Ejemplo n.º 1
0
		void DoIt() {
			string destFileName = @"c:\output.dll";

			// Open the current module
			var mod = ModuleDefMD.Load(typeof(Example6).Module);

			// Create the writer options
			var opts = new ModuleWriterOptions(mod);

			// Add a listener that gets notified during the writing process
			opts.Listener = this;

			// This is normally 16 but setting it to a value less than 14 will fool some
			// apps into thinking that there's no .NET metadata available
			opts.PEHeadersOptions.NumberOfRvaAndSizes = 13;

			// Add extra data. This will break most libraries that open .NET assemblies.
			// Any value can be written here.
			opts.MetaDataOptions.TablesHeapOptions.ExtraData = 0x12345678;

			// Add a few dummy heaps
			opts.MetaDataOptions.OtherHeaps.Add(new MyHeap("#US "));
			opts.MetaDataOptions.OtherHeaps.Add(new MyHeap("#Strings "));
			opts.MetaDataOptions.OtherHeaps.Add(new MyHeap("#Strimgs"));
			opts.MetaDataOptions.OtherHeaps.Add(new MyHeap("#GU1D"));
			opts.MetaDataOptions.OtherHeapsEnd.Add(new MyHeap("#US "));
			opts.MetaDataOptions.OtherHeapsEnd.Add(new MyHeap("#Strings "));

			// Write the module. The listener will get notified, see OnWriterEvent() below
			mod.Write(destFileName, opts);
		}
Ejemplo n.º 2
0
        private void button_protect_Click(object sender, EventArgs e)
        {
            try
            {
                Console.Clear();
                Greeting greeting = new Greeting();
                Console.ForegroundColor = ConsoleColor.DarkGreen;
                ModuleWriterOptions Options = null;
                if (checkBox_stringEncrypt.Checked)
                {
                    Console.Write("String obfuscating... ");
                    StringEncrypt stringEncrypt = new StringEncrypt(ref moduleDef);
                    Console.Write("OK!\n");
                }

                if (checkBox_Renamer.Checked && renamerForm.AssemblyName != String.Empty)
                {
                    Console.Write("Renaming assembly...");
                    Renamer renamer = new Renamer(ref moduleDef, renamerForm.AssemblyName, renamerForm.ModuleName);
                    Console.Write("OK!\n");
                }

                if (checkBox_AntiDe4dot.Checked)
                {
                    Console.Write("AntiDe4dot init...");
                    Anti_De4dot antiDe4dot = new Anti_De4dot();
                    Options = antiDe4dot.AntiDe4dotInit(ref moduleDef);
                    Console.Write("OK!\n");
                }

                if (checkbox_antiILSpy.Checked)
                {
                    MethodDef[] userMethods = methodsListForm.listBox_selectedMethods.Items.Cast <MethodDef>().ToArray();
                    AntiILSpy   antiIlSpy   = new AntiILSpy(ref moduleDef, userMethods);
                }
                var writerOptions = new dnlib.DotNet.Writer.ModuleWriterOptions(moduleDef);
                writerOptions.Logger = DummyLogger.NoThrowInstance;
                Console.Write("Saving assembly...");
                moduleDef.Write(Path.GetDirectoryName(textBox_filePath.Text) + "\\" +
                                Path.GetFileNameWithoutExtension(textBox_filePath.Text) + "_MADNESS" +
                                Path.GetExtension(textBox_filePath.Text), writerOptions);
                Console.Write("OK!\n");
                methodsListForm.Close();
            }
            catch (System.IO.IOException exception)
            {
                MessageBox.Show(exception.Message);
            }
        }
Ejemplo n.º 3
0
		public void Save(string newFilename, MetaDataFlags mdFlags, IModuleWriterListener writerListener) {
			if (module.IsILOnly) {
				var writerOptions = new ModuleWriterOptions(module, writerListener);
				writerOptions.MetaDataOptions.Flags |= mdFlags;
				writerOptions.Logger = Logger.Instance;
				module.Write(newFilename, writerOptions);
			}
			else {
				var writerOptions = new NativeModuleWriterOptions(module, writerListener);
				writerOptions.MetaDataOptions.Flags |= mdFlags;
				writerOptions.Logger = Logger.Instance;
				writerOptions.KeepExtraPEData = true;
				writerOptions.KeepWin32Resources = true;
				module.NativeWrite(newFilename, writerOptions);
			}
		}
Ejemplo n.º 4
0
 private void button3_Click(object sender, EventArgs e)
 {
     module = ModuleDefMD.Load(textBox1.Text);
     FindStringDecrypterMethods(module);
     DecryptStringsInMethod(module, Methoddecryption);
     string text2 = Path.GetDirectoryName(textBox1.Text);
     if (!text2.EndsWith("\\"))
     {
         text2 += "\\";
     }
     string path = text2 + Path.GetFileNameWithoutExtension(textBox1.Text) + "_patched" +
                   Path.GetExtension(textBox1.Text);
     var opts = new ModuleWriterOptions(module);
     opts.Logger = DummyLogger.NoThrowInstance;
     module.Write(path, opts);
     label2.Text = "Successfully decrypted " + DeobedStringNumber + " strings !";
 }
Ejemplo n.º 5
0
        public static AssemblyDefinition Translate(ModuleDefMD manifestModule)
        {
            using (var assemblyStream = new MemoryStream())
            {
                try
                {
                    if (manifestModule.IsILOnly)
                    {
                        var writerOptions = new ModuleWriterOptions(manifestModule);
                        writerOptions.Logger = DummyLogger.NoThrowInstance;

