From fa4e1fcc6b5d6b01f5a716dab211d52d166ed4fa Mon Sep 17 00:00:00 2001 From: de4dot Date: Fri, 7 Dec 2012 15:06:38 +0100 Subject: [PATCH] Add RenamerFlags --- de4dot.code/ObfuscatedFile.cs | 2 + de4dot.code/deobfuscators/Operations.cs | 3 + de4dot.code/renamer/Renamer.cs | 174 ++++++++++++++++++++---- de4dot.cui/CommandLineParser.cs | 25 ++-- de4dot.cui/FilesDeobfuscator.cs | 51 +++---- 5 files changed, 183 insertions(+), 72 deletions(-) diff --git a/de4dot.code/ObfuscatedFile.cs b/de4dot.code/ObfuscatedFile.cs index 26e3646f..d8833226 100644 --- a/de4dot.code/ObfuscatedFile.cs +++ b/de4dot.code/ObfuscatedFile.cs @@ -90,6 +90,7 @@ namespace de4dot.code { public bool KeepObfuscatorTypes { get; set; } public bool PreserveTokens { get; set; } public MetaDataFlags MetaDataFlags { get; set; } + public RenamerFlags RenamerFlags { get; set; } public Options() { StringDecrypterType = DecrypterType.Default; @@ -254,6 +255,7 @@ namespace de4dot.code { op.KeepObfuscatorTypes = options.KeepObfuscatorTypes; op.MetaDataFlags = options.MetaDataFlags; + op.RenamerFlags = options.RenamerFlags; return op; } diff --git a/de4dot.code/deobfuscators/Operations.cs b/de4dot.code/deobfuscators/Operations.cs index d374f37c..0240916d 100644 --- a/de4dot.code/deobfuscators/Operations.cs +++ b/de4dot.code/deobfuscators/Operations.cs @@ -18,6 +18,7 @@ */ using dot10.DotNet.Writer; +using de4dot.code.renamer; namespace de4dot.code.deobfuscators { public enum OpDecryptString { @@ -29,12 +30,14 @@ namespace de4dot.code.deobfuscators { public interface IOperations { bool KeepObfuscatorTypes { get; } MetaDataFlags MetaDataFlags { get; } + RenamerFlags RenamerFlags { get; } OpDecryptString DecryptStrings { get; } } class Operations : IOperations { public bool KeepObfuscatorTypes { get; set; } public MetaDataFlags MetaDataFlags { get; set; } + public RenamerFlags RenamerFlags { get; set; } public OpDecryptString DecryptStrings { get; set; } } } diff --git a/de4dot.code/renamer/Renamer.cs b/de4dot.code/renamer/Renamer.cs index 3884d4fc..7908daa3 100644 --- a/de4dot.code/renamer/Renamer.cs +++ b/de4dot.code/renamer/Renamer.cs @@ -26,21 +26,152 @@ using de4dot.code.renamer.asmmodules; using de4dot.blocks; namespace de4dot.code.renamer { + [Flags] + public enum RenamerFlags { + RenameNamespaces = 1, + RenameTypes = 2, + RenameProperties = 4, + RenameEvents = 8, + RenameFields = 0x10, + RenameMethods = 0x20, + RenameMethodArgs = 0x40, + RenameGenericParams = 0x80, + RestoreProperties = 0x100, + RestorePropertiesFromNames = 0x200, + RestoreEvents = 0x400, + RestoreEventsFromNames = 0x800, + DontCreateNewParamDefs = 0x1000, + DontRenameDelegateFields = 0x2000, + } + public class Renamer { - public bool RenameNamespaces { get; set; } - public bool RenameTypes { get; set; } - public bool RenameProperties { get; set; } - public bool RenameEvents { get; set; } - public bool RenameFields { get; set; } - public bool RenameMethods { get; set; } - public bool RenameMethodArgs { get; set; } - public bool RenameGenericParams { get; set; } - public bool RestoreProperties { get; set; } - public bool RestorePropertiesFromNames { get; set; } - public bool RestoreEvents { get; set; } - public bool RestoreEventsFromNames { get; set; } - public bool DontCreateNewParamDefs { get; set; } - public bool DontRenameDelegateFields { get; set; } + public RenamerFlags RenamerFlags { get; set; } + public bool RenameNamespaces { + get { return (RenamerFlags & RenamerFlags.RenameNamespaces) != 0; } + set { + if (value) + RenamerFlags |= RenamerFlags.RenameNamespaces; + else + RenamerFlags &= ~RenamerFlags.RenameNamespaces; + } + } + public