protected override TypeReference updateGenericParameter(GenericParameter a) { switch (a.Type) { case GenericParameterType.Type: if (git == null || a.Position >= git.GenericArguments.Count || !MemberReferenceHelper.compareTypes(git.ElementType, a.Owner as TypeReference)) { return(a); } modified = true; return(update(git.GenericArguments[a.Position])); case GenericParameterType.Method: if (gim == null || a.Position >= gim.GenericArguments.Count) { return(a); } modified = true; return(update(gim.GenericArguments[a.Position])); default: return(a); } }
string getPassword(MethodDefinition decryptMethod) { foreach (var method in DotNetUtils.getCalledMethods(module, decryptMethod)) { if (!method.IsStatic || method.Body == null) { continue; } if (!MemberReferenceHelper.compareTypes(method.DeclaringType, decryptMethod.DeclaringType)) { continue; } if (!DotNetUtils.isMethod(method, "System.String", "()")) { continue; } var hexChars = getPassword2(method); if (string.IsNullOrEmpty(hexChars)) { continue; } var password = fixPassword(hexChars); if (string.IsNullOrEmpty(password)) { continue; } return(password); } return(null); }
public bool updateNewType(ModuleDefinition module) { if (types.Count == 0) { return(false); } TypeReference theNewType = null; foreach (var key in types.Keys) { if (theNewType == null) { theNewType = key.TypeReference; continue; } theNewType = getCommonBaseClass(module, theNewType, key.TypeReference); if (theNewType == null) { break; } } if (theNewType == null) { return(false); } if (MemberReferenceHelper.compareTypes(theNewType, newType)) { return(false); } newType = theNewType; return(true); }
bool compareMethod(MethodReference method, BabelMethodreference babelMethodRef) { if (method.Parameters.Count != babelMethodRef.Parameters.Length) { return(false); } if (method.Name != babelMethodRef.Name) { return(false); } if (method.HasThis != babelMethodRef.HasThis) { return(false); } if (method.GenericParameters.Count != babelMethodRef.GenericArguments.Length) { return(false); } if (!MemberReferenceHelper.compareTypes(method.MethodReturnType.ReturnType, babelMethodRef.ReturnType)) { return(false); } for (int i = 0; i < babelMethodRef.Parameters.Length; i++) { if (!MemberReferenceHelper.compareTypes(method.Parameters[i].ParameterType, babelMethodRef.Parameters[i].ParameterType)) { return(false); } } return(true); }
void deleteCustomAttributes(IList <CustomAttribute> customAttrs) { if (customAttrs == null) { return; } foreach (var info in attrsToRemove) { var typeDef = info.obj; if (typeDef == null) { continue; } for (int i = 0; i < customAttrs.Count; i++) { if (MemberReferenceHelper.compareTypes(customAttrs[i].AttributeType, typeDef)) { customAttrs.RemoveAt(i); Log.v("Removed custom attribute {0} ({1:X8}) (reason: {2})", Utils.removeNewlines(typeDef), typeDef.MetadataToken.ToUInt32(), info.reason); break; } } } }
bool addCast(Block block, int castIndex, int index, TypeReference type) { if (type == null) { return(false); } if (castIndex >= block.Instructions.Count || index >= block.Instructions.Count) { return(false); } var stloc = block.Instructions[index]; if (!stloc.isStloc()) { return(false); } var local = DotNetUtils.getLocalVar(blocks.Locals, stloc.Instruction); if (local == null) { return(false); } var localInfo = localInfos[local]; if (localInfo.CastType == null) { return(false); } if (!MemberReferenceHelper.compareTypes(localInfo.CastType, type)) { block.insert(castIndex, new Instruction(OpCodes.Castclass, localInfo.CastType)); } return(true); }
bool checkCctor(MethodDefinition cctor) { var ldtokenType = getLdtokenType(cctor); if (!MemberReferenceHelper.compareTypes(ldtokenType, cctor.DeclaringType)) { return(false); } MethodDefinition initMethod = null; foreach (var method in DotNetUtils.getCalledMethods(module, cctor)) { if (DotNetUtils.isMethod(method, "System.Void", "(System.Type)")) { initMethod = method; break; } } if (initMethod == null || initMethod.Body == null) { return(false); } return(true); }
void fixTypeofDecrypterInstructions(Blocks blocks) { var type = getDecrypterType(); if (type == null) { return; } foreach (var block in blocks.MethodBlocks.getAllBlocks()) { var instructions = block.Instructions; for (int i = 0; i < instructions.Count; i++) { var instr = instructions[i]; if (instr.OpCode.Code != Code.Ldtoken) { continue; } if (!MemberReferenceHelper.compareTypes(type, instr.Operand as TypeReference)) { continue; } instructions[i] = new Instr(Instruction.Create(OpCodes.Ldtoken, blocks.Method.DeclaringType)); } } }
