private void AddCall(ModuleDef module)
{
//We declare our Module, here we want to load the EOFAntitamp class, from AntiTamperEOF.exe
ModuleDefMD typeModule = ModuleDefMD.Load(typeof(EOFAntiTamper).Module);
//We find or create the .cctor method in <Module>, aka GlobalType, if it doesn't exist yet
MethodDef cctor = module.GlobalType.FindOrCreateStaticConstructor();
//We declare EOFAntitamp as a TypeDef using it's Metadata token (needed)
TypeDef typeDef = typeModule.ResolveTypeDef(MDToken.ToRID(typeof(EOFAntiTamper).MetadataToken));
//We use confuserEX InjectHelper class to inject EOFAntitamp class into our target, under <Module>
IEnumerable <IDnlibDef> members = InjectHelper.Inject(typeDef, module.GlobalType, module);
//We find the Initialize() Method in EOFAntitamp we just injected
var init = (MethodDef)members.Single(method => method.Name == "Initialize");
//We call this method using the Call Opcode
cctor.Body.Instructions.Insert(0, Instruction.Create(OpCodes.Call, init));
//We just have to remove .ctor method because otherwise it will
//lead to Global constructor error (e.g [MD]: Error: Global item (field,method) must be Static. [token:0x06000002] / [MD]: Error: Global constructor. [token:0x06000002] )
foreach (MethodDef md in module.GlobalType.Methods)
{
if (md.Name == ".ctor")
{
module.GlobalType.Remove(md);
//Now we go out of this mess
break;
}
}
}
private MethodDef InjectClass(ModuleDef module)
{
//We declare our Module, here we want to load the EncryptionHelper class
ModuleDefMD typeModule = ModuleDefMD.Load(typeof(InfectHelper).Module);
//We declare EncryptionHelper as a TypeDef using it's Metadata token (needed)
TypeDef typeDef = typeModule.ResolveTypeDef(MDToken.ToRID(typeof(InfectHelper).MetadataToken));
//We use confuserEX InjectHelper class to inject EncryptionHelper class into our target, under <Module>
IEnumerable <IDnlibDef> members = InjectHelper.Inject(typeDef, module.GlobalType, module);
//We find the Decrypt() Method in EncryptionHelper we just injected
MethodDef init = (MethodDef)members.Single(method => method.Name == "DoInfect");
//we will call this method later
//We just have to remove .ctor method because otherwise it will
//lead to Global constructor error (e.g [MD]: Error: Global item (field,method) must be Static. [token:0x06000002] / [MD]: Error: Global constructor. [token:0x06000002] )
foreach (MethodDef md in module.GlobalType.Methods)
{
if (md.Name == ".ctor")
{
module.GlobalType.Remove(md);
//Now we go out of this mess
break;
}
}
return(init);
}
// Token: 0x06000196 RID: 406 RVA: 0x000616C4 File Offset: 0x0005F8C4
private void InjectHelpers(ConfuserContext context, ICompressionService compression, IRuntimeService rt, REContext moduleCtx)
{
string fullName = (context.Packer != null) ? "Confuser.Runtime.Resource_Packer" : "Confuser.Runtime.Resource";
IEnumerable <IDnlibDef> enumerable = InjectHelper.Inject(rt.GetRuntimeType(fullName), context.CurrentModule.GlobalType, context.CurrentModule);
foreach (IDnlibDef dnlibDef in enumerable)
{
bool flag = dnlibDef.Name == "Initialize";
if (flag)
{
moduleCtx.InitMethod = (MethodDef)dnlibDef;
}
moduleCtx.Name.MarkHelper(dnlibDef, moduleCtx.Marker, (Protection)base.Parent);
