public int emulateCase(out int localValueasInt)
{
ins.Emulate(switchBlock.Instructions, 0, switchBlock.Instructions.Count - 1);
var localValue = ins.GetLocal(localSwitch) as Int32Value;
localValueasInt = localValue.Value;
return(((Int32Value)ins.Pop()).Value);
}
public int emulate(int val, out int locValue)
{
locValue = 0;
//we take the value of the arg as a parameter to pass along to the switch block
var ins = new InstructionEmulator(blocks.Method);
ins.Initialize(blocks.Method);
if (native)
{
var test = x86emulate(switchBlock.FirstInstr.Operand as MethodDef, new[] { val });
ins.Push(new Int32Value(test));
//emulates the block however we dont emulate all the block
ins.Emulate(switchBlock.Instructions, 1, switchBlock.Instructions.Count - 1);
//we now get the local value this will contain the num value used to work out the next arg in the next case
if (!isolder)
{
locValue = (ins.GetLocal(localSwitch) as Int32Value).Value;
}
}
else
{
ins.Push(new Int32Value(val));
//emulates the block however we dont emulate all the block
ins.Emulate(switchBlock.Instructions, 0, switchBlock.Instructions.Count - 1);
//we now get the local value this will contain the num value used to work out the next arg in the next case
if (!isolder)
{
locValue = (ins.GetLocal(localSwitch) as Int32Value).Value;
}
}
//we use de4dots instructionEmulator to emulate the block
//we push the arg value to the stack
//we peek at the stack value and this is the next case so we return this to continue
var caseValue = ins.Peek() as Int32Value;
return(caseValue.Value);
}
private int?GetSwitchKey()
{
var val = _instructionEmulator.GetLocal(_switchKey);
if (!val.IsInt32())
{
return(null);
}
var value = val as Int32Value;
if (value == null || !value.AllBitsValid())
{
return(null);
}
return(value.Value);
}
private int caseEmulate(out int localVal)
{
if (swlocal == null)
{
ins.Emulate(swBlock.Instructions, 0, swBlock.Instructions.Count - 1);
var caseVal = ins.Pop() as Int32Value;
localVal = 0;
return(caseVal.Value);
}
else
{
ins.Emulate(swBlock.Instructions, 0, swBlock.Instructions.Count - 1);
var caseVal = ins.Pop() as Int32Value;
var localVal32 = ins.GetLocal(swlocal) as Int32Value;
localVal = localVal32.Value;
// Console.WriteLine(caseVal.Value);
return(caseVal.Value);
}
}
public void DecryptMethods()
{
for (int i = 0; i < delegateInfos.Count; i++)
{
var info = delegateInfos[i];
var emuator = new InstructionEmulator();
EmulateMethod(info, emuator);
var local = info.InitMethod.Body.Variables.FirstOrDefault(t => t.Type.FullName == "System.Reflection.MethodBase");
if (local == null)
{
continue;
}
var value = emuator.GetLocal(local);
if (!(value is ObjectValue objValue) || !(objValue.obj is IMethod method))
{
continue;
}
info.Resolved = true;
info.Decrypted = method;
info.OpCode = ResolveOpCode(info.InitMethod, info.Field, info.Key);
Decrypted++;
}
}
bool EmulateDynocode(InstructionEmulator emu, ref int index)
{
var instrs = stringMethod.Body.Instructions;
var instr = instrs[index];
var ctor = instr.Operand as MethodDef;
if (ctor == null || ctor.MethodSig.GetParamCount() != 1 || ctor.MethodSig.Params[0].ElementType != ElementType.I4)
{
return(false);
}
if (index + 4 >= instrs.Count)
{
return(false);
}
var ldloc = instrs[index + 3];
var stfld = instrs[index + 4];
if (!ldloc.IsLdloc() || stfld.OpCode.Code != Code.Stfld)
{
return(false);
}
var enumerableField = stfld.Operand as FieldDef;
if (enumerableField == null)
{
return(false);
}
var initValue = emu.GetLocal(ldloc.GetLocal(stringMethod.Body.Variables)) as Int32Value;
if (initValue == null || !initValue.AllBitsValid())
{
return(false);
}
int leaveIndex = FindLeave(instrs, index);
if (leaveIndex < 0)
{
return(false);
}
var afterLoop = instrs[leaveIndex].Operand as Instruction;
if (afterLoop == null)
{
return(false);
}
int newIndex = instrs.IndexOf(afterLoop);
var loopLocal = GetDCLoopLocal(index, newIndex);
if (loopLocal == null)
{
return(false);
}
var initValue2 = emu.GetLocal(loopLocal) as Int32Value;
if (initValue2 == null || !initValue2.AllBitsValid())
{
return(false);
}
int loopStart = GetIndexOfCall(instrs, index, leaveIndex, "System.Int32", "()");
int loopEnd = GetIndexOfCall(instrs, loopStart, leaveIndex, "System.Boolean", "()");
if (loopStart < 0 || loopEnd < 0)
{
return(false);
}
loopStart++;
loopEnd--;
dynocode.Initialize(module);
var ctorArg = emu.Pop() as Int32Value;
if (ctorArg == null || !ctorArg.AllBitsValid())
{
return(false);
}
dynocode.CreateEnumerable(ctor, new object[] { ctorArg.Value });
dynocode.WriteEnumerableField(enumerableField.MDToken.ToUInt32(), initValue.Value);
dynocode.CreateEnumerator();
foreach (var val in dynocode)
{
emu.Push(new Int32Value(val));
for (int i = loopStart; i < loopEnd; i++)
{
emu.Emulate(instrs[i]);
}
}
index = newIndex - 1;
return(true);
}
