monocul.us/de4dot-cex
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Detect Confuser 1.4 r57778 compressor

Browse Source
This commit is contained in:
de4dot 2012-08-10 17:25:04 +02:00
parent 12f7034894
commit dfad2421b2
1 changed files with 11 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
de4dot.code/deobfuscators/Confuser/Unpacker.cs
View File

@ -76,6 +76,7 @@ namespace de4dot.code.deobfuscators.Confuser {
Unknown, Unknown,
v10_r42915, v10_r42915,
v10_r48717, v10_r48717,
v14_r57778,
v14_r58564, v14_r58564,
v14_r58802, v14_r58802,
v14_r58852, v14_r58852,
@ -125,8 +126,10 @@ namespace de4dot.code.deobfuscators.Confuser {
if (decryptLocals.exists("System.IO.MemoryStream")) { if (decryptLocals.exists("System.IO.MemoryStream")) {
if (DotNetUtils.hasString(entryPoint, ".exe")) if (DotNetUtils.hasString(entryPoint, ".exe"))
version = ConfuserVersion.v10_r42915; version = ConfuserVersion.v10_r42915;
else else if (DotNetUtils.callsMethod(entryPoint, "System.Void System.Security.PermissionSet::.ctor(System.Security.Permissions.PermissionState)"))
version = ConfuserVersion.v10_r48717; version = ConfuserVersion.v10_r48717;
else
version = ConfuserVersion.v14_r57778;
} }
else else
version = ConfuserVersion.v14_r58564; version = ConfuserVersion.v14_r58564;
@ -145,6 +148,7 @@ namespace de4dot.code.deobfuscators.Confuser {
switch (version) { switch (version) {
case ConfuserVersion.v10_r42915: case ConfuserVersion.v10_r42915:
case ConfuserVersion.v10_r48717: case ConfuserVersion.v10_r48717:
case ConfuserVersion.v14_r57778:
break; break;
case ConfuserVersion.v14_r58564: case ConfuserVersion.v14_r58564:
@ -450,6 +454,7 @@ namespace de4dot.code.deobfuscators.Confuser {
switch (version) { switch (version) {
case ConfuserVersion.v10_r42915: return decrypt_v10_r42915(data); case ConfuserVersion.v10_r42915: return decrypt_v10_r42915(data);
case ConfuserVersion.v10_r48717: return decrypt_v10_r42915(data); case ConfuserVersion.v10_r48717: return decrypt_v10_r42915(data);
case ConfuserVersion.v14_r57778: return decrypt_v10_r42915(data);
case ConfuserVersion.v14_r58564: return decrypt_v14_r58564(data); case ConfuserVersion.v14_r58564: return decrypt_v14_r58564(data);
case ConfuserVersion.v14_r58802: return decrypt_v14_r58564(data); case ConfuserVersion.v14_r58802: return decrypt_v14_r58564(data);
case ConfuserVersion.v14_r58852: return decrypt_v14_r58852(data); case ConfuserVersion.v14_r58852: return decrypt_v14_r58852(data);
@ -558,6 +563,11 @@ namespace de4dot.code.deobfuscators.Confuser {
case ConfuserVersion.v10_r48717: case ConfuserVersion.v10_r48717:
minRev = 48717; minRev = 48717;
maxRev = 57699;
return true;
case ConfuserVersion.v14_r57778:
minRev = 57778;
maxRev = 58446; maxRev = 58446;
return true; return true;