de4dot
|
7df264d59c
|
Remove tamper detection code
|
2011-11-12 13:31:08 +01:00 |
|
de4dot
|
4b335f9489
|
Add a TypeLong property
|
2011-11-12 11:31:07 +01:00 |
|
de4dot
|
76825d3a9b
|
Encrypted resources aren't always using the public key token
|
2011-11-12 11:19:10 +01:00 |
|
de4dot
|
0318c85a07
|
Convert 'return some_int' native methods to CIL code
|
2011-11-11 20:55:39 +01:00 |
|
de4dot
|
fb4128cbfb
|
Update a few strings
|
2011-11-10 14:48:33 +01:00 |
|
de4dot
|
ff3b1b0ecc
|
Rename random names
|
2011-11-10 00:47:22 +01:00 |
|
de4dot
|
3e803ef6d8
|
Read at most 2MB at a time from files
|
2011-11-10 00:44:37 +01:00 |
|
de4dot
|
c562c335e8
|
Add option to remove namespace if there's only one class in it
|
2011-11-09 12:08:48 +01:00 |
|
de4dot
|
ca232b521a
|
Update regex
|
2011-11-08 22:11:19 +01:00 |
|
de4dot
|
c6bdd51573
|
Rename --dr-dump-embedded -> --dr-embedded
|
2011-11-08 21:43:57 +01:00 |
|
de4dot
|
22739f5cd9
|
Remove decrypter type (all refs to it should be gone now)
|
2011-11-08 21:27:03 +01:00 |
|
de4dot
|
3bfb100fd5
|
Add resource decrypter
|
2011-11-08 19:32:10 +01:00 |
|
de4dot
|
0f627d728c
|
Use new FieldTypes code
|
2011-11-08 19:27:27 +01:00 |
|
de4dot
|
fec1ec7e35
|
Add FieldTypes class and re-use LocalTypes code
|
2011-11-08 19:26:59 +01:00 |
|
de4dot
|
6d1cca149a
|
Only check static methods
|
2011-11-08 11:36:09 +01:00 |
|
de4dot
|
c381423c48
|
Remove metadata token obfuscator type
|
2011-11-08 10:39:35 +01:00 |
|
de4dot
|
4e8f8a295b
|
Remove assembly resolver type only if we're inlining methods
|
2011-11-08 10:37:39 +01:00 |
|
de4dot
|
8c91b56cb5
|
Save embedded assemblies to disk
|
2011-11-08 10:27:18 +01:00 |
|
de4dot
|
5e3beef064
|
Remove unused variable
|
2011-11-08 10:26:27 +01:00 |
|
de4dot
|
7617d92b3b
|
Decrypt methods encrypted with the new methods encrypter
|
2011-11-07 16:16:18 +01:00 |
|
de4dot
|
a94d1406db
|
Rename some fields, and only remove types/etc if users wants it
|
2011-11-06 18:01:37 +01:00 |
|
de4dot
|
045e6ecf73
|
Use better property names
|
2011-11-06 15:24:30 +01:00 |
|
de4dot
|
a4e4a7284e
|
Add Xenocode support (dumped modules only)
|
2011-11-06 14:42:52 +01:00 |
|
de4dot
|
d60ab64c25
|
Move code to read module data to DeobUtils.cs
|
2011-11-06 13:46:50 +01:00 |
|
de4dot
|
f424e8eabf
|
Add static methods decrypter and refactor into multiple classes
|
2011-11-06 12:19:26 +01:00 |
|
de4dot
|
a0509d2735
|
Use the new lookup() method
|
2011-11-06 12:18:35 +01:00 |
|
de4dot
|
bee77cdfe7
|
Make delegateCreatorMethods list protected
|
2011-11-06 12:16:30 +01:00 |
|
de4dot
|
fb2707a49b
|
Add lookup() generic method. Useful when reloading module.
