diff --git a/de4dot.code/de4dot.code.csproj b/de4dot.code/de4dot.code.csproj
index 0cfd3f72..72a0290b 100644
--- a/de4dot.code/de4dot.code.csproj
+++ b/de4dot.code/de4dot.code.csproj
@@ -58,6 +58,7 @@
+
diff --git a/de4dot.code/deobfuscators/Babel_NET/BabelUtils.cs b/de4dot.code/deobfuscators/Babel_NET/BabelUtils.cs
new file mode 100644
index 00000000..bf06b3ad
--- /dev/null
+++ b/de4dot.code/deobfuscators/Babel_NET/BabelUtils.cs
@@ -0,0 +1,86 @@
+/*
+ Copyright (C) 2011-2012 de4dot@gmail.com
+
+ This file is part of de4dot.
+
+ de4dot is free software: you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation, either version 3 of the License, or
+ (at your option) any later version.
+
+ de4dot is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with de4dot. If not, see .
+*/
+
+using Mono.Cecil;
+using Mono.Cecil.Cil;
+using de4dot.blocks;
+
+namespace de4dot.code.deobfuscators.Babel_NET {
+ static class BabelUtils {
+ public static EmbeddedResource findEmbeddedResource(ModuleDefinition module, TypeDefinition decrypterType) {
+ return findEmbeddedResource(module, decrypterType, (method) => { });
+ }
+
+ public static EmbeddedResource findEmbeddedResource(ModuleDefinition module, TypeDefinition decrypterType, ISimpleDeobfuscator simpleDeobfuscator, IDeobfuscator deob) {
+ return findEmbeddedResource(module, decrypterType, (method) => {
+ simpleDeobfuscator.deobfuscate(method);
+ simpleDeobfuscator.decryptStrings(method, deob);
+ });
+ }
+
+ public static EmbeddedResource findEmbeddedResource(ModuleDefinition module, TypeDefinition decrypterType, Action fixMethod) {
+ foreach (var method in decrypterType.Methods) {
+ if (!DotNetUtils.isMethod(method, "System.String", "()"))
+ continue;
+ if (!method.IsStatic)
+ continue;
+ fixMethod(method);
+ foreach (var s in DotNetUtils.getCodeStrings(method)) {
+ var resource = DotNetUtils.getResource(module, s) as EmbeddedResource;
+ if (resource != null)
+ return resource;
+ }
+ }
+ return null;
+ }
+
+ public static bool findRegisterMethod(TypeDefinition type, out MethodDefinition regMethod, out MethodDefinition handler) {
+ foreach (var method in type.Methods) {
+ if (!method.IsStatic || method.Body == null)
+ continue;
+ if (method.Body.ExceptionHandlers.Count != 1)
+ continue;
+
+ foreach (var instr in method.Body.Instructions) {
+ if (instr.OpCode.Code != Code.Ldftn)
+ continue;
+ var handlerRef = instr.Operand as MethodReference;
+ if (handlerRef == null)
+ continue;
+ if (!DotNetUtils.isMethod(handlerRef, "System.Reflection.Assembly", "(System.Object,System.ResolveEventArgs)"))
+ continue;
+ if (!MemberReferenceHelper.compareTypes(type, handlerRef.DeclaringType))
+ continue;
+ handler = DotNetUtils.getMethod(type, handlerRef);
+ if (handler == null)
+ continue;
+ if (handler.Body == null || handler.Body.ExceptionHandlers.Count != 1)
+ continue;
+
+ regMethod = method;
+ return true;
+ }
+ }
+
+ regMethod = null;
+ handler = null;
+ return false;
+ }
+ }
+}
diff --git a/de4dot.code/deobfuscators/Babel_NET/ConstantsDecrypter.cs b/de4dot.code/deobfuscators/Babel_NET/ConstantsDecrypter.cs
index 2114ee3f..758e793e 100644
--- a/de4dot.code/deobfuscators/Babel_NET/ConstantsDecrypter.cs
+++ b/de4dot.code/deobfuscators/Babel_NET/ConstantsDecrypter.cs
@@ -141,7 +141,7 @@ namespace de4dot.code.deobfuscators.Babel_NET {
if (decrypterType == null)
return;
- encryptedResource = findEncryptedResource(simpleDeobfuscator, deob);
+ encryptedResource = BabelUtils.findEmbeddedResource(module, decrypterType, simpleDeobfuscator, deob);
if (encryptedResource == null) {
Log.w("Could not find encrypted constants resource");
return;
@@ -172,23 +172,6 @@ namespace de4dot.code.deobfuscators.Babel_NET {
decryptedDoubles[count] = reader.ReadDouble();
}
- EmbeddedResource findEncryptedResource(ISimpleDeobfuscator simpleDeobfuscator, IDeobfuscator deob) {
- foreach (var method in decrypterType.Methods) {
- if (!DotNetUtils.isMethod(method, "System.String", "()"))
- continue;
- if (!method.IsStatic)
- continue;
- simpleDeobfuscator.deobfuscate(method);
- simpleDeobfuscator.decryptStrings(method, deob);
- foreach (var s in DotNetUtils.getCodeStrings(method)) {
- var resource = DotNetUtils.getResource(module, s) as EmbeddedResource;
- if (resource != null)
- return resource;
- }
- }
- return null;
- }
-
public int decryptInt32(int index) {
return decryptedInts[index];
}
diff --git a/de4dot.code/deobfuscators/Babel_NET/MethodsDecrypter.cs b/de4dot.code/deobfuscators/Babel_NET/MethodsDecrypter.cs
index 6f9cef3d..11ed7057 100644
--- a/de4dot.code/deobfuscators/Babel_NET/MethodsDecrypter.cs
