monocul.us/de4dot-cex
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Support latest AN build

Browse Source
This commit is contained in:
de4dot 2012-06-27 10:27:16 +02:00
parent d1259460e3
commit cd0a193bdf
2 changed files with 675 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

674
de4dot.code/deobfuscators/CliSecure/vm/OpCodeHandlers.cs
View File

@ -1193,6 +1193,680 @@ namespace de4dot.code.deobfuscators.CliSecure.vm {
Read = throw_read,
},
},
new OpCodeHandler[] {
new OpCodeHandler {
Name = "arithmetic",
OpCodeHandlerSigInfo = new OpCodeHandlerSigInfo {
RequiredFieldTypes = new object[] {
FieldsInfo.EnumType,
"System.Double",
},
ExecuteMethodLocals = new string[] {
"System.Object",
"System.Boolean",
},
ExecuteMethodThrows = 1,
ExecuteMethodPops = 2,
NumStaticMethods = 0,
NumInstanceMethods = 14,
NumVirtualMethods = 2,
NumCtors = 1,
},
Check = null,
Read = arithmetic_read,
},
new OpCodeHandler {
Name = "box/unbox",
OpCodeHandlerSigInfo = new OpCodeHandlerSigInfo {
RequiredFieldTypes = new object[] {
FieldsInfo.EnumType,
"System.UInt32",
FieldsInfo.EnumType,
},
ExecuteMethodLocals = new string[] {
"System.Object",
"System.Type",
"System.Boolean",
},
ExecuteMethodThrows = 0,
ExecuteMethodPops = 2,
NumStaticMethods = 0,
NumInstanceMethods = 2,
NumVirtualMethods = 2,
NumCtors = 1,
},
Check = null,
Read = box_read,
},
new OpCodeHandler {
Name = "call",
OpCodeHandlerSigInfo = new OpCodeHandlerSigInfo {
RequiredFieldTypes = new object[] {
"System.Collections.Generic.Dictionary`2<System.Reflection.Module,System.Collections.Generic.Dictionary`2<System.Int32,System.Reflection.MethodBase>>",
"System.Collections.Generic.Dictionary`2<System.String,System.Int32>",
"System.Collections.Generic.Dictionary`2<System.Reflection.MethodInfo,System.Reflection.Emit.DynamicMethod>",
"System.Reflection.MethodBase",
"System.UInt32",
FieldsInfo.EnumType,
FieldsInfo.EnumType,
"System.Boolean",
},
ExecuteMethodLocals = new string[] {
"System.Boolean",
"System.Reflection.Module",
"System.Collections.Generic.Dictionary`2<System.Int32,System.Reflection.MethodBase>",
"System.Object",
"System.Reflection.ParameterInfo[]",
"System.Int32",
"System.Object[]",
"System.Reflection.ConstructorInfo",
"System.Reflection.MethodInfo",
"System.Collections.Generic.Dictionary`2<System.Reflection.Module,System.Collections.Generic.Dictionary`2<System.Int32,System.Reflection.MethodBase>>",
},
ExecuteMethodThrows = 1,
ExecuteMethodPops = 2,
NumStaticMethods = 2,
NumInstanceMethods = 4,
NumVirtualMethods = 2,
NumCtors = 1,
},
Check = null,
Read = call_read,
},
new OpCodeHandler {
Name = "cast",
OpCodeHandlerSigInfo = new OpCodeHandlerSigInfo {
RequiredFieldTypes = new object[] {
"System.UInt32",
FieldsInfo.EnumType,
"System.Reflection.MethodBase",
},
ExecuteMethodLocals = new string[] {
"System.Type",
