de4dot
870dab5b90
Fix renaming events/properties
2012-05-03 09:05:05 +02:00
de4dot
fb9e217dac
Add a cast deobfuscator
2012-05-03 08:01:35 +02:00
de4dot
c61161be1d
Ignore method attributes
2012-05-02 18:43:57 +02:00
de4dot
597fcb0210
Cflow deob methods
2012-05-02 13:51:07 +02:00
de4dot
e8049c6a05
Inline some obfuscated methods
2012-05-02 10:48:44 +02:00
de4dot
db14e73369
Make sure index is correct, and add method to read arg constants
2012-05-02 10:47:21 +02:00
de4dot
b15b581c46
Deobfuscate string decrypter cctor
2012-04-30 21:47:23 +02:00
de4dot
2594317b18
Use other sb ctor
2012-04-30 12:49:43 +02:00
de4dot
1805e352c4
Disable using unknown args by default
2012-04-30 12:18:47 +02:00
de4dot
f307520e62
Decrypt DS 4.1 strings
2012-04-30 08:33:05 +02:00
de4dot
a1daee56f8
Support more types of args
2012-04-30 08:31:09 +02:00
de4dot
e29a8ea692
Update cflow deobfuscator
2012-04-30 01:29:05 +02:00
de4dot
6b18d70e77
Move common code to another class
2012-04-30 01:26:34 +02:00
de4dot
83b14da5c8
Refactor: create common cflow deob iface
2012-04-29 23:51:04 +02:00
de4dot
920f079855
Set initlocals and add an option to disable it
2012-04-29 06:16:53 +02:00
de4dot
eb17298625
Move the field
2012-04-29 04:35:58 +02:00
de4dot
48b9c461f5
Restore calls to CodeDomProvider and ICodeCompiler
2012-04-29 04:03:10 +02:00
de4dot
9333e2415c
Rename class
2012-04-29 00:56:17 +02:00
de4dot
e548436ede
Restore calls to Icon/Bitmap .ctor
2012-04-29 00:51:09 +02:00
de4dot
b92b23df4a
Rename class and make it more general
2012-04-29 00:11:28 +02:00
de4dot
f9c78f8a8b
Decrypt CS 1.x encrypted methods
2012-04-28 08:50:37 +02:00
de4dot
03e2e621ea
Update detection of resource resolver type
2012-04-26 20:50:06 +02:00
de4dot
9754b01ba9
Merge branch 'master' into cs
2012-04-26 19:33:28 +02:00
de4dot
7a0804e035
Remove module references to the CS RT files
2012-04-26 17:14:54 +02:00
de4dot
7e5e7ddcd2
Find old string decrypter method
2012-04-26 16:53:52 +02:00
de4dot
67c866491d
Show the correct obfuscator name
2012-04-26 16:33:55 +02:00
de4dot
6f830b8329
Remove all obfuscator attributes
2012-04-26 16:23:07 +02:00
de4dot
aa6e7c0fc2
Add addAttributesToBeRemoved()
2012-04-26 16:08:39 +02:00
de4dot
960f934c67
Update detection of CS type
2012-04-26 14:46:22 +02:00
de4dot
e10dce2d95
Check for 32-bit or 64-bit method
2012-04-26 02:31:31 +02:00
de4dot
5b97faf2dd
Detect CS type when strings are encrypted, but methods aren't
2012-04-26 01:56:59 +02:00
de4dot
ab60692c2f
Return the correct return value
2012-04-26 01:48:59 +02:00
de4dot
d84d2e6a6c
Update CS detector and support an old string decrypter
2012-04-26 01:42:10 +02:00
de4dot
bff017a317
Throw InvalidMethodBody if IOException
2012-04-25 18:06:27 +02:00
de4dot
903db59827
Restore CS 3.0 "encrypted" methods
2012-04-25 13:49:22 +02:00
de4dot
4e89d707dc
Move code to DeobUtils
2012-04-25 13:21:53 +02:00
de4dot
8a45abfd3d
Stop earlier
2012-04-25 11:09:30 +02:00
de4dot
adea5b3ef6
Support latest MC build
2012-04-24 23:02:36 +02:00
de4dot
3a9422f798
Remove useless displs
2012-04-24 22:30:17 +02:00
de4dot
2b4fc0a836
Merge branch 'master' into cs
2012-04-24 11:39:31 +02:00
de4dot
eebb831c4b
Update CSVM opcode handler detection code
2012-04-24 11:33:17 +02:00
de4dot
88d7607d10
Fix resolver
2012-04-24 11:25:39 +02:00
de4dot
586be53fef
Fix method names
2012-04-23 19:37:05 +02:00
de4dot
7a399e7913
Rename class and update comments
2012-04-23 15:02:15 +02:00
de4dot
ea7a533027
Make fields read only
2012-04-23 15:00:42 +02:00
de4dot
b28dd6277a
Fix method names
2012-04-23 14:47:05 +02:00
de4dot
0a0b491072
Copy foundSig field
2012-04-23 14:40:56 +02:00
de4dot
dba8d8ebef
Use a using statement to make sure the file is closed when we return
2012-04-23 14:25:12 +02:00
de4dot
4f34e5c374
Restore .NET data directory so it can be deobfuscated
2012-04-23 02:04:34 +02:00
de4dot
790dc9f445
codeOffs should not be file offset
2012-04-22 21:26:57 +02:00
de4dot
c9fa7caf91
Decrypt CS 5.0 encrypted methods
2012-04-22 21:19:57 +02:00
de4dot
d3f1a2fd8e
Decrypt CS 4.5 encrypted methods
2012-04-22 20:35:01 +02:00
de4dot
fbba6a2aa8
Decrypt methods (CS RT is embedded inside the assembly)
2012-04-22 16:18:41 +02:00
de4dot
c9f63a5866
Restore CS 4.0 "encrypted" methods
2012-04-22 15:36:26 +02:00
de4dot
59e2e51882
Throw if invalid method body
2012-04-22 14:13:48 +02:00
de4dot
1a79ffde92
Move code to a new class
2012-04-22 13:43:43 +02:00
de4dot
0d41f9e41e
Remove useless field
2012-04-21 23:10:06 +02:00
de4dot
46152761ee
Input could be null
2012-04-17 14:13:40 +02:00
de4dot
d637c1af9a
New version: 1.8.1
2012-04-15 23:42:57 +02:00
de4dot
941929cf7a
Support latest CO build
2012-04-15 23:42:11 +02:00
de4dot
9bde3dee5a
New version: 1.8.0
2012-04-15 07:52:36 +02:00
de4dot
0df7b918ea
Refactor
2012-04-13 05:03:52 +02:00
de4dot
a459bc107c
Make sure <Module>::.cctor() only calls <CliSecureRT>::Initialize()
2012-04-13 05:03:51 +02:00
de4dot
043730e599
Ignore invalid method indexes
2012-04-11 03:11:01 +02:00
de4dot
3a8e1499f2
Use dynamic decryption if static decryption fails
2012-04-11 03:09:59 +02:00
de4dot
588373f5ff
Add code to decrypt methods using the new dynamic methods decrypter
2012-04-10 21:28:22 +02:00
de4dot
1e33610ce8
Support latest MC build
2012-04-10 19:06:03 +02:00
de4dot
b97dacbc54
Merge branch 'cs'
2012-04-10 16:32:40 +02:00
de4dot
c756d543c1
Rename PE namespace
2012-04-10 16:32:15 +02:00
de4dot
c5d9cc47ba
Add code to decrypt methods dynamically.
