static void InitializeNameAndExtension(AssemblyInfo info)
{
try {
var mod = ModuleDefMD.Load(info.Data);
info.AssemblyFullName = mod.Assembly.FullName;
info.SimpleName = mod.Assembly.Name.String;
info.Extension = DeobUtils.GetExtension(mod.Kind);
return;
}
catch {
}
Logger.w("Could not load assembly from decrypted resource {0}", Utils.ToCsharpString(info.ResourceName));
int index = info.Filename.LastIndexOf('.');
if (index < 0)
{
info.SimpleName = info.Filename;
info.Extension = "";
}
else
{
info.SimpleName = info.Filename.Substring(0, index);
info.Extension = info.Filename.Substring(index);
}
}
public void Initialize(ISimpleDeobfuscator simpleDeobfuscator, IDeobfuscator deob)
{
if (resolverType == null)
{
return;
}
encryptedResource = BabelUtils.FindEmbeddedResource(module, resolverType, simpleDeobfuscator, deob);
if (encryptedResource == null)
{
Logger.w("Could not find embedded assemblies resource");
return;
}
var decrypted = resourceDecrypter.Decrypt(encryptedResource.GetReader().ToArray());
var reader = new BinaryReader(new MemoryStream(decrypted));
int numAssemblies = reader.ReadInt32();
embeddedAssemblyInfos = new EmbeddedAssemblyInfo[numAssemblies];
for (int i = 0; i < numAssemblies; i++)
{
string name = reader.ReadString();
var data = reader.ReadBytes(reader.ReadInt32());
var mod = ModuleDefMD.Load(data);
embeddedAssemblyInfos[i] = new EmbeddedAssemblyInfo(name, DeobUtils.GetExtension(mod.Kind), data);
}
}
public RealAssemblyInfo(AssemblyDef realAssembly, uint entryPointToken, ModuleKind kind)
{
this.realAssembly = realAssembly;
this.entryPointToken = entryPointToken;
this.kind = kind;
moduleName = realAssembly.Name.String + DeobUtils.GetExtension(kind);
}
public EmbeddedAssemblyInfo UnpackMainAssembly(bool createAssembly)
{
if (mainAsmResource == null)
{
return(null);
}
var info = CreateEmbeddedAssemblyInfo(mainAsmResource, Decrypt(mainAsmResource));
var asm = module.Assembly;
if (createAssembly && asm != null && entryPointToken != 0 && info.kind == ModuleKind.NetModule)
{
info.extension = DeobUtils.GetExtension(module.Kind);
info.kind = module.Kind;
var realAsm = module.UpdateRowId(new AssemblyDefUser(asm.Name, new Version(0, 0, 0, 0)));
info.realAssemblyInfo = new RealAssemblyInfo(realAsm, entryPointToken, info.kind);
if (module.Name != "Stub.exe")
{
info.realAssemblyInfo.moduleName = module.Name.String;
}
info.asmFullName = realAsm.FullName;
info.asmSimpleName = realAsm.Name.String;
}
return(info);
}
public EmbeddedAssemblyInfo(EmbeddedResource resource, byte[] data, string asmFullName, ModuleKind kind)
{
this.resource = resource;
this.data = data;
this.asmFullName = asmFullName;
asmSimpleName = Utils.GetAssemblySimpleName(asmFullName);
this.kind = kind;
extension = DeobUtils.GetExtension(kind);
}
AssemblyInfo GetAssemblyInfo(byte[] decryptedData, EmbeddedResource resource)
{
var asm = AssemblyDef.Load(decryptedData);
var fullName = asm.FullName;
var simpleName = asm.Name.String;
var extension = DeobUtils.GetExtension(asm.Modules[0].Kind);
return(new AssemblyInfo(decryptedData, fullName, simpleName, extension, resource));
}
void DumpResourceFiles()
{
