bool checkType(TypeDefinition type)
{
if (!new FieldTypes(type).all(requiredFieldTypes))
{
return(false);
}
if (type.NestedTypes.Count == 0)
{
return(DotNetUtils.findFieldType(type, "System.IO.BinaryReader", true) != null &&
DotNetUtils.findFieldType(type, "System.Collections.Generic.Dictionary`2<System.Int32,System.String>", true) != null);
}
else if (type.NestedTypes.Count == 3)
{
streamHelperType = findStreamHelperType(type);
return(streamHelperType != null);
}
else if (type.NestedTypes.Count == 1)
{
return(type.NestedTypes[0].IsEnum);
}
else
{
return(false);
}
}
bool checkType(MethodDefinition initMethod)
{
if (!initMethod.HasBody)
{
return(false);
}
if (DotNetUtils.findFieldType(initMethod.DeclaringType, "System.Reflection.Assembly", true) == null)
{
return(false);
}
resolverVersion = checkSetupMethod(initMethod);
if (resolverVersion == ResolverVersion.None)
{
resolverVersion = checkSetupMethod(DotNetUtils.getMethod(initMethod.DeclaringType, ".cctor"));
}
if (resolverVersion == ResolverVersion.None)
{
return(false);
}
resolverType = initMethod.DeclaringType;
resolverMethod = initMethod;
return(true);
}
bool checkType(TypeDefinition type, MethodDefinition initMethod)
{
if (DotNetUtils.findFieldType(type, "System.Collections.Hashtable", true) == null)
{
return(false);
}
if (!checkInitMethod(initMethod))
{
return(false);
}
List <AssemblyInfo> newAssemblyInfos = null;
foreach (var s in DotNetUtils.getCodeStrings(initMethod))
{
newAssemblyInfos = initializeEmbeddedAssemblies(s);
if (newAssemblyInfos != null)
{
break;
}
}
if (newAssemblyInfos == null)
{
return(false);
}
resolverType = type;
resolverMethod = initMethod;
assemblyInfos = newAssemblyInfos;
return(true);
}
bool findStringDecrypterType(out TypeDefinition theType, out MethodDefinition theMethod)
{
theType = null;
theMethod = null;
foreach (var type in module.Types)
{
if (type.IsPublic)
{
continue;
}
if (type.Fields.Count != 1)
{
continue;
}
if (DotNetUtils.findFieldType(type, "System.Byte[]", true) == null)
{
continue;
}
if (type.Methods.Count != 2 && type.Methods.Count != 3)
{
continue;
}
if (type.NestedTypes.Count > 0)
{
continue;
}
MethodDefinition method = null;
foreach (var m in type.Methods)
{
if (m.Name == ".ctor" || m.Name == ".cctor")
{
continue;
}
if (DotNetUtils.isMethod(m, "System.String", "(System.Int32)"))
{
method = m;
continue;
}
break;
}
if (method == null)
{
continue;
}
theType = type;
theMethod = method;
return(true);
}
return(false);
}
protected override bool checkResolverType(TypeDef type)
{
if (DotNetUtils.findFieldType(type, "System.Collections.Hashtable", true) != null)
{
return(true);
}
foreach (var field in type.Fields)
{
if (DotNetUtils.derivesFromDelegate(DotNetUtils.getType(module, field.FieldType)))
{
continue;
}
if (field.IsLiteral && field.FieldType.ToString() == "System.String")
{
continue;
}
return(false);
}
return(true);
}
MethodDefinition getProxyCreateMethod(TypeDefinition type)
{
if (DotNetUtils.findFieldType(type, "System.ModuleHandle", true) == null)
{
return(null);
}
if (type.Fields.Count < 1 || type.Fields.Count > 10)
{
return(null);
}
MethodDefinition createMethod = null;
foreach (var m in type.Methods)
{
if (m.Name == ".ctor" || m.Name == ".cctor")
{
continue;
}
if (createMethod == null && DotNetUtils.isMethod(m, "System.Void", "(System.Int32,System.Int32,System.Int32)"))
{
createMethod = m;
continue;
}
continue;
}
if (createMethod == null || !createMethod.HasBody)
{
return(null);
}
if (!DeobUtils.hasInteger(createMethod, 0xFFFFFF))
{
return(null);
}
return(createMethod);
}
protected override bool checkResolverType(TypeDefinition type)
{
return(DotNetUtils.findFieldType(type, "System.Reflection.Assembly", true) != null);
}