void PerformMethod(MethodDefinition mtd, NameMode mode)
{
if (GetRenOk(mtd))
{
mtd.Name = ObfuscationHelper.GetNewName(mtd.Name, mode);
Identifier id = (Identifier)(mtd as IAnnotationProvider).Annotations[NameAnalyzer.RenId];
Identifier n = id;
n.scope = mtd.DeclaringType.FullName;
n.name = mtd.Name;
foreach (IReference refer in (mtd as IAnnotationProvider).Annotations[NameAnalyzer.RenRef] as List <IReference> )
{
refer.UpdateReference(id, n);
}
foreach (ParameterDefinition para in mtd.Parameters)
{
para.Name = ObfuscationHelper.GetNewName(para.Name, mode);
}
}
//Variable names are stored in pdb, so no need to rename
//if (mtd.HasBody)
//{
// foreach (VariableDefinition var in mtd.Body.Variables)
// {
// var.Name = ObfuscationHelper.GetNewName(var.Name, mode);
// }
//}
}
void PerformMethod(MethodDefinition mtd)
{
if ((bool)(mtd as IAnnotationProvider).Annotations["RenOk"])
{
mtd.Name = ObfuscationHelper.GetNewName(mtd.Name);
Identifier id = (Identifier)(mtd as IAnnotationProvider).Annotations["RenId"];
Identifier n = id;
n.scope = mtd.DeclaringType.FullName;
n.name = mtd.Name;
foreach (IReference refer in (mtd as IAnnotationProvider).Annotations["RenRef"] as List <IReference> )
{
refer.UpdateReference(id, n);
}
}
foreach (ParameterDefinition para in mtd.Parameters)
{
para.Name = ObfuscationHelper.GetNewName(para.Name);
}
if (mtd.HasBody)
{
foreach (VariableDefinition var in mtd.Body.Variables)
{
var.Name = ObfuscationHelper.GetNewName(var.Name);
}
}
}
public override void Process(ConfusionParameter parameter)
{
IMemberDefinition mem = parameter.Target as IMemberDefinition;
if (GetCancel(mem))
{
return;
}
if (mem is TypeDefinition)
{
TypeDefinition type = mem as TypeDefinition;
if (GetRenOk(type))
{
string originalName = type.Name;
string originalFName = TypeParser.ToParseable(type);
var mode = (NameMode)(mem.Module as IAnnotationProvider).Annotations[NameAnalyzer.RenMode];
type.Name = ObfuscationHelper.GetNewName(originalFName, mode);
switch (mode)
{
case NameMode.Unreadable:
type.Namespace = ""; break;
case NameMode.ASCII:
type.Namespace = " "; break;
case NameMode.Letters:
type.Namespace = "BANANA"; break;
}
Identifier id = (Identifier)(type as IAnnotationProvider).Annotations[NameAnalyzer.RenId];
Identifier n = id;
n.name = CecilHelper.GetName(type);
n.scope = CecilHelper.GetNamespace(type);
foreach (IReference refer in (type as IAnnotationProvider).Annotations[NameAnalyzer.RenRef] as List <IReference> )
{
refer.UpdateReference(id, n);
}
Database.AddEntry("Rename", originalName, type.Name);
}
}
else if (mem is MethodDefinition)
{
MethodDefinition mtd = mem as MethodDefinition;
PerformMethod(mtd);
}
else if (GetRenOk(mem as IAnnotationProvider))
{
mem.Name = ObfuscationHelper.GetNewName(mem.Name, (NameMode)(mem.Module as IAnnotationProvider).Annotations[NameAnalyzer.RenMode]);
Identifier id = (Identifier)(mem as IAnnotationProvider).Annotations[NameAnalyzer.RenId];
Identifier n = id;
n.scope = mem.DeclaringType.FullName;
n.name = mem.Name;
foreach (IReference refer in (mem as IAnnotationProvider).Annotations[NameAnalyzer.RenRef] as List <IReference> )
{
refer.UpdateReference(id, n);
}
}
}
