protected override void scanForObfuscator()
{
findCliSecureAttribute();
cliSecureRtType = new CliSecureRtType(module);
cliSecureRtType.find(ModuleBytes);
stringDecrypter = new StringDecrypter(module, cliSecureRtType.StringDecrypterMethod);
stringDecrypter.find();
resourceDecrypter = new ResourceDecrypter(module);
resourceDecrypter.find();
proxyCallFixer = new ProxyCallFixer(module);
proxyCallFixer.findDelegateCreator();
csvm = new vm.Csvm(DeobfuscatedFile.DeobfuscatorContext, module);
csvm.find();
}
static byte[] getModuleCctorBytes(CliSecureRtType csRtType)
{
var initMethod = csRtType.InitializeMethod;
if (initMethod == null)
{
return(null);
}
uint initToken = initMethod.MetadataToken.ToUInt32();
var moduleCctorBytes = new byte[6];
moduleCctorBytes[0] = 0x28; // call
moduleCctorBytes[1] = (byte)initToken;
moduleCctorBytes[2] = (byte)(initToken >> 8);
moduleCctorBytes[3] = (byte)(initToken >> 16);
moduleCctorBytes[4] = (byte)(initToken >> 24);
moduleCctorBytes[5] = 0x2A; // ret
return(moduleCctorBytes);
}
public bool decrypt(PeImage peImage, Mono.Cecil.ModuleDefinition module, CliSecureRtType csRtType, ref DumpedMethods dumpedMethods)
{
this.peImage = peImage;
this.csRtType = csRtType;
this.module = module;
switch (decrypt2(ref dumpedMethods))
{
case DecryptResult.Decrypted: return(true);
case DecryptResult.NotEncrypted: return(false);
case DecryptResult.Error:
Log.w("Using dynamic method decryption");
byte[] moduleCctorBytes = getModuleCctorBytes(csRtType);
dumpedMethods = de4dot.code.deobfuscators.MethodsDecrypter.decrypt(module.FullyQualifiedName, moduleCctorBytes);
return(true);
default:
throw new ApplicationException("Invalid DecryptResult");
}
}
