/// <summary>
/// Add a detector to the dictionary, printing a warning if one already exists for
/// a CIL opcode.
/// </summary>
/// <param name="attr">Attribute</param>
/// <param name="callback">Detector delegate</param>
private void AddDetector(DetectAttribute attr, Detector callback)
{
if (attr.IsSpecial)
{
if (!_specialDetectors.ContainsKey(attr.SpecialOpCode))
{
_specialDetectors.Add(attr.SpecialOpCode, callback);
}
else
{
Console.WriteLine("[WARNING] More than one detector method found for special opcode {0}", attr.SpecialOpCode);
_specialDetectors[attr.SpecialOpCode] = callback;
}
}
else
{
if (!_detectors.ContainsKey(attr.OpCode))
{
_detectors.Add(attr.OpCode, callback);
}
else
{
Console.WriteLine("[WARNING] More than one detector method found for CIL opcode {0}", attr.OpCode);
_detectors[attr.OpCode] = callback;
}
}
}
/// <summary>
/// Try to identify a virtual instruction, getting the entire attribute of the detection method.
/// </summary>
/// <param name="instruction">Virtual instruction</param>
/// <param name="attribute">DetectAttribute of detection method if successful</param>
/// <returns>true if successful, false if not</returns>
public virtual Boolean TryIdentifyFull(VirtualOpCode instruction, out DetectAttribute attribute)
{
try
{
attribute = this.IdentifyFull(instruction);
return(true);
}
catch (OriginalOpcodeUnknownException)
{
attribute = null;
return(false);
}
}
public static Boolean TryIdentifyFull(this VirtualOpCode ins, out DetectAttribute attribute)
{
return(InstructionDetectorV1.Instance.TryIdentifyFull(ins, out attribute));
}