search

christopherdebow1 / ncloak

Automatically exported from code.google.com/p/ncloak
0 stars 0 forks source link

Common Language Runtime detected an invalid program #1

Closed GoogleCodeExporter closed 8 years ago

GoogleCodeExporter commented 8 years ago 
What steps will reproduce the problem?
1. Obfuscate assembly that contains switch instruction

What is the expected output? What do you see instead?
Invalid program

What version of the product are you using? On what operating system?
v0.3, on all supported windows versions

Please provide any additional information below.

when method that contains switch instruction get JITed then application
will crash
because offset(s) are wrong in switch instruction

Original issue reported on code.google.com by Dr.PcPu...@gmail.com on 21 Jan 2010 at 4:56

GoogleCodeExporter commented 8 years ago

Original comment by nzpaulma...@gmail.com on 1 Mar 2010 at 7:49

GoogleCodeExporter commented 8 years ago 
Sorry for the delay; I haven't been getting notifications of issues as of yet. 
I'll see  
if I can set up an email alert for this.

Original comment by nzpaulma...@gmail.com on 1 Mar 2010 at 7:50

GoogleCodeExporter commented 8 years ago 
This has now been fixed; can you please confirm this works for you in the 
current v0.4 
version? Thanks.

Original comment by nzpaulma...@gmail.com on 4 Mar 2010 at 7:53

GoogleCodeExporter commented 8 years ago 
it still produce invalid applications
test it on a bigger application and you will see

[IL]: Error: [C:\Temp\ncloak-0.4-bin\Obfuscated\PEnfo.exe : PENFO.?::?][offset 
0x000000C2] jmp / exception into the middle of an instruction.
[IL]: Error: [C:\Temp\ncloak-0.4-bin\Obfuscated\PEnfo.exe : PENFO.?::?][offset 
0x000005D2] Branch out of the method.
[IL]: Error: [C:\Temp\ncloak-0.4-bin\Obfuscated\PEnfo.exe : PENFO.?::?][offset 
0x000001DF] Branch out of the method.
[IL]: Error: [C:\Temp\ncloak-0.4-bin\Obfuscated\PEnfo.exe : PENFO.?::?][offset 
0x00000138] jmp / exception into the middle of an instruction.
[IL]: Error: [C:\Temp\ncloak-0.4-bin\Obfuscated\PEnfo.exe : PENFO.?::?][offset 
0x00000175] Branch out of the method.
[IL]: Error: [C:\Temp\ncloak-0.4-bin\Obfuscated\PEnfo.exe : PENFO.?::?][offset 
0x00000251] jmp / exception into the middle of an instruction.
[IL]: Error: [C:\Temp\ncloak-0.4-bin\Obfuscated\PEnfo.exe : 
PENFO.My.?::?][offset 
0x00000005] Unable to resolve token.
[IL]: Error: [C:\Temp\ncloak-0.4-bin\Obfuscated\PEnfo.exe : 
PENFO.My.?::?][offset 
0x00000005] Unable to resolve token.
[IL]: Error: [C:\Temp\ncloak-0.4-bin\Obfuscated\PEnfo.exe : 
PENFO.My.?::?][offset 
0x00000005] Unable to resolve token.
[IL]: Error: [C:\Temp\ncloak-0.4-bin\Obfuscated\PEnfo.exe : 
PENFO.My.?::?][offset 
0x00000005] Unable to resolve token.
[IL]: Error: [C:\Temp\ncloak-0.4-bin\Obfuscated\PEnfo.exe : 
PENFO.My.?::?][offset 
0x00000005] Unable to resolve token.
[IL]: Error: [C:\Temp\ncloak-0.4-bin\Obfuscated\PEnfo.exe : PENFO.My.?+?::?[T]]
[offset 0x000000EF] Endfinally from outside a finally handler.
[IL]: Error: [C:\Temp\ncloak-0.4-bin\Obfuscated\PEnfo.exe : PENFO.My.?+?[T]::?]
[offset 0x00000000]System.MissingFieldException: Field not 
found: '?.m_ThreadStaticValue'. Field is not visible.
13 Errors Verifying PEnfo.exe

Original comment by Dr.PcPu...@gmail.com on 4 Mar 2010 at 8:15

GoogleCodeExporter commented 8 years ago 
Ah, this is likely to be a slightly different bug. This is probably due to 
compiler 
optimisations that NCloak will need to unbundle (as necessary) when using 
String 
Encryption.

If you don't use string encryption does it still work?

I suspect it may be to do with br.s statements only supporting a signed byte 
instruction - as we expand the file with string encryption statements, some 
instructions may fall outside this limit requiring us to use br statements 
instead 
(same with brfalse.s etc also). I'll take a look at doing this when I can; in 
the 
meantime can you confirm if avoiding string encryption is a workaround?

