diff --git a/de4dot.code/de4dot.code.csproj b/de4dot.code/de4dot.code.csproj
index ace0b2d3..545079ac 100644
--- a/de4dot.code/de4dot.code.csproj
+++ b/de4dot.code/de4dot.code.csproj
@@ -115,13 +115,13 @@
-
-
-
-
-
-
-
+
+
+
+
+
+
+
diff --git a/de4dot.code/deobfuscators/CodeWall/AssemblyDecrypter.cs b/de4dot.code/deobfuscators/CodeWall/AssemblyDecrypter.cs
index 1e3ed8b0..fd82771d 100644
--- a/de4dot.code/deobfuscators/CodeWall/AssemblyDecrypter.cs
+++ b/de4dot.code/deobfuscators/CodeWall/AssemblyDecrypter.cs
@@ -29,7 +29,7 @@ using de4dot.code.resources;
namespace de4dot.code.deobfuscators.CodeWall {
class AssemblyDecrypter {
- ModuleDefinition module;
+ ModuleDefMD module;
ISimpleDeobfuscator simpleDeobfuscator;
IDeobfuscator deob;
List assemblyInfos = new List();
@@ -37,7 +37,7 @@ namespace de4dot.code.deobfuscators.CodeWall {
string resourcePassword;
string resourceSalt;
EmbeddedResource assemblyResource;
- ModuleDefinition resourceModule;
+ ModuleDefMD resourceModule;
public class AssemblyInfo {
public readonly byte[] data;
@@ -63,7 +63,7 @@ namespace de4dot.code.deobfuscators.CodeWall {
get { return assemblyInfos; }
}
- public AssemblyDecrypter(ModuleDefinition module, ISimpleDeobfuscator simpleDeobfuscator, IDeobfuscator deob) {
+ public AssemblyDecrypter(ModuleDefMD module, ISimpleDeobfuscator simpleDeobfuscator, IDeobfuscator deob) {
this.module = module;
this.simpleDeobfuscator = simpleDeobfuscator;
this.deob = deob;
@@ -80,7 +80,7 @@ namespace de4dot.code.deobfuscators.CodeWall {
return;
deobfuscateAll(decryptAssemblyMethod);
- ModuleDefinition theResourceModule;
+ ModuleDefMD theResourceModule;
var resource = getResource(decryptAssemblyMethod, out theResourceModule);
if (resource == null)
return;
@@ -155,7 +155,7 @@ namespace de4dot.code.deobfuscators.CodeWall {
return null;
}
- EmbeddedResource getResource(MethodDef method, out ModuleDefinition theResourceModule) {
+ EmbeddedResource getResource(MethodDef method, out ModuleDefMD theResourceModule) {
string resourceDllFileName = null;
theResourceModule = module;
foreach (var s in DotNetUtils.getCodeStrings(method)) {
@@ -182,10 +182,10 @@ namespace de4dot.code.deobfuscators.CodeWall {
return null;
}
- ModuleDefinition getResourceModule(string name) {
+ ModuleDefMD getResourceModule(string name) {
try {
- var resourceDllFileName = Path.Combine(Path.GetDirectoryName(module.FullyQualifiedName), name.Substring(1));
- return ModuleDefinition.ReadModule(resourceDllFileName);
+ var resourceDllFileName = Path.Combine(Path.GetDirectoryName(module.Location), name.Substring(1));
+ return ModuleDefMD.Load(resourceDllFileName);
}
catch {
return null;
@@ -217,15 +217,15 @@ namespace de4dot.code.deobfuscators.CodeWall {
void decryptAllAssemblies() {
if (assemblyResource == null)
return;
- var resourceSet = ResourceReader.read(resourceModule, assemblyResource.GetResourceStream());
+ var resourceSet = ResourceReader.read(resourceModule, assemblyResource.Data);
foreach (var resourceElement in resourceSet.ResourceElements) {
if (resourceElement.ResourceData.Code != ResourceTypeCode.ByteArray)
throw new ApplicationException("Invalid resource");
var resourceData = (BuiltInResourceData)resourceElement.ResourceData;
var assemblyData = decrypt((byte[])resourceData.Data);
- var theModule = ModuleDefinition.ReadModule(new MemoryStream(assemblyData));
+ var theModule = ModuleDefMD.Load(assemblyData);
bool isMain = resourceElement.Name == entryPointAssemblyKey;
- assemblyInfos.Add(new AssemblyInfo(assemblyData, DeobUtils.getExtension(theModule.Kind), theModule.Assembly.FullName, theModule.Assembly.Name.Name, isMain));
+ assemblyInfos.Add(new AssemblyInfo(assemblyData, DeobUtils.getExtension(theModule.Kind), theModule.Assembly.FullName, theModule.Assembly.Name.String, isMain));
}
}
