monocul.us/de4dot-cex
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Throw if invalid method body

Browse Source
This commit is contained in:
de4dot 2012-04-22 14:13:48 +02:00
parent 1a79ffde92
commit 59e2e51882
1 changed files with 34 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

44
de4dot.code/deobfuscators/MethodBodyParser.cs
View File

@ -21,33 +21,57 @@ using System;
using System.IO; using System.IO;
namespace de4dot.code.deobfuscators { namespace de4dot.code.deobfuscators {
[Serializable]
class InvalidMethodBody : Exception {
public InvalidMethodBody() {
}
public InvalidMethodBody(string msg)
: base(msg) {
}
}
static class MethodBodyParser { static class MethodBodyParser {
public static void parseMethodBody(BinaryReader reader, out byte[] code, out byte[] extraSections) { public static void parseMethodBody(BinaryReader reader, out byte[] code, out byte[] extraSections) {
long methodBodyOffset = reader.BaseStream.Position; try {
parseMethodBody2(reader, out code, out extraSections);
}
catch (IOException) {
throw new InvalidMethodBody();
}
}
uint codeOffset; static void parseMethodBody2(BinaryReader reader, out byte[] code, out byte[] extraSections) {
int codeSize; uint codeOffset, codeSize;
ushort flags; ushort flags;
switch (peek(reader) & 3) { switch (peek(reader) & 3) {
case 2: case 2:
flags = 2; flags = 2;
codeOffset = 1; codeOffset = 1;
codeSize = reader.ReadByte() >> 2; codeSize = (uint)(reader.ReadByte() >> 2);
break; break;
case 3: case 3:
flags = reader.ReadUInt16(); flags = reader.ReadUInt16();
codeOffset = (uint)(4 * (flags >> 12)); codeOffset = (uint)(4 * (flags >> 12));
if (codeOffset != 12)
throw new InvalidMethodBody();
reader.ReadUInt16(); // maxStack reader.ReadUInt16(); // maxStack
codeSize = reader.ReadInt32(); codeSize = reader.ReadUInt32();
reader.ReadUInt32(); // LocalVarSigTok if (codeSize > int.MaxValue)
throw new InvalidMethodBody();
uint lsig = reader.ReadUInt32();
if (lsig != 0 && (lsig >> 24) != 0x11)
throw new InvalidMethodBody();
break; break;
default: default:
throw new ApplicationException("Invalid method body header"); throw new InvalidMethodBody();
} }
code = reader.ReadBytes(codeSize); if (codeSize + codeOffset > reader.BaseStream.Length)
throw new InvalidMethodBody();
code = reader.ReadBytes((int)codeSize);
if ((flags & 8) != 0) if ((flags & 8) != 0)
extraSections = readExtraSections(reader); extraSections = readExtraSections(reader);
@ -75,9 +99,9 @@ namespace de4dot.code.deobfuscators {
flags = reader.ReadByte(); flags = reader.ReadByte();
if ((flags & 1) == 0) if ((flags & 1) == 0)
throw new ApplicationException("Not an exception section"); throw new InvalidMethodBody("Not an exception section");
if ((flags & 0x3E) != 0) if ((flags & 0x3E) != 0)
throw new ApplicationException("Invalid bits set"); throw new InvalidMethodBody("Invalid bits set");
if ((flags & 0x40) != 0) { if ((flags & 0x40) != 0) {
reader.BaseStream.Position--; reader.BaseStream.Position--;