Update code and fix some bugs
This commit is contained in:
parent
289c11b296
commit
2a651f5b5e
|
@ -136,14 +136,24 @@ namespace de4dot.code.deobfuscators.dotNET_Reactor3 {
|
|||
for (int i = 1; i < filenames.Length; i++)
|
||||
satelliteAssemblies.Add(unpackEmbeddedFile(i, decrypter));
|
||||
|
||||
clearDllBit(mainAssembly.data);
|
||||
return mainAssembly.data;
|
||||
}
|
||||
|
||||
static void clearDllBit(byte[] peImageData) {
|
||||
var mainPeImage = new PeImage(peImageData);
|
||||
uint characteristicsOffset = mainPeImage.FileHeaderOffset + 18;
|
||||
ushort characteristics = mainPeImage.offsetReadUInt16(characteristicsOffset);
|
||||
characteristics &= 0xDFFF;
|
||||
characteristics |= 2;
|
||||
mainPeImage.offsetWriteUInt16(characteristicsOffset, characteristics);
|
||||
}
|
||||
|
||||
UnpackedFile unpackEmbeddedFile(int index, ApplicationModeDecrypter decrypter) {
|
||||
uint offset = 0;
|
||||
for (int i = 0; i < index + 1; i++)
|
||||
offset += sizes[i];
|
||||
string filename = Path.GetFileName(filenames[index]);
|
||||
string filename = Win32Path.GetFileName(filenames[index]);
|
||||
var data = peImage.offsetReadBytes(offset, (int)sizes[index + 1]);
|
||||
data = DeobUtils.decrypt(data, decrypter.AssemblyKey, decrypter.AssemblyIv);
|
||||
data = decompress(data);
|
||||
|
|
|
@ -272,7 +272,7 @@ namespace de4dot.code.deobfuscators.dotNET_Reactor3 {
|
|||
|
||||
void dumpUnpackedFiles() {
|
||||
foreach (var unpackedFile in unpackedFiles)
|
||||
DeobfuscatedFile.createAssemblyFile(unpackedFile.data, Path.GetFileNameWithoutExtension(unpackedFile.filename), Path.GetExtension(unpackedFile.filename));
|
||||
DeobfuscatedFile.createAssemblyFile(unpackedFile.data, Win32Path.GetFileNameWithoutExtension(unpackedFile.filename), Win32Path.GetExtension(unpackedFile.filename));
|
||||
}
|
||||
|
||||
public override void deobfuscateEnd() {
|
||||
|
|
|
@ -106,7 +106,7 @@ namespace de4dot.code.deobfuscators.dotNET_Reactor3 {
|
|||
if (ary1 == null || ary2 == null)
|
||||
return null;
|
||||
ary2 = decrypt(ary2);
|
||||
if (ary2 == null || ary2.Length != ary2.Length)
|
||||
if (ary2 == null || ary1.Length != ary2.Length)
|
||||
return null;
|
||||
|
||||
for (int i = 0; i < ary1.Length; i++)
|
||||
|
|
|
@ -106,7 +106,7 @@ namespace de4dot.code.deobfuscators.dotNET_Reactor3 {
|
|||
i++;
|
||||
offset += 8;
|
||||
rva = checked((peImage.offsetReadUInt32(offset) - magic) / 3);
|
||||
value = peImage.offsetReadUInt32(offset);
|
||||
value = peImage.offsetReadUInt32(offset + 4);
|
||||
}
|
||||
else
|
||||
value = checked((value - magic) / 3);
|
||||
|
|
Loading…
Reference in New Issue
Block a user