Add fix for old DF
This commit is contained in:
parent
a594b11254
commit
cdd92d1415
|
@ -42,13 +42,18 @@ namespace de4dot.blocks.cflow {
|
||||||
|
|
||||||
public void deobfuscate() {
|
public void deobfuscate() {
|
||||||
bool changed;
|
bool changed;
|
||||||
|
int iterations = -1;
|
||||||
do {
|
do {
|
||||||
|
iterations++;
|
||||||
changed = false;
|
changed = false;
|
||||||
removeDeadBlocks();
|
removeDeadBlocks();
|
||||||
mergeBlocks();
|
mergeBlocks();
|
||||||
|
|
||||||
blocks.MethodBlocks.getAllBlocks(allBlocks);
|
blocks.MethodBlocks.getAllBlocks(allBlocks);
|
||||||
|
|
||||||
|
if (iterations == 0)
|
||||||
|
changed |= fixDotfuscatorLoop();
|
||||||
|
|
||||||
foreach (var block in allBlocks) {
|
foreach (var block in allBlocks) {
|
||||||
var lastInstr = block.LastInstr;
|
var lastInstr = block.LastInstr;
|
||||||
if (!DotNetUtils.isConditionalBranch(lastInstr.OpCode.Code) && lastInstr.OpCode.Code != Code.Switch)
|
if (!DotNetUtils.isConditionalBranch(lastInstr.OpCode.Code) && lastInstr.OpCode.Code != Code.Switch)
|
||||||
|
@ -73,6 +78,54 @@ namespace de4dot.blocks.cflow {
|
||||||
} while (changed);
|
} while (changed);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// Hack for old Dotfuscator
|
||||||
|
bool fixDotfuscatorLoop() {
|
||||||
|
/*
|
||||||
|
blk1:
|
||||||
|
...
|
||||||
|
ldc.i4.x
|
||||||
|
blk2:
|
||||||
|
dup
|
||||||
|
dup
|
||||||
|
ldc.i4.y
|
||||||
|
some_op
|
||||||
|
bcc blk2
|
||||||
|
blk3:
|
||||||
|
pop
|
||||||
|
...
|
||||||
|
*/
|
||||||
|
bool changed = false;
|
||||||
|
foreach (var block in allBlocks) {
|
||||||
|
if (block.Instructions.Count != 5)
|
||||||
|
continue;
|
||||||
|
var instructions = block.Instructions;
|
||||||
|
if (instructions[0].OpCode.Code != Code.Dup)
|
||||||
|
continue;
|
||||||
|
if (instructions[1].OpCode.Code != Code.Dup)
|
||||||
|
continue;
|
||||||
|
if (!instructions[2].isLdcI4())
|
||||||
|
continue;
|
||||||
|
if (instructions[3].OpCode.Code != Code.Sub && instructions[3].OpCode.Code != Code.Add)
|
||||||
|
continue;
|
||||||
|
if (instructions[4].OpCode.Code != Code.Blt && instructions[4].OpCode.Code != Code.Blt_S &&
|
||||||
|
instructions[4].OpCode.Code != Code.Bgt && instructions[4].OpCode.Code != Code.Bgt_S)
|
||||||
|
continue;
|
||||||
|
if (block.Sources.Count != 2)
|
||||||
|
continue;
|
||||||
|
var prev = block.Sources[0];
|
||||||
|
if (prev == block)
|
||||||
|
prev = block.Sources[1];
|
||||||
|
if (prev == null || !prev.LastInstr.isLdcI4())
|
||||||
|
continue;
|
||||||
|
var next = block.FallThrough;
|
||||||
|
if (next.FirstInstr.OpCode.Code != Code.Pop)
|
||||||
|
continue;
|
||||||
|
block.replaceLastInstrsWithBranch(5, next);
|
||||||
|
changed = true;
|
||||||
|
}
|
||||||
|
return changed;
|
||||||
|
}
|
||||||
|
|
||||||
bool removeDeadBlocks() {
|
bool removeDeadBlocks() {
|
||||||
int count = new DeadBlocksRemover(blocks.MethodBlocks).remove();
|
int count = new DeadBlocksRemover(blocks.MethodBlocks).remove();
|
||||||
numRemovedDeadBlocks += count;
|
numRemovedDeadBlocks += count;
|
||||||
|
|
Loading…
Reference in New Issue
Block a user