bool RenameTypes { + get { return (RenamerFlags & RenamerFlags.RenameTypes) != 0; } + set { + if (value) + RenamerFlags |= RenamerFlags.RenameTypes; + else + RenamerFlags &= ~RenamerFlags.RenameTypes; + } + } + public bool RenameProperties { + get { return (RenamerFlags & RenamerFlags.RenameProperties) != 0; } + set { + if (value) + RenamerFlags |= RenamerFlags.RenameProperties; + else + RenamerFlags &= ~RenamerFlags.RenameProperties; + } + } + public bool RenameEvents { + get { return (RenamerFlags & RenamerFlags.RenameEvents) != 0; } + set { + if (value) + RenamerFlags |= RenamerFlags.RenameEvents; + else + RenamerFlags &= ~RenamerFlags.RenameEvents; + } + } + public bool RenameFields { + get { return (RenamerFlags & RenamerFlags.RenameFields) != 0; } + set { + if (value) + RenamerFlags |= RenamerFlags.RenameFields; + else + RenamerFlags &= ~RenamerFlags.RenameFields; + } + } + public bool RenameMethods { + get { return (RenamerFlags & RenamerFlags.RenameMethods) != 0; } + set { + if (value) + RenamerFlags |= RenamerFlags.RenameMethods; + else + RenamerFlags &= ~RenamerFlags.RenameMethods; + } + } + public bool RenameMethodArgs { + get { return (RenamerFlags & RenamerFlags.RenameMethodArgs) != 0; } + set { + if (value) + RenamerFlags |= RenamerFlags.RenameMethodArgs; + else + RenamerFlags &= ~RenamerFlags.RenameMethodArgs; + } + } + public bool RenameGenericParams { + get { return (RenamerFlags & RenamerFlags.RenameGenericParams) != 0; } + set { + if (value) + RenamerFlags |= RenamerFlags.RenameGenericParams; + else + RenamerFlags &= ~RenamerFlags.RenameGenericParams; + } + } + public bool RestoreProperties { + get { return (RenamerFlags & RenamerFlags.RestoreProperties) != 0; } + set { + if (value) + RenamerFlags |= RenamerFlags.RestoreProperties; + else + RenamerFlags &= ~RenamerFlags.RestoreProperties; + } + } + public bool RestorePropertiesFromNames { + get { return (RenamerFlags & RenamerFlags.RestorePropertiesFromNames) != 0; } + set { + if (value) + RenamerFlags |= RenamerFlags.RestorePropertiesFromNames; + else + RenamerFlags &= ~RenamerFlags.RestorePropertiesFromNames; + } + } + public bool RestoreEvents { + get { return (RenamerFlags & RenamerFlags.RestoreEvents) != 0; } + set { + if (value) + RenamerFlags |= RenamerFlags.RestoreEvents; + else + RenamerFlags &= ~RenamerFlags.RestoreEvents; + } + } + public bool RestoreEventsFromNames { + get { return (RenamerFlags & RenamerFlags.RestoreEventsFromNames) != 0; } + set { + if (value) + RenamerFlags |= RenamerFlags.RestoreEventsFromNames; + else + RenamerFlags &= ~RenamerFlags.RestoreEventsFromNames; + } + } + public bool DontCreateNewParamDefs { + get { return (RenamerFlags & RenamerFlags.DontCreateNewParamDefs) != 0; } + set { + if (value) + RenamerFlags |= RenamerFlags.DontCreateNewParamDefs; + else + RenamerFlags &= ~RenamerFlags.DontCreateNewParamDefs; + } + } + public bool DontRenameDelegateFields { + get { return (RenamerFlags & RenamerFlags.DontRenameDelegateFields) != 0; } + set { + if (value) + RenamerFlags |= RenamerFlags.DontRenameDelegateFields; + else + RenamerFlags &= ~RenamerFlags.DontRenameDelegateFields; + } + } Modules modules; MemberInfos memberInfos = new MemberInfos(); @@ -53,19 +184,8 @@ namespace de4dot.code.renamer { "System.MulticastDelegate", }; - public Renamer(IDeobfuscatorContext deobfuscatorContext, IEnumerable files) { - RenameNamespaces = true; - RenameTypes = true; - RenameProperties = true; - RenameEvents = true; - RenameFields = true; - RenameMethods = true; - RenameMethodArgs = true; - RenameGenericParams = true; - RestoreProperties = true; - RestorePropertiesFromNames = true; - RestoreEvents = true; - RestoreEventsFromNames = true; + public Renamer(IDeobfuscatorContext deobfuscatorContext, IEnumerable files, RenamerFlags flags) { + RenamerFlags = flags; modules = new Modules(deobfuscatorContext); isDelegateClass = new DerivedFrom(delegateClasses); diff --git a/de4dot.cui/CommandLineParser.cs b/de4dot.cui/CommandLineParser.cs index 8c874b0e..05105f3c 100644 --- a/de4dot.cui/CommandLineParser.cs +++ b/de4dot.cui/CommandLineParser.cs @@ -25,6 +25,7 @@ using dot10.DotNet.Writer; using de4dot.code; using de4dot.code.deobfuscators; using de4dot.code.AssemblyClient; +using de4dot.code.renamer; namespace de4dot.cui { class CommandLineParser { @@ -120,28 +121,29 @@ namespace de4dot.cui { })); miscOptions.Add(new NoArgOption(null, "dont-rename", "Don't rename classes, methods, etc.", () => { filesOptions.RenameSymbols = false; + filesOptions.RenamerFlags = 0; })); miscOptions.Add(new OneArgOption(null, "keep-names", "Don't rename n(amespaces), t(ypes), p(rops), e(vents), f(ields), m(ethods), a(rgs), g(enericparams), d(elegate fields). Can be combined, eg. efm", "flags", (val) => { foreach (var c in val) { switch (c) { - case 'n': filesOptions.RenameNamespaces = false; break; - case 't': filesOptions.RenameTypes = false; break; - case 'p': filesOptions.RenameProperties = false; break; - case 'e': filesOptions.RenameEvents = false; break; - case 'f': filesOptions.RenameFields = false; break; - case 'm': filesOptions.RenameMethods = false; break; - case 'a': filesOptions.RenameMethodArgs = false; break; - case 'g': filesOptions.RenameGenericParams = false; break; - case 'd': filesOptions.DontRenameDelegateFields = true; break; + case 'n': filesOptions.RenamerFlags &= ~RenamerFlags.RenameNamespaces; break; + case 't': filesOptions.RenamerFlags &= ~RenamerFlags.RenameTypes; break; + case 'p': filesOptions.RenamerFlags &= ~RenamerFlags.RenameProperties; break; + case 'e': filesOptions.RenamerFlags &= ~RenamerFlags.RenameEvents; break; + case 'f': filesOptions.RenamerFlags &= ~RenamerFlags.RenameFields; break; + case 'm': filesOptions.RenamerFlags &= ~RenamerFlags.RenameMethods; break; + case 'a': filesOptions.RenamerFlags &= ~RenamerFlags.RenameMethodArgs; break; + case 'g': filesOptions.RenamerFlags &= ~RenamerFlags.RenameGenericParams; break; + case 'd': filesOptions.RenamerFlags |= RenamerFlags.DontRenameDelegateFields; break; default: throw new UserException(string.Format("Unrecognized --keep-names char: '{0}'", c)); } } })); miscOptions.Add(new NoArgOption(null, "dont-create-params", "Don't create method params when renaming", () => { - filesOptions.DontCreateNewParamDefs = true; + filesOptions.RenamerFlags |= RenamerFlags.DontCreateNewParamDefs; })); miscOptions.Add(new NoArgOption(null, "dont-restore-props", "Don't restore properties/events", () => { - filesOptions.RestorePropsEvents = false; + filesOptions.RenamerFlags &= ~(RenamerFlags.RestorePropertiesFromNames | RenamerFlags.RestoreEventsFromNames); })); miscOptions.Add(new OneArgOption(null, "default-strtyp", "Default string decrypter type", "type", (val) => { object decrypterType; @@ -223,6 +225,7 @@ namespace de4dot.cui { ControlFlowDeobfuscation = filesOptions.ControlFlowDeobfuscation, KeepObfuscatorTypes = filesOptions.KeepObfuscatorTypes, MetaDataFlags = filesOptions.MetaDataFlags, + RenamerFlags = filesOptions.RenamerFlags, }; if (defaultStringDecrypterType != null) newFileOptions.StringDecrypterType = defaultStringDecrypterType.Value; diff --git a/de4dot.cui/FilesDeobfuscator.cs b/de4dot.cui/FilesDeobfuscator.cs index 0ffc28e9..a0e3c08e 