public static void Process(ModuleDef module, MethodDef method) { var instructions = method.Body.Instructions; foreach (var t in instructions) { if (!(t.Operand is Local local)) { continue; } FieldDef def; if (!convertedLocals.ContainsKey(local)) { def = new FieldDefUser(RenamerPhase.GenerateString(RenamerPhase.RenameMode.Normal), new FieldSig(local.Type), FieldAttributes.Public | FieldAttributes.Static); module.GlobalType.Fields.Add(def); convertedLocals.Add(local, def); } else { def = convertedLocals[local]; } OpCode eq = null; switch (t.OpCode.Code) { case Code.Ldloc: case Code.Ldloc_S: case Code.Ldloc_0: case Code.Ldloc_1: case Code.Ldloc_2: case Code.Ldloc_3: eq = OpCodes.Ldsfld; break; case Code.Ldloca: case Code.Ldloca_S: eq = OpCodes.Ldsflda; break; case Code.Stloc: case Code.Stloc_0: case Code.Stloc_1: case Code.Stloc_2: case Code.Stloc_3: case Code.Stloc_S: eq = OpCodes.Stsfld; break; } t.OpCode = eq; t.Operand = def; } }
public static void Process(ModuleDef Module, MethodDef method) { method.Body.SimplifyMacros(method.Parameters); var instructions = method.Body.Instructions; foreach (var t in instructions) { if (!(t.Operand is Local local)) { continue; } FieldDef def = null; if (!convertedLocals.ContainsKey(local)) { def = new FieldDefUser(RenamerPhase.GenerateString(RenamerPhase.RenameMode.Normal), new FieldSig(local.Type), FieldAttributes.Public | FieldAttributes.Static); Module.GlobalType.Fields.Add(def); convertedLocals.Add(local, def); } else { def = convertedLocals[local]; } OpCode eq = null; switch (t.OpCode.Code) { case Code.Ldloc: eq = OpCodes.Ldsfld; break; case Code.Ldloca: eq = OpCodes.Ldsflda; break; case Code.Stloc: eq = OpCodes.Stsfld; break; } t.OpCode = eq; t.Operand = def; } convertedLocals.ToList().ForEach(x => method.Body.Variables.Remove(x.Key)); convertedLocals = new Dictionary <Local, FieldDef>(); }
private void Button1_Click(object sender, EventArgs e) { ModuleDefMD module = ModuleDefMD.Load(textBox1.Text); if (checkBox1.Checked) { StringEncPhase.Execute(module); } /* if (checkBox2.Checked) * { OnlinePhase.Execute(module); } */ if (checkBox3.Checked) { ProxyString.Execute(module); } if (checkBox5.Checked) { Anti_Debug.Execute(module); } if (checkBox6.Checked) { Anti_Tamper.Execute(module); } if (checkBox8.Checked) { AddIntPhase.Execute(module); } if (checkBox4.Checked) { ProxyINT.Execute(module); } if (checkBox12.Checked) { ProxyMeth.Execute(module); } if (checkBox10.Checked) { RenamerPhase.Execute(module); } if (checkBox7.Checked) { controlflow.process(module); ControlFlowTask.Execute(module); } if (checkBox11.Checked) { JumpCFlow.Execute(module); } if (checkBox9.Checked) { InvalidMDPhase.process(module.Assembly); } string text2 = Path.GetDirectoryName(textBox1.Text); if (!text2.EndsWith("\\")) { text2 += "\\"; } string path = text2 + Path.GetFileNameWithoutExtension(textBox1.Text) + "_protected" + Path.GetExtension(textBox1.Text); var opts = new ModuleWriterOptions(module); opts.PEHeadersOptions.NumberOfRvaAndSizes = 13; opts.MetaDataOptions.TablesHeapOptions.ExtraData = 0x1337; opts.Logger = DummyLogger.NoThrowInstance; module.Write(path, opts); if (checkBox6.Checked) { Anti_Tamper.Md5(path); } }
