monocul.us/de4dot-cex
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Add updated submodule

Browse Source
This commit is contained in:
de4dot 2012-12-16 00:03:56 +01:00
parent d0002f098c
commit be2271f932
33 changed files with 132 additions and 118 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

26
AssemblyData/methodsrewriter/MethodsRewriter.cs
View File

@ -251,7 +251,7 @@ namespace AssemblyData.methodsrewriter {
if (calledMethod.DeclaringType.DefinitionAssembly.IsCorLib()) {
var calledMethodFullName = calledMethod.FullName;
if (calledMethodFullName == "System.Reflection.Assembly System.Reflection.Assembly::GetAssembly(System.Type)") {
block.replace(i, 1, Instruction.Create(OpCodes.Nop));
block.replace(i, 1, OpCodes.Nop.ToInstruction());
insertLoadThis(block, i + 1);
insertCallOurMethod(block, i + 2, "static_rtGetAssembly_TypeArg");
i += 2;
@ -260,9 +260,9 @@ namespace AssemblyData.methodsrewriter {
else if (calledMethodFullName == "System.Reflection.Assembly System.Reflection.Assembly::GetCallingAssembly()" ||
calledMethodFullName == "System.Reflection.Assembly System.Reflection.Assembly::GetEntryAssembly()" ||
calledMethodFullName == "System.Reflection.Assembly System.Reflection.Assembly::GetExecutingAssembly()") {
block.replace(i, 1, Instruction.Create(OpCodes.Nop));
block.replace(i, 1, OpCodes.Nop.ToInstruction());
insertLoadThis(block, i + 1);
block.insert(i + 2, Instruction.Create(OpCodes.Ldc_I4, currentMethodInfo.delegateIndex));
block.insert(i + 2, OpCodes.Ldc_I4.ToInstruction(currentMethodInfo.delegateIndex));
insertCallOurMethod(block, i + 3, "rtGetAssembly");
i += 3;
continue;
@ -274,32 +274,32 @@ namespace AssemblyData.methodsrewriter {
createMethod(method.methodBase);
var newMethodInfo = realMethodToNewMethod[method.methodBase];
block.replace(i, 1, Instruction.Create(OpCodes.Nop));
block.replace(i, 1, OpCodes.Nop.ToInstruction());
int n = i + 1;
// Pop all pushed args to a temp array
var mparams = getParameters(method.methodDef);
if (mparams.Count > 0) {
block.insert(n++, Instruction.Create(OpCodes.Ldc_I4, mparams.Count));
block.insert(n++, OpCodes.Ldc_I4.ToInstruction(mparams.Count));
var objectType = method.methodDef.DeclaringType.Module.CorLibTypes.Object;
block.insert(n++, Instruction.Create(OpCodes.Newarr, objectType));
block.insert(n++, OpCodes.Newarr.ToInstruction(objectType));
block.insert(n++, create(OpCodes.Stloc, new Operand(Operand.Type.TempObjArray)));
for (int j = mparams.Count - 1; j >= 0; j--) {
var argType = mparams[j];
if (argType.RemovePinnedAndModifiers().IsValueType)
block.insert(n++, Instruction.Create(OpCodes.Box, ((TypeDefOrRefSig)argType).TypeDefOrRef));
block.insert(n++, OpCodes.Box.ToInstruction(((TypeDefOrRefSig)argType).TypeDefOrRef));
block.insert(n++, create(OpCodes.Stloc, new Operand(Operand.Type.TempObj)));
block.insert(n++, create(OpCodes.Ldloc, new Operand(Operand.Type.TempObjArray)));
block.insert(n++, Instruction.Create(OpCodes.Ldc_I4, j));
block.insert(n++, OpCodes.Ldc_I4.ToInstruction(j));
block.insert(n++, create(OpCodes.Ldloc, new Operand(Operand.Type.TempObj)));
block.insert(n++, Instruction.Create(OpCodes.Stelem_Ref));
block.insert(n++, OpCodes.Stelem_Ref.ToInstruction());
}
}
// Push delegate instance
insertLoadThis(block, n++);
block.insert(n++, Instruction.Create(OpCodes.Ldc_I4, newMethodInfo.delegateIndex));
block.insert(n++, OpCodes.Ldc_I4.ToInstruction(newMethodInfo.delegateIndex));
insertCallOurMethod(block, n++, "rtGetDelegateInstance");
block.insert(n++, create(OpCodes.Castclass, new Operand(Operand.Type.ReflectionType, newMethodInfo.delegateType)));
@ -307,11 +307,11 @@ namespace AssemblyData.methodsrewriter {
if (mparams.Count > 0) {
for (int j = 0; j < mparams.Count; j++) {
block.insert(n++, create(OpCodes.Ldloc, new Operand(Operand.Type.TempObjArray)));
block.insert(n++, Instruction.Create(OpCodes.Ldc_I4, j));
block.insert(n++, Instruction.Create(OpCodes.Ldelem_Ref));
block.insert(n++, OpCodes.Ldc_I4.ToInstruction(j));
block.insert(n++, OpCodes.Ldelem_Ref.ToInstruction());
var argType = mparams[j];
if (argType.RemovePinnedAndModifiers().IsValueType)
block.insert(n++, Instruction.Create(OpCodes.Unbox_Any, ((TypeDefOrRefSig)argType).TypeDefOrRef));
block.insert(n++, OpCodes.Unbox_Any.ToInstruction(((TypeDefOrRefSig)argType).TypeDefOrRef));
else {
// Don't cast it to its correct type. This will sometimes cause
// an exception in some EF obfuscated assembly since we'll be

