void DoIt() { string destFileName = @"c:\output.dll"; // Open the current module var mod = ModuleDefMD.Load(typeof(Example6).Module); // Create the writer options var opts = new ModuleWriterOptions(mod); // Add a listener that gets notified during the writing process opts.Listener = this; // This is normally 16 but setting it to a value less than 14 will fool some // apps into thinking that there's no .NET metadata available opts.PEHeadersOptions.NumberOfRvaAndSizes = 13; // Add extra data. This will break most libraries that open .NET assemblies. // Any value can be written here. opts.MetaDataOptions.TablesHeapOptions.ExtraData = 0x12345678; // Add a few dummy heaps opts.MetaDataOptions.OtherHeaps.Add(new MyHeap("#US ")); opts.MetaDataOptions.OtherHeaps.Add(new MyHeap("#Strings ")); opts.MetaDataOptions.OtherHeaps.Add(new MyHeap("#Strimgs")); opts.MetaDataOptions.OtherHeaps.Add(new MyHeap("#GU1D")); opts.MetaDataOptions.OtherHeapsEnd.Add(new MyHeap("#US ")); opts.MetaDataOptions.OtherHeapsEnd.Add(new MyHeap("#Strings ")); // Write the module. The listener will get notified, see OnWriterEvent() below mod.Write(destFileName, opts); }
private void button_protect_Click(object sender, EventArgs e) { try { Console.Clear(); Greeting greeting = new Greeting(); Console.ForegroundColor = ConsoleColor.DarkGreen; ModuleWriterOptions Options = null; if (checkBox_stringEncrypt.Checked) { Console.Write("String obfuscating... "); StringEncrypt stringEncrypt = new StringEncrypt(ref moduleDef); Console.Write("OK!\n"); } if (checkBox_Renamer.Checked && renamerForm.AssemblyName != String.Empty) { Console.Write("Renaming assembly..."); Renamer renamer = new Renamer(ref moduleDef, renamerForm.AssemblyName, renamerForm.ModuleName); Console.Write("OK!\n"); } if (checkBox_AntiDe4dot.Checked) { Console.Write("AntiDe4dot init..."); Anti_De4dot antiDe4dot = new Anti_De4dot(); Options = antiDe4dot.AntiDe4dotInit(ref moduleDef); Console.Write("OK!\n"); } if (checkbox_antiILSpy.Checked) { MethodDef[] userMethods = methodsListForm.listBox_selectedMethods.Items.Cast <MethodDef>().ToArray(); AntiILSpy antiIlSpy = new AntiILSpy(ref moduleDef, userMethods); } var writerOptions = new dnlib.DotNet.Writer.ModuleWriterOptions(moduleDef); writerOptions.Logger = DummyLogger.NoThrowInstance; Console.Write("Saving assembly..."); moduleDef.Write(Path.GetDirectoryName(textBox_filePath.Text) + "\\" + Path.GetFileNameWithoutExtension(textBox_filePath.Text) + "_MADNESS" + Path.GetExtension(textBox_filePath.Text), writerOptions); Console.Write("OK!\n"); methodsListForm.Close(); } catch (System.IO.IOException exception) { MessageBox.Show(exception.Message); } }
public void Save(string newFilename, MetaDataFlags mdFlags, IModuleWriterListener writerListener) { if (module.IsILOnly) { var writerOptions = new ModuleWriterOptions(module, writerListener); writerOptions.MetaDataOptions.Flags |= mdFlags; writerOptions.Logger = Logger.Instance; module.Write(newFilename, writerOptions); } else { var writerOptions = new NativeModuleWriterOptions(module, writerListener); writerOptions.MetaDataOptions.Flags |= mdFlags; writerOptions.Logger = Logger.Instance; writerOptions.KeepExtraPEData = true; writerOptions.KeepWin32Resources = true; module.NativeWrite(newFilename, writerOptions); } }