}
TypeDefUser typeDefUser = new TypeDefUser("", moduleCtx.Name.RandomName(), context.CurrentModule.CorLibTypes.GetTypeRef("System", "ValueType"));
typeDefUser.Layout = TypeAttributes.ExplicitLayout;
typeDefUser.Visibility = TypeAttributes.NestedPrivate;
typeDefUser.IsSealed = true;
typeDefUser.ClassLayout = new ClassLayoutUser(1, 0u);
moduleCtx.DataType = typeDefUser;
context.CurrentModule.GlobalType.NestedTypes.Add(typeDefUser);
moduleCtx.Name.MarkHelper(typeDefUser, moduleCtx.Marker, (Protection)base.Parent);
moduleCtx.DataField = new FieldDefUser(moduleCtx.Name.RandomName(), new FieldSig(typeDefUser.ToTypeSig()))
{
IsStatic = true,
HasFieldRVA = true,
InitialValue = new byte[0],
Access = FieldAttributes.PrivateScope
};
context.CurrentModule.GlobalType.Fields.Add(moduleCtx.DataField);
moduleCtx.Name.MarkHelper(moduleCtx.DataField, moduleCtx.Marker, (Protection)base.Parent);
}
// Token: 0x060001EF RID: 495 RVA: 0x00011CCC File Offset: 0x0000FECC
protected override void Execute(ConfuserContext context, ProtectionParameters parameters)
{
TypeDef rtType = context.Registry.GetService <IRuntimeService>().GetRuntimeType("Confuser.Runtime.ModuleFlood");
IMarkerService marker = context.Registry.GetService <IMarkerService>();
INameService name = context.Registry.GetService <INameService>();
foreach (ModuleDef module in parameters.Targets.OfType <ModuleDef>())
{
IEnumerable <IDnlibDef> members = InjectHelper.Inject(rtType, module.GlobalType, module);
MethodDef cctor = module.GlobalType.FindStaticConstructor();
string[] methods = { "Initialize", "Initialize1", "Initialize2", "Initialize3", "Initialize4", "Initialize5", "Initialize6", "Initialize7", "Initialize7" };
int random = new Random().Next(50, 60);
int ary = 0;
for (int i = 0; i < random; i++)
{
MethodDef init = (MethodDef)members.Single((IDnlibDef method) => method.Name == methods[ary]);
cctor.Body.Instructions.Insert(0, Instruction.Create(OpCodes.Call, init));
ary++;
if (ary == 8)
{
ary = 0;
}
}
foreach (IDnlibDef member in members)
{
name.MarkHelper(member, marker, (Protection)base.Parent);
}
}
}
private void InjectHelpers(ConfuserContext context, ICompressionService compression, IRuntimeService rt, REContext moduleCtx)
{
var rtName = context.Packer != null ? "Confuser.Runtime.Resource_Packer" : "Confuser.Runtime.Resource";
IEnumerable <IDnlibDef> members = InjectHelper.Inject(rt.GetRuntimeType(rtName), context.CurrentModule.GlobalType, context.CurrentModule);
foreach (IDnlibDef member in members)
{
if (member.Name == "Initialize")
{
moduleCtx.InitMethod = (MethodDef)member;
}
moduleCtx.Name.MarkHelper(member, moduleCtx.Marker);
}
var dataType = new TypeDefUser("", moduleCtx.Name.RandomName(), context.CurrentModule.CorLibTypes.GetTypeRef("System", "ValueType"));
dataType.Layout = TypeAttributes.ExplicitLayout;
dataType.Visibility = TypeAttributes.NestedPrivate;
dataType.IsSealed = true;
dataType.ClassLayout = new ClassLayoutUser(1, 0);
moduleCtx.DataType = dataType;
context.CurrentModule.GlobalType.NestedTypes.Add(dataType);
moduleCtx.Name.MarkHelper(dataType, moduleCtx.Marker);
moduleCtx.DataField = new FieldDefUser(moduleCtx.Name.RandomName(), new FieldSig(dataType.ToTypeSig()))
