/// <summary>
/// Creates a module.
/// </summary>
/// <returns></returns>
public static ModuleDef CreateModule()
{
ModuleDef module = new ModuleDefUser(Guid.NewGuid().ToString());
module.Kind = ModuleKind.Dll;
// Add the module to an assembly
AssemblyDef assembly = new AssemblyDefUser(Guid.NewGuid().ToString(), new Version(1, 0), null, CultureInfo.InvariantCulture.DisplayName);
assembly.Modules.Add(module);
return module;
}
public static void Run() {
// Create a new module. The string passed in is the name of the module,
// not the file name.
ModuleDef mod = new ModuleDefUser("MyModule.exe");
// It's a console application
mod.Kind = ModuleKind.Console;
// Add the module to an assembly
AssemblyDef asm = new AssemblyDefUser("MyAssembly", new Version(1, 2, 3, 4), null, null);
asm.Modules.Add(mod);
// Add a .NET resource
byte[] resourceData = Encoding.UTF8.GetBytes("Hello, world!");
mod.Resources.Add(new EmbeddedResource("My.Resource", resourceData,
ManifestResourceAttributes.Private));
// Add the startup type. It derives from System.Object.
TypeDef startUpType = new TypeDefUser("My.Namespace", "Startup", mod.CorLibTypes.Object.TypeDefOrRef);
startUpType.Attributes = TypeAttributes.NotPublic | TypeAttributes.AutoLayout |
TypeAttributes.Class | TypeAttributes.AnsiClass;
// Add the type to the module
mod.Types.Add(startUpType);
// Create the entry point method
MethodDef entryPoint = new MethodDefUser("Main",
MethodSig.CreateStatic(mod.CorLibTypes.Int32, new SZArraySig(mod.CorLibTypes.String)));
entryPoint.Attributes = MethodAttributes.Private | MethodAttributes.Static |
MethodAttributes.HideBySig | MethodAttributes.ReuseSlot;
entryPoint.ImplAttributes = MethodImplAttributes.IL | MethodImplAttributes.Managed;
// Name the 1st argument (argument 0 is the return type)
entryPoint.ParamDefs.Add(new ParamDefUser("args", 1));
// Add the method to the startup type
startUpType.Methods.Add(entryPoint);
// Set module entry point
mod.EntryPoint = entryPoint;
// Create a TypeRef to System.Console
TypeRef consoleRef = new TypeRefUser(mod, "System", "Console", mod.CorLibTypes.AssemblyRef);
// Create a method ref to 'System.Void System.Console::WriteLine(System.String)'
MemberRef consoleWrite1 = new MemberRefUser(mod, "WriteLine",
MethodSig.CreateStatic(mod.CorLibTypes.Void, mod.CorLibTypes.String),
consoleRef);
// Add a CIL method body to the entry point method
CilBody epBody = new CilBody();
entryPoint.Body = epBody;
epBody.Instructions.Add(OpCodes.Ldstr.ToInstruction("Hello World!"));
epBody.Instructions.Add(OpCodes.Call.ToInstruction(consoleWrite1));
epBody.Instructions.Add(OpCodes.Ldc_I4_0.ToInstruction());
epBody.Instructions.Add(OpCodes.Ret.ToInstruction());
// Save the assembly to a file on disk
mod.Write(@"C:\saved-assembly.exe");
}
private byte[] DecryptArray(MethodDef method, byte[] encryptedArray)
{
ModuleDefUser tempModule = new ModuleDefUser("TempModule");
AssemblyDef tempAssembly = new AssemblyDefUser("TempAssembly");
tempAssembly.Modules.Add(tempModule);
var tempType = new TypeDefUser("", "TempType", tempModule.CorLibTypes.Object.TypeDefOrRef);
tempType.Attributes = TypeAttributes.Public | TypeAttributes.Class;
MethodDef tempMethod = Utils.Clone(method);
tempMethod.ReturnType = new SZArraySig(tempModule.CorLibTypes.Byte);
tempMethod.MethodSig.Params.Add(new SZArraySig(tempModule.CorLibTypes.Byte));
tempMethod.Attributes = MethodAttributes.Public | MethodAttributes.Static;
for (int i = 0; i < 5; i++)
{
tempMethod.Body.Instructions.RemoveAt(2); // read encrypted array from argument
}
tempMethod.Body.Instructions.Insert(2, OpCodes.Ldarg_0.ToInstruction());
for (int i = 0; i < 2; i++)
{
tempMethod.Body.Instructions.RemoveAt(tempMethod.Body.Instructions.Count -
2); // make return decrypted array
}
tempType.Methods.Add(tempMethod);
tempModule.Types.Add(tempType);
using (MemoryStream memoryStream = new MemoryStream())
{
ModuleWriterOptions moduleWriterOptions = new ModuleWriterOptions();
moduleWriterOptions.MetaDataOptions = new MetaDataOptions();
tempModule.Write(memoryStream, moduleWriterOptions);
Assembly patchedAssembly = Assembly.Load(memoryStream.ToArray());
var type = patchedAssembly.ManifestModule.GetType("TempType");
var methods = type.GetMethods();
MethodInfo patchedMethod = methods.First(m => m.IsPublic && m.IsStatic);
byte[] decryptedBytes = (byte[])patchedMethod.Invoke(null, new object[] { encryptedArray });
return(Lzma.Decompress(decryptedBytes));
}
}
// Token: 0x060000B7 RID: 183 RVA: 0x0000E52C File Offset: 0x0000C72C
public static void Pack(ModuleDef md, string directory)
{
string s = Convert.ToBase64String(File.ReadAllBytes(directory));
ModuleDefUser moduleDefUser = new ModuleDefUser(Renamer.Random(25));
moduleDefUser.Kind = ModuleKind.Console;
AssemblyDefUser assemblyDefUser = new AssemblyDefUser(Renamer.Random(25), new Version(Packer.random.Next(1, 9), Packer.random.Next(1, 9), Packer.random.Next(1, 9), Packer.random.Next(1, 9)));
assemblyDefUser.Modules.Add(moduleDefUser);
TypeDefUser typeDefUser = new TypeDefUser(Renamer.Random(25), Renamer.Random(25), moduleDefUser.CorLibTypes.Object.TypeDefOrRef);
typeDefUser.Attributes = dnlib.DotNet.TypeAttributes.NotPublic;
moduleDefUser.Types.Add(typeDefUser);
MethodDefUser methodDefUser = new MethodDefUser("Main", MethodSig.CreateStatic(moduleDefUser.CorLibTypes.Void, new SZArraySig(moduleDefUser.CorLibTypes.String)));
methodDefUser.Attributes = (dnlib.DotNet.MethodAttributes.Static | dnlib.DotNet.MethodAttributes.HideBySig);
methodDefUser.ImplAttributes = dnlib.DotNet.MethodImplAttributes.IL;
methodDefUser.ParamDefs.Add(new ParamDefUser("args", 1));
typeDefUser.Methods.Add(methodDefUser);
moduleDefUser.EntryPoint = methodDefUser;
CilBody cilBody = new CilBody();
methodDefUser.Body = cilBody;
cilBody.Instructions.Add(OpCodes.Nop.ToInstruction());
cilBody.Instructions.Add(OpCodes.Ldstr.ToInstruction(s));
cilBody.Instructions.Add(OpCodes.Call.ToInstruction(methodDefUser.Module.Import(typeof(Convert).GetMethod("FromBase64String", new Type[]
{
typeof(string)
}))));
cilBody.Instructions.Add(OpCodes.Call.ToInstruction(methodDefUser.Module.Import(typeof(Assembly).GetMethod("Load", new Type[]
{
typeof(byte[])
}))));
cilBody.Instructions.Add(OpCodes.Callvirt.ToInstruction(methodDefUser.Module.Import(typeof(Assembly).GetMethod("get_EntryPoint", new Type[0]))));
cilBody.Instructions.Add(OpCodes.Ldnull.ToInstruction());
cilBody.Instructions.Add(OpCodes.Ldc_I4_1.ToInstruction());
cilBody.Instructions.Add(OpCodes.Newarr.ToInstruction(methodDefUser.Module.Import(typeof(object))));
cilBody.Instructions.Add(OpCodes.Callvirt.ToInstruction(methodDefUser.Module.Import(typeof(MethodBase).GetMethod("Invoke", new Type[]
{
typeof(object),
typeof(object[])
}))));
cilBody.Instructions.Add(OpCodes.Pop.ToInstruction());
cilBody.Instructions.Add(OpCodes.Ret.ToInstruction());
moduleDefUser.Write(directory);
}
public IntrinsicsAssemblyBuilder(string corlibAssemblyFullName)
{
var corlibRef = new AssemblyRefUser(new AssemblyNameInfo(corlibAssemblyFullName));
module = new ModuleDefUser(Guid.NewGuid().ToString(), Guid.NewGuid(), corlibRef);
module.Kind = ModuleKind.Dll;
var asm = new AssemblyDefUser(Guid.NewGuid().ToString());
asm.Modules.Add(module);
intrinsicsType = new TypeDefUser(ExpressionCompilerConstants.IntrinsicAssemblyNamespace, ExpressionCompilerConstants.IntrinsicAssemblyTypeName, module.CorLibTypes.Object.TypeDefOrRef);
intrinsicsType.Attributes = TypeAttributes.Public | TypeAttributes.AutoLayout | TypeAttributes.Class | TypeAttributes.AnsiClass | TypeAttributes.Abstract | TypeAttributes.Sealed;
module.Types.Add(intrinsicsType);
corlibTypes = module.CorLibTypes;
exceptionTypeSig = new ClassSig(corlibTypes.GetTypeRef(nameof(System), nameof(Exception)));
typeTypeSig = new ClassSig(corlibTypes.GetTypeRef(nameof(System), nameof(Type)));
guidTypeSig = new ValueTypeSig(corlibTypes.GetTypeRef(nameof(System), nameof(Guid)));
}
public byte[] GetBrandNewAssemblyFromType(TypeDef typeToInject)
{
// First of all, a temporary assembly is created and methods are injected into this assembly.
