monocul.us/de4dot-cex
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Update logger

Browse Source 
- It's not static anymore
- It implements ILogger
- It can ignore errors/warnings but an option to disable it
This commit is contained in:
de4dot 2012-11-11 05:31:11 +01:00
parent 9fac79c8a5
commit b152362088
67 changed files with 538 additions and 451 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
de4dot.code/AssemblyModule.cs
View File

@ -57,6 +57,7 @@ namespace de4dot.code {
writerOptions.MetaDataOptions.Flags |= MetaDataFlags.KeepOldMaxStack;
if (preserveTokens)
writerOptions.MetaDataOptions.Flags |= MetaDataFlags.PreserveTokens | MetaDataFlags.PreserveUSOffsets | MetaDataFlags.PreserveExtraSignatureData;
writerOptions.Logger = Logger.Instance;
module.Write(newFilename, writerOptions);
}

85
de4dot.code/Log.cs
View File

@ -1,85 +0,0 @@
/*
Copyright (C) 2011-2012 de4dot@gmail.com
This file is part of de4dot.
de4dot is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
de4dot is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with de4dot. If not, see <http://www.gnu.org/licenses/>.
*/
using System;
using System.Collections.Generic;
namespace de4dot.code {
public static class Log {
public static int indentLevel = 0;
const int indentSize = 2;
public enum LogLevel {
error,
warning,
normal,
verbose,
veryverbose,
}
public static LogLevel logLevel = LogLevel.normal;
public static string indentString = "";
public static bool isAtLeast(LogLevel ll) {
return logLevel >= ll;
}
static void initIndentString() {
indentString = new string(' ', indentLevel * indentSize);
}
public static void indent() {
indentLevel++;
initIndentString();
}
public static void deIndent() {
if (indentLevel <= 0)
throw new ApplicationException("Can't de-indent!");
indentLevel--;
initIndentString();
}
public static void log(LogLevel l, string format, params object[] args) {
if (!isAtLeast(l))
return;
var indent = l <= LogLevel.warning ? "" : indentString;
Console.WriteLine(indent + format, args);
}
public static void e(string format, params object[] args) {
log(LogLevel.error, format, args);
}
public static void w(string format, params object[] args) {
log(LogLevel.warning, format, args);
}
public static void n(string format, params object[] args) {
log(LogLevel.normal, format, args);
}
public static void v(string format, params object[] args) {
log(LogLevel.verbose, format, args);
}
public static void vv(string format, params object[] args) {
log(LogLevel.veryverbose, format, args);
}
}
}

161
de4dot.code/Logger.cs Normal file
View File

@ -0,0 +1,161 @@
/*
Copyright (C) 2011-2012 de4dot@gmail.com
This file is part of de4dot.
de4dot is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
de4dot is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with de4dot. If not, see <http://www.gnu.org/licenses/>.
*/
using System;
using System.Collections.Generic;
using dot10.DotNet;
namespace de4dot.code {
public class Logger : ILogger {
public readonly static Logger Instance = new Logger();
int indentLevel = 0;
readonly int indentSize = 0;
LoggerEvent maxLoggerEvent = LoggerEvent.Info;
string indentString = "";
Dictionary<string, bool> ignoredMessages = new Dictionary<string, bool>(StringComparer.Ordinal);
int numIgnoredMessages;
bool canIgnoreMessages;
public int IndentLevel {
get { return indentLevel; }
set {
if (indentLevel == value)
return;
indentLevel = value;
initIndentString();
}
}
public LoggerEvent MaxLoggerEvent {
get { return maxLoggerEvent; }
set { maxLoggerEvent = value; }
}
public bool CanIgnoreMessages {
get { return canIgnoreMessages; }
set { canIgnoreMessages = value; }
}
public int NumIgnoredMessages {
get { return numIgnoredMessages; }
}
public Logger()
: this(2, true) {
}
public Logger(int indentSize, bool canIgnoreMessages) {
this.indentSize = indentSize;
this.canIgnoreMessages = canIgnoreMessages;
}
void initIndentString() {
if (indentLevel < 0)
indentLevel = 0;
indentString = new string(' ', indentLevel * indentSize);
}
public void indent() {
indentLevel++;
initIndentString();
}
public void deIndent() {
indentLevel--;
initIndentString();
}
public void Log(object sender, LoggerEvent loggerEvent, string format, params object[] args) {
Log(true, sender, loggerEvent, format, args);
}
public void Log(bool canIgnore, object sender, LoggerEvent loggerEvent, string format, params object[] args) {
if (IgnoresEvent(loggerEvent))
return;
if (canIgnore && ignoreMessage(loggerEvent, format, args))
return;
switch (loggerEvent) {
case LoggerEvent.Error:
foreach (var l in string.Format(format, args).Split('\n'))
LogMessage(string.Empty, string.Format("ERROR: {0}", l));
break;
case LoggerEvent.Warning:
foreach (var l in string.Format(format, args).Split('\n'))
LogMessage(string.Empty, string.Format("WARNING: {0}", l));
break;
default:
var indent = loggerEvent <= LoggerEvent.Warning ? "" : indentString;
LogMessage(indent, format, args);
break;
}
}
bool ignoreMessage(LoggerEvent loggerEvent, string format, object[] args) {
if (loggerEvent != LoggerEvent.Error && loggerEvent != LoggerEvent.Warning)
return false;
if (!canIgnoreMessages)
return false;
if (ignoredMessages.ContainsKey(format)) {
numIgnoredMessages++;
return true;
}
ignoredMessages[format] = true;
return false;
}
void LogMessage(string indent, string format, params object[] args) {
if (args == null || args.Length == 0)
Console.WriteLine("{0}{1}", indent, format);
else
Console.WriteLine(indent + format, args);
}
public bool IgnoresEvent(LoggerEvent loggerEvent) {
return loggerEvent > maxLoggerEvent;
}
public static void log(LoggerEvent loggerEvent, string format, params object[] args) {
Instance.Log(null, loggerEvent, format, args);
}
public static void e(string format, params object[] args) {
Instance.Log(null, LoggerEvent.Error, format, args);
}
public static void w(string format, params object[] args) {
Instance.Log(null, LoggerEvent.Warning, format, args);
}
public static void n(string format, params object[] args) {
Instance.Log(null, LoggerEvent.Info, format, args);
}
public static void v(string format, params object[] args) {
Instance.Log(null, LoggerEvent.Verbose, format, args);
}
public static void vv(string format, params object[] args) {
Instance.Log(null, LoggerEvent.VeryVerbose, format, args);
}
}
}

36
de4dot.code/MethodPrinter.cs
View File

@ -25,7 +25,7 @@ using de4dot.blocks;
namespace de4dot.code {
class MethodPrinter {
Log.LogLevel logLevel;
LoggerEvent loggerEvent;
IList<Instruction> allInstructions;
IList<ExceptionHandler> allExceptionHandlers;
Dictionary<Instruction, bool> targets = new Dictionary<Instruction, bool>();
@ -41,9 +41,9 @@ namespace de4dot.code {
Dictionary<Instruction, ExInfo> exInfos = new Dictionary<Instruction, ExInfo>();
ExInfo lastExInfo;
public void print(Log.LogLevel logLevel, IList<Instruction> allInstructions, IList<ExceptionHandler> allExceptionHandlers) {
public void print(LoggerEvent loggerEvent, IList<Instruction> allInstructions, IList<ExceptionHandler> allExceptionHandlers) {
try {
this.logLevel = logLevel;
this.loggerEvent = loggerEvent;
this.allInstructions = allInstructions;
this.allExceptionHandlers = allExceptionHandlers;
lastExInfo = new ExInfo();
@ -121,12 +121,12 @@ namespace de4dot.code {
initTargets();
initExHandlers();
Log.indent();
Logger.Instance.indent();
foreach (var instr in allInstructions) {
if (targets.ContainsKey(instr)) {
Log.deIndent();
Log.log(logLevel, "{0}:", getLabel(instr));
Log.indent();
Logger.Instance.deIndent();
Logger.log(loggerEvent, "{0}:", getLabel(instr));
Logger.Instance.indent();
}
ExInfo exInfo;
if (exInfos.TryGetValue(instr, out exInfo))
@ -135,14 +135,14 @@ namespace de4dot.code {
var operandString = getOperandString(instr);
var memberReference = instr.Operand as ITokenOperand;
if (operandString == "")
Log.log(logLevel, "{0}", instrString);
Logger.log(loggerEvent, "{0}", instrString);
else if (memberReference != null)
Log.log(logLevel, "{0,-9} {1} // {2:X8}", instrString, Utils.removeNewlines(operandString), memberReference.MDToken.ToUInt32());
Logger.log(loggerEvent, "{0,-9} {1} // {2:X8}", instrString, Utils.removeNewlines(operandString), memberReference.MDToken.ToUInt32());
else
Log.log(logLevel, "{0,-9} {1}", instrString, Utils.removeNewlines(operandString));
Logger.log(loggerEvent, "{0,-9} {1}", instrString, Utils.removeNewlines(operandString));
}
printExInfo(lastExInfo);
Log.deIndent();
Logger.Instance.deIndent();
}
string getOperandString(Instruction instr) {
@ -172,18 +172,18 @@ namespace de4dot.code {
}
void printExInfo(ExInfo exInfo) {
Log.deIndent();
Logger.Instance.deIndent();
foreach (var ex in exInfo.tryStarts)
Log.log(logLevel, "// try start: {0}", getExceptionString(ex));
Logger.log(loggerEvent, "// try start: {0}", getExceptionString(ex));
foreach (var ex in exInfo.tryEnds)
Log.log(logLevel, "// try end: {0}", getExceptionString(ex));
Logger.log(loggerEvent, "// try end: {0}", getExceptionString(ex));
foreach (var ex in exInfo.filterStarts)
Log.log(logLevel, "// filter start: {0}", getExceptionString(ex));
Logger.log(loggerEvent, "// filter start: {0}", getExceptionString(ex));
foreach (var ex in exInfo.handlerStarts)
Log.log(logLevel, "// handler start: {0}", getExceptionString(ex));
Logger.log(loggerEvent, "// handler start: {0}", getExceptionString(ex));
foreach (var ex in exInfo.handlerEnds)
Log.log(logLevel, "// handler end: {0}", getExceptionString(ex));
Log.indent();
Logger.log(loggerEvent, "// handler end: {0}", getExceptionString(ex));
Logger.Instance.indent();
}
string getExceptionString(ExceptionHandler ex) {

4
de4dot.code/MethodReturnValueInliner.cs
View File

@ -301,7 +301,7 @@ namespace de4dot.code {
// We're here if there were no cflow deobfuscation, or if there are two or
// more blocks branching to the decrypter method, or the two blocks can't be
// merged because one is outside the exception handler (eg. buggy obfuscator).
Log.w("Could not find all arguments to method {0} ({1:X8})",
Logger.w("Could not find all arguments to method {0} ({1:X8})",
Utils.removeNewlines(method),
method.MDToken.ToInt32());
errors++;
@ -354,7 +354,7 @@ namespace de4dot.code {
int pushes, pops;
instr.Instruction.CalculateStackUsage(false, out pushes, out pops);
if (!useUnknownArgs || pushes != 1) {
Log.w("Could not find all arguments to method {0} ({1:X8}), instr: {2}",
Logger.w("Could not find all arguments to method {0} ({1:X8}), instr: {2}",
Utils.removeNewlines(method),
method.MDToken.ToInt32(),
instr);

