private static void RemoveJsrInstructions(ConstantPool pool, BasicBlock block, DataPoint
data)
{
ListStack <VarType> stack = data.GetStack();
InstructionSequence seq = block.GetSeq();
for (int i = 0; i < seq.Length(); i++)
{
Instruction instr = seq.GetInstr(i);
VarType var = null;
if (instr.opcode == ICodeConstants.opc_astore || instr.opcode == ICodeConstants.opc_pop)
{
var = stack.GetByOffset(-1);
}
InstructionImpact.StepTypes(data, instr, pool);
switch (instr.opcode)
{
case ICodeConstants.opc_jsr:
case ICodeConstants.opc_ret:
{
seq.RemoveInstruction(i);
i--;
break;
}
case ICodeConstants.opc_astore:
case ICodeConstants.opc_pop:
{
if (var.type == ICodeConstants.Type_Address)
{
seq.RemoveInstruction(i);
i--;
}
break;
}
}
}
block.mark = 1;
for (int i = 0; i < block.GetSuccs().Count; i++)
{
BasicBlock suc = block.GetSuccs()[i];
if (suc.mark != 1)
{
RemoveJsrInstructions(pool, suc, data.Copy());
}
}
for (int i = 0; i < block.GetSuccExceptions().Count; i++)
{
BasicBlock suc = block.GetSuccExceptions()[i];
if (suc.mark != 1)
{
DataPoint point = new DataPoint();
point.SetLocalVariables(new List <VarType>(data.GetLocalVariables()));
point.GetStack().Push(new VarType(ICodeConstants.Type_Object, 0, null));
RemoveJsrInstructions(pool, suc, point);
}
}
}
private static void RemoveExceptionInstructionsEx(BasicBlock block, int blocktype
, int finallytype)
{
InstructionSequence seq = block.GetSeq();
if (finallytype == 3)
{
// empty finally handler
for (int i = seq.Length() - 1; i >= 0; i--)
{
seq.RemoveInstruction(i);
}
}
else
{
if ((blocktype & 1) > 0)
{
// first
if (finallytype == 2 || finallytype == 1)
{
// astore or pop
seq.RemoveInstruction(0);
}
}
if ((blocktype & 2) > 0)
{
// last
if (finallytype == 2 || finallytype == 0)
{
seq.RemoveLast();
}
if (finallytype == 2)
{
// astore
seq.RemoveLast();
}
}
}
}
public static void RestorePopRanges(ControlFlowGraph graph)
{
List <ExceptionDeobfuscator.Range> lstRanges = new List <ExceptionDeobfuscator.Range
>();
// aggregate ranges
foreach (ExceptionRangeCFG range in graph.GetExceptions())
{
bool found = false;
foreach (ExceptionDeobfuscator.Range arr in lstRanges)
{
if (arr.handler == range.GetHandler() && InterpreterUtil.EqualObjects(range.GetUniqueExceptionsString
(), arr.uniqueStr))
{
Sharpen.Collections.AddAll(arr.protectedRange, range.GetProtectedRange());
found = true;
break;
}
}
if (!found)
{
// doesn't matter, which range chosen
lstRanges.Add(new ExceptionDeobfuscator.Range(range.GetHandler(), range.GetUniqueExceptionsString
(), new HashSet <BasicBlock>(range.GetProtectedRange()), range));
}
}
// process aggregated ranges
foreach (ExceptionDeobfuscator.Range range in lstRanges)
{
if (range.uniqueStr != null)
{
BasicBlock handler = range.handler;
InstructionSequence seq = handler.GetSeq();
Instruction firstinstr;
if (seq.Length() > 0)
{
firstinstr = seq.GetInstr(0);
if (firstinstr.opcode == ICodeConstants.opc_pop || firstinstr.opcode == ICodeConstants
.opc_astore)
{
HashSet <BasicBlock> setrange = new HashSet <BasicBlock>(range.protectedRange);
foreach (ExceptionDeobfuscator.Range range_super in lstRanges)
{
// finally or strict superset
if (range != range_super)
{
HashSet <BasicBlock> setrange_super = new HashSet <BasicBlock>(range_super.protectedRange
);
if (!setrange.Contains(range_super.handler) && !setrange_super.Contains(handler) &&
(range_super.uniqueStr == null || setrange.All(setrange_super.Contains)))
{
if (range_super.uniqueStr == null)
{
setrange_super.IntersectWith(setrange);
}
else
{
setrange_super.ExceptWith(setrange);
}
if (!(setrange_super.Count == 0))
{
BasicBlock newblock = handler;
// split the handler
if (seq.Length() > 1)
{
newblock = new BasicBlock(++graph.last_id);
InstructionSequence newseq = new SimpleInstructionSequence();
