public override void DeobfuscateBegin()
{
base.DeobfuscateBegin();
stringDecrypter = new StringDecrypter(decrypterInfo);
stringDecrypter.Find();
if (stringDecrypter.Detected)
{
stringDecrypter.Initialize(GetEncoding(options.StringCodePage));
staticStringInliner.Add(stringDecrypter.Method, (method, gim, args) => stringDecrypter.Decrypt((uint)args[0]));
DeobfuscatedFile.StringDecryptersAdded();
}
else
{
FreePEImage();
}
foreach (var method in mainType.InitMethods)
{
AddCctorInitCallToBeRemoved(method);
}
AddTypeToBeRemoved(mainType.Type, "Obfuscator type");
RemoveDuplicateEmbeddedResources();
RemoveInvalidResources();
}
public override void DeobfuscateBegin()
{
base.DeobfuscateBegin();
staticStringInliner.Add(stringDecrypter.Method, (method, gim, args) => stringDecrypter.Decrypt((int)args[1], (int)args[2]));
DeobfuscatedFile.StringDecryptersAdded();
}
public override void deobfuscateBegin()
{
base.deobfuscateBegin();
stringDecrypter.initialize(DeobfuscatedFile);
staticStringInliner.add(stringDecrypter.Method, (method2, gim, args) => {
return(stringDecrypter.decrypt((int)args[0]));
});
DeobfuscatedFile.stringDecryptersAdded();
assemblyResolver.initialize(DeobfuscatedFile, this);
assemblyResolver.initializeEmbeddedFiles();
addModuleCctorInitCallToBeRemoved(assemblyResolver.InitMethod);
resourceResolver.initialize(DeobfuscatedFile, this);
foreach (var info in resourceResolver.mergeResources())
{
addResourceToBeRemoved(info.Resource, "Encrypted resources");
}
addModuleCctorInitCallToBeRemoved(resourceResolver.InitMethod);
resourceMethodsRestorer = new ResourceMethodsRestorer(module);
resourceMethodsRestorer.find(DeobfuscatedFile, this);
dumpEmbeddedAssemblies();
}
public override void DeobfuscateBegin()
{
base.DeobfuscateBegin();
stringDecrypter.Initialize(DeobfuscatedFile);
staticStringInliner.Add(stringDecrypter.RealMethod, (method2, gim, args) => {
return(stringDecrypter.Decrypt((int)args[0]));
});
DeobfuscatedFile.StringDecryptersAdded();
assemblyResolver.Initialize(DeobfuscatedFile, this);
assemblyResolver.InitializeEmbeddedFiles();
AddModuleCctorInitCallToBeRemoved(assemblyResolver.InitMethod);
resourceResolver.Initialize(DeobfuscatedFile, this);
foreach (var info in resourceResolver.MergeResources())
{
AddResourceToBeRemoved(info.Resource, "Encrypted resources");
}
AddModuleCctorInitCallToBeRemoved(resourceResolver.InitMethod);
resourceMethodsRestorer = new ResourceMethodsRestorer(Module);
if ((Operations.RenamerFlags & (RenamerFlags.RenameTypes | RenamerFlags.RenameNamespaces)) != 0)
{
resourceMethodsRestorer.Find(DeobfuscatedFile, this);
}
DumpEmbeddedAssemblies();
}
void InitializeConstantsDecrypterV18()
{
if (hasInitializedConstantsDecrypter || constantsDecrypterV18 == null || !constantsDecrypterV18.Detected)
{
return;
}
hasInitializedConstantsDecrypter = true;
DecryptResources();
constantsDecrypterV18.Initialize();
int32ValueInliner = new Int32ValueInliner();
int64ValueInliner = new Int64ValueInliner();
singleValueInliner = new SingleValueInliner();
doubleValueInliner = new DoubleValueInliner();
foreach (var info in constantsDecrypterV18.Decrypters)
{
staticStringInliner.Add(info.method, (method, gim, args) => constantsDecrypterV18.DecryptString(method, gim, (uint)args[0], (ulong)args[1]));
int32ValueInliner.Add(info.method, (method, gim, args) => constantsDecrypterV18.DecryptInt32(method, gim, (uint)args[0], (ulong)args[1]));
int64ValueInliner.Add(info.method, (method, gim, args) => constantsDecrypterV18.DecryptInt64(method, gim, (uint)args[0], (ulong)args[1]));
singleValueInliner.Add(info.method, (method, gim, args) => constantsDecrypterV18.DecryptSingle(method, gim, (uint)args[0], (ulong)args[1]));
