void InitDecrypters()
{
assemblyResolverInfo = new AssemblyResolverInfo(module, DeobfuscatedFile, this);
assemblyResolverInfo.FindTypes();
resourceDecrypterInfo = new ResourceDecrypterInfo(module, assemblyResolverInfo.SimpleZipTypeMethod, DeobfuscatedFile);
resourceResolverInfo = new ResourceResolverInfo(module, DeobfuscatedFile, this, assemblyResolverInfo);
resourceResolverInfo.FindTypes();
resourceDecrypter = new ResourceDecrypter(resourceDecrypterInfo);
assemblyResolver = new AssemblyResolver(resourceDecrypter, assemblyResolverInfo);
resourceResolver = new ResourceResolver(module, assemblyResolver, resourceResolverInfo);
InitStringDecrypterInfos();
assemblyResolverInfo.FindTypes();
resourceResolverInfo.FindTypes();
AddModuleCctorInitCallToBeRemoved(assemblyResolverInfo.CallResolverMethod);
AddCallToBeRemoved(module.EntryPoint, assemblyResolverInfo.CallResolverMethod);
AddModuleCctorInitCallToBeRemoved(resourceResolverInfo.CallResolverMethod);
AddCallToBeRemoved(module.EntryPoint, resourceResolverInfo.CallResolverMethod);
resourceDecrypterInfo.SetSimpleZipType(GetGlobalSimpleZipTypeMethod(), DeobfuscatedFile);
if (!DecryptResources())
{
throw new ApplicationException("Could not decrypt resources");
}
DumpEmbeddedAssemblies();
}
void InitDecrypters()
{
assemblyResolverInfo = new AssemblyResolverInfo(module, DeobfuscatedFile, this);
assemblyResolverInfo.FindTypes();
resourceDecrypterInfo = new ResourceDecrypterInfo(module, assemblyResolverInfo.SimpleZipTypeMethod, DeobfuscatedFile);
resourceResolverInfo = new ResourceResolverInfo(module, DeobfuscatedFile, this, assemblyResolverInfo);
resourceResolverInfo.FindTypes();
resourceDecrypter = new ResourceDecrypter(resourceDecrypterInfo);
assemblyResolver = new AssemblyResolver(resourceDecrypter, assemblyResolverInfo);
resourceResolver = new ResourceResolver(module, assemblyResolver, resourceResolverInfo);
InitStringDecrypterInfos();
assemblyResolverInfo.FindTypes();
resourceResolverInfo.FindTypes();
AddModuleCctorInitCallToBeRemoved(assemblyResolverInfo.CallResolverMethod);
AddCallToBeRemoved(module.EntryPoint, assemblyResolverInfo.CallResolverMethod);
AddModuleCctorInitCallToBeRemoved(resourceResolverInfo.CallResolverMethod);
AddCallToBeRemoved(module.EntryPoint, resourceResolverInfo.CallResolverMethod);
resourceDecrypterInfo.SetSimpleZipType(GetGlobalSimpleZipTypeMethod(), DeobfuscatedFile);
if (!DecryptResources())
{
throw new ApplicationException("Could not decrypt resources");
}
var bt = FindBigType();
var candidateMthods = bt.Methods.Where(m => DotNetUtils.IsMethod(m, "System.String", "(System.Int32)"));
//foreach (var cm in candidateMthods) {
// staticStringInliner.Add(cm, (method, gim, args) => {
//
// var instrs = method.Body.Instructions;
// return args[0].ToString();
// });
//}
DumpEmbeddedAssemblies();
}
void InitDecrypters() {
assemblyResolverInfo = new AssemblyResolverInfo(module, DeobfuscatedFile, this);
assemblyResolverInfo.FindTypes();
resourceDecrypterInfo = new ResourceDecrypterInfo(module, assemblyResolverInfo.SimpleZipTypeMethod, DeobfuscatedFile);
resourceResolverInfo = new ResourceResolverInfo(module, DeobfuscatedFile, this, assemblyResolverInfo);
resourceResolverInfo.FindTypes();
resourceDecrypter = new ResourceDecrypter(resourceDecrypterInfo);
assemblyResolver = new AssemblyResolver(resourceDecrypter, assemblyResolverInfo);
resourceResolver = new ResourceResolver(module, assemblyResolver, resourceResolverInfo);
InitStringDecrypterInfos();
assemblyResolverInfo.FindTypes();
resourceResolverInfo.FindTypes();
AddModuleCctorInitCallToBeRemoved(assemblyResolverInfo.CallResolverMethod);
AddCallToBeRemoved(module.EntryPoint, assemblyResolverInfo.CallResolverMethod);
AddModuleCctorInitCallToBeRemoved(resourceResolverInfo.CallResolverMethod);
AddCallToBeRemoved(module.EntryPoint, resourceResolverInfo.CallResolverMethod);
resourceDecrypterInfo.SetSimpleZipType(GetGlobalSimpleZipTypeMethod(), DeobfuscatedFile);
if (!DecryptResources())
throw new ApplicationException("Could not decrypt resources");
DumpEmbeddedAssemblies();
}
void InitStringDecrypterInfos()
{
var stringEncoderClassFinder = new StringEncoderClassFinder(module, DeobfuscatedFile);
stringEncoderClassFinder.Find();
foreach (var info in stringEncoderClassFinder.StringsEncoderInfos)
{
var sinfo = new StringDecrypterInfo(module, info.StringDecrypterClass)
{
GetStringDelegate = info.GetStringDelegate,
StringsType = info.StringsType,
CreateStringDelegateMethod = info.CreateStringDelegateMethod,
};
stringDecrypterInfos.Add(sinfo);
}
// There may be more than one string decrypter. The strings in the first one's
// methods may be decrypted by the other string decrypter.
var initd = new Dictionary <StringDecrypterInfo, bool>(stringDecrypterInfos.Count);
while (initd.Count != stringDecrypterInfos.Count)
{
StringDecrypterInfo initdInfo = null;
for (int i = 0; i < 2; i++)
{
foreach (var info in stringDecrypterInfos)
{
if (initd.ContainsKey(info))
{
continue;
}
if (info.Initialize(this, DeobfuscatedFile))
{
resourceDecrypterInfo.SetSimpleZipType(info.SimpleZipTypeMethod, DeobfuscatedFile);
initdInfo = info;
break;
}
}
if (initdInfo != null)
{
break;
}
assemblyResolverInfo.FindTypes();
resourceResolverInfo.FindTypes();
DecryptResources();
}
if (initdInfo == null)
{
break;
}
initd[initdInfo] = true;
InitStringDecrypter(initdInfo);
}
// Sometimes there could be a string decrypter present that isn't called by anyone.
foreach (var info in stringDecrypterInfos)
{
if (initd.ContainsKey(info))
{
continue;
}
Logger.v("String decrypter not initialized. Token {0:X8}", info.StringsEncodingClass.MDToken.ToInt32());
}
}