62
de4dot.code/ObfuscatedFile.cs
View File

@ -177,7 +177,7 @@ namespace de4dot.code {
catch (BadImageFormatException) {
if (!unpackNativeImage(deobfuscators))
throw new BadImageFormatException();
Log.v("Unpacked native file");
Logger.v("Unpacked native file");
}
}
@ -198,7 +198,7 @@ namespace de4dot.code {
module = assemblyModule.load(unpackedData);
}
catch {
Log.w("Could not load unpacked data. Deobfuscator: {0}", deob.TypeLong);
Logger.w("Could not load unpacked data. Deobfuscator: {0}", deob.TypeLong);
continue;
}
this.deob = deob;
@ -283,7 +283,7 @@ namespace de4dot.code {
catch {
val = deob.Type == "un" ? 1 : 0;
}
Log.v("{0,3}: {1}", val, deob.TypeLong);
Logger.v("{0,3}: {1}", val, deob.TypeLong);
if (val > 0 && deob.Type != "un")
allDetected.Add(deob);
if (val > detectVal) {
@ -294,11 +294,11 @@ namespace de4dot.code {
this.deob = null;
if (allDetected.Count > 1) {
Log.n("More than one obfuscator detected:");
Log.indent();
Logger.n("More than one obfuscator detected:");
Logger.Instance.indent();
foreach (var deob in allDetected)
Log.n("{0} (use: -p {1})", deob.Name, deob.Type);
Log.deIndent();
Logger.n("{0} (use: -p {1})", deob.Name, deob.Type);
Logger.Instance.deIndent();
}
return detected;
@ -309,7 +309,7 @@ namespace de4dot.code {
}
public void save() {
Log.n("Saving {0}", options.NewFilename);
Logger.n("Saving {0}", options.NewFilename);
assemblyModule.save(options.NewFilename, ShouldPreserveTokens(), options.ControlFlowDeobfuscation, deob as IModuleWriterListener);
}
@ -353,7 +353,7 @@ namespace de4dot.code {
}
public void deobfuscate() {
Log.n("Cleaning {0}", options.Filename);
Logger.n("Cleaning {0}", options.Filename);
initAssemblyClient();
for (int i = 0; ; i++) {
@ -370,7 +370,7 @@ namespace de4dot.code {
}
void reloadModule(byte[] newModuleData, DumpedMethods dumpedMethods) {
Log.v("Reloading decrypted assembly (original filename: {0})", Filename);
Logger.v("Reloading decrypted assembly (original filename: {0})", Filename);
simpleDeobfuscatorFlags.Clear();
module = assemblyModule.reload(newModuleData, createDumpedMethodsRestorer(dumpedMethods), deob as IStringDecrypter);
deob = deob.moduleReloaded(module);
@ -460,7 +460,7 @@ namespace de4dot.code {
}
}
Log.v("Adding string decrypter; token: {0:X8}, method: {1}", method.MDToken.ToInt32(), Utils.removeNewlines(method.FullName));
Logger.v("Adding string decrypter; token: {0:X8}, method: {1}", method.MDToken.ToInt32(), Utils.removeNewlines(method.FullName));
tokens.Add(method.MDToken.ToInt32());
}
}
@ -538,14 +538,14 @@ namespace de4dot.code {
return;
}
Log.v("Deobfuscating methods");
Logger.v("Deobfuscating methods");
var methodPrinter = new MethodPrinter();
var cflowDeobfuscator = new BlocksCflowDeobfuscator(deob.BlocksDeobfuscators);
foreach (var method in getAllMethods()) {
Log.v("Deobfuscating {0} ({1:X8})", Utils.removeNewlines(method), method.MDToken.ToUInt32());
Log.indent();
Logger.v("Deobfuscating {0} ({1:X8})", Utils.removeNewlines(method), method.MDToken.ToUInt32());
Logger.Instance.indent();
int oldIndentLevel = Log.indentLevel;
int oldIndentLevel = Logger.Instance.IndentLevel;
try {
deobfuscate(method, cflowDeobfuscator, methodPrinter);
}
@ -554,21 +554,21 @@ namespace de4dot.code {
}
catch (Exception ex) {
if (!canLoadMethodBody(method)) {
Log.v("Invalid method body. {0:X8}", method.MDToken.ToInt32());
Logger.v("Invalid method body. {0:X8}", method.MDToken.ToInt32());
method.Body = new CilBody();
}
else {
Log.w("Could not deobfuscate method {0:X8}. Hello, E.T.: {1}", // E.T. = exception type
Logger.w("Could not deobfuscate method {0:X8}. Hello, E.T.: {1}", // E.T. = exception type
method.MDToken.ToInt32(),
ex.GetType());
}
}
finally {
Log.indentLevel = oldIndentLevel;
Logger.Instance.IndentLevel = oldIndentLevel;
}
removeNoInliningAttribute(method);
Log.deIndent();
Logger.Instance.deIndent();
}
}
@ -616,17 +616,17 @@ namespace de4dot.code {
DotNetUtils.restoreBody(method, allInstructions, allExceptionHandlers);
if (numRemovedLocals > 0)
Log.v("Removed {0} unused local(s)", numRemovedLocals);
Logger.v("Removed {0} unused local(s)", numRemovedLocals);
int numRemovedInstructions = oldNumInstructions - method.Body.Instructions.Count;
if (numRemovedInstructions > 0)
Log.v("Removed {0} dead instruction(s)", numRemovedInstructions);
Logger.v("Removed {0} dead instruction(s)", numRemovedInstructions);
const Log.LogLevel dumpLogLevel = Log.LogLevel.veryverbose;
if (Log.isAtLeast(dumpLogLevel)) {
Log.log(dumpLogLevel, "Deobfuscated code:");
Log.indent();
const LoggerEvent dumpLogLevel = LoggerEvent.VeryVerbose;
if (!Logger.Instance.IgnoresEvent(dumpLogLevel)) {
Logger.log(dumpLogLevel, "Deobfuscated code:");
Logger.Instance.indent();
methodPrinter.print(dumpLogLevel, allInstructions, allExceptionHandlers);
Log.deIndent();
Logger.Instance.deIndent();
}
}
@ -713,8 +713,8 @@ namespace de4dot.code {
if (savedMethodBodies != null)
savedMethodBodies.save(method);
Log.v("{0}: {1} ({2:X8})", msg, Utils.removeNewlines(method), method.MDToken.ToUInt32());
Log.indent();
Logger.v("{0}: {1} ({2:X8})", msg, Utils.removeNewlines(method), method.MDToken.ToUInt32());
Logger.Instance.indent();
if (hasNonEmptyBody(method)) {
try {
@ -728,11 +728,11 @@ namespace de4dot.code {
DotNetUtils.restoreBody(method, allInstructions, allExceptionHandlers);
}
catch {
Log.v("Could not deobfuscate {0:X8}", method.MDToken.ToInt32());
Logger.v("Could not deobfuscate {0:X8}", method.MDToken.ToInt32());
}
}
Log.deIndent();
Logger.Instance.deIndent();
}
void ISimpleDeobfuscator.deobfuscate(MethodDef method) {
@ -759,7 +759,7 @@ namespace de4dot.code {
extension = ".dll";
var baseDir = Utils.getDirName(options.NewFilename);
var newName = Path.Combine(baseDir, assemblyName + extension);
Log.n("Creating file {0}", newName);
Logger.n("Creating file {0}", newName);
using (var writer = new BinaryWriter(new FileStream(newName, FileMode.Create))) {
writer.Write(data);
}

2
de4dot.code/StringInliner.cs
View File

@ -57,7 +57,7 @@ namespace de4dot.code {
}
}
Log.v("Decrypted string: {0}", Utils.toCsharpString(decryptedString));
Logger.v("Decrypted string: {0}", Utils.toCsharpString(decryptedString));
}
}
}

2
de4dot.code/de4dot.code.csproj
View File

@ -265,7 +265,7 @@
<Compile Include="deobfuscators\Xenocode\StringDecrypter.cs" />
<Compile Include="IDeobfuscatorContext.cs" />
<Compile Include="IObfuscatedFile.cs" />
<Compile Include="Log.cs" />
<Compile Include="Logger.cs" />
<Compile Include="DumpedMethodsRestorer.cs" />
<Compile Include="MethodPrinter.cs" />
<Compile Include="MethodReturnValueInliner.cs" />

4
de4dot.code/deobfuscators/Agile_NET/Deobfuscator.cs
View File

@ -219,7 +219,7 @@ namespace de4dot.code.deobfuscators.Agile_NET {
var peImage = new PeImage(fileData);
if (!new MethodsDecrypter().decrypt(peImage, module, cliSecureRtType, ref dumpedMethods)) {
Log.v("Methods aren't encrypted or invalid signature");
Logger.v("Methods aren't encrypted or invalid signature");
return false;
}
@ -331,7 +331,7 @@ namespace de4dot.code.deobfuscators.Agile_NET {
if (!options.RemoveStackFrameHelper)
return;
if (stackFrameHelper.ExceptionLoggerRemover.remove(blocks))
Log.v("Removed StackFrameHelper code");
Logger.v("Removed StackFrameHelper code");
}
}
}

2
de4dot.code/deobfuscators/Agile_NET/MethodsDecrypter.cs
View File

@ -444,7 +444,7 @@ namespace de4dot.code.deobfuscators.Agile_NET {
case DecryptResult.NotEncrypted: return false;
case DecryptResult.Error:
Log.w("Using dynamic method decryption");
Logger.w("Using dynamic method decryption");
byte[] moduleCctorBytes = getModuleCctorBytes(csRtType);
dumpedMethods = de4dot.code.deobfuscators.MethodsDecrypter.decrypt(module.Location, moduleCctorBytes);
return true;

2
de4dot.code/deobfuscators/Agile_NET/ProxyCallFixer.cs
View File

@ -60,7 +60,7 @@ namespace de4dot.code.deobfuscators.Agile_NET {
int delegateToken = 0x02000001 + instrs[0].GetLdcI4Value();
if (type.MDToken.ToInt32() != delegateToken) {
Log.w("Delegate token is not current type");
Logger.w("Delegate token is not current type");
return null;
}

44
de4dot.code/deobfuscators/Agile_NET/vm/Csvm.cs
View File

@ -86,18 +86,18 @@ namespace de4dot.code.deobfuscators.Agile_NET.vm {
if (!Detected)
return;
int oldIndent = Log.indentLevel;
int oldIndent = Logger.Instance.IndentLevel;
try {
restore2();
}
finally {
Log.indentLevel = oldIndent;
Logger.Instance.IndentLevel = oldIndent;
}
}
void restore2() {
Log.v("Restoring CSVM methods");
Log.indent();
Logger.v("Restoring CSVM methods");
Logger.Instance.indent();
var opcodeDetector = getVmOpCodeHandlerDetector();
var csvmMethods = new CsvmDataReader(resource.Data).read();
@ -108,37 +108,37 @@ namespace de4dot.code.deobfuscators.Agile_NET.vm {
if (cilMethod == null)
throw new ApplicationException(string.Format("Could not find method {0:X8}", csvmMethod.Token));
converter.convert(cilMethod, csvmMethod);
Log.v("Restored method {0:X8}", cilMethod.MDToken.ToInt32());
Logger.v("Restored method {0:X8}", cilMethod.MDToken.ToInt32());
printMethod(methodPrinter, cilMethod);
}
Log.deIndent();
Logger.Instance.deIndent();
}
static void printMethod(MethodPrinter methodPrinter, MethodDef method) {
const Log.LogLevel dumpLogLevel = Log.LogLevel.verbose;
if (!Log.isAtLeast(dumpLogLevel))
const LoggerEvent dumpLogLevel = LoggerEvent.Verbose;
if (Logger.Instance.IgnoresEvent(dumpLogLevel))
return;
Log.indent();
Logger.Instance.indent();
Log.v("Locals:");
Log.indent();
Logger.v("Locals:");
Logger.Instance.indent();
for (int i = 0; i < method.Body.LocalList.Count; i++)
Log.v("#{0}: {1}", i, method.Body.LocalList[i].Type);
Log.deIndent();
Logger.v("#{0}: {1}", i, method.Body.LocalList[i].Type);
Logger.Instance.deIndent();
Log.v("Code:");
Log.indent();
Logger.v("Code:");
Logger.Instance.indent();
methodPrinter.print(dumpLogLevel, method.Body.Instructions, method.Body.ExceptionHandlers);
Log.deIndent();
Logger.Instance.deIndent();
Log.deIndent();
Logger.Instance.deIndent();
}
VmOpCodeHandlerDetector getVmOpCodeHandlerDetector() {
var vmFilename = vmAssemblyReference.Name + ".dll";
var vmModulePath = Path.Combine(Path.GetDirectoryName(module.Location), vmFilename);
Log.v("CSVM filename: {0}", vmFilename);
Logger.v("CSVM filename: {0}", vmFilename);
var dataKey = "cs cached VmOpCodeHandlerDetector";
var dict = (Dictionary<string, VmOpCodeHandlerDetector>)deobfuscatorContext.getData(dataKey);
@ -150,11 +150,11 @@ namespace de4dot.code.deobfuscators.Agile_NET.vm {
dict[vmModulePath] = detector = new VmOpCodeHandlerDetector(ModuleDefMD.Load(vmModulePath));
detector.findHandlers();
Log.v("CSVM opcodes:");
Log.indent();
Logger.v("CSVM opcodes:");
Logger.Instance.indent();
for (int i = 0; i < detector.Handlers.Count; i++)
Log.v("{0:X4}: {1}", i, detector.Handlers[i].Name);
Log.deIndent();
Logger.v("{0:X4}: {1}", i, detector.Handlers[i].Name);
Logger.Instance.deIndent();
return detector;
}

4
de4dot.code/deobfuscators/Agile_NET/vm/CsvmToCilMethodConverter.cs
View File

@ -49,7 +49,7 @@ namespace de4dot.code.deobfuscators.Agile_NET.vm {
DotNetUtils.restoreBody(cilMethod, newInstructions, newExceptions);
if (!operandRestorer.restore(cilMethod))
Log.w("Failed to restore one or more instruction operands in CSVM method {0:X8}", cilMethod.MDToken.ToInt32());
Logger.w("Failed to restore one or more instruction operands in CSVM method {0:X8}", cilMethod.MDToken.ToInt32());
restoreConstrainedPrefix(cilMethod);
}
@ -378,7 +378,7 @@ namespace de4dot.code.deobfuscators.Agile_NET.vm {
var field = deobfuscatorContext.resolveField(fieldRef);
bool isStatic;
if (field == null) {
Log.w("Could not resolve field {0:X8}. Assuming it's not static.", token);
Logger.w("Could not resolve field {0:X8}. Assuming it's not static.", token);
isStatic = false;
}
else

2
de4dot.code/deobfuscators/Babel_NET/AssemblyResolver.cs
View File

@ -111,7 +111,7 @@ namespace de4dot.code.deobfuscators.Babel_NET {
encryptedResource = BabelUtils.findEmbeddedResource(module, resolverType, simpleDeobfuscator, deob);
if (encryptedResource == null) {
Log.w("Could not find embedded assemblies resource");
Logger.w("Could not find embedded assemblies resource");
return;
}

6
de4dot.code/deobfuscators/Babel_NET/ConstantsDecrypter.cs
View File

@ -148,7 +148,7 @@ namespace de4dot.code.deobfuscators.Babel_NET {
encryptedResource = BabelUtils.findEmbeddedResource(module, decrypterType, simpleDeobfuscator, deob);
if (encryptedResource == null) {
Log.w("Could not find encrypted constants resource");
Logger.w("Could not find encrypted constants resource");
return;
}
@ -256,7 +256,7 @@ namespace de4dot.code.deobfuscators.Babel_NET {
if (arrayType == null)
continue;
if (arrayType.Next.ElementType.GetPrimitiveSize() == -1) {
Log.w("Can't decrypt non-primitive type array in method {0:X8}", blocks.Method.MDToken.ToInt32());
Logger.w("Can't decrypt non-primitive type array in method {0:X8}", blocks.Method.MDToken.ToInt32());
continue;
}
@ -269,7 +269,7 @@ namespace de4dot.code.deobfuscators.Babel_NET {
var decrypted = decryptArray(info.encryptedField.InitialValue, elemSize);
initializedDataCreator.addInitializeArrayCode(block, info.start, info.len, info.arrayType.Next.ToTypeDefOrRef(), decrypted);
Log.v("Decrypted {0} array: {1} elements", info.arrayType.Next.ToString(), decrypted.Length / elemSize);
Logger.v("Decrypted {0} array: {1} elements", info.arrayType.Next.ToString(), decrypted.Length / elemSize);
}
}
}

