Restore method bodies
This commit is contained in:
de4dot
parent
7a279ebc19
commit
9a87a2658f
|
|
@ -19,6 +19,7 @@
|
|||
|
||||
using System.Collections.Generic;
|
||||
using Mono.Cecil;
|
||||
using de4dot.blocks;
|
||||
using de4dot.blocks.cflow;
|
||||
|
||||
namespace de4dot.code.deobfuscators.Spices_Net {
|
||||
|
|
@ -144,6 +145,14 @@ namespace de4dot.code.deobfuscators.Spices_Net {
|
|||
startedDeobfuscating = true;
|
||||
}
|
||||
|
||||
public override void deobfuscateMethodBegin(Blocks blocks) {
|
||||
base.deobfuscateMethodBegin(blocks);
|
||||
if (options.InlineMethods) {
|
||||
if (methodCallInliner.restoreBody(blocks))
|
||||
Log.v("Restored method body");
|
||||
}
|
||||
}
|
||||
|
||||
public override void deobfuscateEnd() {
|
||||
removeInlinedMethods();
|
||||
|
||||
|
|
|
|||
|
|
@ -18,6 +18,7 @@
|
|||
*/
|
||||
|
||||
using Mono.Cecil;
|
||||
using Mono.Cecil.Cil;
|
||||
using Mono.Cecil.Metadata;
|
||||
using de4dot.blocks;
|
||||
using de4dot.blocks.cflow;
|
||||
|
|
@ -91,5 +92,53 @@ namespace de4dot.code.deobfuscators.Spices_Net {
|
|||
|
||||
return numMethods > 0 && foundCtor;
|
||||
}
|
||||
|
||||
public bool restoreBody(Blocks blocks) {
|
||||
if (validTypes.find(blocks.Method.DeclaringType))
|
||||
return false;
|
||||
if (blocks.Locals.Count > 0)
|
||||
return false;
|
||||
if (blocks.MethodBlocks.BaseBlocks.Count != 1)
|
||||
return false;
|
||||
var block = blocks.MethodBlocks.BaseBlocks[0] as Block;
|
||||
if (block == null)
|
||||
return false;
|
||||
|
||||
MethodDefinition calledMethod;
|
||||
if (!checkRestoreBody(block, out calledMethod))
|
||||
return false;
|
||||
if (calledMethod == blocks.Method)
|
||||
return false;
|
||||
|
||||
DotNetUtils.copyBodyFromTo(calledMethod, blocks.Method);
|
||||
blocks.updateBlocks();
|
||||
return true;
|
||||
}
|
||||
|
||||
bool checkRestoreBody(Block block, out MethodDefinition calledMethod) {
|
||||
calledMethod = null;
|
||||
|
||||
var instrs = block.Instructions;
|
||||
int index;
|
||||
for (index = 0; index < instrs.Count; index++) {
|
||||
if (DotNetUtils.getArgIndex(instrs[index].Instruction) != index)
|
||||
break;
|
||||
}
|
||||
|
||||
var call = instrs[index++];
|
||||
if (call.OpCode.Code != Code.Call)
|
||||
return false;
|
||||
|
||||
calledMethod = call.Operand as MethodDefinition;
|
||||
if (calledMethod == null)
|
||||
return false;
|
||||
if (!checkCanInline(calledMethod))
|
||||
return false;
|
||||
|
||||
if (instrs[index++].OpCode.Code != Code.Ret)
|
||||
return false;
|
||||
|
||||
return true;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
|||
Loading…
Reference in New Issue
Block a user