private static string DecryptSting(MethodSpec decryptionMethod, uint uintVal, object arrayVal)
{
Base.methodsToRemove.Add(decryptionMethod);
MethodDef resolvedDef = decryptionMethod.ResolveMethodDef();
CawkEmulatorV4.Emulation emulationD = new CawkEmulatorV4.Emulation(resolvedDef);
emulationD.ValueStack.Fields[ModuleDefMD.ResolveToken(Strings.Initalise.DecryptInitialByteArray.fields.MDToken.ToInt32()) as FieldDef] = Strings.Initalise.DecryptInitialByteArray.byte_0;
File.WriteAllBytes("Method.bin", methodBytes);
if (FieldValueGrabber.value != null)
{
emulationD.ValueStack.Fields[
ModuleDefMD.ResolveToken(FieldValueGrabber.value.Item1.MDToken.ToInt32()) as
FieldDef] = (int)
FieldValueGrabber.value.Item2;
}
emulationD.ValueStack.Parameters[resolvedDef.Parameters[0]] = uintVal;
emulationD.ValueStack.Parameters[resolvedDef.Parameters[1]] = arrayVal;
emulationD.OnCallPrepared = (sender, e) => { HandleCall(sender, e); };
emulationD.OnInstructionPrepared += (emulation, args) =>
{
if (args.Instruction.OpCode == OpCodes.Isinst)
{
dynamic value = emulation.ValueStack.CallStack.Pop();
TypeRef instrType = args.Instruction.Operand as TypeRef;
dynamic name = value.GetType().Name;
if (instrType.FullName.Contains(name))
{
emulation.ValueStack.CallStack.Push(1);
}
else
{
emulation.ValueStack.CallStack.Push(null);
}
args.Cancel = true;
}
else if (args.Instruction.OpCode == OpCodes.Castclass)
{
dynamic abc = emulation.ValueStack.CallStack.Pop();
if (abc is int[])
{
emulation.ValueStack.CallStack.Push((int[])abc);
args.Cancel = true;
}
if (args.Instruction.Operand.ToString().Contains("Assembly"))
{
emulation.ValueStack.CallStack.Push(null);
args.Cancel = true;
}
}
};
emulationD.Emulate();
return((string)emulationD.ValueStack.CallStack.Pop());
}
private static void Clean()
{
foreach (MethodDef method in methods)
{
methodName = method.Name;
methodBytes = Strings.Initalise.GetOriginalBytes.bytesDict[method.MDToken.ToUInt32()];
for (int i = 0; i < method.Body.Instructions.Count; i++)
{
dnlib.DotNet.Emit.Instruction instruction = method.Body.Instructions[i];
if (instruction.OpCode != OpCodes.Call)
{
continue;
}
if (!(instruction.Operand is MethodSpec))
{
continue;
}
if (!instruction.Operand.ToString().Contains("System.String>"))
{
continue;
}
if (instruction.Operand.ToString().Contains("(System.UInt32,System.Object)"))
{
List <dnlib.DotNet.Emit.Instruction> instructions = GetInstructions(method.Body.Instructions, i);
CawkEmulatorV4.Emulation emu = new CawkEmulatorV4.Emulation(method);
uint[] setUp = new uint[2];
emu.OnInstructionPrepared += (emulation, args) =>
{
if (args.Instruction.IsLdloc())
{
emulation.ValueStack.CallStack.Push(setUp);
args.Cancel = true;
}
if (args.Instruction.OpCode == OpCodes.Box)
{
args.Cancel = true;
}
};
if (instructions[0].OpCode == OpCodes.Dup)
{
emu.ValueStack.CallStack.Push(setUp);
emu.Emulate2(instructions, 0, instructions.Count - 1);
}
else
{
emu.Emulate2(instructions, 0, instructions.Count - 1);
}
dynamic array = emu.ValueStack.CallStack.Pop();
dynamic uintVal = emu.ValueStack.CallStack.Pop();
string decryptedString = DecryptSting(instruction.Operand as MethodSpec, (uint)uintVal, (object)array);
for (int y = 0; y < instructions.Count; y++)
{
method.Body.Instructions[i - y].OpCode = OpCodes.Nop;
}
method.Body.Instructions[i].OpCode = OpCodes.Ldstr;
method.Body.Instructions[i].Operand = decryptedString;
}
else
{
// throw new NotSupportedException();
}
}
}
}