...
This is not a generic methods decrypter that can decrypt any obfuscator's
encrypted methods. If it hooks compileMethod(), this code probably can
decrypt the methods. If not, a little rewriting should fix that.
2012-04-10 16:17:45 +02:00
de4dot
ffa61e6a89
Move PE code to a common assembly
2012-04-10 15:09:59 +02:00
de4dot
553337adb7
Support EF 3.3.149
2012-04-10 03:52:18 +02:00
de4dot
2d583316cf
Use the constant
2012-04-08 11:36:24 +02:00
de4dot
634e9ec023
Reverse return value
2012-04-07 06:47:19 +02:00
de4dot
11f992b0f2
Support some more instrs
2012-04-06 22:07:52 +02:00
de4dot
52d6f73f5e
Add a newline
2012-04-06 16:36:07 +02:00
de4dot
1f74aeb1cf
Rename variable
2012-04-06 16:25:25 +02:00
de4dot
33e2177059
Restore constrained. prefix
2012-04-06 16:08:35 +02:00
de4dot
1935e58dbf
Support ldloca and ldarga
2012-04-06 16:08:09 +02:00
de4dot
5511ab833b
Update ldelema type, and add unbox.any and ldobj
2012-04-06 15:38:44 +02:00
de4dot
2949862614
Print warning if we failed to restore an instr op
2012-04-06 12:33:39 +02:00
de4dot
c39e421010
Fix locals
2012-04-06 12:25:15 +02:00
de4dot
86190ede1f
Print devirtualized methods
2012-04-06 11:05:06 +02:00
de4dot
7ec17b6b23
Move class to its own file
2012-04-05 20:59:50 +02:00
de4dot
237732e98e
Refactor
2012-04-05 20:45:16 +02:00
de4dot
da0878d765
Restore types that are generic parameters
2012-04-05 19:38:05 +02:00
de4dot
a38fe57ec1
Add CSVM devirtualizer
2012-04-05 19:15:10 +02:00
de4dot
0adbb3e70a
Move code to a new class
2012-04-05 18:05:27 +02:00
de4dot
1ead27107b
Don't add to list if null
2012-04-05 17:06:27 +02:00
de4dot
9cfe8431f6
Add shared deobfuscator data/methods
2012-04-04 21:06:10 +02:00
de4dot
7c8259905b
Update CO code. Fixes #39
2012-03-31 13:53:33 +02:00
de4dot
ab3c970cf4
Remove useless using statement
2012-03-29 04:52:39 +02:00
de4dot
ec775b9ef5
Support another SK string encrypter
2012-03-27 15:33:57 +02:00
de4dot
065927f702
Use the property
2012-03-27 15:23:27 +02:00
de4dot
d1e499454e
Rename locals and fix problem with huge strings
2012-03-27 02:27:26 +02:00
de4dot
6e188aa7e0
Decrypt MC encrypted strings
2012-03-26 22:07:01 +02:00
de4dot
e76321aaad
Remove unused method
2012-03-26 20:12:07 +02:00
de4dot
716098d33a
Change locals to instance variables
2012-03-26 19:34:09 +02:00
de4dot
e62d4f910a
Update detection of MC type
2012-03-24 19:35:38 +01:00
de4dot
4e042166b9
Fix getSectionHeader()
2012-03-24 19:13:58 +01:00
de4dot
b323612508
New version: 1.7.4
2012-03-23 10:14:26 +01:00
de4dot
efd317489d
Support latest EF 3.3.143
2012-03-23 10:13:59 +01:00
de4dot
8ca040f0da
Use callsMethod()
2012-03-21 03:49:28 +01:00
de4dot
7f1bad748e
Add more asm search paths
2012-03-21 03:37:10 +01:00
de4dot
ad5a759cd9
Remove useless cases
2012-03-21 03:19:26 +01:00
de4dot
1e9b20e432
Support EF obfuscated CF assemblies
2012-03-18 22:59:34 +01:00
de4dot
e1292b2930
Add some more assembly search paths
2012-03-18 19:15:33 +01:00
de4dot
353673811b
Fix problem where some WinForm property names weren't restored
2012-03-18 12:55:21 +01:00
de4dot
4b81854ea5
Restore resource names ending in ".g.resources"
2012-03-17 22:12:51 +01:00
de4dot
6f01d48593
Change getCalledMethods() return type
2012-03-17 20:36:41 +01:00
de4dot
0b858c47ed
Support DS obfuscated SL assemblies
2012-03-17 15:02:48 +01:00
de4dot
37450a1515
Support old DS 3.0.3.41 - 3.0.4.44
2012-03-17 14:11:37 +01:00
de4dot
48c7d40fb6
Inline method
2012-03-17 11:19:03 +01:00
de4dot
a3b052d15c
Should be "continue"
2012-03-17 11:18:52 +01:00
de4dot
9ecc5a313f
Support EF obfuscated SL assemblies
2012-03-16 23:22:24 +01:00
de4dot
d9aec67fcb
Rename
2012-03-16 22:39:50 +01:00
de4dot
996a245ba3
New version: 1.7.3
2012-03-15 23:39:42 +01:00
de4dot
ce9add13cb
Support CO obfuscated SL/CF assemblies
2012-03-15 22:36:23 +01:00
de4dot
0537a2edce
Use getModuleTypeCctor()
2012-03-15 09:38:52 +01:00
de4dot
67cb85e7ce
Update detection of obfuscator types
2012-03-15 09:15:12 +01:00
de4dot
e4fe749559
Use hasInteger() method
2012-03-15 02:19:35 +01:00
de4dot
27f382a017
Support a (new?) version of CryptoObfuscator. Fixes #33
2012-03-14 22:28:20 +01:00
de4dot
a405edf0fd
Support latest DeepSea version (4.0.4.32)
