├── Anti Dump.cs └── README.md /Anti Dump.cs: -------------------------------------------------------------------------------- 1 | AntiDump.Initialize(); 2 | 3 | internal class AntiDump 4 | { 5 | [DllImport("kernel32.dll")] 6 | static extern unsafe bool VirtualProtect(byte* lpAddress, int dwSize, uint flNewProtect, out uint lpflOldProtect); 7 | 8 | public static unsafe void Initialize() 9 | { 10 | uint old; 11 | Module module = typeof(AntiDump).Module; 12 | var bas = (byte*)Marshal.GetHINSTANCE(module); 13 | byte* ptr = bas + 0x3c; 14 | byte* ptr2; 15 | ptr = ptr2 = bas + *(uint*)ptr; 16 | ptr += 0x6; 17 | ushort sectNum = *(ushort*)ptr; 18 | ptr += 14; 19 | ushort optSize = *(ushort*)ptr; 20 | ptr = ptr2 = ptr + 0x4 + optSize; 21 | 22 | byte* @new = stackalloc byte[11]; 23 | if (module.FullyQualifiedName[0] != '<') //Mapped 24 | { 25 | //VirtualProtect(ptr - 16, 8, 0x40, out old); 26 | //*(uint*)(ptr - 12) = 0; 27 | byte* mdDir = bas + *(uint*)(ptr - 16); 28 | //*(uint*)(ptr - 16) = 0; 29 | 30 | if (*(uint*)(ptr - 0x78) != 0) 31 | { 32 | byte* importDir = bas + *(uint*)(ptr - 0x78); 33 | byte* oftMod = bas + *(uint*)importDir; 34 | byte* modName = bas + *(uint*)(importDir + 12); 35 | byte* funcName = bas + *(uint*)oftMod + 2; 36 | VirtualProtect(modName, 11, 0x40, out old); 37 | 38 | *(uint*)@new = 0x6c64746e; 39 | *((uint*)@new + 1) = 0x6c642e6c; 40 | *((ushort*)@new + 4) = 0x006c; 41 | *(@new + 10) = 0; 42 | 43 | for (int i = 0; i < 11; i++) 44 | *(modName + i) = *(@new + i); 45 | 46 | VirtualProtect(funcName, 11, 0x40, out old); 47 | 48 | *(uint*)@new = 0x6f43744e; 49 | *((uint*)@new + 1) = 0x6e69746e; 50 | *((ushort*)@new + 4) = 0x6575; 51 | *(@new + 10) = 0; 52 | 53 | for (int i = 0; i < 11; i++) 54 | *(funcName + i) = *(@new + i); 55 | } 56 | 57 | for (int i = 0; i < sectNum; i++) 58 | { 59 | VirtualProtect(ptr, 8, 0x40, out old); 60 | Marshal.Copy(new byte[8], 0, (IntPtr)ptr, 8); 61 | ptr += 0x28; 62 | } 63 | VirtualProtect(mdDir, 0x48, 0x40, out old); 64 | byte* mdHdr = bas + *(uint*)(mdDir + 8); 65 | *(uint*)mdDir = 0; 66 | *((uint*)mdDir + 1) = 0; 67 | *((uint*)mdDir + 2) = 0; 68 | *((uint*)mdDir + 3) = 0; 69 | 70 | VirtualProtect(mdHdr, 4, 0x40, out old); 71 | *(uint*)mdHdr = 0; 72 | mdHdr += 12; 73 | mdHdr += *(uint*)mdHdr; 74 | mdHdr = (byte*)(((ulong)mdHdr + 7) & ~3UL); 75 | mdHdr += 2; 76 | ushort numOfStream = *mdHdr; 77 | mdHdr += 2; 78 | for (int i = 0; i < numOfStream; i++) 79 | { 80 | VirtualProtect(mdHdr, 8, 0x40, out old); 81 | //*(uint*)mdHdr = 0; 82 | mdHdr += 4; 83 | //*(uint*)mdHdr = 0; 84 | mdHdr += 4; 85 | for (int ii = 0; ii < 8; ii++) 86 | { 87 | VirtualProtect(mdHdr, 4, 0x40, out old); 88 | *mdHdr = 0; 89 | mdHdr++; 90 | if (*mdHdr == 0) 91 | { 92 | mdHdr += 3; 93 | break; 94 | } 95 | *mdHdr = 0; 96 | mdHdr++; 97 | if (*mdHdr == 0) 98 | { 99 | mdHdr += 2; 100 | break; 101 | } 102 | *mdHdr = 0; 103 | mdHdr++; 104 | if (*mdHdr == 0) 105 | { 106 | mdHdr += 1; 107 | break; 108 | } 109 | *mdHdr = 0; 110 | mdHdr++; 111 | } 112 | } 113 | } 114 | else //Flat 115 | { 116 | //VirtualProtect(ptr - 16, 8, 0x40, out old); 117 | //*(uint*)(ptr - 12) = 0; 118 | uint mdDir = *(uint*)(ptr - 16); 119 | //*(uint*)(ptr - 16) = 0; 120 | uint importDir = *(uint*)(ptr - 0x78); 121 | 122 | var vAdrs = new uint[sectNum]; 123 | var vSizes = new uint[sectNum]; 124 | var rAdrs = new uint[sectNum]; 125 | for (int i = 0; i < sectNum; i++) 126 | { 127 | VirtualProtect(ptr, 8, 0x40, out old); 128 | Marshal.Copy(new byte[8], 0, (IntPtr)ptr, 8); 129 | vAdrs[i] = *(uint*)(ptr + 12); 130 | vSizes[i] = *(uint*)(ptr + 8); 131 | rAdrs[i] = *(uint*)(ptr + 20); 132 | ptr += 0x28; 133 | } 134 | 135 | 136 | if (importDir != 0) 137 | { 138 | for (int i = 0; i < sectNum; i++) 139 | if (vAdrs[i] <= importDir && importDir < vAdrs[i] + vSizes[i]) 140 | { 141 | importDir = importDir - vAdrs[i] + rAdrs[i]; 142 | break; 143 | } 144 | byte* importDirPtr = bas + importDir; 145 | uint oftMod = *(uint*)importDirPtr; 146 | for (int i = 0; i < sectNum; i++) 147 | if (vAdrs[i] <= oftMod && oftMod < vAdrs[i] + vSizes[i]) 148 | { 149 | oftMod = oftMod - vAdrs[i] + rAdrs[i]; 150 | break; 151 | } 152 | byte* oftModPtr = bas + oftMod; 153 | uint modName = *(uint*)(importDirPtr + 12); 154 | for (int i = 0; i < sectNum; i++) 155 | if (vAdrs[i] <= modName && modName < vAdrs[i] + vSizes[i]) 156 | { 157 | modName = modName - vAdrs[i] + rAdrs[i]; 158 | break; 159 | } 160 | uint funcName = *(uint*)oftModPtr + 2; 161 | for (int i = 0; i < sectNum; i++) 162 | if (vAdrs[i] <= funcName && funcName < vAdrs[i] + vSizes[i]) 163 | { 164 | funcName = funcName - vAdrs[i] + rAdrs[i]; 165 | break; 166 | } 167 | VirtualProtect(bas + modName, 11, 0x40, out old); 168 | 169 | *(uint*)@new = 0x6c64746e; 170 | *((uint*)@new + 1) = 0x6c642e6c; 171 | *((ushort*)@new + 4) = 0x006c; 172 | *(@new + 10) = 0; 173 | 174 | for (int i = 0; i < 11; i++) 175 | *(bas + modName + i) = *(@new + i); 176 | 177 | VirtualProtect(bas + funcName, 11, 0x40, out old); 178 | 179 | *(uint*)@new = 0x6f43744e; 180 | *((uint*)@new + 1) = 0x6e69746e; 181 | *((ushort*)@new + 4) = 0x6575; 182 | *(@new + 10) = 0; 183 | 184 | for (int i = 0; i < 11; i++) 185 | *(bas + funcName + i) = *(@new + i); 186 | } 187 | 188 | 189 | for (int i = 0; i < sectNum; i++) 190 | if (vAdrs[i] <= mdDir && mdDir < vAdrs[i] + vSizes[i]) 191 | { 192 | mdDir = mdDir - vAdrs[i] + rAdrs[i]; 193 | break; 194 | } 195 | byte* mdDirPtr = bas + mdDir; 196 | VirtualProtect(mdDirPtr, 0x48, 0x40, out old); 197 | uint mdHdr = *(uint*)(mdDirPtr + 8); 198 | for (int i = 0; i < sectNum; i++) 199 | if (vAdrs[i] <= mdHdr && mdHdr < vAdrs[i] + vSizes[i]) 200 | { 201 | mdHdr = mdHdr - vAdrs[i] + rAdrs[i]; 202 | break; 203 | } 204 | *(uint*)mdDirPtr = 0; 205 | *((uint*)mdDirPtr + 1) = 0; 206 | *((uint*)mdDirPtr + 2) = 0; 207 | *((uint*)mdDirPtr + 3) = 0; 208 | 209 | 210 | byte* mdHdrPtr = bas + mdHdr; 211 | VirtualProtect(mdHdrPtr, 4, 0x40, out old); 212 | *(uint*)mdHdrPtr = 0; 213 | mdHdrPtr += 12; 214 | mdHdrPtr += *(uint*)mdHdrPtr; 215 | mdHdrPtr = (byte*)(((ulong)mdHdrPtr + 7) & ~3UL); 216 | mdHdrPtr += 2; 217 | ushort numOfStream = *mdHdrPtr; 218 | mdHdrPtr += 2; 219 | for (int i = 0; i < numOfStream; i++) 220 | { 221 | VirtualProtect(mdHdrPtr, 8, 0x40, out old); 222 | //*(uint*)mdHdrPtr = 0; 223 | mdHdrPtr += 4; 224 | //*(uint*)mdHdrPtr = 0; 225 | mdHdrPtr += 4; 226 | for (int ii = 0; ii < 8; ii++) 227 | { 228 | VirtualProtect(mdHdrPtr, 4, 0x40, out old); 229 | *mdHdrPtr = 0; 230 | mdHdrPtr++; 231 | if (*mdHdrPtr == 0) 232 | { 233 | mdHdrPtr += 3; 234 | break; 235 | } 236 | *mdHdrPtr = 0; 237 | mdHdrPtr++; 238 | if (*mdHdrPtr == 0) 239 | { 240 | mdHdrPtr += 2; 241 | break; 242 | } 243 | *mdHdrPtr = 0; 244 | mdHdrPtr++; 245 | if (*mdHdrPtr == 0) 246 | { 247 | mdHdrPtr += 1; 248 | break; 249 | } 250 | *mdHdrPtr = 0; 251 | mdHdrPtr++; 252 | } 253 | } 254 | } 255 | } 256 | } -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # CSharp-AntiDump 2 | Anti dump in C# 3 | 4 | I forgot who made it. Just found this on my old hard drive 5 | --------------------------------------------------------------------------------