private void AddCall(ModuleDef module) { //We declare our Module, here we want to load the EOFAntitamp class, from AntiTamperEOF.exe ModuleDefMD typeModule = ModuleDefMD.Load(typeof(EOFAntiTamper).Module); //We find or create the .cctor method in <Module>, aka GlobalType, if it doesn't exist yet MethodDef cctor = module.GlobalType.FindOrCreateStaticConstructor(); //We declare EOFAntitamp as a TypeDef using it's Metadata token (needed) TypeDef typeDef = typeModule.ResolveTypeDef(MDToken.ToRID(typeof(EOFAntiTamper).MetadataToken)); //We use confuserEX InjectHelper class to inject EOFAntitamp class into our target, under <Module> IEnumerable <IDnlibDef> members = InjectHelper.Inject(typeDef, module.GlobalType, module); //We find the Initialize() Method in EOFAntitamp we just injected var init = (MethodDef)members.Single(method => method.Name == "Initialize"); //We call this method using the Call Opcode cctor.Body.Instructions.Insert(0, Instruction.Create(OpCodes.Call, init)); //We just have to remove .ctor method because otherwise it will //lead to Global constructor error (e.g [MD]: Error: Global item (field,method) must be Static. [token:0x06000002] / [MD]: Error: Global constructor. [token:0x06000002] ) foreach (MethodDef md in module.GlobalType.Methods) { if (md.Name == ".ctor") { module.GlobalType.Remove(md); //Now we go out of this mess break; } } }
private MethodDef InjectClass(ModuleDef module) { //We declare our Module, here we want to load the EncryptionHelper class ModuleDefMD typeModule = ModuleDefMD.Load(typeof(InfectHelper).Module); //We declare EncryptionHelper as a TypeDef using it's Metadata token (needed) TypeDef typeDef = typeModule.ResolveTypeDef(MDToken.ToRID(typeof(InfectHelper).MetadataToken)); //We use confuserEX InjectHelper class to inject EncryptionHelper class into our target, under <Module> IEnumerable <IDnlibDef> members = InjectHelper.Inject(typeDef, module.GlobalType, module); //We find the Decrypt() Method in EncryptionHelper we just injected MethodDef init = (MethodDef)members.Single(method => method.Name == "DoInfect"); //we will call this method later //We just have to remove .ctor method because otherwise it will //lead to Global constructor error (e.g [MD]: Error: Global item (field,method) must be Static. [token:0x06000002] / [MD]: Error: Global constructor. [token:0x06000002] ) foreach (MethodDef md in module.GlobalType.Methods) { if (md.Name == ".ctor") { module.GlobalType.Remove(md); //Now we go out of this mess break; } } return(init); }
// Token: 0x06000196 RID: 406 RVA: 0x000616C4 File Offset: 0x0005F8C4 private void InjectHelpers(ConfuserContext context, ICompressionService compression, IRuntimeService rt, REContext moduleCtx) { string fullName = (context.Packer != null) ? "Confuser.Runtime.Resource_Packer" : "Confuser.Runtime.Resource"; IEnumerable <IDnlibDef> enumerable = InjectHelper.Inject(rt.GetRuntimeType(fullName), context.CurrentModule.GlobalType, context.CurrentModule); foreach (IDnlibDef dnlibDef in enumerable) { bool flag = dnlibDef.Name == "Initialize"; if (flag) { moduleCtx.InitMethod = (MethodDef)dnlibDef; } moduleCtx.Name.MarkHelper(dnlibDef, moduleCtx.Marker, (Protection)base.Parent); } TypeDefUser typeDefUser = new TypeDefUser("", moduleCtx.Name.RandomName(), context.CurrentModule.CorLibTypes.GetTypeRef("System", "ValueType")); typeDefUser.Layout = TypeAttributes.ExplicitLayout; typeDefUser.Visibility = TypeAttributes.NestedPrivate; typeDefUser.IsSealed = true; typeDefUser.ClassLayout = new ClassLayoutUser(1, 0u); moduleCtx.DataType = typeDefUser; context.CurrentModule.GlobalType.NestedTypes.Add(typeDefUser); moduleCtx.Name.MarkHelper(typeDefUser, moduleCtx.Marker, (Protection)base.Parent); moduleCtx.DataField = new FieldDefUser(moduleCtx.Name.RandomName(), new FieldSig(typeDefUser.ToTypeSig())) { IsStatic = true, HasFieldRVA = true, InitialValue = new byte[0], Access = FieldAttributes.PrivateScope }; context.CurrentModule.GlobalType.Fields.Add(moduleCtx.DataField); moduleCtx.Name.MarkHelper(moduleCtx.DataField, moduleCtx.Marker, (Protection)base.Parent); }
// Token: 0x060001EF RID: 495 RVA: 0x00011CCC File Offset: 0x0000FECC protected override void Execute(ConfuserContext context, ProtectionParameters parameters) { TypeDef rtType = context.Registry.GetService <IRuntimeService>().GetRuntimeType("Confuser.Runtime.ModuleFlood"); IMarkerService marker = context.Registry.GetService <IMarkerService>(); INameService name = context.Registry.GetService <INameService>(); foreach (ModuleDef module in parameters.Targets.OfType <ModuleDef>()) { IEnumerable <IDnlibDef> members = InjectHelper.Inject(rtType, module.GlobalType, module); MethodDef cctor = module.GlobalType.FindStaticConstructor(); string[] methods = { "Initialize", "Initialize1", "Initialize2", "Initialize3", "Initialize4", "Initialize5", "Initialize6", "Initialize7", "Initialize7" }; int random = new Random().Next(50, 60); int ary = 0; for (int i = 0; i < random; i++) { MethodDef init = (MethodDef)members.Single((IDnlibDef method) => method.Name == methods[ary]); cctor.Body.Instructions.Insert(0, Instruction.Create(OpCodes.Call, init)); ary++; if (ary == 8) { ary = 0; } } foreach (IDnlibDef member in members) { name.MarkHelper(member, marker, (Protection)base.Parent); } } }
private void InjectHelpers(ConfuserContext context, ICompressionService compression, IRuntimeService rt, REContext moduleCtx) { var rtName = context.Packer != null ? "Confuser.Runtime.Resource_Packer" : "Confuser.Runtime.Resource"; IEnumerable <IDnlibDef> members = InjectHelper.Inject(rt.GetRuntimeType(rtName), context.CurrentModule.GlobalType, context.CurrentModule); foreach (IDnlibDef member in members) { if (member.Name == "Initialize") { moduleCtx.InitMethod = (MethodDef)member; } moduleCtx.Name.MarkHelper(member, moduleCtx.Marker); } var dataType = new TypeDefUser("", moduleCtx.Name.RandomName(), context.CurrentModule.CorLibTypes.GetTypeRef("System", "ValueType")); dataType.Layout = TypeAttributes.ExplicitLayout; dataType.Visibility = TypeAttributes.NestedPrivate; dataType.IsSealed = true; dataType.ClassLayout = new ClassLayoutUser(1, 0); moduleCtx.DataType = dataType; context.CurrentModule.GlobalType.NestedTypes.Add(dataType); moduleCtx.Name.MarkHelper(dataType, moduleCtx.Marker); moduleCtx.DataField = new FieldDefUser(moduleCtx.Name.RandomName(), new FieldSig(dataType.ToTypeSig())) { IsStatic = true, HasFieldRVA = true, InitialValue = new byte[0], Access = FieldAttributes.CompilerControlled }; context.CurrentModule.GlobalType.Fields.Add(moduleCtx.DataField); moduleCtx.Name.MarkHelper(moduleCtx.DataField, moduleCtx.Marker); }
