private Method(
MemberRef sharedMem,
MemberRef prevLocation,
MemberRef onBranch,
bool enableOnBranchCallback,
MethodDef method)
{
this.sharedMem = sharedMem;
this.prevLocation = prevLocation;
this.onBranch = onBranch;
this.enableOnBranchCallback = enableOnBranchCallback;
if (enableOnBranchCallback)
{
onBranchCall = method.Module.Import(typeof(Common.Trace)
.GetMethod(nameof(Common.Trace.OnBranchCall)));
}
body = method.Body;
instructions = body.Instructions.ToList();
if (instructions.Any())
{
instrumented = new Dictionary <Instruction, Instruction>();
body.SimplifyBranches();
body.Instructions.Clear();
FindInstrumentationTargets();
Instrument(method.FullName);
UpdateBranchTargets();
UpdateExceptionHandlers();
body.OptimizeBranches();
}
}
public void ProtectionPhase(SpectreContext spctx)
{
foreach (ModuleDef module in spctx.Assembly.Modules)
{
foreach (TypeDef type in module.Types)
{
foreach (MethodDef method in type.Methods)
{
if (!method.HasBody)
{
continue;
}
if (method.HasBody)
{
if (!method.Body.HasInstructions)
{
continue;
}
}
body = method.Body;
for (int i = 0; i < body.Instructions.Count; i++)
{
if (body.Instructions[i].IsLdcI4())
{
Mutate(spctx, method, i);
i += 2;
}
}
body.SimplifyBranches();
body.OptimizeBranches();
}
}
}
}
public void ProtectionPhase(Context krawk)
{
Console.ForegroundColor = ConsoleColor.Yellow;
Console.WriteLine("Executing Constants...");
Console.ResetColor();
GenerateX86(krawk);
foreach (ModuleDef module in krawk.Assembly.Modules)
{
foreach (TypeDef type in module.Types)
{
if (type.Namespace.Contains(".My"))
{
continue;
}
if (type.FullName.Contains(".My"))
{
continue;
}
foreach (MethodDef method in type.Methods)
{
if (!method.HasBody)
{
continue;
}
if (method.FullName.Contains(".My"))
{
continue;
}
if (method.HasBody)
{
if (!method.Body.HasInstructions)
{
continue;
}
}
if (method.FullName.Contains("Decrypt"))
{
continue;
}
body = method.Body;
for (int i = 0; i < body.Instructions.Count; i++)
{
if (method.Body.Instructions[i].OpCode == OpCodes.Ldstr)
{
Encodestring(krawk, method, i);
i += 2;
}
}
}
body.SimplifyBranches();
body.OptimizeBranches();
}
}
}
private void GetDecryptionCall(ModuleDef Module, TypeDef typedecryption)
{
resourcename = textBox2.Text;
filename = textBox1.Text;
foreach (TypeDef type in Module.Types)
{
foreach (MethodDef method in type.Methods)
{
if (method.HasBody == null)
{
continue;
}
CilBody body = method.Body;
body.SimplifyBranches();
int x = 0;
while (x < body.Instructions.Count)
{
if (body.Instructions[x].OpCode == OpCodes.Call)
{
if (body.Instructions[x].Operand.ToString().ToLower().Contains(typedecryption.ToString().ToLower()))
{
try
{
var num1 = body.Instructions[x - 3].Operand.ToString();
int a = int.Parse(num1);
int num2 = 1;
num2 = num2 + a;
var parameterint = num2;
string z = decrypt.decryptor(parameterint, resourcename, filename);
body.Instructions[x].OpCode = OpCodes.Ldstr;
body.Instructions[x].Operand = z;
body.Instructions.RemoveAt(x - 1);
body.Instructions.RemoveAt(x - 2);
body.Instructions.RemoveAt(x - 3);
DeobedStringNumber = DeobedStringNumber + 1;
x++;
}
catch (Exception e)
{
//MessageBox.Show(e.ToString());
x++;
}
}
}
x++;
}
}
}
}
private Method(MemberRef sharedMem, MemberRef prevLocation, MethodDef method)
{
this.sharedMem = sharedMem;
this.prevLocation = prevLocation;
body = method.Body;
