protected override object CheckCctor(TypeDef type, MethodDef cctor) {
// Here if 1.2 r54564 (almost 1.3) or later
var fieldToInfo = new FieldDefAndDeclaringTypeDict<DelegateInitInfo>();
var instrs = cctor.Body.Instructions;
for (int i = 0; i < instrs.Count - 1; i++) {
var ldtoken = instrs[i];
if (ldtoken.OpCode.Code != Code.Ldtoken)
continue;
var field = ldtoken.Operand as FieldDef;
if (field == null || field.DeclaringType != cctor.DeclaringType)
continue;
var call = instrs[i + 1];
if (call.OpCode.Code != Code.Call)
continue;
var calledMethod = call.Operand as MethodDef;
if (calledMethod == null)
continue;
if (!IsDelegateCreatorMethod(calledMethod))
continue;
var info = methodToInfo.Find(calledMethod);
if (info == null)
continue;
i++;
fieldToInfo.Add(field, new DelegateInitInfo(field, calledMethod));
}
return fieldToInfo.Count == 0 ? null : fieldToInfo;
}
protected override void InlineAllCalls()
{
foreach (var tmp in callResults)
{
var callResult = (MyCallResult)tmp;
var handler = stringDecrypters.Find(callResult.IMethod);
callResult.returnValue = handler((MethodDef)callResult.IMethod, callResult.gim, callResult.args);
}
}
public string DecryptString(MethodDef method, MethodSpec gim, uint magic1, ulong magic2)
{
if (!VerifyGenericArg(gim, ElementType.String))
{
return(null);
}
var info = decrypters.Find(method);
return(info.DecryptString(magic1, magic2));
}
public void Add(MethodDef method, Func <MethodDef, MethodSpec, object[], object> handler)
{
if (method == null)
{
return;
}
if (decrypterMethods.Find(method) != null)
{
throw new ApplicationException(string.Format("Handler for method {0:X8} has already been added", method.MDToken.ToInt32()));
}
if (method != null)
{
decrypterMethods.Add(method, handler);
}
}
void RemoveCalls(IList <Block> allBlocks, Blocks blocks, MethodDefAndDeclaringTypeDict <bool> info)
{
var instrsToDelete = new List <int>();
foreach (var block in allBlocks)
{
instrsToDelete.Clear();
for (int i = 0; i < block.Instructions.Count; i++)
{
var instr = block.Instructions[i];
if (instr.OpCode != OpCodes.Call)
{
continue;
}
var destMethod = instr.Operand as IMethod;
if (destMethod == null)
{
continue;
}
if (info.Find(destMethod))
{
Logger.v("Removed call to {0}", Utils.RemoveNewlines(destMethod));
instrsToDelete.Add(i);
}
}
block.Remove(instrsToDelete);
}
}
// VB initializes the handlers in the property setter, where it first removes the handler
// from the previous control, and then adds the handler to the new control.
void InitVbEventHandlers(FieldDefAndDeclaringTypeDict <MFieldDef> ourFields, MethodDefAndDeclaringTypeDict <MMethodDef> ourMethods)
{
var checker = NameChecker;
foreach (var propDef in type.AllProperties)
{
var setterDef = propDef.SetMethod;
if (setterDef == null)
{
continue;
}
var handler = GetVbHandler(setterDef.MethodDef, out string eventName);
if (handler == null)
{
continue;
}
var handlerDef = ourMethods.Find(handler);
if (handlerDef == null)
{
continue;
}
if (!checker.IsValidEventName(eventName))
{
continue;
}
memberInfos.Method(handlerDef).suggestedName = $"{memberInfos.Property(propDef).newName}_{eventName}";
}
}
protected override bool Deobfuscate(Blocks blocks, IList <Block> allBlocks)
{
var removeInfos = new Dictionary <Block, List <RemoveInfo> >();
foreach (var block in allBlocks)
{
var instrs = block.Instructions;
for (int i = 0; i < instrs.Count; i++)
{
var instr = instrs[i];
if (instr.OpCode != OpCodes.Call)
{
continue;
}
var method = instr.Operand as IMethod;
if (method == null)
{
continue;
}
var di = proxyMethodToDelegateInfo.Find(method);
if (di == null)
{
continue;
}
Add(removeInfos, block, i, di);
}
}
