Moved code to blocks assembly
This commit is contained in:
parent
bbaf035bea
commit
9945b8b47c
|
@ -37,6 +37,7 @@
|
||||||
<Compile Include="AssemblyServer.cs" />
|
<Compile Include="AssemblyServer.cs" />
|
||||||
<Compile Include="AssemblyService.cs" />
|
<Compile Include="AssemblyService.cs" />
|
||||||
<Compile Include="DelegateStringDecrypter.cs" />
|
<Compile Include="DelegateStringDecrypter.cs" />
|
||||||
|
<Compile Include="EmuStringDecrypter.cs" />
|
||||||
<Compile Include="IAssemblyService.cs" />
|
<Compile Include="IAssemblyService.cs" />
|
||||||
<Compile Include="IStringDecrypter.cs" />
|
<Compile Include="IStringDecrypter.cs" />
|
||||||
<Compile Include="Properties\AssemblyInfo.cs" />
|
<Compile Include="Properties\AssemblyInfo.cs" />
|
||||||
|
@ -46,6 +47,16 @@
|
||||||
<ItemGroup>
|
<ItemGroup>
|
||||||
<Reference Include="System.Runtime.Remoting" />
|
<Reference Include="System.Runtime.Remoting" />
|
||||||
</ItemGroup>
|
</ItemGroup>
|
||||||
|
<ItemGroup>
|
||||||
|
<ProjectReference Include="..\blocks\blocks.csproj">
|
||||||
|
<Project>{045B96F2-AF80-4C4C-8D27-E38635AC705E}</Project>
|
||||||
|
<Name>blocks</Name>
|
||||||
|
</ProjectReference>
|
||||||
|
<ProjectReference Include="..\cecil\Mono.Cecil.csproj">
|
||||||
|
<Project>{D68133BD-1E63-496E-9EDE-4FBDBF77B486}</Project>
|
||||||
|
<Name>Mono.Cecil</Name>
|
||||||
|
</ProjectReference>
|
||||||
|
</ItemGroup>
|
||||||
<Import Project="$(MSBuildToolsPath)\Microsoft.CSharp.targets" />
|
<Import Project="$(MSBuildToolsPath)\Microsoft.CSharp.targets" />
|
||||||
<!-- To modify your build process, add your task inside one of the targets below and uncomment it.
|
<!-- To modify your build process, add your task inside one of the targets below and uncomment it.
|
||||||
Other similar extension points exist, see Microsoft.Common.targets.
|
Other similar extension points exist, see Microsoft.Common.targets.
|
||||||
|
|
|
@ -60,6 +60,10 @@ namespace AssemblyData {
|
||||||
stringDecrypter = new DelegateStringDecrypter();
|
stringDecrypter = new DelegateStringDecrypter();
|
||||||
break;
|
break;
|
||||||
|
|
||||||
|
case StringDecrypterType.Emulate:
|
||||||
|
stringDecrypter = new EmuStringDecrypter();
|
||||||
|
break;
|
||||||
|
|
||||||
default:
|
default:
|
||||||
throw new ApplicationException(string.Format("Unknown StringDecrypterType {0}", type));
|
throw new ApplicationException(string.Format("Unknown StringDecrypterType {0}", type));
|
||||||
}
|
}
|
||||||
|
|
60
AssemblyData/EmuStringDecrypter.cs
Normal file
60
AssemblyData/EmuStringDecrypter.cs
Normal file
|
@ -0,0 +1,60 @@
|
||||||
|
/*
|
||||||
|
Copyright (C) 2011 de4dot@gmail.com
|
||||||
|
|
||||||
|
This file is part of de4dot.
|
||||||
|
|
||||||
|
de4dot is free software: you can redistribute it and/or modify
|
||||||
|
it under the terms of the GNU General Public License as published by
|
||||||
|
the Free Software Foundation, either version 3 of the License, or
|
||||||
|
(at your option) any later version.
|
||||||
|
|
||||||
|
de4dot is distributed in the hope that it will be useful,
|
||||||
|
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||||
|
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||||
|
GNU General Public License for more details.
|
||||||
|
|
||||||
|
You should have received a copy of the GNU General Public License
|
||||||
|
along with de4dot. If not, see <http://www.gnu.org/licenses/>.
|
||||||
|
*/
|
||||||
|
|
||||||
|
using System;
|
||||||
|
using System.Collections.Generic;
|
||||||
|
using System.Diagnostics;
|
||||||
|
using System.Reflection;
|
||||||
|
using System.Reflection.Emit;
|
||||||
|
|
||||||
|
namespace AssemblyData {
|
||||||
|
class EmuStringDecrypter : IStringDecrypter {
|
||||||
|
delegate string DecryptString(object[] args);
|
||||||
|
List<DecryptInfo> decryptInfos = new List<DecryptInfo>();
|
||||||
|
|
||||||
|
class DecryptInfo {
|
||||||
|
public MethodInfo method;
|
||||||
|
public DecryptString decryptString;
|
||||||
|
|
||||||
|
public DecryptInfo(MethodInfo method) {
|
||||||
|
this.method = method;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
public int defineStringDecrypter(MethodInfo method) {
|
||||||
|
decryptInfos.Add(new DecryptInfo(method));
|
||||||
|
return decryptInfos.Count - 1;
|
||||||
|
}
|
||||||
|
|
||||||
|
public object[] decryptStrings(int stringDecrypterMethod, object[] args) {
|
||||||
|
var decryptInfo = decryptInfos[stringDecrypterMethod];
|
||||||
|
if (decryptInfo.decryptString == null)
|
||||||
|
decryptInfo.decryptString = createDecryptString(decryptInfo.method);
|
||||||
|
|
||||||
|
var result = new object[args.Length];
|
||||||
|
for (int i = 0; i < args.Length; i++)
|
||||||
|
result[i] = decryptInfo.decryptString((object[])args[i]);
|
||||||
|
return result;
|
||||||
|
}
|
||||||
|
|
||||||
|
DecryptString createDecryptString(MethodInfo method) {
|
||||||
|
throw new System.NotImplementedException(); //TODO:
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
|
@ -20,6 +20,7 @@
|
||||||
namespace AssemblyData {
|
namespace AssemblyData {
|
||||||
public enum StringDecrypterType {
|
public enum StringDecrypterType {
|
||||||
Delegate,
|
Delegate,
|
||||||
|
Emulate,
|
||||||
}
|
}
|
||||||
|
|
||||||
public interface IAssemblyService {
|
public interface IAssemblyService {
|
||||||
|
|
|
@ -18,7 +18,7 @@
|
||||||
*/
|
*/
|
||||||
|
|
||||||
namespace de4dot.blocks {
|
namespace de4dot.blocks {
|
||||||
abstract class BaseBlock {
|
public abstract class BaseBlock {
|
||||||
BaseBlock parent = null;
|
BaseBlock parent = null;
|
||||||
|
|
||||||
public BaseBlock Parent {
|
public BaseBlock Parent {
|
|
@ -22,7 +22,7 @@ using System.Collections.Generic;
|
||||||
using Mono.Cecil.Cil;
|
using Mono.Cecil.Cil;
|
||||||
|
|
||||||
namespace de4dot.blocks {
|
namespace de4dot.blocks {
|
||||||
class Block : BaseBlock {
|
public class Block : BaseBlock {
|
||||||
List<Instr> instructions = new List<Instr>();
|
List<Instr> instructions = new List<Instr>();
|
||||||
|
|
||||||
