VollRagm
/
apphost-extract
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

- Created apphost-extract-v2

Browse Source
master
VollRagm 3 years ago
parent 7de296a9fb
commit 08905b1747
13 changed files with 331 additions and 6 deletions
Show Stats Download Patch File Download Diff File

14
src/apphost-extract/TestProject/Program.cs
Unescape View File

@ -0,0 +1,14 @@
using System;
namespace TestProject
{
class Program
{
static void Main(string[] args)
{
Console.WriteLine("Hello World!");
Console.ReadLine();
}
}
}

8
src/apphost-extract/TestProject/TestProject.csproj
Unescape View File

@ -0,0 +1,8 @@
<Project Sdk="Microsoft.NET.Sdk">
<PropertyGroup>
<OutputType>Exe</OutputType>
<TargetFramework>net5.0</TargetFramework>
</PropertyGroup>
</Project>

43
src/apphost-extract/apphost-extract-v2/Analyzer.cs
Unescape View File

@ -0,0 +1,43 @@
using System;
using System.Collections.Generic;
using System.IO;
using System.Linq;
using System.Reflection.PortableExecutable;
using System.Text;
namespace apphost_extract_v2
{
public class Analyzer
{
private FileStream File;
public PEHeaders PEHeader;
private readonly byte[] VERSION_SIGNATURE = new byte[] { };
private const string VERSION_SIGNATURE_MASK = "";
public Analyzer(FileStream fs)
{
File = fs;
PEHeader = new PEHeaders(fs);
}
public SectionHeader GetSegment(string name)
{
var section = PEHeader.SectionHeaders.Where(x => x.Name == name).FirstOrDefault();
return section;
}
public ApphostVersion GetVersion()
{
}
}
public enum ApphostVersion
{
NET30,
NET31,
NET5
}
}

57
src/apphost-extract/apphost-extract-v2/Log.cs
Unescape View File

@ -0,0 +1,57 @@
using System;
public static class Log
{
public static void Critical(object value)
{
Color(ConsoleColor.Magenta);
Console.WriteLine("[!] " + value.ToString());
Color();
}
public static void Info(object value)
{
Color(ConsoleColor.Cyan);
Console.WriteLine("[+] " + value.ToString());
}
public static bool QueryYesNo(string question)
{
var input = QueryString(question);
if (input.ToLower().StartsWith("y")) return true;
else return false;
}
public static string QueryString(string question)
{
Color(ConsoleColor.Yellow);
Console.Write("[?] " + question);
Color();
return Console.ReadLine();
}
public static void Info(object value, ConsoleColor color)
{
Color(color);
Console.WriteLine("[+] " + value.ToString());
}
public static void Error(object value)
{
Color(ConsoleColor.Red);
Console.WriteLine("[-] " + value.ToString());
Color();
}
public static void Fatal(object value)
{
Error(value);
Console.ReadLine();
Environment.Exit(0);
}
private static void Color(ConsoleColor color = ConsoleColor.White)
{
Console.ForegroundColor = color;
}
}

11
src/apphost-extract/apphost-extract-v2/Models/IApphostFile.cs
Unescape View File

@ -0,0 +1,11 @@
using System;
using System.Collections.Generic;
using System.Text;
namespace apphost_extract_v2.Models
{
public interface IApphostFile
{
}
}

75
src/apphost-extract/apphost-extract-v2/Program.cs
Unescape View File

@ -0,0 +1,75 @@
using System;
using System.Diagnostics;
using System.IO;
using System.IO.MemoryMappedFiles;
using System.Reflection;
namespace apphost_extract_v2
{
class Program
{
static void Main(string[] args)
{
var file = "net31-fd.exe";
var fs = new FileStream(file, FileMode.Open, FileAccess.Read);
var d = new Analyzer(fs).GetTextSectionVA();
var pattern = new byte[] { 0x4c, 0x8D, 0x5, 0xE2, 0x8A, 0x00, 0x00 };
string mask = "xxxxxxx";
Log.Info("Scanning for pattern...");
Stopwatch sw = Stopwatch.StartNew();
var res = Util.PatternScan(fs, 0, (int)fs.Length, pattern, mask);
sw.Stop();
Log.Info("Found pattern at " + res[0].ToString("X8") + $" in {sw.ElapsedMilliseconds}ms");
/* Log.Info("apphost-extract by VollRagm\n", ConsoleColor.Yellow);
var path = GetPath(args);
// var file = AppHostFile.Open(path2);//path.FullName);
// Log.Info($"{file.Header.Manifest.FileEntries.Count} embedded file(s) found.");
var directory = Path.Combine(path.DirectoryName, path.Name.Remove(path.Name.Length - path.Extension.Length) + "_extracted");
Console.WriteLine();
Log.Info("Extracting...");
//file.ExtractAll(directory);
Console.WriteLine();
Log.Info("Done.");
// file.Close();
Console.ReadLine();*/
}
static FileInfo GetPath(string[] args)
{
try
{
var fileName = new FileInfo(Assembly.GetExecutingAssembly().Location).Name;
if (args.Length > 0)
{
if (File.Exists(args[0]))
{
return new FileInfo(args[0]);
}
else
{
Log.Fatal($"{args[0]} could not be found. Usage: {fileName} <path>");
}
}
else
{
Log.Fatal($"No File provided. Usage: {fileName} <path>");
}
}
catch (Exception ex)
{
Log.Fatal($"Could not get file: {ex.Message}");
}
return null;
}
}
}

