-
-
[求助].net switch混淆后程序无法运行
-
2013-11-4 12:37
2810
-
我用mono.cecil给程序插入如switch流程混淆,应该是那里有问题 插入代码后程序无法运行了 所以我想问下这处理过的代码是哪里有问题
我将代码分割为随机个数 的switch,在case前将一个数字入栈,没加本地变量
混淆前
// Microsoft (R) .NET Framework IL Disassembler. Version 3.5.21022.8
// Copyright (c) Microsoft Corporation. All rights reserved.
// Metadata version: v2.0.50727
.assembly extern mscorlib
{
.publickeytoken = (B7 7A 5C 56 19 34 E0 89 ) // .z\V.4..
.ver 2:0:0:0
}
.assembly hello
{
.custom instance void [mscorlib]System.Runtime.CompilerServices.CompilationRelaxationsAttribute::.ctor(int32) = ( 01 00 08 00 00 00 00 00 )
.custom instance void [mscorlib]System.Runtime.CompilerServices.RuntimeCompatibilityAttribute::.ctor() = ( 01 00 01 00 54 02 16 57 72 61 70 4E 6F 6E 45 78 // ....T..WrapNonEx
63 65 70 74 69 6F 6E 54 68 72 6F 77 73 01 ) // ceptionThrows.
.hash algorithm 0x00008004
.ver 0:0:0:0
}
.module hello.exe
// MVID: {2C78763A-7284-490D-BF83-047D1758E8AE}
.imagebase 0x00400000
.file alignment 0x00000200
.stackreserve 0x00100000
.subsystem 0x0003 // WINDOWS_CUI
.corflags 0x00000001 // ILONLY
// Image base: 0x06CD0000
// =============== CLASS MEMBERS DECLARATION ===================
.class private auto ansi beforefieldinit class1
extends [mscorlib]System.Object
{
.method public hidebysig static void Main() cil managed
{
.entrypoint
// 代码大小 19 (0x13)
.maxstack 8
IL_0000: nop
IL_0001: ldstr "hello, .net fans!"
IL_0006: call void [mscorlib]System.Console::WriteLine(string)
IL_000b: nop
IL_000c: call string [mscorlib]System.Console::ReadLine()
IL_0011: pop
IL_0012: ret
} // end of method class1::Main
.method public hidebysig specialname rtspecialname
instance void .ctor() cil managed
{
// 代码大小 7 (0x7)
.maxstack 8
IL_0000: ldarg.0
IL_0001: call instance void [mscorlib]System.Object::.ctor()
IL_0006: ret
} // end of method class1::.ctor
混淆后就无法运行了
// Metadata version: v2.0.50727
.assembly extern mscorlib
{
.publickeytoken = (B7 7A 5C 56 19 34 E0 89 ) // .z\V.4..
.ver 2:0:0:0
}
.assembly hello
{
.custom instance void [mscorlib]System.Runtime.CompilerServices.RuntimeCompatibilityAttribute::.ctor() = ( 01 00 01 00 54 02 16 57 72 61 70 4E 6F 6E 45 78 // ....T..WrapNonEx
63 65 70 74 69 6F 6E 54 68 72 6F 77 73 01 ) // ceptionThrows.
.custom instance void [mscorlib]System.Runtime.CompilerServices.CompilationRelaxationsAttribute::.ctor(int32) = ( 01 00 08 00 00 00 00 00 )
.hash algorithm 0x00008004
.ver 0:0:0:0
}
.module hello.exe
// MVID: {2C78763A-7284-490D-BF83-047D1758E8AE}
.imagebase 0x00400000
.file alignment 0x00000200
.stackreserve 0x00100000
.subsystem 0x0003 // WINDOWS_CUI
.corflags 0x00000001 // ILONLY
// Image base: 0x06CD0000
// =============== CLASS MEMBERS DECLARATION ===================
.class private auto ansi beforefieldinit class1
extends [mscorlib]System.Object
{
.method public hidebysig static void Main() cil managed
{
.entrypoint
// 代码大小 36 (0x24)
.maxstack 8
IL_0000: ldc.i4.0
IL_0001: switch (
IL_000e,
IL_0022)
IL_000e: nop
IL_000f: ldstr "hello, .net fans!"
IL_0014: call void [mscorlib]System.Console::WriteLine(string)
IL_0019: nop
IL_001a: call string [mscorlib]System.Console::ReadLine()
IL_001f: ldc.i4.1
IL_0020: br.s IL_0001
IL_0022: pop
IL_0023: ret
} // end of method class1::Main
.method public hidebysig specialname rtspecialname
instance void .ctor() cil managed
{
// 代码大小 17 (0x11)
.maxstack 8
IL_0000: ldc.i4.0
IL_0001: switch (
IL_000a)
IL_000a: ldarg.0
IL_000b: call instance void [mscorlib]System.Object::.ctor()
IL_0010: ret
} // end of method class1::.ctor
} // end of class class1
[培训]内核驱动高级班,冲击BAT一流互联网大厂工作,每周日13:00-18:00直播授课
