public void OnWriterEvent(ModuleWriterBase writer, ModuleWriterEvent evt)
{
if (evt == ModuleWriterEvent.MDBeginCreateTables)
{
// Add key signature
uint sigBlob = writer.MetaData.BlobHeap.Add(ctx.KeySig);
uint sigRid = writer.MetaData.TablesHeap.StandAloneSigTable.Add(new RawStandAloneSigRow(sigBlob));
Debug.Assert(sigRid == 1);
uint sigToken = 0x11000000 | sigRid;
ctx.KeyToken = sigToken;
MutationHelper.InjectKey(writer.Module.EntryPoint, 2, (int)sigToken);
}
else if (evt == ModuleWriterEvent.MDBeginAddResources)
{
// Compute hash
byte[] hash = SHA1.Create().ComputeHash(ctx.OriginModule);
uint hashBlob = writer.MetaData.BlobHeap.Add(hash);
MDTable <RawFileRow> fileTbl = writer.MetaData.TablesHeap.FileTable;
uint fileRid = fileTbl.Add(new RawFileRow(
(uint)FileAttributes.ContainsMetaData,
writer.MetaData.StringsHeap.Add("koi"),
hashBlob));
uint impl = CodedToken.Implementation.Encode(new MDToken(Table.File, fileRid));
// Add resources
MDTable <RawManifestResourceRow> resTbl = writer.MetaData.TablesHeap.ManifestResourceTable;
foreach (var resource in ctx.ManifestResources)
{
resTbl.Add(new RawManifestResourceRow(resource.Item1, resource.Item2, writer.MetaData.StringsHeap.Add(resource.Item3), impl));
}
}
}
// Gets notified during module writing
public void OnWriterEvent(ModuleWriterBase writer, ModuleWriterEvent evt)
{
switch (evt)
{
case ModuleWriterEvent.Begin:
break;
case ModuleWriterEvent.PESectionsCreated:
Anti.Tamper.WriteSection(writer);
break;
case ModuleWriterEvent.EndCalculateRvasAndFileOffsets:
var x = writer.Sections.Find(s => s.Name == ".dummy");
sectionrva = (uint)x.RVA;
//System.Windows.Forms.MessageBox.Show(x.RVA.ToString("X"));
break;
case ModuleWriterEvent.End:
break;
default:
break;
}
}
private static void OnWriterEvent(object sender, NETUtils.ModuleWriterListener.ModuleWriterListenerEventArgs e)
{
if (e.WriterEvent == ModuleWriterEvent.MDBeginCreateTables)
{
ModuleWriterBase writer = (ModuleWriterBase)sender;
uint sigBlob = writer.MetaData.BlobHeap.Add(encodingBytes);
uint sigRid = writer.MetaData.TablesHeap.StandAloneSigTable.Add(new RawStandAloneSigRow(sigBlob));
uint sigToken = 0x11000000 | sigRid;
Inject(sigToken);
}
}
private void EncodeField(object sender, ModuleWriterListenerEventArgs e)
{
ModuleWriterBase base2 = (ModuleWriterBase)sender;
if (e.WriterEvent == ModuleWriterEvent.MDMemberDefRidsAllocated)
{
Dictionary <TypeDef, Func <int, int> > dictionary = (from entry in this.keyAttrs
where entry != null
select entry).ToDictionary <Tuple <TypeDef, Func <int, int> >, TypeDef, Func <int, int> >(entry => entry.Item1, entry => entry.Item2);
foreach (FieldDesc desc in this.fieldDescs)
{
uint raw = base2.MetaData.GetToken(desc.Method).Raw;
uint num = this.encodeCtx.Random.NextUInt32() | 1;
CustomAttribute attribute = desc.Field.CustomAttributes[0];
int num3 = dictionary[(TypeDef)attribute.AttributeType]((int)MathsUtils.modInv(num));
attribute.ConstructorArguments.Add(new CAArgument(this.encodeCtx.Module.CorLibTypes.Int32, num3));
raw *= num;
raw = (uint)desc.InitDesc.Encoding.Encode(desc.InitDesc.Method, this.encodeCtx, (int)raw);
char[] chArray = new char[5];
