### MLVScan Console Output Example Source: https://github.com/ifbars/mlvscan/wiki/Developer-CLI An example of the developer-friendly console output generated by MLVScan.DevCLI, showing findings, severity, guidance, and locations. ```text MLVScan Developer Report ======================== Assembly: MyMod.dll Findings: 2 [High] Detected executable write near persistence-prone directory Rule: PersistenceRule Occurrences: 1 Developer Guidance: For mod settings, use MelonPreferences. For save data, use the game's save system or Application.persistentDataPath with .json extension. 📚 https://melonwiki.xyz/#/modders/preferences Suggested APIs: MelonPreferences.CreateEntry Locations: • MyMod.SaveManager.SaveSettings:42 ──────────────────────────────────────── ``` -------------------------------- ### MLVScan JSON Output Example Source: https://github.com/ifbars/mlvscan/wiki/Developer-CLI An example of the machine-readable JSON output from MLVScan.DevCLI, suitable for CI/CD pipelines and automated analysis. ```json { "assemblyName": "MyMod.dll", "totalFindings": 2, "findings": [ { "ruleId": "PersistenceRule", "description": "Detected executable write near persistence-prone directory", "severity": "High", "location": "MyMod.SaveManager.SaveSettings:42", "codeSnippet": "...", "guidance": { "remediation": "For mod settings, use MelonPreferences...", "documentationUrl": "https://melonwiki.xyz/#/modders/preferences", "alternativeApis": ["MelonPreferences.CreateEntry"], "isRemediable": true } } ] } ``` -------------------------------- ### MSBuild: Complete Project Configuration with MLVScan Source: https://github.com/ifbars/mlvscan/wiki/Developer-CLI A full example of a .csproj file demonstrating how to include MLVScan.DevCLI as a project dependency and configure different build targets for debug and release configurations. ```xml netstandard2.1 MyAwesomeMod all runtime; build; native; contentfiles; analyzers ``` -------------------------------- ### Install MLVScan.DevCLI Locally Source: https://github.com/ifbars/mlvscan/wiki/Developer-CLI Installs MLVScan.DevCLI locally within a specific project. This is useful for project-specific tool management and versioning. ```bash dotnet new tool-manifest # if you don't have one already dotnet tool install MLVScan.DevCLI ``` -------------------------------- ### GitHub Actions: Build and Scan MLVScan Source: https://github.com/ifbars/mlvscan/wiki/Developer-CLI This GitHub Actions workflow automates the build process for a .NET project and then scans the resulting DLL using MLVScan.DevCLI. It checks out the code, sets up the .NET environment, installs the MLVScan CLI, builds the project, performs the scan, and uploads the scan results as an artifact. ```yaml name: Build and Scan on: [push, pull_request] jobs: build: runs-on: windows-latest steps: - uses: actions/checkout@v3 - name: Setup .NET uses: actions/setup-dotnet@v3 with: dotnet-version: '8.0.x' - name: Install MLVScan.DevCLI run: dotnet tool install --global MLVScan.DevCLI - name: Build run: dotnet build -c Release - name: Scan for issues run: mlvscan-dev ./bin/Release/netstandard2.1/MyMod.dll --json > scan-results.json - name: Upload scan results uses: actions/upload-artifact@v3 with: name: mlvscan-results path: scan-results.json ``` -------------------------------- ### MLVScan Configuration Example (MelonLoader) Source: https://github.com/ifbars/mlvscan/wiki/Architecture Illustrates the configuration format for MLVScan when used with MelonLoader, utilizing MelonPreferences. Shows settings for whitelisted hashes, disable threshold, and IL report dumping. ```ini [MLVScan] WhitelistedHashes = [...] DisableThreshold = Medium DumpFullIlReports = false ``` -------------------------------- ### MLVScan GitHub Actions CI/CD Integration Source: https://context7.com/ifbars/mlvscan/llms.txt Integrate MLVScan into your GitHub Actions workflow for automated security scanning. This example sets up .NET, installs the CLI, builds the project, scans for issues, and uploads results. ```yaml name: Build and Scan on: [push, pull_request] jobs: build: runs-on: windows-latest steps: - uses: actions/checkout@v3 - name: Setup .NET uses: actions/setup-dotnet@v3 with: dotnet-version: '8.0.x' - name: Install MLVScan.DevCLI run: dotnet tool install --global MLVScan.DevCLI - name: Build run: dotnet build -c Release - name: Scan for security issues run: mlvscan-dev ./bin/Release/netstandard2.1/MyMod.dll --json > scan-results.json - name: Fail on critical issues run: mlvscan-dev ./bin/Release/netstandard2.1/MyMod.dll --fail-on Critical - name: Upload scan results uses: actions/upload-artifact@v3 with: name: mlvscan-results path: scan-results.json ``` -------------------------------- ### Assembly Resolver Provider Implementations Source: https://github.com/ifbars/mlvscan/wiki/Architecture Demonstrates platform-specific implementations of IAssemblyResolverProvider for resolving game assemblies. Includes examples for MelonLoader and a Web-based resolver. ```csharp // MelonLoader public class MelonLoaderResolverProvider : IAssemblyResolverProvider { public IAssemblyResolver CreateResolver() { // Add MelonLoader's Managed directory } } // Web public class WebResolverProvider : IAssemblyResolverProvider { public IAssemblyResolver CreateResolver() { // Use default resolver (no game assemblies needed) } } ``` -------------------------------- ### Install MLVScan.Core using .NET CLI Source: https://context7.com/ifbars/mlvscan/llms.txt Command to install the MLVScan.Core NuGet package using the .NET CLI. This is the primary method for incorporating the scanning engine into custom .NET projects. ```bash # Install core scanning engine dotnet add package MLVScan.Core ``` -------------------------------- ### GitLab CI: Build and Scan MLVScan Source: https://github.com/ifbars/mlvscan/wiki/Developer-CLI This GitLab CI configuration defines stages for building and scanning a project. The build stage compiles the .NET project, and the scan stage installs the MLVScan CLI, runs the scan, and reports the results. It also includes a 'fail-on Critical' option to stop the pipeline if critical issues are found. ```yaml stages: - build - scan build: stage: build script: - dotnet build -c Release artifacts: paths: - bin/Release/ scan: stage: scan script: - dotnet tool install --global MLVScan.DevCLI - mlvscan-dev ./bin/Release/netstandard2.1/MyMod.dll --json > scan-results.json - mlvscan-dev ./bin/Release/netstandard2.1/MyMod.dll --fail-on Critical artifacts: reports: mlvscan: scan-results.json ``` -------------------------------- ### Example IL Code Snippet Detection Source: https://github.com/ifbars/mlvscan/wiki/FAQ Provides an example of an Intermediate Language (IL) code snippet that MLVScan might detect, showing the loading of a string and calling a process execution method. ```plaintext IL_0000: ldstr "cmd.exe" # Loads string "cmd.exe" IL_0005: call Process::Start # Calls Process.Start ``` -------------------------------- ### Integrate MLVScan.Core into Custom Projects Source: https://context7.com/ifbars/mlvscan/llms.txt Example demonstrating how to integrate the MLVScan.Core scanning engine into custom projects. It shows the creation of scan configurations, rules, an assembly scanner, and how to process the scan results. ```csharp using MLVScan; using MLVScan.Models; // Create scan configuration var config = new ScanConfig { EnableAutoScan = true, EnableAutoDisable = true, MinSeverityForDisable = Severity.Medium, SuspiciousThreshold = 1, WhitelistedHashes = new[] { "known-safe-hash" } }; // Create default detection rules var rules = RuleFactory.CreateDefaultRules(); // Create assembly scanner with default resolver var scanner = new AssemblyScanner(rules, config, new DefaultResolverProvider()); // Scan a mod file var findings = scanner.Scan("/path/to/mod.dll"); // Process results foreach (var finding in findings) { Console.WriteLine($"[{finding.Severity}] {finding.Description}"); Console.WriteLine($" Location: {finding.Location}"); if (!string.IsNullOrEmpty(finding.CodeSnippet)) { Console.WriteLine($" IL Code: {finding.CodeSnippet}"); } } ``` -------------------------------- ### Install MLVScan for BepInEx 5.x Source: https://context7.com/ifbars/mlvscan/llms.txt For