newseq.AddInstruction(firstinstr.Clone(), -1);
newblock.SetSeq(newseq);
graph.GetBlocks().AddWithKey(newblock, newblock.id);
List <BasicBlock> lstTemp = new List <BasicBlock>();
Sharpen.Collections.AddAll(lstTemp, handler.GetPreds());
Sharpen.Collections.AddAll(lstTemp, handler.GetPredExceptions());
// replace predecessors
foreach (BasicBlock pred in lstTemp)
{
pred.ReplaceSuccessor(handler, newblock);
}
// replace handler
foreach (ExceptionRangeCFG range_ext in graph.GetExceptions())
{
if (range_ext.GetHandler() == handler)
{
range_ext.SetHandler(newblock);
}
else if (range_ext.GetProtectedRange().Contains(handler))
{
newblock.AddSuccessorException(range_ext.GetHandler());
range_ext.GetProtectedRange().Add(newblock);
}
}
newblock.AddSuccessor(handler);
if (graph.GetFirst() == handler)
{
graph.SetFirst(newblock);
}
// remove the first pop in the handler
seq.RemoveInstruction(0);
}
newblock.AddSuccessorException(range_super.handler);
range_super.rangeCFG.GetProtectedRange().Add(newblock);
handler = range.rangeCFG.GetHandler();
seq = handler.GetSeq();
}
}
}
}
}
}
}
}
}
public static void ExtendSynchronizedRangeToMonitorexit(ControlFlowGraph graph)
{
while (true)
{
bool range_extended = false;
foreach (ExceptionRangeCFG range in graph.GetExceptions())
{
HashSet <BasicBlock> setPreds = new HashSet <BasicBlock>();
foreach (BasicBlock block in range.GetProtectedRange())
{
Sharpen.Collections.AddAll(setPreds, block.GetPreds());
}
setPreds.ExceptWith(range.GetProtectedRange());
if (setPreds.Count != 1)
{
continue;
}
// multiple predecessors, obfuscated range
var setPredsEnumerator = new EnumeratorAdapter <BasicBlock>(setPreds.GetEnumerator());
BasicBlock predBlock = setPredsEnumerator.Next();
InstructionSequence predSeq = predBlock.GetSeq();
if (predSeq.IsEmpty() || predSeq.GetLastInstr().opcode != ICodeConstants.opc_monitorenter)
{
continue;
}
// not a synchronized range
bool monitorexit_in_range = false;
HashSet <BasicBlock> setProtectedBlocks = new HashSet <BasicBlock>();
Sharpen.Collections.AddAll(setProtectedBlocks, range.GetProtectedRange());
setProtectedBlocks.Add(range.GetHandler());
foreach (BasicBlock block in setProtectedBlocks)
{
InstructionSequence blockSeq = block.GetSeq();
for (int i = 0; i < blockSeq.Length(); i++)
{
if (blockSeq.GetInstr(i).opcode == ICodeConstants.opc_monitorexit)
{
monitorexit_in_range = true;
break;
}
}
if (monitorexit_in_range)
{
break;
}
}
if (monitorexit_in_range)
{
continue;
}
// protected range already contains monitorexit
HashSet <BasicBlock> setSuccs = new HashSet <BasicBlock>();
foreach (BasicBlock block in range.GetProtectedRange())
{
Sharpen.Collections.AddAll(setSuccs, block.GetSuccs());
}
setSuccs.ExceptWith(range.GetProtectedRange());
if (setSuccs.Count != 1)
{
continue;
}
// non-unique successor
BasicBlock succBlock = new Sharpen.EnumeratorAdapter <BasicBlock>(setSuccs.GetEnumerator()).Next();
InstructionSequence succSeq = succBlock.GetSeq();
int succ_monitorexit_index = -1;
for (int i = 0; i < succSeq.Length(); i++)
{
if (succSeq.GetInstr(i).opcode == ICodeConstants.opc_monitorexit)
{
succ_monitorexit_index = i;
break;
}
}
if (succ_monitorexit_index < 0)
{
continue;
}
// monitorexit not found in the single successor block
BasicBlock handlerBlock = range.GetHandler();
if (handlerBlock.GetSuccs().Count != 1)
{
continue;
}
// non-unique handler successor
BasicBlock succHandler = handlerBlock.GetSuccs()[0];
InstructionSequence succHandlerSeq = succHandler.GetSeq();
if (succHandlerSeq.IsEmpty() || succHandlerSeq.GetLastInstr().opcode != ICodeConstants
.opc_athrow)
{
continue;
}
// not a standard synchronized range
int handler_monitorexit_index = -1;
for (int i = 0; i < succHandlerSeq.Length(); i++)
{
if (succHandlerSeq.GetInstr(i).opcode == ICodeConstants.opc_monitorexit)
