static void Main(string[] args) { Console.Title = "AntiRE.Example"; Console.ForegroundColor = ConsoleColor.DarkYellow; Console.WriteLine(@" _ _ _____ ______ _____ _ _ /\ | | (_) __ \| ____| | __ \ | | (_) / \ _ __ | |_ _| |__) | |__ | |__) | _ _ __ | |_ _ _ __ ___ ___ / /\ \ | '_ \| __| | _ /| __| | _ / | | | '_ \| __| | '_ ` _ \ / _ \ / ____ \| | | | |_| | | \ \| |____ _| | \ \ |_| | | | | |_| | | | | | | __/ /_/ \_\_| |_|\__|_|_| \_\______(_)_| \_\__,_|_| |_|\__|_|_| |_| |_|\___| "); var CurrentProcess = Process.GetCurrentProcess(); bool SelfDelete = false; bool ShowAlert = true; bool Aggressive = false; //Alert settings Alert.NotepadStyle = true; Alert.AutoClose = false; Alert.AutoCloseTime = 2; Alert.NotepadPath = "readme.txt"; //Prevent assembly being dumped from memory AntiDump.Parse(typeof(Program /* or this.GetType() */)); //Prevent application start under sandbox tools AntiSandBox.SelfDelete = SelfDelete; AntiSandBox.ShowAlert = ShowAlert; AntiSandBox.Parse(CurrentProcess); //Prevent application start under virtual machine AntiVirtualMachine.SelfDelete = SelfDelete; AntiVirtualMachine.ShowAlert = ShowAlert; AntiVirtualMachine.Parse(CurrentProcess); //Prevent from network being monitored AntiSniff.SelfDelete = SelfDelete; AntiSniff.ShowAlert = ShowAlert; AntiSniff.Parse(CurrentProcess); //Prevents reverse engineering tools from running in the system AntiReverserTools.SelfDelete = SelfDelete; AntiReverserTools.ShowAlert = ShowAlert; AntiReverserTools.Aggressive = Aggressive; AntiReverserTools.IgnoreCase = true; AntiReverserTools.KeepAlive = true; AntiReverserTools.WhiteList.Add("notepad"); AntiReverserTools.BlackList.Add("dnspy"); AntiReverserTools.Start(CurrentProcess); //Anti debugger AntiDebugger.SelfDelete = SelfDelete; AntiDebugger.ShowAlert = ShowAlert; AntiDebugger.Aggressive = Aggressive; AntiDebugger.KeepAlive = true; AntiDebugger.Start(CurrentProcess); //Detect if dnspy installed on system AntiDnspy.SelfDelete = SelfDelete; AntiDnspy.ShowAlert = ShowAlert; AntiDnspy.Parse(CurrentProcess); Console.ForegroundColor = ConsoleColor.Gray; Console.WriteLine("\r\n [#] Application started successfully\r\n [#] Press any key to exit..."); Console.ReadKey(); }
static void Main(string[] args) { Debug.Assert(args.Length > 0); ModuleDefMD targetModule = ModuleDefMD.Load(args[0]); ModuleDefMD runtimeModule = ModuleDefMD.Load("Confuser.Runtime.dll"); ClarifierContext ctx = new ClarifierContext { CurrentModule = targetModule, WriterListener = new MWListener(), //ILLanguage = il }; AntiDump antiDump = new AntiDump(); AntiDebug antiDebug = new AntiDebug(); Constants constants = new Constants(); AntiTamper antiTamper = new AntiTamper(); Inliner inliner = new Inliner(); inliner.PerformIdentification(ctx); inliner.PerformRemoval(ctx); antiTamper.Initialize(); antiTamper.PerformIdentification(ctx); antiTamper.PerformRemoval(ctx); antiDump.Initialize(ctx); antiDump.PerformIdentification(ctx); antiDump.PerformRemoval(ctx); antiDebug.Initialize(ctx); antiDebug.PerformIdentification(ctx); antiDebug.PerformRemoval(ctx); constants.Initialize(ctx); constants.PerformIdentification(ctx); constants.PerformRemoval(ctx); int lastBackslash = args[0].LastIndexOf('\\'); string targetExecutable = args[0].Substring(lastBackslash + 1, args[0].Length - 1 - lastBackslash); string parentDir = Directory.GetParent(Directory.GetParent(args[0]).FullName).FullName; parentDir = Path.Combine(parentDir, "Deobfuscated"); string destinationFile = Path.Combine(parentDir, targetExecutable); targetModule.Write(destinationFile); return; }
