Error when unscrambling a calli-protected program

Question

Error when unscrambling a calli-protected program

illuZion9999 opened this issue 4 years ago · 1 comments

Summary:
It seems that when a callvirt is replaced by a calli, Unscrambler throws an exception related to AsmResolver not being able to save the file (apparently due to a stack imbalance).

How to reproduce:
Change a callvirt instruction to a calli one as in the following CIL code:

Original code:

newobj	    instance void Test_Unscrambler.TestCalli::.ctor()
callvirt    instance void Test_Unscrambler.TestCalli::Test()

Obfuscated code:

ldftn	    instance void Test_Unscrambler.TestCalli::Test()
calli	    void ()

Note: There is no problem if it is a call which is replaced.

Thrown exception:

Unhandled Exception: System.AggregateException: Construction of the PE image failed with one or more errors. ---> AsmResolver.DotNet.Code.Cil.StackImbalanceException: Stack imbalance was detected at offset IL_0000 in method body of System.Void Test_Unscrambler.Program::Main(String[])
   at AsmResolver.DotNet.Code.Cil.CilMethodBody.ComputeMaxStack()
   at AsmResolver.DotNet.Code.Cil.CilMethodBodySerializer.SerializeMethodBody(MethodBodySerializationContext context, MethodDefinition method)
   --- End of inner exception stack trace ---
   at AsmResolver.DotNet.ModuleDefinition.ToPEImage(IPEImageBuilder imageBuilder)
   at AsmResolver.DotNet.ModuleDefinition.Write(String filePath, IPEImageBuilder imageBuilder, IPEFileBuilder fileBuilder)

Example file:
Test_Calli_Unscrambler.zip

Answer 1 · 2020-12-31T18:54:14.000Z

Issue is on my list and will hopefully be fixed when I release the Unscrambler recode based on Echo