                        MetaDataOptions metaDataOptions = new MetaDataOptions();
                        metaDataOptions.Flags = MetaDataFlags.PreserveAll;

                        manifestModule.Write(assemblyStream, writerOptions);
                    }
                    else
                    {
                        var writerOptions = new NativeModuleWriterOptions(manifestModule);
                        writerOptions.Logger = DummyLogger.NoThrowInstance;

                        MetaDataOptions metaDataOptions = new MetaDataOptions();
                        metaDataOptions.Flags = MetaDataFlags.PreserveAll;

                        manifestModule.NativeWrite(assemblyStream, writerOptions);
                    }
                }
                catch (Exception)
                {
                    if (assemblyStream.Length == 0)
                        return null;
                }

                assemblyStream.Position = 0;
                AssemblyDefinition newAssembly = AssemblyDefinition.ReadAssembly(assemblyStream);

                return newAssembly;
            }
        }
Ejemplo n.º 6
0
		/// <summary>
		/// Constructor
		/// </summary>
		/// <param name="module">The module</param>
		/// <param name="options">Options or <c>null</c></param>
		public ModuleWriter(ModuleDef module, ModuleWriterOptions options) {
			this.module = module;
			this.options = options;
		}
Ejemplo n.º 7
0
 private void button2_Click(object sender, EventArgs e)
 {
     ModuleDefMD mod = ModuleDefMD.Load(textBox1.Text);
     AddCall(mod);
     string text2 = Path.GetDirectoryName(textBox1.Text);
     if (!text2.EndsWith("\\"))
     {
         text2 += "\\";
     }
     string path = text2 + Path.GetFileNameWithoutExtension(textBox1.Text) + "_Tampered" +
                   Path.GetExtension(textBox1.Text);
     var opts = new ModuleWriterOptions(mod);
     opts.Logger = DummyLogger.NoThrowInstance;
     mod.Write(path, opts);
     label2.Text = "Successfully added Antitamper !";
     Md5(path);
 }
Ejemplo n.º 8
0
		public void InitializeFrom(ModuleWriterOptions options) {
			InitializeFromInternal((ModuleWriterOptionsBase)options);
			KeepExtraPEData = false;
			KeepWin32Resources = false;
		}
Ejemplo n.º 9
0
		public ModuleWriterOptionsBase CreateWriterOptions() {
			if (UseMixedMode) {
				var options = new NativeModuleWriterOptions((ModuleDefMD)module);
				CopyTo(options);
				options.KeepExtraPEData = KeepExtraPEData;
				options.KeepWin32Resources = KeepWin32Resources;
				return options;
			}
			else {
				var options = new ModuleWriterOptions();
				CopyTo(options);
				if (module.ManagedEntryPoint != null || module.NativeEntryPoint == 0)
					options.Cor20HeaderOptions.Flags &= ~ComImageFlags.NativeEntryPoint;
				return options;
			}
		}
Ejemplo n.º 10
0
        static void Main(string[] args)
        {
            Console.WriteLine(@" _____     _____ _                       ");
            Console.WriteLine(@"|  |  |___|   __| |_ ___ ___ ___ ___ ___ ");
            Console.WriteLine(@"|  |  |   |__   |   | .'|  _| . | -_|  _|");
            Console.WriteLine(@"|_____|_|_|_____|_|_|__,|_| |  _|___|_|  ");
            Console.WriteLine(@"                            |_|XenocodeRCE");
            Console.WriteLine(@"");
            Console.WriteLine(@"");
            if (args == null || args.Length == 0)
            {
                Console.ForegroundColor = ConsoleColor.Red;
                Console.WriteLine("[!]Error : No file to deobfuscate ! ");
                Console.ForegroundColor = ConsoleColor.White;
                Console.ReadKey();
                return;
            }
            else{
                try
                {
                    asm = ModuleDefMD.Load(args[0]);
                    Console.ForegroundColor = ConsoleColor.Blue;
                    Console.WriteLine("[!]Loading assembly " + asm.FullName);
                    Console.ForegroundColor = ConsoleColor.Gray;
                    asmpath = args[0];
                    var dec_method = Core.Helper.GetDecryptType(asm);
                    if(dec_method != null)
                    {
                        Console.WriteLine("[!]Instancing decryption method : " + dec_method.FullName);
                        Console.WriteLine("[!]Decrypting Strings ... : ");
                        var decryptedstr = Core.Helper.Extract_string_value(dec_method);
                        if(decryptedstr != 0)
                        {
                            DeobedStringNumber = decryptedstr;
                        }

