Add decrypt methods to IDeobfuscator. Change some method sigs.

de4dot.code/deobfuscators/CliSecure/Deobfuscator.cs

@@ -104,9 +104,7 @@ namespace de4dot.deobfuscators.CliSecure {
 			base.init(module);
 		}
 
-		public override int detect() {
-			scanForObfuscator();
-
+		protected override int detectInternal() {
 			int val = 0;
 
 			if (cliSecureRtType != null || foundCliSecureAttribute)
@@ -119,7 +117,7 @@ namespace de4dot.deobfuscators.CliSecure {
 			return val;
 		}
 
-		protected override void scanForObfuscatorInternal() {
+		protected override void scanForObfuscator() {
 			proxyDelegateFinder = new ProxyDelegateFinder(module);
 			findCliSecureAttribute();
 			findCliSecureRtType();

de4dot.code/deobfuscators/CryptoObfuscator/Deobfuscator.cs

@@ -90,9 +90,7 @@ namespace de4dot.deobfuscators.CryptoObfuscator {
 			base.init(module);
 		}
 
-		public override int detect() {
-			scanForObfuscator();
-
+		protected override int detectInternal() {
 			int val = 0;
 
 			if (foundCryptoObfuscatorAttribute)
@@ -109,7 +107,7 @@ namespace de4dot.deobfuscators.CryptoObfuscator {
 			return val;
 		}
 
-		protected override void scanForObfuscatorInternal() {
+		protected override void scanForObfuscator() {
 			foreach (var type in module.Types) {
 				if (type.FullName == "CryptoObfuscator.ProtectedWithCryptoObfuscatorAttribute") {
 					foundCryptoObfuscatorAttribute = true;

de4dot.code/deobfuscators/DeobfuscatorBase.cs

@@ -46,7 +46,6 @@ namespace de4dot.deobfuscators {
 		IList<RemoveInfo<Resource>> resourcesToRemove = new List<RemoveInfo<Resource>>();
 		IList<RemoveInfo<ModuleReference>> modrefsToRemove = new List<RemoveInfo<ModuleReference>>();
 		List<string> namesToPossiblyRemove = new List<string>();
-		bool scanForObfuscatorCalled = false;
 		MethodCallRemover methodCallRemover = new MethodCallRemover();
 
 		internal class OptionsBase : IDeobfuscatorOptions {
@@ -82,6 +81,10 @@ namespace de4dot.deobfuscators {
 		}
 
 		public virtual void init(ModuleDefinition module) {
+			setModule(module);
+		}
+
+		protected void setModule(ModuleDefinition module) {
 			this.module = module;
 		}
 
@@ -89,20 +92,23 @@ namespace de4dot.deobfuscators {
 			return 0;
 		}
 
-		protected void scanForObfuscator() {
-			if (scanForObfuscatorCalled)
-				return;
-			scanForObfuscatorCalled = true;
-			scanForObfuscatorInternal();
+		public virtual int detect() {
+			scanForObfuscator();
+			return detectInternal();
 		}
 
-		protected virtual void scanForObfuscatorInternal() {
+		protected abstract void scanForObfuscator();
+		protected abstract int detectInternal();
+
+		public virtual byte[] getDecryptedModule() {
+			return null;
 		}
 
-		public abstract int detect();
+		public virtual IDeobfuscator moduleReloaded(ModuleDefinition module) {
+			throw new ApplicationException("moduleReloaded() must be overridden by the deobfuscator");
+		}
 
 		public virtual void deobfuscateBegin() {
-			scanForObfuscator();
 		}
 
 		public virtual void deobfuscateMethodBegin(Blocks blocks) {

de4dot.code/deobfuscators/Dotfuscator/Deobfuscator.cs

@@ -76,9 +76,7 @@ namespace de4dot.deobfuscators.Dotfuscator {
 			this.options = options;
 		}
 
-		public override int detect() {
-			scanForObfuscator();
-
+		protected override int detectInternal() {
 			int val = 0;
 
 			if (foundDotfuscatorAttribute)
@@ -89,7 +87,7 @@ namespace de4dot.deobfuscators.Dotfuscator {
 			return val;
 		}
 
