Add decrypt methods to IDeobfuscator. Change some method sigs.

2011-10-26 14:29:12 +02:00 · 2011-10-26 14:29:12 +02:00 · bfa0fa14c0
commit bfa0fa14c0
parent 794b9dfd77
9 changed files with 42 additions and 35 deletions
--- a/de4dot.code/deobfuscators/CliSecure/Deobfuscator.cs
+++ b/de4dot.code/deobfuscators/CliSecure/Deobfuscator.cs
@ -104,9 +104,7 @@ namespace de4dot.deobfuscators.CliSecure {
 			base.init(module);
 		}
-		public override int detect() {
+		protected override int detectInternal() {
 			scanForObfuscator();
 			int val = 0;
 			if (cliSecureRtType != null || foundCliSecureAttribute)
@ -119,7 +117,7 @@ namespace de4dot.deobfuscators.CliSecure {
 			return val;
 		}
-		protected override void scanForObfuscatorInternal() {
+		protected override void scanForObfuscator() {
 			proxyDelegateFinder = new ProxyDelegateFinder(module);
 			findCliSecureAttribute();
 			findCliSecureRtType();
--- a/de4dot.code/deobfuscators/CryptoObfuscator/Deobfuscator.cs
+++ b/de4dot.code/deobfuscators/CryptoObfuscator/Deobfuscator.cs
@ -90,9 +90,7 @@ namespace de4dot.deobfuscators.CryptoObfuscator {
 			base.init(module);
 		}
-		public override int detect() {
+		protected override int detectInternal() {
 			scanForObfuscator();
 			int val = 0;
 			if (foundCryptoObfuscatorAttribute)
@ -109,7 +107,7 @@ namespace de4dot.deobfuscators.CryptoObfuscator {
 			return val;
 		}
-		protected override void scanForObfuscatorInternal() {
+		protected override void scanForObfuscator() {
 			foreach (var type in module.Types) {
 				if (type.FullName == "CryptoObfuscator.ProtectedWithCryptoObfuscatorAttribute") {
 					foundCryptoObfuscatorAttribute = true;
--- a/de4dot.code/deobfuscators/DeobfuscatorBase.cs
+++ b/de4dot.code/deobfuscators/DeobfuscatorBase.cs
@ -46,7 +46,6 @@ namespace de4dot.deobfuscators {
 		IList<RemoveInfo<Resource>> resourcesToRemove = new List<RemoveInfo<Resource>>();
 		IList<RemoveInfo<ModuleReference>> modrefsToRemove = new List<RemoveInfo<ModuleReference>>();
 		List<string> namesToPossiblyRemove = new List<string>();
 		bool scanForObfuscatorCalled = false;
 		MethodCallRemover methodCallRemover = new MethodCallRemover();
 		internal class OptionsBase : IDeobfuscatorOptions {
@ -82,6 +81,10 @@ namespace de4dot.deobfuscators {
 		}
 		public virtual void init(ModuleDefinition module) {
 			setModule(module);
 		}
 		protected void setModule(ModuleDefinition module) {
 			this.module = module;
 		}
@ -89,20 +92,23 @@ namespace de4dot.deobfuscators {
 			return 0;
 		}
-		protected void scanForObfuscator() {
+		public virtual int detect() {
-			if (scanForObfuscatorCalled)
+			scanForObfuscator();
-				return;
+			return detectInternal();
 			scanForObfuscatorCalled = true;
 			scanForObfuscatorInternal();
 		}
-		protected virtual void scanForObfuscatorInternal() {
+		protected abstract void scanForObfuscator();
 		protected abstract int detectInternal();
 		public virtual byte[] getDecryptedModule() {
 			return null;
 		}
-		public abstract int detect();
+		public virtual IDeobfuscator moduleReloaded(ModuleDefinition module) {
 			throw new ApplicationException("moduleReloaded() must be overridden by the deobfuscator");
 		}
 		public virtual void deobfuscateBegin() {
 			scanForObfuscator();
 		}
 		public virtual void deobfuscateMethodBegin(Blocks blocks) {
--- a/de4dot.code/deobfuscators/Dotfuscator/Deobfuscator.cs
+++ b/de4dot.code/deobfuscators/Dotfuscator/Deobfuscator.cs
@ -76,9 +76,7 @@ namespace de4dot.deobfuscators.Dotfuscator {
 			this.options = options;
 		}
-		public override int detect() {
+		protected override int detectInternal() {
 			scanForObfuscator();
 			int val = 0;
 			if (foundDotfuscatorAttribute)
@ -89,7 +87,7 @@ namespace de4dot.deobfuscators.Dotfuscator {
 			return val;
 		}
-		protected override void scanForObfuscatorInternal() {
+		protected override void scanForObfuscator() {
 			findDotfuscatorAttribute();
 			findStringDecrypterMethods();
 		}
--- a/de4dot.code/deobfuscators/Eazfuscator/Deobfuscator.cs
+++ b/de4dot.code/deobfuscators/Eazfuscator/Deobfuscator.cs
@ -65,14 +65,13 @@ namespace de4dot.deobfuscators.Eazfuscator {
 			DefaultDecrypterType = DecrypterType.Emulate;
 		}
-		public override int detect() {
+		protected override int detectInternal() {
 			scanForObfuscator();
 			if (decryptStringMethod != null)
 				return 100;
 			return 0;
 		}
-		protected override void scanForObfuscatorInternal() {
+		protected override void scanForObfuscator() {
 			findStringDecrypterMethod();
 		}
--- a/de4dot.code/deobfuscators/IDeobfuscator.cs
+++ b/de4dot.code/deobfuscators/IDeobfuscator.cs
@ -62,9 +62,18 @@ namespace de4dot.deobfuscators {
 		// returned if not detected.
