ConfuserUtils.FindCallMethod, de4dot.code.deobfuscators.Confuser C# (CSharp)のコード例

コード例 #1

0

ファイルを表示

        Local GetDynamicLocal(out int instrIndex)
        {
            var instrs = installMethod.Body.Instructions;

            for (int i = 0; i < instrs.Count; i++)
            {
                i = ConfuserUtils.FindCallMethod(instrs, i, Code.Callvirt, "System.Void System.IO.BinaryWriter::Write(System.Byte)");
                if (i < 0)
                {
                    break;
                }
                int index = i - 2;
                if (index < 0)
                {
                    continue;
                }
                var ldloc = instrs[index];
                if (!ldloc.IsLdloc())
                {
                    continue;
                }
                if (instrs[index + 1].OpCode.Code != Code.Conv_U1)
                {
                    continue;
                }

                instrIndex = index;
                return(ldloc.GetLocal(installMethod.Body.Variables));
            }
            instrIndex = 0;
            return(null);
        }

コード例 #2

0

ファイルを表示

ファイル: JitMethodsDecrypter.cs プロジェクト: yurenfangzhou/Reflexil

        static bool FindKey4(MethodDef method, out uint key)
        {
            var instrs = method.Body.Instructions;

            for (int index = 0; index < instrs.Count; index++)
            {
                index = ConfuserUtils.FindCallMethod(instrs, index, Code.Call, "System.Void System.Runtime.InteropServices.Marshal::Copy(System.Byte[],System.Int32,System.IntPtr,System.Int32)");
                if (index < 0)
                {
                    break;
                }
                if (index + 2 >= instrs.Count)
                {
                    continue;
                }
                if (!instrs[index + 1].IsLdloc())
                {
                    continue;
                }
                var ldci4 = instrs[index + 2];
                if (!ldci4.IsLdcI4())
                {
                    continue;
                }

                key = (uint)ldci4.GetLdcI4Value();
                return(true);
            }

            key = 0;
            return(false);
        }

コード例 #3

0

ファイルを表示

        static bool FindKey0(MethodDef method, out uint key)
        {
            var instrs = method.Body.Instructions;

            for (int i = 0; i < instrs.Count; i++)
            {
                int index = ConfuserUtils.FindCallMethod(instrs, i, Code.Call, "System.Text.Encoding System.Text.Encoding::get_UTF8()");
                if (index < 0)
                {
                    break;
                }
                int index2 = ConfuserUtils.FindCallMethod(instrs, i, Code.Call, "System.Byte[] System.BitConverter::GetBytes(System.Int32)");
                if (index2 - index != 2)
                {
                    continue;
                }
                var ldci4 = instrs[index + 1];
                if (!ldci4.IsLdcI4())
                {
                    continue;
                }

                key = (uint)ldci4.GetLdcI4Value();
                return(true);
            }

            key = 0;
            return(false);
        }

コード例 #4

0

ファイルを表示

ファイル: ConstantsDecrypterV17.cs プロジェクト: Michael1541/de4dot

            static bool FindKey4_other(MethodDef method, out uint key)
            {
                var instrs = method.Body.Instructions;

                for (int i = 0; i < instrs.Count; i++)
                {
                    int index = ConfuserUtils.FindCallMethod(instrs, i, Code.Callvirt, "System.Int32 System.IO.BinaryReader::ReadInt32()");
                    if (index < 0)
                    {
                        break;
                    }
                    if (index + 1 >= instrs.Count)
                    {
                        break;
                    }
                    var ldci4 = instrs[index + 1];
                    if (!ldci4.IsLdcI4())
                    {
                        continue;
                    }

                    key = (uint)ldci4.GetLdcI4Value();
                    return(true);
                }
                key = 0;
                return(false);
            }

