public InstructionPatcher(int patchIndex, int afterIndex, Instruction lastInstr) { this.patchIndex = patchIndex; this.afterIndex = afterIndex; this.lastInstr = lastInstr; this.clonedInstr = new Instr(DotNetUtils.clone(lastInstr)); }
public static bool IsArithmetical(this Instr instr) { switch (instr.OpCode.Code) { case Code.Add: case Code.Add_Ovf: case Code.Add_Ovf_Un: case Code.Div: case Code.Div_Un: case Code.Mul: case Code.Mul_Ovf: case Code.Mul_Ovf_Un: case Code.Not: case Code.Shl: case Code.Shr: case Code.Shr_Un: case Code.Sub: case Code.Sub_Ovf: case Code.Sub_Ovf_Un: case Code.Xor: case Code.And: case Code.Rem: case Code.Rem_Un: case Code.Ceq: case Code.Cgt: case Code.Cgt_Un: case Code.Clt: case Code.Clt_Un: case Code.Neg: case Code.Or: return(true); } return(false); }
public void deobfuscate(Blocks blocks) { foreach (var block in blocks.MethodBlocks.getAllBlocks()) { var instrs = block.Instructions; for (int i = 0; i < instrs.Count; i++) { var instr = instrs[i]; if (instr.OpCode.Code != Code.Ldsfld) { continue; } var field = instr.Operand as FieldReference; if (field == null) { continue; } var info = stringInfos.find(field); if (info == null) { continue; } var decrypted = decrypt(info); instrs[i] = new Instr(Instruction.Create(OpCodes.Ldstr, decrypted)); Log.v("Decrypted string: {0}", Utils.toCsharpString(decrypted)); } } }
public Op GetOp(int opIndex) { Op opValue = null; if (script.instrStream.currentInstr >= 0 && script.instrStream.currentInstr < script.instrStream.instrs.Length) { Instr instr = script.instrStream.instrs [script.instrStream.currentInstr]; if (opIndex >= 0 && opIndex < instr.opList.Count) { opValue = instr.opList [opIndex]; } } switch (opValue.type) { case OpType.ABS_STACK_INDEX: case OpType.REL_STACK_INDEX: return(script.stack.GetStackValue(opValue.stackIndex)); case OpType.REG: return(script._ret_val); default: return(opValue); } }
public void Deobfuscate(Blocks blocks) { if (oldToNewMethod.Count == 0) { return; } foreach (var block in blocks.MethodBlocks.GetAllBlocks()) { var instrs = block.Instructions; for (int i = 0; i < instrs.Count; i++) { var call = instrs[i]; if (call.OpCode.Code != Code.Call) { continue; } var calledMethod = call.Operand as MethodDef; if (calledMethod == null) { continue; } var newMethodInfo = oldToNewMethod.Find(calledMethod); if (newMethodInfo == null) { continue; } instrs[i] = new Instr(Instruction.Create(newMethodInfo.opCode, newMethodInfo.method)); } } }
public void Typecheck() { foreach (InstrNode node in block.Instructions) { Instr instruction = node.Value; if (instruction is VarDecl) { VarDecl variable = (VarDecl)instruction; TypeDesc varType = TypeResolver.ResolveType(variable.Value, env, variable.Value.Position); if (variable.Type == null && !(varType is NullType)) { variable.Type = new TypeNode(varType, variable.Value.Position); } env.AddEntry(variable.Name, varType, node.Position); } if (instruction is ClassDecl) { ClassDecl classDecl = (ClassDecl)instruction; env.AddEntry(classDecl.Name, new Class(classDecl.Typevars.Sequence), node.Position); } } }
public void Write(Instr instrType, params object[] ops) { var instruction = Instruction.InstructionsByCode[instrType]; Code.Add(instruction.Code); Write(ops); }
