monocul.us
/
de4dot-cex
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Ensure BeaEngine.dll is present and misc changes 

Copy BeaEngine.dll on build and check if it exists in runtime
Disable more exception handlers to help detect swallowed exceptions
Misc refactoring
This commit is contained in:
ViR Dash 2017-08-19 17:40:14 +03:00
parent 3e4170deb6
commit d6a18082af
9 changed files with 354 additions and 233 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
de4dot.code/ObfuscatedFile.cs
View File

@ -583,9 +583,10 @@ namespace de4dot.code {
}
int oldIndentLevel = Logger.Instance.IndentLevel;
try {
//TODO: Re-enable exception handler
//try {
Deobfuscate(method, cflowDeobfuscator, methodPrinter, isVerbose, isVV);
}
/*}
catch (Exception ex) {
if (!CanLoadMethodBody(method)) {
if (isVerbose)
@ -600,8 +601,9 @@ namespace de4dot.code {
}
finally {
Logger.Instance.IndentLevel = oldIndentLevel;
}
RemoveNoInliningAttribute(method);
}*/
RemoveNoInliningAttribute(method);
if (isVerbose)
Logger.Instance.DeIndent();

10
de4dot.code/de4dot.code.csproj
View File

@ -438,14 +438,10 @@
</ItemGroup>
<Import Project="$(MSBuildToolsPath)\Microsoft.CSharp.targets" />
<PropertyGroup>
<PostBuildEvent Condition="'$(OS)' != 'Unix'">mkdir "..\$(OutDir)..\LICENSES"
<PostBuildEvent>mkdir "..\$(OutDir)..\LICENSES"
copy "$(SolutionDir)LICENSE*.txt" "..\$(OutDir)..\LICENSES"
copy "$(SolutionDir)COPYING" "..\$(OutDir)..\LICENSES"</PostBuildEvent>
<PostBuildEvent Condition="'$(OS)' == 'Unix'">
mkdir -p "../$(OutDir)../LICENSES/"
cp "$(SolutionDir)LICENSE"*.txt "../$(OutDir)../LICENSES/"
cp "$(SolutionDir)COPYING" "../$(OutDir)../LICENSES/"
</PostBuildEvent>
copy "$(SolutionDir)COPYING" "..\$(OutDir)..\LICENSES"
copy "$(SolutionDir)BeaEngine.dll" "..\$(OutDir)..\BeaEngine.dll"</PostBuildEvent>
</PropertyGroup>
<!-- To modify your build process, add your task inside one of the targets below and uncomment it.
Other similar extension points exist, see Microsoft.Common.targets.