// Once this assembly is ready, this try to execute the method in order to replace all the references in
// the original assembly with its result.
// This is probably the weakest part of the deobfuscator but I doubt there's an easier way to do this.
AssemblyDef dummyAssembly = new AssemblyDefUser("DummyAssembly", new System.Version(1, 0, 0, 0), null);
ModuleDefUser dummyModule = new ModuleDefUser("DummyModule")
{
Kind = ModuleKind.Dll
};
TypeDef dummyType = new TypeDefUser("DummyNamespace", "DummyType", dummyModule.CorLibTypes.Object.TypeDefOrRef);
dummyType.Attributes = TypeAttributes.NotPublic | TypeAttributes.AutoLayout |
TypeAttributes.Class | TypeAttributes.AnsiClass;
dummyModule.Types.Add(dummyType);
dummyAssembly.Modules.Add(dummyModule);
// Copy everything in dummyType
Inject(typeToInject, dummyType, dummyModule, null);
// Provide a default constructor
if (dummyType.FindDefaultConstructor() == null)
{
var ctor = new MethodDefUser(".ctor",
MethodSig.CreateInstance(dummyModule.CorLibTypes.Void),
MethodImplAttributes.Managed,
MethodAttributes.HideBySig | MethodAttributes.Public |
MethodAttributes.SpecialName | MethodAttributes.RTSpecialName);
ctor.Body = new CilBody();
ctor.Body.MaxStack = 0;
ctor.Body.Instructions.Add(OpCodes.Ret.ToInstruction());
dummyType.Methods.Add(ctor);
}
// Save the assembly to a memorystream
using (MemoryStream stream = new MemoryStream())
{
dummyModule.Write(stream);
return(stream.ToArray());
}
}
protected override void Pack(ConfuserContext context, ProtectionParameters parameters) {
var ctx = context.Annotations.Get<CompressorContext>(context, ContextKey);
if (ctx == null) {
context.Logger.Error("No executable module!");
throw new ConfuserException(null);
}
ModuleDefMD originModule = context.Modules[ctx.ModuleIndex];
ctx.OriginModuleDef = originModule;
var stubModule = new ModuleDefUser(ctx.ModuleName, originModule.Mvid, originModule.CorLibTypes.AssemblyRef);
if (ctx.CompatMode) {
var assembly = new AssemblyDefUser(originModule.Assembly);
assembly.Name += ".cr";
assembly.Modules.Add(stubModule);
}
else {
ctx.Assembly.Modules.Insert(0, stubModule);
ImportAssemblyTypeReferences(originModule, stubModule);
}
stubModule.Characteristics = originModule.Characteristics;
stubModule.Cor20HeaderFlags = originModule.Cor20HeaderFlags;
stubModule.Cor20HeaderRuntimeVersion = originModule.Cor20HeaderRuntimeVersion;
stubModule.DllCharacteristics = originModule.DllCharacteristics;
stubModule.EncBaseId = originModule.EncBaseId;
stubModule.EncId = originModule.EncId;
stubModule.Generation = originModule.Generation;
stubModule.Kind = ctx.Kind;
stubModule.Machine = originModule.Machine;
stubModule.RuntimeVersion = originModule.RuntimeVersion;
stubModule.TablesHeaderVersion = originModule.TablesHeaderVersion;
stubModule.Win32Resources = originModule.Win32Resources;
InjectStub(context, ctx, parameters, stubModule);
var snKey = context.Annotations.Get<StrongNameKey>(originModule, Marker.SNKey);
using (var ms = new MemoryStream()) {
stubModule.Write(ms, new ModuleWriterOptions(stubModule, new KeyInjector(ctx)) {
StrongNameKey = snKey
});
context.CheckCancellation();
ProtectStub(context, context.OutputPaths[ctx.ModuleIndex], ms.ToArray(), snKey, new StubProtection(ctx, originModule));
}
}
protected override void Pack(ConfuserContext context, ProtectionParameters parameters)
{
var ctx = context.Annotations.Get <XorCryptorContext>(context, ContextKey);
if (ctx == null)
{
context.Logger.Error("No executable module!");
throw new ConfuserException(null);
}
ModuleDefMD originModule = context.Modules[ctx.ModuleIndex];
ctx.OriginModuleDef = originModule;
var stubModule = new ModuleDefUser(ctx.ModuleName, originModule.Mvid, originModule.CorLibTypes.AssemblyRef);
if (ctx.CompatMode)
{
var assembly = new AssemblyDefUser(originModule.Assembly);
assembly.Name += ".mpx";
assembly.Modules.Add(stubModule);
}
else
{
ctx.Assembly.Modules.Insert(0, stubModule);
ImportAssemblyTypeReferences(originModule, stubModule);
}
stubModule.Characteristics = originModule.Characteristics;
stubModule.Cor20HeaderFlags = originModule.Cor20HeaderFlags;
stubModule.Cor20HeaderRuntimeVersion = originModule.Cor20HeaderRuntimeVersion;
stubModule.DllCharacteristics = originModule.DllCharacteristics;
stubModule.EncBaseId = originModule.EncBaseId;
stubModule.EncId = originModule.EncId;
stubModule.Generation = originModule.Generation;
stubModule.Kind = ctx.Kind;
stubModule.Machine = originModule.Machine;
stubModule.RuntimeVersion = originModule.RuntimeVersion;
stubModule.TablesHeaderVersion = originModule.TablesHeaderVersion;
stubModule.Win32Resources = originModule.Win32Resources;
byte[] executableModuleBytes = null; // TODO: LOL!
