diff --git a/AssemblyServer-CLR20-x64/App.config b/AssemblyServer-CLR20-x64/App.config
new file mode 100644
index 00000000..c1a7f56c
--- /dev/null
+++ b/AssemblyServer-CLR20-x64/App.config
@@ -0,0 +1,9 @@
+
+
+
+
+
+
+
+
+
\ No newline at end of file
diff --git a/AssemblyServer-CLR20-x64/AssemblyServer-CLR20-x64.csproj b/AssemblyServer-CLR20-x64/AssemblyServer-CLR20-x64.csproj
new file mode 100644
index 00000000..71aced2f
--- /dev/null
+++ b/AssemblyServer-CLR20-x64/AssemblyServer-CLR20-x64.csproj
@@ -0,0 +1,65 @@
+
+
+
+ Debug
+ x86
+ 8.0.30703
+ 2.0
+ {9F84607D-3662-4CF2-BA40-8BDB11935643}
+ Exe
+ Properties
+ AssemblyServer_CLR20_x64
+ AssemblyServer-CLR20-x64
+ v2.0
+ 512
+ true
+ ..\de4dot.snk
+
+
+ x64
+ true
+ full
+ false
+ ..\Debug\bin\
+ DEBUG;TRACE
+ prompt
+ 4
+ true
+
+
+ x64
+ pdbonly
+ true
+ ..\Release\bin\
+ TRACE
+ prompt
+ 4
+ true
+ true
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ {FBD84077-9D35-41FE-89DF-8D79EFE0B595}
+ AssemblyData
+
+
+
+
+
\ No newline at end of file
diff --git a/AssemblyServer-CLR20-x64/Program.cs b/AssemblyServer-CLR20-x64/Program.cs
new file mode 100644
index 00000000..ecc86c90
--- /dev/null
+++ b/AssemblyServer-CLR20-x64/Program.cs
@@ -0,0 +1,26 @@
+/*
+ Copyright (C) 2011-2012 de4dot@gmail.com
+
+ This file is part of de4dot.
+
+ de4dot is free software: you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation, either version 3 of the License, or
+ (at your option) any later version.
+
+ de4dot is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with de4dot. If not, see .
+*/
+
+namespace AssemblyServer_CLR20_x64 {
+ class Program {
+ static int Main(string[] args) {
+ return AssemblyServer.Start.main(args);
+ }
+ }
+}
diff --git a/AssemblyServer-CLR20-x64/Properties/AssemblyInfo.cs b/AssemblyServer-CLR20-x64/Properties/AssemblyInfo.cs
new file mode 100644
index 00000000..844fc36d
--- /dev/null
+++ b/AssemblyServer-CLR20-x64/Properties/AssemblyInfo.cs
@@ -0,0 +1,33 @@
+/*
+ Copyright (C) 2011-2012 de4dot@gmail.com
+
+ This file is part of de4dot.
+
+ de4dot is free software: you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation, either version 3 of the License, or
+ (at your option) any later version.
+
+ de4dot is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with de4dot. If not, see .
