public override bool GetDecryptedModule(int count, ref byte[] newFileData, ref DumpedMethods dumpedMethods)
{
if ((decryptState & DecryptState.CanDecryptMethods) != 0)
{
if (DecryptModule(ref newFileData, ref dumpedMethods))
{
ModuleBytes = newFileData;
decryptState &= ~DecryptState.CanDecryptMethods;
return(true);
}
}
if (options.DecryptMainAsm && (decryptState & DecryptState.CanGetMainAssembly) != 0)
{
newFileData = GetMainAssemblyBytes();
if (newFileData != null)
{
ModuleBytes = newFileData;
decryptState &= ~DecryptState.CanGetMainAssembly;
decryptState |= DecryptState.CanDecryptMethods;
return(true);
}
}
return(false);
}
public override bool getDecryptedModule(int count, ref byte[] newFileData, ref DumpedMethods dumpedMethods)
{
if ((decryptState & DecryptState.CanDecryptMethods) != 0) {
if (decryptModule(ref newFileData, ref dumpedMethods)) {
ModuleBytes = newFileData;
decryptState &= ~DecryptState.CanDecryptMethods;
return true;
}
}
if (options.DecryptMainAsm && (decryptState & DecryptState.CanGetMainAssembly) != 0) {
newFileData = getMainAssemblyBytes();
if (newFileData != null) {
ModuleBytes = newFileData;
decryptState &= ~DecryptState.CanGetMainAssembly;
decryptState |= DecryptState.CanDecryptMethods;
return true;
}
}
return false;
}
public override bool GetDecryptedModule(int count, ref byte[] newFileData, ref DumpedMethods dumpedMethods)
{
hasUnpacked = false;
byte[] fileData = GetFileData();
using (var peImage = new MyPEImage(fileData)) {
if ((decryptState & DecryptState.CanDecryptMethods) != 0)
{
bool decrypted = false;
if (jitMethodsDecrypter != null && jitMethodsDecrypter.Detected)
{
jitMethodsDecrypter.Initialize();
if (!jitMethodsDecrypter.Decrypt(peImage, fileData, ref dumpedMethods))
{
return(false);
}
decrypted = true;
}
else if (memoryMethodsDecrypter != null && memoryMethodsDecrypter.Detected)
{
memoryMethodsDecrypter.Initialize();
if (!memoryMethodsDecrypter.Decrypt(peImage, fileData))
{
return(false);
}
decrypted = true;
}
if (decrypted)
{
decryptState &= ~DecryptState.CanDecryptMethods;
decryptState |= DecryptState.CanUnpack;
newFileData = fileData;
ModuleBytes = newFileData;
return(true);
}
}
}
if ((decryptState & DecryptState.CanUnpack) != 0)
{
if (unpacker != null && unpacker.Detected)
{
if (options.DecryptMainAsm)
{
decryptState |= DecryptState.CanDecryptMethods | DecryptState.CanUnpack;
var mainInfo = unpacker.UnpackMainAssembly(true);
newFileData = mainInfo.data;
realAssemblyInfo = mainInfo.realAssemblyInfo;
embeddedAssemblyInfos.AddRange(unpacker.GetEmbeddedAssemblyInfos());
ModuleBytes = newFileData;
hasUnpacked = true;
return(true);
}
else
{
decryptState &= ~DecryptState.CanUnpack;
mainAsmInfo = unpacker.UnpackMainAssembly(false);
embeddedAssemblyInfos.AddRange(unpacker.GetEmbeddedAssemblyInfos());
return(false);
}
}
}
return(false);
}
public override bool GetDecryptedModule(int count, ref byte[] newFileData, ref DumpedMethods dumpedMethods) {
hasUnpacked = false;
byte[] fileData = GetFileData();
using (var peImage = new MyPEImage(fileData)) {
if ((decryptState & DecryptState.CanDecryptMethods) != 0) {
bool decrypted = false;
if (jitMethodsDecrypter != null && jitMethodsDecrypter.Detected) {
jitMethodsDecrypter.Initialize();
if (!jitMethodsDecrypter.Decrypt(peImage, fileData, ref dumpedMethods))
return false;
decrypted = true;
}
else if (memoryMethodsDecrypter != null && memoryMethodsDecrypter.Detected) {
memoryMethodsDecrypter.Initialize();
if (!memoryMethodsDecrypter.Decrypt(peImage, fileData))
return false;
decrypted = true;
}
if (decrypted) {
decryptState &= ~DecryptState.CanDecryptMethods;
decryptState |= DecryptState.CanUnpack;
newFileData = fileData;
ModuleBytes = newFileData;
return true;
}
}
}
if ((decryptState & DecryptState.CanUnpack) != 0) {
if (unpacker != null && unpacker.Detected) {
if (options.DecryptMainAsm) {
decryptState |= DecryptState.CanDecryptMethods | DecryptState.CanUnpack;
var mainInfo = unpacker.UnpackMainAssembly(true);
newFileData = mainInfo.data;
realAssemblyInfo = mainInfo.realAssemblyInfo;
embeddedAssemblyInfos.AddRange(unpacker.GetEmbeddedAssemblyInfos());
ModuleBytes = newFileData;
hasUnpacked = true;
return true;
}
else {
decryptState &= ~DecryptState.CanUnpack;
mainAsmInfo = unpacker.UnpackMainAssembly(false);
embeddedAssemblyInfos.AddRange(unpacker.GetEmbeddedAssemblyInfos());
return false;
}
}
}
return false;
}