}
public static void Build(string fullPath, string outputPath)
{
var mod = new ModuleDefUser(ModuleName, null, ModuleDefMD.Load(typeof(void).Module).Assembly.ToAssemblyRef())
{
Kind = ModuleKind.Dll
};
var ass = new AssemblyDefUser(AssemblyName, Version.Parse("1.0.0.0"));
ass.Modules.Add(mod);
//get resourceset
var set = new ResourceElementSet();
foreach (ResourceElement re in FileFormatHelper.GetResourceElements(fullPath))
{
set.Add(re);
}
//write set to byte[] and add to module resources
using (var ms = new MemoryStream()) {
ResourceWriter.Write(mod, ms, set);
mod.Resources.Add(new EmbeddedResource(Resources, ms.ToArray(), ManifestResourceAttributes.Private));
}
//create store type
TypeDef store = new TypeDefUser(Namespace, ResourceStore, mod.CorLibTypes.Object.TypeDefOrRef)
{
Attributes = TypeAttributes.Public | TypeAttributes.BeforeFieldInit
};
//add the type to the module
mod.Types.Add(store);
//add code
BuildStore(mod, ref store);
//write module
mod.Write(Path.Combine(outputPath, "osu!ui-rebuilt.dll"));
}
//https://github.com/0xd4d/dnlib/blob/master/Examples/Example3.cs
public static void Run(string encrypted, string writedir)
{
//create module
var mod = new ModuleDefUser(RandomString()); mod.Kind = ModuleKind.Console;
// create and add asm in module
var asm = new AssemblyDefUser(RandomString(), new Version(random.Next(1, 9), random.Next(1, 9), random.Next(1, 9), random.Next(1, 9)));
asm.Modules.Add(mod);
// create startup class for ep
var startUpType = new TypeDefUser(RandomString(), RandomString(), mod.CorLibTypes.Object.TypeDefOrRef);
startUpType.Attributes = TypeAttributes.NotPublic | TypeAttributes.AutoLayout | TypeAttributes.Class | TypeAttributes.AnsiClass;
mod.Types.Add(startUpType);
//create ep method main(string[] args)
var entryPoint = new MethodDefUser("Main", MethodSig.CreateStatic(mod.CorLibTypes.Void, new SZArraySig(mod.CorLibTypes.String)));
entryPoint.Attributes = MethodAttributes.Static | MethodAttributes.HideBySig | MethodAttributes.ReuseSlot;
entryPoint.ImplAttributes = MethodImplAttributes.IL | MethodImplAttributes.Managed;
entryPoint.ParamDefs.Add(new ParamDefUser("args", 1));
startUpType.Methods.Add(entryPoint);
mod.EntryPoint = entryPoint;
var epBody = new CilBody();
entryPoint.Body = epBody;
// add instructions in ep method
epBody.Instructions.Add(OpCodes.Nop.ToInstruction());
epBody.Instructions.Add(OpCodes.Ldstr.ToInstruction(encrypted));
epBody.Instructions.Add(OpCodes.Call.ToInstruction(entryPoint.Module.Import(typeof(System.Convert).GetMethod("FromBase64String", new Type[] { typeof(string) }))));
epBody.Instructions.Add(OpCodes.Call.ToInstruction(entryPoint.Module.Import(typeof(System.Reflection.Assembly).GetMethod("Load", new Type[] { typeof(byte[]) }))));
epBody.Instructions.Add(OpCodes.Callvirt.ToInstruction(entryPoint.Module.Import(typeof(System.Reflection.Assembly).GetMethod("get_EntryPoint", new Type[0]))));
epBody.Instructions.Add(OpCodes.Ldnull.ToInstruction());
epBody.Instructions.Add(OpCodes.Ldc_I4_1.ToInstruction());
epBody.Instructions.Add(OpCodes.Newarr.ToInstruction(entryPoint.Module.Import(typeof(System.Object))));
epBody.Instructions.Add(OpCodes.Callvirt.ToInstruction(entryPoint.Module.Import(typeof(System.Reflection.MethodBase).GetMethod("Invoke", new Type[] { typeof(object), typeof(object[]) }))));
epBody.Instructions.Add(OpCodes.Pop.ToInstruction());
epBody.Instructions.Add(OpCodes.Ret.ToInstruction());
// save new file
mod.Write(writedir.Replace(".exe", "_packed.exe"));
}
public ModuleDefUser CreateHookModule()
{
_processedTypes.Clear();
_processedMethods.Clear();
_processedFields.Clear();
_hookModule = new ModuleDefUser($"{_assemblyName}.dll", Guid.NewGuid(), new AssemblyRefUser(new AssemblyNameInfo(typeof(void).Assembly.GetName().FullName)))
{
Kind = ModuleKind.Dll,
RuntimeVersion = MDHeaderRuntimeVersion.MS_CLR_40
};
var ass = new AssemblyDefUser(_assemblyName, _originalModule.Assembly.Version);
ass.Modules.Add(_hookModule); // ??????? wtf but this is needed lmao
// -- Add custom attribute for identifying
var attr = new TypeDefUser(IDENTIFICATION_ATTRIBUTE_NAME, _hookModule.Import(typeof(Attribute)));
var attrCtor = new MethodDefUser(".ctor", MethodSig.CreateInstance(_hookModule.CorLibTypes.Void), MethodAttributes.Public | MethodAttributes.HideBySig | MethodAttributes.SpecialName | MethodAttributes.RTSpecialName);
attrCtor.Body = new CilBody();
attrCtor.Body.Instructions.Add(Instruction.Create(OpCodes.Ret));
attr.Methods.Add(attrCtor);
_hookModule.Types.Add(attr);
ass.CustomAttributes.Add(new CustomAttribute(attrCtor));
// --
foreach (var typeDef in _originalModule.Types)
{
CreateRawTree(typeDef);
}
PopulateEverythingWithData();
return(_hookModule);
}
public static void ExportMethodsToDll(string filename, List <MethodDef> nativeMethods, ModuleDefMD asmModule)
{
ModuleDef moduleDef = (ModuleDef) new ModuleDefUser((UTF8String)filename);
moduleDef.Kind = ModuleKind.Dll;
AssemblyDefUser assemblyDefUser = new AssemblyDefUser(new UTF8String("TestAssembly"), new Version(1, 2, 3, 4));
assemblyDefUser.Modules.Add(moduleDef);
moduleDef.Types.Add((TypeDef) new TypeDefUser((UTF8String)"Startup", (UTF8String)"MyType", moduleDef.CorLibTypes.Object.TypeDefOrRef));
TypeDef typeDef = moduleDef.Types.FirstOrDefault <TypeDef>((Func <TypeDef, bool>)(m => m.Name == "MyType"));
for (int i = 0; i < nativeMethods.Count; i++)
{
MethodDef methodDef = asmModule.GlobalType.Methods.FirstOrDefault <MethodDef>((Func <MethodDef, bool>)(m => m.Name == (string)nativeMethods[i].Name + "_IL"));
MethodDefUser methodDefUser = new MethodDefUser(new UTF8String(Encoding.UTF8.GetBytes((string)nativeMethods[i].Name)), methodDef.MethodSig, methodDef.Attributes);
methodDefUser.Body = methodDef.Body;
methodDefUser.DeclaringType = (TypeDef)null;
methodDefUser.Name = (UTF8String)Convert.ToBase64String(Encoding.UTF8.GetBytes((string)nativeMethods[i].Name));
typeDef.Methods.Add((MethodDef)methodDefUser);
}
ModuleWriterOptions options = new ModuleWriterOptions();
assemblyDefUser.Write(filename, options);
}
public static void ExportMethodsToDll(String filename, List <MethodDef> nativeMethods, ModuleDefMD asmModule)
{
// Create new module
ModuleDef mod = new ModuleDefUser(filename);
mod.Kind = ModuleKind.Dll;
var newAsm = new AssemblyDefUser(new UTF8String("TestAssembly"), new Version(1, 2, 3, 4));
newAsm.Modules.Add(mod);
// Add some type
mod.Types.Add(new TypeDefUser("Startup", "MyType", mod.CorLibTypes.Object.TypeDefOrRef));
var currentType = mod.Types.FirstOrDefault(m => m.Name == "MyType");
for (int i = 0; i < nativeMethods.Count; i++)
{
var ilMethod = asmModule.GlobalType.Methods.FirstOrDefault(m => m.Name == nativeMethods[i].Name + "_IL");
// We do clone the method since we have to set the DeclaringType to zero. But we don't want to mess with the reference
var clonedILMethod = new MethodDefUser(new UTF8String(Encoding.UTF8.GetBytes(nativeMethods[i].Name)), ilMethod.MethodSig, ilMethod.Attributes);
clonedILMethod.Body = ilMethod.Body;
clonedILMethod.DeclaringType = null;
clonedILMethod.Name = Convert.ToBase64String(Encoding.UTF8.GetBytes(nativeMethods[i].Name));
currentType.Methods.Add(clonedILMethod);
}
var testAssemblyWriterOptions = new ModuleWriterOptions();
// Do we want to suppress errors ?
