public void save(Stream memStream) { if (module.IsILOnly) { module.Write(memStream); } else { module.NativeWrite(memStream); } }
internal void Save(bool backup) { string tempFile = $"{_file}.tmp"; string backupFile = $"{_file}.bak"; if (Module.IsILOnly) { if (_keepOldMaxStack) { Module.Write(tempFile, new ModuleWriterOptions(Module) { MetadataOptions = { Flags = MetadataFlags.KeepOldMaxStack } }); } else { Module.Write(tempFile); } } else { if (_keepOldMaxStack) { Module.NativeWrite(tempFile, new NativeModuleWriterOptions(Module, false) { MetadataOptions = { Flags = MetadataFlags.KeepOldMaxStack } }); } else { Module.NativeWrite(tempFile); } } Module?.Dispose(); if (backup) { if (!File.Exists(backupFile)) { File.Move(_file, backupFile); } else { Logger.Info($"Backup file already exists -> {backupFile}"); } } File.Delete(_file); File.Move(tempFile, _file); }
/// <summary> /// Strips the IL from the given assembly, leaving only a reference assembly with no executable code. /// </summary> private static void StripAssembly(string filePath) { Console.WriteLine($"Stripping Assembly: {Path.GetFileName(filePath)}"); ModuleContext context = ModuleDef.CreateModuleContext(); ModuleDefMD module = ModuleDefMD.Load(filePath, context); foreach (TypeDef type in module.Types) { StripType(type); } // HACK: What if we need to reference embedded resources like localized strings? Can we empty just the resource CONTENTS? module.Resources?.Clear(); string outPath = Path.Combine(Path.GetDirectoryName(filePath), "Stripped", Path.GetFileName(filePath)); Directory.CreateDirectory(Path.GetDirectoryName(outPath)); if (module.IsILOnly) { module.Write(outPath, new ModuleWriterOptions(module) { ShareMethodBodies = true }); } else { // Mixed Mode Assembly module.NativeWrite(outPath, new NativeModuleWriterOptions(module, optimizeImageSize: true) { ShareMethodBodies = true }); } }
public static void SaveModule() { try { string filename = string.Concat(new string[] { Path.GetDirectoryName(FileName), "\\", Path.GetFileNameWithoutExtension(FileName), "_Packed", Path.GetExtension(FileName) }); if (module.IsILOnly) { ModuleWriterOptions writer = new ModuleWriterOptions(module); writer.MetaDataOptions.Flags = MetaDataFlags.PreserveAll; writer.MetaDataLogger = DummyLogger.NoThrowInstance; module.Write(filename, writer); } else { NativeModuleWriterOptions writer = new NativeModuleWriterOptions(module); writer.MetaDataOptions.Flags = MetaDataFlags.PreserveAll; writer.MetaDataLogger = DummyLogger.NoThrowInstance; module.NativeWrite(filename, writer); } Write("File Paked and Saved : " + filename, TypeMessage.Done); } catch (ModuleWriterException ex) { Write("Fail to save current module\n" + ex.ToString(), TypeMessage.Error); } Console.ReadLine(); }
// Token: 0x0600006B RID: 107 RVA: 0x00006E6C File Offset: 0x0000506C public static byte[] GetCurrentModule(ModuleDefMD module) { MemoryStream memoryStream = new MemoryStream(); bool isILOnly = module.IsILOnly; if (isILOnly) { module.Write(memoryStream, new ModuleWriterOptions(module) { MetaDataOptions = { Flags = MetaDataFlags.PreserveAll }, MetaDataLogger = DummyLogger.NoThrowInstance }); } else { module.NativeWrite(memoryStream, new NativeModuleWriterOptions(module) { MetaDataOptions = { Flags = MetaDataFlags.PreserveAll }, MetaDataLogger = DummyLogger.NoThrowInstance }); } byte[] array = new byte[memoryStream.Length]; memoryStream.Position = 0L; memoryStream.Read(array, 0, (int)memoryStream.Length); return(array); }
public void Save(string newFilename, MetaDataFlags mdFlags, IModuleWriterListener writerListener) { if (module.IsILOnly) { var writerOptions = new ModuleWriterOptions(module, writerListener); writerOptions.MetaDataOptions.Flags |= mdFlags; writerOptions.Logger = Logger.Instance; if (Logger.Instance.ForcePDBGeneration) { writerOptions.WritePdb = true; module.CreatePdbState(); } module.Write(newFilename, writerOptions); } else { var writerOptions = new NativeModuleWriterOptions(module, writerListener); writerOptions.MetaDataOptions.Flags |= mdFlags; writerOptions.Logger = Logger.Instance; writerOptions.KeepExtraPEData = true; writerOptions.KeepWin32Resources = true; if (Logger.Instance.ForcePDBGeneration) { writerOptions.WritePdb = true; module.CreatePdbState(); } module.NativeWrite(newFilename, writerOptions); } }
public static void SaveFile(string directory, ModuleDefMD module) { string text = Path.GetDirectoryName(directory); if (!text.EndsWith("\\")) { text += "\\"; } string filename = string.Format("{0}{1}-Desintegrated{2}", text, Path.GetFileNameWithoutExtension(directory), Path.GetExtension(directory)); ModuleWriterOptions writerOptions = new ModuleWriterOptions(module); writerOptions.MetadataOptions.Flags |= MetadataFlags.PreserveAll; writerOptions.Logger = DummyLogger.NoThrowInstance; NativeModuleWriterOptions NativewriterOptions = new NativeModuleWriterOptions(module, true); NativewriterOptions.MetadataOptions.Flags |= MetadataFlags.PreserveAll; NativewriterOptions.Logger = DummyLogger.NoThrowInstance; if (module.IsILOnly) { module.Write(filename, writerOptions); } else { module.NativeWrite(filename, NativewriterOptions); } Logger.Write($"File saved at: {filename}", Logger.Type.Done); Console.ReadKey(); Environment.Exit(0); }
static void Main(string[] args) { ConsoleShort Console = new ConsoleShort(); if (asArgs(args)) { try { int count = 0; ModuleDefMD md = ModuleDefMD.Load(args[0]); foreach (TypeDef type in md.GetTypes()) { if (!type.IsGlobalModuleType) { continue; } foreach (MethodDef method in type.Methods) { try { if (!method.HasBody && !method.Body.HasInstructions) { continue; } for (int i = 0; i < method.Body.Instructions.Count; i++) { if (method.Body.Instructions[i].OpCode == OpCodes.Call && method.Body.Instructions[i].Operand.ToString().Contains("CallingAssembly")) { method.Body.Instructions[i].Operand = (method.Body.Instructions[i].Operand = md.Import(typeof(Assembly).GetMethod("GetExecutingAssembly"))); count++; } } } catch { } } } Console.WriteLine("Invoke Detection replaced: " + count, ConsoleColor.Red); ModuleWriterOptions writerOptions = new ModuleWriterOptions(md); writerOptions.MetaDataOptions.Flags |= MetaDataFlags.PreserveAll; writerOptions.Logger = DummyLogger.NoThrowInstance; NativeModuleWriterOptions NativewriterOptions = new NativeModuleWriterOptions(md); NativewriterOptions.MetaDataOptions.Flags |= MetaDataFlags.PreserveAll; NativewriterOptions.Logger = DummyLogger.NoThrowInstance; if (md.IsILOnly) { md.Write(args[0] + "_unpacked.exe", writerOptions); } md.NativeWrite(args[0] + "_unpacked.exe", NativewriterOptions); } catch { Console.WriteLine("File isn't .net assembly valid! ", ConsoleColor.Red); } } else { Console.WriteLine("No Args Detected!", ConsoleColor.Red); } Console.Pause(); }
static void SaveAssembly() { var writerOptions = new NativeModuleWriterOptions(module, null); writerOptions.Logger = DummyLogger.NoThrowInstance; writerOptions.MetaDataOptions.Flags = (MetaDataFlags.PreserveTypeRefRids | MetaDataFlags.PreserveTypeDefRids | MetaDataFlags.PreserveFieldRids | MetaDataFlags.PreserveMethodRids | MetaDataFlags.PreserveParamRids | MetaDataFlags.PreserveMemberRefRids | MetaDataFlags.PreserveStandAloneSigRids | MetaDataFlags.PreserveEventRids | MetaDataFlags.PreservePropertyRids | MetaDataFlags.PreserveTypeSpecRids | MetaDataFlags.PreserveMethodSpecRids | MetaDataFlags.PreserveStringsOffsets | MetaDataFlags.PreserveUSOffsets | MetaDataFlags.PreserveBlobOffsets | MetaDataFlags.PreserveAll | MetaDataFlags.AlwaysCreateGuidHeap | MetaDataFlags.PreserveExtraSignatureData | MetaDataFlags.KeepOldMaxStack); module.NativeWrite(Path.GetDirectoryName(module.Location) + @"\" + Path.GetFileNameWithoutExtension(module.Location) + "_inj.exe", writerOptions); }
static void Main(string[] args) { Console.Title = "Excess Nop Remover - iYaReM"; if (args.Length == 0) { Console.ForegroundColor = ConsoleColor.Red; Console.WriteLine("Drag'n drop file."); Console.ReadKey(); return; } try { AsmethodMdOriginal = ModuleDefMD.Load(args[0]); Asmpath = args[0]; string directoryName = Path.GetDirectoryName(args[0]); if (!directoryName.EndsWith("\\")) { directoryName += "\\"; } Remover.NopRemover(AsmethodMdOriginal); Console.WriteLine($"Working.."); string filename = string.Format("{0}{1}-NopRemoved{2}", directoryName, Path.GetFileNameWithoutExtension(args[0]), Path.GetExtension(args[0])); if (!AsmethodMdOriginal.Is32BitRequired) { ModuleWriterOptions moduleWriterOptions = new ModuleWriterOptions(AsmethodMdOriginal); moduleWriterOptions.MetaDataLogger = DummyLogger.NoThrowInstance; moduleWriterOptions.MetaDataOptions.Flags = MetaDataFlags.PreserveAll; AsmethodMdOriginal.Write(filename, moduleWriterOptions); } else { NativeModuleWriterOptions moduleWriterOptions = new NativeModuleWriterOptions(AsmethodMdOriginal); moduleWriterOptions.MetaDataLogger = DummyLogger.NoThrowInstance; moduleWriterOptions.MetaDataOptions.Flags = MetaDataFlags.PreserveAll; AsmethodMdOriginal.NativeWrite(filename, moduleWriterOptions); } Console.ForegroundColor = ConsoleColor.Green; Console.WriteLine(""); Console.WriteLine("Done! Saving Assembly..."); } catch { Console.ForegroundColor = ConsoleColor.Red; Console.WriteLine("Invalid file."); } Console.ReadKey(); }
static void Main(string[] args) { Console.Title = "RzyDesintegrator"; Console.ForegroundColor = ConsoleColor.Yellow; string directory = args[0]; try { Program.module = ModuleDefMD.Load(directory); Program.asm = Assembly.LoadFrom(directory); Program.Asmpath = directory; } catch (Exception) { Logger.Write("Not a .NET Assembly...", Logger.Type.Error); Console.ReadKey(); Environment.Exit(0); } AssemblyDef assembly = AssemblyDef.Load(directory); try { Calli.run(module); } catch (Exception e) { Logger.Write($"Error while trying to remove Calli Protection." + e, Logger.Type.Error); } string text = Path.GetDirectoryName(directory); if (!text.EndsWith("\\")) { text += "\\"; } string filename = string.Format("{0}{1}-Desintegrated{2}", text, Path.GetFileNameWithoutExtension(directory), Path.GetExtension(directory)); ModuleWriterOptions writerOptions = new ModuleWriterOptions(module); writerOptions.MetaDataOptions.Flags |= MetaDataFlags.PreserveAll; writerOptions.Logger = DummyLogger.NoThrowInstance; NativeModuleWriterOptions NativewriterOptions = new NativeModuleWriterOptions(module); NativewriterOptions.MetaDataOptions.Flags |= MetaDataFlags.PreserveAll; NativewriterOptions.Logger = DummyLogger.NoThrowInstance; if (module.IsILOnly) { module.Write(filename, writerOptions); } else { module.NativeWrite(filename, NativewriterOptions); } Logger.Write($"File saved at: {filename}", Logger.Type.Done); Console.ReadKey(); Environment.Exit(0); }
static void Save(string location, ModuleDefMD module) { Console.WriteLine("saving module!"); var Writer = new NativeModuleWriterOptions(module, true) { KeepExtraPEData = true, KeepWin32Resources = true, Logger = DummyLogger.NoThrowInstance //prevents errors from being thrown }; Writer.MetadataOptions.Flags = MetadataFlags.PreserveAll | MetadataFlags.KeepOldMaxStack; module.NativeWrite($"{Path.GetFileNameWithoutExtension(location)}-Dec{Path.GetExtension(location)}", Writer); }
private static void Main(string[] args) { if (args.Length == 0) { Console.WriteLine("No input file specified..."); } else { Configuration.AssemblyFilename = args[0]; ModuleDefMD module = ModuleDefMD.Load(Configuration.AssemblyFilename, (ModuleCreationOptions)null); TypeDef globalType = module.GlobalType; List <MethodDef> methodDefList = new List <MethodDef>(); foreach (MethodDef method in globalType.Methods.Where <MethodDef>((Func <MethodDef, bool>)(m => m.IsNative)).ToList <MethodDef>()) { MethodDef ilFromX86Method = X86MethodToILConverter.CreateILFromX86Method(new X86Method(method)); method.DeclaringType.Methods.Add(ilFromX86Method); methodDefList.Add(method); } foreach (MethodDef methodDef1 in methodDefList) { MethodDef replacedMethod = methodDef1; IEnumerable <Instruction> allReferences = replacedMethod.FindAllReferences(module); MethodDef methodDef2 = module.GlobalType.Methods.FirstOrDefault <MethodDef>((Func <MethodDef, bool>)(m => m.Name == (string)replacedMethod.Name + "_IL")); foreach (Instruction instruction in allReferences) { instruction.Operand = (object)methodDef2; } ++Program.x86Fixed; } foreach (MethodDef methodDef in methodDefList) { globalType.Methods.Remove(methodDef); } module.IsStrongNameSigned = false; module.Assembly.PublicKey = (PublicKey)null; NativeModuleWriterOptions options1 = new NativeModuleWriterOptions(module); options1.MetaDataOptions.Flags |= MetaDataFlags.PreserveAll; options1.MetaDataOptions.Flags |= MetaDataFlags.KeepOldMaxStack; options1.Cor20HeaderOptions.Flags = new ComImageFlags?(ComImageFlags.ILOnly | ComImageFlags._32BitRequired); module.NativeWrite((Stream)Program.mem, options1); Program.module = ModuleDefMD.Load((Stream)Program.mem); ModuleWriterOptions options2 = new ModuleWriterOptions((ModuleDef)Program.module); options1.MetaDataOptions.Flags |= MetaDataFlags.PreserveAll; options1.MetaDataOptions.Flags |= MetaDataFlags.KeepOldMaxStack; Program.module.Write(args[0].Replace(".exe", "-x86_mode_Fixed.exe"), options2); Console.WriteLine("Resolved : " + (object)Program.x86Fixed + " natives ints"); } }