2
de4dot.code/deobfuscators/Babel_NET/Deobfuscator.cs
View File

@ -206,7 +206,7 @@ namespace de4dot.code.deobfuscators.Babel_NET {
if (Operations.DecryptStrings != OpDecryptString.None) {
if (stringDecrypter.Resource != null)
Log.v("Adding string decrypter. Resource: {0}", Utils.toCsharpString(stringDecrypter.Resource.Name));
Logger.v("Adding string decrypter. Resource: {0}", Utils.toCsharpString(stringDecrypter.Resource.Name));
staticStringInliner.add(stringDecrypter.DecryptMethod, (method, gim, args) => {
return stringDecrypter.decrypt(args);
});

2
de4dot.code/deobfuscators/Babel_NET/InflaterCreator.cs
View File

@ -46,7 +46,7 @@ namespace de4dot.code.deobfuscators.Babel_NET {
static Inflater createNormal(bool noHeader, string errorMessage) {
if (errorMessage != null)
Log.w("{0}", errorMessage);
Logger.w("{0}", errorMessage);
return new Inflater(noHeader);
}

6
de4dot.code/deobfuscators/Babel_NET/MethodsDecrypter.cs
View File

@ -113,7 +113,7 @@ namespace de4dot.code.deobfuscators.Babel_NET {
ImageReader addImageReader(string name, byte[] data) {
var imageReader = new ImageReader(deobfuscatorContext, module, data);
if (!imageReader.initialize()) {
Log.w("Could not read encrypted methods");
Logger.w("Could not read encrypted methods");
return null;
}
if (imageReaders.ContainsKey(name))
@ -159,11 +159,11 @@ namespace de4dot.code.deobfuscators.Babel_NET {
numNonDecryptedMethods++;
continue;
}
Log.v("Decrypting method {0:X8}", info.method.MDToken.ToInt32());
Logger.v("Decrypting method {0:X8}", info.method.MDToken.ToInt32());
imageReader.restore(info.FullName, info.method);
}
if (numNonDecryptedMethods > 0)
Log.w("{0}/{1} methods not decrypted", numNonDecryptedMethods, totalEncryptedMethods);
Logger.w("{0}/{1} methods not decrypted", numNonDecryptedMethods, totalEncryptedMethods);
}
ImageReader getImageReader(string feature) {

6
de4dot.code/deobfuscators/CodeVeil/AssemblyResolver.cs
View File

@ -131,7 +131,7 @@ namespace de4dot.code.deobfuscators.CodeVeil {
doc.Load(XmlReader.Create(bundleXmlFile.Data.CreateStream()));
var manifest = doc.DocumentElement;
if (manifest.Name.ToLowerInvariant() != "manifest") {
Log.w("Could not find Manifest element");
Logger.w("Could not find Manifest element");
return;
}
foreach (var tmp in manifest.ChildNodes) {
@ -140,13 +140,13 @@ namespace de4dot.code.deobfuscators.CodeVeil {
continue;
if (assemblyElem.Name.ToLowerInvariant() != "assembly") {
Log.w("Unknown element: {0}", assemblyElem.Name);
Logger.w("Unknown element: {0}", assemblyElem.Name);
continue;
}
int offset = getAttributeValueInt32(assemblyElem, "offset");
if (offset < 0) {
Log.w("Could not find offset attribute");
Logger.w("Could not find offset attribute");
continue;
}

4
de4dot.code/deobfuscators/CodeVeil/ResourceDecrypter.cs
View File

@ -323,7 +323,7 @@ namespace de4dot.code.deobfuscators.CodeVeil {
if (decrypted == null)
continue;
Log.v("Decrypted resource {0}", Utils.toCsharpString(resource.Name));
Logger.v("Decrypted resource {0}", Utils.toCsharpString(resource.Name));
module.Resources[i] = new EmbeddedResource(resource.Name, decrypted, resource.Flags);
}
}
@ -343,7 +343,7 @@ namespace de4dot.code.deobfuscators.CodeVeil {
return null;
}
catch (Exception ex) {
Log.w("Got an exception when decrypting resources: {0} - {1}", ex.GetType(), ex.Message);
Logger.w("Got an exception when decrypting resources: {0} - {1}", ex.GetType(), ex.Message);
return null;
}
}

2
de4dot.code/deobfuscators/CodeWall/StringDecrypter.cs
View File

@ -248,7 +248,7 @@ namespace de4dot.code.deobfuscators.CodeWall {
simpleDeobfuscator.deobfuscate(info.Method);
info.Resource = findResource(info.Method);
if (info.Resource == null) {
Log.w("Could not find encrypted strings resource (Method {0:X8})", info.Method.MDToken.ToInt32());
Logger.w("Could not find encrypted strings resource (Method {0:X8})", info.Method.MDToken.ToInt32());
continue;
}
info.Magic1 = findMagic1(info.Method);

8
de4dot.code/deobfuscators/CryptoObfuscator/MethodsDecrypter.cs
View File

@ -122,8 +122,8 @@ namespace de4dot.code.deobfuscators.CryptoObfuscator {
var decrypted = resourceDecrypter.decrypt(resource.GetResourceStream());
var reader = MemoryImageStream.Create(decrypted);
int numEncrypted = reader.ReadInt32();
Log.v("Restoring {0} encrypted methods", numEncrypted);
Log.indent();
Logger.v("Restoring {0} encrypted methods", numEncrypted);
Logger.Instance.indent();
for (int i = 0; i < numEncrypted; i++) {
int delegateTypeToken = reader.ReadInt32();
uint codeOffset = reader.ReadUInt32();
@ -132,7 +132,7 @@ namespace de4dot.code.deobfuscators.CryptoObfuscator {
decrypt(reader, delegateTypeToken);
reader.Position = origOffset;
}
Log.deIndent();
Logger.Instance.deIndent();
}
void decrypt(IBinaryReader reader, int delegateTypeToken) {
@ -155,7 +155,7 @@ namespace de4dot.code.deobfuscators.CryptoObfuscator {
var bodyReader = new MethodBodyReader(module, reader);
bodyReader.read(encMethod);
bodyReader.RestoreMethod(encMethod);
Log.v("Restored method {0} ({1:X8}). Instrs:{2}, Locals:{3}, Exceptions:{4}",
Logger.v("Restored method {0} ({1:X8}). Instrs:{2}, Locals:{3}, Exceptions:{4}",
Utils.removeNewlines(encMethod.FullName),
encMethod.MDToken.ToInt32(),
encMethod.Body.Instructions.Count,

2
de4dot.code/deobfuscators/CryptoObfuscator/ResourceDecrypter.cs
View File

@ -328,7 +328,7 @@ namespace de4dot.code.deobfuscators.CryptoObfuscator {
byte allFlags = (byte)(desEncryptedFlag | deflatedFlag | bitwiseNotEncryptedFlag);
if ((flags & ~allFlags) != 0)
Log.w("Found unknown resource encryption flags: 0x{0:X2}", flags);
Logger.w("Found unknown resource encryption flags: 0x{0:X2}", flags);
if ((flags & desEncryptedFlag) != 0) {
var memStream = new MemoryStream((int)resourceStream.Length);

2
de4dot.code/deobfuscators/CryptoObfuscator/StringDecrypter.cs
View File

@ -68,7 +68,7 @@ namespace de4dot.code.deobfuscators.CryptoObfuscator {
stringResource = DotNetUtils.getResource(module, resourceName) as EmbeddedResource;
if (stringResource == null)
return;
Log.v("Adding string decrypter. Resource: {0}", Utils.toCsharpString(stringResource.Name));
Logger.v("Adding string decrypter. Resource: {0}", Utils.toCsharpString(stringResource.Name));
decryptedData = resourceDecrypter.decrypt(stringResource.GetResourceStream());
}

2
de4dot.code/deobfuscators/DeepSea/ResourceResolver.cs
View File

@ -308,7 +308,7 @@ namespace de4dot.code.deobfuscators.DeepSea {
data30 = new Data30();
data30.resource = DeobUtils.getEmbeddedResourceFromCodeStrings(module, resolveHandler);
if (data30.resource == null) {
Log.w("Could not find resource of encrypted resources");
Logger.w("Could not find resource of encrypted resources");
return;
}
}

8
de4dot.code/deobfuscators/DeobUtils.cs
View File

@ -30,18 +30,18 @@ using de4dot.blocks;
namespace de4dot.code.deobfuscators {
static class DeobUtils {
public static void decryptAndAddResources(ModuleDef module, string encryptedName, Func<byte[]> decryptResource) {
Log.v("Decrypting resources, name: {0}", Utils.toCsharpString(encryptedName));
Logger.v("Decrypting resources, name: {0}", Utils.toCsharpString(encryptedName));
var decryptedResourceData = decryptResource();
if (decryptedResourceData == null)
throw new ApplicationException("decryptedResourceData is null");
var resourceModule = ModuleDefMD.Load(decryptedResourceData);
Log.indent();
Logger.Instance.indent();
foreach (var rsrc in resourceModule.Resources) {
Log.v("Adding decrypted resource {0}", Utils.toCsharpString(rsrc.Name));
Logger.v("Adding decrypted resource {0}", Utils.toCsharpString(rsrc.Name));
module.Resources.Add(rsrc);
}
Log.deIndent();
Logger.Instance.deIndent();
}
public static T lookup<T>(ModuleDefMD module, T def, string errorMessage) where T : class, ICodedToken {

62
de4dot.code/deobfuscators/DeobfuscatorBase.cs
View File

@ -189,7 +189,7 @@ namespace de4dot.code.deobfuscators {
foreach (var type in module.GetTypes()) {
if (!isTypeWithInvalidBaseType(moduleType, type))
continue;
Log.v("Adding System.Object as base type: {0} ({1:X8})",
Logger.v("Adding System.Object as base type: {0} ({1:X8})",
Utils.removeNewlines(type),
type.MDToken.ToInt32());
type.BaseType = module.CorLibTypes.Object.TypeDefOrRef;
@ -298,7 +298,7 @@ namespace de4dot.code.deobfuscators {
continue;
if (info.find(destMethod)) {
Log.v("Removed call to {0}", Utils.removeNewlines(destMethod));
Logger.v("Removed call to {0}", Utils.removeNewlines(destMethod));
instrsToDelete.Add(i);
}
}
@ -385,27 +385,27 @@ namespace de4dot.code.deobfuscators {
if (emptyCctorsToRemove.Count == 0)
return;
Log.v("Removing empty .cctor methods");
Log.indent();
Logger.v("Removing empty .cctor methods");
Logger.Instance.indent();
foreach (var cctor in emptyCctorsToRemove) {
var type = cctor.DeclaringType;
if (type == null)
continue;
if (type.Methods.Remove(cctor))
Log.v("{0:X8}, type: {1} ({2:X8})",
Logger.v("{0:X8}, type: {1} ({2:X8})",
cctor.MDToken.ToUInt32(),
Utils.removeNewlines(type),
type.MDToken.ToUInt32());
}
Log.deIndent();
Logger.Instance.deIndent();
}
void deleteMethods() {
if (methodsToRemove.Count == 0)
return;
Log.v("Removing methods");
Log.indent();
Logger.v("Removing methods");
Logger.Instance.indent();
foreach (var info in methodsToRemove) {
var method = info.obj;
if (method == null)
@ -414,21 +414,21 @@ namespace de4dot.code.deobfuscators {
if (type == null)
continue;
if (type.Methods.Remove(method))
Log.v("Removed method {0} ({1:X8}) (Type: {2}) (reason: {3})",
Logger.v("Removed method {0} ({1:X8}) (Type: {2}) (reason: {3})",
Utils.removeNewlines(method),
method.MDToken.ToUInt32(),
Utils.removeNewlines(type),
info.reason);
}
Log.deIndent();
Logger.Instance.deIndent();
}
void deleteFields() {
if (fieldsToRemove.Count == 0)
return;
Log.v("Removing fields");
Log.indent();
Logger.v("Removing fields");
Logger.Instance.indent();
foreach (var info in fieldsToRemove) {
var field = info.obj;
if (field == null)
@ -437,13 +437,13 @@ namespace de4dot.code.deobfuscators {
if (type == null)
continue;
if (type.Fields.Remove(field))
Log.v("Removed field {0} ({1:X8}) (Type: {2}) (reason: {3})",
Logger.v("Removed field {0} ({1:X8}) (Type: {2}) (reason: {3})",
Utils.removeNewlines(field),
field.MDToken.ToUInt32(),
Utils.removeNewlines(type),
info.reason);
}
Log.deIndent();
Logger.Instance.deIndent();
}
void deleteTypes() {
@ -451,8 +451,8 @@ namespace de4dot.code.deobfuscators {
if (types == null || typesToRemove.Count == 0)
return;
Log.v("Removing types");
Log.indent();
Logger.v("Removing types");
Logger.Instance.indent();
var moduleType = DotNetUtils.getModuleType(module);
foreach (var info in typesToRemove) {
var typeDef = info.obj;
@ -464,24 +464,24 @@ namespace de4dot.code.deobfuscators {
else
removed = types.Remove(typeDef);
if (removed)
Log.v("Removed type {0} ({1:X8}) (reason: {2})",
Logger.v("Removed type {0} ({1:X8}) (reason: {2})",
Utils.removeNewlines(typeDef),
typeDef.MDToken.ToUInt32(),
info.reason);
}
Log.deIndent();
Logger.Instance.deIndent();
}
void deleteCustomAttributes() {
if (attrsToRemove.Count == 0)
return;
Log.v("Removing custom attributes");
Log.indent();
Logger.v("Removing custom attributes");
Logger.Instance.indent();
deleteCustomAttributes(module.CustomAttributes);
if (module.Assembly != null)
deleteCustomAttributes(module.Assembly.CustomAttributes);
Log.deIndent();
Logger.Instance.deIndent();
}
void deleteCustomAttributes(IList<CustomAttribute> customAttrs) {
@ -495,7 +495,7 @@ namespace de4dot.code.deobfuscators {
if (new SigComparer().Equals(typeDef, customAttrs[i].AttributeType)) {
customAttrs.RemoveAt(i);
i--;
Log.v("Removed custom attribute {0} ({1:X8}) (reason: {2})",
Logger.v("Removed custom attribute {0} ({1:X8}) (reason: {2})",
Utils.removeNewlines(typeDef),
typeDef.MDToken.ToUInt32(),
info.reason);
@ -506,19 +506,19 @@ namespace de4dot.code.deobfuscators {
}
void deleteOtherAttributes() {
Log.v("Removing other attributes");
Log.indent();
Logger.v("Removing other attributes");
Logger.Instance.indent();
deleteOtherAttributes(module.CustomAttributes);
if (module.Assembly != null)
deleteOtherAttributes(module.Assembly.CustomAttributes);
Log.deIndent();
Logger.Instance.deIndent();
}
void deleteOtherAttributes(IList<CustomAttribute> customAttributes) {
for (int i = customAttributes.Count - 1; i >= 0; i--) {
var attr = customAttributes[i].TypeFullName;
if (attr == "System.Runtime.CompilerServices.SuppressIldasmAttribute") {
Log.v("Removed attribute {0}", Utils.removeNewlines(attr));
Logger.v("Removed attribute {0}", Utils.removeNewlines(attr));
customAttributes.RemoveAt(i);
}
}
@ -528,16 +528,16 @@ namespace de4dot.code.deobfuscators {
if (!module.HasResources || resourcesToRemove.Count == 0)
return;
Log.v("Removing resources");
Log.indent();
Logger.v("Removing resources");
Logger.Instance.indent();
foreach (var info in resourcesToRemove) {
var resource = info.obj;
if (resource == null)
continue;
if (module.Resources.Remove(resource))
Log.v("Removed resource {0} (reason: {1})", Utils.toCsharpString(resource.Name), info.reason);
Logger.v("Removed resource {0} (reason: {1})", Utils.toCsharpString(resource.Name), info.reason);
}
Log.deIndent();
Logger.Instance.deIndent();
}
protected void setInitLocals() {
@ -608,7 +608,7 @@ namespace de4dot.code.deobfuscators {
protected bool removeProxyDelegates(ProxyCallFixerBase proxyCallFixer, bool removeCreators) {
if (proxyCallFixer.Errors != 0) {
Log.v("Not removing proxy delegates and creator type since errors were detected.");
Logger.v("Not removing proxy delegates and creator type since errors were detected.");
return false;
}
addTypesToBeRemoved(proxyCallFixer.DelegateTypes, "Proxy delegate type");