static void Main(string[] args) { Console.Title = "DeConfuser - The De-Obfuscator for confuser v1.6"; Console.WriteLine("Copyright © DragonHunter - 2012"); Console.WriteLine("This deobfuscator might not work at every confused assembly, still BETA"); Console.WriteLine("Checkout this project at http://deconfuser.codeplex.com"); Console.WriteLine("Thanks also to Mono.Cecil there was no DeConfuser without Mono.Cecil"); Console.WriteLine("This version of Mono.Cecil is modded by DragonHunter to do some evil shit"); //hardcoded path atm... string inputPath = @"H:\DeConfuser\ConfuseMe\bin\Debug\confused\ConfuseMe.exe"; string outputPath = @"H:\DeConfuser\ConfuseMe\bin\Debug\confused\ConfuseMe_cleaned.exe"; //load assembly AssemblyDefinition asm = AssemblyFactory.GetAssembly(inputPath); #region Anti-Debug remover AntiDebug debug = new AntiDebug(); TypeDefinition AntiType = null; MethodDefinition AntiMethod = null; Console.WriteLine("-------------------------------------------------------"); if (debug.FindAntiDebug(asm, ref AntiType, ref AntiMethod)) { Console.WriteLine("[Anti-Debugger] Anti-Debugger detected, removing..."); debug.RemoveAntiDebug(asm, AntiType, AntiMethod); Console.WriteLine("[Anti-Debugger] Removed anti-debugger"); } else { Console.WriteLine("This assembly is not protected with anti-debugging"); } Console.WriteLine("-------------------------------------------------------"); #endregion #region String Decryptor StringDecrypter decrypter = new StringDecrypter(); TypeDefinition DecryptType = null; MethodDefinition DecryptMethod = null; if (decrypter.FindMethod(asm, ref DecryptType, ref DecryptMethod)) { Console.WriteLine("[String Decryptor] Found string decryptor, decrypting strings..."); byte[] StringData = decrypter.GetStringResource(asm, inputPath, DecryptMethod); decrypter.DecryptAllStrings(asm, DecryptMethod, StringData); decrypter.RemoveDecryptMethod(asm, DecryptType, DecryptMethod); Console.WriteLine("[String Decryptor] Removed the decrypt method"); } else { Console.WriteLine("This assembly is not protected with encrypted strings"); } Console.WriteLine("-------------------------------------------------------"); #endregion #region Anti-Dump remover AntiDump dump = new AntiDump(); TypeDefinition AntiDumpType = null; MethodDefinition AntiDumpMethod = null; if (dump.FindAntiDump(asm, ref AntiDumpType, ref AntiDumpMethod)) { Console.WriteLine("[Anti-Dump] Anti-Dump detected, removing..."); dump.RemoveAntiDump(asm, AntiDumpType, AntiDumpMethod); Console.WriteLine("[Anti-Dump] Removed anti-dump"); } else { Console.WriteLine("This assembly is not protected with anti-dump"); } Console.WriteLine("-------------------------------------------------------"); #endregion #region Resource Decryptor ResourceDecrypter resourceDecrypter = new ResourceDecrypter(); TypeDefinition ResourceType = null; MethodDefinition ResourceMethod = null; if (resourceDecrypter.FindMethod(asm, ref ResourceType, ref ResourceMethod)) { Console.WriteLine("[Resource-Decrypter] Resource-Decrypter, decrypting"); resourceDecrypter.DecryptAllResources(asm, inputPath, ResourceType, ResourceMethod); } else { Console.WriteLine("This assembly is not protected with encrypted resources"); } Console.WriteLine("-------------------------------------------------------"); #endregion AssemblyFactory.SaveAssembly(asm, outputPath); Console.WriteLine("File dumped to \"" + outputPath + "\""); Console.WriteLine("Thanks for using DeConfuser :)"); Process.GetCurrentProcess().WaitForExit(); }