2012-03-13 20:37:33 +01:00
de4dot
ada90b1294
Add another CO detection check
2012-03-13 20:27:41 +01:00
de4dot
e949d8c926
Add support for latest EF 3.3.136
2012-03-13 09:26:40 +01:00
de4dot
8c5c055066
New version: 1.7.2
2012-03-11 15:59:36 +01:00
de4dot
7e1bf542af
Support a new EF 3.3 version that was released 1-2 days ago
2012-03-11 15:59:25 +01:00
de4dot
f5ee6e3e5e
Move dll files to a bin sub dir
2012-03-10 20:47:42 +01:00
de4dot
7d4c791575
Update detection of SA v2 string decrypter
2012-03-10 05:32:50 +01:00
de4dot
fafa60c4c9
Update expressions
2012-03-10 05:31:07 +01:00
de4dot
8b220697e0
New version: 1.7.1
2012-03-08 19:51:02 +01:00
de4dot
4e997910e4
Update detection of string decrypter type
2012-03-08 19:21:54 +01:00
de4dot
a41ea0969f
Call initAllTypes() before resolveAllRefs() to make sure baseType is initialized
2012-03-08 19:03:43 +01:00
de4dot
51fe58c4cd
Merge branch 'new_code'
2012-03-08 18:03:25 +01:00
de4dot
38fb775a7e
Use hasReturnValue() method
2012-03-08 18:03:12 +01:00
de4dot
3cde99b2e7
Remove overrides field
2012-03-08 17:57:35 +01:00
de4dot
4a7b4f4111
Update name regex
2012-03-08 16:15:19 +01:00
de4dot
674201e98c
Rename
2012-03-08 13:23:01 +01:00
de4dot
072bb4b5ce
Update code since cecil removed global asm resolver
2012-03-08 11:09:51 +01:00
de4dot
b4525ed58d
Support EF 3.3
2012-03-06 10:43:06 +01:00
de4dot
5c943d759d
Check base types for property/field
2012-03-03 18:23:53 +01:00
de4dot
77f1f2de67
Rename custom attribute fields and properties
2012-03-03 06:13:35 +01:00
de4dot
c3c92ebfaa
New version: 1.7.0
2012-03-01 22:14:23 +01:00
de4dot
48d6a3b6fc
Merge branch 'mc'
2012-03-01 22:10:36 +01:00
de4dot
86987518d6
Method should not be public
2012-02-29 11:41:07 +01:00
de4dot
9bf30e165c
Rename classes
2012-02-29 11:41:06 +01:00
de4dot
9791e63e51
Engrish
2012-02-29 11:41:05 +01:00
de4dot
8740ba8419
Rename variable
2012-02-29 11:41:04 +01:00
de4dot
167368f488
Attributes are worth less
2012-02-29 00:13:57 +01:00
de4dot
b27635f493
Remove sealed flag from interfaces
2012-02-28 23:57:48 +01:00
de4dot
ec30ec7b07
Add CF 2.0/3.5, SL 2.0 ref asm search paths
2012-02-28 22:36:35 +01:00
de4dot
e6d0c4a043
Move version detection to a new class
2012-02-28 22:30:22 +01:00
de4dot
77228ecfca
Update name regex
2012-02-28 22:24:08 +01:00
de4dot
68b4315e95
Update detection of the type and remove another type
2012-02-28 20:49:03 +01:00
de4dot
269b695245
Update detection of that type
2012-02-28 20:44:05 +01:00
de4dot
c970e1f6ca
Support v3.0 - 3.1
2012-02-28 19:42:19 +01:00
de4dot
acb53f535b
Throw if init fails
2012-02-28 18:18:13 +01:00
de4dot
f37e5a12d0
Restore calls to Assembly::GetManifestResourceXXX methods
2012-02-28 18:17:33 +01:00
de4dot
d740a3f5f6
Move GetManifestResourceStream code to a new class
2012-02-28 18:14:41 +01:00
de4dot
e72fb7220a
Decrypt embedded assemblies and resources
2012-02-27 23:43:45 +01:00
de4dot
9bab65640c
Refactor
2012-02-27 12:55:37 +01:00
de4dot
3c480f4c6c
Add another warning message
2012-02-27 01:51:44 +01:00
de4dot
cee04d3bba
master was updated
2012-02-26 22:57:55 +01:00
de4dot
cf76c14b4b
Merge branch 'master' into mc
2012-02-26 22:55:06 +01:00
de4dot
efec6625ef
Update detection of EF 3.0 and 3.1
2012-02-26 22:54:28 +01:00
de4dot
2bff1242c1
Add static EF string decrypter
2012-02-26 22:48:43 +01:00
de4dot
da1d649ef4
Make sure no generic methods are inlined
2012-02-25 06:33:38 +01:00
de4dot
10ceb12e30
Change return type to IEnumerable<int>
2012-02-25 06:25:40 +01:00
de4dot
48758be8f0
Use a new class instead of the dict
2012-02-25 06:14:19 +01:00
de4dot
d09938ca47
Remove classes with null base type
2012-02-25 05:28:32 +01:00
de4dot
330be994a1
Restore indentation
2012-02-25 05:22:30 +01:00
de4dot
5288b4b3d2
Make sure enum instance field has proper flags set (make peverify happy)
2012-02-25 05:15:42 +01:00
de4dot
b000112abc
Merge branch 'master' into mc
2012-02-23 17:16:00 +01:00
de4dot
fb832ca3de
New version: 1.6.1
2012-02-23 16:25:47 +01:00
de4dot
4ec4bb1d65
MC actually does rename symbols so add an updated regex
2012-02-23 11:52:19 +01:00
de4dot
6e8b32df21
Reverse sort comments
2012-02-23 10:59:02 +01:00
de4dot
7c4f014da3
