Merge pull request #3 from BlueRayDevs/master

Support Version 2.0.21.12 released on Dec 24, 2017

Author: RexProg

ILProtectorUnpacker.cs

@@ -19,6 +19,7 @@ class Script
     public static AssemblyWriter assemblyWriter;
     public static Assembly assembly;
     public static MethodDef currentMethod;
+    public static StackFrame[] mainFrames;
     public static List<TypeDef> junkType = new List<TypeDef>();
 
     [STAThread]
@@ -59,7 +60,9 @@ static public void Main(string[] args)
             assembly = Assembly.LoadFrom(path);
             Console.WriteLine("[+] Wait...");
 
-            Memory.Hook(typeof(StackFrame).GetMethod("SetMethodBase", BindingFlags.Instance | BindingFlags.NonPublic), typeof(Script).GetMethod("Hook2", BindingFlags.Instance | BindingFlags.Public));
+            mainFrames = new StackTrace().GetFrames();
+
+            Memory.Hook(typeof(StackTrace).GetMethod("CaptureStackTrace", BindingFlags.Instance | BindingFlags.NonPublic), typeof(Script).GetMethod("Hook3", BindingFlags.Instance | BindingFlags.Public));
 
             var types = assemblyWriter.moduleDef.GetTypes();
             var list = (types as IList<TypeDef>) ?? types.ToList<TypeDef>();
@@ -82,7 +85,6 @@ static public void Main(string[] args)
 
             if (method == null)
                 Console.WriteLine("[!] Couldn't find InvokeMethod");
-
             InvokeDelegates(list, method, fieldValue);
 
             new StringDecrypter(assembly).ReplaceStrings(list);
@@ -189,6 +191,29 @@ public void Hook2(MethodBase mb)
         else
             typeof(StackFrame).GetField("method", BindingFlags.Instance | BindingFlags.NonPublic).SetValue(this, mb);
     }
+
+    public void Hook3(int iSkip, bool fNeedFileInfo, Thread targetThread, Exception e)
+    {
+        ///////////////////////////////////////////////////////////////////////////////////////////////
+        //    FrameCount    |                2	                 |               int                 //
+        //  METHODS_TO_SKIP |                0	                 |               int                 //
+        //      frames      | {System.Diagnostics.StackFrame[6]} |  System.Diagnostics.StackFrame[]  //
+        // m_iMethodsToSkip	|                4	                 |               int                 //
+        //  m_iNumOfFrames  |                2	                 |               int                 //
+        ///////////////////////////////////////////////////////////////////////////////////////////////
+        typeof(StackFrame).GetField("method", BindingFlags.Instance | BindingFlags.NonPublic).SetValue(mainFrames.Last(), assembly.Modules.FirstOrDefault<Module>().ResolveMethod(currentMethod.MDToken.ToInt32()));
+
+        var mainFramesList = mainFrames.ToList();
+
+        for (int i = mainFramesList.Count(); i < 6; i++)
+            mainFramesList.Add(mainFrames.Last());
+        for (int i = mainFramesList.Count(); i > 6; i--)
+            mainFramesList.Remove(mainFramesList.First());
+
+        typeof(StackTrace).GetField("frames", BindingFlags.Instance | BindingFlags.NonPublic).SetValue(this, mainFramesList.ToArray());
+        typeof(StackTrace).GetField("m_iMethodsToSkip", BindingFlags.Instance | BindingFlags.NonPublic).SetValue(this, 4);
+        typeof(StackTrace).GetField("m_iNumOfFrames", BindingFlags.Instance | BindingFlags.NonPublic).SetValue(this, 2);
+    }
 }
 
 internal class StringDecrypter

README.md

@@ -1,5 +1,5 @@
 # ILProtectorUnpacker
-ILProtector Unpacker Script for Program protected by ILProtector Version 2.0.21.9 released on Oct 31, 2017
+ILProtector Unpacker Script for Program protected by ILProtector Version 2.0.21.12 released on Dec 24, 2017
 
 Script written by notepad++ (cs script plugin)