// List of all explicit (non-fall-through) targets. It's just one if it's a normal
|
// List of all explicit (non-fall-through) targets. It's just one if it's a normal
|
|
@ -23,7 +23,7 @@ using Mono.Cecil;
|
||||||
using Mono.Cecil.Cil;
|
using Mono.Cecil.Cil;
|
||||||
|
|
||||||
namespace de4dot.blocks {
|
namespace de4dot.blocks {
|
||||||
class Blocks {
|
public class Blocks {
|
||||||
MethodDefinition method;
|
MethodDefinition method;
|
||||||
IList<VariableDefinition> locals;
|
IList<VariableDefinition> locals;
|
||||||
MethodBlocks methodBlocks;
|
MethodBlocks methodBlocks;
|
||||||
|
@ -52,17 +52,19 @@ namespace de4dot.blocks {
|
||||||
scopeBlock.deobfuscateLeaveObfuscation();
|
scopeBlock.deobfuscateLeaveObfuscation();
|
||||||
}
|
}
|
||||||
|
|
||||||
public void deobfuscate() {
|
public int deobfuscate() {
|
||||||
foreach (var scopeBlock in getAllScopeBlocks(methodBlocks))
|
foreach (var scopeBlock in getAllScopeBlocks(methodBlocks))
|
||||||
scopeBlock.deobfuscate(this);
|
scopeBlock.deobfuscate(this);
|
||||||
|
|
||||||
removeDeadBlocks();
|
int numDeadBlocks = removeDeadBlocks();
|
||||||
|
|
||||||
foreach (var scopeBlock in getAllScopeBlocks(methodBlocks)) {
|
foreach (var scopeBlock in getAllScopeBlocks(methodBlocks)) {
|
||||||
scopeBlock.mergeBlocks();
|
scopeBlock.mergeBlocks();
|
||||||
scopeBlock.repartitionBlocks();
|
scopeBlock.repartitionBlocks();
|
||||||
scopeBlock.deobfuscateLeaveObfuscation();
|
scopeBlock.deobfuscateLeaveObfuscation();
|
||||||
}
|
}
|
||||||
|
|
||||||
|
return numDeadBlocks;
|
||||||
}
|
}
|
||||||
|
|
||||||
IEnumerable<ScopeBlock> getAllScopeBlocks(ScopeBlock scopeBlock) {
|
IEnumerable<ScopeBlock> getAllScopeBlocks(ScopeBlock scopeBlock) {
|
||||||
|
@ -72,10 +74,8 @@ namespace de4dot.blocks {
|
||||||
return list;
|
return list;
|
||||||
}
|
}
|
||||||
|
|
||||||
void removeDeadBlocks() {
|
int removeDeadBlocks() {
|
||||||
int numDeadBlocks = new DeadBlocksRemover(methodBlocks).remove();
|
return new DeadBlocksRemover(methodBlocks).remove();
|
||||||
if (numDeadBlocks > 0)
|
|
||||||
Log.v("Removed {0} dead block(s)", numDeadBlocks);
|
|
||||||
}
|
}
|
||||||
|
|
||||||
class DeadBlocksRemover {
|
class DeadBlocksRemover {
|
|
@ -21,7 +21,7 @@ using System.Collections.Generic;
|
||||||
using Mono.Cecil.Cil;
|
using Mono.Cecil.Cil;
|
||||||
using de4dot.blocks;
|
using de4dot.blocks;
|
||||||
|
|
||||||
namespace de4dot {
|
namespace de4dot.blocks {
|
||||||
abstract class CondBranchDeobfuscator {
|
abstract class CondBranchDeobfuscator {
|
||||||
ScopeBlock scopeBlock;
|
ScopeBlock scopeBlock;
|
||||||
IEnumerable<Block> blocks;
|
IEnumerable<Block> blocks;
|
|
@ -19,12 +19,11 @@
|
||||||
|
|
||||||
using System;
|
using System;
|
||||||
using System.Collections.Generic;
|
using System.Collections.Generic;
|
||||||
using System.IO;
|
|
||||||
using Mono.Cecil;
|
using Mono.Cecil;
|
||||||
using Mono.Cecil.Cil;
|
using Mono.Cecil.Cil;
|
||||||
|
|
||||||
namespace de4dot {
|
namespace de4dot.blocks {
|
||||||
class CallCounter {
|
public class CallCounter {
|
||||||
Dictionary<MethodReferenceAndDeclaringTypeKey, int> calls = new Dictionary<MethodReferenceAndDeclaringTypeKey, int>();
|
Dictionary<MethodReferenceAndDeclaringTypeKey, int> calls = new Dictionary<MethodReferenceAndDeclaringTypeKey, int>();
|
||||||
|
|
||||||
public void add(MethodReference calledMethod) {
|
public void add(MethodReference calledMethod) {
|
||||||
|
@ -47,7 +46,7 @@ namespace de4dot {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
class MethodCalls {
|
public class MethodCalls {
|
||||||
Dictionary<string, int> methodCalls = new Dictionary<string, int>(StringComparer.Ordinal);
|
Dictionary<string, int> methodCalls = new Dictionary<string, int>(StringComparer.Ordinal);
|
||||||
|
|
||||||
public void addMethodCalls(MethodDefinition method) {
|
public void addMethodCalls(MethodDefinition method) {
|
||||||
|
@ -78,7 +77,7 @@ namespace de4dot {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
static class DotNetUtils {
|
public static class DotNetUtils {
|
||||||
public static bool isLdcI4(Instruction instruction) {
|
public static bool isLdcI4(Instruction instruction) {
|
||||||
return isLdcI4(instruction.OpCode.Code);
|
return isLdcI4(instruction.OpCode.Code);
|
||||||
}
|
}
|
||||||
|
@ -474,21 +473,6 @@ namespace de4dot {
|
||||||
return list;
|
return list;
|
||||||
}
|
}
|
||||||
|
|
||||||
public static void decryptAndAddResources(ModuleDefinition module, string encryptedName, Func<byte[]> decryptResource) {
|
|
||||||
Log.v("Decrypting resources, name: {0}", Utils.toCsharpString(encryptedName));
|
|
||||||
var decryptedResourceData = decryptResource();
|
|
||||||
if (decryptedResourceData == null)
|
|
||||||
throw new ApplicationException("decryptedResourceData is null");
|
|
||||||
var resourceModule = ModuleDefinition.ReadModule(new MemoryStream(decryptedResourceData));
|
|
||||||
|
|
||||||
Log.indent();
|
|
||||||
foreach (var rsrc in resourceModule.Resources) {
|
|
||||||
Log.v("Adding decrypted resource {0}", Utils.toCsharpString(rsrc.Name));
|
|
||||||
module.Resources.Add(rsrc);
|
|
||||||
}
|
|
||||||
Log.deIndent();
|
|
||||||
}
|
|
||||||
|
|
||||||
public static bool hasReturnValue(IMethodSignature method) {
|
public static bool hasReturnValue(IMethodSignature method) {
|
||||||
return !MemberReferenceHelper.verifyType(method.MethodReturnType.ReturnType, "mscorlib", "System.Void");
|
return !MemberReferenceHelper.verifyType(method.MethodReturnType.ReturnType, "mscorlib", "System.Void");
|
||||||
}
|
}
|
|
@ -22,6 +22,6 @@ using Mono.Cecil;
|
||||||
using Mono.Cecil.Cil;
|
using Mono.Cecil.Cil;
|
||||||
|
|
||||||
namespace de4dot.blocks {
|
namespace de4dot.blocks {
|
||||||
class FilterHandlerBlock : ScopeBlock {
|
public class FilterHandlerBlock : ScopeBlock {
|
||||||
}
|
}
|
||||||
}
|
}
|
|
@ -23,6 +23,6 @@ using Mono.Cecil.Cil;
|
||||||
|
|
||||||
namespace de4dot.blocks {
|
namespace de4dot.blocks {
|
||||||
// This is the block inside catch(xxx) { }.
|
// This is the block inside catch(xxx) { }.
