monocul.us/de4dot-cex
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Deobfuscate cflow again if a bool was decrypted

Browse Source
This commit is contained in:
de4dot 2011-10-26 22:16:51 +02:00
parent bd7a6763a6
commit 63ab61fb12
4 changed files with 21 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
de4dot.code/ObfuscatedFile.cs
View File

@ -481,9 +481,18 @@ namespace de4dot {
if (options.ControlFlowDeobfuscation) { if (options.ControlFlowDeobfuscation) {
cflowDeobfuscator.init(blocks); cflowDeobfuscator.init(blocks);
cflowDeobfuscator.deobfuscate(); cflowDeobfuscator.deobfuscate();
}
if (deob.deobfuscateOther(blocks) && options.ControlFlowDeobfuscation) {
cflowDeobfuscator.init(blocks);
cflowDeobfuscator.deobfuscate();
}
if (options.ControlFlowDeobfuscation) {
numRemovedLocals = blocks.optimizeLocals(); numRemovedLocals = blocks.optimizeLocals();
blocks.repartitionBlocks(); blocks.repartitionBlocks();
} }
deobfuscateStrings(blocks); deobfuscateStrings(blocks);
deob.deobfuscateMethodEnd(blocks); deob.deobfuscateMethodEnd(blocks);

4
de4dot.code/deobfuscators/DeobfuscatorBase.cs
View File

@ -123,6 +123,10 @@ namespace de4dot.deobfuscators {
staticStringDecrypter.decrypt(blocks); staticStringDecrypter.decrypt(blocks);
} }
public virtual bool deobfuscateOther(Blocks blocks) {
return false;
}
public virtual void deobfuscateEnd() { public virtual void deobfuscateEnd() {
if (!Operations.KeepObfuscatorTypes) { if (!Operations.KeepObfuscatorTypes) {
deleteEmptyCctors(); deleteEmptyCctors();

3
de4dot.code/deobfuscators/IDeobfuscator.cs
View File

@ -80,6 +80,9 @@ namespace de4dot.deobfuscators {
// Called before the code is deobfuscated // Called before the code is deobfuscated
void deobfuscateMethodBegin(Blocks blocks); void deobfuscateMethodBegin(Blocks blocks);
// Return true if we should deobfuscate control flow again
bool deobfuscateOther(Blocks blocks);
// Called after deobfuscateMethodBegin() but before deobfuscateMethodEnd() // Called after deobfuscateMethodBegin() but before deobfuscateMethodEnd()
void deobfuscateStrings(Blocks blocks); void deobfuscateStrings(Blocks blocks);

7
de4dot.code/deobfuscators/dotNET_Reactor/Deobfuscator.cs
View File

@ -149,10 +149,13 @@ namespace de4dot.deobfuscators.dotNET_Reactor {
DeobfuscatedFile.stringDecryptersAdded(); DeobfuscatedFile.stringDecryptersAdded();
} }
public override void deobfuscateMethodEnd(Blocks blocks) { public override bool deobfuscateOther(Blocks blocks) {
if (boolValueInliner.HasHandlers) if (boolValueInliner.HasHandlers)
boolValueInliner.decrypt(blocks); return boolValueInliner.decrypt(blocks) > 0;
return false;
}
public override void deobfuscateMethodEnd(Blocks blocks) {
base.deobfuscateMethodEnd(blocks); base.deobfuscateMethodEnd(blocks);
} }