public void NewTypeDefinition() { var module = ModuleDefinition.FromBytes(Properties.Resources.HelloWorld); // Create new type. var type = new TypeDefinition("Namespace", "Name", TypeAttributes.Interface);; module.TopLevelTypes.Add(type); // Rebuild. var builder = new ManagedPEImageBuilder(); var result = builder.CreateImage(module); // Assert valid token. var newToken = result.TokenMapping[type]; Assert.NotEqual(0u, newToken.Rid); // Assert token resolves to the new type. var newModule = ModuleDefinition.FromImage(result.ConstructedImage); var newType = (TypeDefinition)newModule.LookupMember(newToken); Assert.Equal(type.Namespace, newType.Namespace); Assert.Equal(type.Name, newType.Name); }
public void NewTypeSpecification() { var module = ModuleDefinition.FromBytes(Properties.Resources.HelloWorld); // Import arbitrary generic method. var importer = new ReferenceImporter(module); var specification = importer.ImportType(typeof(List <object>)); // Ensure method reference is added to the module by referencing it in main. var instructions = module.ManagedEntrypointMethod.CilMethodBody.Instructions; instructions.Insert(0, CilOpCodes.Ldtoken, specification); instructions.Insert(1, CilOpCodes.Pop); // Rebuild. var builder = new ManagedPEImageBuilder(); var result = builder.CreateImage(module); // Assert valid token. var newToken = result.TokenMapping[specification]; Assert.NotEqual(0u, newToken.Rid); // Assert token resolves to the same method reference. var newModule = ModuleDefinition.FromImage(result.ConstructedImage); var newReference = (TypeSpecification)newModule.LookupMember(newToken); Assert.Equal(specification.Name, newReference.Name); }
public void NewTypeReference() { var module = ModuleDefinition.FromBytes(Properties.Resources.HelloWorld); // Import arbitrary type as reference. var importer = new ReferenceImporter(module); var reference = importer.ImportType(typeof(MemoryStream)); // Ensure type ref is added to the module by adding a dummy field referencing it. module.GetOrCreateModuleType().Fields.Add(new FieldDefinition( "MyField", FieldAttributes.Public | FieldAttributes.Static, FieldSignature.CreateStatic(reference.ToTypeSignature()))); // Rebuild. var builder = new ManagedPEImageBuilder(); var result = builder.CreateImage(module); // Assert valid token. var newToken = result.TokenMapping[reference]; Assert.NotEqual(0u, newToken.Rid); // Assert token resolves to the same type reference. var newModule = ModuleDefinition.FromImage(result.ConstructedImage); var newReference = (TypeReference)newModule.LookupMember(newToken); Assert.Equal(reference.Namespace, newReference.Namespace); Assert.Equal(reference.Name, newReference.Name); }
public void NewMemberReference() { var module = ModuleDefinition.FromBytes(Properties.Resources.HelloWorld); // Import arbitrary method. var importer = new ReferenceImporter(module); var reference = importer.ImportMethod(typeof(MemoryStream).GetConstructor(Type.EmptyTypes)); // Ensure method reference is added to the module by referencing it in main. var instructions = module.ManagedEntrypointMethod.CilMethodBody.Instructions; instructions.Insert(0, CilOpCodes.Newobj, reference); instructions.Insert(1, CilOpCodes.Pop); // Rebuild. var builder = new ManagedPEImageBuilder(); var result = builder.CreateImage(module); // Assert valid token. var newToken = result.TokenMapping[reference]; Assert.NotEqual(0u, newToken.Rid); // Assert token resolves to the same method reference. var newModule = ModuleDefinition.FromImage(result.ConstructedImage); var newReference = (MemberReference)newModule.LookupMember(newToken); Assert.Equal(reference.Name, newReference.Name); }
public void ComputeMaxStackOnBuildOverride(bool computeMaxStack, bool?computeMaxStackOverride, int expectedMaxStack) { const int maxStack = 100; var module = new ModuleDefinition("SomeModule", KnownCorLibs.SystemPrivateCoreLib_v4_0_0_0); var main = new MethodDefinition( "Main", MethodAttributes.Public | MethodAttributes.Static, MethodSignature.CreateStatic(module.CorLibTypeFactory.Void)); main.CilMethodBody = new CilMethodBody(main) { ComputeMaxStackOnBuild = computeMaxStack, MaxStack = maxStack, Instructions = { new CilInstruction(CilOpCodes.Ret) }, LocalVariables = { new CilLocalVariable(module.CorLibTypeFactory.Int32) } // Force fat method body. }; module.GetOrCreateModuleType().Methods.Add(main); module.ManagedEntrypoint = main; var builder = new ManagedPEImageBuilder(new DotNetDirectoryFactory { MethodBodySerializer = new CilMethodBodySerializer { ComputeMaxStackOnBuildOverride = computeMaxStackOverride } }); var newImage = builder.CreateImage(module); var newModule = ModuleDefinition.FromImage(newImage); Assert.Equal(expectedMaxStack, newModule.ManagedEntrypointMethod.CilMethodBody.MaxStack); }
