Use better property names
This commit is contained in:
de4dot
parent
aa4e64ffa4
commit
045e6ecf73
|
|
@ -157,7 +157,7 @@ namespace de4dot.deobfuscators.CliSecure {
|
|||
base.deobfuscateBegin();
|
||||
|
||||
addAttributeToBeRemoved(cliSecureAttribute, "Obfuscator attribute");
|
||||
addTypeToBeRemoved(stringDecrypter.StringDecrypterType, "Obfuscator string decrypter type");
|
||||
addTypeToBeRemoved(stringDecrypter.Type, "Obfuscator string decrypter type");
|
||||
findPossibleNamesToRemove(cliSecureRtType.LoadMethod);
|
||||
|
||||
resourceDecrypter = new ResourceDecrypter(module);
|
||||
|
|
@ -172,7 +172,7 @@ namespace de4dot.deobfuscators.CliSecure {
|
|||
|
||||
proxyDelegateFinder.find();
|
||||
|
||||
staticStringDecrypter.add(stringDecrypter.StringDecrypterMethod, (method, args) => stringDecrypter.decrypt((string)args[0]));
|
||||
staticStringDecrypter.add(stringDecrypter.Method, (method, args) => stringDecrypter.decrypt((string)args[0]));
|
||||
|
||||
addCctorInitCallToBeRemoved(cliSecureRtType.InitializeMethod);
|
||||
addCctorInitCallToBeRemoved(cliSecureRtType.PostInitializeMethod);
|
||||
|
|
@ -212,8 +212,8 @@ namespace de4dot.deobfuscators.CliSecure {
|
|||
|
||||
public override IEnumerable<string> getStringDecrypterMethods() {
|
||||
var list = new List<string>();
|
||||
if (stringDecrypter.StringDecrypterMethod != null)
|
||||
list.Add(stringDecrypter.StringDecrypterMethod.MetadataToken.ToInt32().ToString("X8"));
|
||||
if (stringDecrypter.Method != null)
|
||||
list.Add(stringDecrypter.Method.MetadataToken.ToInt32().ToString("X8"));
|
||||
return list;
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -32,11 +32,11 @@ namespace de4dot.deobfuscators.CliSecure {
|
|||
get { return stringDecrypterKey != null; }
|
||||
}
|
||||
|
||||
public TypeDefinition StringDecrypterType {
|
||||
public TypeDefinition Type {
|
||||
get { return stringDecrypterType; }
|
||||
}
|
||||
|
||||
public MethodDefinition StringDecrypterMethod {
|
||||
public MethodDefinition Method {
|
||||
get { return stringDecrypterMethod; }
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -28,11 +28,11 @@ namespace de4dot.deobfuscators.CryptoObfuscator {
|
|||
TypeDefinition antiDebuggerType;
|
||||
MethodDefinition antiDebuggerMethod;
|
||||
|
||||
public TypeDefinition AntiDebuggerType {
|
||||
public TypeDefinition Type {
|
||||
get { return antiDebuggerType; }
|
||||
}
|
||||
|
||||
public MethodDefinition AntiDebuggerMethod {
|
||||
public MethodDefinition Method {
|
||||
get { return antiDebuggerMethod; }
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -50,11 +50,11 @@ namespace de4dot.deobfuscators.CryptoObfuscator {
|
|||
get { return assemblyInfos; }
|
||||
}
|
||||
|
||||
public TypeDefinition ResolverType {
|
||||
public TypeDefinition Type {
|
||||
get { return resolverType; }
|
||||
}
|
||||
|
||||
public MethodDefinition ResolverMethod {
|
||||
public MethodDefinition Method {
|
||||
get { return resolverMethod; }
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -165,9 +165,9 @@ namespace de4dot.deobfuscators.CryptoObfuscator {
|
|||
|
||||
decryptResources();
|
||||
stringDecrypter.init(resourceDecrypter);
|
||||
if (stringDecrypter.StringDecrypterMethod != null) {
|
||||
addResourceToBeRemoved(stringDecrypter.StringResource, "Encrypted strings");
|
||||
staticStringDecrypter.add(stringDecrypter.StringDecrypterMethod, (method, args) => {
|
||||
if (stringDecrypter.Method != null) {
|
||||
addResourceToBeRemoved(stringDecrypter.Resource, "Encrypted strings");
|
||||
staticStringDecrypter.add(stringDecrypter.Method, (method, args) => {
