Пример #1
0
        private void Button_Click(object sender, RoutedEventArgs e)
        {
            var           time   = DateTime.Now.ToString("hh:mm:ss");
            ModuleContext modCtx = ModuleDef.CreateModuleContext();
            var           module = ModuleDefMD.Load(Program.Text, modCtx);

            ConsoleLog.Foreground = Brushes.Black;
            ConsoleLog.AppendText($"{time} Starting obfuscation{Environment.NewLine}");

            if (String_Encryption.IsChecked == true)
            {
                StringEncPhase.Execute(module);
                ConsoleLog.AppendText($"{time} Processing string encryption{Environment.NewLine}");
            }

            if (Online_Decryption.IsChecked == true)
            {
                OnlinePhase.Execute(module);
                ConsoleLog.AppendText($"{time} Processing online decryption{Environment.NewLine}");
            }

            if (Cflow.IsChecked == true)
            {
                ControlFlowObfuscation.Execute(module);
                ConsoleLog.AppendText($"{time} Processing control flow{Environment.NewLine}");
            }

            if (IntConf.IsChecked == true)
            {
                AddIntPhase.Execute2(module);
                ConsoleLog.AppendText($"{time} Processing integer confusion{Environment.NewLine}");
            }

            if (SUC.IsChecked == true)
            {
                StackUnfConfusion.Execute(module);
                ConsoleLog.AppendText($"{time} Processing stack confusion{Environment.NewLine}");
            }

            if (Ahri.IsChecked == true)
            {
                Arithmetic.Execute(module);
                ConsoleLog.AppendText($"{time} Processing math calculations{Environment.NewLine}");
            }

            if (LF.IsChecked == true)
            {
                L2F.Execute(module);
                ConsoleLog.AppendText($"{time} Processing constant fields{Environment.NewLine}");
            }

            if (LFV2.IsChecked == true)
            {
                L2FV2.Execute(module);
                ConsoleLog.AppendText($"{time} Processing local fields{Environment.NewLine}");
            }

            if (Calli_.IsChecked == true)
            {
                Calli.Execute(module);
                ConsoleLog.AppendText($"{time} Processing calli conversion{Environment.NewLine}");
            }

            if (Proxy_String.IsChecked == true)
            {
                ProxyString.Execute(module);
                ConsoleLog.AppendText($"{time} Processing proxy strings{Environment.NewLine}");
            }

            if (ProxyConstants.IsChecked == true)
            {
                ProxyINT.Execute(module);
                ConsoleLog.AppendText($"{time} Processing proxy constants{Environment.NewLine}");
            }

            if (Proxy_Meth.IsChecked == true)
            {
                ProxyMeth.Execute(module);
                ConsoleLog.AppendText($"{time} Processing proxy methods{Environment.NewLine}");
            }

            if (Anti_De4dot.IsChecked == true)
            {
                AntiDecompile.Execute(module.Assembly);
                ConsoleLog.AppendText($"{time} Processing anti-decompile{Environment.NewLine}");
            }

            if (JumpCflow.IsChecked == true)
            {
                JumpCFlow.Execute(module);
                ConsoleLog.AppendText($"{time} Processing flow conversion{Environment.NewLine}");
            }

            if (AntiDebug.IsChecked == true)
            {
                Anti_Debug.Execute(module);
                ConsoleLog.AppendText($"{time} Processing anti-debug{Environment.NewLine}");
            }

            if (Anti_Dump.IsChecked == true)
            {
                AntiDump.Execute(module);
                ConsoleLog.AppendText($"{time} Processing anti-dump{Environment.NewLine}");
            }

            if (AntiTamper.IsChecked == true)
            {
                Protection.Software.AntiTamper.Execute(module);
                ConsoleLog.AppendText($"{time} Processing anti-tamper{Environment.NewLine}");
            }

