monocul.us/de4dot-cex
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Add fix for old DF

Browse Source
This commit is contained in:
de4dot 2011-10-21 20:14:25 +02:00
parent a594b11254
commit cdd92d1415
1 changed files with 53 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

53
blocks/cflow/BlocksCflowDeobfuscator.cs
View File

@ -42,13 +42,18 @@ namespace de4dot.blocks.cflow {
public void deobfuscate() {
bool changed;
int iterations = -1;
do {
iterations++;
changed = false;
removeDeadBlocks();
mergeBlocks();
blocks.MethodBlocks.getAllBlocks(allBlocks);
if (iterations == 0)
changed |= fixDotfuscatorLoop();
foreach (var block in allBlocks) {
var lastInstr = block.LastInstr;
if (!DotNetUtils.isConditionalBranch(lastInstr.OpCode.Code) && lastInstr.OpCode.Code != Code.Switch)
@ -73,6 +78,54 @@ namespace de4dot.blocks.cflow {
} while (changed);
}
// Hack for old Dotfuscator
bool fixDotfuscatorLoop() {
/*
blk1:
...
ldc.i4.x
blk2:
dup
dup
ldc.i4.y
some_op
bcc blk2
blk3:
pop
...
*/
bool changed = false;
foreach (var block in allBlocks) {
if (block.Instructions.Count != 5)
continue;
var instructions = block.Instructions;
if (instructions[0].OpCode.Code != Code.Dup)
continue;
if (instructions[1].OpCode.Code != Code.Dup)
continue;
if (!instructions[2].isLdcI4())
continue;
if (instructions[3].OpCode.Code != Code.Sub && instructions[3].OpCode.Code != Code.Add)
continue;
if (instructions[4].OpCode.Code != Code.Blt && instructions[4].OpCode.Code != Code.Blt_S &&
instructions[4].OpCode.Code != Code.Bgt && instructions[4].OpCode.Code != Code.Bgt_S)
continue;
if (block.Sources.Count != 2)
continue;
var prev = block.Sources[0];
if (prev == block)
prev = block.Sources[1];
if (prev == null || !prev.LastInstr.isLdcI4())
continue;
var next = block.FallThrough;
if (next.FirstInstr.OpCode.Code != Code.Pop)
continue;
block.replaceLastInstrsWithBranch(5, next);
changed = true;
}
return changed;
}
bool removeDeadBlocks() {
int count = new DeadBlocksRemover(blocks.MethodBlocks).remove();
numRemovedDeadBlocks += count;