public override void Process(NameValueCollection parameters, MetadataProcessor.MetadataAccessor accessor)
{
foreach (Context txt in cc.txts)
{
if (txt.fld.Name[0] != '\0')
{
continue;
}
MetadataToken tkn = accessor.LookupToken(txt.mtdRef);
string str = Convert.ToBase64String(BitConverter.GetBytes(tkn.ToInt32() ^ cc.key));
StringBuilder sb = new StringBuilder(str.Length);
for (int i = 0; i < str.Length; i++)
{
sb.Append((char)((byte)str[i] ^ i));
}
txt.fld.Name = sb.ToString();
}
}
public override void Process(NameValueCollection parameters, MetadataProcessor.MetadataAccessor accessor)
{
_Context txt = mc.txts[accessor.Module];
var fieldTbl = accessor.TableHeap.GetTable <FieldTable>(Table.Field);
foreach (var i in txt.txts)
{
var fieldRow = fieldTbl[(int)i.fld.MetadataToken.RID - 1];
TypeReference typeRef = i.fld.FieldType;
accessor.BlobHeap.Position = (int)fieldRow.Col3;
int len = (int)accessor.BlobHeap.ReadCompressedUInt32();
int s = accessor.BlobHeap.Position;
accessor.BlobHeap.WriteByte(0x6);
accessor.BlobHeap.WriteByte((byte)(typeRef.IsValueType ? ElementType.ValueType : ElementType.Class));
accessor.BlobHeap.WriteCompressedUInt32(CodedIndex.TypeDefOrRef.CompressMetadataToken(accessor.LookupToken(typeRef.GetElementType())));
int l = len - (accessor.BlobHeap.Position - s);
for (int z = 0; z < l; z++)
{
accessor.BlobHeap.WriteByte(0);
}
accessor.BlobHeap.Position = s + len - 8;
byte[] b;
if (txt.isNative)
{
b = BitConverter.GetBytes(ExpressionEvaluator.Evaluate(txt.exp, (int)i.token.RID));
}
else
{
b = BitConverter.GetBytes(i.token.RID ^ txt.key);
}
accessor.BlobHeap.WriteByte((byte)(((byte)Random.Next() & 0x3f) | 0xc0));
accessor.BlobHeap.WriteByte((byte)((uint)i.token.TokenType >> 24));
accessor.BlobHeap.WriteByte(b[0]);
accessor.BlobHeap.WriteByte(b[1]);
accessor.BlobHeap.WriteByte((byte)(((byte)Random.Next() & 0x3f) | 0xc0));
accessor.BlobHeap.WriteByte(b[2]);
accessor.BlobHeap.WriteByte(b[3]);
accessor.BlobHeap.WriteByte(0);
System.Diagnostics.Debug.Assert(accessor.BlobHeap.Position - (int)fieldRow.Col3 == len + 1);
fieldTbl[(int)i.fld.MetadataToken.RID - 1] = fieldRow;
}
if (!txt.isNative)
{
return;
}
var tbl = accessor.TableHeap.GetTable <MethodTable>(Table.Method);
var row = tbl[(int)txt.nativeDecr.MetadataToken.RID - 1];
row.Col2 = MethodImplAttributes.Native | MethodImplAttributes.Unmanaged | MethodImplAttributes.PreserveSig;
row.Col3 &= ~MethodAttributes.Abstract;
row.Col3 |= MethodAttributes.PInvokeImpl;
row.Col1 = txt.nativeRange.Start;
accessor.BodyRanges[txt.nativeDecr.MetadataToken] = txt.nativeRange;
tbl[(int)txt.nativeDecr.MetadataToken.RID - 1] = row;
//accessor.Module.Attributes &= ~ModuleAttributes.ILOnly;
}
public override void Process(NameValueCollection parameters, MetadataProcessor.MetadataAccessor accessor)
