protected override bool CheckHandlerMethodDesktopInternal(MethodDef handler)
{
if (CheckHandlerV3(handler))
{
version = ResourceVersion.V3;
return(true);
}
simpleDeobfuscator.Deobfuscate(handler);
if ((data40 = CheckHandlerV40(handler)) != null)
{
version = ResourceVersion.V40;
return(true);
}
var info = GetHandlerArgs41(handler);
if (info != null && CheckHandlerV41(info, out var data41Tmp))
{
version = ResourceVersion.V41;
data41 = data41Tmp;
return(true);
}
return(false);
}
protected override bool checkHandlerMethodDesktopInternal(MethodDefinition handler)
{
if (checkHandlerV3(handler))
{
version = ResourceVersion.V3;
return(true);
}
simpleDeobfuscator.deobfuscate(handler);
if ((data40 = checkHandlerV40(handler)) != null)
{
version = ResourceVersion.V40;
return(true);
}
var info = getHandlerArgs41(handler);
Data41 data41Tmp;
if (info != null && checkHandlerV41(info, out data41Tmp))
{
version = ResourceVersion.V41;
data41 = data41Tmp;
return(true);
}
return(false);
}
static Data40 CheckHandlerV40(MethodDef handler)
{
var data40 = new Data40();
var instrs = handler.Body.Instructions;
for (int i = 0; i < instrs.Count; i++)
{
int index = i;
if (instrs[index++].OpCode.Code != Code.Ldarg_1)
{
continue;
}
var ldtoken = instrs[index++];
if (ldtoken.OpCode.Code != Code.Ldtoken)
{
continue;
}
var field = ldtoken.Operand as FieldDef;
string methodSig = "(System.ResolveEventArgs,System.RuntimeFieldHandle,System.Int32,System.String,System.Int32)";
var method = ldtoken.Operand as MethodDef;
if (method != null)
{
// >= 4.0.4
if (!DotNetUtils.IsMethod(method, "System.Byte[]", "()"))
{
continue;
}
field = GetResourceField(method);
methodSig = "(System.ResolveEventArgs,System.RuntimeMethodHandle,System.Int32,System.String,System.Int32)";
}
else
{
// 4.0.1.18 .. 4.0.3
}
if (field == null || field.InitialValue == null || field.InitialValue.Length == 0)
{
continue;
}
var ldci4_len = instrs[index++];
if (!ldci4_len.IsLdcI4())
{
continue;
}
if (ldci4_len.GetLdcI4Value() != field.InitialValue.Length)
{
continue;
}
if (instrs[index++].OpCode.Code != Code.Ldstr)
{
continue;
}
var ldci4_magic = instrs[index++];
if (!ldci4_magic.IsLdcI4())
{
continue;
}
data40.magic = ldci4_magic.GetLdcI4Value();
var call = instrs[index++];
if (call.OpCode.Code == Code.Tailcall)
{
call = instrs[index++];
}
if (call.OpCode.Code != Code.Call)
{
continue;
}
var resolveHandler2 = call.Operand as MethodDef;
if (!DotNetUtils.IsMethod(resolveHandler2, "System.Reflection.Assembly", methodSig))
{
continue;
}
data40.resourceField = field;
data40.getDataMethod = method;
data40.resolveHandler2 = resolveHandler2;
return(data40);
}
return(null);
}
protected override bool CheckHandlerMethodDesktopInternal(MethodDef handler) {
if (CheckHandlerV3(handler)) {
version = ResourceVersion.V3;
return true;
}
simpleDeobfuscator.Deobfuscate(handler);
if ((data40 = CheckHandlerV40(handler)) != null) {
version = ResourceVersion.V40;
return true;
}
var info = GetHandlerArgs41(handler);
Data41 data41Tmp;
if (info != null && CheckHandlerV41(info, out data41Tmp)) {
version = ResourceVersion.V41;
data41 = data41Tmp;
return true;
}
return false;
}
static Data40 CheckHandlerV40(MethodDef handler) {
var data40 = new Data40();
var instrs = handler.Body.Instructions;
for (int i = 0; i < instrs.Count; i++) {
int index = i;
if (instrs[index++].OpCode.Code != Code.Ldarg_1)
continue;
var ldtoken = instrs[index++];
if (ldtoken.OpCode.Code != Code.Ldtoken)
continue;
var field = ldtoken.Operand as FieldDef;
string methodSig = "(System.ResolveEventArgs,System.RuntimeFieldHandle,System.Int32,System.String,System.Int32)";
var method = ldtoken.Operand as MethodDef;
if (method != null) {
// >= 4.0.4
if (!DotNetUtils.IsMethod(method, "System.Byte[]", "()"))
continue;
field = GetResourceField(method);
