monocul.us/de4dot-cex
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Detect Confuser 1.7 r74708 proxy method handlers

Browse Source
This commit is contained in:
de4dot 2012-08-05 12:46:54 +02:00
parent 923fb1f9ca
commit ab57733ae4
1 changed files with 20 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

26
de4dot.code/deobfuscators/Confuser/ProxyCallFixerV10.cs
View File

@ -43,6 +43,8 @@ namespace de4dot.code.deobfuscators.Confuser {
v14_r58857, v14_r58857,
v17_r73740_normal, v17_r73740_normal,
v17_r73740_native, v17_r73740_native,
v17_r74708_normal,
v17_r74708_native,
} }
enum ProxyCreatorType { enum ProxyCreatorType {
@ -195,10 +197,12 @@ namespace de4dot.code.deobfuscators.Confuser {
break; break;
case ConfuserVersion.v17_r73740_normal: case ConfuserVersion.v17_r73740_normal:
case ConfuserVersion.v17_r74708_normal:
getCallInfo_v17_r73740_normal(info, creatorInfo, out calledMethod, out callOpcode); getCallInfo_v17_r73740_normal(info, creatorInfo, out calledMethod, out callOpcode);
break; break;
case ConfuserVersion.v17_r73740_native: case ConfuserVersion.v17_r73740_native:
case ConfuserVersion.v17_r74708_native:
getCallInfo_v17_r73740_native(info, creatorInfo, out calledMethod, out callOpcode); getCallInfo_v17_r73740_native(info, creatorInfo, out calledMethod, out callOpcode);
break; break;
@ -435,12 +439,22 @@ namespace de4dot.code.deobfuscators.Confuser {
theVersion = ConfuserVersion.v14_r58857; theVersion = ConfuserVersion.v14_r58857;
} }
else if (is_v17_r73740(method)) { else if (is_v17_r73740(method)) {
if ((nativeMethod = findNativeMethod_v17_r73740(method)) != null) if (DotNetUtils.callsMethod(method, "System.Boolean System.Type::get_IsArray()")) {
theVersion = ConfuserVersion.v17_r73740_native; if ((nativeMethod = findNativeMethod_v17_r73740(method)) != null)
else if (findMagic_v17_r73740(method, out magic)) theVersion = ConfuserVersion.v17_r74708_native;
theVersion = ConfuserVersion.v17_r73740_normal; else if (findMagic_v17_r73740(method, out magic))
else theVersion = ConfuserVersion.v17_r74708_normal;
continue; else
continue;
}
else {
if ((nativeMethod = findNativeMethod_v17_r73740(method)) != null)
theVersion = ConfuserVersion.v17_r73740_native;
else if (findMagic_v17_r73740(method, out magic))
theVersion = ConfuserVersion.v17_r73740_normal;
else
continue;
}
} }
setDelegateCreatorMethod(method); setDelegateCreatorMethod(method);