Beispiel #1
0
        public string decrypt(MethodDefinition method, int offset)
        {
            var info = getDecrypterInfo(method);

            if (info.key == null)
            {
                int length = BitConverter.ToInt32(decryptedData, offset);
                return(Encoding.Unicode.GetString(decryptedData, offset + 4, length));
            }
            else
            {
                byte[] encryptedStringData;
                if (stringDecrypterVersion == StringDecrypterVersion.VER_37)
                {
                    int fileOffset = BitConverter.ToInt32(decryptedData, offset);
                    int length     = BitConverter.ToInt32(fileData, fileOffset);
                    encryptedStringData = new byte[length];
                    Array.Copy(fileData, fileOffset + 4, encryptedStringData, 0, length);
                }
                else if (stringDecrypterVersion == StringDecrypterVersion.VER_38)
                {
                    uint rva    = BitConverter.ToUInt32(decryptedData, offset);
                    int  length = peImage.readInt32(rva);
                    encryptedStringData = peImage.readBytes(rva + 4, length);
                }
                else
                {
                    throw new ApplicationException("Unknown string decrypter version");
                }

                return(Encoding.Unicode.GetString(DeobUtils.aesDecrypt(encryptedStringData, info.key, info.iv)));
            }
        }