de4dot
|
bb9e4cbf26
|
Remove resources with an invalid RVA
|
2012-07-31 10:41:20 +02:00 |
|
de4dot
|
4b2da13972
|
Decrypt encrypted strings resource before initializing string decrypter
|
2012-07-31 10:09:45 +02:00 |
|
de4dot
|
f370824a46
|
Make sure we only decrypt resources once
|
2012-07-31 10:08:46 +02:00 |
|
de4dot
|
b517755607
|
Support Confuser 1.3 r55802 resource encrypter
|
2012-07-31 10:00:46 +02:00 |
|
de4dot
|
a2038f348e
|
Support Confuser 1.3 r42915 "safe" string decrypter
|
2012-07-31 09:14:06 +02:00 |
|
de4dot
|
be9c95a759
|
Support Confuser 1.3 r55346's latest proxy methods code
|
2012-07-31 07:30:21 +02:00 |
|
de4dot
|
1f2de674f7
|
Support an updated Confuser proxy methods code
|
2012-07-31 07:15:38 +02:00 |
|
de4dot
|
4c5f955953
|
Merge branch 'master' into confuser
|
2012-07-31 07:13:25 +02:00 |
|
de4dot
|
dace82cca9
|
Add find2() method for derived classes
|
2012-07-31 07:13:07 +02:00 |
|
de4dot
|
4f4af7a44a
|
Support newer Confuser 1.0 and 1.1 string decrypters
|
2012-07-31 05:47:49 +02:00 |
|
de4dot
|
afb205aeea
|
Update detection of compressor
|
2012-07-31 04:44:45 +02:00 |
|
de4dot
|
83706f40a8
|
Update proxy fixer v1
|
2012-07-31 04:44:30 +02:00 |
|
de4dot
|
ed9849313a
|
Merge branch 'master' into confuser
|
2012-07-31 04:41:09 +02:00 |
|
de4dot
|
329efd9a0f
|
Add code to let a derived class to push new values
|
2012-07-31 04:40:45 +02:00 |
|
de4dot
|
87a8052cbe
|
Declaring type is null if it's already been removed
|
2012-07-31 04:40:06 +02:00 |
|
de4dot
|
6be691ab6d
|
Increment errors if there's an exception
|
2012-07-31 04:39:34 +02:00 |
|
de4dot
|
1683c3ac1b
|
Update constants folder to support r8 values
|
2012-07-31 01:16:50 +02:00 |
|
de4dot
|
312a2fe063
|
Merge branch 'master' into confuser
|
2012-07-31 01:15:52 +02:00 |
|
de4dot
|
06b7374276
|
Add support for reading r8 values. Also rename some methods
|
2012-07-31 01:14:38 +02:00 |
|
de4dot
|
e657db9c8c
|
Support methods proxy in Confuser 1.0 r48717
|
2012-07-30 18:00:00 +02:00 |
|
de4dot
|
4a6713b728
|
Update detection of proxy fixer
|
2012-07-30 17:57:24 +02:00 |
|
de4dot
|
2e99bac40c
|
Unpack compressed Confuser assemblies
|
2012-07-30 14:11:04 +02:00 |
|
de4dot
|
7321e51a78
|
Decrypt Confuser 1.0 encrypted strings
|
2012-07-30 10:28:11 +02:00 |
|
de4dot
|
498316d2a2
|
Merge branch 'master' into confuser
|
2012-07-30 10:27:06 +02:00 |
|
de4dot
|
11256d6e76
|
Make property public
|
2012-07-30 10:26:49 +02:00 |
|
de4dot
|
833a4bdd42
|
Merge branch 'master' into confuser
|
2012-07-30 09:19:25 +02:00 |
|
de4dot
|
85ce802131
|
Add Confuser 1.0 proxy call fixer
|
2012-07-30 09:19:17 +02:00 |
|
de4dot
|
83b805adc3
|
Move methods
|
2012-07-30 09:17:22 +02:00 |
|
de4dot
|
1e7be5c619
|
Make method static
|
2012-07-30 09:13:51 +02:00 |
|
de4dot
|
b33c2834df
|
Don't deobfuscate cflow unless the method sig is void name()
|
2012-07-30 09:13:17 +02:00 |
|
de4dot
|
fb47689f58
|
Decrypt Confuser encrypted methods (memory)
|
2012-07-29 20:04:35 +02:00 |
|
de4dot
|
0eaa1466fb
|
Move common code to a base class
|
2012-07-29 20:02:12 +02:00 |
|
de4dot
|
d987fbe279
|
Merge branch 'master' into confuser
|
2012-07-29 18:14:25 +02:00 |
|
de4dot
|
b2d72b153f
|
Ignore exceptions when calling detect()
Most likely invalid code and/or metadata, which usually means it's still
encrypted.