foreach (var resource in libAssemblyResolver.Resources)
{
var mod = ModuleDefMD.Load(resource.Data.ReadAllBytes());
AddResourceToBeRemoved(resource, string.Format("Embedded assembly: {0}", mod.Assembly.FullName));
DeobfuscatedFile.CreateAssemblyFile(resource.GetResourceData(),
Utils.GetAssemblySimpleName(mod.Assembly.FullName),
DeobUtils.GetExtension(mod.Kind));
}
RemoveInitCall(libAssemblyResolver.InitMethod);
AddCallToBeRemoved(module.EntryPoint, libAssemblyResolver.InitMethod);
AddTypeToBeRemoved(libAssemblyResolver.Type, "Assembly resolver type (library mode)");
}
void FindEmbeddedAssemblies()
{
var data = bundleData.Data.ReadAllBytes();
var doc = new XmlDocument();
bundleXmlFile.Data.Position = 0;
doc.Load(XmlReader.Create(bundleXmlFile.Data.CreateStream()));
var manifest = doc.DocumentElement;
if (manifest.Name.ToLowerInvariant() != "manifest")
{
Logger.w("Could not find Manifest element");
return;
}
foreach (var tmp in manifest.ChildNodes)
{
var assemblyElem = tmp as XmlElement;
if (assemblyElem == null)
{
continue;
}
if (assemblyElem.Name.ToLowerInvariant() != "assembly")
{
Logger.w("Unknown element: {0}", assemblyElem.Name);
continue;
}
int offset = GetAttributeValueInt32(assemblyElem, "offset");
if (offset < 0)
{
Logger.w("Could not find offset attribute");
continue;
}
var assemblyData = DeobUtils.Inflate(data, offset, data.Length - offset, true);
var mod = ModuleDefMD.Load(assemblyData);
infos.Add(new AssemblyInfo(mod.Assembly.FullName, DeobUtils.GetExtension(mod.Kind), assemblyData));
}
}
void DecryptAllAssemblies()
{
if (assemblyResource == null)
{
return;
}
var resourceSet = ResourceReader.Read(resourceModule, assemblyResource.CreateReader());
foreach (var resourceElement in resourceSet.ResourceElements)
{
if (resourceElement.ResourceData.Code != ResourceTypeCode.ByteArray)
{
throw new ApplicationException("Invalid resource");
}
var resourceData = (BuiltInResourceData)resourceElement.ResourceData;
var assemblyData = Decrypt((byte[])resourceData.Data);
var theModule = ModuleDefMD.Load(assemblyData);
bool isMain = resourceElement.Name == entryPointAssemblyKey;
assemblyInfos.Add(new AssemblyInfo(assemblyData, DeobUtils.GetExtension(theModule.Kind), theModule.Assembly.FullName, theModule.Assembly.Name.String, isMain));
}
}
public List <AssemblyInfo> GetAssemblyInfos(ISimpleDeobfuscator simpleDeobfuscator, IDeobfuscator deob)
{
var infos = new List <AssemblyInfo>();
if (embedResolverMethod != null)
{
simpleDeobfuscator.Deobfuscate(embedResolverMethod);
simpleDeobfuscator.DecryptStrings(embedResolverMethod, deob);
embedPassword = GetEmbedPassword(embedResolverMethod);
}
if (embedPassword == null)
{
return(infos);
}
foreach (var rsrc in module.Resources)
{
var resource = rsrc as EmbeddedResource;
if (resource == null)
{
continue;
}
if (!Regex.IsMatch(resource.Name.String, "^cfd_([0-9a-f]{2})+_$"))
{
continue;
}
var asmData = Decrypt(embedPassword, Gunzip(resource.Data.ReadAllBytes()));
var mod = ModuleDefMD.Load(asmData);
infos.Add(new AssemblyInfo(asmData, resource, mod.Assembly.FullName, mod.Assembly.Name.String, DeobUtils.GetExtension(mod.Kind)));
}
return(infos);
}