getDecryptedModule() can now be called multiple times
This commit is contained in:
parent
c8477bdbce
commit
4374a08020
|
@ -372,10 +372,13 @@ namespace de4dot.code {
|
||||||
Log.n("Cleaning {0}", options.Filename);
|
Log.n("Cleaning {0}", options.Filename);
|
||||||
initAssemblyClient();
|
initAssemblyClient();
|
||||||
|
|
||||||
|
for (int i = 0; ; i++) {
|
||||||
byte[] fileData = null;
|
byte[] fileData = null;
|
||||||
DumpedMethods dumpedMethods = null;
|
DumpedMethods dumpedMethods = null;
|
||||||
if (deob.getDecryptedModule(ref fileData, ref dumpedMethods))
|
if (!deob.getDecryptedModule(i, ref fileData, ref dumpedMethods))
|
||||||
|
break;
|
||||||
reloadModule(fileData, dumpedMethods);
|
reloadModule(fileData, dumpedMethods);
|
||||||
|
}
|
||||||
|
|
||||||
deob.deobfuscateBegin();
|
deob.deobfuscateBegin();
|
||||||
deobfuscateMethods();
|
deobfuscateMethods();
|
||||||
|
|
|
@ -205,8 +205,8 @@ namespace de4dot.code.deobfuscators.CliSecure {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
public override bool getDecryptedModule(ref byte[] newFileData, ref DumpedMethods dumpedMethods) {
|
public override bool getDecryptedModule(int count, ref byte[] newFileData, ref DumpedMethods dumpedMethods) {
|
||||||
if (!options.DecryptMethods)
|
if (count != 0 || !options.DecryptMethods)
|
||||||
return false;
|
return false;
|
||||||
|
|
||||||
byte[] fileData = ModuleBytes ?? DeobUtils.readModule(module);
|
byte[] fileData = ModuleBytes ?? DeobUtils.readModule(module);
|
||||||
|
|
|
@ -107,8 +107,8 @@ namespace de4dot.code.deobfuscators.CodeFort {
|
||||||
assemblyDecrypter.find();
|
assemblyDecrypter.find();
|
||||||
}
|
}
|
||||||
|
|
||||||
public override bool getDecryptedModule(ref byte[] newFileData, ref DumpedMethods dumpedMethods) {
|
public override bool getDecryptedModule(int count, ref byte[] newFileData, ref DumpedMethods dumpedMethods) {
|
||||||
if (!assemblyDecrypter.EncryptedDetected)
|
if (count != 0 || !assemblyDecrypter.EncryptedDetected)
|
||||||
return false;
|
return false;
|
||||||
|
|
||||||
newFileData = assemblyDecrypter.decrypt();
|
newFileData = assemblyDecrypter.decrypt();
|
||||||
|
|
|
@ -149,8 +149,8 @@ namespace de4dot.code.deobfuscators.CodeVeil {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
public override bool getDecryptedModule(ref byte[] newFileData, ref DumpedMethods dumpedMethods) {
|
public override bool getDecryptedModule(int count, ref byte[] newFileData, ref DumpedMethods dumpedMethods) {
|
||||||
if (!methodsDecrypter.Detected)
|
if (count != 0 || !methodsDecrypter.Detected)
|
||||||
return false;
|
return false;
|
||||||
|
|
||||||
var fileData = DeobUtils.readModule(module);
|
var fileData = DeobUtils.readModule(module);
|
||||||
|
|
|
@ -126,7 +126,9 @@ namespace de4dot.code.deobfuscators.CodeWall {
|
||||||
return null;
|
return null;
|
||||||
}
|
}
|
||||||
|
|
||||||
public override bool getDecryptedModule(ref byte[] newFileData, ref DumpedMethods dumpedMethods) {
|
public override bool getDecryptedModule(int count, ref byte[] newFileData, ref DumpedMethods dumpedMethods) {
|
||||||
|
if (count != 0)
|
||||||
|
return false;
|
||||||
if (!methodsDecrypter.Detected)
|
if (!methodsDecrypter.Detected)
|
||||||
return false;
|
return false;
|
||||||
|
|
||||||
|
|
|
@ -139,7 +139,7 @@ namespace de4dot.code.deobfuscators {
|
||||||
protected abstract void scanForObfuscator();
|
protected abstract void scanForObfuscator();
|
||||||
protected abstract int detectInternal();
|
protected abstract int detectInternal();
|
||||||
|
|
||||||
public virtual bool getDecryptedModule(ref byte[] newFileData, ref DumpedMethods dumpedMethods) {
|
public virtual bool getDecryptedModule(int count, ref byte[] newFileData, ref DumpedMethods dumpedMethods) {
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -83,7 +83,7 @@ namespace de4dot.code.deobfuscators {
|
||||||
|
|
||||||
// If the obfuscator has encrypted parts of the file, then this method should return the
|
// If the obfuscator has encrypted parts of the file, then this method should return the
|
||||||
// decrypted file. true is returned if args have been initialized, false otherwise.