                        Console.ForegroundColor = ConsoleColor.Yellow;
                        Console.WriteLine(@"[!] Successfully decrypted " + DeobedStringNumber + " strings.");
                        Console.ForegroundColor = ConsoleColor.Gray;
                        Console.ForegroundColor = ConsoleColor.Gray;
                        Console.WriteLine(@"[!] Saving Module...");
                        Console.ForegroundColor = ConsoleColor.Gray;
                        string text2 = Path.GetDirectoryName(args[0]);
                        if (!text2.EndsWith("\\"))
                        {
                            text2 += "\\";
                        }
                        string path = text2 + Path.GetFileNameWithoutExtension(args[0]) + "_patched" +
                                      Path.GetExtension(args[0]);
                        var opts = new ModuleWriterOptions(asm);
                        opts.Logger = DummyLogger.NoThrowInstance;

                        asm.Write(path, opts);
                        Console.ForegroundColor = ConsoleColor.Green;
                        Console.WriteLine(@"[!] Saved ! ");
                        Console.ForegroundColor = ConsoleColor.Gray;
                        return;
                        Console.ReadKey();
                    }
                    else
                    {
                        Console.ForegroundColor = ConsoleColor.Red;
                        Console.WriteLine("[!]Error : Cannot find the decryption method !");
                        Console.ForegroundColor = ConsoleColor.White;
                        Console.ReadKey();
                        return;
                    }
                }
                catch (Exception)
                {
                    Console.ForegroundColor = ConsoleColor.Red;
                    Console.WriteLine("[!]Error : Cannot load the file. Make sure it's a valid .NET file !");
                    Console.ForegroundColor = ConsoleColor.White;
                    Console.ReadKey();
                    return;
                }
            }
        }
Ejemplo n.º 11
0
		public void Write(String filepath, Boolean noThrow = false)
		{
			var options = new ModuleWriterOptions(this.Module);
			options.MetaDataOptions.Flags |= MetaDataFlags.PreserveAll;

			if (noThrow)
				options.Logger = DummyLogger.NoThrowInstance;