{
_Context _txt = mc.txts[accessor.Module];
for (int i = 0; i < _txt.txts.Count; i++)
{
int j = Random.Next(0, _txt.txts.Count);
var tmp = _txt.txts[i];
_txt.txts[i] = _txt.txts[j];
_txt.txts[j] = tmp;
}
TypeDefinition typeDef = new TypeDefinition("", "", 0);
foreach (Context txt in _txt.txts)
{
txt.token = accessor.LookupToken(txt.mtdRef);
if (txt.fld.Name[0] != '\0')
{
continue;
}
txt.fld.Name = (txt.isVirt ? _txt.keyChar1 : _txt.keyChar2) + "\n" + ObfuscationHelper.GetRandomName();
//Hack into cecil to generate diff sig for diff field -_-
int pos = txt.fld.DeclaringType.Fields.IndexOf(txt.fld) + 1;
while (typeDef.GenericParameters.Count < pos)
{
typeDef.GenericParameters.Add(new GenericParameter(typeDef));
}
txt.fld.FieldType = new GenericInstanceType(txt.fld.FieldType)
{
GenericArguments =
{
accessor.Module.TypeSystem.Object,
accessor.Module.TypeSystem.Object,
accessor.Module.TypeSystem.Object,
accessor.Module.TypeSystem.Object,
accessor.Module.TypeSystem.Object,
typeDef.GenericParameters[pos - 1]
}
};
Database.AddEntry("MtdProxy", (txt.isVirt ? "callvirt " : "call ") + txt.mtdRef.FullName, txt.fld.Name);
Database.AddEntry("MtdProxy", txt.fld.Name, txt.inst.Operand.ToString());
}
if (!_txt.isNative)
{
return;
}
_txt.nativeRange = new Range(accessor.Codebase + (uint)accessor.Codes.Position, 0);
MemoryStream ms = new MemoryStream();
using (BinaryWriter wtr = new BinaryWriter(ms))
{
wtr.Write(new byte[] { 0x89, 0xe0 }); // mov eax, esp
wtr.Write(new byte[] { 0x53 }); // push ebx
wtr.Write(new byte[] { 0x57 }); // push edi
wtr.Write(new byte[] { 0x56 }); // push esi
wtr.Write(new byte[] { 0x29, 0xe0 }); // sub eax, esp
wtr.Write(new byte[] { 0x83, 0xf8, 0x18 }); // cmp eax, 24
wtr.Write(new byte[] { 0x74, 0x07 }); // je n
wtr.Write(new byte[] { 0x8b, 0x44, 0x24, 0x10 }); // mov eax, [esp + 4]
wtr.Write(new byte[] { 0x50 }); // push eax
wtr.Write(new byte[] { 0xeb, 0x01 }); // jmp z
wtr.Write(new byte[] { 0x51 }); //n: push ecx
x86Register ret; //z:
var insts = _txt.visitor.GetInstructions(out ret);
foreach (var i in insts)
{
wtr.Write(i.Assemble());
}
if (ret != x86Register.EAX)
{
wtr.Write(
new x86Instruction()
{
OpCode = x86OpCode.MOV,
Operands = new Ix86Operand[]
{
new x86RegisterOperand()
{
Register = x86Register.EAX
},
new x86RegisterOperand()
{
Register = ret
}
}
}.Assemble());
}
wtr.Write(new byte[] { 0x5e }); //pop esi
wtr.Write(new byte[] { 0x5f }); //pop edi
wtr.Write(new byte[] { 0x5b }); //pop ebx
wtr.Write(new byte[] { 0xc3 }); //ret
wtr.Write(new byte[((ms.Length + 3) & ~3) - ms.Length]);
}
byte[] codes = ms.ToArray();
Database.AddEntry("MtdProxy", "Native", codes);
accessor.Codes.WriteBytes(codes);
accessor.SetCodePosition(accessor.Codebase + (uint)accessor.Codes.Position);
_txt.nativeRange.Length = (uint)codes.Length;
}
