monocul.us/de4dot-cex
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge branch 'master' into new_code

Browse Source
This commit is contained in:
de4dot 2012-06-27 15:15:03 +02:00
commit a2baf1fdea
18 changed files with 705 additions and 26 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
AssemblyData/Properties/AssemblyInfo.cs
View File

@ -29,5 +29,5 @@ using System.Runtime.InteropServices;
[assembly: AssemblyTrademark("")]
[assembly: AssemblyCulture("")]
[assembly: ComVisible(false)]
[assembly: AssemblyVersion("1.8.5.3405")]
[assembly: AssemblyFileVersion("1.8.5.3405")]
[assembly: AssemblyVersion("1.8.6.3405")]
[assembly: AssemblyFileVersion("1.8.6.3405")]

4
AssemblyServer-x64/Properties/AssemblyInfo.cs
View File

@ -29,5 +29,5 @@ using System.Runtime.InteropServices;
[assembly: AssemblyTrademark("")]
[assembly: AssemblyCulture("")]
[assembly: ComVisible(false)]
[assembly: AssemblyVersion("1.8.5.3405")]
[assembly: AssemblyFileVersion("1.8.5.3405")]
[assembly: AssemblyVersion("1.8.6.3405")]
[assembly: AssemblyFileVersion("1.8.6.3405")]

4
AssemblyServer/Properties/AssemblyInfo.cs
View File

@ -29,5 +29,5 @@ using System.Runtime.InteropServices;
[assembly: AssemblyTrademark("")]
[assembly: AssemblyCulture("")]
[assembly: ComVisible(false)]
[assembly: AssemblyVersion("1.8.5.3405")]
[assembly: AssemblyFileVersion("1.8.5.3405")]
[assembly: AssemblyVersion("1.8.6.3405")]
[assembly: AssemblyFileVersion("1.8.6.3405")]

4
Test.Rename.Dll/Properties/AssemblyInfo.cs
View File

@ -29,5 +29,5 @@ using System.Runtime.InteropServices;
[assembly: AssemblyTrademark("")]
[assembly: AssemblyCulture("")]
[assembly: ComVisible(false)]
[assembly: AssemblyVersion("1.8.5.3405")]
[assembly: AssemblyFileVersion("1.8.5.3405")]
[assembly: AssemblyVersion("1.8.6.3405")]
[assembly: AssemblyFileVersion("1.8.6.3405")]

4
Test.Rename/Properties/AssemblyInfo.cs
View File

@ -29,5 +29,5 @@ using System.Runtime.InteropServices;
[assembly: AssemblyTrademark("")]
[assembly: AssemblyCulture("")]
[assembly: ComVisible(false)]
[assembly: AssemblyVersion("1.8.5.3405")]
[assembly: AssemblyFileVersion("1.8.5.3405")]
[assembly: AssemblyVersion("1.8.6.3405")]
[assembly: AssemblyFileVersion("1.8.6.3405")]

4
blocks/Properties/AssemblyInfo.cs
View File

@ -29,5 +29,5 @@ using System.Runtime.InteropServices;
[assembly: AssemblyTrademark("")]
[assembly: AssemblyCulture("")]
[assembly: ComVisible(false)]
[assembly: AssemblyVersion("1.8.5.3405")]
[assembly: AssemblyFileVersion("1.8.5.3405")]
[assembly: AssemblyVersion("1.8.6.3405")]
[assembly: AssemblyFileVersion("1.8.6.3405")]

4
de4dot-x64/Properties/AssemblyInfo.cs
View File

@ -29,5 +29,5 @@ using System.Runtime.InteropServices;
[assembly: AssemblyTrademark("")]
[assembly: AssemblyCulture("")]
[assembly: ComVisible(false)]
[assembly: AssemblyVersion("1.8.5.3405")]
[assembly: AssemblyFileVersion("1.8.5.3405")]
[assembly: AssemblyVersion("1.8.6.3405")]
[assembly: AssemblyFileVersion("1.8.6.3405")]