return(FixProxyCalls(blocks.Method, removeInfos));
}
public void Deobfuscate(Blocks blocks)
{
if (oldToNewMethod.Count == 0)
{
return;
}
foreach (var block in blocks.MethodBlocks.GetAllBlocks())
{
var instrs = block.Instructions;
for (int i = 0; i < instrs.Count; i++)
{
var call = instrs[i];
if (call.OpCode.Code != Code.Call)
{
continue;
}
var calledMethod = call.Operand as MethodDef;
if (calledMethod == null)
{
continue;
}
var newMethodInfo = oldToNewMethod.Find(calledMethod);
if (newMethodInfo == null)
{
continue;
}
instrs[i] = new Instr(Instruction.Create(newMethodInfo.opCode, newMethodInfo.method));
}
}
}
public object DecryptInt32(MethodDef caller, MethodDef decryptMethod, object[] args)
{
var info = methodToDecrypterInfo.Find(decryptMethod);
byte typeCode;
var data = DecryptData(info, caller, args, out typeCode);
if (typeCode != info.int32Type)
{
return(null);
}
if (data.Length != 4)
{
throw new ApplicationException("Invalid data length");
}
return(BitConverter.ToInt32(data, 0));
}
public void Deobfuscate(Blocks blocks)
{
if (resourceManagerType == null && componentResourceManagerType == null)
{
return;
}
foreach (var block in blocks.MethodBlocks.GetAllBlocks())
{
var instrs = block.Instructions;
for (int i = 0; i < instrs.Count; i++)
{
var instr = instrs[i];
if (instr.OpCode.Code != Code.Newobj)
{
continue;
}
var ctor = instr.Operand as IMethod;
if (ctor == null)
{
continue;
}
var newCtor = resourceManagerCtors.Find(ctor);
if (newCtor == null)
{
newCtor = componentManagerCtors.Find(ctor);
}
if (newCtor == null)
{
continue;
}
instr.Operand = newCtor;
}
}
}
public void Add(MethodDef method, MethodDef methodToBeRemoved)
{
if (method == null || methodToBeRemoved == null)
{
return;
}
CheckMethod(methodToBeRemoved);
var dict = methodRefInfos.Find(method);
if (dict == null)
{
methodRefInfos.Add(method, dict = new MethodDefAndDeclaringTypeDict <bool>());
}
dict.Add(methodToBeRemoved, true);
}
protected override bool Deobfuscate(Blocks blocks, IList <Block> allBlocks)
{
var removeInfos = new Dictionary <Block, List <RemoveInfo> >();
foreach (var block in allBlocks)
{
var instrs = block.Instructions;
for (int i = 0; i < instrs.Count; i++)
{
var instr = instrs[i];
if (instr.OpCode == OpCodes.Call)
{
var method = instr.Operand as IMethod;
if (method == null)
{
continue;
}
var di = proxyMethodToDelegateInfo.Find(method);
if (di == null)
{
continue;
}
Add(removeInfos, block, i, di);
}
else if (instr.OpCode == OpCodes.Ldsfld)
{
var di = GetDelegateInfo(instr.Operand as IField);
if (di == null)
{
continue;
}
var callInfo = FindProxyCall(di, block, i);
if (callInfo != null)
{
Add(removeInfos, block, i, null);
Add(removeInfos, callInfo.Block, callInfo.Index, di);
}
else
{
errors++;
Logger.w("Could not fix proxy call. Method: {0} ({1:X8}), Proxy type: {2} ({3:X8})",
Utils.RemoveNewlines(blocks.Method),
blocks.Method.MDToken.ToInt32(),
Utils.RemoveNewlines(di.field.DeclaringType),
di.field.DeclaringType.MDToken.ToInt32());
}
}
}
}
return(FixProxyCalls(blocks.Method, removeInfos));
}
protected override object CheckCctor(TypeDef type, MethodDef cctor)
{
var instructions = cctor.Body.Instructions;
for (int i = 0; i < instructions.Count; i++)
{
ITypeDefOrRef delegateType;
IField delegateField;
IMethod createMethod;
int methodToken, declaringTypeToken;
var instrs = DotNetUtils.GetInstructions(instructions, i, OpCodes.Ldtoken, OpCodes.Ldc_I4, OpCodes.Ldc_I4, OpCodes.Ldtoken, OpCodes.Call);
if (instrs != null)
{
delegateType = instrs[0].Operand as ITypeDefOrRef;
methodToken = instrs[1].GetLdcI4Value();
declaringTypeToken = instrs[2].GetLdcI4Value();
delegateField = instrs[3].Operand as IField;