instructions = body.Instructions.ToList();
instrumented = new Dictionary <Instruction, Instruction>();
body.SimplifyBranches();
body.Instructions.Clear();
FindInstrumentationTargets();
Instrument();
UpdateBranchTargets();
UpdateExceptionHandlers();
body.OptimizeBranches();
}
void IProtector.ProtectionPhase(Context krawk)
{
foreach (ModuleDef module in krawk.Assembly.Modules)
{
foreach (TypeDef type in module.Types)
{
if (type.Namespace.Contains(".My"))
{
continue;
}
foreach (MethodDef method in type.Methods)
{
if (!method.HasBody)
{
continue;
}
if (method.Name.Contains("Krawk_Protector_N"))
{
continue;
}
if (method.HasBody)
{
if (!method.Body.HasInstructions)
{
continue;
}
}
body = method.Body;
for (int i = 0; i < body.Instructions.Count; i++)
{
if (body.Instructions[i].OpCode == OpCodes.Ldc_I4)
{
Mutate(krawk, method, i);
i += 2;
}
}
body.SimplifyBranches();
body.OptimizeBranches();
}
}
}
}
void IProtector.ProtectionPhase(Context krawk)
{
foreach (ModuleDef module in krawk.Assembly.Modules)
{
foreach (TypeDef type in module.Types)
{
foreach (MethodDef method in type.Methods)
{
if (!method.HasBody)
{
continue;
}
if (method.HasBody)
{
if (!method.Body.HasInstructions)
{
continue;
}
}
body = method.Body;
for (int i = 0; i < body.Instructions.Count; i++)
{
if (method.Body.Instructions[i].OpCode == OpCodes.Ldstr)
{
Mutate(krawk, method, i, "String");
i += 2;
}
if (method.Body.Instructions[i].IsLdcI4())
{
Mutate(krawk, method, i, "Int");
}
}
body.SimplifyBranches();
body.OptimizeBranches();
}
}
}
}
private void GetDecryptionMethod(ModuleDef Module)
{
foreach (TypeDef type in Module.Types)
{
foreach (MethodDef method in type.Methods)
{
if (method.HasBody == null)
{
continue;
}
if (method.IsConstructor == false)
{
continue;
}
CilBody body = method.Body;
body.SimplifyBranches();
var x = 0;
while (x < body.Instructions.Count)
{
if (body.Instructions[x].OpCode == OpCodes.Call)
{
if (body.Instructions[x].Operand.ToString().ToLower().Contains("system.reflection.assembly::getexecutingassembly"))
{
Typedecryption = method.DeclaringType;
richTextBox1.AppendText("Decryption type : " + Typedecryption + Environment.NewLine);
foreach (MethodDef methoda in type.Methods)
{
if (methoda.IsConstructor)
{
continue;
}
if (methoda.Body.Instructions.Count > 5)
{
continue;
}
int xy = 0;
while (xy < methoda.Body.Instructions.Count)
{
if (methoda.Body.Instructions[xy].OpCode == OpCodes.Call)
{
if (methoda.Body.Instructions[xy].Operand == null)
{
xy++;
continue;
}
if (!methoda.Body.Instructions[xy].Operand.ToString().Contains("object"))
{
Methoddecryption = methoda;
break;
}
}
else
{
xy++;
}
}
}
}
}
x++;
}
x++;
}
}
}
// Token: 0x06000090 RID: 144 RVA: 0x00007F84 File Offset: 0x00006184
public static void Mutate1(MethodDef method)
{
CilBody body = method.Body;
body.SimplifyBranches();
Random random = new Random();
int i = 0;
while (i < body.Instructions.Count)
{
bool flag = body.Instructions[i].IsLdcI4();
if (flag)
{
int ldcI4Value = body.Instructions[i].GetLdcI4Value();
int num = random.Next(5, 40);
body.Instructions[i].OpCode = OpCodes.Ldc_I4;
body.Instructions[i].Operand = num * ldcI4Value;
body.Instructions.Insert(i + 1, Instruction.Create(OpCodes.Ldc_I4, num));
body.Instructions.Insert(i + 2, Instruction.Create(OpCodes.Div));
i += 3;
}
else
{
i++;
}
}
Random random2 = new Random();
