private void OnContextMenuClick()
{
if (this.selectedItem == null)
{
return;
}
string location = GetFilePath();
if (string.IsNullOrWhiteSpace(location))
{
return;
}
De4dotWrapper de4Dot = new De4dotWrapper();
IObfuscatedFile obfuscationfile = de4Dot.SearchDeobfuscator(location);
if (!de4Dot.IsUnknownDeobfuscator(obfuscationfile))
{
DeobfuscateDialog.DeobfuscateDialog dialog = new DeobfuscateDialog.DeobfuscateDialog(selectedItem, assemblyManagerService);
dialog.ShowDialog();
}
else
{
MessageBox.Show("No obfuscator found (or unknown)");
}
}
private void ExecuteDeobfuscateCommand()
{
if (this.selectedItem == null)
{
return;
}
string location = GetFilePath();
if (string.IsNullOrWhiteSpace(location))
{
return;
}
De4dotWrapper de4Dot = new De4dotWrapper();
SaveFileDialog saveFileDialog = new SaveFileDialog();
saveFileDialog.Filter = "Assembly files (*.exe, *.dll)|*.exe;*.dll";
saveFileDialog.InitialDirectory = Path.GetDirectoryName(location);
saveFileDialog.FileName = Path.GetFileNameWithoutExtension(location) + ".Cleaned" + Path.GetExtension(location);
if (saveFileDialog.ShowDialog() == true)
{
IObfuscatedFile obfuscationfile = UpdateObfuscationFileWithOptions(de4Dot, location, saveFileDialog.FileName);
DeobfuscationProgressWindow progressWindow = new DeobfuscationProgressWindow(obfuscationfile, this.assemblyManagerService)
{
Title = saveFileDialog.FileName,
Width = 500,
Height = 150,
WindowStartupLocation = WindowStartupLocation.CenterOwner,
Owner = Application.Current.MainWindow
};
progressWindow.Start(saveFileDialog.FileName);
}
}
public DeobfuscationProgressWindow(IObfuscatedFile obfuscationFile, IAssemblyManagerService assemblyManager)
{
this.assemblyManager = assemblyManager;
this.obfuscationFile = obfuscationFile;
InitializeComponent();
}
public DeobfuscationProgressWindow(IObfuscatedFile obfuscationFile, IAssemblyManagerService assemblyManager)
{
this.assemblyManager = assemblyManager;
this.obfuscationFile = obfuscationFile;
InitializeComponent();
}
bool add(IObfuscatedFile file, bool skipUnknownObfuscator, bool isFromPossibleFiles)
{
var key = Utils.getFullPath(file.Filename);
if (allFiles.ContainsKey(key))
{
Logger.Instance.Log(false, null, LoggerEvent.Warning, "Ingoring duplicate file: {0}", file.Filename);
return(false);
}
allFiles[key] = true;
int oldIndentLevel = Logger.Instance.IndentLevel;
try {
file.DeobfuscatorContext = options.DeobfuscatorContext;
file.load(options.CreateDeobfuscators());
}
catch (NotSupportedException) {
return(false); // Eg. unsupported architecture
}
catch (BadImageFormatException) {
if (isFromPossibleFiles)
{
Logger.Instance.Log(false, null, LoggerEvent.Warning, "The file isn't a .NET PE file: {0}", file.Filename);
}
return(false); // Not a .NET file
}
catch (EndOfStreamException) {
return(false);
}
catch (Exception ex) {
Logger.Instance.Log(false, null, LoggerEvent.Warning, "Could not load file ({0}): {1}", ex.GetType(), file.Filename);
return(false);
}
finally {
Logger.Instance.IndentLevel = oldIndentLevel;
}
var deob = file.Deobfuscator;
if (skipUnknownObfuscator && deob.Type == "un")
{
Logger.v("Skipping unknown obfuscator: {0}", file.Filename);
removeModule(file.ModuleDefMD);
return(false);
}
else
{
Logger.n("Detected {0} ({1})", deob.Name, file.Filename);
if (options.CreateDestinationDir)
{
createDirectories(Path.GetDirectoryName(file.NewFilename));
}
return(true);
}
}
public FileSystemPath Execute(IAssemblyFile existingAssemblyFile, string newFileName, IProgressIndicator progressIndicator)
{
var context = new ModuleContext();
var fileOptions = new ObfuscatedFile.Options
{
Filename = existingAssemblyFile.Location.FullPath,
NewFilename = newFileName,
};
IObfuscatedFile obfuscationFile = CreateObfuscationFile(fileOptions, context);
return(Deobfuscate(obfuscationFile, progressIndicator));
}
public DialogResult ShowDialog(IObfuscatedFile ofile, string newFilename)
{
// HACK
var ofiletype = ofile.GetType();
var ofield = ofiletype.GetField("options", BindingFlags.NonPublic | BindingFlags.Instance);
Debug.Assert(ofield != null, "Check De4Dot impl.");
var options = (ObfuscatedFile.Options)ofield.GetValue(ofile);
options.NewFilename = newFilename;
BackgroundWorker.RunWorkerAsync(ofile);
return(ShowDialog());
}
