public override void Process(NameValueCollection parameters, MetadataProcessor.MetadataAccessor accessor)
{
_Context _txt = cc.txts[accessor.Module];
for (int i = 0; i < _txt.txts.Count; i++)
{
int j = Random.Next(0, _txt.txts.Count);
var tmp = _txt.txts[i];
_txt.txts[i] = _txt.txts[j];
_txt.txts[j] = tmp;
}
TypeDefinition typeDef = new TypeDefinition("", "", 0);
foreach (Context txt in _txt.txts)
{
txt.token = accessor.LookupToken(txt.mtdRef);
if (txt.fld.Name[0] != '\0') continue;
txt.fld.Name = " \n" + ObfuscationHelper.GetRandomName();
//Hack into cecil to generate diff sig for diff field -_-
int pos = txt.fld.DeclaringType.Fields.IndexOf(txt.fld) + 1;
while (typeDef.GenericParameters.Count < pos)
typeDef.GenericParameters.Add(new GenericParameter(typeDef));
txt.fld.FieldType = new GenericInstanceType(txt.fld.FieldType)
{
GenericArguments =
{
accessor.Module.TypeSystem.Object,
accessor.Module.TypeSystem.Object,
accessor.Module.TypeSystem.Object,
accessor.Module.TypeSystem.Object,
accessor.Module.TypeSystem.Object,
typeDef.GenericParameters[pos - 1]
}
};
Database.AddEntry("CtorProxy", txt.mtdRef.FullName, txt.fld.Name);
Database.AddEntry("CtorProxy", txt.fld.Name, txt.inst.Operand.ToString());
}
if (!_txt.isNative) return;
_txt.nativeRange = new Range(accessor.Codebase + (uint)accessor.Codes.Position, 0);
MemoryStream ms = new MemoryStream();
using (BinaryWriter wtr = new BinaryWriter(ms))
{
wtr.Write(new byte[] { 0x89, 0xe0 }); // mov eax, esp
wtr.Write(new byte[] { 0x53 }); // push ebx
wtr.Write(new byte[] { 0x57 }); // push edi
wtr.Write(new byte[] { 0x56 }); // push esi
wtr.Write(new byte[] { 0x29, 0xe0 }); // sub eax, esp
wtr.Write(new byte[] { 0x83, 0xf8, 0x18 }); // cmp eax, 24
wtr.Write(new byte[] { 0x74, 0x07 }); // je n
wtr.Write(new byte[] { 0x8b, 0x44, 0x24, 0x10 }); // mov eax, [esp + 4]
wtr.Write(new byte[] { 0x50 }); // push eax
wtr.Write(new byte[] { 0xeb, 0x01 }); // jmp z
wtr.Write(new byte[] { 0x51 }); //n: push ecx
x86Register ret; //z:
var insts = _txt.visitor.GetInstructions(out ret);
foreach (var i in insts)
wtr.Write(i.Assemble());
if (ret != x86Register.EAX)
wtr.Write(
new x86Instruction()
{
OpCode = x86OpCode.MOV,
Operands = new Ix86Operand[]
{
new x86RegisterOperand() { Register = x86Register.EAX },
new x86RegisterOperand() { Register = ret }
}
}.Assemble());
wtr.Write(new byte[] { 0x5e }); //pop esi
wtr.Write(new byte[] { 0x5f }); //pop edi
wtr.Write(new byte[] { 0x5b }); //pop ebx
wtr.Write(new byte[] { 0xc3 }); //ret
wtr.Write(new byte[((ms.Length + 3) & ~3) - ms.Length]);
}
byte[] codes = ms.ToArray();
Database.AddEntry("CtorProxy", "Native", codes);
accessor.Codes.WriteBytes(codes);
accessor.SetCodePosition(accessor.Codebase + (uint)accessor.Codes.Position);
_txt.nativeRange.Length = (uint)codes.Length;
}
public override void Process(NameValueCollection parameters, MetadataProcessor.MetadataAccessor accessor)
{
_Context txt = cc.txts[accessor.Module];
int rid = accessor.TableHeap.GetTable<StandAloneSigTable>(Table.StandAloneSig).AddRow(
accessor.BlobHeap.GetBlobIndex(new Mono.Cecil.PE.ByteBuffer(txt.keyBuff)));
int token = 0x11000000 | rid;
txt.keyInst.OpCode = OpCodes.Ldc_I4;
txt.keyInst.Operand = (int)(token ^ 0x06000001); //... -_-
Database.AddEntry("Const", "KeyBuffToken", token);
if (!txt.isNative) return;
txt.nativeRange = new Range(accessor.Codebase + (uint)accessor.Codes.Position, 0);
MemoryStream ms = new MemoryStream();
using (BinaryWriter wtr = new BinaryWriter(ms))
{
wtr.Write(new byte[] { 0x89, 0xe0 }); // mov eax, esp
wtr.Write(new byte[] { 0x53 }); // push ebx
wtr.Write(new byte[] { 0x57 }); // push edi
wtr.Write(new byte[] { 0x56 }); // push esi
wtr.Write(new byte[] { 0x29, 0xe0 }); // sub eax, esp
wtr.Write(new byte[] { 0x83, 0xf8, 0x18 }); // cmp eax, 24
wtr.Write(new byte[] { 0x74, 0x07 }); // je n
wtr.Write(new byte[] { 0x8b, 0x44, 0x24, 0x10 }); // mov eax, [esp + 4]
wtr.Write(new byte[] { 0x50 }); // push eax
wtr.Write(new byte[] { 0xeb, 0x01 }); // jmp z
wtr.Write(new byte[] { 0x51 }); //n: push ecx
x86Register ret; //z:
var insts = txt.visitor.GetInstructions(out ret);
foreach (var i in insts)
wtr.Write(i.Assemble());
if (ret != x86Register.EAX)
wtr.Write(
new x86Instruction()
{
OpCode = x86OpCode.MOV,
Operands = new Ix86Operand[]
{
new x86RegisterOperand() { Register = x86Register.EAX },
new x86RegisterOperand() { Register = ret }
}
}.Assemble());
wtr.Write(new byte[] { 0x5e }); //pop esi
wtr.Write(new byte[] { 0x5f }); //pop edi
wtr.Write(new byte[] { 0x5b }); //pop ebx
wtr.Write(new byte[] { 0xc3 }); //ret
wtr.Write(new byte[((ms.Length + 3) & ~3) - ms.Length]);
}
byte[] codes = ms.ToArray();
Database.AddEntry("Const", "Native", codes);
accessor.Codes.WriteBytes(codes);
accessor.SetCodePosition(accessor.Codebase + (uint)accessor.Codes.Position);
txt.nativeRange.Length = (uint)codes.Length;
}