4
de4dot.code/Properties/AssemblyInfo.cs
View File

@ -29,5 +29,5 @@ using System.Runtime.InteropServices;
[assembly: AssemblyTrademark("")]
[assembly: AssemblyCulture("")]
[assembly: ComVisible(false)]
[assembly: AssemblyVersion("1.8.5.3405")]
[assembly: AssemblyFileVersion("1.8.5.3405")]
[assembly: AssemblyVersion("1.8.6.3405")]
[assembly: AssemblyFileVersion("1.8.6.3405")]

674
de4dot.code/deobfuscators/CliSecure/vm/OpCodeHandlers.cs
View File

@ -1193,6 +1193,680 @@ namespace de4dot.code.deobfuscators.CliSecure.vm {
Read = throw_read,
},
},
new OpCodeHandler[] {
new OpCodeHandler {
Name = "arithmetic",
OpCodeHandlerSigInfo = new OpCodeHandlerSigInfo {
RequiredFieldTypes = new object[] {
FieldsInfo.EnumType,
"System.Double",
},
ExecuteMethodLocals = new string[] {
"System.Object",
"System.Boolean",
},
ExecuteMethodThrows = 1,
ExecuteMethodPops = 2,
NumStaticMethods = 0,
NumInstanceMethods = 14,
NumVirtualMethods = 2,
NumCtors = 1,
},
Check = null,
Read = arithmetic_read,
},
new OpCodeHandler {
Name = "box/unbox",
OpCodeHandlerSigInfo = new OpCodeHandlerSigInfo {
RequiredFieldTypes = new object[] {
FieldsInfo.EnumType,
"System.UInt32",
FieldsInfo.EnumType,
},
ExecuteMethodLocals = new string[] {
"System.Object",
"System.Type",
"System.Boolean",
},
ExecuteMethodThrows = 0,
ExecuteMethodPops = 2,
NumStaticMethods = 0,
NumInstanceMethods = 2,
NumVirtualMethods = 2,
NumCtors = 1,
},
Check = null,
Read = box_read,
},
new OpCodeHandler {
Name = "call",
OpCodeHandlerSigInfo = new OpCodeHandlerSigInfo {
RequiredFieldTypes = new object[] {
"System.Collections.Generic.Dictionary`2<System.Reflection.Module,System.Collections.Generic.Dictionary`2<System.Int32,System.Reflection.MethodBase>>",
"System.Collections.Generic.Dictionary`2<System.String,System.Int32>",
"System.Collections.Generic.Dictionary`2<System.Reflection.MethodInfo,System.Reflection.Emit.DynamicMethod>",
"System.Reflection.MethodBase",
"System.UInt32",
FieldsInfo.EnumType,
FieldsInfo.EnumType,
"System.Boolean",
},
ExecuteMethodLocals = new string[] {
"System.Boolean",
"System.Reflection.Module",
"System.Collections.Generic.Dictionary`2<System.Int32,System.Reflection.MethodBase>",
"System.Object",
"System.Reflection.ParameterInfo[]",
"System.Int32",
"System.Object[]",
"System.Reflection.ConstructorInfo",
"System.Reflection.MethodInfo",
"System.Collections.Generic.Dictionary`2<System.Reflection.Module,System.Collections.Generic.Dictionary`2<System.Int32,System.Reflection.MethodBase>>",
},
ExecuteMethodThrows = 1,
ExecuteMethodPops = 2,
NumStaticMethods = 2,
NumInstanceMethods = 4,
NumVirtualMethods = 2,
NumCtors = 1,
},
Check = null,
Read = call_read,
},
new OpCodeHandler {
Name = "cast",
OpCodeHandlerSigInfo = new OpCodeHandlerSigInfo {
RequiredFieldTypes = new object[] {
"System.UInt32",
FieldsInfo.EnumType,
"System.Reflection.MethodBase",
},
ExecuteMethodLocals = new string[] {
"System.Type",
"System.Object",
"System.Boolean",
},
ExecuteMethodThrows = 1,
ExecuteMethodPops = 1,
NumStaticMethods = 0,
NumInstanceMethods = 0,
NumVirtualMethods = 2,
NumCtors = 2,
},
Check = null,
Read = cast_read,
},
new OpCodeHandler {
Name = "compare",
OpCodeHandlerSigInfo = new OpCodeHandlerSigInfo {
RequiredFieldTypes = new object[] {
"System.Int32",
FieldsInfo.EnumType,
},
ExecuteMethodLocals = new string[] {
"System.Int32",
"System.Object",
"System.Boolean",
},
ExecuteMethodThrows = 1,
ExecuteMethodPops = 2,
NumStaticMethods = 1,
NumInstanceMethods = 7,
NumVirtualMethods = 2,