"System.Object",
"System.Boolean",
},
ExecuteMethodThrows = 1,
ExecuteMethodPops = 1,
NumStaticMethods = 0,
NumInstanceMethods = 0,
NumVirtualMethods = 2,
NumCtors = 2,
},
Check = null,
Read = cast_read,
},
new OpCodeHandler {
Name = "compare",
OpCodeHandlerSigInfo = new OpCodeHandlerSigInfo {
RequiredFieldTypes = new object[] {
"System.Int32",
FieldsInfo.EnumType,
},
ExecuteMethodLocals = new string[] {
"System.Int32",
"System.Object",
"System.Boolean",
},
ExecuteMethodThrows = 1,
ExecuteMethodPops = 2,
NumStaticMethods = 1,
NumInstanceMethods = 7,
NumVirtualMethods = 2,
NumCtors = 1,
},
Check = null,
Read = compare_read,
},
new OpCodeHandler {
Name = "convert",
OpCodeHandlerSigInfo = new OpCodeHandlerSigInfo {
RequiredFieldTypes = new object[] {
FieldsInfo.EnumType,
"System.Boolean",
"System.Boolean",
"System.UInt16",
},
ExecuteMethodLocals = new string[] {
"System.Object",
"System.Boolean",
},
ExecuteMethodThrows = 0,
ExecuteMethodPops = 1,
NumStaticMethods = 0,
NumInstanceMethods = 13,
NumVirtualMethods = 2,
NumCtors = 1,
},
Check = null,
Read = convert_read,
},
new OpCodeHandler {
Name = "dup/pop",
OpCodeHandlerSigInfo = new OpCodeHandlerSigInfo {
RequiredFieldTypes = new object[] {
FieldsInfo.EnumType,
},
ExecuteMethodThrows = 0,
ExecuteMethodPops = 1,
NumStaticMethods = 0,
NumInstanceMethods = 0,
NumVirtualMethods = 2,
NumCtors = 1,
},
Check = null,
Read = dup_read,
},
new OpCodeHandler {
Name = "endfinally",
OpCodeHandlerSigInfo = new OpCodeHandlerSigInfo {
RequiredFieldTypes = new object[] {
"System.UInt32",
},
ExecuteMethodLocals = new string[] {
"System.Int32",
},
ExecuteMethodThrows = 2,
ExecuteMethodPops = 0,
NumStaticMethods = 0,
NumInstanceMethods = 0,
NumVirtualMethods = 2,
NumCtors = 1,
},
Check = endfinally_check,
Read = endfinally_read,
},
new OpCodeHandler {
Name = "initobj",
OpCodeHandlerSigInfo = new OpCodeHandlerSigInfo {
RequiredFieldTypes = new object[] {
"System.UInt32",
"System.Double",
},
ExecuteMethodLocals = new string[] {
"System.Type",
"System.Boolean",
},
ExecuteMethodThrows = 1,
ExecuteMethodPops = 1,
NumStaticMethods = 0,
NumInstanceMethods = 0,
NumVirtualMethods = 2,
NumCtors = 1,
},
Check = null,
Read = initobj_read,
},
new OpCodeHandler {
Name = "ldelem/stelem",
OpCodeHandlerSigInfo = new OpCodeHandlerSigInfo {
RequiredFieldTypes = new object[] {
"System.Boolean",
"System.Boolean",
FieldsInfo.EnumType,
"System.UInt32",
},
ExecuteMethodLocals = new string[] {
"System.Int32",
"System.Array",
"System.Object",
"System.Type",
"System.Boolean",
},
ExecuteMethodThrows = 0,
ExecuteMethodPops = 5,
NumStaticMethods = 0,
NumInstanceMethods = 0,
NumVirtualMethods = 2,
NumCtors = 1,
},
Check = null,
Read = ldelem_read,
},
new OpCodeHandler {
Name = "ldelema",
OpCodeHandlerSigInfo = new OpCodeHandlerSigInfo {
RequiredFieldTypes = new object[0],