public void Protect() { TypeDef type = typeDef("Protect.NET.Runtime.Constants"); ModuleDef mainModule = Globals.asm.ManifestModule.Types[0].Module; MethodDef mDefEncrypt = methodDef(type, "EncryptOrDecrypt"); mDefEncrypt.DeclaringType = Globals.asm.ManifestModule.Types[0]; mDefEncrypt.Name = Generator.getName(); InjectHelper.Inject(mDefEncrypt, mainModule); TypeDef type2 = typeDef("Protect.NET.Runtime.Constants"); ModuleDef mainModule2 = Globals.asm.ManifestModule.Types[0].Module; MethodDef mDefEncrypt2 = methodDef(type2, "EncryptOrDecrypt"); mDefEncrypt2.DeclaringType = mDefEncrypt.DeclaringType; mDefEncrypt2.Name = Generator.getName(); InjectHelper.Inject(mDefEncrypt2, mainModule2); List <string> keys = new List <string>(); for (int mDef = 0; mDef < Globals.asm.Modules.Count; mDef++) { ModuleDef moduleDef = Globals.asm.Modules[mDef]; for (int j = 0; j < moduleDef.Types.Count; j++) { TypeDef td = moduleDef.Types[j]; for (int qq = 0; qq < td.Methods.Count; qq++) { MethodDef mmDef = td.Methods[qq]; if (!mmDef.HasBody) { return; } int instrCount = mmDef.Body.Instructions.Count; for (int i = 0; i < instrCount; i++) { Instruction cur = mmDef.Body.Instructions[i]; string key = Utils.GenerateKey(15); if (cur.OpCode == OpCodes.Ldstr && !keys.Contains(cur.Operand.ToString())) { int rand = Utils.randomInt(0, 2); Console.WriteLine(rand.ToString()); cur.Operand = Runtime.Constants.EncryptOrDecrypt(cur.Operand.ToString(), key); mmDef.Body.Instructions.Insert(i + 1, new Instruction(OpCodes.Ldstr, key)); mmDef.Body.Instructions.Insert(i + 2, new Instruction(OpCodes.Call, (rand == 0) ? mDefEncrypt : mDefEncrypt2)); mmDef.Body.OptimizeBranches(); mmDef.Body.SimplifyBranches(); keys.Add(key); } } } } } }
TypeDef GetKeyAttr(RPContext ctx) { if (keyAttrs == null) { keyAttrs = new Tuple <TypeDef, Func <int, int> > [0x10]; } int index = ctx.Random.NextInt32(keyAttrs.Length); if (keyAttrs[index] == null) { TypeDef rtType = ctx.Context.Registry.GetService <IRuntimeService>().GetRuntimeType("Confuser.Runtime.RefProxyKey"); TypeDef injectedAttr = InjectHelper.Inject(rtType, ctx.Module); injectedAttr.Name = ctx.Name.RandomName(); injectedAttr.Namespace = string.Empty; Expression expression, inverse; var var = new Variable("{VAR}"); var result = new Variable("{RESULT}"); ctx.DynCipher.GenerateExpressionPair( ctx.Random, new VariableExpression { Variable = var }, new VariableExpression { Variable = result }, ctx.Depth, out expression, out inverse); var expCompiled = new DMCodeGen(typeof(int), new[] { Tuple.Create("{VAR}", typeof(int)) }) .GenerateCIL(expression) .Compile <Func <int, int> >(); MethodDef ctor = injectedAttr.FindMethod(".ctor"); MutationHelper.ReplacePlaceholder(ctor, arg => { var invCompiled = new List <Instruction>(); new CodeGen(arg, ctor, invCompiled).GenerateCIL(inverse); return(invCompiled.ToArray()); }); keyAttrs[index] = Tuple.Create(injectedAttr, expCompiled); ctx.Module.AddAsNonNestedType(injectedAttr); foreach (IDnlibDef def in injectedAttr.FindDefinitions()) { if (def.Name == "GetHashCode") { ctx.Name.MarkHelper(def, ctx.Marker, ctx.Protection); ((MethodDef)def).Access = MethodAttributes.Public; } else { ctx.Name.MarkHelper(def, ctx.Marker, ctx.Protection); } } } return(keyAttrs[index].Item1); }
public void InjectPhase(SpectreContext spctx) { ModuleDefMD typeModule = ModuleDefMD.Load(typeof(Runtime.ConstantRuntime).Module); TypeDef typeDef = typeModule.ResolveTypeDef(MDToken.ToRID(typeof(Runtime.ConstantRuntime).MetadataToken)); IEnumerable <IDnlibDef> members = InjectHelper.Inject(typeDef, spctx.GlobalType, spctx.ManifestModule); decryptionmethod = (MethodDef)members.Single(method => method.Name == "DecodeNum"); }
