private static FieldDef CreateField(ModuleDefMD module)
{
FieldAttributes attrb = FieldAttributes.Public | FieldAttributes.Static | FieldAttributes.HasFieldRVA | FieldAttributes.CompilerControlled;
FieldDef field = new FieldDefUser("", new FieldSig(module.CorLibTypes.String), attrb);
RenameTask.Rename(field);
return(field);
}
private static void Inject(uint sigToken)
{
ModuleDef mod = cctor.Module;
TypeDef stringInjType = NETUtils.ImportType(typeof(StringEncInj));
MethodDef stringInjMethod = NETUtils.GetMethodByName(stringInjType, "StringInj");
MethodDef InsertInstr = NETUtils.GetMethodByName(stringInjType, "InsertFields");
stringInjMethod.DeclaringType = null;
cctor.DeclaringType.Methods.Add(stringInjMethod);
RenameTask.Rename(stringInjMethod);
cctor.Body.Instructions.Insert(0, Instruction.Create(OpCodes.Call, stringInjMethod));
var instr = stringInjMethod.Body.Instructions;
instr[7].OpCode = OpCodes.Ldc_I4;
instr[7].Operand = Convert.ToInt32(sigToken);
instr[10].Operand = GlobalDataField;
instr[20].Operand = GlobalDataField;
instr[36].Operand = GlobalDataField;
instr[44].Operand = GlobalDataField;
MethodDef insertMeth = new MethodDefUser("", MethodSig.CreateStatic(mod.CorLibTypes.Void),
MethodAttributes.Static | MethodAttributes.Public | MethodAttributes.HideBySig);
RenameTask.Rename(insertMeth);
insertMeth.Body = new CilBody();
cctor.Body.Instructions.Insert(1, Instruction.Create(OpCodes.Call, insertMeth));
cctor.DeclaringType.Methods.Add(insertMeth);
List <Instruction> instertListInstr = InsertInstr.Body.Instructions.ToList();
instertListInstr.RemoveAt(instertListInstr.Count - 1);
int i = 0;
foreach (var item in staticFields)
{
Instruction[] instrList = new Instruction[instertListInstr.Count];
instertListInstr.CopyTo(instrList);
int stringlenght = item.Value.Item1.Length;
instrList[2].Operand = GlobalDataField;
instrList[3].OpCode = OpCodes.Ldc_I4;
instrList[3].Operand = i;
instrList[4].OpCode = OpCodes.Ldc_I4;
instrList[4].Operand = i + stringlenght;
instrList[6].Operand = item.Key;
i += stringlenght;
foreach (var instrr in instrList)
{
insertMeth.Body.Instructions.Add(instrr.Clone());
}
}
insertMeth.Body.Instructions.Add(Instruction.Create(OpCodes.Ret));
}
public static void Execute(ModuleDefMD module)
{
cctor = module.GlobalType.FindStaticConstructor();
Dictionary <FieldDef, Tuple <byte[], int> > fields = new Dictionary <FieldDef, Tuple <byte[], int> >();
List <byte> data = new List <byte>();
int count = 0;
foreach (var method in module.GetTypes().SelectMany(type => type.Methods))
{
if (method.HasBody)
{
List <Instruction> stringInstr = method.Body.Instructions.Where(instr => instr.OpCode == OpCodes.Ldstr).ToList();
for (int i = 0; i < stringInstr.Count; i++)
{
byte[] stringByte = Encoding.UTF8.GetBytes(stringInstr[i].Operand as string);
data.AddRange(stringByte);
FieldDef field = CreateField(module);
fields.Add(field, Tuple.Create(stringByte, count));
method.DeclaringType.Fields.Add(field);
stringInstr[i].OpCode = OpCodes.Ldsfld;
stringInstr[i].Operand = field;
count++;
}
}
}