4
blocks/Block.cs
View File

@ -52,7 +52,7 @@ namespace de4dot.blocks {
public Instr FirstInstr {
get {
if (instructions.Count == 0)
add(new Instr(Instruction.Create(OpCodes.Nop)));
add(new Instr(OpCodes.Nop.ToInstruction()));
return instructions[0];
}
}
@ -60,7 +60,7 @@ namespace de4dot.blocks {
public Instr LastInstr {
get {
if (instructions.Count == 0)
add(new Instr(Instruction.Create(OpCodes.Nop)));
add(new Instr(OpCodes.Nop.ToInstruction()));
return instructions[instructions.Count - 1];
}
}

28
blocks/Blocks.cs
View File

@ -171,16 +171,16 @@ namespace de4dot.blocks {
case Code.Ldloc_2:
case Code.Ldloc_3:
if (newIndex == 0)
return Instruction.Create(OpCodes.Ldloc_0);
return OpCodes.Ldloc_0.ToInstruction();
if (newIndex == 1)
return Instruction.Create(OpCodes.Ldloc_1);
return OpCodes.Ldloc_1.ToInstruction();
if (newIndex == 2)
return Instruction.Create(OpCodes.Ldloc_2);
return OpCodes.Ldloc_2.ToInstruction();
if (newIndex == 3)
return Instruction.Create(OpCodes.Ldloc_3);
return OpCodes.Ldloc_3.ToInstruction();
if (newIndex <= 0xFF)
return Instruction.Create(OpCodes.Ldloc_S, local);
return Instruction.Create(OpCodes.Ldloc, local);
return OpCodes.Ldloc_S.ToInstruction(local);
return OpCodes.Ldloc.ToInstruction(local);
case Code.Stloc:
case Code.Stloc_S:
@ -189,22 +189,22 @@ namespace de4dot.blocks {
case Code.Stloc_2:
case Code.Stloc_3:
if (newIndex == 0)
return Instruction.Create(OpCodes.Stloc_0);
return OpCodes.Stloc_0.ToInstruction();
if (newIndex == 1)
return Instruction.Create(OpCodes.Stloc_1);
return OpCodes.Stloc_1.ToInstruction();
if (newIndex == 2)
return Instruction.Create(OpCodes.Stloc_2);
return OpCodes.Stloc_2.ToInstruction();
if (newIndex == 3)
return Instruction.Create(OpCodes.Stloc_3);
return OpCodes.Stloc_3.ToInstruction();
if (newIndex <= 0xFF)
return Instruction.Create(OpCodes.Stloc_S, local);
return Instruction.Create(OpCodes.Stloc, local);
return OpCodes.Stloc_S.ToInstruction(local);
return OpCodes.Stloc.ToInstruction(local);
case Code.Ldloca_S:
case Code.Ldloca:
if (newIndex <= 0xFF)
return Instruction.Create(OpCodes.Ldloca_S, local);
return Instruction.Create(OpCodes.Ldloca, local);
return OpCodes.Ldloca_S.ToInstruction(local);
return OpCodes.Ldloca.ToInstruction(local);
default:
throw new ApplicationException("Invalid ld/st local instruction");

4
blocks/CodeGenerator.cs
View File

@ -185,7 +185,7 @@ namespace de4dot.blocks {
block.LastInstr.updateTargets(new List<Instr> { block.Targets[0].FirstInstr });
}
else if (block.FallThrough != null && block.FallThrough != next) {
var instr = new Instr(Instruction.Create(OpCodes.Br, block.FallThrough.FirstInstr.Instruction));
var instr = new Instr(OpCodes.Br.ToInstruction(block.FallThrough.FirstInstr.Instruction));
instr.updateTargets(new List<Instr> { block.FallThrough.FirstInstr });
allInstructions.Add(instr.Instruction);
}
@ -257,7 +257,7 @@ namespace de4dot.blocks {
void fixEmptyBlocks() {
foreach (var block in methodBlocks.getAllBlocks()) {
if (block.Instructions.Count == 0) {
block.Instructions.Add(new Instr(Instruction.Create(OpCodes.Nop)));
block.Instructions.Add(new Instr(OpCodes.Nop.ToInstruction()));
}
}
}

8
blocks/DotNetUtils.cs
View File

@ -153,7 +153,7 @@ namespace de4dot.blocks {
public static MethodDef getPInvokeMethod(TypeDef type, string methodName) {
if (type == null)
return null;
var mname = new UTF8String(methodName);
UTF8String mname = methodName;
foreach (var method in type.Methods) {
if (method.ImplMap == null)
continue;
@ -338,7 +338,7 @@ namespace de4dot.blocks {
var resourceName = removeFromNullChar(tmp);
if (resourceName == null)
continue;
var name = new UTF8String(resourceName);
UTF8String name = resourceName;
foreach (var resource in resources) {
if (UTF8String.Equals(resource.Name, name))
return resource;
@ -360,8 +360,8 @@ namespace de4dot.blocks {
var newMethod = new MethodDefUser(method.Name, method.MethodSig, method.ImplAttributes, method.Attributes);
newMethod.Rid = method.Rid;
newMethod.DeclaringType2 = method.DeclaringType;
foreach (var pd in method.ParamList)
newMethod.ParamList.Add(new ParamDefUser(pd.Name, pd.Sequence, pd.Attributes));
foreach (var pd in method.ParamDefs)
newMethod.ParamDefs.Add(new ParamDefUser(pd.Name, pd.Sequence, pd.Attributes));
foreach (var gp in method.GenericParameters) {
var newGp = new GenericParamUser(gp.Number, gp.Flags, gp.Name);
foreach (var gpc in gp.GenericParamConstraints)