NumCtors = 1,
},
Check = null,
Read = compare_read,
},
new OpCodeHandler {
Name = "convert",
OpCodeHandlerSigInfo = new OpCodeHandlerSigInfo {
RequiredFieldTypes = new object[] {
FieldsInfo.EnumType,
"System.Boolean",
"System.Boolean",
"System.UInt16",
},
ExecuteMethodLocals = new string[] {
"System.Object",
"System.Boolean",
},
ExecuteMethodThrows = 0,
ExecuteMethodPops = 1,
NumStaticMethods = 0,
NumInstanceMethods = 13,
NumVirtualMethods = 2,
NumCtors = 1,
},
Check = null,
Read = convert_read,
},
new OpCodeHandler {
Name = "dup/pop",
OpCodeHandlerSigInfo = new OpCodeHandlerSigInfo {
RequiredFieldTypes = new object[] {
FieldsInfo.EnumType,
},
ExecuteMethodThrows = 0,
ExecuteMethodPops = 1,
NumStaticMethods = 0,
NumInstanceMethods = 0,
NumVirtualMethods = 2,
NumCtors = 1,
},
Check = null,
Read = dup_read,
},
new OpCodeHandler {
Name = "endfinally",
OpCodeHandlerSigInfo = new OpCodeHandlerSigInfo {
RequiredFieldTypes = new object[] {
"System.UInt32",
},
ExecuteMethodLocals = new string[] {
"System.Int32",
},
ExecuteMethodThrows = 2,
ExecuteMethodPops = 0,
NumStaticMethods = 0,
NumInstanceMethods = 0,
NumVirtualMethods = 2,
NumCtors = 1,
},
Check = endfinally_check,
Read = endfinally_read,
},
new OpCodeHandler {
Name = "initobj",
OpCodeHandlerSigInfo = new OpCodeHandlerSigInfo {
RequiredFieldTypes = new object[] {
"System.UInt32",
"System.Double",
},
ExecuteMethodLocals = new string[] {
"System.Type",
"System.Boolean",
},
ExecuteMethodThrows = 1,
ExecuteMethodPops = 1,
NumStaticMethods = 0,
NumInstanceMethods = 0,
NumVirtualMethods = 2,
NumCtors = 1,
},
Check = null,
Read = initobj_read,
},
new OpCodeHandler {
Name = "ldelem/stelem",
OpCodeHandlerSigInfo = new OpCodeHandlerSigInfo {
RequiredFieldTypes = new object[] {
"System.Boolean",
"System.Boolean",
FieldsInfo.EnumType,
"System.UInt32",
},
ExecuteMethodLocals = new string[] {
"System.Int32",
"System.Array",
"System.Object",
"System.Type",
"System.Boolean",
},
ExecuteMethodThrows = 0,
ExecuteMethodPops = 5,
NumStaticMethods = 0,
NumInstanceMethods = 0,
NumVirtualMethods = 2,
NumCtors = 1,
},
Check = null,
Read = ldelem_read,
},
new OpCodeHandler {
Name = "ldelema",
OpCodeHandlerSigInfo = new OpCodeHandlerSigInfo {
RequiredFieldTypes = new object[0],
ExecuteMethodLocals = new string[] {
"System.Int32",
"System.Array",
},
ExecuteMethodThrows = 0,
ExecuteMethodPops = 2,
NumStaticMethods = 0,
NumInstanceMethods = 0,
NumVirtualMethods = 2,
NumCtors = 1,
},
Check = null,
Read = ldelema_read,
},
new OpCodeHandler {
Name = "ldlen",
OpCodeHandlerSigInfo = new OpCodeHandlerSigInfo {
RequiredFieldTypes = new object[0],
ExecuteMethodLocals = new string[] {
"System.Array",
"System.Object",
"System.Boolean",
},
ExecuteMethodThrows = 0,
ExecuteMethodPops = 1,
NumStaticMethods = 0,
NumInstanceMethods = 0,
NumVirtualMethods = 2,
NumCtors = 1,
},
Check = null,
Read = ldlen_read,
},
new OpCodeHandler {
Name = "ldobj",
OpCodeHandlerSigInfo = new OpCodeHandlerSigInfo {
RequiredFieldTypes = new object[0],
ExecuteMethodLocals = new string[] {
"System.Boolean",
},
ExecuteMethodThrows = 1,
ExecuteMethodPops = 1,
NumStaticMethods = 0,
NumInstanceMethods = 0,
NumVirtualMethods = 2,
NumCtors = 1,
},
Check = null,
Read = ldobj_read,
},
new OpCodeHandler {
Name = "ldstr",
OpCodeHandlerSigInfo = new OpCodeHandlerSigInfo {
RequiredFieldTypes = new object[] {
"System.String",
},
ExecuteMethodThrows = 0,
ExecuteMethodPops = 0,
NumStaticMethods = 0,
NumInstanceMethods = 0,
