Print CW version number
This commit is contained in:
parent
eebb090827
commit
c441a60372
|
@ -62,6 +62,7 @@ namespace de4dot.code.deobfuscators.CodeWall {
|
||||||
Options options;
|
Options options;
|
||||||
MethodsDecrypter methodsDecrypter;
|
MethodsDecrypter methodsDecrypter;
|
||||||
StringDecrypter stringDecrypter;
|
StringDecrypter stringDecrypter;
|
||||||
|
string obfuscatorName = DeobfuscatorInfo.THE_NAME;
|
||||||
|
|
||||||
internal class Options : OptionsBase {
|
internal class Options : OptionsBase {
|
||||||
public bool DumpEmbeddedAssemblies { get; set; }
|
public bool DumpEmbeddedAssemblies { get; set; }
|
||||||
|
@ -76,7 +77,7 @@ namespace de4dot.code.deobfuscators.CodeWall {
|
||||||
}
|
}
|
||||||
|
|
||||||
public override string Name {
|
public override string Name {
|
||||||
get { return DeobfuscatorInfo.THE_NAME; }
|
get { return obfuscatorName; }
|
||||||
}
|
}
|
||||||
|
|
||||||
public Deobfuscator(Options options)
|
public Deobfuscator(Options options)
|
||||||
|
@ -100,6 +101,23 @@ namespace de4dot.code.deobfuscators.CodeWall {
|
||||||
methodsDecrypter.find();
|
methodsDecrypter.find();
|
||||||
stringDecrypter = new StringDecrypter(module);
|
stringDecrypter = new StringDecrypter(module);
|
||||||
stringDecrypter.find();
|
stringDecrypter.find();
|
||||||
|
var version = detectVersion();
|
||||||
|
if (version != null)
|
||||||
|
obfuscatorName = DeobfuscatorInfo.THE_NAME + " " + version;
|
||||||
|
}
|
||||||
|
|
||||||
|
string detectVersion() {
|
||||||
|
if (stringDecrypter.Detected) {
|
||||||
|
switch (stringDecrypter.TheVersion) {
|
||||||
|
case StringDecrypter.Version.V30: return "v3.0 - v3.5";
|
||||||
|
case StringDecrypter.Version.V36: return "v3.6 - v4.1";
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
if (methodsDecrypter.Detected)
|
||||||
|
return "v3.0 - v4.1";
|
||||||
|
|
||||||
|
return null;
|
||||||
}
|
}
|
||||||
|
|
||||||
public override bool getDecryptedModule(ref byte[] newFileData, ref DumpedMethods dumpedMethods) {
|
public override bool getDecryptedModule(ref byte[] newFileData, ref DumpedMethods dumpedMethods) {
|
||||||
|
|
|
@ -29,8 +29,9 @@ namespace de4dot.code.deobfuscators.CodeWall {
|
||||||
class StringDecrypter {
|
class StringDecrypter {
|
||||||
ModuleDefinition module;
|
ModuleDefinition module;
|
||||||
MethodDefinitionAndDeclaringTypeDict<StringEncrypterInfo> stringEncrypterInfos = new MethodDefinitionAndDeclaringTypeDict<StringEncrypterInfo>();
|
MethodDefinitionAndDeclaringTypeDict<StringEncrypterInfo> stringEncrypterInfos = new MethodDefinitionAndDeclaringTypeDict<StringEncrypterInfo>();
|
||||||
|
Version version;
|
||||||
|
|
||||||
enum Version {
|
public enum Version {
|
||||||
Unknown,
|
Unknown,
|
||||||
V30, // 3.0 - 3.5
|
V30, // 3.0 - 3.5
|
||||||
V36, // 3.6 - 4.1
|
V36, // 3.6 - 4.1
|
||||||
|
@ -102,6 +103,10 @@ namespace de4dot.code.deobfuscators.CodeWall {
|
||||||
get { return stringEncrypterInfos.Count != 0; }
|
get { return stringEncrypterInfos.Count != 0; }
|
||||||
}
|
}
|
||||||
|
|
||||||
|
public Version TheVersion {
|
||||||
|
get { return version; }
|
||||||
|
}
|
||||||
|
|
||||||
public IEnumerable<StringEncrypterInfo> Infos {
|
public IEnumerable<StringEncrypterInfo> Infos {
|
||||||
get { return stringEncrypterInfos.getValues(); }
|
get { return stringEncrypterInfos.getValues(); }
|
||||||
}
|
}
|
||||||
|
@ -125,9 +130,10 @@ namespace de4dot.code.deobfuscators.CodeWall {
|
||||||
public void find() {
|
public void find() {
|
||||||
foreach (var type in module.Types) {
|
foreach (var type in module.Types) {
|
||||||
MethodDefinition decrypterMethod;
|
MethodDefinition decrypterMethod;
|
||||||
var version = checkType(type, out decrypterMethod);
|
var decrypterVersion = checkType(type, out decrypterMethod);
|
||||||
if (version == Version.Unknown)
|
if (decrypterVersion == Version.Unknown)
|
||||||
continue;
|
continue;
|
||||||
|
version = decrypterVersion;
|
||||||
stringEncrypterInfos.add(decrypterMethod, new StringEncrypterInfo(decrypterMethod));
|
stringEncrypterInfos.add(decrypterMethod, new StringEncrypterInfo(decrypterMethod));
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue
Block a user