doubleValueInliner.Add(info.method, (method, gim, args) => constantsDecrypterV18.DecryptDouble(method, gim, (uint)args[0], (ulong)args[1]));
}
DeobfuscatedFile.StringDecryptersAdded();
AddTypesToBeRemoved(constantsDecrypterV18.Types, "Constants decrypter type");
AddFieldsToBeRemoved(constantsDecrypterV18.Fields, "Constants decrypter field");
AddMethodToBeRemoved(constantsDecrypterV18.NativeMethod, "Constants decrypter native method");
AddTypeToBeRemoved(constantsDecrypterV18.LzmaType, "LZMA type");
AddResourceToBeRemoved(constantsDecrypterV18.Resource, "Encrypted constants");
}
public override void deobfuscateBegin()
{
base.deobfuscateBegin();
if (options.RestoreFields)
{
fieldsRestorer = new FieldsRestorer(module);
fieldsRestorer.initialize();
}
foreach (var method in stringDecrypter.DecrypterMethods)
{
staticStringInliner.add(method, (method2, args) => {
return(stringDecrypter.decrypt(method2, args));
});
}
DeobfuscatedFile.stringDecryptersAdded();
resourceResolver.initialize();
decryptResources();
dumpEmbeddedAssemblies();
startedDeobfuscating = true;
}
public override void deobfuscateBegin()
{
base.deobfuscateBegin();
staticStringInliner.add(stringDecrypter.Method, (method, gim, args) => stringDecrypter.decrypt((string)args[0], (int)args[1]));
DeobfuscatedFile.stringDecryptersAdded();
}
public override void DeobfuscateBegin()
{
base.DeobfuscateBegin();
cliSecureRtType.FindStringDecrypterMethod();
stringDecrypter.AddDecrypterInfos(cliSecureRtType.StringDecrypterInfos);
stringDecrypter.Initialize();
AddAttributesToBeRemoved(cliSecureAttributes, "Obfuscator attribute");
if (options.DecryptResources)
{
DecryptResources(resourceDecrypter);
AddCctorInitCallToBeRemoved(resourceDecrypter.RsrcRrrMethod);
}
stackFrameHelper = new StackFrameHelper(Module);
stackFrameHelper.Find();
foreach (var type in Module.Types)
{
if (type.FullName == "InitializeDelegate" && DotNetUtils.DerivesFromDelegate(type))
{
this.AddTypeToBeRemoved(type, "Obfuscator type");
}
}
proxyCallFixer.Find();
foreach (var info in stringDecrypter.StringDecrypterInfos)
{
staticStringInliner.Add(info.Method, (method, gim, args) => stringDecrypter.Decrypt((string)args[0]));
}
DeobfuscatedFile.StringDecryptersAdded();
if (options.DecryptMethods)
{
AddCctorInitCallToBeRemoved(cliSecureRtType.InitializeMethod);
AddCctorInitCallToBeRemoved(cliSecureRtType.PostInitializeMethod);
FindPossibleNamesToRemove(cliSecureRtType.LoadMethod);
}
if (options.RestoreVmCode && (csvmV1.Detected || csvmV2.Detected))
{
if (csvmV1.Detected && csvmV1.Restore())
{
AddResourceToBeRemoved(csvmV1.Resource, "CSVM data resource");
}
else if (csvmV2.Detected && csvmV2.Restore())
{
AddResourceToBeRemoved(csvmV2.Resource, "CSVM data resource");
}
else
{
Logger.e("Couldn't restore VM methods. Use --dont-rename or it will not run");
PreserveTokensAndTypes();
}
}
}
public override void DeobfuscateBegin()
{
base.DeobfuscateBegin();
if (options.DecryptResources)
{
AddCctorInitCallToBeRemoved(resourceResolver.InitMethod);
AddTypeToBeRemoved(resourceResolver.Type, "Resource resolver type");
}
DecryptResources();
stringDecrypter.Initialize();
if (Operations.DecryptStrings != OpDecryptString.None)
{
if (stringDecrypter.Resource != null)
{
Logger.v("Adding string decrypter. Resource: {0}", Utils.ToCsharpString(stringDecrypter.Resource.Name));
}
staticStringInliner.Add(stringDecrypter.DecryptMethod, (method, gim, args) => {
return(stringDecrypter.Decrypt(args));
});
DeobfuscatedFile.StringDecryptersAdded();
}
if (options.DumpEmbeddedAssemblies)
{
assemblyResolver.Initialize(DeobfuscatedFile, this);
// Need to dump the assemblies before decrypting methods in case there's a reference
// in the encrypted code to one of these assemblies.
