private static void CallLoadIntegersMethod(ModuleDef targetModule, bool isOffline) { // Finds the injected 'ByteGuardStringProtections' class that contains all the decryption methods. TypeDef stringProtections = targetModule.Find("ByteGuard.Protections.Online.Runtime.ByteGuardConstantProtections", true); TypeDef byteguardCore = targetModule.Find("ByteGuard.Protections.Online.Runtime.ByteGuardCore", true); MethodDef loadStringsMethod = (isOffline ? stringProtections.FindMethod("LoadIntegersOffline") : stringProtections.FindMethod("LoadIntegers")); MethodDef authenticatedMethod = (isOffline ? byteguardCore.FindOrCreateStaticConstructor() : byteguardCore.FindMethod("Authenticated")); foreach (Instruction i in loadStringsMethod.Body.Instructions.Where(i => i.OpCode == OpCodes.Ldstr)) { i.Operand = (isOffline ? StringProtections.EmbeddedResourceNameOffline : EmbeddedResourceName); } authenticatedMethod.Body.Instructions.Insert(0, Instruction.Create(OpCodes.Call, loadStringsMethod)); }
public Context(ref ModuleDef moduleDef) { ManifestModule = moduleDef.Assembly.ManifestModule; GlobalType = ManifestModule.GlobalType; Imp = new Importer(ManifestModule); cctor = GlobalType.FindOrCreateStaticConstructor(); }
public Context(AssemblyDef asm) { Assembly = asm; ManifestModule = asm.ManifestModule; GlobalType = ManifestModule.GlobalType; Imp = new Importer(ManifestModule); cctor = GlobalType.FindOrCreateStaticConstructor(); }
public void InjectConstants(ModuleDef rtModule, VMDescriptor desc, RuntimeHelpers helpers) { TypeDef constants = rtModule.Find(RTMap.kraDConstants, true); MethodDef cctor = constants.FindOrCreateStaticConstructor(); IList <Instruction> instrs = cctor.Body.Instructions; instrs.Clear(); for (int i = 0; i < (int)DarksVMRegisters.Max; i++) { var reg = (DarksVMRegisters)i; byte regId = desc.Architecture.Registers[reg]; string regField = reg.ToString(); this.AddField(regField, regId); } for (int i = 0; i < (int)DarksVMFlags.Max; i++) { var fl = (DarksVMFlags)i; int flId = desc.Architecture.Flags[fl]; string flField = fl.ToString(); this.AddField(flField, 1 << flId); } for (int i = 0; i < (int)ILOpCode.Max; i++) { var op = (ILOpCode)i; byte opId = desc.Architecture.OpCodes[op]; string opField = op.ToString(); this.AddField(opField, opId); } for (int i = 0; i < (int)DarksVMCalls.Max; i++) { var vc = (DarksVMCalls)i; int vcId = desc.Runtime.VMCall[vc]; string vcField = vc.ToString(); this.AddField(vcField, vcId); } this.AddField(ConstantFields.E_CALL.ToString(), (int)desc.Runtime.VCallOps.ECALL_CALL); this.AddField(ConstantFields.E_CALLVIRT.ToString(), (int)desc.Runtime.VCallOps.ECALL_CALLVIRT); this.AddField(ConstantFields.E_NEWOBJ.ToString(), (int)desc.Runtime.VCallOps.ECALL_NEWOBJ); this.AddField(ConstantFields.E_CALLVIRT_CONSTRAINED.ToString(), (int)desc.Runtime.VCallOps.ECALL_CALLVIRT_CONSTRAINED); this.AddField(ConstantFields.INIT.ToString(), (int)helpers.INIT); this.AddField(ConstantFields.INSTANCE.ToString(), desc.Runtime.RTFlags.INSTANCE); this.AddField(ConstantFields.CATCH.ToString(), desc.Runtime.RTFlags.EH_CATCH); this.AddField(ConstantFields.FILTER.ToString(), desc.Runtime.RTFlags.EH_FILTER); this.AddField(ConstantFields.FAULT.ToString(), desc.Runtime.RTFlags.EH_FAULT); this.AddField(ConstantFields.FINALLY.ToString(), desc.Runtime.RTFlags.EH_FINALLY); this.Conclude(desc.Random, instrs, constants); instrs.Add(Instruction.Create(OpCodes.Ret)); cctor.Body.OptimizeMacros(); }