Original comment by nzpaulma...@gmail.com on 4 Mar 2010 at 8:58

GoogleCodeExporter commented 8 years ago 
it did work in v0.3 if you only using renaming, but not in v0.4
when i run assembly (renaming only used on it) it will crash with a missing 
method
exeption

[IL]: Error: [C:\Temp\ncloak-0.4-bin\Obfuscated\PEnfo.exe : 
PENFO.My.?::?][offset
0x00000005] Unable to resolve token.
[IL]: Error: [C:\Temp\ncloak-0.4-bin\Obfuscated\PEnfo.exe : 
PENFO.My.?::?][offset
0x00000005] Unable to resolve token.
[IL]: Error: [C:\Temp\ncloak-0.4-bin\Obfuscated\PEnfo.exe : 
PENFO.My.?::?][offset
0x00000005] Unable to resolve token.
[IL]: Error: [C:\Temp\ncloak-0.4-bin\Obfuscated\PEnfo.exe : 
PENFO.My.?::?][offset
0x00000005] Unable to resolve token.
[IL]: Error: [C:\Temp\ncloak-0.4-bin\Obfuscated\PEnfo.exe : 
PENFO.My.?::?][offset
0x00000005] Unable to resolve token.
[IL]: Error: [C:\Temp\ncloak-0.4-bin\Obfuscated\PEnfo.exe :
PENFO.My.?+?[T]::?][offset 0x00000000]System.MissingFieldException: Field not 
found:
'?.m_ThreadStaticValue'. Field is not visible.
6 Errors Verifying PEnfo.exe

Original comment by Dr.PcPu...@gmail.com on 4 Mar 2010 at 9:06

GoogleCodeExporter commented 8 years ago 
Thanks alot for your feedback/help here. I'll try and replicate it first off 
with a 
bigger program and then attempt a fix from there.

Original comment by nzpaulma...@gmail.com on 4 Mar 2010 at 9:11

GoogleCodeExporter commented 8 years ago 
This issue should now be fixed in the current release (v0.5)
This includes fixes to allow large program support with string encryption and 
anti-
reflection tools by performing a "simplify" followed by "optimize".

Please let me know if you still get an issue with obfuscation - if possible do 
you have 
a sample app that it fails on?

Original comment by nzpaulma...@gmail.com on 12 Mar 2010 at 3:52

GoogleCodeExporter commented 8 years ago 
no offence but i think you need todo some bug tracking :)

i still get an issue with obfuscation =/
the most common is that ncloak is crashing, it crashing on almost all 
applications i
have tested on 
or that obfuscated output file throws an missing method exception

have attached 2 test applications
test1.exe will trow Method not found: '!0 ࠇ.get_GetInstance()'.

[MD]: Error: TypeDef that is not an Interface and not the Object class extends 
Nil
token. [token:0x02000002]
[IL]: Error: [C:\Temp\ncloak-0.5-bin\Obfuscated\test1.exe : 
rCompile.My.?::?][offset
0x00000005] Unable to resolve token.
[IL]: Error: [C:\Temp\ncloak-0.5-bin\Obfuscated\test1.exe : 
rCompile.My.?::?][offset
0x00000005] Unable to resolve token.
[IL]: Error: [C:\Temp\ncloak-0.5-bin\Obfuscated\test1.exe : 
rCompile.My.?::?][offset
0x00000005] Unable to resolve token.
[IL]: Error: [C:\Temp\ncloak-0.5-bin\Obfuscated\test1.exe : 
rCompile.My.?::?][offset
0x00000005] Unable to resolve token.
[IL]: Error: [C:\Temp\ncloak-0.5-bin\Obfuscated\test1.exe : 
rCompile.My.?::?][offset
0x00000005] Unable to resolve token.
[IL]: Error: [C:\Temp\ncloak-0.5-bin\Obfuscated\test1.exe :
rCompile.My.?+?[T]::?][offset 0x00000000]System.MissingFieldException: Field not
found: '?.m_ThreadStaticValue'. Field is not visible.

test2.exe is same as test1 but it has been decompile with ildasm and recompiled 
with
ilasm and it will crash ncloak

see below det different exceptions that im have been getting from diffrent small
simple applications (all applications is 100% managed code)

Unhandled Exception: System.NotSupportedException: Specified method is not suppo
rted.
   at Mono.Cecil.Cil.CodeWriter.GetPushDelta(Instruction instruction)
   at Mono.Cecil.Cil.CodeWriter.ComputeMaxStack(InstructionCollection instructio
ns)
   at Mono.Cecil.Cil.CodeWriter.VisitInstructionCollection(InstructionCollection
 instructions)
   at Mono.Cecil.Cil.MethodBody.Accept(ICodeVisitor visitor)
   at Mono.Cecil.Cil.CodeWriter.WriteMethodBody(MethodDefinition meth)
   at Mono.Cecil.ReflectionWriter.TerminateModuleDefinition(ModuleDefinition mod
ule)
   at Mono.Cecil.StructureWriter.TerminateAssemblyDefinition(AssemblyDefinition
asm)
   at Mono.Cecil.AssemblyDefinition.Accept(IReflectionStructureVisitor visitor)
   at Mono.Cecil.AssemblyFactory.SaveAssembly(AssemblyDefinition asm, Stream str
eam)
   at Mono.Cecil.AssemblyFactory.SaveAssembly(AssemblyDefinition asm, String fil
e)
   at TiviT.NCloak.CloakTasks.OutputAssembliesTask.RunTask(ICloakContext context
) in D:\Development\TiviT\ncloak\src\TiviT.NCloak\CloakTasks\OutputAssembliesTas
k.cs:line 31
   at TiviT.NCloak.CloakManager.Run(ICloakContext context) in D:\Development\Tiv
iT\ncloak\src\TiviT.NCloak\CloakManager.cs:line 96
   at TiviT.NCloak.Console.Program.Main(String[] args) in D:\Development\TiviT\n
cloak\src\TiviT.NCloak.Console\Program.cs:line 16

