monocul.us/de4dot-cex
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Detect Confuser 1.7 r75184 compressor

Browse Source
This commit is contained in:
de4dot 2012-08-07 19:52:53 +02:00
parent ade379c20b
commit 1bd7632b2c
1 changed files with 8 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
de4dot.code/deobfuscators/Confuser/Unpacker.cs
View File

@ -82,6 +82,7 @@ namespace de4dot.code.deobfuscators.Confuser {
v17_r73404, v17_r73404,
v17_r73477, v17_r73477,
v17_r75076, v17_r75076,
v18_r75184,
} }
public bool Detected { public bool Detected {
@ -149,8 +150,12 @@ namespace de4dot.code.deobfuscators.Confuser {
version = ConfuserVersion.v14_r58852; version = ConfuserVersion.v14_r58852;
break; break;
} }
if (use7zip) if (use7zip) {
if (new LocalTypes(decyptMethod).exists("System.IO.MemoryStream"))
version = ConfuserVersion.v17_r75076; version = ConfuserVersion.v17_r75076;
else
version = ConfuserVersion.v18_r75184;
}
else if (isDecryptMethod_v17_r73404(decyptMethod)) else if (isDecryptMethod_v17_r73404(decyptMethod))
version = ConfuserVersion.v17_r73404; version = ConfuserVersion.v17_r73404;
else else
@ -363,7 +368,6 @@ namespace de4dot.code.deobfuscators.Confuser {
"System.Byte[]", "System.Byte[]",
"System.Int64", "System.Int64",
"System.IO.BinaryReader", "System.IO.BinaryReader",
"System.IO.MemoryStream",
"System.Security.Cryptography.CryptoStream", "System.Security.Cryptography.CryptoStream",
"System.Security.Cryptography.RijndaelManaged", "System.Security.Cryptography.RijndaelManaged",
}; };
@ -432,6 +436,7 @@ namespace de4dot.code.deobfuscators.Confuser {
case ConfuserVersion.v17_r73404: return decrypt_v17_r73404(data); case ConfuserVersion.v17_r73404: return decrypt_v17_r73404(data);
case ConfuserVersion.v17_r73477: return decrypt_v17_r73404(data); case ConfuserVersion.v17_r73477: return decrypt_v17_r73404(data);
case ConfuserVersion.v17_r75076: return decrypt_v17_r75076(data); case ConfuserVersion.v17_r75076: return decrypt_v17_r75076(data);
case ConfuserVersion.v18_r75184: return decrypt_v17_r75076(data);
default: throw new ApplicationException("Unknown version"); default: throw new ApplicationException("Unknown version");
} }
} }