C# (CSharp) de4dot.code.deobfuscators.Confuser RealAssemblyInfo示例

示例#1

        public override IDeobfuscator ModuleReloaded(ModuleDefMD module)
        {
            if (module.Assembly != null)
            {
                realAssemblyInfo = null;
            }
            if (realAssemblyInfo != null)
            {
                realAssemblyInfo.realAssembly.Modules.Insert(0, module);
                if (realAssemblyInfo.entryPointToken != 0)
                {
                    module.EntryPoint = module.ResolveToken((int)realAssemblyInfo.entryPointToken) as MethodDef;
                }
                module.Kind = realAssemblyInfo.kind;
                module.Name = new UTF8String(realAssemblyInfo.moduleName);
            }

            var newOne = new Deobfuscator(options);

            DeobfuscatedFile.SetDeobfuscator(newOne);
            newOne.realAssemblyInfo = realAssemblyInfo;
            newOne.decryptState     = decryptState;
            newOne.DeobfuscatedFile = DeobfuscatedFile;
            newOne.ModuleBytes      = ModuleBytes;
            newOne.embeddedAssemblyInfos.AddRange(embeddedAssemblyInfos);
            newOne.SetModule(module);
            newOne.RemoveObfuscatorAttribute();
            newOne.jitMethodsDecrypter = hasUnpacked ? new JitMethodsDecrypter(module, DeobfuscatedFile) :
                                         new JitMethodsDecrypter(module, DeobfuscatedFile, jitMethodsDecrypter);
            if ((newOne.decryptState & DecryptState.CanDecryptMethods) != 0)
            {
                try {
                    newOne.jitMethodsDecrypter.Find();
                }
                catch {
                }
                if (newOne.jitMethodsDecrypter.Detected)
                {
                    return(newOne);
                }
            }
            newOne.memoryMethodsDecrypter = hasUnpacked ? new MemoryMethodsDecrypter(module, DeobfuscatedFile) :
                                            new MemoryMethodsDecrypter(module, DeobfuscatedFile, memoryMethodsDecrypter);
            if ((newOne.decryptState & DecryptState.CanDecryptMethods) != 0)
            {
                newOne.memoryMethodsDecrypter.Find();
                if (newOne.memoryMethodsDecrypter.Detected)
                {
                    return(newOne);
                }
            }
            newOne.InitializeTheRest(this);
            return(newOne);
        }

示例#2

文件： Deobfuscator.cs 项目： RafaelRMachado/de4dot

		public override IDeobfuscator ModuleReloaded(ModuleDefMD module) {
			if (module.Assembly != null)
				realAssemblyInfo = null;
			if (realAssemblyInfo != null) {
				realAssemblyInfo.realAssembly.Modules.Insert(0, module);
				if (realAssemblyInfo.entryPointToken != 0)
					module.EntryPoint = module.ResolveToken((int)realAssemblyInfo.entryPointToken) as MethodDef;
				module.Kind = realAssemblyInfo.kind;
				module.Name = new UTF8String(realAssemblyInfo.moduleName);
			}

			var newOne = new Deobfuscator(options);
			DeobfuscatedFile.SetDeobfuscator(newOne);
			newOne.realAssemblyInfo = realAssemblyInfo;
			newOne.decryptState = decryptState;
			newOne.DeobfuscatedFile = DeobfuscatedFile;
			newOne.ModuleBytes = ModuleBytes;
			newOne.embeddedAssemblyInfos.AddRange(embeddedAssemblyInfos);
			newOne.SetModule(module);
			newOne.RemoveObfuscatorAttribute();
			newOne.jitMethodsDecrypter = hasUnpacked ? new JitMethodsDecrypter(module, DeobfuscatedFile) :
						new JitMethodsDecrypter(module, DeobfuscatedFile, jitMethodsDecrypter);
			if ((newOne.decryptState & DecryptState.CanDecryptMethods) != 0) {
				try {
					newOne.jitMethodsDecrypter.Find();
				}
				catch {
				}
				if (newOne.jitMethodsDecrypter.Detected)
					return newOne;
			}
			newOne.memoryMethodsDecrypter = hasUnpacked ? new MemoryMethodsDecrypter(module, DeobfuscatedFile) :
						new MemoryMethodsDecrypter(module, DeobfuscatedFile, memoryMethodsDecrypter);
			if ((newOne.decryptState & DecryptState.CanDecryptMethods) != 0) {
				newOne.memoryMethodsDecrypter.Find();
				if (newOne.memoryMethodsDecrypter.Detected)
					return newOne;
			}
			newOne.InitializeTheRest(this);
			return newOne;
		}

