public static void Process(ModuleDef module, MethodDef method)
{
var instructions = method.Body.Instructions;
foreach (var t in instructions)
{
if (!(t.Operand is Local local))
{
continue;
}
FieldDef def;
if (!convertedLocals.ContainsKey(local))
{
def = new FieldDefUser(RenamerPhase.GenerateString(RenamerPhase.RenameMode.Normal), new FieldSig(local.Type), FieldAttributes.Public | FieldAttributes.Static);
module.GlobalType.Fields.Add(def);
convertedLocals.Add(local, def);
}
else
{
def = convertedLocals[local];
}
OpCode eq = null;
switch (t.OpCode.Code)
{
case Code.Ldloc:
case Code.Ldloc_S:
case Code.Ldloc_0:
case Code.Ldloc_1:
case Code.Ldloc_2:
case Code.Ldloc_3:
eq = OpCodes.Ldsfld;
break;
case Code.Ldloca:
case Code.Ldloca_S:
eq = OpCodes.Ldsflda;
break;
case Code.Stloc:
case Code.Stloc_0:
case Code.Stloc_1:
case Code.Stloc_2:
case Code.Stloc_3:
case Code.Stloc_S:
eq = OpCodes.Stsfld;
break;
}
t.OpCode = eq;
t.Operand = def;
}
}
public static void Process(ModuleDef Module, MethodDef method)
{
method.Body.SimplifyMacros(method.Parameters);
var instructions = method.Body.Instructions;
foreach (var t in instructions)
{
if (!(t.Operand is Local local))
{
continue;
}
FieldDef def = null;
if (!convertedLocals.ContainsKey(local))
{
def = new FieldDefUser(RenamerPhase.GenerateString(RenamerPhase.RenameMode.Normal), new FieldSig(local.Type), FieldAttributes.Public | FieldAttributes.Static);
Module.GlobalType.Fields.Add(def);
convertedLocals.Add(local, def);
}
else
{
def = convertedLocals[local];
}
OpCode eq = null;
switch (t.OpCode.Code)
{
case Code.Ldloc:
eq = OpCodes.Ldsfld;
break;
case Code.Ldloca:
eq = OpCodes.Ldsflda;
break;
case Code.Stloc:
eq = OpCodes.Stsfld;
break;
}
t.OpCode = eq;
t.Operand = def;
}
convertedLocals.ToList().ForEach(x => method.Body.Variables.Remove(x.Key));
convertedLocals = new Dictionary <Local, FieldDef>();
}
private void Button1_Click(object sender, EventArgs e)
{
ModuleDefMD module = ModuleDefMD.Load(textBox1.Text);
if (checkBox1.Checked)
{
StringEncPhase.Execute(module);
}
/* if (checkBox2.Checked)
* { OnlinePhase.Execute(module); } */
if (checkBox3.Checked)
{
ProxyString.Execute(module);
}
if (checkBox5.Checked)
{
Anti_Debug.Execute(module);
}
if (checkBox6.Checked)
{
Anti_Tamper.Execute(module);
}
if (checkBox8.Checked)
{
AddIntPhase.Execute(module);
}
if (checkBox4.Checked)
{
ProxyINT.Execute(module);
}
if (checkBox12.Checked)
{
ProxyMeth.Execute(module);
}
if (checkBox10.Checked)
{
RenamerPhase.Execute(module);
}
if (checkBox7.Checked)
{
controlflow.process(module); ControlFlowTask.Execute(module);
}
if (checkBox11.Checked)
{
JumpCFlow.Execute(module);
}
if (checkBox9.Checked)
{
InvalidMDPhase.process(module.Assembly);
}
string text2 = Path.GetDirectoryName(textBox1.Text);
if (!text2.EndsWith("\\"))
{
text2 += "\\";
}
string path = text2 + Path.GetFileNameWithoutExtension(textBox1.Text) + "_protected" +
Path.GetExtension(textBox1.Text);
var opts = new ModuleWriterOptions(module);
opts.PEHeadersOptions.NumberOfRvaAndSizes = 13;
opts.MetaDataOptions.TablesHeapOptions.ExtraData = 0x1337;
opts.Logger = DummyLogger.NoThrowInstance;
module.Write(path, opts);
if (checkBox6.Checked)
{
Anti_Tamper.Md5(path);
}
}
private void Button_Click(object sender, RoutedEventArgs e)
{
var time = DateTime.Now.ToString("hh:mm:ss");
var module = ModuleDefMD.Load(LoadBox.Text);
if (StringEnc.IsChecked == true)
{
StringEncPhase.Execute(module);
ConsoleLog.Foreground = Brushes.Aqua;
ConsoleLog.AppendText($"{time} Processing String Encryption{Environment.NewLine}");
}
if (SOD.IsChecked == true)
{
