Add decrypt methods to IDeobfuscator. Change some method sigs.
This commit is contained in:
parent
794b9dfd77
commit
bfa0fa14c0
|
@ -104,9 +104,7 @@ namespace de4dot.deobfuscators.CliSecure {
|
|||
base.init(module);
|
||||
}
|
||||
|
||||
public override int detect() {
|
||||
scanForObfuscator();
|
||||
|
||||
protected override int detectInternal() {
|
||||
int val = 0;
|
||||
|
||||
if (cliSecureRtType != null || foundCliSecureAttribute)
|
||||
|
@ -119,7 +117,7 @@ namespace de4dot.deobfuscators.CliSecure {
|
|||
return val;
|
||||
}
|
||||
|
||||
protected override void scanForObfuscatorInternal() {
|
||||
protected override void scanForObfuscator() {
|
||||
proxyDelegateFinder = new ProxyDelegateFinder(module);
|
||||
findCliSecureAttribute();
|
||||
findCliSecureRtType();
|
||||
|
|
|
@ -90,9 +90,7 @@ namespace de4dot.deobfuscators.CryptoObfuscator {
|
|||
base.init(module);
|
||||
}
|
||||
|
||||
public override int detect() {
|
||||
scanForObfuscator();
|
||||
|
||||
protected override int detectInternal() {
|
||||
int val = 0;
|
||||
|
||||
if (foundCryptoObfuscatorAttribute)
|
||||
|
@ -109,7 +107,7 @@ namespace de4dot.deobfuscators.CryptoObfuscator {
|
|||
return val;
|
||||
}
|
||||
|
||||
protected override void scanForObfuscatorInternal() {
|
||||
protected override void scanForObfuscator() {
|
||||
foreach (var type in module.Types) {
|
||||
if (type.FullName == "CryptoObfuscator.ProtectedWithCryptoObfuscatorAttribute") {
|
||||
foundCryptoObfuscatorAttribute = true;
|
||||
|
|
|
@ -46,7 +46,6 @@ namespace de4dot.deobfuscators {
|
|||
IList<RemoveInfo<Resource>> resourcesToRemove = new List<RemoveInfo<Resource>>();
|
||||
IList<RemoveInfo<ModuleReference>> modrefsToRemove = new List<RemoveInfo<ModuleReference>>();
|
||||
List<string> namesToPossiblyRemove = new List<string>();
|
||||
bool scanForObfuscatorCalled = false;
|
||||
MethodCallRemover methodCallRemover = new MethodCallRemover();
|
||||
|
||||
internal class OptionsBase : IDeobfuscatorOptions {
|
||||
|
@ -82,6 +81,10 @@ namespace de4dot.deobfuscators {
|
|||
}
|
||||
|
||||
public virtual void init(ModuleDefinition module) {
|
||||
setModule(module);
|
||||
}
|
||||
|
||||
protected void setModule(ModuleDefinition module) {
|
||||
this.module = module;
|
||||
}
|
||||
|
||||
|
@ -89,20 +92,23 @@ namespace de4dot.deobfuscators {
|
|||
return 0;
|
||||
}
|
||||
|
||||
protected void scanForObfuscator() {
|
||||
if (scanForObfuscatorCalled)
|
||||
return;
|
||||
scanForObfuscatorCalled = true;
|
||||
scanForObfuscatorInternal();
|
||||
public virtual int detect() {
|
||||
scanForObfuscator();
|
||||
return detectInternal();
|
||||
}
|
||||
|
||||
protected virtual void scanForObfuscatorInternal() {
|
||||
protected abstract void scanForObfuscator();
|
||||
protected abstract int detectInternal();
|
||||
|
||||
public virtual byte[] getDecryptedModule() {
|
||||
return null;
|
||||
}
|
||||
|
||||
public abstract int detect();
|
||||
public virtual IDeobfuscator moduleReloaded(ModuleDefinition module) {
|
||||
throw new ApplicationException("moduleReloaded() must be overridden by the deobfuscator");
|
||||
}
|
||||
|
||||
public virtual void deobfuscateBegin() {
|
||||
scanForObfuscator();
|
||||
}
|
||||
|
||||
public virtual void deobfuscateMethodBegin(Blocks blocks) {
|
||||
|
|
|
@ -76,9 +76,7 @@ namespace de4dot.deobfuscators.Dotfuscator {
|
|||
this.options = options;
|
||||
}
|
||||
|
||||
public override int detect() {
|
||||
scanForObfuscator();
|
||||
|
||||
protected override int detectInternal() {
|
||||
int val = 0;
|
||||
|
||||
if (foundDotfuscatorAttribute)
|
||||
|
@ -89,7 +87,7 @@ namespace de4dot.deobfuscators.Dotfuscator {
|
|||
return val;
|
||||
}
|
||||
|
||||
protected override void scanForObfuscatorInternal() {
|
||||
protected override void scanForObfuscator() {
|
||||
findDotfuscatorAttribute();
|
||||
findStringDecrypterMethods();
|
||||
}
|
||||
|
|
|
@ -65,14 +65,13 @@ namespace de4dot.deobfuscators.Eazfuscator {
|
|||
DefaultDecrypterType = DecrypterType.Emulate;
|
||||
}
|
||||
|
||||
public override int detect() {
|
||||
scanForObfuscator();
|
||||
protected override int detectInternal() {
|
||||
if (decryptStringMethod != null)
|
||||
return 100;
|
||||
return 0;
|
||||
}
|
||||
|
||||
protected override void scanForObfuscatorInternal() {
|
||||
protected override void scanForObfuscator() {
|
||||
findStringDecrypterMethod();
|
||||
}
|
||||
|
||||
|
|
|
@ -62,9 +62,18 @@ namespace de4dot.deobfuscators {
|
|||
// returned if not detected.
