static void Main(string[] args)
{
var VAR = GetInt(1)
}
private static int GetInt(int x) // althrough we can use VMP's rename, but hacker can find the method through parameter ( they try to find a method that have 1 int parameter and patch it)
{
return x + 1; // maybe difficult logic here.
}
static void Main(string[] args)
{
var VAR = 1 + 1;
}
Harmony can patch methods and apply prefix/postfix modifications, making the result of GetInt unreliable. So we want to inline the method and virtulization the whole method to prevent patch.
Do you have any suggestion to protect against Harmony's Patch? (prevent patch for our code and System assembly)
We've found some hacker renamed Harmony to avoid detection
Import Protection seems can protect against Harmony. ( I'm not sure, still testing)
But IIS results error when enabled Import Protection. (RVA xxx i can't remember)
When "Main" and "GetInt" were virtualized the "Main" doesn't call native stub of "GetInt", so any patch of "GetInt" with Harmony will not work in this case.
Do we have any way to find out patches of System's assembly?
e.g. Encoding.UTF8.GetString, they added postfix patch to tamper the result, replace license etc.
I just found Enabling Import Protection can prevent this kind of patch.