+++ b/de4dot.code/deobfuscators/Babel_NET/MethodsDecrypter.cs
@@ -94,7 +94,7 @@ namespace de4dot.code.deobfuscators.Babel_NET {
if (methodsDecrypter == null)
return;
- encryptedResource = findEncryptedResource(simpleDeobfuscator, deob);
+ encryptedResource = BabelUtils.findEmbeddedResource(module, methodsDecrypter, simpleDeobfuscator, deob);
if (encryptedResource == null) {
Log.w("Could not find encrypted methods resource");
return;
@@ -114,23 +114,6 @@ namespace de4dot.code.deobfuscators.Babel_NET {
imageReaders[name] = imageReader;
}
- EmbeddedResource findEncryptedResource(ISimpleDeobfuscator simpleDeobfuscator, IDeobfuscator deob) {
- foreach (var method in methodsDecrypter.Methods) {
- if (!DotNetUtils.isMethod(method, "System.String", "()"))
- continue;
- if (!method.IsStatic)
- continue;
- simpleDeobfuscator.deobfuscate(method);
- simpleDeobfuscator.decryptStrings(method, deob);
- foreach (var s in DotNetUtils.getCodeStrings(method)) {
- var resource = DotNetUtils.getResource(module, s) as EmbeddedResource;
- if (resource != null)
- return resource;
- }
- }
- return null;
- }
-
class EncryptInfo {
public string encryptedMethodName;
public string feature;
diff --git a/de4dot.code/deobfuscators/Babel_NET/ResourceResolver.cs b/de4dot.code/deobfuscators/Babel_NET/ResourceResolver.cs
index aa106116..d14410ec 100644
--- a/de4dot.code/deobfuscators/Babel_NET/ResourceResolver.cs
+++ b/de4dot.code/deobfuscators/Babel_NET/ResourceResolver.cs
@@ -19,7 +19,6 @@
using System.IO;
using Mono.Cecil;
-using Mono.Cecil.Cil;
using de4dot.blocks;
namespace de4dot.code.deobfuscators.Babel_NET {
@@ -59,10 +58,10 @@ namespace de4dot.code.deobfuscators.Babel_NET {
continue;
MethodDefinition regMethod, handler;
- if (!findRegisterMethod(type, out regMethod, out handler))
+ if (!BabelUtils.findRegisterMethod(type, out regMethod, out handler))
continue;
- var resource = findEmbeddedResource(type);
+ var resource = BabelUtils.findEmbeddedResource(module, type);
if (resource == null)
continue;
@@ -73,52 +72,6 @@ namespace de4dot.code.deobfuscators.Babel_NET {
}
}
- bool findRegisterMethod(TypeDefinition type, out MethodDefinition regMethod, out MethodDefinition handler) {
- foreach (var method in type.Methods) {
- if (!method.IsStatic || method.Body == null)
- continue;
- if (method.Body.ExceptionHandlers.Count != 1)
- continue;
-
- foreach (var instr in method.Body.Instructions) {
- if (instr.OpCode.Code != Code.Ldftn)
- continue;
- var handlerRef = instr.Operand as MethodReference;
- if (handlerRef == null)
- continue;
- if (!DotNetUtils.isMethod(handlerRef, "System.Reflection.Assembly", "(System.Object,System.ResolveEventArgs)"))
- continue;
- if (!MemberReferenceHelper.compareTypes(type, handlerRef.DeclaringType))
- continue;
- handler = DotNetUtils.getMethod(type, handlerRef);
- if (handler == null)
- continue;
- if (handler.Body == null || handler.Body.ExceptionHandlers.Count != 1)
- continue;
-
- regMethod = method;
- return true;
- }
- }
-
- regMethod = null;
- handler = null;
- return false;
- }
-
- EmbeddedResource findEmbeddedResource(TypeDefinition type) {
- foreach (var method in type.Methods) {
- if (!DotNetUtils.isMethod(method, "System.String", "()"))
- continue;
- foreach (var s in DotNetUtils.getCodeStrings(method)) {
- var resource = DotNetUtils.getResource(module, s) as EmbeddedResource;
- if (resource != null)
- return resource;
- }
- }
- return null;
- }
-
public EmbeddedResource mergeResources() {
if (encryptedResource == null)
return null;
diff --git a/de4dot.code/deobfuscators/Babel_NET/StringDecrypter.cs b/de4dot.code/deobfuscators/Babel_NET/StringDecrypter.cs
index 4aed6c71..5e7566d6 100644
--- a/de4dot.code/deobfuscators/Babel_NET/StringDecrypter.cs
+++ b/de4dot.code/deobfuscators/Babel_NET/StringDecrypter.cs
@@ -213,7 +213,7 @@ namespace de4dot.code.deobfuscators.Babel_NET {
return;
if (decrypterInfo.NeedsResource) {
- encryptedResource = findResource();
+ encryptedResource = BabelUtils.findEmbeddedResource(module, decrypterType);
if (encryptedResource == null)
return;
}
@@ -221,17 +221,6 @@ namespace de4dot.code.deobfuscators.Babel_NET {
decrypterInfo.initialize(module, encryptedResource);
}
- EmbeddedResource findResource() {
- foreach (var method in decrypterType.Methods) {
- foreach (var s in DotNetUtils.getCodeStrings(method)) {
- var resource = DotNetUtils.getResource(module, s) as EmbeddedResource;
- if (resource != null)
- return resource;
- }
- }
- return null;
- }
-
public string decrypt(object[] args) {
return decrypterInfo.decrypt(args);
}