monocul.us/de4dot-cex
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
974 Commits 2 Branches 1 Tag 5 MiB
11a5553305
Commit Graph

752 Commits

Author SHA1 Message Date
de4dot
c757139357 Remove string decrypter type 2012-02-08 18:58:06 +01:00
de4dot
98c8ea49e9 Remove tamper detection code 2012-02-08 18:40:24 +01:00
de4dot
1583552825 Make sure rvas list is never null 2012-02-08 16:14:07 +01:00
de4dot
780da4a0ad Update detection of encrypted methods data 2012-02-08 15:52:39 +01:00
de4dot
fa6b0d4054 Move detection of CV main type to its own class 2012-02-08 15:40:11 +01:00
de4dot
bb89ce2983 Remove method since base class now has the same method 2012-02-08 15:19:45 +01:00
de4dot
1e3daf3b45 Dump embedded assemblies 2012-02-08 12:33:02 +01:00
de4dot
09e840923d Search for sig starting from _stub RVA 2012-02-08 09:29:49 +01:00
de4dot
a8d4b38c79 Mover version info to a new ObfuscatorVersion enum 2012-02-08 08:55:45 +01:00
de4dot
0e89c0fc35 Only check Version property if methods decrypter was found 2012-02-08 08:50:36 +01:00
de4dot
776fd7f69f Speed up finding V5 methods decrypter type 2012-02-07 15:17:41 +01:00
de4dot
1076218a81 Detect CV version 2012-02-07 15:05:27 +01:00
de4dot
6ab0748bdd Decrypt V5 encrypted methods 2012-02-07 14:55:20 +01:00
de4dot
f11c51830f Make sure info is copied 2012-02-07 14:53:58 +01:00
de4dot
97d09c4c65 Make method accessible by sub classes 2012-02-07 14:53:34 +01:00
de4dot
3276f433c9 Add code to detect V5 methods decrypter 2012-02-07 05:08:02 +01:00
de4dot
0aeee176cc Merge v3-v4 and v5 code 2012-02-07 04:45:59 +01:00
de4dot
f1a1188409 Add a new ctor to copy values from old instance 2012-02-07 04:45:04 +01:00
de4dot
8f9cc6d290 Re-use v3-v4 string decrypter 2012-02-07 03:03:49 +01:00
de4dot
d512889833 Fix 'shadow calls' obfuscation 2012-02-07 02:07:31 +01:00
de4dot
c2313110b8 Add getDelegateTypes() and fix findProxyCall() 2012-02-07 02:02:49 +01:00
de4dot
ad8a5078fe Rename method 2012-02-07 00:42:32 +01:00
de4dot
2ccb35afb0 Add CV5 files 2012-02-06 15:55:35 +01:00
de4dot
26bf21a84e Show obfuscator version 2012-02-06 15:55:14 +01:00
de4dot
b39725f12f Remove useless 'using' 2012-02-06 15:52:19 +01:00
de4dot
0d6542e383 Move v3-v4 code to a sub dir 2012-02-06 15:49:27 +01:00
de4dot
da3a28f0a8 Move (and rename) XXTEA decrypt func to DeobUtils 2012-02-06 08:22:55 +01:00
de4dot
b867301797 Update valid name regex 2012-02-06 08:20:04 +01:00
de4dot
b3750f9d4c Initialize its token field 2012-02-05 23:04:24 +01:00
de4dot
542c6bb213 Support 3.2 methods decrypter 2012-02-05 22:49:10 +01:00
de4dot
d5c3a6964b Support 4.0 methods decrypter 2012-02-05 21:27:36 +01:00
de4dot
1903cf8607 KILL type is only worth 10 points 2012-02-05 19:01:49 +01:00
de4dot
9e4b29034f Finish getStringDecrypterMethods() method 2012-02-05 18:59:29 +01:00
de4dot
191fbb84b0 Use new getInitializedUInt32Array() method 2012-02-05 18:56:05 +01:00
de4dot
