Move console code to new de4dot.cui assembly
This commit is contained in:
parent
65bf7a67a7
commit
e7ea01f87d
|
@ -20,7 +20,7 @@
|
||||||
namespace de4dot_x64 {
|
namespace de4dot_x64 {
|
||||||
class Program {
|
class Program {
|
||||||
static int Main(string[] args) {
|
static int Main(string[] args) {
|
||||||
return de4dot.Program.main(de4dot.StartUpArch.x64, args);
|
return de4dot.cui.Program.main(args);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -46,9 +46,9 @@
|
||||||
<None Include="App.config" />
|
<None Include="App.config" />
|
||||||
</ItemGroup>
|
</ItemGroup>
|
||||||
<ItemGroup>
|
<ItemGroup>
|
||||||
<ProjectReference Include="..\de4dot.code\de4dot.code.csproj">
|
<ProjectReference Include="..\de4dot.cui\de4dot.cui.csproj">
|
||||||
<Project>{4D10B9EB-3BF1-4D61-A389-CB019E8C9622}</Project>
|
<Project>{879E4A7E-C320-42D2-8275-4F1E44CE64AA}</Project>
|
||||||
<Name>d4d.code</Name>
|
<Name>de4dot.cui</Name>
|
||||||
</ProjectReference>
|
</ProjectReference>
|
||||||
</ItemGroup>
|
</ItemGroup>
|
||||||
<Import Project="$(MSBuildToolsPath)\Microsoft.CSharp.targets" />
|
<Import Project="$(MSBuildToolsPath)\Microsoft.CSharp.targets" />
|
||||||
|
|
|
@ -23,7 +23,7 @@ using System.Runtime.Serialization;
|
||||||
using System.Threading;
|
using System.Threading;
|
||||||
using AssemblyData;
|
using AssemblyData;
|
||||||
|
|
||||||
namespace de4dot.AssemblyClient {
|
namespace de4dot.code.AssemblyClient {
|
||||||
sealed class AssemblyClient : IAssemblyClient {
|
sealed class AssemblyClient : IAssemblyClient {
|
||||||
const int WAIT_TIME_BEFORE_CONNECTING = 1000;
|
const int WAIT_TIME_BEFORE_CONNECTING = 1000;
|
||||||
const int MAX_CONNECT_WAIT_TIME_MS = 2000;
|
const int MAX_CONNECT_WAIT_TIME_MS = 2000;
|
||||||
|
|
|
@ -17,24 +17,24 @@
|
||||||
along with de4dot. If not, see <http://www.gnu.org/licenses/>.
|
along with de4dot. If not, see <http://www.gnu.org/licenses/>.
|
||||||
*/
|
*/
|
||||||
|
|
||||||
namespace de4dot.AssemblyClient {
|
namespace de4dot.code.AssemblyClient {
|
||||||
interface IAssemblyClientFactory {
|
public interface IAssemblyClientFactory {
|
||||||
IAssemblyClient create();
|
IAssemblyClient create();
|
||||||
}
|
}
|
||||||
|
|
||||||
class SameAppDomainAssemblyClientFactory : IAssemblyClientFactory {
|
public class SameAppDomainAssemblyClientFactory : IAssemblyClientFactory {
|
||||||
public IAssemblyClient create() {
|
public IAssemblyClient create() {
|
||||||
return new AssemblyClient(new SameAppDomainAssemblyServerLoader());
|
return new AssemblyClient(new SameAppDomainAssemblyServerLoader());
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
class NewAppDomainAssemblyClientFactory : IAssemblyClientFactory {
|
public class NewAppDomainAssemblyClientFactory : IAssemblyClientFactory {
|
||||||
public IAssemblyClient create() {
|
public IAssemblyClient create() {
|
||||||
return new AssemblyClient(new NewAppDomainAssemblyServerLoader());
|
return new AssemblyClient(new NewAppDomainAssemblyServerLoader());
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
class NewProcessAssemblyClientFactory : IAssemblyClientFactory {
|
public class NewProcessAssemblyClientFactory : IAssemblyClientFactory {
|
||||||
public IAssemblyClient create() {
|
public IAssemblyClient create() {
|
||||||
return new AssemblyClient(new NewProcessAssemblyServerLoader());
|
return new AssemblyClient(new NewProcessAssemblyServerLoader());
|
||||||
}
|
}
|
||||||
|
|
|
@ -20,8 +20,8 @@
|
||||||
using System;
|
using System;
|
||||||
using AssemblyData;
|
using AssemblyData;
|
||||||
|
|
||||||
namespace de4dot.AssemblyClient {
|
namespace de4dot.code.AssemblyClient {
|
||||||
interface IAssemblyClient : IDisposable {
|
public interface IAssemblyClient : IDisposable {
|
||||||
IAssemblyService Service { get; }
|
IAssemblyService Service { get; }
|
||||||
void connect();
|
void connect();
|
||||||
void waitConnected();
|
void waitConnected();
|
||||||
|
|
|
@ -20,7 +20,7 @@
|
||||||
using System;
|
using System;
|
||||||
using AssemblyData;
|
using AssemblyData;
|
||||||
|
|
||||||
namespace de4dot.AssemblyClient {
|
namespace de4dot.code.AssemblyClient {
|
||||||
interface IAssemblyServerLoader : IDisposable {
|
interface IAssemblyServerLoader : IDisposable {
|
||||||
void loadServer();
|
void loadServer();
|
||||||
IAssemblyService createService();
|
IAssemblyService createService();
|
||||||
|
|
|
@ -20,7 +20,7 @@
|
||||||
using System;
|
using System;
|
||||||
using AssemblyData;
|
using AssemblyData;
|
||||||
|
|
||||||
namespace de4dot.AssemblyClient {
|
namespace de4dot.code.AssemblyClient {
|
||||||
abstract class IpcAssemblyServerLoader : IAssemblyServerLoader {
|
abstract class IpcAssemblyServerLoader : IAssemblyServerLoader {
|
||||||
const string ASSEMBLY_SERVER_FILENAME_X86 = "AssemblyServer.exe";
|
const string ASSEMBLY_SERVER_FILENAME_X86 = "AssemblyServer.exe";
|
||||||
const string ASSEMBLY_SERVER_FILENAME_X64 = "AssemblyServer-x64.exe";
|
const string ASSEMBLY_SERVER_FILENAME_X64 = "AssemblyServer-x64.exe";
|
||||||
|
@ -30,12 +30,16 @@ namespace de4dot.AssemblyClient {
|
||||||
string url;
|
string url;
|
||||||
|
|
||||||
protected IpcAssemblyServerLoader() {
|
protected IpcAssemblyServerLoader() {
|
||||||
assemblyServerFilename = Utils.getArchString(ASSEMBLY_SERVER_FILENAME_X86, ASSEMBLY_SERVER_FILENAME_X64);
|
assemblyServerFilename = getServerName();
|
||||||
ipcName = Utils.randomName(15, 20);
|
ipcName = Utils.randomName(15, 20);
|
||||||
ipcUri = Utils.randomName(15, 20);
|
ipcUri = Utils.randomName(15, 20);
|
||||||
url = string.Format("ipc://{0}/{1}", ipcName, ipcUri);
|
url = string.Format("ipc://{0}/{1}", ipcName, ipcUri);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
static string getServerName() {
|
||||||
|
return IntPtr.Size == 4 ? ASSEMBLY_SERVER_FILENAME_X86 : ASSEMBLY_SERVER_FILENAME_X64;
|
||||||
|
}
|
||||||
|
|
||||||
public void loadServer() {
|
public void loadServer() {
|
||||||
loadServer(Utils.getPathOfOurFile(assemblyServerFilename));
|
loadServer(Utils.getPathOfOurFile(assemblyServerFilename));
|
||||||
}
|
}
|
||||||
|
|
|
@ -20,7 +20,7 @@
|
||||||
using System;
|
using System;
|
||||||
using System.Threading;
|
using System.Threading;
|
||||||
|
|
||||||
namespace de4dot.AssemblyClient {
|
namespace de4dot.code.AssemblyClient {
|
||||||
// Starts the server in a new app domain.
|
// Starts the server in a new app domain.
|
||||||
sealed class NewAppDomainAssemblyServerLoader : IpcAssemblyServerLoader {
|
sealed class NewAppDomainAssemblyServerLoader : IpcAssemblyServerLoader {
|
||||||
AppDomain appDomain;
|
AppDomain appDomain;
|
||||||
|
|
|
@ -20,7 +20,7 @@
|
||||||
using System;
|
using System;
|
||||||
using System.Diagnostics;
|
using System.Diagnostics;
|
||||||
|
|
||||||
namespace de4dot.AssemblyClient {
|
namespace de4dot.code.AssemblyClient {
|
||||||
// Starts the server in a new process
|
// Starts the server in a new process
|
||||||
class NewProcessAssemblyServerLoader : IpcAssemblyServerLoader {
|
class NewProcessAssemblyServerLoader : IpcAssemblyServerLoader {
|
||||||
Process process;
|
Process process;
|
||||||
|
|
|
@ -20,7 +20,7 @@
|
||||||
using System;
|
using System;
|
||||||
using AssemblyData;
|
using AssemblyData;
|
||||||
|
|
||||||
namespace de4dot.AssemblyClient {
|
namespace de4dot.code.AssemblyClient {
|
||||||
// Starts the server in the current app domain.
|
// Starts the server in the current app domain.