createMethod = instrs[4].Operand as IMethod;
}
else if ((instrs = DotNetUtils.GetInstructions(instructions, i, OpCodes.Ldtoken, OpCodes.Ldc_I4, OpCodes.Ldtoken, OpCodes.Call)) != null)
{
delegateType = instrs[0].Operand as ITypeDefOrRef;
methodToken = instrs[1].GetLdcI4Value();
declaringTypeToken = -1;
delegateField = instrs[2].Operand as IField;
createMethod = instrs[3].Operand as IMethod;
}
else
{
continue;
}
if (delegateType == null)
{
continue;
}
if (delegateField == null)
{
continue;
}
if (createMethod == null)
{
continue;
}
var proxyCreatorType = methodToType.Find(createMethod);
if (proxyCreatorType == ProxyCreatorType.None)
{
continue;
}
return(new Context(delegateType, methodToken, declaringTypeToken, proxyCreatorType));
}
return(null);
}
static bool CheckAllMethodsUnused(MethodDefAndDeclaringTypeDict <bool> unused, TypeDef type)
{
foreach (var method in type.Methods)
{
if (!unused.Find(method))
{
return(false);
}
}
return(true);
}
protected Info GetInfo(MethodDef method)
{
var info = decrypterMethods.Find(method);
if (info == null)
{
return(null);
}
info.referenced = true;
return(info);
}
public bool Exists(IMethod method)
{
if (method == null)
{
return(false);
}
if (method.DeclaringType != null && types.Find(method.DeclaringType))
{
return(true);
}
return(methods.Find(method));
}
void RestoreMethodBodies(ISimpleDeobfuscator simpleDeobfuscator) {
var methodToOrigMethods = new MethodDefAndDeclaringTypeDict<List<MethodDef>>();
foreach (var t in module.Types) {
var types = new List<TypeDef>(AllTypesHelper.Types(new List<TypeDef> { t }));
foreach (var type in types) {
if (methodsTypes.Find(type))
continue;
foreach (var method in type.Methods) {
if (method.Name == ".ctor" || method.Name == ".cctor")
continue;
MethodDef calledMethod;
if (!CheckRestoreBody(method, out calledMethod))
continue;
if (!CheckSameMethods(method, calledMethod))
continue;
if (!methodsTypes.Find(calledMethod.DeclaringType))
continue;
if (types.IndexOf(calledMethod.DeclaringType) < 0)
continue;
var list = methodToOrigMethods.Find(calledMethod);
if (list == null)
methodToOrigMethods.Add(calledMethod, list = new List<MethodDef>());
list.Add(method);
}
}
}
foreach (var calledMethod in methodToOrigMethods.GetKeys()) {
var list = methodToOrigMethods.Find(calledMethod);
var method = list[0];
Logger.v("Restored method body {0:X8} from method {1:X8}",
method.MDToken.ToInt32(),
calledMethod.MDToken.ToInt32());
DotNetUtils.CopyBodyFromTo(calledMethod, method);
classMethods.Add(calledMethod, method);
simpleDeobfuscator.MethodModified(method);
}
}
public void Deobfuscate(Blocks blocks)
{
foreach (var block in blocks.MethodBlocks.GetAllBlocks())
{
var instrs = block.Instructions;
for (int i = 0; i < instrs.Count; i++)
{
var call = instrs[i];
if (call.OpCode.Code != Code.Call)
{
continue;
}
var realInstanceMethod = classMethods.Find(call.Operand as IMethod);
if (realInstanceMethod == null)
{
continue;
}
call.Operand = realInstanceMethod;
}
}
}
public string Decrypt(IMethod method, object[] args)
{
var info = methodToInfo.Find(method);
return(info.Decrypt(args));
}
public string Decrypt(MethodDef method)
{
var info = methodToInfo.Find(method);
return(Encoding.Unicode.GetString(decryptedData, info.offset, info.length));
}
public bool IsProxyTargetMethod(IMethod method)
{
return(proxyTargetMethods.Find(method));
}
void InitTypeEventHandlers(FieldDefAndDeclaringTypeDict<MFieldDef> ourFields, MethodDefAndDeclaringTypeDict<MMethodDef> ourMethods) {
var checker = NameChecker;
foreach (var methodDef in type.AllMethods) {
if (methodDef.MethodDef.Body == null)
continue;
if (methodDef.MethodDef.IsStatic)
continue;
var method = methodDef.MethodDef;
