Module refinery.lib.scripts.vba.deobfuscation
VBA AST deobfuscation transforms.
Expand source code Browse git
"""
VBA AST deobfuscation transforms.
"""
from __future__ import annotations
from refinery.lib.scripts.pipeline import DeobfuscationPipeline, TransformerGroup
from refinery.lib.scripts.vba.deobfuscation.constants import VbaConstantInlining
from refinery.lib.scripts.vba.deobfuscation.deadcode import VbaDeadVariableRemoval
from refinery.lib.scripts.vba.deobfuscation.emulator import VbaFunctionEvaluator
from refinery.lib.scripts.vba.deobfuscation.simplify import VbaSimplifications
from refinery.lib.scripts.vba.model import VbaModule
_pipeline = DeobfuscationPipeline(
groups=[
TransformerGroup(
'fold',
VbaSimplifications,
VbaConstantInlining,
VbaDeadVariableRemoval,
),
TransformerGroup(
'evaluate',
VbaFunctionEvaluator,
),
],
dependencies={
'evaluate': {'fold'},
},
)
def deobfuscate(ast: VbaModule, max_steps: int = 0) -> int:
"""
Apply all available deobfuscators to the input.
"""
return _pipeline.run(ast, max_steps=max_steps)Sub-modules
refinery.lib.scripts.vba.deobfuscation.builtins-
VBA built-in numeric constants …
refinery.lib.scripts.vba.deobfuscation.constants-
VBA constant inlining: substitutes single-assignment constant variableswith their literal values.
refinery.lib.scripts.vba.deobfuscation.deadcode-
VBA dead variable removal: removes assignments to variables that are never read, provided the right-hand side has no side effects.
refinery.lib.scripts.vba.deobfuscation.emulator-
Evaluate user-defined VBA functions called with constant arguments.
refinery.lib.scripts.vba.deobfuscation.simplify-
VBA expression simplification and constant folding transforms.
Functions
def deobfuscate(ast, max_steps=0)-
Apply all available deobfuscators to the input.
Expand source code Browse git
def deobfuscate(ast: VbaModule, max_steps: int = 0) -> int: """ Apply all available deobfuscators to the input. """ return _pipeline.run(ast, max_steps=max_steps)