de4dot
3e70d1fa63
Use field dict and update code
2011-12-28 13:33:10 +01:00
de4dot
8de51ca227
Update code that removes methods and types
2011-12-28 13:30:44 +01:00
de4dot
ffbceae488
Update methods inliner code
2011-12-28 13:28:17 +01:00
de4dot
dd588bf9f8
Add MethodCollection class
2011-12-28 13:26:04 +01:00
de4dot
ad59501474
Add findAny() methods
2011-12-28 13:24:02 +01:00
de4dot
2a89e28b5e
New version: 1.4.1
2011-12-26 20:41:16 +01:00
de4dot
c14eef2750
Update code for SA 1.x-3.x obfuscated assemblies
2011-12-26 20:40:18 +01:00
de4dot
f468aebda5
Dump resources in applications (library mode)
2011-12-26 20:32:42 +01:00
de4dot
f88d57a206
Don't load method bodies if --no-cflow-deob is used and no types removed
2011-12-26 20:30:30 +01:00
de4dot
0a4fb0619b
Move to DNR dir
2011-12-26 20:28:48 +01:00
de4dot
ed97f9a826
Add getExtension() method
2011-12-26 20:27:57 +01:00
de4dot
259ec3455b
Rename method
2011-12-25 23:10:17 +01:00
de4dot
dd3b929021
Remove MethodImplAttributes and update log message
2011-12-25 23:06:37 +01:00
de4dot
c295d03078
Remove namespace from nested types
2011-12-25 23:03:53 +01:00
de4dot
c1838bec35
Update log messages
2011-12-23 17:48:10 +01:00
de4dot
bb886f2bdb
Ignore errors during method deobfuscation. A warning message is logged.
2011-12-23 17:28:20 +01:00
de4dot
7ed11cffb9
New version: 1.4.0
2011-12-22 23:53:59 +01:00
de4dot
a0d65b2e86
Rename method
2011-12-22 23:51:26 +01:00
de4dot
24076419dc
Rename method, update code
2011-12-22 23:50:33 +01:00
de4dot
63648a9505
Update detection of ASN code
2011-12-22 19:17:57 +01:00
de4dot
1a1350410a
Only call patcher if we need to patch it
2011-12-22 19:17:48 +01:00
de4dot
1b32fdd3b6
Write warning message if we couldn't unpack it
2011-12-22 18:48:24 +01:00
de4dot
c86daacda8
Add workaround for DNR patch bug
2011-12-22 17:40:21 +01:00
de4dot
a38781c1d0
Support SA 1.x-3.x
2011-12-22 05:41:28 +01:00
de4dot
222132f43b
Remove useless using directive
2011-12-22 05:37:29 +01:00
de4dot
7b71a565ec
Move method to DotNetUtils
2011-12-22 05:37:10 +01:00
de4dot
823d3b07a7
Refactor string decrypter
2011-12-21 19:22:23 +01:00
de4dot
d24da2f24c
Move method to base class
2011-12-21 19:21:06 +01:00
de4dot
f87fabd6aa
Move DNR v3 and v4 code to a DNR sub dir
2011-12-21 18:55:36 +01:00
de4dot
03ff9a61cb
Update strings
2011-12-21 18:30:37 +01:00
de4dot
a473f9eb02
Remove native lib linked resource
2011-12-21 18:20:59 +01:00
de4dot
4abe33f729
Remove obfuscator init calls from .ctors
2011-12-21 18:12:04 +01:00
de4dot
9136e674e5
Add anti strong name code
2011-12-21 18:04:49 +01:00
de4dot
1fd7319b19
Move patcher code to DecrypterType
2011-12-21 16:56:12 +01:00
de4dot
1e7dbfad97
Refactor
2011-12-21 07:13:19 +01:00
de4dot
2a651f5b5e
Update code and fix some bugs
2011-12-21 06:41:42 +01:00
de4dot
289c11b296
Refactor
2011-12-21 06:41:06 +01:00
de4dot
795ab8bee1
Update detection code
2011-12-21 06:40:10 +01:00
de4dot
13b84383f2
Update detection code
2011-12-21 06:39:56 +01:00
de4dot
134c20c794
Add Win32Path class
2011-12-21 06:39:12 +01:00
de4dot
25869c9ff8
Add FileHeaderOffset property
2011-12-21 06:38:44 +01:00
de4dot
74b8299ef2
Remove native lib module refs
2011-12-21 00:41:09 +01:00
de4dot
c516d61ad7
Decrypt library mode files
2011-12-21 00:31:27 +01:00
de4dot
15b4cefe89
Move method to base class
2011-12-21 00:30:17 +01:00
de4dot
0d92b37536
Create DNR3 dir
2011-12-20 21:47:45 +01:00
de4dot
dd60af245a
Unpack DNR 3.x application mode files