private void Button_Click(object sender, RoutedEventArgs e) { var time = DateTime.Now.ToString("hh:mm:ss"); ModuleContext modCtx = ModuleDef.CreateModuleContext(); var module = ModuleDefMD.Load(Program.Text, modCtx); ConsoleLog.Foreground = Brushes.Black; ConsoleLog.AppendText($"{time} Starting obfuscation{Environment.NewLine}"); if (String_Encryption.IsChecked == true) { StringEncPhase.Execute(module); ConsoleLog.AppendText($"{time} Processing string encryption{Environment.NewLine}"); } if (Online_Decryption.IsChecked == true) { OnlinePhase.Execute(module); ConsoleLog.AppendText($"{time} Processing online decryption{Environment.NewLine}"); } if (Cflow.IsChecked == true) { ControlFlowObfuscation.Execute(module); ConsoleLog.AppendText($"{time} Processing control flow{Environment.NewLine}"); } if (IntConf.IsChecked == true) { AddIntPhase.Execute2(module); ConsoleLog.AppendText($"{time} Processing integer confusion{Environment.NewLine}"); } if (SUC.IsChecked == true) { StackUnfConfusion.Execute(module); ConsoleLog.AppendText($"{time} Processing stack confusion{Environment.NewLine}"); } if (Ahri.IsChecked == true) { Arithmetic.Execute(module); ConsoleLog.AppendText($"{time} Processing math calculations{Environment.NewLine}"); } if (LF.IsChecked == true) { L2F.Execute(module); ConsoleLog.AppendText($"{time} Processing constant fields{Environment.NewLine}"); } if (LFV2.IsChecked == true) { L2FV2.Execute(module); ConsoleLog.AppendText($"{time} Processing local fields{Environment.NewLine}"); } if (Calli_.IsChecked == true) { Calli.Execute(module); ConsoleLog.AppendText($"{time} Processing calli conversion{Environment.NewLine}"); } if (Proxy_String.IsChecked == true) { ProxyString.Execute(module); ConsoleLog.AppendText($"{time} Processing proxy strings{Environment.NewLine}"); } if (ProxyConstants.IsChecked == true) { ProxyINT.Execute(module); ConsoleLog.AppendText($"{time} Processing proxy constants{Environment.NewLine}"); } if (Proxy_Meth.IsChecked == true) { ProxyMeth.Execute(module); ConsoleLog.AppendText($"{time} Processing proxy methods{Environment.NewLine}"); } if (Anti_De4dot.IsChecked == true) { AntiDecompile.Execute(module.Assembly); ConsoleLog.AppendText($"{time} Processing anti-decompile{Environment.NewLine}"); } if (JumpCflow.IsChecked == true) { JumpCFlow.Execute(module); ConsoleLog.AppendText($"{time} Processing flow conversion{Environment.NewLine}"); } if (AntiDebug.IsChecked == true) { Anti_Debug.Execute(module); ConsoleLog.AppendText($"{time} Processing anti-debug{Environment.NewLine}"); } if (Anti_Dump.IsChecked == true) { AntiDump.Execute(module); ConsoleLog.AppendText($"{time} Processing anti-dump{Environment.NewLine}"); } if (AntiTamper.IsChecked == true) { Protection.Software.AntiTamper.Execute(module); ConsoleLog.AppendText($"{time} Processing anti-tamper{Environment.NewLine}"); } if (InvalidMD.IsChecked == true) { InvalidMDPhase.Execute(module.Assembly); ConsoleLog.AppendText($"{time} Processing invalid metadata{Environment.NewLine}"); } var text2 = Path.GetDirectoryName(Program.Text); if (text2 != null && !text2.EndsWith("\\")) { text2 += "\\"; } var path = $"{text2}{Path.GetFileNameWithoutExtension(Program.Text)}_protected{Path.GetExtension(Program.Text)}"; module.Write(path, new ModuleWriterOptions(module) { PEHeadersOptions = { NumberOfRvaAndSizes = 13 }, Logger = DummyLogger.NoThrowInstance }); ConsoleLog.AppendText($"{time} File: {path}{Environment.NewLine}{Environment.NewLine}"); if (AntiTamper.IsChecked == true) { Protection.Software.AntiTamper.Sha256(path); } }
