protected override bool CheckHandlerMethodDesktopInternal(MethodDef handler) { if (CheckHandlerV3(handler)) { version = ResourceVersion.V3; return(true); } simpleDeobfuscator.Deobfuscate(handler); if ((data40 = CheckHandlerV40(handler)) != null) { version = ResourceVersion.V40; return(true); } var info = GetHandlerArgs41(handler); if (info != null && CheckHandlerV41(info, out var data41Tmp)) { version = ResourceVersion.V41; data41 = data41Tmp; return(true); } return(false); }
protected override bool checkHandlerMethodDesktopInternal(MethodDefinition handler) { if (checkHandlerV3(handler)) { version = ResourceVersion.V3; return(true); } simpleDeobfuscator.deobfuscate(handler); if ((data40 = checkHandlerV40(handler)) != null) { version = ResourceVersion.V40; return(true); } var info = getHandlerArgs41(handler); Data41 data41Tmp; if (info != null && checkHandlerV41(info, out data41Tmp)) { version = ResourceVersion.V41; data41 = data41Tmp; return(true); } return(false); }
static Data40 CheckHandlerV40(MethodDef handler) { var data40 = new Data40(); var instrs = handler.Body.Instructions; for (int i = 0; i < instrs.Count; i++) { int index = i; if (instrs[index++].OpCode.Code != Code.Ldarg_1) { continue; } var ldtoken = instrs[index++]; if (ldtoken.OpCode.Code != Code.Ldtoken) { continue; } var field = ldtoken.Operand as FieldDef; string methodSig = "(System.ResolveEventArgs,System.RuntimeFieldHandle,System.Int32,System.String,System.Int32)"; var method = ldtoken.Operand as MethodDef; if (method != null) { // >= 4.0.4 if (!DotNetUtils.IsMethod(method, "System.Byte[]", "()")) { continue; } field = GetResourceField(method); methodSig = "(System.ResolveEventArgs,System.RuntimeMethodHandle,System.Int32,System.String,System.Int32)"; } else { // 4.0.1.18 .. 4.0.3 } if (field == null || field.InitialValue == null || field.InitialValue.Length == 0) { continue; } var ldci4_len = instrs[index++]; if (!ldci4_len.IsLdcI4()) { continue; } if (ldci4_len.GetLdcI4Value() != field.InitialValue.Length) { continue; } if (instrs[index++].OpCode.Code != Code.Ldstr) { continue; } var ldci4_magic = instrs[index++]; if (!ldci4_magic.IsLdcI4()) { continue; } data40.magic = ldci4_magic.GetLdcI4Value(); var call = instrs[index++]; if (call.OpCode.Code == Code.Tailcall) { call = instrs[index++]; } if (call.OpCode.Code != Code.Call) { continue; } var resolveHandler2 = call.Operand as MethodDef; if (!DotNetUtils.IsMethod(resolveHandler2, "System.Reflection.Assembly", methodSig)) { continue; } data40.resourceField = field; data40.getDataMethod = method; data40.resolveHandler2 = resolveHandler2; return(data40); } return(null); }
protected override bool CheckHandlerMethodDesktopInternal(MethodDef handler) { if (CheckHandlerV3(handler)) { version = ResourceVersion.V3; return true; } simpleDeobfuscator.Deobfuscate(handler); if ((data40 = CheckHandlerV40(handler)) != null) { version = ResourceVersion.V40; return true; } var info = GetHandlerArgs41(handler); Data41 data41Tmp; if (info != null && CheckHandlerV41(info, out data41Tmp)) { version = ResourceVersion.V41; data41 = data41Tmp; return true; } return false; }
static Data40 CheckHandlerV40(MethodDef handler) { var data40 = new Data40(); var instrs = handler.Body.Instructions; for (int i = 0; i < instrs.Count; i++) { int index = i; if (instrs[index++].OpCode.Code != Code.Ldarg_1) continue; var ldtoken = instrs[index++]; if (ldtoken.OpCode.Code != Code.Ldtoken) continue; var field = ldtoken.Operand as FieldDef; string methodSig = "(System.ResolveEventArgs,System.RuntimeFieldHandle,System.Int32,System.String,System.Int32)"; var method = ldtoken.Operand as MethodDef; if (method != null) { // >= 4.0.4 if (!DotNetUtils.IsMethod(method, "System.Byte[]", "()")) continue; field = GetResourceField(method); methodSig = "(System.ResolveEventArgs,System.RuntimeMethodHandle,System.Int32,System.String,System.Int32)"; } else { // 4.0.1.18 .. 