Posted April 27, 20187 yr Hi all, I wanted to execute a fonction on a loaded assembly, my code run well on a normal assembly, but it's failed when i try it on a obfuscated one (rdg packer says .net crypter) I list the string inside the binary like this: try { Assembly asm = Assembly.LoadFrom(executable); foreach (Type type in asm.GetTypes()) { foreach (MethodInfo method in type.GetMethods()) { if (method.MetadataToken == testToken) { Type t = asm.GetType(type.FullName); var methodInfoStatic = t.GetMethod(method.Name); if (methodInfoStatic == null) { throw new Exception("No such static method exists."); } object[] constructorParameters = new object[0]; var o = Activator.CreateInstance(t, constructorParameters); object[] parameters = new object[2]; parameters[0] = 124; parameters[1] = "Some text."; methodInfoStatic.Invoke(o, parameters); } } } } catch (ReflectionTypeLoadException e) { throw new Exception(string.Format("Failed to load type due to the following:{0}{1}{0}", Environment.NewLine, string.Join(Environment.NewLine, e.LoaderExceptions.Select(le => le.ToString()).ToArray()))); } catch (Exception ex) { if (ex.Source != null) Console.WriteLine("DecryptString IOException source: {0}", ex.Message); } When i launch it on the obfuscated assembly i have these type of error on the line foreach (Type type in asm.GetTypes()); Main IOException source: Failed to load type due to the following: System.TypeLoadException: Could not load type 'cd1f1ff1-32e7-42a3-b836-f97c7529b0e7' from assembly 'DSKUY1SYB8EWZF4Z73LSC112J0BO92TISHQ8Y3T1, Version=0.0.0.0, Culture=neutral, PublicKeyToken=null'. System.TypeLoadException: Could not load type '9265c019-154b-42b8-a817-e4687366c95d' from assembly 'DSKUY1SYB8EWZF4Z73LSC112J0BO92TISHQ8Y3T1, Version=0.0.0.0, Culture=neutral, PublicKeyToken=null'. A lot of same type functions Example of some of the functions using System; // Token: 0x02000044 RID: 68 internal class 9265c019-154b-42b8-a817-e4687366c95d : 9265c019-154b-42b8-a817-e4687366c95d { } using System; // Token: 0x02000043 RID: 67 internal class cd1f1ff1-32e7-42a3-b836-f97c7529b0e7 : cd1f1ff1-32e7-42a3-b836-f97c7529b0e7 { } Any idea how to correct that? Thank you
April 27, 20187 yr I think you need to first call cctor and decrypt resources and load decrypted linked resource file. Is it confuserex?
April 28, 20187 yr Author It's not confuser, rdg packer say .net crypter. I think it's just a generic crypter There is no cctor in this binary, but there is a resource. Do you have an example of how to do it (for the resource and cctor for my curiosity)?
Create an account or sign in to comment