monocul.us/de4dot-cex
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Update names since it's anti strong name code

Browse Source
This commit is contained in:
de4dot 2011-11-12 15:15:47 +01:00
parent d9e138bbe1
commit 07826f133e
3 changed files with 16 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
de4dot.code/de4dot.code.csproj
View File

@ -87,7 +87,7 @@
<Compile Include="deobfuscators\dotNET_Reactor\QuickLZ.cs" /> <Compile Include="deobfuscators\dotNET_Reactor\QuickLZ.cs" />
<Compile Include="deobfuscators\dotNET_Reactor\ResourceResolver.cs" /> <Compile Include="deobfuscators\dotNET_Reactor\ResourceResolver.cs" />
<Compile Include="deobfuscators\dotNET_Reactor\StringDecrypter.cs" /> <Compile Include="deobfuscators\dotNET_Reactor\StringDecrypter.cs" />
<Compile Include="deobfuscators\dotNET_Reactor\TamperDetection.cs" /> <Compile Include="deobfuscators\dotNET_Reactor\AntiStrongName.cs" />
<Compile Include="deobfuscators\Eazfuscator\Deobfuscator.cs" /> <Compile Include="deobfuscators\Eazfuscator\Deobfuscator.cs" />
<Compile Include="deobfuscators\ExceptionLoggerRemover.cs" /> <Compile Include="deobfuscators\ExceptionLoggerRemover.cs" />
<Compile Include="deobfuscators\IDeobfuscatedFile.cs" /> <Compile Include="deobfuscators\IDeobfuscatedFile.cs" />

4
de4dot.code/deobfuscators/dotNET_Reactor/TamperDetection.cs → de4dot.code/deobfuscators/dotNET_Reactor/AntiStrongname.cs
View File

@ -23,11 +23,11 @@ using Mono.Cecil.Cil;
using de4dot.blocks; using de4dot.blocks;
namespace de4dot.deobfuscators.dotNET_Reactor { namespace de4dot.deobfuscators.dotNET_Reactor {
class TamperDetection { class AntiStrongName {
TypeDefinition decrypterType; TypeDefinition decrypterType;
MethodDefinition tamperMethod; MethodDefinition tamperMethod;
public TamperDetection(TypeDefinition decrypterType) { public AntiStrongName(TypeDefinition decrypterType) {
this.decrypterType = decrypterType; this.decrypterType = decrypterType;
find(); find();
} }

