Esempio n. 1
0
        private static void RemoveJsrInstructions(ConstantPool pool, BasicBlock block, DataPoint
                                                  data)
        {
            ListStack <VarType> stack = data.GetStack();
            InstructionSequence seq   = block.GetSeq();

            for (int i = 0; i < seq.Length(); i++)
            {
                Instruction instr = seq.GetInstr(i);
                VarType     var   = null;
                if (instr.opcode == ICodeConstants.opc_astore || instr.opcode == ICodeConstants.opc_pop)
                {
                    var = stack.GetByOffset(-1);
                }
                InstructionImpact.StepTypes(data, instr, pool);
                switch (instr.opcode)
                {
                case ICodeConstants.opc_jsr:
                case ICodeConstants.opc_ret:
                {
                    seq.RemoveInstruction(i);
                    i--;
                    break;
                }

                case ICodeConstants.opc_astore:
                case ICodeConstants.opc_pop:
                {
                    if (var.type == ICodeConstants.Type_Address)
                    {
                        seq.RemoveInstruction(i);
                        i--;
                    }
                    break;
                }
                }
            }
            block.mark = 1;
            for (int i = 0; i < block.GetSuccs().Count; i++)
            {
                BasicBlock suc = block.GetSuccs()[i];
                if (suc.mark != 1)
                {
                    RemoveJsrInstructions(pool, suc, data.Copy());
                }
            }
            for (int i = 0; i < block.GetSuccExceptions().Count; i++)
            {
                BasicBlock suc = block.GetSuccExceptions()[i];
                if (suc.mark != 1)
                {
                    DataPoint point = new DataPoint();
                    point.SetLocalVariables(new List <VarType>(data.GetLocalVariables()));
                    point.GetStack().Push(new VarType(ICodeConstants.Type_Object, 0, null));
                    RemoveJsrInstructions(pool, suc, point);
                }
            }
        }
Esempio n. 2
0
        private static void RemoveExceptionInstructionsEx(BasicBlock block, int blocktype
                                                          , int finallytype)
        {
            InstructionSequence seq = block.GetSeq();

            if (finallytype == 3)
            {
                // empty finally handler
                for (int i = seq.Length() - 1; i >= 0; i--)
                {
                    seq.RemoveInstruction(i);
                }
            }
            else
            {
                if ((blocktype & 1) > 0)
                {
                    // first
                    if (finallytype == 2 || finallytype == 1)
                    {
                        // astore or pop
                        seq.RemoveInstruction(0);
                    }
                }
                if ((blocktype & 2) > 0)
                {
                    // last
                    if (finallytype == 2 || finallytype == 0)
                    {
                        seq.RemoveLast();
                    }
                    if (finallytype == 2)
                    {
                        // astore
                        seq.RemoveLast();
                    }
                }
            }
        }
        public static void RestorePopRanges(ControlFlowGraph graph)
        {
            List <ExceptionDeobfuscator.Range> lstRanges = new List <ExceptionDeobfuscator.Range
                                                                     >();

            // aggregate ranges
            foreach (ExceptionRangeCFG range in graph.GetExceptions())
            {
                bool found = false;
                foreach (ExceptionDeobfuscator.Range arr in lstRanges)
                {
                    if (arr.handler == range.GetHandler() && InterpreterUtil.EqualObjects(range.GetUniqueExceptionsString
                                                                                              (), arr.uniqueStr))
                    {
                        Sharpen.Collections.AddAll(arr.protectedRange, range.GetProtectedRange());
                        found = true;
                        break;
                    }
                }
                if (!found)
                {
                    // doesn't matter, which range chosen
                    lstRanges.Add(new ExceptionDeobfuscator.Range(range.GetHandler(), range.GetUniqueExceptionsString
                                                                      (), new HashSet <BasicBlock>(range.GetProtectedRange()), range));
                }
            }
            // process aggregated ranges
            foreach (ExceptionDeobfuscator.Range range in lstRanges)
            {
                if (range.uniqueStr != null)
                {
                    BasicBlock          handler = range.handler;
                    InstructionSequence seq     = handler.GetSeq();
