Remove types CO adds to each assembly
This commit is contained in:
parent
a1e6f555ef
commit
78397f9c4f
|
@ -28,6 +28,14 @@ namespace de4dot.deobfuscators.CryptoObfuscator {
|
|||
TypeDefinition antiDebuggerType;
|
||||
MethodDefinition antiDebuggerMethod;
|
||||
|
||||
public TypeDefinition AntiDebuggerType {
|
||||
get { return antiDebuggerType; }
|
||||
}
|
||||
|
||||
public MethodDefinition AntiDebuggerMethod {
|
||||
get { return antiDebuggerMethod; }
|
||||
}
|
||||
|
||||
public AntiDebugger(ModuleDefinition module, ISimpleDeobfuscator simpleDeobfuscator, IDeobfuscator deob) {
|
||||
this.module = module;
|
||||
this.simpleDeobfuscator = simpleDeobfuscator;
|
||||
|
|
|
@ -28,6 +28,7 @@ namespace de4dot.deobfuscators.CryptoObfuscator {
|
|||
class AssemblyResolver {
|
||||
ModuleDefinition module;
|
||||
TypeDefinition resolverType;
|
||||
MethodDefinition resolverMethod;
|
||||
List<AssemblyInfo> assemblyInfos = new List<AssemblyInfo>();
|
||||
|
||||
public class AssemblyInfo {
|
||||
|
@ -49,6 +50,14 @@ namespace de4dot.deobfuscators.CryptoObfuscator {
|
|||
get { return assemblyInfos; }
|
||||
}
|
||||
|
||||
public TypeDefinition ResolverType {
|
||||
get { return resolverType; }
|
||||
}
|
||||
|
||||
public MethodDefinition ResolverMethod {
|
||||
get { return resolverMethod; }
|
||||
}
|
||||
|
||||
public AssemblyResolver(ModuleDefinition module) {
|
||||
this.module = module;
|
||||
}
|
||||
|
@ -85,6 +94,7 @@ namespace de4dot.deobfuscators.CryptoObfuscator {
|
|||
return false;
|
||||
|
||||
resolverType = type;
|
||||
resolverMethod = initMethod;
|
||||
assemblyInfos = newAssemblyInfos;
|
||||
return true;
|
||||
}
|
||||
|
|
|
@ -171,6 +171,15 @@ namespace de4dot.deobfuscators.CryptoObfuscator {
|
|||
antiDebugger = new AntiDebugger(module, DeobfuscatedFile, this);
|
||||
antiDebugger.find();
|
||||
|
||||
addModuleCctorInitCallToBeRemoved(resourceResolver.ResolverMethod);
|
||||
addModuleCctorInitCallToBeRemoved(assemblyResolver.ResolverMethod);
|
||||
addCallToBeRemoved(module.EntryPoint, tamperDetection.TamperMethod);
|
||||
addCallToBeRemoved(module.EntryPoint, antiDebugger.AntiDebuggerMethod);
|
||||
addTypeToBeRemoved(resourceResolver.ResolverType, "Resource resolver type");
|
||||
addTypeToBeRemoved(assemblyResolver.ResolverType, "Assembly resolver type");
|
||||
addTypeToBeRemoved(tamperDetection.TamperType, "Tamper detection type");
|
||||
addTypeToBeRemoved(antiDebugger.AntiDebuggerType, "Anti-debugger type");
|
||||
|
||||
dumpEmbeddedAssemblies();
|
||||
}
|
||||
|
||||
|
|
|
@ -27,8 +27,17 @@ namespace de4dot.deobfuscators.CryptoObfuscator {
|
|||
ModuleDefinition module;
|
||||
ResourceDecrypter resourceDecrypter;
|
||||
TypeDefinition resolverType;
|
||||
MethodDefinition resolverMethod;
|
||||
bool mergedIt = false;
|
||||
|
||||
public TypeDefinition ResolverType {
|
||||
get { return resolverType; }
|
||||
}
|
||||
|
||||
public MethodDefinition ResolverMethod {
|
||||
get { return resolverMethod; }
|
||||
}
|
||||
|
||||
public ResourceResolver(ModuleDefinition module, ResourceDecrypter resourceDecrypter) {
|
||||
this.module = module;
|
||||
this.resourceDecrypter = resourceDecrypter;
|
||||
|
@ -88,6 +97,7 @@ namespace de4dot.deobfuscators.CryptoObfuscator {
|
|||
continue;
|
||||
|
||||
resolverType = type;
|
||||
resolverMethod = initMethod;
|
||||
return true;
|
||||
}
|
||||
|
||||
|
|
|
@ -30,6 +30,14 @@ namespace de4dot.deobfuscators.CryptoObfuscator {
|
|||
get { return tamperMethod != null; }
|
||||
}
|
||||
|
||||
public TypeDefinition TamperType {
|
||||
get { return tamperType; }
|
||||
}
|
||||
|
||||
public MethodDefinition TamperMethod {
|
||||
get { return tamperMethod; }
|
||||
}
|
||||
|
||||
public TamperDetection(ModuleDefinition module) {
|
||||
this.module = module;
|
||||
}
|
||||
|
|
|
@ -174,9 +174,6 @@ namespace de4dot.deobfuscators {
|
|||
}
|
||||
|
||||
public void removeAll(Blocks blocks) {
|
||||
if (blocks.Method.Name != ".cctor")
|
||||
return;
|
||||
|
||||
var allBlocks = blocks.MethodBlocks.getAllBlocks();
|
||||
|
||||
removeAll(allBlocks, blocks, blocks.Method.Name);
|
||||
|
|
Loading…
Reference in New Issue
Block a user