From 4aae9feba6d478852673949c9c959d1ef25acb66 Mon Sep 17 00:00:00 2001
From: notcpuid <notcpuid@proton.me>
Date: Wed, 2 Jul 2025 10:58:37 +0300
Subject: [PATCH] feat(core): add check for .NET binaries

---
 pe-packer/core/core.cpp |   7 +-
 pe-packer/core/mba.cpp  | 210 ++++++++++++++++++++--------------------
 2 files changed, 110 insertions(+), 107 deletions(-)

diff --git a/pe-packer/core/core.cpp b/pe-packer/core/core.cpp
index 1edf52c..35bdcf9 100644
--- a/pe-packer/core/core.cpp
+++ b/pe-packer/core/core.cpp
@@ -17,12 +17,16 @@ c_core::c_core(std::string input_file, std::string output_file, std::uint32_t mu
 		print_error("Binary is not PE file\n");
 	}
 
-
 	m_peImage = std::make_unique<pe_bliss::pe_base>(pe_bliss::pe_factory::create_pe(pe_file));
 	if (m_peImage->get_pe_type() != pe_bliss::pe_type_32) {
 		print_error("Binary is not x86 architecture\n");
 	}
 
+	bool clr_dir = m_peImage->directory_exists(14);
+	if (clr_dir) {
+		print_error("CLR directory found, .NET binary is not supported yet\n");
+	}
+
 	JitRuntime jitRt;
 	m_codeHolder = std::make_unique<CodeHolder>();
 	Error init_asmjit = m_codeHolder->init(jitRt.environment(), jitRt.cpuFeatures());
@@ -253,7 +257,6 @@ void c_core::process()
 		for (const xor_target_t& target : obf_xor_targets) {
 			xor_function_range(target);
 			insert_runtime_xor_stub(target);
-
 		}
 	}
 
diff --git a/pe-packer/core/mba.cpp b/pe-packer/core/mba.cpp
index 68563ab..22532ab 100644
--- a/pe-packer/core/mba.cpp
+++ b/pe-packer/core/mba.cpp
@@ -32,149 +32,149 @@ void c_mba::gen_math_operations() {
 
 void c_mba::mba_code(c_mba::options opt) {
 
-		int x = random_value(0, 3);
-		switch (x) {
+	int x = random_value(0, 3);
+	switch (x) {
 
-		case 0: {
+	case 0: {
 
-			Label new_label = m_core.get_assembler()->newLabel();
-			gen_math_operations();
+		Label new_label = m_core.get_assembler()->newLabel();
+		gen_math_operations();
 
-			// create new jump equal to label
-			m_core.get_assembler()->je(new_label);
+		// create new jump equal to label
+		m_core.get_assembler()->je(new_label);
 
-			// load x and y into regs
-			m_core.get_assembler()->mov(x86::eax, x86::edi);
-			m_core.get_assembler()->mov(x86::ebx, x86::esi);
+		// load x and y into regs
+		m_core.get_assembler()->mov(x86::eax, x86::edi);
+		m_core.get_assembler()->mov(x86::ebx, x86::esi);
 
-			// calculate in eax: (X | Y)
-			// store result in stack
-			m_core.get_assembler()->or_(x86::eax, x86::ebx); // eax = X | Y
-			m_core.get_assembler()->push(x86::eax);
+		// calculate in eax: (X | Y)
+		// store result in stack
+		m_core.get_assembler()->or_(x86::eax, x86::ebx); // eax = X | Y
+		m_core.get_assembler()->push(x86::eax);
 
-			// calculate in eax: (X & Y)
-			m_core.get_assembler()->mov(x86::eax, x86::edi);
-			m_core.get_assembler()->and_(x86::eax, x86::ebx);
+		// calculate in eax: (X & Y)
+		m_core.get_assembler()->mov(x86::eax, x86::edi);
+		m_core.get_assembler()->and_(x86::eax, x86::ebx);
 
-			// get (X | Y) from stack and substraction (X & Y) 
-			// store result in ecx
-			m_core.get_assembler()->pop(x86::ecx);
-			m_core.get_assembler()->sub(x86::ecx, x86::eax);
+		// get (X | Y) from stack and substraction (X & Y) 
+		// store result in ecx
+		m_core.get_assembler()->pop(x86::ecx);
+		m_core.get_assembler()->sub(x86::ecx, x86::eax);
 
