C# (CSharp) VirtualOpCode 예제들

예제 #1

파일: Detection.Arg.cs 프로젝트: xuan2261/eazdevirt

 private static Boolean Is_Ldarg_C(VirtualOpCode ins, Code code)
 {
     // Ldarg_C delegates will reference the arguments field in their Ldfld, which sets them apart from
     // other very similar delegates
     return(ins.Matches(ins.ModifyPattern(Pattern_Ldarg_C, Code.Ldc_I4, code)) &&
            ((FieldDef)ins.DelegateMethod.Body.Instructions[2].Operand).MDToken == ins.VType.ArgumentsField.MDToken);
 }

예제 #2

 public static Boolean Is_Cgt_Un(this VirtualOpCode ins)
 {
     return(ins.DelegateMethod.Matches(new Code[] {
         Code.Call, Code.Brtrue_S, Code.Ldc_I4_0, Code.Br_S, Code.Ldc_I4_1,
         Code.Callvirt, Code.Ldloc_2, Code.Call, Code.Ret
     }) && ins.DelegateMethod.MatchesIndirect(Pattern_Cgt_Un));
 }

예제 #3

 public static Boolean Is_Box(this VirtualOpCode ins)
 {
     return(ins.Matches(new Code[] {
         Code.Ldarg_1, Code.Castclass, Code.Callvirt, Code.Stloc_2, Code.Ldarg_0,
         Code.Ldloc_2, Code.Call, Code.Stloc_0, Code.Ldarg_0, Code.Call
     }));
 }

예제 #4

 public static Boolean Is_Isinst(this VirtualOpCode ins)
 {
     return(ins.DelegateMethod.Matches(
                Code.Call, Code.Brfalse_S, Code.Ldarg_0, Code.Ldloc_2, Code.Call, Code.Ret,
                Code.Ldarg_0, Code.Newobj, Code.Call, Code.Ret
                ));
 }

예제 #5

파일: VirtualizedMethodBodyReader.cs 프로젝트: jespanag/eazdevirt

        protected Instruction ReadOneInstruction_CIL(VirtualOpCode virtualInstruction)
        {
            OpCode opcode = virtualInstruction.OpCode.ToOpCode();

            Instruction instruction = new Instruction(opcode);

            instruction.Offset  = this.CurrentILOffset;
            instruction.OpCode  = opcode;
            instruction.Operand = this.ReadOperand(instruction);

            if (instruction.OpCode.Code == Code.Switch)
            {
                var targets = (IList <UInt32>)instruction.Operand;
                this.CurrentILOffset      += (UInt32)(instruction.OpCode.Size + 4 + (4 * targets.Count));
                this.CurrentVirtualOffset += (UInt32)(4 + 4 + (4 * targets.Count));
            }
            else
            {
                this.CurrentILOffset      += (UInt32)instruction.GetSize();
                this.CurrentVirtualOffset += (UInt32)virtualInstruction.GetSize(instruction.Operand);
            }

            this.CurrentInstructionOffset++;

            return(instruction);
        }

예제 #6

 public static Boolean Is_Leave(this VirtualOpCode ins)
 {
     return(ins.DelegateMethod.MatchesEntire(
                Code.Ldarg_1, Code.Castclass, Code.Callvirt, Code.Stloc_0, Code.Ldarg_0,
                Code.Ldnull, Code.Ldloc_0, Code.Call, Code.Ret
                ));
 }

예제 #7

 public static Boolean Is_Throw(this VirtualOpCode ins)
 {
     return(ins.MatchesEntire(new Code[] {
         Code.Ldarg_0, Code.Call, Code.Stloc_0, Code.Ldloc_0,
         Code.Callvirt, Code.Call, Code.Ret
     }) && _Is_Throw(ins, ((MethodDef)ins.DelegateMethod.Body.Instructions[5].Operand)));
 }

예제 #8

 public static Boolean Is_Newobj(this VirtualOpCode ins)
 {
     return(ins.Matches(new Code[] {
         Code.Ldarg_0, Code.Ldloc_2, Code.Ldnull, Code.Ldloc_3, Code.Ldc_I4_0,
         Code.Call, Code.Stloc_S, Code.Leave_S
     }));
 }