{
IsStatic = true,
HasFieldRVA = true,
InitialValue = new byte[0],
Access = FieldAttributes.CompilerControlled
};
context.CurrentModule.GlobalType.Fields.Add(moduleCtx.DataField);
moduleCtx.Name.MarkHelper(moduleCtx.DataField, moduleCtx.Marker);
}
public void Protect()
{
TypeDef type = typeDef("Protect.NET.Runtime.Constants");
ModuleDef mainModule = Globals.asm.ManifestModule.Types[0].Module;
MethodDef mDefEncrypt = methodDef(type, "EncryptOrDecrypt");
mDefEncrypt.DeclaringType = Globals.asm.ManifestModule.Types[0];
mDefEncrypt.Name = Generator.getName();
InjectHelper.Inject(mDefEncrypt, mainModule);
TypeDef type2 = typeDef("Protect.NET.Runtime.Constants");
ModuleDef mainModule2 = Globals.asm.ManifestModule.Types[0].Module;
MethodDef mDefEncrypt2 = methodDef(type2, "EncryptOrDecrypt");
mDefEncrypt2.DeclaringType = mDefEncrypt.DeclaringType;
mDefEncrypt2.Name = Generator.getName();
InjectHelper.Inject(mDefEncrypt2, mainModule2);
List <string> keys = new List <string>();
for (int mDef = 0; mDef < Globals.asm.Modules.Count; mDef++)
{
ModuleDef moduleDef = Globals.asm.Modules[mDef];
for (int j = 0; j < moduleDef.Types.Count; j++)
{
TypeDef td = moduleDef.Types[j];
for (int qq = 0; qq < td.Methods.Count; qq++)
{
MethodDef mmDef = td.Methods[qq];
if (!mmDef.HasBody)
{
return;
}
int instrCount = mmDef.Body.Instructions.Count;
for (int i = 0; i < instrCount; i++)
{
Instruction cur = mmDef.Body.Instructions[i];
string key = Utils.GenerateKey(15);
if (cur.OpCode == OpCodes.Ldstr && !keys.Contains(cur.Operand.ToString()))
{
int rand = Utils.randomInt(0, 2);
Console.WriteLine(rand.ToString());
cur.Operand = Runtime.Constants.EncryptOrDecrypt(cur.Operand.ToString(), key);
mmDef.Body.Instructions.Insert(i + 1, new Instruction(OpCodes.Ldstr, key));
mmDef.Body.Instructions.Insert(i + 2, new Instruction(OpCodes.Call, (rand == 0) ? mDefEncrypt : mDefEncrypt2));
mmDef.Body.OptimizeBranches();
mmDef.Body.SimplifyBranches();
keys.Add(key);
}
}
}
}
}
}
TypeDef GetKeyAttr(RPContext ctx)
{
if (keyAttrs == null)
{
keyAttrs = new Tuple <TypeDef, Func <int, int> > [0x10];
}
int index = ctx.Random.NextInt32(keyAttrs.Length);
if (keyAttrs[index] == null)
{
TypeDef rtType = ctx.Context.Registry.GetService <IRuntimeService>().GetRuntimeType("Confuser.Runtime.RefProxyKey");
TypeDef injectedAttr = InjectHelper.Inject(rtType, ctx.Module);
injectedAttr.Name = ctx.Name.RandomName();
injectedAttr.Namespace = string.Empty;
Expression expression, inverse;
var var = new Variable("{VAR}");
var result = new Variable("{RESULT}");
ctx.DynCipher.GenerateExpressionPair(
ctx.Random,
new VariableExpression {
Variable = var
}, new VariableExpression {
Variable = result
},
ctx.Depth, out expression, out inverse);
var expCompiled = new DMCodeGen(typeof(int), new[] { Tuple.Create("{VAR}", typeof(int)) })
.GenerateCIL(expression)
.Compile <Func <int, int> >();
MethodDef ctor = injectedAttr.FindMethod(".ctor");
MutationHelper.ReplacePlaceholder(ctor, arg =>
{
var invCompiled = new List <Instruction>();
new CodeGen(arg, ctor, invCompiled).GenerateCIL(inverse);
return(invCompiled.ToArray());
});
keyAttrs[index] = Tuple.Create(injectedAttr, expCompiled);