C:\Temp\ncloak-0.5-bin>pause
Press any key to continue . . .

Unhandled Exception: Mono.Cecil.ReflectionException: Wrong token: Module [0x236b
20]
   at Mono.Cecil.Cil.CodeReader.ReadCilBody(MethodBody body, BinaryReader br)
   at Mono.Cecil.Cil.CodeReader.VisitMethodBody(MethodBody body)
   at Mono.Cecil.MethodDefinition.LoadBody()
   at Mono.Cecil.MethodDefinition.get_Body()
   at TiviT.NCloak.CloakTasks.OptimizeTask.RunTask(ICloakContext context) in D:\
Development\TiviT\ncloak\src\TiviT.NCloak\CloakTasks\OptimizeTask.cs:line 46
   at TiviT.NCloak.CloakManager.Run(ICloakContext context) in D:\Development\Tiv
iT\ncloak\src\TiviT.NCloak\CloakManager.cs:line 96
   at TiviT.NCloak.Console.Program.Main(String[] args) in D:\Development\TiviT\n
cloak\src\TiviT.NCloak.Console\Program.cs:line 16

C:\Temp\ncloak-0.5-bin>pause
Press any key to continue . . .

Unhandled Exception: System.NullReferenceException: Object reference not set to
an instance of an object.
   at TiviT.NCloak.CecilExtensions.Is64BitAssembly(AssemblyDefinition assemblyDe
finition) in D:\Development\TiviT\ncloak\src\TiviT.NCloak\CecilExtensions.cs:lin
e 97
   at TiviT.NCloak.CloakTasks.StringEncryptionTask.ProcessInstructions(AssemblyD
efinition assemblyDef, MethodBody body, MethodReference decryptMethod) in D:\Dev
elopment\TiviT\ncloak\src\TiviT.NCloak\CloakTasks\StringEncryptionTask.cs:line 2
68
   at TiviT.NCloak.CloakTasks.StringEncryptionTask.EncryptStringsInAssembly(Asse
mblyDefinition definition) in D:\Development\TiviT\ncloak\src\TiviT.NCloak\Cloak
Tasks\StringEncryptionTask.cs:line 104
   at TiviT.NCloak.CloakTasks.StringEncryptionTask.RunTask(ICloakContext context
) in D:\Development\TiviT\ncloak\src\TiviT.NCloak\CloakTasks\StringEncryptionTas
k.cs:line 52
   at TiviT.NCloak.CloakManager.Run(ICloakContext context) in D:\Development\Tiv
iT\ncloak\src\TiviT.NCloak\CloakManager.cs:line 96
   at TiviT.NCloak.Console.Program.Main(String[] args) in D:\Development\TiviT\n
cloak\src\TiviT.NCloak.Console\Program.cs:line 16

C:\Temp\ncloak-0.5-bin>pause
Press any key to continue . .

Original comment by Dr.PcPu...@gmail.com on 12 Mar 2010 at 2:13

GoogleCodeExporter commented 8 years ago 
seems like attachment did not attach =P
http://www.4shared.com/file/239715755/feed35d3/Test.html

Original comment by Dr.PcPu...@gmail.com on 12 Mar 2010 at 2:26

GoogleCodeExporter commented 8 years ago 
Thanks for those examples - it helps me get out of my "sandbox" test 
environment. I 
have expanded these into three issues which I'll fix individually over the next 
week 
(#2, #3, #4). I'm closing this issue as it is outside the scope of switch 
statements 
now (you're right about the issue tracking!).

If you find anything else, or have any further questions then let me know.

Thanks heaps for your help!

Original comment by nzpaulma...@gmail.com on 12 Mar 2010 at 7:54

GoogleCodeExporter commented 8 years ago 
your welcome :)
yes i noticed that

i developing an protector (.NET Spider) and an obfuscator (PolyFlex)
so i tested with programs that didn't work to good with them in beta stage on 
NCloak

i have some more application that i hade some problem with
so i going to test them on NCloak when i got some spare time

Original comment by Dr.PcPu...@gmail.com on 12 Mar 2010 at 8:12

GoogleCodeExporter commented 8 years ago 
hey dr.pcputte please attach polyflex and .net spider latest versions

i found some thing of ur fish.net
// a commandline tool

just now require command list

Original comment by sadiqabb...@gmail.com on 6 Nov 2010 at 8:28

Attachments: