Add extra check to make sure we detect the correct method
This commit is contained in:
parent
ed00c5f2c5
commit
a80482751d
|
@ -45,6 +45,10 @@ namespace de4dot.code.deobfuscators.DeepSea {
|
|||
: base(module, simpleDeobfuscator, deob) {
|
||||
}
|
||||
|
||||
protected override bool checkResolverInitMethodInternal(MethodDefinition resolverInitMethod) {
|
||||
return checkIfCalled(resolverInitMethod, "System.Void System.AppDomain::add_AssemblyResolve(System.ResolveEventHandler)");
|
||||
}
|
||||
|
||||
static string[] handlerLocalTypes = new string[] {
|
||||
"System.Byte[]",
|
||||
"System.Security.Cryptography.SHA1CryptoServiceProvider",
|
||||
|
|
|
@ -77,6 +77,9 @@ namespace de4dot.code.deobfuscators.DeepSea {
|
|||
if (resolverInitMethod == null || resolverInitMethod.Body == null)
|
||||
return false;
|
||||
|
||||
if (!checkResolverInitMethodInternal(resolverInitMethod))
|
||||
return false;
|
||||
|
||||
var resolveHandlerMethod = getLdftnMethod(resolverInitMethod);
|
||||
if (resolveHandlerMethod == null)
|
||||
return false;
|
||||
|
@ -89,6 +92,21 @@ namespace de4dot.code.deobfuscators.DeepSea {
|
|||
return true;
|
||||
}
|
||||
|
||||
protected abstract bool checkResolverInitMethodInternal(MethodDefinition resolverInitMethod);
|
||||
|
||||
protected static bool checkIfCalled(MethodDefinition method, string fullName) {
|
||||
foreach (var instr in method.Body.Instructions) {
|
||||
if (instr.OpCode.Code != Code.Call && instr.OpCode.Code != Code.Callvirt)
|
||||
continue;
|
||||
if (instr.Operand.ToString() != fullName)
|
||||
continue;
|
||||
|
||||
return true;
|
||||
}
|
||||
|
||||
return false;
|
||||
}
|
||||
|
||||
MethodDefinition getLdftnMethod(MethodDefinition method) {
|
||||
foreach (var instr in method.Body.Instructions) {
|
||||
if (instr.OpCode.Code != Code.Ldftn)
|
||||
|
|
|
@ -36,6 +36,10 @@ namespace de4dot.code.deobfuscators.DeepSea {
|
|||
: base(module, simpleDeobfuscator, deob) {
|
||||
}
|
||||
|
||||
protected override bool checkResolverInitMethodInternal(MethodDefinition resolverInitMethod) {
|
||||
return checkIfCalled(resolverInitMethod, "System.Void System.AppDomain::add_ResourceResolve(System.ResolveEventHandler)");
|
||||
}
|
||||
|
||||
protected override bool checkHandlerMethodInternal(MethodDefinition handler) {
|
||||
if (checkHandlerV3(handler)) {
|
||||
isV3 = true;
|
||||
|
|
Loading…
Reference in New Issue
Block a user