|
||||
return stringDecrypter.decrypt((int)args[0]);
|
||||
});
|
||||
DeobfuscatedFile.stringDecryptersAdded();
|
||||
|
|
@ -176,15 +176,15 @@ namespace de4dot.deobfuscators.CryptoObfuscator {
|
|||
antiDebugger = new AntiDebugger(module, DeobfuscatedFile, this);
|
||||
antiDebugger.find();
|
||||
|
||||
addModuleCctorInitCallToBeRemoved(resourceResolver.ResolverMethod);
|
||||
addModuleCctorInitCallToBeRemoved(assemblyResolver.ResolverMethod);
|
||||
addCallToBeRemoved(module.EntryPoint, tamperDetection.TamperMethod);
|
||||
addCallToBeRemoved(module.EntryPoint, antiDebugger.AntiDebuggerMethod);
|
||||
addTypeToBeRemoved(resourceResolver.ResolverType, "Resource resolver type");
|
||||
addTypeToBeRemoved(assemblyResolver.ResolverType, "Assembly resolver type");
|
||||
addTypeToBeRemoved(tamperDetection.TamperType, "Tamper detection type");
|
||||
addTypeToBeRemoved(antiDebugger.AntiDebuggerType, "Anti-debugger type");
|
||||
addTypeToBeRemoved(stringDecrypter.StringDecrypterType, "String decrypter type");
|
||||
addModuleCctorInitCallToBeRemoved(resourceResolver.Method);
|
||||
addModuleCctorInitCallToBeRemoved(assemblyResolver.Method);
|
||||
addCallToBeRemoved(module.EntryPoint, tamperDetection.Method);
|
||||
addCallToBeRemoved(module.EntryPoint, antiDebugger.Method);
|
||||
addTypeToBeRemoved(resourceResolver.Type, "Resource resolver type");
|
||||
addTypeToBeRemoved(assemblyResolver.Type, "Assembly resolver type");
|
||||
addTypeToBeRemoved(tamperDetection.Type, "Tamper detection type");
|
||||
addTypeToBeRemoved(antiDebugger.Type, "Anti-debugger type");
|
||||
addTypeToBeRemoved(stringDecrypter.Type, "String decrypter type");
|
||||
|
||||
proxyDelegateFinder.find();
|
||||
|
||||
|
|
@ -224,8 +224,8 @@ namespace de4dot.deobfuscators.CryptoObfuscator {
|
|||
|
||||
public override IEnumerable<string> getStringDecrypterMethods() {
|
||||
var list = new List<string>();
|
||||
if (stringDecrypter.StringDecrypterMethod != null)
|
||||
list.Add(stringDecrypter.StringDecrypterMethod.MetadataToken.ToInt32().ToString("X8"));
|
||||
if (stringDecrypter.Method != null)
|
||||
list.Add(stringDecrypter.Method.MetadataToken.ToInt32().ToString("X8"));
|
||||
return list;
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -30,11 +30,11 @@ namespace de4dot.deobfuscators.CryptoObfuscator {
|
|||
MethodDefinition resolverMethod;
|
||||
bool mergedIt = false;
|
||||
|
||||
public TypeDefinition ResolverType {
|
||||
public TypeDefinition Type {
|
||||
get { return resolverType; }
|
||||
}
|
||||
|
||||
public MethodDefinition ResolverMethod {
|
||||
public MethodDefinition Method {
|
||||
get { return resolverMethod; }
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -33,15 +33,15 @@ namespace de4dot.deobfuscators.CryptoObfuscator {
|
|||
get { return stringDecrypterType != null; }
|
||||
}
|
||||
|
||||
public TypeDefinition StringDecrypterType {
|
||||
public TypeDefinition Type {
|
||||
get { return stringDecrypterType; }
|
||||
}
|
||||
|
||||
public MethodDefinition StringDecrypterMethod {
|
||||
public MethodDefinition Method {
|
||||
get { return stringDecrypterMethod; }
|
||||
}
|
||||
|
||||
public EmbeddedResource StringResource {
|
||||
public EmbeddedResource Resource {
|
||||
get { return stringResource; }
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -30,11 +30,11 @@ namespace de4dot.deobfuscators.CryptoObfuscator {
|
|||
get { return tamperMethod != null; }
|
||||
}
|
||||
|
||||
public TypeDefinition TamperType {
|
||||
public TypeDefinition Type {
|
||||
get { return tamperType; }
|
||||
}
|
||||
|
||||
public MethodDefinition TamperMethod {
