├── Confuser_Methods_Decryptor.exe.config
├── Confuser_Methods_Decryptor.sln
└── Confuser_Methods_Decryptor
    ├── Confuser_Methods_Decryptor.csproj
    ├── MainForm.Designer.cs
    ├── MainForm.cs
    ├── MainForm.resx
    ├── Program.cs
    └── Properties
        └── AssemblyInfo.cs


/Confuser_Methods_Decryptor.exe.config:
--------------------------------------------------------------------------------
1 | <configuration>
2 |   <startup useLegacyV2RuntimeActivationPolicy="true">
3 |     <supportedRuntime version="v4.0"/>
4 |   </startup>
5 |   <runtime>         
6 |     <loadFromRemoteSources enabled="true"/>
7 |   </runtime> 
8 | </configuration>
9 | 


--------------------------------------------------------------------------------
/Confuser_Methods_Decryptor.sln:
--------------------------------------------------------------------------------
 1 | 
 2 | Microsoft Visual Studio Solution File, Format Version 10.00
 3 | # Visual Studio 2008
 4 | # SharpDevelop 3.2.1.6466
 5 | Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "Confuser_Methods_Decryptor", "Confuser_Methods_Decryptor\Confuser_Methods_Decryptor.csproj", "{13B4F697-9A2D-41EC-B6DF-DFF2C22868DC}"
 6 | EndProject
 7 | Global
 8 | 	GlobalSection(SolutionConfigurationPlatforms) = preSolution
 9 | 		Debug|x86 = Debug|x86
10 | 		Release|x86 = Release|x86
11 | 	EndGlobalSection
12 | 	GlobalSection(ProjectConfigurationPlatforms) = postSolution
13 | 		{13B4F697-9A2D-41EC-B6DF-DFF2C22868DC}.Debug|x86.Build.0 = Debug|x86
14 | 		{13B4F697-9A2D-41EC-B6DF-DFF2C22868DC}.Debug|x86.ActiveCfg = Debug|x86
15 | 		{13B4F697-9A2D-41EC-B6DF-DFF2C22868DC}.Release|x86.Build.0 = Release|x86
16 | 		{13B4F697-9A2D-41EC-B6DF-DFF2C22868DC}.Release|x86.ActiveCfg = Release|x86
17 | 	EndGlobalSection
18 | EndGlobal
19 | 


--------------------------------------------------------------------------------
/Confuser_Methods_Decryptor/Confuser_Methods_Decryptor.csproj:
--------------------------------------------------------------------------------
 1 | <Project ToolsVersion="3.5" DefaultTargets="Build" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
 2 |   <PropertyGroup>
 3 |     <ProjectGuid>{13B4F697-9A2D-41EC-B6DF-DFF2C22868DC}</ProjectGuid>
 4 |     <Configuration Condition=" '$(Configuration)' == '' ">Debug</Configuration>
 5 |     <Platform Condition=" '$(Platform)' == '' ">x86</Platform>
 6 |     <OutputType>WinExe</OutputType>
 7 |     <RootNamespace>Confuser_Methods_Decryptor</RootNamespace>
 8 |     <AssemblyName>Confuser_Methods_Decryptor</AssemblyName>
 9 |     <TargetFrameworkVersion>v2.0</TargetFrameworkVersion>
10 |     <AppDesignerFolder>Properties</AppDesignerFolder>
11 |     <SourceAnalysisOverrideSettingsFile>C:\Documents and Settings\Mihai\Application Data\ICSharpCode/SharpDevelop3.0\Settings.SourceAnalysis</SourceAnalysisOverrideSettingsFile>
12 |     <AllowUnsafeBlocks>True</AllowUnsafeBlocks>
13 |     <NoStdLib>False</NoStdLib>
14 |     <WarningLevel>4</WarningLevel>
15 |     <TreatWarningsAsErrors>false</TreatWarningsAsErrors>
16 |   </PropertyGroup>
17 |   <PropertyGroup Condition=" '$(Platform)' == 'x86' ">
18 |     <PlatformTarget>x86</PlatformTarget>
19 |     <RegisterForComInterop>False</RegisterForComInterop>
20 |     <GenerateSerializationAssemblies>Auto</GenerateSerializationAssemblies>
21 |     <BaseAddress>4194304</BaseAddress>
22 |     <FileAlignment>4096</FileAlignment>
23 |   </PropertyGroup>
24 |   <PropertyGroup Condition=" '$(Configuration)' == 'Debug' ">
25 |     <OutputPath>bin\Debug\</OutputPath>
26 |     <DebugSymbols>true</DebugSymbols>
27 |     <DebugType>Full</DebugType>
28 |     <Optimize>False</Optimize>
29 |     <CheckForOverflowUnderflow>False</CheckForOverflowUnderflow>
30 |     <DefineConstants>DEBUG;TRACE</DefineConstants>
31 |   </PropertyGroup>
32 |   <PropertyGroup Condition=" '$(Configuration)' == 'Release' ">
33 |     <OutputPath>bin\Release\</OutputPath>
34 |     <DebugSymbols>False</DebugSymbols>
35 |     <DebugType>None</DebugType>
36 |     <Optimize>True</Optimize>
37 |     <CheckForOverflowUnderflow>False</CheckForOverflowUnderflow>
38 |     <DefineConstants>TRACE</DefineConstants>
39 |   </PropertyGroup>
40 |   <Import Project="$(MSBuildBinPath)\Microsoft.CSharp.Targets" />
41 |   <ItemGroup>
42 |     <Reference Include="System" />
43 |     <Reference Include="System.Data" />
44 |     <Reference Include="System.Drawing" />
45 |     <Reference Include="System.Windows.Forms" />
46 |     <Reference Include="System.Xml" />
47 |   </ItemGroup>
48 |   <ItemGroup>
49 |     <Compile Include="MainForm.cs" />
50 |     <Compile Include="MainForm.Designer.cs">
51 |       <DependentUpon>MainForm.cs</DependentUpon>
52 |     </Compile>
53 |     <Compile Include="Program.cs" />
54 |     <Compile Include="Properties\AssemblyInfo.cs" />
55 |     <EmbeddedResource Include="MainForm.resx">
56 |       <DependentUpon>MainForm.cs</DependentUpon>
57 |     </EmbeddedResource>
58 |   </ItemGroup>
59 | </Project>


--------------------------------------------------------------------------------
/Confuser_Methods_Decryptor/MainForm.Designer.cs:
--------------------------------------------------------------------------------
  1 | /*
  2 |  * Created by SharpDevelop.
  3 |  * User: Bogdan
  4 |  * Date: 29.12.2012
  5 |  * Time: 18:25
  6 |  * 
  7 |  * To change this template use Tools | Options | Coding | Edit Standard Headers.
  8 |  */
  9 | namespace Confuser_Methods_Decryptor
 10 | {
 11 | 	partial class MainForm
 12 | 	{
 13 | 		/// <summary>
 14 | 		/// Designer variable used to keep track of non-visual components.
 15 | 		/// </summary>
 16 | 		private System.ComponentModel.IContainer components = null;
 17 | 		
 18 | 		/// <summary>
 19 | 		/// Disposes resources used by the form.
 20 | 		/// </summary>
 21 | 		/// <param name="disposing">true if managed resources should be disposed; otherwise, false.</param>
 22 | 		protected override void Dispose(bool disposing)
 23 | 		{
 24 | 			if (disposing) {
 25 | 				if (components != null) {
 26 | 					components.Dispose();
 27 | 				}
 28 | 			}
 29 | 			base.Dispose(disposing);
 30 | 		}
 31 | 		
 32 | 		/// <summary>
 33 | 		/// This method is required for Windows Forms designer support.
 34 | 		/// Do not change the method contents inside the source code editor. The Forms designer might
 35 | 		/// not be able to load this method if it was changed manually.
