Update getDecryptedModule() so it can return dumped methods
This commit is contained in:
parent
a6dcd03d26
commit
3b87ab1294
|
@ -24,6 +24,7 @@ using System.IO;
|
|||
using System.Text;
|
||||
using Mono.Cecil;
|
||||
using Mono.Cecil.Cil;
|
||||
using Mono.MyStuff;
|
||||
using de4dot.deobfuscators;
|
||||
using de4dot.blocks;
|
||||
using de4dot.blocks.cflow;
|
||||
|
@ -301,18 +302,19 @@ namespace de4dot {
|
|||
Log.n("Cleaning {0}", options.Filename);
|
||||
initAssemblyClient();
|
||||
|
||||
var newModuleData = deob.getDecryptedModule();
|
||||
if (newModuleData != null)
|
||||
reloadModule(newModuleData);
|
||||
byte[] fileData = null;
|
||||
Dictionary<uint, DumpedMethod> dumpedMethods = null;
|
||||
if (deob.getDecryptedModule(ref fileData, ref dumpedMethods))
|
||||
reloadModule(fileData, dumpedMethods);
|
||||
|
||||
deob.deobfuscateBegin();
|
||||
deobfuscateMethods();
|
||||
deob.deobfuscateEnd();
|
||||
}
|
||||
|
||||
void reloadModule(byte[] newModuleData) {
|
||||
void reloadModule(byte[] newModuleData, Dictionary<uint, DumpedMethod> dumpedMethods) {
|
||||
Log.v("Decrypted data. Reloading decrypted data (original filename: {0})", Filename);
|
||||
module = assemblyModule.reload(newModuleData);
|
||||
module = assemblyModule.reload(newModuleData, dumpedMethods);
|
||||
allMethods = getAllMethods();
|
||||
deob = deob.moduleReloaded(module);
|
||||
initializeDeobfuscator();
|
||||
|
|
|
@ -21,6 +21,7 @@ using System;
|
|||
using System.Collections.Generic;
|
||||
using Mono.Cecil;
|
||||
using Mono.Cecil.Cil;
|
||||
using Mono.MyStuff;
|
||||
using de4dot.blocks;
|
||||
|
||||
namespace de4dot.deobfuscators {
|
||||
|
@ -100,8 +101,8 @@ namespace de4dot.deobfuscators {
|
|||
protected abstract void scanForObfuscator();
|
||||
protected abstract int detectInternal();
|
||||
|
||||
public virtual byte[] getDecryptedModule() {
|
||||
return null;
|
||||
public virtual bool getDecryptedModule(ref byte[] newFileData, ref Dictionary<uint, DumpedMethod> dumpedMethods) {
|
||||
return false;
|
||||
}
|
||||
|
||||
public virtual IDeobfuscator moduleReloaded(ModuleDefinition module) {
|
||||
|
|
|
@ -20,6 +20,7 @@
|
|||
using System;
|
||||
using System.Collections.Generic;
|
||||
using Mono.Cecil;
|
||||
using Mono.MyStuff;
|
||||
using de4dot.blocks;
|
||||
|
||||
namespace de4dot.deobfuscators {
|
||||
|
@ -67,8 +68,8 @@ namespace de4dot.deobfuscators {
|
|||
int detect();
|
||||
|
||||
// If the obfuscator has encrypted parts of the file, then this method should return the
|
||||
// decrypted file. Return null if it's not been encrypted.
|
||||
byte[] getDecryptedModule();
|
||||
// decrypted file. true is returned if args have been initialized, false otherwise.
|
||||
bool getDecryptedModule(ref byte[] newFileData, ref Dictionary<uint, DumpedMethod> dumpedMethods);
|
||||
|
||||
// This is only called if getDecryptedModule() != null, and after the module has been
|
||||
// reloaded. Should return a new IDeobfuscator with the same options and the new module.
|
||||
|
|
Loading…
Reference in New Issue
Block a user