			this.Module.Write(filepath, options);
		}
Ejemplo n.º 12
0
 private void button2_Click(object sender, EventArgs e)
 {
     ModuleDefMD module = ModuleDefMD.Load(textBox1.Text);
     CheckResource(module);
     if (resourcename == null)
     {
         return;
     }
     GetDecryptionMethod(module);
     GetDecryptionCall(module, Typedecryption);
     string text2 = Path.GetDirectoryName(textBox1.Text);
     if (!text2.EndsWith("\\"))
     {
         text2 += "\\";
     }
     string path = text2 + Path.GetFileNameWithoutExtension(textBox1.Text) + "_patched" +
                   Path.GetExtension(textBox1.Text);
     var opts = new ModuleWriterOptions(module);
     opts.Logger = DummyLogger.NoThrowInstance;
     module.Write(path, opts);
     label2.Text = "Successfully decrypted " + DeobedStringNumber + " strings !";
 }
Ejemplo n.º 13
0
        private void btnSave_Click(object sender, EventArgs e)
        {
            if (string.IsNullOrWhiteSpace(txtPath.Text))
                return;

            try
            {
                if (_module.IsILOnly)
                {
                    ModuleWriterOptions writer = new ModuleWriterOptions(_module);

                    if (chkNoThrowInstanceLogger.Checked)
                        writer.Logger = DummyLogger.NoThrowInstance;

                    MetaDataOptions metaDataOptions = writer.MetaDataOptions;

                    #region MetaDataSetters

                    if (chkPreserveTypeRefRids.Checked)
                        metaDataOptions.Flags = metaDataOptions.Flags | MetaDataFlags.PreserveTypeRefRids;
                    if (chkPreserveTypeDefRids.Checked)
                        metaDataOptions.Flags = metaDataOptions.Flags | MetaDataFlags.PreserveTypeDefRids;
                    if (chkPreserveFieldRids.Checked)
                        metaDataOptions.Flags = metaDataOptions.Flags | MetaDataFlags.PreserveFieldRids;
                    if (chkPreserveMethodRids.Checked)
                        metaDataOptions.Flags = metaDataOptions.Flags | MetaDataFlags.PreserveMethodRids;
                    if (chkPreserveParamRids.Checked)
                        metaDataOptions.Flags = metaDataOptions.Flags | MetaDataFlags.PreserveParamRids;
                    if (chkPreserveMemberRefRids.Checked)
                        metaDataOptions.Flags = metaDataOptions.Flags | MetaDataFlags.PreserveMemberRefRids;
                    if (chkPreserveStandAloneSigRids.Checked)
                        metaDataOptions.Flags = metaDataOptions.Flags | MetaDataFlags.PreserveStandAloneSigRids;
                    if (chkPreserveEventRids.Checked)
                        metaDataOptions.Flags = metaDataOptions.Flags | MetaDataFlags.PreserveEventRids;
                    if (chkPreservePropertyRids.Checked)
                        metaDataOptions.Flags = metaDataOptions.Flags | MetaDataFlags.PreservePropertyRids;
                    if (chkPreserveTypeSpecRids.Checked)
                        metaDataOptions.Flags = metaDataOptions.Flags | MetaDataFlags.PreserveTypeSpecRids;
                    if (chkPreserveMethodSpecRids.Checked)
                        metaDataOptions.Flags = metaDataOptions.Flags | MetaDataFlags.PreserveMethodSpecRids;
                    if (chkPreserveAllMethodRids.Checked)
                        metaDataOptions.Flags = metaDataOptions.Flags | MetaDataFlags.PreserveAllMethodRids;
                    if (chkPreserveRids.Checked)
                        metaDataOptions.Flags = metaDataOptions.Flags | MetaDataFlags.PreserveRids;
                    if (chkPreserveStringOffsets.Checked)
                        metaDataOptions.Flags = metaDataOptions.Flags | MetaDataFlags.PreserveStringsOffsets;
                    if (chkPreserveUSOffsets.Checked)
                        metaDataOptions.Flags = metaDataOptions.Flags | MetaDataFlags.PreserveUSOffsets;
                    if (chkPreserveBlobOffsets.Checked)
                        metaDataOptions.Flags = metaDataOptions.Flags | MetaDataFlags.PreserveBlobOffsets;
                    if (chkPreserveExtraSignatureData.Checked)
                        metaDataOptions.Flags = metaDataOptions.Flags | MetaDataFlags.PreserveExtraSignatureData;
                    if (chkPreserveAll.Checked)
                        metaDataOptions.Flags = metaDataOptions.Flags | MetaDataFlags.PreserveAll;
                    if (chkKeepOldMaxStack.Checked)
                        metaDataOptions.Flags = metaDataOptions.Flags | MetaDataFlags.KeepOldMaxStack;
                    if (chkAlwaysCreateGuidHeap.Checked)
                        metaDataOptions.Flags = metaDataOptions.Flags | MetaDataFlags.AlwaysCreateGuidHeap;
                    if (chkAlwaysCreateStringsHeap.Checked)
                        metaDataOptions.Flags = metaDataOptions.Flags | MetaDataFlags.AlwaysCreateStringsHeap;
                    if (chkAlwaysCreateUSHeap.Checked)
                        metaDataOptions.Flags = metaDataOptions.Flags | MetaDataFlags.AlwaysCreateUSHeap;
                    if (chkAlwaysCreateBlobHeap.Checked)
                        metaDataOptions.Flags = metaDataOptions.Flags | MetaDataFlags.AlwaysCreateBlobHeap;

