ConfuserEx-Unpacker-2 SRC

1. /*
2. https://forum.tuts4you.com/topic/41056-confuserex-unpacker-2/
3. GITHUB: https://github.com/cawk/ConfuserEx-Unpacker-2
4.  
5. A new and updated version of my last unpacker for confuserex which people actually seem to use so i thought i would update it and actually make it better as that version is very poor
6. this is currently in beta and in its first version will only support confuserex with no modifications or additional options from confuserex itself. this will change as i add more features
7. this will heavily be based off my instruction emulator which makes it much more reliable as long as theres no hidden surprises from modified confuserex
8. i have not used sub modules due to making changes within de4dot.blocks in Int32/64Value i have modified the Shr_Un methods and such to fix a bug (well not really a bug but it prevents some operations from giving correct result)
9. if you have an issue with this unpacker please make an issue report but if you simply go
10. 'does not work on this file please fix' i simply will just close your issue
11. please make a detailed report and explain where it crashes
12. Credits TheProxy for his Reference Proxy Remover Shadow Anti Tamper remover 0xd4d dnlib/de4dot
13.  
14. =====================================================================================================================================================================================
15.  
16. .NET-Instruction-Emulator
17. This project is an extremely helpful toolkit for any reverser dealing with complicated MSIL. using this you can emulate certain instructions complete methods or even just 1 instruction. this can be extremely helpful for many obfuscators i mainly use this in confuserex appfuscator and netguard
18. this can replace invoking of most methods as you can just run the instructions with this emulator and you have complete control over which instructions are ran and contains events so you can intercept certain instructions
19. this requires fw 4.0+ since this uses dynamic variables a few people have said that its a bad idea to use dynamic variables in this project however this is incorrect since an emulator is not made for performance rather its accuracy of emulating and getting the correct result they keep the code alot cleaner and easier to understand.
20. Usage
21. to use this you just supply the method along with the start of the instructions to the end of the instructions
22. call/callvirt is included but the implementation is not good this invokes the method or atleast tries to i didnt bother coding it well as if you are emulating a method you should use the event handler to handle the call/virt instruction
23. there are two handlers
24.  
25. OnCallPrepared
26. OnInstructionPrepared
27.  
28. calls will use the fake call unless changed in eventhandler this is to prevent any malicious code to be executed
29. there are many improvements to be made to this but as of now i have no real interest in changing anything as it works for everything i require for there are some missing opcodes if anyone feels free to add them just check how they are executed online and implement them is very simple
30.  
31. Credits
32. Pan - for the events
33. NetGuard and ConfuserEx - for making obfuscation where static decryption is harder than just copying and pasting
34. =====================================================================================================================================================================================
35. https://github.com/cawk/ConfuserEx-Unpacker-2
36. =====================================================================================================================================================================================*/
37. using ConfuserEx_Unpacker.Protections;
38. using dnlib.DotNet;
39. using dnlib.DotNet.Writer;
40. using System;
41. using System.Collections.Generic;
42. using System.IO;
43. using System.Linq;
44. using System.Text;
45. using System.Threading.Tasks;
46. using EasyPredicateKiller;
47.  
48. namespace ConfuserEx_Unpacker
49. {
50.     class Program
51.     {
52.         private static Base[] bases = new Base[]
53.         {
54.             new Protections.Antitamper.Remover(),
55.                  new Protections.Control_Flow.Remover(),
56.             new Protections.Compressor.Remover(),
57.  
58.                new Protections.Antitamper.Remover(),
59.                new Protections.Control_Flow.Remover(),
60.                new Protections.RefProxy.Remover(),
61.                new Protections.Control_Flow.Remover(),
62.                new Protections.Constants.Remover(),
63.                new Protections.Control_Flow.Remover(),
64.                new Protections.RefProxy.Remover(),
65.         };
66.         static void Main(string[] args)
67.         {
68.             if (args.Length != 1)
69.                 throw new Exception("Invalid arguments.");
70.             filename = args[0];
71.             if (!File.Exists(filename))
72.                 throw new FileNotFoundException($"{Path.GetFileName(filename)} doesn't exist.");
73.             module = ModuleDefMD.Load(filename);
74.             LoadAsmRef();
75.             Base.ModuleDef = module;
76.             MethodDefExt2.OriginalMD = Base.ModuleDef;
77.             foreach (Base base1 in bases)
78.             {
79.                 base1.Deobfuscate();
80.             }
81.  
82.             if (Protections.Compressor.Remover.ModuleEp != 0)
83.             {
84.                 Base.ModuleDef.EntryPoint =
85.                     Base.ModuleDef.ResolveToken(Protections.Compressor.Remover.ModuleEp) as MethodDef;
86.             }
87.  
88.             ModuleWriterOptions ModOpts = new ModuleWriterOptions(Base.ModuleDef);
89.             ModOpts.MetadataOptions.Flags = MetadataFlags.PreserveAll;
90.             ModOpts.Logger = DummyLogger.NoThrowInstance;
91.             Console.WriteLine("Writing the file...");
92.             Base.ModuleDef.Write(NewPath(filename), ModOpts);
93.             Console.ReadLine();
94.         }
95.         public static string NewPath(string path)
96.         {
97.             return $"{Path.GetDirectoryName(path)}\\{Path.GetFileNameWithoutExtension(path)}-cleaned{Path.GetExtension(path)}";
98.         }
99.         private static string filename;
100.         private static ModuleDefMD module;
101.         public static void LoadAsmRef()
102.         {
103.             var asmResolver = new AssemblyResolver();
104.             var modCtx = new ModuleContext(asmResolver);
105.             asmResolver.DefaultModuleContext = modCtx;
106.             asmResolver.EnableTypeDefCache = true;
107.  
108.             module.Location = filename;
109.             var asmRefs = module.GetAssemblyRefs().ToList();
110.             module.Context = modCtx;
111.             foreach (var asmRef in asmRefs)
112.             {
113.                 if (asmRef == null)
114.                     continue;
115.                 var asma = asmResolver.Resolve(asmRef.FullName, module);
116.                 //  Protections.Protections.ModuleDef.Context.AssemblyResolver.AddToCache(asma);
117.                 ((AssemblyResolver)module.Context.AssemblyResolver).AddToCache(asma);
118.             }
119.         }
120.     }
121. }
122. /*====================================================================================================================================================================================*/