2
blocks/cflow/BlockCflowDeobfuscator.cs
View File

@ -58,7 +58,7 @@ namespace de4dot.blocks.cflow {
// Pop the arguments to the bcc instruction. The dead code remover will get rid of the
// pop and any pushed arguments. Insert the pops just before the bcc instr.
for (int i = 0; i < stackArgs; i++)
block.insert(block.Instructions.Count - 1, Instruction.Create(OpCodes.Pop));
block.insert(block.Instructions.Count - 1, OpCodes.Pop.ToInstruction());
}
void IBranchHandler.handleNormal(int stackArgs, bool isTaken) {

2
blocks/cflow/ConstantsFolder.cs
View File

@ -96,7 +96,7 @@ namespace de4dot.blocks.cflow {
var intValue = (Int64Value)value;
if (!intValue.allBitsValid())
return false;
block.Instructions[index] = new Instr(Instruction.Create(OpCodes.Ldc_I8, intValue.value));
block.Instructions[index] = new Instr(OpCodes.Ldc_I8.ToInstruction(intValue.value));
return true;
}
return false;

2
blocks/cflow/DeadStoreRemover.cs
View File

@ -147,7 +147,7 @@ namespace de4dot.blocks.cflow {
continue;
if (!deadLocals[local.Index])
continue;
instructions[i] = new Instr(Instruction.Create(OpCodes.Pop));
instructions[i] = new Instr(OpCodes.Pop.ToInstruction());
changed = true;
}
}

2
blocks/cflow/MethodCallInlinerBase.cs
View File

@ -75,7 +75,7 @@ namespace de4dot.blocks.cflow {
int methodArgsCount = DotNetUtils.getArgsCount(methodToInline);
for (int i = 0; i < methodArgsCount; i++)
block.insert(patchIndex++, Instruction.Create(OpCodes.Pop));
block.insert(patchIndex++, OpCodes.Pop.ToInstruction());
block.Instructions[patchIndex] = new Instr(loadInstr.Clone());
return true;

2
blocks/cflow/StLdlocFixer.cs
View File

@ -54,7 +54,7 @@ namespace de4dot.blocks.cflow {
continue;
if (local != Instr.getLocalVar(locals, instructions[i + 1]))
break;
instructions[i] = new Instr(Instruction.Create(OpCodes.Dup));
instructions[i] = new Instr(OpCodes.Dup.ToInstruction());
instructions[i + 1] = instr;
changed = true;
break;

6
blocks/cflow/SwitchCflowDeobfuscator.cs
View File

@ -165,7 +165,7 @@ namespace de4dot.blocks.cflow {
if (target == null)
continue;
source.replaceLastNonBranchWithBranch(0, target);
source.add(new Instr(Instruction.Create(OpCodes.Pop)));
source.add(new Instr(OpCodes.Pop.ToInstruction()));
changed = true;
}
return changed;
@ -232,7 +232,7 @@ namespace de4dot.blocks.cflow {
}
else {
source.replaceLastNonBranchWithBranch(0, target);
source.add(new Instr(Instruction.Create(OpCodes.Pop)));
source.add(new Instr(OpCodes.Pop.ToInstruction()));
changed = true;
}
}
@ -371,7 +371,7 @@ namespace de4dot.blocks.cflow {
var block = new Block();
foreach (var kv in consts) {
block.Instructions.Add(new Instr(Instruction.CreateLdcI4(kv.Value)));
block.Instructions.Add(new Instr(Instruction.Create(OpCodes.Stloc, kv.Key)));
block.Instructions.Add(new Instr(OpCodes.Stloc.ToInstruction(kv.Key)));
}
fallThrough.Parent.add(block);
return block;

2
de4dot.code/StringInliner.cs
View File

@ -36,7 +36,7 @@ namespace de4dot.code {
continue;
int ldstrIndex = callResult.callStartIndex;
block.replace(ldstrIndex, num, Instruction.Create(OpCodes.Ldstr, decryptedString));
block.replace(ldstrIndex, num, OpCodes.Ldstr.ToInstruction(decryptedString));
// If it's followed by castclass string, remove it
if (ldstrIndex + 1 < block.Instructions.Count) {

2
de4dot.code/deobfuscators/Agile_NET/vm/CsvmToCilMethodConverter.cs
View File

@ -415,7 +415,7 @@ namespace de4dot.code.deobfuscators.Agile_NET.vm {
continue;
if (hasPrefix(instrs, i, Code.Constrained))
continue;
instrs.Insert(i, Instruction.Create(OpCodes.Constrained, thisType.Next.ToTypeDefOrRef()));
instrs.Insert(i, OpCodes.Constrained.ToInstruction(thisType.Next.ToTypeDefOrRef()));
i++;
}
}

