Merge branch 'cui'
This commit is contained in:
commit
c244f36157
|
@ -20,7 +20,7 @@
|
|||
namespace de4dot_x64 {
|
||||
class Program {
|
||||
static int Main(string[] args) {
|
||||
return de4dot.Program.main(de4dot.StartUpArch.x64, args);
|
||||
return de4dot.cui.Program.main(args);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
@ -46,9 +46,9 @@
|
|||
<None Include="App.config" />
|
||||
</ItemGroup>
|
||||
<ItemGroup>
|
||||
<ProjectReference Include="..\de4dot.code\de4dot.code.csproj">
|
||||
<Project>{4D10B9EB-3BF1-4D61-A389-CB019E8C9622}</Project>
|
||||
<Name>d4d.code</Name>
|
||||
<ProjectReference Include="..\de4dot.cui\de4dot.cui.csproj">
|
||||
<Project>{879E4A7E-C320-42D2-8275-4F1E44CE64AA}</Project>
|
||||
<Name>de4dot.cui</Name>
|
||||
</ProjectReference>
|
||||
</ItemGroup>
|
||||
<Import Project="$(MSBuildToolsPath)\Microsoft.CSharp.targets" />
|
||||
|
|
|
@ -23,7 +23,7 @@ using System.Runtime.Serialization;
|
|||
using System.Threading;
|
||||
using AssemblyData;
|
||||
|
||||
namespace de4dot.AssemblyClient {
|
||||
namespace de4dot.code.AssemblyClient {
|
||||
sealed class AssemblyClient : IAssemblyClient {
|
||||
const int WAIT_TIME_BEFORE_CONNECTING = 1000;
|
||||
const int MAX_CONNECT_WAIT_TIME_MS = 2000;
|
||||
|
|
|
@ -17,24 +17,24 @@
|
|||
along with de4dot. If not, see <http://www.gnu.org/licenses/>.
|
||||
*/
|
||||
|
||||
namespace de4dot.AssemblyClient {
|
||||
interface IAssemblyClientFactory {
|
||||
namespace de4dot.code.AssemblyClient {
|
||||
public interface IAssemblyClientFactory {
|
||||
IAssemblyClient create();
|
||||
}
|
||||
|
||||
class SameAppDomainAssemblyClientFactory : IAssemblyClientFactory {
|
||||
public class SameAppDomainAssemblyClientFactory : IAssemblyClientFactory {
|
||||
public IAssemblyClient create() {
|
||||
return new AssemblyClient(new SameAppDomainAssemblyServerLoader());
|
||||
}
|
||||
}
|
||||
|
||||
class NewAppDomainAssemblyClientFactory : IAssemblyClientFactory {
|
||||
public class NewAppDomainAssemblyClientFactory : IAssemblyClientFactory {
|
||||
public IAssemblyClient create() {
|
||||
return new AssemblyClient(new NewAppDomainAssemblyServerLoader());
|
||||
}
|
||||
}
|
||||
|
||||
class NewProcessAssemblyClientFactory : IAssemblyClientFactory {
|
||||
public class NewProcessAssemblyClientFactory : IAssemblyClientFactory {
|
||||
public IAssemblyClient create() {
|
||||
return new AssemblyClient(new NewProcessAssemblyServerLoader());
|
||||
}
|
||||
|
|
|
@ -20,8 +20,8 @@
|
|||
using System;
|
||||
using AssemblyData;
|
||||
|
||||
namespace de4dot.AssemblyClient {
|
||||
interface IAssemblyClient : IDisposable {
|
||||
namespace de4dot.code.AssemblyClient {
|
||||
public interface IAssemblyClient : IDisposable {
|
||||
IAssemblyService Service { get; }
|
||||
void connect();
|
||||
void waitConnected();
|
||||
|
|
|
@ -20,7 +20,7 @@
|
|||
using System;
|
||||
using AssemblyData;
|
||||
|
||||
namespace de4dot.AssemblyClient {
|
||||
namespace de4dot.code.AssemblyClient {
|
||||
interface IAssemblyServerLoader : IDisposable {
|
||||
void loadServer();
|
||||
IAssemblyService createService();
|
||||
|
|
|
@ -20,7 +20,7 @@
|
|||
using System;
|
||||
using AssemblyData;
|
||||
|
||||
namespace de4dot.AssemblyClient {
|
||||
namespace de4dot.code.AssemblyClient {
|
||||
abstract class IpcAssemblyServerLoader : IAssemblyServerLoader {
|
||||
const string ASSEMBLY_SERVER_FILENAME_X86 = "AssemblyServer.exe";
|
||||
const string ASSEMBLY_SERVER_FILENAME_X64 = "AssemblyServer-x64.exe";
|
||||
|
@ -30,12 +30,16 @@ namespace de4dot.AssemblyClient {
|
|||
string url;
|
||||
|
||||
protected IpcAssemblyServerLoader() {
|
||||
assemblyServerFilename = Utils.getArchString(ASSEMBLY_SERVER_FILENAME_X86, ASSEMBLY_SERVER_FILENAME_X64);
|
||||
assemblyServerFilename = getServerName();
|
||||
ipcName = Utils.randomName(15, 20);
|
||||
ipcUri = Utils.randomName(15, 20);
|
||||
url = string.Format("ipc://{0}/{1}", ipcName, ipcUri);
|
||||
}
|
||||
|
||||
static string getServerName() {
|
||||
return IntPtr.Size == 4 ? ASSEMBLY_SERVER_FILENAME_X86 : ASSEMBLY_SERVER_FILENAME_X64;
|
||||
}
|
||||
|
||||
public void loadServer() {
|
||||
loadServer(Utils.getPathOfOurFile(assemblyServerFilename));
|
||||
}
|
||||
|
|
|
@ -20,7 +20,7 @@
|
|||
using System;
|
||||
using System.Threading;
|
||||
|
||||
namespace de4dot.AssemblyClient {
|
||||
namespace de4dot.code.AssemblyClient {
|
||||
// Starts the server in a new app domain.
|
||||
sealed class NewAppDomainAssemblyServerLoader : IpcAssemblyServerLoader {
|
||||
AppDomain appDomain;
|
||||
|
|
|
@ -20,7 +20,7 @@
|
|||
using System;
|
||||
using System.Diagnostics;
|
||||
|
||||
namespace de4dot.AssemblyClient {
|
||||
namespace de4dot.code.AssemblyClient {
|
||||
// Starts the server in a new process
|
||||
class NewProcessAssemblyServerLoader : IpcAssemblyServerLoader {
|
||||
Process process;
|
||||
|
|
|
@ -20,7 +20,7 @@
|
|||
using System;
|
||||
using AssemblyData;
|
||||
|
||||
namespace de4dot.AssemblyClient {
|
||||
namespace de4dot.code.AssemblyClient {
|
||||
// Starts the server in the current app domain.