private void GenerateMessage()
{
string location = GetFilePath();
if (string.IsNullOrWhiteSpace(location))
{
return;
}
De4dotWrapper de4Dot = new De4dotWrapper();
IObfuscatedFile obfuscationfile = de4Dot.SearchDeobfuscator(location);
string caption = "Assembly {0} is obfuscated with {1}. Clean the file ?";
caption = string.Format(caption, Path.GetFileName(location), obfuscationfile.Deobfuscator.Name);
this.Message = caption;
}
private FileSystemPath Deobfuscate(IObfuscatedFile obfuscatedFile, IProgressIndicator progressIndicator)
{
try
{
progressIndicator.Start(5);
progressIndicator.TaskName = "Deobfuscating...";
progressIndicator.CurrentItemText = string.Format("Saving to {0}", obfuscatedFile.NewFilename);
progressIndicator.Advance(1);
obfuscatedFile.deobfuscateBegin();
progressIndicator.Advance(1);
obfuscatedFile.deobfuscate();
progressIndicator.Advance(1);
obfuscatedFile.deobfuscateEnd();
// turn all flags on
RenamerFlags flags = RenamerFlags.DontCreateNewParamDefs | RenamerFlags.DontRenameDelegateFields |
RenamerFlags.RenameEvents |
RenamerFlags.RenameFields | RenamerFlags.RenameGenericParams |
RenamerFlags.RenameMethodArgs |
RenamerFlags.RenameMethods | RenamerFlags.RenameNamespaces |
RenamerFlags.RenameProperties |
RenamerFlags.RenameTypes | RenamerFlags.RestoreEvents |
RenamerFlags.RestoreEventsFromNames |
RenamerFlags.RestoreProperties | RenamerFlags.RestorePropertiesFromNames;
var renamer = new Renamer(obfuscatedFile.DeobfuscatorContext, new[] { obfuscatedFile }, flags);
progressIndicator.Advance(1);
renamer.rename();
progressIndicator.Advance(1);
obfuscatedFile.save();
}
finally
{
progressIndicator.Stop();
}
return(new FileSystemPath(obfuscatedFile.NewFilename));
}
private FileSystemPath Deobfuscate(IObfuscatedFile obfuscatedFile, IProgressIndicator progressIndicator)
{
try
{
progressIndicator.Start(5);
progressIndicator.TaskName = "Deobfuscating...";
progressIndicator.CurrentItemText = string.Format("Saving to {0}", obfuscatedFile.NewFilename);
progressIndicator.Advance(1);
obfuscatedFile.deobfuscateBegin();
progressIndicator.Advance(1);
obfuscatedFile.deobfuscate();
progressIndicator.Advance(1);
obfuscatedFile.deobfuscateEnd();
// turn all flags on
RenamerFlags flags = RenamerFlags.DontCreateNewParamDefs | RenamerFlags.DontRenameDelegateFields |
RenamerFlags.RenameEvents |
RenamerFlags.RenameFields | RenamerFlags.RenameGenericParams |
RenamerFlags.RenameMethodArgs |
RenamerFlags.RenameMethods | RenamerFlags.RenameNamespaces |
RenamerFlags.RenameProperties |
RenamerFlags.RenameTypes | RenamerFlags.RestoreEvents |
RenamerFlags.RestoreEventsFromNames |
RenamerFlags.RestoreProperties | RenamerFlags.RestorePropertiesFromNames;
var renamer = new Renamer(obfuscatedFile.DeobfuscatorContext, new[] { obfuscatedFile }, flags);
progressIndicator.Advance(1);
renamer.rename();
progressIndicator.Advance(1);
obfuscatedFile.save();
}
finally
{
progressIndicator.Stop();
}
return new FileSystemPath(obfuscatedFile.NewFilename);
}
public DialogResult ShowDialog(string filename, IObfuscatedFile file)
{
LabAssembly.Text = string.Format(LabAssembly.Text, Path.GetFileName(filename), file.Deobfuscator.Name);
return ShowDialog();
}
public static bool IsUnknownDeobfuscator(IObfuscatedFile file)
{
return (file == null || file.Deobfuscator == null || file.Deobfuscator is de4dot.code.deobfuscators.Unknown.Deobfuscator);
}
public Module(IObfuscatedFile obfuscatedFile)
{
this.obfuscatedFile = obfuscatedFile;
}
public DialogResult ShowDialog(IObfuscatedFile ofile, string newFilename)
{
// HACK
var ofiletype = ofile.GetType();
var ofield = ofiletype.GetField("options", BindingFlags.NonPublic | BindingFlags.Instance);
Debug.Assert(ofield != null, "Check De4Dot impl.");
var options = (ObfuscatedFile.Options) ofield.GetValue(ofile);
options.NewFilename = newFilename;
BackgroundWorker.RunWorkerAsync(ofile);
return ShowDialog();
}
public bool IsUnknownDeobfuscator(IObfuscatedFile file)
{
return (file == null || file.Deobfuscator == null || file.Deobfuscator.Name == "Unknown Obfuscator");
}
bool add(IObfuscatedFile file, bool skipUnknownObfuscator = false)
{
var key = Utils.getFullPath(file.Filename);
if (allFiles.ContainsKey(key)) {
Log.w("Ingoring duplicate file: {0}", file.Filename);
