monocul.us/de4dot-cex
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

If instance explicit, 'this' is 1st param

Browse Source
This commit is contained in:
de4dot 2012-01-20 19:30:40 +01:00
parent 664f0f8cf1
commit f3f8975f01
7 changed files with 22 additions and 21 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
AssemblyData/methodsrewriter/MethodsRewriter.cs
View File

@ -330,9 +330,9 @@ namespace AssemblyData.methodsrewriter {
}
static List<TypeReference> getParameters(MethodDefinition method) {
int count = method.Parameters.Count + (method.HasThis ? 1 : 0);
int count = method.Parameters.Count + (method.HasImplicitThis ? 1 : 0);
var list = new List<TypeReference>(count);
if (method.HasThis)
if (method.HasImplicitThis)
list.Add(method.DeclaringType);
foreach (var argType in method.Parameters)
list.Add(argType.ParameterType);

15
blocks/DotNetUtils.cs
View File

@ -674,12 +674,13 @@ namespace de4dot.blocks {
pops = 0;
var method = (IMethodSignature)instr.Operand;
bool implicitThis = method.HasThis && !method.ExplicitThis;
if (hasReturnValue(method) || (instr.OpCode.Code == Code.Newobj && method.HasThis))
pushes++;
if (method.HasParameters)
pops += method.Parameters.Count;
if (method.HasThis && instr.OpCode.Code != Code.Newobj)
if (implicitThis && instr.OpCode.Code != Code.Newobj)
pops++;
}
@ -824,20 +825,20 @@ namespace de4dot.blocks {
}
public static int getArgIndex(MethodReference method, ParameterDefinition arg) {
return getArgIndex(method.HasThis, arg);
return getArgIndex(method.HasImplicitThis, arg);
}
public static int getArgIndex(bool hasThis, ParameterDefinition arg) {
public static int getArgIndex(bool implicitThis, ParameterDefinition arg) {
if (arg == null)
return -1;
if (hasThis)
if (implicitThis)
return arg.Index + 1;
return arg.Index;
}
public static List<ParameterDefinition> getParameters(MethodReference method) {
var args = new List<ParameterDefinition>(method.Parameters.Count + 1);
if (method.HasThis)
if (method.HasImplicitThis)
args.Add(new ParameterDefinition(method.DeclaringType));
foreach (var arg in method.Parameters)
args.Add(arg);
@ -864,7 +865,7 @@ namespace de4dot.blocks {
public static List<TypeReference> getArgs(MethodReference method) {
var args = new List<TypeReference>(method.Parameters.Count + 1);
if (method.HasThis)
if (method.HasImplicitThis)
args.Add(method.DeclaringType);
foreach (var arg in method.Parameters)
args.Add(arg.ParameterType);
@ -887,7 +888,7 @@ namespace de4dot.blocks {
public static int getArgsCount(MethodReference method) {
int count = method.Parameters.Count;
if (method.HasThis)
if (method.HasImplicitThis)
count++;
return count;
}

2
blocks/cflow/BlockCflowDeobfuscator.cs
View File

@ -30,7 +30,7 @@ namespace de4dot.blocks.cflow {
public void init(Blocks blocks, Block block) {
this.blocks = blocks;
this.block = block;
instructionEmulator.init(blocks.Method.HasThis, false, blocks.Method.Parameters, blocks.Locals);
instructionEmulator.init(blocks.Method.HasImplicitThis, false, blocks.Method.Parameters, blocks.Locals);
}
// Returns true if code was updated, false otherwise

2
blocks/cflow/ConstantsFolder.cs
View File

@ -39,7 +39,7 @@ namespace de4dot.blocks.cflow {
public bool deobfuscate() {
bool changed = false;
foreach (var block in allBlocks) {
instructionEmulator.init(blocks.Method.HasThis, false, blocks.Method.Parameters, blocks.Locals);
instructionEmulator.init(blocks.Method.HasImplicitThis, false, blocks.Method.Parameters, blocks.Locals);
var instrs = block.Instructions;
for (int i = 0; i < instrs.Count; i++) {
var instr = instrs[i];

