コード例 #1
0
        private static void Inject(uint sigToken)
        {
            ModuleDef mod             = cctor.Module;
            TypeDef   stringInjType   = NETUtils.ImportType(typeof(StringEncInj));
            MethodDef stringInjMethod = NETUtils.GetMethodByName(stringInjType, "StringInj");
            MethodDef InsertInstr     = NETUtils.GetMethodByName(stringInjType, "InsertFields");

            stringInjMethod.DeclaringType = null;
            cctor.DeclaringType.Methods.Add(stringInjMethod);
            RenameTask.Rename(stringInjMethod);
            cctor.Body.Instructions.Insert(0, Instruction.Create(OpCodes.Call, stringInjMethod));
            var instr = stringInjMethod.Body.Instructions;

            instr[7].OpCode   = OpCodes.Ldc_I4;
            instr[7].Operand  = Convert.ToInt32(sigToken);
            instr[10].Operand = GlobalDataField;
            instr[20].Operand = GlobalDataField;
            instr[36].Operand = GlobalDataField;
            instr[44].Operand = GlobalDataField;
            MethodDef insertMeth = new MethodDefUser("", MethodSig.CreateStatic(mod.CorLibTypes.Void),
                                                     MethodAttributes.Static | MethodAttributes.Public | MethodAttributes.HideBySig);

            RenameTask.Rename(insertMeth);
            insertMeth.Body = new CilBody();
            cctor.Body.Instructions.Insert(1, Instruction.Create(OpCodes.Call, insertMeth));
            cctor.DeclaringType.Methods.Add(insertMeth);
            List <Instruction> instertListInstr = InsertInstr.Body.Instructions.ToList();

            instertListInstr.RemoveAt(instertListInstr.Count - 1);
            int i = 0;

            foreach (var item in staticFields)
            {
                Instruction[] instrList = new Instruction[instertListInstr.Count];
                instertListInstr.CopyTo(instrList);
                int stringlenght = item.Value.Item1.Length;
                instrList[2].Operand = GlobalDataField;
                instrList[3].OpCode  = OpCodes.Ldc_I4;
                instrList[3].Operand = i;
                instrList[4].OpCode  = OpCodes.Ldc_I4;
                instrList[4].Operand = i + stringlenght;
                instrList[6].Operand = item.Key;
                i += stringlenght;
                foreach (var instrr in instrList)
                {
                    insertMeth.Body.Instructions.Add(instrr.Clone());
                }
            }
            insertMeth.Body.Instructions.Add(Instruction.Create(OpCodes.Ret));
        }
コード例 #2
0
        public static void Execute(ModuleDefMD module)
        {
            int key = rand.Next(97, 122);

            /* rand.GetBytes(byteKey);
             *
             * var dataType = new TypeDefUser(module.GlobalType.Namespace, "", module.CorLibTypes.GetTypeRef("System", "ValueType"));
             * RenameTask.Rename(dataType);
             * dataType.Layout = TypeAttributes.ExplicitLayout;
             * dataType.Visibility = TypeAttributes.NestedPrivate;
             * dataType.IsSealed = true;
             * dataType.ClassLayout = new ClassLayoutUser(1, (uint)byteKey.Length);
             * module.GlobalType.NestedTypes.Add(dataType);
             *
             * var dataField = new FieldDefUser("", new FieldSig(dataType.ToTypeSig()))
             * {
             *   IsStatic = true,
             *   HasFieldRVA = true,
             *   InitialValue = byteKey,
             *   Access = FieldAttributes.CompilerControlled
             * };
             * module.GlobalType.Fields.Add(dataField);
             * RenameTask.Rename(dataField);*/

            TypeDef   stringInjType = NETUtils.ImportType(typeof(StringEncInj));
            MethodDef stringDecMeth = NETUtils.GetMethodByName(stringInjType, "StringDec");

            stringDecMeth.DeclaringType = null;
            stringDecMeth.Body.Instructions[13].OpCode  = OpCodes.Ldc_I4;
            stringDecMeth.Body.Instructions[13].Operand = key;
            RenameTask.Rename(stringDecMeth, true);
            TypeDef cctor = module.GlobalType;

            cctor.Methods.Add(stringDecMeth);
            foreach (var method in module.GetTypes().SelectMany(type => type.Methods))
            {
                if (method != stringDecMeth && method.HasBody)
                {
                    List <Instruction> stringInstr = method.Body.Instructions.Where(instr => instr.OpCode == OpCodes.Ldstr).ToList();
                    for (int i = 0; i < stringInstr.Count; i++)
                    {
                        int index = method.Body.Instructions.IndexOf(stringInstr[i]);
                        stringInstr[i].Operand = Ecrypt((string)stringInstr[i].Operand, key);
                        method.Body.Instructions.Insert(index + 1, Instruction.Create(OpCodes.Call, stringDecMeth));
                    }
                }
            }
        }
コード例 #3
0
        public static void Execute(ModuleDefMD module)
        {
            TypeDef   globalType    = module.GlobalType;
            MethodDef cctor         = globalType.FindStaticConstructor();
            TypeDef   antiDebugType = NETUtils.ImportType(typeof(AntiDebugInj));
            MethodDef check         = NETUtils.GetMethodByName(antiDebugType, "Check");
            MethodDef isDbgPresent  = NETUtils.GetMethodByName(antiDebugType, "IsDebuggerPresent");
            MethodDef thread        = NETUtils.GetMethodByName(antiDebugType, "t");

            antiDebugType.Methods.Remove(check);
            antiDebugType.Methods.Remove(isDbgPresent);
            antiDebugType.Methods.Remove(thread);
            //RenameTask.Rename(antiDebugType);
            RenameTask.Rename(check);
            RenameTask.Rename(thread);
            globalType.Methods.Add(check);
            globalType.Methods.Add(isDbgPresent);
            globalType.Methods.Add(thread);
            cctor.Body.Instructions.Insert(0, Instruction.Create(OpCodes.Call, check));
        }