private void Button_Click(object sender, RoutedEventArgs e) { var time = DateTime.Now.ToString("hh:mm:ss"); var module = ModuleDefMD.Load(LoadBox.Text); if (StringEnc.IsChecked == true) { StringEncPhase.Execute(module); ConsoleLog.Foreground = Brushes.Aqua; ConsoleLog.AppendText($"{time} Processing String Encryption{Environment.NewLine}"); } if (SOD.IsChecked == true) { OnlinePhase.Execute(module); ConsoleLog.AppendText($"{time} Processing Online Decryption{Environment.NewLine}"); } if (Cflow.IsChecked == true) { ControlFlowObfuscation.Execute(module); ConsoleLog.AppendText($"{time} Processing Control Flow{Environment.NewLine}"); } if (IntConf.IsChecked == true) { AddIntPhase.Execute2(module); ConsoleLog.AppendText($"{time} Processing Int Confusion{Environment.NewLine}"); } if (SUC.IsChecked == true) { StackUnfConfusion.Execute(module); ConsoleLog.AppendText($"{time} Processing StackUnfConfusion{Environment.NewLine}"); } if (Ahri.IsChecked == true) { Arithmetic.Execute(module); ConsoleLog.AppendText($"{time} Processing Arithmetic{Environment.NewLine}"); } if (LF.IsChecked == true) { L2F.Execute(module); ConsoleLog.AppendText($"{time} Processing Local Field{Environment.NewLine}"); } if (LFV2.IsChecked == true) { L2FV2.Execute(module); ConsoleLog.AppendText($"{time} Processing Local Field V2{Environment.NewLine}"); } if (Calli_.IsChecked == true) { Calli.Execute(module); ConsoleLog.AppendText($"{time} Processing Call To Calli{Environment.NewLine}"); } if (Proxy_String.IsChecked == true) { ProxyString.Execute(module); ConsoleLog.AppendText($"{time} Processing Proxy Strings{Environment.NewLine}"); } if (ProxyConstants.IsChecked == true) { ProxyINT.Execute(module); ConsoleLog.AppendText($"{time} Processing Proxy Constants{Environment.NewLine}"); } if (Proxy_Meth.IsChecked == true) { ProxyMeth.Execute(module); ConsoleLog.AppendText($"{time} Processing Proxy Methods{Environment.NewLine}"); } if (Renamer.IsChecked == true) { RenamerPhase.Execute(module); ConsoleLog.AppendText($"{time} Processing Renaming{Environment.NewLine}"); } if (Anti_De4dot.IsChecked == true) { AntiDe4dot.Execute(module.Assembly); ConsoleLog.AppendText($"{time} Processing Anti De4dot{Environment.NewLine}"); } if (JumpCflow.IsChecked == true) { JumpCFlow.Execute(module); ConsoleLog.AppendText($"{time} Processing Jump Control flow{Environment.NewLine}"); } if (AntiDebug.IsChecked == true) { Anti_Debug.Execute(module); ConsoleLog.AppendText($"{time} Processing Anti Debug{Environment.NewLine}"); } if (Anti_Dump.IsChecked == true) { AntiDump.Execute(module); ConsoleLog.AppendText($"{time} Processing Anti Dump{Environment.NewLine}"); } if (AntiTamper.IsChecked == true) { Protection.Anti.AntiTamper.Execute(module); ConsoleLog.AppendText($"{time} Processing Anti Tamper{Environment.NewLine}"); } if (InvalidMD.IsChecked == true) { InvalidMDPhase.Execute(module.Assembly); ConsoleLog.AppendText($"{time} Processing Invalid MetaData{Environment.NewLine}"); } var text2 = Path.GetDirectoryName(LoadBox.Text); if (text2 != null && !text2.EndsWith("\\")) { text2 += "\\"; } var path = $"{text2}{Path.GetFileNameWithoutExtension(LoadBox.Text)}_protected{Path.GetExtension(LoadBox.Text)}"; module.Write(path, new ModuleWriterOptions(module) { PEHeadersOptions = { NumberOfRvaAndSizes = 13 }, Logger = DummyLogger.NoThrowInstance }); ConsoleLog.AppendText($"{time} {path}"); if (AntiTamper.IsChecked == true) { Protection.Anti.AntiTamper.Sha256(path); } }
