Some minor updates

2011-10-23 17:23:33 +02:00 · 2011-10-23 17:23:33 +02:00 · bf00ccca2b
commit bf00ccca2b
parent f776148574
3 changed files with 8 additions and 11 deletions
--- a/de4dot.code/deobfuscators/CryptoObfuscator/Deobfuscator.cs
+++ b/de4dot.code/deobfuscators/CryptoObfuscator/Deobfuscator.cs
@ -121,7 +121,7 @@ namespace de4dot.deobfuscators.CryptoObfuscator {
 				foundObfuscatedSymbols = true;
 			proxyDelegateFinder = new ProxyDelegateFinder(module);
-			proxyDelegateFinder.findDelegateCreator(module);
+			proxyDelegateFinder.findDelegateCreator();
 			stringDecrypter = new StringDecrypter(module);
 			stringDecrypter.find();
 			tamperDetection = new TamperDetection(module);
@ -211,18 +211,15 @@ namespace de4dot.deobfuscators.CryptoObfuscator {
 		void dumpEmbeddedAssemblies() {
 			foreach (var info in assemblyResolver.AssemblyInfos) {
-				dumpEmbeddedFile(info.resource, info.assemblyName, true);
+				dumpEmbeddedFile(info.resource, info.assemblyName, ".dll", string.Format("Embedded assembly: {0}", info.assemblyName));
 				if (info.symbolsResource != null)
-					dumpEmbeddedFile(info.symbolsResource, info.assemblyName, false);
+					dumpEmbeddedFile(info.symbolsResource, info.assemblyName, ".pdb", string.Format("Embedded pdb: {0}", info.assemblyName));
 			}
 		}
-		void dumpEmbeddedFile(EmbeddedResource resource, string assemblyName, bool isAssembly) {
+		void dumpEmbeddedFile(EmbeddedResource resource, string assemblyName, string extension, string reason) {
 			string extension = isAssembly ? ".dll" : ".pdb";
 			DeobfuscatedFile.createAssemblyFile(resourceDecrypter.decrypt(resource.GetResourceStream()), Utils.getAssemblySimpleName(assemblyName), extension);
 			string reason = isAssembly ? string.Format("Embedded assembly: {0}", assemblyName) :
 										 string.Format("Embedded pdb: {0}", assemblyName);
 			addResourceToBeRemoved(resource, reason);
 		}
--- a/de4dot.code/deobfuscators/CryptoObfuscator/ProxyDelegateFinder.cs
+++ b/de4dot.code/deobfuscators/CryptoObfuscator/ProxyDelegateFinder.cs
@ -110,7 +110,7 @@ namespace de4dot.deobfuscators.CryptoObfuscator {
 			calledMethod = module.LookupToken(ctx.methodToken) as MethodReference;
 		}
-		public void findDelegateCreator(ModuleDefinition module) {
+		public void findDelegateCreator() {
 			foreach (var type in module.Types) {
 				var createMethod = getProxyCreateMethod(type);
 				if (createMethod == null)
@ -134,13 +134,13 @@ namespace de4dot.deobfuscators.CryptoObfuscator {
 			foreach (var m in type.Methods) {
 				if (m.Name == ".ctor" || m.Name == ".cctor")
 					continue;
-				if (createMethod == null || DotNetUtils.isMethod(m, "System.Void", "(System.Int32,System.Int32,System.Int32)")) {
+				if (createMethod == null && DotNetUtils.isMethod(m, "System.Void", "(System.Int32,System.Int32,System.Int32)")) {
 					createMethod = m;
 					continue;
 				}
 				return null;
 			}
-			if (!createMethod.HasBody)
+			if (createMethod == null || !createMethod.HasBody)
 				return null;
 			if (type.HasEvents || type.HasProperties)
 				return null;
--- a/de4dot.code/deobfuscators/CryptoObfuscator/ResourceResolver.cs
+++ b/de4dot.code/deobfuscators/CryptoObfuscator/ResourceResolver.cs
@ -65,7 +65,7 @@ namespace de4dot.deobfuscators.CryptoObfuscator {
 			var resource = DotNetUtils.getResource(module, module.Assembly.Name.Name) as EmbeddedResource;
 			if (resource == null)
-				throw new ApplicationException("Could not find encrypted resources");
+				return null;
 			DeobUtils.decryptAndAddResources(module, resource.Name, () => resourceDecrypter.decrypt(resource.GetResourceStream()));
 			mergedIt = true;