|
||||||
class HandlerBlock : ScopeBlock {
|
public class HandlerBlock : ScopeBlock {
|
||||||
}
|
}
|
||||||
}
|
}
|
|
@ -22,7 +22,7 @@ using Mono.Cecil.Cil;
|
||||||
using System.Collections.Generic;
|
using System.Collections.Generic;
|
||||||
|
|
||||||
namespace de4dot.blocks {
|
namespace de4dot.blocks {
|
||||||
class Instr {
|
public class Instr {
|
||||||
Instruction instruction;
|
Instruction instruction;
|
||||||
|
|
||||||
public OpCode OpCode {
|
public OpCode OpCode {
|
|
@ -21,8 +21,8 @@ using System;
|
||||||
using System.Collections.Generic;
|
using System.Collections.Generic;
|
||||||
using Mono.Cecil;
|
using Mono.Cecil;
|
||||||
|
|
||||||
namespace de4dot {
|
namespace de4dot.blocks {
|
||||||
enum CecilType {
|
public enum CecilType {
|
||||||
ArrayType,
|
ArrayType,
|
||||||
ByReferenceType,
|
ByReferenceType,
|
||||||
EventDefinition,
|
EventDefinition,
|
||||||
|
@ -44,7 +44,7 @@ namespace de4dot {
|
||||||
TypeReference,
|
TypeReference,
|
||||||
}
|
}
|
||||||
|
|
||||||
class FieldReferenceKey {
|
public class FieldReferenceKey {
|
||||||
FieldReference fieldRef;
|
FieldReference fieldRef;
|
||||||
|
|
||||||
public FieldReference FieldReference {
|
public FieldReference FieldReference {
|
||||||
|
@ -71,7 +71,7 @@ namespace de4dot {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
class PropertyReferenceKey {
|
public class PropertyReferenceKey {
|
||||||
PropertyReference propRef;
|
PropertyReference propRef;
|
||||||
|
|
||||||
public PropertyReference PropertyReference {
|
public PropertyReference PropertyReference {
|
||||||
|
@ -98,7 +98,7 @@ namespace de4dot {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
class EventReferenceKey {
|
public class EventReferenceKey {
|
||||||
EventReference eventRef;
|
EventReference eventRef;
|
||||||
|
|
||||||
public EventReference EventReference {
|
public EventReference EventReference {
|
||||||
|
@ -125,7 +125,7 @@ namespace de4dot {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
class MethodReferenceKey {
|
public class MethodReferenceKey {
|
||||||
MethodReference methodRef;
|
MethodReference methodRef;
|
||||||
|
|
||||||
public MethodReference MethodReference {
|
public MethodReference MethodReference {
|
||||||
|
@ -152,7 +152,7 @@ namespace de4dot {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
class FieldReferenceAndDeclaringTypeKey {
|
public class FieldReferenceAndDeclaringTypeKey {
|
||||||
FieldReference fieldRef;
|
FieldReference fieldRef;
|
||||||
|
|
||||||
public FieldReference FieldReference {
|
public FieldReference FieldReference {
|
||||||
|
@ -181,7 +181,7 @@ namespace de4dot {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
class MethodReferenceAndDeclaringTypeKey {
|
public class MethodReferenceAndDeclaringTypeKey {
|
||||||
MethodReference methodRef;
|
MethodReference methodRef;
|
||||||
|
|
||||||
public MethodReference MethodReference {
|
public MethodReference MethodReference {
|
||||||
|
@ -210,7 +210,7 @@ namespace de4dot {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
static class MemberReferenceHelper {
|
public static class MemberReferenceHelper {
|
||||||
static Dictionary<Type, CecilType> typeToCecilTypeDict = new Dictionary<Type, CecilType>();
|
static Dictionary<Type, CecilType> typeToCecilTypeDict = new Dictionary<Type, CecilType>();
|
||||||
static MemberReferenceHelper() {
|
static MemberReferenceHelper() {
|
||||||
typeToCecilTypeDict[typeof(ArrayType)] = CecilType.ArrayType;
|
typeToCecilTypeDict[typeof(ArrayType)] = CecilType.ArrayType;
|
|
@ -21,6 +21,6 @@ using System.Collections.Generic;
|
||||||
|
|
||||||
namespace de4dot.blocks {
|
namespace de4dot.blocks {
|
||||||
// Start of a method
|
// Start of a method
|
||||||
class MethodBlocks : ScopeBlock {
|
public class MethodBlocks : ScopeBlock {
|
||||||
}
|
}
|
||||||
}
|
}
|
34
blocks/Properties/AssemblyInfo.cs
Normal file
34
blocks/Properties/AssemblyInfo.cs
Normal file
|
@ -0,0 +1,34 @@
|
||||||
|
/*
|
||||||
|
Copyright (C) 2011 de4dot@gmail.com
|
||||||
|
|
||||||
|
This file is part of de4dot.
|
||||||
|
|
||||||
|
de4dot is free software: you can redistribute it and/or modify
|
||||||
|
it under the terms of the GNU General Public License as published by
|
||||||
|
the Free Software Foundation, either version 3 of the License, or
|
||||||
|
(at your option) any later version.
|
||||||
|
|
||||||
|
de4dot is distributed in the hope that it will be useful,
|
||||||
|
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||||
|
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||||
|
GNU General Public License for more details.
|
||||||
|
|
||||||
|
You should have received a copy of the GNU General Public License
|
||||||
|
along with de4dot. If not, see <http://www.gnu.org/licenses/>.
|
||||||
|
*/
|
||||||
|
|
||||||
|
using System.Reflection;
|
||||||
|
using System.Runtime.CompilerServices;
|
||||||
|
using System.Runtime.InteropServices;
|
||||||
|
|
||||||
|
[assembly: AssemblyTitle("blocks")]
|
||||||
|
[assembly: AssemblyDescription("Modifies Mono.Cecil MethodDefinition bodies")]
|
||||||
|
[assembly: AssemblyConfiguration("")]
|
||||||
|
[assembly: AssemblyCompany("")]
|
||||||
|
[assembly: AssemblyProduct("blocks")]
|
||||||
|
[assembly: AssemblyCopyright("Copyright (C) 2011 de4dot@gmail.com")]
|
||||||
|
[assembly: AssemblyTrademark("")]
|
||||||
|
[assembly: AssemblyCulture("")]
|
||||||
|
[assembly: ComVisible(false)]
|
||||||
|
[assembly: AssemblyVersion("1.0.0.3405")]
|
||||||
|
[assembly: AssemblyFileVersion("1.0.0.3405")]
|
|
@ -24,7 +24,7 @@ using Mono.Cecil.Cil;
|
||||||
namespace de4dot.blocks {
|
namespace de4dot.blocks {
|
||||||
// A normal branch may not transfer out of a protected block (try block), filter handler,
|
// A normal branch may not transfer out of a protected block (try block), filter handler,
|
||||||
// an exception handler block, or a method.
|
// an exception handler block, or a method.
|
||||||
abstract class ScopeBlock : BaseBlock {
|
public abstract class ScopeBlock : BaseBlock {
|
||||||
protected List<BaseBlock> baseBlocks;
|
protected List<BaseBlock> baseBlocks;
|
||||||
|
|
||||||
public List<BaseBlock> BaseBlocks {
|
public List<BaseBlock> BaseBlocks {
|
|
@ -20,9 +20,8 @@
|
||||||
using System;
|
using System;
|
||||||
using System.Collections.Generic;
|
using System.Collections.Generic;
|
||||||
using Mono.Cecil.Cil;
|
using Mono.Cecil.Cil;
|
||||||
using de4dot.blocks;
|
|
||||||
|
|
||||||
namespace de4dot {
|
namespace de4dot.blocks {
|
||||||
class SwitchControlFlowDeobfuscator {
|
class SwitchControlFlowDeobfuscator {
|
||||||
Blocks blocks;
|
Blocks blocks;
|
||||||
Dictionary<Block, bool> foundBlocks = new Dictionary<Block, bool>();
|
Dictionary<Block, bool> foundBlocks = new Dictionary<Block, bool>();
|
|
@ -21,7 +21,7 @@ using System.Collections.Generic;
|
||||||
|
|
||||||
namespace de4dot.blocks {
|
namespace de4dot.blocks {
|
||||||
// This is the block inside try { }.
|
// This is the block inside try { }.
|
||||||
class TryBlock : ScopeBlock {
|
public class TryBlock : ScopeBlock {
|
||||||
// The first one is the most nested one and the last one is the
|
// The first one is the most nested one and the last one is the
|
||||||
// outer most handler. I.e., the exceptions are written to the
|
// outer most handler. I.e., the exceptions are written to the
|
||||||
// image in the same order they're saved here.
|
// image in the same order they're saved here.
|
|
@ -22,7 +22,7 @@ using Mono.Cecil.Cil;
|
||||||
|
|
||||||
namespace de4dot.blocks {
|
namespace de4dot.blocks {
|
||||||
// Contains the filter handler block and the catch handler block.
|
// Contains the filter handler block and the catch handler block.
