public void NewTypeDefinition()
{
var module = ModuleDefinition.FromBytes(Properties.Resources.HelloWorld);
// Create new type.
var type = new TypeDefinition("Namespace", "Name", TypeAttributes.Interface);;
module.TopLevelTypes.Add(type);
// Rebuild.
var builder = new ManagedPEImageBuilder();
var result = builder.CreateImage(module);
// Assert valid token.
var newToken = result.TokenMapping[type];
Assert.NotEqual(0u, newToken.Rid);
// Assert token resolves to the new type.
var newModule = ModuleDefinition.FromImage(result.ConstructedImage);
var newType = (TypeDefinition)newModule.LookupMember(newToken);
Assert.Equal(type.Namespace, newType.Namespace);
Assert.Equal(type.Name, newType.Name);
}
public void NewTypeSpecification()
{
var module = ModuleDefinition.FromBytes(Properties.Resources.HelloWorld);
// Import arbitrary generic method.
var importer = new ReferenceImporter(module);
var specification = importer.ImportType(typeof(List <object>));
// Ensure method reference is added to the module by referencing it in main.
var instructions = module.ManagedEntrypointMethod.CilMethodBody.Instructions;
instructions.Insert(0, CilOpCodes.Ldtoken, specification);
instructions.Insert(1, CilOpCodes.Pop);
// Rebuild.
var builder = new ManagedPEImageBuilder();
var result = builder.CreateImage(module);
// Assert valid token.
var newToken = result.TokenMapping[specification];
Assert.NotEqual(0u, newToken.Rid);
// Assert token resolves to the same method reference.
var newModule = ModuleDefinition.FromImage(result.ConstructedImage);
var newReference = (TypeSpecification)newModule.LookupMember(newToken);
Assert.Equal(specification.Name, newReference.Name);
}
public void NewTypeReference()
{
var module = ModuleDefinition.FromBytes(Properties.Resources.HelloWorld);
// Import arbitrary type as reference.
var importer = new ReferenceImporter(module);
var reference = importer.ImportType(typeof(MemoryStream));
// Ensure type ref is added to the module by adding a dummy field referencing it.
module.GetOrCreateModuleType().Fields.Add(new FieldDefinition(
"MyField",
FieldAttributes.Public | FieldAttributes.Static,
FieldSignature.CreateStatic(reference.ToTypeSignature())));
// Rebuild.
var builder = new ManagedPEImageBuilder();
var result = builder.CreateImage(module);
// Assert valid token.
var newToken = result.TokenMapping[reference];
Assert.NotEqual(0u, newToken.Rid);
// Assert token resolves to the same type reference.
var newModule = ModuleDefinition.FromImage(result.ConstructedImage);
var newReference = (TypeReference)newModule.LookupMember(newToken);
Assert.Equal(reference.Namespace, newReference.Namespace);
Assert.Equal(reference.Name, newReference.Name);
}
public void NewMemberReference()
{
var module = ModuleDefinition.FromBytes(Properties.Resources.HelloWorld);
// Import arbitrary method.
var importer = new ReferenceImporter(module);
var reference = importer.ImportMethod(typeof(MemoryStream).GetConstructor(Type.EmptyTypes));
// Ensure method reference is added to the module by referencing it in main.
var instructions = module.ManagedEntrypointMethod.CilMethodBody.Instructions;
instructions.Insert(0, CilOpCodes.Newobj, reference);
instructions.Insert(1, CilOpCodes.Pop);
// Rebuild.
var builder = new ManagedPEImageBuilder();
var result = builder.CreateImage(module);
// Assert valid token.
var newToken = result.TokenMapping[reference];
Assert.NotEqual(0u, newToken.Rid);
// Assert token resolves to the same method reference.
var newModule = ModuleDefinition.FromImage(result.ConstructedImage);
var newReference = (MemberReference)newModule.LookupMember(newToken);
Assert.Equal(reference.Name, newReference.Name);
}
public void ComputeMaxStackOnBuildOverride(bool computeMaxStack, bool?computeMaxStackOverride, int expectedMaxStack)
{
const int maxStack = 100;
var module = new ModuleDefinition("SomeModule", KnownCorLibs.SystemPrivateCoreLib_v4_0_0_0);
var main = new MethodDefinition(
"Main",
MethodAttributes.Public | MethodAttributes.Static,
MethodSignature.CreateStatic(module.CorLibTypeFactory.Void));
main.CilMethodBody = new CilMethodBody(main)
{
ComputeMaxStackOnBuild = computeMaxStack,
MaxStack = maxStack,
Instructions = { new CilInstruction(CilOpCodes.Ret) },
LocalVariables = { new CilLocalVariable(module.CorLibTypeFactory.Int32) } // Force fat method body.