methodSig = "(System.ResolveEventArgs,System.RuntimeMethodHandle,System.Int32,System.String,System.Int32)";
}
else {
// 4.0.1.18 .. 4.0.3
}
if (field == null || field.InitialValue == null || field.InitialValue.Length == 0)
continue;
var ldci4_len = instrs[index++];
if (!ldci4_len.IsLdcI4())
continue;
if (ldci4_len.GetLdcI4Value() != field.InitialValue.Length)
continue;
if (instrs[index++].OpCode.Code != Code.Ldstr)
continue;
var ldci4_magic = instrs[index++];
if (!ldci4_magic.IsLdcI4())
continue;
data40.magic = ldci4_magic.GetLdcI4Value();
var call = instrs[index++];
if (call.OpCode.Code == Code.Tailcall)
call = instrs[index++];
if (call.OpCode.Code != Code.Call)
continue;
var resolveHandler2 = call.Operand as MethodDef;
if (!DotNetUtils.IsMethod(resolveHandler2, "System.Reflection.Assembly", methodSig))
continue;
data40.resourceField = field;
data40.getDataMethod = method;
data40.resolveHandler2 = resolveHandler2;
return data40;
}
return null;
}
public ComWithS71200DB()
{
TypeList.Add(Data0.GetType().ToString());
TypeList.Add(Data1.GetType().ToString());
TypeList.Add(Data2.GetType().ToString());
TypeList.Add(Data3.GetType().ToString());
TypeList.Add(Data4.GetType().ToString());
TypeList.Add(Data5.GetType().ToString());
TypeList.Add(Data6.GetType().ToString());
TypeList.Add(Data7.GetType().ToString());
TypeList.Add(Data8.GetType().ToString());
TypeList.Add(Data9.GetType().ToString());
TypeList.Add(Data10.GetType().ToString());
TypeList.Add(Data11.GetType().ToString());
TypeList.Add(Data12.GetType().ToString());
TypeList.Add(Data13.GetType().ToString());
TypeList.Add(Data14.GetType().ToString());
TypeList.Add(Data15.GetType().ToString());
TypeList.Add(Data16.GetType().ToString());
TypeList.Add(Data17.GetType().ToString());
TypeList.Add(Data18.GetType().ToString());
TypeList.Add(Data19.GetType().ToString());
TypeList.Add(Data20.GetType().ToString());
TypeList.Add(Data21.GetType().ToString());
TypeList.Add(Data22.GetType().ToString());
TypeList.Add(Data23.GetType().ToString());
TypeList.Add(Data24.GetType().ToString());
TypeList.Add(Data25.GetType().ToString());
TypeList.Add(Data26.GetType().ToString());
TypeList.Add(Data27.GetType().ToString());
TypeList.Add(Data28.GetType().ToString());
TypeList.Add(Data29.GetType().ToString());
TypeList.Add(Data30.GetType().ToString());
TypeList.Add(Data31.GetType().ToString());
TypeList.Add(Data32.GetType().ToString());
TypeList.Add(Data33.GetType().ToString());
TypeList.Add(Data34.GetType().ToString());
TypeList.Add(Data35.GetType().ToString());
TypeList.Add(Data36.GetType().ToString());
TypeList.Add(Data37.GetType().ToString());
TypeList.Add(Data38.GetType().ToString());
TypeList.Add(Data39.GetType().ToString());
TypeList.Add(Data40.GetType().ToString());
TypeList.Add(Data41.GetType().ToString());
TypeList.Add(Data42.GetType().ToString());
TypeList.Add(Data43.GetType().ToString());
TypeList.Add(Data44.GetType().ToString());
TypeList.Add(Data45.GetType().ToString());
TypeList.Add(Data46.GetType().ToString());
TypeList.Add(Data47.GetType().ToString());
TypeList.Add(Data48.GetType().ToString());
TypeList.Add(Data49.GetType().ToString());
TypeList.Add(Data50.GetType().ToString());
TypeList.Add(Data51.GetType().ToString());
TypeList.Add(Data52.GetType().ToString());
TypeList.Add(Data53.GetType().ToString());
TypeList.Add(Data54.GetType().ToString());
TypeList.Add(Data55.GetType().ToString());
TypeList.Add(Data56.GetType().ToString());
TypeList.Add(Data57.GetType().ToString());
TypeList.Add(Data58.GetType().ToString());
TypeList.Add(Data59.GetType().ToString());
TypeList.Add(Data60.GetType().ToString());
TypeList.Add(Data61.GetType().ToString());
TypeList.Add(Data62.GetType().ToString());
TypeList.Add(Data63.GetType().ToString());
TypeList.Add(Data64.GetType().ToString());