|
||||
int earlyDetect();
|
||||
|
||||
// Returns 0 if it's not detected, or > 0 if detected (higher value => more likely true)
|
||||
// Returns 0 if it's not detected, or > 0 if detected (higher value => more likely true).
|
||||
// This method is always called.
|
||||
int detect();
|
||||
|
||||
// If the obfuscator has encrypted parts of the file, then this method should return the
|
||||
// decrypted file. Return null if it's not been encrypted.
|
||||
byte[] getDecryptedModule();
|
||||
|
||||
// This is only called if getDecryptedModule() != null, and after the module has been
|
||||
// reloaded. Should return a new IDeobfuscator with the same options and the new module.
|
||||
IDeobfuscator moduleReloaded(ModuleDefinition module);
|
||||
|
||||
// Called before all other deobfuscation methods
|
||||
void deobfuscateBegin();
|
||||
|
||||
|
|
|
@ -121,9 +121,7 @@ namespace de4dot.deobfuscators.SmartAssembly {
|
|||
tamperProtectionRemover = new TamperProtectionRemover(module);
|
||||
}
|
||||
|
||||
public override int detect() {
|
||||
scanForObfuscator();
|
||||
|
||||
protected override int detectInternal() {
|
||||
int val = 0;
|
||||
|
||||
if (foundSmartAssemblyAttribute)
|
||||
|
@ -141,7 +139,7 @@ namespace de4dot.deobfuscators.SmartAssembly {
|
|||
return val;
|
||||
}
|
||||
|
||||
protected override void scanForObfuscatorInternal() {
|
||||
protected override void scanForObfuscator() {
|
||||
proxyDelegateFinder = new ProxyDelegateFinder(module);
|
||||
findSmartAssemblyAttributes();
|
||||
findAutomatedErrorReportingType();
|
||||
|
|
|
@ -77,11 +77,14 @@ namespace de4dot.deobfuscators.Unknown {
|
|||
return null;
|
||||
}
|
||||
|
||||
public override int detect() {
|
||||
protected override int detectInternal() {
|
||||
setName(scanTypes());
|
||||
return 1;
|
||||
}
|
||||
|
||||
protected override void scanForObfuscator() {
|
||||
}
|
||||
|
||||
string scanTypes() {
|
||||
foreach (var type in module.Types) {
|
||||
if (type.FullName == "BabelAttribute" || type.FullName == "BabelObfuscatorAttribute")
|
||||
|
|
|
@ -28,7 +28,7 @@ namespace de4dot.deobfuscators.dotNET_Reactor {
|
|||
}
|
||||
|
||||
internal static string ObfuscatorType {
|
||||
get { return "DotNetReactor"; }
|
||||
get { return "dotNetReactor"; }
|
||||
}
|
||||
|
||||
public override string Type {
|
||||
|
@ -72,9 +72,7 @@ namespace de4dot.deobfuscators.dotNET_Reactor {
|
|||
base.init(module);
|
||||
}
|
||||
|
||||
public override int detect() {
|
||||
scanForObfuscator();
|
||||
|
||||
protected override int detectInternal() {
|
||||
int val = 0;
|
||||
|
||||
if (methodsDecrypter.Detected)
|
||||
|
@ -83,7 +81,7 @@ namespace de4dot.deobfuscators.dotNET_Reactor {
|
|||
return val;
|
||||
}
|
||||
|
||||
protected override void scanForObfuscatorInternal() {
|
||||
protected override void scanForObfuscator() {
|
||||
methodsDecrypter = new MethodsDecrypter(module);
|
||||
methodsDecrypter.find();
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue
Block a user