public void FindHandlers()
{
if (vmOpCodes != null)
{
return;
}
deobfuscator = new MyDeobfuscator(module);
var csvmInfo = new CsvmInfo(module);
csvmInfo.Initialize();
var vmHandlerTypes = FindVmHandlerTypes();
if (vmHandlerTypes == null)
{
throw new ApplicationException("Could not find CSVM opcode handler types");
}
var composites = CreateCompositeOpCodeHandlers(csvmInfo, vmHandlerTypes);
foreach (var handlerInfos in OpCodeHandlerInfos.HandlerInfos)
{
if (!DetectCompositeHandlers(composites, handlerInfos))
{
continue;
}
vmOpCodes = CreateVmOpCodes(composites);
break;
}
if (vmOpCodes == null)
{
throw new ApplicationException("Could not find any/all CSVM handlers");
}
}
List <OpCodeHandler> CreateOtherHandlers(CsvmInfo csvmInfo, IList <OpCodeHandlerInfo> handlerInfos)
{
var list = new List <OpCodeHandler>(NUM_HANDLERS);
foreach (var type in GetVmHandlerTypes(csvmInfo.VmHandlerBaseType))
{
if (list.Count == NUM_HANDLERS)
{
break;
}
var execHandler = new PrimitiveHandlerMethod(GetExecMethod(type));
execHandler.Sig = CreateMethodSigInfoCreator(csvmInfo).Create(execHandler.Blocks);
var finder = new MethodFinder(handlerInfos, execHandler);
var handler = finder.FindHandler();
if (handler == null)
{
continue;
}
list.Add(handler);
}
list.Sort((a, b) => a.OpCodeHandlerInfo.Name.ToUpperInvariant().CompareTo(b.OpCodeHandlerInfo.Name.ToUpperInvariant()));
return(list);
}
public void FindHandlers() {
if (vmOpCodes != null)
return;
deobfuscator = new MyDeobfuscator(module);
var csvmInfo = new CsvmInfo(module);
csvmInfo.Initialize();
var vmHandlerTypes = FindVmHandlerTypes();
if (vmHandlerTypes == null)
throw new ApplicationException("Could not find CSVM opcode handler types");
var composites = CreateCompositeOpCodeHandlers(csvmInfo, vmHandlerTypes);
foreach (var handlerInfos in OpCodeHandlerInfos.HandlerInfos) {
var otherHandlers = CreateOtherHandlers(csvmInfo, handlerInfos);
if (!DetectCompositeHandlers(composites, otherHandlers))
continue;
vmOpCodes = CreateVmOpCodes(composites);
break;
}
if (vmOpCodes == null)
throw new ApplicationException("Could not find any/all CSVM handlers");
}
List <CompositeOpCodeHandler> CreateCompositeOpCodeHandlers(CsvmInfo csvmInfo, List <TypeDef> handlers)
{
var list = new List <CompositeOpCodeHandler>(handlers.Count);
foreach (var handler in handlers)
{
var execHandler = new HandlerMethod(GetExecMethod(handler));
list.Add(new CompositeOpCodeHandler(handler, execHandler));
}
return(list);
}
List <CompositeOpCodeHandler> CreateCompositeOpCodeHandlers(CsvmInfo csvmInfo, List <TypeDef> handlers)
{
var list = new List <CompositeOpCodeHandler>(handlers.Count);
var sigCreator = CreateSigCreator(csvmInfo);
foreach (var handler in handlers)
{
list.Add(new CompositeOpCodeHandler(sigCreator.Create(GetExecMethod(handler))));
}
return(list);
}
static SigCreator CreateSigCreator(CsvmInfo csvmInfo)
{
var creator = new SigCreator();
creator.AddId(csvmInfo.LogicalOpShrUn, 1);
creator.AddId(csvmInfo.LogicalOpShl, 2);
creator.AddId(csvmInfo.LogicalOpShr, 3);
creator.AddId(csvmInfo.LogicalOpAnd, 4);
creator.AddId(csvmInfo.LogicalOpXor, 5);
creator.AddId(csvmInfo.LogicalOpOr, 6);
creator.AddId(csvmInfo.CompareLt, 7);
creator.AddId(csvmInfo.CompareLte, 8);
creator.AddId(csvmInfo.CompareGt, 9);
creator.AddId(csvmInfo.CompareGte, 10);
creator.AddId(csvmInfo.CompareEq, 11);
creator.AddId(csvmInfo.CompareEqz, 12);
creator.AddId(csvmInfo.ArithmeticSubOvfUn, 13);
creator.AddId(csvmInfo.ArithmeticMulOvfUn, 14);
creator.AddId(csvmInfo.ArithmeticRemUn, 15);
creator.AddId(csvmInfo.ArithmeticRem, 16);
creator.AddId(csvmInfo.ArithmeticDivUn, 17);
creator.AddId(csvmInfo.ArithmeticDiv, 18);
creator.AddId(csvmInfo.ArithmeticMul, 19);
creator.AddId(csvmInfo.ArithmeticMulOvf, 20);
creator.AddId(csvmInfo.ArithmeticSub, 21);
creator.AddId(csvmInfo.ArithmeticSubOvf, 22);
creator.AddId(csvmInfo.ArithmeticAddOvfUn, 23);
creator.AddId(csvmInfo.ArithmeticAddOvf, 24);
creator.AddId(csvmInfo.ArithmeticAdd, 25);
creator.AddId(csvmInfo.UnaryNot, 26);
creator.AddId(csvmInfo.UnaryNeg, 27);
