Exemplo n.º 1
0
        public bool IsDecryptor(MethodDef mDef)
        {
            if (!mDef.HasBody)
            {
                return(false);
            }

            if (mDef.ParamDefs.Count != 3 || !mDef.Body.HasVariables)
            {
                return(false);
            }

            if (mDef.Body.Variables.Count != 9 && mDef.Body.Variables.Count != 10)
            {
                return(false);
            }

            if (mDef.FindAllReferences().Count() != 1)
            {
                return(false);
            }

            if (mDef.FindAllReferences().ToList()[0].Item2 != RoutineVariables["antiTamper"])
            {
                return(false);
            }

            return(true);
        }
 private static void Main(string[] args)
 {
     if (args.Length == 0)
     {
         Console.WriteLine("No input file specified...");
     }
     else
     {
         Configuration.AssemblyFilename = args[0];
         ModuleDefMD      module        = ModuleDefMD.Load(Configuration.AssemblyFilename, (ModuleCreationOptions)null);
         TypeDef          globalType    = module.GlobalType;
         List <MethodDef> methodDefList = new List <MethodDef>();
         foreach (MethodDef method in globalType.Methods.Where <MethodDef>((Func <MethodDef, bool>)(m => m.IsNative)).ToList <MethodDef>())
         {
             MethodDef ilFromX86Method = X86MethodToILConverter.CreateILFromX86Method(new X86Method(method));
             method.DeclaringType.Methods.Add(ilFromX86Method);
             methodDefList.Add(method);
         }
         foreach (MethodDef methodDef1 in methodDefList)
         {
             MethodDef replacedMethod = methodDef1;
             IEnumerable <Instruction> allReferences = replacedMethod.FindAllReferences(module);
             MethodDef methodDef2 = module.GlobalType.Methods.FirstOrDefault <MethodDef>((Func <MethodDef, bool>)(m => m.Name == (string)replacedMethod.Name + "_IL"));
             foreach (Instruction instruction in allReferences)
             {
                 instruction.Operand = (object)methodDef2;
             }
             ++Program.x86Fixed;
         }
         foreach (MethodDef methodDef in methodDefList)
         {
             globalType.Methods.Remove(methodDef);
         }
         module.IsStrongNameSigned = false;
         module.Assembly.PublicKey = (PublicKey)null;
         NativeModuleWriterOptions options1 = new NativeModuleWriterOptions(module);
         options1.MetaDataOptions.Flags   |= MetaDataFlags.PreserveAll;
         options1.MetaDataOptions.Flags   |= MetaDataFlags.KeepOldMaxStack;
         options1.Cor20HeaderOptions.Flags = new ComImageFlags?(ComImageFlags.ILOnly | ComImageFlags._32BitRequired);
         module.NativeWrite((Stream)Program.mem, options1);
         Program.module = ModuleDefMD.Load((Stream)Program.mem);
         ModuleWriterOptions options2 = new ModuleWriterOptions((ModuleDef)Program.module);
         options1.MetaDataOptions.Flags |= MetaDataFlags.PreserveAll;
         options1.MetaDataOptions.Flags |= MetaDataFlags.KeepOldMaxStack;
         Program.module.Write(args[0].Replace(".exe", "-x86_mode_Fixed.exe"), options2);
         Console.WriteLine("Resolved : " + (object)Program.x86Fixed + " natives ints");
     }
 }
Exemplo n.º 3
0
        public bool IsDecryptor(MethodDef mDef)
        {
            if (!mDef.HasBody)
            {
                return(false);
            }

            if (mDef.ParamDefs.Count != 3 || !mDef.Body.HasVariables)
            {
                return(false);
            }

            if (mDef.Body.Variables.Count != 9 && mDef.Body.Variables.Count != 10)
            {
                return(false);
            }

            var refs = mDef.FindAllReferences();

            if (refs.Count() != 1)
            {
                return(false);
            }

            var flag = false;

            foreach (var instr in (RoutineVariables["cctor"] as MethodDef).Body.Instructions.Where(x => x.IsCall()))
            {
                if ((instr.Operand as MethodDef) == refs.ToList()[0].Item2)
                {
                    flag = true;
                    break;
                }
            }

            return(flag);

            // if (mDef.FindAllReferences().ToList()[0].Item2 != RoutineVariables["antiTamper"])
            //     return false;
        }
        private static bool IsStringDecryptor(MethodDef mDef, bool all)
        {
            if (!mDef.HasBody)
            {
                return(false);
            }

            if (mDef.Parameters.Count == 0 || !mDef.Body.HasVariables)
            {
                return(false);
            }

            if (mDef.Parameters.Count != 2 || !(mDef.Body.Variables.Count != 15 || mDef.Body.Variables.Count != 16))
            {
                return(false);
            }

            if (mDef.Body.Variables.FirstOrDefault(x => x.Type.TypeName.EndsWith("MethodBase")) == null)
            {
                return(false);
            }

            return(all || mDef.FindAllReferences().Any());
        }
        public bool IsDecryptor(MethodDef mDef)
        {
            if (!mDef.HasBody)
                return false;

            if (mDef.ParamDefs.Count != 3 || !mDef.Body.HasVariables)
                return false;

            if (mDef.Body.Variables.Count != 9 && mDef.Body.Variables.Count != 10)
                return false;

            var refs = mDef.FindAllReferences();

            if (refs.Count() != 1)
                return false;

            var flag = false;

            foreach (var instr in (RoutineVariables["cctor"] as MethodDef).Body.Instructions.Where(x => x.IsCall()))
            {
                if ((instr.Operand as MethodDef) == refs.ToList()[0].Item2)
                {
                    flag = true;
                    break;
                }
            }

            return flag;

               // if (mDef.FindAllReferences().ToList()[0].Item2 != RoutineVariables["antiTamper"])
               //     return false;
        }