// testAssemblyWriterOptions.Logger = DummyLogger.NoThrowInstance;
newAsm.Write(filename, testAssemblyWriterOptions);
}
// Token: 0x0600019A RID: 410 RVA: 0x00061B74 File Offset: 0x0005FD74
private void OnWriterEvent(object sender, ModuleWriterListenerEventArgs e)
{
ModuleWriterBase moduleWriterBase = (ModuleWriterBase)sender;
bool flag = e.WriterEvent == ModuleWriterEvent.MDBeginAddResources;
if (flag)
{
this.ctx.Context.CheckCancellation();
this.ctx.Context.Logger.Debug("Encrypting resources...");
bool flag2 = this.ctx.Context.Packer != null;
List <EmbeddedResource> list = this.ctx.Module.Resources.OfType <EmbeddedResource>().ToList <EmbeddedResource>();
bool flag3 = !flag2;
if (flag3)
{
this.ctx.Module.Resources.RemoveWhere((Resource res) => res is EmbeddedResource);
}
string text = this.ctx.Name.RandomName(RenameMode.Letters);
PublicKey publicKey = null;
bool flag4 = moduleWriterBase.TheOptions.StrongNameKey != null;
if (flag4)
{
publicKey = PublicKeyBase.CreatePublicKey(moduleWriterBase.TheOptions.StrongNameKey.PublicKey);
}
AssemblyDefUser assemblyDefUser = new AssemblyDefUser(text, new Version(0, 0), publicKey);
assemblyDefUser.Modules.Add(new ModuleDefUser(text + ".dll"));
ModuleDef manifestModule = assemblyDefUser.ManifestModule;
assemblyDefUser.ManifestModule.Kind = ModuleKind.Dll;
AssemblyRefUser asmRef = new AssemblyRefUser(manifestModule.Assembly);
bool flag5 = !flag2;
if (flag5)
{
foreach (EmbeddedResource embeddedResource in list)
{
embeddedResource.Attributes = ManifestResourceAttributes.Public;
manifestModule.Resources.Add(embeddedResource);
this.ctx.Module.Resources.Add(new AssemblyLinkedResource(embeddedResource.Name, asmRef, embeddedResource.Attributes));
}
}
byte[] array;
using (MemoryStream memoryStream = new MemoryStream())
{
manifestModule.Write(memoryStream, new ModuleWriterOptions
{
StrongNameKey = moduleWriterBase.TheOptions.StrongNameKey
});
array = memoryStream.ToArray();
}
array = this.ctx.Context.Registry.GetService <ICompressionService>().Compress(array, delegate(double progress)
{
this.ctx.Context.Logger.Progress((int)(progress * 10000.0), 10000);
});
this.ctx.Context.Logger.EndProgress();
this.ctx.Context.CheckCancellation();
uint num = (uint)((array.Length + 3) / 4);
num = (num + 15u & 4294967280u);
uint[] array2 = new uint[num];
Buffer.BlockCopy(array, 0, array2, 0, array.Length);
Debug.Assert(num % 16u == 0u);
uint num2 = this.ctx.Random.NextUInt32() | 16u;
uint[] array3 = new uint[16];
uint num3 = num2;
for (int i = 0; i < 16; i++)
{
num3 ^= num3 >> 13;
num3 ^= num3 << 25;
num3 ^= num3 >> 27;
array3[i] = num3;
}
byte[] array4 = new byte[array2.Length * 4];
int j;
for (j = 0; j < array2.Length; j += 16)
{
uint[] src = this.ctx.ModeHandler.Encrypt(array2, j, array3);
for (int k = 0; k < 16; k++)
{
array3[k] ^= array2[j + k];
}
Buffer.BlockCopy(src, 0, array4, j * 4, 64);
}
Debug.Assert(j == array2.Length);
uint num4 = (uint)array4.Length;
TablesHeap tablesHeap = moduleWriterBase.MetaData.TablesHeap;
tablesHeap.ClassLayoutTable[moduleWriterBase.MetaData.GetClassLayoutRid(this.ctx.DataType)].ClassSize = num4;
RawFieldRow rawFieldRow = tablesHeap.FieldTable[moduleWriterBase.MetaData.GetRid(this.ctx.DataField)];
rawFieldRow.Flags |= 256;
this.encryptedResource = moduleWriterBase.Constants.Add(new ByteArrayChunk(array4), 8u);
MutationHelper.InjectKeys(this.ctx.InitMethod, new int[]
{
0,
1
}, new int[]
{
(int)(num4 / 4u),
(int)num2
});
}
else
{
bool flag6 = e.WriterEvent == ModuleWriterEvent.EndCalculateRvasAndFileOffsets;
if (flag6)
{
TablesHeap tablesHeap2 = moduleWriterBase.MetaData.TablesHeap;
tablesHeap2.FieldRVATable[moduleWriterBase.MetaData.GetFieldRVARid(this.ctx.DataField)].RVA = (uint)this.encryptedResource.RVA;
}
}
}
void OnWriterEvent(object sender, ModuleWriterListenerEventArgs e)
{
var writer = (ModuleWriterBase)sender;
if (e.WriterEvent == ModuleWriterEvent.MDBeginAddResources)
{
ctx.Context.CheckCancellation();
ctx.Context.Logger.Debug("Encrypting resources...");
bool hasPacker = ctx.Context.Packer != null;
List <EmbeddedResource> resources = ctx.Module.Resources.OfType <EmbeddedResource>().ToList();
if (!hasPacker)
{
ctx.Module.Resources.RemoveWhere(res => res is EmbeddedResource);
}
// move resources
string asmName = ctx.Name.RandomName(RenameMode.Letters);
PublicKey pubKey = null;
if (writer.TheOptions.StrongNameKey != null)
{
pubKey = PublicKeyBase.CreatePublicKey(writer.TheOptions.StrongNameKey.PublicKey);
}
var assembly = new AssemblyDefUser(asmName, new Version(0, 0), pubKey);
assembly.Modules.Add(new ModuleDefUser(asmName + ".dll"));
ModuleDef module = assembly.ManifestModule;
assembly.ManifestModule.Kind = ModuleKind.Dll;
var asmRef = new AssemblyRefUser(module.Assembly);
if (!hasPacker)
{
foreach (EmbeddedResource res in resources)
{
res.Attributes = ManifestResourceAttributes.Public;
module.Resources.Add(res);
ctx.Module.Resources.Add(new AssemblyLinkedResource(res.Name, asmRef, res.Attributes));
}
}
byte[] moduleBuff;
using (var ms = new MemoryStream()) {
module.Write(ms, new ModuleWriterOptions {
StrongNameKey = writer.TheOptions.StrongNameKey
});
moduleBuff = ms.ToArray();
}
// compress
moduleBuff = ctx.Context.Registry.GetService <ICompressionService>().Compress(
moduleBuff,
progress => ctx.Context.Logger.Progress((int)(progress * 10000), 10000));
ctx.Context.Logger.EndProgress();
ctx.Context.CheckCancellation();
uint compressedLen = (uint)(moduleBuff.Length + 3) / 4;
compressedLen = (compressedLen + 0xfu) & ~0xfu;
var compressedBuff = new uint[compressedLen];
Buffer.BlockCopy(moduleBuff, 0, compressedBuff, 0, moduleBuff.Length);
Debug.Assert(compressedLen % 0x10 == 0);
// encrypt
uint keySeed = ctx.Random.NextUInt32() | 0x10;
var key = new uint[0x10];
uint state = keySeed;
for (int i = 0; i < 0x10; i++)
{
state ^= state >> 13;
state ^= state << 25;
state ^= state >> 27;
key[i] = state;
}
var encryptedBuffer = new byte[compressedBuff.Length * 4];
int buffIndex = 0;
while (buffIndex < compressedBuff.Length)
{
uint[] enc = ctx.ModeHandler.Encrypt(compressedBuff, buffIndex, key);
for (int j = 0; j < 0x10; j++)
{
key[j] ^= compressedBuff[buffIndex + j];
}
Buffer.BlockCopy(enc, 0, encryptedBuffer, buffIndex * 4, 0x40);
buffIndex += 0x10;
}
Debug.Assert(buffIndex == compressedBuff.Length);
var size = (uint)encryptedBuffer.Length;