public void NewMethodDefinition() { var module = ModuleDefinition.FromBytes(Properties.Resources.HelloWorld); // Create new method. var method = new MethodDefinition( "MyMethod", MethodAttributes.Public | MethodAttributes.Static, MethodSignature.CreateStatic(module.CorLibTypeFactory.Void)); module.GetOrCreateModuleType().Methods.Add(method); // Get existing main method. var main = module.ManagedEntrypointMethod; // Rebuild. var builder = new ManagedPEImageBuilder(); var result = builder.CreateImage(module); // Assert valid tokens for both methods. var methodToken = result.TokenMapping[method]; var mainMethodToken = result.TokenMapping[main]; Assert.NotEqual(0u, methodToken.Rid); Assert.NotEqual(0u, mainMethodToken.Rid); // Assert tokens resolve to the same methods. var newModule = ModuleDefinition.FromImage(result.ConstructedImage); var newMethod = (MethodDefinition)newModule.LookupMember(methodToken); Assert.Equal(method.Name, newMethod.Name); var newMain = (MethodDefinition)newModule.LookupMember(mainMethodToken); Assert.Equal(main.Name, newMain.Name); }
private static void SerializeImageToDisk( DevirtualisationOptions options, DevirtualisationContext context, ModuleDefinition module, string fileName) { var imageBuilder = new ManagedPEImageBuilder(); var result = imageBuilder.CreateImage(module); if (result.DiagnosticBag.IsFatal) { throw new AggregateException(result.DiagnosticBag.Exceptions); } foreach (var error in result.DiagnosticBag.Exceptions) { context.Logger.Error(Tag, error.Message); } var fileBuilder = new ManagedPEFileBuilder(); var file = fileBuilder.CreateFile(result.ConstructedImage); file.Write(Path.Combine(options.OutputOptions.RootDirectory, fileName)); }
public void NewFieldDefinition() { var module = ModuleDefinition.FromBytes(Properties.Resources.HelloWorld); // Create new field. var field = new FieldDefinition( "MyField", FieldAttributes.Public | FieldAttributes.Static, FieldSignature.CreateStatic(module.CorLibTypeFactory.Object)); module.GetOrCreateModuleType().Fields.Add(field); // Rebuild. var builder = new ManagedPEImageBuilder(); var result = builder.CreateImage(module); // Assert valid token. var newToken = result.TokenMapping[field]; Assert.NotEqual(0u, newToken.Rid); // Assert token resolves to the new field. var newModule = ModuleDefinition.FromImage(result.ConstructedImage); var newField = (FieldDefinition)newModule.LookupMember(newToken); Assert.Equal(field.Name, newField.Name); }
public void NewStandaloneSignature() { var module = ModuleDefinition.FromBytes(Properties.Resources.HelloWorld); // Import arbitrary method signature. var importer = new ReferenceImporter(module); var signature = new StandAloneSignature( importer.ImportMethodSignature(MethodSignature.CreateStatic(module.CorLibTypeFactory.Void))); // Ensure reference is added to the module by referencing it in main. var instructions = module.ManagedEntrypointMethod.CilMethodBody.Instructions; instructions.Insert(0, CilOpCodes.Ldnull); instructions.Insert(0, CilOpCodes.Calli, signature); // Rebuild. var builder = new ManagedPEImageBuilder(); var result = builder.CreateImage(module); // Assert valid token. var newToken = result.TokenMapping[signature]; Assert.NotEqual(0u, newToken.Rid); // Assert token resolves to the same method reference. var newModule = ModuleDefinition.FromImage(result.ConstructedImage); var newSignature = (StandAloneSignature)newModule.LookupMember(newToken); Assert.Equal((CallingConventionSignature)signature.Signature, newSignature.Signature as CallingConventionSignature, new SignatureComparer()); }
private static FieldDefinition RebuildAndLookup(FieldDefinition field) { var builder = new ManagedPEImageBuilder(); var newImage = builder.CreateImage(field.Module).ConstructedImage; var newModule = ModuleDefinition.FromImage(newImage); return(LookupFieldInModule(newModule, field.Name)); }