|
||||
class SameAppDomainAssemblyServerLoader : IAssemblyServerLoader {
|
||||
IAssemblyService service;
|
||||
|
|
|
@ -24,7 +24,7 @@ using Mono.Cecil;
|
|||
using Mono.MyStuff;
|
||||
using de4dot.blocks;
|
||||
|
||||
namespace de4dot {
|
||||
namespace de4dot.code {
|
||||
class AssemblyModule {
|
||||
string filename;
|
||||
ModuleDefinition module;
|
||||
|
|
|
@ -23,8 +23,8 @@ using System.IO;
|
|||
using System.Text.RegularExpressions;
|
||||
using Mono.Cecil;
|
||||
|
||||
namespace de4dot {
|
||||
class AssemblyResolver : DefaultAssemblyResolver {
|
||||
namespace de4dot.code {
|
||||
public class AssemblyResolver : DefaultAssemblyResolver {
|
||||
public static readonly AssemblyResolver Instance = new AssemblyResolver();
|
||||
Dictionary<string, bool> addedAssemblies = new Dictionary<string, bool>(StringComparer.Ordinal);
|
||||
Dictionary<string, bool> addedDirectories = new Dictionary<string, bool>(StringComparer.OrdinalIgnoreCase);
|
||||
|
|
|
@ -18,12 +18,12 @@
|
|||
*/
|
||||
|
||||
using System.Collections.Generic;
|
||||
using de4dot.deobfuscators;
|
||||
using de4dot.code.deobfuscators;
|
||||
using Mono.Cecil;
|
||||
using de4dot.renamer;
|
||||
using de4dot.code.renamer;
|
||||
|
||||
namespace de4dot {
|
||||
interface IObfuscatedFile {
|
||||
namespace de4dot.code {
|
||||
public interface IObfuscatedFile {
|
||||
ModuleDefinition ModuleDefinition { get; }
|
||||
IDeobfuscator Deobfuscator { get; }
|
||||
string Filename { get; }
|
||||
|
|
|
@ -20,8 +20,8 @@
|
|||
using System;
|
||||
using System.Collections.Generic;
|
||||
|
||||
namespace de4dot {
|
||||
static class Log {
|
||||
namespace de4dot.code {
|
||||
public static class Log {
|
||||
public static int indentLevel = 0;
|
||||
const int indentSize = 2;
|
||||
|
||||
|
|
|
@ -23,7 +23,7 @@ using Mono.Cecil;
|
|||
using Mono.Cecil.Cil;
|
||||
using de4dot.blocks;
|
||||
|
||||
namespace de4dot {
|
||||
namespace de4dot.code {
|
||||
// A simple class that statically detects the values of some local variables
|
||||
class VariableValues {
|
||||
IList<Block> allBlocks;
|
||||
|
|
|
@ -20,8 +20,8 @@
|
|||
using System.Collections.Generic;
|
||||
using System.Text.RegularExpressions;
|
||||
|
||||
namespace de4dot {
|
||||
class NameRegex {
|
||||
namespace de4dot.code {
|
||||
public class NameRegex {
|
||||
Regex regex;
|
||||
public const char invertChar = '!';
|
||||
|
||||
|
@ -50,7 +50,7 @@ namespace de4dot {
|
|||
}
|
||||
}
|
||||
|
||||
class NameRegexes {
|
||||
public class NameRegexes {
|
||||
IList<NameRegex> regexes;
|
||||
public bool DefaultValue { get; set; }
|
||||
public const char regexSeparatorChar = '&';
|
||||
|
|
|
@ -25,15 +25,15 @@ using System.Text;
|
|||
using Mono.Cecil;
|
||||
using Mono.Cecil.Cil;
|
||||
using Mono.MyStuff;
|
||||
using de4dot.deobfuscators;
|
||||
using de4dot.code.deobfuscators;
|
||||
using de4dot.blocks;
|
||||
using de4dot.blocks.cflow;
|
||||
using de4dot.AssemblyClient;
|
||||
using de4dot.renamer;
|
||||
using de4dot.PE;
|
||||
using de4dot.code.AssemblyClient;
|
||||
using de4dot.code.renamer;
|
||||
using de4dot.code.PE;
|
||||
|
||||
namespace de4dot {
|
||||
class ObfuscatedFile : IObfuscatedFile, IDeobfuscatedFile {
|
||||
namespace de4dot.code {
|
||||
public class ObfuscatedFile : IObfuscatedFile, IDeobfuscatedFile {
|
||||
Options options;
|
||||
ModuleDefinition module;
|
||||
IList<MethodDefinition> allMethods;
|
||||
|
|
|
@ -21,8 +21,8 @@ using System;
|
|||
using System.Collections.Generic;
|
||||
using System.Text.RegularExpressions;
|
||||
|
||||
namespace de4dot {
|
||||
abstract class Option {
|
||||
namespace de4dot.code {
|
||||
public abstract class Option {
|
||||
const string SHORTNAME_PREFIX = "-";
|
||||
const string LONGNAME_PREFIX = "--";
|
||||
|
||||
|
@ -68,7 +68,7 @@ namespace de4dot {
|
|||
}
|
||||
}
|
||||
|
||||
class BoolOption : Option {
|
||||
public class BoolOption : Option {
|
||||
bool val;
|
||||
public BoolOption(string shortName, string longName, string description, bool val)
|
||||
: base(shortName, longName, description) {
|
||||
|
@ -96,7 +96,7 @@ namespace de4dot {
|
|||
}
|
||||
}
|
||||
|
||||
class IntOption : Option {
|
||||
public class IntOption : Option {
|
||||
int val;
|
||||
public IntOption(string shortName, string longName, string description, int val)
|
||||
: base(shortName, longName, description) {
|
||||
|
@ -123,7 +123,7 @@ namespace de4dot {
|
|||
}
|
||||
}
|
||||
|
||||
class StringOption : Option {
|
||||
public class StringOption : Option {
|
||||
string val;
|
||||
|
||||
public override string ArgumentValueName {
|
||||
|
@ -146,7 +146,7 @@ namespace de4dot {
|
|||
}
|
||||
}
|
||||
|
||||
class NameRegexOption : Option {
|
||||
public class NameRegexOption : Option {
|
||||
NameRegexes val;
|
||||
|
||||
public override string ArgumentValueName {
|
||||
|
@ -177,7 +177,7 @@ namespace de4dot {
|
|||
}
|
||||
}
|
||||
|
||||
class RegexOption : Option {
|
||||
public class RegexOption : Option {
|
||||
Regex val;
|
||||
|
||||
public override string ArgumentValueName {
|
||||
|
@ -206,7 +206,7 @@ namespace de4dot {
|
|||
}
|
||||
}
|
||||
|
||||
class NoArgOption : Option {
|
||||
public class NoArgOption : Option {
|
||||
Action action;
|
||||
bool triggered;
|
||||
|
||||
|
@ -232,7 +232,7 @@ namespace de4dot {
|
|||
}
|
||||
}
|
||||
|
||||
class OneArgOption : Option {
|
||||
public class OneArgOption : Option {
|
||||
Action<string> action;
|
||||
string typeName;
|
||||
|
||||
|
|
|
@ -19,7 +19,7 @@
|
|||
|
||||
using System.IO;
|
||||
|
||||
namespace de4dot.PE {
|
||||
namespace de4dot.code.PE {
|
||||
class Cor20Header : IFileLocation {
|
||||
public uint cb;
|
||||
public ushort majorRuntimeVersion;
|
||||
|
|
|
@ -19,7 +19,7 @@
|
|||
|
||||
using System.IO;
|
||||
|
||||
namespace de4dot.PE {
|
||||
namespace de4dot.code.PE {
|
||||
struct DataDirectory {
|
||||
public uint virtualAddress;
|
||||
public uint size;
|
||||
|
|
|
@ -19,7 +19,7 @@
|
|||
|
||||
using System.IO;
|
||||
|
||||
namespace de4dot.PE {
|
||||
namespace de4dot.code.PE {
|
||||
class DotNetStream : IFileLocation {
|
||||
public string name;
|
||||
public uint fileOffset;
|
||||
|
|
|
@ -19,7 +19,7 @@
|
|||
|
||||
using System.IO;
|
||||
|
||||
namespace de4dot.PE {
|
||||
namespace de4dot.code.PE {
|
||||
enum Machine : ushort {
|
||||
i386 = 0x14C,
|
||||
ia64 = 0x200,
|
||||
|
|
|
@ -17,7 +17,7 @@
|
|||
along with de4dot. If not, see <http://www.gnu.org/licenses/>.
