Detect Confuser 1.7 r74708 proxy method handlers
This commit is contained in:
parent
923fb1f9ca
commit
ab57733ae4
|
@ -43,6 +43,8 @@ namespace de4dot.code.deobfuscators.Confuser {
|
|||
v14_r58857,
|
||||
v17_r73740_normal,
|
||||
v17_r73740_native,
|
||||
v17_r74708_normal,
|
||||
v17_r74708_native,
|
||||
}
|
||||
|
||||
enum ProxyCreatorType {
|
||||
|
@ -195,10 +197,12 @@ namespace de4dot.code.deobfuscators.Confuser {
|
|||
break;
|
||||
|
||||
case ConfuserVersion.v17_r73740_normal:
|
||||
case ConfuserVersion.v17_r74708_normal:
|
||||
getCallInfo_v17_r73740_normal(info, creatorInfo, out calledMethod, out callOpcode);
|
||||
break;
|
||||
|
||||
case ConfuserVersion.v17_r73740_native:
|
||||
case ConfuserVersion.v17_r74708_native:
|
||||
getCallInfo_v17_r73740_native(info, creatorInfo, out calledMethod, out callOpcode);
|
||||
break;
|
||||
|
||||
|
@ -435,6 +439,15 @@ namespace de4dot.code.deobfuscators.Confuser {
|
|||
theVersion = ConfuserVersion.v14_r58857;
|
||||
}
|
||||
else if (is_v17_r73740(method)) {
|
||||
if (DotNetUtils.callsMethod(method, "System.Boolean System.Type::get_IsArray()")) {
|
||||
if ((nativeMethod = findNativeMethod_v17_r73740(method)) != null)
|
||||
theVersion = ConfuserVersion.v17_r74708_native;
|
||||
else if (findMagic_v17_r73740(method, out magic))
|
||||
theVersion = ConfuserVersion.v17_r74708_normal;
|
||||
else
|
||||
continue;
|
||||
}
|
||||
else {
|
||||
if ((nativeMethod = findNativeMethod_v17_r73740(method)) != null)
|
||||
theVersion = ConfuserVersion.v17_r73740_native;
|
||||
else if (findMagic_v17_r73740(method, out magic))
|
||||
|
@ -442,6 +455,7 @@ namespace de4dot.code.deobfuscators.Confuser {
|
|||
else
|
||||
continue;
|
||||
}
|
||||
}
|
||||
|
||||
setDelegateCreatorMethod(method);
|
||||
methodToInfo.add(method, new ProxyCreatorInfo(method, proxyType, theVersion, magic, nativeMethod));
|
||||
|
|
Loading…
Reference in New Issue
Block a user