Support old MC 3.2
2012-02-22 12:38:02 +01:00
de4dot
59ee55105d
Support some older MC version
2012-02-22 12:14:15 +01:00
de4dot
435d3303c3
Merge branch 'master' into mc
2012-02-21 17:33:45 +01:00
de4dot
538e4f738d
Fix issue #24 . Don't remove decrypter type if there was an error
2012-02-21 17:14:02 +01:00
de4dot
e5145fcca9
Remove MC type and module refs
2012-02-21 12:01:39 +01:00
de4dot
7bc3930df9
Decrypt resources
2012-02-21 11:51:19 +01:00
de4dot
58a94a8420
Decrypt methods protected with older MC version
2012-02-21 09:26:05 +01:00
de4dot
eb223537f0
Decrypt methods (decryption #1-4, not #5-7)
2012-02-20 17:20:29 +01:00
de4dot
b422e08fb1
Add lookup() method for ModuleReferences
2012-02-20 17:18:22 +01:00
de4dot
0c3aca32b9
Update code to handle MethodDefPtr table
2012-02-20 17:17:55 +01:00
de4dot
6d2435377f
Merge branch 'master' into mc
2012-02-20 05:59:08 +01:00
de4dot
b093e4c918
Copy license text files to output directory
2012-02-20 05:58:58 +01:00
de4dot
8536e211dd
Detect MC
2012-02-20 04:58:46 +01:00
de4dot
fc497b1688
Add MaxtoCode files
2012-02-20 03:48:59 +01:00
de4dot
d7afc66c6d
Don't remove string decrypter type if there's still code calling it
2012-02-19 00:50:08 +01:00
de4dot
e18ff9aea1
Don't remove string decrypter types if there was an error decrypting strings
2012-02-18 08:08:00 +01:00
de4dot
2c969446b0
Add InlinedAllCalls property
2012-02-18 07:56:53 +01:00
de4dot
8b059bcea7
These messages should be warnings
2012-02-18 07:52:58 +01:00
de4dot
9e16d9cd40
Rename method
2012-02-13 11:28:08 +01:00
de4dot
5579323b3e
Print warning if I/O exception
2012-02-13 11:16:38 +01:00
de4dot
981472cd91
Methods should be static and have a body
2012-02-13 11:11:08 +01:00
de4dot
a35c765f15
Rename method
2012-02-13 10:20:11 +01:00
de4dot
f7abb70475
New version: 1.6.0
2012-02-12 18:07:53 +01:00
de4dot
179ea6d6fd
Only string decrypter method is worth 100 points
2012-02-12 16:56:26 +01:00
de4dot
3e3be639e5
Move reading variable length int32 code to DeobUtils
2012-02-12 16:54:48 +01:00
de4dot
67efd5e7e7
Rename namespace to Eazfuscator_NET
2012-02-12 16:46:39 +01:00
de4dot
c2d13d9059
Remove all invalid methods
2012-02-12 16:29:29 +01:00
de4dot
4691c805d8
Ignore invalid methods
2012-02-12 16:25:12 +01:00
de4dot
46f23ce89d
Add InvalidMethodsFinder
2012-02-12 16:24:59 +01:00
de4dot
c15773b709
Merge branch 'cv' into next_version
...
Conflicts:
blocks/DotNetUtils.cs
2012-02-12 14:47:24 +01:00
de4dot
c73fcfc1d0
Remove CV type if it is empty
2012-02-12 14:38:42 +01:00
de4dot
5ce1f74263
Position has already been set to 0
2012-02-12 14:29:11 +01:00
de4dot
037cb5bc68
Decrypt the remaining (EREX) resources
2012-02-12 14:28:53 +01:00
de4dot
9a6bd53cb9
Remove obfuscator obfuscator bundle types
2012-02-12 13:38:23 +01:00
de4dot
ded45dcb7a
Remove proxy method types and main type
2012-02-12 13:00:38 +01:00
de4dot
ff55be46b6
Rename getField() to getFieldByName() and add a real getField() method
2012-02-12 12:53:36 +01:00
de4dot
8999eb8e0f
Remove CV main type methods if < v5.0
2012-02-12 12:08:46 +01:00
de4dot
42f66c3948
Fix detection; 3.2 doesn't have those extra fields
2012-02-12 12:03:55 +01:00
de4dot
d6327b401e
Remove all anti-reflection types
2012-02-12 11:39:00 +01:00
de4dot
80d338637e
Add method to remove classes with no base type
2012-02-12 11:35:18 +01:00
de4dot
18cd71ecdc
Update detection (v5.0)
2012-02-11 23:39:37 +01:00
de4dot
070acc59f1
Bail out earlier if not encrypted
2012-02-11 23:23:51 +01:00
de4dot
91f7d2cb51
Find and remove resource decrypter types
2012-02-11 23:23:25 +01:00
de4dot
c18bed7d69
Add namespace
2012-02-11 23:11:54 +01:00
de4dot
bffbe419d5
Add hasInteger() method
2012-02-11 23:11:41 +01:00
de4dot
d44db9871e
Add log message that we have decrypted a resource
2012-02-11 21:51:48 +01:00
de4dot
57b947a3da
Add InvalidDataException
2012-02-11 21:49:22 +01:00
de4dot
8b2ef5d6bb
Update if expression
2012-02-11 21:43:26 +01:00
de4dot
cd7d3724c3
Move fields from binder to exception
2012-02-11 21:30:54 +01:00
de4dot
9050af8a03
Refactor method
2012-02-11 19:34:07 +01:00
de4dot
ccd7d2ac79
Decrypt .resources files
2012-02-11 16:46:39 +01:00
de4dot
e5a72396c2
