search

dr4k0nia / Unscrambler

Universal unpacker and fixer for a number of modded ConfuserEx protections
100 stars 18 forks source link

Error when unscrambling a calli-protected program #2

Open illuZion9999 opened 3 years ago

illuZion9999 commented 3 years ago

Summary: It seems that when a callvirt is replaced by a calli, Unscrambler throws an exception related to AsmResolver not being able to save the file (apparently due to a stack imbalance).

How to reproduce: Change a callvirt instruction to a calli one as in the following CIL code:

Original code:

newobj      instance void Test_Unscrambler.TestCalli::.ctor()
callvirt    instance void Test_Unscrambler.TestCalli::Test()

Obfuscated code:

ldftn       instance void Test_Unscrambler.TestCalli::Test()
calli       void ()

Note: There is no problem if it is a call which is replaced.

Thrown exception:

Unhandled Exception: System.AggregateException: Construction of the PE image failed with one or more errors. ---> AsmResolver.DotNet.Code.Cil.StackImbalanceException: Stack imbalance was detected at offset IL_0000 in method body of System.Void Test_Unscrambler.Program::Main(String[])
   at AsmResolver.DotNet.Code.Cil.CilMethodBody.ComputeMaxStack()
   at AsmResolver.DotNet.Code.Cil.CilMethodBodySerializer.SerializeMethodBody(MethodBodySerializationContext context, MethodDefinition method)
   --- End of inner exception stack trace ---
   at AsmResolver.DotNet.ModuleDefinition.ToPEImage(IPEImageBuilder imageBuilder)
   at AsmResolver.DotNet.ModuleDefinition.Write(String filePath, IPEImageBuilder imageBuilder, IPEFileBuilder fileBuilder)

Example file: Test_Calli_Unscrambler.zip

dr4k0nia commented 3 years ago

Issue is on my list and will hopefully be fixed when I release the Unscrambler recode based on Echo