staticFields = fields;
data = Encrypt(data.ToArray()).ToList();
var dataType = new TypeDefUser("", "", module.CorLibTypes.GetTypeRef("System", "ValueType"));
RenameTask.Rename(dataType);
dataType.Layout = TypeAttributes.ExplicitLayout;
dataType.Visibility = TypeAttributes.NestedPrivate;
dataType.IsSealed = true;
dataType.ClassLayout = new ClassLayoutUser(1, (uint)data.Count);
module.GlobalType.NestedTypes.Add(dataType);
var dataField = new FieldDefUser("", new FieldSig(dataType.ToTypeSig()))
{
IsStatic = true,
HasFieldRVA = true,
InitialValue = data.ToArray(),
Access = FieldAttributes.CompilerControlled
};
module.GlobalType.Fields.Add(dataField);
GlobalDataField = dataField;
RenameTask.Rename(dataField);
NETUtils.listener.OnWriterEvent += OnWriterEvent;
}
public static void Execute(ModuleDefMD module)
{
int key = rand.Next(97, 122);
/* rand.GetBytes(byteKey);
*
* var dataType = new TypeDefUser(module.GlobalType.Namespace, "", module.CorLibTypes.GetTypeRef("System", "ValueType"));
* RenameTask.Rename(dataType);
* dataType.Layout = TypeAttributes.ExplicitLayout;
* dataType.Visibility = TypeAttributes.NestedPrivate;
* dataType.IsSealed = true;
* dataType.ClassLayout = new ClassLayoutUser(1, (uint)byteKey.Length);
* module.GlobalType.NestedTypes.Add(dataType);
*
* var dataField = new FieldDefUser("", new FieldSig(dataType.ToTypeSig()))
* {
* IsStatic = true,
* HasFieldRVA = true,
* InitialValue = byteKey,
* Access = FieldAttributes.CompilerControlled
* };
* module.GlobalType.Fields.Add(dataField);
* RenameTask.Rename(dataField);*/
TypeDef stringInjType = NETUtils.ImportType(typeof(StringEncInj));
MethodDef stringDecMeth = NETUtils.GetMethodByName(stringInjType, "StringDec");
stringDecMeth.DeclaringType = null;
stringDecMeth.Body.Instructions[13].OpCode = OpCodes.Ldc_I4;
stringDecMeth.Body.Instructions[13].Operand = key;
RenameTask.Rename(stringDecMeth, true);
TypeDef cctor = module.GlobalType;
cctor.Methods.Add(stringDecMeth);
foreach (var method in module.GetTypes().SelectMany(type => type.Methods))
{
if (method != stringDecMeth && method.HasBody)
{
List <Instruction> stringInstr = method.Body.Instructions.Where(instr => instr.OpCode == OpCodes.Ldstr).ToList();
for (int i = 0; i < stringInstr.Count; i++)
{
int index = method.Body.Instructions.IndexOf(stringInstr[i]);
stringInstr[i].Operand = Ecrypt((string)stringInstr[i].Operand, key);
method.Body.Instructions.Insert(index + 1, Instruction.Create(OpCodes.Call, stringDecMeth));
}
}
}
}
public static void Execute(ModuleDefMD module)
{
TypeDef globalType = module.GlobalType;
MethodDef cctor = globalType.FindStaticConstructor();
TypeDef antiDebugType = NETUtils.ImportType(typeof(AntiDebugInj));
MethodDef check = NETUtils.GetMethodByName(antiDebugType, "Check");
MethodDef isDbgPresent = NETUtils.GetMethodByName(antiDebugType, "IsDebuggerPresent");
MethodDef thread = NETUtils.GetMethodByName(antiDebugType, "t");
antiDebugType.Methods.Remove(check);
antiDebugType.Methods.Remove(isDbgPresent);
antiDebugType.Methods.Remove(thread);
//RenameTask.Rename(antiDebugType);
