Merge branch 'master' into confuser

AssemblyData/Properties/AssemblyInfo.cs

@@ -29,5 +29,5 @@ using System.Runtime.InteropServices;
 [assembly: AssemblyTrademark("")]
 [assembly: AssemblyCulture("")]
 [assembly: ComVisible(false)]
-[assembly: AssemblyVersion("2.0.3.3405")]
-[assembly: AssemblyFileVersion("2.0.3.3405")]
+[assembly: AssemblyVersion("3.0.2.3405")]
+[assembly: AssemblyFileVersion("3.0.2.3405")]

AssemblyServer-CLR20-x64/Properties/AssemblyInfo.cs

@@ -29,5 +29,5 @@ using System.Runtime.InteropServices;
 [assembly: AssemblyTrademark("")]
 [assembly: AssemblyCulture("")]
 [assembly: ComVisible(false)]
-[assembly: AssemblyVersion("2.0.3.3405")]
-[assembly: AssemblyFileVersion("2.0.3.3405")]
+[assembly: AssemblyVersion("3.0.2.3405")]
+[assembly: AssemblyFileVersion("3.0.2.3405")]

AssemblyServer-CLR20/Properties/AssemblyInfo.cs

@@ -29,5 +29,5 @@ using System.Runtime.InteropServices;
 [assembly: AssemblyTrademark("")]
 [assembly: AssemblyCulture("")]
 [assembly: ComVisible(false)]
-[assembly: AssemblyVersion("2.0.3.3405")]
-[assembly: AssemblyFileVersion("2.0.3.3405")]
+[assembly: AssemblyVersion("3.0.2.3405")]
+[assembly: AssemblyFileVersion("3.0.2.3405")]

AssemblyServer-CLR40-x64/Properties/AssemblyInfo.cs

@@ -29,5 +29,5 @@ using System.Runtime.InteropServices;
 [assembly: AssemblyTrademark("")]
 [assembly: AssemblyCulture("")]
 [assembly: ComVisible(false)]
-[assembly: AssemblyVersion("2.0.3.3405")]
-[assembly: AssemblyFileVersion("2.0.3.3405")]
+[assembly: AssemblyVersion("3.0.2.3405")]
+[assembly: AssemblyFileVersion("3.0.2.3405")]

AssemblyServer-CLR40/Properties/AssemblyInfo.cs

@@ -29,5 +29,5 @@ using System.Runtime.InteropServices;
 [assembly: AssemblyTrademark("")]
 [assembly: AssemblyCulture("")]
 [assembly: ComVisible(false)]
-[assembly: AssemblyVersion("2.0.3.3405")]
-[assembly: AssemblyFileVersion("2.0.3.3405")]
+[assembly: AssemblyVersion("3.0.2.3405")]
+[assembly: AssemblyFileVersion("3.0.2.3405")]

AssemblyServer-x64/Properties/AssemblyInfo.cs

@@ -29,5 +29,5 @@ using System.Runtime.InteropServices;
 [assembly: AssemblyTrademark("")]
 [assembly: AssemblyCulture("")]
 [assembly: ComVisible(false)]
-[assembly: AssemblyVersion("2.0.3.3405")]
-[assembly: AssemblyFileVersion("2.0.3.3405")]
+[assembly: AssemblyVersion("3.0.2.3405")]
+[assembly: AssemblyFileVersion("3.0.2.3405")]

AssemblyServer/Properties/AssemblyInfo.cs

@@ -29,5 +29,5 @@ using System.Runtime.InteropServices;
 [assembly: AssemblyTrademark("")]
 [assembly: AssemblyCulture("")]
 [assembly: ComVisible(false)]
-[assembly: AssemblyVersion("2.0.3.3405")]
-[assembly: AssemblyFileVersion("2.0.3.3405")]
+[assembly: AssemblyVersion("3.0.2.3405")]
+[assembly: AssemblyFileVersion("3.0.2.3405")]

README.md

@@ -26,7 +26,6 @@ Here's a pseudo random list of the things it will do depending on what obfuscato
 * Fixes some peverify errors. Many of the obfuscators are buggy and create unverifiable code by mistake.
 * Restore the types of method parameters and fields
 
-
 Supported obfuscators/packers
 =============================
 
@@ -52,6 +51,13 @@ Supported obfuscators/packers
 
 Some of the above obfuscators are rarely used (eg. Goliath.NET), so they have had much less testing. Help me out by reporting bugs or problems you find.
 
+Warning
+=======
+
+Sometimes the obfuscated assembly and all its dependencies are loaded into memory for execution. Use a safe sandbox environment if you suspect the assembly or assemblies to be malware.
+
+Even if the current version of de4dot doesn't load a certain assembly into memory for execution, a future version might.
+
 How to use de4dot
 =================
 
@@ -166,13 +172,13 @@ The default regexes should be enough, except possibly the one that is used when
 
 Eg., currently the following is the default regex used when Dotfuscator is detected
 
-    !^[a-z][a-z0-9]{0,2}$&!^A_[0-9]+$&^[a-zA-Z_<{$][a-zA-Z_0-9<>{}$.`-]*$
+    !^[a-z][a-z0-9]{0,2}$&!^A_[0-9]+$&^[\u2E80-\u9FFFa-zA-Z_<{$][\u2E80-\u9FFFa-zA-Z_0-9<>{}$.`-]*$
 
-As you can see, it's not just one regex, it's more than one. Each is separated by `&` and each regex can be negated by using `!` in front of it. To show it more clearly, these regexes are used:
+As you can see, it's not just one regex, it's more than one. Each one is separated by `&` and each regex can be negated by using `!` in front of it. To show it more clearly, these regexes are used:
 
     (negated) ^[a-z][a-z0-9]{0,2}$
     (negated) ^A_[0-9]+$
-    ^[a-zA-Z_<{$][a-zA-Z_0-9<>{}$.`-]*$
+    ^[\u2E80-\u9FFFa-zA-Z_<{$][\u2E80-\u9FFFa-zA-Z_0-9<>{}$.`-]*$
 
 To change the regex(es), you must know the short type name of the obfuscator (see help screen). Eg. it's `sa` if it's SmartAssembly, and `un` if it's an unsupported/unknown obfuscator. The option to use is `--TYPE-name` (eg. `--sa-name` for SmartAssembly and `--un-name` for unknown/unsupported obfuscators):
 