c8c4e3341c Add getInitializedUInt32Array() method 2012-02-05 18:55:48 +01:00
de4dot
d6ff8b515d Add string decrypter 2012-02-05 18:47:31 +01:00
de4dot
029c049bf6 Move readVariableLengthInteger() to DeobUtils 2012-02-05 18:46:14 +01:00
de4dot
0b43c77fdb Add missing call to removeNewlines() 2012-02-05 18:45:41 +01:00
de4dot
29c5cfc9c8 Don't stop if 2nd instr is also a store 2012-02-05 18:45:04 +01:00
de4dot
23c72927b5 Add CV and methods decrypter 2012-02-05 16:17:47 +01:00
de4dot
82cc64bd77 Add Sections property 2012-02-05 16:14:46 +01:00
de4dot
84f322dbcf Rename method. Ignore generic methods. 2012-02-03 16:21:59 +01:00
de4dot
3caad72275 Print new resource name 2012-02-03 14:35:42 +01:00
de4dot
ed9addb385 Make sure only valid methods are restored 2012-02-03 14:24:39 +01:00
de4dot
0cc88ba39f Restore resource names 2012-02-03 13:22:37 +01:00
de4dot
ebfb88b6f1 Don't try to inline methods without a body or no instrs 2012-02-03 11:10:48 +01:00
de4dot
bc6630f760 Detect other SN attribute 2012-02-03 10:45:31 +01:00
de4dot
022bbe15af Update name regex 2012-02-03 10:44:58 +01:00
de4dot
3a49d2a603 Remove encrypted strings field type 2012-02-03 10:13:41 +01:00
de4dot
33010b65a7 Add option to remove namespaces with only one type in it 2012-02-03 10:07:44 +01:00
de4dot
1008e91524 Don't restore method bodies from outside types 2012-02-03 10:05:31 +01:00
de4dot
95b835895b Inline the remaining methods 2012-02-03 09:44:35 +01:00
de4dot
c09bbf0d01 Restore bodies and update calls to real instance method 2012-02-03 09:21:15 +01:00
de4dot
e67ecfdff4 Remove the methods types 2012-02-03 06:33:54 +01:00
de4dot
9a87a2658f Restore method bodies 2012-02-03 04:26:55 +01:00
de4dot
814ca402bf Detect classes created by the obfuscator 2012-02-03 03:03:19 +01:00
de4dot
3ce28aebb0 Inline methods 2012-02-02 10:55:30 +01:00
de4dot
b3f17a27a3 Add SN string decrypter 2012-02-02 06:56:14 +01:00
de4dot
36b4806858 Remove useless code and add getArrays() method 2012-02-02 06:54:10 +01:00
de4dot
f3525d8980 New version: 1.5.1 2012-02-01 08:09:40 +01:00
de4dot
ce7dc67848 Fix Issue #19 2012-01-30 09:12:26 +01:00
de4dot
a7fa23e2d8 New version: 1.5.0 2012-01-29 18:58:26 +01:00
de4dot
a69b17e06d Support embedded assemblies (Silverlight) 2012-01-29 18:30:07 +01:00
de4dot
26a3e14d2c Update fields restorer since 2+ types can share same struct 2012-01-29 05:06:21 +01:00
de4dot
55dcb0881d Update code since master was updated 2012-01-28 18:40:35 +01:00
de4dot
0f9184e9be Merge branch 'master' into newcode 2012-01-28 18:38:09 +01:00
de4dot
1141a451ac Update resource renamer code. 
- Faster code
- Renames resource even if it doesn't end in '.resources'
 2012-01-28 18:37:02 +01:00
de4dot
915018c2fc Use a better method dictionary 2012-01-28 02:54:12 +01:00
de4dot
f75075ab15 Add XNA assembly search paths 2012-01-28 00:32:27 +01:00
de4dot
257456fd8b Speed up renaming by storing less names in the typeNames dict. 
merge() was pretty slow but is much faster now.
 2012-01-28 00:17:00 +01:00
de4dot
9e1412a6ae Use TryGetValue to speed it up a little 2012-01-27 05:54:30 +01:00
de4dot
50e7d28ddf Speed up method param renaming code 2012-01-27 05:39:25 +01:00
de4dot
887ee7c9e8 Fix method signature 2012-01-27 01:02:17 +01:00
de4dot
247cb2be20 Compare ElementType instead of calling verifyType for speed 2012-01-26 22:40:19 +01:00
de4dot
66969a4e92 Remove old code 2012-01-25 06:28:25 +01:00
de4dot
71d18ce688 Remove useless cast 2012-01-25 06:22:47 +01:00
de4dot
cb791a43ae Compare by reference since both are field defs 2012-01-25 06:15:33 +01:00
de4dot
c3b9b840e4 Code should return true 2012-01-25 05:47:34 +01:00
de4dot
2684ccab93 Create a unique metadata token since renamer depends on it 2012-01-24 17:51:22 +01:00
de4dot
26b2de90af Fix format string: missing {1} 2012-01-24 17:11:45 +01:00
de4dot
e9d7f3dbfb Restore fields 2012-01-24 17:10:11 +01:00
de4dot
e00ca9a7d2 Merge branch 'master' into newcode 2012-01-24 15:15:07 +01:00
de4dot
fb1a45c5a4 Create a new unique GUID that depends on the module 2012-01-24 15:14:57 +01:00
de4dot
94f3fc9369 Lower num required found proxies 2012-01-24 14:54:23 +01:00
de4dot
8fbcdeb060 Make sure it gets an RVA, and change field type to byte 2012-01-24 09:06:54 +01:00
de4dot
5c98e81e78 Ignore base64 decode exception 2012-01-24 07:39:07 +01:00
de4dot
ab0fa2631e Resource must be returned... 2012-01-24 05:25:02 +01:00
de4dot
95462d8dda Dump V4 embedded assemblies 2012-01-24 05:08:24 +01:00
de4dot
a80482751d Add extra check to make sure we detect the correct method 2012-01-24 04:44:23 +01:00
de4dot
ed00c5f2c5 Make sure it is static 2012-01-24 04:24:44 +01:00
de4dot
6ceea06f5b Decrypt V4 resources 2012-01-24 03:22:59 +01:00
de4dot
2c8e685910 Ignore prefixes 2012-01-24 02:31:57 +01:00
de4dot
88c8dcbb7a Detect V3.5 2012-01-24 01:01:30 +01:00
de4dot
d59fa86515 Print DS version 2012-01-24 00:41:09 +01:00
de4dot
da0cf08b33 Merge branch 'master' into newcode 2012-01-23 23:19:59 +01:00
de4dot
613a97906a Make sure method hasn't been removed 2012-01-23 23:16:01 +01:00
de4dot
f9ed9e403f Support V4 string decryptor 2012-01-23 23:13:04 +01:00
de4dot
4cfa0cf1f3 Update detection of methods to inline 2012-01-23 23:11:39 +01:00
de4dot
40a6a79d86 Merge branch 'master' into newcode 2012-01-23 15:27:29 +01:00
de4dot
568d2dd4a7 Add more assembly search paths 2012-01-23 15:27:23 +01:00
de4dot
92dfef7e93 Merge branch 'master' into newcode 2012-01-23 09:57:00 +01:00
de4dot
cf1ed9fb64 Use a MethodDefKey 
Fixes problem when a class implements an interface that its base class
also implements, but those interfaces are in two different assemblies
(different version, eg. mscorlib 2.0 and mscorlib 4.0).
 2012-01-23 09:14:50 +01:00
de4dot
8e92ddf790 Merge branch 'master' into newcode 2012-01-22 23:47:47 +01:00
de4dot
52e7b2926f Use non-renamable prop/event since it should be valid 2012-01-22 23:47:35 +01:00
de4dot
981975b750 Make sure we don't dump resource resolver's resource 2012-01-22 23:46:32 +01:00
de4dot
0ac8c944e5 Add call to stringDecryptersAdded() 2012-01-22 20:02:05 +01:00
de4dot
991a5281ab Add DS obfuscator support 2012-01-22 19:58:31 +01:00
de4dot
080a11c437 Merge branch 'master' into newcode 2012-01-22 19:53:27 +01:00
de4dot
5876526151 Add getInitializedInt16Array() and stop earlier 2012-01-22 19:33:36 +01:00
de4dot
8c645504fe Add method to find resource from strings in code 2012-01-22 13:00:17 +01:00
de4dot
bf1843ade4 Add an inflate() overload 2012-01-22 12:59:51 +01:00
de4dot
7962de961c Add getModuleTypeCctor() method 2012-01-22 11:15:14 +01:00