|
||||||
class TryHandlerBlock : ScopeBlock {
|
public class TryHandlerBlock : ScopeBlock {
|
||||||
FilterHandlerBlock filterHandlerBlock = new FilterHandlerBlock();
|
FilterHandlerBlock filterHandlerBlock = new FilterHandlerBlock();
|
||||||
HandlerBlock handlerBlock = new HandlerBlock();
|
HandlerBlock handlerBlock = new HandlerBlock();
|
||||||
|
|
45
blocks/Utils.cs
Normal file
45
blocks/Utils.cs
Normal file
|
@ -0,0 +1,45 @@
|
||||||
|
using System.Collections.Generic;
|
||||||
|
|
||||||
|
namespace de4dot.blocks {
|
||||||
|
internal delegate TResult Func<out TResult>();
|
||||||
|
internal delegate TResult Func<in T, out TResult>(T arg);
|
||||||
|
internal delegate TResult Func<in T1, in T2, out TResult>(T1 arg1, T2 arg2);
|
||||||
|
internal delegate TResult Func<in T1, in T2, in T3, out TResult>(T1 arg1, T2 arg2, T3 arg3);
|
||||||
|
internal delegate void Action();
|
||||||
|
internal delegate void Action<in T>(T arg);
|
||||||
|
internal delegate void Action<in T1, in T2>(T1 arg1, T2 arg2);
|
||||||
|
internal delegate void Action<in T1, in T2, in T3>(T1 arg1, T2 arg2, T3 arg3);
|
||||||
|
|
||||||
|
public class Tuple<T1, T2> {
|
||||||
|
public T1 Item1 { get; set; }
|
||||||
|
public T2 Item2 { get; set; }
|
||||||
|
public override bool Equals(object obj) {
|
||||||
|
var other = obj as Tuple<T1, T2>;
|
||||||
|
if (other == null)
|
||||||
|
return false;
|
||||||
|
return Item1.Equals(other.Item1) && Item2.Equals(other.Item2);
|
||||||
|
}
|
||||||
|
public override int GetHashCode() {
|
||||||
|
return Item1.GetHashCode() + Item2.GetHashCode();
|
||||||
|
}
|
||||||
|
public override string ToString() {
|
||||||
|
return "<" + Item1.ToString() + "," + Item2.ToString() + ">";
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
static class Utils {
|
||||||
|
public static IDictionary<T, int> createObjectToIndexDictionary<T>(IList<T> objs) {
|
||||||
|
var dict = new Dictionary<T, int>();
|
||||||
|
for (int i = 0; i < objs.Count; i++)
|
||||||
|
dict[objs[i]] = i;
|
||||||
|
return dict;
|
||||||
|
}
|
||||||
|
|
||||||
|
public static List<TOut> convert<TIn, TOut>(IEnumerable<TIn> list) where TIn : TOut {
|
||||||
|
var olist = new List<TOut>();
|
||||||
|
foreach (var l in list)
|
||||||
|
olist.Add(l);
|
||||||
|
return olist;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
72
blocks/blocks.csproj
Normal file
72
blocks/blocks.csproj
Normal file
|
@ -0,0 +1,72 @@
|
||||||
|
<?xml version="1.0" encoding="utf-8"?>
|
||||||
|
<Project ToolsVersion="4.0" DefaultTargets="Build" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
|
||||||
|
<PropertyGroup>
|
||||||
|
<Configuration Condition=" '$(Configuration)' == '' ">Debug</Configuration>
|
||||||
|
<Platform Condition=" '$(Platform)' == '' ">AnyCPU</Platform>
|
||||||
|
<ProductVersion>8.0.30703</ProductVersion>
|
||||||
|
<SchemaVersion>2.0</SchemaVersion>
|
||||||
|
<ProjectGuid>{045B96F2-AF80-4C4C-8D27-E38635AC705E}</ProjectGuid>
|
||||||
|
<OutputType>Library</OutputType>
|
||||||
|
<AppDesignerFolder>Properties</AppDesignerFolder>
|
||||||
|
<RootNamespace>de4dot.blocks</RootNamespace>
|
||||||
|
<AssemblyName>blocks</AssemblyName>
|
||||||
|
<TargetFrameworkVersion>v2.0</TargetFrameworkVersion>
|
||||||
|
<FileAlignment>512</FileAlignment>
|
||||||
|
</PropertyGroup>
|
||||||
|
<PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Debug|AnyCPU' ">
|
||||||
|
<DebugSymbols>true</DebugSymbols>
|
||||||
|
<DebugType>full</DebugType>
|
||||||
|
<Optimize>false</Optimize>
|
||||||
|
<OutputPath>..\Debug\</OutputPath>
|
||||||
|
<DefineConstants>DEBUG;TRACE</DefineConstants>
|
||||||
|
<ErrorReport>prompt</ErrorReport>
|
||||||
|
<WarningLevel>4</WarningLevel>
|
||||||
|
</PropertyGroup>
|
||||||
|
<PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Release|AnyCPU' ">
|
||||||
|
<DebugType>pdbonly</DebugType>
|
||||||
|
<Optimize>true</Optimize>
|
||||||
|
<OutputPath>..\Release\</OutputPath>
|
||||||
|
<DefineConstants>TRACE</DefineConstants>
|
||||||
|
<ErrorReport>prompt</ErrorReport>
|
||||||
|
<WarningLevel>4</WarningLevel>
|
||||||
|
</PropertyGroup>
|
||||||
|
<ItemGroup>
|
||||||
|
<Compile Include="BaseBlock.cs" />
|
||||||
|
<Compile Include="Block.cs" />
|
||||||
|
<Compile Include="Blocks.cs" />
|
||||||
|
<Compile Include="BlocksSorter.cs" />
|
||||||
|
<Compile Include="CodeGenerator.cs" />
|
||||||
|
<Compile Include="CondBranchDeobfuscator.cs" />
|
||||||
|
<Compile Include="DotNetUtils.cs" />
|
||||||
|
<Compile Include="FilterHandlerBlock.cs" />
|
||||||
|
<Compile Include="ForwardScanOrder.cs" />
|
||||||
|
<Compile Include="HandlerBlock.cs" />
|
||||||
|
<Compile Include="Instr.cs" />
|
||||||
|
<Compile Include="InstructionListParser.cs" />
|
||||||
|
<Compile Include="MemberReferenceHelper.cs" />
|
||||||
|
<Compile Include="MethodBlocks.cs" />
|
||||||
|
<Compile Include="Properties\AssemblyInfo.cs" />
|
||||||
|
<Compile Include="ScopeBlock.cs" />
|
||||||
|
<Compile Include="SwitchControlFlowDeobfuscator.cs" />
|
||||||
|
<Compile Include="TryBlock.cs" />
|
||||||
|
<Compile Include="TryHandlerBlock.cs" />
|
||||||
|
<Compile Include="Utils.cs" />
|
||||||
|
</ItemGroup>
|
||||||
|
<ItemGroup>
|
||||||
|
<ProjectReference Include="..\cecil\Mono.Cecil.csproj">
|
||||||
|
<Project>{D68133BD-1E63-496E-9EDE-4FBDBF77B486}</Project>
|
||||||
|
<Name>Mono.Cecil</Name>
|
||||||
|
</ProjectReference>
|
||||||
|
</ItemGroup>
|
||||||
|
<ItemGroup>
|
||||||
|
<Reference Include="System" />
|
||||||
|
</ItemGroup>
|
||||||
|
<Import Project="$(MSBuildToolsPath)\Microsoft.CSharp.targets" />
|
||||||
|
<!-- To modify your build process, add your task inside one of the targets below and uncomment it.
|
||||||
|
Other similar extension points exist, see Microsoft.Common.targets.
|
||||||
|
<Target Name="BeforeBuild">
|
||||||
|
</Target>
|
||||||
|
<Target Name="AfterBuild">
|
||||||
|
</Target>
|
||||||
|
-->
|
||||||
|
</Project>
|
|
@ -78,6 +78,7 @@ namespace de4dot {
|
||||||
stringDecrypterTypes.add(DecrypterType.None, "none", "Don't decrypt strings");
|
stringDecrypterTypes.add(DecrypterType.None, "none", "Don't decrypt strings");
|
||||||
stringDecrypterTypes.add(DecrypterType.Static, "static", "Use static string decrypter if available");
|
stringDecrypterTypes.add(DecrypterType.Static, "static", "Use static string decrypter if available");
|
||||||
stringDecrypterTypes.add(DecrypterType.Delegate, "delegate", "Use a delegate to call the real string decrypter");
|
stringDecrypterTypes.add(DecrypterType.Delegate, "delegate", "Use a delegate to call the real string decrypter");