예제 #9

파일: Detection.Arg.cs 프로젝트: misharcrack/eazdevirt

		private static Boolean Is_Ldarg_C(VirtualOpCode ins, Code code)
		{
			// Ldarg_C delegates will reference the arguments field in their Ldfld, which sets them apart from
			// other very similar delegates
			return ins.Matches(ins.ModifyPattern(Pattern_Ldarg_C, Code.Ldc_I4, code))
				&& ((FieldDef)ins.DelegateMethod.Body.Instructions[2].Operand).MDToken == ins.VType.ArgumentsField.MDToken;
		}

예제 #10

 public static Boolean Is_Unbox_Any(this VirtualOpCode ins)
 {
     return(ins.DelegateMethod.Matches(
                Code.Ldloc_2, Code.Callvirt, Code.Stloc_3, Code.Ldloc_3, Code.Ldloc_1,
                Code.Call, Code.Stloc_S, Code.Ldarg_0, Code.Ldloc_S, Code.Call, Code.Ret
                ));
 }

예제 #11

 public static Boolean Is_Switch(this VirtualOpCode ins)
 {
     return(ins.DelegateMethod.Matches(
                Code.Blt_S, Code.Ret, Code.Ldloc_3, Code.Ldloc_2, Code.Conv_U, Code.Ldelem,
                Code.Callvirt, Code.Stloc_S, Code.Ldarg_0, Code.Ldloc_S, Code.Call, Code.Ret
                ));
 }

예제 #12

 public static Boolean Is_Ldelem_Ref(this VirtualOpCode ins)
 {
     // Is exact same as Ldelem_I except for the field reference
     return(ins.MatchesEntire(new Code[] {
         Code.Ldarg_0, Code.Ldsfld, Code.Call, Code.Ret
     }) && _Is_Ldelem(ins) && !ins.Is_Ldelem_I());
 }

예제 #13

 public static Boolean Is_Stelem_Ref(this VirtualOpCode ins)
 {
     return(ins.DelegateMethod.MatchesEntire(
                Code.Ldarg_0, Code.Ldsfld, Code.Call, Code.Ret
                ) && ins.DelegateMethod.MatchesIndirect(Pattern_Stelem) &&
            !Is_Stelem_I(ins));
 }

예제 #14

 public static Boolean Is_Ldelem(this VirtualOpCode ins)
 {
     return(ins.MatchesEntire(new Code[] {
         Code.Ldarg_1, Code.Castclass, Code.Callvirt, Code.Stloc_0, Code.Ldarg_0, Code.Ldloc_0,
         Code.Call, Code.Stloc_1, Code.Ldarg_0, Code.Ldloc_1, Code.Call, Code.Ret
     }) && _Is_Ldelem(ins));
 }

예제 #15

 public static Boolean Is_Shl(this VirtualOpCode ins)
 {
     return(ins.MatchesIndirect(
                new Code[] { Code.Ldloc_S, Code.Ldloc_S, Code.Ldc_I4_S, Code.And, Code.Shl, Code.Stloc_S,
                             Code.Newobj, Code.Stloc_0, Code.Ldloc_0, Code.Ldloc_S, Code.Callvirt, Code.Ldloc_0, Code.Ret }
                ));
 }

예제 #16

파일: Detection.Conv.cs 프로젝트: xuan2261/eazdevirt

 public static Boolean Is_Conv_R8(this VirtualOpCode ins)
 {
     return(ins.DelegateMethod.Matches(Conv_Helper_Pattern(
                                           Code.Conv_R8, Code.Stloc_2, Code.Br_S, Code.Ldloc_0, Code.Castclass,
                                           Code.Callvirt, Code.Stloc_2
                                           )));
 }

예제 #17

        private static Boolean _Is_Ldloca(VirtualOpCode ins, String typeName)
        {
            TypeDef stackType;

            return(ins.DelegateMethod.MatchesEntire(Pattern_Ldloca) &&
                   (stackType = ins.DelegateMethod.Body.Instructions[1].Operand as TypeDef) != null &&
                   StackTypeHelper.GetUnderlyingType(stackType).FullName.Equals(typeName));
        }

