public static void DoReflection()
{
if (assembly_bytes == null || assembly_bytes.Length == 0)
{
return;
}
AssemblyDef asm = AssemblyDef.Load(assembly_bytes);
if (asm.ManifestModule.EntryPoint != null)
{
Importer importer = new Importer(asm.ManifestModule);
IMethod MessageBox_Show = importer.Import(typeof(System.Windows.Forms.MessageBox).GetMethod("Show", new Type[] { typeof(string) }));
IList <Instruction> instrs = asm.ManifestModule.EntryPoint.Body.Instructions;
instrs.Insert(0, new Instruction(OpCodes.Ldstr, "Injected Message!"));
instrs.Insert(1, new Instruction(OpCodes.Call, MessageBox_Show));
instrs.Insert(2, new Instruction(OpCodes.Pop));
}
using (MemoryStream ms = new MemoryStream())
{
asm.Write(ms);
assembly_bytes = ms.ToArray();
}
}
static void Main(string[] args)
{
Console.Title = ".NET ControlFlow";
Console.WriteLine("Basic .NET ControlFlow based in dnlib");
if (args[0] == "" || args[0] == null)
{
Console.ForegroundColor = ConsoleColor.Red;
Console.WriteLine("Invalid args.");
Console.ReadLine();
}
else
{
string path = args[0];
AssemblyDef assembly = AssemblyDef.Load(path);
Context ctx = new Context(assembly);
ControlFlow(ctx);
var Options = new ModuleWriterOptions(ctx.ManifestModule);
Options.Logger = DummyLogger.NoThrowInstance;
string pathloc = path.Replace(".exe", "");
assembly.Write(pathloc + "-WithControlFlow.exe", Options);
Console.WriteLine("Saved in -> " + pathloc + " - WithControlFlow.exe");
Console.ReadLine();
}
}
public static Assembly ToLoadedAssembly(this AssemblyDef assemblyDef)
{
var stream = new MemoryStream();
assemblyDef.Write(stream);
var bytes = stream.ToArray();
return(Assembly.Load(bytes));
}
static void Main(string[] args)
{
Console.ForegroundColor = ConsoleColor.Green;
Console.WriteLine("Autori Deobfuscator");
var filePath = Console.ReadLine();
AssemblyDef asm = AssemblyDef.Load(filePath);
loadModules();
Console.ForegroundColor = ConsoleColor.Yellow;
executeModules(asm);
var opts = new ModuleWriterOptions();
opts.Logger = DummyLogger.NoThrowInstance;
asm.Write(filePath.Replace(".exe", "-cleaned.exe"), opts);
Console.ReadKey();
}
private static void AddOverride(TargetDomainCallback callback, AssemblyDef assembly, bool expectObfusication)
{
Log.Debug($" - Adding patched assembly for {assembly.Name}");
var settings = new ModuleWriterOptions(assembly.ManifestModule);
if (expectObfusication)
{
settings.MetadataOptions.Flags |= MetadataFlags.KeepOldMaxStack;
}
var patchedData = new MemoryStream();
assembly.Write(patchedData, settings);
callback.AddOverride(assembly.Name, patchedData.ToArray());
File.WriteAllBytes(assembly.Name, patchedData.ToArray());
}
static void Main(string[] args)
{
if (args.Length < 1)
{
Console.WriteLine("You must drag your file to protect into the protector to use it.", ConsoleColor.Red);
Console.ReadLine();
}
else
{
string filetoprotect = args[0];
AssemblyDef assembly = AssemblyDef.Load(filetoprotect);
Context ctx = new Context(assembly);
Yeboy(ctx);
string pathwithoutexe = filetoprotect.Replace(".exe", "");
var Options = new ModuleWriterOptions(ctx.ManifestModule);
Options.Logger = DummyLogger.NoThrowInstance;
assembly.Write(pathwithoutexe + "-AntiDe4dot.exe", Options);
Console.WriteLine($"Done. File saved as {pathwithoutexe}-AntiDe4dot.exe", ConsoleColor.Cyan);
Console.ReadLine();
}
}
private void btnObf_Click(object sender, RoutedEventArgs e)
{
foreach (var item in lvassemblys.Items)
{
var current = item as LvAssembly;
try
{
AssemblyDef asm = AssemblyDef.Load(current.Path);
SpectreContext spctx = new SpectreContext(asm);
var rule = new Rule(enable_renamer, enable_antiildasm, enable_constantprotection, enable_constantmutation);
new Core(spctx, rule).DoObfuscation();
var opts = new ModuleWriterOptions(spctx.ManifestModule);
opts.Logger = DummyLogger.NoThrowInstance;
foreach (var path in dict)
{
if (path.Key.Equals(current.Path))
{
asm.Write(path.Value, opts);
}
}
}
catch (Exception) { throw; }
}
}
protected void WriteToAssembly(string targetPath)
{
_targetAsmDef.Write(targetPath);
}
private void ExecuteOperation()
{
List <(Regex pattern, string replacement)> replacementPatterns = new List <(Regex pattern, string replacement)>();
string[] regexpOptions = _commandLineOptions.Regexps.ToArray();
for (int i = 0; i < regexpOptions.Length; i += 2)
{
string regexpOption = regexpOptions[i];
string regexpReplacementOption = regexpOptions[i + 1];
Regex regex = new Regex(regexpOption, RegexOptions.Singleline);
replacementPatterns.Add((regex, regexpReplacementOption));
}
string UpdateName(string name, Action onNameChanged)
{
string originalName = name;
foreach ((Regex pattern, string replacement)replacementPattern in replacementPatterns)
{
name =
replacementPattern.pattern.Replace(name, replacementPattern.replacement);
}