+*/
+
+using System.Reflection;
+using System.Runtime.InteropServices;
+
+[assembly: AssemblyTitle("AssemblyServer-CLR20-x64")]
+[assembly: AssemblyDescription("Assembly Server - CLR v2.0 - x64")]
+[assembly: AssemblyConfiguration("")]
+[assembly: AssemblyCompany("")]
+[assembly: AssemblyProduct("AssemblyServer-CLR20-x64")]
+[assembly: AssemblyCopyright("Copyright (C) 2011-2012 de4dot@gmail.com")]
+[assembly: AssemblyTrademark("")]
+[assembly: AssemblyCulture("")]
+[assembly: ComVisible(false)]
+[assembly: AssemblyVersion("1.9.1.3405")]
+[assembly: AssemblyFileVersion("1.9.1.3405")]
diff --git a/AssemblyServer-CLR20/App.config b/AssemblyServer-CLR20/App.config
new file mode 100644
index 00000000..c1a7f56c
--- /dev/null
+++ b/AssemblyServer-CLR20/App.config
@@ -0,0 +1,9 @@
+
+
+
+
+
+
+
+
+
\ No newline at end of file
diff --git a/AssemblyServer-CLR20/AssemblyServer-CLR20.csproj b/AssemblyServer-CLR20/AssemblyServer-CLR20.csproj
new file mode 100644
index 00000000..d5ed2bf2
--- /dev/null
+++ b/AssemblyServer-CLR20/AssemblyServer-CLR20.csproj
@@ -0,0 +1,59 @@
+
+
+
+ Debug
+ x86
+ 8.0.30703
+ 2.0
+ {C72DC899-1760-432B-B429-3CD88B669A6A}
+ Exe
+ Properties
+ AssemblyServer_CLR20
+ AssemblyServer-CLR20
+ v2.0
+ 512
+ true
+ ..\de4dot.snk
+
+
+ x86
+ true
+ full
+ false
+ ..\Debug\bin\
+ DEBUG;TRACE
+ prompt
+ 4
+
+
+ x86
+ pdbonly
+ true
+ ..\Release\bin\
+ TRACE
+ prompt
+ 4
+ true
+
+
+
+
+
+
+
+
+
+
+ {FBD84077-9D35-41FE-89DF-8D79EFE0B595}
+ AssemblyData
+
+
+
+
+
\ No newline at end of file
diff --git a/AssemblyServer-CLR20/Program.cs b/AssemblyServer-CLR20/Program.cs
new file mode 100644
index 00000000..72aa33c4
--- /dev/null
+++ b/AssemblyServer-CLR20/Program.cs
@@ -0,0 +1,26 @@
+/*
+ Copyright (C) 2011-2012 de4dot@gmail.com
+
+ This file is part of de4dot.
+
+ de4dot is free software: you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation, either version 3 of the License, or
+ (at your option) any later version.
+
+ de4dot is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with de4dot. If not, see .
+*/
+
+namespace AssemblyServer_CLR20 {
+ class Program {
+ static int Main(string[] args) {
+ return AssemblyServer.Start.main(args);
+ }
+ }
+}
diff --git a/AssemblyServer-CLR20/Properties/AssemblyInfo.cs b/AssemblyServer-CLR20/Properties/AssemblyInfo.cs
new file mode 100644
index 00000000..f3f2646a
--- /dev/null
+++ b/AssemblyServer-CLR20/Properties/AssemblyInfo.cs
@@ -0,0 +1,33 @@
+/*
+ Copyright (C) 2011-2012 de4dot@gmail.com
+
+ This file is part of de4dot.
+
+ de4dot is free software: you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation, either version 3 of the License, or
+ (at your option) any later version.
+
+ de4dot is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with de4dot. If not, see .
+*/
+
+using System.Reflection;
+using System.Runtime.InteropServices;
+
+[assembly: AssemblyTitle("AssemblyServer-CLR20")]
+[assembly: AssemblyDescription("Assembly Server - CLR v2.0 - x86")]
+[assembly: AssemblyConfiguration("")]
+[assembly: AssemblyCompany("")]
+[assembly: AssemblyProduct("AssemblyServer-CLR20")]
+[assembly: AssemblyCopyright("Copyright (C) 2011-2012 de4dot@gmail.com")]
+[assembly: AssemblyTrademark("")]
+[assembly: AssemblyCulture("")]
+[assembly: ComVisible(false)]
+[assembly: AssemblyVersion("1.9.1.3405")]
+[assembly: AssemblyFileVersion("1.9.1.3405")]
diff --git a/AssemblyServer-CLR40-x64/App.config b/AssemblyServer-CLR40-x64/App.config
new file mode 100644
index 00000000..eea960bb
--- /dev/null
+++ b/AssemblyServer-CLR40-x64/App.config
@@ -0,0 +1,9 @@
+
+
+
+
+
+
+
+
+
\ No newline at end of file
diff --git a/AssemblyServer-CLR40-x64/AssemblyServer-CLR40-x64.csproj b/AssemblyServer-CLR40-x64/AssemblyServer-CLR40-x64.csproj
new file mode 100644
index 00000000..4766ae34
--- /dev/null
+++ b/AssemblyServer-CLR40-x64/AssemblyServer-CLR40-x64.csproj
@@ -0,0 +1,67 @@
+
+
+
+ Debug
+ x86
+ 8.0.30703
+ 2.0
+ {A0F58B9F-BB56-4D9B-B04A-726F9E7961EB}
+ Exe
+ Properties
+ AssemblyServer_CLR40_x64
+ AssemblyServer-CLR40-x64
+ v4.0
+ 512
+ true
+ ..\de4dot.snk
+
+
+ x64
+ true
+ full
+ false
+ ..\Debug\bin\
+ DEBUG;TRACE
+ prompt
+ 4
+ true
+ 1685
+
+
+ x64
+ pdbonly
+ true
+ ..\Release\bin\
+ TRACE
+ prompt
+ 4
+ true
+ true
+ 1685
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ {FBD84077-9D35-41FE-89DF-8D79EFE0B595}
+ AssemblyData
+
+
+
+
+
\ No newline at end of file
diff --git a/AssemblyServer-CLR40-x64/Program.cs b/AssemblyServer-CLR40-x64/Program.cs
new file mode 100644
index 00000000..f1e25a5b
--- /dev/null
+++ b/AssemblyServer-CLR40-x64/Program.cs
@@ -0,0 +1,26 @@
+/*
+ Copyright (C) 2011-2012 de4dot@gmail.com
+
+ This file is part of de4dot.