|
||||
public MethodDefinition Method {
|
||||
get { return tamperMethod; }
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -32,7 +32,7 @@ namespace de4dot.deobfuscators.SmartAssembly {
|
|||
get { return exceptionLoggerRemover; }
|
||||
}
|
||||
|
||||
public TypeDefinition AutomatedErrorReportingType {
|
||||
public TypeDefinition Type {
|
||||
get { return automatedErrorReportingType; }
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -430,7 +430,7 @@ namespace de4dot.deobfuscators.SmartAssembly {
|
|||
|
||||
void removeResolverInfoTypes(ResolverInfoBase info, string typeName) {
|
||||
addTypeToBeRemoved(info.CallResolverType, string.Format("{0} resolver type #1", typeName));
|
||||
addTypeToBeRemoved(info.ResolverType, string.Format("{0} resolver type #2", typeName));
|
||||
addTypeToBeRemoved(info.Type, string.Format("{0} resolver type #2", typeName));
|
||||
}
|
||||
|
||||
void removeAutomatedErrorReportingCode(Blocks blocks) {
|
||||
|
|
@ -450,7 +450,7 @@ namespace de4dot.deobfuscators.SmartAssembly {
|
|||
void removeMemoryManagerStuff() {
|
||||
if (!options.RemoveMemoryManager)
|
||||
return;
|
||||
addTypeToBeRemoved(memoryManagerInfo.MemoryManagerType, "Memory manager type");
|
||||
addTypeToBeRemoved(memoryManagerInfo.Type, "Memory manager type");
|
||||
}
|
||||
|
||||
void removeTamperProtectionStuff() {
|
||||
|
|
|
|||
|
|
@ -30,7 +30,7 @@ namespace de4dot.deobfuscators.SmartAssembly {
|
|||
get { return memoryManagerType != null; }
|
||||
}
|
||||
|
||||
public TypeDefinition MemoryManagerType {
|
||||
public TypeDefinition Type {
|
||||
get { return memoryManagerType; }
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -31,7 +31,7 @@ namespace de4dot.deobfuscators.SmartAssembly {
|
|||
TypeDefinition callResolverType;
|
||||
MethodDefinition callResolverMethod;
|
||||
|
||||
public TypeDefinition ResolverType {
|
||||
public TypeDefinition Type {
|
||||
get { return resolverType; }
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -36,14 +36,14 @@ namespace de4dot.deobfuscators.SmartAssembly {
|
|||
}
|
||||
|
||||
public bool canDecryptResource() {
|
||||
return assemblyResolver.canDecryptResource(resourceResolverInfo.EmbeddedAssembliesResource);
|
||||
return assemblyResolver.canDecryptResource(resourceResolverInfo.Resource);
|
||||
}
|
||||
|
||||
public EmbeddedResource mergeResources() {
|
||||
if (mergedIt)
|
||||
return null;
|
||||
|
||||
var resource = resourceResolverInfo.EmbeddedAssembliesResource;
|
||||
var resource = resourceResolverInfo.Resource;
|
||||
if (resource == null)
|
||||
return null;
|
||||
|
||||
|
|
|
|||
|
|
@ -25,7 +25,7 @@ namespace de4dot.deobfuscators.SmartAssembly {
|
|||
class ResourceResolverInfo : ResolverInfoBase {
|
||||
EmbeddedResource embeddedAssembliesResource;
|
||||
|
||||
public EmbeddedResource EmbeddedAssembliesResource {
|
||||
public EmbeddedResource Resource {
|
||||
get { return embeddedAssembliesResource; }
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -94,7 +94,7 @@ namespace de4dot.deobfuscators.Xenocode {
|
|||
public override void deobfuscateBegin() {
|
||||
base.deobfuscateBegin();
|
||||
|
||||
staticStringDecrypter.add(stringDecrypter.StringDecrypterMethod, (method, args) => stringDecrypter.decrypt((string)args[0], (int)args[1]));
|
||||
staticStringDecrypter.add(stringDecrypter.Method, (method, args) => stringDecrypter.decrypt((string)args[0], (int)args[1]));
|
||||
}
|
||||
|
||||
public override void deobfuscateEnd() {
|
||||
|
|
@ -105,8 +105,8 @@ namespace de4dot.deobfuscators.Xenocode {
|
|||
|
||||
