예제 #1
0
        public void MergeDecryptionCode(AssemblyDef target)
        {
            // Merge decryption code
            string code      = Resources.DesValueDecrypterCode();
            var    decrypter = AssemblyDef.Compile(code);

            target.Merge(decrypter);

            // Add rule to avoid recursive calls to decryption code
            // and method dead core removal
            ObfuscationRule rule = new ObfuscationRule("des_values");

            rule.Exclude(Features.ValueEncryption, Features.DeadCode)
            .Targeting(Targets.Methods)
            .Matching(new Regex("DesValueDecrypter.*"));

            rule.ApplyTo(target);

            // Get merged methods
            _decryptArray = target.Find <MethodDef>("DesEncrypt.Code.DesValueDecrypter::DecryptArray.*", true);
            _decryptInt32 = target.Find <MethodDef>("DesEncrypt.Code.DesValueDecrypter::DecryptInt32.*", true);

            // Store to encrypted data
            _encryptedData = target.Find <FieldDef>("DesEncrypt.Code.DesValueDecrypter::encrypted.*", true);
        }
예제 #2
0
 public AssemblyRef FindAssemblyRef(TypeRef nonNestedTypeRef)
 {
     if (corlib.Find(nonNestedTypeRef) != null)
     {
         return(module.CorLibTypes.AssemblyRef);
     }
     return(AssemblyRef.CurrentAssembly);
 }
예제 #3
0
        private void MergeDecompress(AssemblyDef target)
        {
            string lzma = Resources.LZMADecoderCode();
            string code = Resources.ResUnpakerCode();

            var unpacker = AssemblyDef.Compile(lzma, code);

            target.Merge(unpacker);

            _unpackStream = target.Find <MethodDef>("ResPacker.Code.ResUnpaker::UnpackResourceStream.*", true);
        }
예제 #4
0
        private void MergeAntiDebug(AssemblyDef target)
        {
            string code = Resources.AntiDebugNetCode();

            Compiler compiler = new Compiler();

            compiler.ReferencedAssemblies.Add("System.dll");

            var antiDebug = AssemblyDef.Compile(compiler, code);

            target.Merge(antiDebug);

            var method = target.Find <MethodDef>("AntiDebug.Code.AntiDebug::Start.*", true);

            // Call AntiDebug::Start at module initializer
            target.CallAtModuleInitializer(method);
        }
예제 #5
0
        private void MergeLicensingCode(AssemblyDef target)
        {
            // Merge decryption code
            string code = Resources.LicenseFileCheckWinFormCode();

            Compiler compiler = new Compiler();

            compiler.ReferencedAssemblies.Add("System.dll");
            compiler.ReferencedAssemblies.Add("System.Windows.Forms.dll");
            compiler.ReferencedAssemblies.Add(@".\Babel.Licensing.dll");

            var licensing = AssemblyDef.Compile(compiler, code);

            target.Merge(licensing, true);

            var method = target.Find <MethodDef>(".*::ValidateLicense.*", true);

            // Call license validation at module initializer
            target.CallAtModuleInitializer(method);
        }
예제 #6
0
        public override void OnBegin(AssemblyDef assembly)
        {
            var resources = assembly.Resources;

            if (resources.Count == 0)
            {
                return;
            }

            var entryPoints = new List <string>()
            {
                "System.Reflection.Assembly::GetManifestResourceStream(System.String):System.IO.Stream"
            };

            // Find all entry points
            var methods = entryPoints.ConvertAll(name => assembly.Find <MethodRef>(name)).Where(method => method != null).ToList();

            if (methods.Count == 0)
            {
                return;
            }

            // Get all resource entry points callers
            var query = from method in methods
                        from caller in assembly.CallersOf(method)
                        from resource in assembly.Resources
                        where caller.UserStrings.Contains(resource.Name)
                        group new { Caller = caller, Method = method } by resource into g
                select new { Resource = g.Key, Groups = g };

            var resourceLoaders = query.ToList();

            if (resourceLoaders.Count == 0)
            {
                return;
            }

            // Merge decompress code
            MergeDecompress(assembly);

            foreach (var item in query)
            {
                var res = item.Resource;

                foreach (var group in item.Groups)
                {
                    MethodDef method = GetDecompressMethod(group.Method);
                    if (method != null)
                    {
                        group.Caller.ReplaceCall(group.Method, method);
                    }
                }

                var compressed = Compress(res);
                resources.Remove(res);
                resources.Add(compressed);

                double ratio = (((double)compressed.Data.Length) / res.Data.Length);
                Logger.Write("Resource {0} compress ratio {1:P}", res.Name, ratio);
            }
        }