static void Main(string[] args) { Console.Title = "########################"; Console.ForegroundColor = ConsoleColor.Green; Console.WriteLine("[build from 20.12.2020]\nVMP.NET Killer (dev: https://github.com/DarkBullNull/)"); Console.WriteLine("Please see the guide before using it"); Console.WriteLine("If there are any errors, please create an issue"); Console.ForegroundColor = ConsoleColor.Yellow; Console.Write("Enter path file (drag and drop): "); var pathFile = Console.ReadLine()?.Replace("\"", ""); Console.WriteLine("Select options:\n" + "\t 1 - Bypass anti-VM (1213 build)\n" + "\t 2 - Bypass CRC and anti-debug\n" + "\t 3 - Bypass all\n" + "\t 4 - Method Call Hiding remove\n"); Int32.TryParse(Console.ReadLine(), out var userParams); Console.ForegroundColor = ConsoleColor.Blue; ModuleDefMD moduleDef = ModuleDefMD.Load(pathFile); Controller controller = new Controller(ref moduleDef, pathFile, userParams); var nativeModuleWriter = new dnlib.DotNet.Writer.NativeModuleWriterOptions(moduleDef, false); nativeModuleWriter.Logger = DummyLogger.NoThrowInstance; nativeModuleWriter.MetadataOptions.Flags = MetadataFlags.PreserveAll | MetadataFlags.KeepOldMaxStack | MetadataFlags.PreserveExtraSignatureData | MetadataFlags.PreserveBlobOffsets | MetadataFlags.PreserveUSOffsets | MetadataFlags.PreserveStringsOffsets; nativeModuleWriter.Cor20HeaderOptions.Flags = ComImageFlags.ILOnly; Console.WriteLine("Saving..."); var newFilePath = pathFile.Substring(0, pathFile.Length - 4) + ".justify.exe"; moduleDef.NativeWrite(newFilePath, nativeModuleWriter); var patchCrcMetadata = new PatchCRCMetadata(newFilePath); Console.ForegroundColor = ConsoleColor.Green; Console.WriteLine("Done!"); Thread.Sleep(5000); }
public static AssemblyDefinition Translate(ModuleDefMD manifestModule) { using (var assemblyStream = new MemoryStream()) { try { if (manifestModule.IsILOnly) { var writerOptions = new ModuleWriterOptions(manifestModule); writerOptions.Logger = DummyLogger.NoThrowInstance; MetaDataOptions metaDataOptions = new MetaDataOptions(); metaDataOptions.Flags = MetaDataFlags.PreserveAll; manifestModule.Write(assemblyStream, writerOptions); } else { var writerOptions = new NativeModuleWriterOptions(manifestModule); writerOptions.Logger = DummyLogger.NoThrowInstance; MetaDataOptions metaDataOptions = new MetaDataOptions(); metaDataOptions.Flags = MetaDataFlags.PreserveAll; manifestModule.NativeWrite(assemblyStream, writerOptions); } } catch (Exception) { if (assemblyStream.Length == 0) { return(null); } } assemblyStream.Position = 0; AssemblyDefinition newAssembly = AssemblyDefinition.ReadAssembly(assemblyStream); return(newAssembly); } }
public void Save(string newFilename, MetadataFlags mdFlags, IModuleWriterListener writerListener) { if (module.IsILOnly) { var writerOptions = new ModuleWriterOptions(module); writerOptions.WriterEvent += (s, e) => writerListener?.OnWriterEvent(e.Writer, e.Event); writerOptions.MetadataOptions.Flags |= mdFlags; writerOptions.Logger = Logger.Instance; module.Write(newFilename, writerOptions); } else { var writerOptions = new NativeModuleWriterOptions(module, optimizeImageSize: true); writerOptions.WriterEvent += (s, e) => writerListener?.OnWriterEvent(e.Writer, e.Event); writerOptions.MetadataOptions.Flags |= mdFlags; writerOptions.Logger = Logger.Instance; writerOptions.KeepExtraPEData = true; writerOptions.KeepWin32Resources = true; module.NativeWrite(newFilename, writerOptions); } }
static void Main(string[] args) { Console.Title = "########################"; Console.ForegroundColor = ConsoleColor.Green; Console.WriteLine("VMP.NET Killer (dev: https://github.com/DarkBullNull/)"); Console.WriteLine("Please see the guide before using it"); Console.WriteLine("If there are any errors, please create an issue"); Console.ForegroundColor = ConsoleColor.Yellow; Console.Write("Enter path file (drag and drop): "); var pathFile = Console.ReadLine(); Console.WriteLine("Select options:\n" + "\t 1 - Bypass anti-VM\n" + "\t 2 - Bypass CRC and anti-debug\n" + "\t 3 - Bypass all\n"); Int32.TryParse(Console.ReadLine(), out var userParams); Console.ForegroundColor = ConsoleColor.Blue; ModuleDefMD moduleDef = ModuleDefMD.Load(pathFile); var imageProtectedVanillaFile = Path.GetDirectoryName(pathFile) + @"\vmp.exe"; var test = moduleDef.Cor20HeaderFlags; var nativeModuleWriter = new dnlib.DotNet.Writer.NativeModuleWriterOptions(moduleDef, false); Controller controller = new Controller(ref moduleDef, imageProtectedVanillaFile, userParams); nativeModuleWriter.Logger = DummyLogger.NoThrowInstance; nativeModuleWriter.MetadataOptions.Flags = MetadataFlags.PreserveAll | MetadataFlags.KeepOldMaxStack | MetadataFlags.PreserveExtraSignatureData | MetadataFlags.PreserveBlobOffsets | MetadataFlags.PreserveUSOffsets | MetadataFlags.PreserveStringsOffsets; nativeModuleWriter.Cor20HeaderOptions.Flags = new ComImageFlags(); Console.WriteLine("Saving..."); moduleDef.NativeWrite(pathFile.Substring(0, pathFile.Length - 4) + ".justify.exe", nativeModuleWriter); Console.ForegroundColor = ConsoleColor.Green; Console.WriteLine("Done!"); Thread.Sleep(10000); }
private void button2_Click(object sender, EventArgs e) { if (textBox1.Text == null || textBox1.Text == "") { MessageBox.Show("Please Select File"); } else { path = textBox1.Text; ModuleDefMD LoadedFile = ModuleDefMD.Load(textBox1.Text); if (checkBox1.Checked) { amount = StringDecryptor.InvokeDecryption(LoadedFile); } else { amount = StringDecryptor.Run(LoadedFile); } Excess_Nop_Remover.NopRemover(LoadedFile); label1.Text = "Strings Decrypted : " + amount; string filename = DirectoryName + "\\" + Path.GetFileNameWithoutExtension(textBox1.Text) + "-Decrypted" + Path.GetExtension(textBox1.Text); var opts = new ModuleWriterOptions(LoadedFile); opts.Logger = DummyLogger.NoThrowInstance; var writerOptions = new NativeModuleWriterOptions(LoadedFile); writerOptions.MetaDataOptions.Flags |= MetaDataFlags.PreserveAll; writerOptions.Logger = DummyLogger.NoThrowInstance; if (LoadedFile.IsILOnly) { LoadedFile.Write(filename, opts); } else { LoadedFile.NativeWrite(filename, writerOptions); } } }
static void Main(string[] args) { Console.WriteLine("Welcome to yano string decryptor by MindSystem"); Console.WriteLine("The aim of this tool is to show how to decrypt string using the stack \n"); try { module = ModuleDefMD.Load(args[0]); } catch (Exception ex) { Console.WriteLine("Impossible to load module, exception message : {0}", ex.Message); return; } System.Diagnostics.Stopwatch watch = new System.Diagnostics.Stopwatch(); watch.Start(); DecryptString(FindDecryptionMethod()); CFLow(); watch.Stop(); Console.WriteLine("\nDone ! Elapsed time : " + watch.Elapsed.TotalSeconds); string SavingPath = module.Kind == ModuleKind.Dll ? args[0].Replace(".dll", "-Obfuscated.dll") : args[0].Replace(".exe", "-Obfuscated.exe"); if (module.IsILOnly) { var opts = new ModuleWriterOptions(module); opts.MetadataOptions.Flags = MetadataFlags.PreserveAll; opts.Logger = DummyLogger.NoThrowInstance; module.Write(SavingPath, opts); } else { var opts = new NativeModuleWriterOptions(module, false); opts.MetadataOptions.Flags = MetadataFlags.PreserveAll; opts.Logger = DummyLogger.NoThrowInstance; module.NativeWrite(SavingPath, opts); } Console.ReadLine(); }