2011-12-20 20:16:57 +01:00
de4dot
746997dfe3
Add DNR 3.x application mode unpacker
2011-12-20 20:16:18 +01:00
de4dot
4a0a3fb2fc
Add isCompressed() method
2011-12-20 20:13:37 +01:00
de4dot
87b4f70de9
Add decrypt() method
2011-12-20 20:13:08 +01:00
de4dot
4444b143fd
Add method to get int32 array
2011-12-20 20:12:47 +01:00
de4dot
b60d53ea77
Add some more methods
2011-12-20 20:11:32 +01:00
de4dot
bc5d829714
Also check ldftn opcodes
2011-12-19 15:44:23 +01:00
de4dot
f7f77a821c
Use the SetMethod property
2011-12-19 15:43:40 +01:00
de4dot
b96ab54ba6
New version: 1.3.8
2011-12-16 19:34:55 +01:00
de4dot
dd8d0d0e83
Use new method/field dictionaries
2011-12-16 19:33:44 +01:00
de4dot
f30b0ef749
Add type, method, field, prop, event dictionaries
2011-12-16 18:56:45 +01:00
de4dot
2a0e92eaff
Assembly resolver now parses *.config files
2011-12-15 16:28:27 +01:00
de4dot
d35e92b53c
Update field type
2011-12-15 16:17:04 +01:00
de4dot
929d943112
Update deobfuscator
2011-12-15 16:16:21 +01:00
de4dot
c73459f1be
New version: 1.3.7
2011-12-11 12:38:48 +01:00
de4dot
00f7b7feda
The real Main() may be called from a DNR-created Main() method
2011-12-11 11:08:32 +01:00
de4dot
78bb21832e
Fix bug by resetting stream offset
2011-12-09 23:43:02 +01:00
de4dot
e7ea01f87d
Move console code to new de4dot.cui assembly
2011-12-09 09:02:06 +01:00
de4dot
0fd4ddf209
Change type from ez to ef
2011-12-08 09:53:13 +01:00
de4dot
5247927eff
Update regex
2011-12-08 09:52:23 +01:00
de4dot
5b7806cc1f
New version: 1.3.6
2011-12-06 17:38:30 +01:00
de4dot
5ccc8e0fda
Add prop/event override prefix
2011-12-06 02:45:28 +01:00
de4dot
731d302741
Pass the getter and setter methods to createProperty()
2011-12-05 23:47:48 +01:00
de4dot
6073106cfe
Restore explicitly overridden props/events
2011-12-05 18:11:34 +01:00
de4dot
04940d785c
Update version: 1.3.5
2011-12-04 20:02:18 +01:00
de4dot
b2801872d7
Update detection of invalid types when restoring field/method arg types
2011-12-04 20:01:02 +01:00
de4dot
427abbce79
Update detection of WinForms field names
2011-12-04 19:09:21 +01:00
de4dot
99cec56165
Update renamer code. Check for unresolved type and generic params
2011-12-04 18:22:47 +01:00
de4dot
7a6af40832
Update version: 1.3.4
2011-12-03 14:33:37 +01:00
de4dot
c9d4dc2268
Update renamer code so a compiler can compile the decompiled output
...
- property Byte[]_0 => Byte_0
- property ICollection.Boolean_0 => ICollection.IsSynchronized
- property pByte_0 => PByte_0
- property T_0 => Prop_0
- property indexer => Item
2011-12-03 14:28:10 +01:00
de4dot
0d18298b49
It's no longer beta! :)
2011-12-02 18:50:36 +01:00
de4dot
973e958ff1
Add better check for invalid entries
2011-12-02 18:48:01 +01:00
de4dot
0db4222c10
Update version: 1.3.3
2011-12-02 15:21:18 +01:00
de4dot
160527447c
Fix bug in methods decrypter
2011-12-02 15:20:27 +01:00
de4dot
b8564335b8
Remove stack frame helper code only if the option is enabled
2011-12-02 15:20:09 +01:00
de4dot
49701686e5
Update version: 1.3.2
2011-12-02 13:19:38 +01:00
de4dot
af0ff59794
Always rename P/Invoke methods
2011-12-02 13:18:22 +01:00
de4dot
d913c61df6
Fix some todos
2011-12-02 00:43:49 +01:00
de4dot
2734a9ee95
Update the code that resolves typedefs
2011-12-01 22:32:09 +01:00
de4dot
d6ba1fa2d5
Add p prefix to types
2011-12-01 22:30:43 +01:00
de4dot
ec896da8ab
Unpack .NET 1.x DNR native images
2011-12-01 14:16:23 +01:00
de4dot
82d1de5ae3
Remove *-x86 projects. Default is now x86.