NumVirtualMethods = 2,
NumCtors = 1,
},
Check = null,
Read = ldstr_read,
},
new OpCodeHandler {
Name = "ldtoken",
OpCodeHandlerSigInfo = new OpCodeHandlerSigInfo {
RequiredFieldTypes = new object[] {
"System.UInt32",
},
ExecuteMethodLocals = new string[] {
"System.Object",
"System.Reflection.MemberInfo",
"System.Boolean",
},
ExecuteMethodThrows = 1,
ExecuteMethodPops = 0,
NumStaticMethods = 0,
NumInstanceMethods = 0,
NumVirtualMethods = 2,
NumCtors = 1,
},
Check = ldtoken_check,
Read = ldtoken_read,
},
new OpCodeHandler {
Name = "leave",
OpCodeHandlerSigInfo = new OpCodeHandlerSigInfo {
RequiredFieldTypes = new object[] {
"System.Int32",
},
ExecuteMethodLocals = new string[] {
"System.Int32",
"System.Boolean",
},
ExecuteMethodThrows = 0,
ExecuteMethodPops = 0,
NumStaticMethods = 0,
NumInstanceMethods = 0,
NumVirtualMethods = 2,
NumCtors = 1,
},
Check = leave_check,
Read = leave_read,
},
new OpCodeHandler {
Name = "load constant",
OpCodeHandlerSigInfo = new OpCodeHandlerSigInfo {
RequiredFieldTypes = new object[] {
"System.Object",
"System.Double",
"System.UInt16",
},
ExecuteMethodLocals = new string[] {
"System.Boolean",
},
ExecuteMethodThrows = 0,
ExecuteMethodPops = 1,
NumStaticMethods = 0,
NumInstanceMethods = 0,
NumVirtualMethods = 2,
NumCtors = 1,
},
Check = null,
Read = ldc_read,
},
new OpCodeHandler {
Name = "load func",
OpCodeHandlerSigInfo = new OpCodeHandlerSigInfo {
RequiredFieldTypes = new object[] {
FieldsInfo.EnumType,
"System.UInt32",
"System.UInt32",
},
ExecuteMethodLocals = new string[] {
"System.Reflection.MethodBase",
"System.IntPtr",
"System.Type",
"System.Delegate",
"System.RuntimeMethodHandle",
},
ExecuteMethodThrows = 0,
ExecuteMethodPops = 1,
NumStaticMethods = 0,
NumInstanceMethods = 0,
NumVirtualMethods = 2,
NumCtors = 1,
},
Check = null,
Read = ldftn_read,
},
new OpCodeHandler {
Name = "load local/arg",
OpCodeHandlerSigInfo = new OpCodeHandlerSigInfo {
RequiredFieldTypes = new object[] {
"System.Boolean",
"System.UInt16",
"System.UInt32",
},
ExecuteMethodLocals = new string[] {
"System.Boolean",
},
ExecuteMethodThrows = 0,
ExecuteMethodPops = 0,
NumStaticMethods = 0,
NumInstanceMethods = 0,
NumVirtualMethods = 2,
NumCtors = 1,
},
Check = null,
Read = ldloc_read,
},
new OpCodeHandler {
Name = "load local/arg address",
OpCodeHandlerSigInfo = new OpCodeHandlerSigInfo {
RequiredFieldTypes = new object[] {
"System.Boolean",
"System.UInt32",
},
ExecuteMethodLocals = new string[] {
"System.Array",
"System.Boolean",
},
ExecuteMethodThrows = 0,
ExecuteMethodPops = 0,
NumStaticMethods = 0,
NumInstanceMethods = 0,
NumVirtualMethods = 2,
NumCtors = 1,
},
Check = null,
Read = ldloca_read,
},
new OpCodeHandler {
Name = "load/store field",
OpCodeHandlerSigInfo = new OpCodeHandlerSigInfo {
RequiredFieldTypes = new object[] {
"System.UInt32",
FieldsInfo.EnumType,
},
ExecuteMethodLocals = new string[] {
"System.Reflection.FieldInfo",
"System.Object",
"System.Boolean",
},
ExecuteMethodThrows = 0,
ExecuteMethodPops = 4,
NumStaticMethods = 0,
NumInstanceMethods = 0,
NumVirtualMethods = 2,
NumCtors = 1,
},
Check = null,
Read = ldfld_read,
},
new OpCodeHandler {
Name = "logical",
OpCodeHandlerSigInfo = new OpCodeHandlerSigInfo {
RequiredFieldTypes = new object[] {
FieldsInfo.EnumType,
FieldsInfo.EnumType,
},
ExecuteMethodLocals = new string[] {
"System.Object",
"System.Boolean",
},
ExecuteMethodThrows = 1,
ExecuteMethodPops = 2,
NumStaticMethods = 0,
NumInstanceMethods = 6,
NumVirtualMethods = 2,
NumCtors = 1,
