Dotnet Reflection on obfuscated sample

[Futex]

Hi all,

I wanted to execute a fonction on a loaded assembly, my code run well on a normal assembly, but it's failed when i try it on a obfuscated one (rdg packer says .net crypter)

I list the string inside the binary like this:

try
{
	Assembly asm = Assembly.LoadFrom(executable);

	foreach (Type type in asm.GetTypes())
	{

		foreach (MethodInfo method in type.GetMethods())
		{
			if (method.MetadataToken == testToken)
			{

				Type t = asm.GetType(type.FullName);

				var methodInfoStatic = t.GetMethod(method.Name);

				if (methodInfoStatic == null)
				{
					throw new Exception("No such static method exists.");
				}

				object[] constructorParameters = new object[0];

				var o = Activator.CreateInstance(t, constructorParameters);

				object[] parameters = new object[2];
				parameters[0] = 124;            
				parameters[1] = "Some text.";


				methodInfoStatic.Invoke(o, parameters);    
			}
		}
	}
}
catch (ReflectionTypeLoadException e) 
{ 
	throw new Exception(string.Format("Failed to load type due to the following:{0}{1}{0}", Environment.NewLine, string.Join(Environment.NewLine, e.LoaderExceptions.Select(le => le.ToString()).ToArray()))); 
}
catch (Exception ex)
{
	if (ex.Source != null)
		Console.WriteLine("DecryptString IOException source: {0}", ex.Message);
}

When i launch it on the obfuscated assembly i have these type of error on the line  foreach (Type type in asm.GetTypes());

 

Main IOException source: Failed to load type due to the following:
System.TypeLoadException: Could not load type 'cd1f1ff1-32e7-42a3-b836-f97c7529b0e7' from assembly 'DSKUY1SYB8EWZF4Z73LSC112J0BO92TISHQ8Y3T1, Version=0.0.0.0, Culture=neutral, PublicKeyToken=null'.
System.TypeLoadException: Could not load type '9265c019-154b-42b8-a817-e4687366c95d' from assembly 'DSKUY1SYB8EWZF4Z73LSC112J0BO92TISHQ8Y3T1, Version=0.0.0.0, Culture=neutral, PublicKeyToken=null'.
 
  A lot of same type functions

Example of some of the functions

using System;

// Token: 0x02000044 RID: 68
internal class 9265c019-154b-42b8-a817-e4687366c95d : 9265c019-154b-42b8-a817-e4687366c95d
{
}

using System;

// Token: 0x02000043 RID: 67
internal class cd1f1ff1-32e7-42a3-b836-f97c7529b0e7 : cd1f1ff1-32e7-42a3-b836-f97c7529b0e7
{
}

Any idea how to correct that?

Thank you

[YuqseLx]

I think you need to first call cctor and decrypt resources and load decrypted linked resource file. Is it confuserex?

[Futex]

It's not confuser, rdg packer say .net crypter. I think it's just a generic crypter

There is no cctor in this binary, but there is a resource. Do you have an example of how to do it (for the resource and cctor for my curiosity)?

[YuqseLx]

Rdg says not important can you upload sample ? Or give from PM?