|
2012-07-29 18:12:29 +02:00 |
|
de4dot
|
5b026a0d05
|
Add null check
|
2012-07-29 14:26:57 +02:00 |
|
de4dot
|
e225a342ae
|
Support type=dynamic const decryption
|
2012-07-29 14:23:27 +02:00 |
|
de4dot
|
5d1aefec16
|
Merge branch 'master' into confuser
|
2012-07-29 14:21:45 +02:00 |
|
de4dot
|
de8090df61
|
Add setConstant methods
|
2012-07-29 14:21:13 +02:00 |
|
de4dot
|
f20b2e648b
|
Fix detection when numeric const encryption is enabled
|
2012-07-29 13:24:50 +02:00 |
|
de4dot
|
892116ad63
|
Add ConstantsInliner class
|
2012-07-29 13:22:36 +02:00 |
|
de4dot
|
7c4994f624
|
Merge branch 'master' into confuser
|
2012-07-29 13:21:03 +02:00 |
|
de4dot
|
c924d84340
|
Add another decrypt() method
|
2012-07-29 13:20:35 +02:00 |
|
de4dot
|
c3c1ab64d8
|
Add setDeobfuscator() method
|
2012-07-29 13:19:12 +02:00 |
|
de4dot
|
2274ceeee4
|
Support the normal const decrypter
|
2012-07-29 10:17:05 +02:00 |
|
de4dot
|
24337f2a70
|
Merge branch 'master' into confuser
|
2012-07-29 09:49:55 +02:00 |
|
de4dot
|
f07f664553
|
Don't cast to a possible value type when result can be null
|
2012-07-29 09:49:00 +02:00 |
|
de4dot
|
ae63a63d20
|
Remove unecessary code
|
2012-07-28 21:28:27 +02:00 |
|
de4dot
|
db5c6fcf26
|
Decrypt Confuser encrypted constants
|
2012-07-28 04:45:27 +02:00 |
|
de4dot
|
b2ad946425
|
Merge branch 'master' into confuser
|
2012-07-28 04:39:30 +02:00 |
|
de4dot
|
cb6a3ac503
|
Support generic decrypter methods
|
2012-07-28 04:39:14 +02:00 |
|
de4dot
|
a2c8e99b3f
|
Ignore any exceptions during deobfuscation
|
2012-07-28 04:18:11 +02:00 |
|
de4dot
|
839684685e
|
Assume invalid code so check for null
|
2012-07-27 21:38:03 +02:00 |
|
de4dot
|
685d2c2ef0
|
Print a message if MethodData isn't encrypted
|
2012-07-27 21:35:55 +02:00 |
|
de4dot
|
6a15bfeee7
|
Decrypt Confuser encrypted resources
|
2012-07-27 12:49:00 +02:00 |
|
de4dot
|
471628b843
|
Update exception string
|
2012-07-27 09:21:03 +02:00 |
|
de4dot
|
16e6a986c7
|
Remove ConfusedByAttribute type
|
2012-07-27 08:50:58 +02:00 |
|
de4dot
|
872b4f61a2
|
Remove anti dumper type
|
2012-07-27 08:47:37 +02:00 |
|
de4dot
|
4840a117cf
|
Remove anti debugger type
|
2012-07-27 08:40:21 +02:00 |
|
de4dot
|
38d94819ee
|
Remove method decrypter type and init method call
|
2012-07-27 08:23:55 +02:00 |
|
de4dot
|
74970e80ff
|
Add Confuser proxy fixer
|
2012-07-27 08:11:23 +02:00 |
|
de4dot
|
a48a03b9ab
|
Move methods to ConfuserUtils
|
2012-07-27 08:07:17 +02:00 |
|
de4dot
|
135dcd5a3c
|
Merge branch 'master' into confuser
|
2012-07-27 08:03:30 +02:00 |
|
de4dot
|
e88479f71d
|
Add OtherMethods prop
|
