Move common code to another class
This commit is contained in:
de4dot
parent
83b14da5c8
commit
6b18d70e77
|
|
@ -107,6 +107,7 @@
|
|||
<Compile Include="deobfuscators\CodeVeil\Deobfuscator.cs" />
|
||||
<Compile Include="deobfuscators\CodeVeil\ProxyDelegateFinder.cs" />
|
||||
<Compile Include="deobfuscators\CodeVeil\TamperDetection.cs" />
|
||||
<Compile Include="deobfuscators\ConstantsReader.cs" />
|
||||
<Compile Include="deobfuscators\CryptoObfuscator\AntiDebugger.cs" />
|
||||
<Compile Include="deobfuscators\CryptoObfuscator\AssemblyResolver.cs" />
|
||||
<Compile Include="deobfuscators\CryptoObfuscator\Deobfuscator.cs" />
|
||||
|
|
@ -152,7 +153,7 @@
|
|||
<Compile Include="deobfuscators\dotNET_Reactor\v3\MemoryPatcher.cs" />
|
||||
<Compile Include="deobfuscators\Eazfuscator_NET\AssemblyResolver.cs" />
|
||||
<Compile Include="deobfuscators\Eazfuscator_NET\CodeCompilerMethodCallRestorer.cs" />
|
||||
<Compile Include="deobfuscators\Eazfuscator_NET\ConstantsReader.cs" />
|
||||
<Compile Include="deobfuscators\Eazfuscator_NET\EfConstantsReader.cs" />
|
||||
<Compile Include="deobfuscators\Eazfuscator_NET\DecrypterType.cs" />
|
||||
<Compile Include="deobfuscators\Eazfuscator_NET\Deobfuscator.cs" />
|
||||
<Compile Include="deobfuscators\Eazfuscator_NET\EfUtils.cs" />
|
||||
|
|
|
|||
|
|
@ -23,39 +23,57 @@ using Mono.Cecil.Cil;
|
|||
using Mono.Cecil.Metadata;
|
||||
using de4dot.blocks;
|
||||
|
||||
namespace de4dot.code.deobfuscators.Eazfuscator_NET {
|
||||
namespace de4dot.code.deobfuscators {
|
||||
class ConstantsReader {
|
||||
IList<Instruction> instructions;
|
||||
IList<VariableDefinition> locals;
|
||||
Dictionary<VariableDefinition, int> localsValues = new Dictionary<VariableDefinition, int>();
|
||||
protected IInstructions instructions;
|
||||
protected IList<VariableDefinition> locals;
|
||||
protected Dictionary<VariableDefinition, int> localsValues = new Dictionary<VariableDefinition, int>();
|
||||
|
||||
public ConstantsReader(MethodDefinition method) {
|
||||
instructions = method.Body.Instructions;
|
||||
locals = method.Body.Variables;
|
||||
initialize();
|
||||
public interface IInstructions {
|
||||
int Count { get; }
|
||||
Instruction this[int index] { get; }
|
||||
}
|
||||
|
||||
void initialize() {
|
||||
findConstants();
|
||||
}
|
||||
class ListInstructions : IInstructions {
|
||||
IList<Instruction> instrs;
|
||||
|
||||
void findConstants() {
|
||||
for (int index = 0; index < instructions.Count; ) {
|
||||
int value;
|
||||
if (!getInt32(ref index, out value))
|
||||
break;
|
||||
var stloc = instructions[index];
|
||||
if (!DotNetUtils.isStloc(stloc))
|
||||
break;
|
||||
var local = DotNetUtils.getLocalVar(locals, stloc);
|
||||
if (local == null || local.VariableType.EType != ElementType.I4)
|
||||
break;
|
||||
localsValues[local] = value;
|
||||
index++;
|
||||
public int Count {
|
||||
get { return instrs.Count; }
|
||||
}
|
||||
|
||||
if (localsValues.Count != 2)
|
||||
localsValues.Clear();
|
||||
public Instruction this[int index] {
|
||||
get { return instrs[index]; }
|
||||
}
|
||||
|
||||
public ListInstructions(IList<Instruction> instrs) {
|
||||
this.instrs = instrs;
|
||||
}
|
||||
}
|
||||
|
||||
class ListInstrs : IInstructions {
|
||||
IList<Instr> instrs;
|
||||
|
||||
public int Count {
|
||||
get { return instrs.Count; }
|
||||
}
|
||||
|
||||
public Instruction this[int index] {
|
||||
get { return instrs[index].Instruction; }
|
||||
}
|
||||
|
||||
public ListInstrs(IList<Instr> instrs) {
|
||||
this.instrs = instrs;
|
||||
}
|
||||
}
|
||||
|
||||
public ConstantsReader(MethodDefinition method) {
|
||||
this.locals = method.Body.Variables;
|
||||
this.instructions = new ListInstructions(method.Body.Instructions);
|
||||
}
|
||||
|
||||
public ConstantsReader(IList<VariableDefinition> locals, IList<Instr> instrs) {
|
||||
this.locals = locals;
|
||||
this.instructions = new ListInstrs(instrs);
|
||||
}
|
||||
|
||||
public bool getNextInt32(ref int index, out int val) {
|
||||
|
|
@ -283,7 +283,7 @@ namespace de4dot.code.deobfuscators.Eazfuscator_NET {
|
|||
|
||||
int index = 0;
|
||||
var instrs = method.Body.Instructions;
|
||||
var constantsReader = new ConstantsReader(method);
|
||||
var constantsReader = new EfConstantsReader(method);
|
||||
while (true) {
|
||||
int val;
|
||||
if (!constantsReader.getNextInt32(ref index, out val))
|
||||
|
|
|
|||
|
|
@ -0,0 +1,54 @@
|
|||
/*
|
||||
Copyright (C) 2011-2012 de4dot@gmail.com
|
||||
|
||||
This file is part of de4dot.