コード例 #5

0

ファイルを表示

            static bool FindKey1(MethodDef method, out uint key)
            {
                var instrs = method.Body.Instructions;

                for (int i = 0; i < instrs.Count; i++)
                {
                    int index = ConfuserUtils.FindCallMethod(instrs, i, Code.Callvirt, "System.Int32 System.Reflection.MemberInfo::get_MetadataToken()");
                    if (index < 0)
                    {
                        break;
                    }
                    if (index + 2 > instrs.Count)
                    {
                        break;
                    }
                    if (!instrs[index + 1].IsStloc())
                    {
                        continue;
                    }
                    var ldci4 = instrs[index + 2];
                    if (!ldci4.IsLdcI4())
                    {
                        continue;
                    }

                    key = (uint)ldci4.GetLdcI4Value();
                    return(true);
                }
                key = 0;
                return(false);
            }

コード例 #6

0

ファイルを表示

        static bool FindSafeKey1(MethodDef method, out uint key)
        {
            var instrs = method.Body.Instructions;

            for (int i = 0; i < instrs.Count; i++)
            {
                int index = ConfuserUtils.FindCallMethod(instrs, i, Code.Newobj, "System.Void System.Random::.ctor(System.Int32)");
                if (index < 0)
                {
                    break;
                }
                if (index == 0)
                {
                    continue;
                }

                var ldci4 = instrs[index - 1];
                if (!ldci4.IsLdcI4())
                {
                    continue;
                }

                key = (uint)ldci4.GetLdcI4Value();
                return(true);
            }
            key = 0;
            return(false);
        }

コード例 #7

0

ファイルを表示

            public override string Decrypt(MethodDef caller, int magic)
            {
                var reader = stringDecrypter.reader;

                reader.Position = (caller.MDToken.ToInt32() ^ magic) - stringDecrypter.magic1;
                int len  = reader.ReadInt32() ^ (int)~stringDecrypter.magic2;
                var rand = new Random(caller.MDToken.ToInt32());

                var instrs = stringDecrypter.decryptMethod.Body.Instructions;

                constReader = new PolyConstantsReader(instrs, false);
                int polyIndex = ConfuserUtils.FindCallMethod(instrs, 0, Code.Callvirt, "System.Int64 System.IO.BinaryReader::ReadInt64()");

                if (polyIndex < 0)
                {
                    throw new ApplicationException("Could not find start of decrypt code");
                }

                var decrypted = new byte[len];

                for (int i = 0; i < len; i += 8)
                {
                    constReader.Arg = reader.ReadInt64();
                    int  index = polyIndex;
                    long val;
                    if (!constReader.GetInt64(ref index, out val) || instrs[index].OpCode.Code != Code.Conv_I8)
                    {
                        throw new ApplicationException("Could not get string int64 value");
                    }
                    Array.Copy(BitConverter.GetBytes(val ^ rand.Next()), 0, decrypted, i, Math.Min(8, len - i));
                }

                return(Encoding.Unicode.GetString(decrypted));
            }

コード例 #8

0

ファイルを表示

ファイル: ConstantsDecrypterV17.cs プロジェクト: Michael1541/de4dot

            static bool FindKey5_v17_r74788(MethodDef method, out uint key)
            {
                var instrs = method.Body.Instructions;

                for (int i = 0; i < instrs.Count; i++)
                {
                    i = ConfuserUtils.FindCallMethod(instrs, i, Code.Callvirt, "System.Reflection.Module System.Reflection.Assembly::GetModule(System.String)");
                    if (i < 0)
                    {
                        break;
                    }
                    if (i + 1 >= instrs.Count)
                    {
                        break;
                    }
                    var ldci4 = instrs[i + 1];
                    if (!ldci4.IsLdcI4())
                    {
                        continue;
                    }

                    key = (uint)ldci4.GetLdcI4Value();
                    return(true);
                }
                key = 0;
                return(false);
            }

コード例 #9

0

ファイルを表示

        static bool FindKey0d_v18_r75367(DecrypterInfo info)
        {
            var instrs = info.method.Body.Instructions;

            for (int i = 0; i < instrs.Count; i++)
            {
                int index = ConfuserUtils.FindCallMethod(instrs, i, Code.Callvirt, "System.Int32 System.Reflection.MemberInfo::get_MetadataToken()");
                if (index < 0)
                {
                    break;
                }
                int index2 = ConfuserUtils.FindCallMethod(instrs, index, Code.Call, "System.Byte[] System.BitConverter::GetBytes(System.Int32)");
                if (index2 < 0)
                {
                    break;
                }
                if (index2 - index != 3)
                {
                    continue;
                }
                var ldci4 = instrs[index + 1];
                if (!ldci4.IsLdcI4())
                {
                    continue;
                }
                if (instrs[index + 2].OpCode.Code != Code.Xor)
                {
                    continue;
                }

                info.key0d = (uint)ldci4.GetLdcI4Value();
                return(true);
            }
            return(false);
        }

