protected virtual bool canInline(MethodDefinition method)
{
if (method.GenericParameters.Count > 0)
{
return(false);
}
if (MemberReferenceHelper.compareMethodReferenceAndDeclaringType(method, blocks.Method))
{
return(false);
}
if (!MemberReferenceHelper.compareTypes(method.DeclaringType, blocks.Method.DeclaringType))
{
return(false);
}
if (method.IsStatic)
{
return(true);
}
if (method.IsVirtual)
{
return(false);
}
return(inlineInstanceMethods);
}
void findInitializeComponentMethod(TypeDef type, MethodDef possibleInitMethod)
{
foreach (var methodDef in type.AllMethods)
{
if (methodDef.MethodDefinition.Name != ".ctor")
{
continue;
}
if (methodDef.MethodDefinition.Body == null)
{
continue;
}
foreach (var instr in methodDef.MethodDefinition.Body.Instructions)
{
if (instr.OpCode.Code != Code.Call && instr.OpCode.Code != Code.Callvirt)
{
continue;
}
if (!MemberReferenceHelper.compareMethodReferenceAndDeclaringType(possibleInitMethod.MethodDefinition, instr.Operand as MethodReference))
{
continue;
}
memberInfos.method(possibleInitMethod).suggestedName = "InitializeComponent";
return;
}
}
}
public void deobfuscate(Blocks blocks)
{
if (initMethod == null)
{
return;
}
if (blocks.Method.Name != ".cctor")
{
return;
}
foreach (var block in blocks.MethodBlocks.getAllBlocks())
{
var instrs = block.Instructions;
for (int i = 0; i < instrs.Count; i++)
{
var instr = instrs[i];
if (instr.OpCode.Code != Code.Call)
{
continue;
}
var calledMethod = instr.Operand as MethodReference;
if (!MemberReferenceHelper.compareMethodReferenceAndDeclaringType(calledMethod, initMethod))
{
continue;
}
block.remove(i, 1);
i--;
}
}
}
public override bool Equals(object obj)
{
var other = obj as MethodDefKey;
if (other == null)
{
return(false);
}
return(MemberReferenceHelper.compareMethodReferenceAndDeclaringType(methodDef.MethodDefinition, other.methodDef.MethodDefinition));
}
static bool checkCall(Instr instr, MethodReference expectedMethod)
{
if (instr.OpCode.Code != Code.Call && instr.OpCode.Code != Code.Callvirt)
{
return(false);
}
var calledMethod = instr.Operand as MethodReference;
if (calledMethod == null)
{
return(false);
}
return(MemberReferenceHelper.compareMethodReferenceAndDeclaringType(calledMethod, expectedMethod));
}
bool callsExecuteMethod(MethodDefinition method)
{
foreach (var instr in method.Body.Instructions)
{
if (instr.OpCode.Code != Code.Call && instr.OpCode.Code != Code.Callvirt)
{
continue;
}
if (MemberReferenceHelper.compareMethodReferenceAndDeclaringType(decryptExecuteMethod, instr.Operand as MethodReference))
{
return(true);
}
}
return(false);
}
void removeInitCode_v2(Blocks blocks)
{
foreach (var block in blocks.MethodBlocks.getAllBlocks())
{
var instructions = block.Instructions;
for (int i = 0; i <= instructions.Count - 3; i++)
{
var ldtoken = instructions[i];
if (ldtoken.OpCode != OpCodes.Ldtoken)
{
continue;
}
if (!MemberReferenceHelper.compareTypes(blocks.Method.DeclaringType, ldtoken.Operand as TypeReference))
{
continue;
}
var call1 = instructions[i + 1];
if (call1.OpCode != OpCodes.Call)
{
continue;
}
var method1 = call1.Operand as MethodReference;
if (method1 == null || method1.ToString() != "System.Type System.Type::GetTypeFromHandle(System.RuntimeTypeHandle)")
{
continue;
}
var call2 = instructions[i + 2];
if (call2.OpCode != OpCodes.Call)
{
continue;
}
var method2 = call2.Operand as MethodReference;
if (!MemberReferenceHelper.compareMethodReferenceAndDeclaringType(method2, CreateStringDelegateMethod))
{
continue;
}
block.remove(i, 3);
break;
}
}
}
StringInfo getStringInfo(MethodDefinition method)
{
if (method == null || method.Body == null)
{
return(null);
}
var instrs = method.Body.Instructions;
for (int i = 0; i < instrs.Count - 2; i++)
{
var ldci4 = instrs[i];
if (!DotNetUtils.isLdcI4(ldci4))
{
continue;
}
int stringId = DotNetUtils.getLdcI4Value(ldci4);
var call = instrs[i + 1];
if (call.OpCode.Code != Code.Call)
{
continue;
}
var calledMethod = call.Operand as MethodReference;
if (!MemberReferenceHelper.compareMethodReferenceAndDeclaringType(stringDecrypterMethod, calledMethod))
{
continue;
}
var stsfld = instrs[i + 2];
if (stsfld.OpCode.Code != Code.Stsfld)
{
continue;
}
var field = stsfld.Operand as FieldDefinition;
if (field == null)
{
continue;
}
return(new StringInfo(field, stringId));
}
return(null);
}
public bool deobfuscate(Blocks blocks)
{
if (blocks.Method.Name != ".cctor" && blocks.Method.Name != ".ctor")
{
return(false);
}
foreach (var block in blocks.MethodBlocks.getAllBlocks())
{
var instrs = block.Instructions;
for (int i = 0; i < instrs.Count - 2; i++)
{