@@ -182,78 +188,3 @@ Other options
 -------------
 
 Start `de4dot` without any arguments and it will show all options.
-
-Tiny FAQ
-========
-
-Is this a cracker only tool?
-----------------------------
-
-Of course. Not. Here's some legitimate uses of this software:
-
-* Malware analysis
-
-Many malware try to protect against analysis. They think obfuscating the code makes it hard. Mistake no. 1 was to use .NET.
-
-* Speed up a program / use less memory
-
-Unless only symbol renaming was used, the obfuscated assembly is usually slower and requires more memory at runtime compared to the original assembly. By unpacking and deobfuscating it, the program's memory usage and speed will be almost identical to the original program.
-
-* Make the assembly compatible with mono
-
-Most obfuscators don't support mono, even if the original assembly does. By unpacking and deobfuscating it, mono support will be restored.
-
-* You lost your source code and only have the obfuscated .NET assemblies
-
-By unpacking and deobfuscating your assemblies, you can then use any .NET decompiler (eg. the open source ILSpy) to get back your source code.
-
-* Obfuscator created unverifiable code but code must be verifiable
-
-Some of the obfuscators are buggy and create unverifiable code due to bugs in the software. Some of these errors are fixed by de4dot.
-
-
-I've "protected" my app with some obfuscator but I just found out about de4dot. Is .NET obfuscation useless?
-------------------------------------------------------------------------------------------------------------
-
-Yes. It's simply way too easy to restore most of these "protections".
-
-
-What do you think of these obfuscators? They're good, right?
-------------------------------------------------------------
-
-:D
-
-Speaking from experience with a lot of obfuscators, I can say that their protection is really weak. You see the same weak "protection" in pretty much every obfuscator. Copying ideas from other obfuscators seems to be their best skill.
-
-99% of the people working for these companies have absolutely no experience in reverse engineering. If you have no experience in what is a good or a bad protection, it's very unlikely that you're able to write a good protection.
-
-To show you an example, most obfuscators can encrypt all the strings in your assemblies. What they fail to tell you is that it's child's play to decrypt the strings. Here's an example from SecureTeam's Agile.NET (aka CliSecure). de4dot's Agile.NET string decrypter code is only 85 lines long, and that includes the GPLv3 comment at the top of the file and the code that detects the string decrypter in the assembly!
-
-The actual string decrypter code is 4 lines long, and it's a simple XOR loop! When Agile.NET (aka CliSecure) encrypts your strings, it replaces the original strings with an XOR'd copy, and adds a call to their string decrypter. This decrypter merely XOR's every character and returns the decrypted string. Here's the string decrypter code de4dot uses:
-
-    :::C#
-    public string decrypt(string es) {
-    	char[] buf = new char[es.Length];
-    	for (int i = 0; i < es.Length; i++)
-    		buf[i] = (char)(es[i] ^ stringDecrypterKey[i % stringDecrypterKey.Length]);
-    	return new string(buf);
-    }
-
-Your code might look like this:
-
-    :::C#
-    string myString = "Hello World";
-
-and the obfuscator (eg. Agile.NET / CliSecure) will replace that with something similar to this:
-
-    :::C#
-    string myString = DecryptClass.decrypt("AoF41Fk5422");
-
-Yes, Agile.NET's string encryption feature really is this bad! I bet you that none of their customers knows about this. And SecureTeam sure wants to keep it that way. :)
-
-Even though most of the other obfuscators' string encryption feature isn't as bad as Agile.NET's string encryption, they still have one thing in common: it's very easy to decrypt the strings again.
-
-I must use .NET so what's the best protection?
-----------------------------------------------
-
-If you don't count "don't distribute it" as a solution, the best obfuscator feature is symbol renaming. It's impossible to restore the symbols unless they're part of the assembly. All of the other "protections" are 100% reversible.

Test.Rename.Dll/Properties/AssemblyInfo.cs

@@ -29,5 +29,5 @@ using System.Runtime.InteropServices;
 [assembly: AssemblyTrademark("")]
 [assembly: AssemblyCulture("")]
 [assembly: ComVisible(false)]
-[assembly: AssemblyVersion("2.0.3.3405")]
-[assembly: AssemblyFileVersion("2.0.3.3405")]
+[assembly: AssemblyVersion("3.0.2.3405")]
+[assembly: AssemblyFileVersion("3.0.2.3405")]

Test.Rename/Properties/AssemblyInfo.cs

@@ -29,5 +29,5 @@ using System.Runtime.InteropServices;
 [assembly: AssemblyTrademark("")]
 [assembly: AssemblyCulture("")]
 [assembly: ComVisible(false)]
-[assembly: AssemblyVersion("2.0.3.3405")]
-[assembly: AssemblyFileVersion("2.0.3.3405")]
+[assembly: AssemblyVersion("3.0.2.3405")]
+[assembly: AssemblyFileVersion("3.0.2.3405")]

de4dot-x64/Properties/AssemblyInfo.cs

@@ -29,5 +29,5 @@ using System.Runtime.InteropServices;
 [assembly: AssemblyTrademark("")]
 [assembly: AssemblyCulture("")]
 [assembly: ComVisible(false)]
-[assembly: AssemblyVersion("2.0.3.3405")]
-[assembly: AssemblyFileVersion("2.0.3.3405")]
+[assembly: AssemblyVersion("3.0.2.3405")]
+[assembly: AssemblyFileVersion("3.0.2.3405")]

de4dot.blocks/Properties/AssemblyInfo.cs

@@ -29,5 +29,5 @@ using System.Runtime.InteropServices;
 [assembly: AssemblyTrademark("")]
 [assembly: AssemblyCulture("")]
 [assembly: ComVisible(false)]
-[assembly: AssemblyVersion("2.0.3.3405")]
-[assembly: AssemblyFileVersion("2.0.3.3405")]
+[assembly: AssemblyVersion("3.0.2.3405")]
+[assembly: AssemblyFileVersion("3.0.2.3405")]

de4dot.code/NameRegexes.cs

@@ -55,6 +55,10 @@ namespace de4dot.code {
 		public bool DefaultValue { get; set; }
 		public const char regexSeparatorChar = '&';
 
+		public IList<NameRegex> Regexes {
+			get { return regexes; }
+		}
+
 		public NameRegexes()
 			: this("") {
 		}

de4dot.code/Option.cs

@@ -91,7 +91,7 @@ namespace de4dot.code {
 			return true;
 		}
 
-		public bool get() {
+		public bool Get() {
 			return val;
 		}
 	}
@@ -118,7 +118,7 @@ namespace de4dot.code {
 			return true;
 		}
 
-		public int get() {
+		public int Get() {
 			return val;
 		}
 	}
@@ -141,7 +141,7 @@ namespace de4dot.code {
 			return true;
 		}
 
-		public string get() {
+		public string Get() {
 			return val;
 		}
 	}
@@ -172,7 +172,7 @@ namespace de4dot.code {
 			return true;
 		}
 
-		public NameRegexes get() {
+		public NameRegexes Get() {
 			return val;
 		}
 	}
@@ -201,7 +201,7 @@ namespace de4dot.code {
 			return true;
 		}
 