68
de4dot.code/deobfuscators/Agile_NET/vm/OpCodeHandler.cs
View File

@ -70,19 +70,19 @@ namespace de4dot.code.deobfuscators.Agile_NET.vm {
static partial class OpCodeHandlers {
static Instruction arithmetic_read(BinaryReader reader) {
switch (reader.ReadByte()) {
case 0: return Instruction.Create(OpCodes.Add);
case 1: return Instruction.Create(OpCodes.Add_Ovf);
case 2: return Instruction.Create(OpCodes.Add_Ovf_Un);
case 3: return Instruction.Create(OpCodes.Sub);
case 4: return Instruction.Create(OpCodes.Sub_Ovf);
case 5: return Instruction.Create(OpCodes.Sub_Ovf_Un);
case 6: return Instruction.Create(OpCodes.Mul);
case 7: return Instruction.Create(OpCodes.Mul_Ovf);
case 8: return Instruction.Create(OpCodes.Mul_Ovf_Un);
case 9: return Instruction.Create(OpCodes.Div);
case 10: return Instruction.Create(OpCodes.Div_Un);
case 11: return Instruction.Create(OpCodes.Rem);
case 12: return Instruction.Create(OpCodes.Rem_Un);
case 0: return OpCodes.Add.ToInstruction();
case 1: return OpCodes.Add_Ovf.ToInstruction();
case 2: return OpCodes.Add_Ovf_Un.ToInstruction();
case 3: return OpCodes.Sub.ToInstruction();
case 4: return OpCodes.Sub_Ovf.ToInstruction();
case 5: return OpCodes.Sub_Ovf_Un.ToInstruction();
case 6: return OpCodes.Mul.ToInstruction();
case 7: return OpCodes.Mul_Ovf.ToInstruction();
case 8: return OpCodes.Mul_Ovf_Un.ToInstruction();
case 9: return OpCodes.Div.ToInstruction();
case 10: return OpCodes.Div_Un.ToInstruction();
case 11: return OpCodes.Rem.ToInstruction();
case 12: return OpCodes.Rem_Un.ToInstruction();
default: throw new ApplicationException("Invalid opcode");
}
}
@ -226,8 +226,8 @@ namespace de4dot.code.deobfuscators.Agile_NET.vm {
static Instruction dup_read(BinaryReader reader) {
switch (reader.ReadByte()) {
case 0: return Instruction.Create(OpCodes.Dup);
case 1: return Instruction.Create(OpCodes.Pop);
case 0: return OpCodes.Dup.ToInstruction();
case 1: return OpCodes.Pop.ToInstruction();
default: throw new ApplicationException("Invalid opcode");
}
}
@ -290,7 +290,7 @@ namespace de4dot.code.deobfuscators.Agile_NET.vm {
}
static Instruction endfinally_read(BinaryReader reader) {
return Instruction.Create(OpCodes.Endfinally);
return OpCodes.Endfinally.ToInstruction();
}
static Instruction ldfld_read(BinaryReader reader) {
@ -350,7 +350,7 @@ namespace de4dot.code.deobfuscators.Agile_NET.vm {
}
static Instruction ldlen_read(BinaryReader reader) {
return Instruction.Create(OpCodes.Ldlen);
return OpCodes.Ldlen.ToInstruction();
}
static Instruction ldobj_read(BinaryReader reader) {
@ -361,7 +361,7 @@ namespace de4dot.code.deobfuscators.Agile_NET.vm {
}
static Instruction ldstr_read(BinaryReader reader) {
return Instruction.Create(OpCodes.Ldstr, reader.ReadString());
return OpCodes.Ldstr.ToInstruction(reader.ReadString());
}
static bool ldtoken_check(UnknownHandlerInfo info) {
@ -392,10 +392,10 @@ namespace de4dot.code.deobfuscators.Agile_NET.vm {
static Instruction ldc_read(BinaryReader reader) {
switch ((ElementType)reader.ReadByte()) {
case ElementType.I4: return Instruction.CreateLdcI4(reader.ReadInt32());
case ElementType.I8: return Instruction.Create(OpCodes.Ldc_I8, reader.ReadInt64());
case ElementType.R4: return Instruction.Create(OpCodes.Ldc_R4, reader.ReadSingle());
case ElementType.R8: return Instruction.Create(OpCodes.Ldc_R8, reader.ReadDouble());
case ElementType.Object: return Instruction.Create(OpCodes.Ldnull);
case ElementType.I8: return OpCodes.Ldc_I8.ToInstruction(reader.ReadInt64());
case ElementType.R4: return OpCodes.Ldc_R4.ToInstruction(reader.ReadSingle());
case ElementType.R8: return OpCodes.Ldc_R8.ToInstruction(reader.ReadDouble());
case ElementType.Object: return OpCodes.Ldnull.ToInstruction();
default: throw new ApplicationException("Invalid opcode");
}
}
@ -424,12 +424,12 @@ namespace de4dot.code.deobfuscators.Agile_NET.vm {
static Instruction logical_read(BinaryReader reader) {
switch (reader.ReadByte()) {
case 0: return Instruction.Create(OpCodes.And);
case 1: return Instruction.Create(OpCodes.Or);
case 2: return Instruction.Create(OpCodes.Xor);
case 3: return Instruction.Create(OpCodes.Shl);
case 4: return Instruction.Create(OpCodes.Shr);
case 5: return Instruction.Create(OpCodes.Shr_Un);
case 0: return OpCodes.And.ToInstruction();
case 1: return OpCodes.Or.ToInstruction();
case 2: return OpCodes.Xor.ToInstruction();
case 3: return OpCodes.Shl.ToInstruction();
case 4: return OpCodes.Shr.ToInstruction();
case 5: return OpCodes.Shr_Un.ToInstruction();
default: throw new ApplicationException("Invalid opcode");
}
}
@ -449,7 +449,7 @@ namespace de4dot.code.deobfuscators.Agile_NET.vm {
}
static Instruction nop_read(BinaryReader reader) {
return Instruction.Create(OpCodes.Nop);
return OpCodes.Nop.ToInstruction();
}
static bool ret_check(UnknownHandlerInfo info) {
@ -458,7 +458,7 @@ namespace de4dot.code.deobfuscators.Agile_NET.vm {
static Instruction ret_read(BinaryReader reader) {
reader.ReadInt32(); // token of current method
return Instruction.Create(OpCodes.Ret);
return OpCodes.Ret.ToInstruction();
}
static bool rethrow_check(UnknownHandlerInfo info) {
@ -466,7 +466,7 @@ namespace de4dot.code.deobfuscators.Agile_NET.vm {
}
static Instruction rethrow_read(BinaryReader reader) {
return Instruction.Create(OpCodes.Rethrow);
return OpCodes.Rethrow.ToInstruction();
}
static Instruction stloc_read(BinaryReader reader) {
@ -510,13 +510,13 @@ namespace de4dot.code.deobfuscators.Agile_NET.vm {
}
static Instruction throw_read(BinaryReader reader) {
return Instruction.Create(OpCodes.Throw);
return OpCodes.Throw.ToInstruction();
}
static Instruction neg_read(BinaryReader reader) {
switch (reader.ReadByte()) {
case 0: return Instruction.Create(OpCodes.Neg);
case 1: return Instruction.Create(OpCodes.Not);
case 0: return OpCodes.Neg.ToInstruction();
case 1: return OpCodes.Not.ToInstruction();
default: throw new ApplicationException("Invalid opcode");
}
}