コード例 #10

0

ファイルを表示

        static bool FindKey5(MethodDef method, out uint key)
        {
            var instrs = method.Body.Instructions;

            for (int i = 0; i < instrs.Count; i++)
            {
                i = FindCallvirtReadUInt32(instrs, i);
                if (i < 0)
                {
                    break;
                }
                int index2 = ConfuserUtils.FindCallMethod(instrs, i, Code.Callvirt, "System.Int32 System.IO.BinaryReader::ReadInt32()");
                if (index2 < 0)
                {
                    break;
                }
                if (index2 - i != 6)
                {
                    continue;
                }

                var ldci4 = instrs[i + 1];
                if (!ldci4.IsLdcI4())
                {
                    continue;
                }
                if (instrs[i + 2].OpCode.Code != Code.Xor)
                {
                    continue;
                }
                var stloc = instrs[i + 3];
                if (!stloc.IsStloc())
                {
                    continue;
                }
                var ldloc = instrs[i + 4];
                if (!ldloc.IsLdloc())
                {
                    continue;
                }
                if (ldloc.GetLocal(method.Body.Variables) == stloc.GetLocal(method.Body.Variables))
                {
                    continue;
                }
                if (!instrs[i + 5].IsLdloc())
                {
                    continue;
                }

                key = (uint)ldci4.GetLdcI4Value();
                return(true);
            }

            key = 0;
            return(false);
        }

コード例 #11

0

ファイルを表示

		static int GetFieldNameIndex(MethodDef method) {
			var instrs = method.Body.Instructions;
			for (int i = 0; i < instrs.Count; i++) {
				i = ConfuserUtils.FindCallMethod(instrs, i, Code.Callvirt, "System.Byte[] System.Text.Encoding::GetBytes(System.Char[],System.Int32,System.Int32)");
				if (i < 0)
					break;
				if (i < 2)
					continue;
				var ldci4 = instrs[i - 2];
				if (!ldci4.IsLdcI4())
					continue;

				return ldci4.GetLdcI4Value();
			}
			return -1;
		}

コード例 #12

0

ファイルを表示

        protected static bool FindKey0_v14_r58564(MethodDef method, out uint key)
        {
            var instrs = method.Body.Instructions;

            for (int i = 0; i + 5 < instrs.Count; i++)
            {
                i = ConfuserUtils.FindCallMethod(instrs, i, Code.Callvirt, "System.Int32 System.IO.BinaryReader::ReadInt32()");
                if (i < 0)
                {
                    break;
                }

                int index   = i + 1;
                var ldci4_1 = instrs[index++];
                if (!ldci4_1.IsLdcI4())
                {
                    continue;
                }
                if (instrs[index++].OpCode.Code != Code.Xor)
                {
                    continue;
                }
                if (!instrs[index++].IsStloc())
                {
                    continue;
                }
                if (!instrs[index++].IsLdloc())
                {
                    continue;
                }
                var ldci4_2 = instrs[index++];
                if (!ldci4_2.IsLdcI4())
                {
                    continue;
                }
                if (ldci4_2.GetLdcI4Value() != 0 && ldci4_1.GetLdcI4Value() != ldci4_2.GetLdcI4Value())
                {
                    continue;
                }

                key = (uint)ldci4_1.GetLdcI4Value();
                return(true);
            }

            key = 0;
            return(false);
        }

コード例 #13

0

ファイルを表示

        static bool FindKey0d(MethodDef method, out uint key)
        {
            var instrs = method.Body.Instructions;