            if (InvalidMD.IsChecked == true)
            {
                InvalidMDPhase.Execute(module.Assembly);
                ConsoleLog.AppendText($"{time} Processing invalid metadata{Environment.NewLine}");
            }

            var text2 = Path.GetDirectoryName(Program.Text);

            if (text2 != null && !text2.EndsWith("\\"))
            {
                text2 += "\\";
            }

            var path = $"{text2}{Path.GetFileNameWithoutExtension(Program.Text)}_protected{Path.GetExtension(Program.Text)}";

            module.Write(path,
                         new ModuleWriterOptions(module)
            {
                PEHeadersOptions = { NumberOfRvaAndSizes = 13 }, Logger = DummyLogger.NoThrowInstance
            });

            ConsoleLog.AppendText($"{time} File: {path}{Environment.NewLine}{Environment.NewLine}");

            if (AntiTamper.IsChecked == true)
            {
                Protection.Software.AntiTamper.Sha256(path);
            }
        }
Пример #2
0
        private void Button1_Click(object sender, EventArgs e)
        {
            ModuleDefMD module = ModuleDefMD.Load(textBox1.Text);

            if (checkBox1.Checked)
            {
                StringEncPhase.Execute(module);
            }

            /*    if (checkBox2.Checked)
             *  { OnlinePhase.Execute(module); }  */
            if (checkBox3.Checked)
            {
                ProxyString.Execute(module);
            }
            if (checkBox5.Checked)
            {
                Anti_Debug.Execute(module);
            }
            if (checkBox6.Checked)
            {
                Anti_Tamper.Execute(module);
            }
            if (checkBox8.Checked)
            {
                AddIntPhase.Execute(module);
            }
            if (checkBox4.Checked)
            {
                ProxyINT.Execute(module);
            }
            if (checkBox12.Checked)
            {
                ProxyMeth.Execute(module);
            }
            if (checkBox10.Checked)
            {
                RenamerPhase.Execute(module);
            }
            if (checkBox7.Checked)
            {
                controlflow.process(module); ControlFlowTask.Execute(module);
            }
            if (checkBox11.Checked)
            {
                JumpCFlow.Execute(module);
            }
            if (checkBox9.Checked)
            {
                InvalidMDPhase.process(module.Assembly);
            }
            string text2 = Path.GetDirectoryName(textBox1.Text);

            if (!text2.EndsWith("\\"))
            {
                text2 += "\\";
            }
            string path = text2 + Path.GetFileNameWithoutExtension(textBox1.Text) + "_protected" +
                          Path.GetExtension(textBox1.Text);
            var opts = new ModuleWriterOptions(module);

            opts.PEHeadersOptions.NumberOfRvaAndSizes        = 13;
            opts.MetaDataOptions.TablesHeapOptions.ExtraData = 0x1337;
            opts.Logger = DummyLogger.NoThrowInstance;
            module.Write(path, opts);
            if (checkBox6.Checked)
            {
                Anti_Tamper.Md5(path);
            }
        }
Пример #3
0
        private void Button_Click(object sender, RoutedEventArgs e)
        {
            var time   = DateTime.Now.ToString("hh:mm:ss");
            var module = ModuleDefMD.Load(LoadBox.Text);

            if (StringEnc.IsChecked == true)
            {
                StringEncPhase.Execute(module);
                ConsoleLog.Foreground = Brushes.Aqua;
                ConsoleLog.AppendText($"{time} Processing String Encryption{Environment.NewLine}");
            }

            if (SOD.IsChecked == true)
            {
                OnlinePhase.Execute(module);
                ConsoleLog.AppendText($"{time} Processing Online Decryption{Environment.NewLine}");
            }

            if (Cflow.IsChecked == true)
            {
                ControlFlowObfuscation.Execute(module);
                ConsoleLog.AppendText($"{time} Processing Control Flow{Environment.NewLine}");
            }

