void ProcessStructuralPhases(ModuleDefinition mod, IDictionary <IConfusion, NameValueCollection> globalParams, IEnumerable <Phase> phases) { ConfusionParameter cParam = new ConfusionParameter(); bool end1 = false; foreach (StructurePhase i in from i in phases where (i is StructurePhase)orderby(int) i.Priority + i.PhaseID * 10 ascending select i) { if (!end1 && i.PhaseID > 1) { MarkModule(mod); MarkObfuscateHelpers(mod); CecilHelper.RefreshTokens(mod); end1 = true; } List <IAnnotationProvider> mems = GetTargets(mod, i.Confusion); if (mems.Count == 0) { continue; } i.Confuser = this; param.Logger.Log("Executing " + i.Confusion.Name + " Phase " + i.PhaseID + "..."); i.Initialize(mod); if (globalParams.ContainsKey(i.Confusion)) { cParam.GlobalParameters = globalParams[i.Confusion]; } else { cParam.GlobalParameters = new NameValueCollection(); } if (i.WholeRun == true) { cParam.Parameters = null; cParam.Target = null; i.Process(cParam); param.Logger.Progress(1); } else { if (i is IProgressProvider) { cParam.Parameters = new NameValueCollection(); foreach (IAnnotationProvider mem in mems) { NameValueCollection memParam = (from set in mem.Annotations["ConfusionSets"] as IDictionary <IConfusion, NameValueCollection> where set.Key.Phases.Contains(i) select set.Value).FirstOrDefault(); string hash = mem.GetHashCode().ToString("X8"); foreach (string pkey in memParam.AllKeys) { cParam.Parameters[hash + "_" + pkey] = memParam[pkey]; } } cParam.Target = mems; (i as IProgressProvider).SetProgresser(param.Logger); i.Process(cParam); } else { double total = mems.Count; int interval = 1; if (total > 1000) { interval = (int)total / 100; } int now = 0; foreach (IAnnotationProvider mem in mems) { cParam.Parameters = (from set in mem.Annotations["ConfusionSets"] as IDictionary <IConfusion, NameValueCollection> where set.Key.Phases.Contains(i) select set.Value).FirstOrDefault(); cParam.Target = mem; i.Process(cParam); if (now % interval == 0 || now == total - 1) { param.Logger.Progress((now + 1) / total); } now++; } } param.Logger.Progress(1); } i.DeInitialize(); } }
protected override void PackCore(out AssemblyDefinition asm, PackerParameter parameter) { ModuleDefinition originMain = parameter.Modules[0]; asm = AssemblyDefinition.CreateAssembly(originMain.Assembly.Name, originMain.Name, new ModuleParameters() { Architecture = originMain.Architecture, Kind = originMain.Kind, Runtime = originMain.Runtime }); ModuleDefinition mod = asm.MainModule; Random rand = new Random(); int key0 = rand.Next(0, 0xff); int key1 = rand.Next(0, 0xff); EmbeddedResource res = new EmbeddedResource(Encoding.UTF8.GetString(Guid.NewGuid().ToByteArray()), ManifestResourceAttributes.Private, Encrypt(parameter.PEs[0], key0)); mod.Resources.Add(res); for (int i = 1; i < parameter.Modules.Length; i++) { if (parameter.Modules[i].IsMain) { mod.Resources.Add(new EmbeddedResource(GetNewName(parameter.Modules[i].Assembly.Name.FullName, key1), ManifestResourceAttributes.Private, Encrypt(parameter.PEs[i], key0))); } else { mod.Resources.Add(new EmbeddedResource(GetNewName(parameter.Modules[i].Name, key1), ManifestResourceAttributes.Private, Encrypt(parameter.PEs[i], key0))); //TODO: Support for multi-module asssembly } } AssemblyDefinition ldrC = AssemblyDefinition.ReadAssembly(typeof(Iid).Assembly.Location); TypeDefinition t = CecilHelper.Inject(mod, ldrC.MainModule.GetType("CompressShell")); foreach (Instruction inst in t.GetStaticConstructor().Body.Instructions) { if (inst.Operand is string) { inst.Operand = res.Name; } } foreach (Instruction inst in t.Methods.FirstOrDefault(mtd => mtd.Name == "Decrypt").Body.Instructions) { if (inst.Operand is int && (int)inst.Operand == 0x12345678) { inst.Operand = key0; } } foreach (Instruction inst in t.Methods.FirstOrDefault(mtd => mtd.Name == "DecryptAsm").Body.Instructions) { if (inst.Operand is int && (int)inst.Operand == 0x12345678) { inst.Operand = key1; } } t.Namespace = ""; t.DeclaringType = null; t.IsNestedPrivate = false; t.IsNotPublic = true; mod.Types.Add(t); MethodDefinition cctor = new MethodDefinition(".cctor", MethodAttributes.Private | MethodAttributes.HideBySig | MethodAttributes.SpecialName | MethodAttributes.RTSpecialName | MethodAttributes.Static, mod.TypeSystem.Void); mod.GetType("<Module>").Methods.Add(cctor); MethodBody bdy = cctor.Body = new MethodBody(cctor); ILProcessor psr = bdy.GetILProcessor(); psr.Emit(OpCodes.Call, mod.Import(typeof(AppDomain).GetProperty("CurrentDomain").GetGetMethod())); psr.Emit(OpCodes.Ldnull); psr.Emit(OpCodes.Ldftn, t.Methods.FirstOrDefault(mtd => mtd.Name == "DecryptAsm")); psr.Emit(OpCodes.Newobj, mod.Import(typeof(ResolveEventHandler).GetConstructor(new Type[] { typeof(object), typeof(IntPtr) }))); psr.Emit(OpCodes.Callvirt, mod.Import(typeof(AppDomain).GetEvent("AssemblyResolve").GetAddMethod())); psr.Emit(OpCodes.Ret); MethodDefinition main = t.Methods.FirstOrDefault(mtd => mtd.Name == "Main"); mod.EntryPoint = main; }