Remove length parameter from xxxteaDecrypt()
2012-02-11 16:46:02 +01:00
de4dot
76d9e87c3c
Add code to write .resources files
2012-02-11 16:43:53 +01:00
de4dot
ae97752d9c
Set data field to a 1-byte array
2012-02-09 10:14:59 +01:00
de4dot
ba399609c7
Initialize otherInitMethods in 2nd ctor
2012-02-09 10:14:29 +01:00
de4dot
45bf016a2e
Rename method
2012-02-09 10:14:08 +01:00
de4dot
15713a2b38
Check assembly for null (it could be a netmodule)
2012-02-08 22:01:10 +01:00
de4dot
d5089fa888
Remove kill type in deobfuscateBegin()
2012-02-08 19:54:05 +01:00
de4dot
b5c8a89b32
Remove init method calls called from .ctors
2012-02-08 19:40:17 +01:00
de4dot
a8d6aac306
Update detection of tamper detection types when proxy calls are enabled
2012-02-08 19:36:58 +01:00
de4dot
04247b5533
Remove most calls to main CV type
2012-02-08 19:21:00 +01:00
de4dot
c757139357
Remove string decrypter type
2012-02-08 18:58:06 +01:00
de4dot
98c8ea49e9
Remove tamper detection code
2012-02-08 18:40:24 +01:00
de4dot
1583552825
Make sure rvas list is never null
2012-02-08 16:14:07 +01:00
de4dot
780da4a0ad
Update detection of encrypted methods data
2012-02-08 15:52:39 +01:00
de4dot
fa6b0d4054
Move detection of CV main type to its own class
2012-02-08 15:40:11 +01:00
de4dot
bb89ce2983
Remove method since base class now has the same method
2012-02-08 15:19:45 +01:00
de4dot
1e3daf3b45
Dump embedded assemblies
2012-02-08 12:33:02 +01:00
de4dot
09e840923d
Search for sig starting from _stub RVA
2012-02-08 09:29:49 +01:00
de4dot
a8d4b38c79
Mover version info to a new ObfuscatorVersion enum
2012-02-08 08:55:45 +01:00
de4dot
0e89c0fc35
Only check Version property if methods decrypter was found
2012-02-08 08:50:36 +01:00
de4dot
776fd7f69f
Speed up finding V5 methods decrypter type
2012-02-07 15:17:41 +01:00
de4dot
1076218a81
Detect CV version
2012-02-07 15:05:27 +01:00
de4dot
6ab0748bdd
Decrypt V5 encrypted methods
2012-02-07 14:55:20 +01:00
de4dot
f11c51830f
Make sure info is copied
2012-02-07 14:53:58 +01:00
de4dot
97d09c4c65
Make method accessible by sub classes
2012-02-07 14:53:34 +01:00
de4dot
3276f433c9
Add code to detect V5 methods decrypter
2012-02-07 05:08:02 +01:00
de4dot
0aeee176cc
Merge v3-v4 and v5 code
2012-02-07 04:45:59 +01:00
de4dot
f1a1188409
Add a new ctor to copy values from old instance
2012-02-07 04:45:04 +01:00
de4dot
8f9cc6d290
Re-use v3-v4 string decrypter
2012-02-07 03:03:49 +01:00
de4dot
d512889833
Fix 'shadow calls' obfuscation
2012-02-07 02:07:31 +01:00
de4dot
c2313110b8
Add getDelegateTypes() and fix findProxyCall()
2012-02-07 02:02:49 +01:00
de4dot
ad8a5078fe
Rename method
2012-02-07 00:42:32 +01:00
de4dot
2ccb35afb0
Add CV5 files
2012-02-06 15:55:35 +01:00
de4dot
26bf21a84e
Show obfuscator version
2012-02-06 15:55:14 +01:00
de4dot
b39725f12f
Remove useless 'using'
2012-02-06 15:52:19 +01:00
de4dot
0d6542e383
Move v3-v4 code to a sub dir
2012-02-06 15:49:27 +01:00
de4dot
da3a28f0a8
Move (and rename) XXTEA decrypt func to DeobUtils
2012-02-06 08:22:55 +01:00
de4dot
b867301797
Update valid name regex
2012-02-06 08:20:04 +01:00
de4dot
b3750f9d4c
Initialize its token field
2012-02-05 23:04:24 +01:00
de4dot
542c6bb213
Support 3.2 methods decrypter
2012-02-05 22:49:10 +01:00
de4dot
d5c3a6964b
Support 4.0 methods decrypter
2012-02-05 21:27:36 +01:00
de4dot
1903cf8607
KILL type is only worth 10 points
2012-02-05 19:01:49 +01:00
de4dot
9e4b29034f
Finish getStringDecrypterMethods() method
2012-02-05 18:59:29 +01:00
de4dot
191fbb84b0
Use new getInitializedUInt32Array() method
2012-02-05 18:56:05 +01:00
de4dot
c8c4e3341c
Add getInitializedUInt32Array() method
2012-02-05 18:55:48 +01:00
de4dot
d6ff8b515d
Add string decrypter
2012-02-05 18:47:31 +01:00
de4dot
029c049bf6
Move readVariableLengthInteger() to DeobUtils
2012-02-05 18:46:14 +01:00
de4dot
0b43c77fdb
Add missing call to removeNewlines()
2012-02-05 18:45:41 +01:00
de4dot
29c5cfc9c8
Don't stop if 2nd instr is also a store
2012-02-05 18:45:04 +01:00
de4dot
23c72927b5
Add CV and methods decrypter
2012-02-05 16:17:47 +01:00
de4dot
82cc64bd77
Add Sections property
2012-02-05 16:14:46 +01:00
de4dot
84f322dbcf
Rename method. Ignore generic methods.
