getDecryptedModule() can now be called multiple times
This commit is contained in:
parent
c8477bdbce
commit
4374a08020
|
@ -372,10 +372,13 @@ namespace de4dot.code {
|
|||
Log.n("Cleaning {0}", options.Filename);
|
||||
initAssemblyClient();
|
||||
|
||||
for (int i = 0; ; i++) {
|
||||
byte[] fileData = null;
|
||||
DumpedMethods dumpedMethods = null;
|
||||
if (deob.getDecryptedModule(ref fileData, ref dumpedMethods))
|
||||
if (!deob.getDecryptedModule(i, ref fileData, ref dumpedMethods))
|
||||
break;
|
||||
reloadModule(fileData, dumpedMethods);
|
||||
}
|
||||
|
||||
deob.deobfuscateBegin();
|
||||
deobfuscateMethods();
|
||||
|
|
|
@ -205,8 +205,8 @@ namespace de4dot.code.deobfuscators.CliSecure {
|
|||
}
|
||||
}
|
||||
|
||||
public override bool getDecryptedModule(ref byte[] newFileData, ref DumpedMethods dumpedMethods) {
|
||||
if (!options.DecryptMethods)
|
||||
public override bool getDecryptedModule(int count, ref byte[] newFileData, ref DumpedMethods dumpedMethods) {
|
||||
if (count != 0 || !options.DecryptMethods)
|
||||
return false;
|
||||
|
||||
byte[] fileData = ModuleBytes ?? DeobUtils.readModule(module);
|
||||
|
|
|
@ -107,8 +107,8 @@ namespace de4dot.code.deobfuscators.CodeFort {
|
|||
assemblyDecrypter.find();
|
||||
}
|
||||
|
||||
public override bool getDecryptedModule(ref byte[] newFileData, ref DumpedMethods dumpedMethods) {
|
||||
if (!assemblyDecrypter.EncryptedDetected)
|
||||
public override bool getDecryptedModule(int count, ref byte[] newFileData, ref DumpedMethods dumpedMethods) {
|
||||
if (count != 0 || !assemblyDecrypter.EncryptedDetected)
|
||||
return false;
|
||||
|
||||
newFileData = assemblyDecrypter.decrypt();
|
||||
|
|
|
@ -149,8 +149,8 @@ namespace de4dot.code.deobfuscators.CodeVeil {
|
|||
}
|
||||
}
|
||||
|
||||
public override bool getDecryptedModule(ref byte[] newFileData, ref DumpedMethods dumpedMethods) {
|
||||
if (!methodsDecrypter.Detected)
|
||||
public override bool getDecryptedModule(int count, ref byte[] newFileData, ref DumpedMethods dumpedMethods) {
|
||||
if (count != 0 || !methodsDecrypter.Detected)
|
||||
return false;
|
||||
|
||||
var fileData = DeobUtils.readModule(module);
|
||||
|
|
|
@ -126,7 +126,9 @@ namespace de4dot.code.deobfuscators.CodeWall {
|
|||
return null;
|
||||
}
|
||||
|
||||
public override bool getDecryptedModule(ref byte[] newFileData, ref DumpedMethods dumpedMethods) {
|
||||
public override bool getDecryptedModule(int count, ref byte[] newFileData, ref DumpedMethods dumpedMethods) {
|
||||
if (count != 0)
|
||||
return false;
|
||||
if (!methodsDecrypter.Detected)
|
||||
return false;
|
||||
|
||||
|
|
|
@ -139,7 +139,7 @@ namespace de4dot.code.deobfuscators {
|
|||
protected abstract void scanForObfuscator();
|
||||
protected abstract int detectInternal();
|
||||
|
||||
public virtual bool getDecryptedModule(ref byte[] newFileData, ref DumpedMethods dumpedMethods) {
|
||||
public virtual bool getDecryptedModule(int count, ref byte[] newFileData, ref DumpedMethods dumpedMethods) {
|
||||
return false;
|
||||
}
|
||||
|
||||
|
|
|
@ -83,7 +83,7 @@ namespace de4dot.code.deobfuscators {
|
|||
|
||||
// If the obfuscator has encrypted parts of the file, then this method should return the
|
||||
// decrypted file. true is returned if args have been initialized, false otherwise.
|
||||
bool getDecryptedModule(ref byte[] newFileData, ref DumpedMethods dumpedMethods);
|
||||
bool getDecryptedModule(int count, ref byte[] newFileData, ref DumpedMethods dumpedMethods);
|
||||
|
||||
// This is only called if getDecryptedModule() != null, and after the module has been
|
||||
// reloaded. Should return a new IDeobfuscator with the same options and the new module.
|
||||
|
|
|
@ -190,8 +190,8 @@ namespace de4dot.code.deobfuscators.MPRESS {
|
|||
return false;
|
||||
}
|
||||
|
||||
public override bool getDecryptedModule(ref byte[] newFileData, ref DumpedMethods dumpedMethods) {
|
||||
if (version == Version.Unknown)
|
||||
public override bool getDecryptedModule(int count, ref byte[] newFileData, ref DumpedMethods dumpedMethods) {
|
||||
if (count != 0 || version == Version.Unknown)
|
||||
return false;
|
||||
|
||||
byte[] fileData = ModuleBytes ?? DeobUtils.readModule(module);
|
||||
|
|
|
@ -100,8 +100,8 @@ namespace de4dot.code.deobfuscators.MaxtoCode {
|
|||
mainType.find();
|
||||
}
|
||||
|
||||
public override bool getDecryptedModule(ref byte[] newFileData, ref DumpedMethods dumpedMethods) {
|
||||
if (!mainType.Detected)
|
||||
public override bool getDecryptedModule(int count, ref byte[] newFileData, ref DumpedMethods dumpedMethods) {
|
||||
if (count != 0 || !mainType.Detected)
|
||||
return false;
|
||||
|
||||
var fileData = DeobUtils.readModule(module);
|
||||
|
|
|
@ -141,8 +141,8 @@ namespace de4dot.code.deobfuscators.dotNET_Reactor.v3 {
|
|||
return decrypterType.LinkedResource != null || nativeLibSaver.Resource != null;
|
||||
}
|
||||
|
||||
public override bool getDecryptedModule(ref byte[] newFileData, ref DumpedMethods dumpedMethods) {
|
||||
if (!needsPatching())
|
||||
public override bool getDecryptedModule(int count, ref byte[] newFileData, ref DumpedMethods dumpedMethods) {
|
||||
if (count != 0 || !needsPatching())
|
||||
return false;
|
||||
|
||||
var fileData = ModuleBytes ?? DeobUtils.readModule(module);
|
||||
|
|
|
@ -367,7 +367,9 @@ namespace de4dot.code.deobfuscators.dotNET_Reactor.v4 {
|
|||
return false;
|
||||
}
|
||||
|
||||
public override bool getDecryptedModule(ref byte[] newFileData, ref DumpedMethods dumpedMethods) {
|
||||
public override bool getDecryptedModule(int count, ref byte[] newFileData, ref DumpedMethods dumpedMethods) {
|
||||
if (count != 0)
|
||||
return false;
|
||||
fileData = ModuleBytes ?? DeobUtils.readModule(module);
|
||||
peImage = new PeImage(fileData);
|
||||
|
||||
|
|
Loading…
Reference in New Issue
Block a user