예제 #1
0
        void initDecrypters()
        {
            assemblyResolverInfo = new AssemblyResolverInfo(module, DeobfuscatedFile, this);
            assemblyResolverInfo.findTypes();
            resourceDecrypterInfo = new ResourceDecrypterInfo(module, assemblyResolverInfo.SimpleZipTypeMethod, DeobfuscatedFile);
            resourceResolverInfo  = new ResourceResolverInfo(module, DeobfuscatedFile, this, assemblyResolverInfo);
            resourceResolverInfo.findTypes();
            resourceDecrypter = new ResourceDecrypter(resourceDecrypterInfo);
            assemblyResolver  = new AssemblyResolver(resourceDecrypter, assemblyResolverInfo);
            resourceResolver  = new ResourceResolver(module, assemblyResolver, resourceResolverInfo);

            initStringDecrypterInfos();
            assemblyResolverInfo.findTypes();
            resourceResolverInfo.findTypes();

            addModuleCctorInitCallToBeRemoved(assemblyResolverInfo.CallResolverMethod);
            addCallToBeRemoved(module.EntryPoint, assemblyResolverInfo.CallResolverMethod);
            addModuleCctorInitCallToBeRemoved(resourceResolverInfo.CallResolverMethod);
            addCallToBeRemoved(module.EntryPoint, resourceResolverInfo.CallResolverMethod);

            resourceDecrypterInfo.setSimpleZipType(getGlobalSimpleZipTypeMethod(), DeobfuscatedFile);

            if (!decryptResources())
            {
                throw new ApplicationException("Could not decrypt resources");
            }

            dumpEmbeddedAssemblies();
        }
예제 #2
0
        void initDecrypters()
        {
            assemblyResolverInfo = new AssemblyResolverInfo(module, DeobfuscatedFile, this);
            assemblyResolverInfo.findTypes();
            resourceDecrypterInfo = new ResourceDecrypterInfo(module, assemblyResolverInfo.SimpleZipTypeMethod, DeobfuscatedFile);
            resourceResolverInfo = new ResourceResolverInfo(module, DeobfuscatedFile, this, assemblyResolverInfo);
            resourceResolverInfo.findTypes();
            resourceDecrypter = new ResourceDecrypter(resourceDecrypterInfo);
            assemblyResolver = new AssemblyResolver(resourceDecrypter, assemblyResolverInfo);
            resourceResolver = new ResourceResolver(module, assemblyResolver, resourceResolverInfo);

            initStringDecrypterInfos();
            assemblyResolverInfo.findTypes();
            resourceResolverInfo.findTypes();

            addModuleCctorInitCallToBeRemoved(assemblyResolverInfo.CallResolverMethod);
            addCallToBeRemoved(module.EntryPoint, assemblyResolverInfo.CallResolverMethod);
            addModuleCctorInitCallToBeRemoved(resourceResolverInfo.CallResolverMethod);
            addCallToBeRemoved(module.EntryPoint, resourceResolverInfo.CallResolverMethod);

            resourceDecrypterInfo.setSimpleZipType(getGlobalSimpleZipTypeMethod(), DeobfuscatedFile);

            if (!decryptResources())
                throw new ApplicationException("Could not decrypt resources");

            dumpEmbeddedAssemblies();
        }
예제 #3
0
        void initStringDecrypterInfos()
        {
            var stringEncoderClassFinder = new StringEncoderClassFinder(module, DeobfuscatedFile);

            stringEncoderClassFinder.find();
            foreach (var info in stringEncoderClassFinder.StringsEncoderInfos)
            {
                var sinfo = new StringDecrypterInfo(module, info.StringDecrypterClass)
                {
                    GetStringDelegate          = info.GetStringDelegate,
                    StringsType                = info.StringsType,
                    CreateStringDelegateMethod = info.CreateStringDelegateMethod,
                };
                stringDecrypterInfos.Add(sinfo);
            }

            // There may be more than one string decrypter. The strings in the first one's
            // methods may be decrypted by the other string decrypter.

            var initd = new Dictionary <StringDecrypterInfo, bool>(stringDecrypterInfos.Count);

            while (initd.Count != stringDecrypterInfos.Count)
            {
                StringDecrypterInfo initdInfo = null;
                for (int i = 0; i < 2; i++)
                {
                    foreach (var info in stringDecrypterInfos)
                    {
                        if (initd.ContainsKey(info))
                        {
                            continue;
                        }
                        if (info.init(this, DeobfuscatedFile))
                        {
                            resourceDecrypterInfo.setSimpleZipType(info.SimpleZipTypeMethod, DeobfuscatedFile);
                            initdInfo = info;
                            break;
                        }
                    }
                    if (initdInfo != null)
                    {
                        break;
                    }

                    assemblyResolverInfo.findTypes();
                    resourceResolverInfo.findTypes();
                    decryptResources();
                }

                if (initdInfo == null)
                {
                    break;
                }

                initd[initdInfo] = true;
                initStringDecrypter(initdInfo);
            }

            // Sometimes there could be a string decrypter present that isn't called by anyone.
            foreach (var info in stringDecrypterInfos)
            {
                if (initd.ContainsKey(info))
                {
                    continue;
                }
                Log.v("String decrypter not initialized. Token {0:X8}", info.StringsEncodingClass.MetadataToken.ToInt32());
            }
        }