Add CanInlineMethods to IDeobfuscator
This commit is contained in:
parent
2fcd13000b
commit
e7ceb50382
|
@ -210,8 +210,8 @@ namespace de4dot {
|
||||||
foreach (var deob in deobfuscators) {
|
foreach (var deob in deobfuscators) {
|
||||||
if (string.Equals(options.ForcedObfuscatorType, deob.Type, StringComparison.OrdinalIgnoreCase)) {
|
if (string.Equals(options.ForcedObfuscatorType, deob.Type, StringComparison.OrdinalIgnoreCase)) {
|
||||||
deob.earlyDetect();
|
deob.earlyDetect();
|
||||||
deob.detect();
|
|
||||||
this.deob = deob;
|
this.deob = deob;
|
||||||
|
deob.detect();
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -244,6 +244,7 @@ namespace de4dot {
|
||||||
IDeobfuscator detected = null;
|
IDeobfuscator detected = null;
|
||||||
int detectVal = 0;
|
int detectVal = 0;
|
||||||
foreach (var deob in deobfuscators) {
|
foreach (var deob in deobfuscators) {
|
||||||
|
this.deob = deob; // So we can call deob.CanInlineMethods in deobfuscate()
|
||||||
int val = deob.detect();
|
int val = deob.detect();
|
||||||
Log.v("{0,3}: {1}", val, deob.Type);
|
Log.v("{0,3}: {1}", val, deob.Type);
|
||||||
if (val > detectVal) {
|
if (val > detectVal) {
|
||||||
|
@ -251,6 +252,7 @@ namespace de4dot {
|
||||||
detected = deob;
|
detected = deob;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
this.deob = null;
|
||||||
return detected;
|
return detected;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -470,7 +472,7 @@ namespace de4dot {
|
||||||
|
|
||||||
Log.v("Deobfuscating methods");
|
Log.v("Deobfuscating methods");
|
||||||
var methodPrinter = new MethodPrinter();
|
var methodPrinter = new MethodPrinter();
|
||||||
var cflowDeobfuscator = new BlocksCflowDeobfuscator();
|
var cflowDeobfuscator = new BlocksCflowDeobfuscator { InlineMethods = deob.CanInlineMethods };
|
||||||
foreach (var method in allMethods) {
|
foreach (var method in allMethods) {
|
||||||
Log.v("Deobfuscating {0} ({1:X8})", method, method.MetadataToken.ToUInt32());
|
Log.v("Deobfuscating {0} ({1:X8})", method, method.MetadataToken.ToUInt32());
|
||||||
Log.indent();
|
Log.indent();
|
||||||
|
@ -486,10 +488,8 @@ namespace de4dot {
|
||||||
cflowDeobfuscator.deobfuscate();
|
cflowDeobfuscator.deobfuscate();
|
||||||
}
|
}
|
||||||
|
|
||||||
if (deob.deobfuscateOther(blocks) && options.ControlFlowDeobfuscation) {
|
if (deob.deobfuscateOther(blocks) && options.ControlFlowDeobfuscation)
|
||||||
cflowDeobfuscator.init(blocks);
|
|
||||||
cflowDeobfuscator.deobfuscate();
|
cflowDeobfuscator.deobfuscate();
|
||||||
}
|
|
||||||
|
|
||||||
if (options.ControlFlowDeobfuscation) {
|
if (options.ControlFlowDeobfuscation) {
|
||||||
numRemovedLocals = blocks.optimizeLocals();
|
numRemovedLocals = blocks.optimizeLocals();
|
||||||
|
@ -777,6 +777,7 @@ namespace de4dot {
|
||||||
|
|
||||||
deobfuscate(method, "Deobfuscating control flow", (blocks) => {
|
deobfuscate(method, "Deobfuscating control flow", (blocks) => {
|
||||||
var cflowDeobfuscator = new BlocksCflowDeobfuscator();
|
var cflowDeobfuscator = new BlocksCflowDeobfuscator();
|
||||||
|
cflowDeobfuscator.InlineMethods = deob.CanInlineMethods;
|
||||||
cflowDeobfuscator.init(blocks);
|
cflowDeobfuscator.init(blocks);
|
||||||
cflowDeobfuscator.deobfuscate();
|
cflowDeobfuscator.deobfuscate();
|
||||||
});
|
});
|
||||||
|
|
|
@ -71,6 +71,10 @@ namespace de4dot.deobfuscators {
|
||||||
public abstract string Type { get; }
|
public abstract string Type { get; }
|
||||||
public abstract string Name { get; }
|
public abstract string Name { get; }
|
||||||
|
|
||||||
|
public virtual bool CanInlineMethods {
|
||||||
|
get { return false; }
|
||||||
|
}
|
||||||
|
|
||||||
public Func<string, bool> IsValidName {
|
public Func<string, bool> IsValidName {
|
||||||
get { return (name) => optionsBase.ValidNameRegex.isMatch(name); }
|
get { return (name) => optionsBase.ValidNameRegex.isMatch(name); }
|
||||||
}
|
}
|
||||||
|
|
|
@ -56,6 +56,9 @@ namespace de4dot.deobfuscators {
|
||||||
// This is non-null only in detect() and deobfuscateBegin().
|
// This is non-null only in detect() and deobfuscateBegin().
|
||||||
IDeobfuscatedFile DeobfuscatedFile { get; set; }
|
IDeobfuscatedFile DeobfuscatedFile { get; set; }
|
||||||
|
|
||||||
|
// Return true if methods can be inlined
|
||||||
|
bool CanInlineMethods { get; }
|
||||||
|
|
||||||
void init(ModuleDefinition module);
|
void init(ModuleDefinition module);
|
||||||
|
|
||||||
// Same as detect() but may be used by deobfuscators to detect obfuscator that decrypt
|
// Same as detect() but may be used by deobfuscators to detect obfuscator that decrypt
|
||||||
|
|
Loading…
Reference in New Issue
Block a user