protected virtual bool canInline(MethodDefinition method) { if (method.GenericParameters.Count > 0) { return(false); } if (MemberReferenceHelper.compareMethodReferenceAndDeclaringType(method, blocks.Method)) { return(false); } if (!MemberReferenceHelper.compareTypes(method.DeclaringType, blocks.Method.DeclaringType)) { return(false); } if (method.IsStatic) { return(true); } if (method.IsVirtual) { return(false); } return(inlineInstanceMethods); }
bool checkMemoryManagerType(TypeDefinition type, MethodDefinition method) { // Only two fields: itself and a long int fields = 0; foreach (var field in type.Fields) { if (MemberReferenceHelper.compareTypes(field.FieldType, type) || field.FieldType.FullName == "System.Int64") { fields++; continue; } if (DotNetUtils.derivesFromDelegate(DotNetUtils.getType(module, field.FieldType))) { continue; } return(false); } if (fields != 2) { return(false); } if (DotNetUtils.getPInvokeMethod(type, "kernel32", "SetProcessWorkingSetSize") == null) { return(false); } return(true); }
public TypeReference convert(TypeReference a) { var newOne = update(a); if (!(a is GenericParameter) && !MemberReferenceHelper.compareTypes(newOne, a)) { throw new ApplicationException("Could not convert type reference"); } return(newOne); }
static bool hasFieldType(IEnumerable <FieldDefinition> fields, TypeReference fieldType) { foreach (var field in fields) { if (MemberReferenceHelper.compareTypes(field.FieldType, fieldType)) { return(true); } } return(false); }
public override bool Equals(object obj) { var other = obj as TypeInfo; if (other == null) { return(false); } return(typeDef == other.typeDef && MemberReferenceHelper.compareTypes(typeReference, other.typeReference)); }
protected override bool isCompatibleType(int paramIndex, TypeReference origType, TypeReference newType) { if (MemberReferenceHelper.compareTypes(origType, newType)) { return(true); } if (newType.IsValueType || origType.IsValueType) { return(false); } return(newType.FullName == "System.Object"); }
public static bool findRegisterMethod(TypeDefinition type, out MethodDefinition regMethod, out MethodDefinition handler) { foreach (var method in type.Methods) { if (!method.IsStatic || method.Body == null) { continue; } if (method.Body.ExceptionHandlers.Count != 1) { continue; } foreach (var instr in method.Body.Instructions) { if (instr.OpCode.Code != Code.Ldftn) { continue; } var handlerRef = instr.Operand as MethodReference; if (handlerRef == null) { continue; } if (!DotNetUtils.isMethod(handlerRef, "System.Reflection.Assembly", "(System.Object,System.ResolveEventArgs)")) { continue; } if (!MemberReferenceHelper.compareTypes(type, handlerRef.DeclaringType)) { continue; } handler = DotNetUtils.getMethod(type, handlerRef); if (handler == null) { continue; } if (handler.Body == null || handler.Body.ExceptionHandlers.Count != 1) { continue; } regMethod = method; return(true); } } regMethod = null; handler = null; return(false); }
public void initialize(ISimpleDeobfuscator deobfuscator) { if (decrypterCctor == null) { return; } deobfuscator.deobfuscate(decrypterCctor); var instrs = decrypterCctor.Body.Instructions; for (int i = 0; i < instrs.Count - 4; i++) { var ldstr = instrs[i]; if (ldstr.OpCode.Code != Code.Ldstr) { continue; } var encryptedString = ldstr.Operand as string; if (encryptedString == null) { continue; } if (instrs[i + 1].OpCode.Code != Code.Stsfld) { continue; } if (instrs[i + 2].OpCode.Code != Code.Ldsfld) { continue; } if (instrs[i + 3].OpCode.Code != Code.Call) { continue; } if (instrs[i + 4].OpCode.Code != Code.Stsfld) { continue; } var field = instrs[i + 4].Operand as FieldDefinition; if (field == null) { continue; } if (!MemberReferenceHelper.compareTypes(field.DeclaringType, decrypterType)) { continue; } fieldToDecryptedString.add(field, decrypter.decrypt(encryptedString)); } }
static bool isCompatibleValueThisPtr(TypeReference origType, TypeReference newType) { var newByRef = newType as ByReferenceType; if (newByRef == null) { return(false); } if (!newByRef.ElementType.IsValueType || !origType.IsValueType) { return(false); } return(MemberReferenceHelper.compareTypes(origType, newByRef.ElementType)); }