-		protected override void scanForObfuscatorInternal() {
+		protected override void scanForObfuscator() {
 			findDotfuscatorAttribute();
 			findStringDecrypterMethods();
 		}

de4dot.code/deobfuscators/Eazfuscator/Deobfuscator.cs

@@ -65,14 +65,13 @@ namespace de4dot.deobfuscators.Eazfuscator {
 			DefaultDecrypterType = DecrypterType.Emulate;
 		}
 
-		public override int detect() {
-			scanForObfuscator();
+		protected override int detectInternal() {
 			if (decryptStringMethod != null)
 				return 100;
 			return 0;
 		}
 
-		protected override void scanForObfuscatorInternal() {
+		protected override void scanForObfuscator() {
 			findStringDecrypterMethod();
 		}
 

de4dot.code/deobfuscators/IDeobfuscator.cs

@@ -62,9 +62,18 @@ namespace de4dot.deobfuscators {
 		// returned if not detected.
 		int earlyDetect();
 
-		// Returns 0 if it's not detected, or > 0 if detected (higher value => more likely true)
+		// Returns 0 if it's not detected, or > 0 if detected (higher value => more likely true).
+		// This method is always called.
 		int detect();
 
+		// If the obfuscator has encrypted parts of the file, then this method should return the
+		// decrypted file. Return null if it's not been encrypted.
+		byte[] getDecryptedModule();
+
+		// This is only called if getDecryptedModule() != null, and after the module has been
+		// reloaded. Should return a new IDeobfuscator with the same options and the new module.
+		IDeobfuscator moduleReloaded(ModuleDefinition module);
+
 		// Called before all other deobfuscation methods
 		void deobfuscateBegin();
 

de4dot.code/deobfuscators/SmartAssembly/Deobfuscator.cs

@@ -121,9 +121,7 @@ namespace de4dot.deobfuscators.SmartAssembly {
 			tamperProtectionRemover = new TamperProtectionRemover(module);
 		}
 
-		public override int detect() {
-			scanForObfuscator();
-
+		protected override int detectInternal() {
 			int val = 0;
 
 			if (foundSmartAssemblyAttribute)
@@ -141,7 +139,7 @@ namespace de4dot.deobfuscators.SmartAssembly {
 			return val;
 		}
 
-		protected override void scanForObfuscatorInternal() {
+		protected override void scanForObfuscator() {
 			proxyDelegateFinder = new ProxyDelegateFinder(module);
 			findSmartAssemblyAttributes();
 			findAutomatedErrorReportingType();

de4dot.code/deobfuscators/Unknown/Deobfuscator.cs

@@ -77,11 +77,14 @@ namespace de4dot.deobfuscators.Unknown {
 			return null;
 		}
 
-		public override int detect() {
+		protected override int detectInternal() {
 			setName(scanTypes());
 			return 1;
 		}
 
+		protected override void scanForObfuscator() {
+		}
+
 		string scanTypes() {
 			foreach (var type in module.Types) {
 				if (type.FullName == "BabelAttribute" || type.FullName == "BabelObfuscatorAttribute")

de4dot.code/deobfuscators/dotNET_Reactor/Deobfuscator.cs

@@ -28,7 +28,7 @@ namespace de4dot.deobfuscators.dotNET_Reactor {
 		}
 
 		internal static string ObfuscatorType {
-			get { return "DotNetReactor"; }
+			get { return "dotNetReactor"; }
 		}
 
 		public override string Type {
@@ -72,9 +72,7 @@ namespace de4dot.deobfuscators.dotNET_Reactor {
 			base.init(module);
 		}
 
-		public override int detect() {
-			scanForObfuscator();
-
+		protected override int detectInternal() {
 			int val = 0;
 
 			if (methodsDecrypter.Detected)
@@ -83,7 +81,7 @@ namespace de4dot.deobfuscators.dotNET_Reactor {
 			return val;
 		}
 
-		protected override void scanForObfuscatorInternal() {
+		protected override void scanForObfuscator() {
 			methodsDecrypter = new MethodsDecrypter(module);
 			methodsDecrypter.find();
 		}