508
de4dot.code/deobfuscators/ConfuserEx/ConstantDecrypter.cs
View File

@ -215,214 +215,322 @@ namespace de4dot.code.deobfuscators.ConfuserEx
private void DecryptArray(uint[] array) //TODO: Automatic detection
{
var num = 960u; // array size?
var array2 = new uint[16];
var num2 = 4136251032u;
for (var i = 0; i < 16; i++)
var num = 1888u; // array size?
uint[] array2 = new uint[16];
uint num2 = 3153506350u;
for (int i = 0; i < 16; i++)
{
num2 ^= num2 >> 12;
num2 ^= num2 << 25;
num2 ^= num2 >> 27;
array2[i] = num2;
}
var num3 = 0;
var num4 = 0;
var array3 = new uint[16];
var array4 = new byte[num * 4u];
while (num3 < num)
int num3 = 0;
int num4 = 0;
uint[] array3 = new uint[16];
byte[] array4 = new byte[num * 4u];
while ((long)num3 < (long)((ulong)num))
{
for (var j = 0; j < 16; j++)
array3[j] = array[num3 + j];
var num5 = array3[3] * 41u;
array3[11] = array3[11] ^ 3634844963u;
var num6 = array3[3] * 31u;
num6 += array3[9] * 47u;
num5 += array3[9] * 85u;
num5 += array3[10] * 149u;
var num7 = array3[3] << 1;
num7 += array3[3];
var num8 = array3[3] << 1;
num8 += array3[3] << 3;
num7 += array3[9] << 3;
num8 += array3[9] * 13u;
num7 += array3[9];
num6 += array3[10] * 71u;
num7 += array3[10] << 1;
num6 += array3[1] * 81u;
array3[4] = array3[4] ^ ~array3[6];
num8 += array3[10] << 1;
num7 += array3[10] << 4;
array3[9] = num6;
num8 += array3[10] << 4;
array3[6] = array3[6] * 395315459u;
num8 += array3[1] * 19u;
num7 += array3[1] * 23u;
num5 += array3[1] * 184u;
num6 = array3[7] * 19u;
array3[10] = num7;
num6 += array3[8] * 28u;
array3[14] = array3[14] ^ array3[0];
array3[3] = num8;
num6 += array3[12] << 6;
array3[1] = num5;
array3[2] = array3[2] ^ array2[2];
num5 = array3[7] * 28u;
num5 += array3[8] << 2;
num8 = array3[7] << 1;
num7 = array3[7] << 5;
num8 += array3[7] << 3;
num8 += array3[8] * 13u;
num7 += array3[7];
num6 += array3[12];
num7 += array3[8] * 42u;
array3[4] = array3[4] - array3[10];
num8 += array3[12] << 5;
num6 += array3[15] * 85u;
num5 += array3[8] << 5;
array3[7] = num6;
array3[11] = array3[11] - 2867139633u;
num7 += array3[12] * 108u;
num5 += array3[12] * 93u;
num8 += array3[12];
num5 += array3[15] * 141u;
num8 += array3[15] * 49u;
num7 += array3[15] * 163u;
array3[12] = num5;
array3[15] = num7;
array3[8] = num8;
num5 = array3[7] >> 21;
num6 = array3[15] >> 22;
array3[15] = array3[15] << 10;
num8 = array3[1] >> 21;
array3[15] = array3[15] | num6;
array3[12] = array3[12] ^ array2[12];
num6 = array3[2] & 3262151220u;
array3[1] = array3[1] << 11;
array3[1] = array3[1] | num8;
array3[7] = array3[7] << 11;
array3[0] = array3[0] - array3[14];
num7 = array3[13] << 4;
num8 = array3[3] * 954284655u;
array3[3] = array3[5];
array3[5] = num8 * 3102958735u;
array3[7] = array3[7] | num5;
num5 = array3[10] << 4;
num8 = array3[9] * 2468501497u;
array3[2] = array3[2] & 1032816075u;
array3[13] = array3[13] >> 28;
array3[13] = array3[13] | num7;
array3[7] = array3[7] - 888060325u;
array3[2] = array3[2] | (array3[8] & 3262151220u);
array3[12] = array3[12] * 4056148675u;
array3[9] = array3[13];
num7 = array3[6] << 5;
array3[13] = num8 * 1746582089u;
array3[6] = array3[6] >> 27;
array3[6] = array3[6] | num7;
array3[8] = array3[8] & 1032816075u;
array3[7] = array3[7] ^ array2[7];
num5 += array3[11] * 46u;
num6 *= 869722291u;
num8 = array3[10] << 1;
num5 += array3[3] * 92u;
num5 += array3[5] * 149u;
array3[7] = array3[7] - 3922202313u;
array3[8] = array3[8] | (num6 * 2576221819u);
num8 += array3[11] * 15u;
num8 += array3[3] * 37u;
num6 = array3[10] * 7u;
array3[8] = array3[8] ^ 1878284212u;
num8 += array3[5] * 56u;
array3[9] = array3[9] ^ array2[9];
num7 = array3[10] << 3;
array3[6] = array3[6] ^ 2841119440u;
num6 += array3[11] << 4;
array3[2] = array3[2] ^ 217219923u;