 36 | 		/// </summary>
 37 | 		private void InitializeComponent()
 38 | 		{
 39 | 			this.textBox1 = new System.Windows.Forms.TextBox();
 40 | 			this.label1 = new System.Windows.Forms.Label();
 41 | 			this.button1 = new System.Windows.Forms.Button();
 42 | 			this.textBox2 = new System.Windows.Forms.TextBox();
 43 | 			this.label4 = new System.Windows.Forms.Label();
 44 | 			this.button3 = new System.Windows.Forms.Button();
 45 | 			this.button2 = new System.Windows.Forms.Button();
 46 | 			this.label2 = new System.Windows.Forms.Label();
 47 | 			this.label3 = new System.Windows.Forms.Label();
 48 | 			this.SuspendLayout();
 49 | 			// 
 50 | 			// textBox1
 51 | 			// 
 52 | 			this.textBox1.AllowDrop = true;
 53 | 			this.textBox1.Anchor = ((System.Windows.Forms.AnchorStyles)(((System.Windows.Forms.AnchorStyles.Top | System.Windows.Forms.AnchorStyles.Left) 
 54 | 									| System.Windows.Forms.AnchorStyles.Right)));
 55 | 			this.textBox1.Location = new System.Drawing.Point(42, 43);
 56 | 			this.textBox1.Name = "textBox1";
 57 | 			this.textBox1.Size = new System.Drawing.Size(589, 20);
 58 | 			this.textBox1.TabIndex = 21;
 59 | 			this.textBox1.DragDrop += new System.Windows.Forms.DragEventHandler(this.TextBox1DragDrop);
 60 | 			this.textBox1.DragEnter += new System.Windows.Forms.DragEventHandler(this.TextBox1DragEnter);
 61 | 			// 
 62 | 			// label1
 63 | 			// 
 64 | 			this.label1.BackColor = System.Drawing.Color.Transparent;
 65 | 			this.label1.ForeColor = System.Drawing.Color.Black;
 66 | 			this.label1.Location = new System.Drawing.Point(42, 25);
 67 | 			this.label1.Name = "label1";
 68 | 			this.label1.Size = new System.Drawing.Size(100, 14);
 69 | 			this.label1.TabIndex = 20;
 70 | 			this.label1.Text = "Name of assembly:";
 71 | 			// 
 72 | 			// button1
 73 | 			// 
 74 | 			this.button1.Location = new System.Drawing.Point(7, 42);
 75 | 			this.button1.Name = "button1";
 76 | 			this.button1.Size = new System.Drawing.Size(29, 20);
 77 | 			this.button1.TabIndex = 19;
 78 | 			this.button1.Text = "...";
 79 | 			this.button1.UseVisualStyleBackColor = true;
 80 | 			this.button1.Click += new System.EventHandler(this.Button1Click);
 81 | 			// 
 82 | 			// textBox2
 83 | 			// 
 84 | 			this.textBox2.AllowDrop = true;
 85 | 			this.textBox2.Anchor = ((System.Windows.Forms.AnchorStyles)(((System.Windows.Forms.AnchorStyles.Top | System.Windows.Forms.AnchorStyles.Left) 
 86 | 									| System.Windows.Forms.AnchorStyles.Right)));
 87 | 			this.textBox2.Location = new System.Drawing.Point(42, 82);
 88 | 			this.textBox2.Name = "textBox2";
 89 | 			this.textBox2.Size = new System.Drawing.Size(589, 20);
 90 | 			this.textBox2.TabIndex = 37;
 91 | 			this.textBox2.DragDrop += new System.Windows.Forms.DragEventHandler(this.TextBox2DragDrop);
 92 | 			this.textBox2.DragEnter += new System.Windows.Forms.DragEventHandler(this.TextBox2DragEnter);
 93 | 			// 
 94 | 			// label4
 95 | 			// 
 96 | 			this.label4.BackColor = System.Drawing.Color.Transparent;
 97 | 			this.label4.ForeColor = System.Drawing.Color.Black;
 98 | 			this.label4.Location = new System.Drawing.Point(42, 65);
 99 | 			this.label4.Name = "label4";
100 | 			this.label4.Size = new System.Drawing.Size(100, 14);
101 | 			this.label4.TabIndex = 36;
102 | 			this.label4.Text = "Additional module:";
103 | 			// 
104 | 			// button3
105 | 			// 
106 | 			this.button3.Location = new System.Drawing.Point(7, 82);
107 | 			this.button3.Name = "button3";
108 | 			this.button3.Size = new System.Drawing.Size(29, 20);
109 | 			this.button3.TabIndex = 35;
110 | 			this.button3.Text = "...";
111 | 			this.button3.UseVisualStyleBackColor = true;
112 | 			this.button3.Click += new System.EventHandler(this.Button3Click);
113 | 			// 
114 | 			// button2
115 | 			// 
116 | 			this.button2.Location = new System.Drawing.Point(42, 144);
117 | 			this.button2.Name = "button2";
118 | 			this.button2.Size = new System.Drawing.Size(75, 23);
119 | 			this.button2.TabIndex = 38;
120 | 			this.button2.Text = "Decrypt";
121 | 			this.button2.UseVisualStyleBackColor = true;
122 | 			this.button2.Click += new System.EventHandler(this.Button2Click);
123 | 			// 
124 | 			// label2
125 | 			// 
126 | 			this.label2.Location = new System.Drawing.Point(42, 105);
127 | 			this.label2.Name = "label2";
128 | 			this.label2.Size = new System.Drawing.Size(100, 14);
129 | 			this.label2.TabIndex = 39;
130 | 			this.label2.Text = "Status:";
131 | 			// 
132 | 			// label3
133 | 			// 
134 | 			this.label3.Location = new System.Drawing.Point(42, 119);
135 | 			this.label3.Name = "label3";
136 | 			this.label3.Size = new System.Drawing.Size(589, 22);
137 | 			this.label3.TabIndex = 40;
138 | 			// 
139 | 			// MainForm
140 | 			// 
141 | 			this.AutoScaleDimensions = new System.Drawing.SizeF(6F, 13F);
142 | 			this.AutoScaleMode = System.Windows.Forms.AutoScaleMode.Font;
143 | 			this.ClientSize = new System.Drawing.Size(668, 192);
144 | 			this.Controls.Add(this.label3);
145 | 			this.Controls.Add(this.label2);
146 | 			this.Controls.Add(this.button2);
147 | 			this.Controls.Add(this.textBox2);
148 | 			this.Controls.Add(this.label4);
149 | 			this.Controls.Add(this.button3);
150 | 			this.Controls.Add(this.textBox1);
151 | 			this.Controls.Add(this.label1);
152 | 			this.Controls.Add(this.button1);
153 | 			this.Name = "MainForm";
154 | 			this.Text = "Confuser Methods Decryptor 1.0 by CodeCracker / SnD";
155 | 			this.ResumeLayout(false);
156 | 			this.PerformLayout();
157 | 		}
158 | 		public System.Windows.Forms.TextBox textBox2;
159 | 		private System.Windows.Forms.Label label3;
160 | 		private System.Windows.Forms.Label label2;
161 | 		private System.Windows.Forms.Button button2;
162 | 		private System.Windows.Forms.Button button3;
163 | 		private System.Windows.Forms.Label label4;
164 | 		private System.Windows.Forms.Button button1;
165 | 		private System.Windows.Forms.Label label1;
166 | 		public System.Windows.Forms.TextBox textBox1;
167 | 		
168 | 
169 | 	}
170 | }
171 | 


--------------------------------------------------------------------------------
/Confuser_Methods_Decryptor/MainForm.cs:
--------------------------------------------------------------------------------
   1 | /*
   2 |  * Created by SharpDevelop.
   3 |  * User: Bogdan
   4 |  * Date: 29.12.2012
   5 |  * Time: 18:25
   6 |  * 
   7 |  * To change this template use Tools | Options | Coding | Edit Standard Headers.
   8 |  */
   9 | using System;
  10 | using System.Collections.Generic;
  11 | using System.Drawing;
  12 | using System.Windows.Forms;
  13 | using System.IO;
  14 | using System.Runtime.InteropServices;
  15 | using System.Reflection;
  16 | 
  17 | namespace Confuser_Methods_Decryptor
  18 | {
  19 | 	/// <summary>
  20 | 	/// Description of MainForm.
  21 | 	/// </summary>
  22 | 	public partial class MainForm : Form
  23 | 	{
  24 | 		public MainForm()
  25 | 		{
  26 | 			//
  27 | 			// The InitializeComponent() call is required for Windows Forms designer support.
  28 | 			//
  29 | 			InitializeComponent();
  30 | 			
  31 | 			//
  32 | 			// TODO: Add constructor code after the InitializeComponent() call.
  33 | 			//
  34 | 		}
  35 | 		
  36 | 		public string DirectoryName = "";
  37 | 		void Button1Click(object sender, EventArgs e)
  38 | 		{
  39 | 		label3.Text="";
  40 | 		OpenFileDialog fdlg = new OpenFileDialog();
  41 | 		fdlg.Title = "Browse for target assembly";
  42 | 		fdlg.InitialDirectory = @"c:\";
  43 | 		if (DirectoryName!="") fdlg.InitialDirectory = DirectoryName;
  44 | 		fdlg.Filter = "Executable files (*.exe,*.dll)|*.exe;*.dll";
  45 | 		fdlg.FilterIndex = 2;
  46 | 		fdlg.RestoreDirectory = true;
  47 | 		if(fdlg.ShowDialog() == DialogResult.OK)
  48 | 		{
  49 | 		string FileName = fdlg.FileName;
  50 | 		textBox1.Text = FileName;
  51 | 		int lastslash = FileName.LastIndexOf("\\");
  52 | 		if (lastslash!=-1) DirectoryName = FileName.Remove(lastslash,FileName.Length-lastslash);
  53 |         if (DirectoryName.Length==2) DirectoryName=DirectoryName+"\\";
  54 | 		}
  55 | 		}
  56 | 		
  57 | 		void Button3Click(object sender, EventArgs e)
  58 | 		{
  59 | 		label3.Text="";
  60 | 		OpenFileDialog fdlg = new OpenFileDialog();
  61 | 		fdlg.Title = "Browse for module";
  62 | 		fdlg.InitialDirectory = @"c:\";
  63 | 		if (DirectoryName!="") fdlg.InitialDirectory = DirectoryName;
  64 | 		fdlg.Filter = "Net module file (*.netmodule)|*.netmodule";
  65 | 		fdlg.FilterIndex = 2;