예제 #18

 private static Boolean Is_Stloc_C(VirtualOpCode ins, Code code)
 {
     return(ins.MatchesEntire(ins.ModifyPattern(Pattern_Stloc_C, Code.Ldc_I4, code)) &&
            Helpers.FindOpCodePatterns(                 // Check called method against Pattern_Helper_Stloc_C
                ((MethodDef)ins.DelegateMethod.Body.Instructions[2].Operand).Body.Instructions,
                Pattern_Helper_Stloc_C
                ).Count > 0);
 }

예제 #19

파일: Detection.Unsupported.cs 프로젝트: misharcrack/eazdevirt

		public static Boolean _Is_Unsupported(VirtualOpCode ins, String name)
		{
			String exceptionString = String.Format("{0} is not supported", name);
			return ins.DelegateMethod.MatchesEntire(new Code[] {
				Code.Ldstr, Code.Newobj, Code.Throw
			}) && ((String)ins.DelegateMethod.Body.Instructions[0].Operand)
			      .StartsWith(exceptionString, StringComparison.OrdinalIgnoreCase);
		}

예제 #20

 public static Boolean Is_Ldloc_S(this VirtualOpCode ins)
 {
     return(ins.MatchesEntire(Pattern_Ldloc) &&
            ((MethodDef)ins.DelegateMethod.Body.Instructions[7].Operand)
            .ReturnType.FullName.Equals("System.Byte") &&
            ((FieldDef)ins.DelegateMethod.Body.Instructions[5].Operand)
            .MDToken == ins.VType.LocalsField.MDToken);
 }

예제 #21

 private static Boolean _Is_Ldelem_T(VirtualOpCode ins, String typeName)
 {
     return(ins.MatchesEntire(new Code[] {
         Code.Ldarg_0, Code.Ldtoken, Code.Call, Code.Call, Code.Ret
     }) && ((ITypeDefOrRef)ins.DelegateMethod.Body.Instructions[1].Operand)
            .FullName.Equals(typeName) &&
            _Is_Ldelem(ins));
 }

예제 #22

        public static Boolean _Is_Ldc(VirtualOpCode ins, OperandType expectedOperandType)
        {
            OperandType operandType;

            return(ins.MatchesEntire(Pattern_Ldc) &&
                   ins.TryGetOperandType(out operandType) &&
                   operandType == expectedOperandType);
        }

예제 #23

파일: Detection.Elem.cs 프로젝트: misharcrack/eazdevirt

		private static Boolean _Is_Ldelem_T(VirtualOpCode ins, String typeName)
		{
			return ins.MatchesEntire(new Code[] {
				Code.Ldarg_0, Code.Ldtoken, Code.Call, Code.Call, Code.Ret
			}) && ((ITypeDefOrRef)ins.DelegateMethod.Body.Instructions[1].Operand)
				  .FullName.Equals(typeName)
				&& _Is_Ldelem(ins);
		}

예제 #24

파일: Detection.Arg.cs 프로젝트: xuan2261/eazdevirt

        public static Boolean Is_Starg_S(this VirtualOpCode ins)
        {
            var sub = ins.Find(Pattern_Starg);

            return(sub != null && sub[3].Operand is MethodDef &&
                   ((MethodDef)sub[3].Operand).ReturnType.FullName.Equals("System.Byte") &&
                   ins.Matches(Pattern_Tail_Starg));
        }

예제 #25

 public static Boolean Is_Ret(this VirtualOpCode ins)
 {
     return(ins.MatchesEntire(new Code[] {
         Code.Ldarg_0, Code.Call, Code.Ret
     }) && ((MethodDef)ins.DelegateMethod.Body.Instructions[1].Operand).MatchesEntire(new Code[] {
         Code.Ldarg_0, Code.Ldc_I4_1, Code.Stfld, Code.Ret
     }));
 }

예제 #26

        public static Boolean Is_Unbox(this VirtualOpCode ins)
        {
            OperandType operandType;

            return(ins.DelegateMethod.MatchesEntire(Code.Ret) &&
                   ins.TryGetOperandType(out operandType) &&
                   operandType == OperandType.InlineType);
        }

