Example 1 with Dup2_X1
use of net.runelite.asm.attributes.code.instructions.Dup2_X1 in project runelite by runelite.
the class DupDeobfuscator method undup2_x1.
private void undup2_x1(InstructionContext ictx) {
assert ictx.getInstruction() instanceof Dup2_X1;
// only support this form
assert ictx.getPops().size() == 2;
// I L -> L I L
Instructions instructions = ictx.getInstruction().getInstructions();
// can't swap a long on the stack, so
int idx = instructions.getInstructions().indexOf(ictx.getInstruction());
assert idx != -1;
// remove dup2_x1
instructions.remove(ictx.getInstruction());
// pop long
instructions.addInstruction(idx++, new Pop2(instructions));
// pop int
instructions.addInstruction(idx++, new Pop(instructions));
// insert copy of long
idx = copy(ictx.getPops().get(0), instructions, idx);
// insert copy of int
idx = copy(ictx.getPops().get(1), instructions, idx);
// insert copy of long
/* idx = */
copy(ictx.getPops().get(0), instructions, idx);
}
Also used :
Pop(net.runelite.asm.attributes.code.instructions.Pop)
Dup2_X1(net.runelite.asm.attributes.code.instructions.Dup2_X1)
Pop2(net.runelite.asm.attributes.code.instructions.Pop2)
Instructions(net.runelite.asm.attributes.code.Instructions)
Example 2 with Dup2_X1
use of net.runelite.asm.attributes.code.instructions.Dup2_X1 in project runelite by runelite.
the class MultiplicationDeobfuscatorTest method test9.
// aload 0
// aload 0
// aload 1
// invokevirtual class226/method4078()J
// ldc2_w -81013729583719545
// lmul
// dup2_x1
// ldc2_w -6236978337732675017
// lmul
// putfield class227/field3204 J
// ldc2_w -6236978337732675017
// lmul
// putfield class227/field3196 J
@Test
public void test9() {
ClassGroup group = ClassGroupFactory.generateGroup();
Code code = group.findClass("test").findMethod("func").getCode();
Instructions ins = code.getInstructions();
code.setMaxStack(3);
Instruction[] prepareVariables = { new LDC(ins, 1L), new LStore(ins, 0) };
for (Instruction i : prepareVariables) {
ins.addInstruction(i);
}
LDC constant1 = new LDC(ins, -81013729583719545L), constant2 = new LDC(ins, -6236978337732675017L), constant3 = new LDC(ins, -6236978337732675017L);
Instruction[] body = { new LDC(ins, 0), new LLoad(ins, 0), constant1, new LMul(ins), // lmul, 0, lmul
new Dup2_X1(ins), constant2, new LMul(ins), new Pop(ins), new Pop(ins), constant3, new LMul(ins), new Pop(ins), new VReturn(ins) };
for (Instruction i : body) {
ins.addInstruction(i);
}
Execution e = new Execution(group);
e.populateInitialMethods();
e.run();
assert constant1.getConstantAsLong() * constant2.getConstantAsLong() == 1L;
Deobfuscator d = new MultiplicationDeobfuscator();
d.run(group);
Assert.assertEquals(1L, constant1.getConstantAsLong());
Assert.assertEquals(1L, constant2.getConstantAsLong());
Assert.assertEquals(1L, constant3.getConstantAsLong());
}
Also used :
LLoad(net.runelite.asm.attributes.code.instructions.LLoad)
Instructions(net.runelite.asm.attributes.code.Instructions)
LDC(net.runelite.asm.attributes.code.instructions.LDC)
Instruction(net.runelite.asm.attributes.code.Instruction)
Code(net.runelite.asm.attributes.Code)
LStore(net.runelite.asm.attributes.code.instructions.LStore)
VReturn(net.runelite.asm.attributes.code.instructions.VReturn)
Deobfuscator(net.runelite.deob.Deobfuscator)
Pop(net.runelite.asm.attributes.code.instructions.Pop)
Execution(net.runelite.asm.execution.Execution)
Dup2_X1(net.runelite.asm.attributes.code.instructions.Dup2_X1)
ClassGroup(net.runelite.asm.ClassGroup)
LMul(net.runelite.asm.attributes.code.instructions.LMul)
Test(org.junit.Test)
Example 3 with Dup2_X1
use of net.runelite.asm.attributes.code.instructions.Dup2_X1 in project runelite by runelite.
