From d98d4b10bb4bdde6e04c2955156a3976e99a323c Mon Sep 17 00:00:00 2001
From: de4dot <de4dot@gmail.com>
Date: Wed, 7 Nov 2012 00:53:16 +0100
Subject: [PATCH] Add code to restore dumped methods

---
 de4dot.code/AssemblyModule.cs        | 12 +++--
 de4dot.code/DumpedMethodsRestorer.cs | 71 ++++++++++++++++++++++++++++
 de4dot.code/ObfuscatedFile.cs        |  8 +++-
 de4dot.code/de4dot.code.csproj       |  1 +
 dot10                                |  2 +-
 5 files changed, 89 insertions(+), 5 deletions(-)
 create mode 100644 de4dot.code/DumpedMethodsRestorer.cs

diff --git a/de4dot.code/AssemblyModule.cs b/de4dot.code/AssemblyModule.cs
index 29b8dd99..c241433a 100644
--- a/de4dot.code/AssemblyModule.cs
+++ b/de4dot.code/AssemblyModule.cs
@@ -60,10 +60,16 @@ namespace de4dot.code {
 			module.Write(newFilename, writerOptions);
 		}
 
-		public ModuleDefMD reload(byte[] newModuleData, DumpedMethods dumpedMethods) {
+		public ModuleDefMD reload(byte[] newModuleData, DumpedMethodsRestorer dumpedMethodsRestorer, IStringDecrypter stringDecrypter) {
 			TheAssemblyResolver.Instance.removeModule(module);
-			//TODO: Use dumped methods
-			return setModule(ModuleDefMD.Load(newModuleData, moduleContext));
+			var mod = ModuleDefMD.Load(newModuleData, moduleContext);
+			if (dumpedMethodsRestorer != null)
+				dumpedMethodsRestorer.Module = mod;
+			mod.StringDecrypter = stringDecrypter;
+			mod.MethodDecrypter = dumpedMethodsRestorer;
+			mod.TablesStream.ColumnReader = dumpedMethodsRestorer;
+			mod.TablesStream.MethodRowReader = dumpedMethodsRestorer;
+			return setModule(mod);
 		}
 
 		public override string ToString() {
diff --git a/de4dot.code/DumpedMethodsRestorer.cs b/de4dot.code/DumpedMethodsRestorer.cs
new file mode 100644
index 00000000..5932e405
--- /dev/null
+++ b/de4dot.code/DumpedMethodsRestorer.cs
@@ -0,0 +1,71 @@
+/*
+    Copyright (C) 2011-2012 de4dot@gmail.com
+
+    This file is part of de4dot.
+
+    de4dot is free software: you can redistribute it and/or modify
+    it under the terms of the GNU General Public License as published by
+    the Free Software Foundation, either version 3 of the License, or
+    (at your option) any later version.
+
+    de4dot is distributed in the hope that it will be useful,
+    but WITHOUT ANY WARRANTY; without even the implied warranty of
+    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+    GNU General Public License for more details.
+
+    You should have received a copy of the GNU General Public License
+    along with de4dot.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+using System.Collections.Generic;
+using dot10.PE;
+using dot10.DotNet.MD;
+using dot10.DotNet.Emit;
+using dot10.DotNet;
+using de4dot.blocks;
+
+namespace de4dot.code {
+	class DumpedMethodsRestorer : IRowReader<RawMethodRow>, IColumnReader, IMethodDecrypter {
+		ModuleDefMD module;
+		DumpedMethods dumpedMethods;
+
+		public ModuleDefMD Module {
+			set { module = value; }
+		}
+
+		public DumpedMethodsRestorer(DumpedMethods dumpedMethods) {
+			this.dumpedMethods = dumpedMethods;
+		}
+
+		public virtual RawMethodRow ReadRow(uint rid) {
+			var dm = dumpedMethods.get(rid);
+			if (dm == null)
+				return null;
+			return new RawMethodRow(dm.mdRVA, dm.mdImplFlags, dm.mdFlags, dm.mdName, dm.mdSignature, dm.mdParamList);
+		}
+
+		public bool ReadColumn(MDTable table, uint rid, ColumnInfo column, out uint value) {
+			if (table.Table == Table.Method) {
+				var row = ReadRow(rid);
+				if (row != null) {
+					value = row.Read(column.Index);
+					return true;
+				}
+			}
+
+			value = 0;
+			return false;
+		}
+
+		public bool HasMethodBody(uint rid) {
+			return dumpedMethods.get(rid) != null;
+		}
+
+		public MethodBody GetMethodBody(uint rid, RVA rva, IList<Parameter> parameters) {
+			var dm = dumpedMethods.get(rid);
+			if (dm == null)
+				return null;
+			return MethodBodyReader.Create(module, dm.code, dm.extraSections, parameters);
+		}
+	}
+}
diff --git a/de4dot.code/ObfuscatedFile.cs b/de4dot.code/ObfuscatedFile.cs
index cd2a4f95..0e494a63 100644
--- a/de4dot.code/ObfuscatedFile.cs
+++ b/de4dot.code/ObfuscatedFile.cs
@@ -372,13 +372,19 @@ namespace de4dot.code {
 		void reloadModule(byte[] newModuleData, DumpedMethods dumpedMethods) {
 			Log.v("Reloading decrypted assembly (original filename: {0})", Filename);
 			simpleDeobfuscatorFlags.Clear();
-			module = assemblyModule.reload(newModuleData, dumpedMethods);
+			module = assemblyModule.reload(newModuleData, createDumpedMethodsRestorer(dumpedMethods), deob as IStringDecrypter);
 			deob = deob.moduleReloaded(module);
 			initializeDeobfuscator();
 			deob.DeobfuscatedFile = this;
 			updateDynamicStringInliner();
 		}
 
+		DumpedMethodsRestorer createDumpedMethodsRestorer(DumpedMethods dumpedMethods) {
+			if (dumpedMethods == null || dumpedMethods.Count == 0)
+				return null;
+			return new DumpedMethodsRestorer(dumpedMethods);
+		}
+
 		void initAssemblyClient() {
 			if (assemblyClient == null)
 				return;
diff --git a/de4dot.code/de4dot.code.csproj b/de4dot.code/de4dot.code.csproj
index 18821323..ba134565 100644
--- a/de4dot.code/de4dot.code.csproj
+++ b/de4dot.code/de4dot.code.csproj
@@ -266,6 +266,7 @@
     <Compile Include="IDeobfuscatorContext.cs" />
     <Compile Include="IObfuscatedFile.cs" />
     <Compile Include="Log.cs" />
+    <Compile Include="DumpedMethodsRestorer.cs" />
     <Compile Include="MethodPrinter.cs" />
     <Compile Include="MethodReturnValueInliner.cs" />
     <Compile Include="NameRegexes.cs" />
diff --git a/dot10 b/dot10
index 37baf8da..467c01e8 160000
--- a/dot10
+++ b/dot10
@@ -1 +1 @@
-Subproject commit 37baf8dadc492180aa050f726ab1a9557ffe44e1
+Subproject commit 467c01e824587bb5c09608c58adac718c465a356