Exemple #1
0
        public void encryptNativeMethods(MetadataBuilder builder)
        {
            if (methodToNativeMethod.Count == 0)
            {
                return;
            }

            Log.v("Encrypting native methods");

            var stream = new MemoryStream();
            var writer = new BinaryWriter(stream);

            writer.Write((uint)0);              // patch count
            writer.Write((uint)0);              // mode
            writer.Write(methodToNativeMethod.Count);

            int index      = 0;
            var codeWriter = builder.CodeWriter;

            foreach (var pair in methodToNativeMethod)
            {
                var method = pair.Key;
                if (method.DeclaringType == null)
                {
                    continue;                           // Method was removed
                }
                if (method.DeclaringType.Module == null)
                {
                    continue;                           // method.DeclaringType was removed
                }
                var code = pair.Value;

                uint codeRva = builder.GetMethodBodyRva((int)method.MetadataToken.RID - 1);
                if ((codeWriter.ReadByteAtRva(codeRva) & 3) == 2)
                {
                    codeRva++;
                }
                else
                {
                    codeRva += 4 * (uint)(codeWriter.ReadByteAtRva(codeRva + 1) >> 4);
                }

                Log.v("Native method {0:X8}, code RVA {1:X8}", method.MetadataToken.ToInt32(), codeRva);

                writer.Write(codeRva);
                writer.Write(0x70000000 + index++);
                writer.Write(code.Length);
                writer.Write(code);
            }

            if (index != 0)
            {
                Log.n("Re-encrypted {0}/{1} native methods", index, totalEncryptedNativeMethods);
            }

            var encryptedData = stream.ToArray();

            xorEncrypt(encryptedData);
            encryptedResource.updateResource(encryptedResource.encrypt(encryptedData));
        }
Exemple #2
0
		public void encryptNativeMethods(ModuleWriterBase moduleWriter) {
			if (validNativeMethods == null || validNativeMethods.Count == 0)
				return;

			Logger.v("Encrypting native methods");

			var stream = new MemoryStream();
			var writer = new BinaryWriter(stream);
			writer.Write((uint)0);	// patch count
			writer.Write((uint)0);	// mode
			writer.Write(validNativeMethods.Count);

			int index = 0;
			foreach (var method in validNativeMethods) {
				var code = methodToNativeMethod[method];

				var mb = moduleWriter.MetaData.GetMethodBody(method);
				if (mb == null) {
					Logger.e("Could not find method body for method {0} ({1:X8})", method, method.MDToken.Raw);
					continue;
				}

				uint codeRva = (uint)mb.RVA;
				if (mb.IsTiny)
					codeRva++;
				else
					codeRva += (uint)(4 * (mb.Code[1] >> 4));

				Logger.v("Native method {0:X8}, code RVA {1:X8}", new MDToken(Table.Method, moduleWriter.MetaData.GetRid(method)).Raw, codeRva);

				writer.Write(codeRva);
				writer.Write(0x70000000 + index++);
				writer.Write(code.Length);
				writer.Write(code);
			}

			if (index != 0)
				Logger.n("Re-encrypted {0}/{1} native methods", index, totalEncryptedNativeMethods);

			var resourceChunk = moduleWriter.MetaData.GetChunk(encryptedResource.Resource);
			var resourceData = resourceChunk.Data;

			var encrypted = stream.ToArray();
			xorEncrypt(encrypted);

			encrypted = encryptedResource.encrypt(encrypted);
			if (encrypted.Length != resourceData.Length)
				Logger.e("Encrypted native methods array is not same size as original array");
			Array.Copy(encrypted, resourceData, resourceData.Length);
		}