2011-11-30 20:38:59 +01:00
de4dot
2f58cea471
Update the code
2011-11-30 20:27:49 +01:00
de4dot
2174011a35
Print a message after unpacking a native file
2011-11-30 20:22:52 +01:00
de4dot
3311e28a87
Don't re-read native file after unpacking it
2011-11-30 20:19:50 +01:00
de4dot
68d962fb6e
Return null if inflated data isn't an MZ file
2011-11-30 19:10:56 +01:00
de4dot
8637ef5e1a
Unpack DNR 4.0-4.4 + .NET 2.0+ native files
2011-11-30 19:06:25 +01:00
de4dot
20a10c92ee
Warn if unpacked data could not be loaded
2011-11-30 19:05:20 +01:00
de4dot
fde811d183
Move isCode() to DeobUtils
2011-11-30 19:04:49 +01:00
de4dot
b7a44b459d
Add code to unpack DNR 4.0/4.1 + .NET 2.0+ native files
2011-11-30 18:28:48 +01:00
de4dot
f567e09845
Add 'using de4dot.PE'
2011-11-30 18:27:01 +01:00
de4dot
28ec2485fc
Update code to handle unpacked native images
2011-11-30 18:26:36 +01:00
de4dot
26f4afeff3
Rename class to StreamXXX if it's a stream class
2011-11-30 18:24:43 +01:00
de4dot
27e7c76636
Add code to read win32 resources
2011-11-30 18:23:47 +01:00
de4dot
98342f2a0c
Move read file code to Utils
2011-11-30 18:21:01 +01:00
de4dot
4a26534ad0
Don't remove proxy delegate types and creator type if errors were detected
2011-11-28 11:45:48 +01:00
de4dot
d7c42185a8
Update detection of CliSecureRT type
2011-11-28 11:25:18 +01:00
de4dot
dab8907f8c
Detect EZ version
2011-11-27 08:28:17 +01:00
de4dot
04ae6e116f
New version: 1.3.1
2011-11-26 12:34:59 +01:00
de4dot
a90fd1fa2f
Update detection of the empty class
2011-11-26 12:34:17 +01:00
de4dot
cec8758ed2
Check if there are any refs left to the decrypter type
2011-11-26 12:21:18 +01:00
de4dot
df6678626e
Print total number of encrypted methods
2011-11-26 12:20:04 +01:00
de4dot
0ce27f8a2d
Print some info about the encrypted native methods
2011-11-25 15:33:13 +01:00
de4dot
51892f62a2
Re-encrypt native methods
2011-11-25 15:24:12 +01:00
de4dot
07f0376b45
Add methods to encrypt resource data, and set new data
2011-11-25 15:21:29 +01:00
de4dot
d9a776aa3f
Have DeobfuscatorBase implement IWriterListener
2011-11-25 15:19:56 +01:00
de4dot
cfe85774ab
Method prefix should be an empty string
2011-11-25 15:17:12 +01:00
de4dot
900ec1bf07
Add code to dump DNR native methods to a file
2011-11-25 15:16:50 +01:00
de4dot
b259991415
Some fixes:
...
- Remove empty class only if methods are inlined
- Don't add .cctor methods to possibly-inlined-methods list
2011-11-24 23:58:42 +01:00
de4dot
e4e9f6787c
New version: 1.3.0
2011-11-24 11:01:08 +01:00
de4dot
0516e4540d
Remove calls to empty class
2011-11-24 10:44:01 +01:00
de4dot
eee2c509be
Make sure decrypter type is removed
2011-11-24 10:10:39 +01:00
de4dot
17660c225e
Update decrypter detection code
2011-11-24 10:08:29 +01:00
de4dot
716870b4bd
Make sure InitializeComponent() detection code is called
2011-11-24 10:07:55 +01:00
de4dot
73d1316b2d
Add a new random name regex
2011-11-24 07:57:31 +01:00
de4dot
3bfb2e7dc7
Update DNR detection
2011-11-24 07:49:50 +01:00
de4dot
0c4abcc039
Update detection of possibly inlined methods
2011-11-24 06:48:23 +01:00
de4dot
e68cedd44b
Update tamper code
2011-11-24 05:25:34 +01:00
de4dot
a0f5a109dd
Add p prefix if it's a pointer type
2011-11-24 05:25:04 +01:00
de4dot
9d61d9845d
Don't add an override prefix if one of the methods is an iface method
2011-11-23 14:39:52 +01:00
de4dot
99d52b90c5
Revert older commit and print method override prefix
2011-11-23 12:13:41 +01:00
de4dot
4a65770c59
Check each part of the namespace instead of all of it at once
2011-11-23 11:50:34 +01:00
de4dot
ae5001b239
Make sure initializeEventHandlerNames() is called after renaming props
2011-11-23 11:34:11 +01:00
de4dot
80f90d3e6a
Update regex
2011-11-23 11:32:36 +01:00
de4dot
f7b117fe18
Restore events
2011-11-23 06:41:28 +01:00
de4dot
0c36e74834
Add option to disable restoring props/events from method names
2011-11-23 05:45:30 +01:00
de4dot
397f5f5b5b
Update DNR valid-name-check code
2011-11-23 05:28:57 +01:00
de4dot
550ea19c0b
Rename nullable types to better names, eg. int_0 instead of nullable_0
2011-11-23 05:09:34 +01:00
de4dot
1e22947f6a
Don't add prop/event 'other' methods to props/events list
2011-11-23 04:42:13 +01:00
de4dot
8d5dae6dcf
Update code to pass the new test
2011-11-22 15:56:48 +01:00
de4dot
d4c4d0a425
Don't add override prefix if scope has 2+ methods
2011-11-22 09:49:59 +01:00
de4dot
33f9a466a1
Don't add method to overrideMethods if it already overrides that iface method
2011-11-22 08:57:10 +01:00
de4dot
45cd6bf211
Update the code that renames virtual methods, props, events
2011-11-22 08:14:34 +01:00
de4dot
9953111d1c
Rename event add/remove methods' last arg to value
2011-11-21 11:26:02 +01:00
de4dot
7dbb0144ca
Check for null args
2011-11-21 11:03:45 +01:00
de4dot
c1ef76fda4
Use correct name when renaming event handlers
2011-11-21 10:56:18 +01:00
de4dot
d7c55cfbc3
Remove old renamer code
2011-11-21 10:37:30 +01:00
de4dot
b2b563ef22
Add more renamer code
2011-11-21 10:36:23 +01:00
de4dot
d014835c7c
Add Utils.compareInt32() and use it
2011-11-21 10:32:36 +01:00
de4dot
1b0fbfc681
Add more renamer code
2011-11-18 16:55:54 +01:00
de4dot
e9e0588cb6
Use Utils.StartsWith() since mono's impl is buggy
2011-11-17 04:22:12 +01:00
de4dot
195c7194cb
Rename types
2011-11-17 04:17:03 +01:00
de4dot
b58c3843e3
Add code to map virtual methods to base/iface methods
2011-11-16 23:08:27 +01:00
de4dot
79eb228200
Remove module if we don't load it. Restore indent level.