ExecuteMethodLocals = new string[] {
"System.Int32",
"System.Array",
},
ExecuteMethodThrows = 0,
ExecuteMethodPops = 2,
NumStaticMethods = 0,
NumInstanceMethods = 0,
NumVirtualMethods = 2,
NumCtors = 1,
},
Check = null,
Read = ldelema_read,
},
new OpCodeHandler {
Name = "ldlen",
OpCodeHandlerSigInfo = new OpCodeHandlerSigInfo {
RequiredFieldTypes = new object[0],
ExecuteMethodLocals = new string[] {
"System.Array",
"System.Object",
"System.Boolean",
},
ExecuteMethodThrows = 0,
ExecuteMethodPops = 1,
NumStaticMethods = 0,
NumInstanceMethods = 0,
NumVirtualMethods = 2,
NumCtors = 1,
},
Check = null,
Read = ldlen_read,
},
new OpCodeHandler {
Name = "ldobj",
OpCodeHandlerSigInfo = new OpCodeHandlerSigInfo {
RequiredFieldTypes = new object[0],
ExecuteMethodLocals = new string[] {
"System.Boolean",
},
ExecuteMethodThrows = 1,
ExecuteMethodPops = 1,
NumStaticMethods = 0,
NumInstanceMethods = 0,
NumVirtualMethods = 2,
NumCtors = 1,
},
Check = null,
Read = ldobj_read,
},
new OpCodeHandler {
Name = "ldstr",
OpCodeHandlerSigInfo = new OpCodeHandlerSigInfo {
RequiredFieldTypes = new object[] {
"System.String",
},
ExecuteMethodThrows = 0,
ExecuteMethodPops = 0,
NumStaticMethods = 0,
NumInstanceMethods = 0,
NumVirtualMethods = 2,
NumCtors = 1,
},
Check = null,
Read = ldstr_read,
},
new OpCodeHandler {
Name = "ldtoken",
OpCodeHandlerSigInfo = new OpCodeHandlerSigInfo {
RequiredFieldTypes = new object[] {
"System.UInt32",
},
ExecuteMethodLocals = new string[] {
"System.Object",
"System.Reflection.MemberInfo",
"System.Boolean",
},
ExecuteMethodThrows = 1,
ExecuteMethodPops = 0,
NumStaticMethods = 0,
NumInstanceMethods = 0,
NumVirtualMethods = 2,
NumCtors = 1,
},
Check = ldtoken_check,
Read = ldtoken_read,
},
new OpCodeHandler {
Name = "leave",
OpCodeHandlerSigInfo = new OpCodeHandlerSigInfo {
RequiredFieldTypes = new object[] {
"System.Int32",
},
ExecuteMethodLocals = new string[] {
"System.Int32",
"System.Boolean",
},
ExecuteMethodThrows = 0,
ExecuteMethodPops = 0,
NumStaticMethods = 0,
NumInstanceMethods = 0,
NumVirtualMethods = 2,
NumCtors = 1,
},
Check = leave_check,
Read = leave_read,
},
new OpCodeHandler {
Name = "load constant",
OpCodeHandlerSigInfo = new OpCodeHandlerSigInfo {
RequiredFieldTypes = new object[] {
"System.Object",
"System.Double",
"System.UInt16",
},
ExecuteMethodLocals = new string[] {
"System.Boolean",
},
ExecuteMethodThrows = 0,
ExecuteMethodPops = 1,
NumStaticMethods = 0,
NumInstanceMethods = 0,
NumVirtualMethods = 2,
NumCtors = 1,
},
Check = null,
Read = ldc_read,
},
new OpCodeHandler {
Name = "load func",
OpCodeHandlerSigInfo = new OpCodeHandlerSigInfo {
RequiredFieldTypes = new object[] {
FieldsInfo.EnumType,
"System.UInt32",
"System.UInt32",
},
ExecuteMethodLocals = new string[] {
"System.Reflection.MethodBase",
"System.IntPtr",