};
module.GetOrCreateModuleType().Methods.Add(main);
module.ManagedEntrypoint = main;
var builder = new ManagedPEImageBuilder(new DotNetDirectoryFactory
{
MethodBodySerializer = new CilMethodBodySerializer
{
ComputeMaxStackOnBuildOverride = computeMaxStackOverride
}
});
var newImage = builder.CreateImage(module);
var newModule = ModuleDefinition.FromImage(newImage);
Assert.Equal(expectedMaxStack, newModule.ManagedEntrypointMethod.CilMethodBody.MaxStack);
}
public void NewMethodDefinition()
{
var module = ModuleDefinition.FromBytes(Properties.Resources.HelloWorld);
// Create new method.
var method = new MethodDefinition(
"MyMethod",
MethodAttributes.Public | MethodAttributes.Static,
MethodSignature.CreateStatic(module.CorLibTypeFactory.Void));
module.GetOrCreateModuleType().Methods.Add(method);
// Get existing main method.
var main = module.ManagedEntrypointMethod;
// Rebuild.
var builder = new ManagedPEImageBuilder();
var result = builder.CreateImage(module);
// Assert valid tokens for both methods.
var methodToken = result.TokenMapping[method];
var mainMethodToken = result.TokenMapping[main];
Assert.NotEqual(0u, methodToken.Rid);
Assert.NotEqual(0u, mainMethodToken.Rid);
// Assert tokens resolve to the same methods.
var newModule = ModuleDefinition.FromImage(result.ConstructedImage);
var newMethod = (MethodDefinition)newModule.LookupMember(methodToken);
Assert.Equal(method.Name, newMethod.Name);
var newMain = (MethodDefinition)newModule.LookupMember(mainMethodToken);
Assert.Equal(main.Name, newMain.Name);
}
private static void SerializeImageToDisk(
DevirtualisationOptions options,
DevirtualisationContext context,
ModuleDefinition module,
string fileName)
{
var imageBuilder = new ManagedPEImageBuilder();
var result = imageBuilder.CreateImage(module);
if (result.DiagnosticBag.IsFatal)
{
throw new AggregateException(result.DiagnosticBag.Exceptions);
}
foreach (var error in result.DiagnosticBag.Exceptions)
{
context.Logger.Error(Tag, error.Message);
}
var fileBuilder = new ManagedPEFileBuilder();
var file = fileBuilder.CreateFile(result.ConstructedImage);
file.Write(Path.Combine(options.OutputOptions.RootDirectory, fileName));
}
public void NewFieldDefinition()
{
var module = ModuleDefinition.FromBytes(Properties.Resources.HelloWorld);
// Create new field.
var field = new FieldDefinition(
"MyField",
FieldAttributes.Public | FieldAttributes.Static,
FieldSignature.CreateStatic(module.CorLibTypeFactory.Object));
module.GetOrCreateModuleType().Fields.Add(field);
// Rebuild.
var builder = new ManagedPEImageBuilder();
var result = builder.CreateImage(module);
// Assert valid token.
var newToken = result.TokenMapping[field];
Assert.NotEqual(0u, newToken.Rid);
// Assert token resolves to the new field.
var newModule = ModuleDefinition.FromImage(result.ConstructedImage);
var newField = (FieldDefinition)newModule.LookupMember(newToken);
Assert.Equal(field.Name, newField.Name);
}
public void NewStandaloneSignature()
{
var module = ModuleDefinition.FromBytes(Properties.Resources.HelloWorld);
// Import arbitrary method signature.
var importer = new ReferenceImporter(module);
var signature = new StandAloneSignature(
importer.ImportMethodSignature(MethodSignature.CreateStatic(module.CorLibTypeFactory.Void)));
// Ensure reference is added to the module by referencing it in main.
var instructions = module.ManagedEntrypointMethod.CilMethodBody.Instructions;
instructions.Insert(0, CilOpCodes.Ldnull);
instructions.Insert(0, CilOpCodes.Calli, signature);
// Rebuild.
var builder = new ManagedPEImageBuilder();
var result = builder.CreateImage(module);
// Assert valid token.
var newToken = result.TokenMapping[signature];
Assert.NotEqual(0u, newToken.Rid);
// Assert token resolves to the same method reference.