|
||||
*/
|
||||
|
||||
namespace de4dot.PE {
|
||||
namespace de4dot.code.PE {
|
||||
interface IFileLocation {
|
||||
uint Offset { get; }
|
||||
uint Length { get; }
|
||||
|
|
|
@ -21,7 +21,7 @@ using System;
|
|||
using System.IO;
|
||||
using System.Text;
|
||||
|
||||
namespace de4dot.PE {
|
||||
namespace de4dot.code.PE {
|
||||
class Metadata : IFileLocation {
|
||||
uint magic;
|
||||
ushort majorVersion, minorVersion;
|
||||
|
|
|
@ -20,7 +20,7 @@
|
|||
using System;
|
||||
using System.IO;
|
||||
|
||||
namespace de4dot.PE {
|
||||
namespace de4dot.code.PE {
|
||||
using MVT = MetadataVarType;
|
||||
|
||||
class MetadataTables {
|
||||
|
|
|
@ -19,7 +19,7 @@
|
|||
|
||||
using System.Collections.Generic;
|
||||
|
||||
namespace de4dot.PE {
|
||||
namespace de4dot.code.PE {
|
||||
enum MetadataIndex {
|
||||
iModule = 0,
|
||||
iTypeRef = 1,
|
||||
|
|
|
@ -20,7 +20,7 @@
|
|||
using System;
|
||||
using System.Collections.Generic;
|
||||
|
||||
namespace de4dot.PE {
|
||||
namespace de4dot.code.PE {
|
||||
enum MetadataVarType {
|
||||
end,
|
||||
stop,
|
||||
|
|
|
@ -19,7 +19,7 @@
|
|||
|
||||
using System.IO;
|
||||
|
||||
namespace de4dot.PE {
|
||||
namespace de4dot.code.PE {
|
||||
class OptionalHeader : IFileLocation {
|
||||
public ushort magic;
|
||||
public byte majorLinkerVersion;
|
||||
|
|
|
@ -20,8 +20,8 @@
|
|||
using System;
|
||||
using System.IO;
|
||||
|
||||
namespace de4dot.PE {
|
||||
class PeImage {
|
||||
namespace de4dot.code.PE {
|
||||
public class PeImage {
|
||||
BinaryReader reader;
|
||||
BinaryWriter writer;
|
||||
FileHeader fileHeader;
|
||||
|
@ -35,11 +35,11 @@ namespace de4dot.PE {
|
|||
get { return reader; }
|
||||
}
|
||||
|
||||
public Cor20Header Cor20Header {
|
||||
internal Cor20Header Cor20Header {
|
||||
get { return cor20Header; }
|
||||
}
|
||||
|
||||
public Resources Resources {
|
||||
internal Resources Resources {
|
||||
get { return resources; }
|
||||
}
|
||||
|
||||
|
|
|
@ -17,7 +17,7 @@
|
|||
along with de4dot. If not, see <http://www.gnu.org/licenses/>.
|
||||
*/
|
||||
|
||||
namespace de4dot.PE {
|
||||
namespace de4dot.code.PE {
|
||||
class ResourceData : ResourceDirectoryEntry {
|
||||
uint rva;
|
||||
uint size;
|
||||
|
|
|
@ -19,7 +19,7 @@
|
|||
|
||||
using System.Collections.Generic;
|
||||
|
||||
namespace de4dot.PE {
|
||||
namespace de4dot.code.PE {
|
||||
class ResourceDirectory : ResourceDirectoryEntry {
|
||||
Resources resources;
|
||||
int offset;
|
||||
|
|
|
@ -19,7 +19,7 @@
|
|||
|
||||
using System.Collections.Generic;
|
||||
|
||||
namespace de4dot.PE {
|
||||
namespace de4dot.code.PE {
|
||||
abstract class ResourceDirectoryEntry {
|
||||
protected readonly string name;
|
||||
protected readonly int id;
|
||||
|
|
|
@ -20,7 +20,7 @@
|
|||
using System.IO;
|
||||
using System.Text;
|
||||
|
||||
namespace de4dot.PE {
|
||||
namespace de4dot.code.PE {
|
||||
class Resources {
|
||||
BinaryReader reader;
|
||||
uint startOffset;
|
||||
|
|
|
@ -20,7 +20,7 @@
|
|||
using System.IO;
|
||||
using System.Text;
|
||||
|
||||
namespace de4dot.PE {
|
||||
namespace de4dot.code.PE {
|
||||
class SectionHeader : IFileLocation {
|
||||
public byte[] name;
|
||||
public uint virtualSize;
|
||||
|
|
|
@ -21,10 +21,10 @@ using System;
|
|||
using System.Collections.Generic;
|
||||
using Mono.Cecil;
|
||||
using Mono.Cecil.Cil;
|
||||
using de4dot.AssemblyClient;
|
||||
using de4dot.code.AssemblyClient;
|
||||
using de4dot.blocks;
|
||||
|
||||
namespace de4dot {
|
||||
namespace de4dot.code {
|
||||
abstract class StringDecrypter : MethodReturnValueInliner {
|
||||
protected override void inlineReturnValues(IList<CallResult> callResults) {
|
||||
foreach (var callResult in callResults) {
|
||||
|
|
|
@ -19,8 +19,8 @@
|
|||
|
||||
using System;
|
||||
|
||||
namespace de4dot {
|
||||
class UserException : Exception {
|
||||
namespace de4dot.code {
|
||||
public class UserException : Exception {
|
||||
public UserException(string message)
|
||||
: base(message) {
|
||||
}
|
||||
|
|
|
@ -22,21 +22,16 @@ using System.Collections.Generic;
|
|||
using System.IO;
|
||||
using System.Text;
|
||||
|
||||
namespace de4dot {
|
||||
public enum StartUpArch {
|
||||
x86,
|
||||
x64,
|
||||
}
|
||||
|
||||
namespace de4dot.code {
|
||||
// These are in .NET 3.5 and later...
|
||||
internal delegate TResult Func<TResult>();
|
||||
internal delegate TResult Func<T, TResult>(T arg);
|
||||
internal delegate TResult Func<T1, T2, TResult>(T1 arg1, T2 arg2);
|
||||
internal delegate TResult Func<T1, T2, T3, TResult>(T1 arg1, T2 arg2, T3 arg3);
|
||||
internal delegate void Action();
|
||||
internal delegate void Action<T>(T arg);
|
||||
internal delegate void Action<T1, T2>(T1 arg1, T2 arg2);
|
||||
internal delegate void Action<T1, T2, T3>(T1 arg1, T2 arg2, T3 arg3);
|
||||
public delegate TResult Func<TResult>();
|
||||
public delegate TResult Func<T, TResult>(T arg);
|
||||
public delegate TResult Func<T1, T2, TResult>(T1 arg1, T2 arg2);
|
||||
public delegate TResult Func<T1, T2, T3, TResult>(T1 arg1, T2 arg2, T3 arg3);
|
||||
public delegate void Action();
|
||||
public delegate void Action<T>(T arg);
|
||||
public delegate void Action<T1, T2>(T1 arg1, T2 arg2);
|
||||
public delegate void Action<T1, T2, T3>(T1 arg1, T2 arg2, T3 arg3);
|
||||
|
||||
class Tuple<T1, T2> {
|
||||
public T1 Item1 { get; set; }
|
||||
|
@ -55,17 +50,8 @@ namespace de4dot {
|
|||
}
|
||||
}
|
||||
|
||||
static class Utils {
|
||||
public static class Utils {
|
||||
static Random random = new Random();
|
||||
public static StartUpArch startUpArch = StartUpArch.x86;
|
||||
|
||||
public static string getArchString(string x86, string x64) {
|
||||
switch (startUpArch) {
|
||||
case StartUpArch.x86: return x86;
|
||||
case StartUpArch.x64: return x64;
|
||||
default: throw new ApplicationException(string.Format("Invalid startUpArch {0}", startUpArch));
|
||||
}
|
||||
}
|
||||
|
||||
public static IEnumerable<T> unique<T>(IEnumerable<T> values) {
|
||||
// HashSet is only available in .NET 3.5 and later.