示例#3

        public override bool GetDecryptedModule(int count, ref byte[] newFileData, ref DumpedMethods dumpedMethods)
        {
            hasUnpacked = false;
            byte[] fileData = GetFileData();

            using (var peImage = new MyPEImage(fileData)) {
                if ((decryptState & DecryptState.CanDecryptMethods) != 0)
                {
                    bool decrypted = false;
                    if (jitMethodsDecrypter != null && jitMethodsDecrypter.Detected)
                    {
                        jitMethodsDecrypter.Initialize();
                        if (!jitMethodsDecrypter.Decrypt(peImage, fileData, ref dumpedMethods))
                        {
                            return(false);
                        }
                        decrypted = true;
                    }
                    else if (memoryMethodsDecrypter != null && memoryMethodsDecrypter.Detected)
                    {
                        memoryMethodsDecrypter.Initialize();
                        if (!memoryMethodsDecrypter.Decrypt(peImage, fileData))
                        {
                            return(false);
                        }
                        decrypted = true;
                    }

                    if (decrypted)
                    {
                        decryptState &= ~DecryptState.CanDecryptMethods;
                        decryptState |= DecryptState.CanUnpack;
                        newFileData   = fileData;
                        ModuleBytes   = newFileData;
                        return(true);
                    }
                }
            }

            if ((decryptState & DecryptState.CanUnpack) != 0)
            {
                if (unpacker != null && unpacker.Detected)
                {
                    if (options.DecryptMainAsm)
                    {
                        decryptState |= DecryptState.CanDecryptMethods | DecryptState.CanUnpack;
                        var mainInfo = unpacker.UnpackMainAssembly(true);
                        newFileData      = mainInfo.data;
                        realAssemblyInfo = mainInfo.realAssemblyInfo;
                        embeddedAssemblyInfos.AddRange(unpacker.GetEmbeddedAssemblyInfos());
                        ModuleBytes = newFileData;
                        hasUnpacked = true;
                        return(true);
                    }
                    else
                    {
                        decryptState &= ~DecryptState.CanUnpack;
                        mainAsmInfo   = unpacker.UnpackMainAssembly(false);
                        embeddedAssemblyInfos.AddRange(unpacker.GetEmbeddedAssemblyInfos());
                        return(false);
                    }
                }
            }

            return(false);
        }

示例#4

文件： Deobfuscator.cs 项目： RafaelRMachado/de4dot

		public override bool GetDecryptedModule(int count, ref byte[] newFileData, ref DumpedMethods dumpedMethods) {
			hasUnpacked = false;
			byte[] fileData = GetFileData();

			using (var peImage = new MyPEImage(fileData)) {
				if ((decryptState & DecryptState.CanDecryptMethods) != 0) {
					bool decrypted = false;
					if (jitMethodsDecrypter != null && jitMethodsDecrypter.Detected) {
						jitMethodsDecrypter.Initialize();
						if (!jitMethodsDecrypter.Decrypt(peImage, fileData, ref dumpedMethods))
							return false;
						decrypted = true;
					}
					else if (memoryMethodsDecrypter != null && memoryMethodsDecrypter.Detected) {
						memoryMethodsDecrypter.Initialize();
						if (!memoryMethodsDecrypter.Decrypt(peImage, fileData))
							return false;
						decrypted = true;
					}

					if (decrypted) {
						decryptState &= ~DecryptState.CanDecryptMethods;
						decryptState |= DecryptState.CanUnpack;
						newFileData = fileData;
						ModuleBytes = newFileData;
						return true;
					}
				}
			}

			if ((decryptState & DecryptState.CanUnpack) != 0) {
				if (unpacker != null && unpacker.Detected) {
					if (options.DecryptMainAsm) {
						decryptState |= DecryptState.CanDecryptMethods | DecryptState.CanUnpack;
						var mainInfo = unpacker.UnpackMainAssembly(true);
						newFileData = mainInfo.data;
						realAssemblyInfo = mainInfo.realAssemblyInfo;
						embeddedAssemblyInfos.AddRange(unpacker.GetEmbeddedAssemblyInfos());
						ModuleBytes = newFileData;
						hasUnpacked = true;
						return true;
					}
					else {
						decryptState &= ~DecryptState.CanUnpack;
						mainAsmInfo = unpacker.UnpackMainAssembly(false);
						embeddedAssemblyInfos.AddRange(unpacker.GetEmbeddedAssemblyInfos());
						return false;
					}
				}
			}

			return false;
		}