public override IDeobfuscator ModuleReloaded(ModuleDefMD module)
{
if (module.Assembly != null)
{
realAssemblyInfo = null;
}
if (realAssemblyInfo != null)
{
realAssemblyInfo.realAssembly.Modules.Insert(0, module);
if (realAssemblyInfo.entryPointToken != 0)
{
module.EntryPoint = module.ResolveToken((int)realAssemblyInfo.entryPointToken) as MethodDef;
}
module.Kind = realAssemblyInfo.kind;
module.Name = new UTF8String(realAssemblyInfo.moduleName);
}
var newOne = new Deobfuscator(options);
DeobfuscatedFile.SetDeobfuscator(newOne);
newOne.realAssemblyInfo = realAssemblyInfo;
newOne.decryptState = decryptState;
newOne.DeobfuscatedFile = DeobfuscatedFile;
newOne.ModuleBytes = ModuleBytes;
newOne.embeddedAssemblyInfos.AddRange(embeddedAssemblyInfos);
newOne.SetModule(module);
newOne.RemoveObfuscatorAttribute();
newOne.jitMethodsDecrypter = hasUnpacked ? new JitMethodsDecrypter(module, DeobfuscatedFile) :
new JitMethodsDecrypter(module, DeobfuscatedFile, jitMethodsDecrypter);
if ((newOne.decryptState & DecryptState.CanDecryptMethods) != 0)
{
try {
newOne.jitMethodsDecrypter.Find();
}
catch {
}
if (newOne.jitMethodsDecrypter.Detected)
{
return(newOne);
}
}
newOne.memoryMethodsDecrypter = hasUnpacked ? new MemoryMethodsDecrypter(module, DeobfuscatedFile) :
new MemoryMethodsDecrypter(module, DeobfuscatedFile, memoryMethodsDecrypter);
if ((newOne.decryptState & DecryptState.CanDecryptMethods) != 0)
{
newOne.memoryMethodsDecrypter.Find();
if (newOne.memoryMethodsDecrypter.Detected)
{
return(newOne);
}
}
newOne.InitializeTheRest(this);
return(newOne);
}
void InitializeTheRest(Deobfuscator oldOne)
{
resourceDecrypter = new ResourceDecrypter(Module, DeobfuscatedFile);
resourceDecrypter.Find();
constantsDecrypterV18 = new ConstantsDecrypterV18(Module, GetFileData(), DeobfuscatedFile);
constantsDecrypterV17 = new ConstantsDecrypterV17(Module, GetFileData(), DeobfuscatedFile);
constantsDecrypterV15 = new ConstantsDecrypterV15(Module, GetFileData(), DeobfuscatedFile);
do
{
constantsDecrypterV18.Find();
if (constantsDecrypterV18.Detected)
{
InitializeConstantsDecrypterV18();
break;
}
constantsDecrypterV17.Find();
if (constantsDecrypterV17.Detected)
{
InitializeConstantsDecrypterV17();
break;
}
constantsDecrypterV15.Find();
if (constantsDecrypterV15.Detected)
{
InitializeConstantsDecrypterV15();
break;
}
} while (false);
proxyCallFixer = new ProxyCallFixer(Module, GetFileData());
proxyCallFixer.FindDelegateCreator(DeobfuscatedFile);
antiDebugger = new AntiDebugger(Module);
antiDebugger.Find();
antiDumping = new AntiDumping(Module);
antiDumping.Find(DeobfuscatedFile);
stringDecrypter = new StringDecrypter(Module);
stringDecrypter.Find(DeobfuscatedFile);
InitializeStringDecrypter();
unpacker = new Unpacker(Module, oldOne == null ? null : oldOne.unpacker);
unpacker.Find(DeobfuscatedFile, this);
InitializeObfuscatorName();
}
public override IDeobfuscator ModuleReloaded(ModuleDefMD module) {
if (module.Assembly != null)
realAssemblyInfo = null;
if (realAssemblyInfo != null) {
realAssemblyInfo.realAssembly.Modules.Insert(0, module);
if (realAssemblyInfo.entryPointToken != 0)
module.EntryPoint = module.ResolveToken((int)realAssemblyInfo.entryPointToken) as MethodDef;
module.Kind = realAssemblyInfo.kind;
module.Name = new UTF8String(realAssemblyInfo.moduleName);
}
var newOne = new Deobfuscator(options);
DeobfuscatedFile.SetDeobfuscator(newOne);
newOne.realAssemblyInfo = realAssemblyInfo;
newOne.decryptState = decryptState;
newOne.DeobfuscatedFile = DeobfuscatedFile;
newOne.ModuleBytes = ModuleBytes;
newOne.embeddedAssemblyInfos.AddRange(embeddedAssemblyInfos);
newOne.SetModule(module);
newOne.RemoveObfuscatorAttribute();
newOne.jitMethodsDecrypter = hasUnpacked ? new JitMethodsDecrypter(module, DeobfuscatedFile) :
new JitMethodsDecrypter(module, DeobfuscatedFile, jitMethodsDecrypter);
if ((newOne.decryptState & DecryptState.CanDecryptMethods) != 0) {
try {
newOne.jitMethodsDecrypter.Find();
}
catch {
}
if (newOne.jitMethodsDecrypter.Detected)
return newOne;
}
newOne.memoryMethodsDecrypter = hasUnpacked ? new MemoryMethodsDecrypter(module, DeobfuscatedFile) :
new MemoryMethodsDecrypter(module, DeobfuscatedFile, memoryMethodsDecrypter);
if ((newOne.decryptState & DecryptState.CanDecryptMethods) != 0) {
newOne.memoryMethodsDecrypter.Find();
if (newOne.memoryMethodsDecrypter.Detected)
return newOne;
}
newOne.InitializeTheRest(this);
return newOne;
}
void InitializeTheRest(Deobfuscator oldOne) {
resourceDecrypter = new ResourceDecrypter(module, DeobfuscatedFile);
resourceDecrypter.Find();
constantsDecrypterV18 = new ConstantsDecrypterV18(module, GetFileData(), DeobfuscatedFile);
constantsDecrypterV17 = new ConstantsDecrypterV17(module, GetFileData(), DeobfuscatedFile);
constantsDecrypterV15 = new ConstantsDecrypterV15(module, GetFileData(), DeobfuscatedFile);
do {
constantsDecrypterV18.Find();
if (constantsDecrypterV18.Detected) {
InitializeConstantsDecrypterV18();
break;
}
constantsDecrypterV17.Find();
if (constantsDecrypterV17.Detected) {
InitializeConstantsDecrypterV17();
break;
}
constantsDecrypterV15.Find();
if (constantsDecrypterV15.Detected) {
InitializeConstantsDecrypterV15();
break;
}
} while (false);
proxyCallFixer = new ProxyCallFixer(module, GetFileData());
proxyCallFixer.FindDelegateCreator(DeobfuscatedFile);
antiDebugger = new AntiDebugger(module);
antiDebugger.Find();
antiDumping = new AntiDumping(module);
antiDumping.Find(DeobfuscatedFile);
stringDecrypter = new StringDecrypter(module);
stringDecrypter.Find(DeobfuscatedFile);
InitializeStringDecrypter();
unpacker = new Unpacker(module, oldOne == null ? null : oldOne.unpacker);
unpacker.Find(DeobfuscatedFile, this);
InitializeObfuscatorName();
}