BepInEx 5.x, install MLVScan to the 'patchers' folder. This allows for preloader-level scanning. The configuration file will be automatically created in the 'config' directory. ```text YourGame/ ├── BepInEx/ │ ├── patchers/ │ │ └── MLVScan.BepInEx.dll # Install here │ ├── plugins/ │ └── config/ │ └── MLVScan.json # Auto-created ``` -------------------------------- ### Update Local MLVScan.DevCLI Installation Source: https://github.com/ifbars/mlvscan/wiki/Developer-CLI Updates the locally installed MLVScan.DevCLI within a project to its latest version. This ensures the project uses the most current tool version. ```bash dotnet tool update MLVScan.DevCLI ``` -------------------------------- ### Install MLVScan for MelonLoader Source: https://context7.com/ifbars/mlvscan/llms.txt To install MLVScan for MelonLoader, simply drop the plugin DLL into the 'Plugins' folder of your game installation. This ensures the plugin is loaded by MelonLoader at runtime. ```text YourGame/ ├── Plugins/ │ └── MLVScan.MelonLoader.dll # Install here ├── Mods/ └── MelonLoader/ ``` -------------------------------- ### MLVScan Installation Directory Structure Source: https://github.com/ifbars/mlvscan/wiki/FAQ Illustrates the correct placement of the MLVScan.dll file within a game's directory structure for MelonLoader plugins. ```tree YourGame/ ├── Plugins/ │ └── MLVScan.dll ← Here ├── Mods/ └── MelonLoader/ ``` -------------------------------- ### Update MLVScan.DevCLI Globally Source: https://github.com/ifbars/mlvscan/wiki/Developer-CLI Updates an existing global installation of MLVScan.DevCLI to the latest version. This ensures you are using the most recent features and fixes. ```bash dotnet tool update --global MLVScan.DevCLI ``` -------------------------------- ### Install MLVScan Dev CLI - Bash Source: https://github.com/ifbars/mlvscan/wiki/Getting-Started This command installs the MLVScan Developer Command Line Interface (DevCLI) globally using .NET tools. This tool is essential for developers to scan their mods during the development process. ```bash dotnet tool install --global MLVScan.DevCLI ``` -------------------------------- ### Example of Malicious Code Combination Detection Source: https://github.com/ifbars/mlvscan/wiki/FAQ Demonstrates how MLVScan's multi-signal detection flags a combination of operations (Base64 decoding followed by process execution) that would be benign if detected individually. ```csharp // Not flagged: Base64.Decode(someData) // Alone = benign // Flagged: var command = Base64.Decode(encodedString); Process.Start(command); // Combined = suspicious ``` -------------------------------- ### Verify Mod File SHA256 Hash on Windows Source: https://github.com/ifbars/mlvscan/wiki/Whitelisting This PowerShell command calculates the SHA256 hash of a specified mod file on Windows. Replace `"path\to\mod.dll"` with the actual file path to get its cryptographic hash for verification. ```powershell Get-FileHash -Algorithm SHA256 "path\to\mod.dll" ``` -------------------------------- ### Scan Logger Implementations Source: https://github.com/ifbars/mlvscan/wiki/Architecture Provides platform-specific implementations of IScanLogger for handling scan output. Examples include a logger for MelonLoader and a logger for Blazor applications. ```csharp // MelonLoader public class MelonLoaderLogger : IScanLogger { public void Log(string message) => MelonLogger.Msg(message); } // Web public class BlazorLogger : IScanLogger { public void Log(string message) => Console.WriteLine(message); } ``` -------------------------------- ### Example IL Code Snippet Source: https://github.com/ifbars/mlvscan/wiki/Scan-Reports Demonstrates a basic Intermediate Language (IL) code snippet, showing common instructions like `ldstr` for loading strings and `call` for invoking methods. ```plaintext IL_0000: ldstr "cmd.exe" # Load string "cmd.exe" IL_0005: ldstr "/c del /f *.*" # Load string "/c del /f *.