public void Execute() { if (token.IsCancellationRequested) { // it means its called from Redo command token = default(CancellationToken); } if (DeFlowSettings.Settings.Logs) { OutputLog.Instance.WriteLine("Methods in module: " + this.methods.Count.ToString()); } foreach (var method in this.methods) { try { if (DeFlowSettings.Settings.Logs) { OutputLog.Instance.WriteLine("Processing method: " + string.Format("0x{0:X8}", method.MDToken.Raw)); } isBodyModified.Add(methodAnnotations.IsBodyModified(method)); methodAnnotations.SetBodyModified(method, true); MethodDeobfuscator.Deobfuscate(method, token); } catch (OperationCanceledException) { break; } } }
public void Execute() { isBodyModified = methodAnnotations.IsBodyModified(methodNode.MethodDef); methodAnnotations.SetBodyModified(methodNode.MethodDef, true); DeadInstructions.DeadInstrsList.Clear(); CancellationToken token = default(CancellationToken); MethodDeobfuscator.DeobfuscateAssisted(methodNode.MethodDef, token, ctx, expr, block); }
public void Execute() { if (token.IsCancellationRequested) { // it means its called from Redo command token = default(CancellationToken); } try { if (DeFlowSettings.Settings.Logs) { OutputLog.Instance.WriteLine("Processing method: " + string.Format("0x{0:X8}", methodNode.MethodDef.MDToken.Raw)); } isBodyModified = methodAnnotations.IsBodyModified(methodNode.MethodDef); methodAnnotations.SetBodyModified(methodNode.MethodDef, true); MethodDeobfuscator.Deobfuscate(methodNode.MethodDef, token); } catch (OperationCanceledException) { } }
public void Execute() { isBodyModified = methodAnnotations.IsBodyModified(methodNode.MethodDef); methodAnnotations.SetBodyModified(methodNode.MethodDef, true); newOptions.CopyTo(methodNode.MethodDef); }
public void Execute() { if (token.IsCancellationRequested) { // it means its called from Redo command token = default(CancellationToken); } try { methods.Add(methodNode.MethodDef); origMethodBodys.Add(methodNode.MethodDef.MethodBody); isBodyModified.Add(methodAnnotations.IsBodyModified(methodNode.MethodDef)); methodAnnotations.SetBodyModified(methodNode.MethodDef, true); var method = methodNode.MethodDef; if (method.Body.Instructions.Any(x => x.OpCode.Code == Code.Call && x.Operand is MethodDef)) { //At first lets restore all methods called from this method for (int i = 0; i < method.Body.Instructions.Count(); i++) { if (method.Body.Instructions[i].OpCode.Code == Code.Call && method.Body.Instructions[i].Operand is MethodDef && (method.Body.Instructions[i].Operand as MethodDef).Body != null) { methods.Add(method.Body.Instructions[i].Operand as MethodDef); origMethodBodys.Add((method.Body.Instructions[i].Operand as MethodDef).MethodBody); isBodyModified.Add(methodAnnotations.IsBodyModified(method.Body.Instructions[i].Operand as MethodDef)); methodAnnotations.SetBodyModified(method.Body.Instructions[i].Operand as MethodDef, true); MethodDeobfuscator.Deobfuscate(method.Body.Instructions[i].Operand as MethodDef, token); } } var tempMethod = DotNetUtils.Clone(method); var blocks = new Blocks(tempMethod); List <Block> allBlocks = new List <Block>(); blocks.MethodBlocks.GetAllBlocks(allBlocks); foreach (var block in allBlocks) { for (int i = 0; i < block.Instructions.Count; i++) { var instruction = block.Instructions[i]; if (instruction.OpCode.Code == Code.Call && instruction.Operand is MethodDef && (instruction.Operand as MethodDef).Body != null) { // Remove empty method if ((instruction.Operand as MethodDef).Body.Instructions.All(x => x.OpCode.Code == Code.Nop || x.OpCode.Code == Code.Ret)) { block.Instructions.RemoveAt(i); //TODO: remove all inner empty methods, but better to have addititonal command for it tho } // Inline proxy method if ((instruction.Operand as MethodDef).Body.Instructions.All(x => IsOkOpcode(x.OpCode.Code))) { var inlined = GetInstruction((instruction.Operand as MethodDef).Body.Instructions); if (inlined != null) { block.Instructions.RemoveAt(i); block.Instructions.Insert(i, new Instr(new Instruction(inlined.OpCode, inlined.Operand))); } } } } } IList <Instruction> allInstructions; IList <ExceptionHandler> allExceptionHandlers; blocks.GetCode(out allInstructions, out allExceptionHandlers); DotNetUtils.RestoreBody(tempMethod, (IEnumerable <Instruction>)allInstructions, (IEnumerable <ExceptionHandler>)allExceptionHandlers); MethodDeobfuscator.RestoreMethod(method, tempMethod); } } catch (OperationCanceledException) { } }