2011-11-16 22:59:04 +01:00
de4dot
75ff534ecd
Add removeModule(string) and clearAll() methods
2011-11-16 22:58:02 +01:00
de4dot
3f3814001c
Update method sig, rename stuff
2011-11-16 22:56:36 +01:00
de4dot
fa2f0808b1
Add some renamer classes
2011-11-15 14:26:51 +01:00
de4dot
e5da0a1255
Move old renamer code
2011-11-14 21:39:44 +01:00
de4dot
c68540aed7
Remove catch all exception and use latest cecil submodule
2011-11-14 09:44:39 +01:00
de4dot
695da497a7
Set version: 1.2.3
2011-11-14 06:23:03 +01:00
de4dot
d7149abe4e
Warn if an unused string decrypter is found
2011-11-14 06:21:43 +01:00
de4dot
cf6387a4c1
Fix some problems with new assemblies
2011-11-12 21:04:24 +01:00
de4dot
d3996b5152
Any type of exception could occur.
2011-11-12 21:01:58 +01:00
de4dot
6bf3de0dee
Set version: 1.2.2
2011-11-12 16:57:00 +01:00
de4dot
c62ca29df5
Update code for DNR 4.3+ obfuscated assemblies
2011-11-12 16:04:51 +01:00
de4dot
b80024bbc5
Find the method in a nested class (DNR 4.3+)
2011-11-12 15:22:17 +01:00
de4dot
07826f133e
Update names since it's anti strong name code
2011-11-12 15:15:47 +01:00
de4dot
d9e138bbe1
Strong name sign all assemblies (except tests)
...
You must create your own private de4dot.key file in the root source dir
before compiling:
sn -k de4dot.snk
2011-11-12 14:08:25 +01:00
de4dot
7df264d59c
Remove tamper detection code
2011-11-12 13:31:08 +01:00
de4dot
4b335f9489
Add a TypeLong property
2011-11-12 11:31:07 +01:00
de4dot
76825d3a9b
Encrypted resources aren't always using the public key token
2011-11-12 11:19:10 +01:00
de4dot
572d9d376d
Update version: 1.2.1
2011-11-11 21:00:42 +01:00
de4dot
0318c85a07
Convert 'return some_int' native methods to CIL code
2011-11-11 20:55:39 +01:00
de4dot
a3e7d9c9d6
Update version: 1.2.0
2011-11-10 14:55:40 +01:00
de4dot
183619f979
Remove String.Intern() calls when decrypting strings
2011-11-10 14:51:19 +01:00
de4dot
fb4128cbfb
Update a few strings
2011-11-10 14:48:33 +01:00
de4dot
f7639fc5a7
Update help message
2011-11-10 10:08:55 +01:00
de4dot
fdd6e55587
Sort the list of namespaces before printing the result
2011-11-10 00:57:27 +01:00
de4dot
ff3b1b0ecc
Rename random names
2011-11-10 00:47:22 +01:00
de4dot
3e803ef6d8
Read at most 2MB at a time from files
2011-11-10 00:44:37 +01:00
de4dot
c562c335e8
Add option to remove namespace if there's only one class in it
2011-11-09 12:08:48 +01:00
de4dot
ff0c0cddbd
Update WinForms renaming code
2011-11-09 11:28:34 +01:00
de4dot
ca232b521a
Update regex
2011-11-08 22:11:19 +01:00
de4dot
c6bdd51573
Rename --dr-dump-embedded -> --dr-embedded
2011-11-08 21:43:57 +01:00
de4dot
22739f5cd9
Remove decrypter type (all refs to it should be gone now)
2011-11-08 21:27:03 +01:00
de4dot
3bfb100fd5
Add resource decrypter
2011-11-08 19:32:10 +01:00
de4dot
0f627d728c
Use new FieldTypes code
2011-11-08 19:27:27 +01:00
de4dot
fec1ec7e35
Add FieldTypes class and re-use LocalTypes code
2011-11-08 19:26:59 +01:00
de4dot
6d1cca149a
Only check static methods
2011-11-08 11:36:09 +01:00
de4dot
c381423c48
Remove metadata token obfuscator type
2011-11-08 10:39:35 +01:00
de4dot
4e8f8a295b
Remove assembly resolver type only if we're inlining methods
2011-11-08 10:37:39 +01:00
de4dot
8c91b56cb5
Save embedded assemblies to disk
2011-11-08 10:27:18 +01:00
de4dot
5e3beef064
Remove unused variable
2011-11-08 10:26:27 +01:00
de4dot
a70b740088
Update printStackTrace() output
2011-11-08 10:26:07 +01:00
de4dot
7617d92b3b
Decrypt methods encrypted with the new methods encrypter
2011-11-07 16:16:18 +01:00
de4dot
a94d1406db
Rename some fields, and only remove types/etc if users wants it
2011-11-06 18:01:37 +01:00
de4dot
045e6ecf73
Use better property names
2011-11-06 15:24:30 +01:00
de4dot
a4e4a7284e
Add Xenocode support (dumped modules only)
2011-11-06 14:42:52 +01:00
de4dot
d60ab64c25
Move code to read module data to DeobUtils.cs
2011-11-06 13:46:50 +01:00
de4dot
f87e338583
Update text when reloading an assembly
2011-11-06 12:34:09 +01:00
de4dot
7821fc03bf
Remove support for .methods files.
