private static void Main(string[] args)
{
var file = new AssemblyWriter();
var meta = new AssemblyInfo {
Version = "1.0.0.0", ID = Guid.NewGuid()
};
file.AddMeta(meta);
var typeinfo = file.CreateSection(AssemblySections.TypeInfo);
var debuginfo = file.CreateSection(AssemblySections.DebugInfo);
var ro = file.CreateSection(AssemblySections.ReadOnly);
var data = file.CreateSection(AssemblySections.Code);
ro.Raw = BitConverter.GetBytes(0x2A);
var ass = new CommandWriter();
//inc-method at 0
ass.Add(OpCode.LOAD, (int)Registers.A, 0x2A);
ass.Add(OpCode.INC, (int)Registers.A);
ass.Add(OpCode.LOADRO, 0x0, (int)Registers.D);
ass.Add(OpCode.PUSHRO, 0x0);
ass.Add(OpCode.PUSHL, 9);
ass.Add(OpCode.OUT, 0xABC, 2); // change foreground
ass.Add(OpCode.PUSHL, 10);
ass.Add(OpCode.OUT, 0xABC, 3); // change background
ass.Add(OpCode.PUSHL, 'e');
ass.Add(OpCode.OUT, 0xABC, 1); // write e to console
ass.Add(OpCode.PUSHL, ':');
ass.Add(OpCode.OUT, 0xABC, 1); // write : to console
var inputloop = ass.MakeLabel();
ass.Add(OpCode.IN, 0xABC1, (int)Registers.C); // wait for input char
// ass.Add(OpCode.JMP, inputloop);
ass.Add(OpCode.PUSHL, '\n'); // write new line to console
ass.Add(OpCode.OUT, 0xABC, 1);
var loop = ass.MakeLabel();
ass.Add(OpCode.MOV, (int)Registers.ACC, (int)Registers.A);
ass.Add(OpCode.INT, 0x123); // print registers
ass.Add(OpCode.OUT, 0xABC, 0); //clear console
//ass.Add(OpCode.JMP, loop);
ass.Add(OpCode.OUT, 0xABC, 4); // Reset colors
//Beep
ass.Add(OpCode.PUSHL, 15000);
ass.Add(OpCode.PUSHL, 1500);
ass.Add(OpCode.OUT, 0xABC, 5);
//.Add(OpCode.CALL, loop);
data.Raw = ass.Save();
var vm = new VirtualMachine(Assembly.Load(file.Save()));
vm.Run();
Utils.PrintRegisters(vm.Register);
Console.WriteLine("Register: " + vm.ViewMemoryOf <Register>().ToHex());
Console.WriteLine("Stack: " + vm.ViewMemoryOf <Stack>().ToHex());
Console.ReadLine();
}
static public void Main(string[] args)
{
try
{
Console.BackgroundColor = ConsoleColor.White;
Console.ForegroundColor = ConsoleColor.Black;
Console.WriteLine("*********************************");
Console.WriteLine("*** ***");
Console.WriteLine("*** ILProtector Unpacker ***");
Console.WriteLine("*** Coded By RexProg ***");
Console.WriteLine("*** ***");
Console.WriteLine("*********************************");
Console.ForegroundColor = ConsoleColor.Blue;
Console.WriteLine("[?] Enter Your Program Path : ");
Console.ForegroundColor = ConsoleColor.Red;
var path = Console.ReadLine();
if (path == string.Empty)
{
return;
}
if (path.StartsWith("\"") && path[path.Length - 1] == '"')
{
path = path.Substring(1, path.Length - 2);
}
if (!File.Exists(path))
{
Console.ForegroundColor = ConsoleColor.Blue;
Console.WriteLine("[!] File not found");
Console.WriteLine("[!] Press key to exit...");
Console.Read();
return;
}
Console.ForegroundColor = ConsoleColor.DarkRed;
assemblyWriter = new AssemblyWriter(path);
assembly = Assembly.LoadFrom(path);
Console.WriteLine("[+] Wait...");
mainFrames = new StackTrace().GetFrames();
Memory.Hook(typeof(StackTrace).GetMethod("CaptureStackTrace", BindingFlags.Instance | BindingFlags.NonPublic), typeof(Script).GetMethod("Hook3", BindingFlags.Instance | BindingFlags.Public));
var types = assemblyWriter.moduleDef.GetTypes();
var list = (types as IList <TypeDef>) ?? types.ToList <TypeDef>();
var globalType = assemblyWriter.moduleDef.GlobalType;
var fieldMDToken = 0;
foreach (FieldDef fieldDef in globalType.Fields)
{
if (fieldDef.Name == "Invoke")
{
fieldMDToken = fieldDef.MDToken.ToInt32();
}
}
if (fieldMDToken == 0)
{
Console.WriteLine("[!] Couldn't find Invoke");
}
var fieldValue = assembly.Modules.FirstOrDefault <Module>().ResolveField(fieldMDToken).GetValue(null);
var method = fieldValue.GetType().GetMethod("Invoke");
if (method == null)
{
Console.WriteLine("[!] Couldn't find InvokeMethod");
}
InvokeDelegates(list, method, fieldValue);
new StringDecrypter(assembly).ReplaceStrings(list);
foreach (var typeDef in junkType)
{
typeDef.DeclaringType.NestedTypes.Remove(typeDef);
}
MethodDef methodDef = globalType.FindStaticConstructor();
if (methodDef.HasBody)
{
var startIndex = methodDef.Body.Instructions.IndexOf(methodDef.Body.Instructions.FirstOrDefault(inst =>
(inst.OpCode == OpCodes.Call &&
((IMethod)inst.Operand).Name == "GetIUnknownForObject"))) - 2;
var endindex = methodDef.Body.Instructions.IndexOf(methodDef.Body.Instructions.FirstOrDefault(inst =>
(inst.OpCode == OpCodes.Call &&
((IMethod)inst.Operand).Name == "Release"))) + 2;
methodDef.Body.ExceptionHandlers.Remove(methodDef.Body.ExceptionHandlers.FirstOrDefault(exh => exh.HandlerEnd == methodDef.Body.Instructions[endindex + 1]));
for (int i = startIndex; i <= endindex; i++)
{
methodDef.Body.Instructions.Remove(methodDef.Body.Instructions[startIndex]);
}
}
foreach (var meth in globalType.Methods.Where(met => (met.ImplMap?.Module.Name.ToString() == "Protect32.dll" || met.ImplMap?.Module.Name.ToString() == "Protect64.dll")).ToList())
{
globalType.Remove(meth);
}
var invokeField = globalType.Fields.FirstOrDefault(fld => fld.Name == "Invoke");
assemblyWriter.moduleDef.Types.Remove(invokeField.FieldType.ToTypeDefOrRef().ResolveTypeDef());
globalType.Fields.Remove(invokeField);
assemblyWriter.Save();
Console.ForegroundColor = ConsoleColor.Blue;
Console.WriteLine("[!] Program Unpacked");
}
catch (Exception ex)
{
Console.WriteLine("[!] Exception :\n" + ex.Message);
}
Console.WriteLine("[!] Press key to exit...");
Console.Read();
}