num7 += array3[10];
num6 += array3[3] * 29u;
array3[6] = array3[6] ^ array2[6];
num7 += array3[11] * 26u;
num7 += array3[3] * 52u;
num6 += array3[5] * 49u;
num7 += array3[5] * 84u;
array3[3] = num5;
array3[10] = num6;
num6 = array3[1] * 15u;
array3[12] = array3[12] ^ 1080861703u;
array3[5] = num8;
num5 = array3[4] & 3659960635u;
num6 += array3[12] << 1;
array3[4] = array3[4] & 635006660u;
array3[4] = array3[4] | (array3[9] & 3659960635u);
num5 *= 1676034815u;
array3[11] = num7;
num7 = array3[1] * 19u;
num6 += array3[12] << 4;
array3[9] = array3[9] & 635006660u;
num6 += array3[3] << 6;
num7 += array3[12] * 27u;
array3[5] = array3[5] - array3[8];
array3[9] = array3[9] | (num5 * 1267776767u);
num5 = array3[1] << 2;
num5 += array3[1];
array3[13] = array3[13] ^ array2[13];
num8 = array3[1];
num6 += array3[3];
num5 += array3[12] << 3;
num8 += array3[12] << 1;
num8 += array3[12];
num6 += array3[15] * 22u;
num5 += array3[3] * 27u;
num5 += array3[15] << 3;
num7 += array3[3] * 92u;
num8 += array3[3] << 3;
num8 += array3[3];
num5 += array3[15];
num8 += array3[15] << 1;
num8 += array3[15];
array3[3] = num6;
array3[0] = array3[0] ^ array3[13];
array3[14] = array3[14] - array3[15];
num7 += array3[15] << 5;
array3[13] = array3[13] ^ ~array3[1];
num6 = array3[10] >> 31;
array3[14] = array3[14] ^ array2[14];
array3[8] = array3[8] ^ array2[8];
array3[12] = num5;
array3[1] = num8;
array3[5] = array3[5] ^ array2[5];
array3[11] = array3[11] ^ array2[11];
num5 = array3[11] & 2204625944u;
array3[1] = array3[1] ^ array2[1];
array3[4] = array3[4] ^ array2[4];
array3[11] = array3[11] & 2090341351u;
array3[11] = array3[11] | (array3[4] & 2204625944u);
array3[15] = num7;
num8 = array3[14] & 2496954112u;
array3[14] = array3[14] & 1798013183u;
array3[4] = array3[4] & 2090341351u;
array3[15] = array3[15] ^ array2[15];
array3[10] = array3[10] << 1;
num5 *= 338764649u;
array3[14] = array3[14] | (array3[9] & 2496954112u);
array3[15] = array3[15] - array3[0];
array3[10] = array3[10] | num6;
array3[10] = array3[10] ^ array2[10];
array3[3] = array3[3] ^ array2[3];
num8 *= 2292397853u;
array3[0] = array3[0] ^ array2[0];
array3[0] = array3[0] ^ 2814140307u;
array3[2] = array3[2] ^ ~array3[13];
array3[4] = array3[4] | (num5 * 587046105u);
array3[9] = array3[9] & 1798013183u;
array3[9] = array3[9] | (num8 * 1520255797u);
for (var k = 0; k < 16; k++)
for (int j = 0; j < 16; j++)
{
var num9 = array3[k];
array4[num4++] = (byte) num9;
array4[num4++] = (byte) (num9 >> 8);
array4[num4++] = (byte) (num9 >> 16);
array4[num4++] = (byte) (num9 >> 24);
array3[j] = array[num3 + j];
}
uint num5 = array3[1] << 1;
uint num6 = array3[1] * 21u;
array3[2] = (array3[2] ^ array3[10]);
num5 += array3[1] << 2;
uint num7 = array3[1] * 21u;
num6 += array3[0] * 67u;
uint num8 = array3[1] * 13u;
num5 += array3[0] * 14u;
num6 += array3[9] * 157u;
num8 += array3[0] << 2;
num5 += array3[9] * 27u;
array3[13] = array3[13] * 748798011u;
num8 += array3[0] << 5;
num7 += array3[0] * 57u;
num6 += array3[3] * 206u;
num5 += array3[3] * 43u;
array3[1] = num5;
num7 += array3[9] * 133u;
num8 += array3[9] * 77u;
num8 += array3[3] * 110u;
array3[9] = num6;
num6 = (array3[12] & 1056153664u);
array3[12] = (array3[12] & 3238813631u);
array3[0] = num8;
array3[12] = (array3[12] | (array3[7] & 1056153664u));
array3[7] = (array3[7] & 3238813631u);
num8 = array3[2] << 3;
num5 = array3[8] * 2590225985u;
num6 *= 770570833u;
array3[7] = (array3[7] | num6 * 2945289905u);
array3[8] = array3[4];
num8 += array3[13] * 50u;
num7 += array3[3] * 181u;
array3[0] = array3[0] * 154310079u;
num6 = (array3[15] & 1073272377u);
array3[10] = array3[10] - 4001279812u;
array3[3] = num7;
array3[15] = (array3[15] & 3221694918u);
num8 += array3[9] * 67u;
