Пример #1
0
        private static void Main(string[] args)
        {
            try
            {
                if (args.Length == 2 && args[0] == "-i")
                {
                    IgnoreIndex = Convert.ToInt32(args[1]);
                }
                Console.BackgroundColor = ConsoleColor.White;
                Console.ForegroundColor = ConsoleColor.Black;
                Console.WriteLine("*********************************");
                Console.WriteLine("***                           ***");
                Console.WriteLine("***    ILProtector Unpacker   ***");
                Console.WriteLine("***   V2.0.21.14 - V2.0.22.2  ***");
                Console.WriteLine("***     Coded By RexProg      ***");
                Console.WriteLine("***                           ***");
                Console.WriteLine("*********************************");
                Console.ForegroundColor = ConsoleColor.Blue;
                Console.WriteLine("[?] Enter Your Program Path : ");
                Console.ForegroundColor = ConsoleColor.Red;

                var path = Console.ReadLine();

                if (path == string.Empty)
                {
                    return;
                }
                if (path != null && path.StartsWith("\"") && path[path.Length - 1] == '"')
                {
                    path = path.Substring(1, path.Length - 2);
                }

                if (!File.Exists(path))
                {
                    Console.ForegroundColor = ConsoleColor.Blue;
                    Console.WriteLine("[!] File not found");
                    Console.WriteLine("[!] Press key to exit...");
                    Console.Read();
                    return;
                }

                Console.ForegroundColor = ConsoleColor.DarkRed;

                AssemblyWriter = new AssemblyWriter(path);
                Assembly       = Assembly.LoadFrom(path ?? throw new Exception("path is null"));
                Console.WriteLine("[+] Wait...");

                MainFrames = new StackTrace().GetFrames();
                Memory.Hook(
                    typeof(StackTrace).Module.GetType("System.Diagnostics.StackFrameHelper")
                    .GetMethod("GetMethodBase", BindingFlags.Instance | BindingFlags.Public),
                    typeof(Program).GetMethod("Hook4", BindingFlags.Instance | BindingFlags.Public));

                var types = AssemblyWriter.moduleDef.GetTypes();
                var list  = types as IList <TypeDef> ?? types.ToList();

                var globalType = AssemblyWriter.moduleDef.GlobalType;

                var fieldMdToken = 0;

                foreach (var fieldDef in globalType.Fields)
                {
                    if (fieldDef.Name == "Invoke")
                    {
                        fieldMdToken = fieldDef.MDToken.ToInt32();
                    }
                }
                if (fieldMdToken == 0)
                {
                    Console.WriteLine("[!] Couldn't find Invoke");
                }

                var fieldValue = Assembly.Modules.FirstOrDefault()?.ResolveField(fieldMdToken).GetValue(null);

                var method = fieldValue?.GetType().GetMethod("Invoke");

                if (method == null)
                {
                    Console.WriteLine("[!] Couldn't find InvokeMethod");
                }

                InvokeDelegates(list, method, fieldValue);

                new StringDecrypter(Assembly).ReplaceStrings(list);

                foreach (var typeDef in JunkType)
                {
                    typeDef.DeclaringType.NestedTypes.Remove(typeDef);
                }

                var methodDef = globalType.FindStaticConstructor();

                if (methodDef.HasBody)
                {
                    var startIndex = methodDef.Body.Instructions.IndexOf(methodDef.Body.Instructions.FirstOrDefault(
                                                                             inst =>
                                                                             inst.OpCode == OpCodes.Call &&
                                                                             ((IMethod)inst.Operand).Name == "GetIUnknownForObject")) - 2;

                    var endindex = methodDef.Body.Instructions.IndexOf(methodDef.Body.Instructions.FirstOrDefault(
                                                                           inst =>
                                                                           inst.OpCode == OpCodes.Call &&
                                                                           ((IMethod)inst.Operand).Name == "Release")) + 2;

                    methodDef.Body.ExceptionHandlers.Remove(methodDef.Body.ExceptionHandlers.FirstOrDefault(exh =>
                                                                                                            exh.HandlerEnd == methodDef.Body.Instructions[endindex + 1]));

                    for (var i = startIndex; i <= endindex; i++)
                    {
                        methodDef.Body.Instructions.Remove(methodDef.Body.Instructions[startIndex]);
                    }
                }

                foreach (var meth in globalType.Methods.Where(met =>
                                                              met.ImplMap?.Module.Name.ToString() == "Protect32.dll" ||
                                                              met.ImplMap?.Module.Name.ToString() == "Protect64.dll").ToList())
                {
                    globalType.Remove(meth);
                }

                var invokeField = globalType.Fields.FirstOrDefault(fld => fld.Name == "Invoke");
                AssemblyWriter.moduleDef.Types.Remove(invokeField?.FieldType.ToTypeDefOrRef().ResolveTypeDef());
                globalType.Fields.Remove(invokeField);

                AssemblyWriter.Save();
                Console.ForegroundColor = ConsoleColor.Blue;
                Console.WriteLine("[!] Program Unpacked");
            }
            catch (Exception ex)
            {
                Console.WriteLine("[!] Exception :\n" + ex.Message);
            }

