monocul.us/de4dot-cex
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Detect .NET Reactor 4.8

Browse Source
This commit is contained in:
de4dot 2014-03-20 15:57:49 +01:00
parent ef628fcb64
commit a9359729e9
1 changed files with 7 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
de4dot.code/deobfuscators/dotNET_Reactor/v4/Deobfuscator.cs
View File

@ -361,6 +361,7 @@ namespace de4dot.code.deobfuscators.dotNET_Reactor.v4 {
bool compileMethodHasConstant_0x70000000 = DeobUtils.HasInteger(compileMethod, 0x70000000); // 4.0-4.1 bool compileMethodHasConstant_0x70000000 = DeobUtils.HasInteger(compileMethod, 0x70000000); // 4.0-4.1
DeobfuscatedFile.Deobfuscate(methodsDecrypter.Method); DeobfuscatedFile.Deobfuscate(methodsDecrypter.Method);
bool hasCorEnableProfilingString = FindString(methodsDecrypter.Method, "Cor_Enable_Profiling"); // 4.1-4.4 bool hasCorEnableProfilingString = FindString(methodsDecrypter.Method, "Cor_Enable_Profiling"); // 4.1-4.4
bool hasCatchString = FindString(methodsDecrypter.Method, "catch: "); // <= 4.7
if (compileMethodHasConstant_0x70000000) { if (compileMethodHasConstant_0x70000000) {
if (hasCorEnableProfilingString) if (hasCorEnableProfilingString)
@ -368,7 +369,6 @@ namespace de4dot.code.deobfuscators.dotNET_Reactor.v4 {
return DeobfuscatorInfo.THE_NAME + " 4.0"; return DeobfuscatorInfo.THE_NAME + " 4.0";
} }
if (!hasCorEnableProfilingString) { if (!hasCorEnableProfilingString) {
// 4.x or 4.5 - 4.6
bool callsReverse = DotNetUtils.CallsMethod(methodsDecrypter.Method, "System.Void System.Array::Reverse(System.Array)"); bool callsReverse = DotNetUtils.CallsMethod(methodsDecrypter.Method, "System.Void System.Array::Reverse(System.Array)");
if (!callsReverse) if (!callsReverse)
return DeobfuscatorInfo.THE_NAME + " 4.0 - 4.4"; return DeobfuscatorInfo.THE_NAME + " 4.0 - 4.4";
@ -382,7 +382,9 @@ namespace de4dot.code.deobfuscators.dotNET_Reactor.v4 {
case 10: case 10:
if (!hasSymmetricAlgorithm) if (!hasSymmetricAlgorithm)
return DeobfuscatorInfo.THE_NAME + " 4.6"; return DeobfuscatorInfo.THE_NAME + " 4.6";
return DeobfuscatorInfo.THE_NAME + " 4.7"; if (hasCatchString)
return DeobfuscatorInfo.THE_NAME + " 4.7";
return DeobfuscatorInfo.THE_NAME + " 4.8";
} }
} }
else { else {
@ -392,7 +394,9 @@ namespace de4dot.code.deobfuscators.dotNET_Reactor.v4 {
case 9: case 9:
if (!hasSymmetricAlgorithm) if (!hasSymmetricAlgorithm)
return DeobfuscatorInfo.THE_NAME + " 4.6"; return DeobfuscatorInfo.THE_NAME + " 4.6";
return DeobfuscatorInfo.THE_NAME + " 4.7"; if (hasCatchString)
return DeobfuscatorInfo.THE_NAME + " 4.7";
return DeobfuscatorInfo.THE_NAME + " 4.8";
} }
} }