+
+ de4dot is free software: you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation, either version 3 of the License, or
+ (at your option) any later version.
+
+ de4dot is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with de4dot. If not, see .
+*/
+
+namespace AssemblyServer_CLR40_x64 {
+ class Program {
+ static int Main(string[] args) {
+ return AssemblyServer.Start.main(args);
+ }
+ }
+}
diff --git a/AssemblyServer-CLR40-x64/Properties/AssemblyInfo.cs b/AssemblyServer-CLR40-x64/Properties/AssemblyInfo.cs
new file mode 100644
index 00000000..aa20e514
--- /dev/null
+++ b/AssemblyServer-CLR40-x64/Properties/AssemblyInfo.cs
@@ -0,0 +1,33 @@
+/*
+ Copyright (C) 2011-2012 de4dot@gmail.com
+
+ This file is part of de4dot.
+
+ de4dot is free software: you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation, either version 3 of the License, or
+ (at your option) any later version.
+
+ de4dot is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with de4dot. If not, see .
+*/
+
+using System.Reflection;
+using System.Runtime.InteropServices;
+
+[assembly: AssemblyTitle("AssemblyServer-CLR40-x64")]
+[assembly: AssemblyDescription("Assembly Server - CLR v4.0 - x64")]
+[assembly: AssemblyConfiguration("")]
+[assembly: AssemblyCompany("")]
+[assembly: AssemblyProduct("AssemblyServer-CLR40-x64")]
+[assembly: AssemblyCopyright("Copyright (C) 2011-2012 de4dot@gmail.com")]
+[assembly: AssemblyTrademark("")]
+[assembly: AssemblyCulture("")]
+[assembly: ComVisible(false)]
+[assembly: AssemblyVersion("1.9.1.3405")]
+[assembly: AssemblyFileVersion("1.9.1.3405")]
diff --git a/AssemblyServer-CLR40/App.config b/AssemblyServer-CLR40/App.config
new file mode 100644
index 00000000..eea960bb
--- /dev/null
+++ b/AssemblyServer-CLR40/App.config
@@ -0,0 +1,9 @@
+
+
+
+
+
+
+
+
+
\ No newline at end of file
diff --git a/AssemblyServer-CLR40/AssemblyServer-CLR40.csproj b/AssemblyServer-CLR40/AssemblyServer-CLR40.csproj
new file mode 100644
index 00000000..a6ab3cfa
--- /dev/null
+++ b/AssemblyServer-CLR40/AssemblyServer-CLR40.csproj
@@ -0,0 +1,59 @@
+
+
+
+ Debug
+ x86
+ 8.0.30703
+ 2.0
+ {B8FF4ADD-BAD8-47FD-B126-63234E2BB0B3}
+ Exe
+ Properties
+ AssemblyServer_CLR40
+ AssemblyServer-CLR40
+ v4.0
+ 512
+ true
+ ..\de4dot.snk
+
+
+ x86
+ true
+ full
+ false
+ ..\Debug\bin\
+ DEBUG;TRACE
+ prompt
+ 4
+
+
+ x86
+ pdbonly
+ true
+ ..\Release\bin\
+ TRACE
+ prompt
+ 4
+ true
+
+
+
+
+
+
+
+
+
+
+ {FBD84077-9D35-41FE-89DF-8D79EFE0B595}
+ AssemblyData
+
+
+
+
+
\ No newline at end of file
diff --git a/AssemblyServer-CLR40/Program.cs b/AssemblyServer-CLR40/Program.cs
new file mode 100644
index 00000000..7b1ee634
--- /dev/null
+++ b/AssemblyServer-CLR40/Program.cs
@@ -0,0 +1,26 @@
+/*
+ Copyright (C) 2011-2012 de4dot@gmail.com
+
+ This file is part of de4dot.