int num2 = 0;
ITypeDefOrRef type = null;
for (int j = 0; j < method.Body.Instructions.Count; j++)
{
Instruction instruction = method.Body.Instructions[j];
bool flag2 = instruction.IsLdcI4();
if (flag2)
{
switch (random2.Next(1, 16))
{
case 1:
type = method.Module.Import(typeof(int));
num2 = 4;
break;
case 2:
type = method.Module.Import(typeof(sbyte));
num2 = 1;
break;
case 3:
type = method.Module.Import(typeof(byte));
num2 = 1;
break;
case 4:
type = method.Module.Import(typeof(bool));
num2 = 1;
break;
case 5:
type = method.Module.Import(typeof(decimal));
num2 = 16;
break;
case 6:
type = method.Module.Import(typeof(short));
num2 = 2;
break;
case 7:
type = method.Module.Import(typeof(long));
num2 = 8;
break;
case 8:
type = method.Module.Import(typeof(uint));
num2 = 4;
break;
case 9:
type = method.Module.Import(typeof(float));
num2 = 4;
break;
case 10:
type = method.Module.Import(typeof(char));
num2 = 2;
break;
case 11:
type = method.Module.Import(typeof(ushort));
num2 = 2;
break;
case 12:
type = method.Module.Import(typeof(double));
num2 = 8;
break;
case 13:
type = method.Module.Import(typeof(DateTime));
num2 = 8;
break;
case 14:
type = method.Module.Import(typeof(ConsoleKeyInfo));
num2 = 12;
break;
case 15:
type = method.Module.Import(typeof(Guid));
num2 = 16;
break;
}
int num3 = random2.Next(1, 1000);
bool flag3 = Convert.ToBoolean(random2.Next(0, 2));
switch ((num2 != 0) ? ((Convert.ToInt32(instruction.Operand) % num2 == 0) ? random2.Next(1, 5) : random2.Next(1, 4)) : random2.Next(1, 4))
{
case 1:
method.Body.Instructions.Insert(j + 1, Instruction.Create(OpCodes.Sizeof, type));
method.Body.Instructions.Insert(j + 2, Instruction.Create(OpCodes.Add));
instruction.Operand = Convert.ToInt32(instruction.Operand) - num2 + (flag3 ? (-num3) : num3);
method.Body.Instructions.Insert(j + 3, Instruction.CreateLdcI4(num3));
method.Body.Instructions.Insert(j + 4, Instruction.Create(flag3 ? OpCodes.Add : OpCodes.Sub));
j += 4;
break;
case 2:
method.Body.Instructions.Insert(j + 1, Instruction.Create(OpCodes.Sizeof, type));
method.Body.Instructions.Insert(j + 2, Instruction.Create(OpCodes.Sub));
instruction.Operand = Convert.ToInt32(instruction.Operand) + num2 + (flag3 ? (-num3) : num3);
method.Body.Instructions.Insert(j + 3, Instruction.CreateLdcI4(num3));
method.Body.Instructions.Insert(j + 4, Instruction.Create(flag3 ? OpCodes.Add : OpCodes.Sub));
j += 4;
break;
case 3:
method.Body.Instructions.Insert(j + 1, Instruction.Create(OpCodes.Sizeof, type));
method.Body.Instructions.Insert(j + 2, Instruction.Create(OpCodes.Add));
instruction.Operand = Convert.ToInt32(instruction.Operand) - num2 + (flag3 ? (-num3) : num3);
method.Body.Instructions.Insert(j + 3, Instruction.CreateLdcI4(num3));
method.Body.Instructions.Insert(j + 4, Instruction.Create(flag3 ? OpCodes.Add : OpCodes.Sub));
j += 4;
break;
case 4:
method.Body.Instructions.Insert(j + 1, Instruction.Create(OpCodes.Sizeof, type));
method.Body.Instructions.Insert(j + 2, Instruction.Create(OpCodes.Mul));
instruction.Operand = Convert.ToInt32(instruction.Operand) / num2;
j += 2;
break;
default:
method.Body.Instructions.Insert(j + 3, Instruction.CreateLdcI4(num3));
method.Body.Instructions.Insert(j + 4, Instruction.Create(flag3 ? OpCodes.Add : OpCodes.Sub));
j += 4;
break;
}
}
}
}
