public virtual void patchMethodDefTable(MetadataType methodDefTable, IList<MethodInfo> methodInfos) { }
public MetadataType create() { var type = new MetadataType(fields); reset(); return type; }
public override void patchMethodDefTable(MetadataType methodDefTable, IList<MethodInfo> methodInfos) { uint offset = methodDefTable.fileOffset - methodDefTable.totalSize; foreach (var methodInfo in methodInfos) { offset += methodDefTable.totalSize; if (methodInfo.flags == 0 || methodInfo.codeOffs == 0) continue; uint rva = methodsDecrypter.peImage.offsetReadUInt32(offset); methodsDecrypter.peImage.writeUInt16(rva, (ushort)methodInfo.flags); methodsDecrypter.peImage.writeUInt32(rva + 8, methodInfo.localVarSigTok); } }
bool isOldHeader(MetadataType methodDefTable) { if (methodDefTable.totalSize != codeHeader.methodDefElemSize) return true; if (methodDefTable.fileOffset - peImage.rvaToOffset(peImage.Cor20Header.metadataDirectory.virtualAddress) != codeHeader.methodDefTableOffset) return true; return false; }
List<CsHeaderVersion> getCsHeaderVersions(uint codeHeaderOffset, MetadataType methodDefTable) { if (sigType == SigType.Old) return new List<CsHeaderVersion> { CsHeaderVersion.V10 }; if (!isOldHeader(methodDefTable)) return new List<CsHeaderVersion> { CsHeaderVersion.V52 }; if (csRtType.isAtLeastVersion50()) return new List<CsHeaderVersion> { CsHeaderVersion.V50 }; if (isCsHeader40(codeHeaderOffset)) { return new List<CsHeaderVersion> { CsHeaderVersion.V40, CsHeaderVersion.V30, }; } return new List<CsHeaderVersion> { CsHeaderVersion.V45, CsHeaderVersion.V50, }; }
void decryptMethodsOld(MetadataType methodDefTable, ref DumpedMethods dumpedMethods) { dumpedMethods = new DumpedMethods(); uint offset = methodDefTable.fileOffset; var decrypter = new Decrypter10(peImage, codeHeader.decryptionKey); for (int i = 0; i < methodDefTable.rows; i++, offset += methodDefTable.totalSize) { var dm = new DumpedMethod(); dm.token = 0x06000001 + (uint)i; var method = (Mono.Cecil.MethodDefinition)module.LookupToken((int)dm.token); if (method == null || method.DeclaringType == DotNetUtils.getModuleType(module)) continue; uint rva = peImage.offsetReadUInt32(offset + (uint)methodDefTable.fields[0].offset); if (rva == 0) continue; uint bodyOffset = peImage.rvaToOffset(rva); dm.mdImplFlags = peImage.offsetReadUInt16(offset + (uint)methodDefTable.fields[1].offset); dm.mdFlags = peImage.offsetReadUInt16(offset + (uint)methodDefTable.fields[2].offset); dm.mdName = peImage.offsetRead(offset + (uint)methodDefTable.fields[3].offset, methodDefTable.fields[3].size); dm.mdSignature = peImage.offsetRead(offset + (uint)methodDefTable.fields[4].offset, methodDefTable.fields[4].size); dm.mdParamList = peImage.offsetRead(offset + (uint)methodDefTable.fields[5].offset, methodDefTable.fields[5].size); var mbHeader = decrypter.decrypt(bodyOffset, out dm.code, out dm.extraSections); dm.mhFlags = mbHeader.flags; dm.mhMaxStack = mbHeader.maxStack; dm.mhCodeSize = (uint)dm.code.Length; dm.mhLocalVarSigTok = mbHeader.localVarSigTok; dumpedMethods.add(dm); } }
void decryptMethods(uint codeHeaderOffset, MetadataType methodDefTable, ICsHeader csHeader, ref DumpedMethods dumpedMethods) { var methodInfos = csHeader.getMethodInfos(codeHeaderOffset); csHeader.patchMethodDefTable(methodDefTable, methodInfos); dumpedMethods = new DumpedMethods(); uint offset = methodDefTable.fileOffset; decrypter = csHeader.createDecrypter(); for (int i = 0; i < methodInfos.Count; i++, offset += methodDefTable.totalSize) { var methodInfo = methodInfos[i]; if (methodInfo.codeOffs == 0) continue; var dm = new DumpedMethod(); dm.token = 0x06000001 + (uint)i; dm.mdImplFlags = peImage.offsetReadUInt16(offset + (uint)methodDefTable.fields[1].offset); dm.mdFlags = peImage.offsetReadUInt16(offset + (uint)methodDefTable.fields[2].offset); dm.mdName = peImage.offsetRead(offset + (uint)methodDefTable.fields[3].offset, methodDefTable.fields[3].size); dm.mdSignature = peImage.offsetRead(offset + (uint)methodDefTable.fields[4].offset, methodDefTable.fields[4].size); dm.mdParamList = peImage.offsetRead(offset + (uint)methodDefTable.fields[5].offset, methodDefTable.fields[5].size); var mbHeader = decrypter.decrypt(methodInfo, out dm.code, out dm.extraSections); dm.mhFlags = mbHeader.flags; dm.mhMaxStack = mbHeader.maxStack; dm.mhCodeSize = (uint)dm.code.Length; dm.mhLocalVarSigTok = mbHeader.localVarSigTok; dumpedMethods.add(dm); } }