-			m_core.get_assembler()->mov(x86::eax, x86::ecx);
+		m_core.get_assembler()->mov(x86::eax, x86::ecx);
 
-			// store result in stack and manipulate it
-			m_core.get_assembler()->push(x86::eax);
-			m_core.get_assembler()->mov(x86::ebx, x86::eax);
-			m_core.get_assembler()->xor_(x86::ebx, x86::edi);
+		// store result in stack and manipulate it
+		m_core.get_assembler()->push(x86::eax);
+		m_core.get_assembler()->mov(x86::ebx, x86::eax);
+		m_core.get_assembler()->xor_(x86::ebx, x86::edi);
 
-			// its loc
-			m_core.get_assembler()->bind(new_label);
+		// its loc
+		m_core.get_assembler()->bind(new_label);
 
-			// store base pointer and push new from stack
-			m_core.get_assembler()->push(x86::rbp);
-			m_core.get_assembler()->mov(x86::rbp, x86::rsp);
-			gen_math_operations();
+		// store base pointer and push new from stack
+		m_core.get_assembler()->push(x86::rbp);
+		m_core.get_assembler()->mov(x86::rbp, x86::rsp);
+		gen_math_operations();
 
-			// restore base pointer
-			m_core.get_assembler()->pop(x86::rbp);
+		// restore base pointer
+		m_core.get_assembler()->pop(x86::rbp);
 
-			break;
-		}
+		break;
+	}
 
-		case 1: {
+	case 1: {
 
-			Label new_label = m_core.get_assembler()->newLabel();
+		Label new_label = m_core.get_assembler()->newLabel();
 
-			gen_math_operations();
+		gen_math_operations();
 
-			// create new jump equal to label
-			m_core.get_assembler()->je(new_label);
+		// create new jump equal to label
+		m_core.get_assembler()->je(new_label);
 
-			// load x and y into regs
-			m_core.get_assembler()->mov(x86::eax, x86::edi);
-			m_core.get_assembler()->mov(x86::ebx, x86::esi);
+		// load x and y into regs
+		m_core.get_assembler()->mov(x86::eax, x86::edi);
+		m_core.get_assembler()->mov(x86::ebx, x86::esi);
 
-			// calculate in eax: (X & Y)
-			// store result in stack
-			m_core.get_assembler()->and_(x86::eax, x86::ebx);
-			m_core.get_assembler()->push(x86::eax);
+		// calculate in eax: (X & Y)
+		// store result in stack
+		m_core.get_assembler()->and_(x86::eax, x86::ebx);
+		m_core.get_assembler()->push(x86::eax);
 
-			// calculate in eax: (X | Y)
-			m_core.get_assembler()->mov(x86::eax, x86::edi);
-			m_core.get_assembler()->or_(x86::eax, x86::ebx);
+		// calculate in eax: (X | Y)
+		m_core.get_assembler()->mov(x86::eax, x86::edi);
+		m_core.get_assembler()->or_(x86::eax, x86::ebx);
 
-			// get (X & Y) from stack and addition (X | Y)
-			// store result in ecx
-			m_core.get_assembler()->pop(x86::ecx);
-			m_core.get_assembler()->add(x86::ecx, x86::eax);
+		// get (X & Y) from stack and addition (X | Y)
+		// store result in ecx
+		m_core.get_assembler()->pop(x86::ecx);
+		m_core.get_assembler()->add(x86::ecx, x86::eax);
 
-			m_core.get_assembler()->mov(x86::eax, x86::ecx);
+		m_core.get_assembler()->mov(x86::eax, x86::ecx);
 
-			// store result in stack and manipulate it
-			m_core.get_assembler()->push(x86::eax);
-			m_core.get_assembler()->mov(x86::ebx, x86::eax);
-			m_core.get_assembler()->xor_(x86::ebx, x86::edi);
+		// store result in stack and manipulate it
+		m_core.get_assembler()->push(x86::eax);
+		m_core.get_assembler()->mov(x86::ebx, x86::eax);
+		m_core.get_assembler()->xor_(x86::ebx, x86::edi);
 
-			// its loc
-			m_core.get_assembler()->bind(new_label);
+		// its loc
+		m_core.get_assembler()->bind(new_label);
 