static void Main(string[] args) { Console.ForegroundColor = ConsoleColor.Green; Console.Write("Enter path file (drag and drop): "); Console.ForegroundColor = ConsoleColor.DarkRed; var pathFile = Console.ReadLine(); var imageProtectedVanillaFile = Path.GetDirectoryName(pathFile) + @"\vmp.exe"; Console.ForegroundColor = ConsoleColor.Yellow; ModuleDefMD moduleDef = ModuleDefMD.Load(pathFile); Controller controller = new Controller(ref moduleDef, imageProtectedVanillaFile); var nativeModuleWriter = new dnlib.DotNet.Writer.NativeModuleWriterOptions(moduleDef, false); nativeModuleWriter.Logger = DummyLogger.NoThrowInstance; nativeModuleWriter.MetadataOptions.Flags = MetadataFlags.PreserveAll | MetadataFlags.KeepOldMaxStack | MetadataFlags.PreserveExtraSignatureData | MetadataFlags.PreserveBlobOffsets | MetadataFlags.PreserveUSOffsets | MetadataFlags.PreserveStringsOffsets; nativeModuleWriter.Cor20HeaderOptions.Flags = new ComImageFlags(); Console.ForegroundColor = ConsoleColor.Magenta; Console.WriteLine("Saving..."); moduleDef.NativeWrite(pathFile.Substring(0, pathFile.Length - 4) + ".justify.exe", nativeModuleWriter); Console.ForegroundColor = ConsoleColor.Green; Console.WriteLine("Done!"); Thread.Sleep(800); }
public static byte[] GetCurrentModule(ModuleDefMD module) { MemoryStream memorystream = new MemoryStream(); if (module.IsILOnly) { ModuleWriterOptions writer = new ModuleWriterOptions(module); writer.MetaDataOptions.Flags = MetaDataFlags.PreserveAll; writer.MetaDataLogger = DummyLogger.NoThrowInstance; module.Write(memorystream, writer); } else { NativeModuleWriterOptions writer = new NativeModuleWriterOptions(module); writer.MetaDataOptions.Flags = MetaDataFlags.PreserveAll; writer.MetaDataLogger = DummyLogger.NoThrowInstance; module.NativeWrite(memorystream, writer); } byte[] ByteArray = new byte[memorystream.Length]; memorystream.Position = 0; memorystream.Read(ByteArray, 0, (int)memorystream.Length); return(ByteArray); }
static void Main(string[] args) { Console.Title = "Anti Decompiler Cleaner - Prab"; ModuleDefMD module = null; try { module = ModuleDefMD.Load(args[0]); Console.WriteLine("[?] File Loaded: {0}", module); } catch (Exception ex) { Console.ForegroundColor = ConsoleColor.Red; Console.WriteLine("[*] Error ! {0}", ex); } CrashDnSpy(module); CrashDnSpy2(module); CrashDnSpy3(module); var Path = module.Kind == ModuleKind.Dll ? args[0].Replace(".dll", "-Cleaned.dll") : args[0].Replace(".exe", "-Cleaned.exe"); if (module.IsILOnly) { var opts = new ModuleWriterOptions(module); opts.MetadataOptions.Flags = MetadataFlags.PreserveAll; opts.Logger = DummyLogger.NoThrowInstance; module.Write(Path, opts); } else { var opts = new NativeModuleWriterOptions(module, true); opts.MetadataOptions.Flags = MetadataFlags.PreserveAll; opts.Logger = DummyLogger.NoThrowInstance; module.NativeWrite(Path, opts); } Console.ForegroundColor = ConsoleColor.Yellow; Console.WriteLine("[+] Finished !\n[+] File Saved at : {0}", Path); Console.ReadLine(); }
private static void Main(string[] args) { Console.Title = "Anti Decompiler Cleaner - Prab "; Console.ForegroundColor = ConsoleColor.Yellow; ModuleDefMD module = null; try { module = ModuleDefMD.Load(args[0]); Console.WriteLine("[?] File Loaded: {0}", module); foreach (var dependencies in module.GetAssemblyRefs()) { Console.WriteLine($"[?] Dependencies : {dependencies.Name}"); } } catch { Console.ForegroundColor = ConsoleColor.Red; Console.WriteLine("[^] Drag n Drop ! "); Console.ReadKey(); Environment.Exit(0); } foreach (var type in module.GetTypes()) { foreach (var method in type.Methods) { if (method != null && method.HasBody && method.Body.HasInstructions) { try { AntiDecompilerPhase.Execute(method); Console.ForegroundColor = ConsoleColor.Green; Console.WriteLine("[*] Cleaning method 0x{0:X2} {1}", method.MDToken.Raw, method.Name); } catch (Exception ex) { Console.ForegroundColor = ConsoleColor.Red; Console.WriteLine("[x] Failed to clean method {0}\n {1}", method.Name, ex.Message); } } } } var savingPath = module.Kind == ModuleKind.Dll ? args[0].Replace(".dll", "-noAnti.dll") : args[0].Replace(".exe", "-noAnti.exe"); if (module.IsILOnly) { var opts = new ModuleWriterOptions(module) { MetadataOptions = { Flags = MetadataFlags.PreserveAll }, Logger = DummyLogger.NoThrowInstance }; module.Write(savingPath, opts); } else { var opts = new NativeModuleWriterOptions(module, true) { MetadataOptions = { Flags = MetadataFlags.PreserveAll }, Logger = DummyLogger.NoThrowInstance }; module.NativeWrite(savingPath, opts); } Console.ForegroundColor = ConsoleColor.Yellow; Console.WriteLine("[+] Finished !\n[+] File Saved at : {0}", savingPath); Console.ReadLine(); }
private static void Remove(ModuleDefMD md, StrongNameKey key = null, bool checkBaml = false, int floor = 0) { //if (WhiteList.Contains(md.Assembly.Name)) //{ // Log($"{md.Assembly.Name} is in WhiteList! It will keep its sign."); //} bool isResign = key != null; PublicKey pk = null; if (isResign) { pk = new PublicKey(key.PublicKey); } string operation = isResign ? "Resigning" : "Removing"; Log($"{"".PadLeft(floor, PaddingChar)}{operation} StrongName for assembly [{md.Name}] ..."); md.IsStrongNameSigned = isResign; if (!isResign) { //if (md.Assembly.PublicKeyToken != null) //{ // md.Assembly.PublicKeyToken.Data = null; //} if (md.Assembly.PublicKey != null) { md.Assembly.PublicKey = null; } md.Assembly.HasPublicKey = false; } HandleDic[md.Assembly.Name] = true; if (checkBaml) { BamlProject b = new BamlProject(md); b.RemoveRefKeyToken(CurrentPublicKeyToken, pk?.Token.ToString() ?? "null"); if (b.BamlFiles.Count > 0) { Log($"{"".PadLeft(floor, PaddingChar)}{operation} StrongName for BAMLs in [{md.Name}] ..."); } b.ProcessForRef(); } var attrs = md.Assembly.CustomAttributes.FindAll(InternalInvisibleAttr); if (attrs.Any()) { Log($"{"".PadLeft(floor, PaddingChar)}{operation} StrongName for Attributes in [{md.Name}] ..."); } foreach (var attr in attrs) { var s = (UTF8String)attr.ConstructorArguments[0].Value; if (s.Contains("PublicKey=" + CurrentPublicKey)) { var arg = attr.ConstructorArguments[0]; arg.Value = s.Remove(s.IndexOf(",")); var name = arg.Value.ToString(); if (isResign) { arg.Value += $", {pk.ToString()}"; } attr.ConstructorArguments[0] = arg; //Remove InternalVisible if (HandleDic.ContainsKey(name) && HandleDic[name]) { continue; } var p = Path.Combine(CurrentPath, name + ".dll"); if (!File.Exists(p)) { p = Path.Combine(CurrentPath, name + ".exe"); } if (File.Exists(p)) { try { Remove(ModuleDefMD.Load(p), key, checkBaml, floor + 1); } catch (Exception ex) { Log(ex.ToString()); } } } } //Remove AssemblyRef Log($"{"".PadLeft(floor, PaddingChar)}{operation} StrongName for AssemblyRefs in [{md.Name}] ..."); foreach (var asmref in md.GetAssemblyRefs()) { if (asmref.PublicKeyOrToken.Token.ToString() == CurrentPublicKeyToken) { var p = Path.Combine(CurrentPath, asmref.Name + ".dll"); if (!File.Exists(p)) { p = Path.Combine(CurrentPath, asmref.Name + ".exe"); } if (File.Exists(p)) { if (!isResign) { //if (asmref.PublicKeyOrToken != null) //{ // asmref.PublicKeyOrToken = null; //} asmref.HasPublicKey = false; } else { asmref.PublicKeyOrToken = pk.Token; asmref.HasPublicKey = false; } if (HandleDic.ContainsKey(asmref.Name) && HandleDic[asmref.Name]) { continue; } try { Remove(ModuleDefMD.Load(p), key, checkBaml, floor + 1); } catch (Exception ex) { Log(ex.ToString()); } } } } Log($"{"".PadLeft(floor, PaddingChar)}Saving [{md.Name}] ..."); if (isResign) { if (md.IsILOnly) { ModuleWriterOptions option = new ModuleWriterOptions(md); option.InitializeStrongNameSigning(md, key); option.ShareMethodBodies = false; md.Write(Path.Combine(SavePath, md.Name), option); } else { NativeModuleWriterOptions option = new NativeModuleWriterOptions(md, false); option.InitializeStrongNameSigning(md, key); md.NativeWrite(Path.Combine(SavePath, md.Name), option); } } else { if (md.IsILOnly) { md.Write(Path.Combine(SavePath, md.Name)); } else { md.NativeWrite(Path.Combine(SavePath, md.Name)); } } }