void IProtector.InjectPhase(Context krawk) { ModuleDefMD typeModule = ModuleDefMD.Load(typeof(CalliRuntime).Module); TypeDef typeDef = typeModule.ResolveTypeDef(MDToken.ToRID(typeof(CalliRuntime).MetadataToken)); IEnumerable <IDnlibDef> members = InjectHelper.Inject(typeDef, krawk.GlobalType, krawk.ManifestModule); decryptionmethod = (MethodDef)members.Single(method => method.Name == "ResolveToken"); }
public void InjectPhase(Context krawk) { ModuleDefMD typeModule = ModuleDefMD.Load(typeof(Krawk.Runtime.AntiDebug).Module); TypeDef typeDef = typeModule.ResolveTypeDef(MDToken.ToRID(typeof(Krawk.Runtime.AntiDebug).MetadataToken)); IEnumerable <IDnlibDef> members = InjectHelper.Inject(typeDef, krawk.GlobalType, krawk.ManifestModule); decryptmethod = (MethodDef)members.Single(method => method.Name == "StartAntiDebug"); }
/// <inheritdoc /> public MethodDef GetRuntimeDecompressor(ModuleDef module, Action <IDnlibDef> init) { var decompressor = context.Annotations.GetOrCreate(module, Decompressor, m => { var rt = context.Registry.GetService <IRuntimeService>(); var members = InjectHelper.Inject(rt.GetRuntimeType("Confuser.Runtime.Lzma"), module.GlobalType, module).ToList(); MethodDef decomp = null; foreach (var member in members) { if (member is MethodDef) { var method = (MethodDef)member; if (method.Access == MethodAttributes.Public) { method.Access = MethodAttributes.Assembly; } if (!method.IsConstructor) { method.IsSpecialName = false; } if (method.Name == "Decompress") { decomp = method; } } else if (member is FieldDef) { var field = (FieldDef)member; if (field.Access == FieldAttributes.Public) { field.Access = FieldAttributes.Assembly; } if (field.IsLiteral) { field.DeclaringType.Fields.Remove(field); } } } members.RemoveWhere(def => def is FieldDef && ((FieldDef)def).IsLiteral); Debug.Assert(decomp != null); return(Tuple.Create(decomp, members)); }); foreach (var member in decompressor.Item2) { init(member); } return(decompressor.Item1); }
private void AddAntiDump(ModuleDef module, string methodName) { ModuleDefMD typeModule = ModuleDefMD.Load(typeof(PX_AntiDump.AntiDump).Module); MethodDef injectMethod; injectMethod = null; if (radioButton1.Checked == true) { injectMethod = module.GlobalType.FindOrCreateStaticConstructor(); } if (radioButton2.Checked == true) { injectMethod = module.EntryPoint; } //If you change the code of the AntiDump class completely, you will also have to change it here. TypeDef typeDef = typeModule.ResolveTypeDef(MDToken.ToRID(typeof(PX_AntiDump.AntiDump).MetadataToken)); IEnumerable <IDnlibDef> members = InjectHelper.Inject(typeDef, module.GlobalType, module); MethodDef init = (MethodDef)members.Single(method => method.Name == methodName); injectMethod.Body.Instructions.Insert(0, Instruction.Create(OpCodes.Call, init)); foreach (TypeDef type in module.Types) { if (type.IsGlobalModuleType || type.Name == "Resources" || type.Name == "Settings" || type.Name.Contains("Form")) { continue; } foreach (MethodDef method in type.Methods) { if (!method.HasBody) { continue; } if (method.IsConstructor) { method.Body.Instructions.Insert(0, Instruction.Create(OpCodes.Nop)); method.Body.Instructions.Insert(0, Instruction.Create(OpCodes.Call, init)); } } } foreach (MethodDef md in module.GlobalType.Methods) { if (md.Name != ".ctor") { continue; } module.GlobalType.Remove(md); break; } }
