Example #1
0
 protected ProxyCallFixer1(ModuleDefMD module, ProxyCallFixer1 oldOne)
     : base(module, oldOne)
 {
     foreach (var key in oldOne.fieldToDelegateInfo.getKeys())
     {
         fieldToDelegateInfo.add(lookup(key, "Could not find field"), copy(oldOne.fieldToDelegateInfo.find(key)));
     }
 }
Example #2
0
        static internal IEnumerable <FieldDef> getFields(TypeDef type)
        {
            var typeFields = new FieldDefAndDeclaringTypeDict <FieldDef>();

            foreach (var field in type.Fields)
            {
                typeFields.add(field, field);
            }
            var realFields = new Dictionary <FieldDef, bool>();

            foreach (var method in type.Methods)
            {
                if (method.Body == null)
                {
                    continue;
                }
                foreach (var instr in method.Body.Instructions)
                {
                    var fieldRef = instr.Operand as IField;
                    if (fieldRef == null)
                    {
                        continue;
                    }
                    var field = typeFields.find(fieldRef);
                    if (field == null)
                    {
                        continue;
                    }
                    realFields[field] = true;
                }
            }
            return(realFields.Keys);
        }
        public void initialize()
        {
            foreach (var kv in getMovedTypes())
            {
                var structType = kv.Key;
                structToOwners.add(structType, kv.Value);

                foreach (var ownerType in kv.Value)
                {
                    foreach (var ownerField in ownerType.Fields)
                    {
                        if (DotNetUtils.getType(module, ownerField.FieldSig.GetFieldType()) != structType)
                        {
                            continue;
                        }
                        structFieldsToFix.add(ownerField, true);
                        break;
                    }

                    var fieldsDict = new FieldDefAndDeclaringTypeDict <FieldDef>();
                    typeToFieldsDict.add(ownerType, fieldsDict);
                    foreach (var structField in structType.Fields)
                    {
                        var newField = module.UpdateRowId(new FieldDefUser(structField.Name, structField.FieldSig.Clone(), structField.Attributes));
                        ownerType.Fields.Add(newField);
                        fieldsDict.add(structField, newField);
                    }
                }
            }
        }
        static short[] findKey(MethodDef initMethod, FieldDef keyField)
        {
            var fields = new FieldDefAndDeclaringTypeDict <bool>();

            fields.add(keyField, true);
            return(findKey(initMethod, fields));
        }
Example #5
0
        bool initializeArrays2(ISimpleDeobfuscator simpleDeobfuscator, MethodDef method)
        {
            bool foundField = false;

            simpleDeobfuscator.deobfuscate(method, true);
            var instructions = method.Body.Instructions;

            for (int i = 0; i < instructions.Count; i++)
            {
                var ldci4 = instructions[i];
                if (!ldci4.IsLdcI4())
                {
                    continue;
                }
                i++;
                var instrs = DotNetUtils.getInstructions(instructions, i, OpCodes.Newarr, OpCodes.Dup, OpCodes.Ldtoken, OpCodes.Call, OpCodes.Stsfld);
                if (instrs == null)
                {
                    continue;
                }

                var arrayInitField = instrs[2].Operand as FieldDef;
                if (arrayInitField == null || arrayInitField.InitialValue == null || arrayInitField.InitialValue.Length == 0)
                {
                    continue;
                }

                var calledMethod = instrs[3].Operand as IMethod;
                if (calledMethod == null || calledMethod.FullName != "System.Void System.Runtime.CompilerServices.RuntimeHelpers::InitializeArray(System.Array,System.RuntimeFieldHandle)")
                {
                    continue;
                }

                var targetField = instrs[4].Operand as FieldDef;
                if (targetField == null || targetField.FieldType.GetElementType() != ElementType.SZArray)
                {
                    continue;
                }
                var etype = ((SZArraySig)targetField.FieldType).Next.GetElementType();
                if (etype < ElementType.Boolean || etype > ElementType.U4)
                {
                    continue;
                }

                if (fieldToInfo.find(targetField) == null)
                {
                    fieldToInfo.add(targetField, new FieldInfo(targetField, arrayInitField));
                    foundField = true;
                }
            }
            return(foundField);
        }
Example #6
0
        public void initialize(ISimpleDeobfuscator deobfuscator)
        {
            if (decrypterCctor == null)
            {
                return;
            }

