Merge pull request de4dot#156 from destnity2018/master

update cflow cleaner of 4.33 pro
fatiheker · May 22, 2018 · 0b1a0a2 · 0b1a0a2
2 parents 3b5b98b + ae070d9
commit 0b1a0a2
Showing 1 changed file with 39 additions and 15 deletions.
diff --git a/de4dot.code/deobfuscators/Dotfuscator/CflowDecrypter.cs b/de4dot.code/deobfuscators/Dotfuscator/CflowDecrypter.cs
@@ -17,6 +17,7 @@ You should have received a copy of the GNU General Public License
     along with de4dot.  If not, see <http://www.gnu.org/licenses/>.
 */
 
+using System.Collections.Generic;
 using dnlib.DotNet;
 using dnlib.DotNet.Emit;
 
@@ -30,7 +31,7 @@ public void CflowClean() {
 			foreach (var type in module.GetTypes()) {
 				if (!type.HasMethods)
 					continue;
-				foreach(var method in type.Methods ) {
+				foreach (var method in type.Methods) {
 					CleanMethod(method);
 				}
 			}
@@ -45,24 +46,47 @@ public void CleanMethod(MethodDef method) {
 				return;
 			if (method.Body.Variables.Count == 0)
 				return;
-			var ins = method.Body.Instructions;
-			for (int i = 3; i < ins.Count; i++) {
-				if (ins[i].OpCode.Code != Code.Ldind_I4)
-					continue;
-				if (!ins[i - 1].IsLdloc() && ins[i - 1].OpCode.Code != Code.Ldloca && ins[i - 1].OpCode.Code != Code.Ldloca_S)
+			var instructions = method.Body.Instructions;
+			GetFixIndexs(instructions, out var nopIdxs, out var ldlocIdxs);
+			if (nopIdxs.Count > 0) {
+				foreach (var idx in nopIdxs) {
+					method.Body.Instructions[idx].OpCode = OpCodes.Nop;
+					method.Body.Instructions[idx].Operand = null;
+				}
+			}
+			if (ldlocIdxs.Count > 0) {
+				foreach (var idx in ldlocIdxs) {
+					method.Body.Instructions[idx].OpCode = OpCodes.Ldloc;
+				}
+			}
+		}
+
+		public void GetFixIndexs(IList<Instruction> instructions, out List<int> nopIdxs, out List<int> ldlocIdxs) {
+			var insNoNops = new List<Instruction>();
+			foreach (var ins in instructions) {
+				if (ins.OpCode != OpCodes.Nop)
+					insNoNops.Add(ins);
+			}
+			nopIdxs = new List<int>();
+			ldlocIdxs = new List<int>();
+			for (int i = 3; i < insNoNops.Count - 1; i++) {
+				var ldind = insNoNops[i];
+				if (ldind.OpCode != OpCodes.Ldind_I4 && ldind.OpCode != OpCodes.Ldind_I2)
 					continue;
-				if (!ins[i - 2].IsStloc())
+				var ldlocX = insNoNops[i - 1];
+				if (!ldlocX.IsLdloc() && ldlocX.OpCode.Code != Code.Ldloca && ldlocX.OpCode.Code != Code.Ldloca_S)
 					continue;
-				if (!ins[i - 3].IsLdcI4())
+				var stloc = insNoNops[i - 2];
+				if (!stloc.IsStloc())
 					continue;
-				if (ins[i - 1].Operand != ins[i - 2].Operand)
+				var ldci4 = insNoNops[i - 3];
+				if (!ldci4.IsLdcI4())
 					continue;
-				method.Body.Instructions[i].OpCode = OpCodes.Nop;
-				method.Body.Instructions[i].Operand = null;
-				method.Body.Instructions[i - 1].OpCode = OpCodes.Nop;
-				method.Body.Instructions[i - 1].Operand = null;
-				method.Body.Instructions[i - 2].OpCode = OpCodes.Nop;
-				method.Body.Instructions[i - 2].Operand = null;
+				ldlocIdxs.Add(instructions.IndexOf(ldlocX));
+				nopIdxs.Add(instructions.IndexOf(ldind));
+				var convi2 = insNoNops[i + 1];
+				if (ldind.OpCode == OpCodes.Ldind_I2 && convi2.OpCode == OpCodes.Conv_I2)
+					nopIdxs.Add(instructions.IndexOf(convi2));
 			}
 		}
 	}