4.0.3 } if (field == null || field.InitialValue == null || field.InitialValue.Length == 0) continue; var ldci4_len = instrs[index++]; if (!ldci4_len.IsLdcI4()) continue; if (ldci4_len.GetLdcI4Value() != field.InitialValue.Length) continue; if (instrs[index++].OpCode.Code != Code.Ldstr) continue; var ldci4_magic = instrs[index++]; if (!ldci4_magic.IsLdcI4()) continue; data40.magic = ldci4_magic.GetLdcI4Value(); var call = instrs[index++]; if (call.OpCode.Code == Code.Tailcall) call = instrs[index++]; if (call.OpCode.Code != Code.Call) continue; var resolveHandler2 = call.Operand as MethodDef; if (!DotNetUtils.IsMethod(resolveHandler2, "System.Reflection.Assembly", methodSig)) continue; data40.resourceField = field; data40.getDataMethod = method; data40.resolveHandler2 = resolveHandler2; return data40; } return null; }
public ComWithS71200DB() { TypeList.Add(Data0.GetType().ToString()); TypeList.Add(Data1.GetType().ToString()); TypeList.Add(Data2.GetType().ToString()); TypeList.Add(Data3.GetType().ToString()); TypeList.Add(Data4.GetType().ToString()); TypeList.Add(Data5.GetType().ToString()); TypeList.Add(Data6.GetType().ToString()); TypeList.Add(Data7.GetType().ToString()); TypeList.Add(Data8.GetType().ToString()); TypeList.Add(Data9.GetType().ToString()); TypeList.Add(Data10.GetType().ToString()); TypeList.Add(Data11.GetType().ToString()); TypeList.Add(Data12.GetType().ToString()); TypeList.Add(Data13.GetType().ToString()); TypeList.Add(Data14.GetType().ToString()); TypeList.Add(Data15.GetType().ToString()); TypeList.Add(Data16.GetType().ToString()); TypeList.Add(Data17.GetType().ToString()); TypeList.Add(Data18.GetType().ToString()); TypeList.Add(Data19.GetType().ToString()); TypeList.Add(Data20.GetType().ToString()); TypeList.Add(Data21.GetType().ToString()); TypeList.Add(Data22.GetType().ToString()); TypeList.Add(Data23.GetType().ToString()); TypeList.Add(Data24.GetType().ToString()); TypeList.Add(Data25.GetType().ToString()); TypeList.Add(Data26.GetType().ToString()); TypeList.Add(Data27.GetType().ToString()); TypeList.Add(Data28.GetType().ToString()); TypeList.Add(Data29.GetType().ToString()); TypeList.Add(Data30.GetType().ToString()); TypeList.Add(Data31.GetType().ToString()); TypeList.Add(Data32.GetType().ToString()); TypeList.Add(Data33.GetType().ToString()); TypeList.Add(Data34.GetType().ToString()); TypeList.Add(Data35.GetType().ToString()); TypeList.Add(Data36.GetType().ToString()); TypeList.Add(Data37.GetType().ToString()); TypeList.Add(Data38.GetType().ToString()); TypeList.Add(Data39.GetType().ToString()); TypeList.Add(Data40.GetType().ToString()); TypeList.Add(Data41.GetType().ToString()); TypeList.Add(Data42.GetType().ToString()); TypeList.Add(Data43.GetType().ToString()); TypeList.Add(Data44.GetType().ToString()); TypeList.Add(Data45.GetType().ToString()); TypeList.Add(Data46.GetType().ToString()); TypeList.Add(Data47.GetType().ToString()); TypeList.Add(Data48.GetType().ToString()); TypeList.Add(Data49.GetType().ToString()); TypeList.Add(Data50.GetType().ToString()); TypeList.Add(Data51.GetType().ToString()); TypeList.Add(Data52.GetType().ToString()); TypeList.Add(Data53.GetType().ToString()); TypeList.Add(Data54.GetType().ToString()); TypeList.Add(Data55.GetType().ToString()); TypeList.Add(Data56.GetType().ToString()); TypeList.Add(Data57.GetType().ToString()); TypeList.Add(Data58.GetType().ToString()); TypeList.Add(Data59.GetType().ToString()); TypeList.Add(Data60.GetType().ToString()); TypeList.Add(Data61.GetType().ToString()); TypeList.Add(Data62.GetType().ToString()); TypeList.Add(Data63.GetType().ToString()); TypeList.Add(Data64.GetType().ToString