monocul.us/de4dot-cex
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Update proxy fixer v1

Browse Source
This commit is contained in:
de4dot 2012-07-31 04:44:30 +02:00
parent ed9849313a
commit 83706f40a8
1 changed files with 39 additions and 21 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

60
de4dot.code/deobfuscators/Confuser/ProxyCallFixerV1.cs
View File

@ -28,7 +28,7 @@ using de4dot.blocks;
namespace de4dot.code.deobfuscators.Confuser { namespace de4dot.code.deobfuscators.Confuser {
class ProxyCallFixerV1 : ProxyCallFixer2 { class ProxyCallFixerV1 : ProxyCallFixer2 {
MethodDefinitionAndDeclaringTypeDict<ProxyCreatorInfo> methodToInfo = new MethodDefinitionAndDeclaringTypeDict<ProxyCreatorInfo>(); MethodDefinitionAndDeclaringTypeDict<ProxyCreatorInfo> methodToInfo = new MethodDefinitionAndDeclaringTypeDict<ProxyCreatorInfo>();
FieldDefinitionAndDeclaringTypeDict<MethodDefinition> fieldToMethod = new FieldDefinitionAndDeclaringTypeDict<MethodDefinition>(); FieldDefinitionAndDeclaringTypeDict<List<MethodDefinition>> fieldToMethods = new FieldDefinitionAndDeclaringTypeDict<List<MethodDefinition>>();
string ourAsm; string ourAsm;
ConfuserVersion version = ConfuserVersion.Unknown; ConfuserVersion version = ConfuserVersion.Unknown;
@ -78,7 +78,18 @@ namespace de4dot.code.deobfuscators.Confuser {
} }
public IEnumerable<FieldDefinition> Fields { public IEnumerable<FieldDefinition> Fields {
get { return fieldToMethod.getKeys(); } get {
var fields = new List<FieldDefinition>(fieldToMethods.getKeys());
var type = DotNetUtils.getModuleType(module);
if (fields.Count > 0 && type != null) {
foreach (var field in type.Fields) {
var fieldType = field.FieldType as TypeDefinition;
if (fieldType != null && delegateTypesDict.ContainsKey(fieldType))
fields.Add(field);
}
}
return fields;
}
} }
public override IEnumerable<Tuple<MethodDefinition, string>> OtherMethods { public override IEnumerable<Tuple<MethodDefinition, string>> OtherMethods {
@ -90,11 +101,13 @@ namespace de4dot.code.deobfuscators.Confuser {
Item2 = "Delegate creator method", Item2 = "Delegate creator method",
}); });
} }
foreach (var method in fieldToMethod.getValues()) { foreach (var methods in fieldToMethods.getValues()) {
list.Add(new Tuple<MethodDefinition, string> { foreach (var method in methods) {
Item1 = method, list.Add(new Tuple<MethodDefinition, string> {
Item2 = "Proxy delegate method", Item1 = method,
}); Item2 = "Proxy delegate method",
});
}
} }
return list; return list;
} }
@ -260,11 +273,11 @@ namespace de4dot.code.deobfuscators.Confuser {
Log.v("Finding all proxy delegates"); Log.v("Finding all proxy delegates");
var delegateInfos = createDelegateInitInfos(cctor); var delegateInfos = createDelegateInitInfos(cctor);
fieldToMethod = createFieldToMethodDictionary(cctor.DeclaringType); fieldToMethods = createFieldToMethodsDictionary(cctor.DeclaringType);
if (delegateInfos.Count != fieldToMethod.Count) if (delegateInfos.Count < fieldToMethods.Count)
throw new ApplicationException("Missing proxy delegates"); throw new ApplicationException("Missing proxy delegates");
var delegateToFields = new Dictionary<TypeDefinition, List<FieldDefinition>>(); var delegateToFields = new Dictionary<TypeDefinition, List<FieldDefinition>>();
foreach (var field in fieldToMethod.getKeys()) { foreach (var field in fieldToMethods.getKeys()) {
List<FieldDefinition> list; List<FieldDefinition> list;
if (!delegateToFields.TryGetValue((TypeDefinition)field.FieldType, out list)) if (!delegateToFields.TryGetValue((TypeDefinition)field.FieldType, out list))
delegateToFields[(TypeDefinition)field.FieldType] = list = new List<FieldDefinition>(); delegateToFields[(TypeDefinition)field.FieldType] = list = new List<FieldDefinition>();
@ -280,8 +293,8 @@ namespace de4dot.code.deobfuscators.Confuser {
Log.indent(); Log.indent();
foreach (var field in fields) { foreach (var field in fields) {
var proxyMethod = fieldToMethod.find(field); var proxyMethods = fieldToMethods.find(field);
if (proxyMethod == null) if (proxyMethods == null)
continue; continue;
var info = delegateInfos.find(field); var info = delegateInfos.find(field);
if (info == null) if (info == null)
@ -293,12 +306,14 @@ namespace de4dot.code.deobfuscators.Confuser {
if (calledMethod == null) if (calledMethod == null)
continue; continue;
add(proxyMethod, new DelegateInfo(field, calledMethod, callOpcode)); foreach (var proxyMethod in proxyMethods) {
Log.v("Field: {0}, Opcode: {1}, Method: {2} ({3:X8})", add(proxyMethod, new DelegateInfo(field, calledMethod, callOpcode));
Utils.removeNewlines(field.Name), Log.v("Field: {0}, Opcode: {1}, Method: {2} ({3:X8})",
callOpcode, Utils.removeNewlines(field.Name),
Utils.removeNewlines(calledMethod), callOpcode,
calledMethod.MetadataToken.ToUInt32()); Utils.removeNewlines(calledMethod),
calledMethod.MetadataToken.ToUInt32());
}
} }
Log.deIndent(); Log.deIndent();
delegateTypesDict[type] = true; delegateTypesDict[type] = true;
@ -374,15 +389,18 @@ namespace de4dot.code.deobfuscators.Confuser {
return infos; return infos;
} }
static FieldDefinitionAndDeclaringTypeDict<MethodDefinition> createFieldToMethodDictionary(TypeDefinition type) { static FieldDefinitionAndDeclaringTypeDict<List<MethodDefinition>> createFieldToMethodsDictionary(TypeDefinition type) {
var dict = new FieldDefinitionAndDeclaringTypeDict<MethodDefinition>(); var dict = new FieldDefinitionAndDeclaringTypeDict<List<MethodDefinition>>();
foreach (var method in type.Methods) { foreach (var method in type.Methods) {
if (!method.IsStatic || method.Body == null || method.Name == ".cctor") if (!method.IsStatic || method.Body == null || method.Name == ".cctor")
continue; continue;
var delegateField = getDelegateField(method); var delegateField = getDelegateField(method);
if (delegateField == null) if (delegateField == null)
continue; continue;
dict.add(delegateField, method); var methods = dict.find(delegateField);
if (methods == null)
dict.add(delegateField, methods = new List<MethodDefinition>());
methods.Add(method);
} }
return dict; return dict;
} }