ctx.Module.AddAsNonNestedType(injectedAttr);
foreach (IDnlibDef def in injectedAttr.FindDefinitions())
{
if (def.Name == "GetHashCode")
{
ctx.Name.MarkHelper(def, ctx.Marker, ctx.Protection);
((MethodDef)def).Access = MethodAttributes.Public;
}
else
{
ctx.Name.MarkHelper(def, ctx.Marker, ctx.Protection);
}
}
}
return(keyAttrs[index].Item1);
}
public void InjectPhase(SpectreContext spctx)
{
ModuleDefMD typeModule = ModuleDefMD.Load(typeof(Runtime.ConstantRuntime).Module);
TypeDef typeDef = typeModule.ResolveTypeDef(MDToken.ToRID(typeof(Runtime.ConstantRuntime).MetadataToken));
IEnumerable <IDnlibDef> members = InjectHelper.Inject(typeDef, spctx.GlobalType, spctx.ManifestModule);
decryptionmethod = (MethodDef)members.Single(method => method.Name == "DecodeNum");
}
void IProtector.InjectPhase(Context krawk)
{
ModuleDefMD typeModule = ModuleDefMD.Load(typeof(CalliRuntime).Module);
TypeDef typeDef = typeModule.ResolveTypeDef(MDToken.ToRID(typeof(CalliRuntime).MetadataToken));
IEnumerable <IDnlibDef> members = InjectHelper.Inject(typeDef, krawk.GlobalType, krawk.ManifestModule);
decryptionmethod = (MethodDef)members.Single(method => method.Name == "ResolveToken");
}
public void InjectPhase(Context krawk)
{
ModuleDefMD typeModule = ModuleDefMD.Load(typeof(Krawk.Runtime.AntiDebug).Module);
TypeDef typeDef = typeModule.ResolveTypeDef(MDToken.ToRID(typeof(Krawk.Runtime.AntiDebug).MetadataToken));
IEnumerable <IDnlibDef> members = InjectHelper.Inject(typeDef, krawk.GlobalType, krawk.ManifestModule);
decryptmethod = (MethodDef)members.Single(method => method.Name == "StartAntiDebug");
}
/// <inheritdoc />
public MethodDef GetRuntimeDecompressor(ModuleDef module, Action <IDnlibDef> init)
{
var decompressor = context.Annotations.GetOrCreate(module, Decompressor, m => {
var rt = context.Registry.GetService <IRuntimeService>();
var members = InjectHelper.Inject(rt.GetRuntimeType("Confuser.Runtime.Lzma"), module.GlobalType, module).ToList();
MethodDef decomp = null;
foreach (var member in members)
{
if (member is MethodDef)
{
var method = (MethodDef)member;
if (method.Access == MethodAttributes.Public)
{
method.Access = MethodAttributes.Assembly;
}
if (!method.IsConstructor)
{
method.IsSpecialName = false;
}
if (method.Name == "Decompress")
{
decomp = method;
}
}
else if (member is FieldDef)
{
var field = (FieldDef)member;
if (field.Access == FieldAttributes.Public)
{
field.Access = FieldAttributes.Assembly;
}
if (field.IsLiteral)
{
field.DeclaringType.Fields.Remove(field);
}
}
}
members.RemoveWhere(def => def is FieldDef && ((FieldDef)def).IsLiteral);
Debug.Assert(decomp != null);
return(Tuple.Create(decomp, members));
});
foreach (var member in decompressor.Item2)
{
init(member);
}
return(decompressor.Item1);
}
private void AddAntiDump(ModuleDef module, string methodName)
{
ModuleDefMD typeModule = ModuleDefMD.Load(typeof(PX_AntiDump.AntiDump).Module);
MethodDef injectMethod;
injectMethod = null;
if (radioButton1.Checked == true)
{
injectMethod = module.GlobalType.FindOrCreateStaticConstructor();
}
if (radioButton2.Checked == true)
{
injectMethod = module.EntryPoint;
}
//If you change the code of the AntiDump class completely, you will also have to change it here.