public override void Process(ConfusionParameter parameter)
{
AssemblyDefinition i = AssemblyDefinition.ReadAssembly(typeof(Iid).Assembly.Location);
cion.root = CecilHelper.Inject(mod, i.MainModule.GetType("AntiTamper"));
mod.Types.Add(cion.root);
MethodDefinition cctor = mod.GetType("<Module>").GetStaticConstructor();
cctor.Body.GetILProcessor().InsertBefore(0, Instruction.Create(OpCodes.Call, cion.root.Methods.FirstOrDefault(mtd => mtd.Name == "Initalize")));
MethodDefinition init = cion.root.Methods.FirstOrDefault(mtd => mtd.Name == "Initalize");
foreach (Instruction inst in init.Body.Instructions)
{
if (inst.Operand is int)
{
switch ((int)inst.Operand)
{
case 0x11111111:
inst.Operand = cion.key0; break;
case 0x33333333:
inst.Operand = cion.key2; break;
case 0x44444444:
inst.Operand = cion.key3; break;
case 0x55555555:
inst.Operand = cion.key4; break;
}
}
else if (inst.Operand is long && (long)inst.Operand == 0x2222222222222222)
{
inst.Operand = cion.key1;
}
}
MethodDefinition dec = cion.root.Methods.FirstOrDefault(mtd => mtd.Name == "Decrypt");
foreach (Instruction inst in dec.Body.Instructions)
{
if (inst.Operand is int && (int)inst.Operand == 0x11111111)
{
inst.Operand = (int)cion.key5;
}
}
cion.root.Name = ObfuscationHelper.GetNewName("AntiTamperModule" + Guid.NewGuid().ToString());
cion.root.Namespace = "";
AddHelper(cion.root, HelperAttribute.NoInjection);
foreach (MethodDefinition mtdDef in cion.root.Methods)
{
mtdDef.Name = ObfuscationHelper.GetNewName(mtdDef.Name + Guid.NewGuid().ToString());
AddHelper(mtdDef, HelperAttribute.NoInjection);
}
}
public override void Process(ConfusionParameter parameter)
{
AssemblyDefinition self = AssemblyDefinition.ReadAssembly(typeof(Iid).Assembly.Location);
if (Array.IndexOf(parameter.GlobalParameters.AllKeys, "win32") != -1)
{
TypeDefinition type = CecilHelper.Inject(mod, self.MainModule.GetType("AntiDebugger"));
type.Methods.Remove(type.Methods.FirstOrDefault(mtd => mtd.Name == "AntiDebugSafe"));
type.Methods.Remove(type.Methods.FirstOrDefault(mtd => mtd.Name == "InitializeSafe"));
mod.Types.Add(type);
TypeDefinition modType = mod.GetType("<Module>");
ILProcessor psr = modType.GetStaticConstructor().Body.GetILProcessor();
psr.InsertBefore(psr.Body.Instructions.Count - 1, Instruction.Create(OpCodes.Call, type.Methods.FirstOrDefault(mtd => mtd.Name == "Initialize")));
type.Name = ObfuscationHelper.GetNewName("AntiDebugModule" + Guid.NewGuid().ToString());
type.Namespace = "";
AddHelper(type, HelperAttribute.NoInjection);
foreach (MethodDefinition mtdDef in type.Methods)
{
mtdDef.Name = ObfuscationHelper.GetNewName(mtdDef.Name + Guid.NewGuid().ToString());
AddHelper(mtdDef, HelperAttribute.NoInjection);
}
}
else
{
TypeDefinition type = CecilHelper.Inject(mod, self.MainModule.GetType("AntiDebugger"));
type.Methods.Remove(type.Methods.FirstOrDefault(mtd => mtd.Name == "AntiDebug"));
type.Methods.Remove(type.Methods.FirstOrDefault(mtd => mtd.Name == "Initialize"));
mod.Types.Add(type);
TypeDefinition modType = mod.GetType("<Module>");
ILProcessor psr = modType.GetStaticConstructor().Body.GetILProcessor();