예제 #27

 public static Boolean Is_Stelem(this VirtualOpCode ins)
 {
     return(ins.DelegateMethod.MatchesEntire(
                Code.Ldarg_1, Code.Castclass, Code.Callvirt, Code.Stloc_0, Code.Ldarg_0,
                Code.Ldloc_0, Code.Call, Code.Stloc_1, Code.Ldarg_0, Code.Ldloc_1,
                Code.Call, Code.Ret
                ) && ins.DelegateMethod.MatchesIndirect(Pattern_Stelem));
 }

예제 #28

파일: Detection.Arg.cs 프로젝트: xuan2261/eazdevirt

        /// <remarks>Unsure</remarks>
        public static Boolean Is_Ldarga(this VirtualOpCode ins)
        {
            var sub = ins.Find(Pattern_Ldarga);

            return(sub != null &&
                   ((FieldDef)sub[2].Operand).MDToken == ins.VType.ArgumentsField.MDToken &&
                   ((MethodDef)sub[4].Operand).ReturnType.FullName.Equals("System.UInt16"));
        }

예제 #29

 public static Boolean Is_Stelem_I(this VirtualOpCode ins)
 {
     return(ins.DelegateMethod.MatchesEntire(
                Code.Ldarg_0, Code.Ldsfld, Code.Call, Code.Ret
                ) && ins.DelegateMethod.MatchesIndirect(Pattern_Stelem) &&
            ((FieldDef)ins.DelegateMethod.Body.Instructions[1].Operand)
            .MDToken == ins.VType.GetTypeField("System.IntPtr").MDToken);
 }

예제 #30

파일: Detection.Conv.cs 프로젝트: misharcrack/eazdevirt

		private static Boolean _Is_Conv_I(VirtualOpCode ins, Boolean ovf, IList<Code> helperPattern)
		{
			Code[] delegatePattern = (ovf ?
				new Code[] { Code.Ldarg_0, Code.Ldc_I4_1, Code.Call, Code.Ret } :
				new Code[] { Code.Ldarg_0, Code.Ldc_I4_0, Code.Call, Code.Ret });

			return ins.DelegateMethod.MatchesEntire(delegatePattern)
				&& ins.DelegateMethod.MatchesIndirect(helperPattern);
		}

예제 #31

 public static Boolean Is_Ldlen(this VirtualOpCode ins)
 {
     return(ins.MatchesEntire(new Code[] {
         Code.Ldarg_0, Code.Call, Code.Callvirt, Code.Castclass, Code.Stloc_0, Code.Ldarg_0,
         Code.Newobj, Code.Stloc_1, Code.Ldloc_1, Code.Ldloc_0, Code.Callvirt, Code.Callvirt,
         Code.Ldloc_1, Code.Call, Code.Ret
     }) && ((IMethod)ins.DelegateMethod.Body.Instructions[10].Operand)
            .FullName.Contains("System.Array::get_Length"));
 }

예제 #32

        public static Boolean Is_Newarr(this VirtualOpCode ins)
        {
            var sub = ins.DelegateMethod.Find(
                Code.Ldloc_S, Code.Ldloc_1, Code.Call, Code.Stloc_S
                );

            return(sub != null &&
                   ((IMethod)sub[2].Operand).FullName.Contains("System.Array::CreateInstance"));
        }

예제 #33

 public static Boolean Is_Endfinally(this VirtualOpCode ins)
 {
     return(ins.DelegateMethod.MatchesEntire(
                Code.Ldarg_0, Code.Call, Code.Ret
                ) && ins.DelegateMethod.MatchesIndirect(
                Code.Ldarg_0, Code.Ldfld, Code.Callvirt, Code.Ldarg_0, Code.Ldloc_0,
                Code.Callvirt, Code.Call, Code.Ret
                ));
 }

예제 #34

파일: Detection.Special.cs 프로젝트: xuan2261/eazdevirt

        public static Boolean Is_Eaz_Call(this VirtualOpCode ins)
        {
            var sub = ins.DelegateMethod.Find(new Code[] {
                Code.Ldc_I4, Code.And, Code.Ldc_I4_0, Code.Ceq, Code.Ldc_I4_0, Code.Ceq
            });

            return(sub != null &&
                   ((Int32)sub[0].Operand) == -2147483648);
        }

