Move patcher code to DecrypterType

2011-12-21 16:56:12 +01:00 · 2011-12-21 16:56:12 +01:00 · 1fd7319b19
commit 1fd7319b19
parent ceca34e12c
3 changed files with 44 additions and 44 deletions
--- a/de4dot.code/deobfuscators/dotNET_Reactor3/DecrypterType.cs
+++ b/de4dot.code/deobfuscators/dotNET_Reactor3/DecrypterType.cs
@ -22,6 +22,7 @@ using System.Collections.Generic;
 using System.Text;
 using Mono.Cecil;
 using de4dot.blocks;
 using de4dot.code.PE;
 namespace de4dot.code.deobfuscators.dotNET_Reactor3 {
 	// Find the type that decrypts strings and calls the native lib
@ -133,5 +134,46 @@ namespace de4dot.code.deobfuscators.dotNET_Reactor3 {
 		public string decrypt2(string s) {
 			return Encoding.Unicode.GetString(Convert.FromBase64String(s));
 		}
 		public bool patch(PeImage peImage) {
 			try {
 				return patch2(peImage);
 			}
 			catch {
 				Log.w("Could not patch the file");
 				return false;
 			}
 		}
 		bool patch2(PeImage peImage) {
 			uint numPatches = peImage.offsetReadUInt32(peImage.ImageLength - 4);
 			uint offset = checked(peImage.ImageLength - 4 - numPatches * 8);
 			for (uint i = 0; i < numPatches; i++, offset += 8) {
 				uint rva = getValue(peImage.offsetReadUInt32(offset));
 				var value = peImage.offsetReadUInt32(offset + 4);
 				if (value == 4) {
 					i++;
 					offset += 8;
 					rva = getValue(peImage.offsetReadUInt32(offset));
 					value = peImage.offsetReadUInt32(offset + 4);
 				}
 				else
 					value = getValue(value);
 				peImage.dotNetSafeWrite(rva, BitConverter.GetBytes(value));
 			}
 			return true;
 		}
 		static uint getValue(uint value) {
 			const uint magic = 2749;
 			value = checked(value - magic);
 			if (value % 3 != 0)
 				throw new Exception();
 			return value / 3;
 		}
 	}
 }
--- a/de4dot.code/deobfuscators/dotNET_Reactor3/Deobfuscator.cs
+++ b/de4dot.code/deobfuscators/dotNET_Reactor3/Deobfuscator.cs
@ -136,12 +136,12 @@ namespace de4dot.code.deobfuscators.dotNET_Reactor3 {
 		}
 		public override bool getDecryptedModule(ref byte[] newFileData, ref Dictionary<uint, DumpedMethod> dumpedMethods) {
-			if (!nativeLibSaver.Detected)
+			if (!decrypterType.Detected)
 				return false;
 			var fileData = ModuleBytes ?? DeobUtils.readModule(module);
 			var peImage = new PeImage(fileData);
-			if (!nativeLibSaver.patch(peImage))
+			if (!decrypterType.patch(peImage))
 				return false;
 			newFileData = fileData;
--- a/de4dot.code/deobfuscators/dotNET_Reactor3/NativeLibSaver.cs
+++ b/de4dot.code/deobfuscators/dotNET_Reactor3/NativeLibSaver.cs
@ -20,7 +20,6 @@
 using System;
 using Mono.Cecil;
 using de4dot.blocks;
 using de4dot.code.PE;
 namespace de4dot.code.deobfuscators.dotNET_Reactor3 {
 	// Finds the type that saves the native lib (if in resources) to disk
@ -82,46 +81,5 @@ namespace de4dot.code.deobfuscators.dotNET_Reactor3 {
 				return;
 			}
 		}
 		public bool patch(PeImage peImage) {
 			try {
 				return patch2(peImage);
 			}
 			catch {
 				Log.w("Could not patch the file");
 				return false;
 			}
 		}
 		bool patch2(PeImage peImage) {
 			uint numPatches = peImage.offsetReadUInt32(peImage.ImageLength - 4);
 			uint offset = checked(peImage.ImageLength - 4 - numPatches * 8);
 			for (uint i = 0; i < numPatches; i++, offset += 8) {
 				uint rva = getValue(peImage.offsetReadUInt32(offset));
 				var value = peImage.offsetReadUInt32(offset + 4);
 				if (value == 4) {
 					i++;
 					offset += 8;
 					rva = getValue(peImage.offsetReadUInt32(offset));
 					value = peImage.offsetReadUInt32(offset + 4);
 				}
 				else
 					value = getValue(value);
 				peImage.dotNetSafeWrite(rva, BitConverter.GetBytes(value));
 			}
 			return true;
 		}
 		static uint getValue(uint value) {
 			const uint magic = 2749;
 			value = checked(value - magic);
 			if (value % 3 != 0)
 				throw new Exception();
 			return value / 3;
 		}
 	}
 }