Update getDecryptedModule() so it can return dumped methods
This commit is contained in:
parent
a6dcd03d26
commit
3b87ab1294
|
@ -24,6 +24,7 @@ using System.IO;
|
||||||
using System.Text;
|
using System.Text;
|
||||||
using Mono.Cecil;
|
using Mono.Cecil;
|
||||||
using Mono.Cecil.Cil;
|
using Mono.Cecil.Cil;
|
||||||
|
using Mono.MyStuff;
|
||||||
using de4dot.deobfuscators;
|
using de4dot.deobfuscators;
|
||||||
using de4dot.blocks;
|
using de4dot.blocks;
|
||||||
using de4dot.blocks.cflow;
|
using de4dot.blocks.cflow;
|
||||||
|
@ -301,18 +302,19 @@ namespace de4dot {
|
||||||
Log.n("Cleaning {0}", options.Filename);
|
Log.n("Cleaning {0}", options.Filename);
|
||||||
initAssemblyClient();
|
initAssemblyClient();
|
||||||
|
|
||||||
var newModuleData = deob.getDecryptedModule();
|
byte[] fileData = null;
|
||||||
if (newModuleData != null)
|
Dictionary<uint, DumpedMethod> dumpedMethods = null;
|
||||||
reloadModule(newModuleData);
|
if (deob.getDecryptedModule(ref fileData, ref dumpedMethods))
|
||||||
|
reloadModule(fileData, dumpedMethods);
|
||||||
|
|
||||||
deob.deobfuscateBegin();
|
deob.deobfuscateBegin();
|
||||||
deobfuscateMethods();
|
deobfuscateMethods();
|
||||||
deob.deobfuscateEnd();
|
deob.deobfuscateEnd();
|
||||||
}
|
}
|
||||||
|
|
||||||
void reloadModule(byte[] newModuleData) {
|
void reloadModule(byte[] newModuleData, Dictionary<uint, DumpedMethod> dumpedMethods) {
|
||||||
Log.v("Decrypted data. Reloading decrypted data (original filename: {0})", Filename);
|
Log.v("Decrypted data. Reloading decrypted data (original filename: {0})", Filename);
|
||||||
module = assemblyModule.reload(newModuleData);
|
module = assemblyModule.reload(newModuleData, dumpedMethods);
|
||||||
allMethods = getAllMethods();
|
allMethods = getAllMethods();
|
||||||
deob = deob.moduleReloaded(module);
|
deob = deob.moduleReloaded(module);
|
||||||
initializeDeobfuscator();
|
initializeDeobfuscator();
|
||||||
|
|
|
@ -21,6 +21,7 @@ using System;
|
||||||
using System.Collections.Generic;
|
using System.Collections.Generic;
|
||||||
using Mono.Cecil;
|
using Mono.Cecil;
|
||||||
using Mono.Cecil.Cil;
|
using Mono.Cecil.Cil;
|
||||||
|
using Mono.MyStuff;
|
||||||
using de4dot.blocks;
|
using de4dot.blocks;
|
||||||
|
|
||||||
namespace de4dot.deobfuscators {
|
namespace de4dot.deobfuscators {
|
||||||
|
@ -100,8 +101,8 @@ namespace de4dot.deobfuscators {
|
||||||
protected abstract void scanForObfuscator();
|
protected abstract void scanForObfuscator();
|
||||||
protected abstract int detectInternal();
|
protected abstract int detectInternal();
|
||||||
|
|
||||||
public virtual byte[] getDecryptedModule() {
|
public virtual bool getDecryptedModule(ref byte[] newFileData, ref Dictionary<uint, DumpedMethod> dumpedMethods) {
|
||||||
return null;
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
public virtual IDeobfuscator moduleReloaded(ModuleDefinition module) {
|
public virtual IDeobfuscator moduleReloaded(ModuleDefinition module) {
|
||||||
|
|
|
@ -20,6 +20,7 @@
|
||||||
using System;
|
using System;
|
||||||
using System.Collections.Generic;
|
using System.Collections.Generic;
|
||||||
using Mono.Cecil;
|
using Mono.Cecil;
|
||||||
|
using Mono.MyStuff;
|
||||||
using de4dot.blocks;
|
using de4dot.blocks;
|
||||||
|
|
||||||
namespace de4dot.deobfuscators {
|
namespace de4dot.deobfuscators {
|
||||||
|
@ -67,8 +68,8 @@ namespace de4dot.deobfuscators {
|
||||||
int detect();
|
int detect();
|
||||||
|
|
||||||
// If the obfuscator has encrypted parts of the file, then this method should return the
|
// If the obfuscator has encrypted parts of the file, then this method should return the
|
||||||
// decrypted file. Return null if it's not been encrypted.
|
// decrypted file. true is returned if args have been initialized, false otherwise.
|
||||||
byte[] getDecryptedModule();
|
bool getDecryptedModule(ref byte[] newFileData, ref Dictionary<uint, DumpedMethod> dumpedMethods);
|
||||||
|
|
||||||
// This is only called if getDecryptedModule() != null, and after the module has been
|
// This is only called if getDecryptedModule() != null, and after the module has been
|
||||||
// reloaded. Should return a new IDeobfuscator with the same options and the new module.
|
// reloaded. Should return a new IDeobfuscator with the same options and the new module.
|
||||||
|
|
Loading…
Reference in New Issue
Block a user