Mover version info to a new ObfuscatorVersion enum
This commit is contained in:
parent
0e89c0fc35
commit
a8d4b38c79
|
@ -80,6 +80,7 @@
|
|||
<Compile Include="deobfuscators\CliSecure\StackFrameHelper.cs" />
|
||||
<Compile Include="deobfuscators\CliSecure\StringDecrypter.cs" />
|
||||
<Compile Include="deobfuscators\CodeVeil\MethodsDecrypter.cs" />
|
||||
<Compile Include="deobfuscators\CodeVeil\ObfuscatorVersion.cs" />
|
||||
<Compile Include="deobfuscators\CodeVeil\StringDecrypter.cs" />
|
||||
<Compile Include="deobfuscators\CodeVeil\Deobfuscator.cs" />
|
||||
<Compile Include="deobfuscators\CodeVeil\ProxyDelegateFinder.cs" />
|
||||
|
|
|
@ -111,19 +111,19 @@ namespace de4dot.code.deobfuscators.CodeVeil {
|
|||
string detectVersion() {
|
||||
if (methodsDecrypter.Detected) {
|
||||
switch (methodsDecrypter.Version) {
|
||||
case MethodsDecrypter.TypeVersion.Unknown:
|
||||
case ObfuscatorVersion.Unknown:
|
||||
return null;
|
||||
|
||||
case MethodsDecrypter.TypeVersion.V3:
|
||||
case ObfuscatorVersion.V3:
|
||||
return "3.x";
|
||||
|
||||
case MethodsDecrypter.TypeVersion.V4_0:
|
||||
case ObfuscatorVersion.V4_0:
|
||||
return "4.0";
|
||||
|
||||
case MethodsDecrypter.TypeVersion.V4_1:
|
||||
case ObfuscatorVersion.V4_1:
|
||||
return "4.1";
|
||||
|
||||
case MethodsDecrypter.TypeVersion.V5:
|
||||
case ObfuscatorVersion.V5_0:
|
||||
return "5.0";
|
||||
|
||||
default:
|
||||
|
|
|
@ -34,34 +34,26 @@ namespace de4dot.code.deobfuscators.CodeVeil {
|
|||
List<int> rvas; // _stub and _executive
|
||||
IDecrypter decrypter;
|
||||
|
||||
public enum TypeVersion {
|
||||
Unknown,
|
||||
V3,
|
||||
V4_0,
|
||||
V4_1,
|
||||
V5,
|
||||
}
|
||||
|
||||
public TypeVersion Version {
|
||||
get { return decrypter == null ? TypeVersion.Unknown : decrypter.TypeVersion; }
|
||||
public ObfuscatorVersion Version {
|
||||
get { return decrypter == null ? ObfuscatorVersion.Unknown : decrypter.Version; }
|
||||
}
|
||||
|
||||
interface IDecrypter {
|
||||
TypeVersion TypeVersion { get; }
|
||||
ObfuscatorVersion Version { get; }
|
||||
void initialize(byte[] methodsData);
|
||||
bool decrypt(BinaryReader fileDataReader, DumpedMethod dm);
|
||||
}
|
||||
|
||||
class Decrypter : IDecrypter {
|
||||
TypeVersion typeVersion;
|
||||
ObfuscatorVersion obfuscatorVersion;
|
||||
BinaryReader methodsDataReader;
|
||||
|
||||
public TypeVersion TypeVersion {
|
||||
get { return typeVersion; }
|
||||
public ObfuscatorVersion Version {
|
||||
get { return obfuscatorVersion; }
|
||||
}
|
||||
|
||||
public Decrypter(TypeVersion typeVersion) {
|
||||
this.typeVersion = typeVersion;
|
||||
public Decrypter(ObfuscatorVersion obfuscatorVersion) {
|
||||
this.obfuscatorVersion = obfuscatorVersion;
|
||||
}
|
||||
|
||||
public virtual void initialize(byte[] methodsData) {
|
||||
|
@ -130,7 +122,7 @@ namespace de4dot.code.deobfuscators.CodeVeil {
|
|||
byte[] decryptKey;
|
||||
|
||||
public DecrypterV5()
|
||||
: base(TypeVersion.V5) {
|
||||
: base(ObfuscatorVersion.V5_0) {
|
||||
}
|
||||
|
||||
public override void initialize(byte[] methodsData) {
|
||||
|
@ -217,12 +209,12 @@ namespace de4dot.code.deobfuscators.CodeVeil {
|
|||
|
||||
if (hasCodeString(initMethod, "E_FullTrust")) {
|
||||
if (DotNetUtils.getPInvokeMethod(initMethod.DeclaringType, "user32", "CallWindowProcW") != null)
|
||||
decrypter = new Decrypter(TypeVersion.V4_1);
|
||||
decrypter = new Decrypter(ObfuscatorVersion.V4_1);
|
||||
else
|
||||
decrypter = new Decrypter(TypeVersion.V4_0);
|
||||
decrypter = new Decrypter(ObfuscatorVersion.V4_0);
|
||||
}
|
||||
else if (hasCodeString(initMethod, "Full Trust Required"))
|
||||
decrypter = new Decrypter(TypeVersion.V3);
|
||||
decrypter = new Decrypter(ObfuscatorVersion.V3);
|
||||
else if (initMethod.DeclaringType.HasNestedTypes && new FieldTypes(initMethod.DeclaringType).all(fieldTypesV5))
|
||||
decrypter = new DecrypterV5();
|
||||
else
|
||||
|
|
28
de4dot.code/deobfuscators/CodeVeil/ObfuscatorVersion.cs
Normal file
28
de4dot.code/deobfuscators/CodeVeil/ObfuscatorVersion.cs
Normal file
|
@ -0,0 +1,28 @@
|
|||
/*
|
||||
Copyright (C) 2011-2012 de4dot@gmail.com
|
||||
|
||||
This file is part of de4dot.
|
||||
|
||||
de4dot is free software: you can redistribute it and/or modify
|
||||
it under the terms of the GNU General Public License as published by
|
||||
the Free Software Foundation, either version 3 of the License, or
|
||||
(at your option) any later version.
|
||||
|
||||
de4dot is distributed in the hope that it will be useful,
|
||||
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
GNU General Public License for more details.
|
||||
|
||||
You should have received a copy of the GNU General Public License
|
||||
along with de4dot. If not, see <http://www.gnu.org/licenses/>.
|
||||
*/
|
||||
|
||||
namespace de4dot.code.deobfuscators.CodeVeil {
|
||||
enum ObfuscatorVersion {
|
||||
Unknown,
|
||||
V3,
|
||||
V4_0,
|
||||
V4_1,
|
||||
V5_0,
|
||||
}
|
||||
}
|
Loading…
Reference in New Issue
Block a user