var instructions = method.Body.Instructions;
for (int i = 0; i < instructions.Count - 5; i++) {
// ldarg.0
// ldarg.0 / dup
// ldarg.0 / dup
// ldvirtftn handler
// newobj event handler ctor
// call add_Xyz
if (instructions[i].GetParameterIndex() != 0)
continue;
int index = i + 1;
if (!IsThisOrDup(instructions[index++]))
continue;
IMethod handler;
if (instructions[index].OpCode.Code == Code.Ldftn) {
handler = instructions[index++].Operand as IMethod;
}
else {
if (!IsThisOrDup(instructions[index++]))
continue;
var instr = instructions[index++];
if (instr.OpCode.Code != Code.Ldvirtftn)
continue;
handler = instr.Operand as IMethod;
}
if (handler == null)
continue;
var handlerDef = ourMethods.Find(handler);
if (handlerDef == null)
continue;
var newobj = instructions[index++];
if (newobj.OpCode.Code != Code.Newobj)
continue;
if (!IsEventHandlerCtor(newobj.Operand as IMethod))
continue;
var call = instructions[index++];
if (call.OpCode.Code != Code.Call && call.OpCode.Code != Code.Callvirt)
continue;
var addMethod = call.Operand as IMethod;
if (addMethod == null)
continue;
if (!Utils.StartsWith(addMethod.Name.String, "add_", StringComparison.Ordinal))
continue;
var eventName = addMethod.Name.String.Substring(4);
if (!checker.IsValidEventName(eventName))
continue;
memberInfos.Method(handlerDef).suggestedName = string.Format("{0}_{1}", newName, eventName);
}
}
}
void InitFieldEventHandlers(FieldDefAndDeclaringTypeDict<MFieldDef> ourFields, MethodDefAndDeclaringTypeDict<MMethodDef> ourMethods) {
var checker = NameChecker;
foreach (var methodDef in type.AllMethods) {
if (methodDef.MethodDef.Body == null)
continue;
if (methodDef.MethodDef.IsStatic)
continue;
var instructions = methodDef.MethodDef.Body.Instructions;
for (int i = 0; i < instructions.Count - 6; i++) {
// We're looking for this code pattern:
// ldarg.0
// ldfld field
// ldarg.0
// ldftn method / ldarg.0 + ldvirtftn
// newobj event_handler_ctor
// callvirt add_SomeEvent
if (instructions[i].GetParameterIndex() != 0)
continue;
int index = i + 1;
var ldfld = instructions[index++];
if (ldfld.OpCode.Code != Code.Ldfld)
continue;
var fieldRef = ldfld.Operand as IField;
if (fieldRef == null)
continue;
var fieldDef = ourFields.Find(fieldRef);
if (fieldDef == null)
continue;
if (instructions[index++].GetParameterIndex() != 0)
continue;
IMethod methodRef;
var instr = instructions[index + 1];
if (instr.OpCode.Code == Code.Ldvirtftn) {
if (!IsThisOrDup(instructions[index++]))
continue;
var ldvirtftn = instructions[index++];
methodRef = ldvirtftn.Operand as IMethod;
}
else {
var ldftn = instructions[index++];
if (ldftn.OpCode.Code != Code.Ldftn)
continue;
methodRef = ldftn.Operand as IMethod;
}
if (methodRef == null)
continue;
var handlerMethod = ourMethods.Find(methodRef);
if (handlerMethod == null)
continue;
var newobj = instructions[index++];
if (newobj.OpCode.Code != Code.Newobj)
continue;
if (!IsEventHandlerCtor(newobj.Operand as IMethod))
continue;
var call = instructions[index++];
if (call.OpCode.Code != Code.Call && call.OpCode.Code != Code.Callvirt)
continue;
var addHandler = call.Operand as IMethod;
if (addHandler == null)
continue;
if (!Utils.StartsWith(addHandler.Name.String, "add_", StringComparison.Ordinal))
continue;
var eventName = addHandler.Name.String.Substring(4);
if (!checker.IsValidEventName(eventName))
continue;
memberInfos.Method(handlerMethod).suggestedName = string.Format("{0}_{1}", memberInfos.Field(fieldDef).newName, eventName);
}
}
}
// VB initializes the handlers in the property setter, where it first removes the handler
// from the previous control, and then adds the handler to the new control.