var ldtoken = instrs[i];
if (ldtoken.OpCode.Code != Code.Ldtoken)
{
continue;
}
var call1 = instrs[i + 1];
if (call1.OpCode.Code != Code.Call && call1.OpCode.Code != Code.Callvirt)
{
continue;
}
if (!DotNetUtils.isMethod(call1.Operand as MethodReference, "System.Type", "(System.RuntimeTypeHandle)"))
{
continue;
}
var call2 = instrs[i + 2];
if (call2.OpCode.Code != Code.Call && call2.OpCode.Code != Code.Callvirt)
{
continue;
}
if (!MemberReferenceHelper.compareMethodReferenceAndDeclaringType(call2.Operand as MethodReference, strongNameCheckMethod))
{
continue;
}
block.remove(i, 3);
return(true);
}
}
return(false);
}
int countPops(MethodDefinition method)
{
int count = 0;
foreach (var instr in method.Body.Instructions)
{
if (instr.OpCode.Code != Code.Call && instr.OpCode.Code != Code.Callvirt)
{
continue;
}
var calledMethod = instr.Operand as MethodReference;
if (!MemberReferenceHelper.compareMethodReferenceAndDeclaringType(calledMethod, csvmInfo.PopMethod))
{
continue;
}
count++;
}
return(count);
}
void removeInitCode_v1(Blocks blocks)
{
foreach (var block in blocks.MethodBlocks.getAllBlocks())
{
var instructions = block.Instructions;
for (int i = 0; i < instructions.Count; i++)
{
var call = instructions[i];
if (call.OpCode != OpCodes.Call)
{
continue;
}
var method = call.Operand as MethodReference;
if (!MemberReferenceHelper.compareMethodReferenceAndDeclaringType(method, CreateStringDelegateMethod))
{
continue;
}
block.remove(i, 1);
break;
}
}
}
MethodDefinition findInitMethod(ISimpleDeobfuscator simpleDeobfuscator) {
var ctor = DotNetUtils.getMethod(Type, ".ctor");
foreach (var method in Type.Methods) {
if (!method.IsStatic || method.Body == null)
continue;
if (!DotNetUtils.isMethod(method, "System.Void", "()"))
continue;
if (method.Body.Variables.Count > 1)
continue;
simpleDeobfuscator.deobfuscate(method);
bool stsfldUsed = false, newobjUsed = false;
foreach (var instr in method.Body.Instructions) {
if (instr.OpCode.Code == Code.Stsfld) {
var field = instr.Operand as FieldReference;
if (field == null || field.FieldType.FullName != "System.Boolean")
continue;
if (!MemberReferenceHelper.compareTypes(Type, field.DeclaringType))
continue;
stsfldUsed = true;
}
else if (instr.OpCode.Code == Code.Newobj) {
var calledCtor = instr.Operand as MethodReference;
if (calledCtor == null)
continue;
if (!MemberReferenceHelper.compareMethodReferenceAndDeclaringType(calledCtor, ctor))
continue;
newobjUsed = true;
}
}
if (!stsfldUsed || !newobjUsed)
continue;
return method;
}
return null;
}
public void deobfuscate(Blocks blocks)
{
if (arrayDecrypter == null)
{
return;
}
var infos = new List <ArrayInfo>();
foreach (var block in blocks.MethodBlocks.getAllBlocks())
{
var instrs = block.Instructions;
infos.Clear();
for (int i = 0; i < instrs.Count - 6; i++)
{
int index = i;
var ldci4 = instrs[index++];
if (!ldci4.isLdcI4())
{
continue;
}
var newarr = instrs[index++];
if (newarr.OpCode.Code != Code.Newarr)
{
continue;
}
if (newarr.Operand == null || newarr.Operand.ToString() != "System.Byte")
{
continue;
}
if (instrs[index++].OpCode.Code != Code.Dup)
{
continue;
}
var ldtoken = instrs[index++];
if (ldtoken.OpCode.Code != Code.Ldtoken)
{
continue;
}
var field = ldtoken.Operand as FieldDefinition;
if (field == null)
{
continue;
}
var call1 = instrs[index++];
if (call1.OpCode.Code != Code.Call && call1.OpCode.Code != Code.Callvirt)
{
continue;
}
if (!DotNetUtils.isMethod(call1.Operand as MethodReference, "System.Void", "(System.Array,System.RuntimeFieldHandle)"))
{
continue;
}
var call2 = instrs[index++];
if (call2.OpCode.Code != Code.Call && call2.OpCode.Code != Code.Callvirt)
{
continue;
}
if (!MemberReferenceHelper.compareMethodReferenceAndDeclaringType(call2.Operand as MethodReference, arrayDecrypter))
{
continue;
}
var castclass = instrs[index++];
if (castclass.OpCode.Code != Code.Castclass)
{
continue;
}
var arrayType = castclass.Operand as ArrayType;
if (arrayType == null)
{
continue;
}
if (arrayType.ElementType.PrimitiveSize == -1)
{
Log.w("Can't decrypt non-primitive type array in method {0}", blocks.Method.MetadataToken.ToInt32());
continue;
}
infos.Add(new ArrayInfo(i, index - i, field, arrayType));
}
infos.Reverse();
foreach (var info in infos)
{
var elemSize = info.arrayType.ElementType.PrimitiveSize;
var decrypted = decryptArray(info.encryptedField.InitialValue, elemSize);
initializedDataCreator.addInitializeArrayCode(block, info.start, info.len, info.arrayType.ElementType, decrypted);
Log.v("Decrypted {0} array: {1} elements", info.arrayType.ElementType.ToString(), decrypted.Length / elemSize);
}
}
}