-		public Regex get() {
+		public Regex Get() {
 			return val;
 		}
 	}
@@ -231,7 +231,7 @@ namespace de4dot.code {
 			return true;
 		}
 
-		public bool get() {
+		public bool Get() {
 			return triggered;
 		}
 	}

de4dot.code/Properties/AssemblyInfo.cs

@@ -29,5 +29,5 @@ using System.Runtime.InteropServices;
 [assembly: AssemblyTrademark("")]
 [assembly: AssemblyCulture("")]
 [assembly: ComVisible(false)]
-[assembly: AssemblyVersion("2.0.3.3405")]
-[assembly: AssemblyFileVersion("2.0.3.3405")]
+[assembly: AssemblyVersion("3.0.2.3405")]
+[assembly: AssemblyFileVersion("3.0.2.3405")]

de4dot.code/deobfuscators/Agile_NET/Deobfuscator.cs

@@ -28,7 +28,7 @@ namespace de4dot.code.deobfuscators.Agile_NET {
 	public class DeobfuscatorInfo : DeobfuscatorInfoBase {
 		public const string THE_NAME = "Agile.NET";
 		public const string THE_TYPE = "an";
-		const string DEFAULT_REGEX = @"[a-zA-Z_0-9>}$]$";
+		const string DEFAULT_REGEX = DeobfuscatorBase.DEFAULT_ASIAN_VALID_NAME_REGEX;
 		BoolOption decryptMethods;
 		BoolOption decryptResources;
 		BoolOption removeStackFrameHelper;
@@ -54,12 +54,12 @@ namespace de4dot.code.deobfuscators.Agile_NET {
 
 		public override IDeobfuscator CreateDeobfuscator() {
 			return new Deobfuscator(new Deobfuscator.Options {
-				ValidNameRegex = validNameRegex.get(),
-				DecryptMethods = decryptMethods.get(),
-				DecryptResources = decryptResources.get(),
-				RemoveStackFrameHelper = removeStackFrameHelper.get(),
-				RestoreVmCode = restoreVmCode.get(),
-				SetInitLocals = setInitLocals.get(),
+				ValidNameRegex = validNameRegex.Get(),
+				DecryptMethods = decryptMethods.Get(),
+				DecryptResources = decryptResources.Get(),
+				RemoveStackFrameHelper = removeStackFrameHelper.Get(),
+				RestoreVmCode = restoreVmCode.Get(),
+				SetInitLocals = setInitLocals.Get(),
 			});
 		}
 

de4dot.code/deobfuscators/Babel_NET/Deobfuscator.cs

@@ -27,6 +27,7 @@ namespace de4dot.code.deobfuscators.Babel_NET {
 	public class DeobfuscatorInfo : DeobfuscatorInfoBase {
 		public const string THE_NAME = "Babel .NET";
 		public const string THE_TYPE = "bl";
+		const string DEFAULT_REGEX = DeobfuscatorBase.DEFAULT_ASIAN_VALID_NAME_REGEX;
 		BoolOption inlineMethods;
 		BoolOption removeInlinedMethods;
 		BoolOption decryptMethods;
@@ -35,7 +36,7 @@ namespace de4dot.code.deobfuscators.Babel_NET {
 		BoolOption dumpEmbeddedAssemblies;
 
 		public DeobfuscatorInfo()
-			: base() {
+			: base(DEFAULT_REGEX) {
 			inlineMethods = new BoolOption(null, MakeArgName("inline"), "Inline short methods", true);
 			removeInlinedMethods = new BoolOption(null, MakeArgName("remove-inlined"), "Remove inlined methods", true);
 			decryptMethods = new BoolOption(null, MakeArgName("methods"), "Decrypt methods", true);
@@ -54,13 +55,13 @@ namespace de4dot.code.deobfuscators.Babel_NET {
 
 		public override IDeobfuscator CreateDeobfuscator() {
 			return new Deobfuscator(new Deobfuscator.Options {
-				ValidNameRegex = validNameRegex.get(),
-				InlineMethods = inlineMethods.get(),
-				RemoveInlinedMethods = removeInlinedMethods.get(),
-				DecryptMethods = decryptMethods.get(),
-				DecryptResources = decryptResources.get(),
-				DecryptConstants = decryptConstants.get(),
-				DumpEmbeddedAssemblies = dumpEmbeddedAssemblies.get(),
+				ValidNameRegex = validNameRegex.Get(),
+				InlineMethods = inlineMethods.Get(),
+				RemoveInlinedMethods = removeInlinedMethods.Get(),
+				DecryptMethods = decryptMethods.Get(),
+				DecryptResources = decryptResources.Get(),
+				DecryptConstants = decryptConstants.Get(),
+				DumpEmbeddedAssemblies = dumpEmbeddedAssemblies.Get(),
 			});
 		}
 

de4dot.code/deobfuscators/CodeFort/Deobfuscator.cs

@@ -26,7 +26,7 @@ namespace de4dot.code.deobfuscators.CodeFort {
 	public class DeobfuscatorInfo : DeobfuscatorInfoBase {
 		public const string THE_NAME = "CodeFort";
 		public const string THE_TYPE = "cf";
-		const string DEFAULT_REGEX = @"!^[a-zA-Z]{1,3}$&!^[_<>{}$.`-]$&" + DeobfuscatorBase.DEFAULT_VALID_NAME_REGEX;
+		const string DEFAULT_REGEX = @"!^[a-zA-Z]{1,3}$&!^[_<>{}$.`-]$&" + DeobfuscatorBase.DEFAULT_ASIAN_VALID_NAME_REGEX;
 		BoolOption dumpEmbeddedAssemblies;
 
 		public DeobfuscatorInfo()
@@ -44,8 +44,8 @@ namespace de4dot.code.deobfuscators.CodeFort {
 
 		public override IDeobfuscator CreateDeobfuscator() {
 			return new Deobfuscator(new Deobfuscator.Options {
-				ValidNameRegex = validNameRegex.get(),
-				DumpEmbeddedAssemblies = dumpEmbeddedAssemblies.get(),
+				ValidNameRegex = validNameRegex.Get(),
+				DumpEmbeddedAssemblies = dumpEmbeddedAssemblies.Get(),
 			});
 		}
 

de4dot.code/deobfuscators/CodeVeil/Deobfuscator.cs

@@ -26,7 +26,7 @@ namespace de4dot.code.deobfuscators.CodeVeil {
 	public class DeobfuscatorInfo : DeobfuscatorInfoBase {
 		public const string THE_NAME = "CodeVeil";
 		public const string THE_TYPE = "cv";
-		const string DEFAULT_REGEX = @"!^[A-Za-z]{1,2}$&" + DeobfuscatorBase.DEFAULT_VALID_NAME_REGEX;
+		const string DEFAULT_REGEX = @"!^[A-Za-z]{1,2}$&" + DeobfuscatorBase.DEFAULT_ASIAN_VALID_NAME_REGEX;
 
