DumpedMethods decryptMethods()
{
var dumpedMethods = new DumpedMethods();
var peImage = decrypterInfo.peImage;
var methodInfos = new MethodInfos(decrypterInfo.mainType, peImage, decrypterInfo.peHeader, decrypterInfo.mcKey);
methodInfos.initializeInfos();
var methodDef = peImage.DotNetFile.MetaData.TablesStream.MethodTable;
for (uint rid = 1; rid <= methodDef.Rows; rid++) {
var dm = new DumpedMethod();
peImage.readMethodTableRowTo(dm, rid);
var info = methodInfos.lookup(dm.mdRVA);
if (info == null)
continue;
ushort magic = peImage.readUInt16(dm.mdRVA);
if (magic != 0xFFF3)
continue;
var mbHeader = MethodBodyParser.parseMethodBody(MemoryImageStream.Create(info.body), out dm.code, out dm.extraSections);
peImage.updateMethodHeaderInfo(dm, mbHeader);
dumpedMethods.add(dm);
}
return dumpedMethods;
}
DumpedMethods decryptMethods()
{
var dumpedMethods = new DumpedMethods();
var peImage = decrypterInfo.peImage;
var methodInfos = new MethodInfos(decrypterInfo.mainType, peImage, decrypterInfo.peHeader, decrypterInfo.mcKey);
methodInfos.initializeInfos();
var methodDef = peImage.DotNetFile.MetaData.TablesStream.MethodTable;
for (uint rid = 1; rid <= methodDef.Rows; rid++)
{
var dm = new DumpedMethod();
peImage.readMethodTableRowTo(dm, rid);
var info = methodInfos.lookup(dm.mdRVA);
if (info == null)
{
continue;
}
ushort magic = peImage.readUInt16(dm.mdRVA);
if (magic != 0xFFF3)
{
continue;
}
var mbHeader = MethodBodyParser.parseMethodBody(MemoryImageStream.Create(info.body), out dm.code, out dm.extraSections);
peImage.updateMethodHeaderInfo(dm, mbHeader);
dumpedMethods.add(dm);
}
return(dumpedMethods);
}
DumpedMethods decryptMethods()
{
var dumpedMethods = new DumpedMethods();
var peImage = decrypterInfo.peImage;
var methodInfos = new MethodInfos(decrypterInfo.mainType, peImage, decrypterInfo.peHeader, decrypterInfo.mcKey);
methodInfos.initializeInfos();
var metadataTables = peImage.Cor20Header.createMetadataTables();
var methodDef = metadataTables.getMetadataType(MetadataIndex.iMethodDef);
uint methodDefOffset = methodDef.fileOffset;
for (int i = 0; i < methodDef.rows; i++, methodDefOffset += methodDef.totalSize)
{
uint bodyRva = peImage.offsetReadUInt32(methodDefOffset);
if (bodyRva == 0)
{
continue;
}
var info = methodInfos.lookup(bodyRva);
if (info == null)
{
continue;
}
uint bodyOffset = peImage.rvaToOffset(bodyRva);
ushort magic = peImage.offsetReadUInt16(bodyOffset);
if (magic != 0xFFF3)
{
continue;
}
var dm = new DumpedMethod();
dm.token = (uint)(0x06000001 + i);
dm.mdImplFlags = peImage.offsetReadUInt16(methodDefOffset + (uint)methodDef.fields[1].offset);
dm.mdFlags = peImage.offsetReadUInt16(methodDefOffset + (uint)methodDef.fields[2].offset);
dm.mdName = peImage.offsetRead(methodDefOffset + (uint)methodDef.fields[3].offset, methodDef.fields[3].size);
dm.mdSignature = peImage.offsetRead(methodDefOffset + (uint)methodDef.fields[4].offset, methodDef.fields[4].size);