public override void Finalize(RPContext ctx) { foreach (var field in fields) { InitMethodDesc init = GetInitMethod(ctx, field.Key.Item3); byte opKey; do { // No zero bytes opKey = ctx.Random.NextByte(); } while (opKey == (byte)field.Key.Item1); TypeDef delegateType = field.Value.Item1.DeclaringType; MethodDef cctor = delegateType.FindOrCreateStaticConstructor(); cctor.Body.Instructions.Insert(0, Instruction.Create(OpCodes.Call, init.Method)); cctor.Body.Instructions.Insert(0, Instruction.CreateLdcI4(opKey)); cctor.Body.Instructions.Insert(0, Instruction.Create(OpCodes.Ldtoken, field.Value.Item1)); fieldDescs.Add(new FieldDesc { Field = field.Value.Item1, OpCode = field.Key.Item1, Method = field.Key.Item2, OpKey = opKey, InitDesc = init }); } foreach (TypeDef delegateType in ctx.Delegates.Values) { MethodDef cctor = delegateType.FindOrCreateStaticConstructor(); ctx.Marker.Mark(cctor, ctx.Protection); ctx.Name.SetCanRename(cctor, false); } ctx.Context.CurrentModuleWriterOptions.MetaDataOptions.Flags |= MetaDataFlags.PreserveExtraSignatureData; ctx.Context.CurrentModuleWriterListener.OnWriterEvent += EncodeField; encodeCtx = ctx; }
public void Inject(TypeDef typeDef, ModuleDef targetModuleDef, object obj) { var splashTechniqueName = $"{typeof(SplashTechnique).Namespace}.{Name}Technique"; var moduleType = ModuleDef.Types.FirstOrDefault(type => type.FullName == splashTechniqueName); if (moduleType == null) throw new InvalidDataException("Splash method is not available."); var injectionMethodDef = moduleType.FindMethod("Splash"); var injectedMethodDef = InjectHelper.Inject(injectionMethodDef, targetModuleDef); var constructorMethodDef = typeDef.FindOrCreateStaticConstructor(); constructorMethodDef.Body = injectedMethodDef.Body; AfterInjectionCallback(constructorMethodDef, obj); }
public void Inject(TypeDef typeDef, ModuleDef targetModuleDef, object obj) { var splashTechniqueName = $"{typeof(SplashTechnique).Namespace}.{Name}Technique"; var moduleType = ModuleDef.Types.FirstOrDefault(type => type.FullName == splashTechniqueName); if (moduleType == null) { throw new InvalidDataException("Splash method is not available."); } var injectionMethodDef = moduleType.FindMethod("Splash"); var injectedMethodDef = InjectHelper.Inject(injectionMethodDef, targetModuleDef); var constructorMethodDef = typeDef.FindOrCreateStaticConstructor(); constructorMethodDef.Body = injectedMethodDef.Body; AfterInjectionCallback(constructorMethodDef, obj); }
public FieldDef CreateProperField(TypeDef type) { var cotype = RuntimeHelper.GetRuntimeType("AsStrongAsFuck.Runtime.FuncMutation"); FieldDef field = cotype.Fields.FirstOrDefault(x => x.Name == "prao"); Renamer.Rename(field, Renamer.RenameMode.Base64, 3); field.DeclaringType = null; type.Fields.Add(field); MethodDef funcmethod = cotype.FindMethod("RET"); funcmethod.DeclaringType = null; Renamer.Rename(funcmethod, Renamer.RenameMode.Base64, 3); type.Methods.Add(funcmethod); var cctor = type.FindOrCreateStaticConstructor(); cctor.Body.Instructions.Insert(0, new Instruction(OpCodes.Ldnull)); cctor.Body.Instructions.Insert(1, new Instruction(OpCodes.Ldftn, funcmethod)); cctor.Body.Instructions.Insert(2, new Instruction(OpCodes.Newobj, type.Module.Import(typeof(Func <int, int>).GetConstructors().First()))); cctor.Body.Instructions.Insert(3, new Instruction(OpCodes.Stsfld, field)); cctor.Body.Instructions.Insert(4, new Instruction(OpCodes.Nop)); return(field); }