+
+ de4dot is free software: you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation, either version 3 of the License, or
+ (at your option) any later version.
+
+ de4dot is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with de4dot. If not, see .
+*/
+
+namespace AssemblyServer_CLR40 {
+ class Program {
+ static int Main(string[] args) {
+ return AssemblyServer.Start.main(args);
+ }
+ }
+}
diff --git a/AssemblyServer-CLR40/Properties/AssemblyInfo.cs b/AssemblyServer-CLR40/Properties/AssemblyInfo.cs
new file mode 100644
index 00000000..388fa7f3
--- /dev/null
+++ b/AssemblyServer-CLR40/Properties/AssemblyInfo.cs
@@ -0,0 +1,33 @@
+/*
+ Copyright (C) 2011-2012 de4dot@gmail.com
+
+ This file is part of de4dot.
+
+ de4dot is free software: you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation, either version 3 of the License, or
+ (at your option) any later version.
+
+ de4dot is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with de4dot. If not, see .
+*/
+
+using System.Reflection;
+using System.Runtime.InteropServices;
+
+[assembly: AssemblyTitle("AssemblyServer-CLR40")]
+[assembly: AssemblyDescription("Assembly Server - CLR v4.0 - x86")]
+[assembly: AssemblyConfiguration("")]
+[assembly: AssemblyCompany("")]
+[assembly: AssemblyProduct("AssemblyServer-CLR40")]
+[assembly: AssemblyCopyright("Copyright (C) 2011-2012 de4dot@gmail.com")]
+[assembly: AssemblyTrademark("")]
+[assembly: AssemblyCulture("")]
+[assembly: ComVisible(false)]
+[assembly: AssemblyVersion("1.9.1.3405")]
+[assembly: AssemblyFileVersion("1.9.1.3405")]
diff --git a/AssemblyServer-x64/Properties/AssemblyInfo.cs b/AssemblyServer-x64/Properties/AssemblyInfo.cs
index c4330fb8..4c787bf7 100644
--- a/AssemblyServer-x64/Properties/AssemblyInfo.cs
+++ b/AssemblyServer-x64/Properties/AssemblyInfo.cs
@@ -21,7 +21,7 @@ using System.Reflection;
using System.Runtime.InteropServices;
[assembly: AssemblyTitle("AssemblyServer-x64")]
-[assembly: AssemblyDescription("Assembly Server - x64")]
+[assembly: AssemblyDescription("Assembly Server - CLR any version - x64")]
[assembly: AssemblyConfiguration("")]
[assembly: AssemblyCompany("")]
[assembly: AssemblyProduct("AssemblyServer-x64")]
diff --git a/AssemblyServer/Properties/AssemblyInfo.cs b/AssemblyServer/Properties/AssemblyInfo.cs
index 815629e1..e560365d 100644
--- a/AssemblyServer/Properties/AssemblyInfo.cs
+++ b/AssemblyServer/Properties/AssemblyInfo.cs
@@ -21,7 +21,7 @@ using System.Reflection;
using System.Runtime.InteropServices;
[assembly: AssemblyTitle("AssemblyServer")]
-[assembly: AssemblyDescription("Assembly Server - AnyCpu")]
+[assembly: AssemblyDescription("Assembly Server - CLR any version - x86")]
[assembly: AssemblyConfiguration("")]
[assembly: AssemblyCompany("")]
[assembly: AssemblyProduct("AssemblyServer")]
