public static IObfuscatedFile SearchDeobfuscator(string filename) { TheAssemblyResolver.Instance.ClearAll(); var fileOptions = new ObfuscatedFile.Options { Filename = filename }; var moduleContext = new ModuleContext(TheAssemblyResolver.Instance); var ofile = new ObfuscatedFile(fileOptions, moduleContext, new NewAppDomainAssemblyClientFactory()) { DeobfuscatorContext = new DeobfuscatorContext(), }; try { ofile.Load(CreateDeobfuscatorInfos().Select(di => di.CreateDeobfuscator()).ToList()); } catch (Exception) { return(null); } return(ofile); }
private static void CleanControlFlow() { Logger.Instance.MaxLoggerEvent = 0; var options = new ObfuscatedFile.Options { Filename = _obfOsuPath, ControlFlowDeobfuscation = true, KeepObfuscatorTypes = true, RenamerFlags = 0, StringDecrypterType = DecrypterType.None, MetadataFlags = DEFAULT_METADATA_FLAGS }; var obfFile = new ObfuscatedFile(options, new ModuleContext(TheAssemblyResolver.Instance), new NewAppDomainAssemblyClientFactory()) { DeobfuscatorContext = new DeobfuscatorContext() }; obfFile.Load(new List <IDeobfuscator> { new de4dot.code.deobfuscators.Unknown.DeobfuscatorInfo().CreateDeobfuscator() }); obfFile.DeobfuscateBegin(); obfFile.Deobfuscate(); obfFile.DeobfuscateEnd(); _obfOsuModule = obfFile.ModuleDefMD; }
public IObfuscatedFile SearchDeobfuscator(string filename) { ModuleContext context = new ModuleContext(); ObfuscatedFile.Options fileOptions = new ObfuscatedFile.Options { Filename = filename }; ObfuscatedFile ofile = CreateObfuscationFile(fileOptions, context); return(ofile); }
private IObfuscatedFile UpdateObfuscationFileWithOptions(De4dotWrapper de4Dot, string location, string newFile) { ObfuscatedFile.Options options = new ObfuscatedFile.Options(); options.ControlFlowDeobfuscation = this.EnableControlFlowDeobfuscation; options.NewFilename = newFile; options.KeepObfuscatorTypes = this.KeepObfuscatorClasses; options.Filename = location; var context = new ModuleContext(); ObfuscatedFile result = de4Dot.CreateObfuscationFile(options, context); return(result); }
IObfuscatedFile CreateObfuscatedFile(SearchDir searchDir, string filename) { var fileOptions = new ObfuscatedFile.Options { Filename = Utils.GetFullPath(filename), ControlFlowDeobfuscation = options.ControlFlowDeobfuscation, KeepObfuscatorTypes = options.KeepObfuscatorTypes, MetaDataFlags = options.MetaDataFlags, RenamerFlags = options.RenamerFlags, }; if (options.DefaultStringDecrypterType != null) { fileOptions.StringDecrypterType = options.DefaultStringDecrypterType.Value; } fileOptions.StringDecrypterMethods.AddRange(options.DefaultStringDecrypterMethods); if (!string.IsNullOrEmpty(searchDir.OutputDirectory)) { var inDir = Utils.GetFullPath(searchDir.InputDirectory); var outDir = Utils.GetFullPath(searchDir.OutputDirectory); if (!Utils.StartsWith(fileOptions.Filename, inDir, StringComparison.OrdinalIgnoreCase)) { throw new UserException(string.Format("Filename {0} does not start with inDir {1}", fileOptions.Filename, inDir)); } var subDirs = fileOptions.Filename.Substring(inDir.Length); if (subDirs.Length > 0 && subDirs[0] == Path.DirectorySeparatorChar) { subDirs = subDirs.Substring(1); } fileOptions.NewFilename = Utils.GetFullPath(Path.Combine(outDir, subDirs)); if (fileOptions.Filename.Equals(fileOptions.NewFilename, StringComparison.OrdinalIgnoreCase)) { throw new UserException(string.Format("Input and output filename is the same: {0}", fileOptions.Filename)); } } var obfuscatedFile = new ObfuscatedFile(fileOptions, options.ModuleContext, options.AssemblyClientFactory); if (Add(obfuscatedFile, searchDir.SkipUnknownObfuscators, false)) { return(obfuscatedFile); } obfuscatedFile.Dispose(); return(null); }
public ObfuscatedFile CreateObfuscationFile(ObfuscatedFile.Options fileOptions, ModuleContext moduleContext) { ObfuscatedFile ofile = new ObfuscatedFile(fileOptions, moduleContext, new NewAppDomainAssemblyClientFactory()); ofile.DeobfuscatorContext = new DeobfuscatorContext(); try { ofile.Load(CreateDeobfuscatorInfos().Select(di => di.CreateDeobfuscator()).ToList()); } catch (Exception ex) { MessageBox.Show(ex.Message); return(null); } return(ofile); }
private IObfuscatedFile CreateObfuscationFile(ObfuscatedFile.Options fileOptions, ModuleContext moduleContext) { var obfuscatedFile = new ObfuscatedFile(fileOptions, moduleContext, new NewAppDomainAssemblyClientFactory()) { DeobfuscatorContext = new DeobfuscatorContext() }; try { obfuscatedFile.load(knownDeobfuscators.Select(info => info.createDeobfuscator()).ToList()); } catch (Exception ex) { MessageBox.ShowError(ex.Message); return(null); } return(obfuscatedFile); }