|
2011-11-06 12:16:06 +01:00 |
|
de4dot
|
75a464a7f4
|
Merge branch 'master' into dnr
|
2011-11-05 14:27:40 +01:00 |
|
de4dot
|
198d5c3f74
|
Remove memory manager from Main()
|
2011-11-05 10:10:36 +01:00 |
|
de4dot
|
e01e3c4e7f
|
Update valid name regex
|
2011-11-04 11:01:21 +01:00 |
|
de4dot
|
131a57342d
|
Force field type to same type newobj/newarr calls
|
2011-11-04 08:22:25 +01:00 |
|
de4dot
|
49b2976965
|
Handle call instrs with invalid metadata tokens
|
2011-11-04 07:43:24 +01:00 |
|
de4dot
|
4ce90dbfc0
|
Only print "found native code" warning once
|
2011-11-04 07:37:33 +01:00 |
|
de4dot
|
37f12ba60f
|
Some small updates
|
2011-11-04 07:21:12 +01:00 |
|
de4dot
|
30f713f8f8
|
Rename isDelegateType() -> derivesFromDelegate()
|
2011-11-04 00:39:48 +01:00 |
|
de4dot
|
e1715adb48
|
Update default regex
|
2011-11-04 00:35:07 +01:00 |
|
de4dot
|
c23d770fbc
|
Add special case for delegates
|
2011-11-04 00:09:51 +01:00 |
|
de4dot
|
7a0061e39e
|
Don't save ByRef types, and method call should be getEnd(0)
|
2011-11-03 23:25:07 +01:00 |
|
de4dot
|
17f077e275
|
Update code to handle more cases
|
2011-11-03 23:01:51 +01:00 |
|
de4dot
|
a2ecd85044
|
Deobfuscator type is now 2 chars
|
2011-11-03 20:03:32 +01:00 |
|
de4dot
|
e7c42c6532
|
Print updated types when we're done so everything can be sorted
|
2011-11-03 19:46:29 +01:00 |
|
de4dot
|
c177c2ff42
|
Don't print message since the code is now much faster
|
2011-11-02 02:39:53 +01:00 |
|
de4dot
|
8ff2115083
|
Remove unused methods, and inline method used only by SA code
|
2011-11-02 02:25:45 +01:00 |
|
de4dot
|
1938a1c497
|
Undo what VS did
|
2011-11-01 18:56:44 +01:00 |
|
de4dot
|
6a07ee5b5e
|
It's generic code so move it to common parent dir
|
2011-11-01 18:48:52 +01:00 |
|
de4dot
|
7bdea53134
|
Check op for null and update detection code
|
2011-11-01 18:47:26 +01:00 |
|
de4dot
|
6f4447aa98
|
It's generic code so move it to common parent dir
|
2011-11-01 18:46:59 +01:00 |
|
de4dot
|
cc8e220281
|
Also use ldfld/ldflda to detect arg types
|
2011-11-01 15:53:51 +01:00 |
|
de4dot
|
c354ded987
|
Add code to restore ldtoken instructions
|
2011-11-01 15:17:26 +01:00 |
|
de4dot
|
5170e62e21
|
Add code to remove inlined methods and option to disable it
|
2011-11-01 14:23:30 +01:00 |
|
de4dot
|
e7ceb50382
|
Add CanInlineMethods to IDeobfuscator
|
2011-11-01 14:19:53 +01:00 |
|
de4dot
|
8faf7389ad
|
Restore method return types
|
2011-11-01 02:22:05 +01:00 |
|
de4dot
|
2e2eafdb57
|
Add code to restore methods' arg types
|
2011-10-31 23:58:19 +01:00 |
|
de4dot
|
ed625e256d
|
Restore field types and add option to disable it
|
2011-10-31 19:41:38 +01:00 |
|
de4dot
|
0ac072cf7b
|
Add class to restore field types. It should work most of the time.
