Example #1
0
        public void FindHandlers()
        {
            if (vmOpCodes != null)
            {
                return;
            }

            deobfuscator = new MyDeobfuscator(module);
            var csvmInfo = new CsvmInfo(module);

            csvmInfo.Initialize();
            var vmHandlerTypes = FindVmHandlerTypes();

            if (vmHandlerTypes == null)
            {
                throw new ApplicationException("Could not find CSVM opcode handler types");
            }

            var composites = CreateCompositeOpCodeHandlers(csvmInfo, vmHandlerTypes);

            foreach (var handlerInfos in OpCodeHandlerInfos.HandlerInfos)
            {
                if (!DetectCompositeHandlers(composites, handlerInfos))
                {
                    continue;
                }

                vmOpCodes = CreateVmOpCodes(composites);
                break;
            }
            if (vmOpCodes == null)
            {
                throw new ApplicationException("Could not find any/all CSVM handlers");
            }
        }
Example #2
0
        List <OpCodeHandler> CreateOtherHandlers(CsvmInfo csvmInfo, IList <OpCodeHandlerInfo> handlerInfos)
        {
            var list = new List <OpCodeHandler>(NUM_HANDLERS);

            foreach (var type in GetVmHandlerTypes(csvmInfo.VmHandlerBaseType))
            {
                if (list.Count == NUM_HANDLERS)
                {
                    break;
                }

                var execHandler = new PrimitiveHandlerMethod(GetExecMethod(type));
                execHandler.Sig = CreateMethodSigInfoCreator(csvmInfo).Create(execHandler.Blocks);

                var finder  = new MethodFinder(handlerInfos, execHandler);
                var handler = finder.FindHandler();
                if (handler == null)
                {
                    continue;
                }

                list.Add(handler);
            }

            list.Sort((a, b) => a.OpCodeHandlerInfo.Name.ToUpperInvariant().CompareTo(b.OpCodeHandlerInfo.Name.ToUpperInvariant()));

            return(list);
        }
		public void FindHandlers() {
			if (vmOpCodes != null)
				return;

			deobfuscator = new MyDeobfuscator(module);

			var csvmInfo = new CsvmInfo(module);
			csvmInfo.Initialize();
			var vmHandlerTypes = FindVmHandlerTypes();
			if (vmHandlerTypes == null)
				throw new ApplicationException("Could not find CSVM opcode handler types");

			var composites = CreateCompositeOpCodeHandlers(csvmInfo, vmHandlerTypes);
			foreach (var handlerInfos in OpCodeHandlerInfos.HandlerInfos) {
				var otherHandlers = CreateOtherHandlers(csvmInfo, handlerInfos);

				if (!DetectCompositeHandlers(composites, otherHandlers))
					continue;

				vmOpCodes = CreateVmOpCodes(composites);
				break;
			}
			if (vmOpCodes == null)
				throw new ApplicationException("Could not find any/all CSVM handlers");
		}
Example #4
0
        List <CompositeOpCodeHandler> CreateCompositeOpCodeHandlers(CsvmInfo csvmInfo, List <TypeDef> handlers)
        {
            var list = new List <CompositeOpCodeHandler>(handlers.Count);

            foreach (var handler in handlers)
            {
                var execHandler = new HandlerMethod(GetExecMethod(handler));
                list.Add(new CompositeOpCodeHandler(handler, execHandler));
            }

            return(list);
        }
Example #5
0
        List <CompositeOpCodeHandler> CreateCompositeOpCodeHandlers(CsvmInfo csvmInfo, List <TypeDef> handlers)
        {
            var list = new List <CompositeOpCodeHandler>(handlers.Count);

            var sigCreator = CreateSigCreator(csvmInfo);

            foreach (var handler in handlers)
            {
                list.Add(new CompositeOpCodeHandler(sigCreator.Create(GetExecMethod(handler))));
            }

            return(list);
        }
Example #6
0
        static SigCreator CreateSigCreator(CsvmInfo csvmInfo)
        {
            var creator = new SigCreator();