43
src/apphost-extract/apphost-extract-v2/Util.cs
Unescape View File

@ -0,0 +1,43 @@
using System;
using System.Collections.Generic;
using System.IO;
using System.Text;
namespace apphost_extract_v2
{
public static class Util
{
public static int[] PatternScan(FileStream fs, int start, int length, byte[] pattern, string mask)
{
byte[] scanBuffer = new byte[length];
fs.Seek(start, SeekOrigin.Begin);
fs.Read(scanBuffer, 0, length);
List<int> scanResults = new List<int>();
for(int i = 0; i < scanBuffer.Length - pattern.Length; i++)
{
if (!IsMatch(scanBuffer, i, pattern, mask))
continue;
scanResults.Add(start + i);
}
return scanResults.ToArray();
}
//https://stackoverflow.com/a/283648/10724593
private static bool IsMatch(byte[] array, int position, byte[] candidate, string mask)
{
if (candidate.Length > (array.Length - position))
return false;
for (int i = 0; i < candidate.Length; i++)
if (mask[i] == 'x' && array[position + i] != candidate[i])
return false;
return true;
}
}
}

9
src/apphost-extract/apphost-extract-v2/apphost-extract-v2.csproj
Unescape View File

@ -0,0 +1,9 @@
<Project Sdk="Microsoft.NET.Sdk">
<PropertyGroup>
<OutputType>Exe</OutputType>
<TargetFramework>netcoreapp3.1</TargetFramework>
<RootNamespace>apphost_extract_v2</RootNamespace>
</PropertyGroup>
</Project>

14
src/apphost-extract/apphost-extract.sln
Unescape View File

@ -3,7 +3,11 @@ Microsoft Visual Studio Solution File, Format Version 12.00
# Visual Studio Version 16
VisualStudioVersion = 16.0.30204.135
MinimumVisualStudioVersion = 10.0.40219.1
Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "apphost-extract", "apphost-extract\apphost-extract.csproj", "{150E6D0D-598E-40E7-B7DD-3941F31E5C63}"
Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "apphost-extract", "apphost-extract\apphost-extract.csproj", "{150E6D0D-598E-40E7-B7DD-3941F31E5C63}"
EndProject
Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "TestProject", "TestProject\TestProject.csproj", "{35EC6BD7-EAA9-4898-BC0F-0D3F1F40E911}"
EndProject
Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "apphost-extract-v2", "apphost-extract-v2\apphost-extract-v2.csproj", "{5BEE71B9-BBDE-4C45-BE03-640119A2DC04}"
EndProject
Global
GlobalSection(SolutionConfigurationPlatforms) = preSolution
@ -15,6 +19,14 @@ Global
{150E6D0D-598E-40E7-B7DD-3941F31E5C63}.Debug|Any CPU.Build.0 = Debug|Any CPU
{150E6D0D-598E-40E7-B7DD-3941F31E5C63}.Release|Any CPU.ActiveCfg = Release|Any CPU
{150E6D0D-598E-40E7-B7DD-3941F31E5C63}.Release|Any CPU.Build.0 = Release|Any CPU
{35EC6BD7-EAA9-4898-BC0F-0D3F1F40E911}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
{35EC6BD7-EAA9-4898-BC0F-0D3F1F40E911}.Debug|Any CPU.Build.0 = Debug|Any CPU
{35EC6BD7-EAA9-4898-BC0F-0D3F1F40E911}.Release|Any CPU.ActiveCfg = Release|Any CPU
{35EC6BD7-EAA9-4898-BC0F-0D3F1F40E911}.Release|Any CPU.Build.0 = Release|Any CPU
{5BEE71B9-BBDE-4C45-BE03-640119A2DC04}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
{5BEE71B9-BBDE-4C45-BE03-640119A2DC04}.Debug|Any CPU.Build.0 = Debug|Any CPU
{5BEE71B9-BBDE-4C45-BE03-640119A2DC04}.Release|Any CPU.ActiveCfg = Release|Any CPU
{5BEE71B9-BBDE-4C45-BE03-640119A2DC04}.Release|Any CPU.Build.0 = Release|Any CPU
EndGlobalSection
GlobalSection(SolutionProperties) = preSolution
HideSolutionNode = FALSE

