static void Main(string[] args)
{
Console.Title = "RzyDesintegrator";
Console.ForegroundColor = ConsoleColor.Yellow;
string directory = args[0];
try
{
Program.module = ModuleDefMD.Load(directory);
Program.asm = Assembly.LoadFrom(directory);
Program.Asmpath = directory;
}
catch (Exception)
{
Logger.Write("Not a .NET Assembly...", Logger.Type.Error);
Console.ReadKey();
Environment.Exit(0);
}
AssemblyDef assembly = AssemblyDef.Load(directory);
try { Calli.run(module); }
catch (Exception e) { Logger.Write($"Error while trying to remove Calli Protection." + e, Logger.Type.Error); }
string text = Path.GetDirectoryName(directory);
if (!text.EndsWith("\\"))
{
text += "\\";
}
string filename = string.Format("{0}{1}-Desintegrated{2}", text, Path.GetFileNameWithoutExtension(directory), Path.GetExtension(directory));
ModuleWriterOptions writerOptions = new ModuleWriterOptions(module);
writerOptions.MetaDataOptions.Flags |= MetaDataFlags.PreserveAll;
writerOptions.Logger = DummyLogger.NoThrowInstance;
NativeModuleWriterOptions NativewriterOptions = new NativeModuleWriterOptions(module);
NativewriterOptions.MetaDataOptions.Flags |= MetaDataFlags.PreserveAll;
NativewriterOptions.Logger = DummyLogger.NoThrowInstance;
if (module.IsILOnly)
{
module.Write(filename, writerOptions);
}
else
{
module.NativeWrite(filename, NativewriterOptions);
}
Logger.Write($"File saved at: {filename}", Logger.Type.Done);
Console.ReadKey();
Environment.Exit(0);
}
private void Button_Click(object sender, RoutedEventArgs e)
{
var time = DateTime.Now.ToString("hh:mm:ss");
ModuleContext modCtx = ModuleDef.CreateModuleContext();
var module = ModuleDefMD.Load(Program.Text, modCtx);
ConsoleLog.Foreground = Brushes.Black;
ConsoleLog.AppendText($"{time} Starting obfuscation{Environment.NewLine}");
if (String_Encryption.IsChecked == true)
{
StringEncPhase.Execute(module);
ConsoleLog.AppendText($"{time} Processing string encryption{Environment.NewLine}");
}
if (Online_Decryption.IsChecked == true)
{
OnlinePhase.Execute(module);
ConsoleLog.AppendText($"{time} Processing online decryption{Environment.NewLine}");
}
if (Cflow.IsChecked == true)
{
ControlFlowObfuscation.Execute(module);
ConsoleLog.AppendText($"{time} Processing control flow{Environment.NewLine}");
}
if (IntConf.IsChecked == true)
{
AddIntPhase.Execute2(module);
ConsoleLog.AppendText($"{time} Processing integer confusion{Environment.NewLine}");
}
if (SUC.IsChecked == true)
{
StackUnfConfusion.Execute(module);
ConsoleLog.AppendText($"{time} Processing stack confusion{Environment.NewLine}");
}
if (Ahri.IsChecked == true)
{
Arithmetic.Execute(module);
ConsoleLog.AppendText($"{time} Processing math calculations{Environment.NewLine}");
}
if (LF.IsChecked == true)
{
L2F.Execute(module);
ConsoleLog.AppendText($"{time} Processing constant fields{Environment.NewLine}");
}
if (LFV2.IsChecked == true)
{
L2FV2.Execute(module);
ConsoleLog.AppendText($"{time} Processing local fields{Environment.NewLine}");
}
if (Calli_.IsChecked == true)
{
Calli.Execute(module);
ConsoleLog.AppendText($"{time} Processing calli conversion{Environment.NewLine}");
}
if (Proxy_String.IsChecked == true)
{
ProxyString.Execute(module);
ConsoleLog.AppendText($"{time} Processing proxy strings{Environment.NewLine}");
}
if (ProxyConstants.IsChecked == true)
{
ProxyINT.Execute(module);
ConsoleLog.AppendText($"{time} Processing proxy constants{Environment.NewLine}");
}
if (Proxy_Meth.IsChecked == true)
{
ProxyMeth.Execute(module);
ConsoleLog.AppendText($"{time} Processing proxy methods{Environment.NewLine}");
}
if (Anti_De4dot.IsChecked == true)
{
AntiDecompile.Execute(module.Assembly);
ConsoleLog.AppendText($"{time} Processing anti-decompile{Environment.NewLine}");
}
if (JumpCflow.IsChecked == true)
{
JumpCFlow.Execute(module);
ConsoleLog.AppendText($"{time} Processing flow conversion{Environment.NewLine}");
}
if (AntiDebug.IsChecked == true)
{
Anti_Debug.Execute(module);