                    #endregion

                    _module.Write(txtPath.Text, writer);

                }
                else
                {
                    NativeModuleWriterOptions writer = new NativeModuleWriterOptions(_module);

                    if (chkNoThrowInstanceLogger.Checked)
                        writer.Logger = DummyLogger.NoThrowInstance;

                    MetaDataOptions metaDataOptions = writer.MetaDataOptions;

                    #region MetaDataSetters

                    if (chkPreserveTypeRefRids.Checked)
                        metaDataOptions.Flags = metaDataOptions.Flags | MetaDataFlags.PreserveTypeRefRids;
                    if (chkPreserveTypeDefRids.Checked)
                        metaDataOptions.Flags = metaDataOptions.Flags | MetaDataFlags.PreserveTypeDefRids;
                    if (chkPreserveFieldRids.Checked)
                        metaDataOptions.Flags = metaDataOptions.Flags | MetaDataFlags.PreserveFieldRids;
                    if (chkPreserveMethodRids.Checked)
                        metaDataOptions.Flags = metaDataOptions.Flags | MetaDataFlags.PreserveMethodRids;
                    if (chkPreserveParamRids.Checked)
                        metaDataOptions.Flags = metaDataOptions.Flags | MetaDataFlags.PreserveParamRids;
                    if (chkPreserveMemberRefRids.Checked)
                        metaDataOptions.Flags = metaDataOptions.Flags | MetaDataFlags.PreserveMemberRefRids;
                    if (chkPreserveStandAloneSigRids.Checked)
                        metaDataOptions.Flags = metaDataOptions.Flags | MetaDataFlags.PreserveStandAloneSigRids;
                    if (chkPreserveEventRids.Checked)
                        metaDataOptions.Flags = metaDataOptions.Flags | MetaDataFlags.PreserveEventRids;
                    if (chkPreservePropertyRids.Checked)
                        metaDataOptions.Flags = metaDataOptions.Flags | MetaDataFlags.PreservePropertyRids;
                    if (chkPreserveTypeSpecRids.Checked)
                        metaDataOptions.Flags = metaDataOptions.Flags | MetaDataFlags.PreserveTypeSpecRids;
                    if (chkPreserveMethodSpecRids.Checked)
                        metaDataOptions.Flags = metaDataOptions.Flags | MetaDataFlags.PreserveMethodSpecRids;
                    if (chkPreserveAllMethodRids.Checked)
                        metaDataOptions.Flags = metaDataOptions.Flags | MetaDataFlags.PreserveAllMethodRids;
                    if (chkPreserveRids.Checked)
                        metaDataOptions.Flags = metaDataOptions.Flags | MetaDataFlags.PreserveRids;
                    if (chkPreserveStringOffsets.Checked)
                        metaDataOptions.Flags = metaDataOptions.Flags | MetaDataFlags.PreserveStringsOffsets;
                    if (chkPreserveUSOffsets.Checked)
                        metaDataOptions.Flags = metaDataOptions.Flags | MetaDataFlags.PreserveUSOffsets;
                    if (chkPreserveBlobOffsets.Checked)
                        metaDataOptions.Flags = metaDataOptions.Flags | MetaDataFlags.PreserveBlobOffsets;
                    if (chkPreserveExtraSignatureData.Checked)
                        metaDataOptions.Flags = metaDataOptions.Flags | MetaDataFlags.PreserveExtraSignatureData;
                    if (chkPreserveAll.Checked)
                        metaDataOptions.Flags = metaDataOptions.Flags | MetaDataFlags.PreserveAll;
                    if (chkKeepOldMaxStack.Checked)
                        metaDataOptions.Flags = metaDataOptions.Flags | MetaDataFlags.KeepOldMaxStack;
                    if (chkAlwaysCreateGuidHeap.Checked)
                        metaDataOptions.Flags = metaDataOptions.Flags | MetaDataFlags.AlwaysCreateGuidHeap;
                    if (chkAlwaysCreateStringsHeap.Checked)
                        metaDataOptions.Flags = metaDataOptions.Flags | MetaDataFlags.AlwaysCreateStringsHeap;
                    if (chkAlwaysCreateUSHeap.Checked)
                        metaDataOptions.Flags = metaDataOptions.Flags | MetaDataFlags.AlwaysCreateUSHeap;
                    if (chkAlwaysCreateBlobHeap.Checked)
                        metaDataOptions.Flags = metaDataOptions.Flags | MetaDataFlags.AlwaysCreateBlobHeap;

