monocul.us/de4dot-cex
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Change getCalledMethods() return type

Browse Source
This commit is contained in:
de4dot 2012-03-17 20:36:41 +01:00
parent 0b858c47ed
commit 6f01d48593
24 changed files with 48 additions and 72 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
blocks/DotNetUtils.cs
View File

@ -689,7 +689,7 @@ namespace de4dot.blocks {
return (string)carg.Value; return (string)carg.Value;
} }
public static IEnumerable<Tuple<TypeDefinition, MethodDefinition>> getCalledMethods(ModuleDefinition module, MethodDefinition method) { public static IEnumerable<MethodDefinition> getCalledMethods(ModuleDefinition module, MethodDefinition method) {
if (method != null && method.HasBody) { if (method != null && method.HasBody) {
foreach (var call in method.Body.Instructions) { foreach (var call in method.Body.Instructions) {
if (call.OpCode.Code != Code.Call && call.OpCode.Code != Code.Callvirt) if (call.OpCode.Code != Code.Call && call.OpCode.Code != Code.Callvirt)
@ -699,12 +699,8 @@ namespace de4dot.blocks {
continue; continue;
var type = getType(module, methodRef.DeclaringType); var type = getType(module, methodRef.DeclaringType);
var methodDef = getMethod(type, methodRef); var methodDef = getMethod(type, methodRef);
if (methodDef != null) { if (methodDef != null)
yield return new Tuple<TypeDefinition, MethodDefinition> { yield return methodDef;
Item1 = type,
Item2 = methodDef,
};
}
} }
} }
} }

3
de4dot.code/deobfuscators/Babel_NET/ProxyDelegateFinder.cs
View File

@ -159,8 +159,7 @@ namespace de4dot.code.deobfuscators.Babel_NET {
} }
ProxyCreatorType getProxyCreatorType(MethodDefinition methodToCheck) { ProxyCreatorType getProxyCreatorType(MethodDefinition methodToCheck) {
foreach (var info in DotNetUtils.getCalledMethods(module, methodToCheck)) { foreach (var calledMethod in DotNetUtils.getCalledMethods(module, methodToCheck)) {
var calledMethod = info.Item2;
if (!calledMethod.IsStatic || calledMethod.Body == null) if (!calledMethod.IsStatic || calledMethod.Body == null)
continue; continue;
if (!MemberReferenceHelper.compareTypes(methodToCheck.DeclaringType, calledMethod.DeclaringType)) if (!MemberReferenceHelper.compareTypes(methodToCheck.DeclaringType, calledMethod.DeclaringType))

4
de4dot.code/deobfuscators/CodeVeil/MainType.cs
View File

@ -231,8 +231,8 @@ namespace de4dot.code.deobfuscators.CodeVeil {
} }
bool callsMethod(MethodDefinition methodToCheck, MethodDefinition calledMethod) { bool callsMethod(MethodDefinition methodToCheck, MethodDefinition calledMethod) {
foreach (var info in DotNetUtils.getCalledMethods(module, methodToCheck)) { foreach (var method in DotNetUtils.getCalledMethods(module, methodToCheck)) {
if (info.Item2 == calledMethod) if (method == calledMethod)
return true; return true;
} }
return false; return false;

12
de4dot.code/deobfuscators/CodeVeil/ProxyDelegateFinder.cs
View File

@ -156,16 +156,16 @@ namespace de4dot.code.deobfuscators.CodeVeil {
} }
bool initProxyType(Info infoTmp, MethodDefinition method) { bool initProxyType(Info infoTmp, MethodDefinition method) {
foreach (var call in DotNetUtils.getCalledMethods(module, method)) { foreach (var calledMethod in DotNetUtils.getCalledMethods(module, method)) {
if (!call.Item2.IsStatic) if (!calledMethod.IsStatic)
continue; continue;
if (!DotNetUtils.isMethod(call.Item2, "System.Void", "(System.Int32)")) if (!DotNetUtils.isMethod(calledMethod, "System.Void", "(System.Int32)"))
continue; continue;
if (!checkProxyType(infoTmp, call.Item1)) if (!checkProxyType(infoTmp, calledMethod.DeclaringType))
continue; continue;
infoTmp.proxyType = call.Item1; infoTmp.proxyType = calledMethod.DeclaringType;
infoTmp.initMethod = call.Item2; infoTmp.initMethod = calledMethod;
return true; return true;
} }
return false; return false;