},
Check = null,
Read = logical_read,
},
new OpCodeHandler {
Name = "neg/not",
OpCodeHandlerSigInfo = new OpCodeHandlerSigInfo {
RequiredFieldTypes = new object[] {
FieldsInfo.EnumType,
},
ExecuteMethodLocals = new string[] {
"System.Object",
},
ExecuteMethodThrows = 1,
ExecuteMethodPops = 1,
NumStaticMethods = 0,
NumInstanceMethods = 2,
NumVirtualMethods = 2,
NumCtors = 1,
},
Check = null,
Read = neg_read,
},
new OpCodeHandler {
Name = "newarr",
OpCodeHandlerSigInfo = new OpCodeHandlerSigInfo {
RequiredFieldTypes = new object[] {
"System.UInt32",
},
ExecuteMethodLocals = new string[] {
"System.Object",
"System.Int32",
"System.Type",
"System.Boolean",
"System.IntPtr",
},
ExecuteMethodThrows = 0,
ExecuteMethodPops = 1,
NumStaticMethods = 0,
NumInstanceMethods = 0,
NumVirtualMethods = 2,
NumCtors = 1,
},
Check = newarr_check,
Read = newarr_read,
},
new OpCodeHandler {
Name = "nop",
OpCodeHandlerSigInfo = new OpCodeHandlerSigInfo {
RequiredFieldTypes = new object[0],
ExecuteMethodThrows = 0,
ExecuteMethodPops = 0,
NumStaticMethods = 0,
NumInstanceMethods = 0,
NumVirtualMethods = 2,
NumCtors = 1,
},
Check = nop_check,
Read = nop_read,
},
new OpCodeHandler {
Name = "ret",
OpCodeHandlerSigInfo = new OpCodeHandlerSigInfo {
RequiredFieldTypes = new object[] {
"System.UInt32",
},
ExecuteMethodLocals = new string[] {
"System.Reflection.MethodInfo",
"System.Type",
"System.Object",
"System.Boolean",
},
ExecuteMethodThrows = 0,
ExecuteMethodPops = 1,
NumStaticMethods = 0,
NumInstanceMethods = 0,
NumVirtualMethods = 2,
NumCtors = 1,
},
Check = ret_check,
Read = ret_read,
},
new OpCodeHandler {
Name = "rethrow",
OpCodeHandlerSigInfo = new OpCodeHandlerSigInfo {
RequiredFieldTypes = new object[0],
ExecuteMethodThrows = 1,
ExecuteMethodPops = 0,
NumStaticMethods = 0,
NumInstanceMethods = 0,
NumVirtualMethods = 2,
NumCtors = 1,
},
Check = rethrow_check,
Read = rethrow_read,
},
new OpCodeHandler {
Name = "stobj",
OpCodeHandlerSigInfo = new OpCodeHandlerSigInfo {
RequiredFieldTypes = new object[0],
ExecuteMethodLocals = new string[] {
"System.Boolean",
},
ExecuteMethodThrows = 1,
ExecuteMethodPops = 2,
NumStaticMethods = 0,
NumInstanceMethods = 0,
NumVirtualMethods = 2,
NumCtors = 1,
},
Check = null,
Read = stobj_read,
},
new OpCodeHandler {
Name = "store local/arg",
OpCodeHandlerSigInfo = new OpCodeHandlerSigInfo {
RequiredFieldTypes = new object[] {
"System.Boolean",
"System.UInt16",
FieldsInfo.EnumType,
},
ExecuteMethodLocals = new string[] {
"System.Object",
"System.Boolean",
},
ExecuteMethodThrows = 0,
ExecuteMethodPops = 1,
NumStaticMethods = 0,
NumInstanceMethods = 0,
NumVirtualMethods = 2,
NumCtors = 1,
},
Check = null,
Read = stloc_read,
},
new OpCodeHandler {
Name = "switch",
OpCodeHandlerSigInfo = new OpCodeHandlerSigInfo {
RequiredFieldTypes = new object[] {
"System.UInt32",
"System.Int32[]",
},
ExecuteMethodLocals = new string[] {
"System.Int32",
"System.Boolean",
},
ExecuteMethodThrows = 0,
ExecuteMethodPops = 1,
NumStaticMethods = 0,
NumInstanceMethods = 0,
NumVirtualMethods = 2,
NumCtors = 1,
},
Check = null,
Read = switch_read,
},
new OpCodeHandler {
Name = "throw",
OpCodeHandlerSigInfo = new OpCodeHandlerSigInfo {
RequiredFieldTypes = new object[0],
ExecuteMethodLocals = new string[] {
"System.Object",
"System.Boolean",
},
ExecuteMethodThrows = 2,
ExecuteMethodPops = 1,
NumStaticMethods = 0,
NumInstanceMethods = 0,
NumVirtualMethods = 2,
NumCtors = 1,
},
Check = throw_check,
Read = throw_read,
},
},
};
}
}