  66 | 		fdlg.RestoreDirectory = true;
  67 | 		if(fdlg.ShowDialog() == DialogResult.OK)
  68 | 		{
  69 | 		string FileName = fdlg.FileName;
  70 | 		textBox2.Text = FileName;
  71 | 		int lastslash = FileName.LastIndexOf("\\");
  72 | 		if (lastslash!=-1) DirectoryName = FileName.Remove(lastslash,FileName.Length-lastslash);
  73 |         if (DirectoryName.Length==2) DirectoryName=DirectoryName+"\\";
  74 | 		}
  75 | 		}
  76 | 		
  77 | 		void TextBox1DragEnter(object sender, DragEventArgs e)
  78 | 		{
  79 | 		if (e.Data.GetDataPresent(DataFormats.FileDrop))
  80 |         e.Effect = DragDropEffects.Copy;
  81 |     	else
  82 |     	e.Effect = DragDropEffects.None;
  83 | 		}
  84 | 		
  85 | 		void TextBox2DragEnter(object sender, DragEventArgs e)
  86 | 		{
  87 | 		if (e.Data.GetDataPresent(DataFormats.FileDrop))
  88 |         e.Effect = DragDropEffects.Copy;
  89 |     	else
  90 |     	e.Effect = DragDropEffects.None;
  91 | 		}
  92 | 		
  93 | 		void TextBox1DragDrop(object sender, System.Windows.Forms.DragEventArgs e)
  94 | 		{
  95 | 		try
  96 |         {
  97 |         Array a = (Array) e.Data.GetData(DataFormats.FileDrop);
  98 |         if(a != null)
  99 |         {
 100 |         string s = a.GetValue(0).ToString();
 101 |         int lastoffsetpoint = s.LastIndexOf(".");
 102 |         if (lastoffsetpoint != -1)
 103 |         {
 104 |         string Extension = s.Substring(lastoffsetpoint);
 105 |         Extension=Extension.ToLower();
 106 |         if (Extension == ".exe"||Extension == ".dll")
 107 |         {
 108 |         this.Activate();
 109 |         textBox1.Text = s;
 110 |         int lastslash = s.LastIndexOf("\\");
 111 |         if (lastslash!=-1) DirectoryName = s.Remove(lastslash,s.Length-lastslash);
 112 |         if (DirectoryName.Length==2) DirectoryName=DirectoryName+"\\";
 113 |         }
 114 |         }
 115 |         }
 116 |         }
 117 |         catch
 118 |         {
 119 | 
 120 |         }
 121 | 		}
 122 | 		
 123 | 		void TextBox2DragDrop(object sender, DragEventArgs e)
 124 | 		{
 125 | 		try
 126 |         {
 127 |         Array a = (Array) e.Data.GetData(DataFormats.FileDrop);
 128 |         if(a != null)
 129 |         {
 130 |         string s = a.GetValue(0).ToString();
 131 |         int lastoffsetpoint = s.LastIndexOf(".");
 132 |         if (lastoffsetpoint != -1)
 133 |         {
 134 |         string Extension = s.Substring(lastoffsetpoint);
 135 |         Extension=Extension.ToLower();
 136 |         if (Extension == ".netmodule")
 137 |         {
 138 |         this.Activate();
 139 |         textBox2.Text = s;
 140 |         int lastslash = s.LastIndexOf("\\");
 141 |         if (lastslash!=-1) DirectoryName = s.Remove(lastslash,s.Length-lastslash);
 142 |         if (DirectoryName.Length==2) DirectoryName=DirectoryName+"\\";
 143 |         }
 144 |         }
 145 |         }
 146 |         }
 147 |         catch
 148 |         {
 149 | 
 150 |         }
 151 | 		}
 152 | 		
 153 | 		const byte CorILMethod_TinyFormat = 0x02;
 154 | 		const byte CorILMethod_FatFormat = 0x03;
 155 | 
 156 | [DllImport("kernel32.dll")]
 157 | public static extern Boolean AllocConsole();
 158 | [DllImport("kernel32.dll")]
 159 | public static extern Boolean FreeConsole();
 160 | public static Boolean isConsoleon;
 161 | 
 162 | 		void Button2Click(object sender, EventArgs e)
 163 | 		{
 164 | 		string inputfile = textBox1.Text;
 165 | 		string modulename = textBox2.Text;
 166 | 		Module mainmodule = null;
 167 | 		Assembly assembly=null;
 168 | 		bool isModule = false;
 169 | 		try
 170 | 		{
 171 | 
 172 | AssemblyName an = AssemblyName.GetAssemblyName(inputfile);
 173 | assembly = Assembly.Load(an);
 174 | mainmodule = assembly.ManifestModule;
 175 | if (File.Exists(modulename))
 176 | {
 177 | byte[] bytes = File.ReadAllBytes(modulename);
 178 | string modname = Path.GetFileName(modulename);
 179 | mainmodule = assembly.LoadModule(modname,bytes);
 180 | isModule = true;
 181 | }
 182 | 		}
 183 |   		catch (Exception loadexception)
 184 | 		{
 185 |   		label3.ForeColor = Color.Red;
 186 |   		label3.Text = loadexception.ToString();
 187 |   		return;
 188 | 		}
 189 | 
 190 | if (File.Exists(modulename))
 191 | {
 192 | inputfile = modulename;
 193 | }
 194 | 
 195 | 		MetadataReader mr = new MetadataReader();
 196 | 		FileStream input = null;
 197 | 		BinaryReader reader = null;
 198 | 		MethodBase ep = null;
 199 | 		bool isConsoleon = false;
 200 | 
 201 | if (File.Exists(inputfile))
 202 | {
 203 | input = new FileStream(inputfile, FileMode.Open, System.IO.FileAccess.Read, FileShare.ReadWrite);
 204 | reader = new BinaryReader(input);
 205 | if (mr.Intialize(reader))
 206 | {
 207 | if (mr.netdir.EntryPointToken!=0&&
 208 | (mr.netdir.EntryPointToken&0x0FF000000)==0x06000000)
 209 | {
 210 | int internalEntryPointToken = mr.netdir.EntryPointToken&0x0FFFFFF;
 211 | if (internalEntryPointToken>0&&internalEntryPointToken<=mr.TableLengths[6])
 212 | {
 213 | try
 214 | { // ResolveMethod since on Framework 4.0 System.Reflection.Assembly.EntryPoint()
 215 |   // throw new NotImplementedException();
 216 | ep = mainmodule.ResolveMethod(mr.netdir.EntryPointToken);
 217 | }
 218 | catch
 219 | {
 220 | }
 221 | }
 222 | if (ep!=null&&mr.inh.ioh.Subsystem==03)
 223 | {
 224 | try
 225 | {
 226 | 
 227 | isConsoleon = AllocConsole();
 228 | }
 229 | catch
 230 | {
 231 | }
 232 | }
 233 | // Invoke the entry point (changed to ret) for initing the protector!
 234 | if (ep!=null)//
 235 | {
 236 | // string[] args -> new string[]{null}
 237 | object[] parametersers = new object[] { };  // no parameters
 238 | 
 239 | try
 240 | {
 241 | if (ep.GetParameters().Length > 0)
 242 | {
 243 | if (ep.GetParameters()[0].ParameterType != typeof(string[]))
 244 | parametersers = new string[]{null};
 245 | else
 246 | parametersers = new object[] {null};;
 247 | }
 248 | }
 249 | catch
 250 | {
 251 | }
 252 | 
 253 | 
 254 | try
 255 | {
 256 | if (ep.IsStatic)
 257 | {
 258 | ep.Invoke(null, parametersers);
 259 | }
 260 | else
 261 | {
 262 | object obj = Activator.CreateInstance(ep.DeclaringType);
 263 | ep.Invoke(obj, parametersers);
 264 | }
 265 | }
 266 | catch
 267 | {
 268 | 
 269 | }
 270 | }
 271 | if (isConsoleon)
 272 | {
 273 | 
 274 | try
 275 | {
 276 | FreeConsole();
 277 | }
 278 | catch
 279 | {
 280 | }
 281 | 
 282 | }
 283 | }
 284 | }
 285 | reader.Close();
 286 | input.Close();
 287 | }
 288 | 
 289 | 
 290 |   		byte[] filebytes = File.ReadAllBytes(inputfile);
 291 | 		input = new FileStream(inputfile, FileMode.Open, System.IO.FileAccess.Read, FileShare.ReadWrite);
 292 | 		reader = new BinaryReader(input);
 293 | 		mr = new MetadataReader();
 294 | 		if (mr.Intialize(reader))
 295 | 		{
 296 | long MethodPosition = mr.TablesOffset;
 297 | for (int g=0;g<06;g++)
 298 | MethodPosition = MethodPosition+mr.tablesize[g].TotalSize*mr.TableLengths[g];
 299 | 
 300 | IntPtr hinstance = Marshal.GetHINSTANCE(mainmodule);
 301 | for (int i = 0; i < mr.TableLengths[06]; i++)
 302 | {
 303 | reader.BaseStream.Position=(long)MethodPosition + mr.tablesize[06].TotalSize*i;
 304 | int methodRVA = reader.ReadInt32();
 305 | if (methodRVA<=0)
 306 | continue;
 307 | 
 308 | int methodsoffset = mr.Rva2Offset(methodRVA);
 309 | if (methodsoffset<=0)
 310 | continue;
 311 | 
 312 | byte Flag = 0;
 313 | if (isModule)
 314 | Flag = (byte)(Marshal.ReadByte(hinstance,methodsoffset)&255);
 315 | else
 316 | Flag = (byte)(Marshal.ReadByte(hinstance,methodRVA)&255);
 317 | int codesize=0;
 318 | 
 319 | 		if (( Flag & 3)==CorILMethod_FatFormat)
 320 | 		{
 321 | 		if (isModule)
 322 | 		codesize = Marshal.ReadInt32(hinstance,methodsoffset+4);
 323 | 		else
 324 | 		codesize = Marshal.ReadInt32(hinstance,methodRVA+4);
 325 | 		codesize = codesize+12;
 326 | 
 327 | 		}
 328 | 		else if (( Flag & 3)==CorILMethod_TinyFormat)
 329 | 		{
 330 | 		codesize=Flag>>2;
 331 | 		codesize = codesize+1;
 332 | 		}
 333 | 		
 334 | 		
 335 | 		try
 336 | 		{
 337 | 		byte[]methodbody = new byte[codesize];
 338 | 		for (int j=0;j<methodbody.Length;j++)
 339 | 		{
 340 | 		if (isModule)
 341 | 		methodbody[j]=Marshal.ReadByte(hinstance,methodsoffset+j);
 342 | 		else
 343 | 		methodbody[j]=Marshal.ReadByte(hinstance,methodRVA+j);
 344 | 		}
 345 | 		Array.Copy(methodbody,0,filebytes,methodsoffset,methodbody.Length);
 346 | 		}
 347 | 		catch (Exception ecx)
 348 | 		{
