static void Main(string[] args) { Console.Title = "AntiRE.Example"; Console.ForegroundColor = ConsoleColor.DarkYellow; Console.WriteLine(@" _ _ _____ ______ _____ _ _ /\ | | (_) __ \| ____| | __ \ | | (_) / \ _ __ | |_ _| |__) | |__ | |__) | _ _ __ | |_ _ _ __ ___ ___ / /\ \ | '_ \| __| | _ /| __| | _ / | | | '_ \| __| | '_ ` _ \ / _ \ / ____ \| | | | |_| | | \ \| |____ _| | \ \ |_| | | | | |_| | | | | | | __/ /_/ \_\_| |_|\__|_|_| \_\______(_)_| \_\__,_|_| |_|\__|_|_| |_| |_|\___| "); var CurrentProcess = Process.GetCurrentProcess(); bool SelfDelete = false; bool ShowAlert = true; bool Aggressive = false; //Alert settings Alert.NotepadStyle = true; Alert.AutoClose = false; Alert.AutoCloseTime = 2; Alert.NotepadPath = "readme.txt"; //Prevent assembly being dumped from memory AntiDump.Parse(typeof(Program /* or this.GetType() */)); //Prevent application start under sandbox tools AntiSandBox.SelfDelete = SelfDelete; AntiSandBox.ShowAlert = ShowAlert; AntiSandBox.Parse(CurrentProcess); //Prevent application start under virtual machine AntiVirtualMachine.SelfDelete = SelfDelete; AntiVirtualMachine.ShowAlert = ShowAlert; AntiVirtualMachine.Parse(CurrentProcess); //Prevent from network being monitored AntiSniff.SelfDelete = SelfDelete; AntiSniff.ShowAlert = ShowAlert; AntiSniff.Parse(CurrentProcess); //Prevents reverse engineering tools from running in the system AntiReverserTools.SelfDelete = SelfDelete; AntiReverserTools.ShowAlert = ShowAlert; AntiReverserTools.Aggressive = Aggressive; AntiReverserTools.IgnoreCase = true; AntiReverserTools.KeepAlive = true; AntiReverserTools.WhiteList.Add("notepad"); AntiReverserTools.BlackList.Add("dnspy"); AntiReverserTools.Start(CurrentProcess); //Anti debugger AntiDebugger.SelfDelete = SelfDelete; AntiDebugger.ShowAlert = ShowAlert; AntiDebugger.Aggressive = Aggressive; AntiDebugger.KeepAlive = true; AntiDebugger.Start(CurrentProcess); //Detect if dnspy installed on system AntiDnspy.SelfDelete = SelfDelete; AntiDnspy.ShowAlert = ShowAlert; AntiDnspy.Parse(CurrentProcess); Console.ForegroundColor = ConsoleColor.Gray; Console.WriteLine("\r\n [#] Application started successfully\r\n [#] Press any key to exit..."); Console.ReadKey(); }
static void Main(string[] args) { Console.Title = "AntiRE.Example"; Console.ForegroundColor = ConsoleColor.DarkYellow; Console.WriteLine(@" _ _ _____ ______ _____ _ _ /\ | | (_) __ \| ____| | __ \ | | (_) / \ _ __ | |_ _| |__) | |__ | |__) | _ _ __ | |_ _ _ __ ___ ___ / /\ \ | '_ \| __| | _ /| __| | _ / | | | '_ \| __| | '_ ` _ \ / _ \ / ____ \| | | | |_| | | \ \| |____ _| | \ \ |_| | | | | |_| | | | | | | __/ /_/ \_\_| |_|\__|_|_| \_\______(_)_| \_\__,_|_| |_|\__|_|_| |_| |_|\___| "); var CurrentProcess = Process.GetCurrentProcess(); bool SelfDelete = false; bool ShowAlert = true; //Alert settings Alert.NotepadStyle = true; Alert.AutoClose = false; Alert.AutoCloseTime = 2; Alert.NotepadPath = "readme.txt"; //Prevent assembly being dumped from memory AntiDump.Parse(typeof(Program /* or this.GetType() */)); //Prevent application start under sandbox tools AntiSandBox.SelfDelete = SelfDelete; AntiSandBox.ShowAlert = ShowAlert; AntiSandBox.Parse(CurrentProcess); //Prevent application start under virtual machine AntiVirtualMachine.SelfDelete = SelfDelete; AntiVirtualMachine.ShowAlert = ShowAlert; AntiVirtualMachine.Parse(CurrentProcess); //Prevent from network being monitored AntiSniff.SelfDelete = SelfDelete; AntiSniff.ShowAlert = ShowAlert; AntiSniff.Parse(CurrentProcess); //Prevents reverse engineering tools from running in the system AntiReverserTools.SelfDelete = SelfDelete; AntiReverserTools.ShowAlert = ShowAlert; AntiReverserTools.IgnoreCase = true; AntiReverserTools.KeepAlive = true; AntiReverserTools.WhiteList.Add("notepad"); AntiReverserTools.BlackList.Add("dnspy"); AntiReverserTools.Start(CurrentProcess); //Anti debugger AntiDebugger.SelfDelete = SelfDelete; AntiDebugger.ShowAlert = ShowAlert; AntiDebugger.KeepAlive = true; AntiDebugger.Start(CurrentProcess); //Detect if dnspy installed on system AntiDnspy.SelfDelete = SelfDelete; AntiDnspy.ShowAlert = ShowAlert; AntiDnspy.Parse(CurrentProcess); //Send anti sniff request to server try { HttpWebRequest req = (HttpWebRequest)WebRequest.Create("https://google.com"); req.ContinueTimeout = 10000; req.ReadWriteTimeout = 10000; req.Timeout = 10000; req.KeepAlive = true; req.UserAgent = "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/28.0.1500.63 Safari/537.36"; req.Accept = "*/*"; req.Method = "GET"; req.Headers.Add("Accept-Language", "en-US,en;q=0.9,fa;q=0.8"); req.Headers.Add("Accept-Encoding", "gzip, deflate"); req.AutomaticDecompression = DecompressionMethods.GZip; req.ServerCertificateValidationCallback = AntiSniff.ValidationCallback; req.ServicePoint.Expect100Continue = false; using (HttpWebResponse response = req.GetResponse() as HttpWebResponse) { if (response.StatusCode != HttpStatusCode.OK) { Alert.Show("NETWORK CONNECTION ERROR, CHECK YOUR INTERNET CONNECTION OR CLOSE SNIFFER SOFTWARES"); Environment.Exit(0); return; } } } catch { Alert.Show("NETWORK CONNECTION ERROR, CHECK YOUR INTERNET CONNECTION OR CLOSE SNIFFER SOFTWARES"); Environment.Exit(0); return; } Console.ForegroundColor = ConsoleColor.Gray; Console.WriteLine("\r\n [#] Application started successfully\r\n [#] Press any key to exit..."); Console.ReadKey(); }
static void Main(string[] args) { #region Initialize Console.Title = "Rzy Protector V2 Unpacker - by illuZion#9999"; WriteTitle(); if (args.Length != 1) { Write("Please, drag 'n' drop the file to unpack!", Type.Error); Leave(); } string directory = args[0]; try { Module = ModuleDefMD.Load(directory); } catch { Write("Not a .NET Assembly...", Type.Error); Leave(); } #endregion Initialize #region Unpack HideMethods.Execute(Module); CallToCalli.Execute(Module); EmptyTypes.Execute(Module); Maths(Module); LocalToField.Execute(Module); Constants.Execute(Module); Maths(Module); StringProtection.Execute(Module); FakeObfuscator.Execute(Module); AntiIlDasm.Execute(Module); AntiDe4dot.Execute(Module); AntiDnspy.Execute(Module); AntiVm.Execute(Module); AntiDebug.Execute(Module); AntiDump.Execute(Module); RemoveNops.Execute(Module); #endregion Unpack #region Save the file Write("Saving the unpacked file..."); string text = Path.GetDirectoryName(directory); if (text == null) { Leave(); } // We can disable the possible null exception as the Leave method closes the program (but Resharper does not detect it). // ReSharper disable once PossibleNullReferenceException text += !text.EndsWith("\\") ? "\\" : null; string filename = $"{text}{Path.GetFileNameWithoutExtension(directory)}-Unpacked{Path.GetExtension(directory)}"; var writerOptions = new ModuleWriterOptions(Module); writerOptions.MetadataOptions.Flags |= MetadataFlags.PreserveAll; writerOptions.Logger = DummyLogger.NoThrowInstance; var nativewriterOptions = new NativeModuleWriterOptions(Module, true); nativewriterOptions.MetadataOptions.Flags |= MetadataFlags.PreserveAll; nativewriterOptions.Logger = DummyLogger.NoThrowInstance; if (Module.IsILOnly) { Module.Write(filename, writerOptions); } else { Module.NativeWrite(filename, nativewriterOptions); } Write($"File saved at: {filename}", Type.Success); Leave(); #endregion Save the file }