예제 #35

파일: Detection.Misc.cs 프로젝트: misharcrack/eazdevirt

		private static Boolean _Is_Ceq_49(VirtualOpCode ins)
		{
			return ins.DelegateMethod.Matches(
				Code.Ldloc_2, Code.Ldloc_1, Code.Ldloc_0, Code.Call, Code.Brtrue_S,
				Code.Ldc_I4_0, Code.Br_S, Code.Ldc_I4_1
			) && ins.DelegateMethod.MatchesIndirect(
				Code.Ldloc_1, Code.Callvirt, Code.Call, Code.Ldarg_1, Code.Callvirt, Code.Call,
				Code.Ceq, Code.Stloc_0, Code.Ldloc_0, Code.Ret
			);
		}

예제 #36

파일: Detection.Elem.cs 프로젝트: misharcrack/eazdevirt

		private static Boolean _Is_Ldelem(VirtualOpCode ins)
		{
			MethodDef method;
			IList<Instruction> pattern;
			var calls = ins.DelegateMethod.Calls().ToArray();
			return calls.Length > 0
				&& (method = calls.Last() as MethodDef) != null
				&& (pattern = method.Find(Pattern_Ldelem)) != null
				&& ((ITypeDefOrRef)pattern[0].Operand).FullName.Contains("System.Array");
		}

예제 #37

파일: Detection.Ind.cs 프로젝트: misharcrack/eazdevirt

		public static Boolean _Is_Ldind_IC(VirtualOpCode ins, String tokenTypeName)
		{
			TypeRef tokenType = null;
			return ins.DelegateMethod.MatchesEntire(
				Code.Ldarg_0, Code.Ldtoken, Code.Call, Code.Call, Code.Ret
			) && ins.DelegateMethod.MatchesIndirect(
				Code.Ldarg_0, Code.Call, Code.Stloc_0, Code.Ldarg_0, Code.Ldarg_0, Code.Ldloc_0,
				Code.Call, Code.Callvirt, Code.Ldarg_1, Code.Call, Code.Call, Code.Ret
			) && (tokenType = ins.DelegateMethod.Body.Instructions[1].Operand as TypeRef) != null
			&& tokenType.FullName.Equals(tokenTypeName);
		}

예제 #38

파일: Detection.Br.cs 프로젝트: misharcrack/eazdevirt

		public static Boolean _Jumps(VirtualOpCode ins)
		{
			return ins.DelegateMethod.Calls().Any((called) =>
			{
				MethodDef method = called as MethodDef;
				if (method == null)
					return false;

				return method.MatchesEntire(new Code[] {
					Code.Ldarg_0, Code.Ldarg_1, Code.Newobj, Code.Stfld, Code.Ret
				}) && ((IMethod)method.Body.Instructions[2].Operand).FullName.Contains("System.Nullable");
			});
		}

예제 #39

파일: Detection.Misc.cs 프로젝트: misharcrack/eazdevirt

		private static Boolean _Is_Ceq_50(VirtualOpCode ins)
		{
			return ins.DelegateMethod.Matches(
				Code.Ldloc_2, Code.Ldloc_1, Code.Ldloc_0, Code.Call, Code.Brtrue_S,
				Code.Ldc_I4_0, Code.Br_S, Code.Ldc_I4_1
			) && ins.DelegateMethod.MatchesIndirect(
				// Helper changed in 5.0
				Code.Ceq, Code.Stloc_0, Code.Br_S, Code.Ldarg_0, Code.Castclass,
				Code.Stloc_S, Code.Ldarg_1, Code.Castclass, Code.Stloc_S,
				Code.Ldloc_S, Code.Ldloc_S, Code.Callvirt, Code.Stloc_0, Code.Ldloc_0,
				Code.Ret
			);
		}

예제 #40

파일: InstructionDetectorBase.cs 프로젝트: misharcrack/eazdevirt

		/// <summary>
		/// Try to identify a virtual instruction.
		/// </summary>
		/// <param name="instruction">Virtual instruction</param>
		/// <param name="code">Detected CIL opcode if successful</param>
		/// <returns>true if successful, false if not</returns>
		public virtual Boolean TryIdentify(VirtualOpCode instruction, out Code code)
		{
			try
			{
				code = this.Identify(instruction);
				return true;
			}
			catch (OriginalOpcodeUnknownException)
			{
				code = Code.UNKNOWN2;
				return false;
			}
		}