dm.mdParamList = peImage.offsetRead(methodDefOffset + (uint)methodDef.fields[5].offset, methodDef.fields[5].size);
var reader = new BinaryReader(new MemoryStream(info.body));
byte b = reader.ReadByte();
if ((b & 3) == 2)
{
dm.mhFlags = 2;
dm.mhMaxStack = 8;
dm.mhCodeSize = (uint)(b >> 2);
dm.mhLocalVarSigTok = 0;
}
else
{
reader.BaseStream.Position--;
dm.mhFlags = reader.ReadUInt16();
dm.mhMaxStack = reader.ReadUInt16();
dm.mhCodeSize = reader.ReadUInt32();
dm.mhLocalVarSigTok = reader.ReadUInt32();
uint codeOffset = (uint)(dm.mhFlags >> 12) * 4;
reader.BaseStream.Position += codeOffset - 12;
}
dm.code = reader.ReadBytes((int)dm.mhCodeSize);
if ((dm.mhFlags & 8) != 0)
{
reader.BaseStream.Position = (reader.BaseStream.Position + 3) & ~3;
dm.extraSections = reader.ReadBytes((int)(reader.BaseStream.Length - reader.BaseStream.Position));
}
dumpedMethods.add(dm);
}
return(dumpedMethods);
}
DumpedMethods decryptMethods()
{
var dumpedMethods = new DumpedMethods();
var methodInfos = new MethodInfos(mainType, peImage, peHeader, mcKey);
methodInfos.initializeInfos();
var metadataTables = peImage.Cor20Header.createMetadataTables();
var methodDef = metadataTables.getMetadataType(MetadataIndex.iMethodDef);
uint methodDefOffset = methodDef.fileOffset;
for (int i = 0; i < methodDef.rows; i++, methodDefOffset += methodDef.totalSize) {
uint bodyRva = peImage.offsetReadUInt32(methodDefOffset);
if (bodyRva == 0)
continue;
var info = methodInfos.lookup(bodyRva);
if (info == null)
continue;
uint bodyOffset = peImage.rvaToOffset(bodyRva);
ushort magic = peImage.offsetReadUInt16(bodyOffset);
if (magic != 0xFFF3)
continue;
var dm = new DumpedMethod();
dm.token = (uint)(0x06000001 + i);
dm.mdImplFlags = peImage.offsetReadUInt16(methodDefOffset + (uint)methodDef.fields[1].offset);
dm.mdFlags = peImage.offsetReadUInt16(methodDefOffset + (uint)methodDef.fields[2].offset);
dm.mdName = peImage.offsetRead(methodDefOffset + (uint)methodDef.fields[3].offset, methodDef.fields[3].size);
dm.mdSignature = peImage.offsetRead(methodDefOffset + (uint)methodDef.fields[4].offset, methodDef.fields[4].size);
dm.mdParamList = peImage.offsetRead(methodDefOffset + (uint)methodDef.fields[5].offset, methodDef.fields[5].size);
var reader = new BinaryReader(new MemoryStream(info.body));
byte b = reader.ReadByte();
if ((b & 3) == 2) {
dm.mhFlags = 2;
dm.mhMaxStack = 8;
dm.mhCodeSize = (uint)(b >> 2);
dm.mhLocalVarSigTok = 0;
}
else {
reader.BaseStream.Position--;
dm.mhFlags = reader.ReadUInt16();
dm.mhMaxStack = reader.ReadUInt16();
dm.mhCodeSize = reader.ReadUInt32();
dm.mhLocalVarSigTok = reader.ReadUInt32();
uint codeOffset = (uint)(dm.mhFlags >> 12) * 4;
reader.BaseStream.Position += codeOffset - 12;
}
dm.code = reader.ReadBytes((int)dm.mhCodeSize);
if ((dm.mhFlags & 8) != 0) {
reader.BaseStream.Position = (reader.BaseStream.Position + 3) & ~3;
dm.extraSections = reader.ReadBytes((int)(reader.BaseStream.Length - reader.BaseStream.Position));
}
dumpedMethods.add(dm);
}
return dumpedMethods;
}