|
||||
|
@ -172,20 +158,6 @@ namespace de4dot {
|
|||
return Path.Combine(getOurBaseDir(), filename);
|
||||
}
|
||||
|
||||
public static void printStackTrace(Exception ex, Log.LogLevel logLevel = Log.LogLevel.error) {
|
||||
var line = new string('-', 78);
|
||||
Log.log(logLevel, "\n\n");
|
||||
Log.log(logLevel, line);
|
||||
Log.log(logLevel, "Stack trace:\n{0}", ex.StackTrace);
|
||||
Log.log(logLevel, "\n\nERROR: Caught an exception:\n");
|
||||
Log.log(logLevel, line);
|
||||
Log.log(logLevel, "Message:");
|
||||
Log.log(logLevel, " {0}", ex.Message);
|
||||
Log.log(logLevel, "Type:");
|
||||
Log.log(logLevel, " {0}", ex.GetType());
|
||||
Log.log(logLevel, line);
|
||||
}
|
||||
|
||||
// This fixes a mono (tested 2.10.5) String.StartsWith() bug. NB: stringComparison must be
|
||||
// Ordinal or OrdinalIgnoreCase!
|
||||
public static bool StartsWith(string left, string right, StringComparison stringComparison) {
|
||||
|
|
|
@ -8,7 +8,7 @@
|
|||
<ProjectGuid>{4D10B9EB-3BF1-4D61-A389-CB019E8C9622}</ProjectGuid>
|
||||
<OutputType>Library</OutputType>
|
||||
<AppDesignerFolder>Properties</AppDesignerFolder>
|
||||
<RootNamespace>de4dot</RootNamespace>
|
||||
<RootNamespace>de4dot.code</RootNamespace>
|
||||
<AssemblyName>de4dot.code</AssemblyName>
|
||||
<TargetFrameworkVersion>v2.0</TargetFrameworkVersion>
|
||||
<FileAlignment>512</FileAlignment>
|
||||
|
@ -56,7 +56,6 @@
|
|||
<Compile Include="AssemblyClient\NewProcessAssemblyServerLoader.cs" />
|
||||
<Compile Include="AssemblyClient\SameAppDomainAssemblyServerLoader.cs" />
|
||||
<Compile Include="AssemblyResolver.cs" />
|
||||
<Compile Include="CommandLineParser.cs" />
|
||||
<Compile Include="deobfuscators\ArrayFinder.cs" />
|
||||
<Compile Include="deobfuscators\CliSecure\CliSecureRtType.cs" />
|
||||
<Compile Include="deobfuscators\CliSecure\Deobfuscator.cs" />
|
||||
|
@ -121,7 +120,6 @@
|
|||
<Compile Include="deobfuscators\Unknown\Deobfuscator.cs" />
|
||||
<Compile Include="deobfuscators\Xenocode\Deobfuscator.cs" />
|
||||
<Compile Include="deobfuscators\Xenocode\StringDecrypter.cs" />
|
||||
<Compile Include="FilesDeobfuscator.cs" />
|
||||
<Compile Include="IObfuscatedFile.cs" />
|
||||
<Compile Include="Log.cs" />
|
||||
<Compile Include="AssemblyModule.cs" />
|
||||
|
@ -145,7 +143,6 @@
|
|||
<Compile Include="PE\Resources.cs" />
|
||||
<Compile Include="PE\SectionHeader.cs" />
|
||||
<Compile Include="PE\DotNetStream.cs" />
|
||||
<Compile Include="Program.cs" />
|
||||
<Compile Include="Properties\AssemblyInfo.cs" />
|
||||
<Compile Include="renamer\asmmodules\EventDef.cs" />
|
||||
<Compile Include="renamer\asmmodules\ExternalAssemblies.cs" />
|
||||
|
|
|
@ -23,7 +23,7 @@ using Mono.Cecil.Cil;
|
|||
using de4dot.blocks;
|
||||
using de4dot.blocks.cflow;
|
||||
|
||||
namespace de4dot.deobfuscators {
|
||||
namespace de4dot.code.deobfuscators {
|
||||
class ArrayFinder {
|
||||
List<byte[]> arrays = new List<byte[]>();
|
||||
|
||||
|
|
|
@ -20,7 +20,7 @@
|
|||
using System;
|
||||
using Mono.Cecil;
|
||||
|
||||
namespace de4dot.deobfuscators.CliSecure {
|
||||
namespace de4dot.code.deobfuscators.CliSecure {
|
||||
class CliSecureRtType {
|
||||
ModuleDefinition module;
|
||||
TypeDefinition cliSecureRtType;
|
||||
|
|
|
@ -21,10 +21,10 @@ using System.Collections.Generic;
|
|||
using Mono.Cecil;
|
||||
using Mono.MyStuff;
|
||||
using de4dot.blocks;
|
||||
using de4dot.PE;
|
||||
using de4dot.code.PE;
|
||||
|
||||
namespace de4dot.deobfuscators.CliSecure {
|
||||
class DeobfuscatorInfo : DeobfuscatorInfoBase {
|
||||
namespace de4dot.code.deobfuscators.CliSecure {
|
||||
public class DeobfuscatorInfo : DeobfuscatorInfoBase {
|
||||
public const string THE_NAME = "CliSecure";
|
||||
public const string THE_TYPE = "cs";
|
||||
const string DEFAULT_REGEX = @"[a-zA-Z_0-9>}$]$";
|
||||
|
|
|
@ -20,9 +20,9 @@
|
|||
using System;
|
||||
using System.Collections.Generic;
|
||||
using Mono.MyStuff;
|
||||
using de4dot.PE;
|
||||
using de4dot.code.PE;
|
||||
|
||||
namespace de4dot.deobfuscators.CliSecure {
|
||||
namespace de4dot.code.deobfuscators.CliSecure {
|
||||
class CodeHeader {
|
||||
public byte[] signature;
|
||||
public byte[] decryptionKey;
|
||||
|
|
|
@ -23,7 +23,7 @@ using Mono.Cecil;
|
|||
using Mono.Cecil.Cil;
|
||||
using de4dot.blocks;
|
||||
|
||||
namespace de4dot.deobfuscators.CliSecure {
|
||||
namespace de4dot.code.deobfuscators.CliSecure {
|
||||
class ProxyDelegateFinder : ProxyDelegateFinderBase {
|
||||
IList<MemberReference> memberReferences;
|
||||
|
||||
|
|
|
@ -23,7 +23,7 @@ using System.Text;
|
|||
using Mono.Cecil;
|
||||
using de4dot.blocks;
|
||||
|
||||
namespace de4dot.deobfuscators.CliSecure {
|
||||
namespace de4dot.code.deobfuscators.CliSecure {
|
||||
class ResourceDecrypter {
|
||||
ModuleDefinition module;
|
||||
TypeDefinition rsrcType;
|
||||
|
|
|
@ -21,7 +21,7 @@ using System;
|
|||
using Mono.Cecil;
|
||||
using de4dot.blocks;
|
||||
|
||||
namespace de4dot.deobfuscators.CliSecure {
|
||||
namespace de4dot.code.deobfuscators.CliSecure {
|
||||
class StackFrameHelper {
|
||||
ModuleDefinition module;
|
||||
TypeDefinition stackFrameHelperType;
|
||||
|
|
|
@ -21,7 +21,7 @@ using System;
|
|||
using System.Text;
|
||||
using Mono.Cecil;
|
||||
|
||||
namespace de4dot.deobfuscators.CliSecure {
|
||||
namespace de4dot.code.deobfuscators.CliSecure {
|
||||
class StringDecrypter {
|
||||
ModuleDefinition module;
|
||||
TypeDefinition stringDecrypterType;
|
||||
|
|
|
@ -20,7 +20,7 @@
|
|||
using Mono.Cecil;
|
||||
using de4dot.blocks;
|
||||
|
||||
namespace de4dot.deobfuscators.CryptoObfuscator {
|
||||
namespace de4dot.code.deobfuscators.CryptoObfuscator {