diff --git a/de4dot.code/deobfuscators/CodeWall/Deobfuscator.cs b/de4dot.code/deobfuscators/CodeWall/Deobfuscator.cs
index 0ee7b916..f510de27 100644
--- a/de4dot.code/deobfuscators/CodeWall/Deobfuscator.cs
+++ b/de4dot.code/deobfuscators/CodeWall/Deobfuscator.cs
@@ -20,7 +20,6 @@
using System;
using System.Collections.Generic;
using dot10.DotNet;
-using Mono.MyStuff;
using de4dot.blocks;
using de4dot.PE;
@@ -194,7 +193,7 @@ namespace de4dot.code.deobfuscators.CodeWall {
return asmInfo.data;
}
- public override IDeobfuscator moduleReloaded(ModuleDefinition module) {
+ public override IDeobfuscator moduleReloaded(ModuleDefMD module) {
var newOne = new Deobfuscator(options);
newOne.setModule(module);
newOne.methodsDecrypter = new MethodsDecrypter(module);
@@ -209,7 +208,6 @@ namespace de4dot.code.deobfuscators.CodeWall {
public override void deobfuscateBegin() {
base.deobfuscateBegin();
- addAssemblyReferenceToBeRemoved(methodsDecrypter.AssemblyNameReference, "Obfuscator decrypter DLL reference");
initializeStringDecrypter();
initializeAssemblyDecrypter();
diff --git a/de4dot.code/deobfuscators/CodeWall/MethodsDecrypter.cs b/de4dot.code/deobfuscators/CodeWall/MethodsDecrypter.cs
index c1507ba4..d979cb1d 100644
--- a/de4dot.code/deobfuscators/CodeWall/MethodsDecrypter.cs
+++ b/de4dot.code/deobfuscators/CodeWall/MethodsDecrypter.cs
@@ -20,7 +20,6 @@
using System;
using dot10.DotNet;
using dot10.DotNet.Emit;
-using Mono.MyStuff;
using de4dot.PE;
using de4dot.blocks;
@@ -29,18 +28,14 @@ namespace de4dot.code.deobfuscators.CodeWall {
static readonly byte[] newCodeHeader = new byte[6] { 0x2B, 4, 0, 0, 0, 0 };
static readonly byte[] decryptKey = new byte[10] { 0x8D, 0xB5, 0x2C, 0x3A, 0x1F, 0xC7, 0x31, 0xC3, 0xCD, 0x47 };
- ModuleDefinition module;
- MethodReference initMethod;
+ ModuleDefMD module;
+ IMethod initMethod;
public bool Detected {
get { return initMethod != null; }
}
- public AssemblyNameReference AssemblyNameReference {
- get { return initMethod == null ? null : (AssemblyNameReference)initMethod.DeclaringType.Scope; }
- }
-
- public MethodsDecrypter(ModuleDefinition module) {
+ public MethodsDecrypter(ModuleDefMD module) {
this.module = module;
}
@@ -58,7 +53,7 @@ namespace de4dot.code.deobfuscators.CodeWall {
foreach (var instr in method.Body.Instructions) {
if (instr.OpCode.Code != Code.Call)
continue;
- var calledMethod = instr.Operand as MethodReference;
+ var calledMethod = instr.Operand as IMethod;
if (calledMethod == null)
continue;
if (calledMethod.DeclaringType.Scope == module)
@@ -147,8 +142,8 @@ namespace de4dot.code.deobfuscators.CodeWall {
var instr = instrs[i];
if (instr.OpCode.Code != Code.Call)
continue;
- var calledMethod = instr.Operand as MethodReference;
- if (!MemberReferenceHelper.compareMethodReferenceAndDeclaringType(calledMethod, initMethod))
+ var calledMethod = instr.Operand as IMethod;
+ if (!MethodEqualityComparer.CompareDeclaringTypes.Equals(calledMethod, initMethod))
continue;
block.remove(i, 1);
i--;
diff --git a/de4dot.code/deobfuscators/CodeWall/StringDecrypter.cs b/de4dot.code/deobfuscators/CodeWall/StringDecrypter.cs
index ee0474b9..b2547ac3 100644
--- a/de4dot.code/deobfuscators/CodeWall/StringDecrypter.cs
+++ b/de4dot.code/deobfuscators/CodeWall/StringDecrypter.cs
@@ -21,13 +21,14 @@ using System;
using System.Collections.Generic;
using System.IO;
using System.Text;
+using dot10.IO;
using dot10.DotNet;
using dot10.DotNet.Emit;
using de4dot.blocks;
namespace de4dot.code.deobfuscators.CodeWall {
class StringDecrypter {
- ModuleDefinition module;
+ ModuleDefMD module;
MethodDefinitionAndDeclaringTypeDict stringEncrypterInfos = new MethodDefinitionAndDeclaringTypeDict();
Version version;
@@ -52,7 +53,7 @@ namespace de4dot.code.deobfuscators.CodeWall {
public int Magic1 { get; set; }
public int Magic2 { get; set; }
public int Magic3 { get; set; }
- public BinaryReader Reader { get; set; }