public override IEnumerable<string> getStringDecrypterMethods() {
|
||||
var list = new List<string>();
|
||||
if (stringDecrypter.StringDecrypterMethod != null)
|
||||
list.Add(stringDecrypter.StringDecrypterMethod.MetadataToken.ToInt32().ToString("X8"));
|
||||
if (stringDecrypter.Method != null)
|
||||
list.Add(stringDecrypter.Method.MetadataToken.ToInt32().ToString("X8"));
|
||||
return list;
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -36,7 +36,7 @@ namespace de4dot.deobfuscators.Xenocode {
|
|||
get { return stringDecrypterType; }
|
||||
}
|
||||
|
||||
public MethodDefinition StringDecrypterMethod {
|
||||
public MethodDefinition Method {
|
||||
get { return stringDecrypterMethod; }
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -29,15 +29,15 @@ namespace de4dot.deobfuscators.dotNET_Reactor {
|
|||
byte[] decryptedData;
|
||||
|
||||
public bool Detected {
|
||||
get { return encryptedResource.ResourceDecrypterMethod != null; }
|
||||
get { return encryptedResource.Method != null; }
|
||||
}
|
||||
|
||||
public MethodDefinition BoolDecrypterMethod {
|
||||
get { return encryptedResource.ResourceDecrypterMethod; }
|
||||
public MethodDefinition Method {
|
||||
get { return encryptedResource.Method; }
|
||||
}
|
||||
|
||||
public EmbeddedResource BooleansResource {
|
||||
get { return encryptedResource.EncryptedDataResource; }
|
||||
public EmbeddedResource Resource {
|
||||
get { return encryptedResource.Resource; }
|
||||
}
|
||||
|
||||
public BooleanDecrypter(ModuleDefinition module) {
|
||||
|
|
@ -65,19 +65,19 @@ namespace de4dot.deobfuscators.dotNET_Reactor {
|
|||
if (!encryptedResource.couldBeResourceDecrypter(method, additionalTypes))
|
||||
continue;
|
||||
|
||||
encryptedResource.ResourceDecrypterMethod = method;
|
||||
encryptedResource.Method = method;
|
||||
return;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
public void init(byte[] fileData, ISimpleDeobfuscator simpleDeobfuscator) {
|
||||
if (encryptedResource.ResourceDecrypterMethod == null)
|
||||
if (encryptedResource.Method == null)
|
||||
return;
|
||||
this.fileData = fileData;
|
||||
|
||||
encryptedResource.init(simpleDeobfuscator);
|
||||
Log.v("Adding boolean decrypter. Resource: {0}", Utils.toCsharpString(encryptedResource.EncryptedDataResource.Name));
|
||||
Log.v("Adding boolean decrypter. Resource: {0}", Utils.toCsharpString(encryptedResource.Resource.Name));
|
||||
decryptedData = encryptedResource.decrypt();
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -199,12 +199,12 @@ namespace de4dot.deobfuscators.dotNET_Reactor {
|
|||
break;
|
||||
}
|
||||
|
||||
if (methodsDecrypter.MethodsDecrypterMethod == null) {
|
||||
if (methodsDecrypter.Method == null) {
|
||||
if (minVer >= 3800)
|
||||
return ".NET Reactor >= 3.8";
|
||||
return ".NET Reactor";
|
||||
}
|
||||
localTypes = new LocalTypes(methodsDecrypter.MethodsDecrypterMethod);
|
||||
localTypes = new LocalTypes(methodsDecrypter.Method);
|
||||
|
||||
if (localTypes.exists("System.Int32[]")) {
|
||||
if (minVer >= 3800)
|
||||
|
|
@ -216,13 +216,13 @@ namespace de4dot.deobfuscators.dotNET_Reactor {
|
|||
return ".NET Reactor 3.9.8.0";
|
||||
}
|
||||
|
||||
var compileMethod = MethodsDecrypter.findDnrCompileMethod(methodsDecrypter.MethodsDecrypterMethod.DeclaringType);
|
||||
var compileMethod = MethodsDecrypter.findDnrCompileMethod(methodsDecrypter.Method.DeclaringType);
|
||||
if (compileMethod == null)
|
||||
return ".NET Reactor < 4.0";
|
||||
DeobfuscatedFile.deobfuscate(compileMethod);
|
||||
bool compileMethodHasConstant_0x70000000 = findConstant(compileMethod, 0x70000000); // 4.0-4.1
|
||||
