Пример #1
0
        public void Find(ISimpleDeobfuscator simpleDeobfuscator)
        {
            if (module.Assembly == null)
            {
                return;
            }

            var  pkt = module.Assembly.PublicKeyToken;
            bool hasPublicKeyToken = !PublicKeyBase.IsNullOrEmpty2(pkt);

            foreach (var type in module.GetTypes())
            {
                var cctor = type.FindStaticConstructor();
                if (cctor == null)
                {
                    continue;
                }

                bool deobfuscatedCctor = false;
                bool?v13State = null, v40State = null, v41State = null;
                foreach (var method in type.Methods)
                {
                    if (!method.IsStatic || method.Body == null)
                    {
                        continue;
                    }

                    IDecrypterInfo info = null;

                    if (DecrypterInfo13.IsPossibleDecrypterMethod(method, ref v13State))
                    {
                        DeobfuscateCctor(simpleDeobfuscator, cctor, ref deobfuscatedCctor, hasPublicKeyToken);
                        simpleDeobfuscator.Deobfuscate(method);
                        info = GetInfoV13(cctor, method);
                    }
                    else if (DecrypterInfo40.IsPossibleDecrypterMethod(method, ref v40State))
                    {
                        DeobfuscateCctor(simpleDeobfuscator, cctor, ref deobfuscatedCctor, hasPublicKeyToken);
                        simpleDeobfuscator.Deobfuscate(method);
                        info = GetInfoV40(cctor, method);
                    }
                    else if (DecrypterInfo41.IsPossibleDecrypterMethod(method, ref v41State))
                    {
                        DeobfuscateCctor(simpleDeobfuscator, cctor, ref deobfuscatedCctor, hasPublicKeyToken);
                        simpleDeobfuscator.Deobfuscate(method);
                        info = GetInfoV41(cctor, method);
                    }

                    if (info == null)
                    {
                        continue;
                    }
                    methodToInfo.Add(method, info);
                    version = info.Version;
                }
            }
        }
Пример #2
0
        DecrypterInfo13 GetInfoV13(MethodDef cctor, MethodDef method)
        {
            var info = new DecrypterInfo13(cctor, method);

            if (!info.Initialize())
            {
                return(null);
            }
            return(info);
        }
Пример #3
0
        DecrypterInfo13 getInfoV13(MethodDefinition cctor, MethodDefinition method)
        {
            var info = new DecrypterInfo13(cctor, method);

            if (!info.initialize())
            {
                return(null);
            }
            return(info);
        }
Пример #4
0
        public void find(ISimpleDeobfuscator simpleDeobfuscator)
        {
            if (module.Assembly == null)
            {
                return;
            }

            bool hasPublicKeyToken = module.Assembly.Name.PublicKeyToken != null && module.Assembly.Name.PublicKeyToken.Length != 0;

            foreach (var type in module.GetTypes())
            {
                var cctor = DotNetUtils.getMethod(type, ".cctor");
                if (cctor == null)
                {
                    continue;
                }

                bool deobfuscatedCctor = false;
                foreach (var method in type.Methods)
                {
                    if (!method.IsStatic || method.Body == null)
                    {
                        continue;
                    }

                    IDecrypterInfo info = null;

                    if (DecrypterInfo13.isPossibleDecrypterMethod(method))
                    {
                        deobfuscateCctor(simpleDeobfuscator, cctor, ref deobfuscatedCctor, hasPublicKeyToken);
                        simpleDeobfuscator.deobfuscate(method);
                        info = getInfoV13(cctor, method);
                    }
                    else if (DecrypterInfo40.isPossibleDecrypterMethod(method))
                    {
                        deobfuscateCctor(simpleDeobfuscator, cctor, ref deobfuscatedCctor, hasPublicKeyToken);
                        simpleDeobfuscator.deobfuscate(method);
                        info = getInfoV40(cctor, method);
                    }
                    else if (DecrypterInfo41.isPossibleDecrypterMethod(method))
                    {
                        deobfuscateCctor(simpleDeobfuscator, cctor, ref deobfuscatedCctor, hasPublicKeyToken);
                        simpleDeobfuscator.deobfuscate(method);
                        info = getInfoV41(cctor, method);
                    }

                    if (info == null)
                    {
                        continue;
                    }
                    methodToInfo.add(method, info);
                    version = info.Version;
                }
            }
        }
		DecrypterInfo13 GetInfoV13(MethodDef cctor, MethodDef method) {
			var info = new DecrypterInfo13(cctor, method);
			if (!info.Initialize())
				return null;
			return info;
		}
Пример #6
0
 DecrypterInfo13 getInfoV13(MethodDefinition cctor, MethodDefinition method)
 {
     var info = new DecrypterInfo13(cctor, method);
     if (!info.initialize())
         return null;
     return info;
 }