public override bool getDecryptedModule(int count, ref byte[] newFileData, ref DumpedMethods dumpedMethods)
{
if (count != 0)
{
return(false);
}
fileData = ModuleBytes ?? DeobUtils.readModule(module);
peImage = new PeImage(fileData);
if (!options.DecryptMethods)
{
return(false);
}
var tokenToNativeCode = new Dictionary <uint, byte[]>();
if (!methodsDecrypter.decrypt(peImage, DeobfuscatedFile, ref dumpedMethods, tokenToNativeCode))
{
return(false);
}
if (options.DumpNativeMethods)
{
using (var fileStream = new FileStream(module.FullyQualifiedName + ".native", FileMode.Create, FileAccess.Write, FileShare.Read)) {
var sortedTokens = new List <uint>(tokenToNativeCode.Keys);
sortedTokens.Sort();
var writer = new BinaryWriter(fileStream);
var nops = new byte[] { 0x90, 0x90, 0x90, 0x90 };
foreach (var token in sortedTokens)
{
writer.Write((byte)0xB8);
writer.Write(token);
writer.Write(tokenToNativeCode[token]);
writer.Write(nops);
}
}
}
newFileData = fileData;
return(true);
}
public override bool getDecryptedModule(int count, ref byte[] newFileData, ref DumpedMethods dumpedMethods)
{
if (count != 0)
{
return(false);
}
fileData = ModuleBytes ?? DeobUtils.readModule(module);
peImage = new MyPEImage(fileData);
if (!options.DecryptMethods)
{
return(false);
}
var tokenToNativeCode = new Dictionary <uint, byte[]>();
if (!methodsDecrypter.decrypt(peImage, DeobfuscatedFile, ref dumpedMethods, tokenToNativeCode, unpackedNativeFile))
{
return(false);
}
newFileData = fileData;
return(true);
}
