今日在看一个加了ConfuserEx混淆的软件,发现用的动态加载进来,代码如下
[C#] 纯文本查看 复制代码
Assembly executingAssembly = Assembly.GetExecutingAssembly();
Module manifestModule = executingAssembly.ManifestModule;
GCHandle gchandle = <Module>.Decrypt(array, 2594092313u);
byte[] array2 = (byte[])gchandle.Target;
Module module = executingAssembly.LoadModule("koi", array2);
Array.Clear(array2, 0, array2.Length);
gchandle.Free();
Array.Clear(array, 0, array.Length);
<Module>.key = manifestModule.ResolveSignature(285212673);
AppDomain.CurrentDomain.AssemblyResolve += <Module>.Resolve;
module.GetTypes();
MethodBase methodBase = module.ResolveMethod((int)<Module>.key[0] | (int)<Module>.key[1] << 8 | (int)<Module>.key[2] << 16 | (int)<Module>.key[3] << 24);
object[] array3 = new object[methodBase.GetParameters().Length];
if (array3.Length != 0)
{
array3[0] = A_0;
}
object obj = methodBase.Invoke(null, array3);
先是把主程序解密出来,然后通过Module module = executingAssembly.LoadModule("koi", array2);加载进来
既然程序解密了,我把保存出exe,此时有个问题,保存的exe没有入口,转到<Module>.cctor内也是空的,这怎么解决,请大神们给我一个思路
| 
发表于 2020-12-11 23:47