|
||||||
class SameAppDomainAssemblyServerLoader : IAssemblyServerLoader {
|
class SameAppDomainAssemblyServerLoader : IAssemblyServerLoader {
|
||||||
IAssemblyService service;
|
IAssemblyService service;
|
||||||
|
|
|
@ -24,7 +24,7 @@ using Mono.Cecil;
|
||||||
using Mono.MyStuff;
|
using Mono.MyStuff;
|
||||||
using de4dot.blocks;
|
using de4dot.blocks;
|
||||||
|
|
||||||
namespace de4dot {
|
namespace de4dot.code {
|
||||||
class AssemblyModule {
|
class AssemblyModule {
|
||||||
string filename;
|
string filename;
|
||||||
ModuleDefinition module;
|
ModuleDefinition module;
|
||||||
|
|
|
@ -23,8 +23,8 @@ using System.IO;
|
||||||
using System.Text.RegularExpressions;
|
using System.Text.RegularExpressions;
|
||||||
using Mono.Cecil;
|
using Mono.Cecil;
|
||||||
|
|
||||||
namespace de4dot {
|
namespace de4dot.code {
|
||||||
class AssemblyResolver : DefaultAssemblyResolver {
|
public class AssemblyResolver : DefaultAssemblyResolver {
|
||||||
public static readonly AssemblyResolver Instance = new AssemblyResolver();
|
public static readonly AssemblyResolver Instance = new AssemblyResolver();
|
||||||
Dictionary<string, bool> addedAssemblies = new Dictionary<string, bool>(StringComparer.Ordinal);
|
Dictionary<string, bool> addedAssemblies = new Dictionary<string, bool>(StringComparer.Ordinal);
|
||||||
Dictionary<string, bool> addedDirectories = new Dictionary<string, bool>(StringComparer.OrdinalIgnoreCase);
|
Dictionary<string, bool> addedDirectories = new Dictionary<string, bool>(StringComparer.OrdinalIgnoreCase);
|
||||||
|
|
|
@ -18,12 +18,12 @@
|
||||||
*/
|
*/
|
||||||
|
|
||||||
using System.Collections.Generic;
|
using System.Collections.Generic;
|
||||||
using de4dot.deobfuscators;
|
using de4dot.code.deobfuscators;
|
||||||
using Mono.Cecil;
|
using Mono.Cecil;
|
||||||
using de4dot.renamer;
|
using de4dot.code.renamer;
|
||||||
|
|
||||||
namespace de4dot {
|
namespace de4dot.code {
|
||||||
interface IObfuscatedFile {
|
public interface IObfuscatedFile {
|
||||||
ModuleDefinition ModuleDefinition { get; }
|
ModuleDefinition ModuleDefinition { get; }
|
||||||
IDeobfuscator Deobfuscator { get; }
|
IDeobfuscator Deobfuscator { get; }
|
||||||
string Filename { get; }
|
string Filename { get; }
|
||||||
|
|
|
@ -20,8 +20,8 @@
|
||||||
using System;
|
using System;
|
||||||
using System.Collections.Generic;
|
using System.Collections.Generic;
|
||||||
|
|
||||||
namespace de4dot {
|
namespace de4dot.code {
|
||||||
static class Log {
|
public static class Log {
|
||||||
public static int indentLevel = 0;
|
public static int indentLevel = 0;
|
||||||
const int indentSize = 2;
|
const int indentSize = 2;
|
||||||
|
|
||||||
|
|
|
@ -23,7 +23,7 @@ using Mono.Cecil;
|
||||||
using Mono.Cecil.Cil;
|
using Mono.Cecil.Cil;
|
||||||
using de4dot.blocks;
|
using de4dot.blocks;
|
||||||
|
|
||||||
namespace de4dot {
|
namespace de4dot.code {
|
||||||
// A simple class that statically detects the values of some local variables
|
// A simple class that statically detects the values of some local variables
|
||||||
class VariableValues {
|
class VariableValues {
|
||||||
IList<Block> allBlocks;
|
IList<Block> allBlocks;
|
||||||
|
|
|
@ -20,8 +20,8 @@
|
||||||
using System.Collections.Generic;
|
using System.Collections.Generic;
|
||||||
using System.Text.RegularExpressions;
|
using System.Text.RegularExpressions;
|
||||||
|
|
||||||
namespace de4dot {
|
namespace de4dot.code {
|
||||||
class NameRegex {
|
public class NameRegex {
|
||||||
Regex regex;
|
Regex regex;
|
||||||
public const char invertChar = '!';
|
public const char invertChar = '!';
|
||||||
|
|
||||||
|
@ -50,7 +50,7 @@ namespace de4dot {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
class NameRegexes {
|
public class NameRegexes {
|
||||||
IList<NameRegex> regexes;
|
IList<NameRegex> regexes;
|
||||||
public bool DefaultValue { get; set; }
|
public bool DefaultValue { get; set; }
|
||||||
public const char regexSeparatorChar = '&';
|
public const char regexSeparatorChar = '&';
|
||||||
|
|
|
@ -25,15 +25,15 @@ using System.Text;
|
||||||
using Mono.Cecil;
|
using Mono.Cecil;
|
||||||
using Mono.Cecil.Cil;
|
using Mono.Cecil.Cil;
|
||||||
using Mono.MyStuff;
|
using Mono.MyStuff;
|
||||||
using de4dot.deobfuscators;
|
using de4dot.code.deobfuscators;
|
||||||
using de4dot.blocks;
|
using de4dot.blocks;
|
||||||
using de4dot.blocks.cflow;
|
using de4dot.blocks.cflow;
|
||||||
using de4dot.AssemblyClient;
|
using de4dot.code.AssemblyClient;
|
||||||
using de4dot.renamer;
|
using de4dot.code.renamer;
|
||||||
using de4dot.PE;
|
using de4dot.code.PE;
|
||||||
|
|
||||||
namespace de4dot {
|
namespace de4dot.code {
|
||||||
class ObfuscatedFile : IObfuscatedFile, IDeobfuscatedFile {
|
public class ObfuscatedFile : IObfuscatedFile, IDeobfuscatedFile {
|
||||||
Options options;
|
Options options;
|
||||||
ModuleDefinition module;
|
ModuleDefinition module;
|
||||||
IList<MethodDefinition> allMethods;
|
IList<MethodDefinition> allMethods;
|
||||||
|
|
|
@ -21,8 +21,8 @@ using System;
|
||||||
using System.Collections.Generic;
|
using System.Collections.Generic;
|
||||||
using System.Text.RegularExpressions;
|
using System.Text.RegularExpressions;
|
||||||
|
|
||||||
namespace de4dot {
|
namespace de4dot.code {
|
||||||
abstract class Option {
|
public abstract class Option {
|
||||||
const string SHORTNAME_PREFIX = "-";
|
const string SHORTNAME_PREFIX = "-";
|
||||||
const string LONGNAME_PREFIX = "--";
|
const string LONGNAME_PREFIX = "--";
|
||||||
|
|
||||||
|
@ -68,7 +68,7 @@ namespace de4dot {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
class BoolOption : Option {
|
public class BoolOption : Option {
|
||||||
bool val;
|
bool val;
|
||||||
public BoolOption(string shortName, string longName, string description, bool val)
|
public BoolOption(string shortName, string longName, string description, bool val)
|
||||||
: base(shortName, longName, description) {
|
: base(shortName, longName, description) {
|
||||||
|
@ -96,7 +96,7 @@ namespace de4dot {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
class IntOption : Option {
|
public class IntOption : Option {
|
||||||
int val;
|
int val;
|
||||||
public IntOption(string shortName, string longName, string description, int val)
|
public IntOption(string shortName, string longName, string description, int val)
|
||||||
: base(shortName, longName, description) {
|
: base(shortName, longName, description) {
|
||||||
|
@ -123,7 +123,7 @@ namespace de4dot {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
class StringOption : Option {
|
public class StringOption : Option {
|
||||||
string val;
|
string val;
|
||||||
|
|
||||||
public override string ArgumentValueName {
|
public override string ArgumentValueName {
|
||||||
|
@ -146,7 +146,7 @@ namespace de4dot {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
class NameRegexOption : Option {
|
public class NameRegexOption : Option {
|
||||||
NameRegexes val;
|
NameRegexes val;
|
||||||
|
|
||||||
public override string ArgumentValueName {
|
public override string ArgumentValueName {
|
||||||
|
@ -177,7 +177,7 @@ namespace de4dot {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
class RegexOption : Option {
|
public class RegexOption : Option {
|
||||||
Regex val;
|
Regex val;
|
||||||
|
|
||||||
public override string ArgumentValueName {
|
public override string ArgumentValueName {
|
||||||
|
@ -206,7 +206,7 @@ namespace de4dot {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
class NoArgOption : Option {
|
public class NoArgOption : Option {
|
||||||
Action action;
|
Action action;
|
||||||
bool triggered;
|
bool triggered;
|
||||||
|
|
||||||
|
@ -232,7 +232,7 @@ namespace de4dot {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
class OneArgOption : Option {
|
public class OneArgOption : Option {
|
||||||
Action<string> action;
|
Action<string> action;
|
||||||
string typeName;
|
string typeName;
|
||||||
|
|
||||||
|
|
|
@ -19,7 +19,7 @@
|
||||||
|
|
||||||
using System.IO;
|
using System.IO;
|
||||||
|
|
||||||
namespace de4dot.PE {
|
namespace de4dot.code.PE {
|
||||||
class Cor20Header : IFileLocation {
|
class Cor20Header : IFileLocation {
|
||||||
public uint cb;
|
public uint cb;
|
||||||
public ushort majorRuntimeVersion;
|
public ushort majorRuntimeVersion;
|
||||||
|
|
|
@ -19,7 +19,7 @@
|
||||||
|
|
||||||
using System.IO;
|
using System.IO;
|
||||||
|
|
||||||
namespace de4dot.PE {
|
namespace de4dot.code.PE {
|
||||||
struct DataDirectory {
|
struct DataDirectory {
|
||||||
public uint virtualAddress;
|
public uint virtualAddress;
|
||||||
public uint size;
|
public uint size;
|
||||||
|
|
|
@ -19,7 +19,7 @@
|
||||||
|
|
||||||
using System.IO;
|
using System.IO;
|
||||||
|
|
||||||
namespace de4dot.PE {
|
namespace de4dot.code.PE {
|
||||||
class DotNetStream : IFileLocation {
|
class DotNetStream : IFileLocation {
|
||||||
public string name;
|
public string name;
|
||||||
public uint fileOffset;
|
public uint fileOffset;
|
||||||
|
|
|
@ -19,7 +19,7 @@
|
||||||
|
|
||||||
using System.IO;
|
using System.IO;
|
||||||
|
|
||||||
namespace de4dot.PE {
|
namespace de4dot.code.PE {
|
||||||
enum Machine : ushort {
|
enum Machine : ushort {
|
||||||
i386 = 0x14C,
|
i386 = 0x14C,
|
||||||
ia64 = 0x200,
|
ia64 = 0x200,
|
||||||
|
|
|
@ -17,7 +17,7 @@
|
||||||
along with de4dot. If not, see <http://www.gnu.org/licenses/>.
|
along with de4dot. If not, see <http://www.gnu.org/licenses/>.
