├── Anti Invoke Detection.sln
├── Anti Invoke Detection
    ├── Anti Invoke Detection.csproj
    ├── Anti Invoke Detection.csproj.user
    ├── App.config
    ├── ConsoleShort.cs
    ├── Program.cs
    ├── Properties
    │   └── AssemblyInfo.cs
    └── obj
    │   └── Debug
    │       ├── Anti Invoke Detection.csproj.FileListAbsolute.txt
    │       ├── Anti Invoke Detection.exe
    │       ├── Anti Invoke Detection.pdb
    │       └── DesignTimeResolveAssemblyReferencesInput.cache
└── README.md


/Anti Invoke Detection.sln:
--------------------------------------------------------------------------------
 1 | 
 2 | Microsoft Visual Studio Solution File, Format Version 12.00
 3 | # Visual Studio Express 2012 for Windows Desktop
 4 | Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "Anti Invoke Detection", "Anti Invoke Detection\Anti Invoke Detection.csproj", "{8F62B71F-52F4-4DC3-8EE6-DF6EC2C3B0F8}"
 5 | EndProject
 6 | Global
 7 | 	GlobalSection(SolutionConfigurationPlatforms) = preSolution
 8 | 		Debug|Any CPU = Debug|Any CPU
 9 | 		Release|Any CPU = Release|Any CPU
10 | 	EndGlobalSection
11 | 	GlobalSection(ProjectConfigurationPlatforms) = postSolution
12 | 		{8F62B71F-52F4-4DC3-8EE6-DF6EC2C3B0F8}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
13 | 		{8F62B71F-52F4-4DC3-8EE6-DF6EC2C3B0F8}.Debug|Any CPU.Build.0 = Debug|Any CPU
14 | 		{8F62B71F-52F4-4DC3-8EE6-DF6EC2C3B0F8}.Release|Any CPU.ActiveCfg = Release|Any CPU
15 | 		{8F62B71F-52F4-4DC3-8EE6-DF6EC2C3B0F8}.Release|Any CPU.Build.0 = Release|Any CPU
16 | 	EndGlobalSection
17 | 	GlobalSection(SolutionProperties) = preSolution
18 | 		HideSolutionNode = FALSE
19 | 	EndGlobalSection
20 | EndGlobal
21 | 


