monocul.us/de4dot-cex
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Detect Confuser 1.7 r74816 constants encrypter

Browse Source
This commit is contained in:
de4dot 2012-08-07 17:28:53 +02:00
parent 64b48ec315
commit 860dd5a0f5
1 changed files with 15 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
de4dot.code/deobfuscators/Confuser/ConstantsDecrypterV17.cs
View File

@ -37,6 +37,9 @@ namespace de4dot.code.deobfuscators.Confuser {
v17_r74788_normal,
v17_r74788_dynamic,
v17_r74788_native,
v17_r74816_normal,
v17_r74816_dynamic,
v17_r74816_native,
}
class DecrypterInfoV17 : DecrypterInfo {
@ -93,11 +96,14 @@ namespace de4dot.code.deobfuscators.Confuser {
switch (version) {
case ConfuserVersion.v17_r74708_normal:
case ConfuserVersion.v17_r74788_normal:
case ConfuserVersion.v17_r74816_normal:
return findKey4_normal(method, out key);
case ConfuserVersion.v17_r74708_dynamic:
case ConfuserVersion.v17_r74708_native:
case ConfuserVersion.v17_r74788_dynamic:
case ConfuserVersion.v17_r74788_native:
case ConfuserVersion.v17_r74816_dynamic:
case ConfuserVersion.v17_r74816_native:
return findKey4_other(method, out key);
default:
throw new ApplicationException("Invalid version");
@ -152,6 +158,9 @@ namespace de4dot.code.deobfuscators.Confuser {
case ConfuserVersion.v17_r74788_normal:
case ConfuserVersion.v17_r74788_dynamic:
case ConfuserVersion.v17_r74788_native:
case ConfuserVersion.v17_r74816_normal:
case ConfuserVersion.v17_r74816_dynamic:
case ConfuserVersion.v17_r74816_native:
return findKey5_v17_r74788(method, out key);
default:
key = 0;
@ -209,7 +218,9 @@ namespace de4dot.code.deobfuscators.Confuser {
var method = getDecryptMethod();
if (method == null)
return;
if (DotNetUtils.callsMethod(method, "System.Reflection.Module System.Reflection.Assembly::GetModule(System.String)"))
if (DotNetUtils.callsMethod(method, "System.String System.Reflection.Module::get_ScopeName()"))
initVersion(method, ConfuserVersion.v17_r74816_normal, ConfuserVersion.v17_r74816_dynamic, ConfuserVersion.v17_r74816_native);
else if (DotNetUtils.callsMethod(method, "System.Reflection.Module System.Reflection.Assembly::GetModule(System.String)"))
initVersion(method, ConfuserVersion.v17_r74788_normal, ConfuserVersion.v17_r74788_dynamic, ConfuserVersion.v17_r74788_native);
else
initVersion(method, ConfuserVersion.v17_r74708_normal, ConfuserVersion.v17_r74708_dynamic, ConfuserVersion.v17_r74708_native);
@ -266,6 +277,9 @@ namespace de4dot.code.deobfuscators.Confuser {
case ConfuserVersion.v17_r74788_normal: return decryptConstant_v17_r74788_normal(info, encrypted, offs, typeCode);
case ConfuserVersion.v17_r74788_dynamic: return decryptConstant_v17_r74788_dynamic(info, encrypted, offs, typeCode);
case ConfuserVersion.v17_r74788_native: return decryptConstant_v17_r74788_native(info, encrypted, offs, typeCode);
case ConfuserVersion.v17_r74816_normal: return decryptConstant_v17_r74788_normal(info, encrypted, offs, typeCode);
case ConfuserVersion.v17_r74816_dynamic: return decryptConstant_v17_r74788_dynamic(info, encrypted, offs, typeCode);
case ConfuserVersion.v17_r74816_native: return decryptConstant_v17_r74788_native(info, encrypted, offs, typeCode);
default:
throw new ApplicationException("Invalid version");
}