            for (int i = 0; i < instrs.Count; i++)
            {
                int index = ConfuserUtils.FindCallMethod(instrs, i, Code.Callvirt, "System.Reflection.Module System.Reflection.MemberInfo::get_Module()");
                if (index < 0)
                {
                    break;
                }
                int index2 = ConfuserUtils.FindCallMethod(instrs, i, Code.Callvirt, "System.Int32 System.Reflection.MemberInfo::get_MetadataToken()");
                int ldci4Index;
                switch (index2 - index)
                {
                case 3:
                    // rev <= r79440
                    ldci4Index = index + 1;
                    break;

                case -4:
                    // rev >= r79630
                    ldci4Index = index2 - 2;
                    break;

                default:
                    continue;
                }

                var ldci4 = instrs[ldci4Index];
                if (!ldci4.IsLdcI4())
                {
                    continue;
                }
                if (!instrs[ldci4Index + 1].IsLdloc())
                {
                    continue;
                }

                key = (uint)ldci4.GetLdcI4Value();
                return(true);
            }

            key = 0;
            return(false);
        }

コード例 #14

0

ファイルを表示

ファイル: ConstantsDecrypterV18.cs プロジェクト: haise0/de5dot

		public void Find() {
			var cctor = DotNetUtils.GetModuleTypeCctor(module);
			if (cctor == null)
				return;
			simpleDeobfuscator.Deobfuscate(cctor, SimpleDeobfuscatorFlags.Force | SimpleDeobfuscatorFlags.DisableConstantsFolderExtraInstrs);

			if ((dictField = ConstantsDecrypterUtils.FindDictField(cctor, cctor.DeclaringType)) == null)
				return;

			if ((dataField = ConstantsDecrypterUtils.FindDataField_v18_r75367(cctor, cctor.DeclaringType)) == null &&
				(dataField = ConstantsDecrypterUtils.FindDataField_v19_r77172(cctor, cctor.DeclaringType)) == null)
				return;

			nativeMethod = FindNativeMethod(cctor, cctor.DeclaringType);

			var method = GetDecryptMethod();
			if (method == null)
				return;
			simpleDeobfuscator.Deobfuscate(method, SimpleDeobfuscatorFlags.DisableConstantsFolderExtraInstrs);
			var info = new DecrypterInfo(this, method, ConfuserVersion.Unknown);
			if (FindKeys_v18_r75367(info))
				InitVersion(cctor, ConfuserVersion.v18_r75367_normal, ConfuserVersion.v18_r75367_dynamic, ConfuserVersion.v18_r75367_native);
			else if (FindKeys_v18_r75369(info)) {
				lzmaType = ConfuserUtils.FindLzmaType(cctor);
				if (lzmaType == null)
					InitVersion(cctor, ConfuserVersion.v18_r75369_normal, ConfuserVersion.v18_r75369_dynamic, ConfuserVersion.v18_r75369_native);
				else if (!DotNetUtils.CallsMethod(method, "System.Void System.Threading.Monitor::Exit(System.Object)"))
					InitVersion(cctor, ConfuserVersion.v19_r77172_normal, ConfuserVersion.v19_r77172_dynamic, ConfuserVersion.v19_r77172_native);
				else if (DotNetUtils.CallsMethod(method, "System.Void System.Diagnostics.StackFrame::.ctor(System.Int32)"))
					InitVersion(cctor, ConfuserVersion.v19_r78363_normal, ConfuserVersion.v19_r78363_dynamic, ConfuserVersion.v19_r78363_native);
				else {
					int index1 = ConfuserUtils.FindCallMethod(cctor.Body.Instructions, 0, Code.Callvirt, "System.Reflection.Module System.Reflection.MemberInfo::get_Module()");
					int index2 = ConfuserUtils.FindCallMethod(cctor.Body.Instructions, 0, Code.Callvirt, "System.Int32 System.Reflection.MemberInfo::get_MetadataToken()");
					if (index1 < 0 || index2 < 0) {
					}
					if (index2 - index1 == 3)
						InitVersion(cctor, ConfuserVersion.v19_r78056_normal, ConfuserVersion.v19_r78056_dynamic, ConfuserVersion.v19_r78056_native);
					else if (index2 - index1 == -4)
						InitVersion(cctor, ConfuserVersion.v19_r79630_normal, ConfuserVersion.v19_r79630_dynamic, ConfuserVersion.v19_r79630_native);
				}
			}
			else
				return;