TablesHeap tblHeap = writer.MetaData.TablesHeap;
tblHeap.ClassLayoutTable[writer.MetaData.GetClassLayoutRid(ctx.DataType)].ClassSize = size;
tblHeap.FieldTable[writer.MetaData.GetRid(ctx.DataField)].Flags |= (ushort)FieldAttributes.HasFieldRVA;
encryptedResource = writer.Constants.Add(new ByteArrayChunk(encryptedBuffer), 8);
// inject key values
MutationHelper.InjectKeys(ctx.InitMethod,
new[] { 0, 1 },
new[] { (int)(size / 4), (int)(keySeed) });
}
else if (e.WriterEvent == ModuleWriterEvent.EndCalculateRvasAndFileOffsets)
{
TablesHeap tblHeap = writer.MetaData.TablesHeap;
tblHeap.FieldRVATable[writer.MetaData.GetFieldRVARid(ctx.DataField)].RVA = (uint)encryptedResource.RVA;
}
}
protected override void Pack(ConfuserContext context, ProtectionParameters parameters)
{
var ctx = context.Annotations.Get <CompressorContext>(context, ContextKey);
if (ctx == null)
{
context.Logger.Error("No executable module!");
throw new ConfuserException(null);
}
ModuleDefMD originModule = context.Modules[ctx.ModuleIndex];
ctx.OriginModuleDef = originModule;
var stubModule = new ModuleDefUser(ctx.ModuleName, originModule.Mvid, originModule.CorLibTypes.AssemblyRef);
if (ctx.CompatMode)
{
var assembly = new AssemblyDefUser(originModule.Assembly);
assembly.Name += ".cr";
assembly.Modules.Add(stubModule);
var targetFramework = originModule.Assembly.CustomAttributes.FirstOrDefault(ca => ca.TypeFullName == "System.Runtime.Versioning.TargetFrameworkAttribute");
if (targetFramework != null)
{
var attrType = stubModule.CorLibTypes.GetTypeRef("System.Runtime.Versioning", "TargetFrameworkAttribute");
var ctorSig = MethodSig.CreateInstance(stubModule.CorLibTypes.Void, stubModule.CorLibTypes.String);
assembly.CustomAttributes.Add(new CustomAttribute(
new MemberRefUser(stubModule, ".ctor", ctorSig, attrType), new CAArgument[] { new CAArgument(stubModule.CorLibTypes.String, targetFramework.ConstructorArguments[0].Value) }));
}
}
else
{
ctx.Assembly.Modules.Insert(0, stubModule);
ImportAssemblyTypeReferences(originModule, stubModule);
}
stubModule.Characteristics = originModule.Characteristics;
stubModule.Context = originModule.Context;
stubModule.Cor20HeaderFlags = originModule.Cor20HeaderFlags;
stubModule.Cor20HeaderRuntimeVersion = originModule.Cor20HeaderRuntimeVersion;
stubModule.DllCharacteristics = originModule.DllCharacteristics;
stubModule.EncBaseId = originModule.EncBaseId;
stubModule.EncId = originModule.EncId;
stubModule.Generation = originModule.Generation;
stubModule.Kind = ctx.Kind;
stubModule.Machine = originModule.Machine;
stubModule.RuntimeVersion = originModule.RuntimeVersion;
stubModule.TablesHeaderVersion = originModule.TablesHeaderVersion;
stubModule.Win32Resources = originModule.Win32Resources;
InjectStub(context, ctx, parameters, stubModule);
var snKey = context.Annotations.Get <StrongNameKey>(originModule, Marker.SNKey);
var snPubKey = context.Annotations.Get <StrongNamePublicKey>(originModule, Marker.SNPubKey);
var snDelaySig = context.Annotations.Get <bool>(originModule, Marker.SNDelaySig, false);
var snSigKey = context.Annotations.Get <StrongNameKey>(originModule, Marker.SNSigKey);
var snPubSigKey = context.Annotations.Get <StrongNamePublicKey>(originModule, Marker.SNSigPubKey);
using (var ms = new MemoryStream()) {
var options = new ModuleWriterOptions(stubModule)
{
StrongNameKey = snKey,
StrongNamePublicKey = snPubKey,
DelaySign = snDelaySig
};
var injector = new KeyInjector(ctx);
options.WriterEvent += injector.WriterEvent;
stubModule.Write(ms, options);
context.CheckCancellation();
ProtectStub(context, context.OutputPaths[ctx.ModuleIndex], ms.ToArray(), snKey, snPubKey, snSigKey, snPubKey, snDelaySig, new StubProtection(ctx, originModule));
}
}
public static void Run()
{
// 创建一个新模块。 传入的字符串是模块的名称,而不是文件名。
ModuleDef mod = new ModuleDefUser("MyModule.exe");
// 这是一个控制台应用程序
mod.Kind = ModuleKind.Console;
//将模块添加到装配中
AssemblyDef asm = new AssemblyDefUser("MyAssembly", new Version(1, 2, 3, 4), null, "");
asm.Modules.Add(mod);
//添加.NET资源
// byte[] resourceData = Encoding.UTF8.GetBytes("Hello, world!");
//mod.Resources.Add(new EmbeddedResource("My.Resource", resourceData,
// ManifestResourceAttributes.Private));
// 添加启动类型。 它派生自System.Object。
TypeDef startUpType = new TypeDefUser("My.Namespace", "Startup", mod.CorLibTypes.Object.TypeDefOrRef);
startUpType.Attributes = TypeAttributes.NotPublic | TypeAttributes.AutoLayout |
TypeAttributes.Class | TypeAttributes.AnsiClass;
// 将类型添加到模块
mod.Types.Add(startUpType);
// 创建入口点方法
MethodDef entryPoint = new MethodDefUser("Main",
MethodSig.CreateStatic(mod.CorLibTypes.Void, new SZArraySig(mod.CorLibTypes.String)));
entryPoint.Attributes = MethodAttributes.Private | MethodAttributes.Static |
MethodAttributes.HideBySig | MethodAttributes.ReuseSlot;
entryPoint.ImplAttributes = MethodImplAttributes.IL | MethodImplAttributes.Managed;
// 命名第一个参数(参数0是返回类型)
entryPoint.ParamDefs.Add(new ParamDefUser("args", 1));
// 将方法添加到启动类型
startUpType.Methods.Add(entryPoint);
// 设置模块入口点
mod.EntryPoint = entryPoint;
// 创建TypeRef到System.Console
TypeRef consoleRef = new TypeRefUser(mod, "System", "Console", mod.CorLibTypes.AssemblyRef);
// 创建方法ref为'System.Void System.Console :: WriteLine(System.String)'
MemberRef consoleWrite1 = new MemberRefUser(mod, "WriteLine",
MethodSig.CreateStatic(mod.CorLibTypes.Void, mod.CorLibTypes.String),
consoleRef);
TypeRef ConsoleKeyInfo = new TypeRefUser(mod, "System", "ConsoleKeyInfo", mod.CorLibTypes.AssemblyRef);
//TypeRef stream = new TypeRefUser(mod, "System.IO", "Stream", mod.CorLibTypes.AssemblyRef);
ClassSig classSig = new ClassSig(ConsoleKeyInfo);
SZArraySig array5 = new SZArraySig(classSig);
ITypeDefOrRef type1 = array5.ToTypeDefOrRef();
ITypeDefOrRef type2 = classSig.ToTypeDefOrRef();
TypeSig type11 = type1.ToTypeSig();
TypeSig type22 = type2.ToTypeSig();
// 创建方法ref为'System.ConsoleKeyInfo
//System.Console::ReadKey()'
MemberRef consoleReadKey = new MemberRefUser(
mod,
"ReadLine",
//MethodSig.CreateStatic(mod.CorLibTypes.Void),
MethodSig.CreateStatic(mod.CorLibTypes.String),
consoleRef
);
//LocalList localList=new LocalList(new LazyList<Local>());
Local local = new Local(mod.CorLibTypes.String);
//localList.Add(local);
//SZArraySig SZArraySig = new SZArraySig(local);
// 将CIL方法体添加到入口点方法
CilBody epBody = new CilBody();