 349 | 		MessageBox.Show(ecx.ToString());
 350 | 
 351 | 		}
 352 | 
 353 | 				
 354 | 		}
 355 | 		
 356 | string directoryname = Path.GetDirectoryName(inputfile);
 357 | if (!directoryname.EndsWith("\\")) directoryname=directoryname+"\\";
 358 | string newFile = directoryname+Path.GetFileNameWithoutExtension(inputfile)+"_decryptedmethods"+Path.GetExtension(inputfile);
 359 | 	
 360 | 		File.WriteAllBytes(newFile,filebytes);
 361 | 		label3.ForeColor = Color.Blue;
 362 | 		label3.Text = "Saved on:"+newFile;
 363 | 		}
 364 | 		reader.Close();
 365 | 		input.Close();
 366 | 		
 367 | 		}
 368 | 	}
 369 | 	
 370 | 	public class MetadataReader
 371 | 	{
 372 | 	
 373 | 	public enum Types
 374 | 	{
 375 | 		//Tables
 376 | 		Module = 0,
 377 | 		TypeRef = 1,
 378 | 		TypeDef = 2,
 379 | 		FieldPtr = 3, 
 380 | 		Field = 4,
 381 | 		MethodPtr = 5,
 382 | 		Method = 6,
 383 | 		ParamPtr = 7, 
 384 | 		Param = 8,
 385 | 		InterfaceImpl = 9,
 386 | 		MemberRef = 10,
 387 | 		Constant = 11, 
 388 | 		CustomAttribute = 12,
 389 | 		FieldMarshal = 13,
 390 | 		Permission = 14,
 391 | 		ClassLayout = 15, 
 392 | 		FieldLayout = 16,
 393 | 		StandAloneSig = 17,
 394 | 		EventMap = 18,
 395 | 		EventPtr = 19, 
 396 | 		Event = 20,
 397 | 		PropertyMap = 21,
 398 | 		PropertyPtr = 22,
 399 | 		Property = 23, 
 400 | 		MethodSemantics = 24,
 401 | 		MethodImpl = 25,
 402 | 		ModuleRef = 26,
 403 | 		TypeSpec = 27, 
 404 | 		ImplMap = 28, //lidin book is wrong again here?  It has enclog at 28
 405 | 		FieldRVA = 29,
 406 | 		ENCLog = 30,
 407 | 		ENCMap = 31, 
 408 | 		Assembly = 32,
 409 | 		AssemblyProcessor= 33,
 410 | 		AssemblyOS = 34,
 411 | 		AssemblyRef = 35, 
 412 | 		AssemblyRefProcessor = 36,
 413 | 		AssemblyRefOS = 37,
 414 | 		File = 38,
 415 | 		ExportedType = 39, 
 416 | 		ManifestResource = 40,
 417 | 		NestedClass = 41,
 418 | 		TypeTyPar = 42,
 419 | 		MethodTyPar = 43,
 420 | 
 421 | 		//Coded Token Types
 422 | 		TypeDefOrRef = 64,
 423 | 		HasConstant = 65,
 424 | 		CustomAttributeType = 66,
 425 | 		HasSemantic = 67,
 426 | 		ResolutionScope = 68,
 427 | 		HasFieldMarshal = 69,
 428 | 		HasDeclSecurity = 70,
 429 | 		MemberRefParent = 71,
 430 | 		MethodDefOrRef = 72,
 431 | 		MemberForwarded = 73,
 432 | 		Implementation = 74,
 433 | 		HasCustomAttribute = 75,
 434 | 
 435 | 		//Simple
 436 | 		UInt16 = 97,
 437 | 		UInt32 = 99,
 438 | 		String = 101,
 439 | 		Blob = 102,
 440 | 		Guid = 103,
 441 | 		UserString = 112
 442 | 	}
 443 | 	
 444 | 	
 445 | unsafe public struct IMAGE_DOS_HEADER
 446 | {
 447 |      public short e_magic;
 448 |      public short e_cblp;
 449 |      public short e_cp;
 450 |      public short e_crlc;
 451 |      public short e_cparhdr;
 452 |      public short e_minalloc;
 453 |      public short e_maxalloc;
 454 |      public short e_ss;
 455 |      public short e_sp;
 456 |      public short e_csum;
 457 |      public short e_ip;
 458 |      public short e_cs;
 459 |      public short e_lfarlc;
 460 |      public short e_ovno;
 461 |      fixed short e_res1[4];
 462 |      public short e_oeminfo;
 463 |      fixed short e_res2[10];
 464 |      public int e_lfanew;
 465 | }
 466 | 
 467 | unsafe public struct IMAGE_NT_HEADERS
 468 | {
 469 | public int Signature;
 470 | public IMAGE_FILE_HEADER ifh;
 471 | public IMAGE_OPTIONAL_HEADER ioh;
 472 | }
 473 | public struct IMAGE_DATA_DIRECTORY
 474 | {
 475 | public int RVA;
 476 | public int Size;
 477 | }
 478 | 
 479 | public struct IMAGE_FILE_HEADER
 480 | {
 481 |   public short  Machine;
 482 |   public short  NumberOfSections;
 483 |   public int TimeDateStamp;
 484 |   public int PointerToSymbolTable;
 485 |   public int NumberOfSymbols;
 486 |   public short  SizeOfOptionalHeader;
 487 |   public short  Characteristics;
 488 | }
 489 | 
 490 | unsafe public struct IMAGE_OPTIONAL_HEADER
 491 | {
 492 |   public short     Magic;
 493 |   public byte      MajorLinkerVersion;
 494 |   public byte      MinorLinkerVersion;
 495 |   public int       SizeOfCode;
 496 |   public int       SizeOfInitializedData;
 497 |   public int       SizeOfUninitializedData;
 498 |   public int       AddressOfEntryPoint;
 499 |   public int       BaseOfCode;
 500 |   public int       BaseOfData;
 501 |   public int       ImageBase;
 502 |   public int       SectionAlignment;
 503 |   public int       FileAlignment;
 504 |   public short     MajorOperatingSystemVersion;
 505 |   public short     MinorOperatingSystemVersion;
 506 |   public short     MajorImageVersion;
 507 |   public short     MinorImageVersion;
 508 |   public short     MajorSubsystemVersion;
 509 |   public short     MinorSubsystemVersion;
 510 |   public int       Win32VersionValue;
 511 |   public int       SizeOfImage;
 512 |   public int       SizeOfHeaders;
 513 |   public int       CheckSum;
 514 |   public short     Subsystem;
 515 |   public short     DllCharacteristics;
 516 |   public int       SizeOfStackReserve;
 517 |   public int       SizeOfStackCommit;
 518 |   public int       SizeOfHeapReserve;
 519 |   public int       SizeOfHeapCommit;
 520 |   public int       LoaderFlags;
 521 |   public int       NumberOfRvaAndSizes;
 522 |   public IMAGE_DATA_DIRECTORY ExportDirectory;
 523 |   public IMAGE_DATA_DIRECTORY ImportDirectory;
 524 |   public IMAGE_DATA_DIRECTORY ResourceDirectory;
 525 |   public IMAGE_DATA_DIRECTORY ExceptionDirectory;
 526 |   public IMAGE_DATA_DIRECTORY SecurityDirectory;
 527 |   public IMAGE_DATA_DIRECTORY RelocationDirectory;
 528 |   public IMAGE_DATA_DIRECTORY DebugDirectory;
 529 |   public IMAGE_DATA_DIRECTORY ArchitectureDirectory;
 530 |   public IMAGE_DATA_DIRECTORY Reserved;
 531 |   public IMAGE_DATA_DIRECTORY TLSDirectory;
 532 |   public IMAGE_DATA_DIRECTORY ConfigurationDirectory;
 533 |   public IMAGE_DATA_DIRECTORY BoundImportDirectory;
 534 |   public IMAGE_DATA_DIRECTORY ImportAddressTableDirectory;
 535 |   public IMAGE_DATA_DIRECTORY DelayImportDirectory;
 536 |   public IMAGE_DATA_DIRECTORY MetaDataDirectory;
 537 | }
 538 | 
 539 | public unsafe struct image_section_header
 540 | {
 541 |   public fixed byte name[8];
 542 |   public int  virtual_size;
 543 |   public int  virtual_address;
 544 |   public int  size_of_raw_data;
 545 |   public int  pointer_to_raw_data;
 546 |   public int  pointer_to_relocations;
 547 |   public int  pointer_to_linenumbers;
 548 |   public short number_of_relocations;
 549 |   public short number_of_linenumbers;
 550 |   public int  characteristics;
 551 | };
 552 | 
 553 | public struct NETDirectory
 554 | {
 555 | public int cb;
 556 | public short MajorRuntimeVersion;
 557 | public short MinorRuntimeVersion;
 558 | public int MetaDataRVA;
 559 | public int MetaDataSize;
 560 | public int Flags;
 561 | public int EntryPointToken;
 562 | public int ResourceRVA;
 563 | public int ResourceSize;
 564 | public int StrongNameSignatureRVA;
 565 | public int StrongNameSignatureSize;
 566 | public int CodeManagerTableRVA;
 567 | public int CodeManagerTableSize;
 568 | public int VTableFixupsRVA;
 569 | public int VTableFixupsSize;
 570 | public int ExportAddressTableJumpsRVA;
 571 | public int ExportAddressTableJumpsSize;
 572 | public int ManagedNativeHeaderRVA;
 573 | public int ManagedNativeHeaderSize;
 574 | }
 575 | 
 576 | unsafe public struct MetaDataHeader
 577 | {
 578 | public int Signature;
 579 | public short MajorVersion;
 580 | public short MinorVersion;
 581 | public int Reserved;
 582 | public int VerionLenght;
 583 | public byte[] VersionString;
 584 | public short Flags;
 585 | public short NumberOfStreams;
 586 | }
 587 | 
 588 | unsafe public struct TableHeader
 589 | {
 590 | public int Reserved_1;
 591 | public byte MajorVersion;
 592 | public byte MinorVersion;
 593 | public byte HeapOffsetSizes;
 594 | public byte Reserved_2;
 595 | public long MaskValid;
 596 | public long MaskSorted;
 597 | }
 598 | 
 599 | public struct MetaDataStream
 600 | {
 601 | public int Offset;
 602 | public int Size;
 603 | public string Name;
 604 | }
 605 | 
 606 | public struct TableInfo
 607 | {
 608 | public string Name;
 609 | public string[] names;
 610 | public Types type;
 611 | public Types[] ctypes;
 612 | }
 613 | 
 614 | public struct RefTableInfo
 615 | {
 616 | public Types type;
 617 | public Types[] reftypes;
 618 | public int[] refindex;
 619 | }
 620 | 
 621 | public struct TableSize
 622 | {
 623 | public int TotalSize;
 624 | public int[] Sizes;
 625 | }
 626 | 
 627 | public struct Table
 628 | {
