private void SerializePatches()
        {
            StringBuilder sb = new StringBuilder();

            sb.AppendLine($"<style>{GetStyleSheet()}\n</style>");

            var patches  = _pe.CryptoPatches;
            int patCount = patches.Count;

            AddLineWithTag(sb, "Patches Count", patCount);
            AddLineWithTag(sb, "Target Executeable", _pe.FilePath);
            AddLineWithTag(sb, "Client Internal Version", _pe.ClientVersion);
            AddLineWithTag(sb, "Linker Version", $"MSVC-{_pe.MajorLinkerVersion}.0 (Microsoft Visual C++)");
            AddLineWithTag(sb, "Inlined Functions Count", patches.Count(p => p.Inlined));

            string encryptionDesc = patches.CryptoType == CryptoType.XOR ? "XOR Cipher" : "DES + XOR Cipher";

            AddLineWithTag(sb, "Encryption Algorithm", encryptionDesc);

            AddSeparator(sb);

            using (HtmlTable table = new HtmlTable(sb, "Table Encryption Keys"))
            {
                using (HtmlTableRow row = new HtmlTableRow(sb, true))
                {
                    row.AddCell("#");
                    row.AddCell("Key");
                    row.AddCell("File Offset");
                    row.AddCell("Virtual Address");
                    row.AddCell("Inlined Function?");
                }

                for (int i = 0; i < patCount; i++)
                {
                    using (HtmlTableRow row = new HtmlTableRow(sb))
                    {
                        CryptoPatch patch = patches[i];
                        CryptoKey   fk    = patch.Keys.First();

                        row.AddCell((i + 1).ToString());

                        string keys, fileOffsets, VAs;
                        keys = fileOffsets = VAs = String.Empty;
                        foreach (CryptoKey key in patch.Keys)
                        {
                            keys        += $"&bull; 0x{key.Key:X4}<br>\n";
                            fileOffsets += $"&bull; 0x{((int)key.Offset):X8}<br>\n";
                            VAs         += $"&bull; 0x{((int)key.VirtualAddress):X8}<br>\n";
                        }
                        keys.TrimEnd('\n');
                        fileOffsets.TrimEnd('\n');
                        VAs.TrimEnd('\n');

                        row.AddCell(keys);
                        row.AddCell(fileOffsets);
                        row.AddCell(VAs);
                        row.AddCell(patch.Inlined.ToString());
                    }
                }
            }

            view.DocumentText = sb.ToString();
        }
Esempio n. 2
0
        private void SerializePatches()
        {
            StringBuilder sb = new StringBuilder();

            sb.AppendLine($"<style>{GetStyleSheet()}\n</style>");

            using (HtmlTable table = new HtmlTable(sb, "General Information"))
            {
                foreach (var item in generalInfo)
                {
                    using (HtmlTableRow row = new HtmlTableRow(sb))
                    {
                        row.AddCell($"<strong>{item.Key}</strong>");
                        row.AddCell(item.Value);
                    }
                }
            }

            AddSeparator(sb);

            using (HtmlTable table = new HtmlTable(sb, "Table Encryption Keys"))
            {
                using (HtmlTableRow row = new HtmlTableRow(sb, true))
                {
                    row.AddCell("#");
                    row.AddCell("Key");
                    row.AddCell("File Offset");
                    row.AddCell("Virtual Address");
                    row.AddCell("Inlined Function?");
                }

                var patches  = _pe.CryptoPatches;
                int patCount = patches.Count;
                for (int i = 0; i < patCount; i++)
                {
                    CryptoPatch patch = patches[i];
                    CryptoKey   fk    = patch.Keys.First();

                    string rowId = String.Empty;
                    if (patch.Inlined)
                    {
                        rowId = "inlined";
                    }
                    else
                    {
                        rowId = (i + 1) % 2 != 0 ? "odd" : "even";
                    }

                    using (HtmlTableRow row = new HtmlTableRow(sb, false, rowId))
                    {
                        row.AddCell((i + 1).ToString());

                        string keys, fileOffsets, VAs;
                        keys = fileOffsets = VAs = String.Empty;
                        foreach (CryptoKey key in patch.Keys)
                        {
                            keys        += $"&bull; 0x{key.Key:X4}<br>\n";
                            fileOffsets += $"&bull; 0x{((int)key.Offset):X8}<br>\n";
                            VAs         += $"&bull; 0x{((int)key.VirtualAddress):X8}<br>\n";
                        }
                        keys.TrimEnd('\n');
                        fileOffsets.TrimEnd('\n');
                        VAs.TrimEnd('\n');

                        row.AddCell(keys);
                        row.AddCell(fileOffsets);
                        row.AddCell(VAs);
                        row.AddCell(patch.Inlined.ToString());
                    }
                }
            }

            view.DocumentText = sb.ToString();
        }