2012-07-27 08:03:02 +02:00 |
|
de4dot
|
3abb8de345
|
getFieldToMethodDictionary() is now a non-virtual method
|
2012-07-27 07:57:13 +02:00 |
|
de4dot
|
70bd973cdd
|
Decrypt Confuser 1.9 encrypted JIT methods
|
2012-07-26 20:12:12 +02:00 |
|
de4dot
|
1a1ccb2121
|
Update code since GetUserString() arg is now a token
|
2012-07-26 20:07:27 +02:00 |
|
de4dot
|
bbd41a549c
|
Add MD5 and SHA256 sum methods
|
2012-07-26 16:35:28 +02:00 |
|
de4dot
|
916948249e
|
Add missing null check
|
2012-07-26 16:35:08 +02:00 |
|
de4dot
|
5fc6e1ac75
|
Add method to get a 64-bit int
|
2012-07-25 21:06:35 +02:00 |
|
de4dot
|
423c33a9f2
|
Append 32 to 32-bit methods and fields
|
2012-07-25 20:48:06 +02:00 |
|
de4dot
|
e2ec6548ed
|
Add more ctors and add EmulateConvInstructions prop
|
2012-07-25 20:43:22 +02:00 |
|
de4dot
|
755c9ae21a
|
New version: 1.9.0
|
2012-07-24 20:08:09 +02:00 |
|
de4dot
|
a815a70415
|
Rename arrays
|
2012-07-24 19:58:00 +02:00 |
|
de4dot
|
880441571e
|
Update class comment
|
2012-07-24 19:52:34 +02:00 |
|
de4dot
|
c31e6c2c3d
|
Main embedded asm doesn't always have the same asm name as the original asm
|
2012-07-24 19:05:50 +02:00 |
|
de4dot
|
e1f8793302
|
Add option to disable decrypting main embedded assembly
|
2012-07-24 18:52:39 +02:00 |
|
de4dot
|
490ce203b6
|
Update invalid name regex
|
2012-07-24 18:13:18 +02:00 |
|
de4dot
|
e54b026ae7
|
Make the embedded (original) start up assembly the new decrypted assembly
|
2012-07-24 17:49:04 +02:00 |
|
de4dot
|
4374a08020
|
getDecryptedModule() can now be called multiple times
|
2012-07-24 17:02:27 +02:00 |
|
de4dot
|
c8477bdbce
|
Print a warning and use default encoding if the code page doesn't exist
|
2012-07-23 13:19:04 +02:00 |
|
de4dot
|
8a81e98b3f
|
Fix invalid Mvid
|
2012-07-23 13:15:32 +02:00 |
|
de4dot
|
6c04a950e7
|
Remove duplicate resources
|
2012-07-23 10:22:39 +02:00 |
|
de4dot
|
b03cb46f53
|
Rename class
|
2012-07-23 10:08:13 +02:00 |
|
de4dot
|
ebbc8d2ab8
|
Remove encoding arg
|
2012-07-23 10:04:40 +02:00 |
|
de4dot
|
74aaf19257
|
Support the latest CO build
|
2012-07-22 20:35:33 +02:00 |
|
de4dot
|
2320c458cf
|
Check for null (invalid method ref in call instr)
|
2012-07-21 23:13:34 +02:00 |
|
de4dot
|
762e043236
|
Merge branch 'co' into new_code
Conflicts:
de4dot.code/de4dot.code.csproj
de4dot.code/deobfuscators/CryptoObfuscator/Deobfuscator.cs
|
2012-07-21 12:14:04 +02:00 |
|
de4dot
|
940aa20534
|
Merge branch 'master' into new_code
Conflicts:
de4dot.code/de4dot.code.csproj
|
2012-07-21 11:24:32 +02:00 |
|
de4dot
|
fd9d4a40cc
|
Support another MC runtime
|
2012-07-21 11:13:59 +02:00 |