creator.AddId(csvmInfo.ArgsGet, 28);
creator.AddId(csvmInfo.ArgsSet, 29);
creator.AddId(csvmInfo.LocalsGet, 30);
creator.AddId(csvmInfo.LocalsSet, 31);
AddTypeId(creator, csvmInfo.LogicalOpShrUn, 32);
AddTypeId(creator, csvmInfo.CompareLt, 33);
AddTypeId(creator, csvmInfo.ArithmeticSubOvfUn, 34);
AddTypeId(creator, csvmInfo.UnaryNot, 35);
AddTypeId(creator, csvmInfo.ArgsGet, 36);
return(creator);
}
List <TypeDef> FindBasicVmHandlerTypes(CsvmInfo csvmInfo)
{
var list = new List <TypeDef>();
if (csvmInfo.VmHandlerBaseType == null)
{
return(list);
}
foreach (var type in module.Types)
{
if (list.Count == NUM_HANDLERS)
{
break;
}
if (type.BaseType == csvmInfo.VmHandlerBaseType)
{
list.Add(type);
}
}
return(list);
}
List<TypeDef> FindBasicVmHandlerTypes(CsvmInfo csvmInfo) {
var list = new List<TypeDef>();
if (csvmInfo.VmHandlerBaseType == null)
return list;
foreach (var type in module.Types) {
if (list.Count == NUM_HANDLERS)
break;
if (type.BaseType == csvmInfo.VmHandlerBaseType)
list.Add(type);
}
return list;
}
static SigCreator CreateSigCreator(CsvmInfo csvmInfo) {
var creator = new SigCreator();
creator.AddId(csvmInfo.LogicalOpShrUn, 1);
creator.AddId(csvmInfo.LogicalOpShl, 2);
creator.AddId(csvmInfo.LogicalOpShr, 3);
creator.AddId(csvmInfo.LogicalOpAnd, 4);
creator.AddId(csvmInfo.LogicalOpXor, 5);
creator.AddId(csvmInfo.LogicalOpOr, 6);
creator.AddId(csvmInfo.CompareLt, 7);
creator.AddId(csvmInfo.CompareLte, 8);
creator.AddId(csvmInfo.CompareGt, 9);
creator.AddId(csvmInfo.CompareGte, 10);
creator.AddId(csvmInfo.CompareEq, 11);
creator.AddId(csvmInfo.CompareEqz, 12);
creator.AddId(csvmInfo.ArithmeticSubOvfUn, 13);
creator.AddId(csvmInfo.ArithmeticMulOvfUn, 14);
creator.AddId(csvmInfo.ArithmeticRemUn, 15);
creator.AddId(csvmInfo.ArithmeticRem, 16);
creator.AddId(csvmInfo.ArithmeticDivUn, 17);
creator.AddId(csvmInfo.ArithmeticDiv, 18);
creator.AddId(csvmInfo.ArithmeticMul, 19);
creator.AddId(csvmInfo.ArithmeticMulOvf, 20);
creator.AddId(csvmInfo.ArithmeticSub, 21);
creator.AddId(csvmInfo.ArithmeticSubOvf, 22);
creator.AddId(csvmInfo.ArithmeticAddOvfUn, 23);
creator.AddId(csvmInfo.ArithmeticAddOvf, 24);
creator.AddId(csvmInfo.ArithmeticAdd, 25);
creator.AddId(csvmInfo.UnaryNot, 26);
creator.AddId(csvmInfo.UnaryNeg, 27);
creator.AddId(csvmInfo.ArgsGet, 28);
creator.AddId(csvmInfo.ArgsSet, 29);
creator.AddId(csvmInfo.LocalsGet, 30);
creator.AddId(csvmInfo.LocalsSet, 31);
AddTypeId(creator, csvmInfo.LogicalOpShrUn, 32);
AddTypeId(creator, csvmInfo.CompareLt, 33);
AddTypeId(creator, csvmInfo.ArithmeticSubOvfUn, 34);
AddTypeId(creator, csvmInfo.UnaryNot, 35);
AddTypeId(creator, csvmInfo.ArgsGet, 36);
return creator;
}
List<CompositeOpCodeHandler> CreateCompositeOpCodeHandlers(CsvmInfo csvmInfo, List<TypeDef> handlers) {
var list = new List<CompositeOpCodeHandler>(handlers.Count);
var sigCreator = CreateSigCreator(csvmInfo);
foreach (var handler in handlers)
list.Add(new CompositeOpCodeHandler(sigCreator.Create(GetExecMethod(handler))));
return list;
}
List<OpCodeHandler> CreateOtherHandlers(CsvmInfo csvmInfo, IList<OpCodeHandlerInfo> handlerInfos) {
var list = new List<OpCodeHandler>(NUM_HANDLERS);
foreach (var type in GetVmHandlerTypes(csvmInfo.VmHandlerBaseType)) {
if (list.Count == NUM_HANDLERS)
break;
var execHandler = new PrimitiveHandlerMethod(GetExecMethod(type));
execHandler.Sig = CreateMethodSigInfoCreator(csvmInfo).Create(execHandler.Blocks);
var finder = new MethodFinder(handlerInfos, execHandler);
var handler = finder.FindHandler();
if (handler == null)
continue;
list.Add(handler);
}
list.Sort((a, b) => a.OpCodeHandlerInfo.Name.ToUpperInvariant().CompareTo(b.OpCodeHandlerInfo.Name.ToUpperInvariant()));
return list;
}
List<CompositeOpCodeHandler> CreateCompositeOpCodeHandlers(CsvmInfo csvmInfo, List<TypeDef> handlers) {
var list = new List<CompositeOpCodeHandler>(handlers.Count);
foreach (var handler in handlers) {
var execHandler = new HandlerMethod(GetExecMethod(handler));
list.Add(new CompositeOpCodeHandler(handler, execHandler));
}
return list;
}
