diff --git a/de4dot.code/de4dot.code.csproj b/de4dot.code/de4dot.code.csproj
index 28c7c8c6..a47ba12f 100644
--- a/de4dot.code/de4dot.code.csproj
+++ b/de4dot.code/de4dot.code.csproj
@@ -208,16 +208,16 @@
-
-
-
-
-
-
-
-
-
-
+
+
+
+
+
+
+
+
+
+
diff --git a/de4dot.code/deobfuscators/MaxtoCode/DecrypterInfo.cs b/de4dot.code/deobfuscators/MaxtoCode/DecrypterInfo.cs
index d15c2509..a92bb67a 100644
--- a/de4dot.code/deobfuscators/MaxtoCode/DecrypterInfo.cs
+++ b/de4dot.code/deobfuscators/MaxtoCode/DecrypterInfo.cs
@@ -21,7 +21,7 @@ using de4dot.PE;
namespace de4dot.code.deobfuscators.MaxtoCode {
class DecrypterInfo {
- public readonly MainType mainType;
+ public MainType mainType;
public readonly PeImage peImage;
public readonly PeHeader peHeader;
public readonly McKey mcKey;
diff --git a/de4dot.code/deobfuscators/MaxtoCode/Deobfuscator.cs b/de4dot.code/deobfuscators/MaxtoCode/Deobfuscator.cs
index fe5782bf..08358493 100644
--- a/de4dot.code/deobfuscators/MaxtoCode/Deobfuscator.cs
+++ b/de4dot.code/deobfuscators/MaxtoCode/Deobfuscator.cs
@@ -21,7 +21,7 @@ using System;
using System.Collections.Generic;
using System.Text;
using dot10.DotNet;
-using Mono.MyStuff;
+using de4dot.blocks;
namespace de4dot.code.deobfuscators.MaxtoCode {
public class DeobfuscatorInfo : DeobfuscatorInfoBase {
@@ -115,11 +115,12 @@ namespace de4dot.code.deobfuscators.MaxtoCode {
return true;
}
- public override IDeobfuscator moduleReloaded(ModuleDefinition module) {
+ public override IDeobfuscator moduleReloaded(ModuleDefMD module) {
var newOne = new Deobfuscator(options);
newOne.setModule(module);
newOne.mainType = new MainType(module, mainType);
newOne.decrypterInfo = decrypterInfo;
+ newOne.decrypterInfo.mainType = newOne.mainType;
return newOne;
}
@@ -137,7 +138,6 @@ namespace de4dot.code.deobfuscators.MaxtoCode {
foreach (var method in mainType.InitMethods)
addCctorInitCallToBeRemoved(method);
addTypeToBeRemoved(mainType.Type, "Obfuscator type");
- addModuleReferencesToBeRemoved(mainType.ModuleReferences, "MC runtime module reference");
removeDuplicateEmbeddedResources();
}
@@ -159,18 +159,22 @@ namespace de4dot.code.deobfuscators.MaxtoCode {
}
public override int GetHashCode() {
- return resource._GetHashCode();
+ int hash = 0;
+ hash ^= (int)resource.Data.Position;
+ hash ^= (int)resource.Data.Length;
+ return hash;
}
public override bool Equals(object obj) {
var other = obj as ResourceKey;
if (other == null)
return false;
- return resource._Equals(other.resource);
+ return resource.Data.FileOffset == other.resource.Data.FileOffset &&
+ resource.Data.Length == other.resource.Data.Length;
}
public override string ToString() {
- return resource.Name;
+ return resource.Name.String;
}
}
@@ -180,7 +184,7 @@ namespace de4dot.code.deobfuscators.MaxtoCode {
var rsrc = tmp as EmbeddedResource;
if (rsrc == null)
continue;
- if (rsrc.Offset == null)
+ if (rsrc.Data.FileOffset == 0)
continue;
List list;
var key = new ResourceKey(rsrc);
@@ -195,7 +199,7 @@ namespace de4dot.code.deobfuscators.MaxtoCode {
EmbeddedResource resourceToKeep = null;
foreach (var rsrc in list) {
- if (string.IsNullOrEmpty(rsrc.Name))
+ if (UTF8String.IsNullOrEmpty(rsrc.Name))
continue;
resourceToKeep = rsrc;
diff --git a/de4dot.code/deobfuscators/MaxtoCode/MainType.cs b/de4dot.code/deobfuscators/MaxtoCode/MainType.cs
index 37c98fcb..a39f62a2 100644
--- a/de4dot.code/deobfuscators/MaxtoCode/MainType.cs
+++ b/de4dot.code/deobfuscators/MaxtoCode/MainType.cs
@@ -24,9 +24,8 @@ using de4dot.blocks;
namespace de4dot.code.deobfuscators.MaxtoCode {
class MainType {
- ModuleDefinition module;
+ ModuleDefMD module;
TypeDef mcType;
- ModuleReference mcModule1, mcModule2;
bool isOld;
public bool IsOld {
@@ -37,17 +36,6 @@ namespace de4dot.code.deobfuscators.MaxtoCode {
get { return mcType; }
}
- public IEnumerable ModuleReferences {
- get {
- var list = new List();
- if (mcModule1 != null)