|
||||||
*/
|
*/
|
||||||
|
|
||||||
namespace de4dot.PE {
|
namespace de4dot.code.PE {
|
||||||
interface IFileLocation {
|
interface IFileLocation {
|
||||||
uint Offset { get; }
|
uint Offset { get; }
|
||||||
uint Length { get; }
|
uint Length { get; }
|
||||||
|
|
|
@ -21,7 +21,7 @@ using System;
|
||||||
using System.IO;
|
using System.IO;
|
||||||
using System.Text;
|
using System.Text;
|
||||||
|
|
||||||
namespace de4dot.PE {
|
namespace de4dot.code.PE {
|
||||||
class Metadata : IFileLocation {
|
class Metadata : IFileLocation {
|
||||||
uint magic;
|
uint magic;
|
||||||
ushort majorVersion, minorVersion;
|
ushort majorVersion, minorVersion;
|
||||||
|
|
|
@ -20,7 +20,7 @@
|
||||||
using System;
|
using System;
|
||||||
using System.IO;
|
using System.IO;
|
||||||
|
|
||||||
namespace de4dot.PE {
|
namespace de4dot.code.PE {
|
||||||
using MVT = MetadataVarType;
|
using MVT = MetadataVarType;
|
||||||
|
|
||||||
class MetadataTables {
|
class MetadataTables {
|
||||||
|
|
|
@ -19,7 +19,7 @@
|
||||||
|
|
||||||
using System.Collections.Generic;
|
using System.Collections.Generic;
|
||||||
|
|
||||||
namespace de4dot.PE {
|
namespace de4dot.code.PE {
|
||||||
enum MetadataIndex {
|
enum MetadataIndex {
|
||||||
iModule = 0,
|
iModule = 0,
|
||||||
iTypeRef = 1,
|
iTypeRef = 1,
|
||||||
|
|
|
@ -20,7 +20,7 @@
|
||||||
using System;
|
using System;
|
||||||
using System.Collections.Generic;
|
using System.Collections.Generic;
|
||||||
|
|
||||||
namespace de4dot.PE {
|
namespace de4dot.code.PE {
|
||||||
enum MetadataVarType {
|
enum MetadataVarType {
|
||||||
end,
|
end,
|
||||||
stop,
|
stop,
|
||||||
|
|
|
@ -19,7 +19,7 @@
|
||||||
|
|
||||||
using System.IO;
|
using System.IO;
|
||||||
|
|
||||||
namespace de4dot.PE {
|
namespace de4dot.code.PE {
|
||||||
class OptionalHeader : IFileLocation {
|
class OptionalHeader : IFileLocation {
|
||||||
public ushort magic;
|
public ushort magic;
|
||||||
public byte majorLinkerVersion;
|
public byte majorLinkerVersion;
|
||||||
|
|
|
@ -20,8 +20,8 @@
|
||||||
using System;
|
using System;
|
||||||
using System.IO;
|
using System.IO;
|
||||||
|
|
||||||
namespace de4dot.PE {
|
namespace de4dot.code.PE {
|
||||||
class PeImage {
|
public class PeImage {
|
||||||
BinaryReader reader;
|
BinaryReader reader;
|
||||||
BinaryWriter writer;
|
BinaryWriter writer;
|
||||||
FileHeader fileHeader;
|
FileHeader fileHeader;
|
||||||
|
@ -35,11 +35,11 @@ namespace de4dot.PE {
|
||||||
get { return reader; }
|
get { return reader; }
|
||||||
}
|
}
|
||||||
|
|
||||||
public Cor20Header Cor20Header {
|
internal Cor20Header Cor20Header {
|
||||||
get { return cor20Header; }
|
get { return cor20Header; }
|
||||||
}
|
}
|
||||||
|
|
||||||
public Resources Resources {
|
internal Resources Resources {
|
||||||
get { return resources; }
|
get { return resources; }
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -17,7 +17,7 @@
|
||||||
along with de4dot. If not, see <http://www.gnu.org/licenses/>.
|
along with de4dot. If not, see <http://www.gnu.org/licenses/>.
|
||||||
*/
|
*/
|
||||||
|
|
||||||
namespace de4dot.PE {
|
namespace de4dot.code.PE {
|
||||||
class ResourceData : ResourceDirectoryEntry {
|
class ResourceData : ResourceDirectoryEntry {
|
||||||
uint rva;
|
uint rva;
|
||||||
uint size;
|
uint size;
|
||||||
|
|
|
@ -19,7 +19,7 @@
|
||||||
|
|
||||||
using System.Collections.Generic;
|
using System.Collections.Generic;
|
||||||
|
|
||||||
namespace de4dot.PE {
|
namespace de4dot.code.PE {
|
||||||
class ResourceDirectory : ResourceDirectoryEntry {
|
class ResourceDirectory : ResourceDirectoryEntry {
|
||||||
Resources resources;
|
Resources resources;
|
||||||
int offset;
|
int offset;
|
||||||
|
|
|
@ -19,7 +19,7 @@
|
||||||
|
|
||||||
using System.Collections.Generic;
|
using System.Collections.Generic;
|
||||||
|
|
||||||
namespace de4dot.PE {
|
namespace de4dot.code.PE {
|
||||||
abstract class ResourceDirectoryEntry {
|
abstract class ResourceDirectoryEntry {
|
||||||
protected readonly string name;
|
protected readonly string name;
|
||||||
protected readonly int id;
|
protected readonly int id;
|
||||||
|
|
|
@ -20,7 +20,7 @@
|
||||||
using System.IO;
|
using System.IO;
|
||||||
using System.Text;
|
using System.Text;
|
||||||
|
|
||||||
namespace de4dot.PE {
|
namespace de4dot.code.PE {
|
||||||
class Resources {
|
class Resources {
|
||||||
BinaryReader reader;
|
BinaryReader reader;
|
||||||
uint startOffset;
|
uint startOffset;
|
||||||
|
|
|
@ -20,7 +20,7 @@
|
||||||
using System.IO;
|
using System.IO;
|
||||||
using System.Text;
|
using System.Text;
|
||||||
|
|
||||||
namespace de4dot.PE {
|
namespace de4dot.code.PE {
|
||||||
class SectionHeader : IFileLocation {
|
class SectionHeader : IFileLocation {
|
||||||
public byte[] name;
|
public byte[] name;
|
||||||
public uint virtualSize;
|
public uint virtualSize;
|
||||||
|
|
|
@ -21,10 +21,10 @@ using System;
|
||||||
using System.Collections.Generic;
|
using System.Collections.Generic;
|
||||||
using Mono.Cecil;
|
using Mono.Cecil;
|
||||||
using Mono.Cecil.Cil;
|
using Mono.Cecil.Cil;
|
||||||
using de4dot.AssemblyClient;
|
using de4dot.code.AssemblyClient;
|
||||||
using de4dot.blocks;
|
using de4dot.blocks;
|
||||||
|
|
||||||
namespace de4dot {
|
namespace de4dot.code {
|
||||||
abstract class StringDecrypter : MethodReturnValueInliner {
|
abstract class StringDecrypter : MethodReturnValueInliner {
|
||||||
protected override void inlineReturnValues(IList<CallResult> callResults) {
|
protected override void inlineReturnValues(IList<CallResult> callResults) {
|
||||||
foreach (var callResult in callResults) {
|
foreach (var callResult in callResults) {
|
||||||
|
|
|
@ -19,8 +19,8 @@
|
||||||
|
|
||||||
using System;
|
using System;
|
||||||
|
|
||||||
namespace de4dot {
|
namespace de4dot.code {
|
||||||
class UserException : Exception {
|
public class UserException : Exception {
|
||||||
public UserException(string message)
|
public UserException(string message)
|
||||||
: base(message) {
|
: base(message) {
|
||||||
}
|
}
|
||||||
|
|
|
@ -22,21 +22,16 @@ using System.Collections.Generic;
|
||||||
using System.IO;
|
using System.IO;
|
||||||
using System.Text;
|
using System.Text;
|
||||||
|
|
||||||
namespace de4dot {
|
namespace de4dot.code {
|
||||||
public enum StartUpArch {
|
|
||||||
x86,
|
|
||||||
x64,
|
|
||||||
}
|
|
||||||
|
|
||||||
// These are in .NET 3.5 and later...
|
// These are in .NET 3.5 and later...
|
||||||
internal delegate TResult Func<TResult>();
|
public delegate TResult Func<TResult>();
|
||||||
internal delegate TResult Func<T, TResult>(T arg);
|
public delegate TResult Func<T, TResult>(T arg);
|
||||||
internal delegate TResult Func<T1, T2, TResult>(T1 arg1, T2 arg2);
|
public delegate TResult Func<T1, T2, TResult>(T1 arg1, T2 arg2);
|
||||||
internal delegate TResult Func<T1, T2, T3, TResult>(T1 arg1, T2 arg2, T3 arg3);
|
public delegate TResult Func<T1, T2, T3, TResult>(T1 arg1, T2 arg2, T3 arg3);
|
||||||
internal delegate void Action();
|
public delegate void Action();
|
||||||
internal delegate void Action<T>(T arg);
|
public delegate void Action<T>(T arg);
|
||||||
internal delegate void Action<T1, T2>(T1 arg1, T2 arg2);
|
public delegate void Action<T1, T2>(T1 arg1, T2 arg2);
|
||||||
internal delegate void Action<T1, T2, T3>(T1 arg1, T2 arg2, T3 arg3);
|
public delegate void Action<T1, T2, T3>(T1 arg1, T2 arg2, T3 arg3);
|
||||||
|
|
||||||
class Tuple<T1, T2> {
|
class Tuple<T1, T2> {
|
||||||
public T1 Item1 { get; set; }
|
public T1 Item1 { get; set; }
|
||||||
|
@ -55,17 +50,8 @@ namespace de4dot {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
static class Utils {
|
public static class Utils {
|
||||||
static Random random = new Random();
|
static Random random = new Random();
|
||||||
public static StartUpArch startUpArch = StartUpArch.x86;
|
|
||||||
|
|
||||||
public static string getArchString(string x86, string x64) {
|
|
||||||
switch (startUpArch) {
|
|
||||||
case StartUpArch.x86: return x86;
|
|
||||||
case StartUpArch.x64: return x64;
|
|
||||||
default: throw new ApplicationException(string.Format("Invalid startUpArch {0}", startUpArch));
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
public static IEnumerable<T> unique<T>(IEnumerable<T> values) {
|
public static IEnumerable<T> unique<T>(IEnumerable<T> values) {
|
||||||
// HashSet is only available in .NET 3.5 and later.
|
// HashSet is only available in .NET 3.5 and later.
|
||||||
|
@ -172,20 +158,6 @@ namespace de4dot {
|
||||||
return Path.Combine(getOurBaseDir(), filename);
|
return Path.Combine(getOurBaseDir(), filename);
|
||||||
}
|
}
|
||||||
|
|
||||||
public static void printStackTrace(Exception ex, Log.LogLevel logLevel = Log.LogLevel.error) {
|
|
||||||
var line = new string('-', 78);
|
|
||||||
Log.log(logLevel, "\n\n");
|
|
||||||
Log.log(logLevel, line);
|
|
||||||
Log.log(logLevel, "Stack trace:\n{0}", ex.StackTrace);
|
|
||||||
Log.log(logLevel, "\n\nERROR: Caught an exception:\n");
|
|
||||||
Log.log(logLevel, line);
|
|
||||||
Log.log(logLevel, "Message:");
|
|
||||||
Log.log(logLevel, " {0}", ex.Message);
|
|
||||||
Log.log(logLevel, "Type:");
|
|
||||||
Log.log(logLevel, " {0}", ex.GetType());
|
|
||||||
Log.log(logLevel, line);
|
|
||||||
}
|
|
||||||
|
|
||||||
// This fixes a mono (tested 2.10.5) String.StartsWith() bug. NB: stringComparison must be
|
// This fixes a mono (tested 2.10.5) String.StartsWith() bug. NB: stringComparison must be
|
||||||
// Ordinal or OrdinalIgnoreCase!
|
// Ordinal or OrdinalIgnoreCase!
