Support old DS 3.0.3.41 - 3.0.4.44
This commit is contained in:
de4dot
parent
48c7d40fb6
commit
37450a1515
|
|
@ -27,9 +27,16 @@ using de4dot.blocks;
|
||||||
|
|
||||||
namespace de4dot.code.deobfuscators.DeepSea {
|
namespace de4dot.code.deobfuscators.DeepSea {
|
||||||
class AssemblyResolver : ResolverBase {
|
class AssemblyResolver : ResolverBase {
|
||||||
bool isV3;
|
Version version;
|
||||||
List<FieldInfo> fieldInfos;
|
List<FieldInfo> fieldInfos;
|
||||||
|
|
||||||
|
enum Version {
|
||||||
|
Unknown,
|
||||||
|
V3Old,
|
||||||
|
V3,
|
||||||
|
V4,
|
||||||
|
}
|
||||||
|
|
||||||
public class AssemblyInfo {
|
public class AssemblyInfo {
|
||||||
public byte[] data;
|
public byte[] data;
|
||||||
public string fullName;
|
public string fullName;
|
||||||
|
|
@ -70,7 +77,10 @@ namespace de4dot.code.deobfuscators.DeepSea {
|
||||||
|
|
||||||
protected override bool checkHandlerMethodInternal(MethodDefinition handler) {
|
protected override bool checkHandlerMethodInternal(MethodDefinition handler) {
|
||||||
if (checkHandlerV3(handler) || checkHandlerSL(handler)) {
|
if (checkHandlerV3(handler) || checkHandlerSL(handler)) {
|
||||||
isV3 = true;
|
if (isV3Old(handler))
|
||||||
|
version = Version.V3Old;
|
||||||
|
else
|
||||||
|
version = Version.V3;
|
||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -78,7 +88,7 @@ namespace de4dot.code.deobfuscators.DeepSea {
|
||||||
List<FieldInfo> fieldInfosTmp;
|
List<FieldInfo> fieldInfosTmp;
|
||||||
if (checkHandlerV4(handler, out fieldInfosTmp) ||
|
if (checkHandlerV4(handler, out fieldInfosTmp) ||
|
||||||
checkHandlerV4_0_4(handler, out fieldInfosTmp)) {
|
checkHandlerV4_0_4(handler, out fieldInfosTmp)) {
|
||||||
isV3 = false;
|
version = Version.V4;
|
||||||
fieldInfos = fieldInfosTmp;
|
fieldInfos = fieldInfosTmp;
|
||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
|
|
@ -86,6 +96,11 @@ namespace de4dot.code.deobfuscators.DeepSea {
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
static bool isV3Old(MethodDefinition method) {
|
||||||
|
return DotNetUtils.callsMethod(method, "System.Int32 System.IO.Stream::Read(System.Byte[],System.Int32,System.Int32)") &&
|
||||||
|
!DotNetUtils.callsMethod(method, "System.Int32 System.IO.Stream::ReadByte()");
|
||||||
|
}
|
||||||
|
|
||||||
static string[] handlerLocalTypes_NET = new string[] {
|
static string[] handlerLocalTypes_NET = new string[] {
|
||||||
"System.Byte[]",
|
"System.Byte[]",
|
||||||
"System.IO.Compression.DeflateStream",
|
"System.IO.Compression.DeflateStream",
|
||||||
|
|
@ -205,9 +220,18 @@ namespace de4dot.code.deobfuscators.DeepSea {
|
||||||
}
|
}
|
||||||
|
|
||||||
public IEnumerable<AssemblyInfo> getAssemblyInfos() {
|
public IEnumerable<AssemblyInfo> getAssemblyInfos() {
|
||||||
if (isV3)
|
if (!Detected)
|
||||||
|
return new List<AssemblyInfo>();
|
||||||
|
|
||||||
|
switch (version) {
|
||||||
|
case Version.V3Old:
|
||||||
|
case Version.V3:
|
||||||
return getAssemblyInfosV3();
|
return getAssemblyInfosV3();
|
||||||
return getAssemblyInfosV4();
|
case Version.V4:
|
||||||
|
return getAssemblyInfosV4();
|
||||||
|
default:
|
||||||
|
throw new ApplicationException("Unknown version");
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
IEnumerable<AssemblyInfo> getAssemblyInfosV3() {
|
IEnumerable<AssemblyInfo> getAssemblyInfosV3() {
|
||||||
|
|
@ -230,7 +254,8 @@ namespace de4dot.code.deobfuscators.DeepSea {
|
||||||
|
|
||||||
AssemblyInfo getAssemblyInfoV3(EmbeddedResource resource) {
|
AssemblyInfo getAssemblyInfoV3(EmbeddedResource resource) {
|
||||||
try {
|
try {
|
||||||
return getAssemblyInfo(decryptResourceV3(resource), resource);
|
var decrypted = version == Version.V3Old ? decryptResourceV3Old(resource) : decryptResourceV3(resource);
|
||||||
|
return getAssemblyInfo(decrypted, resource);
|
||||||
}
|
}
|
||||||
catch (Exception) {
|
catch (Exception) {
|
||||||
return null;
|
return null;
|
||||||
|
|
|
||||||
|
|
@ -130,6 +130,16 @@ namespace de4dot.code.deobfuscators.DeepSea {
|
||||||
|
|
||||||
protected abstract bool checkHandlerMethodInternal(MethodDefinition handler);
|
protected abstract bool checkHandlerMethodInternal(MethodDefinition handler);
|
||||||
|
|
||||||
|
// 3.0.3.41 - 3.0.4.44
|
||||||
|
protected static byte[] decryptResourceV3Old(EmbeddedResource resource) {
|
||||||
|
return decryptResourceV3Old(resource.GetResourceData());
|
||||||
|
}
|
||||||
|
|
||||||
|
// 3.0.3.41 - 3.0.4.44
|
||||||
|
protected static byte[] decryptResourceV3Old(byte[] data) {
|
||||||
|
return decryptResource(data, 0, data.Length, 0);
|
||||||
|
}
|
||||||
|
|
||||||
protected static byte[] decryptResourceV3(EmbeddedResource resource) {
|
protected static byte[] decryptResourceV3(EmbeddedResource resource) {
|
||||||
return decryptResourceV3(resource.GetResourceData());
|
return decryptResourceV3(resource.GetResourceData());
|
||||||
}
|
}
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue
Block a user