public static bool IsConv(this Instr instr) { switch (instr.OpCode.Code) { case Code.Conv_I1: case Code.Conv_I2: case Code.Conv_I4: case Code.Conv_I8: case Code.Conv_U1: case Code.Conv_U2: case Code.Conv_U4: case Code.Conv_U8: case Code.Conv_R4: case Code.Conv_R8: case Code.Conv_Ovf_I1: case Code.Conv_Ovf_I1_Un: case Code.Conv_Ovf_I2: case Code.Conv_Ovf_I2_Un: case Code.Conv_Ovf_I4: case Code.Conv_Ovf_I4_Un: case Code.Conv_Ovf_I8: case Code.Conv_Ovf_I8_Un: case Code.Conv_Ovf_U1: case Code.Conv_Ovf_U1_Un: case Code.Conv_Ovf_U2: case Code.Conv_Ovf_U2_Un: case Code.Conv_Ovf_U4: case Code.Conv_Ovf_U4_Un: case Code.Conv_Ovf_U8: case Code.Conv_Ovf_U8_Un: return(true); } return(false); }
bool isValidPtrInstrSet(Instr instr, out ElementType type) { type = ElementType.Void; switch (instr.OpCode.Code) { case Code.Stind_I1: type = ElementType.I1; break; case Code.Stind_I2: type = ElementType.I2; break; case Code.Stind_I4: type = ElementType.I4; break; case Code.Stind_I8: type = ElementType.I8; break; case Code.Stind_R4: type = ElementType.R4; break; case Code.Stind_R8: type = ElementType.R8; break; default: return(false); } return(true); }
public static Op Read(Byte[] bytes) { if (bytes.Length < 1) { throw new Exception("Cannot read empty bytes"); } Instr instr = (Instr)bytes[0]; int length; if (!OpcodeGen.Encodings.ContainsKey(instr)) { throw new Exception("Invalid opcode {X:0}".Fmt(instr)); } length = OpcodeGen.EncodingSize[OpcodeGen.Encodings[instr]]; if (bytes.Length - 1 < length) { throw new Exception("Opcode data encoding is smaller than given."); } Array.Copy(bytes, 1, Buffer, 0, length); for (int i = length; i < Buffer.Length; ++i) { Buffer[i] = 0; } return(Op.CreateOp(instr, BitConverter.ToInt32(Buffer, 0))); }
/// <summary> /// 查询所有指令信息 /// </summary> /// <returns>list</returns> public List <Instr> GetAllInstrs() { List <Instr> instrList = new List <Instr>(); string GET_INSTR_SQL = "select * from T_INSTR"; SqlCommand sqlCmd = new SqlCommand(GET_INSTR_SQL, db.sqlCon); using (SqlDataReader sqlReader = sqlCmd.ExecuteReader()) { try { while (sqlReader.Read()) { Instr instr = new Instr(); instr.setNo(Convert.ToInt32(sqlReader["I_NO"])); instr.setKeyWord(Convert.ToString(sqlReader["I_KEYWORD"]));; instr.setType(Convert.ToString(sqlReader["I_TYPE"])); instrList.Add(instr); } sqlReader.Close(); } catch (SqlException e) { throw new Exception(e.Message); } } return(instrList); }
void fixTypeofDecrypterInstructions(Blocks blocks) { var type = getDecrypterType(); if (type == null) { return; } foreach (var block in blocks.MethodBlocks.getAllBlocks()) { var instructions = block.Instructions; for (int i = 0; i < instructions.Count; i++) { var instr = instructions[i]; if (instr.OpCode.Code != Code.Ldtoken) { continue; } if (!MemberReferenceHelper.compareTypes(type, instr.Operand as TypeReference)) { continue; } instructions[i] = new Instr(Instruction.Create(OpCodes.Ldtoken, blocks.Method.DeclaringType)); } } }
public InstructionPatcher(int patchIndex, int afterIndex, Instruction lastInstr) { this.patchIndex = patchIndex; this.afterIndex = afterIndex; this.lastInstr = lastInstr; clonedInstr = new Instr(lastInstr.Clone()); }
public void output(Instr instr, uint PC_Now) { dev++; string debug = PC_Now.ToString("x8") + " " + instr.value.ToString("x8"); string regs = ""; for (int i = 0; i < 32; i++) { string padding = (i < 10) ? "0" : ""; regs += "R" + padding + i + ":" + GPR[i].ToString("x8") + " "; if ((i + 1) % 6 == 0) { regs += "\n"; } } ; regs += " HI:" + HI.ToString("x8") + " "; regs += " LO:" + LO.ToString("x8") + " "; regs += " SR:" + COP0_GPR[SR].ToString("x8") + " "; regs += "EPC:" + COP0_GPR[EPC].ToString("x8") + "\n"; //str.Append(regs); if (dev == 1) { using (StreamWriter writer = new StreamWriter("log.txt", true)) { writer.WriteLine(debug); writer.WriteLine(regs); } str.Clear(); dev = 0; } }
