void detectObfuscator(IEnumerable <IDeobfuscator> deobfuscators)
{
// The deobfuscators may call methods to deobfuscate control flow and decrypt
// strings (statically) in order to detect the obfuscator.
if (!options.ControlFlowDeobfuscation || options.StringDecrypterType == DecrypterType.None)
{
savedMethodBodies = new SavedMethodBodies();
}
// It's not null if it unpacked a native file
if (this.deob != null)
{
deob.init(module);
deob.DeobfuscatedFile = this;
deob.earlyDetect();
deob.detect();
return;
}
foreach (var deob in deobfuscators)
{
deob.init(module);
deob.DeobfuscatedFile = this;
}
if (options.ForcedObfuscatorType != null)
{
foreach (var deob in deobfuscators)
{
if (string.Equals(options.ForcedObfuscatorType, deob.Type, StringComparison.OrdinalIgnoreCase))
{
deob.earlyDetect();
this.deob = deob;
deob.detect();
return;
}
}
}
else
{
this.deob = earlyDetectObfuscator(deobfuscators);
if (this.deob == null)
{
this.deob = detectObfuscator2(deobfuscators);
}
else
{
this.deob.detect();
}
}
}
IDeobfuscator detectObfuscator2(IEnumerable <IDeobfuscator> deobfuscators)
{
var allDetected = new List <IDeobfuscator>();
IDeobfuscator detected = null;
int detectVal = 0;
foreach (var deob in deobfuscators)
{
this.deob = deob; // So we can call deob.CanInlineMethods in deobfuscate()
int val;
try {
val = deob.detect();
}
catch {
val = deob.Type == "un" ? 1 : 0;
}
Logger.v("{0,3}: {1}", val, deob.TypeLong);
if (val > 0 && deob.Type != "un")
{
allDetected.Add(deob);
}
if (val > detectVal)
{
detectVal = val;
detected = deob;
}
}
this.deob = null;
if (allDetected.Count > 1)
{
Logger.n("More than one obfuscator detected:");
Logger.Instance.indent();
foreach (var deob in allDetected)
{
Logger.n("{0} (use: -p {1})", deob.Name, deob.Type);
}
Logger.Instance.deIndent();
}
return(detected);
}
IDeobfuscator detectObfuscator2(IEnumerable<IDeobfuscator> deobfuscators)
{
var allDetected = new List<IDeobfuscator>();
IDeobfuscator detected = null;
int detectVal = 0;
foreach (var deob in deobfuscators) {
this.deob = deob; // So we can call deob.CanInlineMethods in deobfuscate()
int val = deob.detect();
Log.v("{0,3}: {1}", val, deob.TypeLong);
if (val > 0 && deob.Type != "un")
allDetected.Add(deob);
if (val > detectVal) {
detectVal = val;
detected = deob;
}
}
this.deob = null;
if (allDetected.Count > 1) {
Log.n("More than one obfuscator detected:");
Log.indent();
foreach (var deob in allDetected)
Log.n("{0} (use: -p {1})", deob.Name, deob.Type);
Log.deIndent();
}
return detected;
}
void detectObfuscator(IEnumerable<IDeobfuscator> deobfuscators)
{
// The deobfuscators may call methods to deobfuscate control flow and decrypt
// strings (statically) in order to detect the obfuscator.
if (!options.ControlFlowDeobfuscation || options.StringDecrypterType == DecrypterType.None)
savedMethodBodies = new SavedMethodBodies();
// It's not null if it unpacked a native file
if (this.deob != null) {
deob.init(module);
deob.DeobfuscatedFile = this;
deob.earlyDetect();
deob.detect();
return;
}
foreach (var deob in deobfuscators) {
deob.init(module);
deob.DeobfuscatedFile = this;
}
if (options.ForcedObfuscatorType != null) {
foreach (var deob in deobfuscators) {
if (string.Equals(options.ForcedObfuscatorType, deob.Type, StringComparison.OrdinalIgnoreCase)) {
deob.earlyDetect();
this.deob = deob;
deob.detect();
return;
}
}
}
else {
this.deob = earlyDetectObfuscator(deobfuscators);
if (this.deob == null)
this.deob = detectObfuscator2(deobfuscators);
else
this.deob.detect();
}
}
IDeobfuscator detectObfuscator2(IEnumerable<IDeobfuscator> deobfuscators)
{
IDeobfuscator detected = null;
int detectVal = 0;
foreach (var deob in deobfuscators) {
this.deob = deob; // So we can call deob.CanInlineMethods in deobfuscate()
int val = deob.detect();
Log.v("{0,3}: {1}", val, deob.TypeLong);
if (val > detectVal) {
detectVal = val;
detected = deob;
}
}
this.deob = null;
return detected;
}
