Added 'default' string decrypter type
Eazfuscator.NET deobfuscator defaults to 'emulate' and the others to 'static'.
This commit is contained in:
parent
3010ebedbd
commit
ee60bf14f2
|
@ -76,6 +76,7 @@ namespace de4dot {
|
|||
|
||||
static CommandLineParser() {
|
||||
stringDecrypterTypes.add(DecrypterType.None, "none", "Don't decrypt strings");
|
||||
stringDecrypterTypes.add(DecrypterType.Default, "default", "Use default string decrypter type (usually static)");
|
||||
stringDecrypterTypes.add(DecrypterType.Static, "static", "Use static string decrypter if available");
|
||||
stringDecrypterTypes.add(DecrypterType.Delegate, "delegate", "Use a delegate to call the real string decrypter");
|
||||
stringDecrypterTypes.add(DecrypterType.Emulate, "emulate", "Call real string decrypter and emulate certain instructions");
|
||||
|
|
|
@ -22,13 +22,6 @@ using de4dot.deobfuscators;
|
|||
using Mono.Cecil;
|
||||
|
||||
namespace de4dot {
|
||||
public enum DecrypterType {
|
||||
None,
|
||||
Static,
|
||||
Delegate,
|
||||
Emulate,
|
||||
}
|
||||
|
||||
interface IObfuscatedFile {
|
||||
ModuleDefinition ModuleDefinition { get; }
|
||||
IDeobfuscator Deobfuscator { get; }
|
||||
|
|
|
@ -87,7 +87,7 @@ namespace de4dot {
|
|||
public bool KeepObfuscatorTypes { get; set; }
|
||||
|
||||
public Options() {
|
||||
StringDecrypterType = DecrypterType.Static;
|
||||
StringDecrypterType = DecrypterType.Default;
|
||||
StringDecrypterMethods = new List<string>();
|
||||
}
|
||||
}
|
||||
|
@ -159,18 +159,28 @@ namespace de4dot {
|
|||
if (deob == null)
|
||||
throw new ApplicationException("Could not detect obfuscator!");
|
||||
|
||||
if (options.StringDecrypterType == DecrypterType.Default)
|
||||
options.StringDecrypterType = deob.DefaultDecrypterType;
|
||||
if (options.StringDecrypterType == DecrypterType.Default)
|
||||
options.StringDecrypterType = DecrypterType.Static;
|
||||
|
||||
deob.Operations = createOperations();
|
||||
}
|
||||
|
||||
IOperations createOperations() {
|
||||
var op = new Operations();
|
||||
|
||||
if (options.StringDecrypterType == DecrypterType.None)
|
||||
switch (options.StringDecrypterType) {
|
||||
case DecrypterType.None:
|
||||
op.DecryptStrings = OpDecryptString.None;
|
||||
else if (options.StringDecrypterType == DecrypterType.Static)
|
||||
break;
|
||||
case DecrypterType.Static:
|
||||
op.DecryptStrings = OpDecryptString.Static;
|
||||
else
|
||||
break;
|
||||
default:
|
||||
op.DecryptStrings = OpDecryptString.Dynamic;
|
||||
break;
|
||||
}
|
||||
|
||||
op.RenameSymbols = options.RenameSymbols;
|
||||
op.KeepObfuscatorTypes = options.KeepObfuscatorTypes;
|
||||
|
|
|
@ -66,6 +66,7 @@ namespace de4dot.deobfuscators {
|
|||
public IOperations Operations { get; set; }
|
||||
public IDeobfuscatedFile DeobfuscatedFile { get; set; }
|
||||
public virtual StringFeatures StringFeatures { get; set; }
|
||||
public DecrypterType DefaultDecrypterType { get; set; }
|
||||
|
||||
public abstract string Type { get; }
|
||||
public abstract string Name { get; }
|
||||
|
@ -77,6 +78,7 @@ namespace de4dot.deobfuscators {
|
|||
public DeobfuscatorBase(OptionsBase optionsBase) {
|
||||
this.optionsBase = optionsBase;
|
||||
StringFeatures = StringFeatures.AllowAll;
|
||||
DefaultDecrypterType = DecrypterType.Static;
|
||||
}
|
||||
|
||||
public virtual void init(ModuleDefinition module, IList<MemberReference> memberReferences) {
|
||||
|
|
|
@ -62,6 +62,7 @@ namespace de4dot.deobfuscators.Eazfuscator {
|
|||
public Deobfuscator(Options options)
|
||||
: base(options) {
|
||||
this.options = options;
|
||||
DefaultDecrypterType = DecrypterType.Emulate;
|
||||
}
|
||||
|
||||
public override int detect() {
|
||||
|
|
|
@ -27,6 +27,14 @@ namespace de4dot.deobfuscators {
|
|||
bool RenameResourcesInCode { get; }
|
||||
}
|
||||
|
||||
public enum DecrypterType {
|
||||
Default,
|
||||
None,
|
||||
Static,
|
||||
Delegate,
|
||||
Emulate,
|
||||
}
|
||||
|
||||
[Flags]
|
||||
enum StringFeatures {
|
||||
AllowNoDecryption,
|
||||
|
@ -41,7 +49,8 @@ namespace de4dot.deobfuscators {
|
|||
Func<string, bool> IsValidName { get; }
|
||||
IDeobfuscatorOptions TheOptions { get; }
|
||||
IOperations Operations { get; set; }
|
||||
StringFeatures StringFeatures { get; set; }
|
||||
StringFeatures StringFeatures { get; }
|
||||
DecrypterType DefaultDecrypterType { get; }
|
||||
|
||||
// This is non-null only in init(), detect() and deobfuscateBegin().
|
||||
IDeobfuscatedFile DeobfuscatedFile { get; set; }
|
||||
|
|
Loading…
Reference in New Issue
Block a user