ConsoleLog.AppendText($"{time} Processing anti-debug{Environment.NewLine}");
}
if (Anti_Dump.IsChecked == true)
{
AntiDump.Execute(module);
ConsoleLog.AppendText($"{time} Processing anti-dump{Environment.NewLine}");
}
if (AntiTamper.IsChecked == true)
{
Protection.Software.AntiTamper.Execute(module);
ConsoleLog.AppendText($"{time} Processing anti-tamper{Environment.NewLine}");
}
if (InvalidMD.IsChecked == true)
{
InvalidMDPhase.Execute(module.Assembly);
ConsoleLog.AppendText($"{time} Processing invalid metadata{Environment.NewLine}");
}
var text2 = Path.GetDirectoryName(Program.Text);
if (text2 != null && !text2.EndsWith("\\"))
{
text2 += "\\";
}
var path = $"{text2}{Path.GetFileNameWithoutExtension(Program.Text)}_protected{Path.GetExtension(Program.Text)}";
module.Write(path,
new ModuleWriterOptions(module)
{
PEHeadersOptions = { NumberOfRvaAndSizes = 13 }, Logger = DummyLogger.NoThrowInstance
});
ConsoleLog.AppendText($"{time} File: {path}{Environment.NewLine}{Environment.NewLine}");
if (AntiTamper.IsChecked == true)
{
Protection.Software.AntiTamper.Sha256(path);
}
}
// Token: 0x060000FE RID: 254 RVA: 0x00015024 File Offset: 0x00013224
private void metroButton2_Click(object sender, EventArgs e)
{
ModuleDef moduleDef = ModuleDefMD.Load(this.metroTextBox1.Text);
bool numberToString = Settings.NumberToString;
if (numberToString)
{
Constants__numbers_.ObfuscateNumbers(moduleDef);
}
bool stackUnderflow = Settings.StackUnderflow;
if (stackUnderflow)
{
Stack_Underflow.StackUnderflow(moduleDef);
}
bool sizeOf = Settings.SizeOf;
if (sizeOf)
{
SizeOf.Sizeof(moduleDef);
}
bool disConstants = Settings.DisConstants;
if (disConstants)
{
Distant_Constants.DisConstants(moduleDef);
}
bool refProxy = Settings.RefProxy;
if (refProxy)
{
Method_Wiper.Execute(moduleDef);
}
bool constants = Settings.Constants;
if (constants)
{
Constants__numbers_.Inject(moduleDef);
}
bool localToFields = Settings.LocalToFields;
if (localToFields)
{
LocalToFields.Protect(moduleDef);
}
bool renamer = Settings.Renamer;
if (renamer)
{
Renamer.Execute(moduleDef);
}
bool controlFlow = Settings.ControlFlow;
if (controlFlow)
{
Control_Flow.Encrypt(moduleDef);
Constants__numbers_.Execute(moduleDef);
}
bool constant_Mutation = Settings.Constant_Mutation;
if (constant_Mutation)
{
Constant_Mutation.Execute(moduleDef);
}
bool antiDe4dot = Settings.AntiDe4dot;
if (antiDe4dot)
{
Anti_De4dot.RemoveDe4dot(moduleDef);
}
bool antiILdasm = Settings.AntiILdasm;
if (antiILdasm)
{
Anti_ILDasm.Anti(moduleDef);
}
bool koiVMFakeSig = Settings.KoiVMFakeSig;
if (koiVMFakeSig)
{
KoiVM_Fake_Watermark.Execute(moduleDef);
}
bool antiDump = Settings.AntiDump;
if (antiDump)
{
AntiDump.Inject(moduleDef);
}
bool invalidMetadata = Settings.InvalidMetadata;
if (invalidMetadata)
{
Invalid_Metadata.InvalidMD(moduleDef);
}
bool calli = Settings.Calli;
if (calli)
{
Calli.Execute(moduleDef);
}
bool antiHTTPDebugger = Settings.AntiHTTPDebugger;
if (antiHTTPDebugger)
{
Anti_Http_Debugger.Execute(moduleDef);
}
bool antiFiddler = Settings.AntiFiddler;
if (antiFiddler)
{
Anti_Fiddler.Execute(moduleDef);
}
bool stringEncryption = Settings.StringEncryption;
if (stringEncryption)
{
String_Encryption.Inject(moduleDef);
}
Watermark.Execute(moduleDef);
ModuleDef manifestModule = moduleDef.Assembly.ManifestModule;
moduleDef.EntryPoint.Name = "BlinkRE";
moduleDef.Mvid = new Guid?(Guid.NewGuid());
bool strong = Settings.Strong;
if (strong)
{
Protection.Protect(moduleDef);
Inject.ProtectValue(moduleDef);
Inject.DoubleProtect(moduleDef);
Inject.Triple(moduleDef);
Inject.Triple(moduleDef);
Method_Wiper.Execute(moduleDef);
Assembly.MarkAssembly(moduleDef);
Locals.Protect(moduleDef);
}
Directory.CreateDirectory(".\\AtomicProtected");
moduleDef.Write(".\\AtomicProtected\\" + Path.GetFileName(this.metroTextBox1.Text), new ModuleWriterOptions(moduleDef)
{
PEHeadersOptions =
{
NumberOfRvaAndSizes = new uint?(13U)
},
MetaDataOptions =