 629 | public long[][] members;
 630 | }
 631 | 
 632 | 
 633 | 		public IMAGE_DOS_HEADER idh;
 634 | 		public IMAGE_NT_HEADERS inh;
 635 | 		public image_section_header[] sections;
 636 | 		public NETDirectory netdir;
 637 | 		public MetaDataHeader mh;
 638 | 		public MetaDataStream[] streams;
 639 | 		public MetaDataStream MetadataRoot;
 640 | 		public byte[] Strings;
 641 | 		public byte[] US;
 642 | 		public byte[] GUID;
 643 | 		public byte[] Blob;
 644 | 		public long TablesOffset;
 645 | 		public TableHeader tableheader;
 646 | 		public int[] TableLengths;
 647 | 		public TableInfo[] tablesinfo;
 648 | 		public RefTableInfo[] reftables;
 649 | 		public TableSize[] tablesize;
 650 | 		public int[] codedTokenBits;
 651 | 		public long BlobOffset;
 652 | 		public long StringOffset;
 653 | 		
 654 | 		public void InitTablesInfo()
 655 | 		{
 656 | tablesinfo = new TableInfo[0x2D];
 657 | tablesinfo[0].Name = "Module";
 658 | tablesinfo[0].names = new String[] { "Generation", "Name", "Mvid", "EncId", "EncBaseId" };
 659 | tablesinfo[0].type = Types.Module;
 660 | tablesinfo[0].ctypes = new Types[] { Types.UInt16, Types.String, Types.Guid, Types.Guid, Types.Guid };
 661 | tablesinfo[1].Name = "TypeRef";
 662 | tablesinfo[1].names = new String[] { "ResolutionScope", "Name", "Namespace" };
 663 | tablesinfo[1].type = Types.TypeRef;
 664 | tablesinfo[1].ctypes = new Types[] { Types.ResolutionScope, Types.String, Types.String };
 665 | tablesinfo[2].Name = "TypeDef";
 666 | tablesinfo[2].names = new String[] { "Flags", "Name", "Namespace", "Extends", "FieldList", "MethodList" };
 667 | tablesinfo[2].type = Types.TypeDef;
 668 | tablesinfo[2].ctypes = new Types[] { Types.UInt32, Types.String, Types.String, Types.TypeDefOrRef, Types.Field, Types.Method };
 669 | tablesinfo[3].Name = "FieldPtr";
 670 | tablesinfo[3].names = new String[] { "Field" };
 671 | tablesinfo[3].type = Types.FieldPtr;
 672 | tablesinfo[3].ctypes = new Types[] { Types.Field };
 673 | tablesinfo[4].Name = "Field";
 674 | tablesinfo[4].names = new String[] { "Flags", "Name", "Signature" };
 675 | tablesinfo[4].type = Types.Field;
 676 | tablesinfo[4].ctypes = new Types[] { Types.UInt16, Types.String, Types.Blob };
 677 | tablesinfo[5].Name = "MethodPtr";
 678 | tablesinfo[5].names = new String[] { "Method"};
 679 | tablesinfo[5].type = Types.MethodPtr;
 680 | tablesinfo[5].ctypes = new Types[] { Types.Method };
 681 | tablesinfo[6].Name = "Method";
 682 | tablesinfo[6].names = new String[] { "RVA", "ImplFlags", "Flags", "Name", "Signature", "ParamList" };
 683 | tablesinfo[6].type = Types.Method;
 684 | tablesinfo[6].ctypes = new Types[] { Types.UInt32, Types.UInt16, Types.UInt16, Types.String, Types.Blob, Types.Param };
 685 | tablesinfo[7].Name = "ParamPtr";
 686 | tablesinfo[7].names = new String[] { "Param" };
 687 | tablesinfo[7].type = Types.ParamPtr;
 688 | tablesinfo[7].ctypes = new Types[] { Types.Param };
 689 | tablesinfo[8].Name = "Param";
 690 | tablesinfo[8].names = new String[] { "Flags", "Sequence", "Name" };
 691 | tablesinfo[8].type = Types.Param;
 692 | tablesinfo[8].ctypes = new Types[] { Types.UInt16, Types.UInt16, Types.String };
 693 | tablesinfo[9].Name = "InterfaceImpl";
 694 | tablesinfo[9].names = new String[] { "Class", "Interface" };
 695 | tablesinfo[9].type = Types.InterfaceImpl;
 696 | tablesinfo[9].ctypes = new Types[] { Types.TypeDef, Types.TypeDefOrRef };
 697 | tablesinfo[0x0A].Name = "MemberRef";
 698 | tablesinfo[0x0A].names = new String[] { "Class", "Name", "Signature" };
 699 | tablesinfo[0x0A].type = Types.MemberRef;
 700 | tablesinfo[0x0A].ctypes = new Types[] { Types.MemberRefParent, Types.String, Types.Blob };
 701 | tablesinfo[0x0B].Name = "Constant";
 702 | tablesinfo[0x0B].names = new String[] { "Type", "Parent", "Value" };
 703 | tablesinfo[0x0B].type = Types.Constant;
 704 | tablesinfo[0x0B].ctypes = new Types[] { Types.UInt16, Types.HasConstant, Types.Blob };
 705 | tablesinfo[0x0C].Name = "CustomAttribute";
 706 | tablesinfo[0x0C].names = new String[] { "Type", "Parent", "Value" };
 707 | tablesinfo[0x0C].type = Types.CustomAttribute;
 708 | tablesinfo[0x0C].ctypes = new Types[] { Types.HasCustomAttribute, Types.CustomAttributeType, Types.Blob };
 709 | tablesinfo[0x0D].Name = "FieldMarshal";
 710 | tablesinfo[0x0D].names = new String[] { "Parent", "Native" };
 711 | tablesinfo[0x0D].type = Types.FieldMarshal;
 712 | tablesinfo[0x0D].ctypes = new Types[] { Types.HasFieldMarshal, Types.Blob };
 713 | tablesinfo[0x0E].Name = "Permission";
 714 | tablesinfo[0x0E].names = new String[] { "Action", "Parent", "PermissionSet" };
 715 | tablesinfo[0x0E].type = Types.Permission;
 716 | tablesinfo[0x0E].ctypes = new Types[] { Types.UInt16, Types.HasDeclSecurity, Types.Blob };
 717 | tablesinfo[0x0F].Name = "ClassLayout";
 718 | tablesinfo[0x0F].names = new String[] { "PackingSize", "ClassSize", "Parent" };
 719 | tablesinfo[0x0F].type = Types.ClassLayout;
 720 | tablesinfo[0x0F].ctypes = new Types[] { Types.UInt16, Types.UInt32, Types.TypeDef };
 721 | tablesinfo[0x10].Name = "FieldLayout";
 722 | tablesinfo[0x10].names = new String[] { "Offset", "Field" };
 723 | tablesinfo[0x10].type = Types.FieldLayout;
 724 | tablesinfo[0x10].ctypes = new Types[] { Types.UInt32, Types.Field };
 725 | tablesinfo[0x11].Name = "StandAloneSig";
 726 | tablesinfo[0x11].names = new String[] { "Signature" };
 727 | tablesinfo[0x11].type = Types.StandAloneSig;
 728 | tablesinfo[0x11].ctypes = new Types[] { Types.Blob };
 729 | tablesinfo[0x12].Name = "EventMap";
 730 | tablesinfo[0x12].names = new String[] { "Parent", "EventList" };
 731 | tablesinfo[0x12].type = Types.EventMap;
 732 | tablesinfo[0x12].ctypes = new Types[] { Types.TypeDef, Types.Event };
 733 | tablesinfo[0x13].Name = "EventPtr";
 734 | tablesinfo[0x13].names = new String[] { "Event" };
 735 | tablesinfo[0x13].type = Types.EventPtr;
 736 | tablesinfo[0x13].ctypes = new Types[] { Types.Event };
 737 | tablesinfo[0x14].Name = "Event";
 738 | tablesinfo[0x14].names = new String[] { "EventFlags", "Name", "EventType" };
 739 | tablesinfo[0x14].type = Types.Event;
 740 | tablesinfo[0x14].ctypes = new Types[] { Types.UInt16, Types.String, Types.TypeDefOrRef };
 741 | tablesinfo[0x15].Name = "PropertyMap";
 742 | tablesinfo[0x15].names = new String[] { "Parent", "PropertyList" };
 743 | tablesinfo[0x15].type = Types.PropertyMap;
 744 | tablesinfo[0x15].ctypes = new Types[] { Types.TypeDef, Types.Property };
 745 | tablesinfo[0x16].Name = "PropertyPtr";
 746 | tablesinfo[0x16].names = new String[] { "Property" };
 747 | tablesinfo[0x16].type = Types.PropertyPtr;
 748 | tablesinfo[0x16].ctypes = new Types[] { Types.Property };
 749 | tablesinfo[0x17].Name = "Property";
 750 | tablesinfo[0x17].names = new String[] { "PropFlags", "Name", "Type" };
 751 | tablesinfo[0x17].type = Types.Property;
 752 | tablesinfo[0x17].ctypes = new Types[] { Types.UInt16, Types.String, Types.Blob };
 753 | tablesinfo[0x18].Name = "MethodSemantics";
 754 | tablesinfo[0x18].names = new String[] { "Semantic", "Method", "Association" };
 755 | tablesinfo[0x18].type = Types.MethodSemantics;
 756 | tablesinfo[0x18].ctypes = new Types[] { Types.UInt16, Types.Method, Types.HasSemantic };
 757 | tablesinfo[0x19].Name = "MethodImpl";
 758 | tablesinfo[0x19].names = new String[] { "Class", "MethodBody", "MethodDeclaration" };
 759 | tablesinfo[0x19].type = Types.MethodImpl;
 760 | tablesinfo[0x19].ctypes = new Types[] { Types.TypeDef, Types.MethodDefOrRef, Types.MethodDefOrRef };
 761 | tablesinfo[0x1A].Name = "ModuleRef";
 762 | tablesinfo[0x1A].names = new String[] { "Name" };
 763 | tablesinfo[0x1A].type = Types.ModuleRef;
 764 | tablesinfo[0x1A].ctypes = new Types[] { Types.String };
 765 | tablesinfo[0x1B].Name = "TypeSpec";
 766 | tablesinfo[0x1B].names = new String[] { "Signature" };
 767 | tablesinfo[0x1B].type = Types.TypeSpec;
 768 | tablesinfo[0x1B].ctypes = new Types[] { Types.Blob };
 769 | tablesinfo[0x1C].Name = "ImplMap";
 770 | tablesinfo[0x1C].names = new String[] { "MappingFlags", "MemberForwarded", "ImportName", "ImportScope" };
 771 | tablesinfo[0x1C].type = Types.ImplMap;
 772 | tablesinfo[0x1C].ctypes = new Types[] { Types.UInt16, Types.MemberForwarded, Types.String, Types.ModuleRef };
 773 | tablesinfo[0x1D].Name = "FieldRVA";
 774 | tablesinfo[0x1D].names = new String[] { "RVA", "Field" };
 775 | tablesinfo[0x1D].type = Types.FieldRVA;
 776 | tablesinfo[0x1D].ctypes = new Types[] { Types.UInt32, Types.Field };
