Beispiel #1
0
        void InitDecrypters()
        {
            assemblyResolverInfo = new AssemblyResolverInfo(module, DeobfuscatedFile, this);
            assemblyResolverInfo.FindTypes();
            resourceDecrypterInfo = new ResourceDecrypterInfo(module, assemblyResolverInfo.SimpleZipTypeMethod, DeobfuscatedFile);
            resourceResolverInfo  = new ResourceResolverInfo(module, DeobfuscatedFile, this, assemblyResolverInfo);
            resourceResolverInfo.FindTypes();
            resourceDecrypter = new ResourceDecrypter(resourceDecrypterInfo);
            assemblyResolver  = new AssemblyResolver(resourceDecrypter, assemblyResolverInfo);
            resourceResolver  = new ResourceResolver(module, assemblyResolver, resourceResolverInfo);

            InitStringDecrypterInfos();
            assemblyResolverInfo.FindTypes();
            resourceResolverInfo.FindTypes();

            AddModuleCctorInitCallToBeRemoved(assemblyResolverInfo.CallResolverMethod);
            AddCallToBeRemoved(module.EntryPoint, assemblyResolverInfo.CallResolverMethod);
            AddModuleCctorInitCallToBeRemoved(resourceResolverInfo.CallResolverMethod);
            AddCallToBeRemoved(module.EntryPoint, resourceResolverInfo.CallResolverMethod);

            resourceDecrypterInfo.SetSimpleZipType(GetGlobalSimpleZipTypeMethod(), DeobfuscatedFile);

            if (!DecryptResources())
            {
                throw new ApplicationException("Could not decrypt resources");
            }

            DumpEmbeddedAssemblies();
        }
Beispiel #2
0
        void InitDecrypters()
        {
            assemblyResolverInfo = new AssemblyResolverInfo(module, DeobfuscatedFile, this);
            assemblyResolverInfo.FindTypes();
            resourceDecrypterInfo = new ResourceDecrypterInfo(module, assemblyResolverInfo.SimpleZipTypeMethod, DeobfuscatedFile);
            resourceResolverInfo  = new ResourceResolverInfo(module, DeobfuscatedFile, this, assemblyResolverInfo);
            resourceResolverInfo.FindTypes();
            resourceDecrypter = new ResourceDecrypter(resourceDecrypterInfo);
            assemblyResolver  = new AssemblyResolver(resourceDecrypter, assemblyResolverInfo);
            resourceResolver  = new ResourceResolver(module, assemblyResolver, resourceResolverInfo);

            InitStringDecrypterInfos();
            assemblyResolverInfo.FindTypes();
            resourceResolverInfo.FindTypes();

            AddModuleCctorInitCallToBeRemoved(assemblyResolverInfo.CallResolverMethod);
            AddCallToBeRemoved(module.EntryPoint, assemblyResolverInfo.CallResolverMethod);
            AddModuleCctorInitCallToBeRemoved(resourceResolverInfo.CallResolverMethod);
            AddCallToBeRemoved(module.EntryPoint, resourceResolverInfo.CallResolverMethod);

            resourceDecrypterInfo.SetSimpleZipType(GetGlobalSimpleZipTypeMethod(), DeobfuscatedFile);

            if (!DecryptResources())
            {
                throw new ApplicationException("Could not decrypt resources");
            }

            var bt = FindBigType();
            var candidateMthods = bt.Methods.Where(m => DotNetUtils.IsMethod(m, "System.String", "(System.Int32)"));

            //foreach (var cm in candidateMthods) {
            //	staticStringInliner.Add(cm, (method, gim, args) => {
            //
            //		var instrs = method.Body.Instructions;
            //		return args[0].ToString();
            //	});
            //}
            DumpEmbeddedAssemblies();
        }
Beispiel #3
0
		void InitDecrypters() {
			assemblyResolverInfo = new AssemblyResolverInfo(module, DeobfuscatedFile, this);
			assemblyResolverInfo.FindTypes();
			resourceDecrypterInfo = new ResourceDecrypterInfo(module, assemblyResolverInfo.SimpleZipTypeMethod, DeobfuscatedFile);
			resourceResolverInfo = new ResourceResolverInfo(module, DeobfuscatedFile, this, assemblyResolverInfo);
			resourceResolverInfo.FindTypes();
			resourceDecrypter = new ResourceDecrypter(resourceDecrypterInfo);
			assemblyResolver = new AssemblyResolver(resourceDecrypter, assemblyResolverInfo);
			resourceResolver = new ResourceResolver(module, assemblyResolver, resourceResolverInfo);

			InitStringDecrypterInfos();
			assemblyResolverInfo.FindTypes();
			resourceResolverInfo.FindTypes();

			AddModuleCctorInitCallToBeRemoved(assemblyResolverInfo.CallResolverMethod);
			AddCallToBeRemoved(module.EntryPoint, assemblyResolverInfo.CallResolverMethod);
			AddModuleCctorInitCallToBeRemoved(resourceResolverInfo.CallResolverMethod);
			AddCallToBeRemoved(module.EntryPoint, resourceResolverInfo.CallResolverMethod);

			resourceDecrypterInfo.SetSimpleZipType(GetGlobalSimpleZipTypeMethod(), DeobfuscatedFile);

			if (!DecryptResources())
				throw new ApplicationException("Could not decrypt resources");

			DumpEmbeddedAssemblies();
		}
 public AssemblyResolver(ResourceDecrypter resourceDecrypter, AssemblyResolverInfo assemblyResolverInfo)
 {
     this.resourceDecrypter = resourceDecrypter;
     this.assemblyResolverInfo = assemblyResolverInfo;
 }
Beispiel #5
0
 public AssemblyResolver(ResourceDecrypter resourceDecrypter, AssemblyResolverInfo assemblyResolverInfo)
 {
     this.resourceDecrypter    = resourceDecrypter;
     this.assemblyResolverInfo = assemblyResolverInfo;
 }
Beispiel #6
0
		public ResourceResolverInfo(ModuleDefMD module, ISimpleDeobfuscator simpleDeobfuscator, IDeobfuscator deob, AssemblyResolverInfo assemblyResolverInfo)
			: base(module, simpleDeobfuscator, deob) {
			this.assemblyResolverInfo = assemblyResolverInfo;
		}
 public ResourceResolverInfo(ModuleDefMD module, ISimpleDeobfuscator simpleDeobfuscator, IDeobfuscator deob, AssemblyResolverInfo assemblyResolverInfo)
     : base(module, simpleDeobfuscator, deob)
 {
     this.assemblyResolverInfo = assemblyResolverInfo;
 }