2012-02-03 16:21:59 +01:00
de4dot
3caad72275
Print new resource name
2012-02-03 14:35:42 +01:00
de4dot
ed9addb385
Make sure only valid methods are restored
2012-02-03 14:24:39 +01:00
de4dot
0cc88ba39f
Restore resource names
2012-02-03 13:22:37 +01:00
de4dot
ebfb88b6f1
Don't try to inline methods without a body or no instrs
2012-02-03 11:10:48 +01:00
de4dot
bc6630f760
Detect other SN attribute
2012-02-03 10:45:31 +01:00
de4dot
022bbe15af
Update name regex
2012-02-03 10:44:58 +01:00
de4dot
3a49d2a603
Remove encrypted strings field type
2012-02-03 10:13:41 +01:00
de4dot
33010b65a7
Add option to remove namespaces with only one type in it
2012-02-03 10:07:44 +01:00
de4dot
1008e91524
Don't restore method bodies from outside types
2012-02-03 10:05:31 +01:00
de4dot
95b835895b
Inline the remaining methods
2012-02-03 09:44:35 +01:00
de4dot
c09bbf0d01
Restore bodies and update calls to real instance method
2012-02-03 09:21:15 +01:00
de4dot
e67ecfdff4
Remove the methods types
2012-02-03 06:33:54 +01:00
de4dot
9a87a2658f
Restore method bodies
2012-02-03 04:26:55 +01:00
de4dot
814ca402bf
Detect classes created by the obfuscator
2012-02-03 03:03:19 +01:00
de4dot
3ce28aebb0
Inline methods
2012-02-02 10:55:30 +01:00
de4dot
b3f17a27a3
Add SN string decrypter
2012-02-02 06:56:14 +01:00
de4dot
36b4806858
Remove useless code and add getArrays() method
2012-02-02 06:54:10 +01:00
de4dot
f3525d8980
New version: 1.5.1
2012-02-01 08:09:40 +01:00
de4dot
ce7dc67848
Fix Issue #19
2012-01-30 09:12:26 +01:00
de4dot
a7fa23e2d8
New version: 1.5.0
2012-01-29 18:58:26 +01:00
de4dot
a69b17e06d
Support embedded assemblies (Silverlight)
2012-01-29 18:30:07 +01:00
de4dot
26a3e14d2c
Update fields restorer since 2+ types can share same struct
2012-01-29 05:06:21 +01:00
de4dot
55dcb0881d
Update code since master was updated
2012-01-28 18:40:35 +01:00
de4dot
0f9184e9be
Merge branch 'master' into newcode
2012-01-28 18:38:09 +01:00
de4dot
1141a451ac
Update resource renamer code.
...
- Faster code
- Renames resource even if it doesn't end in '.resources'
2012-01-28 18:37:02 +01:00
de4dot
915018c2fc
Use a better method dictionary
2012-01-28 02:54:12 +01:00
de4dot
f75075ab15
Add XNA assembly search paths
2012-01-28 00:32:27 +01:00
de4dot
257456fd8b
Speed up renaming by storing less names in the typeNames dict.
...
merge() was pretty slow but is much faster now.
2012-01-28 00:17:00 +01:00
de4dot
9e1412a6ae
Use TryGetValue to speed it up a little
2012-01-27 05:54:30 +01:00
de4dot
50e7d28ddf
Speed up method param renaming code
2012-01-27 05:39:25 +01:00
de4dot
887ee7c9e8
Fix method signature
2012-01-27 01:02:17 +01:00
de4dot
247cb2be20
Compare ElementType instead of calling verifyType for speed
2012-01-26 22:40:19 +01:00
de4dot
66969a4e92
Remove old code
2012-01-25 06:28:25 +01:00
de4dot
71d18ce688
Remove useless cast
2012-01-25 06:22:47 +01:00
de4dot
cb791a43ae
Compare by reference since both are field defs
2012-01-25 06:15:33 +01:00
de4dot
c3b9b840e4
Code should return true
2012-01-25 05:47:34 +01:00
de4dot
2684ccab93
Create a unique metadata token since renamer depends on it
2012-01-24 17:51:22 +01:00
de4dot
26b2de90af
Fix format string: missing {1}
2012-01-24 17:11:45 +01:00
de4dot
e9d7f3dbfb
Restore fields
2012-01-24 17:10:11 +01:00
de4dot
e00ca9a7d2
Merge branch 'master' into newcode
2012-01-24 15:15:07 +01:00
de4dot
fb1a45c5a4
Create a new unique GUID that depends on the module
2012-01-24 15:14:57 +01:00
de4dot
94f3fc9369
Lower num required found proxies
2012-01-24 14:54:23 +01:00
de4dot
8fbcdeb060
Make sure it gets an RVA, and change field type to byte
2012-01-24 09:06:54 +01:00
de4dot
5c98e81e78
Ignore base64 decode exception
2012-01-24 07:39:07 +01:00
de4dot
ab0fa2631e
Resource must be returned...
2012-01-24 05:25:02 +01:00
de4dot
95462d8dda
Dump V4 embedded assemblies
2012-01-24 05:08:24 +01:00
de4dot
a80482751d
Add extra check to make sure we detect the correct method
2012-01-24 04:44:23 +01:00
de4dot
ed00c5f2c5
Make sure it is static
2012-01-24 04:24:44 +01:00
de4dot
6ceea06f5b
Decrypt V4 resources
2012-01-24 03:22:59 +01:00
de4dot
2c8e685910
Ignore prefixes
2012-01-24 02:31:57 +01:00
de4dot
88c8dcbb7a
Detect V3.5
2012-01-24 01:01:30 +01:00
de4dot
d59fa86515
Print DS version
2012-01-24 00:41:09 +01:00
de4dot
da0cf08b33
Merge branch 'master' into newcode
2012-01-23 23:19:59 +01:00
de4dot
613a97906a
Make sure method hasn't been removed
2012-01-23 23:16:01 +01:00
de4dot
f9ed9e403f
Support V4 string decryptor
2012-01-23 23:13:04 +01:00
de4dot
4cfa0cf1f3
Update detection of methods to inline
2012-01-23 23:11:39 +01:00
de4dot
40a6a79d86
Merge branch 'master' into newcode
2012-01-23 15:27:29 +01:00
de4dot
568d2dd4a7
Add more assembly search paths
2012-01-23 15:27:23 +01:00
de4dot
92dfef7e93
Merge branch 'master' into newcode
2012-01-23 09:57:00 +01:00
de4dot
cf1ed9fb64
Use a MethodDefKey
...
