public override void deobfuscateBegin()
{
base.deobfuscateBegin();
if (options.DecryptResources)
{
addCctorInitCallToBeRemoved(resourceResolver.InitMethod);
addTypeToBeRemoved(resourceResolver.Type, "Resource resolver type");
}
decryptResources();
stringDecrypter.initialize();
if (Operations.DecryptStrings != OpDecryptString.None)
{
if (stringDecrypter.Resource != null)
{
Log.v("Adding string decrypter. Resource: {0}", Utils.toCsharpString(stringDecrypter.Resource.Name));
}
staticStringInliner.add(stringDecrypter.DecryptMethod, (method, gim, args) => {
return(stringDecrypter.decrypt(args));
});
DeobfuscatedFile.stringDecryptersAdded();
}
if (options.DumpEmbeddedAssemblies)
{
assemblyResolver.initialize(DeobfuscatedFile, this);
// Need to dump the assemblies before decrypting methods in case there's a reference
// in the encrypted code to one of these assemblies.
dumpEmbeddedAssemblies();
}
if (options.DecryptMethods)
{
methodsDecrypter.initialize(DeobfuscatedFile, this);
methodsDecrypter.decrypt();
}
if (options.DecryptConstants)
{
constantsDecrypter.initialize(DeobfuscatedFile, this);
addTypeToBeRemoved(constantsDecrypter.Type, "Constants decrypter type");
addResourceToBeRemoved(constantsDecrypter.Resource, "Encrypted constants");
int32ValueInliner = new Int32ValueInliner();
int32ValueInliner.add(constantsDecrypter.Int32Decrypter, (method, gim, args) => constantsDecrypter.decryptInt32((int)args[0]));
int64ValueInliner = new Int64ValueInliner();
int64ValueInliner.add(constantsDecrypter.Int64Decrypter, (method, gim, args) => constantsDecrypter.decryptInt64((int)args[0]));
singleValueInliner = new SingleValueInliner();
singleValueInliner.add(constantsDecrypter.SingleDecrypter, (method, gim, args) => constantsDecrypter.decryptSingle((int)args[0]));
doubleValueInliner = new DoubleValueInliner();
doubleValueInliner.add(constantsDecrypter.DoubleDecrypter, (method, gim, args) => constantsDecrypter.decryptDouble((int)args[0]));
}
proxyCallFixer.find();
startedDeobfuscating = true;
}
public override void deobfuscateBegin()
{
base.deobfuscateBegin();
resourceDecrypter = new ResourceDecrypter(module, DeobfuscatedFile);
resourceResolver = new ResourceResolver(module, resourceDecrypter);
assemblyResolver = new AssemblyResolver(module);
resourceResolver.find();
assemblyResolver.find();
decryptResources();
stringDecrypter.init(resourceDecrypter);
if (stringDecrypter.Method != null) {
staticStringInliner.add(stringDecrypter.Method, (method, gim, args) => {
return stringDecrypter.decrypt((int)args[0]);
});
DeobfuscatedFile.stringDecryptersAdded();
}
methodsDecrypter.decrypt(resourceDecrypter);
if (methodsDecrypter.Detected) {
if (!assemblyResolver.Detected)
assemblyResolver.find();
if (!tamperDetection.Detected)
tamperDetection.find();
}
antiDebugger = new AntiDebugger(module, DeobfuscatedFile, this);
antiDebugger.find();
if (options.DecryptConstants) {
constantsDecrypter.init(resourceDecrypter);
int32ValueInliner = new Int32ValueInliner();
int32ValueInliner.add(constantsDecrypter.Int32Decrypter, (method, gim, args) => constantsDecrypter.decryptInt32((int)args[0]));
int64ValueInliner = new Int64ValueInliner();
int64ValueInliner.add(constantsDecrypter.Int64Decrypter, (method, gim, args) => constantsDecrypter.decryptInt64((int)args[0]));
singleValueInliner = new SingleValueInliner();
singleValueInliner.add(constantsDecrypter.SingleDecrypter, (method, gim, args) => constantsDecrypter.decryptSingle((int)args[0]));
doubleValueInliner = new DoubleValueInliner();
doubleValueInliner.add(constantsDecrypter.DoubleDecrypter, (method, gim, args) => constantsDecrypter.decryptDouble((int)args[0]));
addTypeToBeRemoved(constantsDecrypter.Type, "Constants decrypter type");
addResourceToBeRemoved(constantsDecrypter.Resource, "Encrypted constants");
}
addModuleCctorInitCallToBeRemoved(resourceResolver.Method);
addModuleCctorInitCallToBeRemoved(assemblyResolver.Method);
addCallToBeRemoved(module.EntryPoint, tamperDetection.Method);
addModuleCctorInitCallToBeRemoved(tamperDetection.Method);
addCallToBeRemoved(module.EntryPoint, antiDebugger.Method);
addModuleCctorInitCallToBeRemoved(antiDebugger.Method);
addTypeToBeRemoved(resourceResolver.Type, "Resource resolver type");
addTypeToBeRemoved(assemblyResolver.Type, "Assembly resolver type");
addTypeToBeRemoved(tamperDetection.Type, "Tamper detection type");
addTypeToBeRemoved(antiDebugger.Type, "Anti-debugger type");
addTypeToBeRemoved(methodsDecrypter.Type, "Methods decrypter type");
addTypesToBeRemoved(methodsDecrypter.DelegateTypes, "Methods decrypter delegate type");
addResourceToBeRemoved(methodsDecrypter.Resource, "Encrypted methods");
proxyCallFixer.find();
dumpEmbeddedAssemblies();
}
public override void deobfuscateBegin()
{
base.deobfuscateBegin();
if (options.DecryptResources) {
addCctorInitCallToBeRemoved(resourceResolver.InitMethod);
addTypeToBeRemoved(resourceResolver.Type, "Resource resolver type");
}
decryptResources();
stringDecrypter.initialize();
if (Operations.DecryptStrings != OpDecryptString.None) {
if (stringDecrypter.Resource != null)
Log.v("Adding string decrypter. Resource: {0}", Utils.toCsharpString(stringDecrypter.Resource.Name));
staticStringInliner.add(stringDecrypter.DecryptMethod, (method, args) => {
return stringDecrypter.decrypt(args);
});
DeobfuscatedFile.stringDecryptersAdded();
}
if (options.DumpEmbeddedAssemblies) {
assemblyResolver.initialize(DeobfuscatedFile, this);
// Need to dump the assemblies before decrypting methods in case there's a reference
// in the encrypted code to one of these assemblies.