            deobfuscator.deobfuscate(decrypterCctor);
            var instrs = decrypterCctor.Body.Instructions;

            for (int i = 0; i < instrs.Count - 4; i++)
            {
                var ldstr = instrs[i];
                if (ldstr.OpCode.Code != Code.Ldstr)
                {
                    continue;
                }
                var encryptedString = ldstr.Operand as string;
                if (encryptedString == null)
                {
                    continue;
                }
                if (instrs[i + 1].OpCode.Code != Code.Stsfld)
                {
                    continue;
                }
                if (instrs[i + 2].OpCode.Code != Code.Ldsfld)
                {
                    continue;
                }
                if (instrs[i + 3].OpCode.Code != Code.Call)
                {
                    continue;
                }
                if (instrs[i + 4].OpCode.Code != Code.Stsfld)
                {
                    continue;
                }
                var field = instrs[i + 4].Operand as FieldDef;
                if (field == null)
                {
                    continue;
                }
                if (!new SigComparer().Equals(field.DeclaringType, decrypterType))
                {
                    continue;
                }

                fieldToDecryptedString.add(field, decrypter.decrypt(encryptedString));
            }
        }
        void initType(TypeDef type)
        {
            var cctor = type.FindStaticConstructor();

            if (cctor == null)
            {
                return;
            }
            var info = getStringInfo(cctor);

            if (info == null)
            {
                return;
            }

            stringInfos.add(info.field, info);
        }
        // Find the string decrypter string offset value or null if none found
        int?findOffsetValue(MethodDef method)
        {
            var fieldDict = new FieldDefAndDeclaringTypeDict <IField>();

            foreach (var field in method.DeclaringType.Fields)
            {
                fieldDict.add(field, field);
            }

            var offsetField = findOffsetField(method);

            if (offsetField == null)
            {
                return(null);
            }

            return(findOffsetValue(method, (FieldDef)fieldDict.find(offsetField), fieldDict));
        }
Example #9
0
        public void initializeEventHandlerNames()
        {
            var ourFields = new FieldDefAndDeclaringTypeDict <MFieldDef>();

            foreach (var fieldDef in type.AllFields)
            {
                ourFields.add(fieldDef.FieldDef, fieldDef);
            }
            var ourMethods = new MethodDefAndDeclaringTypeDict <MMethodDef>();

            foreach (var methodDef in type.AllMethods)
            {
                ourMethods.add(methodDef.MethodDef, methodDef);
            }

            initVbEventHandlers(ourFields, ourMethods);
            initFieldEventHandlers(ourFields, ourMethods);
            initTypeEventHandlers(ourFields, ourMethods);
        }
            static FieldDefAndDeclaringTypeDict <bool> getFields(MethodDef method)
            {
                var fields = new FieldDefAndDeclaringTypeDict <bool>();

                foreach (var instr in method.Body.Instructions)
                {
                    if (instr.OpCode.Code != Code.Ldsfld && instr.OpCode.Code != Code.Stsfld)
                    {
                        continue;
                    }
                    var field = instr.Operand as FieldDef;
                    if (field == null)
                    {
                        continue;
                    }
                    if (field.DeclaringType != method.DeclaringType)
                    {
                        continue;
                    }
                    fields.add(field, true);
                }
                return(fields);
            }
        public void initialize()
        {
            foreach (var kv in getMovedTypes()) {
                var structType = kv.Key;
                structToOwners.add(structType, kv.Value);

                foreach (var ownerType in kv.Value) {
                    foreach (var ownerField in ownerType.Fields) {
                        if (DotNetUtils.getType(module, ownerField.FieldSig.GetFieldType()) != structType)
                            continue;
                        structFieldsToFix.add(ownerField, true);
                        break;
                    }

