public void encryptNativeMethods(MetadataBuilder builder)
{
if (methodToNativeMethod.Count == 0)
{
return;
}
Log.v("Encrypting native methods");
var stream = new MemoryStream();
var writer = new BinaryWriter(stream);
writer.Write((uint)0); // patch count
writer.Write((uint)0); // mode
writer.Write(methodToNativeMethod.Count);
int index = 0;
var codeWriter = builder.CodeWriter;
foreach (var pair in methodToNativeMethod)
{
var method = pair.Key;
if (method.DeclaringType == null)
{
continue; // Method was removed
}
if (method.DeclaringType.Module == null)
{
continue; // method.DeclaringType was removed
}
var code = pair.Value;
uint codeRva = builder.GetMethodBodyRva((int)method.MetadataToken.RID - 1);
if ((codeWriter.ReadByteAtRva(codeRva) & 3) == 2)
{
codeRva++;
}
else
{
codeRva += 4 * (uint)(codeWriter.ReadByteAtRva(codeRva + 1) >> 4);
}
Log.v("Native method {0:X8}, code RVA {1:X8}", method.MetadataToken.ToInt32(), codeRva);
writer.Write(codeRva);
writer.Write(0x70000000 + index++);
writer.Write(code.Length);
writer.Write(code);
}
if (index != 0)
{
Log.n("Re-encrypted {0}/{1} native methods", index, totalEncryptedNativeMethods);
}
var encryptedData = stream.ToArray();
xorEncrypt(encryptedData);
encryptedResource.updateResource(encryptedResource.encrypt(encryptedData));
}
public void encryptNativeMethods(ModuleWriterBase moduleWriter) {
if (validNativeMethods == null || validNativeMethods.Count == 0)
return;
Logger.v("Encrypting native methods");
var stream = new MemoryStream();
var writer = new BinaryWriter(stream);
writer.Write((uint)0); // patch count
writer.Write((uint)0); // mode
writer.Write(validNativeMethods.Count);
int index = 0;
foreach (var method in validNativeMethods) {
var code = methodToNativeMethod[method];
var mb = moduleWriter.MetaData.GetMethodBody(method);
if (mb == null) {
Logger.e("Could not find method body for method {0} ({1:X8})", method, method.MDToken.Raw);
continue;
}
uint codeRva = (uint)mb.RVA;
if (mb.IsTiny)
codeRva++;
else
codeRva += (uint)(4 * (mb.Code[1] >> 4));
Logger.v("Native method {0:X8}, code RVA {1:X8}", new MDToken(Table.Method, moduleWriter.MetaData.GetRid(method)).Raw, codeRva);
writer.Write(codeRva);
writer.Write(0x70000000 + index++);
writer.Write(code.Length);
writer.Write(code);
}
if (index != 0)
Logger.n("Re-encrypted {0}/{1} native methods", index, totalEncryptedNativeMethods);
var resourceChunk = moduleWriter.MetaData.GetChunk(encryptedResource.Resource);
var resourceData = resourceChunk.Data;
var encrypted = stream.ToArray();
xorEncrypt(encrypted);
encrypted = encryptedResource.encrypt(encrypted);
if (encrypted.Length != resourceData.Length)
Logger.e("Encrypted native methods array is not same size as original array");
Array.Copy(encrypted, resourceData, resourceData.Length);
}