本文整理汇总了C#中MyPEImage类的典型用法代码示例。如果您正苦于以下问题:C# MyPEImage类的具体用法?C# MyPEImage怎么用?C# MyPEImage使用的例子?那么恭喜您, 这里精选的类代码示例或许可以为您提供帮助。
MyPEImage类属于命名空间,在下文中一共展示了MyPEImage类的20个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于我们的系统推荐出更棒的C#代码示例。
示例1: Decrypt
public bool Decrypt(MyPEImage peImage, ref DumpedMethods dumpedMethods) {
dumpedMethods = new DumpedMethods();
bool decrypted = false;
var methodDef = peImage.MetaData.TablesStream.MethodTable;
for (uint rid = 1; rid <= methodDef.Rows; rid++) {
var dm = new DumpedMethod();
peImage.ReadMethodTableRowTo(dm, rid);
if (dm.mdRVA == 0)
continue;
uint bodyOffset = peImage.RvaToOffset(dm.mdRVA);
peImage.Reader.Position = bodyOffset;
var mbHeader = MethodBodyParser.ParseMethodBody(peImage.Reader, out dm.code, out dm.extraSections);
peImage.UpdateMethodHeaderInfo(dm, mbHeader);
if (dm.code.Length < 6 || dm.code[0] != 0x2A || dm.code[1] != 0x2A)
continue;
int seed = BitConverter.ToInt32(dm.code, 2);
Array.Copy(newCodeHeader, dm.code, newCodeHeader.Length);
if (seed == 0)
Decrypt(dm.code);
else
Decrypt(dm.code, seed);
dumpedMethods.Add(dm);
decrypted = true;
}
return decrypted;
}
开发者ID:GodLesZ,项目名称:de4dot,代码行数:34,代码来源:MethodsDecrypter.cs
示例2: PeHeader
public PeHeader(MainType mainType, MyPEImage peImage) {
uint headerOffset;
version = GetHeaderOffsetAndVersion(peImage, out headerOffset);
headerData = peImage.OffsetReadBytes(headerOffset, 0x1000);
switch (version) {
case EncryptionVersion.V1:
case EncryptionVersion.V2:
case EncryptionVersion.V3:
case EncryptionVersion.V4:
case EncryptionVersion.V5:
default:
xorKey = 0x7ABF931;
break;
case EncryptionVersion.V6:
xorKey = 0x7ABA931;
break;
case EncryptionVersion.V7:
xorKey = 0x8ABA931;
break;
case EncryptionVersion.V8:
if (CheckMcKeyRva(peImage, 0x99BA9A13))
break;
if (CheckMcKeyRva(peImage, 0x18ABA931))
break;
if (CheckMcKeyRva(peImage, 0x18ABA933))
break;
break;
}
}
开发者ID:RafaelRMachado,项目名称:de4dot,代码行数:33,代码来源:PeHeader.cs
示例3: DecrypterInfo
public DecrypterInfo(MainType mainType, byte[] fileData) {
this.mainType = mainType;
this.peImage = new MyPEImage(fileData);
this.peHeader = new PeHeader(mainType, peImage);
this.mcKey = new McKey(peImage, peHeader);
this.fileData = fileData;
}
开发者ID:GodLesZ,项目名称:ConfuserDeobfuscator,代码行数:7,代码来源:DecrypterInfo.cs
示例4: patch
public void patch(byte[] peImageData)
{
using (var peImage = new MyPEImage(peImageData)) {
foreach (var info in patchInfos) {
for (int i = 0; i < info.offsets.Length; i++)
peImage.dotNetSafeWriteOffset((uint)info.offsets[i], BitConverter.GetBytes(info.values[i]));
}
}
}
开发者ID:GodLesZ,项目名称:ConfuserDeobfuscator,代码行数:9,代码来源:MemoryPatcher.cs
示例5: McKey
public McKey(MyPEImage peImage, PeHeader peHeader) {
this.peHeader = peHeader;
try {
this.data = peImage.ReadBytes(peHeader.GetMcKeyRva(), 0x2000);
}
catch (IOException) {
this.data = peImage.ReadBytes(peHeader.GetMcKeyRva(), 0x1000);
}
}
开发者ID:RafaelRMachado,项目名称:de4dot,代码行数:9,代码来源:McKey.cs
示例6: MethodInfos
public MethodInfos(ModuleDef module, MainType mainType, MyPEImage peImage, PeHeader peHeader, McKey mcKey) {
this.module = module;
this.mainType = mainType;
this.peImage = peImage;
this.peHeader = peHeader;
this.mcKey = mcKey;
structSize = GetStructSize(mcKey);
uint methodInfosRva = peHeader.GetRva(0x0FF8, mcKey.ReadUInt32(0x005A));
uint encryptedDataRva = peHeader.GetRva(0x0FF0, mcKey.ReadUInt32(0x0046));
methodInfosOffset = peImage.RvaToOffset(methodInfosRva);
encryptedDataOffset = peImage.RvaToOffset(encryptedDataRva);
}
开发者ID:SAD1992,项目名称:justdecompile-plugins,代码行数:15,代码来源:MethodsDecrypter.cs