void InitVbEventHandlers(FieldDefAndDeclaringTypeDict<MFieldDef> ourFields, MethodDefAndDeclaringTypeDict<MMethodDef> ourMethods) {
var checker = NameChecker;
foreach (var propDef in type.AllProperties) {
var setterDef = propDef.SetMethod;
if (setterDef == null)
continue;
string eventName;
var handler = GetVbHandler(setterDef.MethodDef, out eventName);
if (handler == null)
continue;
var handlerDef = ourMethods.Find(handler);
if (handlerDef == null)
continue;
if (!checker.IsValidEventName(eventName))
continue;
memberInfos.Method(handlerDef).suggestedName = string.Format("{0}_{1}", memberInfos.Property(propDef).newName, eventName);
}
}
public bool IsProxyTargetMethod(IMethod method) => proxyTargetMethods.Find(method);
void InitFieldEventHandlers(FieldDefAndDeclaringTypeDict <MFieldDef> ourFields, MethodDefAndDeclaringTypeDict <MMethodDef> ourMethods)
{
var checker = NameChecker;
foreach (var methodDef in type.AllMethods)
{
if (methodDef.MethodDef.Body == null)
{
continue;
}
if (methodDef.MethodDef.IsStatic)
{
continue;
}
var instructions = methodDef.MethodDef.Body.Instructions;
for (int i = 0; i < instructions.Count - 6; i++)
{
// We're looking for this code pattern:
// ldarg.0
// ldfld field
// ldarg.0
// ldftn method / ldarg.0 + ldvirtftn
// newobj event_handler_ctor
// callvirt add_SomeEvent
if (instructions[i].GetParameterIndex() != 0)
{
continue;
}
int index = i + 1;
var ldfld = instructions[index++];
if (ldfld.OpCode.Code != Code.Ldfld)
{
continue;
}
var fieldRef = ldfld.Operand as IField;
if (fieldRef == null)
{
continue;
}
var fieldDef = ourFields.Find(fieldRef);
if (fieldDef == null)
{
continue;
}
if (instructions[index++].GetParameterIndex() != 0)
{
continue;
}
IMethod methodRef;
var instr = instructions[index + 1];
if (instr.OpCode.Code == Code.Ldvirtftn)
{
if (!IsThisOrDup(instructions[index++]))
{
continue;
}
var ldvirtftn = instructions[index++];
methodRef = ldvirtftn.Operand as IMethod;
}
else
{
var ldftn = instructions[index++];
if (ldftn.OpCode.Code != Code.Ldftn)
{
continue;
}
methodRef = ldftn.Operand as IMethod;
}
if (methodRef == null)
{
continue;
}
var handlerMethod = ourMethods.Find(methodRef);
if (handlerMethod == null)
{
continue;
}
var newobj = instructions[index++];
if (newobj.OpCode.Code != Code.Newobj)
{
continue;
}
if (!IsEventHandlerCtor(newobj.Operand as IMethod))
{
continue;
}
var call = instructions[index++];
if (call.OpCode.Code != Code.Call && call.OpCode.Code != Code.Callvirt)
{
continue;
}
var addHandler = call.Operand as IMethod;
if (addHandler == null)
{
continue;
}
if (!Utils.StartsWith(addHandler.Name.String, "add_", StringComparison.Ordinal))
{
continue;
}
var eventName = addHandler.Name.String.Substring(4);
if (!checker.IsValidEventName(eventName))
{
continue;
}
memberInfos.Method(handlerMethod).suggestedName = $"{memberInfos.Field(fieldDef).newName}_{eventName}";
}
}
}
void InitializeWindowsFormsFieldsAndProps()
{
var checker = NameChecker;
var ourFields = new FieldDefAndDeclaringTypeDict <MFieldDef>();
foreach (var fieldDef in type.AllFields)
{
ourFields.Add(fieldDef.FieldDef, fieldDef);
}
var ourMethods = new MethodDefAndDeclaringTypeDict <MMethodDef>();
foreach (var methodDef in type.AllMethods)
{
ourMethods.Add(methodDef.MethodDef, methodDef);
}
foreach (var methodDef in type.AllMethods)
{
if (methodDef.MethodDef.Body == null)
{
continue;
}
if (methodDef.MethodDef.IsStatic || methodDef.MethodDef.IsVirtual)
{
continue;
}