2
de4dot.code/deobfuscators/Dotfuscator/StringDecrypter.cs
View File

@ -85,7 +85,7 @@ namespace de4dot.code.deobfuscators.Dotfuscator {
var info = new StringDecrypterInfo(method, ldci4.GetLdcI4Value());
stringDecrypterMethods.add(info.method, info);
Log.v("Found string decrypter method: {0}, magic: 0x{1:X8}", Utils.removeNewlines(info.method), info.magic);
Logger.v("Found string decrypter method: {0}, magic: 0x{1:X8}", Utils.removeNewlines(info.method), info.magic);
break;
}
}

2
de4dot.code/deobfuscators/Eazfuscator_NET/AssemblyResolver.cs
View File

@ -364,7 +364,7 @@ namespace de4dot.code.deobfuscators.Eazfuscator_NET {
}
catch {
}
Log.w("Could not load assembly from decrypted resource {0}", Utils.toCsharpString(info.ResourceName));
Logger.w("Could not load assembly from decrypted resource {0}", Utils.toCsharpString(info.ResourceName));
int index = info.Filename.LastIndexOf('.');
if (index < 0) {
info.SimpleName = info.Filename;

4
de4dot.code/deobfuscators/Eazfuscator_NET/StringDecrypter.cs
View File

@ -210,9 +210,9 @@ namespace de4dot.code.deobfuscators.Eazfuscator_NET {
if (!findConstants(simpleDeobfuscator)) {
if (encryptedResource == null)
Log.w("Could not find encrypted resource. Strings cannot be decrypted.");
Logger.w("Could not find encrypted resource. Strings cannot be decrypted.");
else
Log.w("Can't decrypt strings. Possibly a new Eazfuscator.NET version.");
Logger.w("Can't decrypt strings. Possibly a new Eazfuscator.NET version.");
return;
}
}

2
de4dot.code/deobfuscators/Goliath_NET/ArrayValueInliner.cs
View File

@ -40,7 +40,7 @@ namespace de4dot.code.deobfuscators.Goliath_NET {
var arrayData = (byte[])callResult.returnValue;
initializedDataCreator.addInitializeArrayCode(block, callResult.callStartIndex, num, module.TypeSystem.Byte, arrayData);
Log.v("Decrypted array: {0} bytes", arrayData.Length);
Logger.v("Decrypted array: {0} bytes", arrayData.Length);
}
}
}

2
de4dot.code/deobfuscators/Goliath_NET/Deobfuscator.cs
View File

@ -232,7 +232,7 @@ namespace de4dot.code.deobfuscators.Goliath_NET {
localsRestorer.deobfuscate(blocks);
if (options.RemoveAntiStrongName) {
if (strongNameChecker.deobfuscate(blocks))
Log.v("Removed strong name checker code");
Logger.v("Removed strong name checker code");
}
logicalExpressionFixer.deobfuscate(blocks);
base.deobfuscateMethodEnd(blocks);

10
de4dot.code/deobfuscators/Goliath_NET/ProxyCallFixer.cs
View File

@ -39,7 +39,7 @@ namespace de4dot.code.deobfuscators.Goliath_NET {
}
public new void find() {
Log.v("Finding all proxy delegates");
Logger.v("Finding all proxy delegates");
var infos = new List<MyInfo>();
foreach (var type in module.GetTypes()) {
if (type.BaseType == null || type.BaseType.FullName != "System.MulticastDelegate")
@ -56,19 +56,19 @@ namespace de4dot.code.deobfuscators.Goliath_NET {
if (infos.Count == 0)
continue;
Log.v("Found proxy delegate: {0} ({1:X8})", Utils.removeNewlines(type), type.MDToken.ToUInt32());
Logger.v("Found proxy delegate: {0} ({1:X8})", Utils.removeNewlines(type), type.MDToken.ToUInt32());
RemovedDelegateCreatorCalls++;
Log.indent();
Logger.Instance.indent();
foreach (var info in infos) {
var di = info.delegateInfo;
add(info.method, di);
Log.v("Field: {0}, Opcode: {1}, Method: {2} ({3:X8})",
Logger.v("Field: {0}, Opcode: {1}, Method: {2} ({3:X8})",
Utils.removeNewlines(di.field.Name),
di.callOpcode,
Utils.removeNewlines(di.methodRef),
di.methodRef.MDToken.ToUInt32());
}
Log.deIndent();
Logger.Instance.deIndent();
delegateTypesDict[type] = true;
}
}

10
de4dot.code/deobfuscators/ILProtector/MethodsDecrypter.cs
View File

@ -200,15 +200,15 @@ namespace de4dot.code.deobfuscators.ILProtector {
if (methodInfos.Count == 0)
return;
Log.v("Restoring {0} methods", methodInfos.Count);
Log.indent();
Logger.v("Restoring {0} methods", methodInfos.Count);
Logger.Instance.indent();
foreach (var type in module.GetTypes()) {
foreach (var method in type.Methods) {
if (method.Body == null)
continue;
if (restoreMethod(method)) {
Log.v("Restored method {0} ({1:X8}). Instrs:{2}, Locals:{3}, Exceptions:{4}",
Logger.v("Restored method {0} ({1:X8}). Instrs:{2}, Locals:{3}, Exceptions:{4}",
Utils.removeNewlines(method.FullName),
method.MDToken.ToInt32(),
method.Body.Instructions.Count,
@ -217,9 +217,9 @@ namespace de4dot.code.deobfuscators.ILProtector {
}
}
}
Log.deIndent();
Logger.Instance.deIndent();
if (methodInfos.Count != 0)
Log.w("{0} methods weren't restored", methodInfos.Count);
Logger.w("{0} methods weren't restored", methodInfos.Count);
}
const int INVALID_METHOD_ID = -1;

2
de4dot.code/deobfuscators/MPRESS/Deobfuscator.cs
View File

@ -251,7 +251,7 @@ namespace de4dot.code.deobfuscators.MPRESS {
BitConverter.ToInt16(hash, 6),
hash[8], hash[9], hash[10], hash[11],
hash[12], hash[13], hash[14], hash[15]);
Log.v("Updating MVID: {0}", guid.ToString("B"));
Logger.v("Updating MVID: {0}", guid.ToString("B"));
module.Mvid = guid;
}
}

2
de4dot.code/deobfuscators/MaxtoCode/Deobfuscator.cs
View File

@ -146,7 +146,7 @@ namespace de4dot.code.deobfuscators.MaxtoCode {
return Encoding.GetEncoding(cp);
}
catch {
Log.w("Invalid code page {0}!", cp);
Logger.w("Invalid code page {0}!", cp);
return Encoding.Default;
}
}

18
de4dot.code/deobfuscators/MaxtoCode/MethodsDecrypter.cs
View File

@ -106,7 +106,7 @@ namespace de4dot.code.deobfuscators.MaxtoCode {
return info.Version;
}
Log.w("Could not detect MC version. Magic2: {0:X8} {1:X8}", m2lo, m2hi);
Logger.w("Could not detect MC version. Magic2: {0:X8} {1:X8}", m2lo, m2hi);
return EncryptionVersion.Unknown;
}
@ -531,10 +531,10 @@ namespace de4dot.code.deobfuscators.MaxtoCode {
return;
if (resourceRva != peImage.Cor20Header.resources.virtualAddress ||
resourceSize != peImage.Cor20Header.resources.size) {
Log.w("Invalid resource RVA and size found");
Logger.w("Invalid resource RVA and size found");
}
Log.v("Decrypting resources @ RVA {0:X8}, {1} bytes", resourceRva, resourceSize);
Logger.v("Decrypting resources @ RVA {0:X8}, {1} bytes", resourceRva, resourceSize);
int resourceOffset = (int)peImage.rvaToOffset(resourceRva);
for (int i = 0; i < resourceSize; i++)
@ -555,11 +555,11 @@ namespace de4dot.code.deobfuscators.MaxtoCode {
if (usHeap == null ||
peImage.rvaToOffset(usHeapRva) != usHeap.fileOffset ||
usHeapSize != usHeap.Length) {
Log.w("Invalid #US heap RVA and size found");
Logger.w("Invalid #US heap RVA and size found");
}
Log.v("Decrypting strings @ RVA {0:X8}, {1} bytes", usHeapRva, usHeapSize);
Log.indent();
Logger.v("Decrypting strings @ RVA {0:X8}, {1} bytes", usHeapRva, usHeapSize);
Logger.Instance.indent();
int mcKeyOffset = 0;
int usHeapOffset = (int)peImage.rvaToOffset(usHeapRva);
@ -582,16 +582,16 @@ namespace de4dot.code.deobfuscators.MaxtoCode {
}
try {
Log.v("Decrypted string: {0}", Utils.toCsharpString(Encoding.Unicode.GetString(fileData, usHeapOffsetString, stringDataLength - 1)));
Logger.v("Decrypted string: {0}", Utils.toCsharpString(Encoding.Unicode.GetString(fileData, usHeapOffsetString, stringDataLength - 1)));
}
catch {
Log.v("Could not decrypt string at offset {0:X8}", usHeapOffsetOrig);
Logger.v("Could not decrypt string at offset {0:X8}", usHeapOffsetOrig);
}
usHeapOffset++;
}
Log.deIndent();
Logger.Instance.deIndent();
}
byte rolb(byte b, int n) {