 		public DeobfuscatorInfo()
 			: base(DEFAULT_REGEX) {
@@ -42,7 +42,7 @@ namespace de4dot.code.deobfuscators.CodeVeil {
 
 		public override IDeobfuscator CreateDeobfuscator() {
 			return new Deobfuscator(new Deobfuscator.Options {
-				ValidNameRegex = validNameRegex.get(),
+				ValidNameRegex = validNameRegex.Get(),
 			});
 		}
 

de4dot.code/deobfuscators/CodeWall/Deobfuscator.cs

@@ -26,7 +26,7 @@ namespace de4dot.code.deobfuscators.CodeWall {
 	public class DeobfuscatorInfo : DeobfuscatorInfoBase {
 		public const string THE_NAME = "CodeWall";
 		public const string THE_TYPE = "cw";
-		const string DEFAULT_REGEX = @"!^[0-9A-F]{32}$&!^[_<>{}$.`-]$&" + DeobfuscatorBase.DEFAULT_VALID_NAME_REGEX;
+		const string DEFAULT_REGEX = @"!^[0-9A-F]{32}$&!^[_<>{}$.`-]$&" + DeobfuscatorBase.DEFAULT_ASIAN_VALID_NAME_REGEX;
 		BoolOption dumpEmbeddedAssemblies;
 		BoolOption decryptMainAsm;
 
@@ -46,9 +46,9 @@ namespace de4dot.code.deobfuscators.CodeWall {
 
 		public override IDeobfuscator CreateDeobfuscator() {
 			return new Deobfuscator(new Deobfuscator.Options {
-				ValidNameRegex = validNameRegex.get(),
-				DumpEmbeddedAssemblies = dumpEmbeddedAssemblies.get(),
-				DecryptMainAsm = decryptMainAsm.get(),
+				ValidNameRegex = validNameRegex.Get(),
+				DumpEmbeddedAssemblies = dumpEmbeddedAssemblies.Get(),
+				DecryptMainAsm = decryptMainAsm.Get(),
 			});
 		}
 

de4dot.code/deobfuscators/CryptoObfuscator/Deobfuscator.cs

@@ -28,7 +28,7 @@ namespace de4dot.code.deobfuscators.CryptoObfuscator {
 	public class DeobfuscatorInfo : DeobfuscatorInfoBase {
 		public const string THE_NAME = "Crypto Obfuscator";
 		public const string THE_TYPE = "co";
-		const string DEFAULT_REGEX = @"!^(get_|set_|add_|remove_)?[A-Z]{1,3}(?:`\d+)?$&!^(get_|set_|add_|remove_)?c[0-9a-f]{32}(?:`\d+)?$&" + DeobfuscatorBase.DEFAULT_VALID_NAME_REGEX;
+		const string DEFAULT_REGEX = @"!^(get_|set_|add_|remove_)?[A-Z]{1,3}(?:`\d+)?$&!^(get_|set_|add_|remove_)?c[0-9a-f]{32}(?:`\d+)?$&" + DeobfuscatorBase.DEFAULT_ASIAN_VALID_NAME_REGEX;
 		BoolOption removeTamperProtection;
 		BoolOption decryptConstants;
 		BoolOption inlineMethods;
@@ -52,11 +52,11 @@ namespace de4dot.code.deobfuscators.CryptoObfuscator {
 
 		public override IDeobfuscator CreateDeobfuscator() {
 			return new Deobfuscator(new Deobfuscator.Options {
-				ValidNameRegex = validNameRegex.get(),
-				RemoveTamperProtection = removeTamperProtection.get(),
-				DecryptConstants = decryptConstants.get(),
-				InlineMethods = inlineMethods.get(),
-				FixLdnull = fixLdnull.get(),
+				ValidNameRegex = validNameRegex.Get(),
+				RemoveTamperProtection = removeTamperProtection.Get(),
+				DecryptConstants = decryptConstants.Get(),
+				InlineMethods = inlineMethods.Get(),
+				FixLdnull = fixLdnull.Get(),
 			});
 		}
 

de4dot.code/deobfuscators/DeepSea/Deobfuscator.cs

@@ -26,6 +26,7 @@ namespace de4dot.code.deobfuscators.DeepSea {
 	public class DeobfuscatorInfo : DeobfuscatorInfoBase {
 		public const string THE_NAME = "DeepSea";
 		public const string THE_TYPE = "ds";
+		const string DEFAULT_REGEX = DeobfuscatorBase.DEFAULT_ASIAN_VALID_NAME_REGEX;
 		BoolOption inlineMethods;
 		BoolOption removeInlinedMethods;
 		BoolOption decryptResources;
@@ -35,7 +36,7 @@ namespace de4dot.code.deobfuscators.DeepSea {
 		BoolOption castDeobfuscation;
 
 		public DeobfuscatorInfo()
-			: base() {
+			: base(DEFAULT_REGEX) {
 			inlineMethods = new BoolOption(null, MakeArgName("inline"), "Inline short methods", true);
 			removeInlinedMethods = new BoolOption(null, MakeArgName("remove-inlined"), "Remove inlined methods", true);
 			decryptResources = new BoolOption(null, MakeArgName("rsrc"), "Decrypt resources", true);
@@ -55,14 +56,14 @@ namespace de4dot.code.deobfuscators.DeepSea {
 
 		public override IDeobfuscator CreateDeobfuscator() {
 			return new Deobfuscator(new Deobfuscator.Options {
-				ValidNameRegex = validNameRegex.get(),
-				InlineMethods = inlineMethods.get(),
-				RemoveInlinedMethods = removeInlinedMethods.get(),
-				DecryptResources = decryptResources.get(),
-				DumpEmbeddedAssemblies = dumpEmbeddedAssemblies.get(),
-				RestoreFields = restoreFields.get(),
-				RenameResourceKeys = renameResourceKeys.get(),
-				CastDeobfuscation = castDeobfuscation.get(),
+				ValidNameRegex = validNameRegex.Get(),
+				InlineMethods = inlineMethods.Get(),
+				RemoveInlinedMethods = removeInlinedMethods.Get(),
+				DecryptResources = decryptResources.Get(),
+				DumpEmbeddedAssemblies = dumpEmbeddedAssemblies.Get(),
+				RestoreFields = restoreFields.Get(),
+				RenameResourceKeys = renameResourceKeys.Get(),
+				CastDeobfuscation = castDeobfuscation.Get(),
 			});
 		}
 

de4dot.code/deobfuscators/DeobfuscatorBase.cs

@@ -29,6 +29,7 @@ using de4dot.blocks.cflow;
 namespace de4dot.code.deobfuscators {
 	abstract class DeobfuscatorBase : IDeobfuscator, IModuleWriterListener {
 		public const string DEFAULT_VALID_NAME_REGEX = @"^[a-zA-Z_<{$][a-zA-Z_0-9<>{}$.`-]*$";
+		public const string DEFAULT_ASIAN_VALID_NAME_REGEX = @"^[\u2E80-\u9FFFa-zA-Z_<{$][\u2E80-\u9FFFa-zA-Z_0-9<>{}$.`-]*$";
 
 		class RemoveInfo<T> {
 			public T obj;

de4dot.code/deobfuscators/DeobfuscatorInfoBase.cs

@@ -23,10 +23,6 @@ namespace de4dot.code.deobfuscators {
 	public abstract class DeobfuscatorInfoBase : IDeobfuscatorInfo {
 		protected NameRegexOption validNameRegex;
 
