monocul.us/de4dot-cex
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Always call detect(), and support reloading decrypted files

Browse Source
This commit is contained in:
de4dot 2011-10-26 14:32:50 +02:00
parent 3f7b1237b4
commit 1fbe902ed1
1 changed files with 27 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

29
de4dot.code/ObfuscatedFile.cs
View File

@ -160,7 +160,10 @@ namespace de4dot {
detectObfuscator(deobfuscators); detectObfuscator(deobfuscators);
if (deob == null) if (deob == null)
throw new ApplicationException("Could not detect obfuscator!"); throw new ApplicationException("Could not detect obfuscator!");
initializeDeobfuscator();
}
void initializeDeobfuscator() {
if (options.StringDecrypterType == DecrypterType.Default) if (options.StringDecrypterType == DecrypterType.Default)
options.StringDecrypterType = deob.DefaultDecrypterType; options.StringDecrypterType = deob.DefaultDecrypterType;
if (options.StringDecrypterType == DecrypterType.Default) if (options.StringDecrypterType == DecrypterType.Default)
@ -205,13 +208,20 @@ namespace de4dot {
if (options.ForcedObfuscatorType != null) { if (options.ForcedObfuscatorType != null) {
foreach (var deob in deobfuscators) { foreach (var deob in deobfuscators) {
if (string.Equals(options.ForcedObfuscatorType, deob.Type, StringComparison.OrdinalIgnoreCase)) { if (string.Equals(options.ForcedObfuscatorType, deob.Type, StringComparison.OrdinalIgnoreCase)) {
deob.earlyDetect();
deob.detect();
this.deob = deob; this.deob = deob;
return; return;
} }
} }
} }
else else {
this.deob = earlyDetectObfuscator(deobfuscators) ?? detectObfuscator2(deobfuscators); this.deob = earlyDetectObfuscator(deobfuscators);
if (this.deob == null)
this.deob = detectObfuscator2(deobfuscators);
else
this.deob.detect();
}
} }
IDeobfuscator earlyDetectObfuscator(IEnumerable<IDeobfuscator> deobfuscators) { IDeobfuscator earlyDetectObfuscator(IEnumerable<IDeobfuscator> deobfuscators) {
@ -290,11 +300,26 @@ namespace de4dot {
public void deobfuscate() { public void deobfuscate() {
Log.n("Cleaning {0}", options.Filename); Log.n("Cleaning {0}", options.Filename);
initAssemblyClient(); initAssemblyClient();
var newModuleData = deob.getDecryptedModule();
if (newModuleData != null)
reloadModule(newModuleData);
deob.deobfuscateBegin(); deob.deobfuscateBegin();
deobfuscateMethods(); deobfuscateMethods();
deob.deobfuscateEnd(); deob.deobfuscateEnd();
} }
void reloadModule(byte[] newModuleData) {
Log.v("Decrypted data. Reloading decrypted data (original filename: {0})", Filename);
module = assemblyModule.reload(newModuleData);
allMethods = getAllMethods();
deob = deob.moduleReloaded(module);
initializeDeobfuscator();
deob.DeobfuscatedFile = this;
updateDynamicStringDecrypter();
}
void initAssemblyClient() { void initAssemblyClient() {
if (assemblyClient == null) if (assemblyClient == null)
return; return;