public bool Phase1()
{
var decryptor = AsmDef.FindMethod(m => BaseIsDecryptor(m));
if (decryptor == null)
{
ThrowPhaseError("No string encryption?", 0, true);
return(true);
}
var resName = decryptor.Body.Instructions.GetOperandAt <string>(OpCodes.Ldstr, 1);
MarkMember(decryptor);
MarkMember(decryptor.DeclaringType.Methods.FirstOrDefault(m => m.IsConstructor));
if (resName == null)
{
ThrowPhaseError("Could not locate string resource!", 1, false);
return(false);
}
if (Globals.DeobContext.ResStreams.Count == 0)
{
PhaseParam = new object[]
{
Assembly.LoadFile(Globals.DeobContext.InPath).GetManifestResourceStream(resName),
decryptor
};
// Resource decryption compability
Globals.DeobContext.InPath = Globals.DeobContext.InPath.Replace("_resdump.exe", null);
}
else
{
PhaseParam = new object[] { Globals.DeobContext.ResStreams.First(res => res.Name == resName), decryptor }
};
if (PhaseParam[0] == null)
{
ThrowPhaseError("Null stream!", 1, false);
return(false);
}
MarkMember(AsmDef.MainModule.Resources.First(r => r.Name == resName));
Logger.VSLog("Found decryptor method at " + decryptor.Name);
return(true);
}
public bool Phase1()
{
var decryptor = AsmDef.FindMethod(IsDecryptor);
if (decryptor == null)
{
ThrowPhaseError("Could not find decryptor module!", 1, false);
return(false);
}
MarkMember(decryptor);
Logger.VSLog("Found decryptor module at: " + decryptor.Name);
PhaseParam = decryptor;
return(true);
}
// internal void Method21(int param19)
// {
// int metadataToken = param19 + 0x2000000;
// var typeDef = AsmDef.MainModule.Types.First(type => type.MetadataToken.ToInt32() == metadataToken);
// foreach (var fieldDef in typeDef.Fields)
// {
// string name = fieldDef.Name;
// StringBuilder builder = new StringBuilder();
// foreach (char t in name)
// {
// builder.Append((char) (((byte) t) + 0x2f));
// }
// int num3 = int.Parse(builder.ToString(), NumberStyles.HexNumber);
// int num4 = num3 & 0xffffff;
//// ReSharper disable UnusedVariable
// int num5 = num3 >> 0x18;
//// ReSharper restore UnusedVariable
// int num6 = 0xa000000 + num4;
//// ReSharper disable UnusedVariable
// var info2 = AsmDef.FindMethod(mDef => mDef.Resolve().MetadataToken.ToInt32() == num6);
//// ReSharper restore UnusedVariable
// // info.SetValue(null, Method_22(type, info2, num5));
// }
// }
#endregion
public MethodDefinition FindDecryptor()
{
var signature = new ILSignature
{
StartIndex = 0,
StartOpCode = OpCodes.Nop,
Instructions = new List <OpCode>
{
OpCodes.Ldsfld,
OpCodes.Call,
OpCodes.Newarr,
OpCodes.Stloc_0,
OpCodes.Ldc_R8,
OpCodes.Ldsfld,
OpCodes.Call
}
};
return(AsmDef.FindMethod(mDef => SignatureFinder.IsMatch(mDef, signature)));
}
public static MethodDefinition FindDecryptor()
{
var signature = new ILSignature
{
StartIndex = 1,
StartOpCode = OpCodes.Nop,
Instructions = new List <OpCode>
{
OpCodes.Callvirt,
OpCodes.Stloc_0,
OpCodes.Ldloc_0,
OpCodes.Newarr,
OpCodes.Stloc_1,
OpCodes.Ldc_I4_0,
OpCodes.Stloc_2
}
};
return(AsmDef.FindMethod(mdef => SignatureFinder.IsMatch(mdef, signature)));
}
public static bool Phase1()
{
var target = AsmDef.FindMethod(mDef => mDef.Name == "lf");
_offset = (int)Convert.ChangeType(target.Body.Instructions.First(instr => instr.IsLdcI4WOperand()).Operand, typeof(Int32));
PhaseParam = lf(Globals.DeobContext.InPath);
if (PhaseParam.Length == 0)
{
PhaseError = new PhaseError
{
Level = PhaseError.ErrorLevel.Critical,
Message = "Failed to retrieve data!"
};
return(false);
}
Logger.VSLog("Retrieved compressed data...");
return(true);
}
public bool Phase1()
{
// WEAK!
var target =
AsmDef.FindMethod(
mDef =>
mDef.Body.Instructions.GetOpCodeCount(OpCodes.Xor) == 4 &&
mDef.Body.Variables.Count == 10 &&
mDef.Parameters.Count == 1 &&
mDef.Parameters[0].ParameterType.ToString().Contains("Int32"));
if (target == null)
{
ThrowPhaseError("Could not locate decryption method!", 1, false);
return(false);
}
PhaseParam = target;
Logger.VSLog(string.Format("Located decryption method at {0}::{1}...", target.DeclaringType.Name,
target.Name));
return(true);
}