24
de4dot.code/deobfuscators/ProxyCallFixerBase.cs
View File

@ -206,7 +206,7 @@ namespace de4dot.code.deobfuscators {
if (delegateCreatorMethods.Count == 0)
return;
Log.v("Finding all proxy delegates");
Logger.v("Finding all proxy delegates");
foreach (var tmp in getDelegateTypes()) {
var type = tmp;
var cctor = type.FindClassConstructor();
@ -219,10 +219,10 @@ namespace de4dot.code.deobfuscators {
if (context == null)
continue;
Log.v("Found proxy delegate: {0} ({1:X8})", Utils.removeNewlines(type), type.MDToken.ToUInt32());
Logger.v("Found proxy delegate: {0} ({1:X8})", Utils.removeNewlines(type), type.MDToken.ToUInt32());
RemovedDelegateCreatorCalls++;
Log.indent();
Logger.Instance.indent();
foreach (var field in type.Fields) {
if (!field.IsStatic)
continue;
@ -234,13 +234,13 @@ namespace de4dot.code.deobfuscators {
if (calledMethod == null)
continue;
addDelegateInfo(new DelegateInfo(field, calledMethod, callOpcode));
Log.v("Field: {0}, Opcode: {1}, Method: {2} ({3:X8})",
Logger.v("Field: {0}, Opcode: {1}, Method: {2} ({3:X8})",
Utils.removeNewlines(field.Name),
callOpcode,
Utils.removeNewlines(calledMethod),
calledMethod.MDToken.Raw);
}
Log.deIndent();
Logger.Instance.deIndent();
delegateTypesDict[type] = true;
}
}
@ -269,7 +269,7 @@ namespace de4dot.code.deobfuscators {
}
else {
errors++;
Log.w("Could not fix proxy call. Method: {0} ({1:X8}), Proxy type: {2} ({3:X8})",
Logger.w("Could not fix proxy call. Method: {0} ({1:X8}), Proxy type: {2} ({3:X8})",
Utils.removeNewlines(blocks.Method),
blocks.Method.MDToken.ToInt32(),
Utils.removeNewlines(di.field.DeclaringType),
@ -354,7 +354,7 @@ namespace de4dot.code.deobfuscators {
// Oooops!!! The obfuscator is buggy. Well, let's hope it is, or it's my code. ;)
Log.w("Holy obfuscator bugs, Batman! Found a proxy delegate call with no instance push in {0:X8}. Replacing it with a throw...", obfuscatedMethod.MDToken.ToInt32());
Logger.w("Holy obfuscator bugs, Batman! Found a proxy delegate call with no instance push in {0:X8}. Replacing it with a throw...", obfuscatedMethod.MDToken.ToInt32());
block.insert(i, Instruction.Create(OpCodes.Ldnull));
block.replace(i + 1, 1, Instruction.Create(OpCodes.Throw));
i++;
@ -387,7 +387,7 @@ namespace de4dot.code.deobfuscators {
if (delegateCreatorMethods.Count == 0)
return;
Log.v("Finding all proxy delegates");
Logger.v("Finding all proxy delegates");
find2();
}
@ -403,11 +403,11 @@ namespace de4dot.code.deobfuscators {
if (context == null)
continue;
Log.v("Found proxy delegate: {0} ({1:X8})", Utils.removeNewlines(type), type.MDToken.ToUInt32());
Logger.v("Found proxy delegate: {0} ({1:X8})", Utils.removeNewlines(type), type.MDToken.ToUInt32());
RemovedDelegateCreatorCalls++;
var fieldToMethod = getFieldToMethodDictionary(type);
Log.indent();
Logger.Instance.indent();
foreach (var field in type.Fields) {
MethodDef proxyMethod;
if (!fieldToMethod.TryGetValue(field, out proxyMethod))
@ -420,13 +420,13 @@ namespace de4dot.code.deobfuscators {
if (calledMethod == null)
continue;
add(proxyMethod, new DelegateInfo(field, calledMethod, callOpcode));
Log.v("Field: {0}, Opcode: {1}, Method: {2} ({3:X8})",
Logger.v("Field: {0}, Opcode: {1}, Method: {2} ({3:X8})",
Utils.removeNewlines(field.Name),
callOpcode,
Utils.removeNewlines(calledMethod),
calledMethod.MDToken.ToUInt32());
}
Log.deIndent();
Logger.Instance.deIndent();
delegateTypesDict[type] = true;
}
}

2
de4dot.code/deobfuscators/Rummage/StringDecrypter.cs
View File

@ -219,7 +219,7 @@ namespace de4dot.code.deobfuscators.Rummage {
var decrypted = decrypt(info);
instrs[i] = new Instr(Instruction.Create(OpCodes.Ldstr, decrypted));
Log.v("Decrypted string: {0}", Utils.toCsharpString(decrypted));
Logger.v("Decrypted string: {0}", Utils.toCsharpString(decrypted));
}
}
}

2
de4dot.code/deobfuscators/Skater_NET/StringDecrypter.cs
View File

@ -306,7 +306,7 @@ namespace de4dot.code.deobfuscators.Skater_NET {
continue;
instrs[i] = new Instr(Instruction.Create(OpCodes.Ldstr, decrypted));
Log.v("Decrypted string: {0}", Utils.toCsharpString(decrypted));
Logger.v("Decrypted string: {0}", Utils.toCsharpString(decrypted));
}
}
}

2
de4dot.code/deobfuscators/SmartAssembly/AssemblyResolver.cs
View File

@ -45,7 +45,7 @@ namespace de4dot.code.deobfuscators.SmartAssembly {
var returned = new Dictionary<Resource, bool>();
foreach (var info in assemblyResolverInfo.EmbeddedAssemblyInfos) {
if (info.resource == null) {
Log.w("Could not find embedded resource {0}", Utils.toCsharpString(info.resourceName));
Logger.w("Could not find embedded resource {0}", Utils.toCsharpString(info.resourceName));
continue;
}
if (returned.ContainsKey(info.resource))

8
de4dot.code/deobfuscators/SmartAssembly/AssemblyResolverInfo.cs
View File

@ -145,11 +145,11 @@ namespace de4dot.code.deobfuscators.SmartAssembly {
list.Add(info);
}
Log.v("Found embedded assemblies:");
Log.indent();
Logger.v("Found embedded assemblies:");
Logger.Instance.indent();
foreach (var info in list)
Log.v("{0}", info.assemblyName);
Log.deIndent();
Logger.v("{0}", info.assemblyName);
Logger.Instance.deIndent();
return true;
}

8
de4dot.code/deobfuscators/SmartAssembly/Deobfuscator.cs
View File

@ -409,12 +409,12 @@ namespace de4dot.code.deobfuscators.SmartAssembly {
foreach (var info in stringDecrypterInfos) {
if (initd.ContainsKey(info))
continue;
Log.v("String decrypter not initialized. Token {0:X8}", info.StringsEncodingClass.MDToken.ToInt32());
Logger.v("String decrypter not initialized. Token {0:X8}", info.StringsEncodingClass.MDToken.ToInt32());
}
}
void initStringDecrypter(StringDecrypterInfo info) {
Log.v("Adding string decrypter. Resource: {0}", Utils.toCsharpString(info.StringsResource.Name));
Logger.v("Adding string decrypter. Resource: {0}", Utils.toCsharpString(info.StringsResource.Name));
var decrypter = new StringDecrypter(info);
if (decrypter.CanDecrypt) {
staticStringInliner.add(DotNetUtils.getMethod(info.GetStringDelegate, "Invoke"), (method, gim, args) => {
@ -489,14 +489,14 @@ namespace de4dot.code.deobfuscators.SmartAssembly {
if (!options.RemoveAutomatedErrorReporting)
return;
if (automatedErrorReportingFinder.remove(blocks))
Log.v("Removed Automated Error Reporting code");
Logger.v("Removed Automated Error Reporting code");
}
void removeTamperProtection(Blocks blocks) {
if (!options.RemoveTamperProtection)
return;
if (tamperProtectionRemover.remove(blocks))
Log.v("Removed Tamper Protection code");
Logger.v("Removed Tamper Protection code");
}
void removeMemoryManagerStuff() {

4
de4dot.code/deobfuscators/SmartAssembly/ProxyCallFixer.cs
View File

@ -68,7 +68,7 @@ namespace de4dot.code.deobfuscators.SmartAssembly {
int delegateToken = 0x02000001 + DotNetUtils.getLdcI4Value(instrs[0]);
if (type.MDToken.ToInt32() != delegateToken) {
Log.w("Delegate token is not current type");
Logger.w("Delegate token is not current type");
return null;
}
@ -93,7 +93,7 @@ namespace de4dot.code.deobfuscators.SmartAssembly {
}
if (methodIndex >= memberReferences.Count) {
Log.w("Ignoring invalid methodIndex: {0:X8}, field: {1:X8}", methodIndex, field.MDToken.ToInt32());
Logger.w("Ignoring invalid methodIndex: {0:X8}, field: {1:X8}", methodIndex, field.MDToken.ToInt32());
calledMethod = null;
return;
}

2
de4dot.code/deobfuscators/SmartAssembly/ResourceResolverInfo.cs
View File

@ -63,7 +63,7 @@ namespace de4dot.code.deobfuscators.SmartAssembly {
return false;
resourceInfo = info;
Log.v("Found embedded assemblies resource {0}", Utils.toCsharpString(info.resourceName));
Logger.v("Found embedded assemblies resource {0}", Utils.toCsharpString(info.resourceName));
return true;
}
}

2
de4dot.code/deobfuscators/SmartAssembly/TamperProtectionRemover.cs
View File

@ -296,7 +296,7 @@ namespace de4dot.code.deobfuscators.SmartAssembly {
if (tamperBlocks == null) {
if (isTamperProtected(allBlocks))
Log.w("Could not remove tamper protection code: {0} ({1:X8})", Utils.removeNewlines(blocks.Method), blocks.Method.MDToken.ToUInt32());
Logger.w("Could not remove tamper protection code: {0} ({1:X8})", Utils.removeNewlines(blocks.Method), blocks.Method.MDToken.ToUInt32());
return false;
}

2
de4dot.code/deobfuscators/Spices_Net/ResourceNamesRestorer.cs
View File

@ -134,7 +134,7 @@ namespace de4dot.code.deobfuscators.Spices_Net {
if (resourceNamespace != ns)
return;
Log.v("Restoring resource name: '{0}' => '{1}'",
Logger.v("Restoring resource name: '{0}' => '{1}'",
Utils.removeNewlines(resource.Name),
Utils.removeNewlines(newName));
resource.Name = newName;

2
de4dot.code/deobfuscators/Spices_Net/SpicesMethodCallInliner.cs
View File

@ -91,7 +91,7 @@ namespace de4dot.code.deobfuscators.Spices_Net {
var list = methodToOrigMethods.find(calledMethod);
var method = list[0];
Log.v("Restored method body {0:X8} from method {1:X8}",
Logger.v("Restored method body {0:X8} from method {1:X8}",
method.MDToken.ToInt32(),
calledMethod.MDToken.ToInt32());
DotNetUtils.copyBodyFromTo(calledMethod, method);

24
de4dot.code/deobfuscators/TypesRestorer.cs
View File

@ -184,12 +184,12 @@ namespace de4dot.code.deobfuscators {
if (fields.Count == 0)
return;
Log.v("Changing field types to real type");
Logger.v("Changing field types to real type");
fields.Sort((a, b) => a.token.CompareTo(b.token));
Log.indent();
Logger.Instance.indent();
foreach (var updatedField in fields)
Log.v("Field {0:X8}: type {1} ({2:X8})", updatedField.token, Utils.removeNewlines(updatedField.newFieldType.FullName), updatedField.newFieldType.MDToken.ToInt32());
Log.deIndent();
Logger.v("Field {0:X8}: type {1} ({2:X8})", updatedField.token, Utils.removeNewlines(updatedField.newFieldType.FullName), updatedField.newFieldType.MDToken.ToInt32());
Logger.Instance.deIndent();
}
void restoreMethodTypes() {
@ -197,14 +197,14 @@ namespace de4dot.code.deobfuscators {
if (methods.Count == 0)
return;
Log.v("Changing method args and return types to real type");
Logger.v("Changing method args and return types to real type");
methods.Sort((a, b) => a.token.CompareTo(b.token));
Log.indent();
Logger.Instance.indent();
foreach (var updatedMethod in methods) {
Log.v("Method {0:X8}", updatedMethod.token);
Log.indent();
Logger.v("Method {0:X8}", updatedMethod.token);
Logger.Instance.indent();
if (updatedMethod.newReturnType != null) {
Log.v("ret: {0} ({1:X8})",
Logger.v("ret: {0} ({1:X8})",
Utils.removeNewlines(updatedMethod.newReturnType.FullName),
updatedMethod.newReturnType.MDToken.ToInt32());
}
@ -212,14 +212,14 @@ namespace de4dot.code.deobfuscators {
var updatedArg = updatedMethod.newArgTypes[i];
if (updatedArg == null)
continue;
Log.v("arg {0}: {1} ({2:X8})",
Logger.v("arg {0}: {1} ({2:X8})",
i,
Utils.removeNewlines(updatedArg.FullName),
updatedArg.MDToken.ToInt32());
}
Log.deIndent();
Logger.Instance.deIndent();
}
Log.deIndent();
Logger.Instance.deIndent();
}
bool deobfuscateMethods() {

10
de4dot.code/deobfuscators/ValueInlinerBase.cs
View File

@ -99,7 +99,7 @@ namespace de4dot.code.deobfuscators {
block.replace(callResult.callStartIndex, num, Instruction.CreateLdcI4((bool)callResult.returnValue ? 1 : 0));
removeUnboxInstruction(block, callResult.callStartIndex + 1, "System.Boolean");
Log.v("Decrypted boolean: {0}", callResult.returnValue);
Logger.v("Decrypted boolean: {0}", callResult.returnValue);
}
}
}
@ -112,7 +112,7 @@ namespace de4dot.code.deobfuscators {
block.replace(callResult.callStartIndex, num, Instruction.CreateLdcI4((int)callResult.returnValue));
removeUnboxInstruction(block, callResult.callStartIndex + 1, "System.Int32");
Log.v("Decrypted int32: {0}", callResult.returnValue);
Logger.v("Decrypted int32: {0}", callResult.returnValue);
}
}
}
@ -125,7 +125,7 @@ namespace de4dot.code.deobfuscators {
block.replace(callResult.callStartIndex, num, Instruction.Create(OpCodes.Ldc_I8, (long)callResult.returnValue));
removeUnboxInstruction(block, callResult.callStartIndex + 1, "System.Int64");
Log.v("Decrypted int64: {0}", callResult.returnValue);
Logger.v("Decrypted int64: {0}", callResult.returnValue);
}
}
}
@ -138,7 +138,7 @@ namespace de4dot.code.deobfuscators {
block.replace(callResult.callStartIndex, num, Instruction.Create(OpCodes.Ldc_R4, (float)callResult.returnValue));
removeUnboxInstruction(block, callResult.callStartIndex + 1, "System.Single");
Log.v("Decrypted single: {0}", callResult.returnValue);
Logger.v("Decrypted single: {0}", callResult.returnValue);
}
}
}
@ -151,7 +151,7 @@ namespace de4dot.code.deobfuscators {
block.replace(callResult.callStartIndex, num, Instruction.Create(OpCodes.Ldc_R8, (double)callResult.returnValue));
removeUnboxInstruction(block, callResult.callStartIndex + 1, "System.Double");
Log.v("Decrypted double: {0}", callResult.returnValue);
Logger.v("Decrypted double: {0}", callResult.returnValue);
}
}
}

2
de4dot.code/deobfuscators/dotNET_Reactor/v3/ApplicationModeUnpacker.cs
View File