|
||||||
|
stringDecrypterTypes.add(DecrypterType.Emulate, "emulate", "Call real string decrypter and emulate certain instructions");
|
||||||
}
|
}
|
||||||
|
|
||||||
public CommandLineParser(IList<IDeobfuscatorInfo> deobfuscatorInfos, FilesDeobfuscator.Options filesOptions) {
|
public CommandLineParser(IList<IDeobfuscatorInfo> deobfuscatorInfos, FilesDeobfuscator.Options filesOptions) {
|
||||||
|
|
|
@ -26,6 +26,7 @@ namespace de4dot {
|
||||||
None,
|
None,
|
||||||
Static,
|
Static,
|
||||||
Delegate,
|
Delegate,
|
||||||
|
Emulate,
|
||||||
}
|
}
|
||||||
|
|
||||||
interface IObfuscatedFile {
|
interface IObfuscatedFile {
|
||||||
|
|
|
@ -239,6 +239,7 @@ namespace de4dot {
|
||||||
break;
|
break;
|
||||||
|
|
||||||
case DecrypterType.Delegate:
|
case DecrypterType.Delegate:
|
||||||
|
case DecrypterType.Emulate:
|
||||||
checkSupportedStringDecrypter(StringFeatures.AllowDynamicDecryption);
|
checkSupportedStringDecrypter(StringFeatures.AllowDynamicDecryption);
|
||||||
assemblyClient = assemblyClientFactory.create();
|
assemblyClient = assemblyClientFactory.create();
|
||||||
assemblyClient.connect();
|
assemblyClient.connect();
|
||||||
|
@ -272,6 +273,8 @@ namespace de4dot {
|
||||||
|
|
||||||
if (options.StringDecrypterType == DecrypterType.Delegate)
|
if (options.StringDecrypterType == DecrypterType.Delegate)
|
||||||
assemblyClient.Service.setStringDecrypterType(AssemblyData.StringDecrypterType.Delegate);
|
assemblyClient.Service.setStringDecrypterType(AssemblyData.StringDecrypterType.Delegate);
|
||||||
|
else if (options.StringDecrypterType == DecrypterType.Emulate)
|
||||||
|
assemblyClient.Service.setStringDecrypterType(AssemblyData.StringDecrypterType.Emulate);
|
||||||
else
|
else
|
||||||
throw new ApplicationException(string.Format("Invalid string decrypter type '{0}'", options.StringDecrypterType));
|
throw new ApplicationException(string.Format("Invalid string decrypter type '{0}'", options.StringDecrypterType));
|
||||||
|
|
||||||
|
@ -415,8 +418,11 @@ namespace de4dot {
|
||||||
var blocks = new Blocks(method);
|
var blocks = new Blocks(method);
|
||||||
|
|
||||||
deob.deobfuscateMethodBegin(blocks);
|
deob.deobfuscateMethodBegin(blocks);
|
||||||
if (options.ControlFlowDeobfuscation)
|
if (options.ControlFlowDeobfuscation) {
|
||||||
blocks.deobfuscate();
|
int numDeadBlocks = blocks.deobfuscate();
|
||||||
|
if (numDeadBlocks > 0)
|
||||||
|
Log.v("Removed {0} dead block(s)", numDeadBlocks);
|
||||||
|
}
|
||||||
deobfuscateStrings(blocks);
|
deobfuscateStrings(blocks);
|
||||||
deob.deobfuscateMethodEnd(blocks);
|
deob.deobfuscateMethodEnd(blocks);
|
||||||
if (options.ControlFlowDeobfuscation)
|
if (options.ControlFlowDeobfuscation)
|
||||||
|
@ -444,6 +450,7 @@ namespace de4dot {
|
||||||
break;
|
break;
|
||||||
|
|
||||||
case DecrypterType.Delegate:
|
case DecrypterType.Delegate:
|
||||||
|
case DecrypterType.Emulate:
|
||||||
dynamicStringDecrypter.decrypt(blocks);
|
dynamicStringDecrypter.decrypt(blocks);
|
||||||
break;
|
break;
|
||||||
|
|
||||||
|
|
|
@ -173,19 +173,5 @@ namespace de4dot {
|
||||||
public static string getPathOfOurFile(string filename) {
|
public static string getPathOfOurFile(string filename) {
|
||||||
return Path.Combine(getOurBaseDir(), filename);
|
return Path.Combine(getOurBaseDir(), filename);
|
||||||
}
|
}
|
||||||
|
|
||||||
public static IDictionary<T, int> createObjectToIndexDictionary<T>(IList<T> objs) {
|
|
||||||
var dict = new Dictionary<T, int>();
|
|
||||||
for (int i = 0; i < objs.Count; i++)
|
|
||||||
dict[objs[i]] = i;
|
|
||||||
return dict;
|
|
||||||
}
|
|
||||||
|
|
||||||
public static List<TOut> convert<TIn, TOut>(IEnumerable<TIn> list) where TIn : TOut {
|
|
||||||
var olist = new List<TOut>();
|
|
||||||
foreach (var l in list)
|
|
||||||
olist.Add(l);
|
|
||||||
return olist;
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -54,27 +54,12 @@
|
||||||
<Compile Include="AssemblyClient\NewProcessAssemblyServerLoader.cs" />
|
<Compile Include="AssemblyClient\NewProcessAssemblyServerLoader.cs" />
|
||||||
<Compile Include="AssemblyClient\SameAppDomainAssemblyServerLoader.cs" />
|
<Compile Include="AssemblyClient\SameAppDomainAssemblyServerLoader.cs" />
|
||||||
<Compile Include="AssemblyResolver.cs" />
|
<Compile Include="AssemblyResolver.cs" />
|
||||||
<Compile Include="blocks\BaseBlock.cs" />
|
|
||||||
<Compile Include="blocks\Block.cs" />
|
|
||||||
<Compile Include="blocks\Blocks.cs" />
|
|
||||||
<Compile Include="blocks\BlocksSorter.cs" />
|
|
||||||
<Compile Include="blocks\CodeGenerator.cs" />
|
|
||||||
<Compile Include="blocks\CondBranchDeobfuscator.cs" />
|
|
||||||
<Compile Include="blocks\FilterHandlerBlock.cs" />
|
|
||||||
<Compile Include="blocks\ForwardScanOrder.cs" />
|
|
||||||
<Compile Include="blocks\HandlerBlock.cs" />
|
|
||||||
<Compile Include="blocks\Instr.cs" />
|
|
||||||
<Compile Include="blocks\InstructionListParser.cs" />
|
|
||||||
<Compile Include="blocks\MethodBlocks.cs" />
|
|
||||||
<Compile Include="blocks\ScopeBlock.cs" />
|
|
||||||
<Compile Include="blocks\SwitchControlFlowDeobfuscator.cs" />
|
|
||||||
<Compile Include="blocks\TryBlock.cs" />
|
|
||||||
<Compile Include="blocks\TryHandlerBlock.cs" />
|
|
||||||
<Compile Include="CommandLineParser.cs" />
|
<Compile Include="CommandLineParser.cs" />
|
||||||
<Compile Include="deobfuscators\CliSecure\Deobfuscator.cs" />
|
<Compile Include="deobfuscators\CliSecure\Deobfuscator.cs" />
|
||||||
<Compile Include="deobfuscators\CliSecure\ProxyDelegateFinder.cs" />
|
<Compile Include="deobfuscators\CliSecure\ProxyDelegateFinder.cs" />
|
||||||
<Compile Include="deobfuscators\DeobfuscatorBase.cs" />
|
<Compile Include="deobfuscators\DeobfuscatorBase.cs" />
|
||||||
<Compile Include="deobfuscators\DeobfuscatorInfoBase.cs" />
|
<Compile Include="deobfuscators\DeobfuscatorInfoBase.cs" />
|
||||||
|
<Compile Include="deobfuscators\DeobUtils.cs" />
|
||||||
<Compile Include="deobfuscators\Dotfuscator\Deobfuscator.cs" />
|
<Compile Include="deobfuscators\Dotfuscator\Deobfuscator.cs" />
|
||||||
<Compile Include="deobfuscators\Eazfuscator\Deobfuscator.cs" />
|
<Compile Include="deobfuscators\Eazfuscator\Deobfuscator.cs" />
|
||||||
<Compile Include="deobfuscators\ExceptionLoggerRemover.cs" />
|
<Compile Include="deobfuscators\ExceptionLoggerRemover.cs" />
|
||||||
|
@ -102,11 +87,9 @@
|
||||||
<Compile Include="deobfuscators\SmartAssembly\StringEncoderClassFinder.cs" />
|
<Compile Include="deobfuscators\SmartAssembly\StringEncoderClassFinder.cs" />
|
||||||
<Compile Include="deobfuscators\SmartAssembly\TamperProtectionRemover.cs" />