diff --git a/de4dot.code/AssemblyClient/AssemblyClientFactory.cs b/de4dot.code/AssemblyClient/AssemblyClientFactory.cs
index a97caf4b..615d4014 100644
--- a/de4dot.code/AssemblyClient/AssemblyClientFactory.cs
+++ b/de4dot.code/AssemblyClient/AssemblyClientFactory.cs
@@ -35,8 +35,18 @@ namespace de4dot.code.AssemblyClient {
}
public class NewProcessAssemblyClientFactory : IAssemblyClientFactory {
+ ServerClrVersion serverVersion;
+
+ public NewProcessAssemblyClientFactory() {
+ this.serverVersion = ServerClrVersion.CLR_ANY_ANYCPU;
+ }
+
+ internal NewProcessAssemblyClientFactory(ServerClrVersion serverVersion) {
+ this.serverVersion = serverVersion;
+ }
+
public IAssemblyClient create() {
- return new AssemblyClient(new NewProcessAssemblyServerLoader());
+ return new AssemblyClient(new NewProcessAssemblyServerLoader(serverVersion));
}
}
}
diff --git a/de4dot.code/AssemblyClient/IpcAssemblyServerLoader.cs b/de4dot.code/AssemblyClient/IpcAssemblyServerLoader.cs
index 71ed4685..4f0d845b 100644
--- a/de4dot.code/AssemblyClient/IpcAssemblyServerLoader.cs
+++ b/de4dot.code/AssemblyClient/IpcAssemblyServerLoader.cs
@@ -21,23 +21,45 @@ using System;
using AssemblyData;
namespace de4dot.code.AssemblyClient {
+ enum ServerClrVersion {
+ CLR_ANY_ANYCPU,
+ CLR_ANY_x86,
+ CLR_ANY_x64,
+ CLR_v20_x86,
+ CLR_v20_x64,
+ CLR_v40_x86,
+ CLR_v40_x64,
+ }
+
abstract class IpcAssemblyServerLoader : IAssemblyServerLoader {
- const string ASSEMBLY_SERVER_FILENAME_X86 = "AssemblyServer.exe";
- const string ASSEMBLY_SERVER_FILENAME_X64 = "AssemblyServer-x64.exe";
readonly string assemblyServerFilename;
protected string ipcName;
protected string ipcUri;
string url;
- protected IpcAssemblyServerLoader() {
- assemblyServerFilename = getServerName();
+ protected IpcAssemblyServerLoader()
+ : this(ServerClrVersion.CLR_ANY_ANYCPU) {
+ }
+
+ protected IpcAssemblyServerLoader(ServerClrVersion serverVersion) {
+ assemblyServerFilename = getServerName(serverVersion);
ipcName = Utils.randomName(15, 20);
ipcUri = Utils.randomName(15, 20);
url = string.Format("ipc://{0}/{1}", ipcName, ipcUri);
}
- static string getServerName() {
- return IntPtr.Size == 4 ? ASSEMBLY_SERVER_FILENAME_X86 : ASSEMBLY_SERVER_FILENAME_X64;
+ static string getServerName(ServerClrVersion serverVersion) {
+ if (serverVersion == ServerClrVersion.CLR_ANY_ANYCPU)
+ serverVersion = IntPtr.Size == 4 ? ServerClrVersion.CLR_ANY_x86 : ServerClrVersion.CLR_ANY_x64;
+ switch (serverVersion) {
+ case ServerClrVersion.CLR_ANY_x86: return "AssemblyServer.exe";
+ case ServerClrVersion.CLR_ANY_x64: return "AssemblyServer-x64.exe";
+ case ServerClrVersion.CLR_v20_x86: return "AssemblyServer-CLR20.exe";
+ case ServerClrVersion.CLR_v20_x64: return "AssemblyServer-CLR20-x64.exe";
+ case ServerClrVersion.CLR_v40_x86: return "AssemblyServer-CLR40.exe";
+ case ServerClrVersion.CLR_v40_x64: return "AssemblyServer-CLR40-x64.exe";
