public void Save() { Watermark(); Logger.LogMessage("Saving as ", Path + "obfuscated.exe", ConsoleColor.Yellow); ModuleWriterOptions opts = new ModuleWriterOptions(Module); opts.Logger = DummyLogger.NoThrowInstance; //Testing opts.PEHeadersOptions.NumberOfRvaAndSizes = 13; opts.MetaDataOptions.TablesHeapOptions.ExtraData = 0x12345678; int classnumber = RuntimeHelper.Random.Next(75, 100); for (int i = 0; i < classnumber; i++) { opts.MetaDataOptions.OtherHeaps.Add(new MyHeap(Renamer.GetRandomName())); } int ii = 7; Type typex = OwnAssembly.GetTypes().First(x => x.Name == Obfuscations[ii]); var instance = Activator.CreateInstance(typex); MethodInfo infod = typex.GetMethod("AddFakeClasses"); try { infod.Invoke(instance, new object[] { Module }); } catch (Exception ex) { Console.WriteLine(ex); } Assembly.Write(Path + "obfuscated.exe", opts); Console.WriteLine("Saved."); }
public void Execute(ModuleDefMD md) { string shit = Renamer.GetRandomName(); Logger.LogMessage("Renaming module to ", shit, ConsoleColor.Red); md.Name = shit; }
public void ReferenceReplace(MethodDef method) { method.Body.SimplifyBranches(); if (Keys.ContainsKey(method.RVA)) { List <Tuple <int, int, int> > keys = Keys[method.RVA]; keys.Reverse(); foreach (Tuple <int, int, int> v in keys) { // Experimental renamer method.Body.Instructions[v.Item1].Operand = Renamer.GetRandomName(); method.Body.Instructions.Insert(v.Item1 + 1, new Instruction(OpCodes.Ldc_I4, v.Item2)); method.Body.Instructions.Insert(v.Item1 + 2, new Instruction(OpCodes.Ldc_I4, v.Item3)); method.Body.Instructions.Insert(v.Item1 + 3, new Instruction(OpCodes.Call, Decryptor)); } } method.Body.OptimizeBranches(); }
public void ExecuteMethod(MethodDef method) { for (int i = 0; i < method.Body.Instructions.Count; i++) { var instr = method.Body.Instructions[i]; if (instr.OpCode == OpCodes.Call) { var target = (IMethod)instr.Operand; if (!target.ResolveMethodDefThrow().IsPublic || !target.ResolveMethodDefThrow().IsStatic || !target.DeclaringType.ResolveTypeDef().IsPublic || target.DeclaringType.ResolveTypeDef().IsSealed) { continue; } var key = target.FullName; MethodDef value; if (!Proxies.TryGetValue(key, out value)) { var consttype = RuntimeHelper.GetRuntimeType("AsStrongAsFuck.Runtime.RefProxy"); var proxysig = ReferenceProxyHelper.CreateProxySignature(target, method.Module); var deleg = ReferenceProxyHelper.CreateDelegateType(proxysig, method.Module, target.ResolveMethodDef()); FieldDefUser field = new FieldDefUser("ZYXDNGuarder", new FieldSig(deleg.ToTypeSig())); Renamer.Rename(field, Renamer.RenameMode.Base64); method.DeclaringType.Fields.Add(field); field.IsStatic = true; var typedef = target.ResolveMethodDefThrow().DeclaringType; var mdtoken = target.ResolveMethodDef().MDToken; var asshole = consttype.Methods.First(x => x.Name == "Load"); asshole.Body.Instructions[1].Operand = deleg; asshole.Body.Instructions[3].Operand = method.Module.Import(typedef); asshole.Body.Instructions[6].OpCode = OpCodes.Ldc_I4; asshole.Body.Instructions[6].Operand = (int)mdtoken.Raw; asshole.Body.Instructions[10].Operand = deleg; asshole.Body.Instructions[11].Operand = field; asshole.Body.Instructions.RemoveAt(12); var cctor = method.DeclaringType.FindOrCreateStaticConstructor(); foreach (var item in asshole.Body.Instructions) { cctor.Body.Instructions.Add(item); } if (cctor.Body.Instructions[0].OpCode == OpCodes.Ret) { cctor.Body.Instructions.RemoveAt(0); } var proxy = new MethodDefUser(Renamer.GetRandomName(), proxysig); proxy.Attributes = MethodAttributes.PrivateScope | MethodAttributes.Static; proxy.ImplAttributes = MethodImplAttributes.Managed | MethodImplAttributes.IL; method.DeclaringType.Methods.Add(proxy); proxy.Body = new CilBody(); proxy.Body.Instructions.Add(Instruction.Create(OpCodes.Ldsfld, field)); for (int x = 0; x < target.ResolveMethodDefThrow().Parameters.Count; x++) { proxy.Body.Instructions.Add(Instruction.Create(OpCodes.Ldarg, proxy.Parameters[x])); } proxy.Body.Instructions.Add(Instruction.Create(OpCodes.Callvirt, deleg.FindMethod("Invoke"))); proxy.Body.Instructions.Add(Instruction.Create(OpCodes.Ret)); value = proxy; Proxies.Add(key, value); } Console.WriteLine($"{key} - {value}"); instr.Operand = value; } } }
public void Execute(ModuleDefMD md) { string shit = Renamer.Hell + Renamer.GetRandomName() + Renamer.Hell + Renamer.GetRandomName() + Renamer.Hell + Renamer.GetRandomName() + Renamer.Hell + Renamer.GetRandomName() + Renamer.Hell + Renamer.GetRandomName() + Renamer.Hell + Renamer.GetRandomName(); md.Name = shit; }