public ConstantsDecrypter(ModuleDef module, MethodDef lzmaMethod, ISimpleDeobfuscator deobfsucator, x86Emulator nativeEmulator)
{
_module = module;
_lzmaMethod = lzmaMethod;
_deobfuscator = deobfsucator;
_nativeEmulator = nativeEmulator;
}
protected override void ScanForObfuscator()
{
_nativeEmulator = new x86Emulator(DeobUtils.ReadModule(module));
_controlFlowFixer = new ControlFlowFixer(_nativeEmulator);
_lzmaFinder = new LzmaFinder(module, DeobfuscatedFile);
_lzmaFinder.Find();
_constantDecrypter = new ConstantsDecrypter(module, _lzmaFinder.Method, DeobfuscatedFile, _nativeEmulator);
_resourceDecrypter = new ResourceDecrypter(module, _lzmaFinder.Method, DeobfuscatedFile);
if (_lzmaFinder.FoundLzma)
{
_constantDecrypter.Find();
_resourceDecrypter.Find();
}
_proxyCallFixer = new ProxyCallFixer(module, DeobfuscatedFile, _nativeEmulator);
_proxyCallFixer.FindDelegateCreatorMethod();
_proxyCallFixer.Find();
DetectConfuserExAttribute();
}
public ControlFlowFixer(x86Emulator nativeEmulator)
{
_nativeEmulator = nativeEmulator;
}
public ConstantDecrypterBase(x86Emulator nativeEmulator)
{
_nativeEmulator = nativeEmulator;
}
public ProxyCallFixer(ModuleDefMD module, ISimpleDeobfuscator simpleDeobfuscator, x86Emulator nativeEmulator) : base(module)
{
_simpleDeobfuscator = simpleDeobfuscator;
_nativeEmulator = nativeEmulator;
}