Some minor updates
This commit is contained in:
parent
f776148574
commit
bf00ccca2b
|
@ -121,7 +121,7 @@ namespace de4dot.deobfuscators.CryptoObfuscator {
|
||||||
foundObfuscatedSymbols = true;
|
foundObfuscatedSymbols = true;
|
||||||
|
|
||||||
proxyDelegateFinder = new ProxyDelegateFinder(module);
|
proxyDelegateFinder = new ProxyDelegateFinder(module);
|
||||||
proxyDelegateFinder.findDelegateCreator(module);
|
proxyDelegateFinder.findDelegateCreator();
|
||||||
stringDecrypter = new StringDecrypter(module);
|
stringDecrypter = new StringDecrypter(module);
|
||||||
stringDecrypter.find();
|
stringDecrypter.find();
|
||||||
tamperDetection = new TamperDetection(module);
|
tamperDetection = new TamperDetection(module);
|
||||||
|
@ -211,18 +211,15 @@ namespace de4dot.deobfuscators.CryptoObfuscator {
|
||||||
|
|
||||||
void dumpEmbeddedAssemblies() {
|
void dumpEmbeddedAssemblies() {
|
||||||
foreach (var info in assemblyResolver.AssemblyInfos) {
|
foreach (var info in assemblyResolver.AssemblyInfos) {
|
||||||
dumpEmbeddedFile(info.resource, info.assemblyName, true);
|
dumpEmbeddedFile(info.resource, info.assemblyName, ".dll", string.Format("Embedded assembly: {0}", info.assemblyName));
|
||||||
|
|
||||||
if (info.symbolsResource != null)
|
if (info.symbolsResource != null)
|
||||||
dumpEmbeddedFile(info.symbolsResource, info.assemblyName, false);
|
dumpEmbeddedFile(info.symbolsResource, info.assemblyName, ".pdb", string.Format("Embedded pdb: {0}", info.assemblyName));
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
void dumpEmbeddedFile(EmbeddedResource resource, string assemblyName, bool isAssembly) {
|
void dumpEmbeddedFile(EmbeddedResource resource, string assemblyName, string extension, string reason) {
|
||||||
string extension = isAssembly ? ".dll" : ".pdb";
|
|
||||||
DeobfuscatedFile.createAssemblyFile(resourceDecrypter.decrypt(resource.GetResourceStream()), Utils.getAssemblySimpleName(assemblyName), extension);
|
DeobfuscatedFile.createAssemblyFile(resourceDecrypter.decrypt(resource.GetResourceStream()), Utils.getAssemblySimpleName(assemblyName), extension);
|
||||||
string reason = isAssembly ? string.Format("Embedded assembly: {0}", assemblyName) :
|
|
||||||
string.Format("Embedded pdb: {0}", assemblyName);
|
|
||||||
addResourceToBeRemoved(resource, reason);
|
addResourceToBeRemoved(resource, reason);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -110,7 +110,7 @@ namespace de4dot.deobfuscators.CryptoObfuscator {
|
||||||
calledMethod = module.LookupToken(ctx.methodToken) as MethodReference;
|
calledMethod = module.LookupToken(ctx.methodToken) as MethodReference;
|
||||||
}
|
}
|
||||||
|
|
||||||
public void findDelegateCreator(ModuleDefinition module) {
|
public void findDelegateCreator() {
|
||||||
foreach (var type in module.Types) {
|
foreach (var type in module.Types) {
|
||||||
var createMethod = getProxyCreateMethod(type);
|
var createMethod = getProxyCreateMethod(type);
|
||||||
if (createMethod == null)
|
if (createMethod == null)
|
||||||
|
@ -134,13 +134,13 @@ namespace de4dot.deobfuscators.CryptoObfuscator {
|
||||||
foreach (var m in type.Methods) {
|
foreach (var m in type.Methods) {
|
||||||
if (m.Name == ".ctor" || m.Name == ".cctor")
|
if (m.Name == ".ctor" || m.Name == ".cctor")
|
||||||
continue;
|
continue;
|
||||||
if (createMethod == null || DotNetUtils.isMethod(m, "System.Void", "(System.Int32,System.Int32,System.Int32)")) {
|
if (createMethod == null && DotNetUtils.isMethod(m, "System.Void", "(System.Int32,System.Int32,System.Int32)")) {
|
||||||
createMethod = m;
|
createMethod = m;
|
||||||
continue;
|
continue;
|
||||||
}
|
}
|
||||||
return null;
|
return null;
|
||||||
}
|
}
|
||||||
if (!createMethod.HasBody)
|
if (createMethod == null || !createMethod.HasBody)
|
||||||
return null;
|
return null;
|
||||||
if (type.HasEvents || type.HasProperties)
|
if (type.HasEvents || type.HasProperties)
|
||||||
return null;
|
return null;
|
||||||
|
|
|
@ -65,7 +65,7 @@ namespace de4dot.deobfuscators.CryptoObfuscator {
|
||||||
|
|
||||||
var resource = DotNetUtils.getResource(module, module.Assembly.Name.Name) as EmbeddedResource;
|
var resource = DotNetUtils.getResource(module, module.Assembly.Name.Name) as EmbeddedResource;
|
||||||
if (resource == null)
|
if (resource == null)
|
||||||
throw new ApplicationException("Could not find encrypted resources");
|
return null;
|
||||||
|
|
||||||
DeobUtils.decryptAndAddResources(module, resource.Name, () => resourceDecrypter.decrypt(resource.GetResourceStream()));
|
DeobUtils.decryptAndAddResources(module, resource.Name, () => resourceDecrypter.decrypt(resource.GetResourceStream()));
|
||||||
mergedIt = true;
|
mergedIt = true;
|
||||||
|
|
Loading…
Reference in New Issue
Block a user