"System.Type",
"System.Delegate",
"System.RuntimeMethodHandle",
},
ExecuteMethodThrows = 0,
ExecuteMethodPops = 1,
NumStaticMethods = 0,
NumInstanceMethods = 0,
NumVirtualMethods = 2,
NumCtors = 1,
},
Check = null,
Read = ldftn_read,
},
new OpCodeHandler {
Name = "load local/arg",
OpCodeHandlerSigInfo = new OpCodeHandlerSigInfo {
RequiredFieldTypes = new object[] {
"System.Boolean",
"System.UInt16",
"System.UInt32",
},
ExecuteMethodLocals = new string[] {
"System.Boolean",
},
ExecuteMethodThrows = 0,
ExecuteMethodPops = 0,
NumStaticMethods = 0,
NumInstanceMethods = 0,
NumVirtualMethods = 2,
NumCtors = 1,
},
Check = null,
Read = ldloc_read,
},
new OpCodeHandler {
Name = "load local/arg address",
OpCodeHandlerSigInfo = new OpCodeHandlerSigInfo {
RequiredFieldTypes = new object[] {
"System.Boolean",
"System.UInt32",
},
ExecuteMethodLocals = new string[] {
"System.Array",
"System.Boolean",
},
ExecuteMethodThrows = 0,
ExecuteMethodPops = 0,
NumStaticMethods = 0,
NumInstanceMethods = 0,
NumVirtualMethods = 2,
NumCtors = 1,
},
Check = null,
Read = ldloca_read,
},
new OpCodeHandler {
Name = "load/store field",
OpCodeHandlerSigInfo = new OpCodeHandlerSigInfo {
RequiredFieldTypes = new object[] {
"System.UInt32",
FieldsInfo.EnumType,
},
ExecuteMethodLocals = new string[] {
"System.Reflection.FieldInfo",
"System.Object",
"System.Boolean",
},
ExecuteMethodThrows = 0,
ExecuteMethodPops = 4,
NumStaticMethods = 0,
NumInstanceMethods = 0,
NumVirtualMethods = 2,
NumCtors = 1,
},
Check = null,
Read = ldfld_read,
},
new OpCodeHandler {
Name = "logical",
OpCodeHandlerSigInfo = new OpCodeHandlerSigInfo {
RequiredFieldTypes = new object[] {
FieldsInfo.EnumType,
FieldsInfo.EnumType,
},
ExecuteMethodLocals = new string[] {
"System.Object",
"System.Boolean",
},
ExecuteMethodThrows = 1,
ExecuteMethodPops = 2,
NumStaticMethods = 0,
NumInstanceMethods = 6,
NumVirtualMethods = 2,
NumCtors = 1,
},
Check = null,
Read = logical_read,
},
new OpCodeHandler {
Name = "neg/not",
OpCodeHandlerSigInfo = new OpCodeHandlerSigInfo {
RequiredFieldTypes = new object[] {
FieldsInfo.EnumType,
},
ExecuteMethodLocals = new string[] {
"System.Object",
},
ExecuteMethodThrows = 1,
ExecuteMethodPops = 1,
NumStaticMethods = 0,
NumInstanceMethods = 2,
NumVirtualMethods = 2,
NumCtors = 1,
},
Check = null,
Read = neg_read,
},
new OpCodeHandler {
Name = "newarr",
OpCodeHandlerSigInfo = new OpCodeHandlerSigInfo {
RequiredFieldTypes = new object[] {
"System.UInt32",
},
ExecuteMethodLocals = new string[] {
"System.Object",
"System.Int32",
"System.Type",
"System.Boolean",
"System.IntPtr",
},
ExecuteMethodThrows = 0,
ExecuteMethodPops = 1,
NumStaticMethods = 0,
NumInstanceMethods = 0,
NumVirtualMethods = 2,
NumCtors = 1,
},
Check = newarr_check,
Read = newarr_read,
},
new OpCodeHandler {
Name = "nop",
OpCodeHandlerSigInfo = new OpCodeHandlerSigInfo {