void FixTypeofDecrypterInstructions(Blocks blocks) { var type = GetDecrypterType(); if (type == null) { return; } foreach (var block in blocks.MethodBlocks.GetAllBlocks()) { var instructions = block.Instructions; for (int i = 0; i < instructions.Count; i++) { var instr = instructions[i]; if (instr.OpCode.Code != Code.Ldtoken) { continue; } if (!new SigComparer().Equals(type, instr.Operand as ITypeDefOrRef)) { continue; } instructions[i] = new Instr(OpCodes.Ldtoken.ToInstruction(blocks.Method.DeclaringType)); } } }
protected override bool Deobfuscate(Block block) { bool modified = false; var instructions = block.Instructions; for (int i = 0; i < instructions.Count; i++) { var instr = instructions[i]; switch (instr.OpCode.Code) { // Xenocode generates stloc + ldloc (bool). Replace it with dup + stloc. It will eventually // become dup + pop and be removed. case Code.Stloc: case Code.Stloc_S: case Code.Stloc_0: case Code.Stloc_1: case Code.Stloc_2: case Code.Stloc_3: if (i + 1 >= instructions.Count) break; if (!instructions[i + 1].IsLdloc()) break; var local = Instr.GetLocalVar(locals, instr); if (local.Type.ElementType != ElementType.Boolean) continue; if (local != Instr.GetLocalVar(locals, instructions[i + 1])) break; instructions[i] = new Instr(OpCodes.Dup.ToInstruction()); instructions[i + 1] = instr; modified = true; break; default: break; } } return modified; }
public void Deobfuscate(Blocks blocks) { if (decrypter == null) { return; } foreach (var block in blocks.MethodBlocks.GetAllBlocks()) { var instrs = block.Instructions; for (int i = 0; i < instrs.Count; i++) { var instr = instrs[i]; if (instr.OpCode.Code != Code.Ldsfld) { continue; } var field = instr.Operand as IField; if (field == null) { continue; } var info = stringInfos.Find(field); if (info == null) { continue; } var decrypted = Decrypt(info); instrs[i] = new Instr(OpCodes.Ldstr.ToInstruction(decrypted)); Logger.v("Decrypted string: {0}", Utils.ToCsharpString(decrypted)); } } }
public static LL <Instr> PatchInstr(Instr instr) { if (instr.arg1 != null && instr.arg1.kind == Arg.Kind.Mem && instr.arg2 != null && instr.arg2.kind == Arg.Kind.Mem) { switch (instr.kind) { case Instr.Kind.Movq: { return(new LL <Instr>(Movq(instr.arg1, RAX), new LL <Instr>(Movq(RAX, instr.arg2)))); } case Instr.Kind.Addq: { return(new LL <Instr>(Movq(instr.arg1, RAX), new LL <Instr>(Addq(RAX, instr.arg2)))); } case Instr.Kind.Subq: { return(new LL <Instr>(Movq(instr.arg1, RAX), new LL <Instr>(Subq(RAX, instr.arg2)))); } default: throw new Exception($"{instr.kind} should not have two memory arguments!"); } } return(new LL <Instr>(instr)); }
static MethodReference getCalledMethod(Instr instr) { if (instr.OpCode.Code != Code.Call) { return(null); } return(instr.Operand as MethodReference); }
private static int ExtractIntArg(Instr instr, int index) { if (TryExtractIntArg(instr.Args[index], out int val)) { return(val); } throw new FancyNotSupportedException($"Required plain integer or enum for decompilation but found {instr.Args[index]}", instr); }
static IMethod GetCalledMethod(Instr instr) { if (instr.OpCode.Code != Code.Call) { return(null); } return(instr.Operand as IMethod); }
static TypeReference getCastType(Instr instr) { if (!isCast(instr)) { return(null); } return(instr.Operand as TypeReference); }
public void Write(Instr instr, Int32 data = 0) { this.Buffer[0] = (Byte)instr; using (var ms = new MemoryStream(this.Buffer, 1, 4)) ms.Write(BitConverter.GetBytes(data), 0, 4); this.Target.Write(this.Buffer, 0, 1 + OpcodeGen.EncodingSize[OpcodeGen.Encodings[instr]]); }