the class DupDeobfuscator method visit.
private void visit(InstructionContext i) {
if (!(i.getInstruction() instanceof DupInstruction)) {
return;
}
DupInstruction di = (DupInstruction) i.getInstruction();
// stack values being duplicated
List<StackContext> sctxs = di.getDuplicated(i);
for (StackContext sctx : sctxs) {
InstructionContext ic = sctx.getPushed();
if (ic.getInstruction() instanceof IMul) {
if (i.getInstruction() instanceof Dup) {
logger.debug("Dup instruction {} duplicates multiplication result {}", i, ic);
undup(i);
++count;
return;
}
if (i.getInstruction() instanceof Dup_X1) {
logger.debug("Dup_X1 instruction {} duplicates multiplication result {}", i, ic);
undup_x1(i);
++count;
return;
}
logger.warn("Dup instruction {} pops imul", i);
} else if (ic.getInstruction() instanceof LMul) {
if (i.getInstruction() instanceof Dup2_X1) {
logger.debug("Dup_X2 instruction {} duplicates multiplication result {}", i, ic);
undup2_x1(i);
++count;
return;
}
logger.warn("Dup instruction {} pops lmul", i);
}
}
// find if mul pops anything duplicated
sctxs = di.getCopies(i);
for (StackContext sctx : sctxs) {
for (InstructionContext ic : sctx.getPopped()) {
if (ic.getInstruction() instanceof IMul) {
if (i.getInstruction() instanceof Dup) {
logger.debug("imul {} pops dup instruction {}", ic, i);
undup(i);
++count;
return;
}
if (i.getInstruction() instanceof Dup_X1) {
logger.debug("imul {} pops dup x1 instruction {}", ic, i);
undup_x1(i);
++count;
return;
}
logger.warn("imul pops dup instruction {}", i);
} else if (ic.getInstruction() instanceof LMul) {
if (i.getInstruction() instanceof Dup2_X1) {
logger.debug("imul {} pops dup2 x1 instruction {}", ic, i);
undup2_x1(i);
++count;
return;
}
logger.warn("lmul pops dup instruction {}", i);
}
}
}
}
Also used :
InstructionContext(net.runelite.asm.execution.InstructionContext)
Dup2_X1(net.runelite.asm.attributes.code.instructions.Dup2_X1)
StackContext(net.runelite.asm.execution.StackContext)
Dup_X1(net.runelite.asm.attributes.code.instructions.Dup_X1)
DupInstruction(net.runelite.asm.attributes.code.instruction.types.DupInstruction)
IMul(net.runelite.asm.attributes.code.instructions.IMul)
LMul(net.runelite.asm.attributes.code.instructions.LMul)
Dup(net.runelite.asm.attributes.code.instructions.Dup)
Aggregations
Dup2_X1 (net.runelite.asm.attributes.code.instructions.Dup2_X1)3
Instructions (net.runelite.asm.attributes.code.Instructions)2
LMul (net.runelite.asm.attributes.code.instructions.LMul)2
Pop (net.runelite.asm.attributes.code.instructions.Pop)2
ClassGroup (net.runelite.asm.ClassGroup)1
Code (net.runelite.asm.attributes.Code)1
Instruction (net.runelite.asm.attributes.code.Instruction)1
DupInstruction (net.runelite.asm.attributes.code.instruction.types.DupInstruction)1
Dup (net.runelite.asm.attributes.code.instructions.Dup)1
Dup_X1 (net.runelite.asm.attributes.code.instructions.Dup_X1)1
IMul (net.runelite.asm.attributes.code.instructions.IMul)1
LDC (net.runelite.asm.attributes.code.instructions.LDC)1
LLoad (net.runelite.asm.attributes.code.instructions.LLoad)1
LStore (net.runelite.asm.attributes.code.instructions.LStore)1
Pop2 (net.runelite.asm.attributes.code.instructions.Pop2)1
VReturn (net.runelite.asm.attributes.code.instructions.VReturn)1
Execution (net.runelite.asm.execution.Execution)1
InstructionContext (net.runelite.asm.execution.InstructionContext)1
StackContext (net.runelite.asm.execution.StackContext)1
Deobfuscator (net.runelite.deob.Deobfuscator)1