|
||||
|
||||
de4dot is free software: you can redistribute it and/or modify
|
||||
it under the terms of the GNU General Public License as published by
|
||||
the Free Software Foundation, either version 3 of the License, or
|
||||
(at your option) any later version.
|
||||
|
||||
de4dot is distributed in the hope that it will be useful,
|
||||
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
GNU General Public License for more details.
|
||||
|
||||
You should have received a copy of the GNU General Public License
|
||||
along with de4dot. If not, see <http://www.gnu.org/licenses/>.
|
||||
*/
|
||||
|
||||
using Mono.Cecil;
|
||||
using Mono.Cecil.Metadata;
|
||||
using de4dot.blocks;
|
||||
|
||||
namespace de4dot.code.deobfuscators.Eazfuscator_NET {
|
||||
class EfConstantsReader : ConstantsReader {
|
||||
public EfConstantsReader(MethodDefinition method)
|
||||
: base(method) {
|
||||
initialize();
|
||||
}
|
||||
|
||||
void initialize() {
|
||||
findConstants();
|
||||
}
|
||||
|
||||
void findConstants() {
|
||||
for (int index = 0; index < instructions.Count; ) {
|
||||
int value;
|
||||
if (!getInt32(ref index, out value))
|
||||
break;
|
||||
var stloc = instructions[index];
|
||||
if (!DotNetUtils.isStloc(stloc))
|
||||
break;
|
||||
var local = DotNetUtils.getLocalVar(locals, stloc);
|
||||
if (local == null || local.VariableType.EType != ElementType.I4)
|
||||
break;
|
||||
localsValues[local] = value;
|
||||
index++;
|
||||
}
|
||||
|
||||
if (localsValues.Count != 2)
|
||||
localsValues.Clear();
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
@ -44,7 +44,7 @@ namespace de4dot.code.deobfuscators.Eazfuscator_NET {
|
|||
BinaryReader reader;
|
||||
DecrypterType decrypterType;
|
||||
StreamHelperType streamHelperType;
|
||||
ConstantsReader stringMethodConsts;
|
||||
EfConstantsReader stringMethodConsts;
|
||||
bool isV32OrLater;
|
||||
|
||||
class StreamHelperType {
|
||||
|
|
@ -219,7 +219,7 @@ namespace de4dot.code.deobfuscators.Eazfuscator_NET {
|
|||
|
||||
bool findConstants(ISimpleDeobfuscator simpleDeobfuscator) {
|
||||
simpleDeobfuscator.deobfuscate(stringMethod);
|
||||
stringMethodConsts = new ConstantsReader(stringMethod);
|
||||
stringMethodConsts = new EfConstantsReader(stringMethod);
|
||||
|
||||
if (!findResource(stringMethod))
|
||||
return false;
|
||||
|
|
@ -658,7 +658,7 @@ namespace de4dot.code.deobfuscators.Eazfuscator_NET {
|
|||
return findIntsCctor2(cctor);
|
||||
|
||||
int tmp1, tmp2, tmp3 = 0;
|
||||
var constantsReader = new ConstantsReader(cctor);
|
||||
var constantsReader = new EfConstantsReader(cctor);
|
||||
if (!constantsReader.getNextInt32(ref index, out tmp1))
|
||||
return false;
|
||||
if (tmp1 == 0 && !constantsReader.getNextInt32(ref index, out tmp1))
|
||||
|
|
@ -684,7 +684,7 @@ namespace de4dot.code.deobfuscators.Eazfuscator_NET {
|
|||
bool findIntsCctor2(MethodDefinition cctor) {
|
||||
int index = 0;
|
||||
var instrs = cctor.Body.Instructions;
|
||||
var constantsReader = new ConstantsReader(cctor);
|
||||
var constantsReader = new EfConstantsReader(cctor);
|
||||
while (index >= 0) {
|
||||
int val;
|
||||
if (!constantsReader.getNextInt32(ref index, out val))
|
||||
|
|
|
|||
Loading…
Reference in New Issue
Block a user