DumpEmbeddedAssemblies();
}
if (options.DecryptMethods)
{
methodsDecrypter.Initialize(DeobfuscatedFile, this);
methodsDecrypter.decrypt();
}
if (options.DecryptConstants)
{
constantsDecrypter.Initialize(DeobfuscatedFile, this);
AddTypeToBeRemoved(constantsDecrypter.Type, "Constants decrypter type");
AddResourceToBeRemoved(constantsDecrypter.Resource, "Encrypted constants");
int32ValueInliner = new Int32ValueInliner();
int32ValueInliner.Add(constantsDecrypter.Int32Decrypter, (method, gim, args) => constantsDecrypter.DecryptInt32((int)args[0]));
int64ValueInliner = new Int64ValueInliner();
int64ValueInliner.Add(constantsDecrypter.Int64Decrypter, (method, gim, args) => constantsDecrypter.DecryptInt64((int)args[0]));
singleValueInliner = new SingleValueInliner();
singleValueInliner.Add(constantsDecrypter.SingleDecrypter, (method, gim, args) => constantsDecrypter.DecryptSingle((int)args[0]));
doubleValueInliner = new DoubleValueInliner();
doubleValueInliner.Add(constantsDecrypter.DoubleDecrypter, (method, gim, args) => constantsDecrypter.DecryptDouble((int)args[0]));
}
proxyCallFixer.Find();
startedDeobfuscating = true;
}
void DumpEmbeddedAssemblies()
{
foreach (var info in assemblyResolver.AssemblyInfos)
{
DeobfuscatedFile.CreateAssemblyFile(info.Data, info.SimpleName, info.Extension);
AddResourceToBeRemoved(info.Resource, string.Format("Embedded assembly: {0}", info.AssemblyFullName));
}
}
void DumpUnpackedFiles()
{
foreach (var unpackedFile in unpackedFiles)
{
DeobfuscatedFile.CreateAssemblyFile(unpackedFile.data,
Win32Path.GetFileNameWithoutExtension(unpackedFile.filename),
Win32Path.GetExtension(unpackedFile.filename));
}
}
void dumpEmbeddedAssemblies()
{
assemblyResolver.resolveResources();
foreach (var tuple in assemblyResolver.getDecryptedResources())
{
DeobfuscatedFile.createAssemblyFile(tuple.Item2, tuple.Item1.simpleName);
addResourceToBeRemoved(tuple.Item1.resource, string.Format("Embedded assembly: {0}", tuple.Item1.assemblyName));
}
}
public override void DeobfuscateBegin()
{
base.DeobfuscateBegin();
foreach (var info in stringDecrypter.StringDecrypterInfos)
{
staticStringInliner.Add(info.method, (method, gim, args) => stringDecrypter.Decrypt(method, (string)args[0], (int)args[1]));
}
DeobfuscatedFile.StringDecryptersAdded();
}
void DumpEmbeddedAssemblies()
{
assemblyResolver.ResolveResources();
foreach (var tuple in assemblyResolver.GetDecryptedResources())
{
DeobfuscatedFile.CreateAssemblyFile(tuple.Item2, tuple.Item1.simpleName, null);
AddResourceToBeRemoved(tuple.Item1.resource, $"Embedded assembly: {tuple.Item1.assemblyName}");
}
}
void dumpEmbeddedAssemblies()
{
foreach (var info in assemblyResolver.AssemblyInfos)
{
DeobfuscatedFile.createAssemblyFile(info.data, info.simpleName, info.extension);
}
addResourceToBeRemoved(assemblyResolver.BundleDataResource, "Embedded assemblies resource");
addResourceToBeRemoved(assemblyResolver.BundleXmlFileResource, "Embedded assemblies XML file resource");
addTypesToBeRemoved(assemblyResolver.BundleTypes, "Obfuscator assembly bundle types");
}