예제 #41

파일: InstructionDetectorBase.cs 프로젝트: misharcrack/eazdevirt

		/// <summary>
		/// Try to identify a virtual instruction, getting the entire attribute of the detection method.
		/// </summary>
		/// <param name="instruction">Virtual instruction</param>
		/// <param name="attribute">DetectAttribute of detection method if successful</param>
		/// <returns>true if successful, false if not</returns>
		public virtual Boolean TryIdentifyFull(VirtualOpCode instruction, out DetectAttribute attribute)
		{
			try
			{
				attribute = this.IdentifyFull(instruction);
				return true;
			}
			catch (OriginalOpcodeUnknownException)
			{
				attribute = null;
				return false;
			}
		}

예제 #42

파일: Detection.Elem.cs 프로젝트: misharcrack/eazdevirt

		private static Boolean _Is_Stelem_RC(VirtualOpCode ins, String typeName)
		{
			ITypeDefOrRef type = null;
			var body = ins.DelegateMethod.Body.Instructions;
			return ins.DelegateMethod.MatchesEntire(
				Code.Ldarg_0, Code.Ldtoken, Code.Call, Code.Call, Code.Ret
			) && ins.DelegateMethod.MatchesIndirect(Pattern_Stelem)
			&& (type = body[1].Operand as ITypeDefOrRef) != null
			&& type.FullName.Equals(typeName);
		}

예제 #43

파일: InstructionDetectorBase.cs 프로젝트: misharcrack/eazdevirt

		/// <summary>
		/// Identify a virtual instruction, getting the entire attribute of the detection method.
		/// </summary>
		/// <param name="instruction">Virtual instruction</param>
		/// <returns>DetectAttribute of detection method if successful</returns>
		/// <exception cref="eazdevirt.OriginalOpcodeUnknownException">
		/// Thrown if original CIL opcode is unknown.
		/// </exception>
		public abstract DetectAttribute IdentifyFull(VirtualOpCode instruction);

예제 #44

파일: Detection.Br.cs 프로젝트: misharcrack/eazdevirt

		private static Boolean _Is_Br_Equality(VirtualOpCode ins)
		{
			return ins.DelegateMethod.MatchesIndirect(Pattern_Br_Equality_49)
				|| ins.DelegateMethod.MatchesIndirect(Pattern_Br_Equality_50);
		}

예제 #45

파일: Detection.Ind.cs 프로젝트: misharcrack/eazdevirt

		/// <remarks>
		/// All Stind_* delegate methods follow this pattern. They have different delegate
		/// methods, but their delegate methods all just call the same method with no params.
		///
		/// One way to attack this: Devirtualize all as Stind_I, then go back through the
		/// method afterwards, following the types on the stack. When a Stind_* instruction
		/// is reached, the value (on top of the stack) is the type being set.
		/// </remarks>
		private static Boolean _Is_Stind(VirtualOpCode ins)
		{
			return ins.DelegateMethod.MatchesEntire(Code.Ldarg_0, Code.Call, Code.Ret)
				&& ins.DelegateMethod.MatchesIndirect(
				Code.Ldarg_0, Code.Call, Code.Stloc_0, Code.Ldarg_0, Code.Call,
				Code.Stloc_1, Code.Ldarg_0, Code.Ldloc_1, Code.Ldloc_0, Code.Call,
				Code.Ret
			);
		}

예제 #46

파일: Detection.Elem.cs 프로젝트: misharcrack/eazdevirt

		private static Boolean _Is_Stelem_IC(VirtualOpCode ins, String typeName)
		{
			ITypeDefOrRef type = null;
			var sub = ins.DelegateMethod.Find(
				Code.Ldarg_0, Code.Ldtoken, Code.Call, Code.Ldloc_0, Code.Ldloc_1,
				Code.Ldloc_2, Code.Call, Code.Ret
			);
			return sub != null
				&& (type = sub[1].Operand as ITypeDefOrRef) != null
				&& type.FullName.Equals(typeName);
		}