2011-11-06 12:26:41 +01:00
de4dot
f424e8eabf
Add static methods decrypter and refactor into multiple classes
2011-11-06 12:19:26 +01:00
de4dot
a0509d2735
Use the new lookup() method
2011-11-06 12:18:35 +01:00
de4dot
4ecedb5b01
Don't check whether method is virtual
2011-11-06 12:17:20 +01:00
de4dot
bee77cdfe7
Make delegateCreatorMethods list protected
2011-11-06 12:16:30 +01:00
de4dot
fb2707a49b
Add lookup() generic method. Useful when reloading module.
2011-11-06 12:16:06 +01:00
de4dot
9a21b09fac
Reset module name when reloading from byte[]
2011-11-06 12:15:24 +01:00
de4dot
a369d36553
Add compare() byte[] method
2011-11-06 12:14:16 +01:00
de4dot
9818f675cd
Add some more methods
2011-11-06 12:13:31 +01:00
de4dot
75a464a7f4
Merge branch 'master' into dnr
2011-11-05 14:27:40 +01:00
de4dot
51fc70169d
Handle case where asm resolver returns a later version
2011-11-05 13:58:03 +01:00
de4dot
432c321bab
Catch SecurityDeclaration resolve exception
2011-11-05 10:30:38 +01:00
de4dot
198d5c3f74
Remove memory manager from Main()
2011-11-05 10:10:36 +01:00
de4dot
34a11ee555
Create methods to check whether a file/dir exists
2011-11-05 09:56:51 +01:00
de4dot
fe2fe0befe
Add Visual Studio public assemblies search paths
2011-11-05 09:45:34 +01:00
de4dot
65a9e7dbc1
Add Silverlight assembly search paths
2011-11-05 09:35:36 +01:00
de4dot
93ad40d218
Rename --asmpath option to --asm-path
2011-11-05 08:43:40 +01:00
de4dot
81d890d94e
Don't update method header max stack field if no cflow deob
2011-11-05 08:36:36 +01:00
de4dot
a23a889776
Ignore resolve errors. It's likely an obfuscator bug.
2011-11-05 08:08:16 +01:00
de4dot
13d5f8e37d
Ignore assemblies that contain native code
2011-11-05 08:04:14 +01:00
de4dot
c66c062753
Fix problem when HasPInvokeInfo == true but PInvokeInfo == null
2011-11-05 07:46:24 +01:00
de4dot
f524989a1e
Re-arrange some code
2011-11-05 07:42:58 +01:00
de4dot
2236300943
Update renamer to better rename methods and args
...
Finds InitializeComponent() method and renames it if necessary.
Finds all event handlers and names the args sender and e respectively.
Finds all field event handlers and names them <field>_<event>, eg.
button_Click.
2011-11-04 19:08:23 +01:00
de4dot
7486b73da3
Restore original WinForms class and field names
2011-11-04 15:39:16 +01:00
de4dot
df507526ba
Update renamer code so it's less likely to use an existing name
2011-11-04 13:59:43 +01:00
de4dot
e01e3c4e7f
Update valid name regex
2011-11-04 11:01:21 +01:00
de4dot
131a57342d
Force field type to same type newobj/newarr calls
2011-11-04 08:22:25 +01:00
de4dot
49b2976965
Handle call instrs with invalid metadata tokens
2011-11-04 07:43:24 +01:00
de4dot
4ce90dbfc0
Only print "found native code" warning once
2011-11-04 07:37:33 +01:00
de4dot
bd3b1e9b20
Check for null before calling unload()
2011-11-04 07:33:14 +01:00
de4dot
37f12ba60f
Some small updates
2011-11-04 07:21:12 +01:00
de4dot
30f713f8f8
Rename isDelegateType() -> derivesFromDelegate()
2011-11-04 00:39:48 +01:00
de4dot
e1715adb48
Update default regex
2011-11-04 00:35:07 +01:00
de4dot
c23d770fbc
Add special case for delegates
2011-11-04 00:09:51 +01:00
de4dot
8b0bf54d62
Print <arg_N> if arg N name is empty
2011-11-03 23:32:33 +01:00
de4dot
7a0061e39e
Don't save ByRef types, and method call should be getEnd(0)
2011-11-03 23:25:07 +01:00
de4dot
17f077e275
Update code to handle more cases
2011-11-03 23:01:51 +01:00
de4dot
b810292cee
New files' default name is now origname-cleaned.ext
2011-11-03 20:07:50 +01:00
de4dot
a2ecd85044
Deobfuscator type is now 2 chars
2011-11-03 20:03:32 +01:00
de4dot
e7c42c6532
Print updated types when we're done so everything can be sorted
2011-11-03 19:46:29 +01:00
de4dot
42e7583659
Unload loaded modules when renaming is over
2011-11-03 18:55:14 +01:00
de4dot
98cdcf9ca5
Only protect *Invoke methods. Rename and remove a variable
2011-11-03 18:53:58 +01:00
de4dot
3dd8649859
Merge branch 'master' into dnr
2011-11-03 07:11:10 +01:00
de4dot
f351a09564
Update symbol renamer to load referenced assemblies.
...
This way it's possible to use a rename-all regex (.*) without renaming
symbols that shouldn't be renamed (eg. methods that are defined in an
interface in a non-deobfuscated module, eg. Dispose()). A warning is
displayed if an assembly can't be loaded.