RequiredFieldTypes = new object[0],
ExecuteMethodThrows = 0,
ExecuteMethodPops = 0,
NumStaticMethods = 0,
NumInstanceMethods = 0,
NumVirtualMethods = 2,
NumCtors = 1,
},
Check = nop_check,
Read = nop_read,
},
new OpCodeHandler {
Name = "ret",
OpCodeHandlerSigInfo = new OpCodeHandlerSigInfo {
RequiredFieldTypes = new object[] {
"System.UInt32",
},
ExecuteMethodLocals = new string[] {
"System.Reflection.MethodInfo",
"System.Type",
"System.Object",
"System.Boolean",
},
ExecuteMethodThrows = 0,
ExecuteMethodPops = 1,
NumStaticMethods = 0,
NumInstanceMethods = 0,
NumVirtualMethods = 2,
NumCtors = 1,
},
Check = ret_check,
Read = ret_read,
},
new OpCodeHandler {
Name = "rethrow",
OpCodeHandlerSigInfo = new OpCodeHandlerSigInfo {
RequiredFieldTypes = new object[0],
ExecuteMethodThrows = 1,
ExecuteMethodPops = 0,
NumStaticMethods = 0,
NumInstanceMethods = 0,
NumVirtualMethods = 2,
NumCtors = 1,
},
Check = rethrow_check,
Read = rethrow_read,
},
new OpCodeHandler {
Name = "stobj",
OpCodeHandlerSigInfo = new OpCodeHandlerSigInfo {
RequiredFieldTypes = new object[0],
ExecuteMethodLocals = new string[] {
"System.Boolean",
},
ExecuteMethodThrows = 1,
ExecuteMethodPops = 2,
NumStaticMethods = 0,
NumInstanceMethods = 0,
NumVirtualMethods = 2,
NumCtors = 1,
},
Check = null,
Read = stobj_read,
},
new OpCodeHandler {
Name = "store local/arg",
OpCodeHandlerSigInfo = new OpCodeHandlerSigInfo {
RequiredFieldTypes = new object[] {
"System.Boolean",
"System.UInt16",
FieldsInfo.EnumType,
},
ExecuteMethodLocals = new string[] {
"System.Object",
"System.Boolean",
},
ExecuteMethodThrows = 0,
ExecuteMethodPops = 1,
NumStaticMethods = 0,
NumInstanceMethods = 0,
NumVirtualMethods = 2,
NumCtors = 1,
},
Check = null,
Read = stloc_read,
},
new OpCodeHandler {
Name = "switch",
OpCodeHandlerSigInfo = new OpCodeHandlerSigInfo {
RequiredFieldTypes = new object[] {
"System.UInt32",
"System.Int32[]",
},
ExecuteMethodLocals = new string[] {
"System.Int32",
"System.Boolean",
},
ExecuteMethodThrows = 0,
ExecuteMethodPops = 1,
NumStaticMethods = 0,
NumInstanceMethods = 0,
NumVirtualMethods = 2,
NumCtors = 1,
},
Check = null,
Read = switch_read,
},
new OpCodeHandler {
Name = "throw",
OpCodeHandlerSigInfo = new OpCodeHandlerSigInfo {
RequiredFieldTypes = new object[0],
ExecuteMethodLocals = new string[] {
"System.Object",
"System.Boolean",
},
ExecuteMethodThrows = 2,
ExecuteMethodPops = 1,
NumStaticMethods = 0,
NumInstanceMethods = 0,
NumVirtualMethods = 2,
NumCtors = 1,
},
Check = throw_check,
Read = throw_read,
},
},
};
}
}

2
de4dot.mdecrypt/DynamicMethodsDecrypter.cs
View File

@ -244,7 +244,7 @@ namespace de4dot.mdecrypt {
uint size = pSection->VirtualSize;
uint rva = pSection->VirtualAddress;
int displ = -4;
int displ = -8;
return new IntPtr((byte*)hDll + rva + size + displ);
}