public void init(ResourceDecrypter resourceDecrypter)
{
if (decryptedData != null)
return;
var resourceName = module.Assembly.Name.Name + module.Assembly.Name.Name;
stringResource = DotNetUtils.getResource(module, resourceName) as EmbeddedResource;
if (stringResource == null)
return;
Log.v("Adding string decrypter. Resource: {0}", Utils.toCsharpString(stringResource.Name));
decryptedData = resourceDecrypter.decrypt(stringResource.GetResourceStream());
}
public override void deobfuscateBegin()
{
base.deobfuscateBegin();
resourceDecrypter = new ResourceDecrypter(module);
resourceResolver = new ResourceResolver(module, resourceDecrypter);
assemblyResolver = new AssemblyResolver(module);
resourceResolver.find();
assemblyResolver.find();
decryptResources();
stringDecrypter.init(resourceDecrypter);
if (stringDecrypter.Method != null) {
addResourceToBeRemoved(stringDecrypter.Resource, "Encrypted strings");
staticStringDecrypter.add(stringDecrypter.Method, (method, args) => {
return stringDecrypter.decrypt((int)args[0]);
});
DeobfuscatedFile.stringDecryptersAdded();
}
antiDebugger = new AntiDebugger(module, DeobfuscatedFile, this);
antiDebugger.find();
addModuleCctorInitCallToBeRemoved(resourceResolver.Method);
addModuleCctorInitCallToBeRemoved(assemblyResolver.Method);
addCallToBeRemoved(module.EntryPoint, tamperDetection.Method);
addCallToBeRemoved(module.EntryPoint, antiDebugger.Method);
addTypeToBeRemoved(resourceResolver.Type, "Resource resolver type");
addTypeToBeRemoved(assemblyResolver.Type, "Assembly resolver type");
addTypeToBeRemoved(tamperDetection.Type, "Tamper detection type");
addTypeToBeRemoved(antiDebugger.Type, "Anti-debugger type");
addTypeToBeRemoved(stringDecrypter.Type, "String decrypter type");
proxyDelegateFinder.find();
dumpEmbeddedAssemblies();
}
public ResourceResolver(ModuleDefinition module, ResourceDecrypter resourceDecrypter)
{
this.module = module;
this.resourceDecrypter = resourceDecrypter;
}