|
2011-10-31 19:40:57 +01:00 |
|
de4dot
|
6b04c23036
|
Update decrypter and version detecter code
|
2011-10-31 00:09:38 +01:00 |
|
de4dot
|
35005a1a51
|
getStringDecrypterMethods() now adds all string decrypter methods
|
2011-10-30 19:28:13 +01:00 |
|
de4dot
|
0ddbe16349
|
Update DNR version number detection code
|
2011-10-30 06:15:52 +01:00 |
|
de4dot
|
2ede24598d
|
Detect DNR version
|
2011-10-29 20:28:29 +02:00 |
|
de4dot
|
efe98949b1
|
Minor updates
|
2011-10-29 20:26:59 +02:00 |
|
de4dot
|
37a64f77f2
|
Index should be set to instruction before we broke out of the loop
|
2011-10-29 20:25:41 +02:00 |
|
de4dot
|
b57c93eae4
|
Update DNR methods decrypter code
|
2011-10-29 03:39:32 +02:00 |
|
de4dot
|
040410d7ce
|
Methods decrypter method could be null
|
2011-10-29 03:39:08 +02:00 |
|
de4dot
|
def4072bc5
|
Move array finder code to a new ArrayFinder class
|
2011-10-29 03:38:09 +02:00 |
|
de4dot
|
0a8d772c22
|
Decrypt methods sent to the JITter
|
2011-10-29 02:27:34 +02:00 |
|
de4dot
|
c4d6ba9ae9
|
Some minor updates
|
2011-10-29 02:25:31 +02:00 |
|
de4dot
|
3b87ab1294
|
Update getDecryptedModule() so it can return dumped methods
|
2011-10-29 02:23:48 +02:00 |
|
de4dot
|
89f90d3e75
|
Make sure publicKeyToken.Length > 0
|
2011-10-28 01:44:15 +02:00 |
|
de4dot
|
699ac4378d
|
Support older string decrypter method and detect older methods decrypter
|
2011-10-28 01:33:05 +02:00 |
|
de4dot
|
09178a6e95
|
Update methods decrypter and string decrypter
|
2011-10-27 22:25:44 +02:00 |
|
de4dot
|
5357b4f73c
|
Update code to handle 4.1 obfuscated assemblies
|
2011-10-27 02:08:30 +02:00 |
|
de4dot
|
93d4ac1c9d
|
Update type name
|
2011-10-27 02:07:33 +02:00 |
|
de4dot
|
41356b2d30
|
Check for methods with no body
|
2011-10-27 02:07:06 +02:00 |
|
de4dot
|
ceca5718ba
|
Remove encrypted resources and call to methods decrypter
|
2011-10-26 23:00:01 +02:00 |
|
de4dot
|
dfb73f222f
|
Add options to disable decryption of methods and bools
|
2011-10-26 22:24:31 +02:00 |
|
de4dot
|
63ab61fb12
|
Deobfuscate cflow again if a bool was decrypted
|
2011-10-26 22:16:51 +02:00 |
|
de4dot
|
28b73d36ed
|
It's a flags enum so should use unique bits
|
2011-10-26 22:00:32 +02:00 |
|
de4dot
|
db7edc2a72
|
Add BoolValueInliner class
|
2011-10-26 21:05:35 +02:00 |
|
de4dot
|
e4f2af221a
|
Add BooleanDecrypter class
|
2011-10-26 20:23:45 +02:00 |
|
de4dot
|
f37a46a02b
|
Decrypt strings
|
2011-10-26 19:49:25 +02:00 |
|
de4dot
|
6bde8b8b20
|
Decrypt some DNR 4.0 non-native obfuscated assemblies
|
2011-10-26 14:40:55 +02:00 |
|
de4dot
|
1eaa245618
|
Should ignore .cctor methods since .ctor is never static
|
2011-10-26 14:29:57 +02:00 |
|
de4dot
|
bfa0fa14c0
|
Add decrypt methods to IDeobfuscator. Change some method sigs.