{
handler_monitorexit_index = i;
break;
}
}
if (handler_monitorexit_index < 0)
{
continue;
}
// monitorexit not found in the handler successor block
// checks successful, prerequisites satisfied, now extend the range
if (succ_monitorexit_index < succSeq.Length() - 1)
{
// split block
SimpleInstructionSequence seq = new SimpleInstructionSequence();
for (int counter = 0; counter < succ_monitorexit_index; counter++)
{
seq.AddInstruction(succSeq.GetInstr(0), -1);
succSeq.RemoveInstruction(0);
}
// build a separate block
BasicBlock newblock = new BasicBlock(++graph.last_id);
newblock.SetSeq(seq);
// insert new block
foreach (BasicBlock block in succBlock.GetPreds())
{
block.ReplaceSuccessor(succBlock, newblock);
}
newblock.AddSuccessor(succBlock);
graph.GetBlocks().AddWithKey(newblock, newblock.id);
succBlock = newblock;
}
// copy exception edges and extend protected ranges (successor block)
BasicBlock rangeExitBlock = succBlock.GetPreds()[0];
for (int j = 0; j < rangeExitBlock.GetSuccExceptions().Count; j++)
{
BasicBlock hd = rangeExitBlock.GetSuccExceptions()[j];
succBlock.AddSuccessorException(hd);
ExceptionRangeCFG rng = graph.GetExceptionRange(hd, rangeExitBlock);
rng.GetProtectedRange().Add(succBlock);
}
// copy instructions (handler successor block)
InstructionSequence handlerSeq = handlerBlock.GetSeq();
for (int counter = 0; counter < handler_monitorexit_index; counter++)
{
handlerSeq.AddInstruction(succHandlerSeq.GetInstr(0), -1);
succHandlerSeq.RemoveInstruction(0);
}
range_extended = true;
break;
}
if (!range_extended)
{
break;
}
}
}
private bool CompareBasicBlocksEx(ControlFlowGraph graph, BasicBlock pattern, BasicBlock
sample, int type, int finallytype, List <int[]> lstStoreVars)
{
InstructionSequence seqPattern = pattern.GetSeq();
InstructionSequence seqSample = sample.GetSeq();
if (type != 0)
{
seqPattern = seqPattern.Clone();
if ((type & 1) > 0)
{
// first
if (finallytype > 0)
{
seqPattern.RemoveInstruction(0);
}
}
if ((type & 2) > 0)
{
// last
if (finallytype == 0 || finallytype == 2)
{
seqPattern.RemoveLast();
}
if (finallytype == 2)
{
seqPattern.RemoveLast();
}
}
}
if (seqPattern.Length() > seqSample.Length())
{
return(false);
}
for (int i = 0; i < seqPattern.Length(); i++)
{
Instruction instrPattern = seqPattern.GetInstr(i);
Instruction instrSample = seqSample.GetInstr(i);
// compare instructions with respect to jumps
if (!EqualInstructions(instrPattern, instrSample, lstStoreVars))
{
return(false);
}
}
if (seqPattern.Length() < seqSample.Length())
{
// split in two blocks
SimpleInstructionSequence seq = new SimpleInstructionSequence();
LinkedList <int> oldOffsets = new LinkedList <int>();
for (int i = seqSample.Length() - 1; i >= seqPattern.Length(); i--)
{
seq.AddInstruction(0, seqSample.GetInstr(i), -1);
oldOffsets.AddFirst(sample.GetOldOffset(i));
seqSample.RemoveInstruction(i);
}
BasicBlock newblock = new BasicBlock(++graph.last_id);
newblock.SetSeq(seq);
Sharpen.Collections.AddAll(newblock.GetInstrOldOffsets(), oldOffsets);
List <BasicBlock> lstTemp = new List <BasicBlock>(sample.GetSuccs());
// move successors
foreach (BasicBlock suc in lstTemp)
{
sample.RemoveSuccessor(suc);
newblock.AddSuccessor(suc);
}
sample.AddSuccessor(newblock);
graph.GetBlocks().AddWithKey(newblock, newblock.id);
HashSet <BasicBlock> setFinallyExits = graph.GetFinallyExits();
if (setFinallyExits.Contains(sample))
{
setFinallyExits.Remove(sample);
setFinallyExits.Add(newblock);
}
// copy exception edges and extend protected ranges
for (int j = 0; j < sample.GetSuccExceptions().Count; j++)
{
BasicBlock hd = sample.GetSuccExceptions()[j];
newblock.AddSuccessorException(hd);
ExceptionRangeCFG range = graph.GetExceptionRange(hd, sample);
range.GetProtectedRange().Add(newblock);
}
}
return(true);
}