@ -102,7 +102,7 @@ namespace de4dot.code.deobfuscators.dotNET_Reactor.v3 {
return data;
if (shouldUnpack)
Log.w("Could not unpack the file");
Logger.w("Could not unpack the file");
return null;
}

2
de4dot.code/deobfuscators/dotNET_Reactor/v3/DecrypterType.cs
View File

@ -157,7 +157,7 @@ namespace de4dot.code.deobfuscators.dotNET_Reactor.v3 {
return patch2(peImage);
}
catch {
Log.w("Could not patch the file");
Logger.w("Could not patch the file");
return false;
}
}

2
de4dot.code/deobfuscators/dotNET_Reactor/v3/Deobfuscator.cs
View File

@ -312,7 +312,7 @@ namespace de4dot.code.deobfuscators.dotNET_Reactor.v3 {
public override void deobfuscateMethodEnd(Blocks blocks) {
if (options.RemoveAntiStrongName) {
if (antiStrongName.remove(blocks))
Log.v("Removed Anti Strong Name code");
Logger.v("Removed Anti Strong Name code");
}
base.deobfuscateMethodEnd(blocks);
}

2
de4dot.code/deobfuscators/dotNET_Reactor/v4/BooleanDecrypter.cs
View File

@ -84,7 +84,7 @@ namespace de4dot.code.deobfuscators.dotNET_Reactor.v4 {
if (!encryptedResource.FoundResource)
return;
Log.v("Adding boolean decrypter. Resource: {0}", Utils.toCsharpString(encryptedResource.Resource.Name));
Logger.v("Adding boolean decrypter. Resource: {0}", Utils.toCsharpString(encryptedResource.Resource.Name));
decryptedData = encryptedResource.decrypt();
}

4
de4dot.code/deobfuscators/dotNET_Reactor/v4/Deobfuscator.cs
View File

@ -549,7 +549,7 @@ namespace de4dot.code.deobfuscators.dotNET_Reactor.v4 {
if (!options.RemoveAntiStrongName)
return;
if (antiStrongname.remove(blocks))
Log.v("Removed anti strong name code");
Logger.v("Removed anti strong name code");
}
TypeDef getDecrypterType() {
@ -587,7 +587,7 @@ namespace de4dot.code.deobfuscators.dotNET_Reactor.v4 {
if (canRemoveDecrypterType)
addTypeToBeRemoved(decrypterType, "Decrypter type");
else
Log.v("Could not remove decrypter type");
Logger.v("Could not remove decrypter type");
base.deobfuscateEnd();
}

8
de4dot.code/deobfuscators/dotNET_Reactor/v4/MethodsDecrypter.cs
View File

@ -198,7 +198,7 @@ namespace de4dot.code.deobfuscators.dotNET_Reactor.v4 {
int methodIndex;
if (!rvaToIndex.TryGetValue(rva, out methodIndex)) {
Log.w("Could not find method having code RVA {0:X8}", rva);
Logger.w("Could not find method having code RVA {0:X8}", rva);
continue;
}
uint methodToken = 0x06000001 + (uint)methodIndex;
@ -301,7 +301,7 @@ namespace de4dot.code.deobfuscators.dotNET_Reactor.v4 {
if (methodToNativeMethod.Count == 0)
return;
Log.v("Encrypting native methods");
Logger.v("Encrypting native methods");
var stream = new MemoryStream();
var writer = new BinaryWriter(stream);
@ -325,7 +325,7 @@ namespace de4dot.code.deobfuscators.dotNET_Reactor.v4 {
else
codeRva += 4 * (uint)(codeWriter.ReadByteAtRva(codeRva + 1) >> 4);
Log.v("Native method {0:X8}, code RVA {1:X8}", method.MDToken.ToInt32(), codeRva);
Logger.v("Native method {0:X8}, code RVA {1:X8}", method.MDToken.ToInt32(), codeRva);
writer.Write(codeRva);
writer.Write(0x70000000 + index++);
@ -334,7 +334,7 @@ namespace de4dot.code.deobfuscators.dotNET_Reactor.v4 {
}
if (index != 0)
Log.n("Re-encrypted {0}/{1} native methods", index, totalEncryptedNativeMethods);
Logger.n("Re-encrypted {0}/{1} native methods", index, totalEncryptedNativeMethods);
var encryptedData = stream.ToArray();
xorEncrypt(encryptedData);

2
de4dot.code/deobfuscators/dotNET_Reactor/v4/StringDecrypter.cs
View File

@ -159,7 +159,7 @@ namespace de4dot.code.deobfuscators.dotNET_Reactor.v4 {
encryptedResource.init(simpleDeobfuscator);
if (!encryptedResource.FoundResource)
return;
Log.v("Adding string decrypter. Resource: {0}", Utils.toCsharpString(encryptedResource.Resource.Name));
Logger.v("Adding string decrypter. Resource: {0}", Utils.toCsharpString(encryptedResource.Resource.Name));
decryptedData = encryptedResource.decrypt();
}

94
de4dot.code/renamer/Renamer.cs
View File

@ -75,7 +75,7 @@ namespace de4dot.code.renamer {
public void rename() {
if (modules.Empty)
return;
Log.n("Renaming all obfuscated symbols");
Logger.n("Renaming all obfuscated symbols");
modules.initialize();
renameResourceKeys();
@ -113,7 +113,7 @@ namespace de4dot.code.renamer {
var overrideMethod = overrides[i].MethodDeclaration;
if (method.MethodDef.Name != overrideMethod.Name)
continue;
Log.v("Removed useless override from method {0} ({1:X8}), override: {2:X8}",
Logger.v("Removed useless override from method {0} ({1:X8}), override: {2:X8}",
Utils.removeNewlines(method.MethodDef),
method.MethodDef.MDToken.ToInt32(),
overrideMethod.MDToken.ToInt32());
@ -125,7 +125,7 @@ namespace de4dot.code.renamer {
}
void renameTypeDefinitions() {
Log.v("Renaming obfuscated type definitions");
Logger.v("Renaming obfuscated type definitions");
foreach (var module in modules.TheModules) {
if (module.ObfuscatedFile.RemoveNamespaceWithOneType)
@ -164,43 +164,43 @@ namespace de4dot.code.renamer {
if (list.Count != maxClasses)
continue;
var ns = list[0].TypeDef.Namespace;
Log.v("Removing namespace: {0}", Utils.removeNewlines(ns));
Logger.v("Removing namespace: {0}", Utils.removeNewlines(ns));
foreach (var type in list)
memberInfos.type(type).newNamespace = "";
}
}
void renameTypeDefinitions(IEnumerable<MTypeDef> typeDefs) {
Log.indent();
Logger.Instance.indent();
foreach (var typeDef in typeDefs) {
rename(typeDef);
renameTypeDefinitions(typeDef.NestedTypes);
}
Log.deIndent();
Logger.Instance.deIndent();
}
void rename(MTypeDef type) {
var typeDefinition = type.TypeDef;
var info = memberInfos.type(type);
Log.v("Type: {0} ({1:X8})", Utils.removeNewlines(typeDefinition.FullName), typeDefinition.MDToken.ToUInt32());
Log.indent();
Logger.v("Type: {0} ({1:X8})", Utils.removeNewlines(typeDefinition.FullName), typeDefinition.MDToken.ToUInt32());
Logger.Instance.indent();
renameGenericParams(type.GenericParams);
if (RenameTypes && info.gotNewName()) {
var old = typeDefinition.Name;
typeDefinition.Name = new UTF8String(info.newName);
Log.v("Name: {0} => {1}", Utils.removeNewlines(old), Utils.removeNewlines(typeDefinition.Name));
Logger.v("Name: {0} => {1}", Utils.removeNewlines(old), Utils.removeNewlines(typeDefinition.Name));
}
if (RenameNamespaces && info.newNamespace != null) {
var old = typeDefinition.Namespace;
typeDefinition.Namespace = new UTF8String(info.newNamespace);
Log.v("Namespace: {0} => {1}", Utils.removeNewlines(old), Utils.removeNewlines(typeDefinition.Namespace));
Logger.v("Namespace: {0} => {1}", Utils.removeNewlines(old), Utils.removeNewlines(typeDefinition.Namespace));
}
Log.deIndent();
Logger.Instance.deIndent();
}
void renameGenericParams(IEnumerable<MGenericParamDef> genericParams) {
@ -211,34 +211,34 @@ namespace de4dot.code.renamer {
if (!info.gotNewName())
continue;
param.GenericParam.Name = new UTF8String(info.newName);
Log.v("GenParam: {0} => {1}", Utils.removeNewlines(info.oldFullName), Utils.removeNewlines(param.GenericParam.FullName));
Logger.v("GenParam: {0} => {1}", Utils.removeNewlines(info.oldFullName), Utils.removeNewlines(param.GenericParam.FullName));
}
}
void renameMemberDefinitions() {
Log.v("Renaming member definitions #2");
Logger.v("Renaming member definitions #2");
var allTypes = new List<MTypeDef>(modules.AllTypes);
allTypes.Sort((a, b) => a.Index.CompareTo(b.Index));
Log.indent();
Logger.Instance.indent();
foreach (var typeDef in allTypes)
renameMembers(typeDef);
Log.deIndent();
Logger.Instance.deIndent();
}
void renameMembers(MTypeDef type) {
var info = memberInfos.type(type);
Log.v("Type: {0}", Utils.removeNewlines(info.type.TypeDef.FullName));
Log.indent();
Logger.v("Type: {0}", Utils.removeNewlines(info.type.TypeDef.FullName));
Logger.Instance.indent();
renameFields(info);
renameProperties(info);
renameEvents(info);
renameMethods(info);
Log.deIndent();
Logger.Instance.deIndent();
}
void renameFields(TypeInfo info) {
@ -249,7 +249,7 @@ namespace de4dot.code.renamer {
if (!fieldInfo.gotNewName())
continue;
fieldDef.FieldDef.Name = new UTF8String(fieldInfo.newName);
Log.v("Field: {0} ({1:X8}) => {2}",
Logger.v("Field: {0} ({1:X8}) => {2}",
Utils.removeNewlines(fieldInfo.oldFullName),
fieldDef.FieldDef.MDToken.ToUInt32(),
Utils.removeNewlines(fieldDef.FieldDef.FullName));
@ -264,7 +264,7 @@ namespace de4dot.code.renamer {
if (!propInfo.gotNewName())
continue;
propDef.PropertyDef.Name = new UTF8String(propInfo.newName);
Log.v("Property: {0} ({1:X8}) => {2}",
Logger.v("Property: {0} ({1:X8}) => {2}",
Utils.removeNewlines(propInfo.oldFullName),
propDef.PropertyDef.MDToken.ToUInt32(),
Utils.removeNewlines(propDef.PropertyDef.FullName));
@ -279,7 +279,7 @@ namespace de4dot.code.renamer {
if (!eventInfo.gotNewName())
continue;
eventDef.EventDef.Name = new UTF8String(eventInfo.newName);
Log.v("Event: {0} ({1:X8}) => {2}",
Logger.v("Event: {0} ({1:X8}) => {2}",
Utils.removeNewlines(eventInfo.oldFullName),
eventDef.EventDef.MDToken.ToUInt32(),
Utils.removeNewlines(eventDef.EventDef.FullName));
@ -291,14 +291,14 @@ namespace de4dot.code.renamer {
return;
foreach (var methodDef in info.type.AllMethodsSorted) {
var methodInfo = memberInfos.method(methodDef);
Log.v("Method {0} ({1:X8})", Utils.removeNewlines(methodInfo.oldFullName), methodDef.MethodDef.MDToken.ToUInt32());
Log.indent();
Logger.v("Method {0} ({1:X8})", Utils.removeNewlines(methodInfo.oldFullName), methodDef.MethodDef.MDToken.ToUInt32());
Logger.Instance.indent();
renameGenericParams(methodDef.GenericParams);
if (RenameMethods && methodInfo.gotNewName()) {
methodDef.MethodDef.Name = new UTF8String(methodInfo.newName);
Log.v("Name: {0} => {1}", Utils.removeNewlines(methodInfo.oldFullName), Utils.removeNewlines(methodDef.MethodDef.FullName));
Logger.v("Name: {0} => {1}", Utils.removeNewlines(methodInfo.oldFullName), Utils.removeNewlines(methodDef.MethodDef.FullName));
}
if (RenameMethodArgs) {
@ -309,22 +309,22 @@ namespace de4dot.code.renamer {
param.ParameterDefinition.CreateParamDef();
param.ParameterDefinition.Name = paramInfo.newName;
if (param.IsReturnParameter)
Log.v("RetParam: {0} => {1}", Utils.removeNewlines(paramInfo.oldName), Utils.removeNewlines(paramInfo.newName));
Logger.v("RetParam: {0} => {1}", Utils.removeNewlines(paramInfo.oldName), Utils.removeNewlines(paramInfo.newName));
else
Log.v("Param ({0}/{1}): {2} => {3}", param.ParameterDefinition.MethodSigIndex + 1, methodDef.MethodDef.MethodSig.GetParamCount(), Utils.removeNewlines(paramInfo.oldName), Utils.removeNewlines(paramInfo.newName));
Logger.v("Param ({0}/{1}): {2} => {3}", param.ParameterDefinition.MethodSigIndex + 1, methodDef.MethodDef.MethodSig.GetParamCount(), Utils.removeNewlines(paramInfo.oldName), Utils.removeNewlines(paramInfo.newName));
}
}
Log.deIndent();
Logger.Instance.deIndent();
}
}
void renameMemberReferences() {
Log.v("Renaming references to other definitions");
Logger.v("Renaming references to other definitions");
foreach (var module in modules.TheModules) {
if (modules.TheModules.Count > 1)
Log.v("Renaming references to other definitions ({0})", module.Filename);
Log.indent();
Logger.v("Renaming references to other definitions ({0})", module.Filename);
Logger.Instance.indent();
foreach (var refToDef in module.MethodRefsToRename)
refToDef.reference.Name = refToDef.definition.Name;
foreach (var refToDef in module.FieldRefsToRename)
@ -333,18 +333,18 @@ namespace de4dot.code.renamer {
info.cattr.NamedArguments[info.index].Name = info.reference.Name;
foreach (var info in module.CustomAttributePropertyReferences)
info.cattr.NamedArguments[info.index].Name = info.reference.Name;
Log.deIndent();
Logger.Instance.deIndent();
}
}
void renameResources() {
Log.v("Renaming resources");
Logger.v("Renaming resources");
foreach (var module in modules.TheModules) {
if (modules.TheModules.Count > 1)
Log.v("Renaming resources ({0})", module.Filename);
Log.indent();
Logger.v("Renaming resources ({0})", module.Filename);
Logger.Instance.indent();
renameResources(module);
Log.deIndent();
Logger.Instance.deIndent();
}
}
@ -387,17 +387,17 @@ namespace de4dot.code.renamer {
}
void renameTypeReferences() {
Log.v("Renaming references to type definitions");
Logger.v("Renaming references to type definitions");
var theModules = modules.TheModules;
foreach (var module in theModules) {
if (theModules.Count > 1)
Log.v("Renaming references to type definitions ({0})", module.Filename);
Log.indent();
Logger.v("Renaming references to type definitions ({0})", module.Filename);
Logger.Instance.indent();
foreach (var refToDef in module.TypeRefsToRename) {
refToDef.reference.Name = refToDef.definition.Name;
refToDef.reference.Namespace = refToDef.definition.Namespace;
}
Log.deIndent();
Logger.Instance.deIndent();
}
}
@ -581,7 +581,7 @@ namespace de4dot.code.renamer {
return null;
if (propDef.GetMethod != null)
return null;
Log.v("Restoring property getter {0} ({1:X8}), Property: {2} ({3:X8})",
Logger.v("Restoring property getter {0} ({1:X8}), Property: {2} ({3:X8})",
Utils.removeNewlines(propMethod),
propMethod.MethodDef.MDToken.ToInt32(),
Utils.removeNewlines(propDef.PropertyDef),
@ -610,7 +610,7 @@ namespace de4dot.code.renamer {
return null;
if (propDef.SetMethod != null)
return null;
Log.v("Restoring property setter {0} ({1:X8}), Property: {2} ({3:X8})",
Logger.v("Restoring property setter {0} ({1:X8}), Property: {2} ({3:X8})",
Utils.removeNewlines(propMethod),
propMethod.MethodDef.MDToken.ToInt32(),
Utils.removeNewlines(propDef.PropertyDef),
@ -636,7 +636,7 @@ namespace de4dot.code.renamer {
propDef = ownerType.create(newProp);
memberInfos.add(propDef);
Log.v("Restoring property: {0}", Utils.removeNewlines(newProp));
Logger.v("Restoring property: {0}", Utils.removeNewlines(newProp));
return propDef;
}
@ -805,7 +805,7 @@ namespace de4dot.code.renamer {
return null;
if (eventDef.AddMethod != null)
return null;
Log.v("Restoring event adder {0} ({1:X8}), Event: {2} ({3:X8})",
Logger.v("Restoring event adder {0} ({1:X8}), Event: {2} ({3:X8})",
Utils.removeNewlines(eventMethod),
eventMethod.MethodDef.MDToken.ToInt32(),
Utils.removeNewlines(eventDef.EventDef),
@ -831,7 +831,7 @@ namespace de4dot.code.renamer {
return null;
if (eventDef.RemoveMethod != null)
return null;
Log.v("Restoring event remover {0} ({1:X8}), Event: {2} ({3:X8})",
Logger.v("Restoring event remover {0} ({1:X8}), Event: {2} ({3:X8})",
Utils.removeNewlines(eventMethod),
eventMethod.MethodDef.MDToken.ToInt32(),
Utils.removeNewlines(eventDef.EventDef),
@ -861,12 +861,12 @@ namespace de4dot.code.renamer {
eventDef = ownerType.create(newEvent);
memberInfos.add(eventDef);
Log.v("Restoring event: {0}", Utils.removeNewlines(newEvent));
Logger.v("Restoring event: {0}", Utils.removeNewlines(newEvent));
return eventDef;
}
void prepareRenameMemberDefinitions(MethodNameGroups groups) {
Log.v("Renaming member definitions #1");
Logger.v("Renaming member definitions #1");
prepareRenameEntryPoints();
@ -1578,7 +1578,7 @@ namespace de4dot.code.renamer {
continue;
var methodDef = modules.resolveMethod(entryPoint);
if (methodDef == null) {
Log.w(string.Format("Could not find entry point. Module: {0}, Method: {1}", module.ModuleDefMD.Location, Utils.removeNewlines(entryPoint)));
Logger.w(string.Format("Could not find entry point. Module: {0}, Method: {1}", module.ModuleDefMD.Location, Utils.removeNewlines(entryPoint)));
continue;
}
if (!methodDef.isStatic())