num7 = array3[5] << 14;
array3[1] = (array3[1] ^ array2[1]);
array3[15] = (array3[15] | (array3[11] & 1073272377u));
array3[5] = array3[5] >> 18;
array3[12] = (array3[12] ^ array2[12]);
array3[4] = num5 * 2830588353u;
array3[11] = (array3[11] & 3221694918u);
array3[5] = (array3[5] | num7);
array3[6] = (array3[6] ^ array3[14]);
num7 = array3[2] << 1;
num6 *= 918007135u;
num7 += array3[2];
array3[11] = (array3[11] | num6 * 3949194911u);
num5 = array3[2] << 2;
num7 += array3[13] * 19u;
num8 += array3[11] << 2;
num6 = array3[2];
num6 += array3[13] << 1;
num6 += array3[13] << 3;
array3[8] = (array3[8] ^ 4107405834u);
num7 += array3[9] * 25u;
num6 += array3[9] * 14u;
num8 += array3[11] << 7;
num5 += array3[13] * 38u;
num6 += array3[11] * 31u;
array3[3] = (array3[3] ^ array2[3]);
num5 += array3[9] * 56u;
array3[1] = array3[1] - 1508476838u;
array3[3] = (array3[3] ^ 938209744u);
array3[2] = num6;
num7 += array3[11] * 49u;
array3[9] = num8;
num8 = array3[6] << 1;
array3[7] = (array3[7] ^ ~array3[15]);
num8 += array3[6] << 3;
num5 += array3[11] * 125u;
array3[0] = (array3[0] ^ array2[0]);
array3[11] = num5;
num8 += array3[5] << 5;
num6 = array3[6] * 11u;
array3[13] = num7;
num5 = array3[6] * 55u;
num8 += array3[5];
num7 = array3[6] * 54u;
num8 += array3[3] * 39u;
num8 += array3[4] << 1;
num7 += array3[5] * 175u;
num8 += array3[4] << 5;
num7 += array3[3] * 209u;
num5 += array3[5] * 179u;
num5 += array3[3] * 213u;
num6 += array3[5] * 35u;
num7 += array3[4] * 177u;
num6 += array3[3] * 42u;
array3[13] = (array3[13] ^ array3[9]);
num6 += array3[4] << 1;
num6 += array3[4] << 5;
array3[7] = (array3[7] ^ array2[7]);
array3[6] = num6;
num5 += array3[4] * 181u;
num6 = array3[14] >> 29;
array3[3] = num5;
array3[5] = num8;
num5 = array3[8] << 2;
num8 = array3[8] << 2;
array3[4] = num7;
array3[14] = array3[14] << 3;
array3[12] = (array3[12] ^ 2411275161u);
num8 += array3[8];
num5 += array3[7] * 7u;
num5 += array3[6] * 19u;
num8 += array3[7] * 21u;
num7 = array3[11] << 24;
array3[14] = (array3[14] | num6);
array3[11] = array3[11] >> 8;
array3[11] = (array3[11] | num7);
num6 = array3[8] * 11u;
num5 += array3[13] * 46u;
num8 += array3[6] * 47u;
num7 = array3[8];
num7 += array3[7] << 1;
num6 += array3[7] * 25u;
num8 += array3[13] * 109u;
array3[4] = (array3[4] ^ array2[4]);
num6 += array3[6] * 63u;
array3[2] = (array3[2] ^ array3[12]);
num7 += array3[7] << 2;
num7 += array3[6] * 13u;
array3[6] = num5;
num5 = (array3[0] & 247307561u);
num5 *= 2926546863u;
array3[0] = (array3[0] & 4047659734u);
array3[0] = (array3[0] | (array3[11] & 247307561u));
num7 += array3[13] * 30u;
num6 += array3[13] * 150u;
array3[11] = (array3[11] & 4047659734u);
array3[11] = (array3[11] | num5 * 1929455439u);
array3[7] = num8;
num5 = array3[14] << 20;
array3[14] = array3[14] >> 12;
array3[14] = (array3[14] | num5);
num8 = array3[15] * 19u;
num5 = array3[3] << 8;
array3[3] = array3[3] >> 24;
array3[14] = (array3[14] ^ array2[14]);
array3[3] = (array3[3] | num5);
num8 += array3[5] * 69u;
num5 = array3[15] * 23u;
array3[8] = num7;
array3[13] = num6;
num5 += array3[5] * 86u;
array3[6] = (array3[6] ^ 3317586132u);
array3[8] = (array3[8] ^ array2[8]);
array3[4] = array3[4] - 3314395924u;
num8 += array3[9] << 1;
num6 = array3[15] << 2;
array3[13] = (array3[13] ^ 574204725u);
num8 += array3[9] << 6;
num5 += array3[9] * 82u;
array3[2] = (array3[2] ^ 1681301553u);
num8 += array3[1] * 76u;
num7 = array3[15] * 49u;
num6 += array3[15] << 6;
array3[15] = num8;
num7 += array3[5] * 182u;
num6 += array3[5] * 249u;
num6 += array3[9] * 239u;
num7 += array3[9] * 174u;
num7 += array3[1] * 218u;
array3[9] = num7;
num7 = array3[12] << 1;
num5 += array3[1] * 105u;
array3[5] = num5;
num5 = array3[12] << 1;