                    Instruction         firstinstr;
                    if (seq.Length() > 0)
                    {
                        firstinstr = seq.GetInstr(0);
                        if (firstinstr.opcode == ICodeConstants.opc_pop || firstinstr.opcode == ICodeConstants
                            .opc_astore)
                        {
                            HashSet <BasicBlock> setrange = new HashSet <BasicBlock>(range.protectedRange);
                            foreach (ExceptionDeobfuscator.Range range_super in lstRanges)
                            {
                                // finally or strict superset
                                if (range != range_super)
                                {
                                    HashSet <BasicBlock> setrange_super = new HashSet <BasicBlock>(range_super.protectedRange
                                                                                                   );
                                    if (!setrange.Contains(range_super.handler) && !setrange_super.Contains(handler) &&
                                        (range_super.uniqueStr == null || setrange.All(setrange_super.Contains)))
                                    {
                                        if (range_super.uniqueStr == null)
                                        {
                                            setrange_super.IntersectWith(setrange);
                                        }
                                        else
                                        {
                                            setrange_super.ExceptWith(setrange);
                                        }
                                        if (!(setrange_super.Count == 0))
                                        {
                                            BasicBlock newblock = handler;
                                            // split the handler
                                            if (seq.Length() > 1)
                                            {
                                                newblock = new BasicBlock(++graph.last_id);
                                                InstructionSequence newseq = new SimpleInstructionSequence();
                                                newseq.AddInstruction(firstinstr.Clone(), -1);
                                                newblock.SetSeq(newseq);
                                                graph.GetBlocks().AddWithKey(newblock, newblock.id);
                                                List <BasicBlock> lstTemp = new List <BasicBlock>();
                                                Sharpen.Collections.AddAll(lstTemp, handler.GetPreds());
                                                Sharpen.Collections.AddAll(lstTemp, handler.GetPredExceptions());
                                                // replace predecessors
                                                foreach (BasicBlock pred in lstTemp)
                                                {
                                                    pred.ReplaceSuccessor(handler, newblock);
                                                }
                                                // replace handler
                                                foreach (ExceptionRangeCFG range_ext in graph.GetExceptions())
                                                {
                                                    if (range_ext.GetHandler() == handler)
                                                    {
                                                        range_ext.SetHandler(newblock);
                                                    }
                                                    else if (range_ext.GetProtectedRange().Contains(handler))
                                                    {
                                                        newblock.AddSuccessorException(range_ext.GetHandler());
                                                        range_ext.GetProtectedRange().Add(newblock);
                                                    }
                                                }
                                                newblock.AddSuccessor(handler);
                                                if (graph.GetFirst() == handler)
                                                {
                                                    graph.SetFirst(newblock);
                                                }
                                                // remove the first pop in the handler
                                                seq.RemoveInstruction(0);
                                            }
                                            newblock.AddSuccessorException(range_super.handler);
                                            range_super.rangeCFG.GetProtectedRange().Add(newblock);
                                            handler = range.rangeCFG.GetHandler();
                                            seq     = handler.GetSeq();
                                        }
                                    }