--------------------------------------------------------------------------------
/Anti Invoke Detection/Anti Invoke Detection.csproj:
--------------------------------------------------------------------------------
 1 | <?xml version="1.0" encoding="utf-8"?>
 2 | <Project ToolsVersion="4.0" DefaultTargets="Build" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
 3 |   <Import Project="$(MSBuildExtensionsPath)\$(MSBuildToolsVersion)\Microsoft.Common.props" Condition="Exists('$(MSBuildExtensionsPath)\$(MSBuildToolsVersion)\Microsoft.Common.props')" />
 4 |   <PropertyGroup>
 5 |     <Configuration Condition=" '$(Configuration)' == '' ">Debug</Configuration>
 6 |     <Platform Condition=" '$(Platform)' == '' ">AnyCPU</Platform>
 7 |     <ProjectGuid>{8F62B71F-52F4-4DC3-8EE6-DF6EC2C3B0F8}</ProjectGuid>
 8 |     <OutputType>Exe</OutputType>
 9 |     <AppDesignerFolder>Properties</AppDesignerFolder>
10 |     <RootNamespace>Anti_Invoke_Detection</RootNamespace>
11 |     <AssemblyName>Anti Invoke Detection</AssemblyName>
12 |     <TargetFrameworkVersion>v4.5</TargetFrameworkVersion>
13 |     <FileAlignment>512</FileAlignment>
14 |   </PropertyGroup>
15 |   <PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Debug|AnyCPU' ">
16 |     <PlatformTarget>AnyCPU</PlatformTarget>
17 |     <DebugSymbols>true</DebugSymbols>
18 |     <DebugType>full</DebugType>
19 |     <Optimize>false</Optimize>
20 |     <OutputPath>bin\Debug\</OutputPath>
21 |     <DefineConstants>DEBUG;TRACE</DefineConstants>
22 |     <ErrorReport>prompt</ErrorReport>
23 |     <WarningLevel>4</WarningLevel>
24 |   </PropertyGroup>
25 |   <PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Release|AnyCPU' ">
26 |     <PlatformTarget>AnyCPU</PlatformTarget>
27 |     <DebugType>pdbonly</DebugType>
28 |     <Optimize>true</Optimize>
29 |     <OutputPath>bin\Release\</OutputPath>
30 |     <DefineConstants>TRACE</DefineConstants>
31 |     <ErrorReport>prompt</ErrorReport>
32 |     <WarningLevel>4</WarningLevel>
33 |   </PropertyGroup>
34 |   <ItemGroup>
35 |     <Reference Include="dnlib">
36 |       <HintPath>..\..\..\de4dot v 3.1.41592\bin\dnlib.dll</HintPath>
37 |     </Reference>
38 |     <Reference Include="System" />
39 |     <Reference Include="System.Core" />
40 |     <Reference Include="System.Xml.Linq" />
41 |     <Reference Include="System.Data.DataSetExtensions" />
42 |     <Reference Include="Microsoft.CSharp" />
43 |     <Reference Include="System.Data" />
44 |     <Reference Include="System.Xml" />
45 |   </ItemGroup>
46 |   <ItemGroup>
47 |     <Compile Include="ConsoleShort.cs" />
48 |     <Compile Include="Program.cs" />
49 |     <Compile Include="Properties\AssemblyInfo.cs" />
50 |   </ItemGroup>
51 |   <ItemGroup>
52 |     <None Include="App.config" />
53 |   </ItemGroup>
54 |   <Import Project="$(MSBuildToolsPath)\Microsoft.CSharp.targets" />
55 |   <!-- To modify your build process, add your task inside one of the targets below and uncomment it. 
56 |        Other similar extension points exist, see Microsoft.Common.targets.
57 |   <Target Name="BeforeBuild">
58 |   </Target>
59 |   <Target Name="AfterBuild">
60 |   </Target>
61 |   -->
62 | </Project>


--------------------------------------------------------------------------------
/Anti Invoke Detection/Anti Invoke Detection.csproj.user:
--------------------------------------------------------------------------------
1 | <?xml version="1.0" encoding="utf-8"?>
2 | <Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
3 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)' == 'Debug|AnyCPU'">
4 |   </PropertyGroup>
5 | </Project>


--------------------------------------------------------------------------------
/Anti Invoke Detection/App.config:
--------------------------------------------------------------------------------
1 | <?xml version="1.0" encoding="utf-8" ?>
2 | <configuration>
3 |     <startup> 
4 |         <supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.5" />
5 |     </startup>
6 | </configuration>


--------------------------------------------------------------------------------
/Anti Invoke Detection/ConsoleShort.cs:
--------------------------------------------------------------------------------
 1 | using System;
 2 | using System.Collections.Generic;
 3 | using System.Linq;
 4 | using System.Text;
 5 | using System.Threading.Tasks;
 6 | 
 7 | namespace Anti_Invoke_Detection
 8 | {
 9 |     public partial class ConsoleShort
10 |     {
11 |         public void WriteLine(string text, ConsoleColor color) { Console.ForegroundColor = color; Console.WriteLine(text); Console.ResetColor(); }
12 |         public void Space() { Console.WriteLine(""); }
13 |         public void Pause() { Console.ReadKey(); }
14 |     }
15 | }


