diff --git a/cecil b/cecil index c1333d20..83f3b84a 160000 --- a/cecil +++ b/cecil @@ -1 +1 @@ -Subproject commit c1333d2061882d3bdf3a0ef43f10374371bd7de4 +Subproject commit 83f3b84ac48445132ba5e6e9ad5fed25e497abc0 diff --git a/de4dot.code/deobfuscators/Babel_NET/ProxyCallFixer.cs b/de4dot.code/deobfuscators/Babel_NET/ProxyCallFixer.cs index be93a2ea..af729d1a 100644 --- a/de4dot.code/deobfuscators/Babel_NET/ProxyCallFixer.cs +++ b/de4dot.code/deobfuscators/Babel_NET/ProxyCallFixer.cs @@ -95,25 +95,6 @@ namespace de4dot.code.deobfuscators.Babel_NET { return null; } - protected override Dictionary getFieldToMethodDictionary(TypeDefinition type) { - var dict = new Dictionary(); - foreach (var method in type.Methods) { - if (!method.IsStatic || !method.HasBody || method.Name == ".cctor") - continue; - - var instructions = method.Body.Instructions; - for (int i = 0; i < instructions.Count; i++) { - var instr = instructions[i]; - if (instr.OpCode.Code != Code.Ldsfld) - continue; - - dict[(FieldDefinition)instr.Operand] = method; - break; - } - } - return dict; - } - protected override void getCallInfo(object context, FieldDefinition field, out MethodReference calledMethod, out OpCode callOpcode) { var ctx = (Context)context; diff --git a/de4dot.code/deobfuscators/CryptoObfuscator/ProxyCallFixer.cs b/de4dot.code/deobfuscators/CryptoObfuscator/ProxyCallFixer.cs index 6aaa2858..9fb4f2cb 100644 --- a/de4dot.code/deobfuscators/CryptoObfuscator/ProxyCallFixer.cs +++ b/de4dot.code/deobfuscators/CryptoObfuscator/ProxyCallFixer.cs @@ -73,25 +73,6 @@ namespace de4dot.code.deobfuscators.CryptoObfuscator { return null; } - protected override Dictionary getFieldToMethodDictionary(TypeDefinition type) { - var dict = new Dictionary(); - foreach (var method in type.Methods) { - if (!method.IsStatic || !method.HasBody || method.Name == ".cctor") - continue; - - var instructions = method.Body.Instructions; - for (int i = 0; i < instructions.Count; i++) { - var instr = instructions[i]; - if (instr.OpCode.Code != Code.Ldsfld) - continue; - - dict[(FieldDefinition)instr.Operand] = method; - break; - } - } - return dict; - } - protected override void getCallInfo(object context, FieldDefinition field, out MethodReference calledMethod, out OpCode callOpcode) { var ctx = (Context)context; diff --git a/de4dot.code/deobfuscators/DeobfuscatorBase.cs b/de4dot.code/deobfuscators/DeobfuscatorBase.cs index 7a67add7..61d4914d 100644 --- a/de4dot.code/deobfuscators/DeobfuscatorBase.cs +++ b/de4dot.code/deobfuscators/DeobfuscatorBase.cs @@ -472,9 +472,10 @@ namespace de4dot.code.deobfuscators { Log.v("Removing types"); Log.indent(); + var moduleType = DotNetUtils.getModuleType(module); foreach (var info in typesToRemove) { var typeDef = info.obj; - if (typeDef == null) + if (typeDef == null || typeDef == moduleType) continue; bool removed; if (typeDef.IsNested) @@ -663,18 +664,22 @@ namespace de4dot.code.deobfuscators { } } - protected void removeProxyDelegates(ProxyCallFixerBase proxyCallFixer) { - removeProxyDelegates(proxyCallFixer, true); + protected bool removeProxyDelegates(ProxyCallFixerBase proxyCallFixer) { + return removeProxyDelegates(proxyCallFixer, true); } - protected void removeProxyDelegates(ProxyCallFixerBase proxyCallFixer, bool removeCreators) { + protected bool removeProxyDelegates(ProxyCallFixerBase proxyCallFixer, bool removeCreators) { if (proxyCallFixer.Errors != 0) { Log.v("Not removing proxy delegates and creator type since errors were detected."); - return; + return false; } addTypesToBeRemoved(proxyCallFixer.DelegateTypes, "Proxy delegate type"); - if (removeCreators && proxyCallFixer.RemovedDelegateCreatorCalls > 0) + if (removeCreators && proxyCallFixer.RemovedDelegateCreatorCalls > 0) { addTypesToBeRemoved(proxyCallFixer.DelegateCreatorTypes, "Proxy delegate creator type"); + foreach (var tuple in proxyCallFixer.OtherMethods) + addMethodToBeRemoved(tuple.Item1, tuple.Item2); + } + return true; } protected Resource getResource(IEnumerable strings) { diff --git a/de4dot.code/deobfuscators/Goliath_NET/ProxyCallFixer.cs b/de4dot.code/deobfuscators/Goliath_NET/ProxyCallFixer.cs index 8c289333..9340b227 100644 --- a/de4dot.code/deobfuscators/Goliath_NET/ProxyCallFixer.cs +++ b/de4dot.code/deobfuscators/Goliath_NET/ProxyCallFixer.cs @@ -136,10 +136,6 @@ namespace de4dot.code.deobfuscators.Goliath_NET { throw new System.NotImplementedException(); } - protected override Dictionary getFieldToMethodDictionary(TypeDefinition type) { - throw new NotImplementedException(); - } - protected override void getCallInfo(object context, FieldDefinition field, out MethodReference calledMethod, out OpCode callOpcode) { throw new System.NotImplementedException(); } diff --git a/de4dot.code/deobfuscators/ProxyCallFixerBase.cs b/de4dot.code/deobfuscators/ProxyCallFixerBase.cs index 9da250ee..8fb83434 100644 --- a/de4dot.code/deobfuscators/ProxyCallFixerBase.cs +++ b/de4dot.code/deobfuscators/ProxyCallFixerBase.cs @@ -58,6 +58,10 @@ namespace de4dot.code.deobfuscators { } } + public virtual IEnumerable> OtherMethods { + get { return new List>(); } + } + public bool Detected { get { return delegateCreatorMethods.Count != 0; } } @@ -431,9 +435,30 @@ namespace de4dot.code.deobfuscators { } protected abstract object checkCctor(TypeDefinition type, MethodDefinition cctor); - protected abstract Dictionary getFieldToMethodDictionary(TypeDefinition type); protected abstract void getCallInfo(object context, FieldDefinition field, out MethodReference calledMethod, out OpCode callOpcode); + Dictionary getFieldToMethodDictionary(TypeDefinition type) { + var dict = new Dictionary(); + foreach (var method in type.Methods) { + if (!method.IsStatic || !method.HasBody || method.Name == ".cctor") + continue; + + var instructions = method.Body.Instructions; + for (int i = 0; i < instructions.Count; i++) { + var instr = instructions[i]; + if (instr.OpCode.Code != Code.Ldsfld) + continue; + var field = instr.Operand as FieldDefinition; + if (field == null) + continue; + + dict[field] = method; + break; + } + } + return dict; + } + protected override bool deobfuscate(Blocks blocks, IList allBlocks) { var removeInfos = new Dictionary>();