			installMethod = cctor;
		}

コード例 #15

0

ファイルを表示

        static bool FindKey0_v18_r75369(MethodDef method, out byte key0)
        {
            var instrs = method.Body.Instructions;

            for (int index = 0; index < instrs.Count; index++)
            {
                index = ConfuserUtils.FindCallMethod(instrs, index, Code.Callvirt, "System.Int32 System.IO.Stream::Read(System.Byte[],System.Int32,System.Int32)");
                if (index < 0)
                {
                    break;
                }

                if (index + 4 >= instrs.Count)
                {
                    break;
                }
                index++;

                if (instrs[index++].OpCode.Code != Code.Pop)
                {
                    continue;
                }
                var ldci4 = instrs[index++];
                if (!ldci4.IsLdcI4())
                {
                    continue;
                }
                if (instrs[index++].OpCode.Code != Code.Conv_U1)
                {
                    continue;
                }
                if (!instrs[index++].IsStloc())
                {
                    continue;
                }

                key0 = (byte)ldci4.GetLdcI4Value();
                return(true);
            }

            key0 = 0;
            return(false);
        }

コード例 #16

0

ファイルを表示

		static bool FindCallvirtChar(MethodDef method, out ushort callvirtChar) {
			var instrs = method.Body.Instructions;
			for (int index = 0; index < instrs.Count; index++) {
				index = ConfuserUtils.FindCallMethod(instrs, index, Code.Callvirt, "System.Char System.String::get_Chars(System.Int32)");
				if (index < 0)
					break;

				index++;
				if (index >= instrs.Count)
					break;

				var ldci4 = instrs[index];
				if (!ldci4.IsLdcI4())
					continue;
				callvirtChar = (ushort)ldci4.GetLdcI4Value();
				return true;
			}
			callvirtChar = 0;
			return false;
		}

コード例 #17

0

ファイルを表示

        static bool FindMagic1(MethodDef method, out uint magic)
        {
            var instrs = method.Body.Instructions;

            for (int i = 0; i < instrs.Count; i++)
            {
                int index = ConfuserUtils.FindCallMethod(instrs, i, Code.Callvirt, "System.Byte[] System.IO.BinaryReader::ReadBytes(System.Int32)");
                if (index < 0)
                {
                    break;
                }
                if (index < 4)
                {
                    continue;
                }

                index -= 4;
                if (!instrs[index].IsLdarg())
                {
                    continue;
                }
                if (instrs[index + 1].OpCode.Code != Code.Xor)
                {
                    continue;
                }
                var ldci4 = instrs[index + 2];
                if (!ldci4.IsLdcI4())
                {
                    continue;
                }
                if (instrs[index + 3].OpCode.Code != Code.Sub)
                {
                    continue;
                }

                magic = (uint)ldci4.GetLdcI4Value();
                return(true);
            }
            magic = 0;
            return(false);
        }

コード例 #18

0

ファイルを表示

		static bool FindMagic_v18_r75367(MethodDef method, out uint magic) {
			var instrs = method.Body.Instructions;
			for (int i = 0; i < instrs.Count; i++) {
				i = ConfuserUtils.FindCallMethod(instrs, i, Code.Callvirt, "System.Reflection.Module System.Reflection.MemberInfo::get_Module()");
				if (i < 0 || i + 3 >= instrs.Count)
					break;

				if (!instrs[i + 1].IsLdloc())
					continue;
				var ldci4 = instrs[i + 2];
				if (!ldci4.IsLdcI4())
					continue;
				if (instrs[i+3].OpCode.Code != Code.Xor)
					continue;

				magic = (uint)ldci4.GetLdcI4Value();
				return true;
			}
			magic = 0;
			return false;
		}