public override IDeobfuscator ModuleReloaded(ModuleDefMD module)
{
if (module.Assembly != null)
{
realAssemblyInfo = null;
}
if (realAssemblyInfo != null)
{
realAssemblyInfo.realAssembly.Modules.Insert(0, module);
if (realAssemblyInfo.entryPointToken != 0)
{
module.EntryPoint = module.ResolveToken((int)realAssemblyInfo.entryPointToken) as MethodDef;
}
module.Kind = realAssemblyInfo.kind;
module.Name = new UTF8String(realAssemblyInfo.moduleName);
}
var newOne = new Deobfuscator(options);
DeobfuscatedFile.SetDeobfuscator(newOne);
newOne.realAssemblyInfo = realAssemblyInfo;
newOne.decryptState = decryptState;
newOne.DeobfuscatedFile = DeobfuscatedFile;
newOne.ModuleBytes = ModuleBytes;
newOne.embeddedAssemblyInfos.AddRange(embeddedAssemblyInfos);
newOne.SetModule(module);
newOne.RemoveObfuscatorAttribute();
newOne.jitMethodsDecrypter = hasUnpacked ? new JitMethodsDecrypter(module, DeobfuscatedFile) :
new JitMethodsDecrypter(module, DeobfuscatedFile, jitMethodsDecrypter);
if ((newOne.decryptState & DecryptState.CanDecryptMethods) != 0)
{
try {
newOne.jitMethodsDecrypter.Find();
}
catch {
}
if (newOne.jitMethodsDecrypter.Detected)
{
return(newOne);
}
}
newOne.memoryMethodsDecrypter = hasUnpacked ? new MemoryMethodsDecrypter(module, DeobfuscatedFile) :
new MemoryMethodsDecrypter(module, DeobfuscatedFile, memoryMethodsDecrypter);
if ((newOne.decryptState & DecryptState.CanDecryptMethods) != 0)
{
newOne.memoryMethodsDecrypter.Find();
if (newOne.memoryMethodsDecrypter.Detected)
{
return(newOne);
}
}
newOne.InitializeTheRest(this);
return(newOne);
}
public override void deobfuscateBegin()
{
base.deobfuscateBegin();
proxyDelegateFinder = new ProxyDelegateFinder(module);
proxyDelegateFinder.find();
localsRestorer = new LocalsRestorer(module);
if (options.RestoreLocals)
{
localsRestorer.find();
}
logicalExpressionFixer = new LogicalExpressionFixer();
stringDecrypter.initialize();
integerDecrypter.initialize();
arrayDecrypter.initialize();
if (options.DecryptIntegers)
{
int32ValueInliner = new Int32ValueInliner();
foreach (var method in integerDecrypter.getMethods())
{
int32ValueInliner.add(method, (method2, args) => {
return(integerDecrypter.decrypt(method2));
});
}
}
if (options.DecryptArrays)
{
arrayValueInliner = new ArrayValueInliner(module, initializedDataCreator);
foreach (var method in arrayDecrypter.getMethods())
{
arrayValueInliner.add(method, (method2, args) => {
return(arrayDecrypter.decrypt(method2));
});
}
}
foreach (var method in stringDecrypter.getMethods())
{
staticStringInliner.add(method, (method2, args) => {
return(stringDecrypter.decrypt(method2));
});
DeobfuscatedFile.stringDecryptersAdded();
}
if (options.RemoveAntiStrongName)
{
addTypeToBeRemoved(strongNameChecker.Type, "Strong name checker type");
}
startedDeobfuscating = true;
}
public override void deobfuscateBegin()
{
base.deobfuscateBegin();
staticStringInliner.add(stringDecrypter.Method, (method, gim, args) => stringDecrypter.decrypt((string)args[0]));
DeobfuscatedFile.stringDecryptersAdded();
proxyCallFixer.find();