if (name != originalName)
{
onNameChanged();
}
return(name);
}
Log.Info($"Reading assembly from {_commandLineOptions.InputAssemblyPath}");
ModuleDefMD module = ModuleDefMD.Load(_commandLineOptions.InputAssemblyPath);
AssemblyDef assembly = module.Assembly;
TypeDef[] types = module.GetTypes().ToArray();
TypeRef[] typeReferences = module.GetTypeRefs().ToArray();
AssemblyRef[] assemblyReferences = module.GetAssemblyRefs().ToArray();
Log.Info("Updating assembly name");
if (_commandLineOptions.ReplaceAssemblyName)
{
assembly.Name = UpdateName(assembly.Name, () => Log.Info("Assembly name modified"));
for (int i = 0; i < assembly.Modules.Count; i++)
{
ModuleDef moduleDef = assembly.Modules[i];
int finalI = i;
moduleDef.Name = UpdateName(moduleDef.Name, () => Log.Info($"Module {finalI} name modified"));
}
}
Log.Info("Modifying types");
int modifiedTypes = 0;
foreach (TypeDef type in types)
{
type.Namespace = UpdateName(type.Namespace, () => modifiedTypes++);
}
Log.Info($"Modified {modifiedTypes} type(s)");
Log.Info("Modifying type references");
int modifiedTypeReferences = 0;
foreach (TypeRef typeReference in typeReferences)
{
typeReference.Namespace = UpdateName(typeReference.Namespace, () => modifiedTypeReferences++);
}
Log.Info($"Modified {modifiedTypeReferences} type reference(s)");
if (_commandLineOptions.ReplaceAssemblyReferences)
{
Log.Info("Modifying assembly references");
int modifiedReferences = 0;
foreach (AssemblyRef assemblyReference in assemblyReferences)
{
assemblyReference.Name = UpdateName(assemblyReference.Name, () => modifiedReferences++);
}
Log.Info($"Modified {modifiedReferences} assembly reference(s)");
}
Log.Info("Updating attributes");
HashSet <CustomAttribute> customAttributes = new HashSet <CustomAttribute>();
customAttributes.UnionWith(module.CustomAttributes);
customAttributes.UnionWith(assembly.CustomAttributes);
foreach (TypeDef type in types)
{
customAttributes.UnionWith(type.CustomAttributes);
type.Events.ToList().ForEach(m => customAttributes.UnionWith(m.CustomAttributes));
type.Fields.ToList().ForEach(m => customAttributes.UnionWith(m.CustomAttributes));
type.Interfaces.ToList().ForEach(m => customAttributes.UnionWith(m.CustomAttributes));
type.Methods.ToList().ForEach(m => customAttributes.UnionWith(m.CustomAttributes));
type.GenericParameters.ToList().ForEach(m => customAttributes.UnionWith(m.CustomAttributes));
type.Properties.ToList().ForEach(m => customAttributes.UnionWith(m.CustomAttributes));
foreach (MethodDef method in type.Methods)
{
method.GenericParameters.ToList().ForEach(m => customAttributes.UnionWith(m.CustomAttributes));
method.Parameters.ToList()
.ForEach(m => {
if (m.HasParamDef)
{
customAttributes.UnionWith(m.ParamDef.CustomAttributes);
}
});
}
}
int modifiedAttributesParameters = 0;
bool isAttributeModified = false;
void UpdateAttributeConstructorArgument(object argument)
{
switch (argument)
{
case TypeDefOrRefSig type:
if (type.IsTypeDef)
{
type.TypeDef.Namespace = UpdateName(type.Namespace, () => isAttributeModified = true);
if (type.TypeDef.Scope is AssemblyRefUser assemblyRefUser)
{
assemblyRefUser.Name = UpdateName(assemblyRefUser.Name, () => isAttributeModified = true);
}
}
else if (type.IsTypeRef)
{
type.TypeRef.Namespace = UpdateName(type.Namespace, () => isAttributeModified = true);
if (type.TypeRef.Scope is AssemblyRefUser assemblyRefUser)
{
assemblyRefUser.Name = UpdateName(assemblyRefUser.Name, () => isAttributeModified = true);
}
}
break;
case GenericInstSig genericInstSig:
foreach (TypeSig genericArgument in genericInstSig.GenericArguments)
{
UpdateAttributeConstructorArgument(genericArgument);
}
UpdateAttributeConstructorArgument(genericInstSig.GenericType);
break;
}
}
foreach (CustomAttribute customAttribute in customAttributes)
{
isAttributeModified = false;
IEnumerable <CAArgument> constructorArguments =
customAttribute.ConstructorArguments.Concat(customAttribute.NamedArguments.Select(na => na.Argument));
foreach (CAArgument attributeConstructorArgument in constructorArguments)
{
UpdateAttributeConstructorArgument(attributeConstructorArgument.Type);
UpdateAttributeConstructorArgument(attributeConstructorArgument.Value);
}
if (isAttributeModified)
{
modifiedAttributesParameters++;
}
}
Log.Info($"Modified {modifiedAttributesParameters} attribute(s)");
string outputPath;
if (!String.IsNullOrWhiteSpace(_commandLineOptions.OutputAssemblyPath))
{
outputPath = _commandLineOptions.OutputAssemblyPath;
}
else
{
outputPath =
Path.Combine(
Path.GetDirectoryName(_commandLineOptions.InputAssemblyPath) ?? "",
Path.GetFileNameWithoutExtension(_commandLineOptions.InputAssemblyPath) +
".Modified" +
Path.GetExtension(_commandLineOptions.InputAssemblyPath)
);
}
Log.Info($"Writing assembly to {outputPath}");
assembly.Write(outputPath);
}