            creator.AddId(csvmInfo.LogicalOpShrUn, 1);
            creator.AddId(csvmInfo.LogicalOpShl, 2);
            creator.AddId(csvmInfo.LogicalOpShr, 3);
            creator.AddId(csvmInfo.LogicalOpAnd, 4);
            creator.AddId(csvmInfo.LogicalOpXor, 5);
            creator.AddId(csvmInfo.LogicalOpOr, 6);

            creator.AddId(csvmInfo.CompareLt, 7);
            creator.AddId(csvmInfo.CompareLte, 8);
            creator.AddId(csvmInfo.CompareGt, 9);
            creator.AddId(csvmInfo.CompareGte, 10);
            creator.AddId(csvmInfo.CompareEq, 11);
            creator.AddId(csvmInfo.CompareEqz, 12);

            creator.AddId(csvmInfo.ArithmeticSubOvfUn, 13);
            creator.AddId(csvmInfo.ArithmeticMulOvfUn, 14);
            creator.AddId(csvmInfo.ArithmeticRemUn, 15);
            creator.AddId(csvmInfo.ArithmeticRem, 16);
            creator.AddId(csvmInfo.ArithmeticDivUn, 17);
            creator.AddId(csvmInfo.ArithmeticDiv, 18);
            creator.AddId(csvmInfo.ArithmeticMul, 19);
            creator.AddId(csvmInfo.ArithmeticMulOvf, 20);
            creator.AddId(csvmInfo.ArithmeticSub, 21);
            creator.AddId(csvmInfo.ArithmeticSubOvf, 22);
            creator.AddId(csvmInfo.ArithmeticAddOvfUn, 23);
            creator.AddId(csvmInfo.ArithmeticAddOvf, 24);
            creator.AddId(csvmInfo.ArithmeticAdd, 25);

            creator.AddId(csvmInfo.UnaryNot, 26);
            creator.AddId(csvmInfo.UnaryNeg, 27);

            creator.AddId(csvmInfo.ArgsGet, 28);
            creator.AddId(csvmInfo.ArgsSet, 29);
            creator.AddId(csvmInfo.LocalsGet, 30);
            creator.AddId(csvmInfo.LocalsSet, 31);

            AddTypeId(creator, csvmInfo.LogicalOpShrUn, 32);
            AddTypeId(creator, csvmInfo.CompareLt, 33);
            AddTypeId(creator, csvmInfo.ArithmeticSubOvfUn, 34);
            AddTypeId(creator, csvmInfo.UnaryNot, 35);
            AddTypeId(creator, csvmInfo.ArgsGet, 36);

            return(creator);
        }
Example #7
0
        List <TypeDef> FindBasicVmHandlerTypes(CsvmInfo csvmInfo)
        {
            var list = new List <TypeDef>();

            if (csvmInfo.VmHandlerBaseType == null)
            {
                return(list);
            }
            foreach (var type in module.Types)
            {
                if (list.Count == NUM_HANDLERS)
                {
                    break;
                }
                if (type.BaseType == csvmInfo.VmHandlerBaseType)
                {
                    list.Add(type);
                }
            }
            return(list);
        }
		List<TypeDef> FindBasicVmHandlerTypes(CsvmInfo csvmInfo) {
			var list = new List<TypeDef>();
			if (csvmInfo.VmHandlerBaseType == null)
				return list;
			foreach (var type in module.Types) {
				if (list.Count == NUM_HANDLERS)
					break;
				if (type.BaseType == csvmInfo.VmHandlerBaseType)
					list.Add(type);
			}
			return list;
		}
		static SigCreator CreateSigCreator(CsvmInfo csvmInfo) {
			var creator = new SigCreator();

			creator.AddId(csvmInfo.LogicalOpShrUn, 1);
			creator.AddId(csvmInfo.LogicalOpShl, 2);
			creator.AddId(csvmInfo.LogicalOpShr, 3);
			creator.AddId(csvmInfo.LogicalOpAnd, 4);
			creator.AddId(csvmInfo.LogicalOpXor, 5);
			creator.AddId(csvmInfo.LogicalOpOr, 6);

