Load target asm's CLR version when decrypting strings dynamically
This commit is contained in:
parent
a67529ff35
commit
99c7cf8eb5
|
@ -17,6 +17,8 @@
|
|||
along with de4dot. If not, see <http://www.gnu.org/licenses/>.
|
||||
*/
|
||||
|
||||
using dot10.DotNet;
|
||||
|
||||
namespace de4dot.code.AssemblyClient {
|
||||
public interface IAssemblyClientFactory {
|
||||
IAssemblyClient create();
|
||||
|
@ -45,8 +47,27 @@ namespace de4dot.code.AssemblyClient {
|
|||
this.serverVersion = serverVersion;
|
||||
}
|
||||
|
||||
public IAssemblyClient create(ModuleDef module) {
|
||||
return new AssemblyClient(new NewProcessAssemblyServerLoader(getServerClrVersion(module)));
|
||||
}
|
||||
|
||||
public IAssemblyClient create() {
|
||||
return new AssemblyClient(new NewProcessAssemblyServerLoader(serverVersion));
|
||||
}
|
||||
|
||||
internal static ServerClrVersion getServerClrVersion(ModuleDef module) {
|
||||
switch (module.GetPointerSize()) {
|
||||
default:
|
||||
case 4:
|
||||
if (module.IsClr40)
|
||||
return ServerClrVersion.CLR_v40_x86;
|
||||
return ServerClrVersion.CLR_v20_x86;
|
||||
|
||||
case 8:
|
||||
if (module.IsClr40)
|
||||
return ServerClrVersion.CLR_v40_x64;
|
||||
return ServerClrVersion.CLR_v20_x64;
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
@ -355,7 +355,11 @@ namespace de4dot.code {
|
|||
case DecrypterType.Delegate:
|
||||
case DecrypterType.Emulate:
|
||||
checkSupportedStringDecrypter(StringFeatures.AllowDynamicDecryption);
|
||||
assemblyClient = assemblyClientFactory.create();
|
||||
var newProcFactory = assemblyClientFactory as NewProcessAssemblyClientFactory;
|
||||
if (newProcFactory != null)
|
||||
assemblyClient = newProcFactory.create(module);
|
||||
else
|
||||
assemblyClient = assemblyClientFactory.create();
|
||||
assemblyClient.connect();
|
||||
break;
|
||||
|
||||
|
|
|
@ -25,7 +25,7 @@ using de4dot.mdecrypt;
|
|||
namespace de4dot.code.deobfuscators {
|
||||
static class MethodsDecrypter {
|
||||
public static DumpedMethods decrypt(ModuleDef module, byte[] moduleCctorBytes) {
|
||||
return decrypt(getServerClrVersion(module), module.Location, moduleCctorBytes);
|
||||
return decrypt(NewProcessAssemblyClientFactory.getServerClrVersion(module), module.Location, moduleCctorBytes);
|
||||
}
|
||||
|
||||
public static DumpedMethods decrypt(ServerClrVersion serverVersion, string filename, byte[] moduleCctorBytes) {
|
||||
|
@ -39,20 +39,5 @@ namespace de4dot.code.deobfuscators {
|
|||
return client.Service.decryptMethods();
|
||||
}
|
||||
}
|
||||
|
||||
static ServerClrVersion getServerClrVersion(ModuleDef module) {
|
||||
switch (module.GetPointerSize()) {
|
||||
default:
|
||||
case 4:
|
||||
if (module.IsClr40)
|
||||
return ServerClrVersion.CLR_v40_x86;
|
||||
return ServerClrVersion.CLR_v20_x86;
|
||||
|
||||
case 8:
|
||||
if (module.IsClr40)
|
||||
return ServerClrVersion.CLR_v40_x64;
|
||||
return ServerClrVersion.CLR_v20_x64;
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue
Block a user