8
blocks/cflow/InstructionEmulator.cs
View File

@ -34,18 +34,18 @@ namespace de4dot.blocks.cflow {
public InstructionEmulator() {
}
public InstructionEmulator(bool hasThis, bool initLocals, IList<ParameterDefinition> parameterDefinitions, IList<VariableDefinition> variableDefinitions) {
init(hasThis, initLocals, parameterDefinitions, variableDefinitions);
public InstructionEmulator(bool implicitThis, bool initLocals, IList<ParameterDefinition> parameterDefinitions, IList<VariableDefinition> variableDefinitions) {
init(implicitThis, initLocals, parameterDefinitions, variableDefinitions);
}
public void init(bool hasThis, bool initLocals, IList<ParameterDefinition> parameterDefinitions, IList<VariableDefinition> variableDefinitions) {
public void init(bool implicitThis, bool initLocals, IList<ParameterDefinition> parameterDefinitions, IList<VariableDefinition> variableDefinitions) {
this.parameterDefinitions = parameterDefinitions;
this.variableDefinitions = variableDefinitions;
valueStack.init();
args.Clear();
argBase = 0;
if (hasThis) {
if (implicitThis) {
argBase = 1;
args.Add(new UnknownValue());
}

10
blocks/cflow/SwitchCflowDeobfuscator.cs
View File

@ -125,7 +125,7 @@ namespace de4dot.blocks.cflow {
foreach (var source in new List<Block>(block.Sources)) {
if (!isBranchBlock(source))
continue;
instructionEmulator.init(blocks.Method.HasThis, false, blocks.Method.Parameters, blocks.Locals);
instructionEmulator.init(blocks.Method.HasImplicitThis, false, blocks.Method.Parameters, blocks.Locals);
instructionEmulator.emulate(source.Instructions);
var target = getSwitchTarget(switchTargets, switchFallThrough, source, instructionEmulator.pop());
@ -151,7 +151,7 @@ namespace de4dot.blocks.cflow {
foreach (var source in new List<Block>(block.Sources)) {
if (!isBranchBlock(source))
continue;
instructionEmulator.init(blocks.Method.HasThis, false, blocks.Method.Parameters, blocks.Locals);
instructionEmulator.init(blocks.Method.HasImplicitThis, false, blocks.Method.Parameters, blocks.Locals);
instructionEmulator.emulate(source.Instructions);
var target = getSwitchTarget(switchTargets, switchFallThrough, source, instructionEmulator.getLocal(switchVariable));
@ -174,7 +174,7 @@ namespace de4dot.blocks.cflow {
foreach (var source in new List<Block>(block.Sources)) {
if (!isBranchBlock(source))
continue;
instructionEmulator.init(blocks.Method.HasThis, false, blocks.Method.Parameters, blocks.Locals);
instructionEmulator.init(blocks.Method.HasImplicitThis, false, blocks.Method.Parameters, blocks.Locals);
instructionEmulator.emulate(source.Instructions);
var target = getSwitchTarget(switchTargets, switchFallThrough, source, instructionEmulator.pop());
@ -245,7 +245,7 @@ namespace de4dot.blocks.cflow {
}
bool emulateGetTarget(Block switchBlock, out Block target) {
instructionEmulator.init(blocks.Method.HasThis, false, blocks.Method.Parameters, blocks.Locals);
instructionEmulator.init(blocks.Method.HasImplicitThis, false, blocks.Method.Parameters, blocks.Locals);
try {
instructionEmulator.emulate(switchBlock.Instructions, 0, switchBlock.Instructions.Count - 1);
}
@ -259,7 +259,7 @@ namespace de4dot.blocks.cflow {
}
bool willHaveKnownTarget(Block switchBlock, Block source) {
instructionEmulator.init(blocks.Method.HasThis, false, blocks.Method.Parameters, blocks.Locals);
instructionEmulator.init(blocks.Method.HasImplicitThis, false, blocks.Method.Parameters, blocks.Locals);
try {
instructionEmulator.emulate(source.Instructions);
instructionEmulator.emulate(switchBlock.Instructions, 0, switchBlock.Instructions.Count - 1);

2
de4dot.code/deobfuscators/ArrayFinder.cs
View File

@ -113,7 +113,7 @@ namespace de4dot.code.deobfuscators {
public static Value[] getInitializedArray(int arraySize, MethodDefinition method, ref int newarrIndex, Code stelemOpCode) {
var resultValueArray = new Value[arraySize];
var emulator = new InstructionEmulator(method.HasThis, false, method.Parameters, method.Body.Variables);
var emulator = new InstructionEmulator(method.HasImplicitThis, false, method.Parameters, method.Body.Variables);
var theArray = new UnknownValue();
emulator.push(theArray);