*" IL_000a: call Process::Start # Call Process.Start method ``` -------------------------------- ### Example of Full IL Dump Structure Source: https://github.com/ifbars/mlvscan/wiki/Scan-Reports A full IL dump provides the entire assembly structure, including class definitions, method signatures, and IL instructions, allowing for in-depth code examination. ```csharp .assembly ModName { .ver 1:0:0:0 } .class public SuspiciousClass { .method public static void MaliciousMethod() { IL_0000: ldstr "http://malicious.com" IL_0005: call WebClient::DownloadString ... } } ``` -------------------------------- ### Perform Basic MLVScan Scan Source: https://github.com/ifbars/mlvscan/wiki/Developer-CLI Scans a specified mod DLL file and provides developer-friendly output. This is the most common usage for quick checks during development. ```bash mlvscan-dev MyMod.dll ``` -------------------------------- ### MLVScan Console Output Example Source: https://github.com/ifbars/mlvscan/wiki/Scan-Reports Displays the typical console output when MLVScan detects a suspicious mod, including a summary of findings, severity breakdown, and specific suspicious patterns. ```plaintext [MLVScan] ======= DETAILED SCAN REPORT ======= [MLVScan] SUSPICIOUS MOD: SuspiciousMod.dll [MLVScan] SHA256 Hash: abc123def456... [MLVScan] ------------------------------- [MLVScan] Total suspicious patterns found: 8 [MLVScan] Severity breakdown: [MLVScan] CRITICAL: 2 issue(s) [MLVScan] HIGH: 3 issue(s) [MLVScan] MEDIUM: 3 issue(s) [MLVScan] ------------------------------- [MLVScan] Suspicious patterns found: [MLVScan] [CRITICAL] Process execution detected (2 instances) [MLVScan] * At: SuspiciousClass::MaliciousMethod [MLVScan] Code Snippet (IL): [MLVScan] IL_0001: ldstr "cmd.exe" [MLVScan] IL_0006: call System.Diagnostics.Process::Start ``` -------------------------------- ### MLVScan Console Output: Clean Scan Source: https://context7.com/ifbars/mlvscan/llms.txt Example console output from MLVScan indicating a successful and clean scan of mods. It confirms initialization, whitelisted mods, and that no suspicious files were found. ```text [MLVScan] Pre-scanning for malicious mods... [MLVScan] Scanning for suspicious mods... [MLVScan] No suspicious mods found [MLVScan] MLVScan initialization complete [MLVScan] 4 mod(s) are whitelisted and won't be scanned [MLVScan] To manage whitelisted mods, edit MelonPreferences.cfg ``` -------------------------------- ### MSBuild: Generate JSON Report for CI/CD Source: https://github.com/ifbars/mlvscan/wiki/Developer-CLI Sets up MSBuild to run MLVScan and output the results as a JSON file. This JSON report can then be used by CI/CD pipelines for analysis and reporting. ```xml ``` -------------------------------- ### Perform MLVScan Scan in Verbose Mode Source: https://github.com/ifbars/mlvscan/wiki/Developer-CLI Scans a mod DLL and displays all findings, including those that do not have specific developer guidance. This provides a comprehensive view of potential issues. ```bash mlvscan-dev MyMod.dll --verbose ``` -------------------------------- ### MLVScan MSBuild Integration for Automatic Scanning Source: https://context7.com/ifbars/mlvscan/llms.txt Integrate MLVScan into your mod's build process using MSBuild. This example shows how to run MLVScan after debug builds non-blockingly and fail release builds if critical issues are found. ```xml netstandard2.1 MyAwesomeMod ``` -------------------------------- ### IConfigManager Interface Definition Source: https://context7.com/ifbars/mlvscan/llms.txt Defines the platform-agnostic configuration management interface for MLVScan. It includes methods for getting, loading, and saving configuration, as well as managing whitelisted file hashes. ```csharp namespace MLVScan.Abstractions { public interface IConfigManager { // Get current configuration ScanConfig Config { get; } // Load configuration from persistent storage ScanConfig LoadConfig(); // Save configuration to persistent storage void SaveConfig(ScanConfig config); // Check if a file hash is whitelisted bool IsHashWhitelisted(string hash); // Get all whitelisted hashes string[] GetWhitelistedHashes(); // Set whitelisted hashes (normalizes and deduplicates) void SetWhitelistedHashes(string[] hashes); } } ``` -------------------------------- ### Verify Mod