 		int earlyDetect();
-		// Returns 0 if it's not detected, or > 0 if detected (higher value => more likely true)
+		// Returns 0 if it's not detected, or > 0 if detected (higher value => more likely true).
 		// This method is always called.
 		int detect();
 		// If the obfuscator has encrypted parts of the file, then this method should return the
 		// decrypted file. Return null if it's not been encrypted.
 		byte[] getDecryptedModule();
 		// This is only called if getDecryptedModule() != null, and after the module has been
 		// reloaded. Should return a new IDeobfuscator with the same options and the new module.
 		IDeobfuscator moduleReloaded(ModuleDefinition module);
 		// Called before all other deobfuscation methods
 		void deobfuscateBegin();
--- a/de4dot.code/deobfuscators/SmartAssembly/Deobfuscator.cs
+++ b/de4dot.code/deobfuscators/SmartAssembly/Deobfuscator.cs
@ -121,9 +121,7 @@ namespace de4dot.deobfuscators.SmartAssembly {
 			tamperProtectionRemover = new TamperProtectionRemover(module);
 		}
-		public override int detect() {
+		protected override int detectInternal() {
 			scanForObfuscator();
 			int val = 0;
 			if (foundSmartAssemblyAttribute)
@ -141,7 +139,7 @@ namespace de4dot.deobfuscators.SmartAssembly {
 			return val;
 		}
-		protected override void scanForObfuscatorInternal() {
+		protected override void scanForObfuscator() {
 			proxyDelegateFinder = new ProxyDelegateFinder(module);
 			findSmartAssemblyAttributes();
 			findAutomatedErrorReportingType();
--- a/de4dot.code/deobfuscators/Unknown/Deobfuscator.cs
+++ b/de4dot.code/deobfuscators/Unknown/Deobfuscator.cs
@ -77,11 +77,14 @@ namespace de4dot.deobfuscators.Unknown {
 			return null;
 		}
-		public override int detect() {
+		protected override int detectInternal() {
 			setName(scanTypes());
 			return 1;
 		}
 		protected override void scanForObfuscator() {
 		}
 		string scanTypes() {
 			foreach (var type in module.Types) {
 				if (type.FullName == "BabelAttribute" || type.FullName == "BabelObfuscatorAttribute")
--- a/de4dot.code/deobfuscators/dotNET_Reactor/Deobfuscator.cs
+++ b/de4dot.code/deobfuscators/dotNET_Reactor/Deobfuscator.cs
@ -28,7 +28,7 @@ namespace de4dot.deobfuscators.dotNET_Reactor {
 		}
 		internal static string ObfuscatorType {
-			get { return "DotNetReactor"; }
+			get { return "dotNetReactor"; }
 		}
 		public override string Type {
@ -72,9 +72,7 @@ namespace de4dot.deobfuscators.dotNET_Reactor {
 			base.init(module);
 		}
-		public override int detect() {
+		protected override int detectInternal() {
 			scanForObfuscator();
 			int val = 0;
 			if (methodsDecrypter.Detected)
@ -83,7 +81,7 @@ namespace de4dot.deobfuscators.dotNET_Reactor {
 			return val;
 		}
-		protected override void scanForObfuscatorInternal() {
+		protected override void scanForObfuscator() {
 			methodsDecrypter = new MethodsDecrypter(module);
 			methodsDecrypter.find();
 		}