DeobfuscatedFile.deobfuscate(methodsDecrypter.MethodsDecrypterMethod);
|
||||
bool hasCorEnableProfilingString = findString(methodsDecrypter.MethodsDecrypterMethod, "Cor_Enable_Profiling"); // 4.1-4.4
|
||||
DeobfuscatedFile.deobfuscate(methodsDecrypter.Method);
|
||||
bool hasCorEnableProfilingString = findString(methodsDecrypter.Method, "Cor_Enable_Profiling"); // 4.1-4.4
|
||||
|
||||
if (compileMethodHasConstant_0x70000000) {
|
||||
if (hasCorEnableProfilingString)
|
||||
|
|
@ -295,7 +295,7 @@ namespace de4dot.deobfuscators.dotNET_Reactor {
|
|||
boolValueInliner = new BoolValueInliner();
|
||||
|
||||
if (options.DecryptBools) {
|
||||
boolValueInliner.add(booleanDecrypter.BoolDecrypterMethod, (method, args) => {
|
||||
boolValueInliner.add(booleanDecrypter.Method, (method, args) => {
|
||||
return booleanDecrypter.decrypt((int)args[0]);
|
||||
});
|
||||
}
|
||||
|
|
@ -315,19 +315,19 @@ namespace de4dot.deobfuscators.dotNET_Reactor {
|
|||
metadataTokenObfuscator = new MetadataTokenObfuscator(module);
|
||||
|
||||
if (Operations.DecryptStrings != OpDecryptString.None)
|
||||
addResourceToBeRemoved(stringDecrypter.StringsResource, "Encrypted strings");
|
||||
addResourceToBeRemoved(stringDecrypter.Resource, "Encrypted strings");
|
||||
else
|
||||
canRemoveDecrypterType = false;
|
||||
|
||||
if (options.DecryptMethods) {
|
||||
addResourceToBeRemoved(methodsDecrypter.MethodsResource, "Encrypted methods");
|
||||
addCctorInitCallToBeRemoved(methodsDecrypter.MethodsDecrypterMethod);
|
||||
addResourceToBeRemoved(methodsDecrypter.Resource, "Encrypted methods");
|
||||
addCctorInitCallToBeRemoved(methodsDecrypter.Method);
|
||||
}
|
||||
else
|
||||
canRemoveDecrypterType = false;
|
||||
|
||||
if (options.DecryptBools)
|
||||
addResourceToBeRemoved(booleanDecrypter.BooleansResource, "Encrypted booleans");
|
||||
addResourceToBeRemoved(booleanDecrypter.Resource, "Encrypted booleans");
|
||||
else
|
||||
canRemoveDecrypterType = false;
|
||||
|
||||
|
|
@ -356,8 +356,8 @@ namespace de4dot.deobfuscators.dotNET_Reactor {
|
|||
removeInlinedMethods();
|
||||
if (options.RestoreTypes)
|
||||
new TypesRestorer(module).deobfuscate();
|
||||
if (canRemoveDecrypterType && methodsDecrypter.MethodsDecrypterMethod != null) {
|
||||
addTypeToBeRemoved(methodsDecrypter.MethodsDecrypterMethod.DeclaringType, "Decrypter type");
|
||||
if (canRemoveDecrypterType && methodsDecrypter.Method != null) {
|
||||
addTypeToBeRemoved(methodsDecrypter.Method.DeclaringType, "Decrypter type");
|
||||
addTypeToBeRemoved(metadataTokenObfuscator.Type, "Metadata token obfuscator");
|
||||
}
|
||||
base.deobfuscateEnd();
|
||||
|
|
|
|||
|
|
@ -31,12 +31,12 @@ namespace de4dot.deobfuscators.dotNET_Reactor {
|
|||
EmbeddedResource encryptedDataResource;
|
||||
byte[] key, iv;
|
||||
|
||||
public MethodDefinition ResourceDecrypterMethod {
|
||||
public MethodDefinition Method {
|
||||
get { return resourceDecrypterMethod; }
|
||||
set { resourceDecrypterMethod = value; }
|
||||
}
|
||||
|
||||
public EmbeddedResource EncryptedDataResource {
|
||||
public EmbeddedResource Resource {
|
||||
get { return encryptedDataResource; }
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -31,15 +31,15 @@ namespace de4dot.deobfuscators.dotNET_Reactor {
|
|||
EncryptedResource encryptedResource;
|
||||
|
||||
public bool Detected {
|
||||
get { return encryptedResource.ResourceDecrypterMethod != null; }
|
||||
get { return encryptedResource.Method != null; }
|
||||
}
|
||||
|
||||
public MethodDefinition MethodsDecrypterMethod {
|
||||
get { return encryptedResource.ResourceDecrypterMethod; }