예제 #47

파일: VirtualizedMethodBodyReader.cs 프로젝트: 3H54N/eazdevirt

        protected Instruction ReadOneInstruction_CIL(VirtualOpCode virtualInstruction)
        {
            OpCode opcode = virtualInstruction.OpCode.ToOpCode();

            Instruction instruction = new Instruction(opcode);
            instruction.Offset = this.CurrentILOffset;
            instruction.OpCode = opcode;
            instruction.Operand = this.ReadOperand(instruction);

            if (instruction.OpCode.Code == Code.Switch)
            {
                var targets = (IList<UInt32>)instruction.Operand;
                this.CurrentILOffset += (UInt32)(instruction.OpCode.Size + 4 + (4 * targets.Count));
                this.CurrentVirtualOffset += (UInt32)(4 + 4 + (4 * targets.Count));
            }
            else
            {
                this.CurrentILOffset += (UInt32)instruction.GetSize();
                this.CurrentVirtualOffset += (UInt32)virtualInstruction.GetSize(instruction.Operand);
            }

            this.CurrentInstructionOffset++;

            return instruction;
        }

예제 #48

파일: InstructionDetectorBase.cs 프로젝트: misharcrack/eazdevirt

		/// <summary>
		/// Identify a virtual instruction.
		/// </summary>
		/// <param name="instruction">Virtual instruction</param>
		/// <returns>Detected CIL opcode</returns>
		/// <exception cref="eazdevirt.OriginalOpcodeUnknownException">
		/// Thrown if original CIL opcode is unknown.
		/// </exception>
		public abstract Code Identify(VirtualOpCode instruction);

예제 #49

파일: VirtualizedMethodBodyReader.cs 프로젝트: 3H54N/eazdevirt

        protected Instruction ReadOneInstruction_Special(VirtualOpCode virtualInstruction)
        {
            //this.Logger.Verbose(this, "Special Opcode ({0}, delegate MDToken = 0x{1:X8})",
            //	virtualInstruction.SpecialOpCode.ToString(),
            //	virtualInstruction.DelegateMethod.MDToken.Raw
            //);

            // Have a method for this?
            OpCode opcode = null;
            switch(virtualInstruction.SpecialOpCode)
            {
                case SpecialCode.Eaz_Call:
                    opcode = Code.Call.ToOpCode(); // Or Callvirt?
                    break;
            }

            if(opcode == null)
            {
                throw new Exception(String.Format(
                    "Cannot convert SpecialOpCode to CIL OpCode: {0}",
                    virtualInstruction.SpecialOpCode
                ));
            }

            Object operand = this.ReadSpecialOperand(virtualInstruction);

            Instruction instruction = new Instruction(opcode);
            instruction.Offset = this.CurrentILOffset;
            instruction.OpCode = opcode;
            instruction.Operand = operand; // this.ReadOperand(instruction);

            this.CurrentILOffset += (UInt32)instruction.GetSize();
            this.CurrentVirtualOffset += (UInt32)virtualInstruction.GetSize(instruction.Operand);

            this.CurrentInstructionOffset++;

            return instruction;
        }

예제 #50

파일: InstructionDetectorV1.cs 프로젝트: misharcrack/eazdevirt

		/// <inheritdoc/>
		public override DetectAttribute IdentifyFull(VirtualOpCode instruction)
		{
			foreach (var kvp in _detectors)
			{
				if (kvp.Value(instruction))
					return (DetectAttribute)kvp.Value.Method.GetCustomAttribute(typeof(DetectAttribute));
			}

			foreach (var kvp in _specialDetectors)
			{
				if (kvp.Value(instruction))
					return (DetectAttribute)kvp.Value.Method.GetCustomAttribute(typeof(DetectAttribute));
			}

			throw new OriginalOpcodeUnknownException(instruction);
		}

예제 #51

파일: Detection.Ldc.cs 프로젝트: misharcrack/eazdevirt

		public static Boolean _Is_Ldc(VirtualOpCode ins, OperandType expectedOperandType)
		{
			OperandType operandType;
			return ins.MatchesEntire(Pattern_Ldc)
				&& ins.TryGetOperandType(out operandType)
				&& operandType == expectedOperandType;
		}