2
de4dot.code/deobfuscators/Babel_NET/BabelMethodCallInliner.cs
View File

@ -119,7 +119,7 @@ namespace de4dot.code.deobfuscators.Babel_NET {
if (!getNewValue(methodToInline, ldci4.getLdcI4Value(), out newValue))
return false;
block.Instructions[instrIndex - 1] = new Instr(Instruction.Create(OpCodes.Nop));
block.Instructions[instrIndex - 1] = new Instr(OpCodes.Nop.ToInstruction());
block.Instructions[instrIndex] = new Instr(Instruction.CreateLdcI4(newValue));
return true;
}

4
de4dot.code/deobfuscators/DeepSea/DsMethodCallInliner.cs
View File

@ -109,8 +109,8 @@ namespace de4dot.code.deobfuscators.DeepSea {
if (!emulateToReturn(patcher.afterIndex, patcher.lastInstr))
return false;
patcher.patch(block);
block.insert(instrIndex, Instruction.Create(OpCodes.Pop));
block.insert(instrIndex, Instruction.Create(OpCodes.Pop));
block.insert(instrIndex, OpCodes.Pop.ToInstruction());
block.insert(instrIndex, OpCodes.Pop.ToInstruction());
return true;
}

4
de4dot.code/deobfuscators/DeepSea/StringDecrypter.cs
View File

@ -144,8 +144,8 @@ namespace de4dot.code.deobfuscators.DeepSea {
if (calledMethod.ToString() != "System.Void System.Runtime.CompilerServices.RuntimeHelpers::InitializeArray(System.Array,System.RuntimeFieldHandle)")
continue;
instrs[i] = Instruction.Create(OpCodes.Pop);
instrs[i + 1] = Instruction.Create(OpCodes.Nop);
instrs[i] = OpCodes.Pop.ToInstruction();
instrs[i + 1] = OpCodes.Nop.ToInstruction();
}
}

8
de4dot.code/deobfuscators/Eazfuscator_NET/Deobfuscator.cs
View File

@ -199,14 +199,14 @@ namespace de4dot.code.deobfuscators.Eazfuscator_NET {
newMethod.Body = new CilBody();
newMethod.Body.MaxStack = 1;
newMethod.Body.Instructions.Add(Instruction.CreateLdcI4(stringDecrypter.ValidStringDecrypterValue.Value));
newMethod.Body.Instructions.Add(Instruction.Create(OpCodes.Call, stringDecrypter.Method));
newMethod.Body.Instructions.Add(Instruction.Create(OpCodes.Pop));
newMethod.Body.Instructions.Add(Instruction.Create(OpCodes.Ret));
newMethod.Body.Instructions.Add(OpCodes.Call.ToInstruction(stringDecrypter.Method));
newMethod.Body.Instructions.Add(OpCodes.Pop.ToInstruction());
newMethod.Body.Instructions.Add(OpCodes.Ret.ToInstruction());
var cctor = module.GlobalType.FindOrCreateStaticConstructor();
var blocks = new Blocks(cctor);
var block = blocks.MethodBlocks.getAllBlocks()[0];
block.insert(0, Instruction.Create(OpCodes.Call, newMethod));
block.insert(0, OpCodes.Call.ToInstruction(newMethod));
IList<Instruction> allInstructions;
IList<ExceptionHandler> allExceptionHandlers;