TypeList.Add(Data65.GetType().ToString());
TypeList.Add(Data66.GetType().ToString());
TypeList.Add(Data67.GetType().ToString());
TypeList.Add(Data68.GetType().ToString());
TypeList.Add(Data69.GetType().ToString());
TypeList.Add(Data70.GetType().ToString());
TypeList.Add(Data71.GetType().ToString());
TypeList.Add(Data72.GetType().ToString());
TypeList.Add(Data73.GetType().ToString());
TypeList.Add(Data74.GetType().ToString());
TypeList.Add(Data75.GetType().ToString());
TypeList.Add(Data76.GetType().ToString());
TypeList.Add(Data77.GetType().ToString());
TypeList.Add(Data78.GetType().ToString());
TypeList.Add(Data79.GetType().ToString());
TypeList.Add(Data80.GetType().ToString());
TypeList.Add(Data81.GetType().ToString());
TypeList.Add(Data82.GetType().ToString());
TypeList.Add(Data83.GetType().ToString());
TypeList.Add(Data84.GetType().ToString());
TypeList.Add(Data85.GetType().ToString());
TypeList.Add(Data86.GetType().ToString());
TypeList.Add(Data87.GetType().ToString());
TypeList.Add(Data88.GetType().ToString());
TypeList.Add(Data89.GetType().ToString());
TypeList.Add(Data90.GetType().ToString());
TypeList.Add(Data91.GetType().ToString());
TypeList.Add(Data92.GetType().ToString());
TypeList.Add(Data93.GetType().ToString());
TypeList.Add(Data94.GetType().ToString());
TypeList.Add(Data95.GetType().ToString());
TypeList.Add(Data96.GetType().ToString());
TypeList.Add(Data97.GetType().ToString());
TypeList.Add(Data98.GetType().ToString());
TypeList.Add(Data99.GetType().ToString());
TypeList.Add(Data100.GetType().ToString());
DataList.Add(Data0);
DataList.Add(Data1);
DataList.Add(Data2);
DataList.Add(Data3);
DataList.Add(Data4);
DataList.Add(Data5);
DataList.Add(Data6);
DataList.Add(Data7);
DataList.Add(Data8);
DataList.Add(Data9);
DataList.Add(Data10);
DataList.Add(Data11);
DataList.Add(Data12);
DataList.Add(Data13);
DataList.Add(Data14);
DataList.Add(Data15);
DataList.Add(Data16);
DataList.Add(Data17);
DataList.Add(Data18);
DataList.Add(Data19);
DataList.Add(Data20);
DataList.Add(Data21);
DataList.Add(Data22);
DataList.Add(Data23);
DataList.Add(Data24);
DataList.Add(Data25);
DataList.Add(Data26);
DataList.Add(Data27);
DataList.Add(Data28);
DataList.Add(Data29);
DataList.Add(Data30);
DataList.Add(Data31);
DataList.Add(Data32);
DataList.Add(Data33);
DataList.Add(Data34);
DataList.Add(Data35);
DataList.Add(Data36);
DataList.Add(Data37);
DataList.Add(Data38);
DataList.Add(Data39);
DataList.Add(Data40);
DataList.Add(Data41);
DataList.Add(Data42);
DataList.Add(Data43);
DataList.Add(Data44);
DataList.Add(Data45);
DataList.Add(Data46);
DataList.Add(Data47);
DataList.Add(Data48);
DataList.Add(Data49);
DataList.Add(Data50);
DataList.Add(Data51);
DataList.Add(Data52);
DataList.Add(Data53);
DataList.Add(Data54);
DataList.Add(Data55);
DataList.Add(Data56);
DataList.Add(Data57);
DataList.Add(Data58);
DataList.Add(Data59);
DataList.Add(Data60);
DataList.Add(Data61);
DataList.Add(Data62);
DataList.Add(Data63);
DataList.Add(Data64);
DataList.Add(Data65);
DataList.Add(Data66);
DataList.Add(Data67);
DataList.Add(Data68);
DataList.Add(Data69);
DataList.Add(Data70);
DataList.Add(Data71);
DataList.Add(Data72);
DataList.Add(Data73);
DataList.Add(Data74);
DataList.Add(Data75);
DataList.Add(Data76);
DataList.Add(Data77);
DataList.Add(Data78);
DataList.Add(Data79);
DataList.Add(Data80);
DataList.Add(Data81);
DataList.Add(Data82);
DataList.Add(Data83);
DataList.Add(Data84);
DataList.Add(Data85);
DataList.Add(Data86);
DataList.Add(Data87);
DataList.Add(Data88);
DataList.Add(Data89);
DataList.Add(Data90);
DataList.Add(Data91);
DataList.Add(Data92);
DataList.Add(Data93);
DataList.Add(Data94);
DataList.Add(Data95);
DataList.Add(Data96);
DataList.Add(Data97);
DataList.Add(Data98);
DataList.Add(Data99);
DataList.Add(Data100);
}