 777 | tablesinfo[0x1E].Name = "ENCLog";
 778 | tablesinfo[0x1E].names = new String[] { "Token", "FuncCode" };
 779 | tablesinfo[0x1E].type = Types.ENCLog;
 780 | tablesinfo[0x1E].ctypes = new Types[] { Types.UInt32, Types.UInt32 };
 781 | tablesinfo[0x1F].Name = "ENCMap";
 782 | tablesinfo[0x1F].names = new String[] { "Token" };
 783 | tablesinfo[0x1F].type = Types.ENCMap;
 784 | tablesinfo[0x1F].ctypes = new Types[] { Types.UInt32 };
 785 | tablesinfo[0x20].Name = "Assembly";
 786 | tablesinfo[0x20].names = new String[] { "HashAlgId", "MajorVersion", "MinorVersion", "BuildNumber", "RevisionNumber", "Flags", "PublicKey", "Name", "Locale" };
 787 | tablesinfo[0x20].type = Types.Assembly;
 788 | tablesinfo[0x20].ctypes = new Types[] { Types.UInt32, Types.UInt16, Types.UInt16, Types.UInt16, Types.UInt16, Types.UInt32, Types.Blob, Types.String, Types.String };
 789 | tablesinfo[0x21].Name = "AssemblyProcessor";
 790 | tablesinfo[0x21].names = new String[] { "Processor" };
 791 | tablesinfo[0x21].type = Types.AssemblyProcessor;
 792 | tablesinfo[0x21].ctypes = new Types[] { Types.UInt32 };
 793 | tablesinfo[0x22].Name = "AssemblyOS";
 794 | tablesinfo[0x22].names = new String[] { "OSPlatformId", "OSMajorVersion", "OSMinorVersion" };
 795 | tablesinfo[0x22].type = Types.AssemblyOS;
 796 | tablesinfo[0x22].ctypes = new Types[] { Types.UInt32, Types.UInt32, Types.UInt32 };
 797 | tablesinfo[0x23].Name = "AssemblyRef";
 798 | tablesinfo[0x23].names = new String[] { "MajorVersion", "MinorVersion", "BuildNumber", "RevisionNumber", "Flags", "PublicKeyOrToken", "Name", "Locale", "HashValue" };
 799 | tablesinfo[0x23].type = Types.AssemblyRef;
 800 | tablesinfo[0x23].ctypes = new Types[] { Types.UInt16, Types.UInt16, Types.UInt16, Types.UInt16, Types.UInt32, Types.Blob, Types.String, Types.String, Types.Blob };
 801 | tablesinfo[0x24].Name = "AssemblyRefProcessor";
 802 | tablesinfo[0x24].names = new String[] { "Processor", "AssemblyRef" };
 803 | tablesinfo[0x24].type = Types.AssemblyRefProcessor;
 804 | tablesinfo[0x24].ctypes = new Types[] { Types.UInt32, Types.AssemblyRef };
 805 | tablesinfo[0x25].Name = "AssemblyRefOS";
 806 | tablesinfo[0x25].names = new String[] { "OSPlatformId", "OSMajorVersion", "OSMinorVersion", "AssemblyRef" };
 807 | tablesinfo[0x25].type = Types.AssemblyRefOS;
 808 | tablesinfo[0x25].ctypes = new Types[] { Types.UInt32, Types.UInt32, Types.UInt32, Types.AssemblyRef };
 809 | tablesinfo[0x26].Name = "File";
 810 | tablesinfo[0x26].names = new String[] { "Flags", "Name", "HashValue" };
 811 | tablesinfo[0x26].type = Types.File;
 812 | tablesinfo[0x26].ctypes = new Types[] { Types.UInt32, Types.String, Types.Blob };
 813 | tablesinfo[0x27].Name = "ExportedType";
 814 | tablesinfo[0x27].names = new String[] { "Flags", "TypeDefId", "TypeName", "TypeNamespace", "TypeImplementation" };
 815 | tablesinfo[0x27].type = Types.ExportedType;
 816 | tablesinfo[0x27].ctypes = new Types[] { Types.UInt32, Types.UInt32, Types.String, Types.String, Types.Implementation };
 817 | tablesinfo[0x28].Name = "ManifestResource";
 818 | tablesinfo[0x28].names = new String[] { "Offset", "Flags", "Name", "Implementation" };
 819 | tablesinfo[0x28].type = Types.ManifestResource;
 820 | tablesinfo[0x28].ctypes = new Types[] { Types.UInt32, Types.UInt32, Types.String, Types.Implementation };
 821 | tablesinfo[0x29].Name = "NestedClass";
 822 | tablesinfo[0x29].names = new String[] { "NestedClass", "EnclosingClass"};
 823 | tablesinfo[0x29].type = Types.NestedClass;
 824 | tablesinfo[0x29].ctypes = new Types[] { Types.TypeDef, Types.TypeDef };
 825 | //unused TyPar tables taken from Roeder's reflector... are these documented anywhere?  Since they are always empty, does it matter
 826 | tablesinfo[0x2A].Name = "TypeTyPar";
 827 | tablesinfo[0x2A].names = new String[] { "Number", "Class", "Bound", "Name" };
 828 | tablesinfo[0x2A].type = Types.TypeTyPar;
 829 | tablesinfo[0x2A].ctypes = new Types[] { Types.UInt16, Types.TypeDef, Types.TypeDefOrRef, Types.String };
 830 | tablesinfo[0x2B].Name = "MethodTyPar";
 831 | tablesinfo[0x2B].names = new String[] { "Number", "Method", "Bound", "Name" };
 832 | tablesinfo[0x2B].type = Types.MethodTyPar;
 833 | tablesinfo[0x2B].ctypes = new Types[] { Types.UInt16, Types.Method, Types.TypeDefOrRef, Types.String };
 834 | tablesinfo[0x2C].Name = "MethodTyPar";
 835 | tablesinfo[0x2C].names = new String[] { "Number", "Method", "Bound", "Name" };
 836 | tablesinfo[0x2C].type = Types.MethodTyPar;
 837 | tablesinfo[0x2C].ctypes = new Types[] { Types.UInt16, Types.Method, Types.TypeDefOrRef, Types.String };
 838 | 
 839 | //number of bits in coded token tag for a coded token that refers to n tables.
 840 | //values 5-17 are not used :I		
 841 | codedTokenBits = new int[] { 0, 1, 1, 2, 2, 3, 3, 3, 3, 4, 4, 4, 4, 4, 4, 4, 4, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5 };
 842 | reftables = new RefTableInfo[12];
 843 | reftables[0].type = Types.TypeDefOrRef;
 844 | reftables[0].reftypes = new Types[] { Types.TypeDef, Types.TypeRef, Types.TypeSpec};
 845 | reftables[0].refindex = new int[] { 1, 2, 0x1B};
 846 | reftables[1].type = Types.HasConstant;
 847 | reftables[1].reftypes = new Types[] { Types.Field, Types.Param, Types.Property };
 848 | reftables[1].refindex = new int[] { 04, 08, 0x17};
 849 | reftables[2].type = Types.CustomAttributeType;
 850 | reftables[2].reftypes = new Types[] { Types.TypeRef, Types.TypeDef, Types.Method, Types.MemberRef, Types.UserString };
 851 | reftables[2].refindex = new int[] { 01, 02, 06, 0x0A,01};  //????????
 852 | reftables[3].type = Types.HasSemantic;
 853 | reftables[3].reftypes = new Types[] { Types.Event, Types.Property };
 854 | reftables[3].refindex = new int[] { 0x14, 0x17};
 855 | reftables[4].type = Types.ResolutionScope;
 856 | reftables[4].reftypes = new Types[] { Types.Module, Types.ModuleRef, Types.AssemblyRef, Types.TypeRef };
 857 | reftables[4].refindex = new int[] { 00, 0x1A,0x23, 0x01};
 858 | reftables[5].type = Types.HasFieldMarshal;
 859 | reftables[5].reftypes = new Types[] { Types.Field, Types.Param };
 860 | reftables[5].refindex = new int[] { 04, 08};
 861 | reftables[6].type = Types.HasDeclSecurity;
 862 | reftables[6].reftypes = new Types[] { Types.TypeDef, Types.Method, Types.Assembly };
 863 | reftables[6].refindex = new int[] { 02, 06, 0x20};
 864 | reftables[7].type = Types.MemberRefParent;
 865 | reftables[7].reftypes = new Types[] { Types.TypeDef, Types.TypeRef, Types.ModuleRef, Types.Method, Types.TypeSpec };
 866 | reftables[7].refindex = new int[] { 02,01,0x1A,06,0x1B };
 867 | reftables[8].type = Types.MethodDefOrRef;
 868 | reftables[8].reftypes = new Types[] { Types.Method, Types.MemberRef };
 869 | reftables[8].refindex = new int[] { 06,0x0A };
 870 | reftables[9].type = Types.MemberForwarded;
 871 | reftables[9].reftypes = new Types[] { Types.Field, Types.Method };
 872 | reftables[9].refindex = new int[] { 04,06 };
 873 | reftables[10].type = Types.Implementation;
 874 | reftables[10].reftypes = new Types[] { Types.File, Types.AssemblyRef, Types.ExportedType };
 875 | reftables[10].refindex = new int[] { 0x26, 0x23,0x27 };
 876 | reftables[11].type = Types.HasCustomAttribute;
 877 | reftables[11].reftypes = new Types[] { Types.Method, Types.Field, Types.TypeRef, Types.TypeDef, Types.Param, Types.InterfaceImpl, Types.MemberRef, Types.Module, Types.Permission, Types.Property, Types.Event, Types.StandAloneSig, Types.ModuleRef, Types.TypeSpec, Types.Assembly, Types.AssemblyRef, Types.File, Types.ExportedType, Types.ManifestResource };
 878 | reftables[11].refindex = new int[] { 06, 04, 01,02,08,09,0x0A,00,0x0E,0x17,0x14,0x11,0x1A,0x1B,0x20,0x23,0x26,0x27,0x28};
 879 | 	}
 880 | 
 881 | 		public int Rva2Offset(int rva)
 882 | 		{
 883 | 			for (int i = 0; i < sections.Length; i++)
 884 | 			{
 885 | 					if ((sections[i].virtual_address <= rva) && (sections[i].virtual_address + sections[i].size_of_raw_data >= rva))
 886 | 					return (sections[i].pointer_to_raw_data + (rva - sections[i].virtual_address));
 887 | 			}
 888 | 		
 889 | 			return 0;
 890 | 		}
 891 | 		
 892 | 		public int Offset2Rva(int uOffset)
 893 | 		{
 894 | 			for (int i = 0; i < sections.Length; i++)
 895 | 			{
 896 | 				if ((sections[i].pointer_to_raw_data <= uOffset) && ((sections[i].pointer_to_raw_data + sections[i].size_of_raw_data) >= uOffset))
 897 | 				return (sections[i].virtual_address + (uOffset - sections[i].pointer_to_raw_data));