bool checkNestedFields(TypeDefinition nested) { if (!new FieldTypes(nested).all(requiredTypes)) { return(false); } foreach (var field in nested.Fields) { if (MemberReferenceHelper.compareTypes(nested, field.FieldType)) { return(true); } } return(false); }
protected override bool isCompatibleType(int paramIndex, TypeReference origType, TypeReference newType) { if (MemberReferenceHelper.compareTypes(origType, newType)) { return(true); } if (paramIndex == -1) { if (newType.IsValueType || origType.IsValueType) { return(false); } } return(newType.EType == ElementType.Object); }
List <FieldDefinition> findFields() { var charArrayFields = new List <FieldDefinition>(); foreach (var instr in Method.Body.Instructions) { if (instr.OpCode.Code != Code.Stsfld && instr.OpCode.Code != Code.Ldsfld) { continue; } var field = instr.Operand as FieldDefinition; if (field == null) { continue; } if (!MemberReferenceHelper.compareTypes(Method.DeclaringType, field.DeclaringType)) { continue; } switch (field.FieldType.FullName) { case "System.Char[]": if (!charArrayFields.Contains(field)) { charArrayFields.Add(field); } break; case "System.String[]": if (cachedStringsField != null && cachedStringsField != field) { return(null); } cachedStringsField = field; break; default: break; } } if (cachedStringsField == null) { return(null); } return(charArrayFields); }
public void deobfuscate(Blocks blocks) { if (type == null) { return; } foreach (var block in blocks.MethodBlocks.getAllBlocks()) { var instrs = block.Instructions; for (int i = 0; i < instrs.Count - 1; i++) { var instr = instrs[i]; if (instr.OpCode.Code != Code.Ldc_I4) { continue; } var call = instrs[i + 1]; if (call.OpCode.Code != Code.Call) { continue; } var method = call.Operand as MethodReference; if (method == null) { continue; } if (!MemberReferenceHelper.compareTypes(type, method.DeclaringType)) { continue; } var methodDef = DotNetUtils.getMethod(module, method); if (methodDef == null) { continue; } if (methodDef != typeMethod && methodDef != fieldMethod) { continue; } int token = (int)instrs[i].Operand; instrs[i] = new Instr(Instruction.Create(OpCodes.Nop)); instrs[i + 1] = new Instr(new Instruction(OpCodes.Ldtoken, module.LookupToken(token) as MemberReference)); } } }
ResolverVersion checkSetupMethod(MethodDefinition setupMethod) { var instructions = setupMethod.Body.Instructions; int foundCount = 0; for (int i = 0; i < instructions.Count; i++) { var instrs = DotNetUtils.getInstructions(instructions, i, OpCodes.Ldnull, OpCodes.Ldftn, OpCodes.Newobj); if (instrs == null) { continue; } MethodReference methodRef; var ldftn = instrs[1]; var newobj = instrs[2]; methodRef = ldftn.Operand as MethodReference; if (methodRef == null || !MemberReferenceHelper.compareTypes(setupMethod.DeclaringType, methodRef.DeclaringType)) { continue; } methodRef = newobj.Operand as MethodReference; if (methodRef == null || methodRef.FullName != "System.Void System.ResolveEventHandler::.ctor(System.Object,System.IntPtr)") { continue; } foundCount++; } if (foundCount == 0) { return(ResolverVersion.None); } switch (foundCount) { case 1: return(ResolverVersion.V1); case 2: return(ResolverVersion.V2); default: return(ResolverVersion.None); } }
MethodDefinition findSimpleZipTypeMethod(MethodDefinition method) { if (method == null || method.Body == null) { return(null); } var instructions = method.Body.Instructions; for (int i = 0; i <= instructions.Count - 2; i++) { var call = instructions[i]; if (call.OpCode.Code != Code.Call) { continue; } var calledMethod = call.Operand as MethodDefinition; if (calledMethod == null) { continue; } if (!DotNetUtils.isMethod(calledMethod, "System.Byte[]", "(System.Byte[])")) { continue; } var stsfld = instructions[i + 1]; if (stsfld.OpCode.Code != Code.Stsfld) { continue; } var field = stsfld.Operand as FieldReference; if (field == null || field.FieldType.FullName != "System.Byte[]") { continue; } if (!MemberReferenceHelper.compareTypes(stringsEncodingClass, field.DeclaringType)) { continue; } return(calledMethod); } return(null); }