var instructions = methodDef.MethodDef.Body.Instructions;
for (int i = 2; i < instructions.Count; i++)
{
var call = instructions[i];
if (call.OpCode.Code != Code.Call && call.OpCode.Code != Code.Callvirt)
{
continue;
}
if (!IsWindowsFormsSetNameMethod(call.Operand as IMethod))
{
continue;
}
var ldstr = instructions[i - 1];
if (ldstr.OpCode.Code != Code.Ldstr)
{
continue;
}
var fieldName = ldstr.Operand as string;
if (fieldName == null || !checker.IsValidFieldName(fieldName))
{
continue;
}
var instr = instructions[i - 2];
IField fieldRef = null;
if (instr.OpCode.Code == Code.Call || instr.OpCode.Code == Code.Callvirt)
{
var calledMethod = instr.Operand as IMethod;
if (calledMethod == null)
{
continue;
}
var calledMethodDef = ourMethods.Find(calledMethod);
if (calledMethodDef == null)
{
continue;
}
fieldRef = GetFieldRef(calledMethodDef.MethodDef);
var propDef = calledMethodDef.Property;
if (propDef == null)
{
continue;
}
memberInfos.Property(propDef).suggestedName = fieldName;
fieldName = "_" + fieldName;
}
else if (instr.OpCode.Code == Code.Ldfld)
{
fieldRef = instr.Operand as IField;
}
if (fieldRef == null)
{
continue;
}
var fieldDef = ourFields.Find(fieldRef);
if (fieldDef == null)
{
continue;
}
var fieldInfo = memberInfos.Field(fieldDef);
if (fieldInfo.renamed)
{
continue;
}
fieldInfo.suggestedName = variableNameState.GetNewFieldName(fieldInfo.oldName, new NameCreator2(fieldName));
}
}
}
void InitTypeEventHandlers(FieldDefAndDeclaringTypeDict <MFieldDef> ourFields, MethodDefAndDeclaringTypeDict <MMethodDef> ourMethods)
{
var checker = NameChecker;
foreach (var methodDef in type.AllMethods)
{
if (methodDef.MethodDef.Body == null)
{
continue;
}
if (methodDef.MethodDef.IsStatic)
{
continue;
}
var method = methodDef.MethodDef;
var instructions = method.Body.Instructions;
for (int i = 0; i < instructions.Count - 5; i++)
{
// ldarg.0
// ldarg.0 / dup
// ldarg.0 / dup
// ldvirtftn handler
// newobj event handler ctor
// call add_Xyz
if (instructions[i].GetParameterIndex() != 0)
{
continue;
}
int index = i + 1;
if (!IsThisOrDup(instructions[index++]))
{
continue;
}
IMethod handler;
if (instructions[index].OpCode.Code == Code.Ldftn)
{
handler = instructions[index++].Operand as IMethod;
}
else
{
if (!IsThisOrDup(instructions[index++]))
{
continue;
}
var instr = instructions[index++];
if (instr.OpCode.Code != Code.Ldvirtftn)
{
continue;
}
handler = instr.Operand as IMethod;
}
if (handler == null)
{
continue;
}
var handlerDef = ourMethods.Find(handler);
if (handlerDef == null)
{
continue;
}
var newobj = instructions[index++];
if (newobj.OpCode.Code != Code.Newobj)
{
continue;
}
if (!IsEventHandlerCtor(newobj.Operand as IMethod))
{
continue;
}
var call = instructions[index++];
if (call.OpCode.Code != Code.Call && call.OpCode.Code != Code.Callvirt)
{
continue;
}
var addMethod = call.Operand as IMethod;
if (addMethod == null)
{
continue;
}
if (!Utils.StartsWith(addMethod.Name.String, "add_", StringComparison.Ordinal))
{
continue;
}
var eventName = addMethod.Name.String.Substring(4);
if (!checker.IsValidEventName(eventName))
{
continue;
}
memberInfos.Method(handlerDef).suggestedName = $"{newName}_{eventName}";
}
}
}
protected virtual bool IsExceptionLogger(IMethod method) => exceptionLoggerMethods.Find(method);
static bool CheckAllMethodsUnused(MethodDefAndDeclaringTypeDict<bool> unused, TypeDef type) {
foreach (var method in type.Methods) {
if (!unused.Find(method))
return false;
}
return true;
}
