From aa4e64ffa469f8db4c478ea41b987a13cfe07548 Mon Sep 17 00:00:00 2001 From: de4dot Date: Sun, 6 Nov 2011 14:48:54 +0100 Subject: [PATCH] Update README --- README.md | 17 ++++------------- 1 file changed, 4 insertions(+), 13 deletions(-) diff --git a/README.md b/README.md index 08715ef0..d97f0c22 100644 --- a/README.md +++ b/README.md @@ -59,9 +59,8 @@ symbol renaming, and dynamic string decryption could possibly work. Most obfuscators can rearrange the control flow so the code is harder to understand. A simple method that is 10 lines long and easy to read, could become 30-40 lines and be very hard to read. Control flow deobfuscation will -remove all of the obfuscated code, leaving just the original code. All dead -(non-executed) code blocks are also removed as part of control flow -deobfuscation. +remove all of the obfuscated code, leaving just the original code. Dead code +is also removed. ### Cross-assembly symbol renaming @@ -96,9 +95,8 @@ decypted and decompressed and then saved to disk. ### Dumps encrypted methods Some obfuscators encrypt all methods and only decrypt each method when -requested by the .NET runtime. These methods can be dumped dynamically by -using some special tricks. It's not a generic methods decrypter but will work -with the supported obfuscators that encrypt methods. +requested by the .NET runtime. The methods are statically decrypted and then +deobfuscated. ### Deobfuscated files are runnable @@ -153,13 +151,6 @@ Detect obfuscator recursively: de4dot -d -r c:\path1 -Dump methods and deobfuscate: - - dumpMethods file1 - dumpMethods file2 - dumpMethods file3 - de4dot file1 file2 file3 - Deobfuscate and get a detailed log of what was changed: de4dot -v file1.exe file2.dll file3.exe > log.txt