Merge branch 'master' into confuser
This commit is contained in:
commit
f571a7ec22
|
@ -220,7 +220,7 @@ namespace de4dot.blocks.cflow {
|
|||
return emulateBranch(1, Int64Value.compareFalse((Int64Value)val1));
|
||||
else if (val1.isNull())
|
||||
return emulateBranch(1, true);
|
||||
else if (val1.isObject() || val1.isString() || val1.isBoxed())
|
||||
else if (val1.isObject() || val1.isString())
|
||||
return emulateBranch(1, false);
|
||||
else
|
||||
return false;
|
||||
|
@ -235,7 +235,7 @@ namespace de4dot.blocks.cflow {
|
|||
return emulateBranch(1, Int64Value.compareTrue((Int64Value)val1));
|
||||
else if (val1.isNull())
|
||||
return emulateBranch(1, false);
|
||||
else if (val1.isObject() || val1.isString() || val1.isBoxed())
|
||||
else if (val1.isObject() || val1.isString())
|
||||
return emulateBranch(1, true);
|
||||
else
|
||||
return false;
|
||||
|
|
|
@ -248,7 +248,6 @@ namespace de4dot.code {
|
|||
if (this.deob != null) {
|
||||
deob.init(module);
|
||||
deob.DeobfuscatedFile = this;
|
||||
deob.earlyDetect();
|
||||
deob.detect();
|
||||
return;
|
||||
}
|
||||
|
@ -261,35 +260,14 @@ namespace de4dot.code {
|
|||
if (options.ForcedObfuscatorType != null) {
|
||||
foreach (var deob in deobfuscators) {
|
||||
if (string.Equals(options.ForcedObfuscatorType, deob.Type, StringComparison.OrdinalIgnoreCase)) {
|
||||
deob.earlyDetect();
|
||||
this.deob = deob;
|
||||
deob.detect();
|
||||
return;
|
||||
}
|
||||
}
|
||||
}
|
||||
else {
|
||||
this.deob = earlyDetectObfuscator(deobfuscators);
|
||||
if (this.deob == null)
|
||||
this.deob = detectObfuscator2(deobfuscators);
|
||||
else
|
||||
this.deob.detect();
|
||||
}
|
||||
}
|
||||
|
||||
IDeobfuscator earlyDetectObfuscator(IEnumerable<IDeobfuscator> deobfuscators) {
|
||||
IDeobfuscator detected = null;
|
||||
int detectVal = 0;
|
||||
foreach (var deob in deobfuscators) {
|
||||
int val = deob.earlyDetect();
|
||||
if (val > 0)
|
||||
Log.v("{0,3}: {1}", val, deob.TypeLong);
|
||||
if (val > detectVal) {
|
||||
detectVal = val;
|
||||
detected = deob;
|
||||
}
|
||||
}
|
||||
return detected;
|
||||
this.deob = detectObfuscator2(deobfuscators);
|
||||
}
|
||||
|
||||
IDeobfuscator detectObfuscator2(IEnumerable<IDeobfuscator> deobfuscators) {
|
||||
|
|
|
@ -127,10 +127,6 @@ namespace de4dot.code.deobfuscators {
|
|||
return optionsBase.ValidNameRegex.isMatch(name);
|
||||
}
|
||||
|
||||
public virtual int earlyDetect() {
|
||||
return 0;
|
||||
}
|
||||
|
||||
public virtual int detect() {
|
||||
scanForObfuscator();
|
||||
return detectInternal();
|
||||
|
|
|
@ -72,11 +72,6 @@ namespace de4dot.code.deobfuscators {
|
|||
|
||||
void init(ModuleDefinition module);
|
||||
|
||||
// Same as detect() but may be used by deobfuscators to detect obfuscator that decrypt
|
||||
// metadata at runtime. Code in detect() assume they can access everything. 0 should be
|
||||
// returned if not detected.
|
||||
int earlyDetect();
|
||||
|
||||
// Returns 0 if it's not detected, or > 0 if detected (higher value => more likely true).
|
||||
// This method is always called.
|
||||
int detect();
|
||||
|
|
|
@ -86,6 +86,8 @@ namespace de4dot.code.deobfuscators.Unknown {
|
|||
|
||||
string scanTypes() {
|
||||
foreach (var type in module.Types) {
|
||||
if (type.FullName == "ConfusedByAttribute")
|
||||
return "Confuser";
|
||||
if (type.FullName == "ZYXDNGuarder")
|
||||
return "DNGuard HVM";
|
||||
if (type.Name.Contains("();\t"))
|
||||
|
|
Loading…
Reference in New Issue
Block a user