-		public DeobfuscatorInfoBase()
-			: this(null) {
-		}
-
 		public DeobfuscatorInfoBase(string nameRegex) {
 			validNameRegex = new NameRegexOption(null, MakeArgName("name"), "Valid name regex pattern", nameRegex ?? DeobfuscatorBase.DEFAULT_VALID_NAME_REGEX);
 		}

de4dot.code/deobfuscators/Dotfuscator/Deobfuscator.cs

@@ -25,7 +25,7 @@ namespace de4dot.code.deobfuscators.Dotfuscator {
 	public class DeobfuscatorInfo : DeobfuscatorInfoBase {
 		public const string THE_NAME = "Dotfuscator";
 		public const string THE_TYPE = "df";
-		const string DEFAULT_REGEX = @"!^[a-z][a-z0-9]{0,2}$&!^A_[0-9]+$&" + DeobfuscatorBase.DEFAULT_VALID_NAME_REGEX;
+		const string DEFAULT_REGEX = @"!^[a-z][a-z0-9]{0,2}$&!^A_[0-9]+$&" + DeobfuscatorBase.DEFAULT_ASIAN_VALID_NAME_REGEX;
 		public DeobfuscatorInfo()
 			: base(DEFAULT_REGEX) {
 		}
@@ -41,7 +41,7 @@ namespace de4dot.code.deobfuscators.Dotfuscator {
 		public override IDeobfuscator CreateDeobfuscator() {
 			return new Deobfuscator(new Deobfuscator.Options {
 				RenameResourcesInCode = false,
-				ValidNameRegex = validNameRegex.get(),
+				ValidNameRegex = validNameRegex.Get(),
 			});
 		}
 	}

de4dot.code/deobfuscators/Eazfuscator_NET/Deobfuscator.cs

@@ -28,7 +28,7 @@ namespace de4dot.code.deobfuscators.Eazfuscator_NET {
 	public class DeobfuscatorInfo : DeobfuscatorInfoBase {
 		public const string THE_NAME = "Eazfuscator.NET";
 		public const string THE_TYPE = "ef";
-		const string DEFAULT_REGEX = @"!^#=&!^dje_.+_ejd$&" + DeobfuscatorBase.DEFAULT_VALID_NAME_REGEX;
+		const string DEFAULT_REGEX = @"!^#=&!^dje_.+_ejd$&" + DeobfuscatorBase.DEFAULT_ASIAN_VALID_NAME_REGEX;
 		public DeobfuscatorInfo()
 			: base(DEFAULT_REGEX) {
 		}
@@ -43,7 +43,7 @@ namespace de4dot.code.deobfuscators.Eazfuscator_NET {
 
 		public override IDeobfuscator CreateDeobfuscator() {
 			return new Deobfuscator(new Deobfuscator.Options {
-				ValidNameRegex = validNameRegex.get(),
+				ValidNameRegex = validNameRegex.Get(),
 			});
 		}
 	}

de4dot.code/deobfuscators/Goliath_NET/Deobfuscator.cs

@@ -25,7 +25,7 @@ namespace de4dot.code.deobfuscators.Goliath_NET {
 	public class DeobfuscatorInfo : DeobfuscatorInfoBase {
 		public const string THE_NAME = "Goliath.NET";
 		public const string THE_TYPE = "go";
-		const string DEFAULT_REGEX = @"!^[A-Za-z]{1,2}(?:`\d+)?$&" + DeobfuscatorBase.DEFAULT_VALID_NAME_REGEX;
+		const string DEFAULT_REGEX = @"!^[A-Za-z]{1,2}(?:`\d+)?$&" + DeobfuscatorBase.DEFAULT_ASIAN_VALID_NAME_REGEX;
 		BoolOption inlineMethods;
 		BoolOption removeInlinedMethods;
 		BoolOption restoreLocals;
@@ -54,13 +54,13 @@ namespace de4dot.code.deobfuscators.Goliath_NET {
 		public override IDeobfuscator CreateDeobfuscator() {
 			return new Deobfuscator(new Deobfuscator.Options {
 				RenameResourcesInCode = false,
-				ValidNameRegex = validNameRegex.get(),
-				InlineMethods = inlineMethods.get(),
-				RemoveInlinedMethods = removeInlinedMethods.get(),
-				RestoreLocals = restoreLocals.get(),
-				DecryptIntegers = decryptIntegers.get(),
-				DecryptArrays = decryptArrays.get(),
-				RemoveAntiStrongName = removeAntiStrongName.get(),
+				ValidNameRegex = validNameRegex.Get(),
+				InlineMethods = inlineMethods.Get(),
+				RemoveInlinedMethods = removeInlinedMethods.Get(),
+				RestoreLocals = restoreLocals.Get(),
+				DecryptIntegers = decryptIntegers.Get(),
+				DecryptArrays = decryptArrays.Get(),
+				RemoveAntiStrongName = removeAntiStrongName.Get(),
 			});
 		}
 

de4dot.code/deobfuscators/ILProtector/Deobfuscator.cs

@@ -26,9 +26,10 @@ namespace de4dot.code.deobfuscators.ILProtector {
 	public class DeobfuscatorInfo : DeobfuscatorInfoBase {
 		public const string THE_NAME = "ILProtector";
 		public const string THE_TYPE = "il";
+		const string DEFAULT_REGEX = DeobfuscatorBase.DEFAULT_ASIAN_VALID_NAME_REGEX;
 
 		public DeobfuscatorInfo()
-			: base() {
+			: base(DEFAULT_REGEX) {
 		}
 
 		public override string Name {
@@ -41,7 +42,7 @@ namespace de4dot.code.deobfuscators.ILProtector {
 
 		public override IDeobfuscator CreateDeobfuscator() {
 			return new Deobfuscator(new Deobfuscator.Options {
-				ValidNameRegex = validNameRegex.get(),
+				ValidNameRegex = validNameRegex.Get(),
 			});
 		}
 