public static void Execute(AssemblyDef asm) { var manifestModule = asm.ManifestModule; manifestModule.Mvid = null; manifestModule.Name = RenamerPhase.GenerateString(RenamerPhase.RenameMode.Normal); asm.ManifestModule.Import(new FieldDefUser(RenamerPhase.GenerateString(RenamerPhase.RenameMode.Normal))); foreach (var typeDef in manifestModule.Types) { TypeDef typeDef2 = new TypeDefUser(RenamerPhase.GenerateString(RenamerPhase.RenameMode.Normal)); typeDef2.Methods.Add(new MethodDefUser()); typeDef2.NestedTypes.Add(new TypeDefUser(RenamerPhase.GenerateString(RenamerPhase.RenameMode.Normal))); MethodDef item = new MethodDefUser(); typeDef2.Methods.Add(item); typeDef.NestedTypes.Add(typeDef2); typeDef.Events.Add(new EventDefUser()); foreach (var methodDef2 in typeDef.Methods) { if (methodDef2.Body == null) { continue; } methodDef2.Body.SimplifyBranches(); if (string.Compare(methodDef2.ReturnType.FullName, "System.Void", StringComparison.Ordinal) != 0 || !methodDef2.HasBody || methodDef2.Body.Instructions.Count == 0) { continue; } var typeSig = asm.ManifestModule.Import(typeof(int)).ToTypeSig(); var local = new Local(typeSig); var typeSig2 = asm.ManifestModule.Import(typeof(bool)).ToTypeSig(); var local2 = new Local(typeSig2); methodDef2.Body.Variables.Add(local); methodDef2.Body.Variables.Add(local2); var operand = methodDef2.Body.Instructions[methodDef2.Body.Instructions.Count - 1]; var instruction = new Instruction(OpCodes.Ret); var instruction2 = new Instruction(OpCodes.Ldc_I4_1); methodDef2.Body.Instructions.Insert(0, new Instruction(OpCodes.Ldc_I4_0)); methodDef2.Body.Instructions.Insert(1, new Instruction(OpCodes.Stloc, local)); methodDef2.Body.Instructions.Insert(2, new Instruction(OpCodes.Br, instruction2)); var instruction3 = new Instruction(OpCodes.Ldloc, local); methodDef2.Body.Instructions.Insert(3, instruction3); methodDef2.Body.Instructions.Insert(4, new Instruction(OpCodes.Ldc_I4_0)); methodDef2.Body.Instructions.Insert(5, new Instruction(OpCodes.Ceq)); methodDef2.Body.Instructions.Insert(6, new Instruction(OpCodes.Ldc_I4_1)); methodDef2.Body.Instructions.Insert(7, new Instruction(OpCodes.Ceq)); methodDef2.Body.Instructions.Insert(8, new Instruction(OpCodes.Stloc, local2)); methodDef2.Body.Instructions.Insert(9, new Instruction(OpCodes.Ldloc, local2)); methodDef2.Body.Instructions.Insert(10, new Instruction(OpCodes.Brtrue, methodDef2.Body.Instructions[10])); methodDef2.Body.Instructions.Insert(11, new Instruction(OpCodes.Ret)); methodDef2.Body.Instructions.Insert(12, new Instruction(OpCodes.Calli)); methodDef2.Body.Instructions.Insert(13, new Instruction(OpCodes.Sizeof, operand)); methodDef2.Body.Instructions.Insert(methodDef2.Body.Instructions.Count, instruction2); methodDef2.Body.Instructions.Insert(methodDef2.Body.Instructions.Count, new Instruction(OpCodes.Stloc, local2)); methodDef2.Body.Instructions.Insert(methodDef2.Body.Instructions.Count, new Instruction(OpCodes.Br, instruction3)); methodDef2.Body.Instructions.Insert(methodDef2.Body.Instructions.Count, instruction); var exceptionHandler = new ExceptionHandler(ExceptionHandlerType.Finally) { HandlerStart = methodDef2.Body.Instructions[10], HandlerEnd = methodDef2.Body.Instructions[11], TryEnd = methodDef2.Body.Instructions[14], TryStart = methodDef2.Body.Instructions[12] }; if (!methodDef2.Body.HasExceptionHandlers) { methodDef2.Body.ExceptionHandlers.Add(exceptionHandler); } methodDef2.Body.OptimizeBranches(); methodDef2.Body.OptimizeMacros(); } } TypeDef typeDef3 = new TypeDefUser(RenamerPhase.GenerateString(RenamerPhase.RenameMode.Normal)); FieldDef item2 = new FieldDefUser(RenamerPhase.GenerateString(RenamerPhase.RenameMode.Normal), new FieldSig(manifestModule.Import(typeof(MindLated_png)).ToTypeSig())); typeDef3.Fields.Add(item2); typeDef3.BaseType = manifestModule.Import(typeof(MindLated_png)); manifestModule.Types.Add(typeDef3); TypeDef typeDef4 = new TypeDefUser(RenamerPhase.GenerateString(RenamerPhase.RenameMode.Normal)) { IsInterface = true, IsSealed = true }; manifestModule.Types.Add(typeDef4); manifestModule.TablesHeaderVersion = 257; }