num8 = array3[10] >> 2;
num5 += array3[7] * 7u;
array3[10] = array3[10] << 30;
num6 += array3[1] * 285u;
array3[1] = num6;
array3[10] = (array3[10] | num8);
num6 = array3[12] * 28u;
num7 += array3[12] << 4;
num7 += array3[7] * 57u;
num7 += array3[13] * 95u;
num5 += array3[13] << 2;
num8 = array3[4] >> 3;
array3[15] = (array3[15] ^ array2[15]);
array3[4] = array3[4] << 29;
array3[4] = (array3[4] | num8);
num6 += array3[7] * 75u;
num8 = array3[12] << 1;
num6 += array3[13] * 113u;
num5 += array3[13] << 3;
num8 += array3[12];
num6 += array3[10] << 1;
num8 += array3[7] * 11u;
num7 += array3[10] << 1;
num7 += array3[10];
array3[11] = (array3[11] ^ array3[1]);
num8 += array3[13] << 2;
array3[7] = num5;
num8 += array3[13] << 4;
num5 = array3[9];
array3[13] = num7;
array3[12] = num8;
num8 = array3[9];
num8 += array3[6] << 1;
num8 += array3[6];
array3[0] = array3[0] - array3[15];
num6 += array3[10] << 3;
num8 += array3[3] << 3;
num5 += array3[6] << 4;
array3[5] = (array3[5] ^ array3[14]);
array3[10] = num6;
num6 = array3[9] << 1;
num5 += array3[3] * 58u;
num6 += array3[9];
num8 += array3[3];
num8 += array3[8] << 2;
num5 += array3[8] * 23u;
num7 = 0u + (array3[6] << 1);
num6 += array3[6] * 13u;
array3[9] = num8;
num8 = array3[11] * 3847227639u;
num6 += array3[3] * 42u;
num7 += array3[6] << 3;
num7 += array3[3] * 38u;
num6 += array3[8] << 1;
array3[11] = array3[5];
num6 += array3[8] << 4;
array3[5] = num8 * 1879390407u;
num8 = (array3[10] & 3016193462u);
array3[3] = num5;
array3[10] = (array3[10] & 1278773833u);
num5 = array3[14] << 3;
array3[14] = array3[14] >> 29;
array3[14] = (array3[14] | num5);
array3[6] = num6;
array3[5] = (array3[5] ^ array2[5]);
num5 = (array3[2] & 1689524702u);
array3[2] = (array3[2] & 2605442593u);
array3[10] = (array3[10] | (array3[14] & 3016193462u));
array3[6] = (array3[6] ^ 1826460809u);
array3[11] = (array3[11] ^ ~array3[5]);
num5 *= 1545381913u;
num7 += array3[8] * 15u;
array3[8] = num7;
array3[6] = (array3[6] ^ array2[6]);
array3[8] = (array3[8] ^ array3[7]);
num8 *= 3177808341u;
array3[15] = (array3[15] ^ array3[12]);
array3[9] = (array3[9] ^ array2[9]);
array3[11] = (array3[11] ^ array2[11]);
array3[2] = (array3[2] | (array3[0] & 1689524702u));
array3[0] = (array3[0] & 2605442593u);
array3[1] = array3[1] - 504000940u;
array3[0] = (array3[0] | num5 * 1340355625u);
array3[2] = (array3[2] ^ array2[2]);
array3[3] = array3[3] - array3[13];
num6 = array3[9] >> 30;
array3[14] = (array3[14] & 1278773833u);
array3[14] = (array3[14] | num8 * 2270146429u);
array3[10] = (array3[10] ^ array2[10]);
num7 = array3[0] << 24;
array3[9] = array3[9] << 2;
array3[6] = (array3[6] ^ array3[1]);
array3[4] = (array3[4] ^ 2605939339u);
array3[0] = array3[0] >> 8;
num8 = (array3[3] & 1626864053u);
array3[6] = array3[6] - array3[1];
array3[12] = (array3[12] ^ 1401990150u);
num8 *= 1682859757u;
array3[8] = array3[8] - 393293234u;
array3[4] = (array3[4] ^ 2139869331u);
array3[3] = (array3[3] & 2668103242u);
array3[3] = (array3[3] | (array3[14] & 1626864053u));
array3[14] = (array3[14] & 2668103242u);
array3[9] = (array3[9] | num6);
array3[14] = (array3[14] | num8 * 2707023589u);
num5 = array3[9] * 1442504087u;
num8 = array3[10] * 3851007073u;
array3[10] = array3[15];
array3[13] = array3[13] * 2082553177u;
array3[13] = (array3[13] ^ array2[13]);
array3[9] = array3[2];
array3[2] = num5 * 1511879207u;
array3[0] = (array3[0] | num7);
array3[15] = num8 * 1163915169u;
array3[0] = (array3[0] ^ array3[1]);
array3[13] = (array3[13] ^ array3[7]);
for (int k = 0; k < 16; k++)
{
uint num9 = array3[k];
array4[num4++] = (byte)num9;
array4[num4++] = (byte)(num9 >> 8);
array4[num4++] = (byte)(num9 >> 16);
array4[num4++] = (byte)(num9 >> 24);
array2[k] ^= num9;
}
num3 += 16;