                                }
                            }
                        }
                    }
                }
            }
        }
Esempio n. 4
0
 public static void ExtendSynchronizedRangeToMonitorexit(ControlFlowGraph graph)
 {
     while (true)
     {
         bool range_extended = false;
         foreach (ExceptionRangeCFG range in graph.GetExceptions())
         {
             HashSet <BasicBlock> setPreds = new HashSet <BasicBlock>();
             foreach (BasicBlock block in range.GetProtectedRange())
             {
                 Sharpen.Collections.AddAll(setPreds, block.GetPreds());
             }
             setPreds.ExceptWith(range.GetProtectedRange());
             if (setPreds.Count != 1)
             {
                 continue;
             }
             // multiple predecessors, obfuscated range
             var                 setPredsEnumerator = new EnumeratorAdapter <BasicBlock>(setPreds.GetEnumerator());
             BasicBlock          predBlock          = setPredsEnumerator.Next();
             InstructionSequence predSeq            = predBlock.GetSeq();
             if (predSeq.IsEmpty() || predSeq.GetLastInstr().opcode != ICodeConstants.opc_monitorenter)
             {
                 continue;
             }
             // not a synchronized range
             bool monitorexit_in_range = false;
             HashSet <BasicBlock> setProtectedBlocks = new HashSet <BasicBlock>();
             Sharpen.Collections.AddAll(setProtectedBlocks, range.GetProtectedRange());
             setProtectedBlocks.Add(range.GetHandler());
             foreach (BasicBlock block in setProtectedBlocks)
             {
                 InstructionSequence blockSeq = block.GetSeq();
                 for (int i = 0; i < blockSeq.Length(); i++)
                 {
                     if (blockSeq.GetInstr(i).opcode == ICodeConstants.opc_monitorexit)
                     {
                         monitorexit_in_range = true;
                         break;
                     }
                 }
                 if (monitorexit_in_range)
                 {
                     break;
                 }
             }
             if (monitorexit_in_range)
             {
                 continue;
             }
             // protected range already contains monitorexit
             HashSet <BasicBlock> setSuccs = new HashSet <BasicBlock>();
             foreach (BasicBlock block in range.GetProtectedRange())
             {
                 Sharpen.Collections.AddAll(setSuccs, block.GetSuccs());
             }
             setSuccs.ExceptWith(range.GetProtectedRange());
             if (setSuccs.Count != 1)
             {
                 continue;
             }
             // non-unique successor
             BasicBlock          succBlock = new Sharpen.EnumeratorAdapter <BasicBlock>(setSuccs.GetEnumerator()).Next();
             InstructionSequence succSeq   = succBlock.GetSeq();
             int succ_monitorexit_index    = -1;
             for (int i = 0; i < succSeq.Length(); i++)
             {
                 if (succSeq.GetInstr(i).opcode == ICodeConstants.opc_monitorexit)
                 {
                     succ_monitorexit_index = i;
                     break;
                 }
             }
             if (succ_monitorexit_index < 0)
             {
                 continue;
             }
             // monitorexit not found in the single successor block
             BasicBlock handlerBlock = range.GetHandler();
             if (handlerBlock.GetSuccs().Count != 1)
             {
                 continue;
             }
             // non-unique handler successor
             BasicBlock          succHandler    = handlerBlock.GetSuccs()[0];
             InstructionSequence succHandlerSeq = succHandler.GetSeq();
             if (succHandlerSeq.IsEmpty() || succHandlerSeq.GetLastInstr().opcode != ICodeConstants
                 .opc_athrow)
             {
                 continue;
             }
             // not a standard synchronized range
             int handler_monitorexit_index = -1;
             for (int i = 0; i < succHandlerSeq.Length(); i++)
             {
                 if (succHandlerSeq.GetInstr(i).opcode == ICodeConstants.opc_monitorexit)
                 {
                     handler_monitorexit_index = i;
                     break;
                 }
             }
             if (handler_monitorexit_index < 0)
             {
                 continue;
             }
             // monitorexit not found in the handler successor block
             // checks successful, prerequisites satisfied, now extend the range
             if (succ_monitorexit_index < succSeq.Length() - 1)
             {
                 // split block
                 SimpleInstructionSequence seq = new SimpleInstructionSequence();
                 for (int counter = 0; counter < succ_monitorexit_index; counter++)
                 {
                     seq.AddInstruction(succSeq.GetInstr(0), -1);
                     succSeq.RemoveInstruction(0);
                 }
                 // build a separate block