de4dot
fde26c0bd2 Split method 2012-01-21 22:16:07 +01:00
de4dot
ba04092060 Call stringDecryptersAdded() after adding string decrypters 2012-01-21 22:15:53 +01:00
de4dot
1371392b4a master was updated 2012-01-21 20:33:34 +01:00
de4dot
5a4d41cf45 Merge branch 'master' into newcode 2012-01-21 20:32:33 +01:00
de4dot
2dadd773ec Use ParameterDefinition.Sequence 2012-01-21 20:31:47 +01:00
de4dot
2e605b5117 Merge branch 'master' into newcode 2012-01-21 14:19:52 +01:00
de4dot
f3f8975f01 If instance explicit, 'this' is 1st param 2012-01-20 19:30:40 +01:00
de4dot
77f4d9ee0c Derive from ValueInlinerBase 2012-01-19 19:23:34 +01:00
de4dot
8c90c7b494 master was updated 2012-01-19 19:19:08 +01:00
de4dot
68b78b0081 Merge branch 'master' into newcode 2012-01-19 19:17:55 +01:00
de4dot
7f5401625e Rename classes 2012-01-19 19:16:44 +01:00
de4dot
45ff4af573 Remove detection of Babel in Unknown obfuscator 2012-01-19 05:42:00 +01:00
de4dot
dc042d2f9a Decrypt V2 encrypted strings 2012-01-19 05:38:58 +01:00
de4dot
ce76cc7810 Merge branch 'master' into newcode 2012-01-18 08:27:38 +01:00
de4dot
04903f0f9b Don't append a 0 to props when we've found the real name 2012-01-18 08:14:06 +01:00
de4dot
ff6a8d4b6f Dump embedded assemblies before decrypting methods 2012-01-18 07:53:06 +01:00
de4dot
49c06dec64 Dump embedded assemblies 2012-01-18 07:43:03 +01:00
de4dot
6ec1222657 Move common code to BabelUtils 2012-01-18 07:38:35 +01:00
de4dot
ed31063b1b Merge branch 'master' into newcode 2012-01-18 06:15:31 +01:00
de4dot
2ad9a9a087 New version: 1.4.4 2012-01-17 05:46:06 +01:00
de4dot
a92bbbe9c3 Warn if method isn't found since some obfuscators are buggy. 2012-01-17 05:44:22 +01:00
de4dot
788488dffa New version: 1.4.3 2012-01-17 03:01:48 +01:00
de4dot
5cb5f41d4a Support latset version of SA 2012-01-17 02:54:48 +01:00
de4dot
7c3e6f122a Merge branch 'master' into newcode 2012-01-14 12:40:54 +01:00
de4dot
3d48bceda3 New version: 1.4.2 2012-01-14 12:40:41 +01:00
de4dot
6c20e18b4d master was updated so fix code here 2012-01-14 12:37:20 +01:00
de4dot
48361ae809 Merge branch 'master' into newcode 2012-01-14 12:35:11 +01:00
de4dot
5f6841e317 Add HasHandlers property to base class 2012-01-14 12:34:42 +01:00
de4dot
f19be8019e Don't remove any types/methods/etc if it's an unknown obfuscator 2012-01-14 12:27:03 +01:00
de4dot
5e3b4a1414 Add some checks 2012-01-14 12:19:17 +01:00
de4dot
f0ff8df76a Use the method in InitializedDataCreator 2012-01-14 12:16:05 +01:00
de4dot
06e8b9f654 Use the new Int32ValueInliner class 2012-01-14 12:04:59 +01:00
de4dot
b71e8fdfdc Remove newlines from names when calling the logger 2012-01-14 11:59:01 +01:00
de4dot
c069d8005c Use methods in DotNetUtils 2012-01-14 11:53:38 +01:00
de4dot
ed918c6993 Call Dispose() after decrypting methods 2012-01-14 11:46:00 +01:00
de4dot
75c8747a0f Merge branch 'master' into newcode 2012-01-14 11:41:20 +01:00
de4dot
7b93497bc6 Update detection code 2012-01-14 11:39:49 +01:00
de4dot
6b4a462757 Support v3.0 2012-01-14 10:37:15 +01:00
de4dot
e53f4d043d Proxy calls can be proxied 2012-01-13 21:30:49 +01:00
de4dot
948cdb47e3 Fix what was updated in master 2012-01-13 21:30:29 +01:00
de4dot
c583891151 Merge branch 'master' into newcode 2012-01-13 21:26:48 +01:00
de4dot
b214eaa3c9 Add option to keep deobfuscating deobfuscated calls 2012-01-13 21:26:31 +01:00
de4dot
c28b575f7a Add MethodCallInliner prop to cflow deob class 2012-01-11 06:44:44 +01:00
de4dot
17327902c3 Refactor method call inliner code 2012-01-11 04:38:02 +01:00
de4dot
dfb2332116 Print the version number 2012-01-11 02:35:02 +01:00