protected override void Execute(ConfuserContext context, ProtectionParameters parameters)
{
for (int i = 1; i < 1; i++)
{
foreach (IDnlibDef dnlibDef in parameters.Targets)
{
MethodDef def = (MethodDef)dnlibDef;
CilBody body = def.Body;
body.SimplifyBranches();
Random random = new Random();
int num2 = 0;
while (num2 < body.Instructions.Count)
{
if (body.Instructions[num2].IsLdcI4())
{
int num3 = body.Instructions[num2].GetLdcI4Value();
int num4 = random.Next(5, 40);
body.Instructions[num2].OpCode = OpCodes.Ldc_I4;
body.Instructions[num2].Operand = num4 * num3;
body.Instructions.Insert(num2 + 1, Instruction.Create(OpCodes.Ldc_I4, num4));
body.Instructions.Insert(num2 + 2, Instruction.Create(OpCodes.Div));
num2 += 3;
}
else
{
num2++;
}
}
Random random2 = new Random();
int num5 = 0;
ITypeDefOrRef type = null;
for (int j = 0; j < def.Body.Instructions.Count; j++)
{
Instruction instruction = def.Body.Instructions[j];
if (instruction.IsLdcI4())
{
switch (random2.Next(1, 8))
{
case 1:
type = def.Module.Import(typeof(int));
num5 = 4;
break;
case 2:
type = def.Module.Import(typeof(sbyte));
num5 = 1;
break;
case 3:
type = def.Module.Import(typeof(byte));
num5 = 1;
break;
case 4:
type = def.Module.Import(typeof(bool));
num5 = 1;
break;
case 5:
type = def.Module.Import(typeof(decimal));
num5 = 16;
break;
case 6:
type = def.Module.Import(typeof(short));
num5 = 2;
break;
case 7:
type = def.Module.Import(typeof(long));
num5 = 8;
break;
}
int num6 = random2.Next(1, 1000);
bool flag = Convert.ToBoolean(random2.Next(0, 2));
switch ((num5 != 0) ? ((Convert.ToInt32(instruction.Operand) % num5 == 0) ? random2.Next(1, 5) : random2.Next(1, 4)) : random2.Next(1, 4))
{
case 1:
def.Body.Instructions.Insert(j + 1, Instruction.Create(OpCodes.Sizeof, type));
def.Body.Instructions.Insert(j + 2, Instruction.Create(OpCodes.Add));
instruction.Operand = Convert.ToInt32(instruction.Operand) - num5 + (flag ? (-num6) : num6);
goto IL_43A;
case 2:
def.Body.Instructions.Insert(j + 1, Instruction.Create(OpCodes.Sizeof, type));
def.Body.Instructions.Insert(j + 2, Instruction.Create(OpCodes.Sub));
instruction.Operand = Convert.ToInt32(instruction.Operand) + num5 + (flag ? (-num6) : num6);
goto IL_43A;
case 3:
def.Body.Instructions.Insert(j + 1, Instruction.Create(OpCodes.Sizeof, type));
def.Body.Instructions.Insert(j + 2, Instruction.Create(OpCodes.Add));
instruction.Operand = Convert.ToInt32(instruction.Operand) - num5 + (flag ? (-num6) : num6);
goto IL_43A;
case 4:
def.Body.Instructions.Insert(j + 1, Instruction.Create(OpCodes.Sizeof, type));
def.Body.Instructions.Insert(j + 2, Instruction.Create(OpCodes.Mul_Ovf_Un));
instruction.Operand = Convert.ToInt32(instruction.Operand) - num5 + (flag ? (-num6) : num6);
goto IL_43A;
case 5:
def.Body.Instructions.Insert(j + 1, Instruction.Create(OpCodes.Sizeof, type));
def.Body.Instructions.Insert(j + 2, Instruction.Create(OpCodes.Add_Ovf_Un));
instruction.Operand = Convert.ToInt32(instruction.Operand) - num5 + (flag ? (-num6) : num6);
goto IL_43A;
case 6:
def.Body.Instructions.Insert(j + 1, Instruction.Create(OpCodes.Sizeof, type));
def.Body.Instructions.Insert(j + 2, Instruction.Create(OpCodes.Mul));
instruction.Operand = Convert.ToInt32(instruction.Operand) / num5;
break;
default:
goto IL_43A;
}
IL_484:
j += 2;
goto IL_48A;
IL_43A:
def.Body.Instructions.Insert(j + 3, Instruction.CreateLdcI4(num6));
