Beispiel #1
0
        private void Button_Click(object sender, RoutedEventArgs e)
        {
            var time   = DateTime.Now.ToString("hh:mm:ss");
            var module = ModuleDefMD.Load(LoadBox.Text);

            if (StringEnc.IsChecked == true)
            {
                StringEncPhase.Execute(module);
                ConsoleLog.Foreground = Brushes.Aqua;
                ConsoleLog.AppendText($"{time} Processing String Encryption{Environment.NewLine}");
            }

            if (SOD.IsChecked == true)
            {
                OnlinePhase.Execute(module);
                ConsoleLog.AppendText($"{time} Processing Online Decryption{Environment.NewLine}");
            }

            if (Cflow.IsChecked == true)
            {
                ControlFlowObfuscation.Execute(module);
                ConsoleLog.AppendText($"{time} Processing Control Flow{Environment.NewLine}");
            }

            if (IntConf.IsChecked == true)
            {
                AddIntPhase.Execute2(module);
                ConsoleLog.AppendText($"{time} Processing Int Confusion{Environment.NewLine}");
            }

            if (SUC.IsChecked == true)
            {
                StackUnfConfusion.Execute(module);
                ConsoleLog.AppendText($"{time} Processing StackUnfConfusion{Environment.NewLine}");
            }

            if (Ahri.IsChecked == true)
            {
                Arithmetic.Execute(module);
                ConsoleLog.AppendText($"{time} Processing Arithmetic{Environment.NewLine}");
            }

            if (LF.IsChecked == true)
            {
                L2F.Execute(module);
                ConsoleLog.AppendText($"{time} Processing Local Field{Environment.NewLine}");
            }

            if (LFV2.IsChecked == true)
            {
                L2FV2.Execute(module);
                ConsoleLog.AppendText($"{time} Processing Local Field V2{Environment.NewLine}");
            }

            if (Calli_.IsChecked == true)
            {
                Calli.Execute(module);
                ConsoleLog.AppendText($"{time} Processing Call To Calli{Environment.NewLine}");
            }

            if (Proxy_String.IsChecked == true)
            {
                ProxyString.Execute(module);
                ConsoleLog.AppendText($"{time} Processing Proxy Strings{Environment.NewLine}");
            }

            if (ProxyConstants.IsChecked == true)
            {
                ProxyINT.Execute(module);
                ConsoleLog.AppendText($"{time} Processing Proxy Constants{Environment.NewLine}");
            }

            if (Proxy_Meth.IsChecked == true)
            {
                ProxyMeth.Execute(module);
                ConsoleLog.AppendText($"{time} Processing Proxy Methods{Environment.NewLine}");
            }

            if (Renamer.IsChecked == true)
            {
                RenamerPhase.Execute(module);
                ConsoleLog.AppendText($"{time} Processing Renaming{Environment.NewLine}");
            }

            if (Anti_De4dot.IsChecked == true)
            {
                AntiDe4dot.Execute(module.Assembly);
                ConsoleLog.AppendText($"{time} Processing Anti De4dot{Environment.NewLine}");
            }

            if (JumpCflow.IsChecked == true)
            {
                JumpCFlow.Execute(module);
                ConsoleLog.AppendText($"{time} Processing Jump Control flow{Environment.NewLine}");
            }

            if (AntiDebug.IsChecked == true)
            {
                Anti_Debug.Execute(module);
                ConsoleLog.AppendText($"{time} Processing Anti Debug{Environment.NewLine}");
            }

            if (Anti_Dump.IsChecked == true)
            {
                AntiDump.Execute(module);
                ConsoleLog.AppendText($"{time} Processing Anti Dump{Environment.NewLine}");
            }

            if (AntiTamper.IsChecked == true)
            {
                Protection.Anti.AntiTamper.Execute(module);
                ConsoleLog.AppendText($"{time} Processing Anti Tamper{Environment.NewLine}");
            }

            if (InvalidMD.IsChecked == true)
            {
                InvalidMDPhase.Execute(module.Assembly);
                ConsoleLog.AppendText($"{time} Processing Invalid MetaData{Environment.NewLine}");
            }

            var text2 = Path.GetDirectoryName(LoadBox.Text);

            if (text2 != null && !text2.EndsWith("\\"))
            {
                text2 += "\\";
            }

            var path = $"{text2}{Path.GetFileNameWithoutExtension(LoadBox.Text)}_protected{Path.GetExtension(LoadBox.Text)}";

            module.Write(path,
                         new ModuleWriterOptions(module)
            {
                PEHeadersOptions = { NumberOfRvaAndSizes = 13 }, Logger = DummyLogger.NoThrowInstance
            });

            ConsoleLog.AppendText($"{time} {path}");

            if (AntiTamper.IsChecked == true)
            {
                Protection.Anti.AntiTamper.Sha256(path);
            }
        }
        static void Main(string[] args)
        {
            #region Initialize

            Console.Title = "Rzy Protector V2 Unpacker - by illuZion#9999";
            WriteTitle();

            if (args.Length != 1)
            {
                Write("Please, drag 'n' drop the file to unpack!", Type.Error);
                Leave();
            }

            string directory = args[0];
            try
            {
                Module = ModuleDefMD.Load(directory);
            }
            catch
            {
                Write("Not a .NET Assembly...", Type.Error);
                Leave();
            }

            #endregion Initialize

            #region Unpack

            HideMethods.Execute(Module);
            CallToCalli.Execute(Module);
            EmptyTypes.Execute(Module);
            Maths(Module);
            LocalToField.Execute(Module);
            Constants.Execute(Module);
            Maths(Module);
            StringProtection.Execute(Module);

            FakeObfuscator.Execute(Module);
            AntiIlDasm.Execute(Module);
            AntiDe4dot.Execute(Module);
            AntiDnspy.Execute(Module);
            AntiVm.Execute(Module);
            AntiDebug.Execute(Module);
            AntiDump.Execute(Module);

            RemoveNops.Execute(Module);

            #endregion Unpack

            #region Save the file

            Write("Saving the unpacked file...");

            string text = Path.GetDirectoryName(directory);
            if (text == null)
            {
                Leave();
            }
            // We can disable the possible null exception as the Leave method closes the program (but Resharper does not detect it).
            // ReSharper disable once PossibleNullReferenceException
            text += !text.EndsWith("\\") ? "\\" : null;
            string filename =
                $"{text}{Path.GetFileNameWithoutExtension(directory)}-Unpacked{Path.GetExtension(directory)}";

            var writerOptions = new ModuleWriterOptions(Module);
            writerOptions.MetadataOptions.Flags |= MetadataFlags.PreserveAll;
            writerOptions.Logger = DummyLogger.NoThrowInstance;

            var nativewriterOptions = new NativeModuleWriterOptions(Module, true);
            nativewriterOptions.MetadataOptions.Flags |= MetadataFlags.PreserveAll;
            nativewriterOptions.Logger = DummyLogger.NoThrowInstance;

            if (Module.IsILOnly)
            {
                Module.Write(filename, writerOptions);
            }
            else
            {
                Module.NativeWrite(filename, nativewriterOptions);
            }

            Write($"File saved at: {filename}", Type.Success);
            Leave();

            #endregion Save the file
        }