Added 'default' string decrypter type
Eazfuscator.NET deobfuscator defaults to 'emulate' and the others to 'static'.
This commit is contained in:
parent
3010ebedbd
commit
ee60bf14f2
|
@ -76,6 +76,7 @@ namespace de4dot {
|
||||||
|
|
||||||
static CommandLineParser() {
|
static CommandLineParser() {
|
||||||
stringDecrypterTypes.add(DecrypterType.None, "none", "Don't decrypt strings");
|
stringDecrypterTypes.add(DecrypterType.None, "none", "Don't decrypt strings");
|
||||||
|
stringDecrypterTypes.add(DecrypterType.Default, "default", "Use default string decrypter type (usually static)");
|
||||||
stringDecrypterTypes.add(DecrypterType.Static, "static", "Use static string decrypter if available");
|
stringDecrypterTypes.add(DecrypterType.Static, "static", "Use static string decrypter if available");
|
||||||
stringDecrypterTypes.add(DecrypterType.Delegate, "delegate", "Use a delegate to call the real string decrypter");
|
stringDecrypterTypes.add(DecrypterType.Delegate, "delegate", "Use a delegate to call the real string decrypter");
|
||||||
stringDecrypterTypes.add(DecrypterType.Emulate, "emulate", "Call real string decrypter and emulate certain instructions");
|
stringDecrypterTypes.add(DecrypterType.Emulate, "emulate", "Call real string decrypter and emulate certain instructions");
|
||||||
|
|
|
@ -22,13 +22,6 @@ using de4dot.deobfuscators;
|
||||||
using Mono.Cecil;
|
using Mono.Cecil;
|
||||||
|
|
||||||
namespace de4dot {
|
namespace de4dot {
|
||||||
public enum DecrypterType {
|
|
||||||
None,
|
|
||||||
Static,
|
|
||||||
Delegate,
|
|
||||||
Emulate,
|
|
||||||
}
|
|
||||||
|
|
||||||
interface IObfuscatedFile {
|
interface IObfuscatedFile {
|
||||||
ModuleDefinition ModuleDefinition { get; }
|
ModuleDefinition ModuleDefinition { get; }
|
||||||
IDeobfuscator Deobfuscator { get; }
|
IDeobfuscator Deobfuscator { get; }
|
||||||
|
|
|
@ -87,7 +87,7 @@ namespace de4dot {
|
||||||
public bool KeepObfuscatorTypes { get; set; }
|
public bool KeepObfuscatorTypes { get; set; }
|
||||||
|
|
||||||
public Options() {
|
public Options() {
|
||||||
StringDecrypterType = DecrypterType.Static;
|
StringDecrypterType = DecrypterType.Default;
|
||||||
StringDecrypterMethods = new List<string>();
|
StringDecrypterMethods = new List<string>();
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -159,18 +159,28 @@ namespace de4dot {
|
||||||
if (deob == null)
|
if (deob == null)
|
||||||
throw new ApplicationException("Could not detect obfuscator!");
|
throw new ApplicationException("Could not detect obfuscator!");
|
||||||
|
|
||||||
|
if (options.StringDecrypterType == DecrypterType.Default)
|
||||||
|
options.StringDecrypterType = deob.DefaultDecrypterType;
|
||||||
|
if (options.StringDecrypterType == DecrypterType.Default)
|
||||||
|
options.StringDecrypterType = DecrypterType.Static;
|
||||||
|
|
||||||
deob.Operations = createOperations();
|
deob.Operations = createOperations();
|
||||||
}
|
}
|
||||||
|
|
||||||
IOperations createOperations() {
|
IOperations createOperations() {
|
||||||
var op = new Operations();
|
var op = new Operations();
|
||||||
|
|
||||||
if (options.StringDecrypterType == DecrypterType.None)
|
switch (options.StringDecrypterType) {
|
||||||
|
case DecrypterType.None:
|
||||||
op.DecryptStrings = OpDecryptString.None;
|
op.DecryptStrings = OpDecryptString.None;
|
||||||
else if (options.StringDecrypterType == DecrypterType.Static)
|
break;
|
||||||
|
case DecrypterType.Static:
|
||||||
