public ConstantsDecrypter(ModuleDef module, MethodDef lzmaMethod, ISimpleDeobfuscator deobfsucator, x86Emulator nativeEmulator) { _module = module; _lzmaMethod = lzmaMethod; _deobfuscator = deobfsucator; _nativeEmulator = nativeEmulator; }
protected override void ScanForObfuscator() { _nativeEmulator = new x86Emulator(DeobUtils.ReadModule(module)); _controlFlowFixer = new ControlFlowFixer(_nativeEmulator); _lzmaFinder = new LzmaFinder(module, DeobfuscatedFile); _lzmaFinder.Find(); _constantDecrypter = new ConstantsDecrypter(module, _lzmaFinder.Method, DeobfuscatedFile, _nativeEmulator); _resourceDecrypter = new ResourceDecrypter(module, _lzmaFinder.Method, DeobfuscatedFile); if (_lzmaFinder.FoundLzma) { _constantDecrypter.Find(); _resourceDecrypter.Find(); } _proxyCallFixer = new ProxyCallFixer(module, DeobfuscatedFile, _nativeEmulator); _proxyCallFixer.FindDelegateCreatorMethod(); _proxyCallFixer.Find(); DetectConfuserExAttribute(); }
public ControlFlowFixer(x86Emulator nativeEmulator) { _nativeEmulator = nativeEmulator; }
public ConstantDecrypterBase(x86Emulator nativeEmulator) { _nativeEmulator = nativeEmulator; }
public ProxyCallFixer(ModuleDefMD module, ISimpleDeobfuscator simpleDeobfuscator, x86Emulator nativeEmulator) : base(module) { _simpleDeobfuscator = simpleDeobfuscator; _nativeEmulator = nativeEmulator; }