public void addInitializeArrayCode(Block block, int start, int numToRemove, TypeReference elementType, byte[] data)
{
int index = start;
block.replace(index++, numToRemove, DotNetUtils.createLdci4(data.Length / elementType.PrimitiveSize));
block.insert(index++, Instruction.Create(OpCodes.Newarr, elementType));
block.insert(index++, Instruction.Create(OpCodes.Dup));
block.insert(index++, Instruction.Create(OpCodes.Ldtoken, create(data)));
block.insert(index++, Instruction.Create(OpCodes.Call, InitializeArrayMethod));
}
protected override void inlineReturnValues(IList <CallResult> callResults)
{
foreach (var callResult in callResults)
{
var block = callResult.block;
int num = callResult.callEndIndex - callResult.callStartIndex + 1;
block.replace(callResult.callStartIndex, num, DotNetUtils.createLdci4((int)callResult.returnValue));
Log.v("Decrypted int32: {0}", callResult.returnValue);
}
}
protected override void inlineReturnValues(IList <CallResult> callResults)
{
foreach (var callResult in callResults)
{
var block = callResult.block;
int num = callResult.callEndIndex - callResult.callStartIndex + 1;
block.replace(callResult.callStartIndex, num, DotNetUtils.createLdci4((bool)callResult.returnValue ? 1 : 0));
removeUnboxInstruction(block, callResult.callStartIndex + 1, "System.Boolean");
Log.v("Decrypted boolean: {0}", callResult.returnValue);
}
}
static Block createBlock(Dictionary <VariableDefinition, int> consts, Block fallThrough)
{
var block = new Block();
foreach (var kv in consts)
{
block.Instructions.Add(new Instr(DotNetUtils.createLdci4(kv.Value)));
block.Instructions.Add(new Instr(Instruction.Create(OpCodes.Stloc, kv.Key)));
}
fallThrough.Parent.add(block);
return(block);
}
static Instruction ldc_read(BinaryReader reader)
{
switch ((ElementType)reader.ReadByte())
{
case ElementType.I4: return(DotNetUtils.createLdci4(reader.ReadInt32()));
case ElementType.I8: return(Instruction.Create(OpCodes.Ldc_I8, reader.ReadInt64()));
case ElementType.R4: return(Instruction.Create(OpCodes.Ldc_R4, reader.ReadSingle()));
case ElementType.R8: return(Instruction.Create(OpCodes.Ldc_R8, reader.ReadDouble()));
case ElementType.Object: return(Instruction.Create(OpCodes.Ldnull));
default: throw new ApplicationException("Invalid opcode");
}
}
bool deobfuscate1(Block block, int i)
{
var instrs = block.Instructions;
if (i >= instrs.Count - 2)
{
return(false);
}
var ldloc = instrs[i];
if (!ldloc.isLdloc())
{
return(false);
}
var local = DotNetUtils.getLocalVar(blocks.Locals, ldloc.Instruction);
if (local == null)
{
return(false);
}
ArrayBlockState.FieldInfo info;
if (!localToInfo.TryGetValue(local, out info))
{
return(false);
}
var ldci4 = instrs[i + 1];
if (!ldci4.isLdcI4())
{
return(false);
}
var ldelem = instrs[i + 2];
if (ldelem.OpCode.Code != Code.Ldelem_U1)
{
return(false);
}
block.remove(i, 3 - 1);
instrs[i] = new Instr(DotNetUtils.createLdci4(info.array[ldci4.getLdcI4Value()]));
return(true);
}
bool inlineMethod(Instruction callInstr, int instrIndex)
{
var methodToInline = callInstr.Operand as MethodDefinition;
if (methodToInline == null)
{
return(false);
}
if (!canInline2(methodToInline))
{
return(false);
}
var body = methodToInline.Body;
if (body == null)
{
return(false);
}
if (instrIndex == 0)
{
return(false);
}
var ldci4 = block.Instructions[instrIndex - 1];
if (!ldci4.isLdcI4())
{
return(false);
}
int newValue;
if (!getNewValue(methodToInline, ldci4.getLdcI4Value(), out newValue))
{
return(false);
}
block.Instructions[instrIndex - 1] = new Instr(Instruction.Create(OpCodes.Nop));
block.Instructions[instrIndex] = new Instr(DotNetUtils.createLdci4(newValue));
return(true);
}
bool deobfuscate2(Block block, int i)
{
var instrs = block.Instructions;
if (i >= instrs.Count - 2)
{
return(false);
}
var ldsfld = instrs[i];
if (ldsfld.OpCode.Code != Code.Ldsfld)
{
return(false);
}
var info = arrayBlockState.getFieldInfo(ldsfld.Operand as FieldReference);
if (info == null)
{
return(false);
}
var ldci4 = instrs[i + 1];
if (!ldci4.isLdcI4())
{
return(false);
}
var ldelem = instrs[i + 2];
if (ldelem.OpCode.Code != Code.Ldelem_U1)
{
return(false);
}
block.remove(i, 3 - 1);
instrs[i] = new Instr(DotNetUtils.createLdci4(info.array[ldci4.getLdcI4Value()]));
return(true);
}
bool fixLoadInstruction(Block block, int index, Value value)
{
if (value.isInt32())
{
var intValue = (Int32Value)value;
if (!intValue.allBitsValid())
{
return(false);
}
block.Instructions[index] = new Instr(DotNetUtils.createLdci4(intValue.value));
return(true);
}
else if (value.isInt64())
{
var intValue = (Int64Value)value;
if (!intValue.allBitsValid())
{
return(false);
}
block.Instructions[index] = new Instr(Instruction.Create(OpCodes.Ldc_I8, intValue.value));
return(true);
}
return(false);
}