chArray[desc.InitDesc.OpCodeIndex] = (char)(((byte)desc.OpCode) ^ desc.OpKey);
byte[] buffer = this.encodeCtx.Random.NextBytes(4);
uint num4 = 0;
int index = 0;
goto Label_01E1;
Label_018D:
buffer[index] = this.encodeCtx.Random.NextByte();
Label_01A2:
if (buffer[index] == 0)
{
goto Label_018D;
}
chArray[desc.InitDesc.TokenNameOrder[index]] = (char)buffer[index];
num4 |= (uint)(buffer[index] << desc.InitDesc.TokenByteOrder[index]);
index++;
Label_01E1:
if (index < 4)
{
goto Label_01A2;
}
desc.Field.Name = new string(chArray);
FieldSig fieldSig = desc.Field.FieldSig;
uint num6 = (raw - base2.MetaData.GetToken(((CModOptSig)fieldSig.Type).Modifier).Raw) ^ num4;
byte[] buffer2 = new byte[8];
buffer2[0] = 0xc0;
buffer2[3] = (byte)(num6 >> desc.InitDesc.TokenByteOrder[3]);
buffer2[4] = 0xc0;
buffer2[5] = (byte)(num6 >> desc.InitDesc.TokenByteOrder[2]);
buffer2[6] = (byte)(num6 >> desc.InitDesc.TokenByteOrder[1]);
buffer2[7] = (byte)(num6 >> desc.InitDesc.TokenByteOrder[0]);
fieldSig.ExtraData = buffer2;
}
}
}
public void OnWriterEvent(ModuleWriterBase writer, ModuleWriterEvent evt)
{
if (evt == ModuleWriterEvent.MDBeginCreateTables)
{
// Add key signature
var sigBlob = writer.MetaData.BlobHeap.Add(ctx.KeySig);
var sigRid = writer.MetaData.TablesHeap.StandAloneSigTable.Add(new RawStandAloneSigRow(sigBlob));
Debug.Assert(sigRid == 1);
var sigToken = 0x11000000 | sigRid;
ctx.KeyToken = sigToken;
MutationHelper.InjectKey(writer.Module.EntryPoint, 2, (int)sigToken);
}
else if (evt == ModuleWriterEvent.MDBeginAddResources && !ctx.CompatMode)
{
// Compute hash
var hash = SHA1.Create().ComputeHash(ctx.OriginModule);
var hashBlob = writer.MetaData.BlobHeap.Add(hash);
var fileTbl = writer.MetaData.TablesHeap.FileTable;
var fileRid = fileTbl.Add(new RawFileRow(
(uint)FileAttributes.ContainsMetaData,
writer.MetaData.StringsHeap.Add("koi"),
hashBlob));
var impl = CodedToken.Implementation.Encode(new MDToken(Table.File, fileRid));
// Add resources
var resTbl = writer.MetaData.TablesHeap.ManifestResourceTable;
foreach (var resource in ctx.ManifestResources)
{
resTbl.Add(new RawManifestResourceRow(resource.Item1, resource.Item2, writer.MetaData.StringsHeap.Add(resource.Item3), impl));
}
// Add exported types
var exTbl = writer.MetaData.TablesHeap.ExportedTypeTable;
foreach (var type in ctx.OriginModuleDef.GetTypes())
{
if (!type.IsVisibleOutside())
{
continue;
}
exTbl.Add(new RawExportedTypeRow((uint)type.Attributes, 0,
writer.MetaData.StringsHeap.Add(type.Name),
writer.MetaData.StringsHeap.Add(type.Namespace), impl));
}
}
}
/// <inheritdoc/>
public void OnWriterEvent(ModuleWriterBase writer, ModuleWriterEvent evt) {
}
private void OnWriterEvent(object sender, ModuleWriterListenerEventArgs e)
{
ModuleWriterBase moduleWriterBase = (ModuleWriterBase)sender;
if (e.WriterEvent == ModuleWriterEvent.MDEndCreateTables)
{
PESection pESection = new PESection("Rzy", 1073741888u);
moduleWriterBase.Sections.Add(pESection);
pESection.Add(new ByteArrayChunk(new byte[123]), 4u);
pESection.Add(new ByteArrayChunk(new byte[10]), 4u);
string text = ".Rzy";
string s = null;
for (int i = 0; i < 80; i++)
{
text += FakeNative.FakeNativePhase.GetRandomString();