|
// decrypted file. true is returned if args have been initialized, false otherwise.
|
||||||
bool getDecryptedModule(ref byte[] newFileData, ref DumpedMethods dumpedMethods);
|
bool getDecryptedModule(int count, ref byte[] newFileData, ref DumpedMethods dumpedMethods);
|
||||||
|
|
||||||
// This is only called if getDecryptedModule() != null, and after the module has been
|
// This is only called if getDecryptedModule() != null, and after the module has been
|
||||||
// reloaded. Should return a new IDeobfuscator with the same options and the new module.
|
// reloaded. Should return a new IDeobfuscator with the same options and the new module.
|
||||||
|
|
|
@ -190,8 +190,8 @@ namespace de4dot.code.deobfuscators.MPRESS {
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
public override bool getDecryptedModule(ref byte[] newFileData, ref DumpedMethods dumpedMethods) {
|
public override bool getDecryptedModule(int count, ref byte[] newFileData, ref DumpedMethods dumpedMethods) {
|
||||||
if (version == Version.Unknown)
|
if (count != 0 || version == Version.Unknown)
|
||||||
return false;
|
return false;
|
||||||
|
|
||||||
byte[] fileData = ModuleBytes ?? DeobUtils.readModule(module);
|
byte[] fileData = ModuleBytes ?? DeobUtils.readModule(module);
|
||||||
|
|
|
@ -100,8 +100,8 @@ namespace de4dot.code.deobfuscators.MaxtoCode {
|
||||||
mainType.find();
|
mainType.find();
|
||||||
}
|
}
|
||||||
|
|
||||||
public override bool getDecryptedModule(ref byte[] newFileData, ref DumpedMethods dumpedMethods) {
|
public override bool getDecryptedModule(int count, ref byte[] newFileData, ref DumpedMethods dumpedMethods) {
|
||||||
if (!mainType.Detected)
|
if (count != 0 || !mainType.Detected)
|
||||||
return false;
|
return false;
|
||||||
|
|
||||||
var fileData = DeobUtils.readModule(module);
|
var fileData = DeobUtils.readModule(module);
|
||||||
|
|
|
@ -141,8 +141,8 @@ namespace de4dot.code.deobfuscators.dotNET_Reactor.v3 {
|
||||||
return decrypterType.LinkedResource != null || nativeLibSaver.Resource != null;
|
return decrypterType.LinkedResource != null || nativeLibSaver.Resource != null;
|
||||||
}
|
}
|
||||||
|
|
||||||
public override bool getDecryptedModule(ref byte[] newFileData, ref DumpedMethods dumpedMethods) {
|
public override bool getDecryptedModule(int count, ref byte[] newFileData, ref DumpedMethods dumpedMethods) {
|
||||||
if (!needsPatching())
|
if (count != 0 || !needsPatching())
|
||||||
return false;
|
return false;
|
||||||
|
|
||||||
var fileData = ModuleBytes ?? DeobUtils.readModule(module);
|
var fileData = ModuleBytes ?? DeobUtils.readModule(module);
|
||||||
|
|
|
@ -367,7 +367,9 @@ namespace de4dot.code.deobfuscators.dotNET_Reactor.v4 {
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
public override bool getDecryptedModule(ref byte[] newFileData, ref DumpedMethods dumpedMethods) {
|
public override bool getDecryptedModule(int count, ref byte[] newFileData, ref DumpedMethods dumpedMethods) {
|
||||||
|
if (count != 0)
|
||||||
|
return false;
|
||||||
fileData = ModuleBytes ?? DeobUtils.readModule(module);
|
fileData = ModuleBytes ?? DeobUtils.readModule(module);
|
||||||
peImage = new PeImage(fileData);
|
peImage = new PeImage(fileData);
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue
Block a user