[a.ahmed]

PHP كود :

using System;
using System.Text;
using System.IO;
using dnlib.DotNet;
using dnlib.DotNet.Emit;
using System.Collections.Generic;

namespace DumpStrings
{
    class Program
    {
        static void Main(string[] args)
        {

            if (args.Length == 0)
            {
                Console.WriteLine("args not found");
                Console.ReadKey();
                return;
            }

            // Last args part is our path, maybe I'll add some - options in future...
            string ExePath = args[args.Length - 1];
            if (!File.Exists(ExePath))
            {
                Console.WriteLine("File doesn't exist!\nPath => {0}", ExePath);
                return;
            }
            string exten = Path.GetExtension(ExePath);

            string OutputPath = ExePath.Substring(0, ExePath.Length - 4) + exten;

            try
            {
                var DeobMe = ExePath; // @"C:\1.exe";
                var module = ModuleDefMD.Load(DeobMe);
                var types = module.GetTypes();

                Console.WriteLine(Environment.NewLine);
                Console.WriteLine("Source File: {" + System.IO.Path.GetFileName(ExePath) + "}");
                Console.Write("Processing...");


                foreach (var type in types)
                {
                    if (!type.HasFields)
                        continue;

                    foreach (var method in type.Methods)
                    {
                        var _ils = method.Body.Instructions;

                        for (int i = 0; i < method.Body.Instructions.Count; i++)
                        {
                            try
                            {
                                if (method.Body.Instructions[i].Operand.ToString().EndsWith("::host"))
                                    method.Body.Instructions[i - 1].Operand = Base64Decode(method.Body.Instructions[i - 1].Operand.ToString());

                                if (method.Body.Instructions[i].Operand.ToString().EndsWith("::port"))
                                    method.Body.Instructions[i - 1].Operand = Base64Decode(method.Body.Instructions[i - 1].Operand.ToString());
                            }
                            catch (Exception ex) { }
                        }

                    }

                }

                string OutputFilename = ExePath.Substring(0, ExePath.Length - 4) + "_Result" + exten;
                module.Write(OutputFilename);   //@"C:\2.exe"
                Console.WriteLine(Environment.NewLine);
                Console.WriteLine("Result File: {" + System.IO.Path.GetFileName(OutputFilename) + "}");
                Console.WriteLine("Successful." + Environment.NewLine);
                Console.ReadKey();

            }
            catch (Exception ex)
            {
                Console.WriteLine(Environment.NewLine);
                Console.WriteLine(Environment.NewLine + ex.Message);
                Console.ReadKey();
            }

        }


        public static string Base64Decode(string base64EncodedData)
        {
            try
            {
                foreach (char c in base64EncodedData)
                    if (!"ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+= ".Trim().Contains(c.ToString())) return null;
                var base64EncodedBytes = System.Convert.FromBase64String(base64EncodedData);
                return System.Text.Encoding.UTF8.GetString(base64EncodedBytes);
            }
            catch (Exception ex) { return null; }
        }

    }
}