示例7: Decrypt
public bool Decrypt(MyPEImage peImage, byte[] fileData, ref DumpedMethods dumpedMethods)
{
if (initMethod == null)
return false;
switch (version) {
case ConfuserVersion.v17_r73404: return Decrypt_v17_r73404(peImage, fileData, ref dumpedMethods);
case ConfuserVersion.v17_r73430: return Decrypt_v17_r73404(peImage, fileData, ref dumpedMethods);
case ConfuserVersion.v17_r73477: return Decrypt_v17_r73477(peImage, fileData, ref dumpedMethods);
case ConfuserVersion.v17_r73479: return Decrypt_v17_r73479(peImage, fileData, ref dumpedMethods);
case ConfuserVersion.v17_r74021: return Decrypt_v17_r73479(peImage, fileData, ref dumpedMethods);
case ConfuserVersion.v18_r75257: return Decrypt_v17_r73479(peImage, fileData, ref dumpedMethods);
case ConfuserVersion.v18_r75288: return Decrypt_v17_r73479(peImage, fileData, ref dumpedMethods);
case ConfuserVersion.v18_r75291: return Decrypt_v17_r73479(peImage, fileData, ref dumpedMethods);
case ConfuserVersion.v18_r75402: return Decrypt_v18_r75402(peImage, fileData, ref dumpedMethods);
case ConfuserVersion.v19_r75725: return Decrypt_v18_r75402(peImage, fileData, ref dumpedMethods);
default: throw new ApplicationException("Unknown version");
}
}
开发者ID:kakkerlakgly,项目名称:de4dot,代码行数:19,代码来源:JitMethodsDecrypter.cs
示例8: GetDecryptedModule
public override bool GetDecryptedModule(int count, ref byte[] newFileData, ref DumpedMethods dumpedMethods) {
if (count != 0 || version == Version.Unknown)
return false;
byte[] fileData = ModuleBytes ?? DeobUtils.ReadModule(module);
byte[] decompressed;
using (var peImage = new MyPEImage(fileData)) {
var section = peImage.Sections[peImage.Sections.Count - 1];
var offset = section.PointerToRawData;
offset += 16;
byte[] compressed;
int compressedLen;
switch (version) {
case Version.V0x:
compressedLen = fileData.Length - (int)offset;
compressed = peImage.OffsetReadBytes(offset, compressedLen);
decompressed = Lzmat.DecompressOld(compressed);
if (decompressed == null)
throw new ApplicationException("LZMAT decompression failed");
break;
case Version.V1x_217:
case Version.V218:
if (peImage.PEImage.ImageNTHeaders.FileHeader.Machine == Machine.AMD64 && version == Version.V218)
offset = section.PointerToRawData + section.VirtualSize;
int decompressedLen = (int)peImage.OffsetReadUInt32(offset);
compressedLen = fileData.Length - (int)offset - 4;
compressed = peImage.OffsetReadBytes(offset + 4, compressedLen);
decompressed = new byte[decompressedLen];
uint decompressedLen2;
if (Lzmat.Decompress(decompressed, out decompressedLen2, compressed) != LzmatStatus.OK)
throw new ApplicationException("LZMAT decompression failed");
break;
default:
throw new ApplicationException("Unknown MPRESS version");
}
}
newFileData = decompressed;
return true;
}
开发者ID:RafaelRMachado,项目名称:de4dot,代码行数:43,代码来源:Deobfuscator.cs
示例9: NativeImageUnpacker
public NativeImageUnpacker(IPEImage peImage)
{
this.peImage = new MyPEImage(peImage);
}
开发者ID:n017,项目名称:ConfuserDeobfuscator,代码行数:4,代码来源:NativeImageUnpacker.cs
示例10: Decrypt_v17_r73605
bool Decrypt_v17_r73605(MyPEImage peImage, byte[] fileData) {
if (peImage.OptionalHeader.CheckSum == 0)
return false;
methodsData = DecryptMethodsData_v17_r73404(peImage);
return DecryptImage_v16_r71742(peImage, fileData);
}
开发者ID:RafaelRMachado,项目名称:de4dot,代码行数:7,代码来源:MemoryMethodsDecrypter.cs
示例11: PatchDwords
static void PatchDwords(MyPEImage peImage, IBinaryReader reader, int count) {
for (int i = 0; i < count; i++) {
uint rva = reader.ReadUInt32();
uint data = reader.ReadUInt32();
