dnlib
dnlib copied to clipboard
0xd4d
Add an option to preserve method bodies even if they are invalid/encrypted or aren't in .text
A good example is ConfuserEx's anti tamper. Just loading and saving the file with dnlib will remove the extra section injected by ConfuserEx and the assembly cannot be run or deobfuscated any further.
If they're encrypted they can probably not be decrypted anyway after saving it. AFAIK, ConfuserEx hashes part of the file and uses that as a key.
Doesn't it only hash the encrypted method bodies it injects as a separate section? You could still modify an AssemblyRef for example without damaging the encrypted data. Correct me if I am wrong, I am not 100% sure about this.
Have you had time to verify it yet?
Otherwise I suggest you decrypt the methods first.
I don't want to spend time on a feature that perhaps won't work.
From my testing, simply modifying stuff in the .NET Metadata Tables (I tested by changing the Name of an AssemblyRef (offset in #Strings) to something else) won't stop the anti-tamper from decrypting the method bodies.
Hello, i believe we have the same problem. After saving an assembly with dnlib while the methods are invalid/have antitamper on them, the methods would simply not be preserved and the file would break.
Settings i used to save, and what the methods looked like: https://i.imgur.com/jjHhIjQ.png
Error i got after saving: https://i.imgur.com/VQtk6yK.png
What the methods looked like after saving: https://i.imgur.com/ucCQ5Fk.png
Screenshot of the sections before saving: https://i.imgur.com/lBwF6mD.png
Screenshot of the sections after saving: https://i.imgur.com/P0hggej.png
I Attached a before and after test/crackme file. The file is protected with an older version of VMProtect .net