3
de4dot.code/deobfuscators/CryptoObfuscator/AntiDebugger.cs
View File

@ -62,7 +62,8 @@ namespace de4dot.code.deobfuscators.CryptoObfuscator {
if (DotNetUtils.getPInvokeMethod(type, "kernel32", "GetProcAddress") == null)
continue;
deobfuscate(method);
if (!containsString(method, "debugger is activ"))
if (!containsString(method, "debugger is activ") &&
!containsString(method, "debugger is running"))
continue;
antiDebuggerType = type;

2
de4dot.code/deobfuscators/CryptoObfuscator/ProxyCallFixer.cs
View File

@ -129,7 +129,7 @@ namespace de4dot.code.deobfuscators.CryptoObfuscator {
MethodDefinition getProxyCreateMethod(TypeDefinition type) {
if (DotNetUtils.findFieldType(type, "System.ModuleHandle", true) == null)
return null;
if (type.Fields.Count < 1 || type.Fields.Count > 5)
if (type.Fields.Count < 1 || type.Fields.Count > 6)
return null;
MethodDefinition createMethod = null;

2
de4dot.code/deobfuscators/CryptoObfuscator/ResourceDecrypter.cs
View File

@ -300,6 +300,8 @@ namespace de4dot.code.deobfuscators.CryptoObfuscator {
return method;
if (DotNetUtils.isMethod(method, "System.Byte[]", "(System.Int32,System.IO.Stream)"))
return method;
if (DotNetUtils.isMethod(method, "System.Byte[]", "(System.Int16,System.IO.Stream)"))
return method;
}
return null;
}