entryPoint.Body = epBody;
epBody.Variables.Add(local);
epBody.Instructions.Add(OpCodes.Nop.ToInstruction());
epBody.Instructions.Add(OpCodes.Ldstr.ToInstruction("小宇专属"));
epBody.Instructions.Add(OpCodes.Call.ToInstruction(consoleWrite1));
epBody.Instructions.Add(OpCodes.Ldstr.ToInstruction("xiaoyu"));
epBody.Instructions.Add(OpCodes.Call.ToInstruction(consoleWrite1));
epBody.Instructions.Add(OpCodes.Nop.ToInstruction());
epBody.Instructions.Add(OpCodes.Call.ToInstruction(consoleReadKey));
//epBody.Instructions.Add(OpCodes.Ldc_I4_0.ToInstruction());
epBody.Instructions.Add(OpCodes.Stloc_0.ToInstruction());
epBody.Instructions.Add(OpCodes.Ldloc_0.ToInstruction());
epBody.Instructions.Add(OpCodes.Call.ToInstruction(consoleWrite1));
epBody.Instructions.Add(OpCodes.Nop.ToInstruction());
epBody.Instructions.Add(OpCodes.Ret.ToInstruction());
// 将程序集保存到磁盘上的文件中
mod.Write(@"saved-assembly.exe");
}
static void Main(string[] args)
{
// Create assembly and main module
var assembly = new AssemblyDefUser("HelloWorld");
var module = new ModuleDefUser("HelloWorld.dll", null, new AssemblyRefUser("System.Runtime", new Version(4, 2, 2, 0)));
module.RuntimeVersion = dnlib.DotNet.MD.MDHeaderRuntimeVersion.MS_CLR_40;
// Create type Program
var type = new TypeDefUser(
@namespace: "HelloWorld",
name: "Program",
baseType: module.CorLibTypes.Object.TypeDefOrRef);
// Set class attributes
type.Attributes = TypeAttributes.Public | TypeAttributes.Class;
// Create method Main
var method = new MethodDefUser(
name: "Main",
methodSig: MethodSig.CreateStatic(
retType: module.CorLibTypes.Void,
argType1: new SZArraySig(module.CorLibTypes.String)));
// Name parameter
method.ParamDefs.Add(new ParamDefUser("args", 1));
// Set method attributes
method.Attributes = MethodAttributes.Public | MethodAttributes.Static;
// Set attributes for method's implementation
method.ImplAttributes = MethodImplAttributes.IL | MethodImplAttributes.Managed;
#region IMPLEMENTATION
// Create reference to System.Console
var consoleRef = new TypeRefUser(module, "System", "Console", new AssemblyRefUser("System.Console"));
// Create reference to System.Console::WriteLine(string)
var writeLineRef = new MemberRefUser(module, "WriteLine",
MethodSig.CreateStatic(
retType: module.CorLibTypes.Void,
argType1: module.CorLibTypes.String),
consoleRef);
// Implement body of the Program::Main(string[]) method
var body = new CilBody();
body.Instructions.Add(Instruction.Create(OpCodes.Ldstr, "Hello World!"));
body.Instructions.Add(Instruction.Create(OpCodes.Call, writeLineRef));
body.Instructions.Add(Instruction.Create(OpCodes.Br, body.Instructions.First()));
body.Instructions.Add(Instruction.Create(OpCodes.Ret));
method.Body = body;
#endregion
#region ASSEMBLE
// Wire-it up!
assembly.Modules.Add(module);
module.Types.Add(type);
type.Methods.Add(method);
// Set entrypoint
module.EntryPoint = method;
// Store assembly
module.Write(Path.Combine("Generated", "HelloWorld.dll"), new dnlib.DotNet.Writer.ModuleWriterOptions(module));
#endregion
}
void OnWriterEvent(object sender, ModuleWriterListenerEventArgs e) {
var writer = (ModuleWriterBase)sender;
if (e.WriterEvent == ModuleWriterEvent.MDBeginAddResources) {
ctx.Context.CheckCancellation();
ctx.Context.Logger.Debug("Encrypting resources...");
bool hasPacker = ctx.Context.Packer != null;
List<EmbeddedResource> resources = ctx.Module.Resources.OfType<EmbeddedResource>().ToList();
if (!hasPacker)
ctx.Module.Resources.RemoveWhere(res => res is EmbeddedResource);
// move resources
string asmName = ctx.Name.RandomName(RenameMode.Letters);
PublicKey pubKey = null;
if (writer.TheOptions.StrongNameKey != null)
pubKey = PublicKeyBase.CreatePublicKey(writer.TheOptions.StrongNameKey.PublicKey);
var assembly = new AssemblyDefUser(asmName, new Version(0, 0), pubKey);
assembly.Modules.Add(new ModuleDefUser(asmName + ".dll"));
ModuleDef module = assembly.ManifestModule;
assembly.ManifestModule.Kind = ModuleKind.Dll;
var asmRef = new AssemblyRefUser(module.Assembly);
if (!hasPacker) {
foreach (EmbeddedResource res in resources) {
res.Attributes = ManifestResourceAttributes.Public;
module.Resources.Add(res);
ctx.Module.Resources.Add(new AssemblyLinkedResource(res.Name, asmRef, res.Attributes));
}
}
byte[] moduleBuff;
using (var ms = new MemoryStream()) {
module.Write(ms, new ModuleWriterOptions { StrongNameKey = writer.TheOptions.StrongNameKey });
moduleBuff = ms.ToArray();
}
// compress
moduleBuff = ctx.Context.Registry.GetService<ICompressionService>().Compress(
moduleBuff,
progress => ctx.Context.Logger.Progress((int)(progress * 10000), 10000));
ctx.Context.Logger.EndProgress();
ctx.Context.CheckCancellation();
uint compressedLen = (uint)(moduleBuff.Length + 3) / 4;
compressedLen = (compressedLen + 0xfu) & ~0xfu;
var compressedBuff = new uint[compressedLen];
Buffer.BlockCopy(moduleBuff, 0, compressedBuff, 0, moduleBuff.Length);
Debug.Assert(compressedLen % 0x10 == 0);
// encrypt
uint keySeed = ctx.Random.NextUInt32() | 0x10;
var key = new uint[0x10];
uint state = keySeed;
for (int i = 0; i < 0x10; i++) {
state ^= state >> 13;
state ^= state << 25;
state ^= state >> 27;
key[i] = state;
}
var encryptedBuffer = new byte[compressedBuff.Length * 4];
int buffIndex = 0;
while (buffIndex < compressedBuff.Length) {
uint[] enc = ctx.ModeHandler.Encrypt(compressedBuff, buffIndex, key);
for (int j = 0; j < 0x10; j++)
key[j] ^= compressedBuff[buffIndex + j];
Buffer.BlockCopy(enc, 0, encryptedBuffer, buffIndex * 4, 0x40);
buffIndex += 0x10;
}
Debug.Assert(buffIndex == compressedBuff.Length);
var size = (uint)encryptedBuffer.Length;
TablesHeap tblHeap = writer.MetaData.TablesHeap;
tblHeap.ClassLayoutTable[writer.MetaData.GetClassLayoutRid(ctx.DataType)].ClassSize = size;
tblHeap.FieldTable[writer.MetaData.GetRid(ctx.DataField)].Flags |= (ushort)FieldAttributes.HasFieldRVA;
encryptedResource = writer.Constants.Add(new ByteArrayChunk(encryptedBuffer), 8);
// inject key values
MutationHelper.InjectKeys(ctx.InitMethod,
new[] { 0, 1 },
new[] { (int)(size / 4), (int)(keySeed) });
}
else if (e.WriterEvent == ModuleWriterEvent.EndCalculateRvasAndFileOffsets) {
TablesHeap tblHeap = writer.MetaData.TablesHeap;
tblHeap.FieldRVATable[writer.MetaData.GetFieldRVARid(ctx.DataField)].RVA = (uint)encryptedResource.RVA;
}
}
/// <summary>
/// Generate a test assembly.
