monocul.us/de4dot-cex
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Update DS string decrypter

Browse Source
This commit is contained in:
de4dot 2012-12-14 12:40:44 +01:00
parent 88d1a8ab89
commit 63f1ec4f93
1 changed files with 19 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

26
de4dot.code/deobfuscators/DeepSea/ResourceResolver.cs
View File

@ -140,7 +140,8 @@ namespace de4dot.code.deobfuscators.DeepSea {
data41.resourceField = getLdtokenField(info.handler); data41.resourceField = getLdtokenField(info.handler);
if (data41.resourceField == null) if (data41.resourceField == null)
return false; return false;
int magicArgIndex = getMagicArgIndex41Retail(info.handler); bool isOtherRetail;
int magicArgIndex = getMagicArgIndex41Retail(info.handler, out isOtherRetail);
if (magicArgIndex < 0) { if (magicArgIndex < 0) {
magicArgIndex = getMagicArgIndex41Trial(info.handler); magicArgIndex = getMagicArgIndex41Trial(info.handler);
data41.isTrial = true; data41.isTrial = true;
@ -153,29 +154,40 @@ namespace de4dot.code.deobfuscators.DeepSea {
return false; return false;
if (data41.isTrial) if (data41.isTrial)
data41.magic = (int)val >> 3; data41.magic = (int)val >> 3;
else if (isOtherRetail)
data41.magic = data41.resourceField.InitialValue.Length - (int)val;
else else
data41.magic = ((asmVer.Major << 3) | (asmVer.Minor << 2) | asmVer.Revision) - (int)val; data41.magic = ((asmVer.Major << 3) | (asmVer.Minor << 2) | asmVer.Revision) - (int)val;
return true; return true;
} }
static int getMagicArgIndex41Retail(MethodDef method) { static int getMagicArgIndex41Retail(MethodDef method, out bool isOtherRetail) {
isOtherRetail = false;
var instrs = method.Body.Instructions; var instrs = method.Body.Instructions;
for (int i = 0; i < instrs.Count - 3; i++) { for (int i = 0; i < instrs.Count - 4; i++) {
var add = instrs[i]; isOtherRetail = false;
var ld = instrs[i];
if (ld.IsLdarg())
isOtherRetail = true;
else if (!ld.IsLdloc())
continue;
var add = instrs[i + 1];
if (add.OpCode.Code != Code.Add) if (add.OpCode.Code != Code.Add)
continue; continue;
var ldarg = instrs[i + 1]; var ldarg = instrs[i + 2];
if (!ldarg.IsLdarg()) if (!ldarg.IsLdarg())
continue; continue;
var sub = instrs[i + 2]; var sub = instrs[i + 3];
if (sub.OpCode.Code != Code.Sub) if (sub.OpCode.Code != Code.Sub)
continue; continue;
var ldci4 = instrs[i + 3]; var ldci4 = instrs[i + 4];
if (!ldci4.IsLdcI4() || ldci4.GetLdcI4Value() != 0xFF) if (!ldci4.IsLdcI4() || ldci4.GetLdcI4Value() != 0xFF)
continue; continue;
return ldarg.GetParameterIndex(); return ldarg.GetParameterIndex();
} }
return -1; return -1;
} }