From 0d9c298dcb32ca785268321177c494a5be37e661 Mon Sep 17 00:00:00 2001
From: de4dot <de4dot@gmail.com>
Date: Sat, 11 Aug 2012 22:34:08 +0200
Subject: [PATCH] Move methods

---
 .../deobfuscators/Confuser/ConfuserUtils.cs   | 39 +++++++++++++++++++
 .../Confuser/MemoryMethodsDecrypter.cs        | 16 +-------
 .../deobfuscators/Confuser/ProxyCallFixer.cs  | 18 +--------
 3 files changed, 41 insertions(+), 32 deletions(-)

diff --git a/de4dot.code/deobfuscators/Confuser/ConfuserUtils.cs b/de4dot.code/deobfuscators/Confuser/ConfuserUtils.cs
index 94a15f0f..8518b4da 100644
--- a/de4dot.code/deobfuscators/Confuser/ConfuserUtils.cs
+++ b/de4dot.code/deobfuscators/Confuser/ConfuserUtils.cs
@@ -132,5 +132,44 @@ namespace de4dot.code.deobfuscators.Confuser {
 			}
 			return decrypted;
 		}
+
+		public static int countCalls(MethodDefinition method, string methodFullName) {
+			if (method == null || method.Body == null)
+				return 0;
+			int count = 0;
+			foreach (var instr in method.Body.Instructions) {
+				if (instr.OpCode.Code != Code.Call && instr.OpCode.Code != Code.Callvirt && instr.OpCode.Code != Code.Newobj)
+					continue;
+				var calledMethod = instr.Operand as MethodReference;
+				if (calledMethod != null && calledMethod.FullName == methodFullName)
+					count++;
+			}
+			return count;
+		}
+
+		public static int countCalls(MethodDefinition method, MethodDefinition calledMethod) {
+			if (method == null || method.Body == null)
+				return 0;
+			int count = 0;
+			foreach (var instr in method.Body.Instructions) {
+				if (instr.OpCode.Code != Code.Call && instr.OpCode.Code != Code.Callvirt && instr.OpCode.Code != Code.Newobj)
+					continue;
+				if (instr.Operand == calledMethod)
+					count++;
+			}
+			return count;
+		}
+
+		public static int countOpCode(MethodDefinition method, Code code) {
+			if (method == null || method.Body == null)
+				return 0;
+
+			int count = 0;
+			foreach (var instr in method.Body.Instructions) {
+				if (instr.OpCode.Code == code)
+					count++;
+			}
+			return count;
+		}
 	}
 }
diff --git a/de4dot.code/deobfuscators/Confuser/MemoryMethodsDecrypter.cs b/de4dot.code/deobfuscators/Confuser/MemoryMethodsDecrypter.cs
index 2944fb98..cbbd33d5 100644
--- a/de4dot.code/deobfuscators/Confuser/MemoryMethodsDecrypter.cs
+++ b/de4dot.code/deobfuscators/Confuser/MemoryMethodsDecrypter.cs
@@ -72,7 +72,7 @@ namespace de4dot.code.deobfuscators.Confuser {
 			if (!DotNetUtils.hasString(initMethod, "Module error"))
 				version = ConfuserVersion.v14_r57884;
 			else if (virtProtect.IsPrivate && callsFileStreamCtor) {
-				int calls = countMethodCalls(initMethod, "System.Void System.Buffer::BlockCopy(System.Array,System.Int32,System.Array,System.Int32,System.Int32)");
+				int calls = ConfuserUtils.countCalls(initMethod, "System.Void System.Buffer::BlockCopy(System.Array,System.Int32,System.Array,System.Int32,System.Int32)");
 				if (calls <= 1)
 					version = ConfuserVersion.v14_r58564;
 				else if (calls == 2)
@@ -100,20 +100,6 @@ namespace de4dot.code.deobfuscators.Confuser {
 			return true;
 		}
 
-		static int countMethodCalls(MethodDefinition method, string methodFullName) {
-			if (method == null || method.Body == null)
-				return 0;
-			int count = 0;
-			foreach (var instr in method.Body.Instructions) {
-				if (instr.OpCode.Code != Code.Call && instr.OpCode.Code != Code.Callvirt && instr.OpCode.Code != Code.Newobj)
-					continue;
-				var calledMethod = instr.Operand as MethodReference;
-				if (calledMethod != null && calledMethod.FullName == methodFullName)
-					count++;
-			}
-			return count;
-		}
-
 		public void initialize() {
 			if (initMethod == null)
 				return;
diff --git a/de4dot.code/deobfuscators/Confuser/ProxyCallFixer.cs b/de4dot.code/deobfuscators/Confuser/ProxyCallFixer.cs
index af04e8ed..da36b1bd 100644
--- a/de4dot.code/deobfuscators/Confuser/ProxyCallFixer.cs
+++ b/de4dot.code/deobfuscators/Confuser/ProxyCallFixer.cs
@@ -518,7 +518,7 @@ namespace de4dot.code.deobfuscators.Confuser {
 					else {
 						if (proxyType == ProxyCreatorType.CallOrCallvirt && !DotNetUtils.callsMethod(method, "System.Int32 System.String::get_Length()"))
 							theVersion = ConfuserVersion.v11_r50378;
-						int numCalls = countCalls(method, "System.Byte[] System.Text.Encoding::GetBytes(System.Char[],System.Int32,System.Int32)");
+						int numCalls = ConfuserUtils.countCalls(method, "System.Byte[] System.Text.Encoding::GetBytes(System.Char[],System.Int32,System.Int32)");
 						if (numCalls == 2)
 							theVersion = ConfuserVersion.v12_r54564;
 						if (!DotNetUtils.callsMethod(method, "System.Reflection.Assembly System.Reflection.Assembly::Load(System.Reflection.AssemblyName)"))
@@ -609,22 +609,6 @@ namespace de4dot.code.deobfuscators.Confuser {
 			return -1;
 		}
 
-		static int countCalls(MethodDefinition method, string methodFullName) {
-			int count = 0;
-			foreach (var instr in method.Body.Instructions) {
-				if (instr.OpCode.Code != Code.Call && instr.OpCode.Code != Code.Callvirt && instr.OpCode.Code != Code.Newobj)
-					continue;
-				var calledMethod = instr.Operand as MethodReference;
-				if (calledMethod == null)
-					continue;
-				if (calledMethod.FullName != methodFullName)
-					continue;
-
-				count++;
-			}
-			return count;
-		}
-
 		static bool findMagic_v19_r76101(MethodDefinition method, out uint magic) {
 			var instrs = method.Body.Instructions;
 			for (int i = 0; i < instrs.Count - 7; i++) {