2011-11-03 06:43:33 +01:00
de4dot
96d086ba2b
Merge branch 'master' into dnr
2011-11-02 05:58:12 +01:00
de4dot
2a967dc699
Call onTypesRenamed() a little later and update throw message with token
2011-11-02 05:57:10 +01:00
de4dot
c918c8e964
Merge branch 'master' into dnr
2011-11-02 04:57:13 +01:00
de4dot
78960c759c
Rebuild dictionaries when types have been renamed
2011-11-02 04:54:54 +01:00
de4dot
b8879e74e6
Merge branch 'master' into dnr
2011-11-02 04:26:12 +01:00
de4dot
ccff408a00
Update code so it can rename duplicate member references
2011-11-02 04:24:22 +01:00
de4dot
c177c2ff42
Don't print message since the code is now much faster
2011-11-02 02:39:53 +01:00
de4dot
e3b767adcc
Don't create dest dirs if we're just detecting obfuscators
2011-11-02 02:38:20 +01:00
de4dot
2ddf6b00de
Return an empty list instead of null
2011-11-02 02:28:51 +01:00
de4dot
8ff2115083
Remove unused methods, and inline method used only by SA code
2011-11-02 02:25:45 +01:00
de4dot
ade1720d32
Use type cache to look up types (huge speedup in DNR code)
2011-11-02 02:25:07 +01:00
de4dot
1938a1c497
Undo what VS did
2011-11-01 18:56:44 +01:00
de4dot
6a07ee5b5e
It's generic code so move it to common parent dir
2011-11-01 18:48:52 +01:00
de4dot
7bdea53134
Check op for null and update detection code
2011-11-01 18:47:26 +01:00
de4dot
6f4447aa98
It's generic code so move it to common parent dir
2011-11-01 18:46:59 +01:00
de4dot
cc8e220281
Also use ldfld/ldflda to detect arg types
2011-11-01 15:53:51 +01:00
de4dot
c354ded987
Add code to restore ldtoken instructions
2011-11-01 15:17:26 +01:00
de4dot
5170e62e21
Add code to remove inlined methods and option to disable it
2011-11-01 14:23:30 +01:00
de4dot
e7ceb50382
Add CanInlineMethods to IDeobfuscator
2011-11-01 14:19:53 +01:00
de4dot
8faf7389ad
Restore method return types
2011-11-01 02:22:05 +01:00
de4dot
2e2eafdb57
Add code to restore methods' arg types
2011-10-31 23:58:19 +01:00
de4dot
ed625e256d
Restore field types and add option to disable it
2011-10-31 19:41:38 +01:00
de4dot
0ac072cf7b
Add class to restore field types. It should work most of the time.
2011-10-31 19:40:57 +01:00
de4dot
5185dc8364
Throw if PInvokeInfo is null. The type was probably removed.
2011-10-31 00:18:11 +01:00
de4dot
6b04c23036
Update decrypter and version detecter code
2011-10-31 00:09:38 +01:00
de4dot
35005a1a51
getStringDecrypterMethods() now adds all string decrypter methods
2011-10-30 19:28:13 +01:00
de4dot
0ddbe16349
Update DNR version number detection code
2011-10-30 06:15:52 +01:00
de4dot
7505f6096f
Clear deobfuscation flags when reloading module
2011-10-30 06:14:22 +01:00
de4dot
2ede24598d
Detect DNR version
2011-10-29 20:28:29 +02:00
de4dot
efe98949b1
Minor updates
2011-10-29 20:26:59 +02:00
de4dot
37a64f77f2
Index should be set to instruction before we broke out of the loop
2011-10-29 20:25:41 +02:00
de4dot
b57c93eae4
Update DNR methods decrypter code
2011-10-29 03:39:32 +02:00
de4dot
040410d7ce
Methods decrypter method could be null
2011-10-29 03:39:08 +02:00
de4dot
def4072bc5
Move array finder code to a new ArrayFinder class
2011-10-29 03:38:09 +02:00
de4dot
0a8d772c22
Decrypt methods sent to the JITter
2011-10-29 02:27:34 +02:00
de4dot
c4d6ba9ae9
Some minor updates
2011-10-29 02:25:31 +02:00
de4dot
3b87ab1294
Update getDecryptedModule() so it can return dumped methods
2011-10-29 02:23:48 +02:00
de4dot
a6dcd03d26
Allow passing dumped methods to reload()
2011-10-29 02:22:36 +02:00
de4dot
0e70d020b4
Add .NET metadata reader (ported from C++)
2011-10-29 02:20:44 +02:00
de4dot
89f90d3e75
Make sure publicKeyToken.Length > 0
2011-10-28 01:44:15 +02:00
de4dot
699ac4378d
Support older string decrypter method and detect older methods decrypter
2011-10-28 01:33:05 +02:00
de4dot
eb002895e1
Don't throw if we can't find all method args in the same block