Fixes problem when a class implements an interface that its base class
also implements, but those interfaces are in two different assemblies
(different version, eg. mscorlib 2.0 and mscorlib 4.0).
2012-01-23 09:14:50 +01:00
de4dot
8e92ddf790
Merge branch 'master' into newcode
2012-01-22 23:47:47 +01:00
de4dot
52e7b2926f
Use non-renamable prop/event since it should be valid
2012-01-22 23:47:35 +01:00
de4dot
981975b750
Make sure we don't dump resource resolver's resource
2012-01-22 23:46:32 +01:00
de4dot
0ac8c944e5
Add call to stringDecryptersAdded()
2012-01-22 20:02:05 +01:00
de4dot
991a5281ab
Add DS obfuscator support
2012-01-22 19:58:31 +01:00
de4dot
080a11c437
Merge branch 'master' into newcode
2012-01-22 19:53:27 +01:00
de4dot
5876526151
Add getInitializedInt16Array() and stop earlier
2012-01-22 19:33:36 +01:00
de4dot
8c645504fe
Add method to find resource from strings in code
2012-01-22 13:00:17 +01:00
de4dot
bf1843ade4
Add an inflate() overload
2012-01-22 12:59:51 +01:00
de4dot
7962de961c
Add getModuleTypeCctor() method
2012-01-22 11:15:14 +01:00
de4dot
fde26c0bd2
Split method
2012-01-21 22:16:07 +01:00
de4dot
ba04092060
Call stringDecryptersAdded() after adding string decrypters
2012-01-21 22:15:53 +01:00
de4dot
1371392b4a
master was updated
2012-01-21 20:33:34 +01:00
de4dot
5a4d41cf45
Merge branch 'master' into newcode
2012-01-21 20:32:33 +01:00
de4dot
2dadd773ec
Use ParameterDefinition.Sequence
2012-01-21 20:31:47 +01:00
de4dot
2e605b5117
Merge branch 'master' into newcode
2012-01-21 14:19:52 +01:00
de4dot
f3f8975f01
If instance explicit, 'this' is 1st param
2012-01-20 19:30:40 +01:00
de4dot
77f4d9ee0c
Derive from ValueInlinerBase
2012-01-19 19:23:34 +01:00
de4dot
8c90c7b494
master was updated
2012-01-19 19:19:08 +01:00
de4dot
68b78b0081
Merge branch 'master' into newcode
2012-01-19 19:17:55 +01:00
de4dot
7f5401625e
Rename classes
2012-01-19 19:16:44 +01:00
de4dot
45ff4af573
Remove detection of Babel in Unknown obfuscator
2012-01-19 05:42:00 +01:00
de4dot
dc042d2f9a
Decrypt V2 encrypted strings
2012-01-19 05:38:58 +01:00
de4dot
ce76cc7810
Merge branch 'master' into newcode
2012-01-18 08:27:38 +01:00
de4dot
04903f0f9b
Don't append a 0 to props when we've found the real name
2012-01-18 08:14:06 +01:00
de4dot
ff6a8d4b6f
Dump embedded assemblies before decrypting methods
2012-01-18 07:53:06 +01:00
de4dot
49c06dec64
Dump embedded assemblies
2012-01-18 07:43:03 +01:00
de4dot
6ec1222657
Move common code to BabelUtils
2012-01-18 07:38:35 +01:00
de4dot
ed31063b1b
Merge branch 'master' into newcode
2012-01-18 06:15:31 +01:00
de4dot
2ad9a9a087
New version: 1.4.4
2012-01-17 05:46:06 +01:00
de4dot
a92bbbe9c3
Warn if method isn't found since some obfuscators are buggy.
2012-01-17 05:44:22 +01:00
de4dot
788488dffa
New version: 1.4.3
2012-01-17 03:01:48 +01:00
de4dot
5cb5f41d4a
Support latset version of SA
2012-01-17 02:54:48 +01:00
de4dot
7c3e6f122a
Merge branch 'master' into newcode
2012-01-14 12:40:54 +01:00
de4dot
3d48bceda3
New version: 1.4.2
2012-01-14 12:40:41 +01:00
de4dot
6c20e18b4d
master was updated so fix code here
2012-01-14 12:37:20 +01:00
de4dot
48361ae809
Merge branch 'master' into newcode
2012-01-14 12:35:11 +01:00
de4dot
5f6841e317
Add HasHandlers property to base class
2012-01-14 12:34:42 +01:00
de4dot
f19be8019e
Don't remove any types/methods/etc if it's an unknown obfuscator
2012-01-14 12:27:03 +01:00
de4dot
5e3b4a1414
Add some checks
2012-01-14 12:19:17 +01:00
de4dot
f0ff8df76a
Use the method in InitializedDataCreator
2012-01-14 12:16:05 +01:00
de4dot
06e8b9f654
Use the new Int32ValueInliner class
2012-01-14 12:04:59 +01:00
de4dot
b71e8fdfdc
Remove newlines from names when calling the logger
2012-01-14 11:59:01 +01:00
de4dot
c069d8005c
Use methods in DotNetUtils
2012-01-14 11:53:38 +01:00
de4dot
ed918c6993
Call Dispose() after decrypting methods
2012-01-14 11:46:00 +01:00
de4dot
75c8747a0f
Merge branch 'master' into newcode
2012-01-14 11:41:20 +01:00
de4dot
7b93497bc6
Update detection code
2012-01-14 11:39:49 +01:00
de4dot
6b4a462757
Support v3.0
2012-01-14 10:37:15 +01:00
de4dot
e53f4d043d
Proxy calls can be proxied
2012-01-13 21:30:49 +01:00
de4dot
948cdb47e3
Fix what was updated in master
2012-01-13 21:30:29 +01:00
de4dot
c583891151
Merge branch 'master' into newcode
2012-01-13 21:26:48 +01:00
de4dot
b214eaa3c9
Add option to keep deobfuscating deobfuscated calls
2012-01-13 21:26:31 +01:00
de4dot
c28b575f7a
Add MethodCallInliner prop to cflow deob class
2012-01-11 06:44:44 +01:00
de4dot
17327902c3
Refactor method call inliner code
2012-01-11 04:38:02 +01:00
