static void PrintMethod(MethodPrinter methodPrinter, MethodDef method)
{
const LoggerEvent dumpLogLevel = LoggerEvent.Verbose;
if (Logger.Instance.IgnoresEvent(dumpLogLevel))
{
return;
}
Logger.Instance.Indent();
Logger.v("Locals:");
Logger.Instance.Indent();
for (int i = 0; i < method.Body.Variables.Count; i++)
{
Logger.v("#{0}: {1}", i, method.Body.Variables[i].Type);
}
Logger.Instance.DeIndent();
Logger.v("Code:");
Logger.Instance.Indent();
methodPrinter.Print(dumpLogLevel, method.Body.Instructions, method.Body.ExceptionHandlers);
Logger.Instance.DeIndent();
Logger.Instance.DeIndent();
}
void Restore2()
{
Logger.n("Restoring CSVM methods");
Logger.Instance.Indent();
var opcodeDetector = GetVmOpCodeHandlerDetector();
var csvmMethods = new CsvmDataReader(resource.Data).Read();
var converter = new CsvmToCilMethodConverter(deobfuscatorContext, module, opcodeDetector);
var methodPrinter = new MethodPrinter();
foreach (var csvmMethod in csvmMethods)
{
var cilMethod = module.ResolveToken(csvmMethod.Token) as MethodDef;
if (cilMethod == null)
{
throw new ApplicationException(string.Format("Could not find method {0:X8}", csvmMethod.Token));
}
converter.Convert(cilMethod, csvmMethod);
Logger.v("Restored method {0:X8}", cilMethod.MDToken.ToInt32());
PrintMethod(methodPrinter, cilMethod);
}
Logger.Instance.DeIndent();
Logger.n("Restored {0} CSVM methods", csvmMethods.Count);
}
static void printMethod(MethodPrinter methodPrinter, MethodDefinition method)
{
const Log.LogLevel dumpLogLevel = Log.LogLevel.verbose;
if (!Log.isAtLeast(dumpLogLevel))
{
return;
}
Log.indent();
Log.v("Locals:");
Log.indent();
for (int i = 0; i < method.Body.Variables.Count; i++)
{
Log.v("#{0}: {1}", i, method.Body.Variables[i].VariableType);
}
Log.deIndent();
Log.v("Code:");
Log.indent();
methodPrinter.print(dumpLogLevel, method.Body.Instructions, method.Body.ExceptionHandlers);
Log.deIndent();
Log.deIndent();
}
void restore2()
{
Log.v("Restoring CSVM methods");
Log.indent();
var opcodeDetector = getVmOpCodeHandlerDetector();
var csvmMethods = new CsvmDataReader(resource.GetResourceStream()).read();
var converter = new CsvmToCilMethodConverter(deobfuscatorContext, module, opcodeDetector);
var methodPrinter = new MethodPrinter();
foreach (var csvmMethod in csvmMethods)
{
var cilMethod = module.LookupToken(csvmMethod.Token) as MethodDefinition;
if (cilMethod == null)
{
throw new ApplicationException(string.Format("Could not find method {0:X8}", csvmMethod.Token));
}
converter.convert(cilMethod, csvmMethod);
Log.v("Restored method {0:X8}", cilMethod.MetadataToken.ToInt32());
printMethod(methodPrinter, cilMethod);
}
Log.deIndent();
}
void Restore2() {
Logger.v("Restoring CSVM methods");
Logger.Instance.Indent();
var opcodeDetector = GetVmOpCodeHandlerDetector();
var csvmMethods = new CsvmDataReader(resource.Data).Read();
var converter = new CsvmToCilMethodConverter(deobfuscatorContext, module, opcodeDetector);
var methodPrinter = new MethodPrinter();
foreach (var csvmMethod in csvmMethods) {
var cilMethod = module.ResolveToken(csvmMethod.Token) as MethodDef;
if (cilMethod == null)
throw new ApplicationException(string.Format("Could not find method {0:X8}", csvmMethod.Token));
converter.Convert(cilMethod, csvmMethod);
Logger.v("Restored method {0:X8}", cilMethod.MDToken.ToInt32());
PrintMethod(methodPrinter, cilMethod);
}
Logger.Instance.DeIndent();
}
static void PrintMethod(MethodPrinter methodPrinter, MethodDef method) {
const LoggerEvent dumpLogLevel = LoggerEvent.Verbose;
if (Logger.Instance.IgnoresEvent(dumpLogLevel))
return;
Logger.Instance.Indent();
Logger.v("Locals:");
Logger.Instance.Indent();
for (int i = 0; i < method.Body.Variables.Count; i++)
Logger.v("#{0}: {1}", i, method.Body.Variables[i].Type);
Logger.Instance.DeIndent();
Logger.v("Code:");
Logger.Instance.Indent();
methodPrinter.Print(dumpLogLevel, method.Body.Instructions, method.Body.ExceptionHandlers);
Logger.Instance.DeIndent();
Logger.Instance.DeIndent();
}
public CFG([NonNull] MethodDefinition method)
{
printer = new MethodPrinter(method);
Init(method.Body.Instructions, method);
}
private void BuildGraph()
{
BasicBlock tail = null;
Instruction prevInsn = null;
BasicBlock prevBB = null;
int currentInsnNum = 0;
Hashtable insnBB = new Hashtable();
BasicBlock exit = new BasicBlock(instructions);
exit.first = exit.last = 0;
exit.isExit = true;
AddNode(exit);
foreach (Instruction insn in instructions)
{
if (printer.IsLeader(insn, prevInsn))
{
tail = new BasicBlock(instructions);
tail.first = currentInsnNum;
AddNode(tail);
