From d5838aa6c2a8559ae06854e27187554c0f00fe0d Mon Sep 17 00:00:00 2001 From: de4dot Date: Sun, 4 Nov 2012 19:40:36 +0100 Subject: [PATCH] Use the IModuleWriterListener interface --- de4dot.code/AssemblyModule.cs | 17 ++++++++--------- de4dot.code/AssemblyResolver.cs | 4 ++++ de4dot.code/ObfuscatedFile.cs | 3 ++- de4dot.code/deobfuscators/DeobfuscatorBase.cs | 17 +++-------------- .../dotNET_Reactor/v4/Deobfuscator.cs | 7 +++++-- .../dotNET_Reactor/v4/MethodsDecrypter.cs | 6 +++--- dot10 | 2 +- 7 files changed, 26 insertions(+), 30 deletions(-) diff --git a/de4dot.code/AssemblyModule.cs b/de4dot.code/AssemblyModule.cs index 27f9e2a0..bb2becab 100644 --- a/de4dot.code/AssemblyModule.cs +++ b/de4dot.code/AssemblyModule.cs @@ -21,6 +21,7 @@ using System; using System.IO; using System.Collections.Generic; using dot10.DotNet; +using dot10.DotNet.Writer; using de4dot.blocks; namespace de4dot.code { @@ -43,22 +44,20 @@ namespace de4dot.code { ModuleDefMD setModule(ModuleDefMD newModule) { module = newModule; TheAssemblyResolver.Instance.addModule(module); + module.EnableTypeDefFindCache = true; module.Location = filename; return module; } - public void save(string newFilename, bool updateMaxStack, IWriterListener writerListener) { - //TODO: var writerParams = new WriterParameters() { - //TODO: UpdateMaxStack = updateMaxStack, - //TODO: WriterListener = writerListener, - //TODO: }; - //TODO: module.Write(newFilename, writerParams); - module.Write(newFilename); + public void save(string newFilename, bool updateMaxStack, IModuleWriterListener writerListener) { + var writerOptions = new ModuleWriterOptions(module, writerListener); + if (!updateMaxStack) + writerOptions.MetaDataOptions.Flags |= MetaDataFlags.KeepOldMaxStack; + module.Write(newFilename, writerOptions); } public ModuleDefMD reload(byte[] newModuleData, DumpedMethods dumpedMethods) { - //TODO: AssemblyResolver.Instance.removeModule(module); - //TODO: DotNetUtils.typeCaches.invalidate(module); + TheAssemblyResolver.Instance.removeModule(module); //TODO: Use dumped methods return setModule(ModuleDefMD.Load(newModuleData)); } diff --git a/de4dot.code/AssemblyResolver.cs b/de4dot.code/AssemblyResolver.cs index 566ded03..daf32410 100644 --- a/de4dot.code/AssemblyResolver.cs +++ b/de4dot.code/AssemblyResolver.cs @@ -23,6 +23,10 @@ namespace de4dot.code { public class TheAssemblyResolver : dot10.DotNet.AssemblyResolver { public static readonly TheAssemblyResolver Instance = new TheAssemblyResolver(); + public TheAssemblyResolver() { + EnableTypeDefCache = true; + } + public void addSearchDirectory(string dir) { if (!PostSearchPaths.Contains(dir)) PostSearchPaths.Add(dir); diff --git a/de4dot.code/ObfuscatedFile.cs b/de4dot.code/ObfuscatedFile.cs index 1e65f637..701e2cc3 100644 --- a/de4dot.code/ObfuscatedFile.cs +++ b/de4dot.code/ObfuscatedFile.cs @@ -24,6 +24,7 @@ using System.IO; using System.Text; using dot10.DotNet; using dot10.DotNet.Emit; +using dot10.DotNet.Writer; using dot10.PE; using de4dot.code.deobfuscators; using de4dot.blocks; @@ -305,7 +306,7 @@ namespace de4dot.code { public void save() { Log.n("Saving {0}", options.NewFilename); - assemblyModule.save(options.NewFilename, options.ControlFlowDeobfuscation, deob as IWriterListener); + assemblyModule.save(options.NewFilename, options.ControlFlowDeobfuscation, deob as IModuleWriterListener); } IList getAllMethods() { diff --git a/de4dot.code/deobfuscators/DeobfuscatorBase.cs b/de4dot.code/deobfuscators/DeobfuscatorBase.cs index 751018ac..53697525 100644 --- a/de4dot.code/deobfuscators/DeobfuscatorBase.cs +++ b/de4dot.code/deobfuscators/DeobfuscatorBase.cs @@ -21,24 +21,13 @@ using System; using System.Collections.Generic; using dot10.DotNet; using dot10.DotNet.Emit; +using dot10.DotNet.Writer; using dot10.PE; using de4dot.blocks; using de4dot.blocks.cflow; -namespace de4dot.code { - //TODO: I added this iface to Cecil but now you must add something similar to dot10 - interface IWriterListener { - // Called before adding resources, and after adding types, methods, etc. - void OnBeforeAddingResources(MetadataBuilder builder); - } - //TODO: REMOVE - internal class MetadataBuilder { - //TODO: Dummy class. Don't use - } -} - namespace de4dot.code.deobfuscators { - abstract class DeobfuscatorBase : IDeobfuscator, IWriterListener { + abstract class DeobfuscatorBase : IDeobfuscator, IModuleWriterListener { public const string DEFAULT_VALID_NAME_REGEX = @"^[a-zA-Z_<{$][a-zA-Z_0-9<>{}$.`-]*$"; class RemoveInfo { @@ -712,7 +701,7 @@ namespace de4dot.code.deobfuscators { return name != null && checkValidName(name); } - public virtual void OnBeforeAddingResources(MetadataBuilder builder) { + public virtual void OnWriterEvent(ModuleWriter writer, ModuleWriterEvent evt) { } protected void findAndRemoveInlinedMethods() { diff --git a/de4dot.code/deobfuscators/dotNET_Reactor/v4/Deobfuscator.cs b/de4dot.code/deobfuscators/dotNET_Reactor/v4/Deobfuscator.cs index 050a7d52..529b996e 100644 --- a/de4dot.code/deobfuscators/dotNET_Reactor/v4/Deobfuscator.cs +++ b/de4dot.code/deobfuscators/dotNET_Reactor/v4/Deobfuscator.cs @@ -23,6 +23,7 @@ using System.IO; using System.Text.RegularExpressions; using dot10.DotNet; using dot10.DotNet.Emit; +using dot10.DotNet.Writer; using Mono.MyStuff; using de4dot.blocks; using de4dot.PE; @@ -606,10 +607,12 @@ namespace de4dot.code.deobfuscators.dotNET_Reactor.v4 { return list; } - public override void OnBeforeAddingResources(MetadataBuilder builder) { + public override void OnWriterEvent(ModuleWriter writer, ModuleWriterEvent evt) { + if (evt != ModuleWriterEvent.EndWriteChunks) + return; if (!options.DecryptMethods) return; - methodsDecrypter.encryptNativeMethods(builder); + methodsDecrypter.encryptNativeMethods(writer); } } } diff --git a/de4dot.code/deobfuscators/dotNET_Reactor/v4/MethodsDecrypter.cs b/de4dot.code/deobfuscators/dotNET_Reactor/v4/MethodsDecrypter.cs index f0aff8a3..0200540e 100644 --- a/de4dot.code/deobfuscators/dotNET_Reactor/v4/MethodsDecrypter.cs +++ b/de4dot.code/deobfuscators/dotNET_Reactor/v4/MethodsDecrypter.cs @@ -296,7 +296,7 @@ namespace de4dot.code.deobfuscators.dotNET_Reactor.v4 { tokenToNativeMethod = null; } - public void encryptNativeMethods(MetadataBuilder builder) { + public void encryptNativeMethods(ModuleWriter moduleWriter) { if (methodToNativeMethod.Count == 0) return; @@ -309,7 +309,7 @@ namespace de4dot.code.deobfuscators.dotNET_Reactor.v4 { writer.Write(methodToNativeMethod.Count); int index = 0; - var codeWriter = builder.CodeWriter; + var codeWriter = moduleWriter.CodeWriter; foreach (var pair in methodToNativeMethod) { var method = pair.Key; if (method.DeclaringType == null) @@ -318,7 +318,7 @@ namespace de4dot.code.deobfuscators.dotNET_Reactor.v4 { continue; // method.DeclaringType was removed var code = pair.Value; - uint codeRva = builder.GetMethodBodyRva((int)method.MDToken.RID - 1); + uint codeRva = moduleWriter.GetMethodBodyRva(method); if ((codeWriter.ReadByteAtRva(codeRva) & 3) == 2) codeRva++; else diff --git a/dot10 b/dot10 index 52243399..9c166daf 160000 --- a/dot10 +++ b/dot10 @@ -1 +1 @@ -Subproject commit 52243399c3c96e4bbf8801582fbc18034d2acc52 +Subproject commit 9c166daff7f705cda7c4cea5de70b23030b7c54a