			creator.AddId(csvmInfo.CompareLt, 7);
			creator.AddId(csvmInfo.CompareLte, 8);
			creator.AddId(csvmInfo.CompareGt, 9);
			creator.AddId(csvmInfo.CompareGte, 10);
			creator.AddId(csvmInfo.CompareEq, 11);
			creator.AddId(csvmInfo.CompareEqz, 12);

			creator.AddId(csvmInfo.ArithmeticSubOvfUn, 13);
			creator.AddId(csvmInfo.ArithmeticMulOvfUn, 14);
			creator.AddId(csvmInfo.ArithmeticRemUn, 15);
			creator.AddId(csvmInfo.ArithmeticRem, 16);
			creator.AddId(csvmInfo.ArithmeticDivUn, 17);
			creator.AddId(csvmInfo.ArithmeticDiv, 18);
			creator.AddId(csvmInfo.ArithmeticMul, 19);
			creator.AddId(csvmInfo.ArithmeticMulOvf, 20);
			creator.AddId(csvmInfo.ArithmeticSub, 21);
			creator.AddId(csvmInfo.ArithmeticSubOvf, 22);
			creator.AddId(csvmInfo.ArithmeticAddOvfUn, 23);
			creator.AddId(csvmInfo.ArithmeticAddOvf, 24);
			creator.AddId(csvmInfo.ArithmeticAdd, 25);

			creator.AddId(csvmInfo.UnaryNot, 26);
			creator.AddId(csvmInfo.UnaryNeg, 27);

			creator.AddId(csvmInfo.ArgsGet, 28);
			creator.AddId(csvmInfo.ArgsSet, 29);
			creator.AddId(csvmInfo.LocalsGet, 30);
			creator.AddId(csvmInfo.LocalsSet, 31);

			AddTypeId(creator, csvmInfo.LogicalOpShrUn, 32);
			AddTypeId(creator, csvmInfo.CompareLt, 33);
			AddTypeId(creator, csvmInfo.ArithmeticSubOvfUn, 34);
			AddTypeId(creator, csvmInfo.UnaryNot, 35);
			AddTypeId(creator, csvmInfo.ArgsGet, 36);

			return creator;
		}
		List<CompositeOpCodeHandler> CreateCompositeOpCodeHandlers(CsvmInfo csvmInfo, List<TypeDef> handlers) {
			var list = new List<CompositeOpCodeHandler>(handlers.Count);

			var sigCreator = CreateSigCreator(csvmInfo);
			foreach (var handler in handlers)
				list.Add(new CompositeOpCodeHandler(sigCreator.Create(GetExecMethod(handler))));

			return list;
		}
		List<OpCodeHandler> CreateOtherHandlers(CsvmInfo csvmInfo, IList<OpCodeHandlerInfo> handlerInfos) {
			var list = new List<OpCodeHandler>(NUM_HANDLERS);

			foreach (var type in GetVmHandlerTypes(csvmInfo.VmHandlerBaseType)) {
				if (list.Count == NUM_HANDLERS)
					break;

				var execHandler = new PrimitiveHandlerMethod(GetExecMethod(type));
				execHandler.Sig = CreateMethodSigInfoCreator(csvmInfo).Create(execHandler.Blocks);

				var finder = new MethodFinder(handlerInfos, execHandler);
				var handler = finder.FindHandler();
				if (handler == null)
					continue;

				list.Add(handler);
			}

			list.Sort((a, b) => a.OpCodeHandlerInfo.Name.ToUpperInvariant().CompareTo(b.OpCodeHandlerInfo.Name.ToUpperInvariant()));

			return list;
		}
		List<CompositeOpCodeHandler> CreateCompositeOpCodeHandlers(CsvmInfo csvmInfo, List<TypeDef> handlers) {
			var list = new List<CompositeOpCodeHandler>(handlers.Count);

			foreach (var handler in handlers) {
				var execHandler = new HandlerMethod(GetExecMethod(handler));
				list.Add(new CompositeOpCodeHandler(handler, execHandler));
			}

			return list;
		}