コード例 #19

0

ファイルを表示

		static MethodDef FindNativeMethod_v18_r75367(MethodDef method) {
			var instrs = method.Body.Instructions;
			for (int i = 0; i < instrs.Count; i++) {
				i = ConfuserUtils.FindCallMethod(instrs, i, Code.Callvirt, "System.Reflection.Module System.Reflection.MemberInfo::get_Module()");
				if (i < 0 || i + 2 >= instrs.Count)
					break;

				if (!instrs[i + 1].IsLdloc())
					continue;

				var call = instrs[i + 2];
				if (call.OpCode.Code != Code.Call)
					continue;
				var calledMethod = call.Operand as MethodDef;
				if (calledMethod == null || calledMethod.Body != null || !calledMethod.IsNative)
					continue;

				return calledMethod;
			}
			return null;
		}

コード例 #20

0

ファイルを表示

		static bool FindMagic_v14_r58564(MethodDef method, out uint magic) {
			var instrs = method.Body.Instructions;
			for (int i = 0; i < instrs.Count; i++) {
				int index = ConfuserUtils.FindCallMethod(instrs, i, Code.Call, "System.Int32 System.BitConverter::ToInt32(System.Byte[],System.Int32)");
				if (index < 0)
					break;
				int index2 = ConfuserUtils.FindCallMethod(instrs, i, Code.Callvirt, "System.Reflection.MethodBase System.Reflection.Module::ResolveMethod(System.Int32)");
				if (index2 < 0 || index2 - index != 3)
					continue;
				var ldci4 = instrs[index + 1];
				if (!ldci4.IsLdcI4())
					continue;
				if (instrs[index + 2].OpCode.Code != Code.Xor)
					continue;

				magic = (uint)ldci4.GetLdcI4Value();
				return true;
			}
			magic = 0;
			return false;
		}

コード例 #21

0

ファイルを表示

		static bool Is_v17_r73740(MethodDef method) {
			var instrs = method.Body.Instructions;
			for (int i = 0; i < instrs.Count; i++) {
				int index = ConfuserUtils.FindCallMethod(instrs, i, Code.Callvirt, "System.Reflection.MethodBase System.Reflection.Module::ResolveMethod(System.Int32)");
				if (index < 0)
					break;
				if (index < 3)
					continue;

				index -= 3;
				var ldci4 = instrs[index];
				if (!ldci4.IsLdcI4() || ldci4.GetLdcI4Value() != 24)
					continue;
				if (instrs[index + 1].OpCode.Code != Code.Shl)
					continue;
				if (instrs[index + 2].OpCode.Code != Code.Or)
					continue;

				return true;
			}
			return false;
		}

コード例 #22

0

ファイルを表示

		static MethodDef FindNativeMethod_v17_r73740(MethodDef method) {
			var instrs = method.Body.Instructions;
			for (int i = 0; i < instrs.Count; i++) {
				int index = ConfuserUtils.FindCallMethod(instrs, i, Code.Call, "System.Int32 System.BitConverter::ToInt32(System.Byte[],System.Int32)");
				if (index < 0)
					break;
				if (index < 1 || index + 1 >= instrs.Count)
					continue;

				if (!instrs[index - 1].IsLdcI4())
					continue;
				var call = instrs[index + 1];
				if (call.OpCode.Code != Code.Call)
					continue;
				var calledMethod = call.Operand as MethodDef;
				if (calledMethod == null || calledMethod.Body != null || !calledMethod.IsNative)
					continue;

				return calledMethod;
			}
			return null;
		}

コード例 #23

0

ファイルを表示

        static Local GetDynamicLocal_v17_r73740(MethodDef method)
        {
            var instrs = method.Body.Instructions;

            for (int i = 0; i < instrs.Count; i++)
            {
                i = ConfuserUtils.FindCallMethod(instrs, i, Code.Callvirt, "System.Byte System.IO.BinaryReader::ReadByte()");
                if (i < 0 || i + 5 >= instrs.Count)
                {
                    break;
                }
                if (!instrs[i + 1].IsStloc())
                {
                    continue;
                }
                var ldloc = instrs[i + 2];
                if (!ldloc.IsLdloc())
                {
                    continue;
                }
                if (!instrs[i + 3].IsLdloc())
                {
                    continue;
                }
                var ldci4 = instrs[i + 4];
                if (!ldci4.IsLdcI4() || ldci4.GetLdcI4Value() != 0x7F)
                {
                    continue;
                }
                if (instrs[i + 5].OpCode.Code != Code.And)
                {
                    continue;
                }

                return(ldloc.GetLocal(method.Body.Variables));
            }
            return(null);
        }