|
<Compile Include="deobfuscators\SmartAssembly\TamperProtectionRemover.cs" />
|
||||||
<Compile Include="deobfuscators\Unknown\Deobfuscator.cs" />
|
<Compile Include="deobfuscators\Unknown\Deobfuscator.cs" />
|
||||||
<Compile Include="DotNetUtils.cs" />
|
|
||||||
<Compile Include="FilesDeobfuscator.cs" />
|
<Compile Include="FilesDeobfuscator.cs" />
|
||||||
<Compile Include="IObfuscatedFile.cs" />
|
<Compile Include="IObfuscatedFile.cs" />
|
||||||
<Compile Include="Log.cs" />
|
<Compile Include="Log.cs" />
|
||||||
<Compile Include="MemberReferenceHelper.cs" />
|
|
||||||
<Compile Include="AssemblyModule.cs" />
|
<Compile Include="AssemblyModule.cs" />
|
||||||
<Compile Include="NameRegexes.cs" />
|
<Compile Include="NameRegexes.cs" />
|
||||||
<Compile Include="ObfuscatedFile.cs" />
|
<Compile Include="ObfuscatedFile.cs" />
|
||||||
|
@ -134,6 +117,10 @@
|
||||||
<Project>{FBD84077-9D35-41FE-89DF-8D79EFE0B595}</Project>
|
<Project>{FBD84077-9D35-41FE-89DF-8D79EFE0B595}</Project>
|
||||||
<Name>AssemblyData</Name>
|
<Name>AssemblyData</Name>
|
||||||
</ProjectReference>
|
</ProjectReference>
|
||||||
|
<ProjectReference Include="..\blocks\blocks.csproj">
|
||||||
|
<Project>{045B96F2-AF80-4C4C-8D27-E38635AC705E}</Project>
|
||||||
|
<Name>blocks</Name>
|
||||||
|
</ProjectReference>
|
||||||
<ProjectReference Include="..\cecil\Mono.Cecil.csproj">
|
<ProjectReference Include="..\cecil\Mono.Cecil.csproj">
|
||||||
<Project>{D68133BD-1E63-496E-9EDE-4FBDBF77B486}</Project>
|
<Project>{D68133BD-1E63-496E-9EDE-4FBDBF77B486}</Project>
|
||||||
<Name>Mono.Cecil</Name>
|
<Name>Mono.Cecil</Name>
|
||||||
|
|
|
@ -264,7 +264,7 @@ namespace de4dot.deobfuscators.CliSecure {
|
||||||
if (resource == null)
|
if (resource == null)
|
||||||
return;
|
return;
|
||||||
|
|
||||||
DotNetUtils.decryptAndAddResources(module, resource.Name, () => decryptResource(resource));
|
DeobUtils.decryptAndAddResources(module, resource.Name, () => decryptResource(resource));
|
||||||
|
|
||||||
addResourceToBeRemoved(resource, "Encrypted resource");
|
addResourceToBeRemoved(resource, "Encrypted resource");
|
||||||
if (rsrcDecryptMethod != null)
|
if (rsrcDecryptMethod != null)
|
||||||
|
|
22
de4dot.code/deobfuscators/DeobUtils.cs
Normal file
22
de4dot.code/deobfuscators/DeobUtils.cs
Normal file
|
@ -0,0 +1,22 @@
|
||||||
|
using System;
|
||||||
|
using System.IO;
|
||||||
|
using Mono.Cecil;
|
||||||
|
|
||||||
|
namespace de4dot.deobfuscators {
|
||||||
|
static class DeobUtils {
|
||||||
|
public static void decryptAndAddResources(ModuleDefinition module, string encryptedName, Func<byte[]> decryptResource) {
|
||||||
|
Log.v("Decrypting resources, name: {0}", Utils.toCsharpString(encryptedName));
|
||||||
|
var decryptedResourceData = decryptResource();
|
||||||
|
if (decryptedResourceData == null)
|
||||||
|
throw new ApplicationException("decryptedResourceData is null");
|
||||||
|
var resourceModule = ModuleDefinition.ReadModule(new MemoryStream(decryptedResourceData));
|
||||||
|
|
||||||
|
Log.indent();
|
||||||
|
foreach (var rsrc in resourceModule.Resources) {
|
||||||
|
Log.v("Adding decrypted resource {0}", Utils.toCsharpString(rsrc.Name));
|
||||||
|
module.Resources.Add(rsrc);
|
||||||
|
}
|
||||||
|
Log.deIndent();
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
|
@ -20,6 +20,7 @@
|
||||||
using System.Collections.Generic;
|
using System.Collections.Generic;
|
||||||
using Mono.Cecil;
|
using Mono.Cecil;
|
||||||
using Mono.Cecil.Cil;
|
using Mono.Cecil.Cil;
|
||||||
|
using de4dot.blocks;
|
||||||
|
|
||||||
namespace de4dot.deobfuscators.Eazfuscator {
|
namespace de4dot.deobfuscators.Eazfuscator {
|
||||||
class DeobfuscatorInfo : DeobfuscatorInfoBase {
|
class DeobfuscatorInfo : DeobfuscatorInfoBase {
|
||||||
|
|
|
@ -22,6 +22,7 @@ using System.Collections.Generic;
|
||||||
using System.Text;
|
using System.Text;
|
||||||
using Mono.Cecil;
|
using Mono.Cecil;
|
||||||
using Mono.Cecil.Cil;
|
using Mono.Cecil.Cil;
|
||||||
|
using de4dot.blocks;
|
||||||
|
|
||||||
namespace de4dot.deobfuscators.SmartAssembly {
|
namespace de4dot.deobfuscators.SmartAssembly {
|
||||||
class AssemblyResolverInfo : ResolverInfoBase {
|
class AssemblyResolverInfo : ResolverInfoBase {
|
||||||
|
|
|
@ -20,6 +20,7 @@
|
||||||
using System.Collections.Generic;
|
using System.Collections.Generic;
|
||||||
using Mono.Cecil;
|
using Mono.Cecil;
|
||||||
using Mono.Cecil.Cil;
|
using Mono.Cecil.Cil;
|
||||||
|
using de4dot.blocks;
|
||||||
|
|
||||||
namespace de4dot.deobfuscators.SmartAssembly {
|
namespace de4dot.deobfuscators.SmartAssembly {
|
||||||
class AutomatedErrorReportingFinder {
|
class AutomatedErrorReportingFinder {
|
||||||
|
|
|
@ -18,6 +18,7 @@
|
||||||
*/
|
*/
|
||||||
|
|
||||||
using Mono.Cecil;
|
using Mono.Cecil;
|
||||||
|
using de4dot.blocks;
|
||||||
|
|
||||||
namespace de4dot.deobfuscators.SmartAssembly {
|
namespace de4dot.deobfuscators.SmartAssembly {
|
||||||
class MemoryManagerInfo {
|
class MemoryManagerInfo {
|
||||||
|
|
|
@ -19,6 +19,7 @@
|
||||||
|
|
||||||
using System.Collections.Generic;
|
using System.Collections.Generic;
|
||||||
using Mono.Cecil;
|
using Mono.Cecil;
|
||||||
|
using de4dot.blocks;
|
||||||
|
|
||||||
namespace de4dot.deobfuscators.SmartAssembly {
|
namespace de4dot.deobfuscators.SmartAssembly {
|
||||||
class ProxyDelegateFinder : ProxyDelegateFinderBase {
|
class ProxyDelegateFinder : ProxyDelegateFinderBase {
|
||||||
|
|
|
@ -20,6 +20,7 @@
|
||||||
using System.Collections.Generic;
|
using System.Collections.Generic;
|
||||||
using Mono.Cecil;
|
using Mono.Cecil;
|
||||||
using Mono.Cecil.Cil;
|
using Mono.Cecil.Cil;
|
||||||
|
using de4dot.blocks;
|
||||||
|
|
||||||
namespace de4dot.deobfuscators.SmartAssembly {
|
namespace de4dot.deobfuscators.SmartAssembly {
|
||||||
abstract class ResolverInfoBase {
|
abstract class ResolverInfoBase {
|
||||||
|
|
|
@ -20,6 +20,7 @@
|
||||||
using System.Collections.Generic;
|
using System.Collections.Generic;
|
||||||
using Mono.Cecil;
|
using Mono.Cecil;
|
||||||
using Mono.Cecil.Cil;
|
using Mono.Cecil.Cil;
|
||||||
|
using de4dot.blocks;
|
||||||
|
|
||||||
namespace de4dot.deobfuscators.SmartAssembly {
|
namespace de4dot.deobfuscators.SmartAssembly {
|
||||||
class ResourceDecrypterInfo {
|
class ResourceDecrypterInfo {
|
||||||
|
|
|
@ -20,6 +20,7 @@
|
||||||
using System;
|
using System;
|
||||||
using System.IO;
|
using System.IO;
|
||||||
using Mono.Cecil;
|
using Mono.Cecil;
|
||||||
|
using de4dot.blocks;
|
||||||
|
|
||||||
namespace de4dot.deobfuscators.SmartAssembly {