private void button3_Click(object sender, EventArgs e) { module = ModuleDefMD.Load(textBox1.Text); FindStringDecrypterMethods(module); DecryptStringsInMethod(module, Methoddecryption); string text2 = Path.GetDirectoryName(textBox1.Text); if (!text2.EndsWith("\\")) { text2 += "\\"; } string path = text2 + Path.GetFileNameWithoutExtension(textBox1.Text) + "_patched" + Path.GetExtension(textBox1.Text); var opts = new ModuleWriterOptions(module); opts.Logger = DummyLogger.NoThrowInstance; module.Write(path, opts); label2.Text = "Successfully decrypted " + DeobedStringNumber + " strings !"; }
public static AssemblyDefinition Translate(ModuleDefMD manifestModule) { using (var assemblyStream = new MemoryStream()) { try { if (manifestModule.IsILOnly) { var writerOptions = new ModuleWriterOptions(manifestModule); writerOptions.Logger = DummyLogger.NoThrowInstance; MetaDataOptions metaDataOptions = new MetaDataOptions(); metaDataOptions.Flags = MetaDataFlags.PreserveAll; manifestModule.Write(assemblyStream, writerOptions); } else { var writerOptions = new NativeModuleWriterOptions(manifestModule); writerOptions.Logger = DummyLogger.NoThrowInstance; MetaDataOptions metaDataOptions = new MetaDataOptions(); metaDataOptions.Flags = MetaDataFlags.PreserveAll; manifestModule.NativeWrite(assemblyStream, writerOptions); } } catch (Exception) { if (assemblyStream.Length == 0) return null; } assemblyStream.Position = 0; AssemblyDefinition newAssembly = AssemblyDefinition.ReadAssembly(assemblyStream); return newAssembly; } }
/// <summary> /// Constructor /// </summary> /// <param name="module">The module</param> /// <param name="options">Options or <c>null</c></param> public ModuleWriter(ModuleDef module, ModuleWriterOptions options) { this.module = module; this.options = options; }
private void button2_Click(object sender, EventArgs e) { ModuleDefMD mod = ModuleDefMD.Load(textBox1.Text); AddCall(mod); string text2 = Path.GetDirectoryName(textBox1.Text); if (!text2.EndsWith("\\")) { text2 += "\\"; } string path = text2 + Path.GetFileNameWithoutExtension(textBox1.Text) + "_Tampered" + Path.GetExtension(textBox1.Text); var opts = new ModuleWriterOptions(mod); opts.Logger = DummyLogger.NoThrowInstance; mod.Write(path, opts); label2.Text = "Successfully added Antitamper !"; Md5(path); }
public void InitializeFrom(ModuleWriterOptions options) { InitializeFromInternal((ModuleWriterOptionsBase)options); KeepExtraPEData = false; KeepWin32Resources = false; }
public ModuleWriterOptionsBase CreateWriterOptions() { if (UseMixedMode) { var options = new NativeModuleWriterOptions((ModuleDefMD)module); CopyTo(options); options.KeepExtraPEData = KeepExtraPEData; options.KeepWin32Resources = KeepWin32Resources; return options; } else { var options = new ModuleWriterOptions(); CopyTo(options); if (module.ManagedEntryPoint != null || module.NativeEntryPoint == 0) options.Cor20HeaderOptions.Flags &= ~ComImageFlags.NativeEntryPoint; return options; } }
static void Main(string[] args) { Console.WriteLine(@" _____ _____ _ "); Console.WriteLine(@"| | |___| __| |_ ___ ___ ___ ___ ___ "); Console.WriteLine(@"| | | |__ | | .'| _| . | -_| _|"); Console.WriteLine(@"|_____|_|_|_____|_|_|__,|_| | _|___|_| "); Console.WriteLine(@" |_|XenocodeRCE"); Console.WriteLine(@""); Console.WriteLine(@""); if (args == null || args.Length == 0) { Console.ForegroundColor = ConsoleColor.Red; Console.WriteLine("[!]Error : No file to deobfuscate ! "); Console.ForegroundColor = ConsoleColor.White; Console.ReadKey(); return; } else{ try { asm = ModuleDefMD.Load(args[0]); Console.ForegroundColor = ConsoleColor.Blue; Console.WriteLine("[!]Loading assembly " + asm.FullName); Console.ForegroundColor = ConsoleColor.Gray; asmpath = args[0]; var dec_method = Core.Helper.GetDecryptType(asm); if(dec_method != null) { Console.WriteLine("[!]Instancing decryption method : " + dec_method.FullName); Console.WriteLine("[!]Decrypting Strings ... : "); var decryptedstr = Core.Helper.Extract_string_value(dec_method); if(decryptedstr != 0) { DeobedStringNumber = decryptedstr; } Console.ForegroundColor = ConsoleColor.Yellow; Console.WriteLine(@"[!] Successfully decrypted " + DeobedStringNumber + " strings."); Console.ForegroundColor = ConsoleColor.Gray; Console.ForegroundColor = ConsoleColor.Gray; Console.WriteLine(@"[!] Saving Module..."); Console.ForegroundColor = ConsoleColor.Gray; string text2 = Path.GetDirectoryName(args[0]); if (!text2.EndsWith("\\")) { text2 += "\\"; } string path = text2 + Path.GetFileNameWithoutExtension(args[0]) + "_patched" + Path.GetExtension(args[0]); var opts = new ModuleWriterOptions(asm); opts.Logger = DummyLogger.NoThrowInstance; asm.Write(path, opts); Console.ForegroundColor = ConsoleColor.Green; Console.WriteLine(@"[!] Saved ! "); Console.ForegroundColor = ConsoleColor.Gray; return; Console.ReadKey(); } else { Console.ForegroundColor = ConsoleColor.Red; Console.WriteLine("[!]Error : Cannot find the decryption method !"); Console.ForegroundColor = ConsoleColor.White; Console.ReadKey(); return; } } catch (Exception) { Console.ForegroundColor = ConsoleColor.Red; Console.WriteLine("[!]Error : Cannot load the file. Make sure it's a valid .NET file !"); Console.ForegroundColor = ConsoleColor.White; Console.ReadKey(); return; } } }
public void Write(String filepath, Boolean noThrow = false) { var options = new ModuleWriterOptions(this.Module); options.MetaDataOptions.Flags |= MetaDataFlags.PreserveAll; if (noThrow) options.Logger = DummyLogger.NoThrowInstance; this.Module.Write(filepath, options); }
private void button2_Click(object sender, EventArgs e) { ModuleDefMD module = ModuleDefMD.Load(textBox1.Text); CheckResource(module); if (resourcename == null) { return; } GetDecryptionMethod(module); GetDecryptionCall(module, Typedecryption); string text2 = Path.GetDirectoryName(textBox1.Text); if (!text2.EndsWith("\\")) { text2 += "\\"; } string path = text2 + Path.GetFileNameWithoutExtension(textBox1.Text) + "_patched" + Path.GetExtension(textBox1.Text); var opts = new ModuleWriterOptions(module); opts.Logger = DummyLogger.NoThrowInstance; module.Write(path, opts); label2.Text = "Successfully decrypted " + DeobedStringNumber + " strings !"; }
private void btnSave_Click(object sender, EventArgs e) { if (string.IsNullOrWhiteSpace(txtPath.Text)) return; try { if (_module.IsILOnly) { ModuleWriterOptions writer = new ModuleWriterOptions(_module); if (chkNoThrowInstanceLogger.Checked) writer.Logger = DummyLogger.NoThrowInstance; MetaDataOptions metaDataOptions = writer.MetaDataOptions; #region MetaDataSetters if (chkPreserveTypeRefRids.Checked) metaDataOptions.Flags = metaDataOptions.Flags | MetaDataFlags.PreserveTypeRefRids; if (chkPreserveTypeDefRids.Checked) metaDataOptions.Flags = metaDataOptions.Flags | MetaDataFlags.PreserveTypeDefRids; if (chkPreserveFieldRids.Checked) metaDataOptions.Flags = metaDataOptions.Flags | MetaDataFlags.PreserveFieldRids; if (chkPreserveMethodRids.Checked) metaDataOptions.Flags = metaDataOptions.Flags | MetaDataFlags.PreserveMethodRids; if (chkPreserveParamRids.Checked) metaDataOptions.Flags = metaDataOptions.Flags | MetaDataFlags.PreserveParamRids; if (chkPreserveMemberRefRids.Checked) metaDataOptions.Flags = metaDataOptions.Flags | MetaDataFlags.PreserveMemberRefRids; if (chkPreserveStandAloneSigRids.Checked) metaDataOptions.Flags = metaDataOptions.Flags | MetaDataFlags.PreserveStandAloneSigRids; if (chkPreserveEventRids.Checked) metaDataOptions.Flags = metaDataOptions.Flags | MetaDataFlags.PreserveEventRids; if (chkPreservePropertyRids.Checked) metaDataOptions.Flags = metaDataOptions.Flags | MetaDataFlags.PreservePropertyRids; if (chkPreserveTypeSpecRids.Checked) metaDataOptions.Flags = metaDataOptions.Flags | MetaDataFlags.PreserveTypeSpecRids; if (chkPreserveMethodSpecRids.Checked) metaDataOptions.Flags = metaDataOptions.Flags | MetaDataFlags.PreserveMethodSpecRids; if (chkPreserveAllMethodRids.Checked) metaDataOptions.Flags = metaDataOptions.Flags | MetaDataFlags.PreserveAllMethodRids; if (chkPreserveRids.Checked) metaDataOptions.Flags = metaDataOptions.Flags | MetaDataFlags.PreserveRids; if (chkPreserveStringOffsets.Checked) metaDataOptions.Flags = metaDataOptions.Flags | MetaDataFlags.PreserveStringsOffsets; if (chkPreserveUSOffsets.Checked) metaDataOptions.Flags = metaDataOptions.Flags | MetaDataFlags.PreserveUSOffsets; if (chkPreserveBlobOffsets.Checked) metaDataOptions.Flags = metaDataOptions.Flags | MetaDataFlags.PreserveBlobOffsets; if (chkPreserveExtraSignatureData.Checked) metaDataOptions.Flags = metaDataOptions.Flags | MetaDataFlags.PreserveExtraSignatureData; if (chkPreserveAll.Checked) metaDataOptions.Flags = metaDataOptions.Flags | MetaDataFlags.PreserveAll; if (chkKeepOldMaxStack.Checked) metaDataOptions.Flags = metaDataOptions.Flags | MetaDataFlags.KeepOldMaxStack; if (chkAlwaysCreateGuidHeap.Checked) metaDataOptions.Flags = metaDataOptions.Flags | MetaDataFlags.AlwaysCreateGuidHeap; if (chkAlwaysCreateStringsHeap.Checked) metaDataOptions.Flags = metaDataOptions.Flags | MetaDataFlags.AlwaysCreateStringsHeap; if (chkAlwaysCreateUSHeap.Checked) metaDataOptions.Flags = metaDataOptions.Flags | MetaDataFlags.AlwaysCreateUSHeap; if (chkAlwaysCreateBlobHeap.Checked) metaDataOptions.Flags = metaDataOptions.Flags | MetaDataFlags.AlwaysCreateBlobHeap; #endregion _module.Write(txtPath.Text, writer); } else { NativeModuleWriterOptions writer = new NativeModuleWriterOptions(_module); if (chkNoThrowInstanceLogger.Checked) writer.Logger = DummyLogger.NoThrowInstance; MetaDataOptions metaDataOptions = writer.MetaDataOptions; #region MetaDataSetters if (chkPreserveTypeRefRids.Checked) metaDataOptions.Flags = metaDataOptions.Flags | MetaDataFlags.PreserveTypeRefRids; if (chkPreserveTypeDefRids.Checked) metaDataOptions.Flags = metaDataOptions.Flags | MetaDataFlags.PreserveTypeDefRids; if (chkPreserveFieldRids.Checked) metaDataOptions.Flags = metaDataOptions.Flags | MetaDataFlags.PreserveFieldRids; if (chkPreserveMethodRids.Checked) metaDataOptions.Flags = metaDataOptions.Flags | MetaDataFlags.PreserveMethodRids; if (chkPreserveParamRids.Checked) metaDataOptions.Flags = metaDataOptions.Flags | MetaDataFlags.PreserveParamRids; if (chkPreserveMemberRefRids.Checked) metaDataOptions.Flags = metaDataOptions.Flags | MetaDataFlags.PreserveMemberRefRids; if (chkPreserveStandAloneSigRids.Checked) metaDataOptions.Flags = metaDataOptions.Flags | MetaDataFlags.PreserveStandAloneSigRids; if (chkPreserveEventRids.Checked) metaDataOptions.Flags = metaDataOptions.Flags | MetaDataFlags.PreserveEventRids; if (chkPreservePropertyRids.Checked) metaDataOptions.Flags = metaDataOptions.Flags | MetaDataFlags.PreservePropertyRids; if (chkPreserveTypeSpecRids.Checked) metaDataOptions.Flags = metaDataOptions.Flags | MetaDataFlags.PreserveTypeSpecRids; if (chkPreserveMethodSpecRids.Checked) metaDataOptions.Flags = metaDataOptions.Flags | MetaDataFlags.PreserveMethodSpecRids; if (chkPreserveAllMethodRids.Checked) metaDataOptions.Flags = metaDataOptions.Flags | MetaDataFlags.PreserveAllMethodRids; if (chkPreserveRids.Checked) metaDataOptions.Flags = metaDataOptions.Flags | MetaDataFlags.PreserveRids; if (chkPreserveStringOffsets.Checked) metaDataOptions.Flags = metaDataOptions.Flags | MetaDataFlags.PreserveStringsOffsets; if (chkPreserveUSOffsets.Checked) metaDataOptions.Flags = metaDataOptions.Flags | MetaDataFlags.PreserveUSOffsets; if (chkPreserveBlobOffsets.Checked) metaDataOptions.Flags = metaDataOptions.Flags | MetaDataFlags.PreserveBlobOffsets; if (chkPreserveExtraSignatureData.Checked) metaDataOptions.Flags = metaDataOptions.Flags | MetaDataFlags.PreserveExtraSignatureData; if (chkPreserveAll.Checked) metaDataOptions.Flags = metaDataOptions.Flags | MetaDataFlags.PreserveAll; if (chkKeepOldMaxStack.Checked) metaDataOptions.Flags = metaDataOptions.Flags | MetaDataFlags.KeepOldMaxStack; if (chkAlwaysCreateGuidHeap.Checked) metaDataOptions.Flags = metaDataOptions.Flags | MetaDataFlags.AlwaysCreateGuidHeap; if (chkAlwaysCreateStringsHeap.Checked) metaDataOptions.Flags = metaDataOptions.Flags | MetaDataFlags.AlwaysCreateStringsHeap; if (chkAlwaysCreateUSHeap.Checked) metaDataOptions.Flags = metaDataOptions.Flags | MetaDataFlags.AlwaysCreateUSHeap; if (chkAlwaysCreateBlobHeap.Checked) metaDataOptions.Flags = metaDataOptions.Flags | MetaDataFlags.AlwaysCreateBlobHeap; #endregion _module.NativeWrite(txtPath.Text, writer); } } catch (Exception o) { MessageBox.Show("Could not write assembly!" + Environment.NewLine + Environment.NewLine + o.Message, "Error"); return; } MessageBox.Show("Assembly written to:" + Environment.NewLine + txtPath.Text, "Success"); Close(); }
private void button2_Click(object sender, EventArgs e) { module = ModuleDefMD.Load(textBox1.Text); asm = Assembly.LoadFile(textBox1.Text); //if (!Checker.IsDNP.Check(module)) //{ // label2.Text = "Not a DNP protectedt file !"; // return; //} //Remove Anti if (chk_antitamp.Checked) { Helpers.GetAntitamper(module); if (AntitampMethodDef != null) Helpers.NopCall(module, AntitampMethodDef); } if (chk_antidebug.Checked) { Helpers.GetAntidebug(module); if (AntidebugMethodDef != null) Helpers.NopCall(module, AntidebugMethodDef); } if (chk_antidump.Checked) { Helpers.GetAntidump(module); if (AntidumpMethodDef != null) Helpers.NopCall(module, AntidumpMethodDef); } if (chk_Integers.Checked) { //Decrypt Integers Helpers.ResolveMathPow(module); } if (chk_str.Checked) { //Decrypt Strings Helpers.GetStrDecMeth(module); } if (chk_Integers.Checked) { //Decrypt remaining integers Helpers.ResolveLastInt(module); Helpers.ExtractIntFromRes(module); } if (chk_prune.Checked) { //Prune Assembly Helpers.PruneModule(module); } var text2 = Path.GetDirectoryName(textBox1.Text); if (text2 != null && !text2.EndsWith("\\")) { text2 += "\\"; } var path = text2 + Path.GetFileNameWithoutExtension(textBox1.Text) + "_DNPDeob" + Path.GetExtension(textBox1.Text); var opts = new ModuleWriterOptions(module) {Logger = DummyLogger.NoThrowInstance}; module.Write(path, opts); label2.Text = "Successfully deobfuscated " + DeobedString + " String, " + DeobedInts +" Integers, and " + PrunedMembers + " members has been removed !"; }