/// </summary>
/// <returns>Assembly</returns>
public AssemblyDef Generate()
{
var module = new ModuleDefUser(_moduleName);
module.Kind = ModuleKind.Console;
var assembly = new AssemblyDefUser(_assemblyName, _assemblyVersion);
assembly.Modules.Add(module);
var mainType = this.CreateMainType(module);
module.Types.Add(mainType);
var generatedMethods = new List<MethodDef>();
foreach (var kvp in _methods)
{
var name = kvp.Key;
var instructions = kvp.Value(module, mainType);
var method = CreateVirtualizableMethod(module, name, instructions);
mainType.Methods.Add(method);
generatedMethods.Add(method);
}
var entryPoint = this.CreateEntryPoint(module, generatedMethods);
mainType.Methods.Add(entryPoint);
return assembly;
}
public static void Run()
{
// 创建一个新模块。 传入的字符串是模块的名称,而不是文件名。
ModuleDef mod = new ModuleDefUser("MyModule.exe");
// 这是一个控制台应用程序
mod.Kind = ModuleKind.Console;
//将模块添加到装配中
AssemblyDef asm = new AssemblyDefUser("MyAssembly", new Version(1, 2, 3, 4), null, "");
asm.Modules.Add(mod);
//添加.NET资源
// byte[] resourceData = Encoding.UTF8.GetBytes("Hello, world!");
//mod.Resources.Add(new EmbeddedResource("My.Resource", resourceData,
// ManifestResourceAttributes.Private));
// 添加启动类型。 它派生自System.Object。
TypeDef startUpType = new TypeDefUser("My.Namespace", "Startup", mod.CorLibTypes.Object.TypeDefOrRef);
startUpType.Attributes = TypeAttributes.NotPublic | TypeAttributes.AutoLayout |
TypeAttributes.Class | TypeAttributes.AnsiClass;
// 将类型添加到模块
mod.Types.Add(startUpType);
// 创建入口点方法
MethodDef entryPoint = new MethodDefUser("Main",
MethodSig.CreateStatic(mod.CorLibTypes.Void, new SZArraySig(mod.CorLibTypes.String)));
entryPoint.Attributes = MethodAttributes.Private | MethodAttributes.Static |
MethodAttributes.HideBySig | MethodAttributes.ReuseSlot;
entryPoint.ImplAttributes = MethodImplAttributes.IL | MethodImplAttributes.Managed;
// 命名第一个参数(参数0是返回类型)
entryPoint.ParamDefs.Add(new ParamDefUser("args", 1));
// 将方法添加到启动类型
startUpType.Methods.Add(entryPoint);
// 设置模块入口点
mod.EntryPoint = entryPoint;
// 创建TypeRef到System.Console
TypeRef consoleRef = new TypeRefUser(mod, "System", "Console", mod.CorLibTypes.AssemblyRef);
// 创建方法ref为'System.Void System.Console :: WriteLine(System.String)'
MemberRef consoleWrite1 = new MemberRefUser(mod, "WriteLine",
MethodSig.CreateStatic(mod.CorLibTypes.Void, mod.CorLibTypes.String),
consoleRef);
//System.Console::ReadKey()'
MemberRef memberRefReadLine = new MemberRefUser(
mod,
"ReadLine",
//MethodSig.CreateStatic(mod.CorLibTypes.Void),
MethodSig.CreateStatic(mod.CorLibTypes.String),
consoleRef
);
// 创建TypeRef到System.Console
TypeRef int32Ref = new TypeRefUser(mod, "System", "Int32", mod.CorLibTypes.AssemblyRef);
MemberRef memberRefParse = new MemberRefUser(
mod,
"Parse",
MethodSig.CreateStatic(mod.CorLibTypes.Int32, mod.CorLibTypes.String),
int32Ref
);
//string[mscorlib] System.String::Concat(object[])
TypeRef stringRef = new TypeRefUser(mod, "System", "String", mod.CorLibTypes.AssemblyRef);
MemberRef memberRefSystemStringConcat = new MemberRefUser(
mod,
"Concat",
MethodSig.CreateStatic(mod.CorLibTypes.String, new SZArraySig(mod.CorLibTypes.Object)),
stringRef
);
// 将CIL方法体添加到入口点方法
CilBody epBody = new CilBody();
entryPoint.Body = epBody;
epBody.Variables.Add(new Local(mod.CorLibTypes.String, "s1"));
epBody.Variables.Add(new Local(mod.CorLibTypes.Int32, "i1"));
epBody.Variables.Add(new Local(mod.CorLibTypes.Int32, "i2"));
epBody.Variables.Add(new Local(mod.CorLibTypes.String, "s2"));
//: nop
//: ldstr "xyzs"
//: call void [mscorlib]System.Console::WriteLine(string)
epBody.Instructions.Add(OpCodes.Nop.ToInstruction());
epBody.Instructions.Add(OpCodes.Ldstr.ToInstruction("小宇专属"));
epBody.Instructions.Add(OpCodes.Call.ToInstruction(consoleWrite1));
//: nop
//: call string [mscorlib]System.Console::ReadLine()
//: stloc.0
//: ldloc.0
//: call void [mscorlib]System.Console::WriteLine(string)
epBody.Instructions.Add(OpCodes.Nop.ToInstruction());
epBody.Instructions.Add(OpCodes.Call.ToInstruction(memberRefReadLine));
epBody.Instructions.Add(OpCodes.Stloc_0.ToInstruction());
epBody.Instructions.Add(OpCodes.Ldloc_0.ToInstruction());
epBody.Instructions.Add(OpCodes.Call.ToInstruction(consoleWrite1));
//: nop
epBody.Instructions.Add(OpCodes.Nop.ToInstruction());
//: call string [mscorlib]System.Console::ReadLine()
epBody.Instructions.Add(OpCodes.Call.ToInstruction(memberRefReadLine));
//: call int32 [mscorlib]System.Int32::Parse(string)
epBody.Instructions.Add(OpCodes.Call.ToInstruction(memberRefParse));
//: stloc.1
epBody.Instructions.Add(OpCodes.Stloc_1.ToInstruction());
//: call string [mscorlib]System.Console::ReadLine()
epBody.Instructions.Add(OpCodes.Call.ToInstruction(memberRefReadLine));
//: call int32 [mscorlib]System.Int32::Parse(string)
epBody.Instructions.Add(OpCodes.Call.ToInstruction(memberRefParse));
//: stloc.2
epBody.Instructions.Add(OpCodes.Stloc_2.ToInstruction());
//: ldc.i4.5
epBody.Instructions.Add(OpCodes.Ldc_I4_5.ToInstruction());
//: newarr [mscorlib]System.Object
epBody.Instructions.Add(OpCodes.Newarr.ToInstruction(mod.CorLibTypes.Object));
//: dup
epBody.Instructions.Add(OpCodes.Dup.ToInstruction());
//: ldc.i4.0
epBody.Instructions.Add(OpCodes.Ldc_I4_0.ToInstruction());
//: ldloc.1