8
de4dot.code/deobfuscators/Goliath_NET/LogicalExpressionFixer.cs
View File

@ -30,13 +30,13 @@ namespace de4dot.code.deobfuscators.Goliath_NET {
var second = instrs[i + 1];
if (first.OpCode.Code == Code.Not && second.OpCode.Code == Code.Neg) {
// It's increment
instrs[i] = new Instr(Instruction.Create(OpCodes.Ldc_I4_1));
instrs[i + 1] = new Instr(Instruction.Create(OpCodes.Add));
instrs[i] = new Instr(OpCodes.Ldc_I4_1.ToInstruction());
instrs[i + 1] = new Instr(OpCodes.Add.ToInstruction());
}
else if (first.OpCode.Code == Code.Neg && second.OpCode.Code == Code.Not) {
// It's decrement
instrs[i] = new Instr(Instruction.Create(OpCodes.Ldc_I4_1));
instrs[i + 1] = new Instr(Instruction.Create(OpCodes.Sub));
instrs[i] = new Instr(OpCodes.Ldc_I4_1.ToInstruction());
instrs[i + 1] = new Instr(OpCodes.Sub.ToInstruction());
}
}
}

2
de4dot.code/deobfuscators/ILProtector/MainType.cs
View File

@ -99,7 +99,7 @@ namespace de4dot.code.deobfuscators.ILProtector {
cctor.Body.InitLocals = false;
cctor.Body.Variables.Clear();
cctor.Body.Instructions.Clear();
cctor.Body.Instructions.Add(Instruction.Create(OpCodes.Ret));
cctor.Body.Instructions.Add(OpCodes.Ret.ToInstruction());
cctor.Body.ExceptionHandlers.Clear();
}
}

8
de4dot.code/deobfuscators/InitializedDataCreator.cs
View File

@ -56,10 +56,10 @@ namespace de4dot.code.deobfuscators {
public void addInitializeArrayCode(Block block, int start, int numToRemove, ITypeDefOrRef elementType, byte[] data) {
int index = start;
block.replace(index++, numToRemove, Instruction.CreateLdcI4(data.Length / elementType.ToTypeSig().ElementType.GetPrimitiveSize()));
block.insert(index++, Instruction.Create(OpCodes.Newarr, elementType));
block.insert(index++, Instruction.Create(OpCodes.Dup));
block.insert(index++, Instruction.Create(OpCodes.Ldtoken, (IField)create(data)));
block.insert(index++, Instruction.Create(OpCodes.Call, (IMethod)InitializeArrayMethod));
block.insert(index++, OpCodes.Newarr.ToInstruction(elementType));
block.insert(index++, OpCodes.Dup.ToInstruction());
block.insert(index++, OpCodes.Ldtoken.ToInstruction((IField)create(data)));
block.insert(index++, OpCodes.Call.ToInstruction((IMethod)InitializeArrayMethod));
}
void createOurType() {

4
de4dot.code/deobfuscators/ProxyCallFixerBase.cs
View File

@ -356,8 +356,8 @@ namespace de4dot.code.deobfuscators {
// Oooops!!! The obfuscator is buggy. Well, let's hope it is, or it's my code. ;)
Logger.w("Holy obfuscator bugs, Batman! Found a proxy delegate call with no instance push in {0:X8}. Replacing it with a throw...", obfuscatedMethod.MDToken.ToInt32());
block.insert(i, Instruction.Create(OpCodes.Ldnull));
block.replace(i + 1, 1, Instruction.Create(OpCodes.Throw));
block.insert(i, OpCodes.Ldnull.ToInstruction());
block.replace(i + 1, 1, OpCodes.Throw.ToInstruction());
i++;
}
}

2
de4dot.code/deobfuscators/Rummage/StringDecrypter.cs
View File

@ -425,7 +425,7 @@ namespace de4dot.code.deobfuscators.Rummage {
continue;
var decrypted = decrypt(info);
instrs[i] = new Instr(Instruction.Create(OpCodes.Ldstr, decrypted));
instrs[i] = new Instr(OpCodes.Ldstr.ToInstruction(decrypted));
Logger.v("Decrypted string: {0}", Utils.toCsharpString(decrypted));
}
}

2
de4dot.code/deobfuscators/Skater_NET/StringDecrypter.cs
View File

@ -305,7 +305,7 @@ namespace de4dot.code.deobfuscators.Skater_NET {
if (decrypted == null)
continue;
instrs[i] = new Instr(Instruction.Create(OpCodes.Ldstr, decrypted));
instrs[i] = new Instr(OpCodes.Ldstr.ToInstruction(decrypted));
Logger.v("Decrypted string: {0}", Utils.toCsharpString(decrypted));
}
}

2
de4dot.code/deobfuscators/Spices_Net/ResourceNamesRestorer.cs
View File

@ -135,7 +135,7 @@ namespace de4dot.code.deobfuscators.Spices_Net {
Logger.v("Restoring resource name: '{0}' => '{1}'",
Utils.removeNewlines(resource.Name),
Utils.removeNewlines(newName));
resource.Name = new UTF8String(newName);
resource.Name = newName;
numToResource.Remove(hash);
}