|
||||||
public static bool StartsWith(string left, string right, StringComparison stringComparison) {
|
public static bool StartsWith(string left, string right, StringComparison stringComparison) {
|
||||||
|
|
|
@ -8,7 +8,7 @@
|
||||||
<ProjectGuid>{4D10B9EB-3BF1-4D61-A389-CB019E8C9622}</ProjectGuid>
|
<ProjectGuid>{4D10B9EB-3BF1-4D61-A389-CB019E8C9622}</ProjectGuid>
|
||||||
<OutputType>Library</OutputType>
|
<OutputType>Library</OutputType>
|
||||||
<AppDesignerFolder>Properties</AppDesignerFolder>
|
<AppDesignerFolder>Properties</AppDesignerFolder>
|
||||||
<RootNamespace>de4dot</RootNamespace>
|
<RootNamespace>de4dot.code</RootNamespace>
|
||||||
<AssemblyName>de4dot.code</AssemblyName>
|
<AssemblyName>de4dot.code</AssemblyName>
|
||||||
<TargetFrameworkVersion>v2.0</TargetFrameworkVersion>
|
<TargetFrameworkVersion>v2.0</TargetFrameworkVersion>
|
||||||
<FileAlignment>512</FileAlignment>
|
<FileAlignment>512</FileAlignment>
|
||||||
|
@ -56,7 +56,6 @@
|
||||||
<Compile Include="AssemblyClient\NewProcessAssemblyServerLoader.cs" />
|
<Compile Include="AssemblyClient\NewProcessAssemblyServerLoader.cs" />
|
||||||
<Compile Include="AssemblyClient\SameAppDomainAssemblyServerLoader.cs" />
|
<Compile Include="AssemblyClient\SameAppDomainAssemblyServerLoader.cs" />
|
||||||
<Compile Include="AssemblyResolver.cs" />
|
<Compile Include="AssemblyResolver.cs" />
|
||||||
<Compile Include="CommandLineParser.cs" />
|
|
||||||
<Compile Include="deobfuscators\ArrayFinder.cs" />
|
<Compile Include="deobfuscators\ArrayFinder.cs" />
|
||||||
<Compile Include="deobfuscators\CliSecure\CliSecureRtType.cs" />
|
<Compile Include="deobfuscators\CliSecure\CliSecureRtType.cs" />
|
||||||
<Compile Include="deobfuscators\CliSecure\Deobfuscator.cs" />
|
<Compile Include="deobfuscators\CliSecure\Deobfuscator.cs" />
|
||||||
|
@ -121,7 +120,6 @@
|
||||||
<Compile Include="deobfuscators\Unknown\Deobfuscator.cs" />
|
<Compile Include="deobfuscators\Unknown\Deobfuscator.cs" />
|
||||||
<Compile Include="deobfuscators\Xenocode\Deobfuscator.cs" />
|
<Compile Include="deobfuscators\Xenocode\Deobfuscator.cs" />
|
||||||
<Compile Include="deobfuscators\Xenocode\StringDecrypter.cs" />
|
<Compile Include="deobfuscators\Xenocode\StringDecrypter.cs" />
|
||||||
<Compile Include="FilesDeobfuscator.cs" />
|
|
||||||
<Compile Include="IObfuscatedFile.cs" />
|
<Compile Include="IObfuscatedFile.cs" />
|
||||||
<Compile Include="Log.cs" />
|
<Compile Include="Log.cs" />
|
||||||
<Compile Include="AssemblyModule.cs" />
|
<Compile Include="AssemblyModule.cs" />
|
||||||
|
@ -145,7 +143,6 @@
|
||||||
<Compile Include="PE\Resources.cs" />
|
<Compile Include="PE\Resources.cs" />
|
||||||
<Compile Include="PE\SectionHeader.cs" />
|
<Compile Include="PE\SectionHeader.cs" />
|
||||||
<Compile Include="PE\DotNetStream.cs" />
|
<Compile Include="PE\DotNetStream.cs" />
|
||||||
<Compile Include="Program.cs" />
|
|
||||||
<Compile Include="Properties\AssemblyInfo.cs" />
|
<Compile Include="Properties\AssemblyInfo.cs" />
|
||||||
<Compile Include="renamer\asmmodules\EventDef.cs" />
|
<Compile Include="renamer\asmmodules\EventDef.cs" />
|
||||||
<Compile Include="renamer\asmmodules\ExternalAssemblies.cs" />
|
<Compile Include="renamer\asmmodules\ExternalAssemblies.cs" />
|
||||||
|
|
|
@ -23,7 +23,7 @@ using Mono.Cecil.Cil;
|
||||||
using de4dot.blocks;
|
using de4dot.blocks;
|
||||||
using de4dot.blocks.cflow;
|
using de4dot.blocks.cflow;
|
||||||
|
|
||||||
namespace de4dot.deobfuscators {
|
namespace de4dot.code.deobfuscators {
|
||||||
class ArrayFinder {
|
class ArrayFinder {
|
||||||
List<byte[]> arrays = new List<byte[]>();
|
List<byte[]> arrays = new List<byte[]>();
|
||||||
|
|
||||||
|
|
|
@ -20,7 +20,7 @@
|
||||||
using System;
|
using System;
|
||||||
using Mono.Cecil;
|
using Mono.Cecil;
|
||||||
|
|
||||||
namespace de4dot.deobfuscators.CliSecure {
|
namespace de4dot.code.deobfuscators.CliSecure {
|
||||||
class CliSecureRtType {
|
class CliSecureRtType {
|
||||||
ModuleDefinition module;
|
ModuleDefinition module;
|
||||||
TypeDefinition cliSecureRtType;
|
TypeDefinition cliSecureRtType;
|
||||||
|
|
|
@ -21,10 +21,10 @@ using System.Collections.Generic;
|
||||||
using Mono.Cecil;
|
using Mono.Cecil;
|
||||||
using Mono.MyStuff;
|
using Mono.MyStuff;
|
||||||
using de4dot.blocks;
|
using de4dot.blocks;
|
||||||
using de4dot.PE;
|
using de4dot.code.PE;
|
||||||
|
|
||||||
namespace de4dot.deobfuscators.CliSecure {
|
namespace de4dot.code.deobfuscators.CliSecure {
|
||||||
class DeobfuscatorInfo : DeobfuscatorInfoBase {
|
public class DeobfuscatorInfo : DeobfuscatorInfoBase {
|
||||||
public const string THE_NAME = "CliSecure";
|
public const string THE_NAME = "CliSecure";
|
||||||
public const string THE_TYPE = "cs";
|
public const string THE_TYPE = "cs";
|
||||||
const string DEFAULT_REGEX = @"[a-zA-Z_0-9>}$]$";
|
const string DEFAULT_REGEX = @"[a-zA-Z_0-9>}$]$";
|
||||||
|
|
|
@ -20,9 +20,9 @@
|
||||||
using System;
|
using System;
|
||||||
using System.Collections.Generic;
|
using System.Collections.Generic;
|
||||||
using Mono.MyStuff;
|
using Mono.MyStuff;
|
||||||
using de4dot.PE;
|
using de4dot.code.PE;
|
||||||
|
|
||||||
namespace de4dot.deobfuscators.CliSecure {
|
namespace de4dot.code.deobfuscators.CliSecure {
|
||||||
class CodeHeader {
|
class CodeHeader {
|
||||||
public byte[] signature;
|
public byte[] signature;
|
||||||
public byte[] decryptionKey;
|
public byte[] decryptionKey;
|
||||||
|
|
|
@ -23,7 +23,7 @@ using Mono.Cecil;
|
||||||
using Mono.Cecil.Cil;
|
using Mono.Cecil.Cil;
|
||||||
using de4dot.blocks;
|
using de4dot.blocks;
|
||||||
|
|
||||||
namespace de4dot.deobfuscators.CliSecure {
|
namespace de4dot.code.deobfuscators.CliSecure {
|
||||||
class ProxyDelegateFinder : ProxyDelegateFinderBase {
|
class ProxyDelegateFinder : ProxyDelegateFinderBase {
|
||||||
IList<MemberReference> memberReferences;
|
IList<MemberReference> memberReferences;
|
||||||
|
|
||||||
|
|
|
@ -23,7 +23,7 @@ using System.Text;
|
||||||
using Mono.Cecil;
|
using Mono.Cecil;
|
||||||
using de4dot.blocks;
|
using de4dot.blocks;
|
||||||
|
|
||||||
namespace de4dot.deobfuscators.CliSecure {
|
namespace de4dot.code.deobfuscators.CliSecure {
|
||||||
class ResourceDecrypter {
|
class ResourceDecrypter {
|
||||||
ModuleDefinition module;
|
ModuleDefinition module;
|
||||||
TypeDefinition rsrcType;
|
TypeDefinition rsrcType;
|
||||||
|
|
|
@ -21,7 +21,7 @@ using System;
|
||||||
using Mono.Cecil;
|
using Mono.Cecil;
|
||||||
using de4dot.blocks;
|
using de4dot.blocks;
|
||||||
|
|
||||||
namespace de4dot.deobfuscators.CliSecure {
|
namespace de4dot.code.deobfuscators.CliSecure {
|
||||||
class StackFrameHelper {
|
class StackFrameHelper {
|
||||||
ModuleDefinition module;
|
ModuleDefinition module;
|
||||||
TypeDefinition stackFrameHelperType;
|
TypeDefinition stackFrameHelperType;
|
||||||
|
|
|
@ -21,7 +21,7 @@ using System;
|
||||||
using System.Text;
|
using System.Text;
|
||||||
using Mono.Cecil;
|
using Mono.Cecil;
|
||||||
|
|
||||||
namespace de4dot.deobfuscators.CliSecure {
|
namespace de4dot.code.deobfuscators.CliSecure {
|
||||||
class StringDecrypter {
|
class StringDecrypter {
|
||||||
ModuleDefinition module;
|
ModuleDefinition module;
|
||||||
TypeDefinition stringDecrypterType;
|
TypeDefinition stringDecrypterType;
|
||||||
|
|
|
@ -20,7 +20,7 @@
|
||||||
using Mono.Cecil;
|
using Mono.Cecil;
|
||||||
using de4dot.blocks;
|
using de4dot.blocks;
|
||||||
|
|
||||||
namespace de4dot.deobfuscators.CryptoObfuscator {
|
namespace de4dot.code.deobfuscators.CryptoObfuscator {
|
||||||
class AntiDebugger {
|
class AntiDebugger {
|
||||||
ModuleDefinition module;
|
ModuleDefinition module;
|
||||||
ISimpleDeobfuscator simpleDeobfuscator;
|
ISimpleDeobfuscator simpleDeobfuscator;
|
||||||
|
|
|
@ -24,7 +24,7 @@ using Mono.Cecil;
|
||||||
using Mono.Cecil.Cil;
|
using Mono.Cecil.Cil;
|
||||||
using de4dot.blocks;
|
using de4dot.blocks;
|
||||||
|
|
||||||
namespace de4dot.deobfuscators.CryptoObfuscator {
|