private string injectDeepTrace(List <string> MethodToken, string assemblyPath, string outputDirectory, bool WithTrace = false) { AssemblyDef asmDef; // New assembly path string fileName = Path.GetFileName(assemblyPath); // Append Date and Time to new filename string newPath = Path.Combine(outputDirectory, DateTime.UtcNow.ToString("yyyy-MM-dd HH.mm.ss.fff", CultureInfo.InvariantCulture) + "_" + fileName); // Check if Output directory already exists, if not, create one if (!Directory.Exists(outputDirectory)) { try { Directory.CreateDirectory(outputDirectory); } catch (Exception ex) { //MessageBox.Show(ex.ToString()); MainWindow.Instance.mBox("Injector Exception", ex.ToString()); } } try { // AssemblyResolver if (_AssmeblyResolver == null) { _AssmeblyResolver = new AssemblyResolver(); } if (Directory.Exists(Path.GetDirectoryName(assemblyPath))) { AddSearchPath(Path.GetDirectoryName(assemblyPath)); } // how to use AssemblyResolver with dnLib? //_AssmeblyResolver // Load assembly //asmDef = AssemblyDef.Load(assemblyPath); ModuleDefMD mod = ModuleDefMD.Load(assemblyPath); // import our pritObj Class Importer importer = new Importer(mod); Type PrintObjType = typeof(PrintObj); ITypeDefOrRef _printObjTypeRef = importer.Import(PrintObjType); // This creates a new namespace Logging and class PrintObj in the new assembly, we don't want that //TypeDef _printObj = new TypeDefUser("Logging", "PrintObj", mod.CorLibTypes.Object.TypeDefOrRef); //var _printObjCtor = _printObj.FindDefaultConstructor(); //mod.Types.Add(_printObj); Type t = typeof(System.Reflection.MethodBase); string methodname = "GetCurrentMethod"; IMethod _methodGetCurrentMethod = importer.Import(t.GetMethod(methodname)); methodname = "set_CurrentMethod"; IMethod _methodSetMethod = importer.Import(PrintObjType.GetMethod(methodname)); t = typeof(System.Reflection.Assembly); methodname = "GetExecutingAssembly"; IMethod _methodGetExecutingAssembly = importer.Import(t.GetMethod(methodname)); methodname = "set_CurrentAssembly"; IMethod _methodSetExecutingAssembly = importer.Import(PrintObjType.GetMethod(methodname)); methodname = "get_CurrentArguments"; IMethod _methodGetArguments = importer.Import(PrintObjType.GetMethod(methodname)); methodname = "set_CurrentArguments"; IMethod _methodSetArguments = importer.Import(PrintObjType.GetMethod(methodname)); methodname = "PrintArgs"; IMethod _methodPrintArgs = importer.Import(PrintObjType.GetMethod(methodname)); methodname = ".ctor"; IMethod _printObjCtor = importer.Import(PrintObjType.GetMethod(methodname)); foreach (ModuleDef modDef in mod.Assembly.Modules) { foreach (TypeDef typDef in modDef.Types) { foreach (MethodDef metDef in typDef.Methods) { //if (MethodToken.Contains(metDef.MDToken.ToString()) && metDef.Name == "About1_Closed") if (MethodToken.Contains(metDef.MDToken.ToString())) { if (WithTrace) { Trace.WriteLine("Found method " + metDef.ToString() + " Token: " + metDef.MDToken.ToString()); } try { string variablesInfo = string.Empty; if (metDef.Body != null && metDef.Body.Variables != null && metDef.Body.Variables.Count > 0) { foreach (var variable in metDef.Body.Variables) { string varInfo = " Variable - Type: " + variable.Type.ToString() + " Name: " + variable.Name + NewLine; varInfo += " Index: " + variable.Index.ToString(); if (WithTrace) { Trace.WriteLine(varInfo); } variablesInfo += varInfo; } } /* * if we want to skip anything * if (metDef.IsConstructor || * metDef.IsAbstract || * metDef.IsSetter || * (metDef.IsSpecialName && !metDef.IsGetter) || // to allow getter methods * metDef.IsInstanceConstructor || * metDef.IsManaged == false * ) * { * if (WithTrace) Trace.WriteLine("Skipped unsupported metDef " + metDef.Name); * } * else if (metDef != null && metDef.Body != null) */ if (metDef != null && metDef.Body != null) { var instructions = metDef.Body.Instructions; var newInstructions = new List <Instruction>(); Instruction firstExistingInstruction = metDef.Body.Instructions[0]; uint firstExistingInstrunctionOffset = firstExistingInstruction.Offset; int fIndex = (int)firstExistingInstrunctionOffset; // not working // nop Test //instructions.Insert((int)firstExistingInstruction.Offset, new Instruction(OpCodes.Nop)); //instructions.Insert((int)firstExistingInstruction.Offset, new Instruction(OpCodes.Nop)); /// /// Simple TraceLine /// // Load fully qualified method name as string //not working: (int)firstExistingInstruction.Offset //newInstructions.Add(new Instruction(OpCodes.Ldstr, metDef.ToString() + variablesInfo)); //newInstructions.Add(new Instruction(OpCodes.Call, metDef.Module.Import(typeof(Trace).GetMethod("WriteLine", new[] { typeof(string) })))); /// /// PrintObj (injected Logging.dll) /// extended by using code and comments from CInject /// https://codeinject.codeplex.com/ /// /* * 0 0000 nop * 1 0001 newobj instance void [Logging]Logging.PrintObj::.ctor() * 2 0006 stloc V_0 (0) * 3 000A ldloc V_0 (0) * 4 000E call class [mscorlib]System.Reflection.MethodBase [mscorlib]System.Reflection.MethodBase::GetCurrentMethod() * 5 0013 callvirt instance void [Logging]Logging.PrintObj::set_CurrentMethod(class [mscorlib]System.Reflection.MethodBase) * 6 0018 nop * 7 0019 ldloc.s V_0 (0) * 8 001B ldc.i4 2 * 9 0020 newarr [mscorlib]System.Object * 10 0025 stloc.s V_1 (1) * 11 0027 ldloc.s V_1 (1) * 12 0029 ldc.i4 0 * 13 002E ldarg sender (1) * 14 0032 box [mscorlib]System.Object * 15 0037 stelem.ref * 16 0038 ldloc.s V_1 (1) * 17 003A ldc.i4 1 * 18 003F ldarg e (2) * 19 0043 stelem.ref * 20 0044 ldloc.s V_1 (1) * 21 0046 callvirt instance void [Logging]Logging.PrintObj::set_CurrentArguments(object[]) * 22 004B ldloc.s V_0 (0) * 23 004D callvirt instance void [Logging]Logging.PrintObj::PrintArgs() * 24 0052 nop * */ // Add new variables metDef.Body.InitLocals = true; Local printO = new Local(_printObjTypeRef.ToTypeSig()); metDef.Body.Variables.Add(printO); var objType = mod.CorLibTypes.Object.ToTypeDefOrRef(); var objTypeArr = importer.Import(typeof(object[])); Local oArray = new Local(objTypeArr.ToTypeSig()); metDef.Body.Variables.Add(oArray); newInstructions.Add(new Instruction(OpCodes.Nop)); // using MemberRef cTor will create the