|
de4dot
|
816ff5f369
|
New version: 1.8.7
|
2012-07-20 21:55:12 +02:00 |
|
de4dot
|
e05bfc9c8a
|
Decrypt strings
|
2012-07-20 21:54:56 +02:00 |
|
de4dot
|
dfafc4a94b
|
Remove useless method
|
2012-07-20 18:32:49 +02:00 |
|
de4dot
|
9b48632354
|
Refactor
|
2012-07-20 18:15:40 +02:00 |
|
de4dot
|
8b82f8b47d
|
Support the latest MC versions
|
2012-07-20 14:49:47 +02:00 |
|
de4dot
|
1eaa9f8c51
|
Add verify methods
|
2012-07-20 14:48:19 +02:00 |
|
de4dot
|
d9b3a81ba9
|
Add little endian encrypt/decrypt methods
|
2012-07-20 14:47:55 +02:00 |
|
de4dot
|
9b71da3633
|
Remove call to InitializeArray
|
2012-07-18 14:39:27 +02:00 |
|
de4dot
|
d0712b46aa
|
Update detection of resource resolver class
|
2012-07-16 20:00:37 +02:00 |
|
de4dot
|
6766c10969
|
Split array state into a new class
|
2012-07-16 19:59:50 +02:00 |
|
de4dot
|
ca65972c64
|
Add a force option to deobfuscate() method
|
2012-07-16 18:02:32 +02:00 |
|
de4dot
|
2aa3c8aaea
|
Add constants decrypter
|
2012-07-11 08:05:06 +02:00 |
|
de4dot
|
8f2f2f46ce
|
Support latest CO build
|
2012-07-11 02:15:33 +02:00 |
|
de4dot
|
9f8cac4dac
|
Fix #56
|
2012-07-08 08:14:36 +02:00 |
|
de4dot
|
598529a039
|
Support calli instruction
|
2012-07-08 04:18:26 +02:00 |
|
de4dot
|
16d5a31640
|
Create a SentinelType
|
2012-07-08 03:50:50 +02:00 |
|
de4dot
|
1581ec959d
|
Merge branch 'master' into new_code
|
2012-07-07 19:35:54 +02:00 |
|
de4dot
|
1867a06e84
|
Continue if same method
|
2012-07-07 09:09:55 +02:00 |
|
de4dot
|
ad6c6401b9
|
Support VS2008
|
2012-07-07 07:16:55 +02:00 |
|
de4dot
|
e440270a63
|
Fix proxy calls
|
2012-07-07 01:59:03 +02:00 |
|
de4dot
|
0a5764a093
|
Change method to take a ref to a type
|
2012-07-07 00:58:18 +02:00 |
|
de4dot
|
02c89550cb
|
Update the counter
|
2012-07-05 23:19:37 +02:00 |
|
de4dot
|
d5c8f6842a
|
Update log string
|
2012-07-02 21:49:59 +02:00 |
|
de4dot
|
8a34b6e015
|
Make method static
|
2012-07-02 21:49:45 +02:00 |
|
de4dot
|
b9e88972ae
|
Support latest CO build
|
2012-07-02 14:26:00 +02:00 |
|
de4dot
|
23697e2c00
|
Support ILP 1.0.5
|
2012-07-01 16:23:51 +02:00 |
|
de4dot
|
4c5fa3e809
|
Remove ILP detection
|
2012-06-27 15:19:09 +02:00 |
|
de4dot
|
4236514691
|
Merge branch 'ilp' into new_code
|
2012-06-27 15:15:55 +02:00 |
|
de4dot
|
a2baf1fdea
|
Merge branch 'master' into new_code
|
2012-06-27 15:15:03 +02:00 |
|
de4dot
|
4dce00b35a
|
Merge branch 'rummage' into new_code
Conflicts:
de4dot.cui/Program.cs
|
2012-06-27 15:14:40 +02:00 |
|
de4dot
|
199a0b4043
|
New version: 1.8.6
|
2012-06-27 10:46:12 +02:00 |
|
de4dot
|
12797ecb03
|
Support latest CO build