6
de4dot.code/deobfuscators/ValueInlinerBase.cs
View File

@ -123,7 +123,7 @@ namespace de4dot.code.deobfuscators {
var block = callResult.block;
int num = callResult.callEndIndex - callResult.callStartIndex + 1;
block.replace(callResult.callStartIndex, num, Instruction.Create(OpCodes.Ldc_I8, (long)callResult.returnValue));
block.replace(callResult.callStartIndex, num, OpCodes.Ldc_I8.ToInstruction((long)callResult.returnValue));
removeUnboxInstruction(block, callResult.callStartIndex + 1, "System.Int64");
Logger.v("Decrypted int64: {0}", callResult.returnValue);
}
@ -136,7 +136,7 @@ namespace de4dot.code.deobfuscators {
var block = callResult.block;
int num = callResult.callEndIndex - callResult.callStartIndex + 1;
block.replace(callResult.callStartIndex, num, Instruction.Create(OpCodes.Ldc_R4, (float)callResult.returnValue));
block.replace(callResult.callStartIndex, num, OpCodes.Ldc_R4.ToInstruction((float)callResult.returnValue));
removeUnboxInstruction(block, callResult.callStartIndex + 1, "System.Single");
Logger.v("Decrypted single: {0}", callResult.returnValue);
}
@ -149,7 +149,7 @@ namespace de4dot.code.deobfuscators {
var block = callResult.block;
int num = callResult.callEndIndex - callResult.callStartIndex + 1;
block.replace(callResult.callStartIndex, num, Instruction.Create(OpCodes.Ldc_R8, (double)callResult.returnValue));
block.replace(callResult.callStartIndex, num, OpCodes.Ldc_R8.ToInstruction((double)callResult.returnValue));
removeUnboxInstruction(block, callResult.callStartIndex + 1, "System.Double");
Logger.v("Decrypted double: {0}", callResult.returnValue);
}

4
de4dot.code/deobfuscators/dotNET_Reactor/v4/Deobfuscator.cs
View File

@ -563,7 +563,7 @@ namespace de4dot.code.deobfuscators.dotNET_Reactor.v4 {
continue;
if (!new SigComparer().Equals(type, instr.Operand as ITypeDefOrRef))
continue;
instructions[i] = new Instr(Instruction.Create(OpCodes.Ldtoken, blocks.Method.DeclaringType));
instructions[i] = new Instr(OpCodes.Ldtoken.ToInstruction(blocks.Method.DeclaringType));
}
}
}
@ -600,7 +600,7 @@ namespace de4dot.code.deobfuscators.dotNET_Reactor.v4 {
return;
ep.MethodSig = MethodSig.CreateStatic(ep.MethodSig.RetType, new SZArraySig(module.CorLibTypes.String));
ep.ParamList.Clear();
ep.ParamDefs.Clear();
ep.Parameters.UpdateParameterTypes();
}

2
de4dot.code/deobfuscators/dotNET_Reactor/v4/MetadataTokenObfuscator.cs
View File

@ -97,7 +97,7 @@ namespace de4dot.code.deobfuscators.dotNET_Reactor.v4 {
continue;
uint token = (uint)(int)instrs[i].Operand;
instrs[i] = new Instr(Instruction.Create(OpCodes.Nop));
instrs[i] = new Instr(OpCodes.Nop.ToInstruction());
instrs[i + 1] = new Instr(new Instruction(OpCodes.Ldtoken, module.ResolveToken(token) as ITokenOperand));
}
}

14
de4dot.code/renamer/Renamer.cs
View File

@ -317,14 +317,14 @@ namespace de4dot.code.renamer {
if (RenameTypes && info.gotNewName()) {
var old = typeDef.Name;
typeDef.Name = new UTF8String(info.newName);
typeDef.Name = info.newName;
if (isVerbose)
Logger.v("Name: {0} => {1}", Utils.removeNewlines(old), Utils.removeNewlines(typeDef.Name));
}
if (RenameNamespaces && info.newNamespace != null) {
var old = typeDef.Namespace;
typeDef.Namespace = new UTF8String(info.newNamespace);
typeDef.Namespace = info.newNamespace;
if (isVerbose)
Logger.v("Namespace: {0} => {1}", Utils.removeNewlines(old), Utils.removeNewlines(typeDef.Namespace));
}
@ -339,7 +339,7 @@ namespace de4dot.code.renamer {
var info = memberInfos.gparam(param);
if (!info.gotNewName())
continue;
param.GenericParam.Name = new UTF8String(info.newName);
param.GenericParam.Name = info.newName;
if (isVerbose)
Logger.v("GenParam: {0} => {1}", Utils.removeNewlines(info.oldFullName), Utils.removeNewlines(param.GenericParam.FullName));
}
@ -383,7 +383,7 @@ namespace de4dot.code.renamer {
continue;
if (isDelegateType && DontRenameDelegateFields)
continue;
fieldDef.FieldDef.Name = new UTF8String(fieldInfo.newName);
fieldDef.FieldDef.Name = fieldInfo.newName;
if (isVerbose)
Logger.v("Field: {0} ({1:X8}) => {2}",
Utils.removeNewlines(fieldInfo.oldFullName),
@ -399,7 +399,7 @@ namespace de4dot.code.renamer {
var propInfo = memberInfos.prop(propDef);
if (!propInfo.gotNewName())
continue;
propDef.PropertyDef.Name = new UTF8String(propInfo.newName);
propDef.PropertyDef.Name = propInfo.newName;
if (isVerbose)
Logger.v("Property: {0} ({1:X8}) => {2}",
Utils.removeNewlines(propInfo.oldFullName),
@ -415,7 +415,7 @@ namespace de4dot.code.renamer {
var eventInfo = memberInfos.evt(eventDef);
if (!eventInfo.gotNewName())
continue;
eventDef.EventDef.Name = new UTF8String(eventInfo.newName);
eventDef.EventDef.Name = eventInfo.newName;
if (isVerbose)
Logger.v("Event: {0} ({1:X8}) => {2}",
Utils.removeNewlines(eventInfo.oldFullName),
@ -436,7 +436,7 @@ namespace de4dot.code.renamer {
renameGenericParams(methodDef.GenericParams);
if (RenameMethods && methodInfo.gotNewName()) {
methodDef.MethodDef.Name = new UTF8String(methodInfo.newName);
methodDef.MethodDef.Name = methodInfo.newName;
if (isVerbose)
Logger.v("Name: {0} => {1}", Utils.removeNewlines(methodInfo.oldFullName), Utils.removeNewlines(methodDef.MethodDef.FullName));
}