namespace de4dot.code.deobfuscators.CryptoObfuscator {
|
||||||
class AssemblyResolver {
|
class AssemblyResolver {
|
||||||
ModuleDefinition module;
|
ModuleDefinition module;
|
||||||
TypeDefinition resolverType;
|
TypeDefinition resolverType;
|
||||||
|
|
|
@ -22,8 +22,8 @@ using System.Text.RegularExpressions;
|
||||||
using Mono.Cecil;
|
using Mono.Cecil;
|
||||||
using de4dot.blocks;
|
using de4dot.blocks;
|
||||||
|
|
||||||
namespace de4dot.deobfuscators.CryptoObfuscator {
|
namespace de4dot.code.deobfuscators.CryptoObfuscator {
|
||||||
class DeobfuscatorInfo : DeobfuscatorInfoBase {
|
public class DeobfuscatorInfo : DeobfuscatorInfoBase {
|
||||||
public const string THE_NAME = "Crypto Obfuscator";
|
public const string THE_NAME = "Crypto Obfuscator";
|
||||||
public const string THE_TYPE = "co";
|
public const string THE_TYPE = "co";
|
||||||
const string DEFAULT_REGEX = @"!^(get_|set_|add_|remove_)?[A-Z]{1,3}(?:`\d+)?$&!^(get_|set_|add_|remove_)?c[0-9a-f]{32}(?:`\d+)?$&" + DeobfuscatorBase.DEFAULT_VALID_NAME_REGEX;
|
const string DEFAULT_REGEX = @"!^(get_|set_|add_|remove_)?[A-Z]{1,3}(?:`\d+)?$&!^(get_|set_|add_|remove_)?c[0-9a-f]{32}(?:`\d+)?$&" + DeobfuscatorBase.DEFAULT_VALID_NAME_REGEX;
|
||||||
|
|
|
@ -23,7 +23,7 @@ using Mono.Cecil;
|
||||||
using Mono.Cecil.Cil;
|
using Mono.Cecil.Cil;
|
||||||
using de4dot.blocks;
|
using de4dot.blocks;
|
||||||
|
|
||||||
namespace de4dot.deobfuscators.CryptoObfuscator {
|
namespace de4dot.code.deobfuscators.CryptoObfuscator {
|
||||||
class ProxyDelegateFinder : ProxyDelegateFinderBase {
|
class ProxyDelegateFinder : ProxyDelegateFinderBase {
|
||||||
Dictionary<MethodDefinition, ProxyCreatorType> methodToType = new Dictionary<MethodDefinition, ProxyCreatorType>();
|
Dictionary<MethodDefinition, ProxyCreatorType> methodToType = new Dictionary<MethodDefinition, ProxyCreatorType>();
|
||||||
|
|
||||||
|
|
|
@ -23,7 +23,7 @@ using System.IO.Compression;
|
||||||
using System.Security.Cryptography;
|
using System.Security.Cryptography;
|
||||||
using Mono.Cecil;
|
using Mono.Cecil;
|
||||||
|
|
||||||
namespace de4dot.deobfuscators.CryptoObfuscator {
|
namespace de4dot.code.deobfuscators.CryptoObfuscator {
|
||||||
class ResourceDecrypter {
|
class ResourceDecrypter {
|
||||||
const int BUFLEN = 0x8000;
|
const int BUFLEN = 0x8000;
|
||||||
ModuleDefinition module;
|
ModuleDefinition module;
|
||||||
|
|
|
@ -22,7 +22,7 @@ using Mono.Cecil;
|
||||||
using Mono.Cecil.Cil;
|
using Mono.Cecil.Cil;
|
||||||
using de4dot.blocks;
|
using de4dot.blocks;
|
||||||
|
|
||||||
namespace de4dot.deobfuscators.CryptoObfuscator {
|
namespace de4dot.code.deobfuscators.CryptoObfuscator {
|
||||||
class ResourceResolver {
|
class ResourceResolver {
|
||||||
ModuleDefinition module;
|
ModuleDefinition module;
|
||||||
ResourceDecrypter resourceDecrypter;
|
ResourceDecrypter resourceDecrypter;
|
||||||
|
|
|
@ -21,7 +21,7 @@ using System.Text;
|
||||||
using Mono.Cecil;
|
using Mono.Cecil;
|
||||||
using de4dot.blocks;
|
using de4dot.blocks;
|
||||||
|
|
||||||
namespace de4dot.deobfuscators.CryptoObfuscator {
|
namespace de4dot.code.deobfuscators.CryptoObfuscator {
|
||||||
class StringDecrypter {
|
class StringDecrypter {
|
||||||
ModuleDefinition module;
|
ModuleDefinition module;
|
||||||
EmbeddedResource stringResource;
|
EmbeddedResource stringResource;
|
||||||
|
|
|
@ -20,7 +20,7 @@
|
||||||
using Mono.Cecil;
|
using Mono.Cecil;
|
||||||
using de4dot.blocks;
|
using de4dot.blocks;
|
||||||
|
|
||||||
namespace de4dot.deobfuscators.CryptoObfuscator {
|
namespace de4dot.code.deobfuscators.CryptoObfuscator {
|
||||||
class TamperDetection {
|
class TamperDetection {
|
||||||
ModuleDefinition module;
|
ModuleDefinition module;
|
||||||
TypeDefinition tamperType;
|
TypeDefinition tamperType;
|
||||||
|
|
|
@ -21,7 +21,7 @@ using System;
|
||||||
using System.IO;
|
using System.IO;
|
||||||
using Mono.Cecil;
|
using Mono.Cecil;
|
||||||
|
|
||||||
namespace de4dot.deobfuscators {
|
namespace de4dot.code.deobfuscators {
|
||||||
static class DeobUtils {
|
static class DeobUtils {
|
||||||
public static void decryptAndAddResources(ModuleDefinition module, string encryptedName, Func<byte[]> decryptResource) {
|
public static void decryptAndAddResources(ModuleDefinition module, string encryptedName, Func<byte[]> decryptResource) {
|
||||||
Log.v("Decrypting resources, name: {0}", Utils.toCsharpString(encryptedName));
|
Log.v("Decrypting resources, name: {0}", Utils.toCsharpString(encryptedName));
|
||||||
|
|
|
@ -23,9 +23,9 @@ using Mono.Cecil;
|
||||||
using Mono.Cecil.Cil;
|
using Mono.Cecil.Cil;
|
||||||
using Mono.MyStuff;
|
using Mono.MyStuff;
|
||||||
using de4dot.blocks;
|
using de4dot.blocks;
|
||||||
using de4dot.PE;
|
using de4dot.code.PE;
|
||||||
|
|
||||||
namespace de4dot.deobfuscators {
|
namespace de4dot.code.deobfuscators {
|
||||||
abstract class DeobfuscatorBase : IDeobfuscator, IWriterListener {
|
abstract class DeobfuscatorBase : IDeobfuscator, IWriterListener {
|
||||||
public const string DEFAULT_VALID_NAME_REGEX = @"^[a-zA-Z_<{$][a-zA-Z_0-9<>{}$.`-]*$";
|
public const string DEFAULT_VALID_NAME_REGEX = @"^[a-zA-Z_<{$][a-zA-Z_0-9<>{}$.`-]*$";
|
||||||
|
|
||||||
|
|
|
@ -19,8 +19,8 @@
|
||||||
|
|
||||||
using System.Collections.Generic;
|
using System.Collections.Generic;
|
||||||
|
|
||||||
namespace de4dot.deobfuscators {
|
namespace de4dot.code.deobfuscators {
|
||||||
abstract class DeobfuscatorInfoBase : IDeobfuscatorInfo {
|
public abstract class DeobfuscatorInfoBase : IDeobfuscatorInfo {
|
||||||
protected NameRegexOption validNameRegex;
|
protected NameRegexOption validNameRegex;
|
||||||
|
|
||||||
public DeobfuscatorInfoBase(string nameRegex = null) {
|
public DeobfuscatorInfoBase(string nameRegex = null) {
|
||||||
|
|
|
@ -22,8 +22,8 @@ using Mono.Cecil;
|
||||||
using Mono.Cecil.Cil;
|
using Mono.Cecil.Cil;
|
||||||
using de4dot.blocks;
|
using de4dot.blocks;
|
||||||
|
|
||||||
namespace de4dot.deobfuscators.Dotfuscator {
|
namespace de4dot.code.deobfuscators.Dotfuscator {
|
||||||
class DeobfuscatorInfo : DeobfuscatorInfoBase {
|
public class DeobfuscatorInfo : DeobfuscatorInfoBase {
|
||||||
public const string THE_NAME = "Dotfuscator";
|
public const string THE_NAME = "Dotfuscator";
|
||||||
public const string THE_TYPE = "df";
|
public const string THE_TYPE = "df";
|
||||||
const string DEFAULT_REGEX = @"!^[a-z][a-z0-9]{0,2}$&!^A_[0-9]+$&" + DeobfuscatorBase.DEFAULT_VALID_NAME_REGEX;
|
const string DEFAULT_REGEX = @"!^[a-z][a-z0-9]{0,2}$&!^A_[0-9]+$&" + DeobfuscatorBase.DEFAULT_VALID_NAME_REGEX;
|
||||||
|
|
|
@ -22,8 +22,8 @@ using Mono.Cecil;
|
||||||
using Mono.Cecil.Cil;
|
using Mono.Cecil.Cil;
|
||||||
using de4dot.blocks;
|
using de4dot.blocks;
|
||||||
|
|
||||||
namespace de4dot.deobfuscators.Eazfuscator {
|
namespace de4dot.code.deobfuscators.Eazfuscator {
|
||||||
class DeobfuscatorInfo : DeobfuscatorInfoBase {
|
public class DeobfuscatorInfo : DeobfuscatorInfoBase {
|
||||||
public const string THE_NAME = "Eazfuscator.NET";
|
public const string THE_NAME = "Eazfuscator.NET";
|
||||||
public const string THE_TYPE = "ef";
|
public const string THE_TYPE = "ef";
|
||||||
const string DEFAULT_REGEX = @"!^#=&!^dje_.+_ejd$&" + DeobfuscatorBase.DEFAULT_VALID_NAME_REGEX;
|
const string DEFAULT_REGEX = @"!^#=&!^dje_.+_ejd$&" + DeobfuscatorBase.DEFAULT_VALID_NAME_REGEX;
|
||||||
|
|
|
@ -22,7 +22,7 @@ using Mono.Cecil;
|
||||||
using Mono.Cecil.Cil;
|
using Mono.Cecil.Cil;
|
||||||
using de4dot.blocks;
|
using de4dot.blocks;
|
||||||
|
|
||||||
namespace de4dot.deobfuscators {
|
namespace de4dot.code.deobfuscators {
|
||||||
class ExceptionLoggerRemover {
|
class ExceptionLoggerRemover {
|
||||||
Dictionary<MethodReference, bool> exceptionLoggerMethods = new Dictionary<MethodReference, bool>();
|
Dictionary<MethodReference, bool> exceptionLoggerMethods = new Dictionary<MethodReference, bool>();
|
||||||
|
|
||||||
|
|
|
@ -17,8 +17,8 @@
|
||||||
along with de4dot. If not, see <http://www.gnu.org/licenses/>.