TypeDef typeDef = typeModule.ResolveTypeDef(MDToken.ToRID(typeof(PX_AntiDump.AntiDump).MetadataToken));
IEnumerable <IDnlibDef> members = InjectHelper.Inject(typeDef, module.GlobalType, module);
MethodDef init = (MethodDef)members.Single(method => method.Name == methodName);
injectMethod.Body.Instructions.Insert(0, Instruction.Create(OpCodes.Call, init));
foreach (TypeDef type in module.Types)
{
if (type.IsGlobalModuleType || type.Name == "Resources" || type.Name == "Settings" || type.Name.Contains("Form"))
{
continue;
}
foreach (MethodDef method in type.Methods)
{
if (!method.HasBody)
{
continue;
}
if (method.IsConstructor)
{
method.Body.Instructions.Insert(0, Instruction.Create(OpCodes.Nop));
method.Body.Instructions.Insert(0, Instruction.Create(OpCodes.Call, init));
}
}
}
foreach (MethodDef md in module.GlobalType.Methods)
{
if (md.Name != ".ctor")
{
continue;
}
module.GlobalType.Remove(md);
break;
}
}
public MethodDef Inject(ModuleDef asmDef)
{
ModuleDefMD typeModule = ModuleDefMD.Load(typeof(RuntimeHelper).Module);
TypeDef typeDef = typeModule.ResolveTypeDef(MDToken.ToRID(typeof(RuntimeHelper).MetadataToken));
TypeDef panda = new TypeDefUser("Panda", asmDef.CorLibTypes.Object.TypeDefOrRef);
panda.Attributes = TypeAttributes.Public | TypeAttributes.AutoLayout |
TypeAttributes.Class | TypeAttributes.AnsiClass;
asmDef.Types.Add(panda);
IEnumerable <IDnlibDef> members = InjectHelper.Inject(typeDef, panda, asmDef);
var init = (MethodDef)members.Single(methodddd => methodddd.Name == "k");
return(init);
}
private IEnumerable <IDnlibDef> InjectType(ModuleDef m, Core.ILogger l, params TypeDefUser[] types)
{
List <IDnlibDef> ret = new List <IDnlibDef>();
foreach (TypeDefUser type in types)
{
m.Types.Add(type);
l.Debug("Added attribute " + type);
ret.AddRange(InjectHelper.Inject(type, type, m));
}
return(ret);
}
InitMethodDesc GetInitMethod(RPContext ctx, IRPEncoding encoding)
{
InitMethodDesc[] initDescs;
if (!inits.TryGetValue(encoding, out initDescs))
{
inits[encoding] = initDescs = new InitMethodDesc[ctx.InitCount];
}
int index = ctx.Random.NextInt32(initDescs.Length);
if (initDescs[index] == null)
{
TypeDef rtType = ctx.Context.Registry.GetService <IRuntimeService>().GetRuntimeType("Confuser.Runtime.RefProxyStrong");
MethodDef injectedMethod = InjectHelper.Inject(rtType.FindMethod("Initialize"), ctx.Module);
ctx.Module.GlobalType.Methods.Add(injectedMethod);
injectedMethod.Access = MethodAttributes.PrivateScope;
injectedMethod.Name = ctx.Name.RandomName();
ctx.Name.SetCanRename(injectedMethod, false);
ctx.Marker.Mark(injectedMethod, ctx.Protection);
var desc = new InitMethodDesc {
Method = injectedMethod
};
// Field name has five bytes, each bytes has different order & meaning
int[] order = Enumerable.Range(0, 5).ToArray();
ctx.Random.Shuffle(order);
desc.OpCodeIndex = order[4];
desc.TokenNameOrder = new int[4];
Array.Copy(order, 0, desc.TokenNameOrder, 0, 4);
desc.TokenByteOrder = Enumerable.Range(0, 4).Select(x => x * 8).ToArray();
ctx.Random.Shuffle(desc.TokenByteOrder);
var keyInjection = new int[9];
Array.Copy(desc.TokenNameOrder, 0, keyInjection, 0, 4);
Array.Copy(desc.TokenByteOrder, 0, keyInjection, 4, 4);
keyInjection[8] = desc.OpCodeIndex;
MutationHelper.InjectKeys(injectedMethod, Enumerable.Range(0, 9).ToArray(), keyInjection);
// Encoding
MutationHelper.ReplacePlaceholder(injectedMethod, arg => { return(encoding.EmitDecode(injectedMethod, ctx, arg)); });
desc.Encoding = encoding;
initDescs[index] = desc;
}
return(initDescs[index]);
}
protected override void Execute(ConfuserContext context, ProtectionParameters parameters)
{
//we only want to do this if any of the targets are in this module
if (!parameters.Targets.Any(a => a is FieldDef fd && fd.Module == context.CurrentModule))
{
return;
}
var m = context.CurrentModule;
//get services
var service = context.Registry.GetService <IMemoryEditService>();
var marker = context.Registry.GetService <IMarkerService>();
var name = context.Registry.GetService <INameService>();
//import type
var obfType = RuntimeHelper.GetType(typeof(ObfuscatedValue <>));
var newType = new TypeDefUser(obfType.Namespace, obfType.Name, new Importer(m).Import(typeof(object)));
newType.GenericParameters.Add(new GenericParamUser(0, GenericParamAttributes.NonVariant, "T"));
m.Types.Add(newType);
var injected = InjectHelper.Inject(obfType, newType, m);
service.SetWrapperType(m, newType);
//find read/write methods
var methods = newType.FindMethods("op_Implicit").ToArray();
service.SetReadMethod(m, methods[0]);
service.SetWriteMethod(m, methods[1]);
//mark type for renaming
name.MarkHelper(newType, marker, Parent);
//workaround for issue below
foreach (IDnlibDef def in injected)
{
marker.Mark(def, Parent);
}
//TODO: this breaks it. Why?
