private static string DecryptSting(MethodSpec decryptionMethod, uint uintVal, object arrayVal)
{
Base.methodsToRemove.Add(decryptionMethod);
MethodDef resolvedDef = decryptionMethod.ResolveMethodDef();
CawkEmulatorV4.Emulation emulationD = new CawkEmulatorV4.Emulation(resolvedDef);
emulationD.ValueStack.Fields[ModuleDefMD.ResolveToken(Strings.Initalise.DecryptInitialByteArray.fields.MDToken.ToInt32()) as FieldDef] = Strings.Initalise.DecryptInitialByteArray.byte_0;
File.WriteAllBytes("Method.bin", methodBytes);
if (FieldValueGrabber.value != null)
{
emulationD.ValueStack.Fields[
ModuleDefMD.ResolveToken(FieldValueGrabber.value.Item1.MDToken.ToInt32()) as
FieldDef] = (int)
FieldValueGrabber.value.Item2;
}
emulationD.ValueStack.Parameters[resolvedDef.Parameters[0]] = uintVal;
emulationD.ValueStack.Parameters[resolvedDef.Parameters[1]] = arrayVal;
emulationD.OnCallPrepared = (sender, e) => { HandleCall(sender, e); };
emulationD.OnInstructionPrepared += (emulation, args) =>
{
if (args.Instruction.OpCode == OpCodes.Isinst)
{
dynamic value = emulation.ValueStack.CallStack.Pop();
TypeRef instrType = args.Instruction.Operand as TypeRef;
dynamic name = value.GetType().Name;
if (instrType.FullName.Contains(name))
{
emulation.ValueStack.CallStack.Push(1);
}
else
{
emulation.ValueStack.CallStack.Push(null);
}
args.Cancel = true;
}
else if (args.Instruction.OpCode == OpCodes.Castclass)
{
dynamic abc = emulation.ValueStack.CallStack.Pop();
if (abc is int[])
{
emulation.ValueStack.CallStack.Push((int[])abc);
args.Cancel = true;
}
if (args.Instruction.Operand.ToString().Contains("Assembly"))
{
emulation.ValueStack.CallStack.Push(null);
args.Cancel = true;
}
}
};
emulationD.Emulate();
return((string)emulationD.ValueStack.CallStack.Pop());
}
public RInstructions(ModuleDefMD module)
{
this.module = module;
foreach (var type in module.GetTypes())
{
foreach (var m in type.Methods)
{
if (m.Body == null)
{
continue;
}
foreach (var mi in m.Body.Instructions)
{
if (mi != null && mi.Operand is MemberRef)
{
MemberRef mr = (MemberRef)mi.Operand;
if (mr.IsFieldRef)
{
f2d.Add(new RefToDef <MemberRef, FieldDef> {
Ref = mr, Def = mr.ResolveField()
});
}
else if (mr.IsMethodRef)
{
var r2f = new RefToDef <MemberRef, MethodDef> {
Ref = mr, Def = mr.ResolveMethod()
};
if (r2f.Def == null)
{
Helper.WriteLine("NoDEF: " + r2f.Ref.FullName);
}
else
{
m2d.Add(r2f);
}
}
}
if (mi != null && mi.Operand is MethodSpec)
{
MethodSpec ms = (MethodSpec)mi.Operand;
m2d2.Add(new RefToDef <MethodSpec, MethodDef> {
Ref = ms, Def = ms.ResolveMethodDef()
});
}
}
}
}
}
