monocul.us/de4dot-cex
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Add extra check to make sure we detect the correct method

Browse Source
This commit is contained in:
de4dot 2012-01-24 04:44:23 +01:00
parent ed00c5f2c5
commit a80482751d
3 changed files with 26 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
de4dot.code/deobfuscators/DeepSea/AssemblyResolver.cs
View File

@ -45,6 +45,10 @@ namespace de4dot.code.deobfuscators.DeepSea {
: base(module, simpleDeobfuscator, deob) {
}
protected override bool checkResolverInitMethodInternal(MethodDefinition resolverInitMethod) {
return checkIfCalled(resolverInitMethod, "System.Void System.AppDomain::add_AssemblyResolve(System.ResolveEventHandler)");
}
static string[] handlerLocalTypes = new string[] {
"System.Byte[]",
"System.Security.Cryptography.SHA1CryptoServiceProvider",

18
de4dot.code/deobfuscators/DeepSea/ResolverBase.cs
View File

@ -77,6 +77,9 @@ namespace de4dot.code.deobfuscators.DeepSea {
if (resolverInitMethod == null || resolverInitMethod.Body == null)
return false;
if (!checkResolverInitMethodInternal(resolverInitMethod))
return false;
var resolveHandlerMethod = getLdftnMethod(resolverInitMethod);
if (resolveHandlerMethod == null)
return false;
@ -89,6 +92,21 @@ namespace de4dot.code.deobfuscators.DeepSea {
return true;
}
protected abstract bool checkResolverInitMethodInternal(MethodDefinition resolverInitMethod);
protected static bool checkIfCalled(MethodDefinition method, string fullName) {
foreach (var instr in method.Body.Instructions) {
if (instr.OpCode.Code != Code.Call && instr.OpCode.Code != Code.Callvirt)
continue;
if (instr.Operand.ToString() != fullName)
continue;
return true;
}
return false;
}
MethodDefinition getLdftnMethod(MethodDefinition method) {
foreach (var instr in method.Body.Instructions) {
if (instr.OpCode.Code != Code.Ldftn)

4
de4dot.code/deobfuscators/DeepSea/ResourceResolver.cs
View File

@ -36,6 +36,10 @@ namespace de4dot.code.deobfuscators.DeepSea {
: base(module, simpleDeobfuscator, deob) {
}
protected override bool checkResolverInitMethodInternal(MethodDefinition resolverInitMethod) {
return checkIfCalled(resolverInitMethod, "System.Void System.AppDomain::add_ResourceResolve(System.ResolveEventHandler)");
}
protected override bool checkHandlerMethodInternal(MethodDefinition handler) {
if (checkHandlerV3(handler)) {
isV3 = true;