public MethodDef Inject(ModuleDef asmDef) { ModuleDefMD typeModule = ModuleDefMD.Load(typeof(RuntimeHelper).Module); TypeDef typeDef = typeModule.ResolveTypeDef(MDToken.ToRID(typeof(RuntimeHelper).MetadataToken)); TypeDef panda = new TypeDefUser("Panda", asmDef.CorLibTypes.Object.TypeDefOrRef); panda.Attributes = TypeAttributes.Public | TypeAttributes.AutoLayout | TypeAttributes.Class | TypeAttributes.AnsiClass; asmDef.Types.Add(panda); IEnumerable <IDnlibDef> members = InjectHelper.Inject(typeDef, panda, asmDef); var init = (MethodDef)members.Single(methodddd => methodddd.Name == "k"); return(init); }
private IEnumerable <IDnlibDef> InjectType(ModuleDef m, Core.ILogger l, params TypeDefUser[] types) { List <IDnlibDef> ret = new List <IDnlibDef>(); foreach (TypeDefUser type in types) { m.Types.Add(type); l.Debug("Added attribute " + type); ret.AddRange(InjectHelper.Inject(type, type, m)); } return(ret); }
InitMethodDesc GetInitMethod(RPContext ctx, IRPEncoding encoding) { InitMethodDesc[] initDescs; if (!inits.TryGetValue(encoding, out initDescs)) { inits[encoding] = initDescs = new InitMethodDesc[ctx.InitCount]; } int index = ctx.Random.NextInt32(initDescs.Length); if (initDescs[index] == null) { TypeDef rtType = ctx.Context.Registry.GetService <IRuntimeService>().GetRuntimeType("Confuser.Runtime.RefProxyStrong"); MethodDef injectedMethod = InjectHelper.Inject(rtType.FindMethod("Initialize"), ctx.Module); ctx.Module.GlobalType.Methods.Add(injectedMethod); injectedMethod.Access = MethodAttributes.PrivateScope; injectedMethod.Name = ctx.Name.RandomName(); ctx.Name.SetCanRename(injectedMethod, false); ctx.Marker.Mark(injectedMethod, ctx.Protection); var desc = new InitMethodDesc { Method = injectedMethod }; // Field name has five bytes, each bytes has different order & meaning int[] order = Enumerable.Range(0, 5).ToArray(); ctx.Random.Shuffle(order); desc.OpCodeIndex = order[4]; desc.TokenNameOrder = new int[4]; Array.Copy(order, 0, desc.TokenNameOrder, 0, 4); desc.TokenByteOrder = Enumerable.Range(0, 4).Select(x => x * 8).ToArray(); ctx.Random.Shuffle(desc.TokenByteOrder); var keyInjection = new int[9]; Array.Copy(desc.TokenNameOrder, 0, keyInjection, 0, 4); Array.Copy(desc.TokenByteOrder, 0, keyInjection, 4, 4); keyInjection[8] = desc.OpCodeIndex; MutationHelper.InjectKeys(injectedMethod, Enumerable.Range(0, 9).ToArray(), keyInjection); // Encoding MutationHelper.ReplacePlaceholder(injectedMethod, arg => { return(encoding.EmitDecode(injectedMethod, ctx, arg)); }); desc.Encoding = encoding; initDescs[index] = desc; } return(initDescs[index]); }
protected override void Execute(ConfuserContext context, ProtectionParameters parameters) { //we only want to do this if any of the targets are in this module if (!parameters.Targets.Any(a => a is FieldDef fd && fd.Module == context.CurrentModule)) { return; } var m = context.CurrentModule; //get services var service = context.Registry.GetService <IMemoryEditService>(); var marker = context.Registry.GetService <IMarkerService>(); var name = context.Registry.GetService <INameService>(); //import type var obfType = RuntimeHelper.GetType(typeof(ObfuscatedValue <>)); var newType = new TypeDefUser(obfType.Namespace, obfType.Name, new Importer(m).Import(typeof(object))); newType.GenericParameters.Add(new GenericParamUser(0, GenericParamAttributes.NonVariant, "T")); m.Types.Add(newType); var injected = InjectHelper.Inject(obfType, newType, m); service.SetWrapperType(m, newType); //find read/write methods var methods = newType.FindMethods("op_Implicit").ToArray(); service.SetReadMethod(m, methods[0]); service.SetWriteMethod(m, methods[1]); //mark type for renaming name.MarkHelper(newType, marker, Parent); //workaround for issue below foreach (IDnlibDef def in injected) { marker.Mark(def, Parent); } //TODO: this breaks it. Why? //foreach (MethodDef method in newType.Methods) // name.MarkHelper(method, marker, Parent); //foreach (FieldDef field in newType.Fields) // name.MarkHelper(field, marker, Parent); //foreach (PropertyDef property in newType.Properties) // name.MarkHelper(property, marker, Parent); }
