public void Find() {
var cctor = DotNetUtils.GetModuleTypeCctor(module);
if (cctor == null)
return;
simpleDeobfuscator.Deobfuscate(cctor, SimpleDeobfuscatorFlags.Force | SimpleDeobfuscatorFlags.DisableConstantsFolderExtraInstrs);
if ((dictField = ConstantsDecrypterUtils.FindDictField(cctor, cctor.DeclaringType)) == null)
return;
if ((dataField = ConstantsDecrypterUtils.FindDataField_v18_r75367(cctor, cctor.DeclaringType)) == null &&
(dataField = ConstantsDecrypterUtils.FindDataField_v19_r77172(cctor, cctor.DeclaringType)) == null)
return;
nativeMethod = FindNativeMethod(cctor, cctor.DeclaringType);
var method = GetDecryptMethod();
if (method == null)
return;
simpleDeobfuscator.Deobfuscate(method, SimpleDeobfuscatorFlags.DisableConstantsFolderExtraInstrs);
var info = new DecrypterInfo(this, method, ConfuserVersion.Unknown);
if (FindKeys_v18_r75367(info))
InitVersion(cctor, ConfuserVersion.v18_r75367_normal, ConfuserVersion.v18_r75367_dynamic, ConfuserVersion.v18_r75367_native);
else if (FindKeys_v18_r75369(info)) {
lzmaType = ConfuserUtils.FindLzmaType(cctor);
if (lzmaType == null)
InitVersion(cctor, ConfuserVersion.v18_r75369_normal, ConfuserVersion.v18_r75369_dynamic, ConfuserVersion.v18_r75369_native);
else if (!DotNetUtils.CallsMethod(method, "System.Void System.Threading.Monitor::Exit(System.Object)"))
InitVersion(cctor, ConfuserVersion.v19_r77172_normal, ConfuserVersion.v19_r77172_dynamic, ConfuserVersion.v19_r77172_native);
else if (DotNetUtils.CallsMethod(method, "System.Void System.Diagnostics.StackFrame::.ctor(System.Int32)"))
InitVersion(cctor, ConfuserVersion.v19_r78363_normal, ConfuserVersion.v19_r78363_dynamic, ConfuserVersion.v19_r78363_native);
else {
int index1 = ConfuserUtils.FindCallMethod(cctor.Body.Instructions, 0, Code.Callvirt, "System.Reflection.Module System.Reflection.MemberInfo::get_Module()");
int index2 = ConfuserUtils.FindCallMethod(cctor.Body.Instructions, 0, Code.Callvirt, "System.Int32 System.Reflection.MemberInfo::get_MetadataToken()");
if (index1 < 0 || index2 < 0) {
}
if (index2 - index1 == 3)
InitVersion(cctor, ConfuserVersion.v19_r78056_normal, ConfuserVersion.v19_r78056_dynamic, ConfuserVersion.v19_r78056_native);
else if (index2 - index1 == -4)
InitVersion(cctor, ConfuserVersion.v19_r79630_normal, ConfuserVersion.v19_r79630_dynamic, ConfuserVersion.v19_r79630_native);
}
}
else
return;
installMethod = cctor;
}
bool CheckMethod(MethodDef method)
{
if (method == null || method.Body == null)
{
return(false);
}
if (!DotNetUtils.CallsMethod(method, "System.Void System.AppDomain::add_ResourceResolve(System.ResolveEventHandler)"))
{
return(false);
}
simpleDeobfuscator.Deobfuscate(method, SimpleDeobfuscatorFlags.Force | SimpleDeobfuscatorFlags.DisableConstantsFolderExtraInstrs);
fields.Clear();
var tmpHandler = GetHandler(method);
if (tmpHandler == null || tmpHandler.DeclaringType != method.DeclaringType)
{
return(false);
}
var tmpResource = FindResource(tmpHandler);
if (tmpResource == null)
{
return(false);
}
simpleDeobfuscator.Deobfuscate(tmpHandler, SimpleDeobfuscatorFlags.Force | SimpleDeobfuscatorFlags.DisableConstantsFolderExtraInstrs);
var tmpVersion = ConfuserVersion.Unknown;
if (DotNetUtils.CallsMethod(tmpHandler, "System.Object System.AppDomain::GetData(System.String)"))
{
if (!DotNetUtils.CallsMethod(tmpHandler, "System.Void System.Buffer::BlockCopy(System.Array,System.Int32,System.Array,System.Int32,System.Int32)"))
{
if (!FindKey0Key1_v14_r55802(tmpHandler, out key0, out key1))
{
return(false);
}
tmpVersion = ConfuserVersion.v14_r55802;
}
else if (FindKey0_v17_r73404(tmpHandler, out key0) && FindKey1_v17_r73404(tmpHandler, out key1))
{
tmpVersion = ConfuserVersion.v17_r73404;
}
else
{
return(false);
}
}
else
{
if (AddFields(FindFields(tmpHandler, method.DeclaringType)) != 1)
{
return(false);
}
if (FindKey0_v17_r73404(tmpHandler, out key0) && FindKey1_v17_r73404(tmpHandler, out key1))
{
tmpVersion = ConfuserVersion.v17_r73822;
}
else if (FindKey0_v18_r75367(tmpHandler, out key0) && FindKey1_v17_r73404(tmpHandler, out key1))
{
tmpVersion = ConfuserVersion.v18_r75367;
}
else if (FindKey0_v18_r75369(tmpHandler, out key0) && FindKey1_v18_r75369(tmpHandler, out key1))
{
lzmaType = ConfuserUtils.FindLzmaType(tmpHandler);
if (lzmaType == null)
{
tmpVersion = ConfuserVersion.v18_r75369;
}
else
{
tmpVersion = ConfuserVersion.v19_r77172;
}
}
else
{
return(false);
}
}
handler = tmpHandler;
resource = tmpResource;
installMethod = method;
version = tmpVersion;
return(true);
}