RenameTask.Rename(check);
RenameTask.Rename(thread);
globalType.Methods.Add(check);
globalType.Methods.Add(isDbgPresent);
globalType.Methods.Add(thread);
cctor.Body.Instructions.Insert(0, Instruction.Create(OpCodes.Call, check));
}
public static Dictionary <MethodDef, Tuple <int[], int[]> > CreateMethods(ModuleDef loadedMod)
{
DynamicCode code = new DynamicCode(3);
int[] modules = new int[4];
for (int i = 0; i < modules.Length; i++)
{
modules[i] = rand.Next(2, 25);
}
Instruction[,] methods = new Instruction[4, 10];
for (int i = 0; i < 4; i++)
{
Instruction[] methodBody = code.Create();
for (int y = 0; y < methodBody.Length; y++)
{
methods[i, y] = methodBody[y];
}
}
List <Tuple <Instruction[], Tuple <int, Tuple <int[], int[]> > > > InstrToInt =
new List <Tuple <Instruction[], Tuple <int, Tuple <int[], int[]> > > >();
for (int i = 0; i < 4; i++)
{
List <Instruction> instr = new List <Instruction>();
int[] numbersTrue = new int[5];
int[] numbersFalse = new int[5];
for (int y = 0; y < 10; y++)
{
instr.Add(methods[i, y]);
}
for (int y = 0; y < 5; y++)
{
numbersTrue[y] = code.RandomNumberInModule(instr.ToArray(), modules[i], true);
}
for (int y = 0; y < 5; y++)
{
numbersFalse[y] = code.RandomNumberInModule(instr.ToArray(), modules[i], false);
}
InstrToInt.Add(Tuple.Create(instr.ToArray(), Tuple.Create(modules[i], Tuple.Create(numbersTrue, numbersFalse))));
}
Dictionary <MethodDef, Tuple <int[], int[]> > final = new Dictionary <MethodDef, Tuple <int[], int[]> >();
MethodAttributes methFlags = MethodAttributes.Public | MethodAttributes.Static
| MethodAttributes.HideBySig | MethodAttributes.ReuseSlot;
MethodImplAttributes methImplFlags = MethodImplAttributes.IL | MethodImplAttributes.Managed;
for (int i = 0; i < 4; i++)
{
MethodDef methodDefs1 = new MethodDefUser(
"",
MethodSig.CreateStatic(loadedMod.CorLibTypes.Boolean, loadedMod.CorLibTypes.Int32),
methImplFlags, methFlags);
RenameTask.Rename(methodDefs1);
methodDefs1.Body = new CilBody();
methodDefs1.ParamDefs.Add(new ParamDefUser("lol", 0));
List <Instruction> preInstr = new List <Instruction>(InstrToInt[i].Item1);
int module = InstrToInt[i].Item2.Item1;
//preInstr.RemoveAt(preInstr.Count - 1);
preInstr.Insert(preInstr.Count - 1, Instruction.CreateLdcI4(module));
preInstr.Insert(preInstr.Count - 1, OpCodes.Rem.ToInstruction());
preInstr.Insert(preInstr.Count - 1, Instruction.CreateLdcI4(0));
preInstr.Insert(preInstr.Count - 1, Instruction.Create(OpCodes.Ceq));
//preInstr.Insert(preInstr.Count - 1, Instruction.Create(OpCodes.Ret));
foreach (var item in preInstr)
{
methodDefs1.Body.Instructions.Add(item);
}
final.Add(methodDefs1, InstrToInt[i].Item2.Item2);
}
TypeDef type1 = new TypeDefUser("", "", loadedMod.CorLibTypes.Object.TypeDefOrRef);
RenameTask.Rename(type1);
type1.Attributes = dnlib.DotNet.TypeAttributes.Public | dnlib.DotNet.TypeAttributes.AutoLayout |
dnlib.DotNet.TypeAttributes.Class | dnlib.DotNet.TypeAttributes.AnsiClass;
loadedMod.Types.Add(type1);
foreach (var item in final)
{
type1.Methods.Add(item.Key);
}
return(final);
}