Merge branch 'master' into confuser

2012-09-01 23:52:42 +02:00 · 2012-09-01 23:52:42 +02:00 · 88d3dcc062
commit 88d3dcc062
parent c67b3c3a66 13a5fd8ff0
10 changed files with 23 additions and 17 deletions
--- a/AssemblyData/methodsrewriter/ResolverUtils.cs
+++ b/AssemblyData/methodsrewriter/ResolverUtils.cs
@ -146,7 +146,7 @@ namespace AssemblyData.methodsrewriter {
 			var asmRef = DotNetUtils.getAssemblyNameReference(b);
 			var asmName = a.Assembly.GetName();
-			if (asmRef.Name != asmName.Name)
+			if (asmRef == null || asmRef.Name != asmName.Name)
 				return false;
 			return compareTypes(a.DeclaringType, b.DeclaringType);
--- a/blocks/DotNetUtils.cs
+++ b/blocks/DotNetUtils.cs
@ -926,6 +926,9 @@ namespace de4dot.blocks {
 		public static AssemblyNameReference getAssemblyNameReference(TypeReference type) {
 			var scope = type.Scope;
 			if (scope == null)
 				return null;
 			if (scope is ModuleDefinition) {
 				var moduleDefinition = (ModuleDefinition)scope;
 				return moduleDefinition.Assembly.Name;
@ -946,7 +949,7 @@ namespace de4dot.blocks {
 		public static string getFullAssemblyName(TypeReference type) {
 			var asmRef = getAssemblyNameReference(type);
-			return asmRef.FullName;
+			return asmRef == null ? null : asmRef.FullName;
 		}
 		public static bool isAssembly(IMetadataScope scope, string assemblySimpleName) {
--- a/2
+++ b/2
@ -1 +1 @@
-Subproject commit 86e21d470a0232f6b746ee2b8b7a9483c1842fea
+Subproject commit 119a3d404ab12a8a19a249e97c1e5f6ca0850b6a
--- a/de4dot.code/ExternalAssemblies.cs
+++ b/de4dot.code/ExternalAssemblies.cs
@ -56,6 +56,8 @@ namespace de4dot.code {
 		ExternalAssembly load(TypeReference type) {
 			var asmFullName = DotNetUtils.getFullAssemblyName(type);
 			if (asmFullName == null)
 				return null;
 			ExternalAssembly asm;
 			if (assemblies.TryGetValue(asmFullName, out asm))
 				return asm;
--- a/de4dot.code/deobfuscators/CryptoObfuscator/AntiDebugger.cs
+++ b/de4dot.code/deobfuscators/CryptoObfuscator/AntiDebugger.cs
@ -67,7 +67,8 @@ namespace de4dot.code.deobfuscators.CryptoObfuscator {
 					!containsString(method, "run under a debugger") &&
 					!containsString(method, "run under debugger") &&
 					!containsString(method, "Debugger detected") &&
-					!containsString(method, "Debugger was detected"))
+					!containsString(method, "Debugger was detected") &&
 					!containsString(method, "{0} was detected"))
 					continue;
 				antiDebuggerType = type;
--- a/de4dot.code/deobfuscators/CryptoObfuscator/ProxyCallFixer.cs
+++ b/de4dot.code/deobfuscators/CryptoObfuscator/ProxyCallFixer.cs
@ -110,7 +110,7 @@ namespace de4dot.code.deobfuscators.CryptoObfuscator {
 		MethodDefinition getProxyCreateMethod(TypeDefinition type) {
 			if (DotNetUtils.findFieldType(type, "System.ModuleHandle", true) == null)
 				return null;
-			if (type.Fields.Count < 1 || type.Fields.Count > 10)
+			if (type.Fields.Count < 1 || type.Fields.Count > 12)
 				return null;
 			MethodDefinition createMethod = null;
--- a/de4dot.code/deobfuscators/CryptoObfuscator/ResourceDecrypter.cs
+++ b/de4dot.code/deobfuscators/CryptoObfuscator/ResourceDecrypter.cs
@ -272,12 +272,13 @@ namespace de4dot.code.deobfuscators.CryptoObfuscator {
 				var ldci4 = instrs[i];
 				if (!DotNetUtils.isLdcI4(ldci4))
 					continue;
-				if (DotNetUtils.getLdcI4Value(ldci4) != 2)
+				int loopCount = DotNetUtils.getLdcI4Value(ldci4);
 				if (loopCount < 2 || loopCount > 3)
 					continue;
 				var blt = instrs[i + 1];
 				if (blt.OpCode.Code != Code.Blt && blt.OpCode.Code != Code.Blt_S)
 					continue;
-				return 1;
+				return loopCount - 1;
 			}
 			return 0;
 		}
--- a/de4dot.code/deobfuscators/CryptoObfuscator/TamperDetection.cs
+++ b/de4dot.code/deobfuscators/CryptoObfuscator/TamperDetection.cs
@ -84,7 +84,7 @@ namespace de4dot.code.deobfuscators.CryptoObfuscator {
 			if (!method.IsStatic || !DotNetUtils.isMethod(method, "System.Void", "()"))
 				return false;
-			if (type.Methods.Count < 3 || type.Methods.Count > 12)
+			if (type.Methods.Count < 3 || type.Methods.Count > 14)
 				return false;
 			if (DotNetUtils.getPInvokeMethod(type, "mscoree", "StrongNameSignatureVerificationEx") != null) {
 			}
--- a/de4dot.code/deobfuscators/MethodBodyParser.cs
+++ b/de4dot.code/deobfuscators/MethodBodyParser.cs
@ -71,16 +71,15 @@ namespace de4dot.code.deobfuscators {
 			var mbHeader = new MethodBodyHeader();
 			uint codeOffset;
-			switch (peek(reader) & 3) {
+			byte b = peek(reader);
-			case 2:
+			if ((b & 3) == 2) {
 				mbHeader.flags = 2;
 				mbHeader.maxStack = 8;
 				mbHeader.codeSize = (uint)(reader.ReadByte() >> 2);
 				mbHeader.localVarSigTok = 0;
 				codeOffset = 1;
-				break;
+			}
-
+			else if ((b & 7) == 3) {
 			case 3:
 				mbHeader.flags = reader.ReadUInt16();
 				codeOffset = (uint)(4 * (mbHeader.flags >> 12));
 				if (codeOffset != 12)
@ -92,11 +91,9 @@ namespace de4dot.code.deobfuscators {
 				mbHeader.localVarSigTok = reader.ReadUInt32();
 				if (mbHeader.localVarSigTok != 0 && (mbHeader.localVarSigTok >> 24) != 0x11)
 					throw new InvalidMethodBody();
 				break;
 			default:
 				throw new InvalidMethodBody();
 			}
 			else
 				throw new InvalidMethodBody();
 			if (mbHeader.codeSize + codeOffset > reader.BaseStream.Length)
 				throw new InvalidMethodBody();
--- a/de4dot.code/renamer/asmmodules/Modules.cs
+++ b/de4dot.code/renamer/asmmodules/Modules.cs
@ -390,6 +390,8 @@ namespace de4dot.code.renamer.asmmodules {
 		// Returns null if it's a non-loaded module/assembly
 		IEnumerable<Module> findModules(TypeReference type) {
 			var scope = type.Scope;
 			if (scope == null)
 				return null;
 			if (scope is AssemblyNameReference)
 				return findModules((AssemblyNameReference)scope);
		`@ -1 +1 @@`
			`Subproject commit 86e21d470a0232f6b746ee2b8b7a9483c1842fea`				`Subproject commit 119a3d404ab12a8a19a249e97c1e5f6ca0850b6a`