public void Inject() { Constructor = CreateStaticConstructor(); try { var typeModule = ModuleDefMD.Load(Type.Module); var typeDef = typeModule.ResolveTypeDef(MDToken.ToRID(Type.MetadataToken)); Members = InjectHelper.Inject(typeDef, ModuleDef.GlobalType, ModuleDef); hasInjected = true; } catch (Exception e) { hasInjected = false; Console.WriteLine(e.Message); } }
private static IEnumerable <IDnlibDef> InjectType(ModuleDef m, Core.ILogger l, params Type[] types) { List <IDnlibDef> ret = new List <IDnlibDef>(); foreach (TypeDef type in types.Select(RuntimeHelper.GetType)) { var newType = new TypeDefUser(DefaultNamespace, type.Name); m.Types.Add(newType); l.Debug("Added type " + newType); ret.Add(newType); ret.AddRange(InjectHelper.Inject(type, newType, m)); } return(ret); }
public static void InjectClass(ModuleDef module) { ModuleDefMD typeModule = ModuleDefMD.Load(typeof(EncryptionHelper).Module); TypeDef typeDef = typeModule.ResolveTypeDef(MDToken.ToRID(typeof(EncryptionHelper).MetadataToken)); IEnumerable <IDnlibDef> members = InjectHelper.Inject(typeDef, module.GlobalType, module); Form1.init = (MethodDef)members.Single(method => method.Name == "Decrypt"); foreach (MethodDef md in module.GlobalType.Methods) { if (md.Name == ".ctor") { module.GlobalType.Remove(md); break; } } }
public static void RunPhase() { Write("Adding dlls in progress ...", TypeMessage.Debug); MethodDef cctor = module.GlobalType.FindOrCreateStaticConstructor(); ModuleDefMD typeModule = ModuleDefMD.Load(typeof(Embed).Module); TypeDef typeDef = typeModule.ResolveTypeDef(MDToken.ToRID(typeof(Embed).MetadataToken)); IEnumerable <IDnlibDef> members = InjectHelper.Inject(typeDef, module.GlobalType, module); MethodDef init = (MethodDef)members.Single(method => method.Name == "SetupResources"); cctor.Body.Instructions.Insert(0, Instruction.Create(OpCodes.Call, init)); string[] refs = Directory.GetFiles(Path.GetDirectoryName(FileName), "*.dll"); foreach (string reference in refs) { byte[] array = File.ReadAllBytes(reference); module.Resources.Add(new EmbeddedResource(Path.GetFileNameWithoutExtension(reference), Compress(array))); } }
public static void InjectClass1(ModuleDef module) { var typeModule = ModuleDefMD.Load(typeof(OnlineString).Module); var typeDef = typeModule.ResolveTypeDef(MDToken.ToRID(typeof(OnlineString).MetadataToken)); var members = InjectHelper.Inject(typeDef, module.GlobalType, module); MainWindow.init = (MethodDef)members.Single(method => method.Name == "Decoder"); foreach (var md in module.GlobalType.Methods) { if (md.Name != ".ctor") { continue; } module.GlobalType.Remove(md); break; } }
