Exemplos de código com ILSignature em C# (CSharp)

Exemplo n.º 1

0

Exibir arquivo

Arquivo: StringDecryptor.cs Projeto: xlfj5211/NETDeob

//        internal void Method21(int param19)

//        {
//            int metadataToken = param19 + 0x2000000;
//            var typeDef = AsmDef.MainModule.Types.First(type => type.MetadataToken.ToInt32() == metadataToken);

//            foreach (var fieldDef in typeDef.Fields)
//            {
//                string name = fieldDef.Name;
//                StringBuilder builder = new StringBuilder();
//                foreach (char t in name)
//                {
//                    builder.Append((char) (((byte) t) + 0x2f));
//                }
//                int num3 = int.Parse(builder.ToString(), NumberStyles.HexNumber);
//                int num4 = num3 & 0xffffff;
//// ReSharper disable UnusedVariable
//                int num5 = num3 >> 0x18;
//// ReSharper restore UnusedVariable
//                int num6 = 0xa000000 + num4;
//// ReSharper disable UnusedVariable
//                var info2 = AsmDef.FindMethod(mDef => mDef.Resolve().MetadataToken.ToInt32() == num6);
//// ReSharper restore UnusedVariable
//                // info.SetValue(null, Method_22(type, info2, num5));
//            }
//        }

        #endregion

        public MethodDefinition FindDecryptor()
        {
            var signature = new ILSignature
            {
                StartIndex   = 0,
                StartOpCode  = OpCodes.Nop,
                Instructions = new List <OpCode>
                {
                    OpCodes.Ldsfld,
                    OpCodes.Call,
                    OpCodes.Newarr,
                    OpCodes.Stloc_0,
                    OpCodes.Ldc_R8,
                    OpCodes.Ldsfld,
                    OpCodes.Call
                }
            };

            return(AsmDef.FindMethod(mDef => SignatureFinder.IsMatch(mDef, signature)));
        }

Exemplo n.º 2

0

Exibir arquivo

Arquivo: StringDecryptor.cs Projeto: n017/NETDeob

        public MethodDefinition FindDecryptor()
        {
            var signature = new ILSignature
                                {
                                    StartIndex = 0,
                                    StartOpCode = OpCodes.Nop,
                                    Instructions = new List<OpCode>
                                                       {
                                                           OpCodes.Ldsfld,
                                                           OpCodes.Call,
                                                           OpCodes.Newarr,
                                                           OpCodes.Stloc_0,
                                                           OpCodes.Ldc_R8,
                                                           OpCodes.Ldsfld,
                                                           OpCodes.Call
                                                       }
                                };

            return AsmDef.FindMethod(mDef => SignatureFinder.IsMatch(mDef, signature));
        }

Exemplo n.º 3

0

Exibir arquivo

        public static MethodDefinition FindDecryptor()
        {
            var signature = new ILSignature
            {
                StartIndex   = 1,
                StartOpCode  = OpCodes.Nop,
                Instructions = new List <OpCode>
                {
                    OpCodes.Callvirt,
                    OpCodes.Stloc_0,
                    OpCodes.Ldloc_0,
                    OpCodes.Newarr,
                    OpCodes.Stloc_1,
                    OpCodes.Ldc_I4_0,
                    OpCodes.Stloc_2
                }
            };

            return(AsmDef.FindMethod(mdef => SignatureFinder.IsMatch(mdef, signature)));
        }

Exemplo n.º 4

0

Exibir arquivo

        public static MethodDefinition FindDecryptor(AssemblyDefinition asmDef)
        {
            foreach (var modDef in asmDef.Modules)
            {
                foreach (var typeDef in modDef.Types)
                {
                    foreach (var mDef in typeDef.Methods)
                    {
                        var signature = new ILSignature
                        {
                            Start        = 1,
                            StartOpCode  = OpCodes.Nop,
                            Instructions = new List <OpCode>
                            {
                                OpCodes.Callvirt,
                                OpCodes.Stloc_0,
                                OpCodes.Ldloc_0,
                                OpCodes.Newarr,
                                OpCodes.Stloc_1,
                                OpCodes.Ldc_I4_0,
                                OpCodes.Stloc_2
                            }
                        };