logging.PrintObj: new Logging.PrintObj() var objectCtor = new MemberRefUser(mod, ".ctor", MethodSig.CreateInstance(mod.CorLibTypes.Void), _printObjTypeRef); newInstructions.Add(new Instruction(OpCodes.Newobj, objectCtor)); newInstructions.Add(OpCodes.Stloc.ToInstruction(printO)); newInstructions.Add(OpCodes.Ldloc.ToInstruction(printO)); newInstructions.Add(new Instruction(OpCodes.Call, _methodGetCurrentMethod)); newInstructions.Add(new Instruction(OpCodes.Callvirt, _methodSetMethod)); newInstructions.Add(new Instruction(OpCodes.Nop)); newInstructions.Add(new Instruction(OpCodes.Ldloc_S, printO)); // DNlib counts additionally hidden "this" List <Parameter> pList = new List <Parameter>(); for (int i = 0; i < metDef.Parameters.Count; i++) { if (!metDef.Parameters[i].IsHiddenThisParameter) { pList.Add(metDef.Parameters[i]); } } newInstructions.Add(new Instruction(OpCodes.Ldc_I4, pList.Count)); newInstructions.Add(new Instruction(OpCodes.Newarr, objType)); newInstructions.Add(new Instruction(OpCodes.Stloc_S, oArray)); //for (int i = 0; i < metDef.Parameters.Count; i++) for (int i = 0; i < pList.Count; i++) { if (WithTrace) { Trace.WriteLine("Found Parameter " + pList[i].Name.ToString()); } bool processAsNormal = true; //if (metDef.Parameters[i].Type.IsByRef) if (pList[i].Type.IsByRef) { if (WithTrace) { Trace.WriteLine("(IsByRef) " + pList[i].Name.ToString()); } //* Sample Instruction set: //* L_002a: ldloc.2 //* L_002b: ldc.i4.0 //* L_002c: ldarg.1 //* L_002d: ldind.ref //* L_002e: stelem.ref //* newInstructions.Add(new Instruction(OpCodes.Ldloc_S, oArray)); newInstructions.Add(new Instruction(OpCodes.Ldc_I4, i)); newInstructions.Add(new Instruction(OpCodes.Ldarg, pList[i])); newInstructions.Add(new Instruction(OpCodes.Ldind_Ref)); newInstructions.Add(new Instruction(OpCodes.Stelem_Ref)); processAsNormal = false; } //else if (pList[i].IsHiddenThisParameter) //{ //processAsNormal = false; //} else if (pList[i].Type.IsClassSig) { if (WithTrace) { Trace.WriteLine("(IsClassSig) " + pList[i].Name.ToString() + " Type: " + pList[i].Type + " Type.ReflectionFullName: " + pList[i].Type.ReflectionFullName); } newInstructions.Add(new Instruction(OpCodes.Ldloc_S, oArray)); newInstructions.Add(new Instruction(OpCodes.Ldc_I4, i)); newInstructions.Add(new Instruction(OpCodes.Ldarg, pList[i])); //newInstructions.Add(new Instruction(OpCodes.Box, pList[i].Type)); // causing System.InvalidCastException: Type "dnlib.DotNet.ClassSig" cannot be converted to Type "dnlib.DotNet.TypeSpec" ClassSig cSig = new ClassSig(pList[i].Type.ToTypeDefOrRef()); Trace.WriteLine("(IsClassSig) cSig: " + cSig.ToString()); newInstructions.Add(new Instruction(OpCodes.Stelem_Ref)); processAsNormal = false; } else if (pList[i].Type.IsCorLibType) { if (WithTrace) { Trace.WriteLine("(IsCorLibType) " + pList[i].Name.ToString() + " Type: " + pList[i].Type + " Type.ReflectionFullName: " + pList[i].Type.ReflectionFullName); } if (WithTrace) { Trace.WriteLine("(IsCorLibType...) " + " ElementType: " + pList[i].Type.ElementType + " Type.FullName: " + pList[i].Type.FullName); } if (WithTrace) { Trace.WriteLine("(IsCorLibType...) " + " Module: " + pList[i].Type.Module + " Type.Next: " + pList[i].Type.Next); } if (WithTrace) { Trace.WriteLine("(IsCorLibType...) " + " ReflectionName: " + pList[i].Type.ReflectionName + " Type.ReflectionNamespace: " + pList[i].Type.ReflectionNamespace); } newInstructions.Add(new Instruction(OpCodes.Ldloc_S, oArray)); newInstructions.Add(new Instruction(OpCodes.Ldc_I4, i)); newInstructions.Add(new Instruction(OpCodes.Ldarg, pList[i])); //newInstructions.Add(new Instruction(OpCodes.Box, pList[i].Type)); // causing System.InvalidCastException: Type "dnlib.DotNet.CorLibTypeSig" cannot be converted to Type "dnlib.DotNet.TypeSpec" //newInstructions.Add(new Instruction(OpCodes.Box, mod.CorLibTypes.Int32)); // working for Int32 as example CorLibTypeSig cLibTypeSig = new CorLibTypeSig(pList[i].Type.ToTypeDefOrRef(), pList[i].Type.ElementType); newInstructions.Add(OpCodes.Box.ToInstruction(cLibTypeSig)); newInstructions.Add(new Instruction(OpCodes.Stelem_Ref)); processAsNormal = false; } //else if (metDef.Parameters[i].ParameterType.IsArray) //{ //} //else if (metDef.Parameters[i].ParameterType.IsDefinition) // delegate needs no seperate handling //{ //} //else if (metDef.Parameters[i].Type.IsFunctionPointer) else if (pList[i].Type.IsFunctionPointer) { if (WithTrace) { Trace.WriteLine("(IsFunctionPointer) " + pList[i].Name.ToString()); } } //else if (metDef.Parameters[i].ParameterType.IsOptionalModifier) //{ //} //else if (metDef.Parameters[i].Type.IsPointer) else if (pList[i].Type.IsPointer) { if (WithTrace) { Trace.WriteLine("(IsPointer) " + pList[i].Name.ToString()); } } else { processAsNormal = true; } //if (processAsNormal && !metDef.Parameters[i].Type.IsClassSig && !metDef.Parameters[i].Type.IsCorLibType) if (processAsNormal) { if (WithTrace) { Trace.WriteLine("processAsNormal: " + pList[i].Name.ToString()); } // Sample Instruction set: for simple PARAMETER //* L_0036: ldloc.s objArray //* L_0038: ldc.i4 0 //* L_003d: ldarg array //* L_0041: box Int32 <-------------- anything can be here //* L_0046: stelem.ref // Sample Instruction set: for ARRAY // L_0036: ldloc.s objArray // L_0038: ldc.i4 0 // L_003d: ldarg array // L_0041: box string[] // L_0046: stelem.ref newInstructions.Add(new Instruction(OpCodes.Ldloc_S, oArray)); newInstructions.Add(new Instruction(OpCodes.Ldc_I4, i)); newInstructions.Add(new Instruction(OpCodes.Ldarg, metDef.Parameters[i])); newInstructions.Add(new Instruction(OpCodes.Box, pList[i].Type)); newInstructions.Add(new Instruction(OpCodes.Stelem_Ref)); } } // fill Arguments array newInstructions.Add(new Instruction(OpCodes.Ldloc_S, oArray)); newInstructions.Add(new Instruction(OpCodes.Callvirt, _methodSetArguments)); // call PrintArgs newInstructions.Add(new Instruction(OpCodes.Ldloc_S, printO)); newInstructions.Add(new Instruction(OpCodes.Callvirt, _methodPrintArgs)); // Finally add instructions to beginning for (int j = 0; j < newInstructions.Count; j++) { instructions.Insert(j, newInstructions[j]); } } else { if (WithTrace) { Trace.WriteLine("metDef or metDef.Body was null"); } } } catch (Exception ex) { Debug.WriteLine(ex.ToString()); MainWindow.Instance.mBox("Injector Exception", ex.ToString()); } } } } } // Save modified assembly //asmDef.Write(newPath); var wopts = new dnlib.DotNet.Writer.ModuleWriterOptions(mod); wopts.WritePdb = true; //write assembly if (mod.IsILOnly) { mod.Write(newPath); } else { mod.NativeWrite(newPath); } } catch (Exception ex) { if (WithTrace) { Trace.WriteLine(DateTime.Now + " injectDeepTrace exception: " + ex.ToString()); } return(DateTime.Now + " injectDeepTrace exception: " + ex.ToString()); } InjectedFile = newPath; Text = "Injector finished: " + newPath; return(newPath); }