|
||||
class AntiDebugger {
|
||||
ModuleDefinition module;
|
||||
ISimpleDeobfuscator simpleDeobfuscator;
|
||||
|
|
|
@ -24,7 +24,7 @@ using Mono.Cecil;
|
|||
using Mono.Cecil.Cil;
|
||||
using de4dot.blocks;
|
||||
|
||||
namespace de4dot.deobfuscators.CryptoObfuscator {
|
||||
namespace de4dot.code.deobfuscators.CryptoObfuscator {
|
||||
class AssemblyResolver {
|
||||
ModuleDefinition module;
|
||||
TypeDefinition resolverType;
|
||||
|
|
|
@ -22,8 +22,8 @@ using System.Text.RegularExpressions;
|
|||
using Mono.Cecil;
|
||||
using de4dot.blocks;
|
||||
|
||||
namespace de4dot.deobfuscators.CryptoObfuscator {
|
||||
class DeobfuscatorInfo : DeobfuscatorInfoBase {
|
||||
namespace de4dot.code.deobfuscators.CryptoObfuscator {
|
||||
public class DeobfuscatorInfo : DeobfuscatorInfoBase {
|
||||
public const string THE_NAME = "Crypto Obfuscator";
|
||||
public const string THE_TYPE = "co";
|
||||
const string DEFAULT_REGEX = @"!^(get_|set_|add_|remove_)?[A-Z]{1,3}(?:`\d+)?$&!^(get_|set_|add_|remove_)?c[0-9a-f]{32}(?:`\d+)?$&" + DeobfuscatorBase.DEFAULT_VALID_NAME_REGEX;
|
||||
|
|
|
@ -23,7 +23,7 @@ using Mono.Cecil;
|
|||
using Mono.Cecil.Cil;
|
||||
using de4dot.blocks;
|
||||
|
||||
namespace de4dot.deobfuscators.CryptoObfuscator {
|
||||
namespace de4dot.code.deobfuscators.CryptoObfuscator {
|
||||
class ProxyDelegateFinder : ProxyDelegateFinderBase {
|
||||
Dictionary<MethodDefinition, ProxyCreatorType> methodToType = new Dictionary<MethodDefinition, ProxyCreatorType>();
|
||||
|
||||
|
|
|
@ -23,7 +23,7 @@ using System.IO.Compression;
|
|||
using System.Security.Cryptography;
|
||||
using Mono.Cecil;
|
||||
|
||||
namespace de4dot.deobfuscators.CryptoObfuscator {
|
||||
namespace de4dot.code.deobfuscators.CryptoObfuscator {
|
||||
class ResourceDecrypter {
|
||||
const int BUFLEN = 0x8000;
|
||||
ModuleDefinition module;
|
||||
|
|
|
@ -22,7 +22,7 @@ using Mono.Cecil;
|
|||
using Mono.Cecil.Cil;
|
||||
using de4dot.blocks;
|
||||
|
||||
namespace de4dot.deobfuscators.CryptoObfuscator {
|
||||
namespace de4dot.code.deobfuscators.CryptoObfuscator {
|
||||
class ResourceResolver {
|
||||
ModuleDefinition module;
|
||||
ResourceDecrypter resourceDecrypter;
|
||||
|
|
|
@ -21,7 +21,7 @@ using System.Text;
|
|||
using Mono.Cecil;
|
||||
using de4dot.blocks;
|
||||
|
||||
namespace de4dot.deobfuscators.CryptoObfuscator {
|
||||
namespace de4dot.code.deobfuscators.CryptoObfuscator {
|
||||
class StringDecrypter {
|
||||
ModuleDefinition module;
|
||||
EmbeddedResource stringResource;
|
||||
|
|
|
@ -20,7 +20,7 @@
|
|||
using Mono.Cecil;
|
||||
using de4dot.blocks;
|
||||
|
||||
namespace de4dot.deobfuscators.CryptoObfuscator {
|
||||
namespace de4dot.code.deobfuscators.CryptoObfuscator {
|
||||
class TamperDetection {
|
||||
ModuleDefinition module;
|
||||
TypeDefinition tamperType;
|
||||
|
|
|
@ -21,7 +21,7 @@ using System;
|
|||
using System.IO;
|
||||
using Mono.Cecil;
|
||||
|
||||
namespace de4dot.deobfuscators {
|
||||
namespace de4dot.code.deobfuscators {
|
||||
static class DeobUtils {
|
||||
public static void decryptAndAddResources(ModuleDefinition module, string encryptedName, Func<byte[]> decryptResource) {
|
||||
Log.v("Decrypting resources, name: {0}", Utils.toCsharpString(encryptedName));
|
||||
|
|
|
@ -23,9 +23,9 @@ using Mono.Cecil;
|
|||
using Mono.Cecil.Cil;
|
||||
using Mono.MyStuff;
|
||||
using de4dot.blocks;
|
||||
using de4dot.PE;
|
||||
using de4dot.code.PE;
|
||||
|
||||
namespace de4dot.deobfuscators {
|
||||
namespace de4dot.code.deobfuscators {
|
||||
abstract class DeobfuscatorBase : IDeobfuscator, IWriterListener {
|
||||
public const string DEFAULT_VALID_NAME_REGEX = @"^[a-zA-Z_<{$][a-zA-Z_0-9<>{}$.`-]*$";
|
||||
|
||||
|
|
|
@ -19,8 +19,8 @@
|
|||
|
||||
using System.Collections.Generic;
|
||||
|
||||
namespace de4dot.deobfuscators {
|
||||
abstract class DeobfuscatorInfoBase : IDeobfuscatorInfo {
|
||||
namespace de4dot.code.deobfuscators {
|
||||
public abstract class DeobfuscatorInfoBase : IDeobfuscatorInfo {
|
||||
protected NameRegexOption validNameRegex;
|
||||
|
||||
public DeobfuscatorInfoBase(string nameRegex = null) {
|
||||
|
|
|
@ -22,8 +22,8 @@ using Mono.Cecil;
|
|||
using Mono.Cecil.Cil;
|
||||
using de4dot.blocks;
|
||||
|
||||
namespace de4dot.deobfuscators.Dotfuscator {
|
||||
class DeobfuscatorInfo : DeobfuscatorInfoBase {
|
||||
namespace de4dot.code.deobfuscators.Dotfuscator {
|
||||
public class DeobfuscatorInfo : DeobfuscatorInfoBase {
|
||||
public const string THE_NAME = "Dotfuscator";
|
||||
public const string THE_TYPE = "df";
|
||||
const string DEFAULT_REGEX = @"!^[a-z][a-z0-9]{0,2}$&!^A_[0-9]+$&" + DeobfuscatorBase.DEFAULT_VALID_NAME_REGEX;
|
||||
|
|
|
@ -22,8 +22,8 @@ using Mono.Cecil;
|
|||
using Mono.Cecil.Cil;
|
||||
using de4dot.blocks;
|
||||
|
||||
namespace de4dot.deobfuscators.Eazfuscator {
|
||||
class DeobfuscatorInfo : DeobfuscatorInfoBase {
|
||||
namespace de4dot.code.deobfuscators.Eazfuscator {
|
||||
public class DeobfuscatorInfo : DeobfuscatorInfoBase {
|
||||
public const string THE_NAME = "Eazfuscator.NET";
|
||||
public const string THE_TYPE = "ef";
|
||||
const string DEFAULT_REGEX = @"!^#=&!^dje_.+_ejd$&" + DeobfuscatorBase.DEFAULT_VALID_NAME_REGEX;
|
||||
|
|
|
@ -22,7 +22,7 @@ using Mono.Cecil;
|
|||
using Mono.Cecil.Cil;
|
||||
using de4dot.blocks;
|
||||
|
||||
namespace de4dot.deobfuscators {
|
||||
namespace de4dot.code.deobfuscators {
|
||||
class ExceptionLoggerRemover {
|
||||
Dictionary<MethodReference, bool> exceptionLoggerMethods = new Dictionary<MethodReference, bool>();
|
||||
|
||||
|
|
|
@ -17,8 +17,8 @@
|
|||
along with de4dot. If not, see <http://www.gnu.org/licenses/>.
