Move common resolver handler detector code to DeobUtils
This commit is contained in:
parent
dbd7affaa8
commit
3a96ae391a
|
@ -22,6 +22,7 @@ using System.Collections.Generic;
|
|||
using System.IO;
|
||||
using System.Security.Cryptography;
|
||||
using Mono.Cecil;
|
||||
using Mono.Cecil.Cil;
|
||||
using ICSharpCode.SharpZipLib.Zip.Compression;
|
||||
using de4dot.blocks;
|
||||
|
||||
|
@ -231,5 +232,29 @@ namespace de4dot.code.deobfuscators {
|
|||
break;
|
||||
}
|
||||
}
|
||||
|
||||
public static List<MethodDefinition> getAllResolveHandlers(MethodDefinition method) {
|
||||
var list = new List<MethodDefinition>();
|
||||
if (method == null || method.Body == null)
|
||||
return list;
|
||||
foreach (var instr in method.Body.Instructions) {
|
||||
if (instr.OpCode.Code != Code.Ldftn && instr.OpCode.Code != Code.Ldvirtftn)
|
||||
continue;
|
||||
var handler = instr.Operand as MethodDefinition;
|
||||
if (handler == null)
|
||||
continue;
|
||||
if (!DotNetUtils.isMethod(handler, "System.Reflection.Assembly", "(System.Object,System.ResolveEventArgs)"))
|
||||
continue;
|
||||
list.Add(handler);
|
||||
}
|
||||
return list;
|
||||
}
|
||||
|
||||
public static MethodDefinition getResolveMethod(MethodDefinition method) {
|
||||
var handlers = DeobUtils.getAllResolveHandlers(method);
|
||||
if (handlers.Count == 0)
|
||||
return null;
|
||||
return handlers[0];
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
@ -160,7 +160,7 @@ namespace de4dot.code.deobfuscators.Eazfuscator_NET {
|
|||
if (DotNetUtils.getPInvokeMethod(type, "kernel32", "MoveFileEx") == null)
|
||||
return false;
|
||||
|
||||
var resolveHandler = EfUtils.getResolveMethod(method);
|
||||
var resolveHandler = DeobUtils.getResolveMethod(method);
|
||||
if (resolveHandler == null)
|
||||
return false;
|
||||
if (!DeobUtils.hasInteger(resolveHandler, ',') ||
|
||||
|
|
|
@ -91,23 +91,5 @@ namespace de4dot.code.deobfuscators.Eazfuscator_NET {
|
|||
|
||||
return null;
|
||||
}
|
||||
|
||||
public static MethodDefinition getResolveMethod(MethodDefinition method) {
|
||||
if (method == null || method.Body == null)
|
||||
return null;
|
||||
foreach (var instr in method.Body.Instructions) {
|
||||
if (instr.OpCode.Code != Code.Ldftn && instr.OpCode.Code != Code.Ldvirtftn)
|
||||
continue;
|
||||
var handler = instr.Operand as MethodDefinition;
|
||||
if (handler == null)
|
||||
continue;
|
||||
if (!DotNetUtils.isMethod(handler, "System.Reflection.Assembly", "(System.Object,System.ResolveEventArgs)"))
|
||||
continue;
|
||||
|
||||
return handler;
|
||||
}
|
||||
|
||||
return null;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
@ -83,7 +83,7 @@ namespace de4dot.code.deobfuscators.Eazfuscator_NET {
|
|||
if (DotNetUtils.getField(type, "System.Reflection.Assembly") == null)
|
||||
return false;
|
||||
|
||||
var resolveHandler = EfUtils.getResolveMethod(method);
|
||||
var resolveHandler = DeobUtils.getResolveMethod(method);
|
||||
if (resolveHandler == null)
|
||||
return false;
|
||||
|
||||
|
|
|
@ -72,7 +72,7 @@ namespace de4dot.code.deobfuscators.dotNET_Reactor.v3 {
|
|||
var ctor = DotNetUtils.getMethod(type, ".ctor");
|
||||
if (ctor == null)
|
||||
continue;
|
||||
var handler = getHandler(ctor);
|
||||
var handler = DeobUtils.getResolveMethod(ctor);
|
||||
if (handler == null)
|
||||
continue;
|
||||
simpleDeobfuscator.decryptStrings(handler, deob);
|
||||
|
@ -94,27 +94,6 @@ namespace de4dot.code.deobfuscators.dotNET_Reactor.v3 {
|
|||
return false;
|
||||
}
|
||||
|
||||
MethodDefinition getHandler(MethodDefinition ctor) {
|
||||
if (ctor == null || ctor.Body == null)
|
||||
return null;
|
||||
foreach (var instr in ctor.Body.Instructions) {
|
||||
if (instr.OpCode.Code != Code.Ldftn)
|
||||
continue;
|
||||
var handler = instr.Operand as MethodReference;
|
||||
if (handler == null)
|
||||
continue;
|
||||
if (!DotNetUtils.isMethod(handler, "System.Reflection.Assembly", "(System.Object,System.ResolveEventArgs)"))
|
||||
continue;
|
||||
var handlerDef = DotNetUtils.getMethod(module, handler);
|
||||
if (handlerDef == null)
|
||||
continue;
|
||||
|
||||
return handlerDef;
|
||||
}
|
||||
|
||||
return null;
|
||||
}
|
||||
|
||||
string getResourcePrefix(MethodDefinition handler) {
|
||||
foreach (var s in DotNetUtils.getCodeStrings(handler)) {
|
||||
var resource = DotNetUtils.getResource(module, s + "00000") as EmbeddedResource;
|
||||
|
|
Loading…
Reference in New Issue
Block a user