cfMethodCallInliner = new CfMethodCallInliner(proxyCallFixer);
dumpEmbeddedAssemblies();
}
void InitializeStringDecrypter()
{
if (hasInitializedStringDecrypter || stringDecrypter == null || !stringDecrypter.Detected)
{
return;
}
hasInitializedStringDecrypter = true;
DecryptResources();
stringDecrypter.Initialize();
staticStringInliner.Add(stringDecrypter.Method, (method, gim, args) => stringDecrypter.Decrypt(staticStringInliner.Method, (int)args[0]));
DeobfuscatedFile.StringDecryptersAdded();
}
void DumpEmbeddedAssemblies()
{
if (!options.DumpEmbeddedAssemblies)
{
return;
}
foreach (var info in assemblyResolver.GetEmbeddedAssemblies(DeobfuscatedFile, this))
{
var simpleName = Utils.GetAssemblySimpleName(info.name);
DeobfuscatedFile.CreateAssemblyFile(info.resource.GetResourceData(), simpleName, null);
AddResourceToBeRemoved(info.resource, string.Format("Embedded assembly: {0}", info.name));
}
}
void DumpEmbeddedAssemblies()
{
if (!options.DumpEmbeddedAssemblies)
{
return;
}
foreach (var info in assemblyResolver.GetEmbeddedAssemblies(DeobfuscatedFile, this))
{
var simpleName = Utils.GetAssemblySimpleName(info.name);
DeobfuscatedFile.CreateAssemblyFile(info.resource.CreateReader().ToArray(), simpleName, null);
AddResourceToBeRemoved(info.resource, $"Embedded assembly: {info.name}");
}
}
public override void deobfuscateBegin()
{
base.deobfuscateBegin();
cliSecureRtType.findStringDecrypterMethod();
stringDecrypter.Method = cliSecureRtType.StringDecrypterMethod;
addAttributesToBeRemoved(cliSecureAttributes, "Obfuscator attribute");
if (options.DecryptResources)
{
decryptResources(resourceDecrypter);
addCctorInitCallToBeRemoved(resourceDecrypter.RsrcRrrMethod);
}
stackFrameHelper = new StackFrameHelper(module);
stackFrameHelper.find();
foreach (var type in module.Types)
{
if (type.FullName == "InitializeDelegate" && DotNetUtils.derivesFromDelegate(type))
{
this.addTypeToBeRemoved(type, "Obfuscator type");
}
}
proxyCallFixer.find();
staticStringInliner.add(stringDecrypter.Method, (method, gim, args) => stringDecrypter.decrypt((string)args[0]));
DeobfuscatedFile.stringDecryptersAdded();
if (options.DecryptMethods)
{
addCctorInitCallToBeRemoved(cliSecureRtType.InitializeMethod);
addCctorInitCallToBeRemoved(cliSecureRtType.PostInitializeMethod);
findPossibleNamesToRemove(cliSecureRtType.LoadMethod);
}
if (options.RestoreVmCode)
{
if (csvm.restore())
{
addResourceToBeRemoved(csvm.Resource, "CSVM data resource");
}
else
{
Logger.e("Couldn't restore VM methods. Use --dont-rename or it will not run");
preserveTokensAndTypes();
}
}
}
void DumpResourceFiles()
{
foreach (var resource in libAssemblyResolver.Resources)
{
var mod = ModuleDefMD.Load(resource.Data.ReadAllBytes());
AddResourceToBeRemoved(resource, string.Format("Embedded assembly: {0}", mod.Assembly.FullName));
DeobfuscatedFile.CreateAssemblyFile(resource.GetResourceData(),
Utils.GetAssemblySimpleName(mod.Assembly.FullName),
DeobUtils.GetExtension(mod.Kind));
}
RemoveInitCall(libAssemblyResolver.InitMethod);
AddCallToBeRemoved(module.EntryPoint, libAssemblyResolver.InitMethod);