|
||||
*/
|
||||
|
||||
namespace de4dot.deobfuscators {
|
||||
interface IDeobfuscatedFile : ISimpleDeobfuscator {
|
||||
namespace de4dot.code.deobfuscators {
|
||||
public interface IDeobfuscatedFile : ISimpleDeobfuscator {
|
||||
void createAssemblyFile(byte[] data, string assemblyName, string extension = null);
|
||||
void stringDecryptersAdded();
|
||||
}
|
||||
|
|
|
@ -22,11 +22,11 @@ using System.Collections.Generic;
|
|||
using Mono.Cecil;
|
||||
using Mono.MyStuff;
|
||||
using de4dot.blocks;
|
||||
using de4dot.renamer;
|
||||
using de4dot.PE;
|
||||
using de4dot.code.renamer;
|
||||
using de4dot.code.PE;
|
||||
|
||||
namespace de4dot.deobfuscators {
|
||||
interface IDeobfuscatorOptions {
|
||||
namespace de4dot.code.deobfuscators {
|
||||
public interface IDeobfuscatorOptions {
|
||||
bool RenameResourcesInCode { get; }
|
||||
}
|
||||
|
||||
|
@ -39,7 +39,7 @@ namespace de4dot.deobfuscators {
|
|||
}
|
||||
|
||||
[Flags]
|
||||
enum StringFeatures {
|
||||
public enum StringFeatures {
|
||||
AllowNoDecryption = 1,
|
||||
AllowStaticDecryption = 2,
|
||||
AllowDynamicDecryption = 4,
|
||||
|
@ -47,11 +47,11 @@ namespace de4dot.deobfuscators {
|
|||
}
|
||||
|
||||
[Flags]
|
||||
enum RenamingOptions {
|
||||
public enum RenamingOptions {
|
||||
RemoveNamespaceIfOneType = 1,
|
||||
}
|
||||
|
||||
interface IDeobfuscator : INameChecker {
|
||||
public interface IDeobfuscator : INameChecker {
|
||||
string Type { get; }
|
||||
string TypeLong { get; }
|
||||
string Name { get; }
|
||||
|
|
|
@ -19,8 +19,8 @@
|
|||
|
||||
using System.Collections.Generic;
|
||||
|
||||
namespace de4dot.deobfuscators {
|
||||
interface IDeobfuscatorInfo {
|
||||
namespace de4dot.code.deobfuscators {
|
||||
public interface IDeobfuscatorInfo {
|
||||
string Type { get; }
|
||||
string Name { get; }
|
||||
IDeobfuscator createDeobfuscator();
|
||||
|
|
|
@ -19,8 +19,8 @@
|
|||
|
||||
using Mono.Cecil;
|
||||
|
||||
namespace de4dot.deobfuscators {
|
||||
interface ISimpleDeobfuscator {
|
||||
namespace de4dot.code.deobfuscators {
|
||||
public interface ISimpleDeobfuscator {
|
||||
void deobfuscate(MethodDefinition method);
|
||||
void decryptStrings(MethodDefinition method, IDeobfuscator deob);
|
||||
}
|
||||
|
|
|
@ -17,14 +17,14 @@
|
|||
along with de4dot. If not, see <http://www.gnu.org/licenses/>.
|
||||
*/
|
||||
|
||||
namespace de4dot.deobfuscators {
|
||||
enum OpDecryptString {
|
||||
namespace de4dot.code.deobfuscators {
|
||||
public enum OpDecryptString {
|
||||
None,
|
||||
Static,
|
||||
Dynamic,
|
||||
}
|
||||
|
||||
interface IOperations {
|
||||
public interface IOperations {
|
||||
bool KeepObfuscatorTypes { get; }
|
||||
OpDecryptString DecryptStrings { get; }
|
||||
}
|
||||
|
|
|
@ -23,7 +23,7 @@ using Mono.Cecil;
|
|||
using Mono.Cecil.Cil;
|
||||
using de4dot.blocks;
|
||||
|
||||
namespace de4dot.deobfuscators {
|
||||
namespace de4dot.code.deobfuscators {
|
||||
abstract class ProxyDelegateFinderBase {
|
||||
protected ModuleDefinition module;
|
||||
protected List<MethodDefinition> delegateCreatorMethods = new List<MethodDefinition>();
|
||||
|
|
|
@ -21,7 +21,7 @@ using System.Collections.Generic;
|
|||
using System.Text;
|
||||
using System.Text.RegularExpressions;
|
||||
|
||||
namespace de4dot.deobfuscators {
|
||||
namespace de4dot.code.deobfuscators {
|
||||
static class RandomNameChecker {
|
||||
static Regex noUpper = new Regex(@"^[^A-Z]+$");
|
||||
static Regex allUpper = new Regex(@"^[A-Z]+$");
|
||||
|
|
|
@ -21,7 +21,7 @@ using System;
|
|||
using System.Collections.Generic;
|
||||
using Mono.Cecil;
|
||||
|
||||
namespace de4dot.deobfuscators.SmartAssembly {
|
||||
namespace de4dot.code.deobfuscators.SmartAssembly {
|
||||
class AssemblyResolver {
|
||||
ResourceDecrypter resourceDecrypter;
|
||||
AssemblyResolverInfo assemblyResolverInfo;
|
||||
|
|
|
@ -24,7 +24,7 @@ using Mono.Cecil;
|
|||
using Mono.Cecil.Cil;
|
||||
using de4dot.blocks;
|
||||
|
||||
namespace de4dot.deobfuscators.SmartAssembly {
|
||||
namespace de4dot.code.deobfuscators.SmartAssembly {
|
||||
public class EmbeddedAssemblyInfo {
|
||||
public string assemblyName;
|
||||
public string simpleName;
|
||||
|
|
|
@ -22,7 +22,7 @@ using Mono.Cecil;
|
|||
using Mono.Cecil.Cil;
|
||||
using de4dot.blocks;
|
||||
|
||||
namespace de4dot.deobfuscators.SmartAssembly {
|
||||
namespace de4dot.code.deobfuscators.SmartAssembly {
|
||||
class AutomatedErrorReportingFinder {
|
||||
ModuleDefinition module;
|
||||
ExceptionLoggerRemover exceptionLoggerRemover = new ExceptionLoggerRemover();
|
||||
|
|
|
@ -28,8 +28,8 @@ using de4dot.blocks;
|
|||
// SmartAssembly can add so much junk that it's very difficult to find and remove all of it.
|
||||
// I remove some safe types that are almost guaranteed not to have any references in the code.