+ public IBinaryReader Reader { get; set; }
public StringEncrypterInfo(MethodDef method) {
this.method = method;
@@ -61,7 +62,7 @@ namespace de4dot.code.deobfuscators.CodeWall {
public string decrypt(int magic1, int magic2, int magic3) {
int dataLen = magic3 ^ Magic3;
var key = getKey(magic1 ^ Magic1, dataLen);
- Reader.BaseStream.Position = getDataOffset(magic2);
+ Reader.Position = getDataOffset(magic2);
var data = Reader.ReadBytes(dataLen);
for (int i = 0; i < dataLen; i++)
data[i] ^= key[i];
@@ -84,12 +85,10 @@ namespace de4dot.code.deobfuscators.CodeWall {
}
byte[] getPublicKeyToken() {
- var module = method.Module;
- if (module.Assembly == null || module.Assembly.Name.PublicKeyToken == null)
+ var module = method.OwnerModule;
+ if (module.Assembly == null || PublicKeyBase.IsNullOrEmpty2(module.Assembly.PublicKey))
return null;
- if (module.Assembly.Name.PublicKeyToken.Length != 8)
- return null;
- return module.Assembly.Name.PublicKeyToken;
+ return module.Assembly.PublicKeyToken.Data;
}
public override string ToString() {
@@ -118,7 +117,7 @@ namespace de4dot.code.deobfuscators.CodeWall {
}
}
- public StringDecrypter(ModuleDefinition module) {
+ public StringDecrypter(ModuleDefMD module) {
this.module = module;
}
@@ -255,7 +254,7 @@ namespace de4dot.code.deobfuscators.CodeWall {
info.Magic1 = findMagic1(info.Method);
info.Magic2 = findMagic2(info.Method);
info.Magic3 = findMagic3(info.Method);
- info.Reader = new BinaryReader(info.Resource.GetResourceStream());
+ info.Reader = info.Resource.Data;
}
}
@@ -267,14 +266,14 @@ namespace de4dot.code.deobfuscators.CodeWall {
var instrs = method.Body.Instructions;
for (int i = 0; i < instrs.Count - 2; i++) {
var ldarg = instrs[i];
- if (!DotNetUtils.isLdarg(ldarg) || DotNetUtils.getArgIndex(ldarg) != 0)
+ if (!ldarg.IsLdarg() || ldarg.GetParameterIndex() != 0)
continue;
var ldci4 = instrs[i + 1];
- if (!DotNetUtils.isLdcI4(ldci4))
+ if (!ldci4.IsLdcI4())
continue;
if (instrs[i + 2].OpCode.Code != Code.Xor)
continue;
- return DotNetUtils.getLdcI4Value(ldci4);
+ return ldci4.GetLdcI4Value();
}
throw new ApplicationException("Could not find magic1");
}
@@ -283,14 +282,14 @@ namespace de4dot.code.deobfuscators.CodeWall {
var instrs = method.Body.Instructions;
for (int i = 0; i < instrs.Count - 2; i++) {
var ldloc = instrs[i];
- if (!DotNetUtils.isLdloc(ldloc))
+ if (!ldloc.IsLdloc())
continue;
var ldci4 = instrs[i + 1];
- if (!DotNetUtils.isLdcI4(ldci4))
+ if (!ldci4.IsLdcI4())
continue;
if (instrs[i + 2].OpCode.Code != Code.Xor)
continue;
- return DotNetUtils.getLdcI4Value(ldci4);
+ return ldci4.GetLdcI4Value();
}
throw new ApplicationException("Could not find magic2");
}
@@ -299,14 +298,14 @@ namespace de4dot.code.deobfuscators.CodeWall {
var instrs = method.Body.Instructions;
for (int i = 0; i < instrs.Count - 2; i++) {
var ldarg = instrs[i];
- if (!DotNetUtils.isLdarg(ldarg) || DotNetUtils.getArgIndex(ldarg) != 2)
+ if (!ldarg.IsLdarg() || ldarg.GetParameterIndex() != 2)
continue;
var ldci4 = instrs[i + 1];
- if (!DotNetUtils.isLdcI4(ldci4))
+ if (!ldci4.IsLdcI4())
continue;
if (instrs[i + 2].OpCode.Code != Code.Xor)
continue;
- return DotNetUtils.getLdcI4Value(ldci4);
+ return ldci4.GetLdcI4Value();
}
throw new ApplicationException("Could not find magic3");
}
diff --git a/de4dot.cui/Program.cs b/de4dot.cui/Program.cs
index 0db4dc10..035caee1 100644
--- a/de4dot.cui/Program.cs
+++ b/de4dot.cui/Program.cs
@@ -41,8 +41,8 @@ namespace de4dot.cui {
new de4dot.code.deobfuscators.Babel_NET.DeobfuscatorInfo(),
new de4dot.code.deobfuscators.CodeFort.DeobfuscatorInfo(),
new de4dot.code.deobfuscators.CodeVeil.DeobfuscatorInfo(),
-#if PORT
new de4dot.code.deobfuscators.CodeWall.DeobfuscatorInfo(),
+#if PORT
new de4dot.code.deobfuscators.CryptoObfuscator.DeobfuscatorInfo(),
new de4dot.code.deobfuscators.DeepSea.DeobfuscatorInfo(),
#endif