static ITypeDefOrRef GetCastType(Instr instr) { if (!IsCast(instr)) { return(null); } return(instr.Operand as ITypeDefOrRef); }
bool Fix(Dictionary <Local, VMInfo> vmInfos, List <Tuple <Tuple <int, int>, Tuple <int, Local> > >[] infos, Dictionary <int, Local>[] locals) { bool modified = false; for (int j = 0; j < allBlocks.Count; j++) { var info = infos[j]; if (info.Count == 0) { continue; } var instr = allBlocks[j].Instructions; for (int i = instr.Count - 1; i >= 0; i--) { var tup = info.Find(l => l.Item1.Item1 == i); if (tup == null) { continue; } int ptrIndex = i + tup.Item1.Item2; int infoIndex = tup.Item2.Item1; var local = tup.Item2.Item2; var vmInfoIndex = getVmInfoIndex(vmInfos, local); if (vmInfoIndex == -1) { continue; } var newLocal = locals[vmInfoIndex][infoIndex]; ElementType type; if (isValidPtrInstrLoad(instr[ptrIndex], out type)) { instr[ptrIndex] = new Instr(new Instruction(OpCodes.Ldloc, newLocal)); modified |= true; } else if (isValidPtrInstrSet(instr[ptrIndex], out type)) { instr[ptrIndex] = new Instr(new Instruction(OpCodes.Stloc, newLocal)); modified |= true; } else { continue; } instr[i] = new Instr(OpCodes.Nop.ToInstruction()); if (IsAdd(instr, i)) { for (int k = 1; k < 4; k++) { instr[i + k] = new Instr(OpCodes.Nop.ToInstruction()); } } } } return(modified); }
bool isStLdlocBranch(Block switchBlock, bool isSwitch) { int numInstrs = 2 + (isSwitch ? 1 : 0); return(switchBlock.Instructions.Count == numInstrs && switchBlock.Instructions[0].isStloc() && switchBlock.Instructions[1].isLdloc() && Instr.getLocalVar(blocks.Locals, switchBlock.Instructions[0]) == Instr.getLocalVar(blocks.Locals, switchBlock.Instructions[1])); }
int InstrDec(string ix) { Instr val; ix = ix.Replace("_", "ಠ_ಠ").Replace(".", "_"); var succ = Instr.TryParse(ix, true, out val); return(succ ? (int)val : -1); }
public static void AddInstruction(Instr instructionType, int numOps = 0) { var instr = new Instruction { InstructionType = instructionType, NumOps = numOps }; InstructionsByCode.Add(instructionType, instr); //InstructionsByName.Add(name, instr); }
public static int RunProgram(IReadOnlyDictionary <int, Op> ops, string programText) { var regs = new int[4]; foreach (var instr in Instr.Parse(programText)) { ops[instr.Id].Exec(instr, regs); } return(regs[0]); }
private bool NeedSwitchKey(Block block) { foreach (var instr in block.Instructions) { if (instr.IsLdloc() && Instr.GetLocalVar(_blocks.Locals, instr) == _switchKey) { return(true); } } return(false); }
static bool CheckStloc(IList <Local> locals, Instr instr, Local local) { if (!instr.IsStloc()) { return(false); } if (Instr.GetLocalVar(locals, instr) != local) { return(false); } return(true); }
protected override bool deobfuscate(Block block) { bool changed = false; var instructions = block.Instructions; for (int i = 0; i < instructions.Count; i++) { var instr = instructions[i]; switch (instr.OpCode.Code) { // Xenocode generates stloc + ldloc (bool). Replace it with dup + stloc. It will eventually // become dup + pop and be removed. case Code.Stloc: case Code.Stloc_S: case Code.Stloc_0: case Code.Stloc_1: case Code.Stloc_2: case Code.Stloc_3: if (i + 1 >= instructions.Count) break; if (!instructions[i + 1].isLdloc()) break; var local = Instr.getLocalVar(locals, instr); if (local.VariableType.FullName != "System.Boolean") continue; if (local != Instr.getLocalVar(locals, instructions[i + 1])) break; instructions[i] = new Instr(Instruction.Create(OpCodes.Dup)); instructions[i + 1] = instr; changed = true; break; default: break; } } return changed; }