File SHA256 Hash on Linux/Mac Source: https://github.com/ifbars/mlvscan/wiki/Whitelisting This bash command calculates the SHA256 hash of a specified mod file on Linux or macOS. Replace `/path/to/mod.dll` with the actual file path to obtain its cryptographic hash for verification. ```bash sha256sum /path/to/mod.dll ``` -------------------------------- ### High Risk Pattern Combination Example Source: https://github.com/ifbars/mlvscan/wiki/Scan-Reports This combination of findings suggests encoded commands being executed, posing a critical risk. It includes shell execution, obfuscated strings, and Base64 decoding. ```text [CRITICAL] Shell execution (1 instance) [HIGH] Obfuscated strings (5 instances) [MEDIUM] Base64 decoding (3 instances) ``` -------------------------------- ### Lower Risk Pattern Combination Example Source: https://github.com/ifbars/mlvscan/wiki/Scan-Reports This combination of findings, involving Base64 decoding and environment path access, might indicate legitimate operations like loading configuration or assets, posing a lower risk. ```text [MEDIUM] Base64 decoding (2 instances) [LOW] Environment path access (1 instance) ``` -------------------------------- ### MLVScan Developer CLI Tool Usage Source: https://context7.com/ifbars/mlvscan/llms.txt The MLVScan.DevCLI is a command-line tool for development-time scanning. It can be installed globally and used for basic scans, JSON output, setting failure thresholds, and enabling verbose mode. ```bash # Install globally dotnet tool install --global MLVScan.DevCLI # Basic scan mlvscan-dev MyMod.dll # JSON output for CI/CD pipelines mlvscan-dev MyMod.dll --json # Fail build on High or Critical severity mlvscan-dev MyMod.dll --fail-on High # Verbose mode - show all findings mlvscan-dev MyMod.dll --verbose ``` -------------------------------- ### Basic MLVScan Dev CLI Usage - Bash Source: https://github.com/ifbars/mlvscan/wiki/Getting-Started These commands demonstrate basic usage of the MLVScan DevCLI. They show how to scan a built mod, obtain JSON output for automated systems, and configure the CLI to fail a build based on a specified severity level. ```bash # Scan your built mod mlvscan-dev MyMod.dll # Get JSON output for CI/CD mlvscan-dev MyMod.dll --json # Fail build on high severity issues mlvscan-dev MyMod.dll --fail-on High ``` -------------------------------- ### MLVScan.Core Scan Configuration Source: https://github.com/ifbars/mlvscan/wiki/Architecture Shows the platform-agnostic ScanConfig object used by MLVScan.Core. Demonstrates how to enable multi-signal detection and assembly metadata analysis. ```csharp var config = new ScanConfig { EnableMultiSignalDetection = true, DetectAssemblyMetadata = true }; ``` -------------------------------- ### MLVScan Default Configuration Settings Source: https://github.com/ifbars/mlvscan/wiki/FAQ Shows the default configuration parameters for MLVScan as found in MelonPreferences.cfg, including whitelisted hashes, disable threshold, and IL report settings. ```ini [MLVScan] WhitelistedHashes = ["3918e145...", "8e6dd194..."] # Common safe mods DisableThreshold = Medium DumpFullIlReports = false ``` -------------------------------- ### Perform MLVScan Scan with JSON Output Source: https://github.com/ifbars/mlvscan/wiki/Developer-CLI Scans a mod DLL and outputs the results in JSON format, which is ideal for integration into CI/CD pipelines and automated processing. ```bash mlvscan-dev MyMod.dll --json ``` -------------------------------- ### MSBuild: Fail Build on High Severity Issues Source: https://github.com/ifbars/mlvscan/wiki/Developer-CLI Configures MSBuild to fail the build if MLVScan detects issues with 'High' severity or greater. This enforces quality standards during the build process. ```xml ``` -------------------------------- ### Add MLVScan Core Package Reference Source: https://context7.com/ifbars/mlvscan/llms.txt Includes the MLVScan Core library as a package reference in a .csproj file. This allows your project to utilize MLVScan's core functionalities, such as scanning and security checks. ```xml ``` -------------------------------- ### MLVScan