+ default: throw new ArgumentException(string.Format("Invalid server version: {0}", serverVersion));
+ }
}
public void loadServer() {
diff --git a/de4dot.code/AssemblyClient/NewProcessAssemblyServerLoader.cs b/de4dot.code/AssemblyClient/NewProcessAssemblyServerLoader.cs
index 193ff3ad..f5e5c940 100644
--- a/de4dot.code/AssemblyClient/NewProcessAssemblyServerLoader.cs
+++ b/de4dot.code/AssemblyClient/NewProcessAssemblyServerLoader.cs
@@ -25,6 +25,13 @@ namespace de4dot.code.AssemblyClient {
class NewProcessAssemblyServerLoader : IpcAssemblyServerLoader {
Process process;
+ public NewProcessAssemblyServerLoader() {
+ }
+
+ public NewProcessAssemblyServerLoader(ServerClrVersion version)
+ : base(version) {
+ }
+
public override void loadServer(string filename) {
if (process != null)
throw new ApplicationException("Server is already loaded");
diff --git a/de4dot.code/deobfuscators/Agile_NET/MethodsDecrypter.cs b/de4dot.code/deobfuscators/Agile_NET/MethodsDecrypter.cs
index 35a6e7fe..e82bc68b 100644
--- a/de4dot.code/deobfuscators/Agile_NET/MethodsDecrypter.cs
+++ b/de4dot.code/deobfuscators/Agile_NET/MethodsDecrypter.cs
@@ -25,6 +25,7 @@ using dot10.PE;
using dot10.DotNet;
using dot10.DotNet.MD;
using de4dot.blocks;
+using de4dot.code.AssemblyClient;
namespace de4dot.code.deobfuscators.Agile_NET {
class CodeHeader {
@@ -449,7 +450,7 @@ namespace de4dot.code.deobfuscators.Agile_NET {
case DecryptResult.Error:
Logger.n("Using dynamic method decryption");
byte[] moduleCctorBytes = getModuleCctorBytes(csRtType);
- dumpedMethods = de4dot.code.deobfuscators.MethodsDecrypter.decrypt(module.Location, moduleCctorBytes);
+ dumpedMethods = de4dot.code.deobfuscators.MethodsDecrypter.decrypt(module, moduleCctorBytes);
return true;
default:
diff --git a/de4dot.code/deobfuscators/MethodsDecrypter.cs b/de4dot.code/deobfuscators/MethodsDecrypter.cs
index 8c520f54..dcb484a5 100644
--- a/de4dot.code/deobfuscators/MethodsDecrypter.cs
+++ b/de4dot.code/deobfuscators/MethodsDecrypter.cs
@@ -24,8 +24,12 @@ using de4dot.mdecrypt;
namespace de4dot.code.deobfuscators {
static class MethodsDecrypter {
- public static DumpedMethods decrypt(string filename, byte[] moduleCctorBytes) {
- using (var client = new NewProcessAssemblyClientFactory().create()) {
+ public static DumpedMethods decrypt(ModuleDef module, byte[] moduleCctorBytes) {
+ return decrypt(getServerClrVersion(module), module.Location, moduleCctorBytes);
+ }
+
+ public static DumpedMethods decrypt(ServerClrVersion serverVersion, string filename, byte[] moduleCctorBytes) {
+ using (var client = new NewProcessAssemblyClientFactory(serverVersion).create()) {
client.connect();
client.waitConnected();
var info = new DecryptMethodsInfo();
@@ -35,5 +39,20 @@ namespace de4dot.code.deobfuscators {
return client.Service.decryptMethods();
}
}
+
+ static ServerClrVersion getServerClrVersion(ModuleDef module) {