de4dot.code/deobfuscators/MPRESS/Deobfuscator.cs

@@ -29,8 +29,10 @@ namespace de4dot.code.deobfuscators.MPRESS {
 	public class DeobfuscatorInfo : DeobfuscatorInfoBase {
 		public const string THE_NAME = "MPRESS";
 		public const string THE_TYPE = "mp";
+		const string DEFAULT_REGEX = DeobfuscatorBase.DEFAULT_ASIAN_VALID_NAME_REGEX;
+
 		public DeobfuscatorInfo()
-			: base() {
+			: base(DEFAULT_REGEX) {
 		}
 
 		public override string Name {
@@ -43,7 +45,7 @@ namespace de4dot.code.deobfuscators.MPRESS {
 
 		public override IDeobfuscator CreateDeobfuscator() {
 			return new Deobfuscator(new Deobfuscator.Options {
-				ValidNameRegex = validNameRegex.get(),
+				ValidNameRegex = validNameRegex.Get(),
 			});
 		}
 

de4dot.code/deobfuscators/MaxtoCode/Deobfuscator.cs

@@ -27,7 +27,7 @@ namespace de4dot.code.deobfuscators.MaxtoCode {
 	public class DeobfuscatorInfo : DeobfuscatorInfoBase {
 		public const string THE_NAME = "MaxtoCode";
 		public const string THE_TYPE = "mc";
-		const string DEFAULT_REGEX = @"!^[oO01l]+$&!^[A-F0-9]{20,}$&" + DeobfuscatorBase.DEFAULT_VALID_NAME_REGEX;
+		const string DEFAULT_REGEX = @"!^[oO01l]+$&!^[A-F0-9]{20,}$&" + DeobfuscatorBase.DEFAULT_ASIAN_VALID_NAME_REGEX;
 		IntOption stringCodePage;
 
 		public DeobfuscatorInfo()
@@ -46,8 +46,8 @@ namespace de4dot.code.deobfuscators.MaxtoCode {
 		public override IDeobfuscator CreateDeobfuscator() {
 			return new Deobfuscator(new Deobfuscator.Options {
 				RenameResourcesInCode = false,
-				ValidNameRegex = validNameRegex.get(),
-				StringCodePage = stringCodePage.get(),
+				ValidNameRegex = validNameRegex.Get(),
+				StringCodePage = stringCodePage.Get(),
 			});
 		}
 

de4dot.code/deobfuscators/Rummage/Deobfuscator.cs

@@ -26,6 +26,7 @@ namespace de4dot.code.deobfuscators.Rummage {
 		public const string THE_NAME = "Rummage";
 		public const string THE_TYPE = "rm";
 		const string DEFAULT_REGEX = @"!.";
+
 		public DeobfuscatorInfo()
 			: base(DEFAULT_REGEX) {
 		}
@@ -40,7 +41,7 @@ namespace de4dot.code.deobfuscators.Rummage {
 
 		public override IDeobfuscator CreateDeobfuscator() {
 			return new Deobfuscator(new Deobfuscator.Options {
-				ValidNameRegex = validNameRegex.get(),
+				ValidNameRegex = validNameRegex.Get(),
 			});
 		}
 	}

de4dot.code/deobfuscators/Skater_NET/Deobfuscator.cs

@@ -25,7 +25,7 @@ namespace de4dot.code.deobfuscators.Skater_NET {
 	public class DeobfuscatorInfo : DeobfuscatorInfoBase {
 		public const string THE_NAME = "Skater .NET";
 		public const string THE_TYPE = "sk";
-		const string DEFAULT_REGEX = @"!`[^0-9]+&" + DeobfuscatorBase.DEFAULT_VALID_NAME_REGEX;
+		const string DEFAULT_REGEX = @"!`[^0-9]+&" + DeobfuscatorBase.DEFAULT_ASIAN_VALID_NAME_REGEX;
 
 		public DeobfuscatorInfo()
 			: base(DEFAULT_REGEX) {
@@ -41,7 +41,7 @@ namespace de4dot.code.deobfuscators.Skater_NET {
 
 		public override IDeobfuscator CreateDeobfuscator() {
 			return new Deobfuscator(new Deobfuscator.Options {
-				ValidNameRegex = validNameRegex.get(),
+				ValidNameRegex = validNameRegex.Get(),
 			});
 		}
 	}

de4dot.code/deobfuscators/SmartAssembly/AssemblyResolverInfo.cs

@@ -101,7 +101,8 @@ namespace de4dot.code.deobfuscators.SmartAssembly {
 		}
 
 		protected override bool CheckResolverType(TypeDef type) {
-			if (DotNetUtils.FindFieldType(type, "System.Collections.Hashtable", true) != null)
+			if (DotNetUtils.FindFieldType(type, "System.Collections.Hashtable", true) != null ||
+				DotNetUtils.FindFieldType(type, "System.Collections.Generic.Dictionary`2<System.String,System.Reflection.Assembly>", true) != null)
 				return true;
 
 			foreach (var field in type.Fields) {

de4dot.code/deobfuscators/SmartAssembly/Deobfuscator.cs

@@ -29,12 +29,13 @@ namespace de4dot.code.deobfuscators.SmartAssembly {
 	public class DeobfuscatorInfo : DeobfuscatorInfoBase {
 		public const string THE_NAME = "SmartAssembly";
 		public const string THE_TYPE = "sa";
+		const string DEFAULT_REGEX = DeobfuscatorBase.DEFAULT_ASIAN_VALID_NAME_REGEX;
 		BoolOption removeAutomatedErrorReporting;
 		BoolOption removeTamperProtection;
 		BoolOption removeMemoryManager;
 
 		public DeobfuscatorInfo()
-			: base() {
+			: base(DEFAULT_REGEX) {
 			removeAutomatedErrorReporting = new BoolOption(null, MakeArgName("error"), "Remove automated error reporting code", true);
 			removeTamperProtection = new BoolOption(null, MakeArgName("tamper"), "Remove tamper protection code", true);
 			removeMemoryManager = new BoolOption(null, MakeArgName("memory"), "Remove memory manager code", true);
@@ -50,10 +51,10 @@ namespace de4dot.code.deobfuscators.SmartAssembly {
 
 		public override IDeobfuscator CreateDeobfuscator() {
 			return new Deobfuscator(new Deobfuscator.Options {
-				ValidNameRegex = validNameRegex.get(),
-				RemoveAutomatedErrorReporting = removeAutomatedErrorReporting.get(),
-				RemoveTamperProtection = removeTamperProtection.get(),
-				RemoveMemoryManager = removeMemoryManager.get(),
+				ValidNameRegex = validNameRegex.Get(),
+				RemoveAutomatedErrorReporting = removeAutomatedErrorReporting.Get(),
+				RemoveTamperProtection = removeTamperProtection.Get(),
+				RemoveMemoryManager = removeMemoryManager.Get(),
 			});
 		}
 