|
along with de4dot. If not, see <http://www.gnu.org/licenses/>.
|
||||||
*/
|
*/
|
||||||
|
|
||||||
namespace de4dot.deobfuscators {
|
namespace de4dot.code.deobfuscators {
|
||||||
interface IDeobfuscatedFile : ISimpleDeobfuscator {
|
public interface IDeobfuscatedFile : ISimpleDeobfuscator {
|
||||||
void createAssemblyFile(byte[] data, string assemblyName, string extension = null);
|
void createAssemblyFile(byte[] data, string assemblyName, string extension = null);
|
||||||
void stringDecryptersAdded();
|
void stringDecryptersAdded();
|
||||||
}
|
}
|
||||||
|
|
|
@ -22,11 +22,11 @@ using System.Collections.Generic;
|
||||||
using Mono.Cecil;
|
using Mono.Cecil;
|
||||||
using Mono.MyStuff;
|
using Mono.MyStuff;
|
||||||
using de4dot.blocks;
|
using de4dot.blocks;
|
||||||
using de4dot.renamer;
|
using de4dot.code.renamer;
|
||||||
using de4dot.PE;
|
using de4dot.code.PE;
|
||||||
|
|
||||||
namespace de4dot.deobfuscators {
|
namespace de4dot.code.deobfuscators {
|
||||||
interface IDeobfuscatorOptions {
|
public interface IDeobfuscatorOptions {
|
||||||
bool RenameResourcesInCode { get; }
|
bool RenameResourcesInCode { get; }
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -39,7 +39,7 @@ namespace de4dot.deobfuscators {
|
||||||
}
|
}
|
||||||
|
|
||||||
[Flags]
|
[Flags]
|
||||||
enum StringFeatures {
|
public enum StringFeatures {
|
||||||
AllowNoDecryption = 1,
|
AllowNoDecryption = 1,
|
||||||
AllowStaticDecryption = 2,
|
AllowStaticDecryption = 2,
|
||||||
AllowDynamicDecryption = 4,
|
AllowDynamicDecryption = 4,
|
||||||
|
@ -47,11 +47,11 @@ namespace de4dot.deobfuscators {
|
||||||
}
|
}
|
||||||
|
|
||||||
[Flags]
|
[Flags]
|
||||||
enum RenamingOptions {
|
public enum RenamingOptions {
|
||||||
RemoveNamespaceIfOneType = 1,
|
RemoveNamespaceIfOneType = 1,
|
||||||
}
|
}
|
||||||
|
|
||||||
interface IDeobfuscator : INameChecker {
|
public interface IDeobfuscator : INameChecker {
|
||||||
string Type { get; }
|
string Type { get; }
|
||||||
string TypeLong { get; }
|
string TypeLong { get; }
|
||||||
string Name { get; }
|
string Name { get; }
|
||||||
|
|
|
@ -19,8 +19,8 @@
|
||||||
|
|
||||||
using System.Collections.Generic;
|
using System.Collections.Generic;
|
||||||
|
|
||||||
namespace de4dot.deobfuscators {
|
namespace de4dot.code.deobfuscators {
|
||||||
interface IDeobfuscatorInfo {
|
public interface IDeobfuscatorInfo {
|
||||||
string Type { get; }
|
string Type { get; }
|
||||||
string Name { get; }
|
string Name { get; }
|
||||||
IDeobfuscator createDeobfuscator();
|
IDeobfuscator createDeobfuscator();
|
||||||
|
|
|
@ -19,8 +19,8 @@
|
||||||
|
|
||||||
using Mono.Cecil;
|
using Mono.Cecil;
|
||||||
|
|
||||||
namespace de4dot.deobfuscators {
|
namespace de4dot.code.deobfuscators {
|
||||||
interface ISimpleDeobfuscator {
|
public interface ISimpleDeobfuscator {
|
||||||
void deobfuscate(MethodDefinition method);
|
void deobfuscate(MethodDefinition method);
|
||||||
void decryptStrings(MethodDefinition method, IDeobfuscator deob);
|
void decryptStrings(MethodDefinition method, IDeobfuscator deob);
|
||||||
}
|
}
|
||||||
|
|
|
@ -17,14 +17,14 @@
|
||||||
along with de4dot. If not, see <http://www.gnu.org/licenses/>.
|
along with de4dot. If not, see <http://www.gnu.org/licenses/>.
|
||||||
*/
|
*/
|
||||||
|
|
||||||
namespace de4dot.deobfuscators {
|
namespace de4dot.code.deobfuscators {
|
||||||
enum OpDecryptString {
|
public enum OpDecryptString {
|
||||||
None,
|
None,
|
||||||
Static,
|
Static,
|
||||||
Dynamic,
|
Dynamic,
|
||||||
}
|
}
|
||||||
|
|
||||||
interface IOperations {
|
public interface IOperations {
|
||||||
bool KeepObfuscatorTypes { get; }
|
bool KeepObfuscatorTypes { get; }
|
||||||
OpDecryptString DecryptStrings { get; }
|
OpDecryptString DecryptStrings { get; }
|
||||||
}
|
}
|
||||||
|
|
|
@ -23,7 +23,7 @@ using Mono.Cecil;
|
||||||
using Mono.Cecil.Cil;
|
using Mono.Cecil.Cil;
|
||||||
using de4dot.blocks;
|
using de4dot.blocks;
|
||||||
|
|
||||||
namespace de4dot.deobfuscators {
|
namespace de4dot.code.deobfuscators {
|
||||||
abstract class ProxyDelegateFinderBase {
|
abstract class ProxyDelegateFinderBase {
|
||||||
protected ModuleDefinition module;
|
protected ModuleDefinition module;
|
||||||
protected List<MethodDefinition> delegateCreatorMethods = new List<MethodDefinition>();
|
protected List<MethodDefinition> delegateCreatorMethods = new List<MethodDefinition>();
|
||||||
|
|
|
@ -21,7 +21,7 @@ using System.Collections.Generic;
|
||||||
using System.Text;
|
using System.Text;
|
||||||
using System.Text.RegularExpressions;
|
using System.Text.RegularExpressions;
|
||||||
|
|
||||||
namespace de4dot.deobfuscators {
|
namespace de4dot.code.deobfuscators {
|
||||||
static class RandomNameChecker {
|
static class RandomNameChecker {
|
||||||
static Regex noUpper = new Regex(@"^[^A-Z]+$");
|
static Regex noUpper = new Regex(@"^[^A-Z]+$");
|
||||||
static Regex allUpper = new Regex(@"^[A-Z]+$");
|
static Regex allUpper = new Regex(@"^[A-Z]+$");
|
||||||
|
|
|
@ -21,7 +21,7 @@ using System;
|
||||||
using System.Collections.Generic;
|
using System.Collections.Generic;
|
||||||
using Mono.Cecil;
|
using Mono.Cecil;
|
||||||
|
|
||||||
namespace de4dot.deobfuscators.SmartAssembly {
|
namespace de4dot.code.deobfuscators.SmartAssembly {
|
||||||
class AssemblyResolver {
|
class AssemblyResolver {
|
||||||
ResourceDecrypter resourceDecrypter;
|
ResourceDecrypter resourceDecrypter;
|
||||||
AssemblyResolverInfo assemblyResolverInfo;
|
AssemblyResolverInfo assemblyResolverInfo;
|
||||||
|
|
|
@ -24,7 +24,7 @@ using Mono.Cecil;
|
||||||
using Mono.Cecil.Cil;
|
using Mono.Cecil.Cil;
|
||||||
using de4dot.blocks;
|
using de4dot.blocks;
|
||||||
|
|
||||||
namespace de4dot.deobfuscators.SmartAssembly {
|
namespace de4dot.code.deobfuscators.SmartAssembly {
|
||||||
public class EmbeddedAssemblyInfo {
|
public class EmbeddedAssemblyInfo {
|
||||||
public string assemblyName;
|
public string assemblyName;
|
||||||
public string simpleName;
|
public string simpleName;
|
||||||
|
|
|
@ -22,7 +22,7 @@ using Mono.Cecil;
|
||||||
using Mono.Cecil.Cil;
|
using Mono.Cecil.Cil;
|
||||||
using de4dot.blocks;
|
using de4dot.blocks;
|
||||||
|
|
||||||
namespace de4dot.deobfuscators.SmartAssembly {
|
namespace de4dot.code.deobfuscators.SmartAssembly {
|
||||||
class AutomatedErrorReportingFinder {
|
class AutomatedErrorReportingFinder {
|
||||||
ModuleDefinition module;
|
ModuleDefinition module;
|
||||||
ExceptionLoggerRemover exceptionLoggerRemover = new ExceptionLoggerRemover();
|
ExceptionLoggerRemover exceptionLoggerRemover = new ExceptionLoggerRemover();
|
||||||
|
|
|
@ -28,8 +28,8 @@ using de4dot.blocks;
|
||||||
// SmartAssembly can add so much junk that it's very difficult to find and remove all of it.
|
// SmartAssembly can add so much junk that it's very difficult to find and remove all of it.
|
||||||
// I remove some safe types that are almost guaranteed not to have any references in the code.
|
// I remove some safe types that are almost guaranteed not to have any references in the code.