|
namespace de4dot.deobfuscators.SmartAssembly {
|
||||||
class ResourceResolver {
|
class ResourceResolver {
|
||||||
|
@ -46,7 +47,7 @@ namespace de4dot.deobfuscators.SmartAssembly {
|
||||||
if (resource == null)
|
if (resource == null)
|
||||||
return null;
|
return null;
|
||||||
|
|
||||||
DotNetUtils.decryptAndAddResources(module, resource.Name, () => assemblyResolver.removeDecryptedResource(resource));
|
DeobUtils.decryptAndAddResources(module, resource.Name, () => assemblyResolver.removeDecryptedResource(resource));
|
||||||
mergedIt = true;
|
mergedIt = true;
|
||||||
return resource;
|
return resource;
|
||||||
}
|
}
|
||||||
|
|
|
@ -19,6 +19,7 @@
|
||||||
|
|
||||||
using Mono.Cecil;
|
using Mono.Cecil;
|
||||||
using Mono.Cecil.Cil;
|
using Mono.Cecil.Cil;
|
||||||
|
using de4dot.blocks;
|
||||||
|
|
||||||
namespace de4dot.deobfuscators.SmartAssembly {
|
namespace de4dot.deobfuscators.SmartAssembly {
|
||||||
class ResourceResolverInfo : ResolverInfoBase {
|
class ResourceResolverInfo : ResolverInfoBase {
|
||||||
|
|
|
@ -18,6 +18,7 @@
|
||||||
*/
|
*/
|
||||||
|
|
||||||
using Mono.Cecil;
|
using Mono.Cecil;
|
||||||
|
using de4dot.blocks;
|
||||||
|
|
||||||
namespace de4dot.deobfuscators.SmartAssembly {
|
namespace de4dot.deobfuscators.SmartAssembly {
|
||||||
class SimpleZipInfo {
|
class SimpleZipInfo {
|
||||||
|
|
|
@ -20,6 +20,7 @@
|
||||||
using System.Collections.Generic;
|
using System.Collections.Generic;
|
||||||
using Mono.Cecil;
|
using Mono.Cecil;
|
||||||
using Mono.Cecil.Cil;
|
using Mono.Cecil.Cil;
|
||||||
|
using de4dot.blocks;
|
||||||
|
|
||||||
namespace de4dot.deobfuscators.SmartAssembly {
|
namespace de4dot.deobfuscators.SmartAssembly {
|
||||||
class StringsEncoderInfo {
|
class StringsEncoderInfo {
|
||||||
|
|
|
@ -20,6 +20,7 @@
|
||||||
using System;
|
using System;
|
||||||
using System.Collections.Generic;
|
using System.Collections.Generic;
|
||||||
using Mono.Cecil;
|
using Mono.Cecil;
|
||||||
|
using de4dot.blocks;
|
||||||
|
|
||||||
namespace de4dot.renamer {
|
namespace de4dot.renamer {
|
||||||
// Renames all typedefs, methoddefs, eventdefs, fielddefs, and propdefs
|
// Renames all typedefs, methoddefs, eventdefs, fielddefs, and propdefs
|
||||||
|
|
|
@ -21,6 +21,7 @@ using System;
|
||||||
using System.Collections.Generic;
|
using System.Collections.Generic;
|
||||||
using Mono.Cecil;
|
using Mono.Cecil;
|
||||||
using Mono.Cecil.Cil;
|
using Mono.Cecil.Cil;
|
||||||
|
using de4dot.blocks;
|
||||||
|
|
||||||
namespace de4dot {
|
namespace de4dot {
|
||||||
// If it's a non-generic memberref, you could use GetMemberReference() to get a cached
|
// If it's a non-generic memberref, you could use GetMemberReference() to get a cached
|
||||||
|
|
|
@ -19,6 +19,7 @@
|
||||||
|
|
||||||
using System;
|
using System;
|
||||||
using Mono.Cecil;
|
using Mono.Cecil;
|
||||||
|
using de4dot.blocks;
|
||||||
|
|
||||||
namespace de4dot.renamer {
|
namespace de4dot.renamer {
|
||||||
abstract class Expander {
|
abstract class Expander {
|
||||||
|
|
|
@ -21,6 +21,7 @@ using System;
|
||||||
using System.Collections.Generic;
|
using System.Collections.Generic;
|
||||||
using System.Text.RegularExpressions;
|
using System.Text.RegularExpressions;
|
||||||
using Mono.Cecil;
|
using Mono.Cecil;
|
||||||
|
using de4dot.blocks;
|
||||||
using de4dot.deobfuscators;
|
using de4dot.deobfuscators;
|
||||||
|
|
||||||
namespace de4dot.renamer {
|
namespace de4dot.renamer {
|
||||||
|
|
|
@ -18,6 +18,7 @@
|
||||||
*/
|
*/
|
||||||
|
|
||||||
using System.Collections.Generic;
|
using System.Collections.Generic;
|
||||||
|
using de4dot.blocks;
|
||||||
|
|
||||||
namespace de4dot.renamer {
|
namespace de4dot.renamer {
|
||||||
class MemberRenameState {
|
class MemberRenameState {
|
||||||
|
|
|
@ -20,6 +20,7 @@
|
||||||
using System;
|
using System;
|
||||||
using System.Collections.Generic;
|
using System.Collections.Generic;
|
||||||
using Mono.Cecil;
|
using Mono.Cecil;
|
||||||
|
using de4dot.blocks;
|
||||||
|
|
||||||
namespace de4dot.renamer {
|
namespace de4dot.renamer {
|
||||||
interface INameCreator {
|
interface INameCreator {
|
||||||
|
|
74
de4dot.sln
74
de4dot.sln
|
@ -30,6 +30,8 @@ Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "AssemblyServer-x64", "Assem
|
||||||
EndProject
|
EndProject
|
||||||
Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "dumpMethodsN", "dumpMethodsN\dumpMethodsN.vcxproj", "{3D97F8AF-494F-4AB2-82ED-E1BE532E4CB9}"
|
Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "dumpMethodsN", "dumpMethodsN\dumpMethodsN.vcxproj", "{3D97F8AF-494F-4AB2-82ED-E1BE532E4CB9}"
|
||||||
EndProject
|
EndProject
|
||||||
|
Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "blocks", "blocks\blocks.csproj", "{045B96F2-AF80-4C4C-8D27-E38635AC705E}"
|
||||||
|
EndProject
|
||||||
Global
|
Global
|
||||||
GlobalSection(SolutionConfigurationPlatforms) = preSolution
|
GlobalSection(SolutionConfigurationPlatforms) = preSolution
|
||||||
Debug|Any CPU = Debug|Any CPU
|
Debug|Any CPU = Debug|Any CPU
|
||||||
|
@ -1018,6 +1020,78 @@ Global
|
||||||
{3D97F8AF-494F-4AB2-82ED-E1BE532E4CB9}.winphone_Release|Win32.ActiveCfg = Release|Win32
|
{3D97F8AF-494F-4AB2-82ED-E1BE532E4CB9}.winphone_Release|Win32.ActiveCfg = Release|Win32
|
||||||
{3D97F8AF-494F-4AB2-82ED-E1BE532E4CB9}.winphone_Release|Win32.Build.0 = Release|Win32
|
{3D97F8AF-494F-4AB2-82ED-E1BE532E4CB9}.winphone_Release|Win32.Build.0 = Release|Win32
|
||||||
{3D97F8AF-494F-4AB2-82ED-E1BE532E4CB9}.winphone_Release|x86.ActiveCfg = Release|Win32
|
{3D97F8AF-494F-4AB2-82ED-E1BE532E4CB9}.winphone_Release|x86.ActiveCfg = Release|Win32
|
||||||
|
{045B96F2-AF80-4C4C-8D27-E38635AC705E}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
|
||||||
|
{045B96F2-AF80-4C4C-8D27-E38635AC705E}.Debug|Any CPU.Build.0 = Debug|Any CPU
|
||||||
|
{045B96F2-AF80-4C4C-8D27-E38635AC705E}.Debug|Mixed Platforms.ActiveCfg = Debug|Any CPU
|
||||||
|
{045B96F2-AF80-4C4C-8D27-E38635AC705E}.Debug|Mixed Platforms.Build.0 = Debug|Any CPU
|
||||||
|
{045B96F2-AF80-4C4C-8D27-E38635AC705E}.Debug|Win32.ActiveCfg = Debug|Any CPU
|
||||||
|
{045B96F2-AF80-4C4C-8D27-E38635AC705E}.Debug|x86.ActiveCfg = Debug|Any CPU
|
||||||
|
{045B96F2-AF80-4C4C-8D27-E38635AC705E}.net_2_0_Debug|Any CPU.ActiveCfg = Debug|Any CPU
|
||||||
|
{045B96F2-AF80-4C4C-8D27-E38635AC705E}.net_2_0_Debug|Any CPU.Build.0 = Debug|Any CPU
|
||||||
|
{045B96F2-AF80-4C4C-8D27-E38635AC705E}.net_2_0_Debug|Mixed Platforms.ActiveCfg = Debug|Any CPU
|
||||||
|
{045B96F2-AF80-4C4C-8D27-E38635AC705E}.net_2_0_Debug|Mixed Platforms.Build.0 = Debug|Any CPU