+ switch (module.GetPointerSize()) {
+ default:
+ case 4:
+ if (module.IsClr40)
+ return ServerClrVersion.CLR_v40_x86;
+ return ServerClrVersion.CLR_v20_x86;
+
+ case 8:
+ if (module.IsClr40)
+ return ServerClrVersion.CLR_v40_x64;
+ return ServerClrVersion.CLR_v20_x64;
+ }
+ }
}
}
diff --git a/de4dot.sln b/de4dot.sln
index 3f1b237b..5cb69e10 100644
--- a/de4dot.sln
+++ b/de4dot.sln
@@ -25,6 +25,14 @@ Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "de4dot.mdecrypt", "de4dot.m
EndProject
Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "dot10", "dot10\src\dot10.csproj", "{FDFC1237-143F-4919-8318-4926901F4639}"
EndProject
+Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "AssemblyServer-CLR20", "AssemblyServer-CLR20\AssemblyServer-CLR20.csproj", "{C72DC899-1760-432B-B429-3CD88B669A6A}"
+EndProject
+Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "AssemblyServer-CLR20-x64", "AssemblyServer-CLR20-x64\AssemblyServer-CLR20-x64.csproj", "{9F84607D-3662-4CF2-BA40-8BDB11935643}"
+EndProject
+Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "AssemblyServer-CLR40", "AssemblyServer-CLR40\AssemblyServer-CLR40.csproj", "{B8FF4ADD-BAD8-47FD-B126-63234E2BB0B3}"
+EndProject
+Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "AssemblyServer-CLR40-x64", "AssemblyServer-CLR40-x64\AssemblyServer-CLR40-x64.csproj", "{A0F58B9F-BB56-4D9B-B04A-726F9E7961EB}"
+EndProject
Global
GlobalSection(SolutionConfigurationPlatforms) = preSolution
Debug|Any CPU = Debug|Any CPU
@@ -181,6 +189,54 @@ Global
{FDFC1237-143F-4919-8318-4926901F4639}.Release|Mixed Platforms.Build.0 = Release|Any CPU
{FDFC1237-143F-4919-8318-4926901F4639}.Release|Win32.ActiveCfg = Release|Any CPU
{FDFC1237-143F-4919-8318-4926901F4639}.Release|x86.ActiveCfg = Release|Any CPU
+ {C72DC899-1760-432B-B429-3CD88B669A6A}.Debug|Any CPU.ActiveCfg = Debug|x86
+ {C72DC899-1760-432B-B429-3CD88B669A6A}.Debug|Mixed Platforms.ActiveCfg = Debug|x86
+ {C72DC899-1760-432B-B429-3CD88B669A6A}.Debug|Mixed Platforms.Build.0 = Debug|x86
+ {C72DC899-1760-432B-B429-3CD88B669A6A}.Debug|Win32.ActiveCfg = Debug|x86
+ {C72DC899-1760-432B-B429-3CD88B669A6A}.Debug|x86.ActiveCfg = Debug|x86
+ {C72DC899-1760-432B-B429-3CD88B669A6A}.Debug|x86.Build.0 = Debug|x86
+ {C72DC899-1760-432B-B429-3CD88B669A6A}.Release|Any CPU.ActiveCfg = Release|x86
+ {C72DC899-1760-432B-B429-3CD88B669A6A}.Release|Mixed Platforms.ActiveCfg = Release|x86
+ {C72DC899-1760-432B-B429-3CD88B669A6A}.Release|Mixed Platforms.Build.0 = Release|x86
+ {C72DC899-1760-432B-B429-3CD88B669A6A}.Release|Win32.ActiveCfg = Release|x86
+ {C72DC899-1760-432B-B429-3CD88B669A6A}.Release|x86.ActiveCfg = Release|x86
+ {C72DC899-1760-432B-B429-3CD88B669A6A}.Release|x86.Build.0 = Release|x86
+ {9F84607D-3662-4CF2-BA40-8BDB11935643}.Debug|Any CPU.ActiveCfg = Debug|x86