4
de4dot.code/deobfuscators/CodeVeil/StringDecrypter.cs
View File

@ -108,8 +108,8 @@ namespace de4dot.code.deobfuscators.CodeVeil {
void findV5(MethodDefinition method) { void findV5(MethodDefinition method) {
if (!mainType.Detected) if (!mainType.Detected)
return; return;
foreach (var info in DotNetUtils.getCalledMethods(module, mainType.InitMethod)) { foreach (var calledMethod in DotNetUtils.getCalledMethods(module, mainType.InitMethod)) {
if (find(info.Item2)) if (find(calledMethod))
return; return;
} }
} }

4
de4dot.code/deobfuscators/CodeVeil/TamperDetection.cs
View File

@ -117,8 +117,8 @@ namespace de4dot.code.deobfuscators.CodeVeil {
} }
bool callsMainTypeTamperCheckMethod(MethodDefinition method) { bool callsMainTypeTamperCheckMethod(MethodDefinition method) {
foreach (var info in DotNetUtils.getCalledMethods(module, method)) { foreach (var calledMethod in DotNetUtils.getCalledMethods(module, method)) {
if (info.Item2 == mainType.TamperCheckMethod) if (calledMethod == mainType.TamperCheckMethod)
return true; return true;
} }

5
de4dot.code/deobfuscators/CryptoObfuscator/AntiDebugger.cs
View File

@ -52,9 +52,8 @@ namespace de4dot.code.deobfuscators.CryptoObfuscator {
bool find(MethodDefinition methodToCheck) { bool find(MethodDefinition methodToCheck) {
if (methodToCheck == null) if (methodToCheck == null)
return false; return false;
foreach (var info in DotNetUtils.getCalledMethods(module, methodToCheck)) { foreach (var method in DotNetUtils.getCalledMethods(module, methodToCheck)) {
var type = info.Item1; var type = method.DeclaringType;
var method = info.Item2;
if (!method.IsStatic || !DotNetUtils.isMethod(method, "System.Void", "()")) if (!method.IsStatic || !DotNetUtils.isMethod(method, "System.Void", "()"))
continue; continue;

5
de4dot.code/deobfuscators/CryptoObfuscator/AssemblyResolver.cs
View File

@ -67,13 +67,12 @@ namespace de4dot.code.deobfuscators.CryptoObfuscator {
if (cctor == null) if (cctor == null)
return; return;
foreach (var tuple in DotNetUtils.getCalledMethods(module, cctor)) { foreach (var method in DotNetUtils.getCalledMethods(module, cctor)) {
var method = tuple.Item2;
if (method.Name == ".cctor" || method.Name == ".ctor") if (method.Name == ".cctor" || method.Name == ".ctor")
continue; continue;
if (!method.IsStatic || !DotNetUtils.isMethod(method, "System.Void", "()")) if (!method.IsStatic || !DotNetUtils.isMethod(method, "System.Void", "()"))
continue; continue;
if (checkType(tuple.Item1, method)) if (checkType(method.DeclaringType, method))
break; break;
} }
} }