22
de4dot.code/renamer/ResourceKeysRenamer.cs
View File

@ -43,23 +43,23 @@ namespace de4dot.code.renamer {
}
public void rename() {
Log.v("Renaming resource keys ({0})", module);
Log.indent();
Logger.v("Renaming resource keys ({0})", module);
Logger.Instance.indent();
foreach (var type in module.GetTypes()) {
string resourceName = getResourceName(type);
if (resourceName == null)
continue;
var resource = getResource(resourceName);
if (resource == null) {
Log.w("Could not find resource {0}", Utils.removeNewlines(resourceName));
Logger.w("Could not find resource {0}", Utils.removeNewlines(resourceName));
continue;
}
Log.v("Resource: {0}", Utils.toCsharpString(resource.Name));
Log.indent();
Logger.v("Resource: {0}", Utils.toCsharpString(resource.Name));
Logger.Instance.indent();
rename(type, resource);
Log.deIndent();
Logger.Instance.deIndent();
}
Log.deIndent();
Logger.Instance.deIndent();
}
EmbeddedResource getResource(string resourceName) {
@ -97,7 +97,7 @@ namespace de4dot.code.renamer {
if (ctor.FullName != "System.Void System.Resources.ResourceManager::.ctor(System.String,System.Reflection.Assembly)")
continue;
if (resourceName == null) {
Log.w("Could not find resource name");
Logger.w("Could not find resource name");
continue;
}
@ -190,7 +190,7 @@ namespace de4dot.code.renamer {
if (ldstrIndex >= 0)
ldstr = instrs[ldstrIndex];
if (ldstr == null || (name = ldstr.Operand as string) == null) {
Log.w("Could not find string argument to method {0}", calledMethod);
Logger.w("Could not find string argument to method {0}", calledMethod);
continue;
}
@ -199,7 +199,7 @@ namespace de4dot.code.renamer {
continue; // should not be renamed
ldstr.Operand = info.newName;
Log.v("Renamed resource key {0} => {1}", Utils.toCsharpString(info.element.Name), Utils.toCsharpString(info.newName));
Logger.v("Renamed resource key {0} => {1}", Utils.toCsharpString(info.element.Name), Utils.toCsharpString(info.newName));
info.element.Name = info.newName;
info.foundInCode = true;
}
@ -207,7 +207,7 @@ namespace de4dot.code.renamer {
foreach (var info in renamed) {
if (!info.foundInCode)
Log.w("Could not find resource key {0} in code", Utils.removeNewlines(info.element.Name));
Logger.w("Could not find resource key {0} in code", Utils.removeNewlines(info.element.Name));
}
}

6
de4dot.code/renamer/ResourceRenamer.cs
View File

@ -82,10 +82,10 @@ namespace de4dot.code.renamer {
bool renameCodeString = module.ObfuscatedFile.RenameResourcesInCode ||
isCallingResourceManagerCtor(instrs, i, typeInfo);
if (!renameCodeString)
Log.v("Possible resource name in code: '{0}' => '{1}' in method {2}", Utils.removeNewlines(codeString), newName, Utils.removeNewlines(method));
Logger.v("Possible resource name in code: '{0}' => '{1}' in method {2}", Utils.removeNewlines(codeString), newName, Utils.removeNewlines(method));
else {
instr.Operand = newName;
Log.v("Renamed resource string in code: '{0}' => '{1}' ({2})", Utils.removeNewlines(codeString), newName, Utils.removeNewlines(method));
Logger.v("Renamed resource string in code: '{0}' => '{1}' ({2})", Utils.removeNewlines(codeString), newName, Utils.removeNewlines(method));
}
}
}
@ -155,7 +155,7 @@ namespace de4dot.code.renamer {
var newName = newTypeName + resource.Name.String.Substring(oldFullName.Length);
newNames[resource] = new RenameInfo(resource, info, newName);
Log.v("Renamed resource in resources: {0} => {1}", Utils.removeNewlines(resource.Name), newName);
Logger.v("Renamed resource in resources: {0} => {1}", Utils.removeNewlines(resource.Name), newName);
resource.Name = new UTF8String(newName);
}
}

4
de4dot.code/renamer/asmmodules/Module.cs
View File

@ -162,7 +162,7 @@ namespace de4dot.code.renamer.asmmodules {
if (namedArg.IsField) {
var fieldDef = findField(typeDef, namedArg.Name, namedArg.Type);
if (fieldDef == null) {
Log.w("Could not find field {0} in attribute {1} ({2:X8})",
Logger.w("Could not find field {0} in attribute {1} ({2:X8})",
Utils.toCsharpString(namedArg.Name),
Utils.toCsharpString(typeDef.TypeDef.Name),
typeDef.TypeDef.MDToken.ToInt32());
@ -174,7 +174,7 @@ namespace de4dot.code.renamer.asmmodules {
else {
var propDef = findProperty(typeDef, namedArg.Name, namedArg.Type);
if (propDef == null) {
Log.w("Could not find property {0} in attribute {1} ({2:X8})",
Logger.w("Could not find property {0} in attribute {1} ({2:X8})",
Utils.toCsharpString(namedArg.Name),
Utils.toCsharpString(typeDef.TypeDef.Name),
typeDef.TypeDef.MDToken.ToInt32());

22
de4dot.code/renamer/asmmodules/Modules.cs
View File

@ -155,25 +155,25 @@ namespace de4dot.code.renamer.asmmodules {
}
void findAllMemberReferences() {
Log.v("Finding all MemberReferences");
Logger.v("Finding all MemberReferences");
int index = 0;
foreach (var module in modules) {
if (modules.Count > 1)
Log.v("Finding all MemberReferences ({0})", module.Filename);
Log.indent();
Logger.v("Finding all MemberReferences ({0})", module.Filename);
Logger.Instance.indent();
module.findAllMemberReferences(ref index);
Log.deIndent();
Logger.Instance.deIndent();
}
}
void resolveAllRefs() {
Log.v("Resolving references");
Logger.v("Resolving references");
foreach (var module in modules) {
if (modules.Count > 1)
Log.v("Resolving references ({0})", module.Filename);
Log.indent();
Logger.v("Resolving references ({0})", module.Filename);
Logger.Instance.indent();
module.resolveAllRefs(this);
Log.deIndent();
Logger.Instance.deIndent();
}
}
@ -449,7 +449,7 @@ namespace de4dot.code.renamer.asmmodules {
}
if (isAutoCreatedType(typeRef))
return null;
Log.e("Could not resolve TypeReference {0} ({1:X8}) (from {2} -> {3})",
Logger.e("Could not resolve TypeReference {0} ({1:X8}) (from {2} -> {3})",
Utils.removeNewlines(typeRef),
typeRef.MDToken.ToInt32(),
typeRef.OwnerModule,
@ -470,7 +470,7 @@ namespace de4dot.code.renamer.asmmodules {
}
if (isAutoCreatedType(methodRef.DeclaringType))
return null;
Log.e("Could not resolve MethodReference {0} ({1:X8}) (from {2} -> {3})",
Logger.e("Could not resolve MethodReference {0} ({1:X8}) (from {2} -> {3})",
Utils.removeNewlines(methodRef),
methodRef.MDToken.ToInt32(),
methodRef.DeclaringType.OwnerModule,
@ -491,7 +491,7 @@ namespace de4dot.code.renamer.asmmodules {
}
if (isAutoCreatedType(fieldReference.DeclaringType))
return null;
Log.e("Could not resolve FieldReference {0} ({1:X8}) (from {2} -> {3})",
Logger.e("Could not resolve FieldReference {0} ({1:X8}) (from {2} -> {3})",
Utils.removeNewlines(fieldReference),
fieldReference.MDToken.ToInt32(),
fieldReference.DeclaringType.OwnerModule,

2
de4dot.code/renamer/asmmodules/TypeDef.cs
View File

@ -625,7 +625,7 @@ namespace de4dot.code.renamer.asmmodules {
if (!TypeDef.IsImport &&
!hasAttribute("System.Runtime.InteropServices.ComImportAttribute") &&
!hasAttribute("System.Runtime.InteropServices.TypeLibTypeAttribute")) {
Log.w("Could not find interface method {0} ({1:X8}). Type: {2} ({3:X8})",
Logger.w("Could not find interface method {0} ({1:X8}). Type: {2} ({3:X8})",
Utils.removeNewlines(pair.Key.methodDef.MethodDef),
pair.Key.methodDef.MethodDef.MDToken.ToInt32(),
Utils.removeNewlines(TypeDef),