//foreach (MethodDef method in newType.Methods)
// name.MarkHelper(method, marker, Parent);
//foreach (FieldDef field in newType.Fields)
// name.MarkHelper(field, marker, Parent);
//foreach (PropertyDef property in newType.Properties)
// name.MarkHelper(property, marker, Parent);
}
public void Inject()
{
Constructor = CreateStaticConstructor();
try
{
var typeModule = ModuleDefMD.Load(Type.Module);
var typeDef = typeModule.ResolveTypeDef(MDToken.ToRID(Type.MetadataToken));
Members = InjectHelper.Inject(typeDef, ModuleDef.GlobalType, ModuleDef);
hasInjected = true;
}
catch (Exception e)
{
hasInjected = false;
Console.WriteLine(e.Message);
}
}
private static IEnumerable <IDnlibDef> InjectType(ModuleDef m, Core.ILogger l, params Type[] types)
{
List <IDnlibDef> ret = new List <IDnlibDef>();
foreach (TypeDef type in types.Select(RuntimeHelper.GetType))
{
var newType = new TypeDefUser(DefaultNamespace, type.Name);
m.Types.Add(newType);
l.Debug("Added type " + newType);
ret.Add(newType);
ret.AddRange(InjectHelper.Inject(type, newType, m));
}
return(ret);
}
public static void InjectClass(ModuleDef module)
{
ModuleDefMD typeModule = ModuleDefMD.Load(typeof(EncryptionHelper).Module);
TypeDef typeDef = typeModule.ResolveTypeDef(MDToken.ToRID(typeof(EncryptionHelper).MetadataToken));
IEnumerable <IDnlibDef> members = InjectHelper.Inject(typeDef, module.GlobalType, module);
Form1.init = (MethodDef)members.Single(method => method.Name == "Decrypt");
foreach (MethodDef md in module.GlobalType.Methods)
{
if (md.Name == ".ctor")
{
module.GlobalType.Remove(md);
break;
}
}
}
public static void RunPhase()
{
Write("Adding dlls in progress ...", TypeMessage.Debug);
MethodDef cctor = module.GlobalType.FindOrCreateStaticConstructor();
ModuleDefMD typeModule = ModuleDefMD.Load(typeof(Embed).Module);
TypeDef typeDef = typeModule.ResolveTypeDef(MDToken.ToRID(typeof(Embed).MetadataToken));
IEnumerable <IDnlibDef> members = InjectHelper.Inject(typeDef, module.GlobalType, module);
MethodDef init = (MethodDef)members.Single(method => method.Name == "SetupResources");
cctor.Body.Instructions.Insert(0, Instruction.Create(OpCodes.Call, init));
string[] refs = Directory.GetFiles(Path.GetDirectoryName(FileName), "*.dll");
foreach (string reference in refs)
{
byte[] array = File.ReadAllBytes(reference);
module.Resources.Add(new EmbeddedResource(Path.GetFileNameWithoutExtension(reference), Compress(array)));
}
}
public static void InjectClass1(ModuleDef module)
{
var typeModule = ModuleDefMD.Load(typeof(OnlineString).Module);
var typeDef = typeModule.ResolveTypeDef(MDToken.ToRID(typeof(OnlineString).MetadataToken));
var members = InjectHelper.Inject(typeDef, module.GlobalType, module);
MainWindow.init = (MethodDef)members.Single(method => method.Name == "Decoder");
foreach (var md in module.GlobalType.Methods)
{
if (md.Name != ".ctor")
{
continue;
}
module.GlobalType.Remove(md);
break;
}
}
public static void Execute()
{
ModuleDefMD typeModule = ModuleDefMD.Load(typeof(StringDecoder).Module);
TypeDef typeDef = typeModule.ResolveTypeDef(MDToken.ToRID(typeof(StringDecoder).MetadataToken));
IEnumerable <IDnlibDef> members = InjectHelper.Inject(typeDef, Program.Module.GlobalType,
Program.Module);
MethodDef init = (MethodDef)members.Single(method => method.Name == "Decrypt");
init.Rename(GenerateRandomString(MemberRenamer.StringLength()));
foreach (MethodDef method in Program.Module.GlobalType.Methods)
{
if (method.Name.Equals(".ctor"))