AddTypeToBeRemoved(libAssemblyResolver.Type, "Assembly resolver type (library mode)");
}
void DumpEmbeddedAssemblies()
{
if (!options.DumpEmbeddedAssemblies)
{
return;
}
foreach (var info in assemblyResolver.EmbeddedAssemblyInfos)
{
DeobfuscatedFile.CreateAssemblyFile(info.data, Utils.GetAssemblySimpleName(info.fullname), info.extension);
}
AddTypeToBeRemoved(assemblyResolver.Type, "Assembly resolver type");
AddCctorInitCallToBeRemoved(assemblyResolver.InitMethod);
AddResourceToBeRemoved(assemblyResolver.EncryptedResource, "Embedded encrypted assemblies");
}
void InitializeStringDecrypter()
{
if (hasInitializedStringDecrypter)
{
return;
}
stringDecrypter.Initialize(DeobfuscatedFile);
foreach (var info in stringDecrypter.Infos)
{
staticStringInliner.Add(info.Method, (method, gim, args) => stringDecrypter.Decrypt(method, (int)args[0], (int)args[1], (int)args[2]));
}
DeobfuscatedFile.StringDecryptersAdded();
hasInitializedStringDecrypter = true;
}
void dumpEmbeddedAssemblies()
{
if (assemblyDecrypter.MainAssemblyHasAssemblyResolver && !options.DumpEmbeddedAssemblies)
{
return;
}
foreach (var info in assemblyDecrypter.getAssemblyInfos(DeobfuscatedFile, this))
{
DeobfuscatedFile.createAssemblyFile(info.data, info.asmSimpleName, info.extension);
addResourceToBeRemoved(info.resource, string.Format("Embedded assembly: {0}", info.asmFullName));
}
addCctorInitCallToBeRemoved(assemblyDecrypter.InitMethod);
addCallToBeRemoved(module.EntryPoint, assemblyDecrypter.InitMethod);
addTypeToBeRemoved(assemblyDecrypter.Type, "Assembly resolver type");
}
void DumpEmbeddedAssemblies()
{
if (assemblyDecrypter == null)
{
return;
}
foreach (var info in assemblyDecrypter.AssemblyInfos)
{
var asmName = info.assemblySimpleName;
if (info.isEntryPointAssembly)
{
asmName += "_real";
}
DeobfuscatedFile.CreateAssemblyFile(info.data, asmName, info.extension);
}
}
public override void deobfuscateBegin()
{
base.deobfuscateBegin();
addTypeToBeRemoved(killType, "KILL type");
mainType.initialize();
foreach (var initMethod in mainType.OtherInitMethods)
{
addCctorInitCallToBeRemoved(initMethod);
addCtorInitCallToBeRemoved(initMethod);
}
if (Operations.DecryptStrings != OpDecryptString.None)
{
stringDecrypter.initialize();
staticStringInliner.add(stringDecrypter.DecryptMethod, (method, gim, args) => {
return(stringDecrypter.decrypt((int)args[0]));
});
DeobfuscatedFile.stringDecryptersAdded();
addModuleCctorInitCallToBeRemoved(stringDecrypter.InitMethod);
addCallToBeRemoved(mainType.getInitStringDecrypterMethod(stringDecrypter.InitMethod), stringDecrypter.InitMethod);
}
assemblyResolver = new AssemblyResolver(module);
assemblyResolver.initialize();
dumpEmbeddedAssemblies();
removeTamperDetection();
proxyCallFixer.initialize();
proxyCallFixer.find();
resourceDecrypter = new ResourceDecrypter(module);
resourceDecrypter.initialize();
resourceDecrypter.decrypt();
if (resourceDecrypter.CanRemoveTypes)
{
addTypeToBeRemoved(resourceDecrypter.ResourceFlagsType, "Obfuscator ResourceFlags type");
addTypeToBeRemoved(resourceDecrypter.ResType, "Obfuscator Res type");
