monocul.us/de4dot-cex
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Detect Confuser 1.3 r55346 proxy methods creator

Browse Source
This commit is contained in:
de4dot 2012-08-10 21:28:08 +02:00
parent b3b3f222cf
commit b647b59fad
1 changed files with 9 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
de4dot.code/deobfuscators/Confuser/ProxyCallFixer.cs
View File

@ -43,6 +43,7 @@ namespace de4dot.code.deobfuscators.Confuser {
v10_r48717, v10_r48717,
v11_r50378, v11_r50378,
v12_r54564, v12_r54564,
v13_r55346,
v14_r58564, v14_r58564,
v14_r58857, v14_r58857,
v17_r73740_normal, v17_r73740_normal,
@ -201,6 +202,7 @@ namespace de4dot.code.deobfuscators.Confuser {
case ConfuserVersion.v10_r48717: case ConfuserVersion.v10_r48717:
case ConfuserVersion.v11_r50378: case ConfuserVersion.v11_r50378:
case ConfuserVersion.v12_r54564: case ConfuserVersion.v12_r54564:
case ConfuserVersion.v13_r55346:
case ConfuserVersion.v14_r58564: case ConfuserVersion.v14_r58564:
getCallInfo_v10_r48717(info, creatorInfo, out calledMethod, out callOpcode); getCallInfo_v10_r48717(info, creatorInfo, out calledMethod, out callOpcode);
break; break;
@ -520,6 +522,8 @@ namespace de4dot.code.deobfuscators.Confuser {
int numCalls = countCalls(method, "System.Byte[] System.Text.Encoding::GetBytes(System.Char[],System.Int32,System.Int32)"); int numCalls = countCalls(method, "System.Byte[] System.Text.Encoding::GetBytes(System.Char[],System.Int32,System.Int32)");
if (numCalls == 2) if (numCalls == 2)
theVersion = ConfuserVersion.v12_r54564; theVersion = ConfuserVersion.v12_r54564;
if (!DotNetUtils.callsMethod(method, "System.Reflection.Assembly System.Reflection.Assembly::Load(System.Reflection.AssemblyName)"))
theVersion = ConfuserVersion.v13_r55346;
} }
} }
else if (is_v17_r73740(method)) { else if (is_v17_r73740(method)) {
@ -1008,6 +1012,11 @@ namespace de4dot.code.deobfuscators.Confuser {
case ConfuserVersion.v12_r54564: case ConfuserVersion.v12_r54564:
minRev = 54564; minRev = 54564;
maxRev = 54574;
return true;
case ConfuserVersion.v13_r55346:
minRev = 55346;
maxRev = 58446; maxRev = 58446;
return true; return true;