26
de4dot.code/deobfuscators/dotNET_Reactor/Deobfuscator.cs
View File

@ -38,7 +38,7 @@ namespace de4dot.deobfuscators.dotNET_Reactor {
BoolOption dumpEmbeddedAssemblies; BoolOption dumpEmbeddedAssemblies;
BoolOption decryptResources; BoolOption decryptResources;
BoolOption removeNamespaces; BoolOption removeNamespaces;
BoolOption removeTamperDetection; BoolOption removeAntiStrongName;
public DeobfuscatorInfo() public DeobfuscatorInfo()
: base(DEFAULT_REGEX) { : base(DEFAULT_REGEX) {
@ -50,7 +50,7 @@ namespace de4dot.deobfuscators.dotNET_Reactor {
dumpEmbeddedAssemblies = new BoolOption(null, makeArgName("embedded"), "Dump embedded assemblies", true); dumpEmbeddedAssemblies = new BoolOption(null, makeArgName("embedded"), "Dump embedded assemblies", true);
decryptResources = new BoolOption(null, makeArgName("rsrc"), "Decrypt resources", true); decryptResources = new BoolOption(null, makeArgName("rsrc"), "Decrypt resources", true);
removeNamespaces = new BoolOption(null, makeArgName("ns1"), "Clear namespace if there's only one class in it", true); removeNamespaces = new BoolOption(null, makeArgName("ns1"), "Clear namespace if there's only one class in it", true);
removeTamperDetection = new BoolOption(null, makeArgName("tamper"), "Remove tamper detection code", true); removeAntiStrongName = new BoolOption(null, makeArgName("sn"), "Remove anti strong name code", true);
} }
public override string Name { public override string Name {
@ -72,7 +72,7 @@ namespace de4dot.deobfuscators.dotNET_Reactor {
DumpEmbeddedAssemblies = dumpEmbeddedAssemblies.get(), DumpEmbeddedAssemblies = dumpEmbeddedAssemblies.get(),
DecryptResources = decryptResources.get(), DecryptResources = decryptResources.get(),
RemoveNamespaces = removeNamespaces.get(), RemoveNamespaces = removeNamespaces.get(),
RemoveTamperDetection = removeTamperDetection.get(), RemoveAntiStrongName = removeAntiStrongName.get(),
}); });
} }
@ -86,7 +86,7 @@ namespace de4dot.deobfuscators.dotNET_Reactor {
dumpEmbeddedAssemblies, dumpEmbeddedAssemblies,
decryptResources, decryptResources,
removeNamespaces, removeNamespaces,
removeTamperDetection, removeAntiStrongName,
}; };
} }
} }
@ -104,7 +104,7 @@ namespace de4dot.deobfuscators.dotNET_Reactor {
MetadataTokenObfuscator metadataTokenObfuscator; MetadataTokenObfuscator metadataTokenObfuscator;
AssemblyResolver assemblyResolver; AssemblyResolver assemblyResolver;
ResourceResolver resourceResolver; ResourceResolver resourceResolver;
TamperDetection tamperDetection; AntiStrongName antiStrongname;
bool canRemoveDecrypterType = true; bool canRemoveDecrypterType = true;
bool startedDeobfuscating = false; bool startedDeobfuscating = false;
@ -118,7 +118,7 @@ namespace de4dot.deobfuscators.dotNET_Reactor {
public bool DumpEmbeddedAssemblies { get; set; } public bool DumpEmbeddedAssemblies { get; set; }
public bool DecryptResources { get; set; } public bool DecryptResources { get; set; }
public bool RemoveNamespaces { get; set; } public bool RemoveNamespaces { get; set; }
public bool RemoveTamperDetection { get; set; } public bool RemoveAntiStrongName { get; set; }
} }
public override string Type { public override string Type {
@ -365,7 +365,7 @@ namespace de4dot.deobfuscators.dotNET_Reactor {
DeobfuscatedFile.stringDecryptersAdded(); DeobfuscatedFile.stringDecryptersAdded();
metadataTokenObfuscator = new MetadataTokenObfuscator(module); metadataTokenObfuscator = new MetadataTokenObfuscator(module);
tamperDetection = new TamperDetection(getDecrypterType()); antiStrongname = new AntiStrongName(getDecrypterType());
bool removeResourceResolver = false; bool removeResourceResolver = false;
if (options.DecryptResources) { if (options.DecryptResources) {
@ -398,7 +398,7 @@ namespace de4dot.deobfuscators.dotNET_Reactor {
else else
canRemoveDecrypterType = false; canRemoveDecrypterType = false;
if (!options.RemoveTamperDetection) if (!options.RemoveAntiStrongName)
canRemoveDecrypterType = false; canRemoveDecrypterType = false;
// The inlined methods may contain calls to the decrypter class // The inlined methods may contain calls to the decrypter class
@ -445,15 +445,15 @@ namespace de4dot.deobfuscators.dotNET_Reactor {
public override void deobfuscateMethodEnd(Blocks blocks) { public override void deobfuscateMethodEnd(Blocks blocks) {
metadataTokenObfuscator.deobfuscate(blocks); metadataTokenObfuscator.deobfuscate(blocks);
fixTypeofDecrypterInstructions(blocks); fixTypeofDecrypterInstructions(blocks);
removeTamperDetection(blocks); removeAntiStrongNameCode(blocks);
base.deobfuscateMethodEnd(blocks); base.deobfuscateMethodEnd(blocks);
} }
void removeTamperDetection(Blocks blocks) { void removeAntiStrongNameCode(Blocks blocks) {
if (!options.RemoveTamperDetection) if (!options.RemoveAntiStrongName)
return; return;
if (tamperDetection.remove(blocks)) if (antiStrongname.remove(blocks))
Log.v("Removed Tamper Detection code"); Log.v("Removed anti strong name code");
} }
TypeDefinition getDecrypterType() { TypeDefinition getDecrypterType() {