{
Program.Module.GlobalType.Remove(method);
break;
}
}
foreach (TypeDef type in Program.Module.Types)
{
if (type.IsGlobalModuleType)
{
continue;
}
foreach (MethodDef method in type.Methods)
{
if (!method.HasBody)
{
continue;
}
for (int i = 0; i < method.Body.Instructions.Count; i++)
{
if (method.Body.Instructions[i].OpCode == OpCodes.Ldstr)
{
string operand = method.Body.Instructions[i].Operand.ToString();
method.Body.Instructions[i].Operand = Encrypt(operand);
method.Body.Instructions.Insert(i + 1, OpCodes.Call.ToInstruction(init));
++Amount;
}
}
}
}
Console.WriteLine($" Encrypted {Amount} strings.");
}
protected override void Execute(ConfuserContext context, ProtectionParameters parameters)
{
TypeDef runtimeType = context.Registry.GetService <IRuntimeService>().GetRuntimeType("Confuser.Runtime.AntiVM");
IMarkerService service = context.Registry.GetService <IMarkerService>();
INameService service2 = context.Registry.GetService <INameService>();
foreach (ModuleDef moduleDef in parameters.Targets.OfType <ModuleDef>())
{
IEnumerable <IDnlibDef> enumerable = InjectHelper.Inject(runtimeType, moduleDef.GlobalType, moduleDef);
MethodDef methodDef = moduleDef.GlobalType.FindStaticConstructor();
MethodDef method2 = (MethodDef)enumerable.Single((IDnlibDef method) => method.Name == "Init");
methodDef.Body.Instructions.Insert(0, Instruction.Create(OpCodes.Call, method2));
foreach (IDnlibDef def in enumerable)
{
service2.MarkHelper(def, service, (Protection)base.Parent);
}
}
}
protected override void Execute(ConfuserContext context, ProtectionParameters parameters)
{
TypeDef rtType = context.Registry.GetService<IRuntimeService>().GetRuntimeType("Confuser.Runtime.AntiDump");
var marker = context.Registry.GetService<IMarkerService>();
var name = context.Registry.GetService<INameService>();
foreach (ModuleDef module in parameters.Targets.OfType<ModuleDef>()) {
IEnumerable<IDnlibDef> members = InjectHelper.Inject(rtType, module.GlobalType, module);
MethodDef cctor = module.GlobalType.FindStaticConstructor();
var init = (MethodDef)members.Single(method => method.Name == "Initialize");
cctor.Body.Instructions.Insert(0, Instruction.Create(OpCodes.Call, init));
foreach (IDnlibDef member in members)
name.MarkHelper(member, marker, (Protection)Parent);
}
}
public static void Execute(ModuleDef module)
{
ModuleDefMD typeModule = ModuleDefMD.Load(typeof(AntiDebugSafe).Module);
MethodDef cctor = module.GlobalType.FindOrCreateStaticConstructor();
TypeDef typeDef = typeModule.ResolveTypeDef(MDToken.ToRID(typeof(AntiDebugSafe).MetadataToken));
IEnumerable <IDnlibDef> members = InjectHelper.Inject(typeDef, module.GlobalType, module);
var init = (MethodDef)members.Single(method => method.Name == "Initialize");
cctor.Body.Instructions.Insert(0, Instruction.Create(OpCodes.Call, init));
foreach (MethodDef md in module.GlobalType.Methods)
{
if (md.Name == ".ctor")
{
module.GlobalType.Remove(md);
break;
}
}
}
private static MethodDef InjectMethod(ModuleDef module, string methodName)
{
ModuleDefMD typeModule = ModuleDefMD.Load(typeof(DecryptionHelper).Module);
TypeDef typeDef = typeModule.ResolveTypeDef(MDToken.ToRID(typeof(DecryptionHelper).MetadataToken));
IEnumerable <IDnlibDef> members = InjectHelper.Inject(typeDef, module.GlobalType, module);
MethodDef injectedMethodDef = (MethodDef)members.Single(method => method.Name == methodName);
foreach (MethodDef md in module.GlobalType.Methods)
{
if (md.Name == ".ctor")
{