 898 | 			}
 899 | 		
 900 | 			return 0;
 901 | 		}
 902 | 		
 903 | 		public int GetTypeSize(Types trans)
 904 | 		{
 905 | 		if (trans == Types.UInt16) return 2;
 906 | 		if (trans == Types.UInt32) return 4;
 907 | 		
 908 | 		// Heap
 909 | 		if (trans == Types.String) return GetStringIndexSize();
 910 | 		if (trans == Types.Guid) return GetGuidIndexSize();
 911 | 		if (trans == Types.Blob) return GetBlobIndexSize();
 912 | 
 913 | 		// Rid
 914 | 		if ((int)trans < 64)
 915 | 		{
 916 | 		if (TableLengths[(int)trans] > 65535) return 4;
 917 | 		else return 2;
 918 | 		}
 919 | 		// Coded token (may need to be uncompressed from 2-byte form)
 920 | 		else if ((int)trans < 97)
 921 | 		{
 922 | 		int index = (int)trans-64;
 923 | 		int codedtokenbits = codedTokenBits[reftables[index].refindex.Length];
 924 | 		int maxsizekeeped = 65535;
 925 | 		maxsizekeeped = maxsizekeeped >> codedtokenbits;
 926 | 		for (int i=0;i<reftables[index].refindex.Length;i++)
 927 | 		{
 928 | 		if (TableLengths[reftables[index].refindex[i]] > maxsizekeeped) return 4;
 929 | 		}
 930 | 		return 2;
 931 | 		
 932 | 		}
 933 | 		
 934 | 		return 0;
 935 | 		}
 936 | 
 937 | 		public int GetStringIndexSize()
 938 | 		{
 939 | 		return ((tableheader.HeapOffsetSizes & 0x01) != 0) ? 4 : 2;
 940 | 		}
 941 | 				
 942 | 		public int GetGuidIndexSize()
 943 | 		{
 944 | 		return ((tableheader.HeapOffsetSizes & 0x02) != 0) ? 4 : 2;
 945 | 		}
 946 | 		
 947 | 		public int GetBlobIndexSize()
 948 | 		{
 949 | 		return ((tableheader.HeapOffsetSizes & 0x04) != 0) ? 4 : 2;
 950 | 		}
 951 | 		
 952 | 		public unsafe bool Intialize(BinaryReader reader)
 953 | 		{
 954 | 		reader.BaseStream.Position=0;
 955 | 		byte[] buffer;
 956 | 		IntPtr pointer;
 957 | 		long NewPos;
 958 | 		
 959 | 		try
 960 | 		{
 961 | 		buffer = reader.ReadBytes(sizeof(IMAGE_DOS_HEADER));
 962 | 		
 963 | 		fixed (byte* p = buffer)
 964 | 		{
 965 | 		pointer = (IntPtr)p;
 966 | 		}
 967 | 		idh = (IMAGE_DOS_HEADER)Marshal.PtrToStructure(pointer, typeof(IMAGE_DOS_HEADER));
 968 | 		if (idh.e_magic!=0x5A4D) return false;
 969 | 		reader.BaseStream.Position=idh.e_lfanew;
 970 | 		buffer = reader.ReadBytes(sizeof(IMAGE_NT_HEADERS));
 971 | 
 972 | 		fixed (byte* p = buffer)
 973 | 		{
 974 | 		pointer = (IntPtr)p;
 975 | 		}
 976 | 		inh = (IMAGE_NT_HEADERS)Marshal.PtrToStructure(pointer, typeof(IMAGE_NT_HEADERS));
 977 | 		if (inh.Signature!=0x4550) return false;
 978 | 		
 979 | 		reader.BaseStream.Position=idh.e_lfanew+4+sizeof(IMAGE_FILE_HEADER)+inh.ifh.SizeOfOptionalHeader;
 980 | 		sections=new image_section_header[inh.ifh.NumberOfSections];
 981 | 		buffer = reader.ReadBytes(sizeof(image_section_header)*inh.ifh.NumberOfSections);
 982 | 		fixed (byte* p = buffer)
 983 | 		{
 984 | 		pointer = (IntPtr)p;
 985 | 		}
 986 | 		
 987 | 		for (int i = 0; i < sections.Length; i++)
 988 | 		{
 989 | 		sections[i] = (image_section_header)Marshal.PtrToStructure(pointer, typeof(image_section_header));
 990 | 		pointer = (IntPtr)(pointer.ToInt32() + Marshal.SizeOf(typeof(image_section_header)));
 991 | 		}
 992 | 		
 993 | 		
 994 | 		// NET Directory
 995 | 		if (inh.ioh.MetaDataDirectory.RVA==0) return false;
 996 | 		NewPos = (long)Rva2Offset(inh.ioh.MetaDataDirectory.RVA);
 997 | 		if (NewPos==0) return false;
 998 | 		reader.BaseStream.Position=NewPos;
 999 | 		buffer = reader.ReadBytes(sizeof(NETDirectory));
1000 | 
1001 | 		fixed (byte* p = buffer)
1002 | 		{
1003 | 		pointer = (IntPtr)p;
1004 | 		}
1005 | 		// After .NET Directory comes body of methods!
1006 | 		netdir = (NETDirectory)Marshal.PtrToStructure(pointer, typeof(NETDirectory));
1007 | 		
1008 | 		reader.BaseStream.Position=(long)Rva2Offset(netdir.MetaDataRVA);
1009 | 		mh = new MetadataReader.MetaDataHeader();
1010 | 		mh.Signature = reader.ReadInt32();
1011 | 		mh.MajorVersion = reader.ReadInt16();
1012 | 		mh.MinorVersion = reader.ReadInt16();
1013 | 		mh.Reserved = reader.ReadInt32();
1014 | 		mh.VerionLenght = reader.ReadInt32();
1015 | 		mh.VersionString = reader.ReadBytes(mh.VerionLenght);
1016 | 		mh.Flags = reader.ReadInt16();
1017 | 		mh.NumberOfStreams = reader.ReadInt16();
1018 | 		
1019 | 		streams = new MetaDataStream[mh.NumberOfStreams];
1020 | 			
1021 | 			for(int i=0; i< mh.NumberOfStreams;++i)
1022 | 			{
1023 | 			streams[i].Offset=reader.ReadInt32();
1024 | 			streams[i].Size=reader.ReadInt32();
1025 | 			char[] chars = new char[32];
1026 | 			int index = 0;
1027 | 			byte character = 0;
1028 | 			while ((character = reader.ReadByte()) != 0) 
1029 | 				chars[index++] = (char) character;
1030 | 	
1031 | 			index++;
1032 | 			int padding = ((index % 4) != 0) ? (4 - (index % 4)) : 0;
1033 | 			reader.ReadBytes(padding);
1034 | 	
1035 | 			streams[i].Name = new String(chars).Trim(new Char[] {'\0'});
1036 | 			
1037 | 			if (streams[i].Name == "#~"||streams[i].Name == "#-")
1038 | 			{
1039 | 			MetadataRoot.Name=streams[i].Name;
1040 | 			MetadataRoot.Offset=streams[i].Offset;
1041 | 			MetadataRoot.Size=streams[i].Size;
1042 | 			}
1043 | 
1044 | 			if (streams[i].Name == "#Strings") 
1045 | 			{
1046 | 			long savepoz = reader.BaseStream.Position;
1047 | 			reader.BaseStream.Position = (long)(Rva2Offset(netdir.MetaDataRVA)+streams[i].Offset);
1048 | 			StringOffset=reader.BaseStream.Position;
1049 | 			Strings = reader.ReadBytes(streams[i].Size);
1050 | 			reader.BaseStream.Position = savepoz;
1051 | 			}
1052 | 			
1053 | 			if (streams[i].Name == "#US")
1054 | 			{
1055 | 			long savepoz = reader.BaseStream.Position;
1056 | 			reader.BaseStream.Position = (long)(Rva2Offset(netdir.MetaDataRVA)+streams[i].Offset);
1057 | 			US = reader.ReadBytes(streams[i].Size);
1058 | 			reader.BaseStream.Position = savepoz;
1059 | 			}
1060 | 			
1061 | 			if (streams[i].Name == "#Blob")
1062 | 			{
1063 | 			long savepoz = reader.BaseStream.Position;
1064 | 			reader.BaseStream.Position = (long)(Rva2Offset(netdir.MetaDataRVA)+streams[i].Offset);
1065 | 			BlobOffset=reader.BaseStream.Position;
1066 | 			Blob = reader.ReadBytes(streams[i].Size);
1067 | 			reader.BaseStream.Position = savepoz;
1068 | 			}
1069 | 			
1070 | 			if (streams[i].Name == "#GUID")
1071 | 			{
1072 | 			long savepoz = reader.BaseStream.Position;
1073 | 			reader.BaseStream.Position = (long)(Rva2Offset(netdir.MetaDataRVA)+streams[i].Offset);
1074 | 			GUID = reader.ReadBytes(streams[i].Size);
1075 | 			reader.BaseStream.Position = savepoz;
1076 | 			}
1077 | 			
1078 | 			}
1079 | 			
1080 | 			reader.BaseStream.Position=(long)(Rva2Offset(netdir.MetaDataRVA)+MetadataRoot.Offset);
1081 | 			buffer = reader.ReadBytes(sizeof(TableHeader));
1082 | 			fixed (byte* p = buffer)
1083 | 			{
1084 | 			pointer = (IntPtr)p;
1085 | 			}
1086 | 			tableheader = (TableHeader)Marshal.PtrToStructure(pointer, typeof(TableHeader));
1087 | 			TableLengths = new int[64];
1088 | 			
1089 | 
1090 | 			//read as many uints as there are bits set in maskvalid
1091 | 			for (int i = 0; i < 64; i++)
1092 | 			{
1093 | 				int count = (((tableheader.MaskValid >> i) & 1) == 0) ? 0 : reader.ReadInt32();
1094 | 				TableLengths[i] = count;
1095 | 			}
1096 | 			
1097 | TablesOffset = reader.BaseStream.Position;
1098 | InitTablesInfo();
1099 | // Get Table sizes and all Tables
1100 | tablesize = new TableSize[0x2D];
1101 | 
1102 | for (int i=0;i<tablesize.Length;i++)
1103 | {
1104 | tablesize[i].Sizes=new int[tablesinfo[i].ctypes.Length];
1105 | tablesize[i].TotalSize=0;
1106 |  for (int j=0;j<tablesinfo[i].ctypes.Length;j++)
1107 |  {
1108 |  tablesize[i].Sizes[j]=GetTypeSize(tablesinfo[i].ctypes[j]);
1109 |  tablesize[i].TotalSize=tablesize[i].TotalSize+tablesize[i].Sizes[j];
1110 |  }
1111 | 
1112 | }
1113 | 
1114 | 
1115 |  }
1116 |  catch
1117 |  {
1118 |  return false;
1119 |  }
1120 | return true;
1121 | 
1122 | 	}
1123 | 	}
1124 | }
1125 | 


--------------------------------------------------------------------------------
/Confuser_Methods_Decryptor/MainForm.resx:
--------------------------------------------------------------------------------
  1 | <?xml version="1.0" encoding="utf-8"?>
  2 | <root>
  3 |   <!-- 
  4 |     Microsoft ResX Schema 
  5 |     
  6 |     Version 2.0
  7 |     
  8 |     The primary goals of this format is to allow a simple XML format 
  9 |     that is mostly human readable. The generation and parsing of the 
 10 |     various data types are done through the TypeConverter classes 
 11 |     associated with the data types.