psr.InsertBefore(psr.Body.Instructions.Count - 1, Instruction.Create(OpCodes.Call, type.Methods.FirstOrDefault(mtd => mtd.Name == "InitializeSafe")));
type.Name = ObfuscationHelper.GetNewName("AntiDebugModule" + Guid.NewGuid().ToString());
type.Namespace = "";
AddHelper(type, HelperAttribute.NoInjection);
foreach (MethodDefinition mtdDef in type.Methods)
{
mtdDef.Name = ObfuscationHelper.GetNewName(mtdDef.Name + Guid.NewGuid().ToString());
AddHelper(mtdDef, HelperAttribute.NoInjection);
}
}
}
public override void DeInitialize()
{
TypeDefinition modType = mod.GetType("<Module>");
AssemblyDefinition i = AssemblyDefinition.ReadAssembly(typeof(Iid).Assembly.Location);
mc.proxy = i.MainModule.GetType("Proxies").Methods.FirstOrDefault(mtd => mtd.Name == "MtdProxy");
mc.proxy = CecilHelper.Inject(mod, mc.proxy);
modType.Methods.Add(mc.proxy);
mc.proxy.IsAssembly = true;
mc.proxy.Name = ObfuscationHelper.GetNewName("Proxy" + Guid.NewGuid().ToString());
AddHelper(mc.proxy, 0);
mc.key = new Random().Next();
foreach (Instruction inst in mc.proxy.Body.Instructions)
{
if (inst.Operand is int && (int)inst.Operand == 0x12345678)
{
inst.Operand = mc.key; break;
}
}
}
public override void Process(ConfusionParameter parameter)
{
IMemberDefinition mem = parameter.Target as IMemberDefinition;
if (mem is TypeDefinition)
{
TypeDefinition type = mem as TypeDefinition;
if ((bool)(type as IAnnotationProvider).Annotations["RenOk"])
{
type.Name = ObfuscationHelper.GetNewName(type.FullName);
type.Namespace = "";
Identifier id = (Identifier)(type as IAnnotationProvider).Annotations["RenId"];
Identifier n = id;
n.name = type.Name;
n.scope = type.Namespace;
foreach (IReference refer in (type as IAnnotationProvider).Annotations["RenRef"] as List <IReference> )
{
refer.UpdateReference(id, n);
}
}
}
else if (mem is MethodDefinition)
{
MethodDefinition mtd = mem as MethodDefinition;
PerformMethod(mtd);
}
else if ((bool)(mem as IAnnotationProvider).Annotations["RenOk"])
{
mem.Name = ObfuscationHelper.GetNewName(mem.Name);
Identifier id = (Identifier)(mem as IAnnotationProvider).Annotations["RenId"];
Identifier n = id;
n.scope = mem.DeclaringType.FullName;
n.name = mem.Name;
foreach (IReference refer in (mem as IAnnotationProvider).Annotations["RenRef"] as List <IReference> )
{
refer.UpdateReference(id, n);
}
}
}
string GetSignatureO(MethodReference mbr)
{
return(ObfuscationHelper.GetNewName(GetSignature(mbr)));
}
string GetNameO(ParameterDefinition arg)
{
return(ObfuscationHelper.GetNewName(arg.Name));
}
string GetNameO(bool isVirt, MethodReference mbr)
{
return(ObfuscationHelper.GetNewName((isVirt ? "V>." : "") + mbr.ToString()));
}
string GetNameO(MethodReference mbr)
{
return(ObfuscationHelper.GetNewName(mbr.ToString()));
}
byte[] GetAsm()
{
AssemblyDefinition asm = AssemblyDefinition.CreateAssembly(new AssemblyNameDefinition(ObfuscationHelper.GetNewName(Guid.NewGuid().ToString()), new Version()), ObfuscationHelper.GetNewName(Guid.NewGuid().ToString()), ModuleKind.Dll);
foreach (KeyValuePair <string, byte[]> i in rc.dats)
{
asm.MainModule.Resources.Add(new EmbeddedResource(i.Key, ManifestResourceAttributes.Public, i.Value));
}
MemoryStream ms = new MemoryStream();
asm.Write(ms);
return(ms.ToArray());
}