2
de4dot.code/renamer/ResourceRenamer.cs
View File

@ -156,7 +156,7 @@ namespace de4dot.code.renamer {
newNames[resource] = new RenameInfo(resource, info, newName);
Logger.v("Renamed resource in resources: {0} => {1}", Utils.removeNewlines(resource.Name), newName);
resource.Name = new UTF8String(newName);
resource.Name = newName;
}
}
}

2
de4dot.code/renamer/asmmodules/MemberRefFinder.cs
View File

@ -385,7 +385,7 @@ namespace de4dot.code.renamer.asmmodules {
return;
methodDefs[md] = true;
add(md.Signature);
add(md.ParamList);
add(md.ParamDefs);
add(md.GenericParameters);
add(md.DeclSecurities);
add(md.MethodBody);

14
de4dot.sln
View File

@ -33,6 +33,8 @@ Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "AssemblyServer-CLR40", "Ass
EndProject
Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "AssemblyServer-CLR40-x64", "AssemblyServer-CLR40-x64\AssemblyServer-CLR40-x64.csproj", "{A0F58B9F-BB56-4D9B-B04A-726F9E7961EB}"
EndProject
Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "Examples", "dot10\Examples\Examples.csproj", "{F27E72B5-C4BD-40BF-AD19-4C8A99B55872}"
EndProject
Global
GlobalSection(SolutionConfigurationPlatforms) = preSolution
Debug|Any CPU = Debug|Any CPU
@ -237,6 +239,18 @@ Global
{A0F58B9F-BB56-4D9B-B04A-726F9E7961EB}.Release|Win32.ActiveCfg = Release|x86
{A0F58B9F-BB56-4D9B-B04A-726F9E7961EB}.Release|x86.ActiveCfg = Release|x86
{A0F58B9F-BB56-4D9B-B04A-726F9E7961EB}.Release|x86.Build.0 = Release|x86
{F27E72B5-C4BD-40BF-AD19-4C8A99B55872}.Debug|Any CPU.ActiveCfg = Debug|x86
{F27E72B5-C4BD-40BF-AD19-4C8A99B55872}.Debug|Mixed Platforms.ActiveCfg = Debug|x86
{F27E72B5-C4BD-40BF-AD19-4C8A99B55872}.Debug|Mixed Platforms.Build.0 = Debug|x86
{F27E72B5-C4BD-40BF-AD19-4C8A99B55872}.Debug|Win32.ActiveCfg = Debug|x86
{F27E72B5-C4BD-40BF-AD19-4C8A99B55872}.Debug|x86.ActiveCfg = Debug|x86
{F27E72B5-C4BD-40BF-AD19-4C8A99B55872}.Debug|x86.Build.0 = Debug|x86
{F27E72B5-C4BD-40BF-AD19-4C8A99B55872}.Release|Any CPU.ActiveCfg = Release|x86
{F27E72B5-C4BD-40BF-AD19-4C8A99B55872}.Release|Mixed Platforms.ActiveCfg = Release|x86
{F27E72B5-C4BD-40BF-AD19-4C8A99B55872}.Release|Mixed Platforms.Build.0 = Release|x86
{F27E72B5-C4BD-40BF-AD19-4C8A99B55872}.Release|Win32.ActiveCfg = Release|x86
{F27E72B5-C4BD-40BF-AD19-4C8A99B55872}.Release|x86.ActiveCfg = Release|x86
{F27E72B5-C4BD-40BF-AD19-4C8A99B55872}.Release|x86.Build.0 = Release|x86
EndGlobalSection
GlobalSection(SolutionProperties) = preSolution
HideSolutionNode = FALSE

2
dot10

@ -1 +1 @@
Subproject commit 0b93864f38fba97187d3569efd2496950dfe368d
Subproject commit abc6210f9d8696e53abbeeff95b05bcb2ad00907