From 4e997910e411e14537910658b005c6086599f6e8 Mon Sep 17 00:00:00 2001
From: de4dot <de4dot@gmail.com>
Date: Thu, 8 Mar 2012 19:21:54 +0100
Subject: [PATCH] Update detection of string decrypter type

---
 .../Eazfuscator_NET/StringDecrypter.cs          | 17 +++++++++++++++++
 1 file changed, 17 insertions(+)

diff --git a/de4dot.code/deobfuscators/Eazfuscator_NET/StringDecrypter.cs b/de4dot.code/deobfuscators/Eazfuscator_NET/StringDecrypter.cs
index 28bf4a73..6b0ff789 100644
--- a/de4dot.code/deobfuscators/Eazfuscator_NET/StringDecrypter.cs
+++ b/de4dot.code/deobfuscators/Eazfuscator_NET/StringDecrypter.cs
@@ -118,7 +118,13 @@ namespace de4dot.code.deobfuscators.Eazfuscator_NET {
 			}
 		}
 
+		static string[] requiredFieldTypes = new string[] {
+			"System.Byte[]",
+			"System.Int16",
+		};
 		bool checkType(TypeDefinition type) {
+			if (!new FieldTypes(type).all(requiredFieldTypes))
+				return false;
 			if (type.NestedTypes.Count == 0) {
 				return DotNetUtils.findFieldType(type, "System.IO.BinaryReader", true) != null &&
 					DotNetUtils.findFieldType(type, "System.Collections.Generic.Dictionary`2<System.Int32,System.String>", true) != null;
@@ -156,11 +162,22 @@ namespace de4dot.code.deobfuscators.Eazfuscator_NET {
 			return null;
 		}
 
+		static string[] requiredLocalTypes = new string[] {
+			"System.Boolean",
+			"System.Byte[]",
+			"System.Char[]",
+			"System.Int16",
+			"System.Int32",
+			"System.Reflection.Assembly",
+			"System.String",
+		};
 		static bool checkDecrypterMethod(MethodDefinition method) {
 			if (method == null || !method.IsStatic || method.Body == null)
 				return false;
 			if (!DotNetUtils.isMethod(method, "System.String", "(System.Int32)"))
 				return false;
+			if (!new LocalTypes(method).all(requiredLocalTypes))
+				return false;
 
 			foreach (var instr in method.Body.Instructions) {
 				if (instr.OpCode != OpCodes.Callvirt)