            Console.WriteLine("[!] Press key to exit...");
            Console.Read();
        }
Пример #2
0
        private static void Main(string[] args)
        {
            try
            {
                if (args.Length == 2 && args[0] == "-i")
                {
                    IgnoreIndex = Convert.ToInt32(args[1]);
                }
                Console.BackgroundColor = ConsoleColor.White;
                Console.ForegroundColor = ConsoleColor.Black;
                Console.WriteLine("*********************************");
                Console.WriteLine("***                           ***");
                Console.WriteLine("***    ILProtector Unpacker   ***");
                Console.WriteLine("***   V2.0.21.2 - V2.0.22.14  ***");
                Console.WriteLine("***     Coded By RexProg      ***");
                Console.WriteLine("***     Updated By krysty     ***");
                Console.WriteLine("***                           ***");
                Console.WriteLine("*********************************");
                Console.ForegroundColor = ConsoleColor.Blue;
                Console.WriteLine("[?] Enter Your Program Path : ");
                Console.ForegroundColor = ConsoleColor.Red;

                var path = Console.ReadLine();

                if (string.IsNullOrEmpty(path))
                {
                    if (args.Length == 1)
                    {
                        path = args[0];
                    }
                    else
                    {
                        return;
                    }
                }

                if (path != null && path.StartsWith("\"") && path[path.Length - 1] == '"')
                {
                    path = path.Substring(1, path.Length - 2);
                }

                if (!File.Exists(path))
                {
                    Console.ForegroundColor = ConsoleColor.Blue;
                    Console.WriteLine("[!] File not found");
                    Console.WriteLine("[!] Press key to exit...");
                    Console.Read();
                    return;
                }

                if (!HasWritePermission(path))
                {
                    Console.ForegroundColor = ConsoleColor.Blue;
                    Console.WriteLine("[!] Can't write to " + Path.GetDirectoryName(path));
                    Console.WriteLine("[!] Press key to exit...");
                    Console.Read();
                    return;
                }

                Console.ForegroundColor = ConsoleColor.DarkRed;

                AssemblyWriter = new AssemblyWriter(path);
                Assembly       = Assembly.LoadFrom(path ?? throw new Exception("path is null"));
                Console.WriteLine("[+] Wait...");

                HookSystemRuntimeTypeGetMethodBase();

                MainFrames = new StackTrace().GetFrames();

                //Memory.Hook(
                //    typeof(StackTrace).GetMethod("GetFrame", BindingFlags.Instance | BindingFlags.Public),
                //    typeof(Program).GetMethod(nameof(Hook), BindingFlags.Instance | BindingFlags.Public)
                //);

                //Memory.Hook(
                //    typeof(StackFrame).GetMethod("SetMethodBase", BindingFlags.Instance | BindingFlags.NonPublic),
                //    typeof(Program).GetMethod(nameof(Hook2), BindingFlags.Instance | BindingFlags.Public)
                //);

                //Memory.Hook(
                //    typeof(StackTrace).GetMethod("CaptureStackTrace", BindingFlags.Instance | BindingFlags.NonPublic),
                //    typeof(Program).GetMethod(nameof(Hook3), BindingFlags.Instance | BindingFlags.Public)
                //);

                Memory.Hook(
                    typeof(StackTrace).Module.GetType("System.Diagnostics.StackFrameHelper")
                    .GetMethod("GetMethodBase", BindingFlags.Instance | BindingFlags.Public),
                    typeof(Program).GetMethod(nameof(Hook4), BindingFlags.Instance | BindingFlags.Public)
                    );

                var types = AssemblyWriter.moduleDef.GetTypes();
                var list  = types as IList <TypeDef> ?? types.ToList();

                var globalType = AssemblyWriter.moduleDef.GlobalType;

                var fieldMdToken = globalType.Fields
                                   .Where(fieldDef => fieldDef.Name == "Invoke")
                                   .Select(fieldDef => fieldDef.MDToken.ToInt32())
                                   .DefaultIfEmpty(0)
                                   .FirstOrDefault();

                if (fieldMdToken == 0)
                {
                    Console.WriteLine("[!] Couldn't find Invoke");
                }

                var fieldValue = Assembly.Modules.FirstOrDefault()?.ResolveField(fieldMdToken).GetValue(null);

                var method = fieldValue?.GetType().GetMethod("Invoke");

                if (method == null)
                {
                    Console.WriteLine("[!] Couldn't find InvokeMethod");
                }

                InvokeDelegates(list, method, fieldValue);

                new StringDecrypter(Assembly).ReplaceStrings(list);

                foreach (var typeDef in JunkType)
                {
                    typeDef.DeclaringType.NestedTypes.Remove(typeDef);
                }

                if (_totalUnpackedMethods == _totalPackedMethods)
                {
                    CleanAssembly();
                }

                AssemblyWriter.Save();
                Console.ForegroundColor = ConsoleColor.Blue;
                Console.WriteLine($"[!] Total packed methods:   {_totalPackedMethods}");
                Console.WriteLine($"[!] Total unpacked methods: {_totalUnpackedMethods}");
                Console.WriteLine("[!] Program Unpacked");
            }
            catch (Exception ex)
            {
                Console.WriteLine("[!] Exception :\n" + ex.StackTrace);
            }

            Console.WriteLine("[!] Press key to exit...");
            Console.Read();
        }