private void Button_Click(object sender, RoutedEventArgs e) { var time = DateTime.Now.ToString("hh:mm:ss"); var module = ModuleDefMD.Load(LoadBox.Text); if (StringEnc.IsChecked == true) { StringEncPhase.Execute(module); ConsoleLog.Foreground = Brushes.Aqua; ConsoleLog.AppendText($"{time} Processing String Encryption{Environment.NewLine}"); } if (SOD.IsChecked == true) { OnlinePhase.Execute(module); ConsoleLog.AppendText($"{time} Processing Online Decryption{Environment.NewLine}"); } if (Cflow.IsChecked == true) { ControlFlowObfuscation.Execute(module); ConsoleLog.AppendText($"{time} Processing Control Flow{Environment.NewLine}"); } if (IntConf.IsChecked == true) { AddIntPhase.Execute2(module); ConsoleLog.AppendText($"{time} Processing Int Confusion{Environment.NewLine}"); } if (SUC.IsChecked == true) { StackUnfConfusion.Execute(module); ConsoleLog.AppendText($"{time} Processing StackUnfConfusion{Environment.NewLine}"); } if (Ahri.IsChecked == true) { Arithmetic.Execute(module); ConsoleLog.AppendText($"{time} Processing Arithmetic{Environment.NewLine}"); } if (LF.IsChecked == true) { L2F.Execute(module); ConsoleLog.AppendText($"{time} Processing Local Field{Environment.NewLine}"); } if (LFV2.IsChecked == true) { L2FV2.Execute(module); ConsoleLog.AppendText($"{time} Processing Local Field V2{Environment.NewLine}"); } if (Calli_.IsChecked == true) { Calli.Execute(module); ConsoleLog.AppendText($"{time} Processing Call To Calli{Environment.NewLine}"); } if (Proxy_String.IsChecked == true) { ProxyString.Execute(module); ConsoleLog.AppendText($"{time} Processing Proxy Strings{Environment.NewLine}"); } if (ProxyConstants.IsChecked == true) { ProxyINT.Execute(module); ConsoleLog.AppendText($"{time} Processing Proxy Constants{Environment.NewLine}"); } if (Proxy_Meth.IsChecked == true) { ProxyMeth.Execute(module); ConsoleLog.AppendText($"{time} Processing Proxy Methods{Environment.NewLine}"); } if (Renamer.IsChecked == true) { RenamerPhase.Execute(module); ConsoleLog.AppendText($"{time} Processing Renaming{Environment.NewLine}"); } if (Anti_De4dot.IsChecked == true) { AntiDe4dot.Execute(module.Assembly); ConsoleLog.AppendText($"{time} Processing Anti De4dot{Environment.NewLine}"); } if (JumpCflow.IsChecked == true) { JumpCFlow.Execute(module); ConsoleLog.AppendText($"{time} Processing Jump Control flow{Environment.NewLine}"); } if (AntiDebug.IsChecked == true) { Anti_Debug.Execute(module); ConsoleLog.AppendText($"{time} Processing Anti Debug{Environment.NewLine}"); } if (Anti_Dump.IsChecked == true) { AntiDump.Execute(module); ConsoleLog.AppendText($"{time} Processing Anti Dump{Environment.NewLine}"); } if (AntiTamper.IsChecked == true) { Protection.Anti.AntiTamper.Execute(module); ConsoleLog.AppendText($"{time} Processing Anti Tamper{Environment.NewLine}"); } if (InvalidMD.IsChecked == true) { InvalidMDPhase.Execute(module.Assembly); ConsoleLog.AppendText($"{time} Processing Invalid MetaData{Environment.NewLine}"); } var text2 = Path.GetDirectoryName(LoadBox.Text); if (text2 != null && !text2.EndsWith("\\")) { text2 += "\\"; } var path = $"{text2}{Path.GetFileNameWithoutExtension(LoadBox.Text)}_protected{Path.GetExtension(LoadBox.Text)}"; module.Write(path, new ModuleWriterOptions(module) { PEHeadersOptions = { NumberOfRvaAndSizes = 13 }, Logger = DummyLogger.NoThrowInstance }); ConsoleLog.AppendText($"{time} {path}"); if (AntiTamper.IsChecked == true) { Protection.Anti.AntiTamper.Sha256(path); } }
static void Main(string[] args) { Console.Title = "AntiRE.Example"; Console.ForegroundColor = ConsoleColor.DarkYellow; Console.WriteLine(@" _ _ _____ ______ _____ _ _ /\ | | (_) __ \| ____| | __ \ | | (_) / \ _ __ | |_ _| |__) | |__ | |__) | _ _ __ | |_ _ _ __ ___ ___ / /\ \ | '_ \| __| | _ /| __| | _ / | | | '_ \| __| | '_ ` _ \ / _ \ / ____ \| | | | |_| | | \ \| |____ _| | \ \ |_| | | | | |_| | | | | | | __/ /_/ \_\_| |_|\__|_|_| \_\______(_)_| \_\__,_|_| |_|\__|_|_| |_| |_|\___| "); var CurrentProcess = Process.GetCurrentProcess(); bool SelfDelete = false; bool ShowAlert = true; //Alert settings Alert.NotepadStyle = true; Alert.AutoClose = false; Alert.AutoCloseTime = 2; Alert.NotepadPath = "readme.txt"; //Prevent assembly being dumped from memory AntiDump.Parse(typeof(Program /* or this.GetType() */)); //Prevent application start under sandbox tools AntiSandBox.SelfDelete = SelfDelete; AntiSandBox.ShowAlert = ShowAlert; AntiSandBox.Parse(CurrentProcess); //Prevent application start under virtual machine AntiVirtualMachine.SelfDelete = SelfDelete; AntiVirtualMachine.ShowAlert = ShowAlert; AntiVirtualMachine.Parse(CurrentProcess); //Prevent from network being monitored AntiSniff.SelfDelete = SelfDelete; AntiSniff.ShowAlert = ShowAlert; AntiSniff.Parse(CurrentProcess); //Prevents reverse engineering tools from running in the system AntiReverserTools.SelfDelete = SelfDelete; AntiReverserTools.ShowAlert = ShowAlert; AntiReverserTools.IgnoreCase = true; AntiReverserTools.KeepAlive = true; AntiReverserTools.WhiteList.Add("notepad"); AntiReverserTools.BlackList.Add("dnspy"); AntiReverserTools.Start(CurrentProcess); //Anti debugger AntiDebugger.SelfDelete = SelfDelete; AntiDebugger.ShowAlert = ShowAlert; AntiDebugger.KeepAlive = true; AntiDebugger.Start(CurrentProcess); //Detect if dnspy installed on system AntiDnspy.SelfDelete = SelfDelete; AntiDnspy.ShowAlert = ShowAlert; AntiDnspy.Parse(CurrentProcess); //Send anti sniff request to server try { HttpWebRequest req = (HttpWebRequest)WebRequest.Create("https://google.com"); req.ContinueTimeout = 10000; req.ReadWriteTimeout = 10000; req.Timeout = 10000; req.KeepAlive = true; req.UserAgent = "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/28.0.1500.63 Safari/537.36"; req.Accept = "*/*"; req.Method = "GET"; req.Headers.Add("Accept-Language", "en-US,en;q=0.9,fa;q=0.8"); req.Headers.Add("Accept-Encoding", "gzip, deflate"); req.AutomaticDecompression = DecompressionMethods.GZip; req.ServerCertificateValidationCallback = AntiSniff.ValidationCallback; req.ServicePoint.Expect100Continue = false; using (HttpWebResponse response = req.GetResponse() as HttpWebResponse) { if (response.StatusCode != HttpStatusCode.OK) { Alert.Show("NETWORK CONNECTION ERROR, CHECK YOUR INTERNET CONNECTION OR CLOSE SNIFFER SOFTWARES"); Environment.Exit(0); return; } } } catch { Alert.Show("NETWORK CONNECTION ERROR, CHECK YOUR INTERNET CONNECTION OR CLOSE SNIFFER SOFTWARES"); Environment.Exit(0); return; } Console.ForegroundColor = ConsoleColor.Gray; Console.WriteLine("\r\n [#] Application started successfully\r\n [#] Press any key to exit..."); Console.ReadKey(); }
static void Main(string[] args) { #region Initialize Console.Title = "Rzy Protector V2 Unpacker - by illuZion#9999"; WriteTitle(); if (args.Length != 1) { Write("Please, drag 'n' drop the file to unpack!", Type.Error); Leave(); } string directory = args[0]; try { Module = ModuleDefMD.Load(directory); } catch { Write("Not a .NET Assembly...", Type.Error); Leave(); } #endregion Initialize #region Unpack HideMethods.Execute(Module); CallToCalli.Execute(Module); EmptyTypes.Execute(Module); Maths(Module); LocalToField.Execute(Module); Constants.Execute(Module); Maths(Module); StringProtection.Execute(Module); FakeObfuscator.Execute(Module); AntiIlDasm.Execute(Module); AntiDe4dot.Execute(Module); AntiDnspy.Execute(Module); AntiVm.Execute(Module); AntiDebug.Execute(Module); AntiDump.Execute(Module); RemoveNops.Execute(Module); #endregion Unpack #region Save the file Write("Saving the unpacked file..."); string text = Path.GetDirectoryName(directory); if (text == null) { Leave(); } // We can disable the possible null exception as the Leave method closes the program (but Resharper does not detect it). // ReSharper disable once PossibleNullReferenceException text += !text.EndsWith("\\") ? "\\" : null; string filename = $"{text}{Path.GetFileNameWithoutExtension(directory)}-Unpacked{Path.GetExtension(directory)}"; var writerOptions = new ModuleWriterOptions(Module); writerOptions.MetadataOptions.Flags |= MetadataFlags.PreserveAll; writerOptions.Logger = DummyLogger.NoThrowInstance; var nativewriterOptions = new NativeModuleWriterOptions(Module, true); nativewriterOptions.MetadataOptions.Flags |= MetadataFlags.PreserveAll; nativewriterOptions.Logger = DummyLogger.NoThrowInstance; if (Module.IsILOnly) { Module.Write(filename, writerOptions); } else { Module.NativeWrite(filename, nativewriterOptions); } Write($"File saved at: {filename}", Type.Success); Leave(); #endregion Save the file }
// Token: 0x060000FE RID: 254 RVA: 0x00015024 File Offset: 0x00013224 private void metroButton2_Click(object sender, EventArgs e) { ModuleDef moduleDef = ModuleDefMD.Load(this.metroTextBox1.Text); bool numberToString = Settings.NumberToString; if (numberToString) { Constants__numbers_.ObfuscateNumbers(moduleDef); } bool stackUnderflow = Settings.StackUnderflow; if (stackUnderflow) { Stack_Underflow.StackUnderflow(moduleDef); } bool sizeOf = Settings.SizeOf; if (sizeOf) { SizeOf.Sizeof(moduleDef); } bool disConstants = Settings.DisConstants; if (disConstants) { Distant_Constants.DisConstants(moduleDef); } bool refProxy = Settings.RefProxy; if (refProxy) { Method_Wiper.Execute(moduleDef); } bool constants = Settings.Constants; if (constants) { Constants__numbers_.Inject(moduleDef); } bool localToFields = Settings.LocalToFields; if (localToFields) { LocalToFields.Protect(moduleDef); } bool renamer = Settings.Renamer; if (renamer) { Renamer.Execute(moduleDef); } bool controlFlow = Settings.ControlFlow; if (controlFlow) { Control_Flow.Encrypt(moduleDef); Constants__numbers_.Execute(moduleDef); } bool constant_Mutation = Settings.Constant_Mutation; if (constant_Mutation) { Constant_Mutation.Execute(moduleDef); } bool antiDe4dot = Settings.AntiDe4dot; if (antiDe4dot) { Anti_De4dot.RemoveDe4dot(moduleDef); } bool antiILdasm = Settings.AntiILdasm; if (antiILdasm) { Anti_ILDasm.Anti(moduleDef); } bool koiVMFakeSig = Settings.KoiVMFakeSig; if (koiVMFakeSig) { KoiVM_Fake_Watermark.Execute(moduleDef); } bool antiDump = Settings.AntiDump; if (antiDump) { AntiDump.Inject(moduleDef); } bool invalidMetadata = Settings.InvalidMetadata; if (invalidMetadata) { Invalid_Metadata.InvalidMD(moduleDef); } bool calli = Settings.Calli; if (calli) { Calli.Execute(moduleDef); } bool antiHTTPDebugger = Settings.AntiHTTPDebugger; if (antiHTTPDebugger) { Anti_Http_Debugger.Execute(moduleDef); } bool antiFiddler = Settings.AntiFiddler; if (antiFiddler) { Anti_Fiddler.Execute(moduleDef); } bool stringEncryption = Settings.StringEncryption; if (stringEncryption) { String_Encryption.Inject(moduleDef); } Watermark.Execute(moduleDef); ModuleDef manifestModule = moduleDef.Assembly.ManifestModule; moduleDef.EntryPoint.Name = "BlinkRE"; moduleDef.Mvid = new Guid?(Guid.NewGuid()); bool strong = Settings.Strong; if (strong) { Protection.Protect(moduleDef); Inject.ProtectValue(moduleDef); Inject.DoubleProtect(moduleDef); Inject.Triple(moduleDef); Inject.Triple(moduleDef); Method_Wiper.Execute(moduleDef); Assembly.MarkAssembly(moduleDef); Locals.Protect(moduleDef); } Directory.CreateDirectory(".\\AtomicProtected"); moduleDef.Write(".\\AtomicProtected\\" + Path.GetFileName(this.metroTextBox1.Text), new ModuleWriterOptions(moduleDef) { PEHeadersOptions = { NumberOfRvaAndSizes = new uint?(13U) }, MetaDataOptions = { TablesHeapOptions = { ExtraData = new uint?(4919U) } }, Logger = DummyLogger.NoThrowInstance }); Process.Start(".\\AtomicProtected"); MessageBox.Show("Obfuscation complete! Restart to obfuscate again"); Environment.Exit(0); }