monocul.us/de4dot-cex
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Update getDecryptedModule() so it can return dumped methods

Browse Source
This commit is contained in:
de4dot 2011-10-29 02:23:48 +02:00
parent a6dcd03d26
commit 3b87ab1294
3 changed files with 13 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
de4dot.code/ObfuscatedFile.cs
View File

@ -24,6 +24,7 @@ using System.IO;
using System.Text;
using Mono.Cecil;
using Mono.Cecil.Cil;
using Mono.MyStuff;
using de4dot.deobfuscators;
using de4dot.blocks;
using de4dot.blocks.cflow;
@ -301,18 +302,19 @@ namespace de4dot {
Log.n("Cleaning {0}", options.Filename);
initAssemblyClient();
var newModuleData = deob.getDecryptedModule();
if (newModuleData != null)
reloadModule(newModuleData);
byte[] fileData = null;
Dictionary<uint, DumpedMethod> dumpedMethods = null;
if (deob.getDecryptedModule(ref fileData, ref dumpedMethods))
reloadModule(fileData, dumpedMethods);
deob.deobfuscateBegin();
deobfuscateMethods();
deob.deobfuscateEnd();
}
void reloadModule(byte[] newModuleData) {
void reloadModule(byte[] newModuleData, Dictionary<uint, DumpedMethod> dumpedMethods) {
Log.v("Decrypted data. Reloading decrypted data (original filename: {0})", Filename);
module = assemblyModule.reload(newModuleData);
module = assemblyModule.reload(newModuleData, dumpedMethods);
allMethods = getAllMethods();
deob = deob.moduleReloaded(module);
initializeDeobfuscator();

5
de4dot.code/deobfuscators/DeobfuscatorBase.cs
View File

@ -21,6 +21,7 @@ using System;
using System.Collections.Generic;
using Mono.Cecil;
using Mono.Cecil.Cil;
using Mono.MyStuff;
using de4dot.blocks;
namespace de4dot.deobfuscators {
@ -100,8 +101,8 @@ namespace de4dot.deobfuscators {
protected abstract void scanForObfuscator();
protected abstract int detectInternal();
public virtual byte[] getDecryptedModule() {
return null;
public virtual bool getDecryptedModule(ref byte[] newFileData, ref Dictionary<uint, DumpedMethod> dumpedMethods) {
return false;
}
public virtual IDeobfuscator moduleReloaded(ModuleDefinition module) {

5
de4dot.code/deobfuscators/IDeobfuscator.cs
View File

@ -20,6 +20,7 @@
using System;
using System.Collections.Generic;
using Mono.Cecil;
using Mono.MyStuff;
using de4dot.blocks;
namespace de4dot.deobfuscators {
@ -67,8 +68,8 @@ namespace de4dot.deobfuscators {
int detect();
// If the obfuscator has encrypted parts of the file, then this method should return the
// decrypted file. Return null if it's not been encrypted.
byte[] getDecryptedModule();
// decrypted file. true is returned if args have been initialized, false otherwise.
bool getDecryptedModule(ref byte[] newFileData, ref Dictionary<uint, DumpedMethod> dumpedMethods);
// This is only called if getDecryptedModule() != null, and after the module has been
// reloaded. Should return a new IDeobfuscator with the same options and the new module.