return false;
}
allFiles[key] = true;
int oldIndentLevel = Log.indentLevel;
try {
file.load(options.CreateDeobfuscators());
}
catch (NotSupportedException) {
return false; // Eg. unsupported architecture
}
catch (BadImageFormatException) {
return false; // Not a .NET file
}
catch (EndOfStreamException) {
return false;
}
catch (Exception ex) {
Log.w("Could not load file ({0}): {1}", ex.GetType(), file.Filename);
return false;
}
finally {
Log.indentLevel = oldIndentLevel;
}
var deob = file.Deobfuscator;
if (skipUnknownObfuscator && deob.Type == "un") {
Log.v("Skipping unknown obfuscator: {0}", file.Filename);
removeModule(file.ModuleDefinition);
return false;
}
else {
Log.n("Detected {0} ({1})", deob.Name, file.Filename);
if (options.CreateDestinationDir)
createDirectories(Path.GetDirectoryName(file.NewFilename));
return true;
}
}
bool Add(IObfuscatedFile file, bool skipUnknownObfuscator, bool isFromPossibleFiles) {
var key = Utils.GetFullPath(file.Filename);
if (allFiles.ContainsKey(key)) {
Logger.Instance.Log(false, null, LoggerEvent.Warning, "Ingoring duplicate file: {0}", file.Filename);
return false;
}
allFiles[key] = true;
int oldIndentLevel = Logger.Instance.IndentLevel;
try {
file.DeobfuscatorContext = options.DeobfuscatorContext;
file.Load(options.CreateDeobfuscators());
}
catch (NotSupportedException) {
return false; // Eg. unsupported architecture
}
catch (BadImageFormatException) {
if (isFromPossibleFiles)
Logger.Instance.Log(false, null, LoggerEvent.Warning, "The file isn't a .NET PE file: {0}", file.Filename);
return false; // Not a .NET file
}
catch (EndOfStreamException) {
return false;
}
catch (IOException) {
if (isFromPossibleFiles)
Logger.Instance.Log(false, null, LoggerEvent.Warning, "The file isn't a .NET PE file: {0}", file.Filename);
return false; // Not a .NET file
}
catch (Exception ex) {
Logger.Instance.Log(false, null, LoggerEvent.Warning, "Could not load file ({0}): {1}", ex.GetType(), file.Filename);
return false;
}
finally {
Logger.Instance.IndentLevel = oldIndentLevel;
}
var deob = file.Deobfuscator;
if (skipUnknownObfuscator && deob.Type == "un") {
Logger.v("Skipping unknown obfuscator: {0}", file.Filename);
RemoveModule(file.ModuleDefMD);
return false;
}
else {
Logger.n("Detected {0} ({1})", deob.Name, file.Filename);
if (options.CreateDestinationDir)
CreateDirectories(Path.GetDirectoryName(file.NewFilename));
return true;
}
}
bool add(IObfuscatedFile file, bool skipUnknownObfuscator = false)
{
var key = Utils.getFullPath(file.Filename);
if (allFiles.ContainsKey(key)) {
Log.w("Ingoring duplicate file: {0}", file.Filename);
return false;
}
allFiles[key] = true;
try {
file.load(options.CreateDeobfuscators());
}
catch (NotSupportedException) {
return false; // Eg. unsupported architecture
}
catch (BadImageFormatException) {
return false; // Not a .NET file
}
catch (ArgumentOutOfRangeException) {
Log.w("Could not load file (argument out of range): {0}", file.Filename);
return false;
}
catch (UnauthorizedAccessException) {
Log.w("Could not load file (not authorized): {0}", file.Filename);
return false;
}
catch (NullReferenceException) {
Log.w("Could not load file (null ref): {0}", file.Filename);
return false;
}
catch (IOException) {
Log.w("Could not load file (io exception): {0}", file.Filename);
return false;
}
var deob = file.Deobfuscator;
if (skipUnknownObfuscator && deob.Type == "un") {
Log.v("Skipping unknown obfuscator: {0}", file.Filename);
removeModule(file.ModuleDefinition);
return false;
}
else {
Log.n("Detected {0} ({1})", deob.Name, file.Filename);
if (options.CreateDestinationDir)
createDirectories(Path.GetDirectoryName(file.NewFilename));
return true;
}
}
public static bool IsUnknownDeobfuscator(IObfuscatedFile file)
{
return(file == null || file.Deobfuscator == null || file.Deobfuscator is de4dot.code.deobfuscators.Unknown.Deobfuscator);
}
public DialogResult ShowDialog(string filename, IObfuscatedFile file)
{
LabAssembly.Text = string.Format(LabAssembly.Text, Path.GetFileName(filename), file.Deobfuscator.Name);
return(ShowDialog());
}
public bool IsUnknownDeobfuscator(IObfuscatedFile file)
{
return(file == null || file.Deobfuscator == null || file.Deobfuscator.Name == "Unknown Obfuscator");
}