コード例 #24

0

ファイルを表示

		static bool FindMagic_v17_r73740(MethodDef method, out uint magic) {
			var instrs = method.Body.Instructions;
			for (int i = 0; i < instrs.Count; i++) {
				int index = ConfuserUtils.FindCallMethod(instrs, i, Code.Call, "System.Int32 System.BitConverter::ToInt32(System.Byte[],System.Int32)");
				if (index < 0)
					break;
				if (index < 1 || index + 2 >= instrs.Count)
					continue;

				if (!instrs[index - 1].IsLdcI4())
					continue;
				var ldci4 = instrs[index + 1];
				if (!ldci4.IsLdcI4())
					continue;
				if (instrs[index + 2].OpCode.Code != Code.Xor)
					continue;

				magic = (uint)ldci4.GetLdcI4Value();
				return true;
			}
			magic = 0;
			return false;
		}

コード例 #25

0

ファイルを表示

            static bool FindTypeCode(IList <Block> allBlocks, out byte typeCode, Code callCode, string bitConverterMethod)
            {
                foreach (var block in allBlocks)
                {
                    if (block.Sources.Count != 1)
                    {
                        continue;
                    }
                    int index = ConfuserUtils.FindCallMethod(block.Instructions, 0, callCode, bitConverterMethod);
                    if (index < 0)
                    {
                        continue;
                    }

                    if (!FindTypeCode(block.Sources[0], out typeCode))
                    {
                        continue;
                    }

                    return(true);
                }
                typeCode = 0;
                return(false);
            }

コード例 #26

0

ファイルを表示

        static bool FindKey0_v17_r73404(MethodDef method, out byte key)
        {
            var instrs = method.Body.Instructions;

            for (int i = 0; i < instrs.Count - 3; i++)
            {
                int index = ConfuserUtils.FindCallMethod(instrs, i, Code.Callvirt, "System.Byte[] System.IO.BinaryReader::ReadBytes(System.Int32)");
                if (index < 0)
                {
                    break;
                }
                if (index + 3 >= instrs.Count)
                {
                    break;
                }

                if (!instrs[index + 1].IsStloc())
                {
                    continue;
                }
                var ldci4 = instrs[index + 2];
                if (!ldci4.IsLdcI4())
                {
                    continue;
                }
                if (!instrs[index + 3].IsStloc())
                {
                    continue;
                }

                key = (byte)ldci4.GetLdcI4Value();
                return(true);
            }
            key = 0;
            return(false);
        }

コード例 #27

0

ファイルを表示

ファイル: ConstantsDecrypterV17.cs プロジェクト: Michael1541/de4dot

        static string GetResourceName(MethodDef method)
        {
            var instrs = method.Body.Instructions;

            for (int i = 0; i < instrs.Count; i++)
            {
                i = ConfuserUtils.FindCallMethod(instrs, i, Code.Call, "System.Byte[] System.BitConverter::GetBytes(System.Int32)");
                if (i < 0)
                {
                    break;
                }
                if (i == 0)
                {
                    continue;
                }
                var ldci4 = instrs[i - 1];
                if (!ldci4.IsLdcI4())
                {
                    continue;
                }
                return(Encoding.UTF8.GetString(BitConverter.GetBytes(ldci4.GetLdcI4Value())));
            }
            return(null);
        }

コード例 #28

0

ファイルを表示

 protected static int FindCallvirtReadUInt32(IList <Instruction> instrs, int index)
 {
     return(ConfuserUtils.FindCallMethod(instrs, index, Code.Callvirt, "System.UInt32 System.IO.BinaryReader::ReadUInt32()"));
 }

コード例 #29

0

ファイルを表示

 static int FindCallvirtReadUInt64(IList <Instruction> instrs, int index) =>
 ConfuserUtils.FindCallMethod(instrs, index, Code.Callvirt, "System.UInt64 System.IO.BinaryReader::ReadUInt64()");

C# (CSharp) de4dot.code.deobfuscators.Confuser ConfuserUtils.FindCallMethodの例