                    var fieldsDict = new FieldDefAndDeclaringTypeDict<FieldDef>();
                    typeToFieldsDict.add(ownerType, fieldsDict);
                    foreach (var structField in structType.Fields) {
                        var newField = module.UpdateRowId(new FieldDefUser(structField.Name, structField.FieldSig.Clone(), structField.Attributes));
                        ownerType.Fields.Add(newField);
                        fieldsDict.add(structField, newField);
                    }
                }
            }
        }
Example #12
0
        void initializeWindowsFormsFieldsAndProps()
        {
            var checker = NameChecker;

            var ourFields = new FieldDefAndDeclaringTypeDict<MFieldDef>();
            foreach (var fieldDef in type.AllFields)
                ourFields.add(fieldDef.FieldDef, fieldDef);
            var ourMethods = new MethodDefAndDeclaringTypeDict<MMethodDef>();
            foreach (var methodDef in type.AllMethods)
                ourMethods.add(methodDef.MethodDef, methodDef);

            foreach (var methodDef in type.AllMethods) {
                if (methodDef.MethodDef.Body == null)
                    continue;
                if (methodDef.MethodDef.IsStatic || methodDef.MethodDef.IsVirtual)
                    continue;
                var instructions = methodDef.MethodDef.Body.Instructions;
                for (int i = 2; i < instructions.Count; i++) {
                    var call = instructions[i];
                    if (call.OpCode.Code != Code.Call && call.OpCode.Code != Code.Callvirt)
                        continue;
                    if (!isWindowsFormsSetNameMethod(call.Operand as IMethod))
                        continue;

                    var ldstr = instructions[i - 1];
                    if (ldstr.OpCode.Code != Code.Ldstr)
                        continue;
                    var fieldName = ldstr.Operand as string;
                    if (fieldName == null || !checker.isValidFieldName(fieldName))
                        continue;

                    var instr = instructions[i - 2];
                    IField fieldRef = null;
                    if (instr.OpCode.Code == Code.Call || instr.OpCode.Code == Code.Callvirt) {
                        var calledMethod = instr.Operand as IMethod;
                        if (calledMethod == null)
                            continue;
                        var calledMethodDef = ourMethods.find(calledMethod);
                        if (calledMethodDef == null)
                            continue;
                        fieldRef = getFieldRef(calledMethodDef.MethodDef);

                        var propDef = calledMethodDef.Property;
                        if (propDef == null)
                            continue;

                        memberInfos.prop(propDef).suggestedName = fieldName;
                        fieldName = "_" + fieldName;
                    }
                    else if (instr.OpCode.Code == Code.Ldfld) {
                        fieldRef = instr.Operand as IField;
                    }

                    if (fieldRef == null)
                        continue;
                    var fieldDef = ourFields.find(fieldRef);
                    if (fieldDef == null)
                        continue;
                    var fieldInfo = memberInfos.field(fieldDef);

                    if (fieldInfo.renamed)
                        continue;

                    fieldInfo.suggestedName = variableNameState.getNewFieldName(fieldInfo.oldName, new NameCreator2(fieldName));
                }
            }
        }
 static FieldDefAndDeclaringTypeDict<bool> getFields(MethodDef method)
 {
     var fields = new FieldDefAndDeclaringTypeDict<bool>();
     foreach (var instr in method.Body.Instructions) {
         if (instr.OpCode.Code != Code.Ldsfld && instr.OpCode.Code != Code.Stsfld)
             continue;
         var field = instr.Operand as FieldDef;
         if (field == null)
             continue;
         if (field.DeclaringType != method.DeclaringType)
             continue;
         fields.add(field, true);
     }
     return fields;
 }
Example #14
0
        public void initializeEventHandlerNames()
        {
            var ourFields = new FieldDefAndDeclaringTypeDict<MFieldDef>();
            foreach (var fieldDef in type.AllFields)
                ourFields.add(fieldDef.FieldDef, fieldDef);
            var ourMethods = new MethodDefAndDeclaringTypeDict<MMethodDef>();
            foreach (var methodDef in type.AllMethods)
                ourMethods.add(methodDef.MethodDef, methodDef);

            initVbEventHandlers(ourFields, ourMethods);
            initFieldEventHandlers(ourFields, ourMethods);
            initTypeEventHandlers(ourFields, ourMethods);
        }
        // Find the string decrypter string offset value or null if none found
        int? findOffsetValue(MethodDef method)
        {
            var fieldDict = new FieldDefAndDeclaringTypeDict<IField>();
            foreach (var field in method.DeclaringType.Fields)
                fieldDict.add(field, field);

