public void Execute()
{
if (token.IsCancellationRequested)
{
// it means its called from Redo command
token = default(CancellationToken);
}
if (DeFlowSettings.Settings.Logs)
{
OutputLog.Instance.WriteLine("Methods in module: " + this.methods.Count.ToString());
}
foreach (var method in this.methods)
{
try
{
if (DeFlowSettings.Settings.Logs)
{
OutputLog.Instance.WriteLine("Processing method: " + string.Format("0x{0:X8}", method.MDToken.Raw));
}
isBodyModified.Add(methodAnnotations.IsBodyModified(method));
methodAnnotations.SetBodyModified(method, true);
MethodDeobfuscator.Deobfuscate(method, token);
}
catch (OperationCanceledException)
{
break;
}
}
}
public void Execute()
{
isBodyModified = methodAnnotations.IsBodyModified(methodNode.MethodDef);
methodAnnotations.SetBodyModified(methodNode.MethodDef, true);
DeadInstructions.DeadInstrsList.Clear();
CancellationToken token = default(CancellationToken);
MethodDeobfuscator.DeobfuscateAssisted(methodNode.MethodDef, token, ctx, expr, block);
}
public void Execute()
{
if (token.IsCancellationRequested)
{
// it means its called from Redo command
token = default(CancellationToken);
}
try
{
if (DeFlowSettings.Settings.Logs)
{
OutputLog.Instance.WriteLine("Processing method: " + string.Format("0x{0:X8}", methodNode.MethodDef.MDToken.Raw));
}
isBodyModified = methodAnnotations.IsBodyModified(methodNode.MethodDef);
methodAnnotations.SetBodyModified(methodNode.MethodDef, true);
MethodDeobfuscator.Deobfuscate(methodNode.MethodDef, token);
}
catch (OperationCanceledException)
{
}
}
public void Execute()
{
if (token.IsCancellationRequested)
{
// it means its called from Redo command
token = default(CancellationToken);
}
try
{
methods.Add(methodNode.MethodDef);
origMethodBodys.Add(methodNode.MethodDef.MethodBody);
isBodyModified.Add(methodAnnotations.IsBodyModified(methodNode.MethodDef));
methodAnnotations.SetBodyModified(methodNode.MethodDef, true);
var method = methodNode.MethodDef;
if (method.Body.Instructions.Any(x => x.OpCode.Code == Code.Call && x.Operand is MethodDef))
{
//At first lets restore all methods called from this method
for (int i = 0; i < method.Body.Instructions.Count(); i++)
{
if (method.Body.Instructions[i].OpCode.Code == Code.Call && method.Body.Instructions[i].Operand is MethodDef && (method.Body.Instructions[i].Operand as MethodDef).Body != null)
{
methods.Add(method.Body.Instructions[i].Operand as MethodDef);
origMethodBodys.Add((method.Body.Instructions[i].Operand as MethodDef).MethodBody);
isBodyModified.Add(methodAnnotations.IsBodyModified(method.Body.Instructions[i].Operand as MethodDef));
methodAnnotations.SetBodyModified(method.Body.Instructions[i].Operand as MethodDef, true);
MethodDeobfuscator.Deobfuscate(method.Body.Instructions[i].Operand as MethodDef, token);
}
}
var tempMethod = DotNetUtils.Clone(method);
var blocks = new Blocks(tempMethod);
List <Block> allBlocks = new List <Block>();
blocks.MethodBlocks.GetAllBlocks(allBlocks);
foreach (var block in allBlocks)
{
for (int i = 0; i < block.Instructions.Count; i++)
{
var instruction = block.Instructions[i];
if (instruction.OpCode.Code == Code.Call && instruction.Operand is MethodDef && (instruction.Operand as MethodDef).Body != null)
{
// Remove empty method
if ((instruction.Operand as MethodDef).Body.Instructions.All(x => x.OpCode.Code == Code.Nop || x.OpCode.Code == Code.Ret))
{
block.Instructions.RemoveAt(i);
//TODO: remove all inner empty methods, but better to have addititonal command for it tho
}
// Inline proxy method
if ((instruction.Operand as MethodDef).Body.Instructions.All(x => IsOkOpcode(x.OpCode.Code)))
{
var inlined = GetInstruction((instruction.Operand as MethodDef).Body.Instructions);
if (inlined != null)
{
block.Instructions.RemoveAt(i);
block.Instructions.Insert(i, new Instr(new Instruction(inlined.OpCode, inlined.Operand)));
}
}
}
}
}
IList <Instruction> allInstructions;
IList <ExceptionHandler> allExceptionHandlers;
blocks.GetCode(out allInstructions, out allExceptionHandlers);
DotNetUtils.RestoreBody(tempMethod, (IEnumerable <Instruction>)allInstructions, (IEnumerable <ExceptionHandler>)allExceptionHandlers);
MethodDeobfuscator.RestoreMethod(method, tempMethod);
}
}
catch (OperationCanceledException)
{
}
}
