Esempio n. 1
0
        public void EncryptNativeMethods(ModuleWriterBase moduleWriter)
        {
            if (validNativeMethods == null || validNativeMethods.Count == 0)
            {
                return;
            }

            Logger.v("Encrypting native methods");

            var stream = new MemoryStream();
            var writer = new BinaryWriter(stream);

            writer.Write((uint)0);              // patch count
            writer.Write((uint)0);              // mode
            writer.Write(validNativeMethods.Count);

            int index = 0;

            foreach (var method in validNativeMethods)
            {
                var code = methodToNativeMethod[method];

                var mb = moduleWriter.MetaData.GetMethodBody(method);
                if (mb == null)
                {
                    Logger.e("Could not find method body for method {0} ({1:X8})", method, method.MDToken.Raw);
                    continue;
                }

                uint codeRva = (uint)mb.RVA;
                if (mb.IsTiny)
                {
                    codeRva++;
                }
                else
                {
                    codeRva += (uint)(4 * (mb.Code[1] >> 4));
                }

                Logger.v("Native method {0:X8}, code RVA {1:X8}", new MDToken(Table.Method, moduleWriter.MetaData.GetRid(method)).Raw, codeRva);

                writer.Write(codeRva);
                writer.Write(0x70000000 + index++);
                writer.Write(code.Length);
                writer.Write(code);
            }

            if (index != 0)
            {
                Logger.n("Re-encrypted {0}/{1} native methods", index, totalEncryptedNativeMethods);
            }

            var resourceChunk = moduleWriter.MetaData.GetChunk(encryptedResource.Resource);
            var resourceData  = resourceChunk.Data;

            var encrypted = stream.ToArray();

            XorEncrypt(encrypted);

            encrypted = encryptedResource.Encrypt(encrypted);
            if (encrypted.Length != resourceData.Length)
            {
                Logger.e("Encrypted native methods array is not same size as original array");
            }
            Array.Copy(encrypted, resourceData, resourceData.Length);
        }