de4dot.code/deobfuscators/Spices_Net/Deobfuscator.cs

@@ -26,7 +26,7 @@ namespace de4dot.code.deobfuscators.Spices_Net {
 	public class DeobfuscatorInfo : DeobfuscatorInfoBase {
 		public const string THE_NAME = "Spices.Net";
 		public const string THE_TYPE = "sn";
-		const string DEFAULT_REGEX = @"!^[a-zA-Z0-9]{1,2}$&" + DeobfuscatorBase.DEFAULT_VALID_NAME_REGEX;
+		const string DEFAULT_REGEX = @"!^[a-zA-Z0-9]{1,2}$&" + DeobfuscatorBase.DEFAULT_ASIAN_VALID_NAME_REGEX;
 		BoolOption inlineMethods;
 		BoolOption removeInlinedMethods;
 		BoolOption removeNamespaces;
@@ -50,11 +50,11 @@ namespace de4dot.code.deobfuscators.Spices_Net {
 
 		public override IDeobfuscator CreateDeobfuscator() {
 			return new Deobfuscator(new Deobfuscator.Options {
-				ValidNameRegex = validNameRegex.get(),
-				InlineMethods = inlineMethods.get(),
-				RemoveInlinedMethods = removeInlinedMethods.get(),
-				RemoveNamespaces = removeNamespaces.get(),
-				RestoreResourceNames = restoreResourceNames.get(),
+				ValidNameRegex = validNameRegex.Get(),
+				InlineMethods = inlineMethods.Get(),
+				RemoveInlinedMethods = removeInlinedMethods.Get(),
+				RemoveNamespaces = removeNamespaces.Get(),
+				RestoreResourceNames = restoreResourceNames.Get(),
 			});
 		}
 

de4dot.code/deobfuscators/Unknown/Deobfuscator.cs

@@ -25,8 +25,10 @@ namespace de4dot.code.deobfuscators.Unknown {
 	public class DeobfuscatorInfo : DeobfuscatorInfoBase {
 		public const string THE_NAME = "Unknown";
 		public const string THE_TYPE = "un";
+		const string DEFAULT_REGEX = DeobfuscatorBase.DEFAULT_VALID_NAME_REGEX;
+
 		public DeobfuscatorInfo()
-			: base() {
+			: base(DEFAULT_REGEX) {
 		}
 
 		public override string Name {
@@ -40,7 +42,7 @@ namespace de4dot.code.deobfuscators.Unknown {
 		public override IDeobfuscator CreateDeobfuscator() {
 			return new Deobfuscator(new Deobfuscator.Options {
 				RenameResourcesInCode = false,
-				ValidNameRegex = validNameRegex.get(),
+				ValidNameRegex = validNameRegex.Get(),
 			});
 		}
 	}

de4dot.code/deobfuscators/Xenocode/Deobfuscator.cs

@@ -24,7 +24,8 @@ namespace de4dot.code.deobfuscators.Xenocode {
 	public class DeobfuscatorInfo : DeobfuscatorInfoBase {
 		public const string THE_NAME = "Xenocode";
 		public const string THE_TYPE = "xc";
-		const string DEFAULT_REGEX = @"!^[oO01l]{4,}$&!^(get_|set_|add_|remove_|_)?[x_][a-f0-9]{16,}$&" + DeobfuscatorBase.DEFAULT_VALID_NAME_REGEX;
+		const string DEFAULT_REGEX = @"!^[oO01l]{4,}$&!^(get_|set_|add_|remove_|_)?[x_][a-f0-9]{16,}$&" + DeobfuscatorBase.DEFAULT_ASIAN_VALID_NAME_REGEX;
+
 		public DeobfuscatorInfo()
 			: base(DEFAULT_REGEX) {
 		}
@@ -39,7 +40,7 @@ namespace de4dot.code.deobfuscators.Xenocode {
 
 		public override IDeobfuscator CreateDeobfuscator() {
 			return new Deobfuscator(new Deobfuscator.Options {
-				ValidNameRegex = validNameRegex.get(),
+				ValidNameRegex = validNameRegex.Get(),
 			});
 		}
 	}

de4dot.code/deobfuscators/dotNET_Reactor/v3/Deobfuscator.cs

@@ -31,7 +31,7 @@ namespace de4dot.code.deobfuscators.dotNET_Reactor.v3 {
 	public class DeobfuscatorInfo : DeobfuscatorInfoBase {
 		public const string THE_NAME = ".NET Reactor";
 		public const string THE_TYPE = "dr3";
-		const string DEFAULT_REGEX = DeobfuscatorBase.DEFAULT_VALID_NAME_REGEX;
+		const string DEFAULT_REGEX = DeobfuscatorBase.DEFAULT_ASIAN_VALID_NAME_REGEX;
 		BoolOption restoreTypes;
 		BoolOption inlineMethods;
 		BoolOption removeInlinedMethods;
@@ -57,12 +57,12 @@ namespace de4dot.code.deobfuscators.dotNET_Reactor.v3 {
 
 		public override IDeobfuscator CreateDeobfuscator() {
 			return new Deobfuscator(new Deobfuscator.Options {
-				ValidNameRegex = validNameRegex.get(),
-				RestoreTypes = restoreTypes.get(),
-				InlineMethods = inlineMethods.get(),
-				RemoveInlinedMethods = removeInlinedMethods.get(),
-				RemoveNamespaces = removeNamespaces.get(),
-				RemoveAntiStrongName = removeAntiStrongName.get(),
+				ValidNameRegex = validNameRegex.Get(),
+				RestoreTypes = restoreTypes.Get(),
+				InlineMethods = inlineMethods.Get(),
+				RemoveInlinedMethods = removeInlinedMethods.Get(),
+				RemoveNamespaces = removeNamespaces.Get(),
+				RemoveAntiStrongName = removeAntiStrongName.Get(),
 			});
 		}
 

de4dot.code/deobfuscators/dotNET_Reactor/v4/Deobfuscator.cs

@@ -32,7 +32,8 @@ namespace de4dot.code.deobfuscators.dotNET_Reactor.v4 {
 	public class DeobfuscatorInfo : DeobfuscatorInfoBase {
 		public const string THE_NAME = ".NET Reactor";
 		public const string THE_TYPE = "dr4";
-		const string DEFAULT_REGEX = @"!^[A-Za-z0-9]{2,3}$&" + DeobfuscatorBase.DEFAULT_VALID_NAME_REGEX;
+		public const string SHORT_NAME_REGEX = @"!^[A-Za-z0-9]{2,3}$";
+		const string DEFAULT_REGEX = DeobfuscatorBase.DEFAULT_ASIAN_VALID_NAME_REGEX;
 		BoolOption decryptMethods;
 		BoolOption decryptBools;
 		BoolOption restoreTypes;
@@ -42,6 +43,7 @@ namespace de4dot.code.deobfuscators.dotNET_Reactor.v4 {
 		BoolOption decryptResources;
 		BoolOption removeNamespaces;
 		BoolOption removeAntiStrongName;
+		BoolOption renameShort;
 