|
||||
|
||||
namespace de4dot.deobfuscators.SmartAssembly {
|
||||
class DeobfuscatorInfo : DeobfuscatorInfoBase {
|
||||
namespace de4dot.code.deobfuscators.SmartAssembly {
|
||||
public class DeobfuscatorInfo : DeobfuscatorInfoBase {
|
||||
public const string THE_NAME = "SmartAssembly";
|
||||
public const string THE_TYPE = "sa";
|
||||
BoolOption removeAutomatedErrorReporting;
|
||||
|
|
|
@ -20,7 +20,7 @@
|
|||
using Mono.Cecil;
|
||||
using de4dot.blocks;
|
||||
|
||||
namespace de4dot.deobfuscators.SmartAssembly {
|
||||
namespace de4dot.code.deobfuscators.SmartAssembly {
|
||||
class MemoryManagerInfo {
|
||||
ModuleDefinition module;
|
||||
TypeDefinition memoryManagerType;
|
||||
|
|
|
@ -23,7 +23,7 @@ using Mono.Cecil;
|
|||
using Mono.Cecil.Cil;
|
||||
using de4dot.blocks;
|
||||
|
||||
namespace de4dot.deobfuscators.SmartAssembly {
|
||||
namespace de4dot.code.deobfuscators.SmartAssembly {
|
||||
class ProxyDelegateFinder : ProxyDelegateFinderBase {
|
||||
static readonly Dictionary<char, int> specialCharsDict = new Dictionary<char, int>();
|
||||
static readonly char[] specialChars = new char[] {
|
||||
|
|
|
@ -22,7 +22,7 @@ using Mono.Cecil;
|
|||
using Mono.Cecil.Cil;
|
||||
using de4dot.blocks;
|
||||
|
||||
namespace de4dot.deobfuscators.SmartAssembly {
|
||||
namespace de4dot.code.deobfuscators.SmartAssembly {
|
||||
abstract class ResolverInfoBase {
|
||||
protected ModuleDefinition module;
|
||||
ISimpleDeobfuscator simpleDeobfuscator;
|
||||
|
|
|
@ -23,7 +23,7 @@ using System.Security.Cryptography;
|
|||
using Mono.Cecil;
|
||||
using ICSharpCode.SharpZipLib.Zip.Compression;
|
||||
|
||||
namespace de4dot.deobfuscators.SmartAssembly {
|
||||
namespace de4dot.code.deobfuscators.SmartAssembly {
|
||||
class ResourceDecrypter {
|
||||
ResourceDecrypterInfo resourceDecrypterInfo;
|
||||
|
||||
|
|
|
@ -22,7 +22,7 @@ using Mono.Cecil;
|
|||
using Mono.Cecil.Cil;
|
||||
using de4dot.blocks;
|
||||
|
||||
namespace de4dot.deobfuscators.SmartAssembly {
|
||||
namespace de4dot.code.deobfuscators.SmartAssembly {
|
||||
class ResourceDecrypterInfo {
|
||||
ModuleDefinition module;
|
||||
TypeDefinition simpleZipType;
|
||||
|
|
|
@ -22,7 +22,7 @@ using System.IO;
|
|||
using Mono.Cecil;
|
||||
using de4dot.blocks;
|
||||
|
||||
namespace de4dot.deobfuscators.SmartAssembly {
|
||||
namespace de4dot.code.deobfuscators.SmartAssembly {
|
||||
class ResourceResolver {
|
||||
ModuleDefinition module;
|
||||
AssemblyResolver assemblyResolver;
|
||||
|
|
|
@ -21,7 +21,7 @@ using Mono.Cecil;
|
|||
using Mono.Cecil.Cil;
|
||||
using de4dot.blocks;
|
||||
|
||||
namespace de4dot.deobfuscators.SmartAssembly {
|
||||
namespace de4dot.code.deobfuscators.SmartAssembly {
|
||||
class ResourceResolverInfo : ResolverInfoBase {
|
||||
EmbeddedAssemblyInfo resourceInfo;
|
||||
AssemblyResolverInfo assemblyResolverInfo;
|
||||
|
|
|
@ -20,7 +20,7 @@
|
|||
using Mono.Cecil;
|
||||
using de4dot.blocks;
|
||||
|
||||
namespace de4dot.deobfuscators.SmartAssembly {
|
||||
namespace de4dot.code.deobfuscators.SmartAssembly {
|
||||
class SimpleZipInfo {
|
||||
|
||||
public static bool isSimpleZipDecryptMethod_QuickCheck(ModuleDefinition module, MethodReference method, out TypeDefinition simpleZipType) {
|
||||
|
|
|
@ -20,7 +20,7 @@
|
|||
using System;
|
||||
using System.Text;
|
||||
|
||||
namespace de4dot.deobfuscators.SmartAssembly {
|
||||
namespace de4dot.code.deobfuscators.SmartAssembly {
|
||||
class StringDecrypter {
|
||||
int stringOffset;
|
||||
byte[] decryptedData;
|
||||
|
|
|
@ -23,7 +23,7 @@ using Mono.Cecil;
|
|||
using Mono.Cecil.Cil;
|
||||
using de4dot.blocks;
|
||||
|
||||
namespace de4dot.deobfuscators.SmartAssembly {
|
||||
namespace de4dot.code.deobfuscators.SmartAssembly {
|
||||
class StringDecrypterInfo {
|
||||
ModuleDefinition module;
|
||||
ResourceDecrypter resourceDecrypter;
|
||||
|
|
|
@ -22,7 +22,7 @@ using Mono.Cecil;
|
|||
using Mono.Cecil.Cil;
|
||||
using de4dot.blocks;
|
||||
|
||||
namespace de4dot.deobfuscators.SmartAssembly {
|
||||
namespace de4dot.code.deobfuscators.SmartAssembly {
|
||||
class StringsEncoderInfo {
|
||||
// SmartAssembly.HouseOfCards.Strings, the class that creates the string decrypter
|
||||
// delegates
|
||||
|
|
|
@ -23,7 +23,7 @@ using Mono.Cecil;
|
|||
using Mono.Cecil.Cil;
|
||||
using de4dot.blocks;
|
||||
|
||||
namespace de4dot.deobfuscators.SmartAssembly {
|
||||
namespace de4dot.code.deobfuscators.SmartAssembly {
|
||||
class TamperProtectionRemover {
|
||||
ModuleDefinition module;
|
||||
List<MethodDefinition> pinvokeMethods = new List<MethodDefinition>();
|
||||
|
|
|
@ -22,7 +22,7 @@ using System.Collections.Generic;
|
|||
using Mono.Cecil;
|
||||
using Mono.Cecil.Cil;
|
||||
|
||||
namespace de4dot.deobfuscators {
|
||||
namespace de4dot.code.deobfuscators {
|
||||
class StringCounts {
|
||||
Dictionary<string, int> strings = new Dictionary<string, int>(StringComparer.Ordinal);
|
||||
|
||||
|
|
|
@ -22,7 +22,7 @@ using Mono.Cecil;
|
|||
using Mono.Cecil.Cil;
|
||||
using de4dot.blocks;
|
||||
|
||||
namespace de4dot.deobfuscators {
|
||||
namespace de4dot.code.deobfuscators {
|
||||
// Restore the type of all fields / parameters that have had their type turned into object.
|
||||
// This thing requires a lot more code than I have time to do now (similar to symbol renaming)
|
||||
// so it will be a basic implementation only.