+ {9F84607D-3662-4CF2-BA40-8BDB11935643}.Debug|Mixed Platforms.ActiveCfg = Debug|x86
+ {9F84607D-3662-4CF2-BA40-8BDB11935643}.Debug|Mixed Platforms.Build.0 = Debug|x86
+ {9F84607D-3662-4CF2-BA40-8BDB11935643}.Debug|Win32.ActiveCfg = Debug|x86
+ {9F84607D-3662-4CF2-BA40-8BDB11935643}.Debug|x86.ActiveCfg = Debug|x86
+ {9F84607D-3662-4CF2-BA40-8BDB11935643}.Debug|x86.Build.0 = Debug|x86
+ {9F84607D-3662-4CF2-BA40-8BDB11935643}.Release|Any CPU.ActiveCfg = Release|x86
+ {9F84607D-3662-4CF2-BA40-8BDB11935643}.Release|Mixed Platforms.ActiveCfg = Release|x86
+ {9F84607D-3662-4CF2-BA40-8BDB11935643}.Release|Mixed Platforms.Build.0 = Release|x86
+ {9F84607D-3662-4CF2-BA40-8BDB11935643}.Release|Win32.ActiveCfg = Release|x86
+ {9F84607D-3662-4CF2-BA40-8BDB11935643}.Release|x86.ActiveCfg = Release|x86
+ {9F84607D-3662-4CF2-BA40-8BDB11935643}.Release|x86.Build.0 = Release|x86
+ {B8FF4ADD-BAD8-47FD-B126-63234E2BB0B3}.Debug|Any CPU.ActiveCfg = Debug|x86
+ {B8FF4ADD-BAD8-47FD-B126-63234E2BB0B3}.Debug|Mixed Platforms.ActiveCfg = Debug|x86
+ {B8FF4ADD-BAD8-47FD-B126-63234E2BB0B3}.Debug|Mixed Platforms.Build.0 = Debug|x86
+ {B8FF4ADD-BAD8-47FD-B126-63234E2BB0B3}.Debug|Win32.ActiveCfg = Debug|x86
+ {B8FF4ADD-BAD8-47FD-B126-63234E2BB0B3}.Debug|x86.ActiveCfg = Debug|x86
+ {B8FF4ADD-BAD8-47FD-B126-63234E2BB0B3}.Debug|x86.Build.0 = Debug|x86
+ {B8FF4ADD-BAD8-47FD-B126-63234E2BB0B3}.Release|Any CPU.ActiveCfg = Release|x86
+ {B8FF4ADD-BAD8-47FD-B126-63234E2BB0B3}.Release|Mixed Platforms.ActiveCfg = Release|x86
+ {B8FF4ADD-BAD8-47FD-B126-63234E2BB0B3}.Release|Mixed Platforms.Build.0 = Release|x86
+ {B8FF4ADD-BAD8-47FD-B126-63234E2BB0B3}.Release|Win32.ActiveCfg = Release|x86
+ {B8FF4ADD-BAD8-47FD-B126-63234E2BB0B3}.Release|x86.ActiveCfg = Release|x86
+ {B8FF4ADD-BAD8-47FD-B126-63234E2BB0B3}.Release|x86.Build.0 = Release|x86
+ {A0F58B9F-BB56-4D9B-B04A-726F9E7961EB}.Debug|Any CPU.ActiveCfg = Debug|x86
+ {A0F58B9F-BB56-4D9B-B04A-726F9E7961EB}.Debug|Mixed Platforms.ActiveCfg = Debug|x86
+ {A0F58B9F-BB56-4D9B-B04A-726F9E7961EB}.Debug|Mixed Platforms.Build.0 = Debug|x86
+ {A0F58B9F-BB56-4D9B-B04A-726F9E7961EB}.Debug|Win32.ActiveCfg = Debug|x86
+ {A0F58B9F-BB56-4D9B-B04A-726F9E7961EB}.Debug|x86.ActiveCfg = Debug|x86
+ {A0F58B9F-BB56-4D9B-B04A-726F9E7961EB}.Debug|x86.Build.0 = Debug|x86
+ {A0F58B9F-BB56-4D9B-B04A-726F9E7961EB}.Release|Any CPU.ActiveCfg = Release|x86
+ {A0F58B9F-BB56-4D9B-B04A-726F9E7961EB}.Release|Mixed Platforms.ActiveCfg = Release|x86
+ {A0F58B9F-BB56-4D9B-B04A-726F9E7961EB}.Release|Mixed Platforms.Build.0 = Release|x86
+ {A0F58B9F-BB56-4D9B-B04A-726F9E7961EB}.Release|Win32.ActiveCfg = Release|x86
+ {A0F58B9F-BB56-4D9B-B04A-726F9E7961EB}.Release|x86.ActiveCfg = Release|x86
+ {A0F58B9F-BB56-4D9B-B04A-726F9E7961EB}.Release|x86.Build.0 = Release|x86
EndGlobalSection
GlobalSection(SolutionProperties) = preSolution
HideSolutionNode = FALSE