Print CW version number

2012-05-27 07:00:13 +02:00 · 2012-05-27 07:00:13 +02:00 · c441a60372
commit c441a60372
parent eebb090827
2 changed files with 28 additions and 4 deletions
--- a/de4dot.code/deobfuscators/CodeWall/Deobfuscator.cs
+++ b/de4dot.code/deobfuscators/CodeWall/Deobfuscator.cs
@ -62,6 +62,7 @@ namespace de4dot.code.deobfuscators.CodeWall {
 		Options options;
 		MethodsDecrypter methodsDecrypter;
 		StringDecrypter stringDecrypter;
+		string obfuscatorName = DeobfuscatorInfo.THE_NAME;

 		internal class Options : OptionsBase {
 			public bool DumpEmbeddedAssemblies { get; set; }
@ -76,7 +77,7 @@ namespace de4dot.code.deobfuscators.CodeWall {
 		}

 		public override string Name {
-			get { return DeobfuscatorInfo.THE_NAME; }
+			get { return obfuscatorName; }
 		}

 		public Deobfuscator(Options options)
@ -100,6 +101,23 @@ namespace de4dot.code.deobfuscators.CodeWall {
 			methodsDecrypter.find();
 			stringDecrypter = new StringDecrypter(module);
 			stringDecrypter.find();
+			var version = detectVersion();
+			if (version != null)
+				obfuscatorName = DeobfuscatorInfo.THE_NAME + " " + version;
+		}
+
+		string detectVersion() {
+			if (stringDecrypter.Detected) {
+				switch (stringDecrypter.TheVersion) {
+				case StringDecrypter.Version.V30: return "v3.0 - v3.5";
+				case StringDecrypter.Version.V36: return "v3.6 - v4.1";
+				}
+			}
+
+			if (methodsDecrypter.Detected)
+				return "v3.0 - v4.1";
+
+			return null;
 		}

 		public override bool getDecryptedModule(ref byte[] newFileData, ref DumpedMethods dumpedMethods) {
--- a/de4dot.code/deobfuscators/CodeWall/StringDecrypter.cs
+++ b/de4dot.code/deobfuscators/CodeWall/StringDecrypter.cs
@ -29,8 +29,9 @@ namespace de4dot.code.deobfuscators.CodeWall {
 	class StringDecrypter {
 		ModuleDefinition module;
 		MethodDefinitionAndDeclaringTypeDict<StringEncrypterInfo> stringEncrypterInfos = new MethodDefinitionAndDeclaringTypeDict<StringEncrypterInfo>();
+		Version version;

-		enum Version {
+		public enum Version {
 			Unknown,
 			V30,	// 3.0 - 3.5
 			V36,	// 3.6 - 4.1
@ -102,6 +103,10 @@ namespace de4dot.code.deobfuscators.CodeWall {
 			get { return stringEncrypterInfos.Count != 0; }
 		}

+		public Version TheVersion {
+			get { return version; }
+		}
+
 		public IEnumerable<StringEncrypterInfo> Infos {
 			get { return stringEncrypterInfos.getValues(); }
 		}
@ -125,9 +130,10 @@ namespace de4dot.code.deobfuscators.CodeWall {
 		public void find() {
 			foreach (var type in module.Types) {
 				MethodDefinition decrypterMethod;
-				var version = checkType(type, out decrypterMethod);
-				if (version == Version.Unknown)
+				var decrypterVersion = checkType(type, out decrypterMethod);
+				if (decrypterVersion == Version.Unknown)
 					continue;
+				version = decrypterVersion;
 				stringEncrypterInfos.add(decrypterMethod, new StringEncrypterInfo(decrypterMethod));
 			}
 		}