Program.Output("File is packed with SteamStub Variant #4!", ConsoleOutputType.Info); // Store the file object being processed.. this.File = file; // Step #1 - Read the steam stub header. Program.Output("Info: Unpacker Stage #1", ConsoleOutputType.Custom, ConsoleColor.Magenta); if (!this.Step1()) { return(false); } // Step #2 - Read the payload. Program.Output("Info: Unpacker Stage #2", ConsoleOutputType.Custom, ConsoleColor.Magenta); if (!this.Step2()) { return(false); } // Step #3 - Read the SteamDRMP.dll file. Program.Output("Info: Unpacker Stage #3", ConsoleOutputType.Custom, ConsoleColor.Magenta); if (!this.Step3()) { return(false); } // Step #4 - Read the code section. Program.Output("Info: Unpacker Stage #4", ConsoleOutputType.Custom, ConsoleColor.Magenta); if (!this.Step4()) { return(false); } // Step #5 - Save the file. Program.Output("Info: Unpacker Stage #5", ConsoleOutputType.Custom, ConsoleColor.Magenta); if (!this.Step5()) { return(false); } Program.Output("Processed the file successfully!", ConsoleOutputType.Success); return(true); }
/// <summary> /// Processing function called when a file is being unpacked. Allows plugins to check the file /// and see if it can handle the file for its intended purpose. /// </summary> /// <param name="file"></param> /// <returns></returns> public override bool CanProcessFile(string file) { try { // Load the file.. var f = new Pe64File(file); if (!f.Parse() || !f.IsFile64Bit() || !f.HasSection(".bind")) { return(false); } // Check for the known 3.0 header sizes.. var headerSize = this.GetHeaderSize(f); return(headerSize == 0xB0 || headerSize == 0xD0); } catch { return(false); } }
/// <summary> /// /// </summary> /// <param name="file"></param> /// <returns></returns> public abstract bool Process(Pe64File file);
/// <summary> /// Application entry point. /// </summary> /// <param name="args"></param> private static void Main(string[] args) { // Print the application header.. PrintHeader(); // Parse the command line arguments.. Arguments = new List <string>(); Arguments.AddRange(Environment.GetCommandLineArgs()); // Ensure a file was given.. if (args.Length == 0 || string.IsNullOrEmpty(args[0])) { PrintHelp(); } else { // Load the file and ensure it is valid.. var file = new Pe64File(args[0]); if (!file.Parse() || file.IsFile32Bit() || !file.HasSection(".bind")) { return; } // Build a list of known unpackers within our local source.. var unpackers = (from t in Assembly.GetExecutingAssembly().GetTypes() from a in t.GetCustomAttributes(typeof(SteamStubUnpackerAttribute), false) select t).ToList(); // Print out the known unpackers we found.. Output("Found the following unpackers (internal):", ConsoleOutputType.Info); foreach (var attr in unpackers.Select(unpacker => (SteamStubUnpackerAttribute)unpacker.GetCustomAttributes(typeof(SteamStubUnpackerAttribute), false).FirstOrDefault())) { Output(string.Format(" >> Unpacker: {0} - by: {1}", attr.Name, attr.Author), ConsoleOutputType.Custom, ConsoleColor.Yellow); } Console.WriteLine(); // Process function to try and handle the file.. Func <bool> processed = () => { // Obtain the .bind section data.. var bindSectionData = file.GetSectionData(".bind"); // Attempt to process the file.. return((from unpacker in unpackers let attr = (SteamStubUnpackerAttribute)unpacker.GetCustomAttributes(typeof(SteamStubUnpackerAttribute), false).FirstOrDefault() where attr != null where Helpers.FindPattern(bindSectionData, attr.Pattern) != 0 select Activator.CreateInstance(unpacker) as SteamStubUnpacker).Select(stubUnpacker => stubUnpacker.Process(file)).FirstOrDefault()); }; // Process the file.. if (!processed()) { Console.WriteLine(); Output("Failed to process file.", ConsoleOutputType.Error); } } // Pause the console so newbies can read the results.. Console.WriteLine(); Console.WriteLine("Press any key to exit..."); Console.ReadKey(); }
/// <summary> /// Processes the given file in attempt to unpack the Steam Stub variant 4. /// </summary> /// <param name="file"></param> /// <returns></returns> public override bool Process(Pe64File file) { Program.Output("File is packed with SteamStub Variant #4!", ConsoleOutputType.Info); // Store the file object being processed.. this.File = file; // Step #1 - Read the steam stub header. Program.Output("Info: Unpacker Stage #1", ConsoleOutputType.Custom, ConsoleColor.Magenta); if (!this.Step1()) return false; // Step #2 - Read the payload. Program.Output("Info: Unpacker Stage #2", ConsoleOutputType.Custom, ConsoleColor.Magenta); if (!this.Step2()) return false; // Step #3 - Read the SteamDRMP.dll file. Program.Output("Info: Unpacker Stage #3", ConsoleOutputType.Custom, ConsoleColor.Magenta); if (!this.Step3()) return false; // Step #4 - Read the code section. Program.Output("Info: Unpacker Stage #4", ConsoleOutputType.Custom, ConsoleColor.Magenta); if (!this.Step4()) return false; // Step #5 - Save the file. Program.Output("Info: Unpacker Stage #5", ConsoleOutputType.Custom, ConsoleColor.Magenta); if (!this.Step5()) return false; Program.Output("Processed the file successfully!", ConsoleOutputType.Success); return true; }