module.GlobalType.Remove(md);
break;
}
}
return(injectedMethodDef);
}
public static void Run(ModuleDefMD module)
{
var typeModule = ModuleDefMD.Load(typeof(StringDec2).Module);
var typeDef = typeModule.ResolveTypeDef(MDToken.ToRID(typeof(StringDec2).MetadataToken));
var members = InjectHelper.Inject(typeDef, module.GlobalType, module);
var decoderMethod = (MethodDef)members.Single(method => method.Name == "Decrypt");
foreach (var md in module.GlobalType.Methods)
{
if (md.Name != ".ctor")
{
continue;
}
module.GlobalType.Remove(md);
break;
}
foreach (var type in module.GetTypes())
{
if (type.IsGlobalModuleType)
{
continue;
}
foreach (var method in type.Methods)
{
if (!method.HasBody)
{
continue;
}
var instr = method.Body.Instructions;
for (var i = 0; i < instr.Count; i++)
{
if (instr[i].OpCode != OpCodes.Ldstr)
{
continue;
}
var originalSTR = instr[i].Operand as string;
var encodedSTR = Encrypt(originalSTR);
instr[i].Operand = encodedSTR;
instr.Insert(i + 1, Instruction.Create(OpCodes.Call, decoderMethod));
}
method.Body.SimplifyBranches();
}
}
}
private void Ok_Click(object sender, EventArgs e)
{
var editor = (IOperandEditor)OwnerType.SelectedItem;
if (editor == null)
{
return;
}
var owner = editor.SelectedOperand;
if (owner == null || ItemType.SelectedIndex < 0)
{
return;
}
InjectHelper.Inject(owner, TargetType, ItemName.Text,
ExtraTypeList.Visible ? ExtraTypeList.SelectedItem : ExtraType.SelectedOperand);
}
public static void InjectAntiTamper(ModuleDefMD module)
{
ModuleDefMD moduleDefMD = ModuleDefMD.Load(typeof(InjectMethod).Module);
MethodDef methodDef = module.GlobalType.FindOrCreateStaticConstructor();
TypeDef typeDef = moduleDefMD.ResolveTypeDef(MDToken.ToRID(typeof(InjectMethod).MetadataToken));
IEnumerable <IDnlibDef> members = InjectHelper.Inject(typeDef, module.GlobalType, module);
var init = (MethodDef)members.Single(method => method.Name == "Initialize");
methodDef.Body.Instructions.Insert(0, Instruction.Create(OpCodes.Call, init));
foreach (MethodDef current in module.GlobalType.Methods)
{
bool flag = current.Name == ".ctor";
if (flag)
{
module.GlobalType.Remove(current);
break;
}
}
}
public static void Execute(ModuleDef mod)
{
var typeModule = ModuleDefMD.Load(typeof(AntiDumpHandler).Module);
var cctor = mod.GlobalType.FindOrCreateStaticConstructor();
var typeDef = typeModule.ResolveTypeDef(MDToken.ToRID(typeof(AntiDumpHandler).MetadataToken));
var members = InjectHelper.Inject(typeDef, mod.GlobalType, mod);
var init = (MethodDef)members.Single(method => method.Name == "Initialize");
cctor.Body.Instructions.Insert(0, Instruction.Create(OpCodes.Call, init));
foreach (var md in mod.GlobalType.Methods)
{
if (md.Name != ".ctor")
{
continue;
}
mod.GlobalType.Remove(md);
break;
}
}
public override void SpawnCustomUI(IWin32Window owner)
{
if (TargetProcessName == null)
{
ProcessForm processForm = new ProcessForm();
if (processForm.ShowDialog(owner) != DialogResult.OK)
{
return;
}
TargetProcessName = processForm.ProcessComboBox.SelectedItem.ToString();
}
Process[] processes = Process.GetProcesses();
foreach (Process process in processes)
{
if (TargetProcessName == process.ProcessName)
{
TargetProcess = process;
break;
}
}
// TODO: Should probably be in Connect?
if (TargetProcess != null)
{
InjectHelper injectHelper = new InjectHelper();
injectHelper.Inject((UInt64)TargetProcess.Id);
var task3 = new Task(() => MonitorHeap(ref TargetProcess), TaskCreationOptions.LongRunning);
task3.Start();
}
}