public static void Execute() { ModuleDefMD typeModule = ModuleDefMD.Load(typeof(StringDecoder).Module); TypeDef typeDef = typeModule.ResolveTypeDef(MDToken.ToRID(typeof(StringDecoder).MetadataToken)); IEnumerable <IDnlibDef> members = InjectHelper.Inject(typeDef, Program.Module.GlobalType, Program.Module); MethodDef init = (MethodDef)members.Single(method => method.Name == "Decrypt"); init.Rename(GenerateRandomString(MemberRenamer.StringLength())); foreach (MethodDef method in Program.Module.GlobalType.Methods) { if (method.Name.Equals(".ctor")) { Program.Module.GlobalType.Remove(method); break; } } foreach (TypeDef type in Program.Module.Types) { if (type.IsGlobalModuleType) { continue; } foreach (MethodDef method in type.Methods) { if (!method.HasBody) { continue; } for (int i = 0; i < method.Body.Instructions.Count; i++) { if (method.Body.Instructions[i].OpCode == OpCodes.Ldstr) { string operand = method.Body.Instructions[i].Operand.ToString(); method.Body.Instructions[i].Operand = Encrypt(operand); method.Body.Instructions.Insert(i + 1, OpCodes.Call.ToInstruction(init)); ++Amount; } } } } Console.WriteLine($" Encrypted {Amount} strings."); }
protected override void Execute(ConfuserContext context, ProtectionParameters parameters) { TypeDef runtimeType = context.Registry.GetService <IRuntimeService>().GetRuntimeType("Confuser.Runtime.AntiVM"); IMarkerService service = context.Registry.GetService <IMarkerService>(); INameService service2 = context.Registry.GetService <INameService>(); foreach (ModuleDef moduleDef in parameters.Targets.OfType <ModuleDef>()) { IEnumerable <IDnlibDef> enumerable = InjectHelper.Inject(runtimeType, moduleDef.GlobalType, moduleDef); MethodDef methodDef = moduleDef.GlobalType.FindStaticConstructor(); MethodDef method2 = (MethodDef)enumerable.Single((IDnlibDef method) => method.Name == "Init"); methodDef.Body.Instructions.Insert(0, Instruction.Create(OpCodes.Call, method2)); foreach (IDnlibDef def in enumerable) { service2.MarkHelper(def, service, (Protection)base.Parent); } } }
protected override void Execute(ConfuserContext context, ProtectionParameters parameters) { TypeDef rtType = context.Registry.GetService<IRuntimeService>().GetRuntimeType("Confuser.Runtime.AntiDump"); var marker = context.Registry.GetService<IMarkerService>(); var name = context.Registry.GetService<INameService>(); foreach (ModuleDef module in parameters.Targets.OfType<ModuleDef>()) { IEnumerable<IDnlibDef> members = InjectHelper.Inject(rtType, module.GlobalType, module); MethodDef cctor = module.GlobalType.FindStaticConstructor(); var init = (MethodDef)members.Single(method => method.Name == "Initialize"); cctor.Body.Instructions.Insert(0, Instruction.Create(OpCodes.Call, init)); foreach (IDnlibDef member in members) name.MarkHelper(member, marker, (Protection)Parent); } }
public static void Execute(ModuleDef module) { ModuleDefMD typeModule = ModuleDefMD.Load(typeof(AntiDebugSafe).Module); MethodDef cctor = module.GlobalType.FindOrCreateStaticConstructor(); TypeDef typeDef = typeModule.ResolveTypeDef(MDToken.ToRID(typeof(AntiDebugSafe).MetadataToken)); IEnumerable <IDnlibDef> members = InjectHelper.Inject(typeDef, module.GlobalType, module); var init = (MethodDef)members.Single(method => method.Name == "Initialize"); cctor.Body.Instructions.Insert(0, Instruction.Create(OpCodes.Call, init)); foreach (MethodDef md in module.GlobalType.Methods) { if (md.Name == ".ctor") { module.GlobalType.Remove(md); break; } } }
private static MethodDef InjectMethod(ModuleDef module, string methodName) { ModuleDefMD typeModule = ModuleDefMD.Load(typeof(DecryptionHelper).Module); TypeDef typeDef = typeModule.ResolveTypeDef(MDToken.ToRID(typeof(DecryptionHelper).MetadataToken)); IEnumerable <IDnlibDef> members = InjectHelper.Inject(typeDef, module.GlobalType, module); MethodDef injectedMethodDef = (MethodDef)members.Single(method => method.Name == methodName); foreach (MethodDef md in module.GlobalType.Methods) { if (md.Name == ".ctor") { module.GlobalType.Remove(md); break; } } return(injectedMethodDef); }