3
de4dot.code/deobfuscators/CryptoObfuscator/ResourceResolver.cs
View File

@ -55,8 +55,7 @@ namespace de4dot.code.deobfuscators.CryptoObfuscator {
if (cctor == null) if (cctor == null)
return; return;
foreach (var tuple in DotNetUtils.getCalledMethods(module, cctor)) { foreach (var method in DotNetUtils.getCalledMethods(module, cctor)) {
var method = tuple.Item2;
if (method.Name == ".cctor" || method.Name == ".ctor") if (method.Name == ".cctor" || method.Name == ".ctor")
continue; continue;
if (!method.IsStatic || !DotNetUtils.isMethod(method, "System.Void", "()")) if (!method.IsStatic || !DotNetUtils.isMethod(method, "System.Void", "()"))

4
de4dot.code/deobfuscators/CryptoObfuscator/TamperDetection.cs
View File

@ -55,9 +55,7 @@ namespace de4dot.code.deobfuscators.CryptoObfuscator {
if (methodToCheck == null) if (methodToCheck == null)
return false; return false;
foreach (var info in DotNetUtils.getCalledMethods(module, methodToCheck)) { foreach (var method in DotNetUtils.getCalledMethods(module, methodToCheck)) {
var method = info.Item2;
bool result = false; bool result = false;
switch (frameworkType) { switch (frameworkType) {
case FrameworkType.Desktop: case FrameworkType.Desktop:

3
de4dot.code/deobfuscators/DeepSea/AssemblyResolver.cs
View File

@ -82,8 +82,7 @@ namespace de4dot.code.deobfuscators.DeepSea {
if (resolverInitMethod.Body.ExceptionHandlers.Count != 1) if (resolverInitMethod.Body.ExceptionHandlers.Count != 1)
return false; return false;
foreach (var info in DotNetUtils.getCalledMethods(module, resolverInitMethod)) { foreach (var method in DotNetUtils.getCalledMethods(module, resolverInitMethod)) {
var method = info.Item2;
if (!method.IsStatic || method.Body == null) if (!method.IsStatic || method.Body == null)
continue; continue;
if (!method.IsPublic || method.HasGenericParameters) if (!method.IsPublic || method.HasGenericParameters)

3
de4dot.code/deobfuscators/DeepSea/ResolverBase.cs
View File

@ -62,8 +62,7 @@ namespace de4dot.code.deobfuscators.DeepSea {
if (checkMethod == null || checkMethod.Body == null) if (checkMethod == null || checkMethod.Body == null)
return false; return false;
foreach (var tuple in DotNetUtils.getCalledMethods(module, checkMethod)) { foreach (var method in DotNetUtils.getCalledMethods(module, checkMethod)) {
var method = tuple.Item2;
if (method.Name == ".cctor" || method.Name == ".ctor") if (method.Name == ".cctor" || method.Name == ".ctor")
continue; continue;
if (!method.IsStatic || !DotNetUtils.isMethod(method, "System.Void", "()")) if (!method.IsStatic || !DotNetUtils.isMethod(method, "System.Void", "()"))

3
de4dot.code/deobfuscators/Goliath_NET/DecrypterBase.cs
View File

@ -210,8 +210,7 @@ namespace de4dot.code.deobfuscators.Goliath_NET {
return false; return false;
MethodDefinition initMethod = null; MethodDefinition initMethod = null;
foreach (var info in DotNetUtils.getCalledMethods(module, cctor)) { foreach (var method in DotNetUtils.getCalledMethods(module, cctor)) {
var method = info.Item2;
if (DotNetUtils.isMethod(method, "System.Void", "(System.Type)")) { if (DotNetUtils.isMethod(method, "System.Void", "(System.Type)")) {
initMethod = method; initMethod = method;
break; break;

3
de4dot.code/deobfuscators/MaxtoCode/MainType.cs
View File

@ -85,8 +85,7 @@ namespace de4dot.code.deobfuscators.MaxtoCode {
if (cctor == null) if (cctor == null)
return; return;
foreach (var info in DotNetUtils.getCalledMethods(module, cctor)) { foreach (var method in DotNetUtils.getCalledMethods(module, cctor)) {
var method = info.Item2;
if (method.Name != "Startup") if (method.Name != "Startup")
continue; continue;
if (!DotNetUtils.isMethod(method, "System.Void", "()")) if (!DotNetUtils.isMethod(method, "System.Void", "()"))