|
||||
public MethodDefinition Method {
|
||||
get { return encryptedResource.Method; }
|
||||
}
|
||||
|
||||
public EmbeddedResource MethodsResource {
|
||||
get { return encryptedResource.EncryptedDataResource; }
|
||||
public EmbeddedResource Resource {
|
||||
get { return encryptedResource.Resource; }
|
||||
}
|
||||
|
||||
public MethodsDecrypter(ModuleDefinition module) {
|
||||
|
|
@ -87,17 +87,17 @@ namespace de4dot.deobfuscators.dotNET_Reactor {
|
|||
}
|
||||
}
|
||||
|
||||
encryptedResource.ResourceDecrypterMethod = (MethodDefinition)callCounter.most();
|
||||
encryptedResource.Method = (MethodDefinition)callCounter.most();
|
||||
}
|
||||
|
||||
public bool decrypt(PE.PeImage peImage, ISimpleDeobfuscator simpleDeobfuscator, ref Dictionary<uint, DumpedMethod> dumpedMethods) {
|
||||
if (encryptedResource.ResourceDecrypterMethod == null)
|
||||
if (encryptedResource.Method == null)
|
||||
return false;
|
||||
|
||||
encryptedResource.init(simpleDeobfuscator);
|
||||
var methodsData = encryptedResource.decrypt();
|
||||
|
||||
bool hooksJitter = findDnrCompileMethod(encryptedResource.ResourceDecrypterMethod.DeclaringType) != null;
|
||||
bool hooksJitter = findDnrCompileMethod(encryptedResource.Method.DeclaringType) != null;
|
||||
|
||||
long xorKey = getXorKey();
|
||||
if (xorKey != 0) {
|
||||
|
|
@ -232,7 +232,7 @@ namespace de4dot.deobfuscators.dotNET_Reactor {
|
|||
}
|
||||
|
||||
long getXorKey() {
|
||||
var instructions = encryptedResource.ResourceDecrypterMethod.Body.Instructions;
|
||||
var instructions = encryptedResource.Method.Body.Instructions;
|
||||
for (int i = 0; i < instructions.Count - 1; i++) {
|
||||
if (instructions[i].OpCode.Code != Code.Ldind_I8)
|
||||
continue;
|
||||
|
|
|
|||
|
|
@ -55,11 +55,11 @@ namespace de4dot.deobfuscators.dotNET_Reactor {
|
|||
}
|
||||
|
||||
public bool Detected {
|
||||
get { return encryptedResource.ResourceDecrypterMethod != null; }
|
||||
get { return encryptedResource.Method != null; }
|
||||
}
|
||||
|
||||
public EmbeddedResource StringsResource {
|
||||
get { return encryptedResource.EncryptedDataResource; }
|
||||
public EmbeddedResource Resource {
|
||||
get { return encryptedResource.Resource; }
|
||||
}
|
||||
|
||||
public IEnumerable<DecrypterInfo> DecrypterInfos {
|
||||
|
|
@ -115,7 +115,7 @@ namespace de4dot.deobfuscators.dotNET_Reactor {
|
|||
throw new ApplicationException("Two different string resources found");
|
||||
|
||||
stringsResource = resource;
|
||||
encryptedResource.ResourceDecrypterMethod = method;
|
||||
encryptedResource.Method = method;
|
||||
|
||||
var info = new DecrypterInfo(method, null, null);
|
||||
simpleDeobfuscator.deobfuscate(info.method);
|
||||
|
|
@ -147,14 +147,14 @@ namespace de4dot.deobfuscators.dotNET_Reactor {
|
|||
}
|
||||
|
||||
public void init(PE.PeImage peImage, byte[] fileData, ISimpleDeobfuscator simpleDeobfuscator) {
|
||||
if (encryptedResource.ResourceDecrypterMethod == null)
|
||||
if (encryptedResource.Method == null)
|
||||
return;
|
||||
this.peImage = peImage;
|
||||
this.fileData = fileData;
|
||||
|
||||
encryptedResource.init(simpleDeobfuscator);
|
||||
if (encryptedResource.EncryptedDataResource != null)
|
||||
Log.v("Adding string decrypter. Resource: {0}", Utils.toCsharpString(encryptedResource.EncryptedDataResource.Name));
|
||||
if (encryptedResource.Resource != null)
|
||||
Log.v("Adding string decrypter. Resource: {0}", Utils.toCsharpString(encryptedResource.Resource.Name));
|
||||
decryptedData = encryptedResource.decrypt();
|
||||
}
|
||||
|
||||
|
|
|
|||
Loading…
Reference in New Issue
Block a user