21
de4dot.code/deobfuscators/ConfuserEx/Deobfuscator.cs
View File

@ -28,7 +28,7 @@ namespace de4dot.code.deobfuscators.ConfuserEx
public class DeobfuscatorInfo : DeobfuscatorInfoBase
{
internal const string THE_NAME = "ConfuserEx";
public const string THE_TYPE = "cx";
public const string THE_TYPE = "crx";
private const string DEFAULT_REGEX = DeobfuscatorBase.DEFAULT_ASIAN_VALID_NAME_REGEX;
public DeobfuscatorInfo()
@ -77,11 +77,16 @@ namespace de4dot.code.deobfuscators.ConfuserEx
list.Add(_controlFlowFixer);
if (_deobfuscating && _int32ValueInliner != null)
list.Add(new ConstantsInliner(_sbyteValueInliner, _byteValueInliner, _int16ValueInliner,
_uint16ValueInliner,
_int32ValueInliner, _uint32ValueInliner, _int64ValueInliner, _uint64ValueInliner,
_singleValueInliner, _doubleValueInliner, _arrayValueInliner)
{ExecuteIfNotModified = true});
{
var constantInliner = new ConstantsInliner(_sbyteValueInliner, _byteValueInliner,
_int16ValueInliner,
_uint16ValueInliner, _int32ValueInliner, _uint32ValueInliner, _int64ValueInliner,
_uint64ValueInliner, _singleValueInliner, _doubleValueInliner, _arrayValueInliner)
{
ExecuteIfNotModified = true
};
list.Add(constantInliner);
}
return list;
}
}
@ -244,8 +249,8 @@ namespace de4dot.code.deobfuscators.ConfuserEx
var moduleCctor = DotNetUtils.GetModuleTypeCctor(module);
foreach (var instr in moduleCctor.Body.Instructions)
if (instr.OpCode == OpCodes.Call && instr.Operand is MethodDef &&
toRemoveFromCctor.Contains((MethodDef) instr.Operand))
if (instr.OpCode == OpCodes.Call && instr.Operand is MethodDef
&& toRemoveFromCctor.Contains((MethodDef)instr.Operand))
instr.OpCode = OpCodes.Nop;
//No more mixed!