- list.Add(mcModule1);
- if (mcModule2 != null)
- list.Add(mcModule2);
- return list;
- }
- }
-
public IEnumerable InitMethods {
get {
var list = new List();
@@ -65,15 +53,13 @@ namespace de4dot.code.deobfuscators.MaxtoCode {
get { return mcType != null; }
}
- public MainType(ModuleDefinition module) {
+ public MainType(ModuleDefMD module) {
this.module = module;
}
- public MainType(ModuleDefinition module, MainType oldOne) {
+ public MainType(ModuleDefMD module, MainType oldOne) {
this.module = module;
this.mcType = lookup(oldOne.mcType, "Could not find main type");
- this.mcModule1 = DeobUtils.lookup(module, oldOne.mcModule1, "Could not find MC runtime module ref #1");
- this.mcModule2 = DeobUtils.lookup(module, oldOne.mcModule2, "Could not find MC runtime module ref #2");
}
T lookup(T def, string errorMessage) where T : class, ICodedToken {
@@ -94,14 +80,12 @@ namespace de4dot.code.deobfuscators.MaxtoCode {
if (!DotNetUtils.isMethod(method, "System.Void", "()"))
continue;
- ModuleReference module1, module2;
+ ModuleRef module1, module2;
bool isOldTmp;
if (!checkType(method.DeclaringType, out module1, out module2, out isOldTmp))
continue;
mcType = method.DeclaringType;
- mcModule1 = module1;
- mcModule2 = module2;
isOld = isOldTmp;
return true;
}
@@ -109,11 +93,11 @@ namespace de4dot.code.deobfuscators.MaxtoCode {
return false;
}
- static bool checkType(TypeDef type, out ModuleReference module1, out ModuleReference module2, out bool isOld) {
+ static bool checkType(TypeDef type, out ModuleRef module1, out ModuleRef module2, out bool isOld) {
module1 = module2 = null;
isOld = false;
- if (DotNetUtils.getMethod(type, "Startup") == null)
+ if (type.FindMethod("Startup") == null)
return false;
var pinvokes = getPinvokes(type);
@@ -126,20 +110,20 @@ namespace de4dot.code.deobfuscators.MaxtoCode {
// Newer versions (3.4+ ???) also have GetModuleBase()
isOld = getPinvokeList(pinvokes, "GetModuleBase") == null;
- module1 = pinvokeList[0].PInvokeInfo.Module;
- module2 = pinvokeList[1].PInvokeInfo.Module;
+ module1 = pinvokeList[0].ImplMap.Module;
+ module2 = pinvokeList[1].ImplMap.Module;
return true;
}
static Dictionary> getPinvokes(TypeDef type) {
var pinvokes = new Dictionary>(StringComparer.Ordinal);
foreach (var method in type.Methods) {
- var info = method.PInvokeInfo;
- if (info == null || info.EntryPoint == null)
+ var info = method.ImplMap;
+ if (info == null || UTF8String.IsNullOrEmpty(info.Name))
continue;
List list;
- if (!pinvokes.TryGetValue(info.EntryPoint, out list))
- pinvokes[info.EntryPoint] = list = new List();
+ if (!pinvokes.TryGetValue(info.Name.String, out list))
+ pinvokes[info.Name.String] = list = new List();
list.Add(method);
}
return pinvokes;
diff --git a/de4dot.code/deobfuscators/MaxtoCode/MethodsDecrypter.cs b/de4dot.code/deobfuscators/MaxtoCode/MethodsDecrypter.cs
index 1718d837..39f07e34 100644
--- a/de4dot.code/deobfuscators/MaxtoCode/MethodsDecrypter.cs
+++ b/de4dot.code/deobfuscators/MaxtoCode/MethodsDecrypter.cs
@@ -21,8 +21,8 @@ using System;
using System.Collections.Generic;
using System.IO;
using System.Text;
-using Mono.MyStuff;
using de4dot.PE;
+using de4dot.blocks;
namespace de4dot.code.deobfuscators.MaxtoCode {
// Decrypts methods, resources and strings (#US heap)
diff --git a/de4dot.cui/Program.cs b/de4dot.cui/Program.cs
index a9293d18..2aff2fb5 100644
--- a/de4dot.cui/Program.cs
+++ b/de4dot.cui/Program.cs
@@ -52,8 +52,8 @@ namespace de4dot.cui {
new de4dot.code.deobfuscators.Goliath_NET.DeobfuscatorInfo(),
#if PORT
new de4dot.code.deobfuscators.ILProtector.DeobfuscatorInfo(),
- new de4dot.code.deobfuscators.MaxtoCode.DeobfuscatorInfo(),
#endif
+ new de4dot.code.deobfuscators.MaxtoCode.DeobfuscatorInfo(),
new de4dot.code.deobfuscators.MPRESS.DeobfuscatorInfo(),
new de4dot.code.deobfuscators.Rummage.DeobfuscatorInfo(),
new de4dot.code.deobfuscators.Skater_NET.DeobfuscatorInfo(),