addTypeToBeRemoved(resourceDecrypter.ResourceEnumeratorType, "Obfuscator ResourceEnumerator type");
addTypeToBeRemoved(resourceDecrypter.EncryptedResourceReaderType, "Obfuscator EncryptedResourceReader type");
addTypeToBeRemoved(resourceDecrypter.EncryptedResourceSetType, "Obfuscator EncryptedResourceSet type");
addTypeToBeRemoved(resourceDecrypter.EncryptedResourceStreamType, "Obfuscator EncryptedResourceStream type");
}
}
void initStringDecrypter(StringDecrypterInfo info)
{
Log.v("Adding string decrypter. Resource: {0}", Utils.toCsharpString(info.StringsResource.Name));
var decrypter = new StringDecrypter(info);
if (decrypter.CanDecrypt)
{
staticStringInliner.add(DotNetUtils.getMethod(info.GetStringDelegate, "Invoke"), (method, args) => {
var fieldDefinition = DotNetUtils.getField(module, (FieldReference)args[0]);
return(decrypter.decrypt(fieldDefinition.MetadataToken.ToInt32(), (int)args[1]));
});
staticStringInliner.add(info.StringDecrypterMethod, (method, args) => {
return(decrypter.decrypt(0, (int)args[0]));
});
}
stringDecrypters.Add(decrypter);
DeobfuscatedFile.stringDecryptersAdded();
}
void Initialize(ConstantsDecrypterBase constDecrypter, ref bool hasInitialized)
{
if (hasInitialized || constDecrypter == null || !constDecrypter.Detected)
{
return;
}
hasInitializedConstantsDecrypter15 = true;
DecryptResources();
constDecrypter.Initialize();
int32ValueInliner = new Int32ValueInliner();
int64ValueInliner = new Int64ValueInliner();
singleValueInliner = new SingleValueInliner();
doubleValueInliner = new DoubleValueInliner();
foreach (var info in constDecrypter.DecrypterInfos)
{
staticStringInliner.Add(info.decryptMethod, (method, gim, args) => constDecrypter.DecryptString(staticStringInliner.Method, method, args));
int32ValueInliner.Add(info.decryptMethod, (method, gim, args) => constDecrypter.DecryptInt32(int32ValueInliner.Method, method, args));
int64ValueInliner.Add(info.decryptMethod, (method, gim, args) => constDecrypter.DecryptInt64(int64ValueInliner.Method, method, args));
singleValueInliner.Add(info.decryptMethod, (method, gim, args) => constDecrypter.DecryptSingle(singleValueInliner.Method, method, args));
doubleValueInliner.Add(info.decryptMethod, (method, gim, args) => constDecrypter.DecryptDouble(doubleValueInliner.Method, method, args));
}
int32ValueInliner.RemoveUnbox = true;
int64ValueInliner.RemoveUnbox = true;
singleValueInliner.RemoveUnbox = true;
doubleValueInliner.RemoveUnbox = true;
DeobfuscatedFile.StringDecryptersAdded();
AddFieldsToBeRemoved(constDecrypter.Fields, "Constants decrypter field");
var moduleType = DotNetUtils.GetModuleType(Module);
foreach (var info in constDecrypter.DecrypterInfos)
{
if (info.decryptMethod.DeclaringType == moduleType)
{
AddMethodToBeRemoved(info.decryptMethod, "Constants decrypter method");
}
else
{
AddTypeToBeRemoved(info.decryptMethod.DeclaringType, "Constants decrypter type");
}
}
AddMethodToBeRemoved(constDecrypter.NativeMethod, "Constants decrypter native method");
AddResourceToBeRemoved(constDecrypter.Resource, "Encrypted constants");
}
