monocul.us/de4dot-cex
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Add option to disable decrypting main embedded assembly

Browse Source
This commit is contained in:
de4dot 2012-07-24 18:52:39 +02:00
parent 490ce203b6
commit e1f8793302
1 changed files with 6 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
de4dot.code/deobfuscators/CodeWall/Deobfuscator.cs
View File

@ -30,10 +30,12 @@ namespace de4dot.code.deobfuscators.CodeWall {
public const string THE_TYPE = "cw"; public const string THE_TYPE = "cw";
const string DEFAULT_REGEX = @"!^[0-9A-F]{32}$&!^[_<>{}$.`-]$&" + DeobfuscatorBase.DEFAULT_VALID_NAME_REGEX; const string DEFAULT_REGEX = @"!^[0-9A-F]{32}$&!^[_<>{}$.`-]$&" + DeobfuscatorBase.DEFAULT_VALID_NAME_REGEX;
BoolOption dumpEmbeddedAssemblies; BoolOption dumpEmbeddedAssemblies;
BoolOption decryptMainAsm;
public DeobfuscatorInfo() public DeobfuscatorInfo()
: base(DEFAULT_REGEX) { : base(DEFAULT_REGEX) {
dumpEmbeddedAssemblies = new BoolOption(null, makeArgName("embedded"), "Dump embedded assemblies", true); dumpEmbeddedAssemblies = new BoolOption(null, makeArgName("embedded"), "Dump embedded assemblies", true);
decryptMainAsm = new BoolOption(null, makeArgName("decrypt-main"), "Decrypt main embedded assembly", true);
} }
public override string Name { public override string Name {
@ -48,12 +50,14 @@ namespace de4dot.code.deobfuscators.CodeWall {
return new Deobfuscator(new Deobfuscator.Options { return new Deobfuscator(new Deobfuscator.Options {
ValidNameRegex = validNameRegex.get(), ValidNameRegex = validNameRegex.get(),
DumpEmbeddedAssemblies = dumpEmbeddedAssemblies.get(), DumpEmbeddedAssemblies = dumpEmbeddedAssemblies.get(),
DecryptMainAsm = decryptMainAsm.get(),
}); });
} }
protected override IEnumerable<Option> getOptionsInternal() { protected override IEnumerable<Option> getOptionsInternal() {
return new List<Option>() { return new List<Option>() {
dumpEmbeddedAssemblies, dumpEmbeddedAssemblies,
decryptMainAsm,
}; };
} }
} }
@ -67,6 +71,7 @@ namespace de4dot.code.deobfuscators.CodeWall {
internal class Options : OptionsBase { internal class Options : OptionsBase {
public bool DumpEmbeddedAssemblies { get; set; } public bool DumpEmbeddedAssemblies { get; set; }
public bool DecryptMainAsm { get; set; }
} }
public override string Type { public override string Type {
@ -142,7 +147,7 @@ namespace de4dot.code.deobfuscators.CodeWall {
} }
} }
if ((decryptState & DecryptState.CanGetMainAssembly) != 0) { if (options.DecryptMainAsm && (decryptState & DecryptState.CanGetMainAssembly) != 0) {
newFileData = getMainAssemblyBytes(); newFileData = getMainAssemblyBytes();
if (newFileData != null) { if (newFileData != null) {
ModuleBytes = newFileData; ModuleBytes = newFileData;