            var offsetField = findOffsetField(method);
            if (offsetField == null)
                return null;

            return findOffsetValue(method, (FieldDef)fieldDict.find(offsetField), fieldDict);
        }
Example #16
0
        void initializeWindowsFormsFieldsAndProps()
        {
            var checker = NameChecker;

            var ourFields = new FieldDefAndDeclaringTypeDict <MFieldDef>();

            foreach (var fieldDef in type.AllFields)
            {
                ourFields.add(fieldDef.FieldDef, fieldDef);
            }
            var ourMethods = new MethodDefAndDeclaringTypeDict <MMethodDef>();

            foreach (var methodDef in type.AllMethods)
            {
                ourMethods.add(methodDef.MethodDef, methodDef);
            }

            foreach (var methodDef in type.AllMethods)
            {
                if (methodDef.MethodDef.Body == null)
                {
                    continue;
                }
                if (methodDef.MethodDef.IsStatic || methodDef.MethodDef.IsVirtual)
                {
                    continue;
                }
                var instructions = methodDef.MethodDef.Body.Instructions;
                for (int i = 2; i < instructions.Count; i++)
                {
                    var call = instructions[i];
                    if (call.OpCode.Code != Code.Call && call.OpCode.Code != Code.Callvirt)
                    {
                        continue;
                    }
                    if (!isWindowsFormsSetNameMethod(call.Operand as IMethod))
                    {
                        continue;
                    }

                    var ldstr = instructions[i - 1];
                    if (ldstr.OpCode.Code != Code.Ldstr)
                    {
                        continue;
                    }
                    var fieldName = ldstr.Operand as string;
                    if (fieldName == null || !checker.isValidFieldName(fieldName))
                    {
                        continue;
                    }

                    var    instr    = instructions[i - 2];
                    IField fieldRef = null;
                    if (instr.OpCode.Code == Code.Call || instr.OpCode.Code == Code.Callvirt)
                    {
                        var calledMethod = instr.Operand as IMethod;
                        if (calledMethod == null)
                        {
                            continue;
                        }
                        var calledMethodDef = ourMethods.find(calledMethod);
                        if (calledMethodDef == null)
                        {
                            continue;
                        }
                        fieldRef = getFieldRef(calledMethodDef.MethodDef);

                        var propDef = calledMethodDef.Property;
                        if (propDef == null)
                        {
                            continue;
                        }

                        memberInfos.prop(propDef).suggestedName = fieldName;
                        fieldName = "_" + fieldName;
                    }
                    else if (instr.OpCode.Code == Code.Ldfld)
                    {
                        fieldRef = instr.Operand as IField;
                    }

                    if (fieldRef == null)
                    {
                        continue;
                    }
                    var fieldDef = ourFields.find(fieldRef);
                    if (fieldDef == null)
                    {
                        continue;
                    }
                    var fieldInfo = memberInfos.field(fieldDef);

                    if (fieldInfo.renamed)
                    {
                        continue;
                    }

                    fieldInfo.suggestedName = variableNameState.getNewFieldName(fieldInfo.oldName, new NameCreator2(fieldName));
                }
            }
        }
 internal static IEnumerable<FieldDef> getFields(TypeDef type)
 {
     var typeFields = new FieldDefAndDeclaringTypeDict<FieldDef>();
     foreach (var field in type.Fields)
         typeFields.add(field, field);
     var realFields = new Dictionary<FieldDef, bool>();
     foreach (var method in type.Methods) {
         if (method.Body == null)
             continue;
         foreach (var instr in method.Body.Instructions) {
             var fieldRef = instr.Operand as IField;
             if (fieldRef == null)
                 continue;
             var field = typeFields.find(fieldRef);
             if (field == null)
                 continue;
             realFields[field] = true;
         }
     }
     return realFields.Keys;
 }
 static short[] findKey(MethodDef initMethod, FieldDef keyField)
 {
     var fields = new FieldDefAndDeclaringTypeDict<bool>();
     fields.add(keyField, true);
     return findKey(initMethod, fields);
 }