2011-10-28 01:28:08 +02:00
de4dot
09178a6e95
Update methods decrypter and string decrypter
2011-10-27 22:25:44 +02:00
de4dot
39dbf5d9b2
Ignore call if we can't get all args
2011-10-27 22:22:52 +02:00
de4dot
9c83c22469
Add .NET header and a method to more safely write to a .NET PE image
2011-10-27 22:21:45 +02:00
de4dot
5357b4f73c
Update code to handle 4.1 obfuscated assemblies
2011-10-27 02:08:30 +02:00
de4dot
93d4ac1c9d
Update type name
2011-10-27 02:07:33 +02:00
de4dot
41356b2d30
Check for methods with no body
2011-10-27 02:07:06 +02:00
de4dot
ceca5718ba
Remove encrypted resources and call to methods decrypter
2011-10-26 23:00:01 +02:00
de4dot
dfb73f222f
Add options to disable decryption of methods and bools
2011-10-26 22:24:31 +02:00
de4dot
63ab61fb12
Deobfuscate cflow again if a bool was decrypted
2011-10-26 22:16:51 +02:00
de4dot
bd7a6763a6
Return number of method calls that were replaced
2011-10-26 22:06:48 +02:00
de4dot
28b73d36ed
It's a flags enum so should use unique bits
2011-10-26 22:00:32 +02:00
de4dot
db7edc2a72
Add BoolValueInliner class
2011-10-26 21:05:35 +02:00
de4dot
59863bf8b4
Refactor string decrypter to generic return value inliner class
2011-10-26 20:41:50 +02:00
de4dot
e4f2af221a
Add BooleanDecrypter class
2011-10-26 20:23:45 +02:00
de4dot
f37a46a02b
Decrypt strings
2011-10-26 19:49:25 +02:00
de4dot
03a8372319
Add readInt32() and readBytes() methods
2011-10-26 19:41:23 +02:00
de4dot
6bde8b8b20
Decrypt some DNR 4.0 non-native obfuscated assemblies
2011-10-26 14:40:55 +02:00
de4dot
1fbe902ed1
Always call detect(), and support reloading decrypted files
2011-10-26 14:32:50 +02:00
de4dot
3f7b1237b4
Don't call GetDirectoryName() if name is "" (loaded from byte[])
2011-10-26 14:32:10 +02:00
de4dot
4f315fd65a
Add reload() method when the file has been decrypted
2011-10-26 14:30:47 +02:00
de4dot
1eaa245618
Should ignore .cctor methods since .ctor is never static
2011-10-26 14:29:57 +02:00
de4dot
bfa0fa14c0
Add decrypt methods to IDeobfuscator. Change some method sigs.
2011-10-26 14:29:12 +02:00
de4dot
794b9dfd77
Add PE image reader/writer code
2011-10-26 14:20:38 +02:00
de4dot
685c5ba79c
Add code to detect methods decrypter method
2011-10-25 08:27:36 +02:00
de4dot
6bb6f0930d
Remember to create DNR's info class
2011-10-24 19:51:04 +02:00
de4dot
cb5589ee28
Add skeleton DNR file
2011-10-24 19:44:49 +02:00
de4dot
129da2e7f9
Set version 1.1.3
2011-10-24 15:48:19 +02:00
de4dot
46309f2f78
New version: 1.1.2
2011-10-23 22:09:27 +02:00
de4dot
4f02f84d84
Fix problem when resources aren't encrypted or compressed
2011-10-23 22:03:38 +02:00
de4dot
779d1a8a31
Update version to 1.1.1
2011-10-23 20:13:25 +02:00
de4dot
bf00ccca2b
Some minor updates
2011-10-23 17:23:33 +02:00
de4dot
f776148574
Add proxy delegate fixer
2011-10-23 13:43:32 +02:00
de4dot
32bb14fa5a
Decrypt encrypted SL resources
2011-10-23 09:19:50 +02:00
de4dot
9ad15e63e4
Remove string decrypter type and allow static + dynamic decryption
2011-10-23 09:07:47 +02:00
de4dot
78397f9c4f
Remove types CO adds to each assembly
2011-10-23 09:03:00 +02:00
de4dot
a1e6f555ef
Update method call remover code
2011-10-23 08:41:33 +02:00
de4dot
c0a8eb1bbd
Print name of encrypted strings resource
2011-10-22 18:20:49 +02:00
de4dot
4490c976b3
Find anti-debugger and tamper detection code
2011-10-22 18:13:13 +02:00
de4dot
1a78c2dc8c
Remove encrypted resources from output file
2011-10-22 17:29:49 +02:00
de4dot
adc2c277fd
Strings and resources are decrypted
2011-10-22 17:13:28 +02:00
de4dot
65dacdf7cd
Initialize assemblyInfos in case there's no embedded assemblies
2011-10-22 14:55:43 +02:00
de4dot
50a9421657
Assembly resolver doesn't need resource decrypter
2011-10-22 14:53:24 +02:00
de4dot
3f1b9152bd
Add CO deobfuscator. Can decrypt embedded assemblies.
