static void Main(string[] args) { // Thanks to xeno's old deob and cawk for helping with that one :) string oldEnv = Environment.CurrentDirectory; Console.Title = "DeBabel"; Console.WriteLine(@"______ ______ _ _ _ ____ ___"); Console.WriteLine(@"| _ \ | ___ \ | | | | | | | \/ |"); Console.WriteLine(@"| | | |___| |_/ / __ _| |__ ___| | | | | . . |"); Console.WriteLine(@"| | | / _ \ ___ \/ _` | '_ \ / _ \ | | | | |\/| |"); Console.WriteLine(@"| |/ / __/ |_/ / (_| | |_) | __/ \ \_/ / | | |"); Console.WriteLine(@"|___/ \___\____/ \__,_|_.__/ \___|_|\___/\_| |_/"); Console.WriteLine(" V1.1 - LaPanthere & RAMZEZzz "); try { asm = ModuleDefMD.Load(args[0]); Console.WriteLine("[!]Loading assembly " + asm.FullName); asmpath = asm.Location; verbose = true; } catch (Exception ex) { Console.ForegroundColor = ConsoleColor.Red; Console.WriteLine("[!] Error: Cannot load the file. Make sure it's a valid .NET file!"); Console.WriteLine("[!] Verbose mode can be activated with -v"); Console.ForegroundColor = ConsoleColor.White; return; } Console.ForegroundColor = ConsoleColor.Green; Console.WriteLine("[!] Trying to Restore Methods from VM - for best results move VM Restore to target folder!"); Console.ForegroundColor = ConsoleColor.White; // fix for dll's needed Environment.CurrentDirectory = Path.GetDirectoryName(asmpath); Console.ForegroundColor = ConsoleColor.Green; int restored = RestoreDynamicMethods(asm); Console.WriteLine("[!] Restored {0} methods from VM", restored); Console.WriteLine("[!] Restore strings..."); int restoredStrings = RestoreStrings(asm); Console.WriteLine("[!] Restored {0} strings from VM", restoredStrings); Console.ForegroundColor = ConsoleColor.White; //save module string path = Path.GetDirectoryName(asmpath) + "\\" + Path.GetFileNameWithoutExtension(asmpath) + "_patched" + Path.GetExtension(asmpath); var opts = new ModuleWriterOptions(asm) { MetaDataOptions = { Flags = MetaDataFlags.PreserveAll }, Logger = DummyLogger.NoThrowInstance }; asm.Write(path, opts); Console.ForegroundColor = ConsoleColor.Green; Console.WriteLine("[!] Assembly saved"); Console.ForegroundColor = ConsoleColor.White; Console.WriteLine("Press any key to exit..."); Console.ReadKey(); }
public void InitializeFrom(ModuleWriterOptions options) { InitializeFromInternal((ModuleWriterOptionsBase)options); KeepExtraPEData = false; KeepWin32Resources = false; }
protected override void Pack(ConfuserContext context, ProtectionParameters parameters) { var ctx = context.Annotations.Get <CompressorContext>(context, ContextKey); if (ctx == null) { context.Logger.Error("No executable module!"); throw new ConfuserException(null); } ModuleDefMD originModule = context.Modules[ctx.ModuleIndex]; ctx.OriginModuleDef = originModule; var stubModule = new ModuleDefUser(ctx.ModuleName, originModule.Mvid, originModule.CorLibTypes.AssemblyRef); if (ctx.CompatMode) { var assembly = new AssemblyDefUser(originModule.Assembly); assembly.Name += ".cr"; assembly.Modules.Add(stubModule); } else { ctx.Assembly.Modules.Insert(0, stubModule); ImportAssemblyTypeReferences(originModule, stubModule); } stubModule.Characteristics = originModule.Characteristics; stubModule.Cor20HeaderFlags = originModule.Cor20HeaderFlags; stubModule.Cor20HeaderRuntimeVersion = originModule.Cor20HeaderRuntimeVersion; stubModule.DllCharacteristics = originModule.DllCharacteristics; stubModule.EncBaseId = originModule.EncBaseId; stubModule.EncId = originModule.EncId; stubModule.Generation = originModule.Generation; stubModule.Kind = ctx.Kind; stubModule.Machine = originModule.Machine; stubModule.RuntimeVersion = originModule.RuntimeVersion; stubModule.TablesHeaderVersion = originModule.TablesHeaderVersion; stubModule.Win32Resources = originModule.Win32Resources; InjectStub(context, ctx, parameters, stubModule); var snKey = context.Annotations.Get <StrongNameKey>(originModule, Marker.SNKey); var snPubKey = context.Annotations.Get <StrongNamePublicKey>(originModule, Marker.SNPubKey); var snDelaySig = context.Annotations.Get <bool>(originModule, Marker.SNDelaySig, false); var snSigKey = context.Annotations.Get <StrongNameKey>(originModule, Marker.SNSigKey); var snPubSigKey = context.Annotations.Get <StrongNamePublicKey>(originModule, Marker.SNSigPubKey); using (var ms = new MemoryStream()) { var options = new ModuleWriterOptions(stubModule) { StrongNameKey = snKey, StrongNamePublicKey = snPubKey, DelaySign = snDelaySig }; var injector = new KeyInjector(ctx); options.WriterEvent += injector.WriterEvent; stubModule.Write(ms, options); context.CheckCancellation(); ProtectStub(context, context.OutputPaths[ctx.ModuleIndex], ms.ToArray(), snKey, snPubKey, snSigKey, snPubKey, snDelaySig, new StubProtection(ctx, originModule)); } }
/// <summary> /// Writes the assembly to a stream. /// </summary> /// <param name="dest">Destination stream</param> /// <param name="options">Writer options</param> public void Write(Stream dest, ModuleWriterOptions options) { ManifestModule.Write(dest, options); }
/// <summary> /// Writes the assembly to a file on disk. If the file exists, it will be truncated. /// </summary> /// <param name="filename">Filename</param> /// <param name="options">Writer options</param> public void Write(string filename, ModuleWriterOptions options) { ManifestModule.Write(filename, options); }
static void Main(string[] args) { if (args.Length < 1) { return; } string modulePath = args[0]; ModuleDef module; try { module = ModuleDefMD.Load(modulePath); } catch { return; } MethodDef decryptionMethod = null; int? decryptionKey = null; foreach (var type in module.GetTypes()) { foreach (var method in type.Methods) { if (!method.HasBody) { continue; } if (method.Signature.ToString() != "System.String (System.String,System.Int32)") { continue; } var instructions = method.Body.Instructions; if (instructions.Count < 15) { continue; } if (!instructions[0].IsLdcI4()) { continue; } if (!instructions[1].IsLdarg()) { continue; } if (instructions[2].OpCode != OpCodes.Add) { continue; } if (!instructions[3].IsStloc()) { continue; } if (!instructions[4].IsLdarg()) { continue; } if (instructions[5].OpCode != OpCodes.Call) { continue; } if (instructions[5].Operand.ToString() != "System.Char[] System.String::ToCharArray()") { continue; } if (!instructions[6].IsStloc()) { continue; } if (!instructions[7].IsLdcI4() || instructions[7].GetLdcI4Value() != 0) { continue; } if (!instructions[8].IsStloc()) { continue; } if (!instructions[9].IsLdloc()) { continue; } if (!instructions[10].IsLdloc()) { continue; } if (instructions[11].OpCode != OpCodes.Ldlen) { continue; } if (instructions[12].OpCode != OpCodes.Conv_I4) { continue; } if (instructions[13].OpCode != OpCodes.Clt) { continue; } decryptionKey = instructions[0].GetLdcI4Value(); decryptionMethod = method; break; } } if (decryptionMethod == null || decryptionKey == null) { return; } int decrypted = 0; foreach (var type in module.GetTypes()) { foreach (var method in type.Methods) { if (!method.HasBody) { continue; } var instructions = method.Body.Instructions; for (int i = 2; i < instructions.Count; i++) { if (instructions[i].OpCode != OpCodes.Call) { continue; } var calledMethod = instructions[i].Operand as MethodDef; if (calledMethod == null || calledMethod != decryptionMethod) { continue; } if (!instructions[i - 1].IsLdcI4() || instructions[i - 2].OpCode != OpCodes.Ldstr) { continue; } var strParameter = instructions[i - 2].Operand.ToString(); var intParameter = instructions[i - 1].GetLdcI4Value(); var decryptedString = Decrypt(strParameter, intParameter, decryptionKey.Value); Console.WriteLine(decryptedString); instructions[i].OpCode = OpCodes.Ldstr; instructions[i].Operand = decryptedString; instructions[i - 1].OpCode = OpCodes.Nop; instructions[i - 2].OpCode = OpCodes.Nop; decrypted++; } } } Console.WriteLine("Decrypted {0} strings", decrypted); module.Types.Remove(decryptionMethod.DeclaringType); var newPath = FormatPath(modulePath, "_strDecrypted"); var moduleWriterOptions = new ModuleWriterOptions(module); moduleWriterOptions.Logger = DummyLogger.NoThrowInstance; module.Write(newPath, moduleWriterOptions); Console.WriteLine("Saved {0}", newPath); Console.ReadKey(); }