|
||||||
|
{045B96F2-AF80-4C4C-8D27-E38635AC705E}.net_2_0_Debug|Win32.ActiveCfg = Debug|Any CPU
|
||||||
|
{045B96F2-AF80-4C4C-8D27-E38635AC705E}.net_2_0_Debug|x86.ActiveCfg = Debug|Any CPU
|
||||||
|
{045B96F2-AF80-4C4C-8D27-E38635AC705E}.net_2_0_Release|Any CPU.ActiveCfg = Release|Any CPU
|
||||||
|
{045B96F2-AF80-4C4C-8D27-E38635AC705E}.net_2_0_Release|Any CPU.Build.0 = Release|Any CPU
|
||||||
|
{045B96F2-AF80-4C4C-8D27-E38635AC705E}.net_2_0_Release|Mixed Platforms.ActiveCfg = Release|Any CPU
|
||||||
|
{045B96F2-AF80-4C4C-8D27-E38635AC705E}.net_2_0_Release|Mixed Platforms.Build.0 = Release|Any CPU
|
||||||
|
{045B96F2-AF80-4C4C-8D27-E38635AC705E}.net_2_0_Release|Win32.ActiveCfg = Release|Any CPU
|
||||||
|
{045B96F2-AF80-4C4C-8D27-E38635AC705E}.net_2_0_Release|x86.ActiveCfg = Release|Any CPU
|
||||||
|
{045B96F2-AF80-4C4C-8D27-E38635AC705E}.net_3_5_Debug|Any CPU.ActiveCfg = Debug|Any CPU
|
||||||
|
{045B96F2-AF80-4C4C-8D27-E38635AC705E}.net_3_5_Debug|Any CPU.Build.0 = Debug|Any CPU
|
||||||
|
{045B96F2-AF80-4C4C-8D27-E38635AC705E}.net_3_5_Debug|Mixed Platforms.ActiveCfg = Debug|Any CPU
|
||||||
|
{045B96F2-AF80-4C4C-8D27-E38635AC705E}.net_3_5_Debug|Mixed Platforms.Build.0 = Debug|Any CPU
|
||||||
|
{045B96F2-AF80-4C4C-8D27-E38635AC705E}.net_3_5_Debug|Win32.ActiveCfg = Debug|Any CPU
|
||||||
|
{045B96F2-AF80-4C4C-8D27-E38635AC705E}.net_3_5_Debug|x86.ActiveCfg = Debug|Any CPU
|
||||||
|
{045B96F2-AF80-4C4C-8D27-E38635AC705E}.net_3_5_Release|Any CPU.ActiveCfg = Release|Any CPU
|
||||||
|
{045B96F2-AF80-4C4C-8D27-E38635AC705E}.net_3_5_Release|Any CPU.Build.0 = Release|Any CPU
|
||||||
|
{045B96F2-AF80-4C4C-8D27-E38635AC705E}.net_3_5_Release|Mixed Platforms.ActiveCfg = Release|Any CPU
|
||||||
|
{045B96F2-AF80-4C4C-8D27-E38635AC705E}.net_3_5_Release|Mixed Platforms.Build.0 = Release|Any CPU
|
||||||
|
{045B96F2-AF80-4C4C-8D27-E38635AC705E}.net_3_5_Release|Win32.ActiveCfg = Release|Any CPU
|
||||||
|
{045B96F2-AF80-4C4C-8D27-E38635AC705E}.net_3_5_Release|x86.ActiveCfg = Release|Any CPU
|
||||||
|
{045B96F2-AF80-4C4C-8D27-E38635AC705E}.net_4_0_Debug|Any CPU.ActiveCfg = Debug|Any CPU
|
||||||
|
{045B96F2-AF80-4C4C-8D27-E38635AC705E}.net_4_0_Debug|Any CPU.Build.0 = Debug|Any CPU
|
||||||
|
{045B96F2-AF80-4C4C-8D27-E38635AC705E}.net_4_0_Debug|Mixed Platforms.ActiveCfg = Debug|Any CPU
|
||||||
|
{045B96F2-AF80-4C4C-8D27-E38635AC705E}.net_4_0_Debug|Mixed Platforms.Build.0 = Debug|Any CPU
|
||||||
|
{045B96F2-AF80-4C4C-8D27-E38635AC705E}.net_4_0_Debug|Win32.ActiveCfg = Debug|Any CPU
|
||||||
|
{045B96F2-AF80-4C4C-8D27-E38635AC705E}.net_4_0_Debug|x86.ActiveCfg = Debug|Any CPU
|
||||||
|
{045B96F2-AF80-4C4C-8D27-E38635AC705E}.net_4_0_Release|Any CPU.ActiveCfg = Release|Any CPU
|
||||||
|
{045B96F2-AF80-4C4C-8D27-E38635AC705E}.net_4_0_Release|Any CPU.Build.0 = Release|Any CPU
|
||||||
|
{045B96F2-AF80-4C4C-8D27-E38635AC705E}.net_4_0_Release|Mixed Platforms.ActiveCfg = Release|Any CPU
|
||||||
|
{045B96F2-AF80-4C4C-8D27-E38635AC705E}.net_4_0_Release|Mixed Platforms.Build.0 = Release|Any CPU
|
||||||
|
{045B96F2-AF80-4C4C-8D27-E38635AC705E}.net_4_0_Release|Win32.ActiveCfg = Release|Any CPU
|
||||||
|
{045B96F2-AF80-4C4C-8D27-E38635AC705E}.net_4_0_Release|x86.ActiveCfg = Release|Any CPU
|
||||||
|
{045B96F2-AF80-4C4C-8D27-E38635AC705E}.Release|Any CPU.ActiveCfg = Release|Any CPU
|
||||||
|
{045B96F2-AF80-4C4C-8D27-E38635AC705E}.Release|Any CPU.Build.0 = Release|Any CPU
|
||||||
|
{045B96F2-AF80-4C4C-8D27-E38635AC705E}.Release|Mixed Platforms.ActiveCfg = Release|Any CPU
|
||||||
|
{045B96F2-AF80-4C4C-8D27-E38635AC705E}.Release|Mixed Platforms.Build.0 = Release|Any CPU
|
||||||
|
{045B96F2-AF80-4C4C-8D27-E38635AC705E}.Release|Win32.ActiveCfg = Release|Any CPU
|
||||||
|
{045B96F2-AF80-4C4C-8D27-E38635AC705E}.Release|x86.ActiveCfg = Release|Any CPU
|
||||||
|
{045B96F2-AF80-4C4C-8D27-E38635AC705E}.silverlight_Debug|Any CPU.ActiveCfg = Debug|Any CPU
|
||||||
|
{045B96F2-AF80-4C4C-8D27-E38635AC705E}.silverlight_Debug|Any CPU.Build.0 = Debug|Any CPU
|
||||||
|
{045B96F2-AF80-4C4C-8D27-E38635AC705E}.silverlight_Debug|Mixed Platforms.ActiveCfg = Debug|Any CPU
|
||||||
|
{045B96F2-AF80-4C4C-8D27-E38635AC705E}.silverlight_Debug|Mixed Platforms.Build.0 = Debug|Any CPU
|
||||||
|
{045B96F2-AF80-4C4C-8D27-E38635AC705E}.silverlight_Debug|Win32.ActiveCfg = Debug|Any CPU
|
||||||
|
{045B96F2-AF80-4C4C-8D27-E38635AC705E}.silverlight_Debug|x86.ActiveCfg = Debug|Any CPU
|
||||||
|
{045B96F2-AF80-4C4C-8D27-E38635AC705E}.silverlight_Release|Any CPU.ActiveCfg = Release|Any CPU
|
||||||
|
{045B96F2-AF80-4C4C-8D27-E38635AC705E}.silverlight_Release|Any CPU.Build.0 = Release|Any CPU
|
||||||
|
{045B96F2-AF80-4C4C-8D27-E38635AC705E}.silverlight_Release|Mixed Platforms.ActiveCfg = Release|Any CPU
|
||||||
|
{045B96F2-AF80-4C4C-8D27-E38635AC705E}.silverlight_Release|Mixed Platforms.Build.0 = Release|Any CPU
|
||||||
|
{045B96F2-AF80-4C4C-8D27-E38635AC705E}.silverlight_Release|Win32.ActiveCfg = Release|Any CPU
|
||||||
|
{045B96F2-AF80-4C4C-8D27-E38635AC705E}.silverlight_Release|x86.ActiveCfg = Release|Any CPU
|
||||||
|
{045B96F2-AF80-4C4C-8D27-E38635AC705E}.winphone_Debug|Any CPU.ActiveCfg = Debug|Any CPU
|
||||||
|
{045B96F2-AF80-4C4C-8D27-E38635AC705E}.winphone_Debug|Any CPU.Build.0 = Debug|Any CPU
|
||||||
|
{045B96F2-AF80-4C4C-8D27-E38635AC705E}.winphone_Debug|Mixed Platforms.ActiveCfg = Debug|Any CPU
|
||||||
|
{045B96F2-AF80-4C4C-8D27-E38635AC705E}.winphone_Debug|Mixed Platforms.Build.0 = Debug|Any CPU
|
||||||
|
{045B96F2-AF80-4C4C-8D27-E38635AC705E}.winphone_Debug|Win32.ActiveCfg = Debug|Any CPU
|
||||||
|
{045B96F2-AF80-4C4C-8D27-E38635AC705E}.winphone_Debug|x86.ActiveCfg = Debug|Any CPU
|
||||||
|
{045B96F2-AF80-4C4C-8D27-E38635AC705E}.winphone_Release|Any CPU.ActiveCfg = Release|Any CPU
|
||||||
|
{045B96F2-AF80-4C4C-8D27-E38635AC705E}.winphone_Release|Any CPU.Build.0 = Release|Any CPU
|
||||||
|
{045B96F2-AF80-4C4C-8D27-E38635AC705E}.winphone_Release|Mixed Platforms.ActiveCfg = Release|Any CPU
|
||||||
|
{045B96F2-AF80-4C4C-8D27-E38635AC705E}.winphone_Release|Mixed Platforms.Build.0 = Release|Any CPU
|
||||||
|
{045B96F2-AF80-4C4C-8D27-E38635AC705E}.winphone_Release|Win32.ActiveCfg = Release|Any CPU
|
||||||
|
{045B96F2-AF80-4C4C-8D27-E38635AC705E}.winphone_Release|x86.ActiveCfg = Release|Any CPU
|
||||||
EndGlobalSection
|
EndGlobalSection
|
||||||
GlobalSection(SolutionProperties) = preSolution
|
GlobalSection(SolutionProperties) = preSolution
|
||||||
HideSolutionNode = FALSE
|
HideSolutionNode = FALSE
|
||||||
|
|
Loading…
Reference in New Issue
Block a user