private void prepareReplace() { MetadataFlags AllFlags = MetadataFlags.PreserveAll | MetadataFlags.KeepOldMaxStack | MetadataFlags.AlwaysCreateGuidHeap | MetadataFlags.RoslynSortInterfaceImpl; try { bool isBlockGood = checkBlocks(); if (!isBlockGood) { return; } if (!module.IsILOnly) { writeStatus("Info: The Assembly maybe contains unmanaged code"); Thread.Sleep(2000); } writeStatus("Processing: " + moduleName); ReplaceInstructions(); string newName = string.Format("{0}_ILR{1}", Path.GetFileNameWithoutExtension(moduleName), Path.GetExtension(moduleName)); if (ReplacedBlocks > 0) { if (module.IsILOnly) { var ManagedOptions = new ModuleWriterOptions(module); if (PreserveAllFlags) { ManagedOptions.MetadataOptions.Flags = AllFlags; } module.Write(Path.GetDirectoryName(moduleName) + "\\" + newName, ManagedOptions); } else { var UnmanagedOptions = new NativeModuleWriterOptions(module, true); if (PreserveAllFlags) { UnmanagedOptions.MetadataOptions.Flags = AllFlags; } module.NativeWrite(newName, UnmanagedOptions); } if (ShowLogs) { writeStatus(string.Format( "Done: Saved as {0} || Replaced {1} Blocks Instructions in {2} Methods", newName, ReplacedBlocks, EditedMethodsCount)); showFormLog(logInfo); } } else { writeStatus("Info: No Block Instructions Replaced!"); } //MessageBox.Show("File Saved as:\r\n" + newName, "Replaces Done", // MessageBoxButtons.OK, MessageBoxIcon.Information); if (module != null) { module.Dispose(); } enableControl(true); isRunning = false; } catch (Exception ex) { if (module != null) { module.Dispose(); } isRunning = false; if (ex.Message.Contains("Error calculating max stack")) { writeStatus("Error calculating max stack value..., try Check \"Preserve All Metadata\""); } else { if (ex.Message.Length > 100) { showFormLog(ex.Message); } else { writeStatus("Error: " + ex.Message.Trim()); } } enableControl(true); } }
private void TextBox1DragDrop(object sender, DragEventArgs e) { try { Array arrayyy = (Array)e.Data.GetData(DataFormats.FileDrop); if (arrayyy != null) { string text = arrayyy.GetValue(0).ToString(); int num = text.LastIndexOf(".", StringComparison.Ordinal); if (num != -1) { string text2 = text.Substring(num); text2 = text2.ToLower(); if (text2 == ".exe" || text2 == ".dll") { Activate(); ExePath = text; label2.Text = "Status : Exe Loaded"; int num2 = text.LastIndexOf("\\", StringComparison.Ordinal); if (num2 != -1) { DirectoryName = text.Remove(num2, text.Length - num2); } if (DirectoryName.Length == 2) { DirectoryName += "\\"; } } } } } catch { } ModuleDefMD module = ModuleDefMD.Load(ExePath); CFLow(module); if (DetectDotWall(module)) { label5.Text = "Obfuscator : " + obfuscator; label4.Text = "Decryption Method token : " + "0x" + decryptiontoken.ToString("X"); CFLow(module); if (DetectResource(module)) { ResourceDecryptor(module); } GetRes2(module); CheckProxy(module); label7.Text = "Amount of proxies fixed : " + proxyfixed; DeobfuscatorBase(module); RemoveAntiDebug(module); CFLow(module); RemoveDemo(module); CFLow(module); label6.Text = "Resource Name : " + resourcename; label2.Text = "Status : Saving Exe"; string filename = DirectoryName + "\\" + Path.GetFileNameWithoutExtension(ExePath) + "-Decrypted" + Path.GetExtension(ExePath); var opts = new ModuleWriterOptions(module); opts.Logger = DummyLogger.NoThrowInstance; opts.MetaDataOptions.Flags = MetaDataFlags.PreserveAll; var writerOptions = new NativeModuleWriterOptions(module); writerOptions.MetaDataOptions.Flags = MetaDataFlags.PreserveAll; writerOptions.Logger = DummyLogger.NoThrowInstance; if (module.IsILOnly) { module.Write(filename, opts); } else { module.NativeWrite(filename, writerOptions); } label2.Text = "Status : Success ! "; label3.Text = "Amount of strings decrypted : " + DeobedString; label2.ForeColor = Color.Green; } else { DialogResult result = MessageBox.Show("DotWall Not detected, do you want to unpack?", "Info", MessageBoxButtons.YesNo, MessageBoxIcon.Information); if (result == DialogResult.Yes) { label5.Text = "Obfuscator : " + obfuscator; label4.Text = "Decryption Method token : " + "0x" + decryptiontoken.ToString("X"); CFLow(module); if (DetectResource(module)) { ResourceDecryptor(module); } GetRes2(module); CheckProxy(module); DeobfuscatorBase(module); RemoveAntiDebug(module); CFLow(module); label6.Text = "Resource Name : " + resourcename; label2.Text = "Status : Saving Exe"; string filename = DirectoryName + "\\" + Path.GetFileNameWithoutExtension(ExePath) + "-Decrypted" + Path.GetExtension(ExePath); var opts = new ModuleWriterOptions(module); opts.Logger = DummyLogger.NoThrowInstance; opts.MetaDataOptions.Flags = MetaDataFlags.PreserveAll; var writerOptions = new NativeModuleWriterOptions(module); writerOptions.MetaDataOptions.Flags = MetaDataFlags.PreserveAll; writerOptions.Logger = DummyLogger.NoThrowInstance; if (module.IsILOnly) { module.Write(filename, opts); } else { module.NativeWrite(filename, writerOptions); } label2.Text = "Status : Success ! "; label3.Text = "Amount of strings decrypted : " + DeobedString; label2.ForeColor = Color.Green; } else { } } }
static void Main(string[] args) { Console.Title = "Phoenix Protector Strings Decryptor by illuZion"; Console.WriteAscii("Phoenix Protector", Color.Red); Console.WriteAscii("Strings Decryptor", Color.Orange); Console.WriteLine("v1.0 by illuZion ", Color.Blue); var targetFilePath = string.Empty; if (args.Length < 1) { while (targetFilePath == string.Empty || !File.Exists(targetFilePath)) { Console.Write("Path of the file: "); targetFilePath = Path.GetFullPath(Console.ReadLine().Replace("\"", string.Empty)); } } else { targetFilePath = Path.GetFullPath(args[0]); } ModuleDefMD module = null; try { module = ModuleDefMD.Load(targetFilePath); } catch (Exception ex) { throw new BadImageFormatException("Module couldn't have been loaded.", ex); } if (module == null) { throw new BadImageFormatException("Module couldn't have been loaded."); } var stopwatch = new Stopwatch(); stopwatch.Start(); int decryptedCount = StringsDecryptor.DecryptStrings(module); stopwatch.Stop(); Console.WriteLine($"\n[+] Decrypted {decryptedCount} strings ! Elapsed time: {stopwatch.Elapsed.TotalSeconds}", Color.Green); Console.WriteLine("[$] Saving the file...", Color.Aqua); string outputFilePath = $"{Path.GetDirectoryName(targetFilePath)}\\{Path.GetFileNameWithoutExtension(targetFilePath)}-decrypted{Path.GetExtension(targetFilePath)}"; ModuleWriterOptionsBase moduleWriterOptionsBase = module.IsILOnly ? new ModuleWriterOptions(module) : (ModuleWriterOptionsBase) new NativeModuleWriterOptions(module, true); moduleWriterOptionsBase.MetadataOptions.Flags |= MetadataFlags.PreserveAll; // Prevents dnlib from throwing non-important errors. moduleWriterOptionsBase.Logger = DummyLogger.NoThrowInstance; moduleWriterOptionsBase.MetadataLogger = DummyLogger.NoThrowInstance; // Saves the output (unpacked) module. if (moduleWriterOptionsBase is NativeModuleWriterOptions nativeModuleWriterOptions) { module.NativeWrite(outputFilePath, nativeModuleWriterOptions); } else { module.Write(outputFilePath, moduleWriterOptionsBase as ModuleWriterOptions); } Console.WriteLine($"[+] File saved at {outputFilePath}", Color.Green); Console.ReadKey(); Environment.Exit(0); }