2
de4dot.code/deobfuscators/ConfuserEx/x86/Bea/Constants.cs
View File

@ -1,7 +1,7 @@

namespace de4dot.Bea
{
public class BeaConstants
public static class BeaConstants
{
public static int INSTRUCT_LENGTH = 64;

15
de4dot.code/deobfuscators/ConfuserEx/x86/Bea/Engine.cs
View File

@ -1,9 +1,18 @@
using System.Runtime.InteropServices;
using System.IO;
using System.Runtime.InteropServices;
namespace de4dot.Bea
{
public class BeaEngine
public static class BeaEngine
{
static BeaEngine()
{
if(!File.Exists("BeaEngine.dll"))
{
throw new FileNotFoundException("BeaEngine.dll missing!");
}
}
[DllImport("BeaEngine.dll")]
public static extern int Disasm([In, Out, MarshalAs(UnmanagedType.LPStruct)] Disasm disasm);
@ -14,7 +23,7 @@ namespace de4dot.Bea
private static extern string BeaEngineRevision();
public static string Version
{
{
get
{
return BeaEngineVersion();

5
de4dot.code/deobfuscators/ConfuserEx/x86/X86Method.cs
View File

@ -39,7 +39,7 @@ namespace de4dot.code.deobfuscators.ConfuserEx.x86
var rawInstructions = new List<Disasm>();
while (true)
{
{
byte[] bytes = ReadChunk(method, _module);
var disasm = new Disasm();
@ -135,7 +135,6 @@ namespace de4dot.code.deobfuscators.ConfuserEx.x86
return Registers["EAX"];
}
public static Disasm Clone(Disasm disasm)
{
return new Disasm
@ -152,6 +151,6 @@ namespace de4dot.code.deobfuscators.ConfuserEx.x86
SecurityBlock = disasm.SecurityBlock,
VirtualAddr = disasm.VirtualAddr
};
}
}
}
}

11
de4dot.cui/FilesDeobfuscator.cs
View File

@ -214,11 +214,11 @@ namespace de4dot.cui {
allFiles[key] = true;
int oldIndentLevel = Logger.Instance.IndentLevel;
try {
//try {
file.DeobfuscatorContext = options.DeobfuscatorContext;
file.Load(options.CreateDeobfuscators());
}
catch (NotSupportedException) {
//}
/*catch (NotSupportedException) {
return false; // Eg. unsupported architecture
}
catch (BadImageFormatException) {
@ -235,14 +235,15 @@ namespace de4dot.cui {
return false; // Not a .NET file
}
catch (Exception ex) {
throw;
Logger.Instance.Log(false, null, LoggerEvent.Warning, "Could not load file ({0}): {1}", ex.GetType(), file.Filename);
return false;
}
finally {
Logger.Instance.IndentLevel = oldIndentLevel;
}
}*/
var deob = file.Deobfuscator;
var deob = file.Deobfuscator;
if (skipUnknownObfuscator && deob.Type == "un") {
Logger.v("Skipping unknown obfuscator: {0}", file.Filename);
RemoveModule(file.ModuleDefMD);

5
de4dot.cui/Program.cs
View File

@ -124,7 +124,8 @@ namespace de4dot.cui {
Logger.Instance.LogErrorDontIgnore("{0}", ex.Message);
exitCode = 1;
}
/*catch (Exception ex)
//TODO: Re-enable exception handler
/*catch (Exception ex)
{
throw;
if (PrintFullStackTrace()) {
@ -138,7 +139,7 @@ namespace de4dot.cui {
exitCode = 1;
}*/
if (Logger.Instance.NumIgnoredMessages > 0) {
if (Logger.Instance.NumIgnoredMessages > 0) {
if (Logger.Instance.NumIgnoredMessages == 1)
Logger.n("Ignored {0} warning/error", Logger.Instance.NumIgnoredMessages);
else