de4dot
dfb2332116
Print the version number
2012-01-11 02:35:02 +01:00
de4dot
f18ed0d6fe
Merge branch 'master' into newcode
2012-01-10 19:59:27 +01:00
de4dot
b30ccda1f9
Add method to remove the assembly info
2012-01-10 02:36:39 +01:00
de4dot
9800f91d12
Update copyright years
2012-01-09 23:04:52 +01:00
de4dot
0dbe743563
Merge branch 'master' into newcode
2012-01-09 23:02:58 +01:00
de4dot
0d0a40376d
Update copyright years
2012-01-09 23:02:47 +01:00
de4dot
0612320ffd
Add better detection of our base dir
2012-01-09 22:59:26 +01:00
de4dot
294ae6bc5e
Show message if more than one obfuscator is detected
2012-01-09 22:47:29 +01:00
de4dot
edd855ad19
Merge branch 'master' into newcode
2012-01-09 07:55:09 +01:00
de4dot
665a170b9b
Make sure HasFieldRVA flag is set
2012-01-09 07:55:01 +01:00
de4dot
a717f5895a
Merge branch 'master' into newcode
2012-01-09 06:14:09 +01:00
de4dot
6a8a036687
Add another check to detect COM type
2012-01-09 06:13:55 +01:00
de4dot
c9e5b8e91e
Update code to handle v3.5 obfuscated assemblies
2012-01-09 05:50:32 +01:00
de4dot
1805022073
Merge branch 'master' into newcode
2012-01-09 05:30:49 +01:00
de4dot
fd12b92e4b
Update detection due to new cflow deob code
2012-01-09 03:19:13 +01:00
de4dot
496941258a
Support v4.2
2012-01-08 21:48:37 +01:00
de4dot
b02cb11a61
Merge branch 'master' into newcode
2012-01-08 19:09:18 +01:00
de4dot
2f1ec392b9
Update detection of offset field
2012-01-08 19:08:23 +01:00
de4dot
0398666c93
Update detection of <Module> type
2012-01-08 18:46:23 +01:00
de4dot
28f8bdcc89
Some fixes
2012-01-08 18:38:37 +01:00
de4dot
cb21940841
Merge branch 'master' into newcode
2012-01-08 01:31:51 +01:00
de4dot
d295fa24a2
Ignore refs and defs from other modules
2012-01-08 01:30:57 +01:00
de4dot
f9592f5fdc
Method was renamed in master
2012-01-07 20:31:06 +01:00
de4dot
134869db6d
Merge branch 'skater' into newcode
...
Conflicts:
de4dot.cui/Program.cs
2012-01-07 20:29:07 +01:00
de4dot
b647a9387b
Merge branch 'goliath' into newcode
2012-01-07 20:28:10 +01:00
de4dot
44e58066b3
Add support for another obfuscator
2012-01-07 20:27:07 +01:00
de4dot
03a27110e7
Rename method to toInt32()
2012-01-07 19:14:15 +01:00
de4dot
951906d7e5
Move file
2012-01-07 00:05:43 +01:00
de4dot
a54cfbf996
Update detection of string decrypter type
2012-01-07 00:04:31 +01:00
de4dot
30798c6b08
Ignore result if it isn't a string
2012-01-05 17:24:31 +01:00
de4dot
d6f3ff64b9
Remove "castclass System.String" if present
2012-01-05 17:16:38 +01:00
de4dot
8d57bf741e
Make sure correct integer value arg is boxed for string decrypter
2012-01-05 16:23:53 +01:00
de4dot
115641fc6b
Pass caller token to string decrypter
2012-01-05 16:22:26 +01:00
de4dot
93d801997e
Make sure the new property names are unique
2012-01-04 09:42:01 +01:00
de4dot
20222561b3
Add System.Object as base type if needed
2012-01-03 20:14:28 +01:00
de4dot
9a7d28472d
Remove new lines when printing method/type names
2012-01-03 19:52:40 +01:00
de4dot
6963e89581
Update detection of delegate fields and remove useless method
2012-01-03 19:22:45 +01:00
de4dot
d3c801efb6
Add code to initialize arrays
2012-01-03 15:25:25 +01:00
de4dot
6e80b5bb94
Move bool inliner and create some more useful value inliners
2012-01-03 10:38:09 +01:00
de4dot
e79ee9832d
Add desDecrypt(). Move deflate() to DeobUtils.
2012-01-02 22:35:02 +01:00
de4dot
ba43220da2
Update code for GO 5.6.0
2012-01-02 07:02:43 +01:00
de4dot
b23c35e049
Update detection code
2012-01-01 18:50:46 +01:00
de4dot
417fe04bba
Don't need to detect GO here anymore
2012-01-01 18:15:32 +01:00
de4dot
7d39c543cc
Refactor code
2012-01-01 13:02:16 +01:00
de4dot
90ebd92333
Method was renamed in master
2012-01-01 12:11:09 +01:00
de4dot
463d97dd81
Merge branch 'master' into goliath
2012-01-01 12:10:03 +01:00
de4dot
07768cefd1
Merge branch 'master' into skater
2012-01-01 12:09:35 +01:00
de4dot
ac30b8c213
Rename method to getValues()
2012-01-01 12:09:16 +01:00
de4dot
970ef14266
Restore method arg names
2012-01-01 12:07:16 +01:00
de4dot
66b3061444
Remove useless method and only rename if not renamed
2012-01-01 12:06:40 +01:00
de4dot
1f7f9958ab
Update code
2012-01-01 12:06:01 +01:00
de4dot
1b98808558
Merge branch 'master' into goliath
2011-12-31 16:35:01 +01:00
de4dot
b3a29a7be1
Merge branch 'master' into skater
2011-12-31 16:34:01 +01:00
de4dot
e744e24a51
Use methods dict
2011-12-31 16:32:57 +01:00
de4dot
99350b456d
Use the methods dict
2011-12-31 16:15:38 +01:00
de4dot
cd359243a2
Remove unused method
2011-12-31 16:00:11 +01:00
de4dot
6b629f20c7
Use aesDecrypt() method
2011-12-31 15:12:41 +01:00