private NashaOpCode ReadOpCode(BinaryReader reader) { var opc = new NashaOpCode(); reader.BaseStream.Position += 4; opc.Code = (NashaCode)reader.ReadInt32(); reader.BaseStream.Position += 4; opc.RandomValue = reader.ReadInt32(); reader.BaseStream.Position += 8; return(opc); }
private object DisassembleOperand(NashaOpCode opCode) { switch (opCode.Code) { case NashaCode.Ret: case NashaCode.Nop: case NashaCode.Dup: break; case NashaCode.Ldstr: return(Encoding.UTF8.GetString(InstructionReader.ReadBytes(InstructionReader.ReadInt32()))); case NashaCode.Call: case NashaCode.Newobj: case NashaCode.Castclass: case NashaCode.Ldftn: case NashaCode.Newarr: InstructionReader.ReadInt16(); return(Disassembler.Context.Module.LookupMember(InstructionReader.ReadInt32())); case NashaCode.BrTrue: case NashaCode.BrFalse: case NashaCode.Stloc: case NashaCode.Ldloc: case NashaCode.LdcI4: case NashaCode.Br: return(InstructionReader.ReadInt32()); case NashaCode.Ldarg: return(InstructionReader.ReadInt16()); case NashaCode.Ldfld: case NashaCode.Stfld: InstructionReader.ReadBoolean(); InstructionReader.ReadInt16(); return(Disassembler.Context.Module.LookupMember(InstructionReader.ReadInt32())); } return(null); }
private List <NashaOpCode> ReadOpCodes(DeoxysContext context, byte[] opcodeValues) { var opCodes = new List <NashaOpCode>(); var reader = new BinaryReader(new MemoryStream(opcodeValues)); reader.BaseStream.Position += 4; var first = reader.ReadInt32(); //OpCode scrambling seems to have it's flaws. while (reader.BaseStream.Position != reader.BaseStream.Length) { var opc = ReadOpCode(reader); if (opc.Code > (NashaCode)byte.MaxValue) { break; } opCodes.Add(opc); } var newCodes = new List <NashaOpCode>(); int currentId = first; for (int i = 0; i < opCodes.Count; i++) { if (currentId > byte.MaxValue) { break; } var opc = opCodes.First(q => q.Code == (NashaCode)currentId); var newOpCode = new NashaOpCode((NashaCode)i, opc.RandomValue); newCodes.Add(newOpCode); context.Logger.Info($"Found OpCode {newOpCode.Code} with Random Value {newOpCode.RandomValue}"); currentId = opc.NextId; } return(newCodes); }