|
||||||
|
|
||||||
namespace de4dot.deobfuscators.SmartAssembly {
|
namespace de4dot.code.deobfuscators.SmartAssembly {
|
||||||
class DeobfuscatorInfo : DeobfuscatorInfoBase {
|
public class DeobfuscatorInfo : DeobfuscatorInfoBase {
|
||||||
public const string THE_NAME = "SmartAssembly";
|
public const string THE_NAME = "SmartAssembly";
|
||||||
public const string THE_TYPE = "sa";
|
public const string THE_TYPE = "sa";
|
||||||
BoolOption removeAutomatedErrorReporting;
|
BoolOption removeAutomatedErrorReporting;
|
||||||
|
|
|
@ -20,7 +20,7 @@
|
||||||
using Mono.Cecil;
|
using Mono.Cecil;
|
||||||
using de4dot.blocks;
|
using de4dot.blocks;
|
||||||
|
|
||||||
namespace de4dot.deobfuscators.SmartAssembly {
|
namespace de4dot.code.deobfuscators.SmartAssembly {
|
||||||
class MemoryManagerInfo {
|
class MemoryManagerInfo {
|
||||||
ModuleDefinition module;
|
ModuleDefinition module;
|
||||||
TypeDefinition memoryManagerType;
|
TypeDefinition memoryManagerType;
|
||||||
|
|
|
@ -23,7 +23,7 @@ using Mono.Cecil;
|
||||||
using Mono.Cecil.Cil;
|
using Mono.Cecil.Cil;
|
||||||
using de4dot.blocks;
|
using de4dot.blocks;
|
||||||
|
|
||||||
namespace de4dot.deobfuscators.SmartAssembly {
|
namespace de4dot.code.deobfuscators.SmartAssembly {
|
||||||
class ProxyDelegateFinder : ProxyDelegateFinderBase {
|
class ProxyDelegateFinder : ProxyDelegateFinderBase {
|
||||||
static readonly Dictionary<char, int> specialCharsDict = new Dictionary<char, int>();
|
static readonly Dictionary<char, int> specialCharsDict = new Dictionary<char, int>();
|
||||||
static readonly char[] specialChars = new char[] {
|
static readonly char[] specialChars = new char[] {
|
||||||
|
|
|
@ -22,7 +22,7 @@ using Mono.Cecil;
|
||||||
using Mono.Cecil.Cil;
|
using Mono.Cecil.Cil;
|
||||||
using de4dot.blocks;
|
using de4dot.blocks;
|
||||||
|
|
||||||
namespace de4dot.deobfuscators.SmartAssembly {
|
namespace de4dot.code.deobfuscators.SmartAssembly {
|
||||||
abstract class ResolverInfoBase {
|
abstract class ResolverInfoBase {
|
||||||
protected ModuleDefinition module;
|
protected ModuleDefinition module;
|
||||||
ISimpleDeobfuscator simpleDeobfuscator;
|
ISimpleDeobfuscator simpleDeobfuscator;
|
||||||
|
|
|
@ -23,7 +23,7 @@ using System.Security.Cryptography;
|
||||||
using Mono.Cecil;
|
using Mono.Cecil;
|
||||||
using ICSharpCode.SharpZipLib.Zip.Compression;
|
using ICSharpCode.SharpZipLib.Zip.Compression;
|
||||||
|
|
||||||
namespace de4dot.deobfuscators.SmartAssembly {
|
namespace de4dot.code.deobfuscators.SmartAssembly {
|
||||||
class ResourceDecrypter {
|
class ResourceDecrypter {
|
||||||
ResourceDecrypterInfo resourceDecrypterInfo;
|
ResourceDecrypterInfo resourceDecrypterInfo;
|
||||||
|
|
||||||
|
|
|
@ -22,7 +22,7 @@ using Mono.Cecil;
|
||||||
using Mono.Cecil.Cil;
|
using Mono.Cecil.Cil;
|
||||||
using de4dot.blocks;
|
using de4dot.blocks;
|
||||||
|
|
||||||
namespace de4dot.deobfuscators.SmartAssembly {
|
namespace de4dot.code.deobfuscators.SmartAssembly {
|
||||||
class ResourceDecrypterInfo {
|
class ResourceDecrypterInfo {
|
||||||
ModuleDefinition module;
|
ModuleDefinition module;
|
||||||
TypeDefinition simpleZipType;
|
TypeDefinition simpleZipType;
|
||||||
|
|
|
@ -22,7 +22,7 @@ using System.IO;
|
||||||
using Mono.Cecil;
|
using Mono.Cecil;
|
||||||
using de4dot.blocks;
|
using de4dot.blocks;
|
||||||
|
|
||||||
namespace de4dot.deobfuscators.SmartAssembly {
|
namespace de4dot.code.deobfuscators.SmartAssembly {
|
||||||
class ResourceResolver {
|
class ResourceResolver {
|
||||||
ModuleDefinition module;
|
ModuleDefinition module;
|
||||||
AssemblyResolver assemblyResolver;
|
AssemblyResolver assemblyResolver;
|
||||||
|
|
|
@ -21,7 +21,7 @@ using Mono.Cecil;
|
||||||
using Mono.Cecil.Cil;
|
using Mono.Cecil.Cil;
|
||||||
using de4dot.blocks;
|
using de4dot.blocks;
|
||||||
|
|
||||||
namespace de4dot.deobfuscators.SmartAssembly {
|
namespace de4dot.code.deobfuscators.SmartAssembly {
|
||||||
class ResourceResolverInfo : ResolverInfoBase {
|
class ResourceResolverInfo : ResolverInfoBase {
|
||||||
EmbeddedAssemblyInfo resourceInfo;
|
EmbeddedAssemblyInfo resourceInfo;
|
||||||
AssemblyResolverInfo assemblyResolverInfo;
|
AssemblyResolverInfo assemblyResolverInfo;
|
||||||
|
|
|
@ -20,7 +20,7 @@
|
||||||
using Mono.Cecil;
|
using Mono.Cecil;
|
||||||
using de4dot.blocks;
|
using de4dot.blocks;
|
||||||
|
|
||||||
namespace de4dot.deobfuscators.SmartAssembly {
|
namespace de4dot.code.deobfuscators.SmartAssembly {
|
||||||
class SimpleZipInfo {
|
class SimpleZipInfo {
|
||||||
|
|
||||||
public static bool isSimpleZipDecryptMethod_QuickCheck(ModuleDefinition module, MethodReference method, out TypeDefinition simpleZipType) {
|
public static bool isSimpleZipDecryptMethod_QuickCheck(ModuleDefinition module, MethodReference method, out TypeDefinition simpleZipType) {
|
||||||
|
|
|
@ -20,7 +20,7 @@
|
||||||
using System;
|
using System;
|
||||||
using System.Text;
|
using System.Text;
|
||||||
|
|
||||||
namespace de4dot.deobfuscators.SmartAssembly {
|
namespace de4dot.code.deobfuscators.SmartAssembly {
|
||||||
class StringDecrypter {
|
class StringDecrypter {
|
||||||
int stringOffset;
|
int stringOffset;
|
||||||
byte[] decryptedData;
|
byte[] decryptedData;
|
||||||
|
|
|
@ -23,7 +23,7 @@ using Mono.Cecil;
|
||||||
using Mono.Cecil.Cil;
|
using Mono.Cecil.Cil;
|
||||||
using de4dot.blocks;
|
using de4dot.blocks;
|
||||||
|
|
||||||
namespace de4dot.deobfuscators.SmartAssembly {
|
namespace de4dot.code.deobfuscators.SmartAssembly {
|
||||||
class StringDecrypterInfo {
|
class StringDecrypterInfo {
|
||||||
ModuleDefinition module;
|
ModuleDefinition module;
|
||||||
ResourceDecrypter resourceDecrypter;
|
ResourceDecrypter resourceDecrypter;
|
||||||
|
|
|
@ -22,7 +22,7 @@ using Mono.Cecil;
|
||||||
using Mono.Cecil.Cil;
|
using Mono.Cecil.Cil;
|
||||||
using de4dot.blocks;
|
using de4dot.blocks;
|
||||||
|
|
||||||
namespace de4dot.deobfuscators.SmartAssembly {
|
namespace de4dot.code.deobfuscators.SmartAssembly {
|
||||||
class StringsEncoderInfo {
|
class StringsEncoderInfo {
|
||||||
// SmartAssembly.HouseOfCards.Strings, the class that creates the string decrypter
|
// SmartAssembly.HouseOfCards.Strings, the class that creates the string decrypter
|
||||||
// delegates
|
// delegates
|
||||||
|
|
|
@ -23,7 +23,7 @@ using Mono.Cecil;
|
||||||
using Mono.Cecil.Cil;
|
using Mono.Cecil.Cil;
|
||||||
using de4dot.blocks;
|
using de4dot.blocks;
|
||||||
|
|
||||||
namespace de4dot.deobfuscators.SmartAssembly {
|
namespace de4dot.code.deobfuscators.SmartAssembly {
|
||||||
class TamperProtectionRemover {
|
class TamperProtectionRemover {
|
||||||
ModuleDefinition module;
|
ModuleDefinition module;
|
||||||
List<MethodDefinition> pinvokeMethods = new List<MethodDefinition>();
|
List<MethodDefinition> pinvokeMethods = new List<MethodDefinition>();
|
||||||
|
|
|
@ -22,7 +22,7 @@ using System.Collections.Generic;
|
||||||
using Mono.Cecil;
|
using Mono.Cecil;
|
||||||
using Mono.Cecil.Cil;
|
using Mono.Cecil.Cil;
|
||||||
|
|
||||||
namespace de4dot.deobfuscators {
|
namespace de4dot.code.deobfuscators {
|
||||||
class StringCounts {
|
class StringCounts {
|
||||||
Dictionary<string, int> strings = new Dictionary<string, int>(StringComparer.Ordinal);
|
Dictionary<string, int> strings = new Dictionary<string, int>(StringComparer.Ordinal);
|
||||||
|
|
||||||
|
|
|
@ -22,7 +22,7 @@ using Mono.Cecil;
|
||||||
using Mono.Cecil.Cil;
|
using Mono.Cecil.Cil;
|
||||||
using de4dot.blocks;
|
using de4dot.blocks;
|
||||||
|
|
||||||
namespace de4dot.deobfuscators {
|
namespace de4dot.code.deobfuscators {
|
||||||
// Restore the type of all fields / parameters that have had their type turned into object.
|
// Restore the type of all fields / parameters that have had their type turned into object.
|
||||||
// This thing requires a lot more code than I have time to do now (similar to symbol renaming)
|
// This thing requires a lot more code than I have time to do now (similar to symbol renaming)
|
||||||
// so it will be a basic implementation only.
|
// so it will be a basic implementation only.