                 BasicBlock newblock = new BasicBlock(++graph.last_id);
                 newblock.SetSeq(seq);
                 // insert new block
                 foreach (BasicBlock block in succBlock.GetPreds())
                 {
                     block.ReplaceSuccessor(succBlock, newblock);
                 }
                 newblock.AddSuccessor(succBlock);
                 graph.GetBlocks().AddWithKey(newblock, newblock.id);
                 succBlock = newblock;
             }
             // copy exception edges and extend protected ranges (successor block)
             BasicBlock rangeExitBlock = succBlock.GetPreds()[0];
             for (int j = 0; j < rangeExitBlock.GetSuccExceptions().Count; j++)
             {
                 BasicBlock hd = rangeExitBlock.GetSuccExceptions()[j];
                 succBlock.AddSuccessorException(hd);
                 ExceptionRangeCFG rng = graph.GetExceptionRange(hd, rangeExitBlock);
                 rng.GetProtectedRange().Add(succBlock);
             }
             // copy instructions (handler successor block)
             InstructionSequence handlerSeq = handlerBlock.GetSeq();
             for (int counter = 0; counter < handler_monitorexit_index; counter++)
             {
                 handlerSeq.AddInstruction(succHandlerSeq.GetInstr(0), -1);
                 succHandlerSeq.RemoveInstruction(0);
             }
             range_extended = true;
             break;
         }
         if (!range_extended)
         {
             break;
         }
     }
 }
Esempio n. 5
0
        private bool CompareBasicBlocksEx(ControlFlowGraph graph, BasicBlock pattern, BasicBlock
                                          sample, int type, int finallytype, List <int[]> lstStoreVars)
        {
            InstructionSequence seqPattern = pattern.GetSeq();
            InstructionSequence seqSample  = sample.GetSeq();

            if (type != 0)
            {
                seqPattern = seqPattern.Clone();
                if ((type & 1) > 0)
                {
                    // first
                    if (finallytype > 0)
                    {
                        seqPattern.RemoveInstruction(0);
                    }
                }
                if ((type & 2) > 0)
                {
                    // last
                    if (finallytype == 0 || finallytype == 2)
                    {
                        seqPattern.RemoveLast();
                    }
                    if (finallytype == 2)
                    {
                        seqPattern.RemoveLast();
                    }
                }
            }
            if (seqPattern.Length() > seqSample.Length())
            {
                return(false);
            }
            for (int i = 0; i < seqPattern.Length(); i++)
            {
                Instruction instrPattern = seqPattern.GetInstr(i);
                Instruction instrSample  = seqSample.GetInstr(i);
                // compare instructions with respect to jumps
                if (!EqualInstructions(instrPattern, instrSample, lstStoreVars))
                {
                    return(false);
                }
            }
            if (seqPattern.Length() < seqSample.Length())
            {
                // split in two blocks
                SimpleInstructionSequence seq        = new SimpleInstructionSequence();
                LinkedList <int>          oldOffsets = new LinkedList <int>();
                for (int i = seqSample.Length() - 1; i >= seqPattern.Length(); i--)
                {
                    seq.AddInstruction(0, seqSample.GetInstr(i), -1);
                    oldOffsets.AddFirst(sample.GetOldOffset(i));
                    seqSample.RemoveInstruction(i);
                }
                BasicBlock newblock = new BasicBlock(++graph.last_id);
                newblock.SetSeq(seq);
                Sharpen.Collections.AddAll(newblock.GetInstrOldOffsets(), oldOffsets);
                List <BasicBlock> lstTemp = new List <BasicBlock>(sample.GetSuccs());
                // move successors
                foreach (BasicBlock suc in lstTemp)
                {
                    sample.RemoveSuccessor(suc);
                    newblock.AddSuccessor(suc);
                }
                sample.AddSuccessor(newblock);
                graph.GetBlocks().AddWithKey(newblock, newblock.id);
                HashSet <BasicBlock> setFinallyExits = graph.GetFinallyExits();
                if (setFinallyExits.Contains(sample))
                {
                    setFinallyExits.Remove(sample);
                    setFinallyExits.Add(newblock);
                }
                // copy exception edges and extend protected ranges
                for (int j = 0; j < sample.GetSuccExceptions().Count; j++)
                {
                    BasicBlock hd = sample.GetSuccExceptions()[j];
                    newblock.AddSuccessorException(hd);
                    ExceptionRangeCFG range = graph.GetExceptionRange(hd, sample);
                    range.GetProtectedRange().Add(newblock);
                }
            }
            return(true);
        }