Added 'default' string decrypter type

Eazfuscator.NET deobfuscator defaults to 'emulate' and the others to 'static'.
2011-09-28 16:06:10 +02:00 · 2011-09-28 16:06:10 +02:00 · ee60bf14f2
commit ee60bf14f2
parent 3010ebedbd
6 changed files with 28 additions and 12 deletions
--- a/de4dot.code/CommandLineParser.cs
+++ b/de4dot.code/CommandLineParser.cs
@ -76,6 +76,7 @@ namespace de4dot {

 		static CommandLineParser() {
 			stringDecrypterTypes.add(DecrypterType.None, "none", "Don't decrypt strings");
+			stringDecrypterTypes.add(DecrypterType.Default, "default", "Use default string decrypter type (usually static)");
 			stringDecrypterTypes.add(DecrypterType.Static, "static", "Use static string decrypter if available");
 			stringDecrypterTypes.add(DecrypterType.Delegate, "delegate", "Use a delegate to call the real string decrypter");
 			stringDecrypterTypes.add(DecrypterType.Emulate, "emulate", "Call real string decrypter and emulate certain instructions");
--- a/de4dot.code/IObfuscatedFile.cs
+++ b/de4dot.code/IObfuscatedFile.cs
@ -22,13 +22,6 @@ using de4dot.deobfuscators;
 using Mono.Cecil;

 namespace de4dot {
-	public enum DecrypterType {
-		None,
-		Static,
-		Delegate,
-		Emulate,
-	}
-
 	interface IObfuscatedFile {
 		ModuleDefinition ModuleDefinition { get; }
 		IDeobfuscator Deobfuscator { get; }
--- a/de4dot.code/ObfuscatedFile.cs
+++ b/de4dot.code/ObfuscatedFile.cs
@ -87,7 +87,7 @@ namespace de4dot {
 			public bool KeepObfuscatorTypes { get; set; }

 			public Options() {
-				StringDecrypterType = DecrypterType.Static;
+				StringDecrypterType = DecrypterType.Default;
 				StringDecrypterMethods = new List<string>();
 			}
 		}
@ -159,18 +159,28 @@ namespace de4dot {
 			if (deob == null)
 				throw new ApplicationException("Could not detect obfuscator!");

+			if (options.StringDecrypterType == DecrypterType.Default)
+				options.StringDecrypterType = deob.DefaultDecrypterType;
+			if (options.StringDecrypterType == DecrypterType.Default)
+				options.StringDecrypterType = DecrypterType.Static;
+
 			deob.Operations = createOperations();
 		}

 		IOperations createOperations() {
 			var op = new Operations();

-			if (options.StringDecrypterType == DecrypterType.None)
+			switch (options.StringDecrypterType) {
+			case DecrypterType.None:
 				op.DecryptStrings = OpDecryptString.None;
-			else if (options.StringDecrypterType == DecrypterType.Static)
+				break;
+			case DecrypterType.Static:
 				op.DecryptStrings = OpDecryptString.Static;
-			else
+				break;
+			default:
 				op.DecryptStrings = OpDecryptString.Dynamic;
+				break;
+			}

 			op.RenameSymbols = options.RenameSymbols;
 			op.KeepObfuscatorTypes = options.KeepObfuscatorTypes;
--- a/de4dot.code/deobfuscators/DeobfuscatorBase.cs
+++ b/de4dot.code/deobfuscators/DeobfuscatorBase.cs
@ -66,6 +66,7 @@ namespace de4dot.deobfuscators {
 		public IOperations Operations { get; set; }
 		public IDeobfuscatedFile DeobfuscatedFile { get; set; }
 		public virtual StringFeatures StringFeatures { get; set; }
+		public DecrypterType DefaultDecrypterType { get; set; }

 		public abstract string Type { get; }
 		public abstract string Name { get; }
@ -77,6 +78,7 @@ namespace de4dot.deobfuscators {
 		public DeobfuscatorBase(OptionsBase optionsBase) {
 			this.optionsBase = optionsBase;
 			StringFeatures = StringFeatures.AllowAll;
+			DefaultDecrypterType = DecrypterType.Static;
 		}

 		public virtual void init(ModuleDefinition module, IList<MemberReference> memberReferences) {
--- a/de4dot.code/deobfuscators/Eazfuscator/Deobfuscator.cs
+++ b/de4dot.code/deobfuscators/Eazfuscator/Deobfuscator.cs
@ -62,6 +62,7 @@ namespace de4dot.deobfuscators.Eazfuscator {
 		public Deobfuscator(Options options)
 			: base(options) {
 			this.options = options;
+			DefaultDecrypterType = DecrypterType.Emulate;
 		}

 		public override int detect() {
--- a/de4dot.code/deobfuscators/IDeobfuscator.cs
+++ b/de4dot.code/deobfuscators/IDeobfuscator.cs
@ -27,6 +27,14 @@ namespace de4dot.deobfuscators {
 		bool RenameResourcesInCode { get; }
 	}

+	public enum DecrypterType {
+		Default,
+		None,
+		Static,
+		Delegate,
+		Emulate,
+	}
+
 	[Flags]
 	enum StringFeatures {
 		AllowNoDecryption,
@ -41,7 +49,8 @@ namespace de4dot.deobfuscators {
 		Func<string, bool> IsValidName { get; }
 		IDeobfuscatorOptions TheOptions { get; }
 		IOperations Operations { get; set; }
-		StringFeatures StringFeatures { get; set; }
+		StringFeatures StringFeatures { get; }
+		DecrypterType DefaultDecrypterType { get; }

 		// This is non-null only in init(), detect() and deobfuscateBegin().
 		IDeobfuscatedFile DeobfuscatedFile { get; set; }