 		public DeobfuscatorInfo()
 			: base(DEFAULT_REGEX) {
@@ -54,6 +56,7 @@ namespace de4dot.code.deobfuscators.dotNET_Reactor.v4 {
 			decryptResources = new BoolOption(null, MakeArgName("rsrc"), "Decrypt resources", true);
 			removeNamespaces = new BoolOption(null, MakeArgName("ns1"), "Clear namespace if there's only one class in it", true);
 			removeAntiStrongName = new BoolOption(null, MakeArgName("sn"), "Remove anti strong name code", true);
+			renameShort = new BoolOption(null, MakeArgName("sname"), "Rename short names", false);
 		}
 
 		public override string Name {
@@ -66,16 +69,17 @@ namespace de4dot.code.deobfuscators.dotNET_Reactor.v4 {
 
 		public override IDeobfuscator CreateDeobfuscator() {
 			return new Deobfuscator(new Deobfuscator.Options {
-				ValidNameRegex = validNameRegex.get(),
-				DecryptMethods = decryptMethods.get(),
-				DecryptBools = decryptBools.get(),
-				RestoreTypes = restoreTypes.get(),
-				InlineMethods = inlineMethods.get(),
-				RemoveInlinedMethods = removeInlinedMethods.get(),
-				DumpEmbeddedAssemblies = dumpEmbeddedAssemblies.get(),
-				DecryptResources = decryptResources.get(),
-				RemoveNamespaces = removeNamespaces.get(),
-				RemoveAntiStrongName = removeAntiStrongName.get(),
+				ValidNameRegex = validNameRegex.Get(),
+				DecryptMethods = decryptMethods.Get(),
+				DecryptBools = decryptBools.Get(),
+				RestoreTypes = restoreTypes.Get(),
+				InlineMethods = inlineMethods.Get(),
+				RemoveInlinedMethods = removeInlinedMethods.Get(),
+				DumpEmbeddedAssemblies = dumpEmbeddedAssemblies.Get(),
+				DecryptResources = decryptResources.Get(),
+				RemoveNamespaces = removeNamespaces.Get(),
+				RemoveAntiStrongName = removeAntiStrongName.Get(),
+				RenameShort = renameShort.Get(),
 			});
 		}
 
@@ -90,6 +94,7 @@ namespace de4dot.code.deobfuscators.dotNET_Reactor.v4 {
 				decryptResources,
 				removeNamespaces,
 				removeAntiStrongName,
+				renameShort,
 			};
 		}
 	}
@@ -125,6 +130,7 @@ namespace de4dot.code.deobfuscators.dotNET_Reactor.v4 {
 			public bool DecryptResources { get; set; }
 			public bool RemoveNamespaces { get; set; }
 			public bool RemoveAntiStrongName { get; set; }
+			public bool RenameShort { get; set; }
 		}
 
 		public override string Type {
@@ -160,6 +166,8 @@ namespace de4dot.code.deobfuscators.dotNET_Reactor.v4 {
 				this.RenamingOptions |= RenamingOptions.RemoveNamespaceIfOneType;
 			else
 				this.RenamingOptions &= ~RenamingOptions.RemoveNamespaceIfOneType;
+			if (options.RenameShort)
+				options.ValidNameRegex.Regexes.Insert(0, new NameRegex(DeobfuscatorInfo.SHORT_NAME_REGEX));
 		}
 
 		public override byte[] UnpackNativeFile(IPEImage peImage) {

de4dot.cui/Properties/AssemblyInfo.cs

@@ -30,7 +30,7 @@ using System.Runtime.InteropServices;
 [assembly: AssemblyTrademark("")]
 [assembly: AssemblyCulture("")]
 [assembly: ComVisible(false)]
-[assembly: AssemblyVersion("2.0.3.3405")]
-[assembly: AssemblyFileVersion("2.0.3.3405")]
+[assembly: AssemblyVersion("3.0.2.3405")]
+[assembly: AssemblyFileVersion("3.0.2.3405")]
 [assembly: InternalsVisibleTo("de4dot, PublicKey=00240000048000009400000006020000002400005253413100040000010001007b5ffd8f48f1397cd4e21c9e30a5cb36b2c013d6f20688c90e3f0c2d24e6d67cbeea7a6ec3faf9ba081f3d6b6fbe389677adbb8337d3a16187cd13b16a34008a22b89089da41c4a08fd35615c77de0827adcca6d49b08c0ed3e0404a1c44b7d083be614acb1779e4fb275e14427f3687f375d03f3b465c8a6cdeebd1f8c7f4ea")]
 [assembly: InternalsVisibleTo("de4dot-x64, PublicKey=00240000048000009400000006020000002400005253413100040000010001007b5ffd8f48f1397cd4e21c9e30a5cb36b2c013d6f20688c90e3f0c2d24e6d67cbeea7a6ec3faf9ba081f3d6b6fbe389677adbb8337d3a16187cd13b16a34008a22b89089da41c4a08fd35615c77de0827adcca6d49b08c0ed3e0404a1c44b7d083be614acb1779e4fb275e14427f3687f375d03f3b465c8a6cdeebd1f8c7f4ea")]

de4dot.mdecrypt/Properties/AssemblyInfo.cs

@@ -29,5 +29,5 @@ using System.Runtime.InteropServices;
 [assembly: AssemblyTrademark("")]
 [assembly: AssemblyCulture("")]
 [assembly: ComVisible(false)]
-[assembly: AssemblyVersion("2.0.3.3405")]
-[assembly: AssemblyFileVersion("2.0.3.3405")]
+[assembly: AssemblyVersion("3.0.2.3405")]
+[assembly: AssemblyFileVersion("3.0.2.3405")]

de4dot/Properties/AssemblyInfo.cs

@@ -29,5 +29,5 @@ using System.Runtime.InteropServices;
 [assembly: AssemblyTrademark("")]
 [assembly: AssemblyCulture("")]
 [assembly: ComVisible(false)]
-[assembly: AssemblyVersion("2.0.3.3405")]
-[assembly: AssemblyFileVersion("2.0.3.3405")]
+[assembly: AssemblyVersion("3.0.2.3405")]
+[assembly: AssemblyFileVersion("3.0.2.3405")]

dnlib

@@ -1 +1 @@
-Subproject commit bd9b249820ebb1dd561fe376316d1b070f02d3e4
+Subproject commit 080306826f27fc4205f79a64b56247a04073991a