|
||||||
|
|
|
@ -19,8 +19,8 @@
|
||||||
|
|
||||||
using System.Text.RegularExpressions;
|
using System.Text.RegularExpressions;
|
||||||
|
|
||||||
namespace de4dot.deobfuscators.Unknown {
|
namespace de4dot.code.deobfuscators.Unknown {
|
||||||
class DeobfuscatorInfo : DeobfuscatorInfoBase {
|
public class DeobfuscatorInfo : DeobfuscatorInfoBase {
|
||||||
public const string THE_NAME = "Unknown";
|
public const string THE_NAME = "Unknown";
|
||||||
public const string THE_TYPE = "un";
|
public const string THE_TYPE = "un";
|
||||||
public DeobfuscatorInfo()
|
public DeobfuscatorInfo()
|
||||||
|
@ -61,7 +61,7 @@ namespace de4dot.deobfuscators.Unknown {
|
||||||
get { return obfuscatorName ?? "Unknown Obfuscator"; }
|
get { return obfuscatorName ?? "Unknown Obfuscator"; }
|
||||||
}
|
}
|
||||||
|
|
||||||
public Deobfuscator(Options options)
|
internal Deobfuscator(Options options)
|
||||||
: base(options) {
|
: base(options) {
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -20,8 +20,8 @@
|
||||||
using System.Collections.Generic;
|
using System.Collections.Generic;
|
||||||
using Mono.Cecil;
|
using Mono.Cecil;
|
||||||
|
|
||||||
namespace de4dot.deobfuscators.Xenocode {
|
namespace de4dot.code.deobfuscators.Xenocode {
|
||||||
class DeobfuscatorInfo : DeobfuscatorInfoBase {
|
public class DeobfuscatorInfo : DeobfuscatorInfoBase {
|
||||||
public const string THE_NAME = "Xenocode";
|
public const string THE_NAME = "Xenocode";
|
||||||
public const string THE_TYPE = "xc";
|
public const string THE_TYPE = "xc";
|
||||||
const string DEFAULT_REGEX = @"!^[oO01l]{4,}$&!^(get_|set_|add_|remove_|_)?x[a-f0-9]{16,}$&" + DeobfuscatorBase.DEFAULT_VALID_NAME_REGEX;
|
const string DEFAULT_REGEX = @"!^[oO01l]{4,}$&!^(get_|set_|add_|remove_|_)?x[a-f0-9]{16,}$&" + DeobfuscatorBase.DEFAULT_VALID_NAME_REGEX;
|
||||||
|
|
|
@ -21,7 +21,7 @@ using System.Text;
|
||||||
using Mono.Cecil;
|
using Mono.Cecil;
|
||||||
using de4dot.blocks;
|
using de4dot.blocks;
|
||||||
|
|
||||||
namespace de4dot.deobfuscators.Xenocode {
|
namespace de4dot.code.deobfuscators.Xenocode {
|
||||||
class StringDecrypter {
|
class StringDecrypter {
|
||||||
const int STRING_DECRYPTER_KEY_CONST = 1789;
|
const int STRING_DECRYPTER_KEY_CONST = 1789;
|
||||||
ModuleDefinition module;
|
ModuleDefinition module;
|
||||||
|
|
|
@ -22,7 +22,7 @@ using Mono.Cecil;
|
||||||
using Mono.Cecil.Cil;
|
using Mono.Cecil.Cil;
|
||||||
using de4dot.blocks;
|
using de4dot.blocks;
|
||||||
|
|
||||||
namespace de4dot.deobfuscators.dotNET_Reactor {
|
namespace de4dot.code.deobfuscators.dotNET_Reactor {
|
||||||
class AntiStrongName {
|
class AntiStrongName {
|
||||||
TypeDefinition decrypterType;
|
TypeDefinition decrypterType;
|
||||||
MethodDefinition antiStrongNameMethod;
|
MethodDefinition antiStrongNameMethod;
|
||||||
|
|
|
@ -23,7 +23,7 @@ using System.IO;
|
||||||
using Mono.Cecil;
|
using Mono.Cecil;
|
||||||
using de4dot.blocks;
|
using de4dot.blocks;
|
||||||
|
|
||||||
namespace de4dot.deobfuscators.dotNET_Reactor {
|
namespace de4dot.code.deobfuscators.dotNET_Reactor {
|
||||||
class ResourceInfo {
|
class ResourceInfo {
|
||||||
public EmbeddedResource resource;
|
public EmbeddedResource resource;
|
||||||
public string name;
|
public string name;
|
||||||
|
|
|
@ -22,7 +22,7 @@ using Mono.Cecil;
|
||||||
using Mono.Cecil.Cil;
|
using Mono.Cecil.Cil;
|
||||||
using de4dot.blocks;
|
using de4dot.blocks;
|
||||||
|
|
||||||
namespace de4dot.deobfuscators.dotNET_Reactor {
|
namespace de4dot.code.deobfuscators.dotNET_Reactor {
|
||||||
class BoolValueInliner : MethodReturnValueInliner {
|
class BoolValueInliner : MethodReturnValueInliner {
|
||||||
Dictionary<MethodReferenceAndDeclaringTypeKey, Func<MethodDefinition, object[], bool>> boolDecrypters = new Dictionary<MethodReferenceAndDeclaringTypeKey, Func<MethodDefinition, object[], bool>>();
|
Dictionary<MethodReferenceAndDeclaringTypeKey, Func<MethodDefinition, object[], bool>> boolDecrypters = new Dictionary<MethodReferenceAndDeclaringTypeKey, Func<MethodDefinition, object[], bool>>();
|
||||||
|
|
||||||
|
|
|
@ -21,7 +21,7 @@ using System;
|
||||||
using Mono.Cecil;
|
using Mono.Cecil;
|
||||||
using de4dot.blocks;
|
using de4dot.blocks;
|
||||||
|
|
||||||
namespace de4dot.deobfuscators.dotNET_Reactor {
|
namespace de4dot.code.deobfuscators.dotNET_Reactor {
|
||||||
class BooleanDecrypter {
|
class BooleanDecrypter {
|
||||||
ModuleDefinition module;
|
ModuleDefinition module;
|
||||||
EncryptedResource encryptedResource;
|
EncryptedResource encryptedResource;
|
||||||
|
|
|
@ -25,10 +25,10 @@ using Mono.Cecil;
|
||||||
using Mono.Cecil.Cil;
|
using Mono.Cecil.Cil;
|
||||||
using Mono.MyStuff;
|
using Mono.MyStuff;
|
||||||
using de4dot.blocks;
|
using de4dot.blocks;
|
||||||
using de4dot.PE;
|
using de4dot.code.PE;
|
||||||
|
|
||||||
namespace de4dot.deobfuscators.dotNET_Reactor {
|
namespace de4dot.code.deobfuscators.dotNET_Reactor {
|
||||||
class DeobfuscatorInfo : DeobfuscatorInfoBase {
|
public class DeobfuscatorInfo : DeobfuscatorInfoBase {
|
||||||
public const string THE_NAME = ".NET Reactor";
|
public const string THE_NAME = ".NET Reactor";
|
||||||
public const string THE_TYPE = "dr";
|
public const string THE_TYPE = "dr";
|
||||||
const string DEFAULT_REGEX = DeobfuscatorBase.DEFAULT_VALID_NAME_REGEX;
|
const string DEFAULT_REGEX = DeobfuscatorBase.DEFAULT_VALID_NAME_REGEX;
|
||||||
|
|
|
@ -20,7 +20,7 @@
|
||||||
using Mono.Cecil;
|
using Mono.Cecil;
|
||||||
using de4dot.blocks;
|
using de4dot.blocks;
|
||||||
|
|
||||||
namespace de4dot.deobfuscators.dotNET_Reactor {
|
namespace de4dot.code.deobfuscators.dotNET_Reactor {
|
||||||
// Detect some empty class that is called from most .ctor's
|
// Detect some empty class that is called from most .ctor's
|
||||||
class EmptyClass {
|
class EmptyClass {
|
||||||
ModuleDefinition module;
|
ModuleDefinition module;
|
||||||
|
|
|
@ -25,7 +25,7 @@ using Mono.Cecil;
|
||||||
using Mono.Cecil.Cil;
|
using Mono.Cecil.Cil;
|
||||||
using de4dot.blocks;
|
using de4dot.blocks;
|
||||||
|
|
||||||
namespace de4dot.deobfuscators.dotNET_Reactor {
|
namespace de4dot.code.deobfuscators.dotNET_Reactor {
|
||||||
class EncryptedResource {
|
class EncryptedResource {
|
||||||
ModuleDefinition module;
|
ModuleDefinition module;
|
||||||
MethodDefinition resourceDecrypterMethod;
|
MethodDefinition resourceDecrypterMethod;
|
||||||
|
|
|
@ -21,7 +21,7 @@ using Mono.Cecil;
|
||||||
using Mono.Cecil.Cil;
|
using Mono.Cecil.Cil;
|
||||||
using de4dot.blocks;
|
using de4dot.blocks;
|
||||||
|
|
||||||
namespace de4dot.deobfuscators.dotNET_Reactor {
|
namespace de4dot.code.deobfuscators.dotNET_Reactor {
|
||||||
// Find the class that returns a RuntimeTypeHandle/RuntimeFieldHandle. The value passed to
|
// Find the class that returns a RuntimeTypeHandle/RuntimeFieldHandle. The value passed to
|
||||||
// its methods is the original metadata token, which will be different when we save the file.
|
// its methods is the original metadata token, which will be different when we save the file.
|
||||||
class MetadataTokenObfuscator {
|
class MetadataTokenObfuscator {
|
||||||
|
|
|
@ -24,9 +24,9 @@ using Mono.Cecil;
|
||||||
using Mono.Cecil.Cil;
|
using Mono.Cecil.Cil;
|
||||||
using Mono.MyStuff;
|
using Mono.MyStuff;
|
||||||
using de4dot.blocks;
|
using de4dot.blocks;
|
||||||
using de4dot.PE;
|
using de4dot.code.PE;
|
||||||
|
|
||||||
namespace de4dot.deobfuscators.dotNET_Reactor {
|
namespace de4dot.code.deobfuscators.dotNET_Reactor {
|
||||||
class MethodsDecrypter {
|
class MethodsDecrypter {
|
||||||
ModuleDefinition module;
|
ModuleDefinition module;
|
||||||
EncryptedResource encryptedResource;
|
EncryptedResource encryptedResource;
|
||||||
|
|
|
@ -19,7 +19,7 @@
|
||||||
|
|
||||||
using System;
|
using System;
|
||||||
|
|
||||||
namespace de4dot.deobfuscators.dotNET_Reactor {
|
namespace de4dot.code.deobfuscators.dotNET_Reactor {
|
||||||
class NativeFileDecrypter {
|
class NativeFileDecrypter {
|
||||||
byte[] key;
|
byte[] key;
|
||||||
byte kb = 0;
|
byte kb = 0;
|
||||||
|
|
|
@ -20,9 +20,9 @@
|
||||||
using System;
|
using System;
|
||||||
using System.IO;
|
using System.IO;
|
||||||
using ICSharpCode.SharpZipLib.Zip.Compression;
|
using ICSharpCode.SharpZipLib.Zip.Compression;
|
||||||
using de4dot.PE;
|
using de4dot.code.PE;
|
||||||
|
|
||||||
namespace de4dot.deobfuscators.dotNET_Reactor {
|
namespace de4dot.code.deobfuscators.dotNET_Reactor {
|
||||||
class NativeImageUnpacker {
|
class NativeImageUnpacker {
|
||||||
PeImage peImage;
|
PeImage peImage;
|
||||||
bool isNet1x;
|
bool isNet1x;
|
||||||
|
|
|
@ -11,7 +11,7 @@
|
||||||
|
|
||||||
using System;
|
using System;
|
||||||
|
|
||||||
namespace de4dot.deobfuscators.dotNET_Reactor {
|
namespace de4dot.code.deobfuscators.dotNET_Reactor {
|
||||||
static class QuickLZ {
|
static class QuickLZ {
|
||||||
static uint read32(byte[] data, int index) {
|
static uint read32(byte[] data, int index) {
|
||||||
return BitConverter.ToUInt32(data, index);
|
return BitConverter.ToUInt32(data, index);
|
||||||
|
|
Some files were not shown because too many files have changed in this diff Show More
Loading…
Reference in New Issue
Block a user