public static IObfuscatedFile SearchDeobfuscator(string filename)
{
TheAssemblyResolver.Instance.ClearAll();
var fileOptions = new ObfuscatedFile.Options {
Filename = filename
};
var moduleContext = new ModuleContext(TheAssemblyResolver.Instance);
var ofile = new ObfuscatedFile(fileOptions, moduleContext, new NewAppDomainAssemblyClientFactory())
{
DeobfuscatorContext = new DeobfuscatorContext(),
};
try
{
ofile.Load(CreateDeobfuscatorInfos().Select(di => di.CreateDeobfuscator()).ToList());
}
catch (Exception)
{
return(null);
}
return(ofile);
}
private static void CleanControlFlow()
{
Logger.Instance.MaxLoggerEvent = 0;
var options = new ObfuscatedFile.Options
{
Filename = _obfOsuPath,
ControlFlowDeobfuscation = true,
KeepObfuscatorTypes = true,
RenamerFlags = 0,
StringDecrypterType = DecrypterType.None,
MetadataFlags = DEFAULT_METADATA_FLAGS
};
var obfFile = new ObfuscatedFile(options, new ModuleContext(TheAssemblyResolver.Instance), new NewAppDomainAssemblyClientFactory())
{
DeobfuscatorContext = new DeobfuscatorContext()
};
obfFile.Load(new List <IDeobfuscator> {
new de4dot.code.deobfuscators.Unknown.DeobfuscatorInfo().CreateDeobfuscator()
});
obfFile.DeobfuscateBegin();
obfFile.Deobfuscate();
obfFile.DeobfuscateEnd();
_obfOsuModule = obfFile.ModuleDefMD;
}
public IObfuscatedFile SearchDeobfuscator(string filename)
{
ModuleContext context = new ModuleContext();
ObfuscatedFile.Options fileOptions = new ObfuscatedFile.Options {
Filename = filename
};
ObfuscatedFile ofile = CreateObfuscationFile(fileOptions, context);
return(ofile);
}
private IObfuscatedFile UpdateObfuscationFileWithOptions(De4dotWrapper de4Dot, string location, string newFile)
{
ObfuscatedFile.Options options = new ObfuscatedFile.Options();
options.ControlFlowDeobfuscation = this.EnableControlFlowDeobfuscation;
options.NewFilename = newFile;
options.KeepObfuscatorTypes = this.KeepObfuscatorClasses;
options.Filename = location;
var context = new ModuleContext();
ObfuscatedFile result = de4Dot.CreateObfuscationFile(options, context);
return(result);
}
IObfuscatedFile CreateObfuscatedFile(SearchDir searchDir, string filename)
{
var fileOptions = new ObfuscatedFile.Options
{
Filename = Utils.GetFullPath(filename),
ControlFlowDeobfuscation = options.ControlFlowDeobfuscation,
KeepObfuscatorTypes = options.KeepObfuscatorTypes,
MetaDataFlags = options.MetaDataFlags,
RenamerFlags = options.RenamerFlags,
};
if (options.DefaultStringDecrypterType != null)
{
fileOptions.StringDecrypterType = options.DefaultStringDecrypterType.Value;
}
fileOptions.StringDecrypterMethods.AddRange(options.DefaultStringDecrypterMethods);
if (!string.IsNullOrEmpty(searchDir.OutputDirectory))
{
var inDir = Utils.GetFullPath(searchDir.InputDirectory);
var outDir = Utils.GetFullPath(searchDir.OutputDirectory);
if (!Utils.StartsWith(fileOptions.Filename, inDir, StringComparison.OrdinalIgnoreCase))
{
throw new UserException(string.Format("Filename {0} does not start with inDir {1}", fileOptions.Filename, inDir));
}
var subDirs = fileOptions.Filename.Substring(inDir.Length);
if (subDirs.Length > 0 && subDirs[0] == Path.DirectorySeparatorChar)
{
subDirs = subDirs.Substring(1);
}
fileOptions.NewFilename = Utils.GetFullPath(Path.Combine(outDir, subDirs));
if (fileOptions.Filename.Equals(fileOptions.NewFilename, StringComparison.OrdinalIgnoreCase))
{
throw new UserException(string.Format("Input and output filename is the same: {0}", fileOptions.Filename));
}
}
var obfuscatedFile = new ObfuscatedFile(fileOptions, options.ModuleContext, options.AssemblyClientFactory);
if (Add(obfuscatedFile, searchDir.SkipUnknownObfuscators, false))
{
return(obfuscatedFile);
}
obfuscatedFile.Dispose();
return(null);
}
public ObfuscatedFile CreateObfuscationFile(ObfuscatedFile.Options fileOptions, ModuleContext moduleContext)
{
ObfuscatedFile ofile = new ObfuscatedFile(fileOptions, moduleContext, new NewAppDomainAssemblyClientFactory());
ofile.DeobfuscatorContext = new DeobfuscatorContext();
try
{
ofile.Load(CreateDeobfuscatorInfos().Select(di => di.CreateDeobfuscator()).ToList());
}
catch (Exception ex)
{
MessageBox.Show(ex.Message);
return(null);
}
return(ofile);
}
private IObfuscatedFile CreateObfuscationFile(ObfuscatedFile.Options fileOptions, ModuleContext moduleContext)
{
var obfuscatedFile = new ObfuscatedFile(fileOptions, moduleContext, new NewAppDomainAssemblyClientFactory())
{
DeobfuscatorContext = new DeobfuscatorContext()
};
try
{
obfuscatedFile.load(knownDeobfuscators.Select(info => info.createDeobfuscator()).ToList());
}
catch (Exception ex)
{
MessageBox.ShowError(ex.Message);
return(null);
}
return(obfuscatedFile);
}