peImage.DotNetSafeWrite(rva, BitConverter.GetBytes(data));
}
}
开发者ID:RafaelRMachado,项目名称:de4dot,代码行数:7,代码来源:MethodsDecrypter.cs
示例12: Unpack
public byte[] Unpack() {
byte[] data = null;
MyPEImage myPeImage = null;
try {
myPeImage = new MyPEImage(peImage);
data = Unpack2(myPeImage);
}
catch {
}
finally {
if (myPeImage != null)
myPeImage.Dispose();
}
if (data != null)
return data;
if (shouldUnpack)
Logger.w("Could not unpack file: {0}", peImage.FileName ?? "(unknown filename)");
return null;
}
开发者ID:GodLesZ,项目名称:de4dot,代码行数:20,代码来源:ApplicationModeUnpacker.cs
示例13: GetDecryptedModule
public override bool GetDecryptedModule(int count, ref byte[] newFileData, ref DumpedMethods dumpedMethods) {
if (count != 0 || !options.DecryptMethods)
return false;
byte[] fileData = ModuleBytes ?? DeobUtils.ReadModule(module);
using (var peImage = new MyPEImage(fileData)) {
if (!new MethodsDecrypter().Decrypt(peImage, module, cliSecureRtType, ref dumpedMethods)) {
Logger.v("Methods aren't encrypted or invalid signature");
return false;
}
}
newFileData = fileData;
return true;
}
开发者ID:XQuantumForceX,项目名称:Reflexil,代码行数:15,代码来源:Deobfuscator.cs
示例14: CreateDumpedMethods
DumpedMethods CreateDumpedMethods(MyPEImage peImage, byte[] fileData, byte[] methodsData) {
var dumpedMethods = new DumpedMethods();
var methodsDataReader = MemoryImageStream.Create(methodsData);
var fileDataReader = MemoryImageStream.Create(fileData);
var methodDef = peImage.MetaData.TablesStream.MethodTable;
for (uint rid = 1; rid <= methodDef.Rows; rid++) {
var dm = new DumpedMethod();
peImage.ReadMethodTableRowTo(dm, rid);
if (dm.mdRVA == 0)
continue;
uint bodyOffset = peImage.RvaToOffset(dm.mdRVA);
byte b = peImage.OffsetReadByte(bodyOffset);
uint codeOffset;
if ((b & 3) == 2) {
if (b != 2)
continue; // not zero byte code size
dm.mhFlags = 2;
dm.mhMaxStack = 8;
dm.mhLocalVarSigTok = 0;
codeOffset = bodyOffset + 1;
}
else {
if (peImage.OffsetReadUInt32(bodyOffset + 4) != 0)
continue; // not zero byte code size
dm.mhFlags = peImage.OffsetReadUInt16(bodyOffset);
dm.mhMaxStack = peImage.OffsetReadUInt16(bodyOffset + 2);
dm.mhLocalVarSigTok = peImage.OffsetReadUInt32(bodyOffset + 8);
codeOffset = bodyOffset + (uint)(dm.mhFlags >> 12) * 4;
}
fileDataReader.Position = codeOffset;
if (!decrypter.Decrypt(fileDataReader, dm))
continue;
dumpedMethods.Add(dm);
}
return dumpedMethods;
}
开发者ID:RafaelRMachado,项目名称:de4dot,代码行数:45,代码来源:MethodsDecrypter.cs
示例15: UnpackEmbeddedFile
UnpackedFile UnpackEmbeddedFile(MyPEImage peImage, int index, ApplicationModeDecrypter decrypter) {
uint offset = 0;
for (int i = 0; i < index + 1; i++)
offset += sizes[i];
string filename = Win32Path.GetFileName(filenames[index]);
var data = peImage.OffsetReadBytes(offset, (int)sizes[index + 1]);
data = DeobUtils.AesDecrypt(data, decrypter.AssemblyKey, decrypter.AssemblyIv);
data = Decompress(data);
return new UnpackedFile(filename, data);
}
开发者ID:GodLesZ,项目名称:de4dot,代码行数:10,代码来源:ApplicationModeUnpacker.cs
示例16: Decrypt_v15_r59014
bool Decrypt_v15_r59014(MyPEImage peImage, byte[] fileData) {
methodsData = DecryptMethodsData_v14_r57884(peImage, true);
return DecryptImage_v14_r58004(peImage, fileData);
}
开发者ID:RafaelRMachado,项目名称:de4dot,代码行数:4,代码来源:MemoryMethodsDecrypter.cs
示例17: Decrypt
public bool Decrypt(byte[] fileData, ref DumpedMethods dumpedMethods) {
if (decrypter == null)
return false;
using (var peImage = new MyPEImage(fileData)) {
if (peImage.Sections.Count <= 0)
return false;
var methodsData = FindMethodsData(peImage, fileData);
if (methodsData == null)
return false;