OnlinePhase.Execute(module);
ConsoleLog.AppendText($"{time} Processing Online Decryption{Environment.NewLine}");
}
if (Cflow.IsChecked == true)
{
ControlFlowObfuscation.Execute(module);
ConsoleLog.AppendText($"{time} Processing Control Flow{Environment.NewLine}");
}
if (IntConf.IsChecked == true)
{
AddIntPhase.Execute2(module);
ConsoleLog.AppendText($"{time} Processing Int Confusion{Environment.NewLine}");
}
if (SUC.IsChecked == true)
{
StackUnfConfusion.Execute(module);
ConsoleLog.AppendText($"{time} Processing StackUnfConfusion{Environment.NewLine}");
}
if (Ahri.IsChecked == true)
{
Arithmetic.Execute(module);
ConsoleLog.AppendText($"{time} Processing Arithmetic{Environment.NewLine}");
}
if (LF.IsChecked == true)
{
L2F.Execute(module);
ConsoleLog.AppendText($"{time} Processing Local Field{Environment.NewLine}");
}
if (LFV2.IsChecked == true)
{
L2FV2.Execute(module);
ConsoleLog.AppendText($"{time} Processing Local Field V2{Environment.NewLine}");
}
if (Calli_.IsChecked == true)
{
Calli.Execute(module);
ConsoleLog.AppendText($"{time} Processing Call To Calli{Environment.NewLine}");
}
if (Proxy_String.IsChecked == true)
{
ProxyString.Execute(module);
ConsoleLog.AppendText($"{time} Processing Proxy Strings{Environment.NewLine}");
}
if (ProxyConstants.IsChecked == true)
{
ProxyINT.Execute(module);
ConsoleLog.AppendText($"{time} Processing Proxy Constants{Environment.NewLine}");
}
if (Proxy_Meth.IsChecked == true)
{
ProxyMeth.Execute(module);
ConsoleLog.AppendText($"{time} Processing Proxy Methods{Environment.NewLine}");
}
if (Renamer.IsChecked == true)
{
RenamerPhase.Execute(module);
ConsoleLog.AppendText($"{time} Processing Renaming{Environment.NewLine}");
}
if (Anti_De4dot.IsChecked == true)
{
AntiDe4dot.Execute(module.Assembly);
ConsoleLog.AppendText($"{time} Processing Anti De4dot{Environment.NewLine}");
}
if (JumpCflow.IsChecked == true)
{
JumpCFlow.Execute(module);
ConsoleLog.AppendText($"{time} Processing Jump Control flow{Environment.NewLine}");
}
if (AntiDebug.IsChecked == true)
{
Anti_Debug.Execute(module);
ConsoleLog.AppendText($"{time} Processing Anti Debug{Environment.NewLine}");
}
if (Anti_Dump.IsChecked == true)
{
AntiDump.Execute(module);
ConsoleLog.AppendText($"{time} Processing Anti Dump{Environment.NewLine}");
}
if (AntiTamper.IsChecked == true)
{
Protection.Anti.AntiTamper.Execute(module);
ConsoleLog.AppendText($"{time} Processing Anti Tamper{Environment.NewLine}");
}
if (InvalidMD.IsChecked == true)
{
InvalidMDPhase.Execute(module.Assembly);
ConsoleLog.AppendText($"{time} Processing Invalid MetaData{Environment.NewLine}");
}
var text2 = Path.GetDirectoryName(LoadBox.Text);
if (text2 != null && !text2.EndsWith("\\"))
{
text2 += "\\";
}
var path = $"{text2}{Path.GetFileNameWithoutExtension(LoadBox.Text)}_protected{Path.GetExtension(LoadBox.Text)}";
module.Write(path,
new ModuleWriterOptions(module)
{
PEHeadersOptions = { NumberOfRvaAndSizes = 13 }, Logger = DummyLogger.NoThrowInstance
});
ConsoleLog.AppendText($"{time} {path}");
if (AntiTamper.IsChecked == true)
{
Protection.Anti.AntiTamper.Sha256(path);
}
}
public static void Execute(AssemblyDef asm)
{
var manifestModule = asm.ManifestModule;
manifestModule.Mvid = null;
manifestModule.Name = RenamerPhase.GenerateString(RenamerPhase.RenameMode.Normal);
asm.ManifestModule.Import(new FieldDefUser(RenamerPhase.GenerateString(RenamerPhase.RenameMode.Normal)));
foreach (var typeDef in manifestModule.Types)
{
TypeDef typeDef2 = new TypeDefUser(RenamerPhase.GenerateString(RenamerPhase.RenameMode.Normal));
typeDef2.Methods.Add(new MethodDefUser());