--------------------------------------------------------------------------------
/Anti Invoke Detection/Program.cs:
--------------------------------------------------------------------------------
 1 | using System;
 2 | using System.Collections.Generic;
 3 | using System.Linq;
 4 | using System.Text;
 5 | using System.Threading.Tasks;
 6 | using dnlib.DotNet.Emit;
 7 | using dnlib.DotNet;
 8 | using System.Reflection;
 9 | using dnlib.DotNet.Writer;
10 | 
11 | namespace Anti_Invoke_Detection
12 | {
13 |     class Program
14 |     {
15 |         static void Main(string[] args)
16 |         {
17 |             ConsoleShort Console = new ConsoleShort();
18 |             if (asArgs(args))
19 |             {
20 |                 try
21 |                 {
22 |                     int count = 0;
23 |                     ModuleDefMD md = ModuleDefMD.Load(args[0]);
24 |                     foreach (TypeDef type in md.GetTypes())
25 |                     {
26 |                         if (!type.IsGlobalModuleType) continue;
27 |                         foreach (MethodDef method in type.Methods)
28 |                         {
29 |                             try
30 |                             {
31 |                                 if (!method.HasBody && !method.Body.HasInstructions) continue;
32 |                                 for (int i = 0; i < method.Body.Instructions.Count; i++)
33 |                                 {
34 |                                     if (method.Body.Instructions[i].OpCode == OpCodes.Call && method.Body.Instructions[i].Operand.ToString().Contains("CallingAssembly"))
35 |                                     {
36 |                                         method.Body.Instructions[i].Operand = (method.Body.Instructions[i].Operand = md.Import(typeof(Assembly).GetMethod("GetExecutingAssembly")));
37 |                                         count++;
38 |                                     }
39 |                                 }
40 |                             }
41 |                             catch { }
42 |                         }
43 |                     }
44 |                     Console.WriteLine("Invoke Detection replaced: " + count, ConsoleColor.Red);
45 |                     ModuleWriterOptions writerOptions = new ModuleWriterOptions(md);
46 |                     writerOptions.MetaDataOptions.Flags |= MetaDataFlags.PreserveAll;
47 |                     writerOptions.Logger = DummyLogger.NoThrowInstance;
48 | 
49 |                     NativeModuleWriterOptions NativewriterOptions = new NativeModuleWriterOptions(md);
50 |                     NativewriterOptions.MetaDataOptions.Flags |= MetaDataFlags.PreserveAll;
51 |                     NativewriterOptions.Logger = DummyLogger.NoThrowInstance;
52 |                     if (md.IsILOnly)
53 |                         md.Write(args[0] + "_unpacked.exe", writerOptions);
54 |                     
55 |                     md.NativeWrite(args[0] + "_unpacked.exe", NativewriterOptions);
56 |                 }
57 |                 catch { Console.WriteLine("File isn't .net assembly valid! ", ConsoleColor.Red); }
58 |             }
59 |             else
60 |             {
61 |                 Console.WriteLine("No Args Detected!", ConsoleColor.Red);
62 |             }
63 |             Console.Pause();
64 |         }
65 |         static bool asArgs(string[] args)
66 |         {
67 |             try
68 |             {
69 |                 if (args[0] != "2xx1452851xx821x") { return true; } else { return false; }
70 |             }
71 |             catch { return false; }
72 |         }
73 |     }
74 | }
75 | 