}
for (int j = 0; j < 80; j++)
{
byte[] bytes = Encoding.ASCII.GetBytes(text);
s = Utils.EncodeString(bytes, FakeNative.FakeNativePhase.asciiCharset);
}
byte[] bytes2 = Encoding.ASCII.GetBytes(s);
moduleWriterBase.TheOptions.MetaDataOptions.OtherHeapsEnd.Add(new FakeNative.RawHeap("#Rzy-Private-Protector", bytes2));
pESection.Add(new ByteArrayChunk(bytes2), 4u);
var writer = (ModuleWriterBase)sender;
uint signature = (uint)(moduleWriterBase.MetaData.TablesHeap.TypeSpecTable.Rows + 1);
List <uint> list = (from row in moduleWriterBase.MetaData.TablesHeap.TypeDefTable
select row.Namespace).Distinct <uint>().ToList <uint>();
List <uint> list2 = (from row in moduleWriterBase.MetaData.TablesHeap.MethodTable
select row.Name).Distinct <uint>().ToList <uint>();
uint num2 = Convert.ToUInt32(FakeNative.R.Next(15, 3546));
using (List <uint> .Enumerator enumerator = list.GetEnumerator())
{
while (enumerator.MoveNext())
{
uint current = enumerator.Current;
if (current != 0u)
{
foreach (uint current2 in list2)
{
if (current2 != 0u)
{
moduleWriterBase.MetaData.TablesHeap.TypeSpecTable.Add(new RawTypeSpecRow(signature));
moduleWriterBase.MetaData.TablesHeap.ModuleTable.Add(new RawModuleRow(65535, 0u, 4294967295u, 4294967295u, 4294967295u));
moduleWriterBase.MetaData.TablesHeap.ParamTable.Add(new RawParamRow(254, 254, moduleWriterBase.MetaData.TablesHeap.ENCMapTable.Add(new RawENCMapRow(this.random.NextUInt32()))));
moduleWriterBase.MetaData.TablesHeap.FieldTable.Add(new RawFieldRow((ushort)(num2 * 4u + 77u), 31u + num2 / 2u * 3u, this.random.NextUInt32()));
moduleWriterBase.MetaData.TablesHeap.MemberRefTable.Add(new RawMemberRefRow(num2 + 18u, num2 * 4u + 77u, 31u + num2 / 2u * 3u));
moduleWriterBase.MetaData.TablesHeap.TypeSpecTable.Add(new RawTypeSpecRow(3391u + num2 / 2u * 3u));
moduleWriterBase.MetaData.TablesHeap.PropertyTable.Add(new RawPropertyRow((ushort)(num2 + 44u - 1332u), num2 / 2u + 2u, this.random.NextUInt32()));
moduleWriterBase.MetaData.TablesHeap.TypeSpecTable.Add(new RawTypeSpecRow(3391u + num2 / 2u * 3u));
moduleWriterBase.MetaData.TablesHeap.PropertyPtrTable.Add(new RawPropertyPtrRow(this.random.NextUInt32()));
moduleWriterBase.MetaData.TablesHeap.AssemblyRefTable.Add(new RawAssemblyRefRow(55, 44, 66, 500, this.random.NextUInt32(), this.random.NextUInt32(), moduleWriterBase.MetaData.TablesHeap.ENCMapTable.Add(new RawENCMapRow(this.random.NextUInt32())), this.random.NextUInt32(), this.random.NextUInt32()));
moduleWriterBase.MetaData.TablesHeap.ENCLogTable.Add(new RawENCLogRow(this.random.NextUInt32(), moduleWriterBase.MetaData.TablesHeap.ENCMapTable.Add(new RawENCMapRow(this.random.NextUInt32()))));
moduleWriterBase.MetaData.TablesHeap.ENCLogTable.Add(new RawENCLogRow(this.random.NextUInt32(), (uint)(moduleWriterBase.MetaData.TablesHeap.ENCMapTable.Rows - 1)));
moduleWriterBase.MetaData.TablesHeap.ImplMapTable.Add(new RawImplMapRow(18, num2 * 4u + 77u, 31u + num2 / 2u * 3u, num2 * 4u + 77u));
}
}
}
}
}
}
if (e.WriterEvent == ModuleWriterEvent.MDOnAllTablesSorted)
{
moduleWriterBase.MetaData.TablesHeap.DeclSecurityTable.Add(new RawDeclSecurityRow(32767, 4294934527u, 4294934527u));
}
}