-			// store base pointer and push new from stack
-			m_core.get_assembler()->push(x86::rbp);
-			m_core.get_assembler()->mov(x86::rbp, x86::rsp);
-			gen_math_operations();
+		// store base pointer and push new from stack
+		m_core.get_assembler()->push(x86::rbp);
+		m_core.get_assembler()->mov(x86::rbp, x86::rsp);
+		gen_math_operations();
 
-			// restore base pointer
-			m_core.get_assembler()->pop(x86::rbp);
+		// restore base pointer
+		m_core.get_assembler()->pop(x86::rbp);
 
-			break;
-		}
+		break;
+	}
 
-		case 2: {
-			Label new_label = m_core.get_assembler()->newLabel();
+	case 2: {
+		Label new_label = m_core.get_assembler()->newLabel();
 
-			// create new jump equal to label
-			m_core.get_assembler()->je(new_label);
+		// create new jump equal to label
+		m_core.get_assembler()->je(new_label);
 
-			// load x and y into regs
-			m_core.get_assembler()->mov(x86::eax, x86::edi);
-			m_core.get_assembler()->mov(x86::ebx, x86::esi);
+		// load x and y into regs
+		m_core.get_assembler()->mov(x86::eax, x86::edi);
+		m_core.get_assembler()->mov(x86::ebx, x86::esi);
 
-			// calculate in eax: (X & Y)
-			// store result in stack
-			m_core.get_assembler()->xor_(x86::eax, x86::ebx);
-			m_core.get_assembler()->neg(x86::eax);
-			m_core.get_assembler()->push(x86::eax);
+		// calculate in eax: (X & Y)
+		// store result in stack
+		m_core.get_assembler()->xor_(x86::eax, x86::ebx);
+		m_core.get_assembler()->neg(x86::eax);
+		m_core.get_assembler()->push(x86::eax);
 
-			// calculate in eax: (X | Y)
-			m_core.get_assembler()->mov(x86::eax, x86::edi);
-			m_core.get_assembler()->neg(x86::eax);
-			m_core.get_assembler()->and_(x86::eax, x86::ebx);
+		// calculate in eax: (X | Y)
+		m_core.get_assembler()->mov(x86::eax, x86::edi);
+		m_core.get_assembler()->neg(x86::eax);
+		m_core.get_assembler()->and_(x86::eax, x86::ebx);
 
-			// get (X & Y) from stack and addition (X | Y)
-			// store result in ecx
-			m_core.get_assembler()->pop(x86::ecx);
-			m_core.get_assembler()->add(x86::ecx, x86::eax);
+		// get (X & Y) from stack and addition (X | Y)
+		// store result in ecx
+		m_core.get_assembler()->pop(x86::ecx);
+		m_core.get_assembler()->add(x86::ecx, x86::eax);
 
-			m_core.get_assembler()->mov(x86::eax, x86::ecx);
+		m_core.get_assembler()->mov(x86::eax, x86::ecx);
 
-			// store result in stack and manipulate it
-			m_core.get_assembler()->push(x86::eax);
-			m_core.get_assembler()->mov(x86::ebx, x86::eax);
-			m_core.get_assembler()->xor_(x86::ebx, x86::edi);
+		// store result in stack and manipulate it
+		m_core.get_assembler()->push(x86::eax);
+		m_core.get_assembler()->mov(x86::ebx, x86::eax);
+		m_core.get_assembler()->xor_(x86::ebx, x86::edi);
 
-			// its loc
-			m_core.get_assembler()->bind(new_label);
+		// its loc
+		m_core.get_assembler()->bind(new_label);
 
-			// store base pointer and push new from stack
-			m_core.get_assembler()->push(x86::rbp);
-			m_core.get_assembler()->mov(x86::rbp, x86::rsp);
-			gen_math_operations();
+		// store base pointer and push new from stack
+		m_core.get_assembler()->push(x86::rbp);
+		m_core.get_assembler()->mov(x86::rbp, x86::rsp);
+		gen_math_operations();
 
-			// restore base pointer
-			m_core.get_assembler()->pop(x86::rbp);
+		// restore base pointer
+		m_core.get_assembler()->pop(x86::rbp);
 
-			break;
-		}
+		break;
+	}
 	}
 }
\ No newline at end of file