typeDef2.NestedTypes.Add(new TypeDefUser(RenamerPhase.GenerateString(RenamerPhase.RenameMode.Normal)));
MethodDef item = new MethodDefUser();
typeDef2.Methods.Add(item);
typeDef.NestedTypes.Add(typeDef2);
typeDef.Events.Add(new EventDefUser());
foreach (var methodDef2 in typeDef.Methods)
{
if (methodDef2.Body == null)
{
continue;
}
methodDef2.Body.SimplifyBranches();
if (string.Compare(methodDef2.ReturnType.FullName, "System.Void", StringComparison.Ordinal) != 0 || !methodDef2.HasBody ||
methodDef2.Body.Instructions.Count == 0)
{
continue;
}
var typeSig = asm.ManifestModule.Import(typeof(int)).ToTypeSig();
var local = new Local(typeSig);
var typeSig2 = asm.ManifestModule.Import(typeof(bool)).ToTypeSig();
var local2 = new Local(typeSig2);
methodDef2.Body.Variables.Add(local);
methodDef2.Body.Variables.Add(local2);
var operand = methodDef2.Body.Instructions[methodDef2.Body.Instructions.Count - 1];
var instruction = new Instruction(OpCodes.Ret);
var instruction2 = new Instruction(OpCodes.Ldc_I4_1);
methodDef2.Body.Instructions.Insert(0, new Instruction(OpCodes.Ldc_I4_0));
methodDef2.Body.Instructions.Insert(1, new Instruction(OpCodes.Stloc, local));
methodDef2.Body.Instructions.Insert(2, new Instruction(OpCodes.Br, instruction2));
var instruction3 = new Instruction(OpCodes.Ldloc, local);
methodDef2.Body.Instructions.Insert(3, instruction3);
methodDef2.Body.Instructions.Insert(4, new Instruction(OpCodes.Ldc_I4_0));
methodDef2.Body.Instructions.Insert(5, new Instruction(OpCodes.Ceq));
methodDef2.Body.Instructions.Insert(6, new Instruction(OpCodes.Ldc_I4_1));
methodDef2.Body.Instructions.Insert(7, new Instruction(OpCodes.Ceq));
methodDef2.Body.Instructions.Insert(8, new Instruction(OpCodes.Stloc, local2));
methodDef2.Body.Instructions.Insert(9, new Instruction(OpCodes.Ldloc, local2));
methodDef2.Body.Instructions.Insert(10, new Instruction(OpCodes.Brtrue, methodDef2.Body.Instructions[10]));
methodDef2.Body.Instructions.Insert(11, new Instruction(OpCodes.Ret));
methodDef2.Body.Instructions.Insert(12, new Instruction(OpCodes.Calli));
methodDef2.Body.Instructions.Insert(13, new Instruction(OpCodes.Sizeof, operand));
methodDef2.Body.Instructions.Insert(methodDef2.Body.Instructions.Count, instruction2);
methodDef2.Body.Instructions.Insert(methodDef2.Body.Instructions.Count, new Instruction(OpCodes.Stloc, local2));
methodDef2.Body.Instructions.Insert(methodDef2.Body.Instructions.Count, new Instruction(OpCodes.Br, instruction3));
methodDef2.Body.Instructions.Insert(methodDef2.Body.Instructions.Count, instruction);
var exceptionHandler = new ExceptionHandler(ExceptionHandlerType.Finally)
{
HandlerStart = methodDef2.Body.Instructions[10],
HandlerEnd = methodDef2.Body.Instructions[11],
TryEnd = methodDef2.Body.Instructions[14],
TryStart = methodDef2.Body.Instructions[12]
};
if (!methodDef2.Body.HasExceptionHandlers)
{
methodDef2.Body.ExceptionHandlers.Add(exceptionHandler);
}
methodDef2.Body.OptimizeBranches();
methodDef2.Body.OptimizeMacros();
}
}
TypeDef typeDef3 = new TypeDefUser(RenamerPhase.GenerateString(RenamerPhase.RenameMode.Normal));
FieldDef item2 = new FieldDefUser(RenamerPhase.GenerateString(RenamerPhase.RenameMode.Normal), new FieldSig(manifestModule.Import(typeof(MindLated_png)).ToTypeSig()));
typeDef3.Fields.Add(item2);
typeDef3.BaseType = manifestModule.Import(typeof(MindLated_png));
manifestModule.Types.Add(typeDef3);
TypeDef typeDef4 = new TypeDefUser(RenamerPhase.GenerateString(RenamerPhase.RenameMode.Normal))
{
IsInterface = true,
IsSealed = true
};
manifestModule.Types.Add(typeDef4);
manifestModule.TablesHeaderVersion = 257;
}