de4dot
f18ed0d6fe Merge branch 'master' into newcode 2012-01-10 19:59:27 +01:00
de4dot
b30ccda1f9 Add method to remove the assembly info 2012-01-10 02:36:39 +01:00
de4dot
9800f91d12 Update copyright years 2012-01-09 23:04:52 +01:00
de4dot
0dbe743563 Merge branch 'master' into newcode 2012-01-09 23:02:58 +01:00
de4dot
0d0a40376d Update copyright years 2012-01-09 23:02:47 +01:00
de4dot
0612320ffd Add better detection of our base dir 2012-01-09 22:59:26 +01:00
de4dot
294ae6bc5e Show message if more than one obfuscator is detected 2012-01-09 22:47:29 +01:00
de4dot
edd855ad19 Merge branch 'master' into newcode 2012-01-09 07:55:09 +01:00
de4dot
665a170b9b Make sure HasFieldRVA flag is set 2012-01-09 07:55:01 +01:00
de4dot
a717f5895a Merge branch 'master' into newcode 2012-01-09 06:14:09 +01:00
de4dot
6a8a036687 Add another check to detect COM type 2012-01-09 06:13:55 +01:00
de4dot
c9e5b8e91e Update code to handle v3.5 obfuscated assemblies 2012-01-09 05:50:32 +01:00
de4dot
1805022073 Merge branch 'master' into newcode 2012-01-09 05:30:49 +01:00
de4dot
fd12b92e4b Update detection due to new cflow deob code 2012-01-09 03:19:13 +01:00
de4dot
496941258a Support v4.2 2012-01-08 21:48:37 +01:00
de4dot
b02cb11a61 Merge branch 'master' into newcode 2012-01-08 19:09:18 +01:00
de4dot
2f1ec392b9 Update detection of offset field 2012-01-08 19:08:23 +01:00
de4dot
0398666c93 Update detection of <Module> type 2012-01-08 18:46:23 +01:00
de4dot
28f8bdcc89 Some fixes 2012-01-08 18:38:37 +01:00
de4dot
cb21940841 Merge branch 'master' into newcode 2012-01-08 01:31:51 +01:00
de4dot
d295fa24a2 Ignore refs and defs from other modules 2012-01-08 01:30:57 +01:00
de4dot
f9592f5fdc Method was renamed in master 2012-01-07 20:31:06 +01:00
de4dot
134869db6d Merge branch 'skater' into newcode 
Conflicts:
	de4dot.cui/Program.cs
 2012-01-07 20:29:07 +01:00
de4dot
b647a9387b Merge branch 'goliath' into newcode 2012-01-07 20:28:10 +01:00
de4dot
44e58066b3 Add support for another obfuscator 2012-01-07 20:27:07 +01:00
de4dot
03a27110e7 Rename method to toInt32() 2012-01-07 19:14:15 +01:00
de4dot
951906d7e5 Move file 2012-01-07 00:05:43 +01:00
de4dot
a54cfbf996 Update detection of string decrypter type 2012-01-07 00:04:31 +01:00
de4dot
30798c6b08 Ignore result if it isn't a string 2012-01-05 17:24:31 +01:00
de4dot
d6f3ff64b9 Remove "castclass System.String" if present 2012-01-05 17:16:38 +01:00
de4dot
8d57bf741e Make sure correct integer value arg is boxed for string decrypter 2012-01-05 16:23:53 +01:00
de4dot
115641fc6b Pass caller token to string decrypter 2012-01-05 16:22:26 +01:00
de4dot
93d801997e Make sure the new property names are unique 2012-01-04 09:42:01 +01:00
de4dot
20222561b3 Add System.Object as base type if needed 2012-01-03 20:14:28 +01:00
de4dot
9a7d28472d Remove new lines when printing method/type names 2012-01-03 19:52:40 +01:00
de4dot
6963e89581 Update detection of delegate fields and remove useless method 2012-01-03 19:22:45 +01:00
de4dot
d3c801efb6 Add code to initialize arrays 2012-01-03 15:25:25 +01:00
de4dot
6e80b5bb94 Move bool inliner and create some more useful value inliners 2012-01-03 10:38:09 +01:00
de4dot
e79ee9832d Add desDecrypt(). Move deflate() to DeobUtils. 2012-01-02 22:35:02 +01:00
de4dot
ba43220da2 Update code for GO 5.6.0 2012-01-02 07:02:43 +01:00
de4dot
b23c35e049 Update detection code 2012-01-01 18:50:46 +01:00
de4dot
417fe04bba Don't need to detect GO here anymore 2012-01-01 18:15:32 +01:00
de4dot
7d39c543cc Refactor code 2012-01-01 13:02:16 +01:00