public int emulateCase(out int localValueasInt) { ins.Emulate(switchBlock.Instructions, 0, switchBlock.Instructions.Count - 1); var localValue = ins.GetLocal(localSwitch) as Int32Value; localValueasInt = localValue.Value; return(((Int32Value)ins.Pop()).Value); }
public int emulate(int val, out int locValue) { locValue = 0; //we take the value of the arg as a parameter to pass along to the switch block var ins = new InstructionEmulator(blocks.Method); ins.Initialize(blocks.Method); if (native) { var test = x86emulate(switchBlock.FirstInstr.Operand as MethodDef, new[] { val }); ins.Push(new Int32Value(test)); //emulates the block however we dont emulate all the block ins.Emulate(switchBlock.Instructions, 1, switchBlock.Instructions.Count - 1); //we now get the local value this will contain the num value used to work out the next arg in the next case if (!isolder) { locValue = (ins.GetLocal(localSwitch) as Int32Value).Value; } } else { ins.Push(new Int32Value(val)); //emulates the block however we dont emulate all the block ins.Emulate(switchBlock.Instructions, 0, switchBlock.Instructions.Count - 1); //we now get the local value this will contain the num value used to work out the next arg in the next case if (!isolder) { locValue = (ins.GetLocal(localSwitch) as Int32Value).Value; } } //we use de4dots instructionEmulator to emulate the block //we push the arg value to the stack //we peek at the stack value and this is the next case so we return this to continue var caseValue = ins.Peek() as Int32Value; return(caseValue.Value); }
private int?GetSwitchKey() { var val = _instructionEmulator.GetLocal(_switchKey); if (!val.IsInt32()) { return(null); } var value = val as Int32Value; if (value == null || !value.AllBitsValid()) { return(null); } return(value.Value); }
private int caseEmulate(out int localVal) { if (swlocal == null) { ins.Emulate(swBlock.Instructions, 0, swBlock.Instructions.Count - 1); var caseVal = ins.Pop() as Int32Value; localVal = 0; return(caseVal.Value); } else { ins.Emulate(swBlock.Instructions, 0, swBlock.Instructions.Count - 1); var caseVal = ins.Pop() as Int32Value; var localVal32 = ins.GetLocal(swlocal) as Int32Value; localVal = localVal32.Value; // Console.WriteLine(caseVal.Value); return(caseVal.Value); } }
public void DecryptMethods() { for (int i = 0; i < delegateInfos.Count; i++) { var info = delegateInfos[i]; var emuator = new InstructionEmulator(); EmulateMethod(info, emuator); var local = info.InitMethod.Body.Variables.FirstOrDefault(t => t.Type.FullName == "System.Reflection.MethodBase"); if (local == null) { continue; } var value = emuator.GetLocal(local); if (!(value is ObjectValue objValue) || !(objValue.obj is IMethod method)) { continue; } info.Resolved = true; info.Decrypted = method; info.OpCode = ResolveOpCode(info.InitMethod, info.Field, info.Key); Decrypted++; } }
bool EmulateDynocode(InstructionEmulator emu, ref int index) { var instrs = stringMethod.Body.Instructions; var instr = instrs[index]; var ctor = instr.Operand as MethodDef; if (ctor == null || ctor.MethodSig.GetParamCount() != 1 || ctor.MethodSig.Params[0].ElementType != ElementType.I4) { return(false); } if (index + 4 >= instrs.Count) { return(false); } var ldloc = instrs[index + 3]; var stfld = instrs[index + 4]; if (!ldloc.IsLdloc() || stfld.OpCode.Code != Code.Stfld) { return(false); } var enumerableField = stfld.Operand as FieldDef; if (enumerableField == null) { return(false); } var initValue = emu.GetLocal(ldloc.GetLocal(stringMethod.Body.Variables)) as Int32Value; if (initValue == null || !initValue.AllBitsValid()) { return(false); } int leaveIndex = FindLeave(instrs, index); if (leaveIndex < 0) { return(false); } var afterLoop = instrs[leaveIndex].Operand as Instruction; if (afterLoop == null) { return(false); } int newIndex = instrs.IndexOf(afterLoop); var loopLocal = GetDCLoopLocal(index, newIndex); if (loopLocal == null) { return(false); } var initValue2 = emu.GetLocal(loopLocal) as Int32Value; if (initValue2 == null || !initValue2.AllBitsValid()) { return(false); } int loopStart = GetIndexOfCall(instrs, index, leaveIndex, "System.Int32", "()"); int loopEnd = GetIndexOfCall(instrs, loopStart, leaveIndex, "System.Boolean", "()"); if (loopStart < 0 || loopEnd < 0) { return(false); } loopStart++; loopEnd--; dynocode.Initialize(module); var ctorArg = emu.Pop() as Int32Value; if (ctorArg == null || !ctorArg.AllBitsValid()) { return(false); } dynocode.CreateEnumerable(ctor, new object[] { ctorArg.Value }); dynocode.WriteEnumerableField(enumerableField.MDToken.ToUInt32(), initValue.Value); dynocode.CreateEnumerator(); foreach (var val in dynocode) { emu.Push(new Int32Value(val)); for (int i = loopStart; i < loopEnd; i++) { emu.Emulate(instrs[i]); } } index = newIndex - 1; return(true); }