--------------------------------------------------------------------------------
/Anti Invoke Detection/Properties/AssemblyInfo.cs:
--------------------------------------------------------------------------------
 1 | using System.Reflection;
 2 | using System.Runtime.CompilerServices;
 3 | using System.Runtime.InteropServices;
 4 | 
 5 | // General Information about an assembly is controlled through the following 
 6 | // set of attributes. Change these attribute values to modify the information
 7 | // associated with an assembly.
 8 | [assembly: AssemblyTitle("Anti Invoke Detection")]
 9 | [assembly: AssemblyDescription("")]
10 | [assembly: AssemblyConfiguration("")]
11 | [assembly: AssemblyCompany("")]
12 | [assembly: AssemblyProduct("Anti Invoke Detection")]
13 | [assembly: AssemblyCopyright("Copyright ©  2018")]
14 | [assembly: AssemblyTrademark("")]
15 | [assembly: AssemblyCulture("")]
16 | 
17 | // Setting ComVisible to false makes the types in this assembly not visible 
18 | // to COM components.  If you need to access a type in this assembly from 
19 | // COM, set the ComVisible attribute to true on that type.
20 | [assembly: ComVisible(false)]
21 | 
22 | // The following GUID is for the ID of the typelib if this project is exposed to COM
23 | [assembly: Guid("528dd057-4dfd-40c0-9c24-c91a9b2c7d8d")]
24 | 
25 | // Version information for an assembly consists of the following four values:
26 | //
27 | //      Major Version
28 | //      Minor Version 
29 | //      Build Number
30 | //      Revision
31 | //
32 | // You can specify all the values or you can default the Build and Revision Numbers 
33 | // by using the '*' as shown below:
34 | // [assembly: AssemblyVersion("1.0.*")]
35 | [assembly: AssemblyVersion("1.0.0.0")]
36 | [assembly: AssemblyFileVersion("1.0.0.0")]
37 | 


--------------------------------------------------------------------------------
/Anti Invoke Detection/obj/Debug/Anti Invoke Detection.csproj.FileListAbsolute.txt:
--------------------------------------------------------------------------------
1 | C:\Users\pc conect\Desktop\Cracking\Projects\Anti Invoke Detection\Anti Invoke Detection\bin\Debug\Anti Invoke Detection.exe.config
2 | C:\Users\pc conect\Desktop\Cracking\Projects\Anti Invoke Detection\Anti Invoke Detection\bin\Debug\Anti Invoke Detection.exe
3 | C:\Users\pc conect\Desktop\Cracking\Projects\Anti Invoke Detection\Anti Invoke Detection\bin\Debug\Anti Invoke Detection.pdb
4 | C:\Users\pc conect\Desktop\Cracking\Projects\Anti Invoke Detection\Anti Invoke Detection\bin\Debug\dnlib.dll
5 | C:\Users\pc conect\Desktop\Cracking\Projects\Anti Invoke Detection\Anti Invoke Detection\bin\Debug\dnlib.pdb
6 | C:\Users\pc conect\Desktop\Cracking\Projects\Anti Invoke Detection\Anti Invoke Detection\obj\Debug\Anti Invoke Detection.exe
7 | C:\Users\pc conect\Desktop\Cracking\Projects\Anti Invoke Detection\Anti Invoke Detection\obj\Debug\Anti Invoke Detection.pdb
8 | 


--------------------------------------------------------------------------------
/Anti Invoke Detection/obj/Debug/Anti Invoke Detection.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/obfuscators-2019/AntiInvokeDetection/63a512964b0ac1f2cd81cc6075fa233737ac2518/Anti Invoke Detection/obj/Debug/Anti Invoke Detection.exe


--------------------------------------------------------------------------------
/Anti Invoke Detection/obj/Debug/Anti Invoke Detection.pdb:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/obfuscators-2019/AntiInvokeDetection/63a512964b0ac1f2cd81cc6075fa233737ac2518/Anti Invoke Detection/obj/Debug/Anti Invoke Detection.pdb


--------------------------------------------------------------------------------
/Anti Invoke Detection/obj/Debug/DesignTimeResolveAssemblyReferencesInput.cache:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/obfuscators-2019/AntiInvokeDetection/63a512964b0ac1f2cd81cc6075fa233737ac2518/Anti Invoke Detection/obj/Debug/DesignTimeResolveAssemblyReferencesInput.cache


--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
1 | # AntiInvokeDetection
2 | most string deobfuscators use Invoke to pick up the strings, however some obfuscators are using "GetCallingAssembly" to check if the method is being executed by another assembly
3 | <br />
4 | This tool, just replace "GetCallingAssembly" to "GetExecutingAssembly" for ignore the invoke detection!
5 | 


--------------------------------------------------------------------------------