{
TablesHeapOptions =
{
ExtraData = new uint?(4919U)
}
},
Logger = DummyLogger.NoThrowInstance
});
Process.Start(".\\AtomicProtected");
MessageBox.Show("Obfuscation complete! Restart to obfuscate again");
Environment.Exit(0);
}
private void Button_Click(object sender, RoutedEventArgs e)
{
var time = DateTime.Now.ToString("hh:mm:ss");
var module = ModuleDefMD.Load(LoadBox.Text);
if (StringEnc.IsChecked == true)
{
StringEncPhase.Execute(module);
ConsoleLog.Foreground = Brushes.Aqua;
ConsoleLog.AppendText($"{time} Processing String Encryption{Environment.NewLine}");
}
if (SOD.IsChecked == true)
{
OnlinePhase.Execute(module);
ConsoleLog.AppendText($"{time} Processing Online Decryption{Environment.NewLine}");
}
if (Cflow.IsChecked == true)
{
ControlFlowObfuscation.Execute(module);
ConsoleLog.AppendText($"{time} Processing Control Flow{Environment.NewLine}");
}
if (IntConf.IsChecked == true)
{
AddIntPhase.Execute2(module);
ConsoleLog.AppendText($"{time} Processing Int Confusion{Environment.NewLine}");
}
if (SUC.IsChecked == true)
{
StackUnfConfusion.Execute(module);
ConsoleLog.AppendText($"{time} Processing StackUnfConfusion{Environment.NewLine}");
}
if (Ahri.IsChecked == true)
{
Arithmetic.Execute(module);
ConsoleLog.AppendText($"{time} Processing Arithmetic{Environment.NewLine}");
}
if (LF.IsChecked == true)
{
L2F.Execute(module);
ConsoleLog.AppendText($"{time} Processing Local Field{Environment.NewLine}");
}
if (LFV2.IsChecked == true)
{
L2FV2.Execute(module);
ConsoleLog.AppendText($"{time} Processing Local Field V2{Environment.NewLine}");
}
if (Calli_.IsChecked == true)
{
Calli.Execute(module);
ConsoleLog.AppendText($"{time} Processing Call To Calli{Environment.NewLine}");
}
if (Proxy_String.IsChecked == true)
{
ProxyString.Execute(module);
ConsoleLog.AppendText($"{time} Processing Proxy Strings{Environment.NewLine}");
}
if (ProxyConstants.IsChecked == true)
{
ProxyINT.Execute(module);
ConsoleLog.AppendText($"{time} Processing Proxy Constants{Environment.NewLine}");
}
if (Proxy_Meth.IsChecked == true)
{
ProxyMeth.Execute(module);
ConsoleLog.AppendText($"{time} Processing Proxy Methods{Environment.NewLine}");
}
if (Renamer.IsChecked == true)
{
RenamerPhase.Execute(module);
ConsoleLog.AppendText($"{time} Processing Renaming{Environment.NewLine}");
}
if (Anti_De4dot.IsChecked == true)
{
AntiDe4dot.Execute(module.Assembly);
ConsoleLog.AppendText($"{time} Processing Anti De4dot{Environment.NewLine}");
}
if (JumpCflow.IsChecked == true)
{
JumpCFlow.Execute(module);
ConsoleLog.AppendText($"{time} Processing Jump Control flow{Environment.NewLine}");
}
if (AntiDebug.IsChecked == true)
{
Anti_Debug.Execute(module);
ConsoleLog.AppendText($"{time} Processing Anti Debug{Environment.NewLine}");
}
if (Anti_Dump.IsChecked == true)
{
AntiDump.Execute(module);
ConsoleLog.AppendText($"{time} Processing Anti Dump{Environment.NewLine}");
}
if (AntiTamper.IsChecked == true)
{
Protection.Anti.AntiTamper.Execute(module);
ConsoleLog.AppendText($"{time} Processing Anti Tamper{Environment.NewLine}");
}
if (InvalidMD.IsChecked == true)
{
InvalidMDPhase.Execute(module.Assembly);
ConsoleLog.AppendText($"{time} Processing Invalid MetaData{Environment.NewLine}");
}
var text2 = Path.GetDirectoryName(LoadBox.Text);
if (text2 != null && !text2.EndsWith("\\"))
{
text2 += "\\";
}
var path = $"{text2}{Path.GetFileNameWithoutExtension(LoadBox.Text)}_protected{Path.GetExtension(LoadBox.Text)}";
module.Write(path,
new ModuleWriterOptions(module)
{
PEHeadersOptions = { NumberOfRvaAndSizes = 13 }, Logger = DummyLogger.NoThrowInstance
});
ConsoleLog.AppendText($"{time} {path}");
if (AntiTamper.IsChecked == true)
{
Protection.Anti.AntiTamper.Sha256(path);
}
}
public static unsafe int Calliint(void *thisObject, void *arg0, void *arg1, void *methodPtr)
{
return(Calli <int, IntPtr, IntPtr, IntPtr> .Invoke((IntPtr)methodPtr, (IntPtr)thisObject, (IntPtr)arg0, (IntPtr)arg1));
}