monocul.us/de4dot-cex
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
ec8139f640
de4dot-cex/de4dot.mdecrypt/NativeCodeGenerator.cs
de4dot c5d9cc47ba Add code to decrypt methods dynamically. 
This is not a generic methods decrypter that can decrypt any obfuscator's
encrypted methods. If it hooks compileMethod(), this code probably can
decrypt the methods. If not, a little rewriting should fix that.
2012-04-10 16:17:45 +02:00

94 lines
2.3 KiB
C#
Raw Blame History

/*
Copyright (C) 2011-2012 de4dot@gmail.com
This file is part of de4dot.
de4dot is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
de4dot is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with de4dot. If not, see <http://www.gnu.org/licenses/>.
*/
using System;
using System.Collections.Generic;
using System.IO;
namespace de4dot.mdecrypt {
class NativeCodeGenerator {
MemoryStream memStream;
BinaryWriter writer;
Dictionary<int, IntPtr> offsetToBranchAddr = new Dictionary<int, IntPtr>();
public int Size {
get { return (int)memStream.Length; }
}
public NativeCodeGenerator() {
memStream = new MemoryStream(0x200);
writer = new BinaryWriter(memStream);
}
public void writeByte(byte b) {
writer.Write(b);
}
public void writeBytes(byte b1, byte b2) {
writeByte(b1);
writeByte(b2);
}
public void writeBytes(byte b, ushort us) {
writeByte(b);
writeWord(us);
}
public void writeWord(ushort w) {
writer.Write(w);
}
public void writeDword(uint d) {
writer.Write(d);
}
public void writeBytes(byte[] bytes) {
writer.Write(bytes);
}
public void writeCall(IntPtr addr) {
writeByte(0xE8);
writeBranchAddr(addr);
}
public void writeBranchAddr(IntPtr addr) {
offsetToBranchAddr.Add((int)memStream.Position, addr);
writer.Write(0);
}
public byte[] getCode(IntPtr addr) {
fixOffsets(addr);
memStream.Position = memStream.Length;
return memStream.ToArray();
}
unsafe void fixOffsets(IntPtr destAddr) {
foreach (var kv in offsetToBranchAddr) {
memStream.Position = kv.Key;
// kv.Value (func/label) = destAddr + kv.Key + 4 + displ
var displ = (ulong)((byte*)kv.Value - (byte*)destAddr - kv.Key - 4);
uint high = (uint)(displ >> 32);
if (high != 0 && high != 0xFFFFFFFF)
throw new ApplicationException("Invalid displ");
writer.Write((uint)displ);
}
}
}
}
Reference in New Issue View Git Blame Copy Permalink