()); TypeList.Add(Data65.GetType().ToString()); TypeList.Add(Data66.GetType().ToString()); TypeList.Add(Data67.GetType().ToString()); TypeList.Add(Data68.GetType().ToString()); TypeList.Add(Data69.GetType().ToString()); TypeList.Add(Data70.GetType().ToString()); TypeList.Add(Data71.GetType().ToString()); TypeList.Add(Data72.GetType().ToString()); TypeList.Add(Data73.GetType().ToString()); TypeList.Add(Data74.GetType().ToString()); TypeList.Add(Data75.GetType().ToString()); TypeList.Add(Data76.GetType().ToString()); TypeList.Add(Data77.GetType().ToString()); TypeList.Add(Data78.GetType().ToString()); TypeList.Add(Data79.GetType().ToString()); TypeList.Add(Data80.GetType().ToString()); TypeList.Add(Data81.GetType().ToString()); TypeList.Add(Data82.GetType().ToString()); TypeList.Add(Data83.GetType().ToString()); TypeList.Add(Data84.GetType().ToString()); TypeList.Add(Data85.GetType().ToString()); TypeList.Add(Data86.GetType().ToString()); TypeList.Add(Data87.GetType().ToString()); TypeList.Add(Data88.GetType().ToString()); TypeList.Add(Data89.GetType().ToString()); TypeList.Add(Data90.GetType().ToString()); TypeList.Add(Data91.GetType().ToString()); TypeList.Add(Data92.GetType().ToString()); TypeList.Add(Data93.GetType().ToString()); TypeList.Add(Data94.GetType().ToString()); TypeList.Add(Data95.GetType().ToString()); TypeList.Add(Data96.GetType().ToString()); TypeList.Add(Data97.GetType().ToString()); TypeList.Add(Data98.GetType().ToString()); TypeList.Add(Data99.GetType().ToString()); TypeList.Add(Data100.GetType().ToString()); DataList.Add(Data0); DataList.Add(Data1); DataList.Add(Data2); DataList.Add(Data3); DataList.Add(Data4); DataList.Add(Data5); DataList.Add(Data6); DataList.Add(Data7); DataList.Add(Data8); DataList.Add(Data9); DataList.Add(Data10); DataList.Add(Data11); DataList.Add(Data12); DataList.Add(Data13); DataList.Add(Data14); DataList.Add(Data15); DataList.Add(Data16); DataList.Add(Data17); DataList.Add(Data18); DataList.Add(Data19); DataList.Add(Data20); DataList.Add(Data21); DataList.Add(Data22); DataList.Add(Data23); DataList.Add(Data24); DataList.Add(Data25); DataList.Add(Data26); DataList.Add(Data27); DataList.Add(Data28); DataList.Add(Data29); DataList.Add(Data30); DataList.Add(Data31); DataList.Add(Data32); DataList.Add(Data33); DataList.Add(Data34); DataList.Add(Data35); DataList.Add(Data36); DataList.Add(Data37); DataList.Add(Data38); DataList.Add(Data39); DataList.Add(Data40); DataList.Add(Data41); DataList.Add(Data42); DataList.Add(Data43); DataList.Add(Data44); DataList.Add(Data45); DataList.Add(Data46); DataList.Add(Data47); DataList.Add(Data48); DataList.Add(Data49); DataList.Add(Data50); DataList.Add(Data51); DataList.Add(Data52); DataList.Add(Data53); DataList.Add(Data54); DataList.Add(Data55); DataList.Add(Data56); DataList.Add(Data57); DataList.Add(Data58); DataList.Add(Data59); DataList.Add(Data60); DataList.Add(Data61); DataList.Add(Data62); DataList.Add(Data63); DataList.Add(Data64); DataList.Add(Data65); DataList.Add(Data66); DataList.Add(Data67); DataList.Add(Data68); DataList.Add(Data69); DataList.Add(Data70); DataList.Add(Data71); DataList.Add(Data72); DataList.Add(Data73); DataList.Add(Data74); DataList.Add(Data75); DataList.Add(Data76); DataList.Add(Data77); DataList.Add(Data78); DataList.Add(Data79); DataList.Add(Data80); DataList.Add(Data81); DataList.Add(Data82); DataList.Add(Data83); DataList.Add(Data84); DataList.Add(Data85); DataList.Add(Data86); DataList.Add(Data87); DataList.Add(Data88); DataList.Add(Data89); DataList.Add(Data90); DataList.Add(Data91); DataList.Add(Data92); DataList.Add(Data93); DataList.Add(Data94); DataList.Add(Data95); DataList.Add(Data96); DataList.Add(Data97); DataList.Add(Data98); DataList.Add(Data99); DataList.Add(Data100); }