bool checkFields(TypeDefinition type, string fieldType1, TypeDefinition fieldType2) { if (type.Fields.Count != 2) { return(false); } if (type.Fields[0].FieldType.FullName != fieldType1 && type.Fields[1].FieldType.FullName != fieldType1) { return(false); } if (!MemberReferenceHelper.compareTypes(type.Fields[0].FieldType, fieldType2) && !MemberReferenceHelper.compareTypes(type.Fields[1].FieldType, fieldType2)) { return(false); } return(true); }
void removeInitCode_v2(Blocks blocks) { foreach (var block in blocks.MethodBlocks.getAllBlocks()) { var instructions = block.Instructions; for (int i = 0; i <= instructions.Count - 3; i++) { var ldtoken = instructions[i]; if (ldtoken.OpCode != OpCodes.Ldtoken) { continue; } if (!MemberReferenceHelper.compareTypes(blocks.Method.DeclaringType, ldtoken.Operand as TypeReference)) { continue; } var call1 = instructions[i + 1]; if (call1.OpCode != OpCodes.Call) { continue; } var method1 = call1.Operand as MethodReference; if (method1 == null || method1.ToString() != "System.Type System.Type::GetTypeFromHandle(System.RuntimeTypeHandle)") { continue; } var call2 = instructions[i + 2]; if (call2.OpCode != OpCodes.Call) { continue; } var method2 = call2.Operand as MethodReference; if (!MemberReferenceHelper.compareMethodReferenceAndDeclaringType(method2, CreateStringDelegateMethod)) { continue; } block.remove(i, 3); break; } } }
void initialize(TypeDefinition type) { if (type.HasEvents || type.HasProperties) { return; } if (!type.IsValueType) { return; } if (type.Methods.Count != 1) { return; } var ctor = type.Methods[0]; if (ctor.Name != ".ctor" || ctor.Body == null || ctor.IsStatic) { return; } if (ctor.Parameters.Count != 1) { return; } var ctorParam = ctor.Parameters[0]; if (type.Fields.Count != 1) { return; } var typeField = type.Fields[0]; if (typeField.IsStatic) { return; } if (!MemberReferenceHelper.compareTypes(ctorParam.ParameterType, typeField.FieldType)) { return; } typeToInfo.add(ctor.DeclaringType, new Info(ctor.DeclaringType, typeField.FieldType)); }
static bool isCallingResourceManagerCtor(IList <Instruction> instrs, int ldstrIndex, TypeInfo typeInfo) { try { int index = ldstrIndex + 1; var ldtoken = instrs[index++]; if (ldtoken.OpCode.Code != Code.Ldtoken) { return(false); } if (!MemberReferenceHelper.compareTypes(typeInfo.type.TypeDefinition, ldtoken.Operand as TypeReference)) { return(false); } if (!checkCalledMethod(instrs[index++], "System.Type", "(System.RuntimeTypeHandle)")) { return(false); } if (!checkCalledMethod(instrs[index++], "System.Reflection.Assembly", "()")) { return(false); } var newobj = instrs[index++]; if (newobj.OpCode.Code != Code.Newobj) { return(false); } if (newobj.Operand.ToString() != "System.Void System.Resources.ResourceManager::.ctor(System.String,System.Reflection.Assembly)") { return(false); } return(true); } catch (ArgumentOutOfRangeException) { return(false); } catch (IndexOutOfRangeException) { return(false); } }
bool findFields() { foreach (var instr in Method.Body.Instructions) { if (instr.OpCode.Code != Code.Stsfld && instr.OpCode.Code != Code.Ldsfld) { continue; } var field = instr.Operand as FieldDefinition; if (field == null) { continue; } if (!MemberReferenceHelper.compareTypes(Method.DeclaringType, field.DeclaringType)) { continue; } switch (field.FieldType.FullName) { case "System.Char[]": if (keyField != null && keyField != field) { return(false); } keyField = field; break; case "System.String[]": if (cachedStringsField != null && cachedStringsField != field) { return(false); } cachedStringsField = field; break; default: break; } } return(keyField != null && cachedStringsField != null); }
bool checkCctor(MethodDefinition cctor) { if (cctor.Body == null) { return(false); } int stsfldCount = 0; foreach (var instr in cctor.Body.Instructions) { if (instr.OpCode.Code == Code.Stsfld) { var field = instr.Operand as FieldReference; if (!MemberReferenceHelper.compareTypes(cctor.DeclaringType, field.DeclaringType)) { return(false); } stsfldCount++; } } return(stsfldCount >= cctor.DeclaringType.Fields.Count); }
public static List <byte[]> getArrays(MethodDefinition method, TypeReference arrayElemntType) { var arrays = new List <byte[]>(); var instrs = method.Body.Instructions; for (int i = 0; i < instrs.Count; i++) { TypeReference type; var ary = getArray(instrs, ref i, out type); if (ary == null) { break; } if (arrayElemntType != null && !MemberReferenceHelper.compareTypes(type, arrayElemntType)) { continue; } arrays.Add(ary); } return(arrays); }