if (prevBB != null)
{
prevBB.last = currentInsnNum - 1;
if (HasNext(instructions[currentInsnNum - 1]))
{
CFGEdge edge = new CFGEdge(prevBB, tail,
CFGEdgeType.Forward);
AddEdge(edge);
}
}
}
insnBB.Add(insn.Offset, tail);
prevInsn = insn;
prevBB = tail;
currentInsnNum++;
}
if (prevBB != null)
{
prevBB.last = currentInsnNum - 1;
}
foreach (Instruction insn in instructions)
{
if ((printer.EndsTryRegion(insn) != null) ||
(printer.EndsHandlerRegion(insn) != null))
{
BasicBlock finallyBB = GetNearestFinally(insn, insnBB);
if (finallyBB != null)
{
AddEdge(new CFGEdge((BasicBlock)insnBB[insn.Offset],
finallyBB, CFGEdgeType.Forward));
}
}
if (insn.OpCode.FlowControl == FlowControl.Return)
{
if (insn.OpCode.Code == Code.Endfinally &&
insn.Next != null)
{
AddEdge(new CFGEdge((BasicBlock)insnBB[insn.Offset],
(BasicBlock)insnBB[insn.Next.Offset],
CFGEdgeType.Forward));
}
else
{
AddEdge(new CFGEdge((BasicBlock)insnBB[insn.Offset],
exit, CFGEdgeType.Return));
}
}
/*
* if((insn.OpCode.Value != OpCodeConstants.Leave) &&
* (insn.OpCode.Value != OpCodeConstants.Endfinally)) {
*/
int[] targets = MethodPrinter.BranchTargets(insn);
if (targets == null)
{
continue;
}
foreach (int target in targets)
{
AddEdge(new CFGEdge((BasicBlock)insnBB[insn.Offset],
(BasicBlock)insnBB[target],
CFGEdgeType.Branch));
}
/*} */
}
entryPoint = (BasicBlock)insnBB[0];
}
public CFG([NonNull] MethodDefinition method)
{
printer = new MethodPrinter (method);
Init(method.Body.Instructions, method);
}
void restore2()
{
Log.v("Restoring CSVM methods");
Log.indent();
var opcodeDetector = getVmOpCodeHandlerDetector();
var csvmMethods = new CsvmDataReader(resource.GetResourceStream()).read();
var converter = new CsvmToCilMethodConverter(deobfuscatorContext, module, opcodeDetector);
var methodPrinter = new MethodPrinter();
foreach (var csvmMethod in csvmMethods) {
var cilMethod = module.LookupToken(csvmMethod.Token) as MethodDefinition;
if (cilMethod == null)
throw new ApplicationException(string.Format("Could not find method {0:X8}", csvmMethod.Token));
converter.convert(cilMethod, csvmMethod);
Log.v("Restored method {0:X8}", cilMethod.MetadataToken.ToInt32());
printMethod(methodPrinter, cilMethod);
}
Log.deIndent();
}
static void printMethod(MethodPrinter methodPrinter, MethodDefinition method)
{
const Log.LogLevel dumpLogLevel = Log.LogLevel.verbose;
if (!Log.isAtLeast(dumpLogLevel))
return;
Log.indent();
Log.v("Locals:");
Log.indent();
for (int i = 0; i < method.Body.Variables.Count; i++)
Log.v("#{0}: {1}", i, method.Body.Variables[i].VariableType);
Log.deIndent();
Log.v("Code:");
Log.indent();
methodPrinter.print(dumpLogLevel, method.Body.Instructions, method.Body.ExceptionHandlers);
Log.deIndent();
Log.deIndent();
}
void deobfuscateMethods()
{
if (savedMethodBodies != null) {
savedMethodBodies.restoreAll();
savedMethodBodies = null;
}
deob.DeobfuscatedFile = null;
Log.v("Deobfuscating methods");
var methodPrinter = new MethodPrinter();
var cflowDeobfuscator = new BlocksCflowDeobfuscator { InlineMethods = deob.CanInlineMethods };
foreach (var method in allMethods) {
Log.v("Deobfuscating {0} ({1:X8})", method, method.MetadataToken.ToUInt32());
Log.indent();
if (hasNonEmptyBody(method)) {
var blocks = new Blocks(method);
int numRemovedLocals = 0;
int oldNumInstructions = method.Body.Instructions.Count;
deob.deobfuscateMethodBegin(blocks);
if (options.ControlFlowDeobfuscation) {
cflowDeobfuscator.init(blocks);
cflowDeobfuscator.deobfuscate();
}
if (deob.deobfuscateOther(blocks) && options.ControlFlowDeobfuscation)
cflowDeobfuscator.deobfuscate();
if (options.ControlFlowDeobfuscation) {
numRemovedLocals = blocks.optimizeLocals();
blocks.repartitionBlocks();
}
deobfuscateStrings(blocks);
deob.deobfuscateMethodEnd(blocks);
IList<Instruction> allInstructions;
IList<ExceptionHandler> allExceptionHandlers;
blocks.getCode(out allInstructions, out allExceptionHandlers);
DotNetUtils.restoreBody(method, allInstructions, allExceptionHandlers);
if (numRemovedLocals > 0)
Log.v("Removed {0} unused local(s)", numRemovedLocals);
int numRemovedInstructions = oldNumInstructions - method.Body.Instructions.Count;
if (numRemovedInstructions > 0)
Log.v("Removed {0} dead instruction(s)", numRemovedInstructions);
const Log.LogLevel dumpLogLevel = Log.LogLevel.veryverbose;
if (Log.isAtLeast(dumpLogLevel)) {
Log.log(dumpLogLevel, "Deobfuscated code:");
Log.indent();
methodPrinter.print(dumpLogLevel, method, allInstructions, allExceptionHandlers);
Log.deIndent();
}
}
removeNoInliningAttribute(method);
Log.deIndent();
}
}