Beispiel #1
0
            protected override void ScanForObfuscator()
            {
                _lzmaFinder = new LzmaFinder(module, DeobfuscatedFile);
                _lzmaFinder.Find();
                _constantDecrypter = new ConstantsDecrypter(module, _lzmaFinder.Method, DeobfuscatedFile);
                _resourceDecrypter = new ResourceDecrypter(module, _lzmaFinder.Method, DeobfuscatedFile);

                if (_lzmaFinder.FoundLzma)
                {
                    _constantDecrypter.Find();
                    _resourceDecrypter.Find();
                }

                _proxyCallFixer = new ProxyCallFixer(module, DeobfuscatedFile);
                _proxyCallFixer.FindDelegateCreatorMethod();
                _proxyCallFixer.Find();

                DetectConfuserExAttribute();
            }
Beispiel #2
0
            protected override void ScanForObfuscator()
            {
                _nativeEmulator = new x86Emulator(DeobUtils.ReadModule(module));

                _controlFlowFixer = new ControlFlowFixer(_nativeEmulator);
                _lzmaFinder       = new LzmaFinder(module, DeobfuscatedFile);
                _lzmaFinder.Find();

                _constantDecrypter = new ConstantsDecrypter(module, _lzmaFinder.Method, DeobfuscatedFile, _nativeEmulator);
                _resourceDecrypter = new ResourceDecrypter(module, _lzmaFinder.Method, DeobfuscatedFile);

                if (_lzmaFinder.FoundLzma)
                {
                    _constantDecrypter.Find();
                    _resourceDecrypter.Find();
                }

                _proxyCallFixer = new ProxyCallFixer(module, DeobfuscatedFile, _nativeEmulator);
                _proxyCallFixer.FindDelegateCreatorMethod();
                _proxyCallFixer.Find();

                DetectConfuserExAttribute();
            }