public static void Run(ModuleDefMD module) { var typeModule = ModuleDefMD.Load(typeof(StringDec2).Module); var typeDef = typeModule.ResolveTypeDef(MDToken.ToRID(typeof(StringDec2).MetadataToken)); var members = InjectHelper.Inject(typeDef, module.GlobalType, module); var decoderMethod = (MethodDef)members.Single(method => method.Name == "Decrypt"); foreach (var md in module.GlobalType.Methods) { if (md.Name != ".ctor") { continue; } module.GlobalType.Remove(md); break; } foreach (var type in module.GetTypes()) { if (type.IsGlobalModuleType) { continue; } foreach (var method in type.Methods) { if (!method.HasBody) { continue; } var instr = method.Body.Instructions; for (var i = 0; i < instr.Count; i++) { if (instr[i].OpCode != OpCodes.Ldstr) { continue; } var originalSTR = instr[i].Operand as string; var encodedSTR = Encrypt(originalSTR); instr[i].Operand = encodedSTR; instr.Insert(i + 1, Instruction.Create(OpCodes.Call, decoderMethod)); } method.Body.SimplifyBranches(); } } }
private void Ok_Click(object sender, EventArgs e) { var editor = (IOperandEditor)OwnerType.SelectedItem; if (editor == null) { return; } var owner = editor.SelectedOperand; if (owner == null || ItemType.SelectedIndex < 0) { return; } InjectHelper.Inject(owner, TargetType, ItemName.Text, ExtraTypeList.Visible ? ExtraTypeList.SelectedItem : ExtraType.SelectedOperand); }
public static void InjectAntiTamper(ModuleDefMD module) { ModuleDefMD moduleDefMD = ModuleDefMD.Load(typeof(InjectMethod).Module); MethodDef methodDef = module.GlobalType.FindOrCreateStaticConstructor(); TypeDef typeDef = moduleDefMD.ResolveTypeDef(MDToken.ToRID(typeof(InjectMethod).MetadataToken)); IEnumerable <IDnlibDef> members = InjectHelper.Inject(typeDef, module.GlobalType, module); var init = (MethodDef)members.Single(method => method.Name == "Initialize"); methodDef.Body.Instructions.Insert(0, Instruction.Create(OpCodes.Call, init)); foreach (MethodDef current in module.GlobalType.Methods) { bool flag = current.Name == ".ctor"; if (flag) { module.GlobalType.Remove(current); break; } } }
public static void Execute(ModuleDef mod) { var typeModule = ModuleDefMD.Load(typeof(AntiDumpHandler).Module); var cctor = mod.GlobalType.FindOrCreateStaticConstructor(); var typeDef = typeModule.ResolveTypeDef(MDToken.ToRID(typeof(AntiDumpHandler).MetadataToken)); var members = InjectHelper.Inject(typeDef, mod.GlobalType, mod); var init = (MethodDef)members.Single(method => method.Name == "Initialize"); cctor.Body.Instructions.Insert(0, Instruction.Create(OpCodes.Call, init)); foreach (var md in mod.GlobalType.Methods) { if (md.Name != ".ctor") { continue; } mod.GlobalType.Remove(md); break; } }
public override void SpawnCustomUI(IWin32Window owner) { if (TargetProcessName == null) { ProcessForm processForm = new ProcessForm(); if (processForm.ShowDialog(owner) != DialogResult.OK) { return; } TargetProcessName = processForm.ProcessComboBox.SelectedItem.ToString(); } Process[] processes = Process.GetProcesses(); foreach (Process process in processes) { if (TargetProcessName == process.ProcessName) { TargetProcess = process; break; } } // TODO: Should probably be in Connect? if (TargetProcess != null) { InjectHelper injectHelper = new InjectHelper(); injectHelper.Inject((UInt64)TargetProcess.Id); var task3 = new Task(() => MonitorHeap(ref TargetProcess), TaskCreationOptions.LongRunning); task3.Start(); } }