                        if (mDef.HasBody)
                        {
                            if (SignatureFinder.IsMatch(mDef, signature))
                            {
                                return(mDef);
                            }
                        }
                    }
                }
            }

            return(null);
        }

Exemplo n.º 5

0

Exibir arquivo

Arquivo: StringDecryptor.cs Projeto: xlfj5211/NETDeob

        private static List <MethodDefinition> FindDecryptors(AssemblyDefinition asmDef)
        {
            var signature = new ILSignature
            {
                Start        = 0,
                StartOpCode  = OpCodes.Ldsfld,
                Instructions = new List <OpCode>
                {
                    OpCodes.Ldsfld,
                    OpCodes.Dup,
                    OpCodes.Stloc_S,
                    OpCodes.Call,
                    OpCodes.Ldarg_0,
                    OpCodes.Ldc_I4
                }
            };


            var decryptors = new List <MethodDefinition>();

            foreach (var modDef in asmDef.Modules)
            {
                foreach (var typeDef in modDef.Types)
                {
                    foreach (var mDef in typeDef.Methods)
                    {
                        if (SignatureFinder.IsMatch(mDef, signature))
                        {
                            decryptors.Add(mDef);
                        }
                    }
                }
            }

            return(decryptors);
        }

Exemplo n.º 6

0

Exibir arquivo

Arquivo: Identifier.cs Projeto: Tianjiao/NETDeob

        private static ISignature IdentifySixxpack(AssemblyDefinition asmDef, out bool found)
        {
            var signature = new ILSignature
                                {
                                    StartIndex = 0,
                                    StartOpCode = OpCodes.Nop,
                                    Instructions = new List<OpCode>
                                                       {
                                                           OpCodes.Stloc_0,
                                                           OpCodes.Ldloc_0,
                                                           OpCodes.Ldnull,
                                                           OpCodes.Ldftn,
                                                           OpCodes.Newobj,
                                                           OpCodes.Callvirt,
                                                           OpCodes.Leave_S,
                                                           OpCodes.Pop,
                                                           OpCodes.Leave_S,
                                                           OpCodes.Ldc_I4_1
                                                       }
                                };

            if (SignatureFinder.IsMatch(asmDef.EntryPoint, signature))
            {
                found = true;
                return new Signatures.SixxpackSignature();
            }

            found = false;
            return new Signatures.UnidentifiedSignature();
        }

Exemplo n.º 7

0

Exibir arquivo

Arquivo: Identifier.cs Projeto: Tianjiao/NETDeob

        private static ISignature IdentifyRpx(AssemblyDefinition asmDef, out bool found)
        {
            var signature = new ILSignature
                                {
                                    StartIndex = 0,
                                    StartOpCode = OpCodes.Nop,
                                    Instructions = new List<OpCode>
                                                       {
                                                           OpCodes.Call,
                                                           OpCodes.Callvirt,
                                                           OpCodes.Ldstr,
                                                           OpCodes.Callvirt,
                                                           OpCodes.Stloc_0,
                                                           OpCodes.Ldloc_0,
                                                           OpCodes.Ldc_I4_3,
                                                           OpCodes.Ldc_I4_1,
                                                           OpCodes.Call,
                                                           OpCodes.Stloc_1,
                                                           OpCodes.Ldloc_1,
                                                           OpCodes.Ldstr
                                                       }
                                };

            if(SignatureFinder.IsMatch(asmDef.EntryPoint, signature))
            {
                found = true;
                return new Signatures.RpxSignature();
            }

            found = false;
            return new Signatures.UnidentifiedSignature();
        }

Exemplo n.º 8

0

Exibir arquivo

Arquivo: Identifier.cs Projeto: Tianjiao/NETDeob

        private static ISignature IdentifyExePack(AssemblyDefinition asmDef, out bool found)
        {
            //Lets just do the whole method lol
            var signature = new ILSignature
                                {
                                    StartIndex = 0,
                                    StartOpCode = OpCodes.Nop,
                                    Instructions = new List<OpCode>
                                                       {
                                                           OpCodes.Dup,
                                                           OpCodes.Ldnull,
                                                           OpCodes.Ldftn,
                                                           OpCodes.Newobj,
                                                           OpCodes.Callvirt,
                                                           OpCodes.Ldstr,
                                                           OpCodes.Newobj,
                                                           OpCodes.Ldnull,
                                                           OpCodes.Ldarg_0,
                                                           OpCodes.Callvirt,
                                                           OpCodes.Ret
                                                       }
                                };

            if (SignatureFinder.IsMatch(asmDef.EntryPoint, signature))
            {
                found = true;
                return new Signatures.ExePackSignature();
            }

            found = false;
            return new Signatures.UnidentifiedSignature();
        }

Exemplos de ILSignature em C# (CSharp)