ConfuserEx脱壳有问
今日在看一个加了ConfuserEx混淆的软件,发现用的动态加载进来,代码如下Assembly executingAssembly = Assembly.GetExecutingAssembly();
Module manifestModule = executingAssembly.ManifestModule;
GCHandle gchandle = <Module>.Decrypt(array, 2594092313u);
byte[] array2 = (byte[])gchandle.Target;
Module module = executingAssembly.LoadModule("koi", array2);
Array.Clear(array2, 0, array2.Length);
gchandle.Free();
Array.Clear(array, 0, array.Length);
<Module>.key = manifestModule.ResolveSignature(285212673);
AppDomain.CurrentDomain.AssemblyResolve += <Module>.Resolve;
module.GetTypes();
MethodBase methodBase = module.ResolveMethod((int)<Module>.key | (int)<Module>.key << 8 | (int)<Module>.key << 16 | (int)<Module>.key << 24);
object[] array3 = new object;
if (array3.Length != 0)
{
array3 = A_0;
}
object obj = methodBase.Invoke(null, array3);
先是把主程序解密出来,然后通过Module module = executingAssembly.LoadModule("koi", array2);加载进来
既然程序解密了,我把保存出exe,此时有个问题,保存的exe没有入口,转到<Module>.cctor内也是空的,这怎么解决,请大神们给我一个思路
页:
[1]