7
de4dot.code/deobfuscators/Skater_NET/StringDecrypter.cs
View File

@ -164,8 +164,7 @@ namespace de4dot.code.deobfuscators.Skater_NET {
} }
string getPassword(MethodDefinition decryptMethod) { string getPassword(MethodDefinition decryptMethod) {
foreach (var info in DotNetUtils.getCalledMethods(module, decryptMethod)) { foreach (var method in DotNetUtils.getCalledMethods(module, decryptMethod)) {
var method = info.Item2;
if (!method.IsStatic || method.Body == null) if (!method.IsStatic || method.Body == null)
continue; continue;
if (!MemberReferenceHelper.compareTypes(method.DeclaringType, decryptMethod.DeclaringType)) if (!MemberReferenceHelper.compareTypes(method.DeclaringType, decryptMethod.DeclaringType))
@ -200,8 +199,8 @@ namespace de4dot.code.deobfuscators.Skater_NET {
string getPassword2(MethodDefinition method) { string getPassword2(MethodDefinition method) {
string password = ""; string password = "";
foreach (var info in DotNetUtils.getCalledMethods(module, method)) { foreach (var calledMethod in DotNetUtils.getCalledMethods(module, method)) {
var s = getPassword3(info.Item2); var s = getPassword3(calledMethod);
if (string.IsNullOrEmpty(s)) if (string.IsNullOrEmpty(s))
return null; return null;

7
de4dot.code/deobfuscators/SmartAssembly/MemoryManagerInfo.cs
View File

@ -53,14 +53,13 @@ namespace de4dot.code.deobfuscators.SmartAssembly {
bool checkCalledMethods(MethodDefinition checkMethod) { bool checkCalledMethods(MethodDefinition checkMethod) {
if (checkMethod == null) if (checkMethod == null)
return false; return false;
foreach (var tuple in DotNetUtils.getCalledMethods(module, checkMethod)) { foreach (var method in DotNetUtils.getCalledMethods(module, checkMethod)) {
var method = tuple.Item2;
if (method.Name == ".cctor" || method.Name == ".ctor") if (method.Name == ".cctor" || method.Name == ".ctor")
continue; continue;
if (!method.IsStatic || !DotNetUtils.isMethod(method, "System.Void", "()")) if (!method.IsStatic || !DotNetUtils.isMethod(method, "System.Void", "()"))
continue; continue;
if (checkMemoryManagerType(tuple.Item1, method)) { if (checkMemoryManagerType(method.DeclaringType, method)) {
memoryManagerType = tuple.Item1; memoryManagerType = method.DeclaringType;
attachAppMethod = method; attachAppMethod = method;
return true; return true;
} }

6
de4dot.code/deobfuscators/SmartAssembly/ResolverInfoBase.cs
View File

@ -69,8 +69,7 @@ namespace de4dot.code.deobfuscators.SmartAssembly {
bool findTypes(MethodDefinition initMethod) { bool findTypes(MethodDefinition initMethod) {
if (initMethod == null) if (initMethod == null)
return false; return false;
foreach (var tuple in DotNetUtils.getCalledMethods(module, initMethod)) { foreach (var method in DotNetUtils.getCalledMethods(module, initMethod)) {
var method = tuple.Item2;
if (method.Name == ".cctor" || method.Name == ".ctor") if (method.Name == ".cctor" || method.Name == ".ctor")
continue; continue;
if (!method.IsStatic || !DotNetUtils.isMethod(method, "System.Void", "()")) if (!method.IsStatic || !DotNetUtils.isMethod(method, "System.Void", "()"))
@ -87,8 +86,7 @@ namespace de4dot.code.deobfuscators.SmartAssembly {
if (!attachAppMethod.HasBody) if (!attachAppMethod.HasBody)
return false; return false;
foreach (var tuple in DotNetUtils.getCalledMethods(module, attachAppMethod)) { foreach (var method in DotNetUtils.getCalledMethods(module, attachAppMethod)) {
var method = tuple.Item2;
if (method.Name == ".cctor" || method.Name == ".ctor") if (method.Name == ".cctor" || method.Name == ".ctor")
continue; continue;
if (!method.IsStatic || !DotNetUtils.isMethod(method, "System.Void", "()")) if (!method.IsStatic || !DotNetUtils.isMethod(method, "System.Void", "()"))