55
de4dot.cui/CommandLineParser.cs
View File

@ -20,6 +20,7 @@
using System;
using System.IO;
using System.Collections.Generic;
using dot10.DotNet;
using de4dot.code;
using de4dot.code.deobfuscators;
using de4dot.code.AssemblyClient;
@ -144,10 +145,10 @@ namespace de4dot.cui {
filesOptions.OneFileAtATime = true;
}));
miscOptions.Add(new NoArgOption("v", null, "Verbose", () => {
Log.logLevel = Log.LogLevel.verbose;
Logger.Instance.MaxLoggerEvent = LoggerEvent.Verbose;
}));
miscOptions.Add(new NoArgOption("vv", null, "Very verbose", () => {
Log.logLevel = Log.LogLevel.veryverbose;
Logger.Instance.MaxLoggerEvent = LoggerEvent.VeryVerbose;
}));
miscOptions.Add(new NoArgOption("h", "help", "Show this help message", () => {
usage();
@ -275,7 +276,7 @@ namespace de4dot.cui {
void exitError(string msg) {
usage();
Log.e("\n\nERROR: {0}\n", msg);
Logger.Instance.Log(false, null, LoggerEvent.Error, "\n\nERROR: {0}\n", msg);
exit(2);
}
@ -285,35 +286,35 @@ namespace de4dot.cui {
void usage() {
string progName = getProgramBaseName();
Log.n("Some of the advanced options may be incompatible, causing a nice exception.");
Log.n("With great power comes great responsibility.");
Log.n("");
Log.n("{0} <options> <file options>", progName);
Log.n("Options:");
Logger.n("Some of the advanced options may be incompatible, causing a nice exception.");
Logger.n("With great power comes great responsibility.");
Logger.n("");
Logger.n("{0} <options> <file options>", progName);
Logger.n("Options:");
foreach (var option in miscOptions)
printOption(option);
Log.n("");
Log.n("File options:");
Logger.n("");
Logger.n("File options:");
foreach (var option in fileOptions)
printOption(option);
Log.n("");
Log.n("Deobfuscator options:");
Logger.n("");
Logger.n("Deobfuscator options:");
foreach (var info in deobfuscatorInfos) {
Log.n("Type {0} ({1})", info.Type, info.Name);
Logger.n("Type {0} ({1})", info.Type, info.Name);
foreach (var option in info.getOptions())
printOption(option);
Log.n("");
Logger.n("");
}
printInfos("String decrypter types", stringDecrypterTypes);
Log.n("");
Log.n("Multiple regexes can be used if separated by '{0}'.", NameRegexes.regexSeparatorChar);
Log.n("Use '{0}' if you want to invert the regex. Example: {0}^[a-z\\d]{{1,2}}${1}{0}^[A-Z]_\\d+${1}^[\\w.]+$", NameRegex.invertChar, NameRegexes.regexSeparatorChar);
Log.n("");
Log.n("Examples:");
Log.n("{0} -r c:\\my\\files -ro c:\\my\\output", progName);
Log.n("{0} file1 file2 file3", progName);
Log.n("{0} file1 -f file2 -o file2.out -f file3 -o file3.out", progName);
Log.n("{0} file1 --strtyp delegate --strtok 06000123", progName);
Logger.n("");
Logger.n("Multiple regexes can be used if separated by '{0}'.", NameRegexes.regexSeparatorChar);
Logger.n("Use '{0}' if you want to invert the regex. Example: {0}^[a-z\\d]{{1,2}}${1}{0}^[A-Z]_\\d+${1}^[\\w.]+$", NameRegex.invertChar, NameRegexes.regexSeparatorChar);
Logger.n("");
Logger.n("Examples:");
Logger.n("{0} -r c:\\my\\files -ro c:\\my\\output", progName);
Logger.n("{0} file1 file2 file3", progName);
Logger.n("{0} file1 -f file2 -o file2.out -f file3 -o file3.out", progName);
Logger.n("{0} file1 --strtyp delegate --strtok 06000123", progName);
}
string getProgramBaseName() {
@ -321,7 +322,7 @@ namespace de4dot.cui {
}
void printInfos(string desc, Infos infos) {
Log.n("{0}", desc);
Logger.n("{0}", desc);
foreach (var info in infos.getInfos())
printOptionAndExplanation(info.name, info.desc);
}
@ -342,11 +343,11 @@ namespace de4dot.cui {
const string prefix = " ";
string left = string.Format(string.Format("{{0,-{0}}}", maxCols), option);
if (option.Length > maxCols) {
Log.n("{0}{1}", prefix, left);
Log.n("{0}{1} {2}", prefix, new string(' ', maxCols), explanation);
Logger.n("{0}{1}", prefix, left);
Logger.n("{0}{1} {2}", prefix, new string(' ', maxCols), explanation);
}
else
Log.n("{0}{1} {2}", prefix, left, explanation);
Logger.n("{0}{1} {2}", prefix, left, explanation);
}
string getOptionAndArgName(Option option, string optionName) {

22
de4dot.cui/FilesDeobfuscator.cs
View File

@ -91,7 +91,7 @@ namespace de4dot.cui {
void deobfuscateOneAtATime() {
foreach (var file in loadAllFiles()) {
int oldIndentLevel = Log.indentLevel;
int oldIndentLevel = Logger.Instance.IndentLevel;
try {
file.deobfuscateBegin();
file.deobfuscate();
@ -104,12 +104,12 @@ namespace de4dot.cui {
deobfuscatorContext.clear();
}
catch (Exception ex) {
Log.w("Could not deobfuscate {0}. Use -v to see stack trace", file.Filename);
Program.printStackTrace(ex, Log.LogLevel.verbose);
Logger.Instance.Log(false, null, LoggerEvent.Warning, "Could not deobfuscate {0}. Use -v to see stack trace", file.Filename);
Program.printStackTrace(ex, LoggerEvent.Verbose);
}
finally {
file.deobfuscateCleanUp();
Log.indentLevel = oldIndentLevel;
Logger.Instance.IndentLevel = oldIndentLevel;
}
}
}
@ -182,12 +182,12 @@ namespace de4dot.cui {
bool add(IObfuscatedFile file, bool skipUnknownObfuscator, bool isFromPossibleFiles) {
var key = Utils.getFullPath(file.Filename);
if (allFiles.ContainsKey(key)) {
Log.w("Ingoring duplicate file: {0}", file.Filename);
Logger.Instance.Log(false, null, LoggerEvent.Warning, "Ingoring duplicate file: {0}", file.Filename);
return false;
}
allFiles[key] = true;
int oldIndentLevel = Log.indentLevel;
int oldIndentLevel = Logger.Instance.IndentLevel;
try {
file.DeobfuscatorContext = options.DeobfuscatorContext;
file.load(options.CreateDeobfuscators());
@ -197,28 +197,28 @@ namespace de4dot.cui {
}
catch (BadImageFormatException) {
if (isFromPossibleFiles)
Log.w("The file isn't a .NET PE file: {0}", file.Filename);
Logger.Instance.Log(false, null, LoggerEvent.Warning, "The file isn't a .NET PE file: {0}", file.Filename);
return false; // Not a .NET file
}
catch (EndOfStreamException) {
return false;
}
catch (Exception ex) {
Log.w("Could not load file ({0}): {1}", ex.GetType(), file.Filename);
Logger.Instance.Log(false, null, LoggerEvent.Warning, "Could not load file ({0}): {1}", ex.GetType(), file.Filename);
return false;
}
finally {
Log.indentLevel = oldIndentLevel;
Logger.Instance.IndentLevel = oldIndentLevel;
}
var deob = file.Deobfuscator;
if (skipUnknownObfuscator && deob.Type == "un") {
Log.v("Skipping unknown obfuscator: {0}", file.Filename);
Logger.v("Skipping unknown obfuscator: {0}", file.Filename);
removeModule(file.ModuleDefMD);
return false;
}
else {
Log.n("Detected {0} ({1})", deob.Name, file.Filename);
Logger.n("Detected {0} ({1})", deob.Name, file.Filename);
if (options.CreateDestinationDir)
createDirectories(Path.GetDirectoryName(file.NewFilename));
return true;

69
de4dot.cui/Program.cs
View File

@ -20,6 +20,7 @@
using System;
using System.Collections.Generic;
using System.Text;
using dot10.DotNet;
using de4dot.code;
using de4dot.code.deobfuscators;
@ -67,14 +68,17 @@ namespace de4dot.cui {
public static int main(string[] args) {
int exitCode = 0;
const string showAllMessagesEnvName = "SHOWALLMESSAGES";
try {
if (Console.OutputEncoding.IsSingleByte)
Console.OutputEncoding = new UTF8Encoding(false);
Log.n("");
Log.n("de4dot v{0} Copyright (C) 2011-2012 de4dot@gmail.com", System.Reflection.Assembly.GetExecutingAssembly().GetName().Version);
Log.n("Latest version and source code: https://github.com/0xd4d/de4dot");
Log.n("");
Logger.Instance.CanIgnoreMessages = !hasEnv(showAllMessagesEnvName);
Logger.n("");
Logger.n("de4dot v{0} Copyright (C) 2011-2012 de4dot@gmail.com", System.Reflection.Assembly.GetExecutingAssembly().GetName().Version);
Logger.n("Latest version and source code: https://github.com/0xd4d/de4dot");
Logger.n("");
var options = new FilesDeobfuscator.Options();
parseCommandLine(args, options);
@ -84,26 +88,31 @@ namespace de4dot.cui {
exitCode = ex.code;
}
catch (UserException ex) {
Log.e("ERROR: {0}", ex.Message);
Logger.Instance.Log(false, null, LoggerEvent.Error, "ERROR: {0}", ex.Message);
exitCode = 1;
}
catch (Exception ex) {
if (printFullStackTrace()) {
printStackTrace(ex);
Log.e("\nTry the latest version before reporting this problem!");
Log.e("Send bug reports to de4dot@gmail.com or go to https://github.com/0xd4d/de4dot/issues");
Logger.Instance.Log(false, null, LoggerEvent.Error, "\nTry the latest version before reporting this problem!");
Logger.Instance.Log(false, null, LoggerEvent.Error, "Send bug reports to de4dot@gmail.com or go to https://github.com/0xd4d/de4dot/issues");
}
else {
Log.e("\n\n");
Log.e("Hmmmm... something didn't work. Try the latest version.");
Log.e(" EX: {0} : message: {1}", ex.GetType(), ex.Message);
Log.e("If it's a supported obfuscator, it could be a bug or a new obfuscator version.");
Log.e("If it's an unsupported obfuscator, make sure the methods are decrypted!");
Log.e("Send bug reports to de4dot@gmail.com or go to https://github.com/0xd4d/de4dot/issues");
Logger.Instance.Log(false, null, LoggerEvent.Error, "\n\n");
Logger.Instance.Log(false, null, LoggerEvent.Error, "Hmmmm... something didn't work. Try the latest version.");
Logger.Instance.Log(false, null, LoggerEvent.Error, " EX: {0} : message: {1}", ex.GetType(), ex.Message);
Logger.Instance.Log(false, null, LoggerEvent.Error, "If it's a supported obfuscator, it could be a bug or a new obfuscator version.");
Logger.Instance.Log(false, null, LoggerEvent.Error, "If it's an unsupported obfuscator, make sure the methods are decrypted!");
Logger.Instance.Log(false, null, LoggerEvent.Error, "Send bug reports to de4dot@gmail.com or go to https://github.com/0xd4d/de4dot/issues");
}
exitCode = 1;
}
if (Logger.Instance.NumIgnoredMessages > 0) {
Logger.n("Ignored {0} warnings/errors", Logger.Instance.NumIgnoredMessages);
Logger.n("Set environment variable {0}=1 to see all messages", showAllMessagesEnvName);
}
if (isN00bUser()) {
Console.Error.WriteLine("\n\nPress any key to exit...\n");
try {
@ -117,7 +126,7 @@ namespace de4dot.cui {
}
static bool printFullStackTrace() {
if (Log.isAtLeast(Log.LogLevel.verbose))
if (!Logger.Instance.IgnoresEvent(LoggerEvent.Verbose))
return true;
if (hasEnv("STACKTRACE"))
return true;
@ -143,31 +152,31 @@ namespace de4dot.cui {
}
public static void printStackTrace(Exception ex) {
printStackTrace(ex, Log.LogLevel.error);
printStackTrace(ex, LoggerEvent.Error);
}
public static void printStackTrace(Exception ex, Log.LogLevel logLevel) {
public static void printStackTrace(Exception ex, LoggerEvent loggerEvent) {
var line = new string('-', 78);
Log.log(logLevel, "\n\n");
Log.log(logLevel, line);
Log.log(logLevel, "Stack trace:\n{0}", ex.StackTrace);
Log.log(logLevel, "\n\nERROR: Caught an exception:\n");
Log.log(logLevel, line);
Log.log(logLevel, "Message:");
Log.log(logLevel, " {0}", ex.Message);
Log.log(logLevel, "Type:");
Log.log(logLevel, " {0}", ex.GetType());
Log.log(logLevel, line);
Logger.Instance.Log(false, null, loggerEvent, "\n\n");
Logger.Instance.Log(false, null, loggerEvent, line);
Logger.Instance.Log(false, null, loggerEvent, "Stack trace:\n{0}", ex.StackTrace);
Logger.Instance.Log(false, null, loggerEvent, "\n\nERROR: Caught an exception:\n");
Logger.Instance.Log(false, null, loggerEvent, line);
Logger.Instance.Log(false, null, loggerEvent, "Message:");
Logger.Instance.Log(false, null, loggerEvent, " {0}", ex.Message);
Logger.Instance.Log(false, null, loggerEvent, "Type:");
Logger.Instance.Log(false, null, loggerEvent, " {0}", ex.GetType());
Logger.Instance.Log(false, null, loggerEvent, line);
}
static void parseCommandLine(string[] args, FilesDeobfuscator.Options options) {
new CommandLineParser(deobfuscatorInfos, options).parse(args);
Log.vv("Args:");
Log.indent();
Logger.vv("Args:");
Logger.Instance.indent();
foreach (var arg in args)
Log.vv("{0}", Utils.toCsharpString(arg));
Log.deIndent();
Logger.vv("{0}", Utils.toCsharpString(arg));
Logger.Instance.deIndent();
}
}
}

2
dot10

@ -1 +1 @@
Subproject commit b7407502ce4ed0ca05e445d12b5b003d95de2e03
Subproject commit ea0f778fdbfc57fc95f328c60d6406b2f1995b77