|
2012-06-27 10:45:45 +02:00 |
|
de4dot
|
cd0a193bdf
|
Support latest AN build
|
2012-06-27 10:27:16 +02:00 |
|
de4dot
|
d1259460e3
|
Update detection of decrypter constants. Fixes #59
|
2012-06-25 01:14:26 +02:00 |
|
de4dot
|
fa594c6213
|
Add better BL support
|
2012-06-12 11:15:19 +02:00 |
|
de4dot
|
4a29eae1c8
|
Add more inflate() overloads
|
2012-06-11 21:20:14 +02:00 |
|
de4dot
|
31118c11ba
|
Add the code from SharpZipLib that de4dot uses
|
2012-06-11 21:18:03 +02:00 |
|
de4dot
|
b964996388
|
Support Babel.NET 5.5
|
2012-06-06 21:16:32 +02:00 |
|
de4dot
|
a8bf74ca78
|
Support Rummage
|
2012-06-06 11:40:48 +02:00 |
|
de4dot
|
6d675fea54
|
Add XTEA decrypter
|
2012-06-06 11:39:48 +02:00 |
|
de4dot
|
3264bfc5cd
|
Support latest CO build
|
2012-06-04 09:51:07 +02:00 |
|
de4dot
|
5567c9a06a
|
Warn if strings resource couldn't be found
|
2012-06-04 06:34:32 +02:00 |
|
de4dot
|
3582b773ca
|
Support ILP
|
2012-06-04 05:02:46 +02:00 |
|
de4dot
|
27a91f5942
|
Change parameters type from [] to IList
|
2012-06-04 03:55:25 +02:00 |
|
de4dot
|
286462db4b
|
Move file
|
2012-06-03 19:08:46 +02:00 |
|
de4dot
|
e75386d0f9
|
Move method to Utils.cs
|
2012-06-03 16:44:08 +02:00 |
|
de4dot
|
b844dbc428
|
Detect ILP
|
2012-06-02 20:56:36 +02:00 |
|
de4dot
|
bff92e02e7
|
Remove unused method
|
2012-06-02 17:32:05 +02:00 |
|
de4dot
|
d2ec4e2969
|
New version: 1.8.5
|
2012-06-02 07:27:50 +02:00 |
|
de4dot
|
ec8139f640
|
Refactor code and support latest AN build
|
2012-06-02 07:26:21 +02:00 |
|
de4dot
|
a25f4f4640
|
Remove proxy methods type and make sure all proxy methods are inlined
|
2012-06-02 03:33:21 +02:00 |
|
de4dot
|
3c99e8d0d6
|
Update valid name regex
|
2012-06-01 12:53:03 +02:00 |
|
de4dot
|
6696c26496
|
Assembly resolver init method is sometimes only called from Main()
|
2012-06-01 12:40:16 +02:00 |
|
de4dot
|
d091564d85
|
Fix ToString(). Should separate generic args with commas
|
2012-06-01 12:05:01 +02:00 |
|
de4dot
|
cd2851baf4
|
Add an option to disable dumping embedded assemblies
|
2012-06-01 12:01:45 +02:00 |
|
de4dot
|
58b62ff914
|
Decrypt main assembly and embedded assemblies
|
2012-06-01 11:53:54 +02:00 |
|
de4dot
|
ddc270b963
|
Remove newlines from names when calling logger methods
|
2012-05-31 06:08:01 +02:00 |
|
de4dot
|
96f9f4154d
|
Decrypt CF encrypted strings
|
2012-05-29 20:20:11 +02:00 |
|
de4dot
|
9b591c68d3
|
Fix CF proxy calls
|
2012-05-29 19:14:41 +02:00 |
|
de4dot
|
512c650e11
|
Add another proxy call fixer class
|
2012-05-29 19:13:43 +02:00 |
|
de4dot
|
24d1c5182b
|
Update comment
|
2012-05-29 19:07:01 +02:00 |
|