4
de4dot.code/deobfuscators/dotNET_Reactor/v3/LibAssemblyResolver.cs
View File

@ -58,9 +58,7 @@ namespace de4dot.code.deobfuscators.dotNET_Reactor.v3 {
"System.Boolean", "System.Boolean",
}; };
foreach (var tuple in DotNetUtils.getCalledMethods(module, checkMethod)) { foreach (var method in DotNetUtils.getCalledMethods(module, checkMethod)) {
var method = tuple.Item2;
if (method.Body == null) if (method.Body == null)
continue; continue;
if (!method.IsStatic) if (!method.IsStatic)

10
de4dot.code/deobfuscators/dotNET_Reactor/v3/NativeLibSaver.cs
View File

@ -65,14 +65,14 @@ namespace de4dot.code.deobfuscators.dotNET_Reactor.v3 {
} }
public void find() { public void find() {
foreach (var info in DotNetUtils.getCalledMethods(module, DotNetUtils.getModuleTypeCctor(module))) { foreach (var calledMethod in DotNetUtils.getCalledMethods(module, DotNetUtils.getModuleTypeCctor(module))) {
if (!DotNetUtils.isMethod(info.Item2, "System.Void", "()")) if (!DotNetUtils.isMethod(calledMethod, "System.Void", "()"))
continue; continue;
if (info.Item1.FullName != "<PrivateImplementationDetails>{F1C5056B-0AFC-4423-9B83-D13A26B48869}") if (calledMethod.DeclaringType.FullName != "<PrivateImplementationDetails>{F1C5056B-0AFC-4423-9B83-D13A26B48869}")
continue; continue;
nativeLibCallerType = info.Item1; nativeLibCallerType = calledMethod.DeclaringType;
initMethod = info.Item2; initMethod = calledMethod;
foreach (var s in DotNetUtils.getCodeStrings(initMethod)) { foreach (var s in DotNetUtils.getCodeStrings(initMethod)) {
nativeFileResource = DotNetUtils.getResource(module, s); nativeFileResource = DotNetUtils.getResource(module, s);
if (nativeFileResource != null) if (nativeFileResource != null)

5
de4dot.code/deobfuscators/dotNET_Reactor/v4/AssemblyResolver.cs
View File

@ -94,9 +94,8 @@ namespace de4dot.code.deobfuscators.dotNET_Reactor.v4 {
}; };
simpleDeobfuscator.deobfuscate(methodToCheck); simpleDeobfuscator.deobfuscate(methodToCheck);
foreach (var tuple in DotNetUtils.getCalledMethods(module, methodToCheck)) { foreach (var method in DotNetUtils.getCalledMethods(module, methodToCheck)) {
var type = tuple.Item1; var type = method.DeclaringType;
var method = tuple.Item2;
if (!DotNetUtils.isMethod(method, "System.Void", "()")) if (!DotNetUtils.isMethod(method, "System.Void", "()"))
continue; continue;
if (!method.IsStatic) if (!method.IsStatic)