private static MethodDefinition RebuildAndLookup(MethodDefinition method) { var builder = new ManagedPEImageBuilder(); var newImage = builder.CreateImage(method.Module).ConstructedImage; var newModule = ModuleDefinition.FromImage(newImage); return(LookupMethodInModule(newModule, method.Name)); }
protected static ModuleDefinition RebuildAndReloadModule(ModuleDefinition module, MetadataBuilderFlags builderFlags) { var builder = new ManagedPEImageBuilder { DotNetDirectoryFactory = new DotNetDirectoryFactory(builderFlags) }; var newImage = builder.CreateImage(module).ConstructedImage; return(ModuleDefinition.FromImage(newImage)); }
/// <summary> /// Saves Assembly After Modifications /// </summary> public void SaveContext() { string NewPath = PathIs.Insert(PathIs.Length - 4, "HereWeGo"); // Thx 4 drakoniа#0601 for the insert trick :D if (DnModule != null) { if (DnModule.IsILOnly) { var MangedWriter = new ModuleWriterOptions(DnModule) { Logger = DummyLogger.NoThrowInstance, MetadataOptions = { Flags = MetadataFlags.PreserveAll } }; DnModule.Write(NewPath.Replace("HereWeGo", "-DnLibed"), MangedWriter); Log.Info("Done Saved Manged Dnlib Module"); } else { var UnMangedWriter = new NativeModuleWriterOptions(DnModule, false) { Logger = DummyLogger.NoThrowInstance, MetadataOptions = { Flags = MetadataFlags.PreserveAll } }; DnModule.NativeWrite(NewPath.Replace("HereWeGo", "-DnLibed"), UnMangedWriter); Log.Info("Done Saved Native Dnlib Module"); } } if (AsmModule != null) { var IMPEIB = new ManagedPEImageBuilder() { DotNetDirectoryFactory = new DotNetDirectoryFactory() { MetadataBuilderFlags = MetadataBuilderFlags.PreserveAll, MethodBodySerializer = new CilMethodBodySerializer { ComputeMaxStackOnBuildOverride = false } } }; var IR = IMPEIB.CreateImage(AsmModule); var FBuilder = new ManagedPEFileBuilder(); var File = FBuilder.CreateFile(IR.ConstructedImage); if (!IR.DiagnosticBag.IsFatal) { File.Write(NewPath.Replace("HereWeGo", "-AsmResolved")); // Ignore Errors. } else { AsmModule.Write(NewPath.Replace("HereWeGo", "-AsmResolved"), IMPEIB); } Log.Info("Done Saved AsmResolver Module"); } }
static void Main(string[] args) { //Support multiple decryption methods later (other value-types) //Maybe change the second phase to find the method by getting the user to give us the mdtoken Console.Title = "DynamicStringDecrypter - By N0P"; LoadAssembly(args[0]); var decryptionMethod = GetDecryptionMethod(); if (decryptionMethod != null) { Console.WriteLine($"Found Decryption Method[{decryptionMethod.Name}]"); DecryptVariables(decryptionMethod); } else { Console.WriteLine("Failed to find decryption method! Please provide the method name:"); decryptionMethod = GetDecryptionMethodByName(Console.ReadLine()); if (decryptionMethod != null) { Console.WriteLine($"Found Decryption Method[{decryptionMethod.Name}]"); DecryptVariables(decryptionMethod); } else { Console.WriteLine("Sorry looks like we yet again failed. Closing app"); } } Console.WriteLine($"[{_DecryptedCount}] Variables Sucessfully Decrypted"); Console.WriteLine($"[{_FailedCount}] Variables Unsuccessfully Decrypted"); var imageBuilder = new ManagedPEImageBuilder(); var factory = new DotNetDirectoryFactory(); factory.MetadataBuilderFlags = MetadataBuilderFlags.PreserveAll; factory.MethodBodySerializer = new CilMethodBodySerializer { ComputeMaxStackOnBuildOverride = false }; imageBuilder.DotNetDirectoryFactory = factory; if (_AssemblyPath.Contains(".dll")) { _Assembly.ManifestModule.Write(Path.GetFileNameWithoutExtension(_AssemblyPath) + "-deob.dll", imageBuilder); } else { _Assembly.ManifestModule.Write(Path.GetFileNameWithoutExtension(_AssemblyPath) + "-deob.exe", imageBuilder); } Console.WriteLine("Done!"); Console.ReadKey(); }
protected static ModuleDefinition RebuildAndReloadModule(ModuleDefinition module, MetadataBuilderFlags builderFlags) { var builder = new ManagedPEImageBuilder { DotNetDirectoryFactory = new DotNetDirectoryFactory(builderFlags) }; var result = builder.CreateImage(module); if (result.DiagnosticBag.HasErrors) { throw new AggregateException(result.DiagnosticBag.Exceptions); } var newImage = result.ConstructedImage; return(ModuleDefinition.FromImage(newImage)); }