 12 |     
 13 |     Example:
 14 |     
 15 |     ... ado.net/XML headers & schema ...
 16 |     <resheader name="resmimetype">text/microsoft-resx</resheader>
 17 |     <resheader name="version">2.0</resheader>
 18 |     <resheader name="reader">System.Resources.ResXResourceReader, System.Windows.Forms, ...</resheader>
 19 |     <resheader name="writer">System.Resources.ResXResourceWriter, System.Windows.Forms, ...</resheader>
 20 |     <data name="Name1"><value>this is my long string</value><comment>this is a comment</comment></data>
 21 |     <data name="Color1" type="System.Drawing.Color, System.Drawing">Blue</data>
 22 |     <data name="Bitmap1" mimetype="application/x-microsoft.net.object.binary.base64">
 23 |         <value>[base64 mime encoded serialized .NET Framework object]</value>
 24 |     </data>
 25 |     <data name="Icon1" type="System.Drawing.Icon, System.Drawing" mimetype="application/x-microsoft.net.object.bytearray.base64">
 26 |         <value>[base64 mime encoded string representing a byte array form of the .NET Framework object]</value>
 27 |         <comment>This is a comment</comment>
 28 |     </data>
 29 |                 
 30 |     There are any number of "resheader" rows that contain simple 
 31 |     name/value pairs.
 32 |     
 33 |     Each data row contains a name, and value. The row also contains a 
 34 |     type or mimetype. Type corresponds to a .NET class that support 
 35 |     text/value conversion through the TypeConverter architecture. 
 36 |     Classes that don't support this are serialized and stored with the 
 37 |     mimetype set.
 38 |     
 39 |     The mimetype is used for serialized objects, and tells the 
 40 |     ResXResourceReader how to depersist the object. This is currently not 
 41 |     extensible. For a given mimetype the value must be set accordingly:
 42 |     
 43 |     Note - application/x-microsoft.net.object.binary.base64 is the format 
 44 |     that the ResXResourceWriter will generate, however the reader can 
 45 |     read any of the formats listed below.
 46 |     
 47 |     mimetype: application/x-microsoft.net.object.binary.base64
 48 |     value   : The object must be serialized with 
 49 |             : System.Runtime.Serialization.Formatters.Binary.BinaryFormatter
 50 |             : and then encoded with base64 encoding.
 51 |     
 52 |     mimetype: application/x-microsoft.net.object.soap.base64
 53 |     value   : The object must be serialized with 
 54 |             : System.Runtime.Serialization.Formatters.Soap.SoapFormatter
 55 |             : and then encoded with base64 encoding.
 56 | 
 57 |     mimetype: application/x-microsoft.net.object.bytearray.base64
 58 |     value   : The object must be serialized into a byte array 
 59 |             : using a System.ComponentModel.TypeConverter
 60 |             : and then encoded with base64 encoding.
 61 |     -->
 62 |   <xsd:schema id="root" xmlns="" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:msdata="urn:schemas-microsoft-com:xml-msdata">
 63 |     <xsd:import namespace="http://www.w3.org/XML/1998/namespace" />
 64 |     <xsd:element name="root" msdata:IsDataSet="true">
 65 |       <xsd:complexType>
 66 |         <xsd:choice maxOccurs="unbounded">
 67 |           <xsd:element name="metadata">
 68 |             <xsd:complexType>
 69 |               <xsd:sequence>
 70 |                 <xsd:element name="value" type="xsd:string" minOccurs="0" />
 71 |               </xsd:sequence>
 72 |               <xsd:attribute name="name" use="required" type="xsd:string" />
 73 |               <xsd:attribute name="type" type="xsd:string" />
 74 |               <xsd:attribute name="mimetype" type="xsd:string" />
 75 |               <xsd:attribute ref="xml:space" />
 76 |             </xsd:complexType>
 77 |           </xsd:element>
 78 |           <xsd:element name="assembly">
 79 |             <xsd:complexType>
 80 |               <xsd:attribute name="alias" type="xsd:string" />
 81 |               <xsd:attribute name="name" type="xsd:string" />
 82 |             </xsd:complexType>
 83 |           </xsd:element>
 84 |           <xsd:element name="data">
 85 |             <xsd:complexType>
 86 |               <xsd:sequence>
 87 |                 <xsd:element name="value" type="xsd:string" minOccurs="0" msdata:Ordinal="1" />
 88 |                 <xsd:element name="comment" type="xsd:string" minOccurs="0" msdata:Ordinal="2" />
 89 |               </xsd:sequence>
 90 |               <xsd:attribute name="name" type="xsd:string" use="required" msdata:Ordinal="1" />
 91 |               <xsd:attribute name="type" type="xsd:string" msdata:Ordinal="3" />
 92 |               <xsd:attribute name="mimetype" type="xsd:string" msdata:Ordinal="4" />
 93 |               <xsd:attribute ref="xml:space" />
 94 |             </xsd:complexType>
 95 |           </xsd:element>
 96 |           <xsd:element name="resheader">
 97 |             <xsd:complexType>
 98 |               <xsd:sequence>
 99 |                 <xsd:element name="value" type="xsd:string" minOccurs="0" msdata:Ordinal="1" />
100 |               </xsd:sequence>
101 |               <xsd:attribute name="name" type="xsd:string" use="required" />
102 |             </xsd:complexType>
103 |           </xsd:element>
104 |         </xsd:choice>
105 |       </xsd:complexType>
106 |     </xsd:element>
107 |   </xsd:schema>
108 |   <resheader name="resmimetype">
109 |     <value>text/microsoft-resx</value>
110 |   </resheader>
111 |   <resheader name="version">
112 |     <value>2.0</value>
113 |   </resheader>
114 |   <resheader name="reader">
115 |     <value>System.Resources.ResXResourceReader, System.Windows.Forms, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089</value>
116 |   </resheader>
117 |   <resheader name="writer">
118 |     <value>System.Resources.ResXResourceWriter, System.Windows.Forms, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089</value>
119 |   </resheader>
120 | </root>


--------------------------------------------------------------------------------
/Confuser_Methods_Decryptor/Program.cs:
--------------------------------------------------------------------------------
 1 | /*
 2 |  * Created by SharpDevelop.
 3 |  * User: Bogdan
 4 |  * Date: 29.12.2012
 5 |  * Time: 18:25
 6 |  * 
 7 |  * To change this template use Tools | Options | Coding | Edit Standard Headers.
 8 |  */
 9 | using System;
10 | using System.Windows.Forms;
11 | 
12 | namespace Confuser_Methods_Decryptor
13 | {
14 | 	/// <summary>
15 | 	/// Class with program entry point.
16 | 	/// </summary>
17 | 	internal sealed class Program
18 | 	{
19 | 		/// <summary>
20 | 		/// Program entry point.
21 | 		/// </summary>
22 | 		[STAThread]
23 | 		private static void Main(string[] args)
24 | 		{
25 | 			Application.EnableVisualStyles();
26 | 			Application.SetCompatibleTextRenderingDefault(false);
27 | 			Application.Run(new MainForm());
28 | 		}
29 | 		
30 | 	}
31 | }
32 | 


--------------------------------------------------------------------------------
/Confuser_Methods_Decryptor/Properties/AssemblyInfo.cs:
--------------------------------------------------------------------------------
 1 | #region Using directives
 2 | 
 3 | using System;
 4 | using System.Reflection;
 5 | using System.Runtime.InteropServices;
 6 | 
 7 | #endregion
 8 | 
 9 | // General Information about an assembly is controlled through the following 
10 | // set of attributes. Change these attribute values to modify the information
11 | // associated with an assembly.
12 | [assembly: AssemblyTitle("Confuser_Methods_Decryptor")]
13 | [assembly: AssemblyDescription("")]
14 | [assembly: AssemblyConfiguration("")]
15 | [assembly: AssemblyCompany("")]
16 | [assembly: AssemblyProduct("Confuser_Methods_Decryptor")]
17 | [assembly: AssemblyCopyright("Copyright 2012")]
18 | [assembly: AssemblyTrademark("")]
19 | [assembly: AssemblyCulture("")]
20 | 
21 | // This sets the default COM visibility of types in the assembly to invisible.
22 | // If you need to expose a type to COM, use [ComVisible(true)] on that type.
23 | [assembly: ComVisible(false)]
24 | 
25 | // The assembly version has following format :
26 | //
27 | // Major.Minor.Build.Revision
28 | //
29 | // You can specify all the values or you can use the default the Revision and 
30 | // Build Numbers by using the '*' as shown below:
31 | [assembly: AssemblyVersion("1.0.*")]
32 | 


--------------------------------------------------------------------------------