Exemplo n.º 1
0
        List <TypeDefinition> findVmHandlerTypes()
        {
            var requiredFields = new string[] {
                null,
                "System.Collections.Generic.Dictionary`2<System.UInt16,System.Type>",
                "System.UInt16",
            };
            var cflowDeobfuscator = new CflowDeobfuscator(new NoMethodInliner());

            foreach (var type in module.Types)
            {
                var cctor = DotNetUtils.getMethod(type, ".cctor");
                if (cctor == null)
                {
                    continue;
                }
                requiredFields[0] = type.FullName;
                if (!new FieldTypes(type).exactly(requiredFields))
                {
                    continue;
                }

                cflowDeobfuscator.deobfuscate(cctor);
                var handlers = findVmHandlerTypes(cctor);
                if (handlers.Count != 31)
                {
                    continue;
                }

                return(handlers);
            }

            return(null);
        }
        List <TypeDef> findVmHandlerTypes()
        {
            var requiredFields = new string[] {
                null,
                "System.Collections.Generic.Dictionary`2<System.UInt16,System.Type>",
                "System.UInt16",
            };
            var cflowDeobfuscator = new CflowDeobfuscator();

            foreach (var type in module.Types)
            {
                var cctor = type.FindStaticConstructor();
                if (cctor == null)
                {
                    continue;
                }
                requiredFields[0] = type.FullName;
                if (!new FieldTypes(type).exactly(requiredFields))
                {
                    continue;
                }

                cflowDeobfuscator.deobfuscate(cctor);
                var handlers = findVmHandlerTypes(cctor);
                if (handlers.Count != 31)
                {
                    continue;
                }

                return(handlers);
            }

            return(null);
        }
Exemplo n.º 3
0
        public static bool Phase1()
        {
            var cflowCleaner = new CflowDeobfuscator();
            var mCounter     = 0;

            foreach (var mDef in AsmDef.FindMethods(m => true))
            {
                cflowCleaner.deobfuscate(mDef);
                mCounter++;

                Logger.VLog("Cleaned method: " + mDef.Name);
            }

            Logger.VSLog(string.Format("{0} methods cleaned...", mCounter));
            return(true);
        }