Exetools  

Go Back   Exetools > General > General Discussion
Reload this Page {SmartAssembly 4} Refrences Dynamic Proxy Setting patch?
Register Forum Rules FAQ Calendar

Notices

 
 
Thread Tools Display Modes
Prev Previous Post   Next Post Next
  #1  
Old 10-02-2009, 04:31
bball0002 bball0002 is offline
Friend
  
Join Date: Sep 2009
Posts: 28
Rept. Given: 3
Rept. Rcvd 6 Times in 4 Posts
Thanks Given: 1
Thanks Rcvd at 5 Times in 1 Post
bball0002 Reputation: 6
{SmartAssembly 4} Refrences Dynamic Proxy Setting patch?
Anyone have any information on how to patch a {SmartAssembly 4} protected target with this setting enabled? Here is what the setting says in {SM4}:

"{smartassembly} can create a proxy for calls to external members. This high protection feature will hide most of the calls to external methods, properties or fields in your code by replacing them with calls to the proxy. This proxy is created dynamically at run-time, which increases the protection of your code.

Additionally, the proxy is built in a way that prevents the assembly from being modified. This means that if a hacker tries to modify your assembly, even slightly, then the proxy will no longer work and the application will not be able to start.

Because this feature has a built-in protection against assembly modification, you won't be able to post-process the built assembly with any tool."

Based on my research, I am almost positive that this is the method:

cctor:
Code:
Shared Sub New()
    . = New Char() { ChrW(1), ChrW(2), ChrW(3), ChrW(4), ChrW(5), ChrW(6), ChrW(7), ChrW(8), ChrW(14), ChrW(15), ChrW(16), ChrW(17), ChrW(18), ChrW(19), ChrW(20), ChrW(21), ChrW(22), ChrW(23), ChrW(24), ChrW(25), ChrW(26), ChrW(27), ChrW(28), ChrW(29), ChrW(30), ChrW(31), ""c, ChrW(128), ChrW(129), ChrW(130), ChrW(131), ChrW(132), ChrW(134), ChrW(135), ChrW(136), ChrW(137), ChrW(138), ChrW(139), ChrW(140), ChrW(141), ChrW(142), ChrW(143), ChrW(144), ChrW(145), ChrW(146), ChrW(147), ChrW(148), ChrW(149), ChrW(150), ChrW(151), ChrW(152), ChrW(153), ChrW(154), ChrW(155), ChrW(156), ChrW(157), ChrW(158), ChrW(159) }
    If (Not GetType(MulticastDelegate) Is Nothing) Then
        . = Assembly.GetExecutingAssembly.GetModules(0).ModuleHandle
    End If
End Sub
(Int32) : Void
Code:
Public Shared Sub (ByVal num1 As Integer)
    Dim typeFromHandle As Type
    Try 
        typeFromHandle = Type.GetTypeFromHandle(..ResolveTypeHandle((&H2000001 + num1)))
    Catch obj1 As Object
        Return
    End Try
    Dim info As FieldInfo
    For Each info In typeFromHandle.GetFields((BindingFlags.GetField Or (BindingFlags.NonPublic Or BindingFlags.Static)))
        Dim methodFromHandle As MethodInfo
        Dim delegate2 As Delegate
        Dim name As String = info.Name
        Dim flag As Boolean = False
        Dim num As Integer = 0
        Dim i As Integer = (name.Length - 1)
        Do While (i >= 0)
            Dim ch As Char = name.Chars(i)
            If (ch = "~"c) Then
                flag = True
                Exit Do
            End If
            Dim k As Integer
            For k = 0 To &H3A - 1
                If (.(k) = ch) Then
                    num = ((num * &H3A) + k)
                    Exit For
                End If
            Next k
            i -= 1
        Loop
        Try 
            methodFromHandle = DirectCast(MethodBase.GetMethodFromHandle(..ResolveMethodHandle((num + &HA000001))), MethodInfo)
        Catch obj2 As Object
            goto Label_01F1
        End Try
        If methodFromHandle.IsStatic Then
            Try 
                delegate2 = Delegate.CreateDelegate(info.FieldType, methodFromHandle)
                goto Label_01E3
            Catch exception1 As Exception
                goto Label_01F1
            End Try
        End If
        Dim parameters As ParameterInfo() = methodFromHandle.GetParameters
        Dim num4 As Integer = (parameters.Length + 1)
        Dim parameterTypes As Type() = New Type(num4  - 1) {}
        parameterTypes(0) = GetType(Object)
        Dim j As Integer
        For j = 1 To num4 - 1
            parameterTypes(j) = parameters((j - 1)).ParameterType
        Next j
        Dim method As New DynamicMethod(String.Empty, methodFromHandle.ReturnType, parameterTypes, typeFromHandle, True)
        Dim iLGenerator As ILGenerator = method.GetILGenerator
        iLGenerator.Emit(OpCodes.Ldarg_0)
        If (num4 > 1) Then
            iLGenerator.Emit(OpCodes.Ldarg_1)
        End If
        If (num4 > 2) Then
            iLGenerator.Emit(OpCodes.Ldarg_2)
        End If
        If (num4 > 3) Then
            iLGenerator.Emit(OpCodes.Ldarg_3)
        End If
        If (num4 > 4) Then
            Dim m As Integer
            For m = 4 To num4 - 1
                iLGenerator.Emit(OpCodes.Ldarg_S, m)
            Next m
        End If
        iLGenerator.Emit(IIf(flag, OpCodes.Callvirt, OpCodes.Call), methodFromHandle)
        iLGenerator.Emit(OpCodes.Ret)
        Try 
            delegate2 = method.CreateDelegate(typeFromHandle)
        Catch obj3 As Object
            goto Label_01F1
        End Try
    Label_01E3:
        Try 
            info.SetValue(Nothing, delegate2)
        Catch obj4 As Object
        End Try
    Label_01F1:
    Next
End Sub
I'm not sure if you can patch the method, or if you'd have to rip this method and create a program to patch the target. If anyone has information on this, that would be great.


Thanks.
Reply With Quote
 

« Previous Thread | Next Thread »

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
ROZdll (Advanced Dynamic Proxy DLL Generator) tinomal General Discussion 9 01-10-2024 01:33
Why SoftIce is not setting breakpoints? Pyrat General Discussion 8 01-14-2003 00:34


All times are GMT +8. The time now is 10:42.

Aaron's homepage - Top

Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX, chessgod101
( Since 1998 )