                    #endregion

                    _module.NativeWrite(txtPath.Text, writer);
                }
            }
            catch (Exception o)
                {
                    MessageBox.Show("Could not write assembly!" + Environment.NewLine + Environment.NewLine + o.Message,
                        "Error");
                    return;
                }

            MessageBox.Show("Assembly written to:" + Environment.NewLine + txtPath.Text, "Success");

            Close();
        }
Ejemplo n.º 14
0
        private void button2_Click(object sender, EventArgs e)
        {
            module = ModuleDefMD.Load(textBox1.Text);
            asm = Assembly.LoadFile(textBox1.Text);
            //if (!Checker.IsDNP.Check(module))
            //{
            //    label2.Text = "Not a DNP protectedt file !";
            //    return;
            //}
                

            //Remove Anti
            if (chk_antitamp.Checked)
            {
                Helpers.GetAntitamper(module);
                if (AntitampMethodDef != null) Helpers.NopCall(module, AntitampMethodDef);
            }
            if (chk_antidebug.Checked)
            {
                Helpers.GetAntidebug(module);
                if (AntidebugMethodDef != null) Helpers.NopCall(module, AntidebugMethodDef);
            }
            if (chk_antidump.Checked)
            {
                Helpers.GetAntidump(module);
                if (AntidumpMethodDef != null) Helpers.NopCall(module, AntidumpMethodDef);
            }



            if (chk_Integers.Checked)
            {
                //Decrypt Integers
                Helpers.ResolveMathPow(module);
            }
            if (chk_str.Checked)
            {
                //Decrypt Strings
                Helpers.GetStrDecMeth(module);
            }
            if (chk_Integers.Checked)
            {
                //Decrypt remaining integers
                Helpers.ResolveLastInt(module);
                Helpers.ExtractIntFromRes(module);
            }

            if (chk_prune.Checked)
            {
                //Prune Assembly
                Helpers.PruneModule(module);
            }
            
            var text2 = Path.GetDirectoryName(textBox1.Text);
            if (text2 != null && !text2.EndsWith("\\"))
            {
                text2 += "\\";
            }
            var path = text2 + Path.GetFileNameWithoutExtension(textBox1.Text) + "_DNPDeob" +
                          Path.GetExtension(textBox1.Text);
            var opts = new ModuleWriterOptions(module) {Logger = DummyLogger.NoThrowInstance};
            module.Write(path, opts);
            label2.Text = "Successfully deobfuscated " + DeobedString + " String, " + DeobedInts +" Integers, and " + PrunedMembers + " members has been removed !";
        }
Ejemplo n.º 15
0
 /// <summary>
 /// Constructor
 /// </summary>
 /// <param name="module">The module</param>
 /// <param name="options">Options or <c>null</c></param>
 public ModuleWriter(ModuleDef module, ModuleWriterOptions options)
 {
     this.module  = module;
     this.options = options;
 }