dumpEmbeddedAssemblies();
}
if (options.DecryptMethods) {
methodsDecrypter.initialize(DeobfuscatedFile, this);
methodsDecrypter.decrypt();
}
if (options.DecryptConstants) {
constantsDecrypter.initialize(DeobfuscatedFile, this);
addTypeToBeRemoved(constantsDecrypter.Type, "Constants decrypter type");
addResourceToBeRemoved(constantsDecrypter.Resource, "Encrypted constants");
int32ValueInliner = new Int32ValueInliner();
int32ValueInliner.add(constantsDecrypter.Int32Decrypter, (method, args) => constantsDecrypter.decryptInt32((int)args[0]));
int64ValueInliner = new Int64ValueInliner();
int64ValueInliner.add(constantsDecrypter.Int64Decrypter, (method, args) => constantsDecrypter.decryptInt64((int)args[0]));
singleValueInliner = new SingleValueInliner();
singleValueInliner.add(constantsDecrypter.SingleDecrypter, (method, args) => constantsDecrypter.decryptSingle((int)args[0]));
doubleValueInliner = new DoubleValueInliner();
doubleValueInliner.add(constantsDecrypter.DoubleDecrypter, (method, args) => constantsDecrypter.decryptDouble((int)args[0]));
}
proxyDelegateFinder.find();
}
public override void deobfuscateBegin()
{
base.deobfuscateBegin();
resourceDecrypter = new ResourceDecrypter(module, DeobfuscatedFile);
resourceResolver = new ResourceResolver(module, resourceDecrypter);
assemblyResolver = new AssemblyResolver(module);
resourceResolver.find();
assemblyResolver.find();
decryptResources();
stringDecrypter.init(resourceDecrypter);
if (stringDecrypter.Method != null)
{
staticStringInliner.add(stringDecrypter.Method, (method, gim, args) => {
return(stringDecrypter.decrypt((int)args[0]));
});
DeobfuscatedFile.stringDecryptersAdded();
}
methodsDecrypter.decrypt(resourceDecrypter);
if (methodsDecrypter.Detected)
{
if (!assemblyResolver.Detected)
{
assemblyResolver.find();
}
if (!tamperDetection.Detected)
{
tamperDetection.find();
}
}
antiDebugger = new AntiDebugger(module, DeobfuscatedFile, this);
antiDebugger.find();
if (options.DecryptConstants)
{
constantsDecrypter.init(resourceDecrypter);
int32ValueInliner = new Int32ValueInliner();
int32ValueInliner.add(constantsDecrypter.Int32Decrypter, (method, gim, args) => constantsDecrypter.decryptInt32((int)args[0]));
int64ValueInliner = new Int64ValueInliner();
int64ValueInliner.add(constantsDecrypter.Int64Decrypter, (method, gim, args) => constantsDecrypter.decryptInt64((int)args[0]));
singleValueInliner = new SingleValueInliner();
singleValueInliner.add(constantsDecrypter.SingleDecrypter, (method, gim, args) => constantsDecrypter.decryptSingle((int)args[0]));
doubleValueInliner = new DoubleValueInliner();
doubleValueInliner.add(constantsDecrypter.DoubleDecrypter, (method, gim, args) => constantsDecrypter.decryptDouble((int)args[0]));
addTypeToBeRemoved(constantsDecrypter.Type, "Constants decrypter type");
addResourceToBeRemoved(constantsDecrypter.Resource, "Encrypted constants");
}
addModuleCctorInitCallToBeRemoved(resourceResolver.Method);
addModuleCctorInitCallToBeRemoved(assemblyResolver.Method);
addCallToBeRemoved(module.EntryPoint, tamperDetection.Method);
addModuleCctorInitCallToBeRemoved(tamperDetection.Method);
addCallToBeRemoved(module.EntryPoint, antiDebugger.Method);
addModuleCctorInitCallToBeRemoved(antiDebugger.Method);
addTypeToBeRemoved(resourceResolver.Type, "Resource resolver type");
addTypeToBeRemoved(assemblyResolver.Type, "Assembly resolver type");
addTypeToBeRemoved(tamperDetection.Type, "Tamper detection type");
addTypeToBeRemoved(antiDebugger.Type, "Anti-debugger type");
addTypeToBeRemoved(methodsDecrypter.Type, "Methods decrypter type");
addTypesToBeRemoved(methodsDecrypter.DelegateTypes, "Methods decrypter delegate type");
addResourceToBeRemoved(methodsDecrypter.Resource, "Encrypted methods");
proxyCallFixer.find();
dumpEmbeddedAssemblies();
}