static void Main(string[] args) { Console.Title = "Krawk Unpacker v2.0"; Console.ForegroundColor = ConsoleColor.Blue; Console.WriteLine(@" ============================================================================== _ __ _ _ _ _ | |/ / | | | | | | | | | ' / _ __ __ ___ _| | __ | | | |_ __ _ __ __ _ ___| | _____ _ __ | < | '__/ _` \ \ /\ / / |/ / | | | | '_ \| '_ \ / _` |/ __| |/ / _ \ '__| | . \| | | (_| |\ V V /| < | |__| | | | | |_) | (_| | (__| < __/ | |_|\_\_| \__,_| \_/\_/ |_|\_\ \____/|_| |_| .__/ \__,_|\___|_|\_\___|_| | | |_| {Release v2.0} Contact Skype: live:krawkreverser Discord: CrIsT#5619 Program Info Language: C# Framework: 4.5.2 Created Date: 10/07/2018 Bugs Fixed: 5/01/2019 Created By Krawk { Obs: Not Supported x86 Mixed Mode } ============================================================================== "); string diretorio = args[0]; try { Program.module = ModuleDefMD.Load(diretorio); Program.asm = Assembly.LoadFrom(diretorio); Program.Asmpath = diretorio; } catch (Exception) { Console.WriteLine("Not .NET Assembly..."); } string text = Path.GetDirectoryName(diretorio); bool flag = !text.EndsWith("\\"); if (flag) { text += "\\"; } Console.ForegroundColor = ConsoleColor.White; try { antitamper(); } catch { Console.WriteLine("[!] Anti-Tamper Falhou em remover"); } try { Staticpacker(); } catch { Console.WriteLine("[!] Packer Falhou em remover"); } try { packer(); } catch { Console.WriteLine("[!] Packer Falhou em remover"); } try { Console.ForegroundColor = ConsoleColor.White; Console.WriteLine("[!] Removendo AntiDebugger"); antidebugger.Run(module); Console.WriteLine("[!] Call Do AntiDebbuger Removida do Module"); } catch (Exception) { Console.WriteLine("[!] Erro ao Remover o AntiDebugger"); } try { Console.WriteLine("[!] Removendo AntiDumper"); antidumper.Run(module); Console.WriteLine("[!] Call Do AntiDumper Removida do Module"); } catch (Exception) { Console.WriteLine("[!] Erro ao Remover o AntiDumper"); } try { Console.WriteLine("[!] Limpando Cases De Control-Flow"); Protections.ControlFlowRun.cleaner(module); Console.WriteLine("[!] Sucesso ao Limpar Cases De Control-Flow"); } catch (Exception) { Console.WriteLine("[!] Erro ao Limpar Cases De Control-Flow"); } try { Console.WriteLine("[!] Fixando Proxy-Calls"); int amountProxy = Protections.ReferenceProxy.ProxyFixer(module); Console.WriteLine("[!] Proxy Calls Fixadas: " + amountProxy); } catch (Exception) { Console.WriteLine("[!] Erro ao Fixar Proxy-Calls"); } try { Console.WriteLine("[!] Resolvendo Equações Matemáticas"); MathsEquations.MathsFixer(module); Console.WriteLine("[!] Equações Matemáticas Resolvidas: " + MathsAmount); } catch (Exception) { Console.WriteLine("[!] Erro ao Resolver Equações Matemáticas"); } try { Console.WriteLine("[!] Resolvendo SizeOf's"); MathsEquations.SizeofRemove(module); Console.WriteLine("[!] SizeOf's Resolvidas: " + MathsAmount); } catch (Exception) { Console.WriteLine("[!] Erro ao Resolver SizeOf's"); } try { Console.WriteLine("[!] Resolvendo Invokes"); MathsEquations.SizeofRemove(module); Console.WriteLine("[!] Invokes Resolvidos Com Sucesso !"); } catch (Exception) { Console.WriteLine("[!] Erro em Remover Os Invokes !"); } try { Console.WriteLine("[!] Removendo Strings Staticas"); int strings = Protections.StaticStrings.Run(module); Console.WriteLine("[!] Strings Removidas: " + strings); } catch (Exception) { Console.WriteLine("[!] Erro ao Remover Strings Staticas"); } try { Console.WriteLine("[!] Removendo Strings Dynamicas"); int strings2 = Protections.Constants.constants(); Console.WriteLine("[!] Strings Removidas: " + strings2); } catch (Exception) { Console.WriteLine("[!] Erro ao Remover Strings Staticas"); } try { Console.WriteLine("[!] Decodificando Resources..."); ResourcesDeobfuscator.Deobfuscate(module); } catch (Exception) { Console.WriteLine("[!] Erro ao Decodificar Resources"); } try { Console.ForegroundColor = ConsoleColor.White; Console.WriteLine("[!] Removendo Attributes"); Console.WriteLine("[!] Attributes Removidas: " + AttributeRemover.startt(module, asm)); } catch { } string filename = string.Format("{0}{1}_Unpacked{2}", text, Path.GetFileNameWithoutExtension(diretorio), Path.GetExtension(diretorio)); ModuleWriterOptions writerOptions = new ModuleWriterOptions(module); writerOptions.MetaDataOptions.Flags |= MetaDataFlags.PreserveAll; writerOptions.Logger = DummyLogger.NoThrowInstance; NativeModuleWriterOptions NativewriterOptions = new NativeModuleWriterOptions(module); NativewriterOptions.MetaDataOptions.Flags |= MetaDataFlags.PreserveAll; NativewriterOptions.Logger = DummyLogger.NoThrowInstance; if (module.IsILOnly) { module.Write(filename, writerOptions); } else { module.NativeWrite(filename, NativewriterOptions); } Console.WriteLine(""); Console.WriteLine("Salvo Com Sucesso !"); Console.ReadLine(); }
private static void Main(string[] args) { Console.Title = "SizeOf Fixer - iYaReM"; if (args.Length == 0) { Console.ForegroundColor = ConsoleColor.Red; Console.WriteLine("Drag'n drop file."); Console.ReadKey(); return; } try { AsmethodMdOriginal = ModuleDefMD.Load(args[0]); Asmpath = args[0]; string directoryName = Path.GetDirectoryName(args[0]); if (!directoryName.EndsWith("\\")) { directoryName += "\\"; } SizeOf.SizeOfFixer(AsmethodMdOriginal); Console.ForegroundColor = ConsoleColor.Red; Console.WriteLine("[!] " + SizeOFAmount + " SizeOf's Replaced"); Console.ForegroundColor = ConsoleColor.Yellow; Console.WriteLine("[+] Write y to ennable Math fix."); if (Console.ReadLine().ToString().ToLower() == "y") { MathsEquations.MathsFixer(AsmethodMdOriginal); MathsEquations.MathsFixer(AsmethodMdOriginal); Console.ForegroundColor = ConsoleColor.Cyan; Console.WriteLine("[+] " + MathsAmount + " Maths Equations Solved"); } string filename = string.Format("{0}{1}-SizeOfsFixed{2}", directoryName, Path.GetFileNameWithoutExtension(args[0]), Path.GetExtension(args[0])); if (!AsmethodMdOriginal.Is32BitRequired) { ModuleWriterOptions moduleWriterOptions = new ModuleWriterOptions(AsmethodMdOriginal); moduleWriterOptions.MetaDataLogger = DummyLogger.NoThrowInstance; moduleWriterOptions.MetaDataOptions.Flags = MetaDataFlags.PreserveAll; AsmethodMdOriginal.Write(filename, moduleWriterOptions); } else { NativeModuleWriterOptions moduleWriterOptions = new NativeModuleWriterOptions(AsmethodMdOriginal); moduleWriterOptions.MetaDataLogger = DummyLogger.NoThrowInstance; moduleWriterOptions.MetaDataOptions.Flags = MetaDataFlags.PreserveAll; AsmethodMdOriginal.NativeWrite(filename, moduleWriterOptions); } Console.ForegroundColor = ConsoleColor.Green; Console.WriteLine(""); Console.WriteLine("Done! Saving Assembly..."); } catch { Console.ForegroundColor = ConsoleColor.Red; Console.WriteLine("Invalid file."); } Console.ReadKey(); }