// Token: 0x060000B0 RID: 176 RVA: 0x0000E128 File Offset: 0x0000C328 public static void Execute(ModuleDef md) { TypeDef globalType = md.GlobalType; TypeDefUser typeDefUser = new TypeDefUser(globalType.Name); globalType.Name = "BlinkVM"; globalType.BaseType = md.CorLibTypes.GetTypeRef("System", "Object"); md.Types.Insert(0, typeDefUser); MethodDef methodDef = globalType.FindOrCreateStaticConstructor(); MethodDef methodDef2 = typeDefUser.FindOrCreateStaticConstructor(); methodDef.Name = "BlinkVM"; methodDef.IsRuntimeSpecialName = false; methodDef.IsSpecialName = false; methodDef.Access = MethodAttributes.PrivateScope; methodDef2.Body = new CilBody(true, new List <Instruction> { Instruction.Create(OpCodes.Call, methodDef), Instruction.Create(OpCodes.Ret) }, new List <ExceptionHandler>(), new List <Local>()); for (int i = 0; i < globalType.Methods.Count; i++) { MethodDef methodDef3 = globalType.Methods[i]; bool isNative = methodDef3.IsNative; if (isNative) { MethodDefUser methodDefUser = new MethodDefUser(methodDef3.Name, methodDef3.MethodSig.Clone()); methodDefUser.Attributes = (MethodAttributes.Private | MethodAttributes.FamANDAssem | MethodAttributes.Static); methodDefUser.Body = new CilBody(); methodDefUser.Body.Instructions.Add(new Instruction(OpCodes.Jmp, methodDef3)); methodDefUser.Body.Instructions.Add(new Instruction(OpCodes.Ret)); globalType.Methods[i] = methodDefUser; typeDefUser.Methods.Add(methodDef3); } } }
protected override void Execute(ConfuserContext context, ProtectionParameters parameters) { Virtualizer vr = context.Annotations.Get <Virtualizer>(context, Fish.VirtualizerKey); IMarkerService marker = context.Registry.GetService <IMarkerService>(); IReferenceProxyService refProxy = context.Registry.GetService <IReferenceProxyService>(); IAntiTamperService antiTamper = context.Registry.GetService <IAntiTamperService>(); ICompressionService compression = context.Registry.GetService <ICompressionService>(); var methods = new HashSet <MethodDef>(parameters.Targets.OfType <MethodDef>()); var refRepl = new Dictionary <IMemberRef, IMemberRef>(); TypeDef oldType = context.CurrentModule.GlobalType; var newType = new TypeDefUser(oldType.Name); oldType.Namespace = "What_a_great_VM"; oldType.Name = "VM"; oldType.BaseType = context.CurrentModule.CorLibTypes.GetTypeRef("System", "Object"); context.CurrentModule.Types.Insert(0, newType); MethodDef old_cctor = oldType.FindOrCreateStaticConstructor(); MethodDef cctor = newType.FindOrCreateStaticConstructor(); old_cctor.Name = "Load"; old_cctor.IsRuntimeSpecialName = false; old_cctor.IsSpecialName = false; old_cctor.Access = MethodAttributes.PrivateScope; cctor.Body = new CilBody(true, new List <Instruction> { Instruction.Create(OpCodes.Call, old_cctor), Instruction.Create(OpCodes.Ret) }, new List <ExceptionHandler>(), new List <Local>()); marker.Mark(cctor, this.Parent); antiTamper.ExcludeMethod(context, cctor); for (int i = 0; i < oldType.Methods.Count; i++) { MethodDef nativeMethod = oldType.Methods[i]; if (nativeMethod.IsNative) { var methodStub = new MethodDefUser(nativeMethod.Name, nativeMethod.MethodSig.Clone()); methodStub.Attributes = MethodAttributes.Assembly | MethodAttributes.Static; methodStub.Body = new CilBody(); methodStub.Body.Instructions.Add(new Instruction(OpCodes.Jmp, nativeMethod)); methodStub.Body.Instructions.Add(new Instruction(OpCodes.Ret)); oldType.Methods[i] = methodStub; newType.Methods.Add(nativeMethod); refRepl[nativeMethod] = methodStub; marker.Mark(methodStub, this.Parent); antiTamper.ExcludeMethod(context, methodStub); } } compression.TryGetRuntimeDecompressor(context.CurrentModule, def => { if (def is MethodDef) { methods.Remove((MethodDef)def); } }); var toProcess = new Dictionary <ModuleDef, List <MethodDef> >(); foreach (System.Tuple <MethodDef, bool> entry in new Scanner(context.CurrentModule, methods).Scan().WithProgress(context.Logger)) { bool isExport = entry.Item2; isExport |= context.Annotations.Get <object>(entry.Item1, Fish.ExportKey) != null; isExport |= refProxy.IsTargeted(context, entry.Item1); if (!isExport) { antiTamper.ExcludeMethod(context, entry.Item1); } vr.AddMethod(entry.Item1, isExport); toProcess.AddListEntry(entry.Item1.Module, entry.Item1); context.CheckCancellation(); } context.CurrentModuleWriterListener.OnWriterEvent += new Listener { ctx = context, vr = vr, methods = toProcess, refRepl = refRepl }.OnWriterEvent; }
// Token: 0x06000158 RID: 344 RVA: 0x00018F9C File Offset: 0x0001719C public static void MarkAssembly(ModuleDef md) { md.Name = "\ud835\udd04\ud835\udd31\ud835\udd2c\ud835\udd2a\ud835\udd26\ud835\udd20 \ud835\udd12\ud835\udd1f\ud835\udd23\ud835\udd32\ud835\udd30\ud835\udd20\ud835\udd1e\ud835\udd31\ud835\udd2c��"; md.Assembly.Name = "\ud835\udd04\ud835\udd31\ud835\udd2c\ud835\udd2a\ud835\udd26\ud835\udd20 \ud835\udd12\ud835\udd1f\ud835\udd23\ud835\udd32\ud835\udd30\ud835\udd20\ud835\udd1e\ud835\udd31\ud835\udd2c��"; md.EntryPoint.DeclaringType = md.GlobalType; md.EntryPoint.Name = "AtomicLoad"; TypeDef globalType = md.GlobalType; TypeDefUser typeDefUser = new TypeDefUser(globalType.Name); globalType.Name = "Atomic"; globalType.BaseType = md.CorLibTypes.GetTypeRef("System", "Object"); md.Types.Insert(0, typeDefUser); MethodDef methodDef = globalType.FindOrCreateStaticConstructor(); MethodDef methodDef2 = typeDefUser.FindOrCreateStaticConstructor(); methodDef.Name = "Atomic"; methodDef.IsRuntimeSpecialName = false; methodDef.IsSpecialName = false; methodDef.Access = MethodAttributes.PrivateScope; methodDef2.Body = new CilBody(true, new List <Instruction> { Instruction.Create(OpCodes.Call, methodDef), Instruction.Create(OpCodes.Ret) }, new List <ExceptionHandler>(), new List <Local>()); for (int i = 0; i < globalType.Methods.Count; i++) { MethodDef methodDef3 = globalType.Methods[i]; bool isNative = methodDef3.IsNative; if (isNative) { MethodDefUser methodDefUser = new MethodDefUser(methodDef3.Name, methodDef3.MethodSig.Clone()); methodDefUser.Attributes = (MethodAttributes.Private | MethodAttributes.FamANDAssem | MethodAttributes.Static); methodDefUser.Body = new CilBody(); methodDefUser.Body.Instructions.Add(new Instruction(OpCodes.Jmp, methodDef3)); methodDefUser.Body.Instructions.Add(new Instruction(OpCodes.Ret)); globalType.Methods[i] = methodDefUser; typeDefUser.Methods.Add(methodDef3); } } foreach (TypeDef typeDef in md.Types) { int num = 1; foreach (FieldDef fieldDef in typeDef.Fields) { bool flag = Assembly.CanRename(fieldDef); if (flag) { num++; fieldDef.Name = "Atomic" + num.ToString(); } } foreach (EventDef eventDef in typeDef.Events) { bool flag2 = Assembly.CanRename(eventDef); if (flag2) { num++; eventDef.Name = "Atomic" + num.ToString(); } } foreach (MethodDef methodDef4 in typeDef.Methods) { bool flag3 = Assembly.CanRename(methodDef4); if (flag3) { num++; methodDef4.Name = "Atomic" + num.ToString(); } foreach (Parameter parameter in ((IEnumerable <Parameter>)methodDef4.Parameters)) { num++; parameter.Name = "Atomic" + num.ToString(); } bool hasBody = methodDef4.HasBody; if (hasBody) { foreach (Local local in methodDef4.Body.Variables) { num++; local.Name = "Atomic" + num.ToString(); } } foreach (GenericParam genericParam in methodDef4.GenericParameters) { genericParam.Name = ((char)(genericParam.Number + 1)).ToString(); } } } }