Remove types CO adds to each assembly

de4dot.code/deobfuscators/CryptoObfuscator/AntiDebugger.cs

@@ -28,6 +28,14 @@ namespace de4dot.deobfuscators.CryptoObfuscator {
 		TypeDefinition antiDebuggerType;
 		MethodDefinition antiDebuggerMethod;
 
+		public TypeDefinition AntiDebuggerType {
+			get { return antiDebuggerType; }
+		}
+
+		public MethodDefinition AntiDebuggerMethod {
+			get { return antiDebuggerMethod; }
+		}
+
 		public AntiDebugger(ModuleDefinition module, ISimpleDeobfuscator simpleDeobfuscator, IDeobfuscator deob) {
 			this.module = module;
 			this.simpleDeobfuscator = simpleDeobfuscator;

de4dot.code/deobfuscators/CryptoObfuscator/AssemblyResolver.cs

@@ -28,6 +28,7 @@ namespace de4dot.deobfuscators.CryptoObfuscator {
 	class AssemblyResolver {
 		ModuleDefinition module;
 		TypeDefinition resolverType;
+		MethodDefinition resolverMethod;
 		List<AssemblyInfo> assemblyInfos = new List<AssemblyInfo>();
 
 		public class AssemblyInfo {
@@ -49,6 +50,14 @@ namespace de4dot.deobfuscators.CryptoObfuscator {
 			get { return assemblyInfos; }
 		}
 
+		public TypeDefinition ResolverType {
+			get { return resolverType; }
+		}
+
+		public MethodDefinition ResolverMethod {
+			get { return resolverMethod; }
+		}
+
 		public AssemblyResolver(ModuleDefinition module) {
 			this.module = module;
 		}
@@ -85,6 +94,7 @@ namespace de4dot.deobfuscators.CryptoObfuscator {
 				return false;
 
 			resolverType = type;
+			resolverMethod = initMethod;
 			assemblyInfos = newAssemblyInfos;
 			return true;
 		}

de4dot.code/deobfuscators/CryptoObfuscator/Deobfuscator.cs

@@ -171,6 +171,15 @@ namespace de4dot.deobfuscators.CryptoObfuscator {
 			antiDebugger = new AntiDebugger(module, DeobfuscatedFile, this);
 			antiDebugger.find();
 
+			addModuleCctorInitCallToBeRemoved(resourceResolver.ResolverMethod);
+			addModuleCctorInitCallToBeRemoved(assemblyResolver.ResolverMethod);
+			addCallToBeRemoved(module.EntryPoint, tamperDetection.TamperMethod);
+			addCallToBeRemoved(module.EntryPoint, antiDebugger.AntiDebuggerMethod);
+			addTypeToBeRemoved(resourceResolver.ResolverType, "Resource resolver type");
+			addTypeToBeRemoved(assemblyResolver.ResolverType, "Assembly resolver type");
+			addTypeToBeRemoved(tamperDetection.TamperType, "Tamper detection type");
+			addTypeToBeRemoved(antiDebugger.AntiDebuggerType, "Anti-debugger type");
+
 			dumpEmbeddedAssemblies();
 		}
 

de4dot.code/deobfuscators/CryptoObfuscator/ResourceResolver.cs

@@ -27,8 +27,17 @@ namespace de4dot.deobfuscators.CryptoObfuscator {
 		ModuleDefinition module;
 		ResourceDecrypter resourceDecrypter;
 		TypeDefinition resolverType;
+		MethodDefinition resolverMethod;
 		bool mergedIt = false;
 
+		public TypeDefinition ResolverType {
+			get { return resolverType; }
+		}
+
+		public MethodDefinition ResolverMethod {
+			get { return resolverMethod; }
+		}
+
 		public ResourceResolver(ModuleDefinition module, ResourceDecrypter resourceDecrypter) {
 			this.module = module;
 			this.resourceDecrypter = resourceDecrypter;
@@ -88,6 +97,7 @@ namespace de4dot.deobfuscators.CryptoObfuscator {
 					continue;
 
 				resolverType = type;
+				resolverMethod = initMethod;
 				return true;
 			}
 

de4dot.code/deobfuscators/CryptoObfuscator/TamperDetection.cs

@@ -30,6 +30,14 @@ namespace de4dot.deobfuscators.CryptoObfuscator {
 			get { return tamperMethod != null; }
 		}
 
+		public TypeDefinition TamperType {
+			get { return tamperType; }
+		}
+
+		public MethodDefinition TamperMethod {
+			get { return tamperMethod; }
+		}
+
 		public TamperDetection(ModuleDefinition module) {
 			this.module = module;
 		}

de4dot.code/deobfuscators/DeobfuscatorBase.cs

@@ -174,9 +174,6 @@ namespace de4dot.deobfuscators {
 			}
 
 			public void removeAll(Blocks blocks) {
-				if (blocks.Method.Name != ".cctor")
-					return;
-
 				var allBlocks = blocks.MethodBlocks.getAllBlocks();
 
 				removeAll(allBlocks, blocks, blocks.Method.Name);