2
de4dot.code/deobfuscators/CryptoObfuscator/TamperDetection.cs
View File

@ -84,7 +84,7 @@ namespace de4dot.code.deobfuscators.CryptoObfuscator {
if (!method.IsStatic || !DotNetUtils.isMethod(method, "System.Void", "()"))
return false;
if (type.Methods.Count < 3 || type.Methods.Count > 7)
if (type.Methods.Count < 3 || type.Methods.Count > 8)
return false;
if (DotNetUtils.getPInvokeMethod(type, "mscoree", "StrongNameSignatureVerificationEx") != null) {
}

2
de4dot.code/deobfuscators/Eazfuscator_NET/StringDecrypter.cs
View File

@ -665,6 +665,8 @@ namespace de4dot.code.deobfuscators.Eazfuscator_NET {
return false;
if (!constantsReader.getNextInt32(ref index, out tmp2))
return false;
if (tmp2 == 0 && !constantsReader.getNextInt32(ref index, out tmp2))
return false;
index = 0;
var instrs = cctor.Body.Instructions;

4
de4dot.cui/Properties/AssemblyInfo.cs
View File

@ -30,7 +30,7 @@ using System.Runtime.InteropServices;
[assembly: AssemblyTrademark("")]
[assembly: AssemblyCulture("")]
[assembly: ComVisible(false)]
[assembly: AssemblyVersion("1.8.5.3405")]
[assembly: AssemblyFileVersion("1.8.5.3405")]
[assembly: AssemblyVersion("1.8.6.3405")]
[assembly: AssemblyFileVersion("1.8.6.3405")]
[assembly: InternalsVisibleTo("de4dot, PublicKey=00240000048000009400000006020000002400005253413100040000010001007b5ffd8f48f1397cd4e21c9e30a5cb36b2c013d6f20688c90e3f0c2d24e6d67cbeea7a6ec3faf9ba081f3d6b6fbe389677adbb8337d3a16187cd13b16a34008a22b89089da41c4a08fd35615c77de0827adcca6d49b08c0ed3e0404a1c44b7d083be614acb1779e4fb275e14427f3687f375d03f3b465c8a6cdeebd1f8c7f4ea")]
[assembly: InternalsVisibleTo("de4dot-x64, PublicKey=00240000048000009400000006020000002400005253413100040000010001007b5ffd8f48f1397cd4e21c9e30a5cb36b2c013d6f20688c90e3f0c2d24e6d67cbeea7a6ec3faf9ba081f3d6b6fbe389677adbb8337d3a16187cd13b16a34008a22b89089da41c4a08fd35615c77de0827adcca6d49b08c0ed3e0404a1c44b7d083be614acb1779e4fb275e14427f3687f375d03f3b465c8a6cdeebd1f8c7f4ea")]

2
de4dot.mdecrypt/DynamicMethodsDecrypter.cs
View File

@ -244,7 +244,7 @@ namespace de4dot.mdecrypt {
uint size = pSection->VirtualSize;
uint rva = pSection->VirtualAddress;
int displ = -4;
int displ = -8;
return new IntPtr((byte*)hDll + rva + size + displ);
}

4
de4dot.mdecrypt/Properties/AssemblyInfo.cs
View File

@ -29,5 +29,5 @@ using System.Runtime.InteropServices;
[assembly: AssemblyTrademark("")]
[assembly: AssemblyCulture("")]
[assembly: ComVisible(false)]
[assembly: AssemblyVersion("1.8.5.3405")]
[assembly: AssemblyFileVersion("1.8.5.3405")]
[assembly: AssemblyVersion("1.8.6.3405")]
[assembly: AssemblyFileVersion("1.8.6.3405")]

4
de4dot/Properties/AssemblyInfo.cs
View File

@ -29,5 +29,5 @@ using System.Runtime.InteropServices;
[assembly: AssemblyTrademark("")]
[assembly: AssemblyCulture("")]
[assembly: ComVisible(false)]
[assembly: AssemblyVersion("1.8.5.3405")]
[assembly: AssemblyFileVersion("1.8.5.3405")]
[assembly: AssemblyVersion("1.8.6.3405")]
[assembly: AssemblyFileVersion("1.8.6.3405")]