// // cStatus = 0,0,2,500,506,2500,200,0 as of Dec 2010 rev HW public void SplitCStatusResponse(string received, ref Instr.LMInstrStatus st) { try { string[] text = received.Split('='); string[] sval = text[1].Split(','); // debug/verbose on the box, not the app bool state; if (Convert.ToInt32(sval[0]) == 1) state = true; else state = false; st.debug = state; // input path st.inputPath = Convert.ToInt32(sval[1]); // 0 or 1 // led output state st.leds = Convert.ToInt32(sval[2]); // 0 or 2 // hv setpoint st.setpoint = Convert.ToInt32(sval[3]); // hv st.hv = Convert.ToInt32(sval[4]); // LLD max st.MaxLLD = Convert.ToInt32(sval[5]); // LLD mv st.LLD = Convert.ToInt32(sval[6]); // u3 ???? st.u1 = Convert.ToInt32(sval[7]); } catch (Exception e) { commlog.TraceEvent(LogLevels.Error, 890, "SplitCStatusResponse barfed on:" + received + "; " + e.Message); } }
public void SplitRatesReadResponse(string received, ref Instr.RatesStatus p) { try { string[] ff = received.Split('='); string[] txt = ff[1].Split(','); for (int i = 1; i <= NC.ChannelCount && i < txt.Length; i++) { int r; bool b = Int32.TryParse(txt[i], out r); if (b) p.channels[i] = r; } } catch (Exception e) { commlog.TraceEvent(LogLevels.Error, 893, "SplitRatesReadResponse barfed on:" + received + "; " + e.Message); } }
public void SplitCStatusResponse(string received, ref Instr.LMInstrStatus st) { cmdprocessor.SplitCStatusResponse(received, ref st); }
public void SplitPowerReadResponse(string received, ref Instr.PowerStatus p) { cmdprocessor.SplitPowerReadResponse(received, ref p); }
public void SplitRatesReadResponse(string received, ref Instr.RatesStatus p) { cmdprocessor.SplitRatesReadResponse(received, ref p); }
bool removeDeadStores() { bool changed = false; foreach (var block in allBlocks) { var instructions = block.Instructions; for (int i = 0; i < instructions.Count; i++) { var instr = instructions[i]; VariableDefinition local; switch (instr.OpCode.Code) { case Code.Stloc: case Code.Stloc_S: case Code.Stloc_0: case Code.Stloc_1: case Code.Stloc_2: case Code.Stloc_3: local = Instr.getLocalVar(blocks.Locals, instr); break; default: continue; } if (local == null) continue; if (!deadLocals[local.Index]) continue; instructions[i] = new Instr(Instruction.Create(OpCodes.Pop)); changed = true; } } return changed; }
public InstructionPatcher(int patchIndex, int afterIndex, Instruction lastInstr) { this.patchIndex = patchIndex; this.afterIndex = afterIndex; this.lastInstr = lastInstr; this.clonedInstr = new Instr(lastInstr.Clone()); }
bool RemoveDeadStores() { bool modified = false; foreach (var block in allBlocks) { var instructions = block.Instructions; for (int i = 0; i < instructions.Count; i++) { var instr = instructions[i]; Local local; switch (instr.OpCode.Code) { case Code.Stloc: case Code.Stloc_S: case Code.Stloc_0: case Code.Stloc_1: case Code.Stloc_2: case Code.Stloc_3: local = Instr.GetLocalVar(blocks.Locals, instr); break; default: continue; } if (local == null) continue; if (!deadLocals[local.Index]) continue; instructions[i] = new Instr(OpCodes.Pop.ToInstruction()); modified = true; } } return modified; }
public void SplitPowerReadResponse(string received, ref Instr.PowerStatus p) { try { string[] aaa = received.Split('='); string[] txt = aaa[1].Split(','); int r; bool b = Int32.TryParse(txt[0], out r); if (b) p.ACPresent = r; b = Int32.TryParse(txt[1], out r); if (b) p.batteryPresent = r; b = Int32.TryParse(txt[2], out r); if (b) p.batterylevelPct = r; } catch (Exception e) { commlog.TraceEvent(LogLevels.Error, 892, "SplitPowerReadResponse barfed on:" + received + "; " + e.Message); } }