有时候会看到反编译后的程序里面,所有的字符串都是乱乱代码,然后要通过类似下面一样的函数进行类似的解析,才知道明文是啥。
代码:
byte[] bytes = Convert.FromBase64String(param0); return Encoding.Unicode.GetString(bytes, 0, bytes.Length);
下面是正则部分
代码:
string Patt = @"(?<line>IL_\w+:\s+ldstr\s+)(?<con>(""\w+(\=){0,2}"")(\s+\+\s""\w+(\=){0,2}"")*(\s+\+\s""\w+(\=){0,2}"")?)(?<clear>\s+IL_\w+:\s+call\s+string\sNS005\.c02000025::m06000155\(string\))"; Regex regex = new Regex(Patt, RegexOptions.Compiled | RegexOptions.IgnoreCase | RegexOptions.Singleline); string strText = regex.Replace(strTxt, new MatchEvaluator(relp));
2、我的IL的格式如下,这是需要解析的乱乱的麻,如果有不同的格式适当修正下正则
代码:
IL_00e7: ldstr "MAAAwAH0AIAA3ADAIAAxAEIIAAAIAAwAEYAIAAxAEUA" IL_00ec: call string NS005.c02000025::m06000155(string)
代码:
private string relp(Match m) { string strRe = ""; string strLine = m.Groups["line"].Value; string strCon = m.Groups["con"].Value; string clear = m.Groups["clear"].Value; strCon = replc_n_r(strCon).Replace(@"""", ""); strCon = Base64Format(strCon).Replace("\n", "\\n").Replace("\r", "\\r");// strCon = String.Format(@"""{0}""", strCon); return strLine + strCon; } private string replc_n_r(string str) { string strRe = ""; string patten = @"""\s+\+\s"""; Regex regex = new Regex(patten, RegexOptions.Compiled | RegexOptions.IgnoreCase | RegexOptions.Singleline); strRe = regex.Replace(str, ""); return strRe; }