|
||||
|
|
|
@ -19,8 +19,8 @@
|
|||
|
||||
using System.Text.RegularExpressions;
|
||||
|
||||
namespace de4dot.deobfuscators.Unknown {
|
||||
class DeobfuscatorInfo : DeobfuscatorInfoBase {
|
||||
namespace de4dot.code.deobfuscators.Unknown {
|
||||
public class DeobfuscatorInfo : DeobfuscatorInfoBase {
|
||||
public const string THE_NAME = "Unknown";
|
||||
public const string THE_TYPE = "un";
|
||||
public DeobfuscatorInfo()
|
||||
|
@ -61,7 +61,7 @@ namespace de4dot.deobfuscators.Unknown {
|
|||
get { return obfuscatorName ?? "Unknown Obfuscator"; }
|
||||
}
|
||||
|
||||
public Deobfuscator(Options options)
|
||||
internal Deobfuscator(Options options)
|
||||
: base(options) {
|
||||
}
|
||||
|
||||
|
|
|
@ -20,8 +20,8 @@
|
|||
using System.Collections.Generic;
|
||||
using Mono.Cecil;
|
||||
|
||||
namespace de4dot.deobfuscators.Xenocode {
|
||||
class DeobfuscatorInfo : DeobfuscatorInfoBase {
|
||||
namespace de4dot.code.deobfuscators.Xenocode {
|
||||
public class DeobfuscatorInfo : DeobfuscatorInfoBase {
|
||||
public const string THE_NAME = "Xenocode";
|
||||
public const string THE_TYPE = "xc";
|
||||
const string DEFAULT_REGEX = @"!^[oO01l]{4,}$&!^(get_|set_|add_|remove_|_)?x[a-f0-9]{16,}$&" + DeobfuscatorBase.DEFAULT_VALID_NAME_REGEX;
|
||||
|
|
|
@ -21,7 +21,7 @@ using System.Text;
|
|||
using Mono.Cecil;
|
||||
using de4dot.blocks;
|
||||
|
||||
namespace de4dot.deobfuscators.Xenocode {
|
||||
namespace de4dot.code.deobfuscators.Xenocode {
|
||||
class StringDecrypter {
|
||||
const int STRING_DECRYPTER_KEY_CONST = 1789;
|
||||
ModuleDefinition module;
|
||||
|
|
|
@ -22,7 +22,7 @@ using Mono.Cecil;
|
|||
using Mono.Cecil.Cil;
|
||||
using de4dot.blocks;
|
||||
|
||||
namespace de4dot.deobfuscators.dotNET_Reactor {
|
||||
namespace de4dot.code.deobfuscators.dotNET_Reactor {
|
||||
class AntiStrongName {
|
||||
TypeDefinition decrypterType;
|
||||
MethodDefinition antiStrongNameMethod;
|
||||
|
|
|
@ -23,7 +23,7 @@ using System.IO;
|
|||
using Mono.Cecil;
|
||||
using de4dot.blocks;
|
||||
|
||||
namespace de4dot.deobfuscators.dotNET_Reactor {
|
||||
namespace de4dot.code.deobfuscators.dotNET_Reactor {
|
||||
class ResourceInfo {
|
||||
public EmbeddedResource resource;
|
||||
public string name;
|
||||
|
|
|
@ -22,7 +22,7 @@ using Mono.Cecil;
|
|||
using Mono.Cecil.Cil;
|
||||
using de4dot.blocks;
|
||||
|
||||
namespace de4dot.deobfuscators.dotNET_Reactor {
|
||||
namespace de4dot.code.deobfuscators.dotNET_Reactor {
|
||||
class BoolValueInliner : MethodReturnValueInliner {
|
||||
Dictionary<MethodReferenceAndDeclaringTypeKey, Func<MethodDefinition, object[], bool>> boolDecrypters = new Dictionary<MethodReferenceAndDeclaringTypeKey, Func<MethodDefinition, object[], bool>>();
|
||||
|
||||
|
|
|
@ -21,7 +21,7 @@ using System;
|
|||
using Mono.Cecil;
|
||||
using de4dot.blocks;
|
||||
|
||||
namespace de4dot.deobfuscators.dotNET_Reactor {
|
||||
namespace de4dot.code.deobfuscators.dotNET_Reactor {
|
||||
class BooleanDecrypter {
|
||||
ModuleDefinition module;
|
||||
EncryptedResource encryptedResource;
|
||||
|
|
|
@ -25,10 +25,10 @@ using Mono.Cecil;
|
|||
using Mono.Cecil.Cil;
|
||||
using Mono.MyStuff;
|
||||
using de4dot.blocks;
|
||||
using de4dot.PE;
|
||||
using de4dot.code.PE;
|
||||
|
||||
namespace de4dot.deobfuscators.dotNET_Reactor {
|
||||
class DeobfuscatorInfo : DeobfuscatorInfoBase {
|
||||
namespace de4dot.code.deobfuscators.dotNET_Reactor {
|
||||
public class DeobfuscatorInfo : DeobfuscatorInfoBase {
|
||||
public const string THE_NAME = ".NET Reactor";
|
||||
public const string THE_TYPE = "dr";
|
||||
const string DEFAULT_REGEX = DeobfuscatorBase.DEFAULT_VALID_NAME_REGEX;
|
||||
|
|
|
@ -20,7 +20,7 @@
|
|||
using Mono.Cecil;
|
||||
using de4dot.blocks;
|
||||
|
||||
namespace de4dot.deobfuscators.dotNET_Reactor {
|
||||
namespace de4dot.code.deobfuscators.dotNET_Reactor {
|
||||
// Detect some empty class that is called from most .ctor's
|
||||
class EmptyClass {
|
||||
ModuleDefinition module;
|
||||
|
|
|
@ -25,7 +25,7 @@ using Mono.Cecil;
|
|||
using Mono.Cecil.Cil;
|
||||
using de4dot.blocks;
|
||||
|
||||
namespace de4dot.deobfuscators.dotNET_Reactor {
|
||||
namespace de4dot.code.deobfuscators.dotNET_Reactor {
|
||||
class EncryptedResource {
|
||||
ModuleDefinition module;
|
||||
MethodDefinition resourceDecrypterMethod;
|
||||
|
|
|
@ -21,7 +21,7 @@ using Mono.Cecil;
|
|||
using Mono.Cecil.Cil;
|
||||
using de4dot.blocks;
|
||||
|
||||
namespace de4dot.deobfuscators.dotNET_Reactor {
|
||||
namespace de4dot.code.deobfuscators.dotNET_Reactor {
|
||||
// Find the class that returns a RuntimeTypeHandle/RuntimeFieldHandle. The value passed to
|
||||
// its methods is the original metadata token, which will be different when we save the file.
|
||||
class MetadataTokenObfuscator {
|
||||
|
|
|
@ -24,9 +24,9 @@ using Mono.Cecil;
|
|||
using Mono.Cecil.Cil;
|
||||
using Mono.MyStuff;
|
||||
using de4dot.blocks;
|
||||
using de4dot.PE;
|
||||
using de4dot.code.PE;
|
||||
|
||||
namespace de4dot.deobfuscators.dotNET_Reactor {
|
||||
namespace de4dot.code.deobfuscators.dotNET_Reactor {
|
||||
class MethodsDecrypter {
|
||||
ModuleDefinition module;
|
||||
EncryptedResource encryptedResource;
|
||||
|
|
|
@ -19,7 +19,7 @@
|
|||
|
||||
using System;
|
||||
|
||||
namespace de4dot.deobfuscators.dotNET_Reactor {
|
||||
namespace de4dot.code.deobfuscators.dotNET_Reactor {
|
||||
class NativeFileDecrypter {
|
||||
byte[] key;
|
||||
byte kb = 0;
|
||||
|
|
|
@ -20,9 +20,9 @@
|
|||
using System;
|
||||
using System.IO;
|
||||
using ICSharpCode.SharpZipLib.Zip.Compression;
|
||||
using de4dot.PE;
|
||||
using de4dot.code.PE;
|
||||
|
||||
namespace de4dot.deobfuscators.dotNET_Reactor {
|
||||
namespace de4dot.code.deobfuscators.dotNET_Reactor {
|
||||
class NativeImageUnpacker {
|
||||
PeImage peImage;
|
||||
bool isNet1x;
|
||||
|
|
|
@ -11,7 +11,7 @@
|
|||
|
||||
using System;
|
||||
|
||||
namespace de4dot.deobfuscators.dotNET_Reactor {
|
||||
namespace de4dot.code.deobfuscators.dotNET_Reactor {
|
||||
static class QuickLZ {
|
||||
static uint read32(byte[] data, int index) {
|
||||
return BitConverter.ToUInt32(data, index);
|
||||
|
|
Some files were not shown because too many files have changed in this diff Show More
Loading…
Reference in New Issue
Block a user