            if (IntConf.IsChecked == true)
            {
                AddIntPhase.Execute2(module);
                ConsoleLog.AppendText($"{time} Processing Int Confusion{Environment.NewLine}");
            }

            if (SUC.IsChecked == true)
            {
                StackUnfConfusion.Execute(module);
                ConsoleLog.AppendText($"{time} Processing StackUnfConfusion{Environment.NewLine}");
            }

            if (Ahri.IsChecked == true)
            {
                Arithmetic.Execute(module);
                ConsoleLog.AppendText($"{time} Processing Arithmetic{Environment.NewLine}");
            }

            if (LF.IsChecked == true)
            {
                L2F.Execute(module);
                ConsoleLog.AppendText($"{time} Processing Local Field{Environment.NewLine}");
            }

            if (LFV2.IsChecked == true)
            {
                L2FV2.Execute(module);
                ConsoleLog.AppendText($"{time} Processing Local Field V2{Environment.NewLine}");
            }

            if (Calli_.IsChecked == true)
            {
                Calli.Execute(module);
                ConsoleLog.AppendText($"{time} Processing Call To Calli{Environment.NewLine}");
            }

            if (Proxy_String.IsChecked == true)
            {
                ProxyString.Execute(module);
                ConsoleLog.AppendText($"{time} Processing Proxy Strings{Environment.NewLine}");
            }

            if (ProxyConstants.IsChecked == true)
            {
                ProxyINT.Execute(module);
                ConsoleLog.AppendText($"{time} Processing Proxy Constants{Environment.NewLine}");
            }

            if (Proxy_Meth.IsChecked == true)
            {
                ProxyMeth.Execute(module);
                ConsoleLog.AppendText($"{time} Processing Proxy Methods{Environment.NewLine}");
            }

            if (Renamer.IsChecked == true)
            {
                RenamerPhase.Execute(module);
                ConsoleLog.AppendText($"{time} Processing Renaming{Environment.NewLine}");
            }

            if (Anti_De4dot.IsChecked == true)
            {
                AntiDe4dot.Execute(module.Assembly);
                ConsoleLog.AppendText($"{time} Processing Anti De4dot{Environment.NewLine}");
            }

            if (JumpCflow.IsChecked == true)
            {
                JumpCFlow.Execute(module);
                ConsoleLog.AppendText($"{time} Processing Jump Control flow{Environment.NewLine}");
            }

            if (AntiDebug.IsChecked == true)
            {
                Anti_Debug.Execute(module);
                ConsoleLog.AppendText($"{time} Processing Anti Debug{Environment.NewLine}");
            }

            if (Anti_Dump.IsChecked == true)
            {
                AntiDump.Execute(module);
                ConsoleLog.AppendText($"{time} Processing Anti Dump{Environment.NewLine}");
            }

            if (AntiTamper.IsChecked == true)
            {
                Protection.Anti.AntiTamper.Execute(module);
                ConsoleLog.AppendText($"{time} Processing Anti Tamper{Environment.NewLine}");
            }

            if (InvalidMD.IsChecked == true)
            {
                InvalidMDPhase.Execute(module.Assembly);
                ConsoleLog.AppendText($"{time} Processing Invalid MetaData{Environment.NewLine}");
            }

            var text2 = Path.GetDirectoryName(LoadBox.Text);

            if (text2 != null && !text2.EndsWith("\\"))
            {
                text2 += "\\";
            }

            var path = $"{text2}{Path.GetFileNameWithoutExtension(LoadBox.Text)}_protected{Path.GetExtension(LoadBox.Text)}";

            module.Write(path,
                         new ModuleWriterOptions(module)
            {
                PEHeadersOptions = { NumberOfRvaAndSizes = 13 }, Logger = DummyLogger.NoThrowInstance
            });

            ConsoleLog.AppendText($"{time} {path}");

            if (AntiTamper.IsChecked == true)
            {
                Protection.Anti.AntiTamper.Sha256(path);
            }
        }