private static void Main(string[] args)
{
if (args.Length == 0)
{
Console.WriteLine("No input file specified...");
}
else
{
Configuration.AssemblyFilename = args[0];
ModuleDefMD module = ModuleDefMD.Load(Configuration.AssemblyFilename, (ModuleCreationOptions)null);
TypeDef globalType = module.GlobalType;
List <MethodDef> methodDefList = new List <MethodDef>();
foreach (MethodDef method in globalType.Methods.Where <MethodDef>((Func <MethodDef, bool>)(m => m.IsNative)).ToList <MethodDef>())
{
MethodDef ilFromX86Method = X86MethodToILConverter.CreateILFromX86Method(new X86Method(method));
method.DeclaringType.Methods.Add(ilFromX86Method);
methodDefList.Add(method);
}
foreach (MethodDef methodDef1 in methodDefList)
{
MethodDef replacedMethod = methodDef1;
IEnumerable <Instruction> allReferences = replacedMethod.FindAllReferences(module);
MethodDef methodDef2 = module.GlobalType.Methods.FirstOrDefault <MethodDef>((Func <MethodDef, bool>)(m => m.Name == (string)replacedMethod.Name + "_IL"));
foreach (Instruction instruction in allReferences)
{
instruction.Operand = (object)methodDef2;
}
++Program.x86Fixed;
}
foreach (MethodDef methodDef in methodDefList)
{
globalType.Methods.Remove(methodDef);
}
module.IsStrongNameSigned = false;
module.Assembly.PublicKey = (PublicKey)null;
NativeModuleWriterOptions options1 = new NativeModuleWriterOptions(module);
options1.MetaDataOptions.Flags |= MetaDataFlags.PreserveAll;
options1.MetaDataOptions.Flags |= MetaDataFlags.KeepOldMaxStack;
options1.Cor20HeaderOptions.Flags = new ComImageFlags?(ComImageFlags.ILOnly | ComImageFlags._32BitRequired);
module.NativeWrite((Stream)Program.mem, options1);
Program.module = ModuleDefMD.Load((Stream)Program.mem);
ModuleWriterOptions options2 = new ModuleWriterOptions((ModuleDef)Program.module);
options1.MetaDataOptions.Flags |= MetaDataFlags.PreserveAll;
options1.MetaDataOptions.Flags |= MetaDataFlags.KeepOldMaxStack;
Program.module.Write(args[0].Replace(".exe", "-x86_mode_Fixed.exe"), options2);
Console.WriteLine("Resolved : " + (object)Program.x86Fixed + " natives ints");
}
}
private static void Main(string[] args)
{
if (args.Length == 0)
{
Console.WriteLine("No input file specified...");
return;
}
// Store the obfuscated file name for later use (e.g. when resolving the RVAs)
Configuration.AssemblyFilename = args[0];
// Load the assembly via dnlib (Only the module, we need this structure to resolve MD Tokens)
var assemblyModuleDnlib = ModuleDefMD.Load(Configuration.AssemblyFilename);
// Get the <Module>-Type for later use
var cctorType = assemblyModuleDnlib.GlobalType;
// Store the replaced methods in this list
var nativeMethodsReplaced = new List <MethodDef>();
// Find methods with native code
var nativeMethods = cctorType.Methods.Where(m => m.IsNative).ToList();
foreach (var nativeMethod in nativeMethods)
{
// Get the assembly code and the X86 Opcode Structure (Thanks to ubbelol)
X86Method x86NativeMethod = new X86Method(nativeMethod);
var ILNativeMethod = X86MethodToILConverter.CreateILFromX86Method(x86NativeMethod);
nativeMethod.DeclaringType.Methods.Add(ILNativeMethod);
nativeMethodsReplaced.Add(nativeMethod);
}
// Export all the IL Methods to a DLL
MethodExporter.ExportMethodsToDll("TestMethodModule.dll", nativeMethodsReplaced, assemblyModuleDnlib);
// Call the DLL IL Methods and the native Methods via x86 function ptr to see if the result is the same
X86ILTester.TestNativeWithILMethods(Configuration.AssemblyFilename, Path.Combine(Environment.CurrentDirectory, "TestMethodModule.dll"));
// Find all the native method calls and replace them with the IL calls
foreach (var replacedMethod in nativeMethodsReplaced)
{
var callsToNativeMethod = replacedMethod.FindAllReferences(assemblyModuleDnlib);
var ilMethod = assemblyModuleDnlib.GlobalType.Methods.FirstOrDefault(m => m.Name == replacedMethod.Name + "_IL");
foreach (var call in callsToNativeMethod)
{
call.Operand = ilMethod;
}
Console.WriteLine("[+] Removed " + callsToNativeMethod.ToList().Count + " entries.");
}
// Remove each native method
foreach (var replacedMethod in nativeMethodsReplaced)
{
cctorType.Methods.Remove(replacedMethod);
}
// Turn off signing
assemblyModuleDnlib.IsStrongNameSigned = false;
assemblyModuleDnlib.Assembly.PublicKey = null;
// Preserve Tokens and fix the flags for ILOnly
var moduleWriterOptions = new ModuleWriterOptions();
moduleWriterOptions.MetaDataOptions.Flags |= MetaDataFlags.PreserveAll;
moduleWriterOptions.MetaDataOptions.Flags |= MetaDataFlags.KeepOldMaxStack;
moduleWriterOptions.Cor20HeaderOptions.Flags = ComImageFlags.ILOnly | ComImageFlags._32BitRequired;
assemblyModuleDnlib.Write("out_mod.exe", moduleWriterOptions);
}