public string Decrypt(MethodDef method, int magic1, int magic2, int magic3)
{
var info = stringEncrypterInfos.Find(method);
return(info.Decrypt(magic1, magic2, magic3));
}
void InitializeWindowsFormsFieldsAndProps() {
var checker = NameChecker;
var ourFields = new FieldDefAndDeclaringTypeDict<MFieldDef>();
foreach (var fieldDef in type.AllFields)
ourFields.Add(fieldDef.FieldDef, fieldDef);
var ourMethods = new MethodDefAndDeclaringTypeDict<MMethodDef>();
foreach (var methodDef in type.AllMethods)
ourMethods.Add(methodDef.MethodDef, methodDef);
foreach (var methodDef in type.AllMethods) {
if (methodDef.MethodDef.Body == null)
continue;
if (methodDef.MethodDef.IsStatic || methodDef.MethodDef.IsVirtual)
continue;
var instructions = methodDef.MethodDef.Body.Instructions;
for (int i = 2; i < instructions.Count; i++) {
var call = instructions[i];
if (call.OpCode.Code != Code.Call && call.OpCode.Code != Code.Callvirt)
continue;
if (!IsWindowsFormsSetNameMethod(call.Operand as IMethod))
continue;
var ldstr = instructions[i - 1];
if (ldstr.OpCode.Code != Code.Ldstr)
continue;
var fieldName = ldstr.Operand as string;
if (fieldName == null || !checker.IsValidFieldName(fieldName))
continue;
var instr = instructions[i - 2];
IField fieldRef = null;
if (instr.OpCode.Code == Code.Call || instr.OpCode.Code == Code.Callvirt) {
var calledMethod = instr.Operand as IMethod;
if (calledMethod == null)
continue;
var calledMethodDef = ourMethods.Find(calledMethod);
if (calledMethodDef == null)
continue;
fieldRef = GetFieldRef(calledMethodDef.MethodDef);
var propDef = calledMethodDef.Property;
if (propDef == null)
continue;
memberInfos.Property(propDef).suggestedName = fieldName;
fieldName = "_" + fieldName;
}
else if (instr.OpCode.Code == Code.Ldfld) {
fieldRef = instr.Operand as IField;
}
if (fieldRef == null)
continue;
var fieldDef = ourFields.Find(fieldRef);
if (fieldDef == null)
continue;
var fieldInfo = memberInfos.Field(fieldDef);
if (fieldInfo.renamed)
continue;
fieldInfo.suggestedName = variableNameState.GetNewFieldName(fieldInfo.oldName, new NameCreator2(fieldName));
}
}
}
protected virtual bool IsExceptionLogger(IMethod method)
{
return(exceptionLoggerMethods.Find(method));
}
void RestoreMethodBodies(ISimpleDeobfuscator simpleDeobfuscator)
{
var methodToOrigMethods = new MethodDefAndDeclaringTypeDict <List <MethodDef> >();
foreach (var t in module.Types)
{
var types = new List <TypeDef>(AllTypesHelper.Types(new List <TypeDef> {
t
}));
foreach (var type in types)
{
if (methodsTypes.Find(type))
{
continue;
}
foreach (var method in type.Methods)
{
if (method.Name == ".ctor" || method.Name == ".cctor")
{
continue;
}
MethodDef calledMethod;
if (!CheckRestoreBody(method, out calledMethod))
{
continue;
}
if (!CheckSameMethods(method, calledMethod))
{
continue;
}
if (!methodsTypes.Find(calledMethod.DeclaringType))
{
continue;
}
if (types.IndexOf(calledMethod.DeclaringType) < 0)
{
continue;
}
var list = methodToOrigMethods.Find(calledMethod);
if (list == null)
{
methodToOrigMethods.Add(calledMethod, list = new List <MethodDef>());
}
list.Add(method);
}
}
}
foreach (var calledMethod in methodToOrigMethods.GetKeys())
{
var list = methodToOrigMethods.Find(calledMethod);
var method = list[0];
Logger.v("Restored method body {0:X8} from method {1:X8}",
method.MDToken.ToInt32(),
calledMethod.MDToken.ToInt32());
DotNetUtils.CopyBodyFromTo(calledMethod, method);
classMethods.Add(calledMethod, method);
simpleDeobfuscator.MethodModified(method);
}
}