decrypter.Initialize(methodsData);
dumpedMethods = CreateDumpedMethods(peImage, fileData, methodsData);
if (dumpedMethods == null)
return false;
}
return true;
}
开发者ID:RafaelRMachado,项目名称:de4dot,代码行数:21,代码来源:MethodsDecrypter.cs
示例18: GetDecryptedModule
public override bool GetDecryptedModule(int count, ref byte[] newFileData, ref DumpedMethods dumpedMethods) {
if (count != 0)
return false;
fileData = ModuleBytes ?? DeobUtils.ReadModule(module);
peImage = new MyPEImage(fileData);
if (!options.DecryptMethods)
return false;
var tokenToNativeCode = new Dictionary<uint,byte[]>();
if (!methodsDecrypter.Decrypt(peImage, DeobfuscatedFile, ref dumpedMethods, tokenToNativeCode, unpackedNativeFile))
return false;
newFileData = fileData;
return true;
}
开发者ID:SAD1992,项目名称:justdecompile-plugins,代码行数:16,代码来源:Deobfuscator.cs
示例19: DecryptImage_v16_r71742
bool DecryptImage_v16_r71742(MyPEImage peImage, byte[] fileData) {
var reader = new BinaryReader(new MemoryStream(methodsData));
reader.ReadInt16(); // sig
int numInfos = reader.ReadInt32();
for (int i = 0; i < numInfos; i++) {
uint offs = reader.ReadUInt32() ^ key4;
if (offs == 0)
continue;
uint rva = reader.ReadUInt32() ^ key5;
if (peImage.RvaToOffset(rva) != offs)
throw new ApplicationException("Invalid offs & rva");
int len = reader.ReadInt32();
for (int j = 0; j < len; j++)
fileData[offs + j] = reader.ReadByte();
}
return true;
}
开发者ID:RafaelRMachado,项目名称:de4dot,代码行数:17,代码来源:MemoryMethodsDecrypter.cs
示例20: Unpack2
byte[] Unpack2(MyPEImage peImage) {
shouldUnpack = false;
uint headerOffset = (uint)peImage.Length - 12;
uint offsetEncryptedAssembly = CheckOffset(peImage, peImage.OffsetReadUInt32(headerOffset));
uint ezencryptionLibLength = peImage.OffsetReadUInt32(headerOffset + 4);
uint iniFileLength = peImage.OffsetReadUInt32(headerOffset + 8);
uint offsetClrVersionNumber = checked(offsetEncryptedAssembly - 12);
uint iniFileOffset = checked(headerOffset - iniFileLength);
uint ezencryptionLibOffset = checked(iniFileOffset - ezencryptionLibLength);
uint clrVerMajor = peImage.OffsetReadUInt32(offsetClrVersionNumber);
uint clrVerMinor = peImage.OffsetReadUInt32(offsetClrVersionNumber + 4);
uint clrVerBuild = peImage.OffsetReadUInt32(offsetClrVersionNumber + 8);
if (clrVerMajor <= 0 || clrVerMajor >= 20 || clrVerMinor >= 20 || clrVerBuild >= 1000000)
return null;
var settings = new IniFile(Decompress2(peImage.OffsetReadBytes(iniFileOffset, (int)iniFileLength)));
sizes = GetSizes(settings["General_App_Satellite_Assemblies_Sizes"]);
if (sizes == null || sizes.Length <= 1)
return null;
shouldUnpack = true;
if (sizes[0] != offsetEncryptedAssembly)
return null;
filenames = settings["General_App_Satellite_Assemblies"].Split('|');
if (sizes.Length - 1 != filenames.Length)
return null;
byte[] ezencryptionLibData = Decompress1(peImage.OffsetReadBytes(ezencryptionLibOffset, (int)ezencryptionLibLength));
var ezencryptionLibModule = ModuleDefMD.Load(ezencryptionLibData);
var decrypter = new ApplicationModeDecrypter(ezencryptionLibModule);
if (!decrypter.Detected)
return null;
var mainAssembly = UnpackEmbeddedFile(peImage, 0, decrypter);
decrypter.MemoryPatcher.Patch(mainAssembly.data);
for (int i = 1; i < filenames.Length; i++)
satelliteAssemblies.Add(UnpackEmbeddedFile(peImage, i, decrypter));
ClearDllBit(mainAssembly.data);
return mainAssembly.data;
}
开发者ID:GodLesZ,项目名称:de4dot,代码行数:42,代码来源:ApplicationModeUnpacker.cs
注:本文中的MyPEImage类示例整理自Github/MSDocs等源码及文档管理平台,相关代码片段筛选自各路编程大神贡献的开源项目,源码版权归原作者所有,传播和使用请参考对应项目的License;未经允许,请勿转载。 |
客服电话
APP下载
官方微信
请发表评论