47
src/apphost-extract/apphost-extract/AppHostFile.cs
Unescape View File

@ -2,6 +2,7 @@
using System.Collections.Generic;
using System.IO;
using System.Linq;
using System.Reflection.PortableExecutable;
using System.Text;
using System.Threading.Tasks;
@ -12,18 +13,33 @@ namespace apphost_extract
private FileStream FileStream;
public AppHostFileHeader Header { get; set; }
private ApphostVersion Version { get; set; }
private const int HEADER_OFFSET_PTR = 0x27600;
private const int VERSION_OFFSET_NET3 = 0x1A3E8;
private const int HEADER_OFFSET_PTR_NET5 = 0x8E508;
private const int HEADER_OFFSET_PTR_NET3 = 0x27600;
public AppHostFile(FileStream fileStream)
{
FileStream = fileStream;
var headerVA = GetHeaderAddress(HEADER_OFFSET_PTR);
//RDATA = GetRDATASection(fileStream);
var ver = GetVersion(VERSION_OFFSET_NET3);
var headerVA = GetHeaderAddress(HEADER_OFFSET_PTR_NET3);
Header = new AppHostFileHeader(FileStream, headerVA);
}
private int GetRDATASection(FileStream fileStream)
{
var pefile = new PEReader(fileStream);
var sectionHeaders = pefile.PEHeaders.SectionHeaders;
return sectionHeaders.Where(header => header.Name == ".rdata").FirstOrDefault().VirtualAddress + 0x668;
}
public int GetHeaderAddress(int offset)
{
var buffer = new byte[16];
@ -32,6 +48,25 @@ namespace apphost_extract
return BitConverter.ToInt32(buffer, 0);
}
public ApphostVersion GetVersion(int offset)
{
FileStream.Seek(offset, SeekOrigin.Begin);
var buffer = new byte[10];
FileStream.Read(buffer, 0, buffer.Length);
var versionStr = Encoding.Unicode.GetString(buffer);
if (versionStr.StartsWith("3."))
{
Log.Info("Detected .NET Core 3.");
return ApphostVersion.NET3;
}
else
{
Log.Info("Could not detect .NET Core version, assumming .NET Core 5.");
return ApphostVersion.NET5;
}
}
public static AppHostFile Open(string path)
{
@ -77,4 +112,10 @@ namespace apphost_extract
FileStream.Close();
}
}
public enum ApphostVersion
{
NET5,
NET3
}
}

6
src/apphost-extract/apphost-extract/Program.cs
Unescape View File

@ -14,7 +14,11 @@ namespace apphost_extract
{
Log.Info("apphost-extract by VollRagm\n", ConsoleColor.Yellow);
var path = GetPath(args);
var file = AppHostFile.Open(path.FullName);
var path2 = "test.exe";
//var path2 = "AmongUsUnlocker.exe";
var file = AppHostFile.Open(path2);//path.FullName);
Log.Info($"{file.Header.Manifest.FileEntries.Count} embedded file(s) found.");
var directory = Path.Combine(path.DirectoryName, path.Name.Remove(path.Name.Length - path.Extension.Length) +"_extracted");

8
src/apphost-extract/apphost-extract/Properties/launchSettings.json
Unescape View File

@ -0,0 +1,8 @@
{
"profiles": {
"apphost-extract": {
"commandName": "Project",
"commandLineArgs": "AmongUsUnlocker.exe"
}
}
}

2
src/apphost-extract/apphost-extract/apphost-extract.csproj
Unescape View File

@ -1,6 +1,6 @@
<Project Sdk="Microsoft.NET.Sdk">
<PropertyGroup>
<TargetFramework>net5.0</TargetFramework>
<TargetFramework>netcoreapp3.1</TargetFramework>
<OutputType>Exe</OutputType>
<RootNamespace>apphost_extract</RootNamespace>
<GenerateAssemblyInfo>false</GenerateAssemblyInfo>

Write Preview
Loading…
Cancel
Save