diff --git a/de4dot.blocks/cflow/Int32Value.cs b/de4dot.blocks/cflow/Int32Value.cs index ba03a9a0..a0960114 100644 --- a/de4dot.blocks/cflow/Int32Value.cs +++ b/de4dot.blocks/cflow/Int32Value.cs @@ -333,13 +333,13 @@ namespace de4dot.blocks.cflow { public static Real8Value Conv_R_Un(Int32Value a) { if (a.AllBitsValid()) - return new Real8Value((float)(uint)a.Value); + return new Real8Value((double)(uint)a.Value); return Real8Value.CreateUnknown(); } public static Real8Value Conv_R4(Int32Value a) { if (a.AllBitsValid()) - return new Real8Value((float)(int)a.Value); + return new Real8Value((double)(int)a.Value); return Real8Value.CreateUnknown(); } diff --git a/de4dot.code/deobfuscators/dotNET_Reactor/v4/EncryptedResource.cs b/de4dot.code/deobfuscators/dotNET_Reactor/v4/EncryptedResource.cs index 6fc7cee1..b2ea398f 100644 --- a/de4dot.code/deobfuscators/dotNET_Reactor/v4/EncryptedResource.cs +++ b/de4dot.code/deobfuscators/dotNET_Reactor/v4/EncryptedResource.cs @@ -208,6 +208,11 @@ namespace de4dot.code.deobfuscators.dotNET_Reactor.v4 { requiredTypes.AddRange(additionalTypes); if (!localTypes.All(requiredTypes)) return false; + + if (DotNetUtils.GetMethod(method.DeclaringType, "System.Security.Cryptography.SymmetricAlgorithm", "()") != null) + if (localTypes.Exists("System.UInt64")) + return false; + if (!localTypes.Exists("System.Security.Cryptography.RijndaelManaged") && !localTypes.Exists("System.Security.Cryptography.AesManaged") && !localTypes.Exists("System.Security.Cryptography.SymmetricAlgorithm")) @@ -270,13 +275,13 @@ namespace de4dot.code.deobfuscators.dotNET_Reactor.v4 { key[i] ^= iv[i]; var origInstrs = method.Body.Instructions; - - int emuStartIndex; - if (!FindStart(origInstrs, out emuStartIndex, out emuLocal)) - return false; int emuEndIndex; - if (!FindEnd(origInstrs, emuStartIndex, out emuEndIndex)) - return false; + int emuStartIndex; + + if (!Find(origInstrs, out emuStartIndex, out emuEndIndex, out emuLocal)) { + if (!FindStartEnd(origInstrs, out emuStartIndex, out emuEndIndex, out emuLocal)) + return false; + } int count = emuEndIndex - emuStartIndex + 1; instructions = new List(count); @@ -286,6 +291,54 @@ namespace de4dot.code.deobfuscators.dotNET_Reactor.v4 { return true; } + bool Find(IList instrs, out int startIndex, out int endIndex, out Local tmpLocal) { + int emuStartIndex; + startIndex = 0; + endIndex = 0; + tmpLocal = null; + + if (!FindStart(instrs, out emuStartIndex, out emuLocal)) + return false; + int emuEndIndex; + if (!FindEnd(instrs, emuStartIndex, out emuEndIndex)) + return false; + startIndex = emuStartIndex; + endIndex = emuEndIndex; + tmpLocal = emuLocal; + return true; + } + + bool FindStartEnd(IList instrs, out int startIndex, out int endIndex, out Local tmpLocal) { + for (int i = 0; i + 8 < instrs.Count; i++) { + if (instrs[i].OpCode.Code != Code.Conv_R_Un) + continue; + if (instrs[i + 1].OpCode.Code != Code.Conv_R8) + continue; + if (instrs[i + 2].OpCode.Code != Code.Conv_U4) + continue; + if (instrs[i + 3].OpCode.Code != Code.Add) + continue; + int newEndIndex = i + 3; + int newStartIndex = -1; + for (int x = newEndIndex; x > 0; x--) + if (instrs[x].OpCode.FlowControl != FlowControl.Next) { + newStartIndex = x + 1; + break; + } + if (newStartIndex < 0) + continue; + + endIndex = newEndIndex; + startIndex = newStartIndex; + tmpLocal = CheckLocal(instrs[startIndex], true); + return true; + } + endIndex = 0; + startIndex = 0; + tmpLocal = null; + return false; + } + bool FindStart(IList instrs, out int startIndex, out Local tmpLocal) { for (int i = 0; i + 8 < instrs.Count; i++) { if (instrs[i].OpCode.Code != Code.Conv_U)