epBody.Instructions.Add(OpCodes.Ldloc_1.ToInstruction());
//: box [mscorlib]System.Int32
epBody.Instructions.Add(OpCodes.Box.ToInstruction(mod.CorLibTypes.Int32));
//: stelem.ref
epBody.Instructions.Add(OpCodes.Stelem_Ref.ToInstruction());
//: dup
epBody.Instructions.Add(OpCodes.Dup.ToInstruction());
//: ldc.i4.1
epBody.Instructions.Add(OpCodes.Ldc_I4_1.ToInstruction());
//: ldstr "+"
epBody.Instructions.Add(OpCodes.Ldstr.ToInstruction("+"));
//: stelem.ref
epBody.Instructions.Add(OpCodes.Stelem_Ref.ToInstruction());
//: dup
epBody.Instructions.Add(OpCodes.Dup.ToInstruction());
//: ldc.i4.2
epBody.Instructions.Add(OpCodes.Ldc_I4_2.ToInstruction());
//: ldloc.2
epBody.Instructions.Add(OpCodes.Ldloc_2.ToInstruction());
//: box [mscorlib]System.Int32
epBody.Instructions.Add(OpCodes.Box.ToInstruction(mod.CorLibTypes.Int32));
//: stelem.ref
epBody.Instructions.Add(OpCodes.Stelem_Ref.ToInstruction());
//: dup
epBody.Instructions.Add(OpCodes.Dup.ToInstruction());
//: ldc.i4.3
epBody.Instructions.Add(OpCodes.Ldc_I4_3.ToInstruction());
//: ldstr "="
epBody.Instructions.Add(OpCodes.Ldstr.ToInstruction("="));
//: stelem.ref
epBody.Instructions.Add(OpCodes.Stelem_Ref.ToInstruction());
//: dup
epBody.Instructions.Add(OpCodes.Dup.ToInstruction());
//: ldc.i4.4
epBody.Instructions.Add(OpCodes.Ldc_I4_4.ToInstruction());
//: ldloc.1
epBody.Instructions.Add(OpCodes.Ldloc_1.ToInstruction());
//: ldloc.2
epBody.Instructions.Add(OpCodes.Ldloc_2.ToInstruction());
//: add
epBody.Instructions.Add(OpCodes.Add.ToInstruction());
//: box [mscorlib]System.Int32
epBody.Instructions.Add(OpCodes.Box.ToInstruction(mod.CorLibTypes.Int32));
//: stelem.ref
epBody.Instructions.Add(OpCodes.Stelem_Ref.ToInstruction());
//: call string [mscorlib]System.String::Concat(object[])
epBody.Instructions.Add(OpCodes.Call.ToInstruction(memberRefSystemStringConcat));
//: call void [mscorlib]System.Console::WriteLine(string)
epBody.Instructions.Add(OpCodes.Call.ToInstruction(consoleWrite1));
//: nop
epBody.Instructions.Add(OpCodes.Nop.ToInstruction());
//: ldstr "xyzs"
epBody.Instructions.Add(OpCodes.Ldstr.ToInstruction("xyzs"));
//: call void [mscorlib]System.Console::WriteLine(string)
epBody.Instructions.Add(OpCodes.Call.ToInstruction(consoleWrite1));
//: nop
epBody.Instructions.Add(OpCodes.Nop.ToInstruction());
//: call string [mscorlib]System.Console::ReadLine()
epBody.Instructions.Add(OpCodes.Call.ToInstruction(memberRefReadLine));
//: stloc.3
epBody.Instructions.Add(OpCodes.Stloc_3.ToInstruction());
//: ldloc.3
epBody.Instructions.Add(OpCodes.Ldloc_3.ToInstruction());
//: call void [mscorlib]System.Console::WriteLine(string)
epBody.Instructions.Add(OpCodes.Call.ToInstruction(consoleWrite1));
//: nop
epBody.Instructions.Add(OpCodes.Nop.ToInstruction());
//: ret
epBody.Instructions.Add(OpCodes.Ret.ToInstruction());
// 将程序集保存到磁盘上的文件中
mod.Write(@"saved-assembly31.exe");
}
protected override void Pack(ConfuserContext context, ProtectionParameters parameters)
{
var ctx = context.Annotations.Get <CompressorContext>(context, ContextKey);
if (ctx == null)
{
context.Logger.Error("No executable module!");
throw new ConfuserException(null);
}
ModuleDefMD originModule = context.Modules[ctx.ModuleIndex];
ctx.OriginModuleDef = originModule;
var stubModule = new ModuleDefUser(ctx.ModuleName, originModule.Mvid, originModule.CorLibTypes.AssemblyRef);
if (ctx.CompatMode)
{
var assembly = new AssemblyDefUser(originModule.Assembly);
assembly.Name += ".cr";
assembly.Modules.Add(stubModule);
}
else
{
ctx.Assembly.Modules.Insert(0, stubModule);
ImportAssemblyTypeReferences(originModule, stubModule);
}
stubModule.Characteristics = originModule.Characteristics;
stubModule.Cor20HeaderFlags = originModule.Cor20HeaderFlags;
stubModule.Cor20HeaderRuntimeVersion = originModule.Cor20HeaderRuntimeVersion;
stubModule.DllCharacteristics = originModule.DllCharacteristics;
stubModule.EncBaseId = originModule.EncBaseId;
stubModule.EncId = originModule.EncId;
stubModule.Generation = originModule.Generation;
stubModule.Kind = ctx.Kind;
stubModule.Machine = originModule.Machine;
stubModule.RuntimeVersion = originModule.RuntimeVersion;
stubModule.TablesHeaderVersion = originModule.TablesHeaderVersion;
stubModule.Win32Resources = originModule.Win32Resources;
InjectStub(context, ctx, parameters, stubModule);
var snKey = context.Annotations.Get <StrongNameKey>(originModule, Marker.SNKey);
var snPubKey = context.Annotations.Get <StrongNamePublicKey>(originModule, Marker.SNPubKey);
var snDelaySig = context.Annotations.Get <bool>(originModule, Marker.SNDelaySig, false);
var snSigKey = context.Annotations.Get <StrongNameKey>(originModule, Marker.SNSigKey);
var snPubSigKey = context.Annotations.Get <StrongNamePublicKey>(originModule, Marker.SNSigPubKey);
using (var ms = new MemoryStream()) {
var options = new ModuleWriterOptions(stubModule)
{
StrongNameKey = snKey,
StrongNamePublicKey = snPubKey,
DelaySign = snDelaySig
};
var injector = new KeyInjector(ctx);
options.WriterEvent += injector.WriterEvent;
stubModule.Write(ms, options);
context.CheckCancellation();
ProtectStub(context, context.OutputPaths[ctx.ModuleIndex], ms.ToArray(), snKey, snPubKey, snSigKey, snPubKey, snDelaySig, new StubProtection(ctx, originModule));
}
}
