Move methods to ConfuserUtils
This commit is contained in:
parent
135dcd5a3c
commit
a48a03b9ab
|
@ -67,6 +67,7 @@
|
|||
<Compile Include="deobfuscators\Babel_NET\MemberReferenceConverter.cs" />
|
||||
<Compile Include="deobfuscators\Babel_NET\MethodBodyReader.cs" />
|
||||
<Compile Include="deobfuscators\Babel_NET\MethodReferenceReader.cs" />
|
||||
<Compile Include="deobfuscators\Confuser\ConfuserUtils.cs" />
|
||||
<Compile Include="deobfuscators\Confuser\ConstantsFolder.cs" />
|
||||
<Compile Include="deobfuscators\Confuser\Deobfuscator.cs" />
|
||||
<Compile Include="deobfuscators\Confuser\JitMethodsDecrypter.cs" />
|
||||
|
|
43
de4dot.code/deobfuscators/Confuser/ConfuserUtils.cs
Normal file
43
de4dot.code/deobfuscators/Confuser/ConfuserUtils.cs
Normal file
|
@ -0,0 +1,43 @@
|
|||
/*
|
||||
Copyright (C) 2011-2012 de4dot@gmail.com
|
||||
|
||||
This file is part of de4dot.
|
||||
|
||||
de4dot is free software: you can redistribute it and/or modify
|
||||
it under the terms of the GNU General Public License as published by
|
||||
the Free Software Foundation, either version 3 of the License, or
|
||||
(at your option) any later version.
|
||||
|
||||
de4dot is distributed in the hope that it will be useful,
|
||||
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
GNU General Public License for more details.
|
||||
|
||||
You should have received a copy of the GNU General Public License
|
||||
along with de4dot. If not, see <http://www.gnu.org/licenses/>.
|
||||
*/
|
||||
|
||||
using System.Collections.Generic;
|
||||
using Mono.Cecil;
|
||||
using Mono.Cecil.Cil;
|
||||
|
||||
namespace de4dot.code.deobfuscators.Confuser {
|
||||
static class ConfuserUtils {
|
||||
public static int findCallMethod(IList<Instruction> instrs, int index, Code callCode, string methodFullName) {
|
||||
for (int i = index; i < instrs.Count; i++) {
|
||||
if (!isCallMethod(instrs[i], callCode, methodFullName))
|
||||
continue;
|
||||
|
||||
return i;
|
||||
}
|
||||
return -1;
|
||||
}
|
||||
|
||||
public static bool isCallMethod(Instruction instr, Code callCode, string methodFullName) {
|
||||
if (instr.OpCode.Code != callCode)
|
||||
return false;
|
||||
var calledMethod = instr.Operand as MethodReference;
|
||||
return calledMethod != null && calledMethod.FullName == methodFullName;
|
||||
}
|
||||
}
|
||||
}
|
|
@ -315,14 +315,14 @@ namespace de4dot.code.deobfuscators.Confuser {
|
|||
return false;
|
||||
if (!DotNetUtils.isLdloc(instrs[i++]))
|
||||
return false;
|
||||
if (!isCallMethod(instrs[i++], Code.Callvirt, "System.Int32 System.IO.BinaryReader::ReadInt32()"))
|
||||
if (!ConfuserUtils.isCallMethod(instrs[i++], Code.Callvirt, "System.Int32 System.IO.BinaryReader::ReadInt32()"))
|
||||
return false;
|
||||
var ldci4 = instrs[i++];
|
||||
if (!DotNetUtils.isLdcI4(ldci4))
|
||||
return false;
|
||||
if (instrs[i++].OpCode.Code != Code.Xor)
|
||||
return false;
|
||||
if (!isCallMethod(instrs[i++], Code.Callvirt, "System.Byte[] System.IO.BinaryReader::ReadBytes(System.Int32)"))
|
||||
if (!ConfuserUtils.isCallMethod(instrs[i++], Code.Callvirt, "System.Byte[] System.IO.BinaryReader::ReadBytes(System.Int32)"))
|
||||
return false;
|
||||
if (!DotNetUtils.isStloc(instrs[i++]))
|
||||
return false;
|
||||
|
@ -335,7 +335,7 @@ namespace de4dot.code.deobfuscators.Confuser {
|
|||
static bool findKey4(MethodDefinition method, out uint key) {
|
||||
var instrs = method.Body.Instructions;
|
||||
for (int index = 0; index < instrs.Count; index++) {
|
||||
index = findCallMethod(instrs, index, Code.Call, "System.Void System.Runtime.InteropServices.Marshal::Copy(System.Byte[],System.Int32,System.IntPtr,System.Int32)");
|
||||
index = ConfuserUtils.findCallMethod(instrs, index, Code.Call, "System.Void System.Runtime.InteropServices.Marshal::Copy(System.Byte[],System.Int32,System.IntPtr,System.Int32)");
|
||||
if (index < 0)
|
||||
break;
|
||||
if (index + 2 >= instrs.Count)
|
||||
|
@ -411,7 +411,7 @@ namespace de4dot.code.deobfuscators.Confuser {
|
|||
|
||||
if (!DotNetUtils.isLdloc(instrs[index]))
|
||||
return false;
|
||||
if (!isCallMethod(instrs[index + 1], Code.Callvirt, "System.UInt32 System.IO.BinaryReader::ReadUInt32()"))
|
||||
if (!ConfuserUtils.isCallMethod(instrs[index + 1], Code.Callvirt, "System.UInt32 System.IO.BinaryReader::ReadUInt32()"))
|
||||
return false;
|
||||
if (!DotNetUtils.isStloc(instrs[index + 2]))
|
||||
return false;
|
||||
|
@ -421,28 +421,11 @@ namespace de4dot.code.deobfuscators.Confuser {
|
|||
}
|
||||
|
||||
static int findCallvirtReadUInt32(IList<Instruction> instrs, int index) {
|
||||
return findCallMethod(instrs, index, Code.Callvirt, "System.UInt32 System.IO.BinaryReader::ReadUInt32()");
|
||||
return ConfuserUtils.findCallMethod(instrs, index, Code.Callvirt, "System.UInt32 System.IO.BinaryReader::ReadUInt32()");
|
||||
}
|
||||
|
||||
static int findCallvirtReadUInt64(IList<Instruction> instrs, int index) {
|
||||
return findCallMethod(instrs, index, Code.Callvirt, "System.UInt64 System.IO.BinaryReader::ReadUInt64()");
|
||||
}
|
||||
|
||||
static int findCallMethod(IList<Instruction> instrs, int index, Code callCode, string methodFullName) {
|
||||
for (int i = index; i < instrs.Count; i++) {
|
||||
if (!isCallMethod(instrs[i], callCode, methodFullName))
|
||||
continue;
|
||||
|
||||
return i;
|
||||
}
|
||||
return -1;
|
||||
}
|
||||
|
||||
static bool isCallMethod(Instruction instr, Code callCode, string methodFullName) {
|
||||
if (instr.OpCode.Code != callCode)
|
||||
return false;
|
||||
var calledMethod = instr.Operand as MethodReference;
|
||||
return calledMethod != null && calledMethod.FullName == methodFullName;
|
||||
return ConfuserUtils.findCallMethod(instrs, index, Code.Callvirt, "System.UInt64 System.IO.BinaryReader::ReadUInt64()");
|
||||
}
|
||||
|
||||
bool initializeMethodDataIndexes(MethodDefinition method) {
|
||||
|
|
Loading…
Reference in New Issue
Block a user