def.Body.Instructions.Insert(j + 4, Instruction.Create(flag ? OpCodes.Add : OpCodes.Sub));
j += 2;
goto IL_484;
}
IL_48A :;
}
body.OptimizeBranches();
}
}
}
// Token: 0x06000097 RID: 151 RVA: 0x0000C8AC File Offset: 0x0000AAAC
public static void DisConstants(ModuleDef md)
{
foreach (TypeDef typeDef in md.Types)
{
foreach (MethodDef methodDef in typeDef.Methods)
{
for (int i = 1; i < 1; i++)
{
CilBody body = methodDef.Body;
body.SimplifyBranches();
Random random = new Random();
int j = 0;
while (j < body.Instructions.Count)
{
bool flag = body.Instructions[j].IsLdcI4();
if (flag)
{
int ldcI4Value = body.Instructions[j].GetLdcI4Value();
int num = random.Next(5, 40);
body.Instructions[j].OpCode = OpCodes.Ldc_I4;
body.Instructions[j].Operand = num * ldcI4Value;
body.Instructions.Insert(j + 1, Instruction.Create(OpCodes.Ldc_I4, num));
body.Instructions.Insert(j + 2, Instruction.Create(OpCodes.Div));
j += 3;
}
else
{
j++;
}
}
Random random2 = new Random();
int num2 = 0;
ITypeDefOrRef type = null;
for (int k = 0; k < methodDef.Body.Instructions.Count; k++)
{
Instruction instruction = methodDef.Body.Instructions[k];
bool flag2 = instruction.IsLdcI4();
if (flag2)
{
switch (random2.Next(1, 8))
{
case 1:
type = methodDef.Module.Import(typeof(int));
num2 = 4;
break;
case 2:
type = methodDef.Module.Import(typeof(sbyte));
num2 = 1;
break;
case 3:
type = methodDef.Module.Import(typeof(byte));
num2 = 1;
break;
case 4:
type = methodDef.Module.Import(typeof(bool));
num2 = 1;
break;
case 5:
type = methodDef.Module.Import(typeof(decimal));
num2 = 16;
break;
case 6:
type = methodDef.Module.Import(typeof(short));
num2 = 2;
break;
case 7:
type = methodDef.Module.Import(typeof(long));
num2 = 8;
break;
}
int num3 = random2.Next(1, 1000);
bool flag3 = Convert.ToBoolean(random2.Next(0, 2));
switch ((num2 != 0) ? ((Convert.ToInt32(instruction.Operand) % num2 == 0) ? random2.Next(1, 5) : random2.Next(1, 4)) : random2.Next(1, 4))
{
case 1:
methodDef.Body.Instructions.Insert(k + 1, Instruction.Create(OpCodes.Sizeof, type));
methodDef.Body.Instructions.Insert(k + 2, Instruction.Create(OpCodes.Add));
instruction.Operand = Convert.ToInt32(instruction.Operand) - num2 + (flag3 ? (-num3) : num3);
goto IL_493;
case 2:
methodDef.Body.Instructions.Insert(k + 1, Instruction.Create(OpCodes.Sizeof, type));
methodDef.Body.Instructions.Insert(k + 2, Instruction.Create(OpCodes.Sub));
instruction.Operand = Convert.ToInt32(instruction.Operand) + num2 + (flag3 ? (-num3) : num3);
goto IL_493;
case 3:
methodDef.Body.Instructions.Insert(k + 1, Instruction.Create(OpCodes.Sizeof, type));
methodDef.Body.Instructions.Insert(k + 2, Instruction.Create(OpCodes.Add));
instruction.Operand = Convert.ToInt32(instruction.Operand) - num2 + (flag3 ? (-num3) : num3);
goto IL_493;
case 4:
methodDef.Body.Instructions.Insert(k + 1, Instruction.Create(OpCodes.Sizeof, type));
methodDef.Body.Instructions.Insert(k + 2, Instruction.Create(OpCodes.Mul));
instruction.Operand = Convert.ToInt32(instruction.Operand) / num2;
break;
default:
goto IL_493;
}
IL_48A:
k += 2;
goto IL_4E2;
IL_493:
methodDef.Body.Instructions.Insert(k + 3, Instruction.CreateLdcI4(num3));
methodDef.Body.Instructions.Insert(k + 4, Instruction.Create(flag3 ? OpCodes.Add : OpCodes.Sub));
k += 2;
goto IL_48A;
}
IL_4E2 :;
}
body.OptimizeBranches();
}
}
}
}