4
de4dot.code/deobfuscators/dotNET_Reactor/v4/Deobfuscator.cs
View File

@ -496,8 +496,8 @@ namespace de4dot.code.deobfuscators.dotNET_Reactor.v4 {
void addEntryPointCallToBeRemoved(MethodDefinition methodToBeRemoved) { void addEntryPointCallToBeRemoved(MethodDefinition methodToBeRemoved) {
var entryPoint = module.EntryPoint; var entryPoint = module.EntryPoint;
addCallToBeRemoved(entryPoint, methodToBeRemoved); addCallToBeRemoved(entryPoint, methodToBeRemoved);
foreach (var info in DotNetUtils.getCalledMethods(module, entryPoint)) foreach (var calledMethod in DotNetUtils.getCalledMethods(module, entryPoint))
addCallToBeRemoved(info.Item2, methodToBeRemoved); addCallToBeRemoved(calledMethod, methodToBeRemoved);
} }
void decryptResources() { void decryptResources() {

3
de4dot.code/deobfuscators/dotNET_Reactor/v4/EmptyClass.cs
View File

@ -48,8 +48,7 @@ namespace de4dot.code.deobfuscators.dotNET_Reactor.v4 {
foreach (var method in type.Methods) { foreach (var method in type.Methods) {
if (method.Name != ".ctor" && method.Name != ".cctor" && module.EntryPoint != method) if (method.Name != ".ctor" && method.Name != ".cctor" && module.EntryPoint != method)
continue; continue;
foreach (var tuple in DotNetUtils.getCalledMethods(module, method)) { foreach (var calledMethod in DotNetUtils.getCalledMethods(module, method)) {
var calledMethod = tuple.Item2;
if (!calledMethod.IsStatic || calledMethod.Body == null) if (!calledMethod.IsStatic || calledMethod.Body == null)
continue; continue;
if (!DotNetUtils.isMethod(calledMethod, "System.Void", "()")) if (!DotNetUtils.isMethod(calledMethod, "System.Void", "()"))

5
de4dot.code/deobfuscators/dotNET_Reactor/v4/MethodsDecrypter.cs
View File

@ -83,12 +83,11 @@ namespace de4dot.code.deobfuscators.dotNET_Reactor.v4 {
if (typesLeft-- <= 0) if (typesLeft-- <= 0)
break; break;
foreach (var info in DotNetUtils.getCalledMethods(module, cctor)) { foreach (var method in DotNetUtils.getCalledMethods(module, cctor)) {
var method = info.Item2;
var key = new MethodReferenceAndDeclaringTypeKey(method); var key = new MethodReferenceAndDeclaringTypeKey(method);
if (!checkedMethods.ContainsKey(key)) { if (!checkedMethods.ContainsKey(key)) {
checkedMethods[key] = false; checkedMethods[key] = false;
if (info.Item1.BaseType == null || info.Item1.BaseType.FullName != "System.Object") if (method.DeclaringType.BaseType == null || method.DeclaringType.BaseType.FullName != "System.Object")
continue; continue;
if (!DotNetUtils.isMethod(method, "System.Void", "()")) if (!DotNetUtils.isMethod(method, "System.Void", "()"))
continue; continue;

3
de4dot.code/deobfuscators/dotNET_Reactor/v4/StringDecrypter.cs
View File

@ -173,8 +173,7 @@ namespace de4dot.code.deobfuscators.dotNET_Reactor.v4 {
"System.Security.Cryptography.CryptoStream", "System.Security.Cryptography.CryptoStream",
"System.Security.Cryptography.Rijndael", "System.Security.Cryptography.Rijndael",
}; };
foreach (var info in DotNetUtils.getCalledMethods(module, method)) { foreach (var calledMethod in DotNetUtils.getCalledMethods(module, method)) {
var calledMethod = info.Item2;
if (calledMethod.DeclaringType != method.DeclaringType) if (calledMethod.DeclaringType != method.DeclaringType)
continue; continue;
if (calledMethod.MethodReturnType.ReturnType.FullName != "System.Byte[]") if (calledMethod.MethodReturnType.ReturnType.FullName != "System.Byte[]")