예제 #52

파일: Detection.Misc.cs 프로젝트: misharcrack/eazdevirt

		public static Boolean _Is_Throw(VirtualOpCode ins, MethodDef helper)
		{
			var matches = Helpers.FindOpCodePatterns(helper.Body.Instructions, Pattern_Throw);
			return matches.Count == 1 && matches[0].Length == Pattern_Throw.Length;
		}

예제 #53

파일: Detection.Ind.cs 프로젝트: misharcrack/eazdevirt

		public static Boolean Is_Stind(VirtualOpCode ins)
		{
			// Consider all Stind_* instructions as Stind_I (for now?)
			return _Is_Stind(ins);
		}

예제 #54

파일: Detection.Loc.cs 프로젝트: misharcrack/eazdevirt

		private static Boolean Is_Stloc_C(VirtualOpCode ins, Code code)
		{
			return ins.MatchesEntire(ins.ModifyPattern(Pattern_Stloc_C, Code.Ldc_I4, code))
				&& Helpers.FindOpCodePatterns( // Check called method against Pattern_Helper_Stloc_C
					 ((MethodDef)ins.DelegateMethod.Body.Instructions[2].Operand).Body.Instructions,
					 Pattern_Helper_Stloc_C
				   ).Count > 0;
		}

예제 #55

파일: Detection.Loc.cs 프로젝트: misharcrack/eazdevirt

		private static Boolean _Is_Stloc(VirtualOpCode ins, String indexTypeName)
		{
			return ins.MatchesEntire(Pattern_Stloc)
				&& ((MethodDef)ins.DelegateMethod.Body.Instructions[5].Operand)
				   .ReturnType.FullName.Equals(indexTypeName)
				&& Helpers.FindOpCodePatterns( // Check called method against Pattern_Helper_Stloc_C
					 ((MethodDef)ins.DelegateMethod.Body.Instructions[6].Operand).Body.Instructions,
					 Pattern_Helper_Stloc_C
				   ).Count > 0;
		}

예제 #56

파일: Detection.Ldc.cs 프로젝트: misharcrack/eazdevirt

		private static Boolean Is_Ldc_I4_C(VirtualOpCode ins, Code code)
		{
			return ins.MatchesEntire(ins.ModifyPattern(Pattern_Ldc_I4_C, Code.Ldc_I4, code));
		}

예제 #57

파일: VirtualizedMethodBodyReader.cs 프로젝트: 3H54N/eazdevirt

        /// <summary>
        /// Read a virtual operand of a special instruction.
        /// </summary>
        /// <param name="virtualOpCode">Special virtual opcode</param>
        /// <returns>Operand object, or null if unsupported operand type</returns>
        protected Object ReadSpecialOperand(VirtualOpCode virtualOpCode)
        {
            switch (virtualOpCode.SpecialOpCode)
            {
                case SpecialCode.Eaz_Call:
                    return this.Resolver.ResolveEazCall(this.Reader.ReadInt32());
            }

            return null;
        }

예제 #58

파일: Detection.Loc.cs 프로젝트: misharcrack/eazdevirt

		private static Boolean _Is_Ldloca(VirtualOpCode ins, String typeName)
		{
			TypeDef stackType;
			return ins.DelegateMethod.MatchesEntire(Pattern_Ldloca)
				&& (stackType = ins.DelegateMethod.Body.Instructions[1].Operand as TypeDef) != null
				&& StackTypeHelper.GetUnderlyingType(stackType).FullName.Equals(typeName);
		}

예제 #59

파일: InstructionDetectorV1.cs 프로젝트: misharcrack/eazdevirt

		/// <inheritdoc/>
		public override Code Identify(VirtualOpCode instruction)
		{
			foreach (var kvp in _detectors)
			{
				if (kvp.Value(instruction))
					return kvp.Key;
			}

			throw new OriginalOpcodeUnknownException(instruction);
		}

예제 #60

파일: Detection.Loc.cs 프로젝트: misharcrack/eazdevirt

		private static Boolean Is_Ldloc_C(VirtualOpCode ins, Code code)
		{
			return ins.MatchesEntire(ins.ModifyPattern(Pattern_Ldloc_C, Code.Ldc_I4, code))
				&& ((FieldDef)ins.DelegateMethod.Body.Instructions[2].Operand).MDToken == ins.VType.LocalsField.MDToken;
		}