100644 --- a/de4dot.cui/FilesDeobfuscator.cs +++ b/de4dot.cui/FilesDeobfuscator.cs @@ -40,18 +40,8 @@ namespace de4dot.cui { public IList SearchDirs { get; set; } public MetaDataFlags MetaDataFlags { get; set; } public bool DetectObfuscators { get; set; } - public bool DontCreateNewParamDefs { get; set; } - public bool RenameNamespaces { get; set; } - public bool RenameTypes { get; set; } - public bool RenameProperties { get; set; } - public bool RenameEvents { get; set; } - public bool RenameFields { get; set; } - public bool RenameMethods { get; set; } - public bool RenameMethodArgs { get; set; } - public bool RenameGenericParams { get; set; } - public bool DontRenameDelegateFields { get; set; } + public RenamerFlags RenamerFlags { get; set; } public bool RenameSymbols { get; set; } - public bool RestorePropsEvents { get; set; } public bool ControlFlowDeobfuscation { get; set; } public bool KeepObfuscatorTypes { get; set; } public bool OneFileAtATime { get; set; } @@ -65,16 +55,19 @@ namespace de4dot.cui { Files = new List(); SearchDirs = new List(); DefaultStringDecrypterMethods = new List(); - RenameNamespaces = true; - RenameTypes = true; - RenameProperties = true; - RenameEvents = true; - RenameFields = true; - RenameMethods = true; - RenameMethodArgs = true; - RenameGenericParams = true; + RenamerFlags = RenamerFlags.RenameNamespaces | + RenamerFlags.RenameTypes | + RenamerFlags.RenameProperties | + RenamerFlags.RenameEvents | + RenamerFlags.RenameFields | + RenamerFlags.RenameMethods | + RenamerFlags.RenameMethodArgs | + RenamerFlags.RenameGenericParams | + RenamerFlags.RestorePropertiesFromNames | + RenamerFlags.RestoreEventsFromNames | + RenamerFlags.RestoreProperties | + RenamerFlags.RestoreEvents; RenameSymbols = true; - RestorePropsEvents = true; ControlFlowDeobfuscation = true; } } @@ -167,6 +160,7 @@ namespace de4dot.cui { ControlFlowDeobfuscation = options.ControlFlowDeobfuscation, KeepObfuscatorTypes = options.KeepObfuscatorTypes, MetaDataFlags = options.MetaDataFlags, + RenamerFlags = options.RenamerFlags, CreateDestinationDir = !onlyScan, }); @@ -191,6 +185,7 @@ namespace de4dot.cui { public bool ControlFlowDeobfuscation { get; set; } public bool KeepObfuscatorTypes { get; set; } public MetaDataFlags MetaDataFlags { get; set; } + public RenamerFlags RenamerFlags { get; set; } public bool CreateDestinationDir { get; set; } } @@ -318,6 +313,7 @@ namespace de4dot.cui { ControlFlowDeobfuscation = options.ControlFlowDeobfuscation, KeepObfuscatorTypes = options.KeepObfuscatorTypes, MetaDataFlags = options.MetaDataFlags, + RenamerFlags = options.RenamerFlags, }; if (options.DefaultStringDecrypterType != null) fileOptions.StringDecrypterType = options.DefaultStringDecrypterType.Value; @@ -391,20 +387,7 @@ namespace de4dot.cui { void rename(IEnumerable theFiles) { if (!options.RenameSymbols) return; - var renamer = new Renamer(deobfuscatorContext, theFiles) { - DontCreateNewParamDefs = options.DontCreateNewParamDefs, - RenameNamespaces = options.RenameNamespaces, - RenameTypes = options.RenameTypes, - RenameProperties = options.RenameProperties, - RenameEvents = options.RenameEvents, - RenameFields = options.RenameFields, - RenameMethods = options.RenameMethods, - RenameMethodArgs = options.RenameMethodArgs, - RenameGenericParams = options.RenameGenericParams, - DontRenameDelegateFields = options.DontRenameDelegateFields, - RestorePropertiesFromNames = options.RestorePropsEvents, - RestoreEventsFromNames = options.RestorePropsEvents, - }; + var renamer = new Renamer(deobfuscatorContext, theFiles, options.RenamerFlags); renamer.rename(); } }