var newModule = ModuleDefinition.FromImage(result.ConstructedImage);
var newSignature = (StandAloneSignature)newModule.LookupMember(newToken);
Assert.Equal((CallingConventionSignature)signature.Signature,
newSignature.Signature as CallingConventionSignature, new SignatureComparer());
}
private static FieldDefinition RebuildAndLookup(FieldDefinition field)
{
var builder = new ManagedPEImageBuilder();
var newImage = builder.CreateImage(field.Module).ConstructedImage;
var newModule = ModuleDefinition.FromImage(newImage);
return(LookupFieldInModule(newModule, field.Name));
}
private static MethodDefinition RebuildAndLookup(MethodDefinition method)
{
var builder = new ManagedPEImageBuilder();
var newImage = builder.CreateImage(method.Module).ConstructedImage;
var newModule = ModuleDefinition.FromImage(newImage);
return(LookupMethodInModule(newModule, method.Name));
}
protected static ModuleDefinition RebuildAndReloadModule(ModuleDefinition module, MetadataBuilderFlags builderFlags)
{
var builder = new ManagedPEImageBuilder
{
DotNetDirectoryFactory = new DotNetDirectoryFactory(builderFlags)
};
var newImage = builder.CreateImage(module).ConstructedImage;
return(ModuleDefinition.FromImage(newImage));
}
/// <summary>
/// Saves Assembly After Modifications
/// </summary>
public void SaveContext()
{
string NewPath = PathIs.Insert(PathIs.Length - 4, "HereWeGo"); // Thx 4 drakoniа#0601 for the insert trick :D
if (DnModule != null)
{
if (DnModule.IsILOnly)
{
var MangedWriter = new ModuleWriterOptions(DnModule)
{
Logger = DummyLogger.NoThrowInstance,
MetadataOptions = { Flags = MetadataFlags.PreserveAll }
};
DnModule.Write(NewPath.Replace("HereWeGo", "-DnLibed"), MangedWriter);
Log.Info("Done Saved Manged Dnlib Module");
}
else
{
var UnMangedWriter = new NativeModuleWriterOptions(DnModule, false)
{
Logger = DummyLogger.NoThrowInstance,
MetadataOptions = { Flags = MetadataFlags.PreserveAll }
};
DnModule.NativeWrite(NewPath.Replace("HereWeGo", "-DnLibed"), UnMangedWriter);
Log.Info("Done Saved Native Dnlib Module");
}
}
if (AsmModule != null)
{
var IMPEIB = new ManagedPEImageBuilder()
{
DotNetDirectoryFactory = new DotNetDirectoryFactory()
{
MetadataBuilderFlags = MetadataBuilderFlags.PreserveAll,
MethodBodySerializer = new CilMethodBodySerializer
{
ComputeMaxStackOnBuildOverride = false
}
}
};
var IR = IMPEIB.CreateImage(AsmModule);
var FBuilder = new ManagedPEFileBuilder();
var File = FBuilder.CreateFile(IR.ConstructedImage);
if (!IR.DiagnosticBag.IsFatal)
{
File.Write(NewPath.Replace("HereWeGo", "-AsmResolved")); // Ignore Errors.
}
else
{
AsmModule.Write(NewPath.Replace("HereWeGo", "-AsmResolved"), IMPEIB);
}
Log.Info("Done Saved AsmResolver Module");
}
}
static void Main(string[] args)
{
//Support multiple decryption methods later (other value-types)
//Maybe change the second phase to find the method by getting the user to give us the mdtoken
Console.Title = "DynamicStringDecrypter - By N0P";
LoadAssembly(args[0]);
var decryptionMethod = GetDecryptionMethod();
if (decryptionMethod != null)
{
Console.WriteLine($"Found Decryption Method[{decryptionMethod.Name}]");
DecryptVariables(decryptionMethod);
}
else
{
Console.WriteLine("Failed to find decryption method! Please provide the method name:");
decryptionMethod = GetDecryptionMethodByName(Console.ReadLine());
if (decryptionMethod != null)
{
Console.WriteLine($"Found Decryption Method[{decryptionMethod.Name}]");
DecryptVariables(decryptionMethod);
}
else
{
Console.WriteLine("Sorry looks like we yet again failed. Closing app");
}
}
Console.WriteLine($"[{_DecryptedCount}] Variables Sucessfully Decrypted");
Console.WriteLine($"[{_FailedCount}] Variables Unsuccessfully Decrypted");
var imageBuilder = new ManagedPEImageBuilder();
var factory = new DotNetDirectoryFactory();
factory.MetadataBuilderFlags = MetadataBuilderFlags.PreserveAll;
factory.MethodBodySerializer = new CilMethodBodySerializer
{
ComputeMaxStackOnBuildOverride = false
};
imageBuilder.DotNetDirectoryFactory = factory;
if (_AssemblyPath.Contains(".dll"))
{
_Assembly.ManifestModule.Write(Path.GetFileNameWithoutExtension(_AssemblyPath) + "-deob.dll", imageBuilder);
}
else
{
_Assembly.ManifestModule.Write(Path.GetFileNameWithoutExtension(_AssemblyPath) + "-deob.exe", imageBuilder);
}
Console.WriteLine("Done!");
Console.ReadKey();
}
protected static ModuleDefinition RebuildAndReloadModule(ModuleDefinition module, MetadataBuilderFlags builderFlags)
{
var builder = new ManagedPEImageBuilder
{
DotNetDirectoryFactory = new DotNetDirectoryFactory(builderFlags)
};
var result = builder.CreateImage(module);
if (result.DiagnosticBag.HasErrors)
{
throw new AggregateException(result.DiagnosticBag.Exceptions);
}
var newImage = result.ConstructedImage;
return(ModuleDefinition.FromImage(newImage));
}