MSBuild Integration - XML Source: https://github.com/ifbars/mlvscan/wiki/Getting-Started This XML snippet shows how to integrate MLVScan.DevCLI into an MSBuild project (`.csproj` file). By adding this target, the mod will be automatically scanned by MLVScan after each successful build, ensuring continuous security checks. ```xml ``` -------------------------------- ### PluginScannerBase Abstract Class Source: https://context7.com/ifbars/mlvscan/llms.txt Abstract base class for implementing platform-specific mod scanners in MLVScan. It provides core scanning logic and requires derived classes to implement methods for specifying scan directories and identifying the scanner's own assembly. ```csharp namespace MLVScan.Services { public abstract class PluginScannerBase { protected readonly IScanLogger Logger; protected readonly IAssemblyResolverProvider ResolverProvider; protected readonly ScanConfig Config; protected readonly IConfigManager ConfigManager; protected readonly AssemblyScanner AssemblyScanner; protected PluginScannerBase( IScanLogger logger, IAssemblyResolverProvider resolverProvider, ScanConfig config, IConfigManager configManager) { // Initialize scanner with default rules var rules = RuleFactory.CreateDefaultRules(); AssemblyScanner = new AssemblyScanner(rules, Config, ResolverProvider); } // Override to specify directories to scan protected abstract IEnumerable GetScanDirectories(); // Override to identify the scanner's own assembly protected abstract bool IsSelfAssembly(string filePath); // Scan all plugins in configured directories public Dictionary> ScanAllPlugins(bool forceScanning = false); // Scan a single file and add results if suspicious protected virtual void ScanSingleFile(string filePath, Dictionary> results); } } ``` -------------------------------- ### Perform MLVScan Scan and Fail on High Severity Source: https://github.com/ifbars/mlvscan/wiki/Developer-CLI Scans a mod DLL and exits with an error code if any findings of 'High' severity or greater are detected. This is useful for enforcing quality gates in builds. ```bash mlvscan-dev MyMod.dll --fail-on High ``` -------------------------------- ### Clear All MLVScan Whitelisted Hashes Source: https://github.com/ifbars/mlvscan/wiki/Whitelisting This configuration snippet demonstrates how to clear all previously added SHA256 hashes from the MLVScan whitelist by setting `WhitelistedHashes` to an empty array in MelonPreferences.cfg. This action will re-initialize the default whitelist upon the next game launch. ```ini [MLVScan] WhitelistedHashes = [] ``` -------------------------------- ### MLVScan Default Configuration - INI Source: https://github.com/ifbars/mlvscan/wiki/Getting-Started This is the default configuration for MLVScan as found in `MelonPreferences.cfg`. It includes settings for whitelisted SHA256 hashes, the sensitivity threshold for disabling mods, and an option to dump full IL reports for debugging. ```ini [MLVScan] WhitelistedHashes = ["3918e1454e05de4dd3ace100d8f4d53936c9b93694dbff5bcc0293d689cb0ab7", "8e6dd1943c80e2d1472a9dc2c6722226d961027a7ec20aab9ad8f1184702d138"] DisableThreshold = Medium DumpFullIlReports = false ``` -------------------------------- ### Enabling Full IL Dumps in MLVScan Configuration Source: https://github.com/ifbars/mlvscan/wiki/Scan-Reports To generate complete IL disassembly reports for advanced analysis, enable the `DumpFullIlReports` option in the `MelonPreferences.cfg` file. ```ini [MLVScan] DumpFullIlReports = true ``` -------------------------------- ### Add SHA256 Hash to MLVScan Whitelist Source: https://github.com/ifbars/mlvscan/wiki/Whitelisting This configuration snippet shows how to add trusted SHA256 hashes to the MLVScan whitelist in the MelonPreferences.cfg file. Ensure you use the full 64-character hash and separate multiple entries with commas within the array. ```ini [MLVScan] WhitelistedHashes = ["3918e1454e05de4dd3ace100d8f4d53936c9b93694dbff5bcc0293d689cb0ab7", "8e6dd1943c80e2d1472a9dc2c6722226d961027a7ec20aab9ad8f1184702d138", "d47eb6eabd3b6e3b742c7d9693651bc3a61a90dcbe838f9a4276953089ee4951"] ```