public static void run(ModuleDefMD module, Assembly asm)
{
VMDecryptor.FindEncryptedMethods(module);
bool flag = VMDecryptor.allEncMethods.Count != 0;
bool flag2 = flag;
if (flag2)
{
DecryptionMethods dec = VMDecryptor.setUpDecryptionRoutine(VMDecryptor.allEncMethods[0].method);
VMDecryptor.DecryptMethods(dec, asm, module);
}
}
public static void DecryptMethods(DecryptionMethods dec, Assembly asm, ModuleDefMD module)
{
Module manifestModule = asm.ManifestModule;
foreach (EncryptedMethodDetails encryptedMethodDetails in VMDecryptor.allEncMethods)
{
try
{
int encryptedValue = encryptedMethodDetails.encryptedValue;
MethodBase methodBase = manifestModule.ResolveMethod(dec.thirdMethod.MDToken.ToInt32());
object obj = Activator.CreateInstance(methodBase.DeclaringType);
object obj2 = methodBase.Invoke(obj, new object[]
{
encryptedValue
});
Type type = manifestModule.ResolveType(dec.initalField.FieldType.ToTypeDefOrRef().MDToken.ToInt32());
object obj3 = Activator.CreateInstance(type);
FieldInfo fieldInfo = obj3.GetType().GetFields()[0];
BindingFlags bindingAttr = BindingFlags.Instance | BindingFlags.Static | BindingFlags.Public | BindingFlags.NonPublic;
FieldInfo field = obj3.GetType().GetField(fieldInfo.Name, bindingAttr);
object value = field.GetValue(obj3);
MethodBase methodBase2 = manifestModule.ResolveMethod(dec.fifthMethod.MDToken.ToInt32());
TypeDef typeDef = dec.initalType as TypeDef;
MethodDef methodDef = dec.fifthMethod.DeclaringType.FindConstructors().ToArray <MethodDef>()[0];
ConstructorInfo constructorInfo = (ConstructorInfo)manifestModule.ResolveMethod(methodDef.MDToken.ToInt32());
object obj4 = constructorInfo.Invoke(new object[]
{
value
});
object obj5 = methodBase2.Invoke(obj4, new object[]
{
obj2
});
SuperDynamicReader superDynamicReader = new SuperDynamicReader(module, obj5);
superDynamicReader.Read();
superDynamicReader.RestoreMethod(encryptedMethodDetails.method);
}
catch
{
Console.WriteLine(encryptedMethodDetails.method.FullName + " Failed to decrypt");
}
}
}
public static DecryptionMethods setUpDecryptionRoutine(MethodDef methods)
{
DecryptionMethods decryptionMethods = new DecryptionMethods();
MethodDef methodDef = methods.Body.Instructions[methods.Body.Instructions.Count - 3].Operand as MethodDef;
for (int i = 0; i < methodDef.Body.Instructions.Count; i++)
{
bool flag = methodDef.Body.Instructions[i].OpCode == OpCodes.Callvirt;
bool flag2 = flag;
if (flag2)
{
decryptionMethods.initalmethod = (methodDef.Body.Instructions[i].Operand as MethodDef);
break;
}
}
for (int j = 0; j < decryptionMethods.initalmethod.Body.Instructions.Count; j++)
{
bool flag3 = decryptionMethods.initalmethod.Body.Instructions[j].OpCode == OpCodes.Call && decryptionMethods.initalmethod.Body.Instructions[j].Operand is MethodDef;
bool flag4 = flag3;
if (flag4)
{
MethodDef methodDef2 = decryptionMethods.initalmethod.Body.Instructions[j].Operand as MethodDef;
bool flag5 = methodDef2.Parameters.Count == 2 && methodDef2.HasReturnType;
bool flag6 = flag5;
if (flag6)
{
decryptionMethods.secondMethod = methodDef2;
}
break;
}
}
for (int k = 0; k < decryptionMethods.secondMethod.Body.Instructions.Count; k++)
{
bool flag7 = decryptionMethods.secondMethod.Body.Instructions[k].OpCode == OpCodes.Callvirt && decryptionMethods.secondMethod.Body.Instructions[k].Operand is MethodDef;
bool flag8 = flag7;
if (flag8)
{
MethodDef methodDef3 = decryptionMethods.secondMethod.Body.Instructions[k].Operand as MethodDef;
bool flag9 = methodDef3.Parameters.Count == 2 && methodDef3.HasReturnType;
bool flag10 = flag9;
if (flag10)
{
decryptionMethods.thirdMethod = methodDef3;
}
}
bool flag11 = decryptionMethods.secondMethod.Body.Instructions[k].OpCode == OpCodes.Ldfld && decryptionMethods.secondMethod.Body.Instructions[k].Operand is FieldDef && decryptionMethods.secondMethod.Body.Instructions[k + 2].OpCode == OpCodes.Call && decryptionMethods.secondMethod.Body.Instructions[k + 2].Operand is MethodDef;
bool flag12 = flag11;
if (flag12)
{
MethodDef methodDef4 = decryptionMethods.secondMethod.Body.Instructions[k + 2].Operand as MethodDef;
bool flag13 = methodDef4.Parameters.Count == 2 && methodDef4.HasReturnType;
bool flag14 = flag13;
if (flag14)
{
decryptionMethods.fourthMethod = methodDef4;
}
decryptionMethods.initalField = (FieldDef)decryptionMethods.secondMethod.Body.Instructions[k].Operand;
break;
}
}
decryptionMethods.initalType = (methods.Module.ResolveToken(33554456) as ITypeDefOrRef);
for (int l = 0; l < decryptionMethods.fourthMethod.Body.Instructions.Count; l++)
{
bool flag15 = decryptionMethods.fourthMethod.Body.Instructions[l].IsLdloc() && decryptionMethods.fourthMethod.Body.Instructions[l + 1].IsLdarg() && decryptionMethods.fourthMethod.Body.Instructions[l + 2].OpCode == OpCodes.Callvirt && decryptionMethods.fourthMethod.Body.Instructions[l + 3].IsStloc();
bool flag16 = flag15;
if (flag16)
{
MethodDef methodDef5 = decryptionMethods.fourthMethod.Body.Instructions[l + 2].Operand as MethodDef;
bool flag17 = methodDef5.Parameters.Count == 2 && methodDef5.HasReturnType;
bool flag18 = flag17;
if (flag18)
{
decryptionMethods.fifthMethod = methodDef5;
}
break;
}
}
return(decryptionMethods);
}