op.DecryptStrings = OpDecryptString.Static;
|
op.DecryptStrings = OpDecryptString.Static;
|
||||||
else
|
break;
|
||||||
|
default:
|
||||||
op.DecryptStrings = OpDecryptString.Dynamic;
|
op.DecryptStrings = OpDecryptString.Dynamic;
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
|
||||||
op.RenameSymbols = options.RenameSymbols;
|
op.RenameSymbols = options.RenameSymbols;
|
||||||
op.KeepObfuscatorTypes = options.KeepObfuscatorTypes;
|
op.KeepObfuscatorTypes = options.KeepObfuscatorTypes;
|
||||||
|
|
|
@ -66,6 +66,7 @@ namespace de4dot.deobfuscators {
|
||||||
public IOperations Operations { get; set; }
|
public IOperations Operations { get; set; }
|
||||||
public IDeobfuscatedFile DeobfuscatedFile { get; set; }
|
public IDeobfuscatedFile DeobfuscatedFile { get; set; }
|
||||||
public virtual StringFeatures StringFeatures { get; set; }
|
public virtual StringFeatures StringFeatures { get; set; }
|
||||||
|
public DecrypterType DefaultDecrypterType { get; set; }
|
||||||
|
|
||||||
public abstract string Type { get; }
|
public abstract string Type { get; }
|
||||||
public abstract string Name { get; }
|
public abstract string Name { get; }
|
||||||
|
@ -77,6 +78,7 @@ namespace de4dot.deobfuscators {
|
||||||
public DeobfuscatorBase(OptionsBase optionsBase) {
|
public DeobfuscatorBase(OptionsBase optionsBase) {
|
||||||
this.optionsBase = optionsBase;
|
this.optionsBase = optionsBase;
|
||||||
StringFeatures = StringFeatures.AllowAll;
|
StringFeatures = StringFeatures.AllowAll;
|
||||||
|
DefaultDecrypterType = DecrypterType.Static;
|
||||||
}
|
}
|
||||||
|
|
||||||
public virtual void init(ModuleDefinition module, IList<MemberReference> memberReferences) {
|
public virtual void init(ModuleDefinition module, IList<MemberReference> memberReferences) {
|
||||||
|
|
|
@ -62,6 +62,7 @@ namespace de4dot.deobfuscators.Eazfuscator {
|
||||||
public Deobfuscator(Options options)
|
public Deobfuscator(Options options)
|
||||||
: base(options) {
|
: base(options) {
|
||||||
this.options = options;
|
this.options = options;
|
||||||
|
DefaultDecrypterType = DecrypterType.Emulate;
|
||||||
}
|
}
|
||||||
|
|
||||||
public override int detect() {
|
public override int detect() {
|
||||||
|
|
|
@ -27,6 +27,14 @@ namespace de4dot.deobfuscators {
|
||||||
bool RenameResourcesInCode { get; }
|
bool RenameResourcesInCode { get; }
|
||||||
}
|
}
|
||||||
|
|
||||||
|
public enum DecrypterType {
|
||||||
|
Default,
|
||||||
|
None,
|
||||||
|
Static,
|
||||||
|
Delegate,
|
||||||
|
Emulate,
|
||||||
|
}
|
||||||
|
|
||||||
[Flags]
|
[Flags]
|
||||||
enum StringFeatures {
|
enum StringFeatures {
|
||||||
AllowNoDecryption,
|
AllowNoDecryption,
|
||||||
|
@ -41,7 +49,8 @@ namespace de4dot.deobfuscators {
|
||||||
Func<string, bool> IsValidName { get; }
|
Func<string, bool> IsValidName { get; }
|
||||||
IDeobfuscatorOptions TheOptions { get; }
|
IDeobfuscatorOptions TheOptions { get; }
|
||||||
IOperations Operations { get; set; }
|
IOperations Operations { get; set; }
|
||||||
StringFeatures StringFeatures { get; set; }
|
StringFeatures StringFeatures { get; }
|
||||||
|
DecrypterType DefaultDecrypterType { get; }
|
||||||
|
|
||||||
// This is non-null only in init(), detect() and deobfuscateBegin().
|
// This is non-null only in init(), detect() and deobfuscateBegin().
|
||||||
IDeobfuscatedFile DeobfuscatedFile { get; set; }
|
IDeobfuscatedFile DeobfuscatedFile { get; set; }
|
||||||
|
|
Loading…
Reference in New Issue
Block a user