Load target asm's CLR version when decrypting strings dynamically
This commit is contained in:
parent
a67529ff35
commit
99c7cf8eb5
|
@ -17,6 +17,8 @@
|
||||||
along with de4dot. If not, see <http://www.gnu.org/licenses/>.
|
along with de4dot. If not, see <http://www.gnu.org/licenses/>.
|
||||||
*/
|
*/
|
||||||
|
|
||||||
|
using dot10.DotNet;
|
||||||
|
|
||||||
namespace de4dot.code.AssemblyClient {
|
namespace de4dot.code.AssemblyClient {
|
||||||
public interface IAssemblyClientFactory {
|
public interface IAssemblyClientFactory {
|
||||||
IAssemblyClient create();
|
IAssemblyClient create();
|
||||||
|
@ -45,8 +47,27 @@ namespace de4dot.code.AssemblyClient {
|
||||||
this.serverVersion = serverVersion;
|
this.serverVersion = serverVersion;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
public IAssemblyClient create(ModuleDef module) {
|
||||||
|
return new AssemblyClient(new NewProcessAssemblyServerLoader(getServerClrVersion(module)));
|
||||||
|
}
|
||||||
|
|
||||||
public IAssemblyClient create() {
|
public IAssemblyClient create() {
|
||||||
return new AssemblyClient(new NewProcessAssemblyServerLoader(serverVersion));
|
return new AssemblyClient(new NewProcessAssemblyServerLoader(serverVersion));
|
||||||
}
|
}
|
||||||
|
|
||||||
|
internal static ServerClrVersion getServerClrVersion(ModuleDef module) {
|
||||||
|
switch (module.GetPointerSize()) {
|
||||||
|
default:
|
||||||
|
case 4:
|
||||||
|
if (module.IsClr40)
|
||||||
|
return ServerClrVersion.CLR_v40_x86;
|
||||||
|
return ServerClrVersion.CLR_v20_x86;
|
||||||
|
|
||||||
|
case 8:
|
||||||
|
if (module.IsClr40)
|
||||||
|
return ServerClrVersion.CLR_v40_x64;
|
||||||
|
return ServerClrVersion.CLR_v20_x64;
|
||||||
|
}
|
||||||
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -355,7 +355,11 @@ namespace de4dot.code {
|
||||||
case DecrypterType.Delegate:
|
case DecrypterType.Delegate:
|
||||||
case DecrypterType.Emulate:
|
case DecrypterType.Emulate:
|
||||||
checkSupportedStringDecrypter(StringFeatures.AllowDynamicDecryption);
|
checkSupportedStringDecrypter(StringFeatures.AllowDynamicDecryption);
|
||||||
assemblyClient = assemblyClientFactory.create();
|
var newProcFactory = assemblyClientFactory as NewProcessAssemblyClientFactory;
|
||||||
|
if (newProcFactory != null)
|
||||||
|
assemblyClient = newProcFactory.create(module);
|
||||||
|
else
|
||||||
|
assemblyClient = assemblyClientFactory.create();
|
||||||
assemblyClient.connect();
|
assemblyClient.connect();
|
||||||
break;
|
break;
|
||||||
|
|
||||||
|
|
|
@ -25,7 +25,7 @@ using de4dot.mdecrypt;
|
||||||
namespace de4dot.code.deobfuscators {
|
namespace de4dot.code.deobfuscators {
|
||||||
static class MethodsDecrypter {
|
static class MethodsDecrypter {
|
||||||
public static DumpedMethods decrypt(ModuleDef module, byte[] moduleCctorBytes) {
|
public static DumpedMethods decrypt(ModuleDef module, byte[] moduleCctorBytes) {
|
||||||
return decrypt(getServerClrVersion(module), module.Location, moduleCctorBytes);
|
return decrypt(NewProcessAssemblyClientFactory.getServerClrVersion(module), module.Location, moduleCctorBytes);
|
||||||
}
|
}
|
||||||
|
|
||||||
public static DumpedMethods decrypt(ServerClrVersion serverVersion, string filename, byte[] moduleCctorBytes) {
|
public static DumpedMethods decrypt(ServerClrVersion serverVersion, string filename, byte[] moduleCctorBytes) {
|
||||||
|
@ -39,20 +39,5 @@ namespace de4dot.code.deobfuscators {
|
||||||
return client.Service.decryptMethods();
|
return client.Service.decryptMethods();
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
static ServerClrVersion getServerClrVersion(ModuleDef module) {
|
|
||||||
switch (module.GetPointerSize()) {
|
|
||||||
default:
|
|
||||||
case 4:
|
|
||||||
if (module.IsClr40)
|
|
||||||
return ServerClrVersion.CLR_v40_x86;
|
|
||||||
return ServerClrVersion.CLR_v20_x86;
|
|
||||||
|
|
||||||
case 8:
|
|
||||||
if (module.IsClr40)
|
|
||||||
return ServerClrVersion.CLR_v40_x64;
|
|
||||||
return ServerClrVersion.CLR_v20_x64;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue
Block a user