2011-10-22 14:31:38 +02:00
de4dot
99bd79e418
Change to version 1.1.0
2011-10-21 22:27:26 +02:00
de4dot
88f7a31ff1
Print number of removed instructions
2011-10-21 21:35:35 +02:00
de4dot
2ff8a0ea7a
Remove old cflow deobfuscator code
2011-10-21 20:35:13 +02:00
de4dot
9d132bfeaf
Change --no-control-flow-deob => --no-cflow-deob
2011-10-21 10:38:27 +02:00
de4dot
b1340bc84f
Merge branch 'master' into newcode
2011-10-21 10:33:00 +02:00
de4dot
8c924617c3
Update CIL output when -vv is used
2011-10-21 10:32:43 +02:00
de4dot
d76afbf8a1
Ignore ArgumentOutOfRangeException when loading files
2011-10-20 12:28:15 +02:00
de4dot
f79b12d4f3
Make sure blocks are laid out in a verifiable order
2011-10-20 02:58:30 +02:00
de4dot
c8500b4f33
Remove unused local variables
2011-10-20 02:38:44 +02:00
de4dot
7fe71a963a
Add inline bool method hack for DNR
2011-10-19 01:53:42 +02:00
de4dot
80acf1d59f
Add switch cflow deobfuscator
2011-10-18 23:31:50 +02:00
de4dot
05065d6ac7
Start work on new cflow deobfuscator
2011-10-17 00:22:22 +02:00
de4dot
4c43807de7
Detect SA 1.x-5.1 assemblies
2011-10-13 12:22:17 +02:00
de4dot
01da4a979f
Also make sure type.Name is empty
2011-10-12 23:30:57 +02:00
de4dot
58ff833d5c
Detect SA 4.x, 5.0, 5.1
2011-10-12 23:16:03 +02:00
de4dot
b3463a3859
Remove automated error reporting code from SA 4.x assemblies
2011-10-12 22:50:19 +02:00
de4dot
9ed55629e6
Print deobfuscated method if -vv
2011-10-12 19:47:51 +02:00
de4dot
38b08dddfd
Update DF version attribute parsing
2011-10-10 18:39:42 +02:00
de4dot
08f5b04675
Fix a problem with String.StartsWith() on mono
2011-10-09 13:19:26 +02:00
de4dot
2f5ded924f
Get rid of dead code
2011-10-09 12:01:51 +02:00
de4dot
9ade539ecd
Update version to 1.0.3
2011-10-08 20:03:10 +02:00
de4dot
5fbda45d6d
Add earlyDetect() method to IDeobfuscator
2011-10-08 19:33:12 +02:00
de4dot
d305faae09
Detect another obfuscator
2011-10-08 18:43:22 +02:00
de4dot
5eb824693e
Don't throw if invalid visibility
2011-10-08 18:42:09 +02:00
de4dot
c94fea2bfc
Remove assembly if --one-file option is used
2011-10-08 15:01:51 +02:00
de4dot
ae9f59c918
Less memory are used when loading files one at a time
2011-10-08 13:33:48 +02:00
de4dot
3719e9a375
AssemblyResolver can now remove old unused assemblies
2011-10-08 13:28:39 +02:00
de4dot
d3fa227f1e
Update -ru option text
2011-10-08 12:30:35 +02:00
de4dot
bea3a737d2
Don't rename resource if old name was empty string
2011-10-08 12:17:01 +02:00
de4dot
d69b1b465c
Fix SA string decryption problem
2011-10-07 17:32:03 +02:00
de4dot
56da16086b
Make sure user tries latest version...
2011-10-07 17:31:27 +02:00
de4dot
8ec3da7080
Update detection and some strings
2011-10-07 17:30:41 +02:00
de4dot
4cca5190da
Detect another new obfuscator
2011-10-07 08:45:40 +02:00
de4dot
fa3a6457de
Detects a few more obfuscators
2011-10-06 10:33:13 +02:00
de4dot
1c721b017e
Detect some unsupported obfuscators
2011-10-05 17:22:56 +02:00
de4dot
d2b621b5b3
Netmodules are better supported now
2011-10-05 08:20:32 +02:00
de4dot
43085bc808
Fix serialization problem when calling exit()
2011-10-03 10:04:33 +02:00
de4dot
062ecaaef2
Ignore emtpy strings when renaming resources in code
2011-09-29 19:00:34 +02:00
de4dot
b71eb587db
Make sure field/method ref has a declaring type before resolving it
2011-09-29 10:51:21 +02:00
de4dot
18756f90bf
Updated log text
2011-09-29 10:50:10 +02:00
de4dot
004f25d818
Set version to 1.0.2
2011-09-29 01:29:02 +02:00
de4dot
65e0ef359a
Enabled reading and loading of files from the network
2011-09-28 23:54:38 +02:00
de4dot
ee60bf14f2
Added 'default' string decrypter type
...
Eazfuscator.NET deobfuscator defaults to 'emulate' and the others to
'static'.
2011-09-28 16:06:10 +02:00
de4dot
500cdcaf1b
Not ignoring all PE file load exceptions, but added null ref exception
2011-09-28 02:00:29 +02:00
de4dot
157a125894
Catch all exceptions and print warning if load fails
2011-09-28 01:44:32 +02:00
de4dot
37be012a11
Set Console.OutputEncoding to UTF-8 only if current encoding is single byte
2011-09-28 01:27:46 +02:00
de4dot
2094990a93
Added --one-file option to deobfuscate only one file at a time
2011-09-28 01:19:19 +02:00
de4dot
6fec29daab
Func should take a MethodDefinition as first arg
2011-09-28 00:57:17 +02:00
de4dot
eeb12adf87
Removed 'in' and 'out' from delegates
2011-09-27 23:42:06 +02:00
de4dot
cd0e5c0169
Updated resource renaming of code strings
2011-09-27 23:29:38 +02:00
de4dot
c257f16787
Methodsrewriter is now working
2011-09-27 22:06:43 +02:00
de4dot
695dd81b43
Merged master
2011-09-27 02:05:46 +02:00
de4dot
bfca8a351f
Updated version number
2011-09-24 18:56:13 +02:00
de4dot
5dd6567fc9
Bug fix. Some methods have a body but 0 instrs
2011-09-24 18:48:15 +02:00
de4dot
9945b8b47c
Moved code to blocks assembly
2011-09-24 10:26:29 +02:00
de4dot
865ed5a47a
Initial commit
2011-09-22 04:55:30 +02:00