|
2011-10-26 14:29:12 +02:00 |
|
de4dot
|
685c5ba79c
|
Add code to detect methods decrypter method
|
2011-10-25 08:27:36 +02:00 |
|
de4dot
|
cb5589ee28
|
Add skeleton DNR file
|
2011-10-24 19:44:49 +02:00 |
|
de4dot
|
4f02f84d84
|
Fix problem when resources aren't encrypted or compressed
|
2011-10-23 22:03:38 +02:00 |
|
de4dot
|
bf00ccca2b
|
Some minor updates
|
2011-10-23 17:23:33 +02:00 |
|
de4dot
|
f776148574
|
Add proxy delegate fixer
|
2011-10-23 13:43:32 +02:00 |
|
de4dot
|
32bb14fa5a
|
Decrypt encrypted SL resources
|
2011-10-23 09:19:50 +02:00 |
|
de4dot
|
9ad15e63e4
|
Remove string decrypter type and allow static + dynamic decryption
|
2011-10-23 09:07:47 +02:00 |
|
de4dot
|
78397f9c4f
|
Remove types CO adds to each assembly
|
2011-10-23 09:03:00 +02:00 |
|
de4dot
|
a1e6f555ef
|
Update method call remover code
|
2011-10-23 08:41:33 +02:00 |
|
de4dot
|
c0a8eb1bbd
|
Print name of encrypted strings resource
|
2011-10-22 18:20:49 +02:00 |
|
de4dot
|
4490c976b3
|
Find anti-debugger and tamper detection code
|
2011-10-22 18:13:13 +02:00 |
|
de4dot
|
1a78c2dc8c
|
Remove encrypted resources from output file
|
2011-10-22 17:29:49 +02:00 |
|
de4dot
|
adc2c277fd
|
Strings and resources are decrypted
|
2011-10-22 17:13:28 +02:00 |
|
de4dot
|
65dacdf7cd
|
Initialize assemblyInfos in case there's no embedded assemblies
|
2011-10-22 14:55:43 +02:00 |
|
de4dot
|
50a9421657
|
Assembly resolver doesn't need resource decrypter
|
2011-10-22 14:53:24 +02:00 |
|
de4dot
|
3f1b9152bd
|
Add CO deobfuscator. Can decrypt embedded assemblies.
|
2011-10-22 14:31:38 +02:00 |
|
de4dot
|
05065d6ac7
|
Start work on new cflow deobfuscator
|
2011-10-17 00:22:22 +02:00 |
|
de4dot
|
4c43807de7
|
Detect SA 1.x-5.1 assemblies
|
2011-10-13 12:22:17 +02:00 |
|
de4dot
|
01da4a979f
|
Also make sure type.Name is empty
|
2011-10-12 23:30:57 +02:00 |
|
de4dot
|
58ff833d5c
|
Detect SA 4.x, 5.0, 5.1
|
2011-10-12 23:16:03 +02:00 |
|
de4dot
|
b3463a3859
|
Remove automated error reporting code from SA 4.x assemblies
|
2011-10-12 22:50:19 +02:00 |
|
de4dot
|
38b08dddfd
|
Update DF version attribute parsing
|
2011-10-10 18:39:42 +02:00 |
|
de4dot
|
08f5b04675
|
Fix a problem with String.StartsWith() on mono
|
2011-10-09 13:19:26 +02:00 |
|
de4dot
|
2f5ded924f
|
Get rid of dead code
|
2011-10-09 12:01:51 +02:00 |
|
de4dot
|
5fbda45d6d
|
Add earlyDetect() method to IDeobfuscator
|
2011-10-08 19:33:12 +02:00 |
|
de4dot
|
d305faae09
|
Detect another obfuscator
|
2011-10-08 18:43:22 +02:00 |
|
de4dot
|
d69b1b465c
|
Fix SA string decryption problem
|
2011-10-07 17:32:03 +02:00 |
|
de4dot
|
8ec3da7080
|
Update detection and some strings
|
2011-10-07 17:30:41 +02:00 |
|
de4dot
|
4cca5190da
|
Detect another new obfuscator
|
2011-10-07 08:45:40 +02:00 |
|
de4dot
|
fa3a6457de
|
Detects a few more obfuscators
|
2011-10-06 10:33:13 +02:00 |
|
de4dot
|
1c721b017e
|
Detect some unsupported obfuscators
|
2011-10-05 17:22:56 +02:00 |
|
de4dot
|
d2b621b5b3
|
Netmodules are better supported now
|
2011-10-05 08:20:32 +02:00 |
|
de4dot
|
ee60bf14f2
|
Added 'default' string decrypter type
Eazfuscator.NET deobfuscator defaults to 'emulate' and the others to
'static'.
|
2011-09-28 16:06:10 +02:00 |
|
de4dot
|
9945b8b47c
|
Moved code to blocks assembly
|
2011-09-24 10:26:29 +02:00 |
|
de4dot
|
865ed5a47a
|
Initial commit
|
2011-09-22 04:55:30 +02:00 |
|